Knowledge Base for Windows

Description/Problem:
Some weeks ago we used the HP Insight Server Migration Pack (HP ProLiant Server) for migration of server from old to new hardware. Migration process finished successfully and everything seems fine. After standard system checks and tests we identify small problem related to execution of some EXE files. Each try to execute EXE file failed with error message: Application error: The instruction at “0×10015026″ referenced memory at “0×00000000″. The memory could not be “read”.

Solution:
Based on our investigation we identify that problem is related to the Windows Management Instrumentation (WMI). We resolved the issue by running below script.

@echo on
cd /d c:\temp
if not exist %windir%\system32\wbem goto TryInstall
cd /d %windir%\system32\wbem
net stop winmgmt
winmgmt /kill
if exist Rep_bak rd Rep_bak /s /q
rename Repository Rep_bak
for %%i in (*.dll) do RegSvr32 -s %%i
for %%i in (*.exe) do call :FixSrv %%i
for %%i in (*.mof,*.mfl) do Mofcomp %%i
net start winmgmt
goto End
:FixSrv
if /I (%1) == (wbemcntl.exe) goto SkipSrv
if /I (%1) == (wbemtest.exe) goto SkipSrv
if /I (%1) == (mofcomp.exe) goto SkipSrv
%1 /RegServer
:SkipSrv
goto End
:TryInstall
if not exist wmicore.exe goto End
wmicore /s
net start winmgmt
:End

Description/Problem:
We identify the next issue related to the to non-administrator users which were not able to logon over graphical user interface into the Windows Server 2003. This server was operated as standard file & print server with basic security settings. The users did not receive any error message, they only saw desktop background color.

Solution:

Over the Process Monitor (application from Windows SysInternals) it’s possible monitoring the logon process:

• Process winlogon.exe called userinit.exe,
• Process userinit.exe read shell from registry and called explorer.exe,
• Process explorer.exe crash during the startup procedure,
• Process userinit.exe keep running without shell,
• For small test we defined new shell over registry – winver.exe,
• User logon process running without any problem and winver.exe start as shell,
• Roll back the changes and compare results from Process Monitor,
• Difference was that process explorer.exe try to access “%windir%\registration” folder where were missing the permissions for users and system account also,
• Enable inheritance of permissions for the folder “%windir%\registration”,
• Users are able logon without any problems.

Description/Problem:
Everything worked fine for several weeks. After that we identify on Windows 2003 Terminal Server (Service Pack 2) strange issue related to Event ID 333 written to the system event log. This error indicate that operating system is not able to flush out or write to the registry hive.  The symptoms that accompany an Event ID 333 can vary between server hangs, “Insufficient resources exist to complete the requested service” errors, etc. In our case the solution was not so easy because all user profiles contain NTUSER.DAT file with size about 40 – 60 MB!

Solution:

• Took a backup of registry key and delete all the entries under it:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Hewlett-Packard

• Disable the PML Driver HPZ12 service,
• Took a backup of numerous entries under below registry keys and delete them:

  HKEY_LOCAL_MACHINE\System\ControlSet001\Control\DeviceClasses\{28d78fad-5a12-11d1-ae5b-0000f803a8c2}\##?#Root#RDPDR#0000#{28d78fad-5a12-11d1-ae5b-0000f803a8c2}
  HKEY_LOCAL_MACHINE\System\ControlSet003\Control\DeviceClasses\{28d78fad-5a12-11d1-ae5b-0000f803a8c2}\##?#Root#RDPDR#0000#{28d78fad-5a12-11d1-ae5b-0000f803a8c2}

• Delete all the user profiles on the Terminal Server,
• Logon to the Terminal Server with valid user account,
• Check that NTUSER.DAT file size will be about 200 – 400 kB.

Some additional information related to this issue are published also in TechNet article: Troubleshooting Event ID 333 Errors.

Description/Problem:
May be you also know the situation where after installation of new security updates some system services may not start or work correctly. Next step is very often the investigation what’s wrong and how to solve existing issue. One helpful solution is described also in this KB article.

Solution:
KB956189

Description/Problem:
Some weeks ago I had an issue related to non-administrator users which were not able to logon over graphical user interface into the Windows Server 2003. This server was operated as domain controller with basic security settings.

Solution:

• Set correct files system permissions to folder “%systemroot%\WinSxS” and all sub-folders
  BUILTIN\Administrators:(OI)(CI)F
  NT AUTHORITY\Authenticated Users:(OI)(CI)R
  CREATOR OWNER:(OI)(CI)(IO)F
  BUILTIN\Server Operators:(OI)(CI)R
  NT AUTHORITY\SYSTEM:(OI)(CI)F
• Set correct files system permissions to folder “%systemroot%\AppPatch” and all sub-folders
  BUILTIN\Administrators:(OI)(CI)F
  NT AUTHORITY\Authenticated Users:(OI)(CI)R
  CREATOR OWNER:(OI)(CI)(IO)F
  BUILTIN\Server Operators:(OI)(CI)R
  NT AUTHORITY\SYSTEM:(OI)(CI)F

You can use tool called Extended Change Access Control List (Xcacls) to easy setup of specific file system permissions for files or folders.

Description/Problem:
Sometimes the installation process of 16-bit application can failed without any visual notification or error messages in event logs. If you will be in the same situation don’t worry and check link to DLL files in system registry as described reported KB article.

Solution:
KB254914

Description/Problem:
This article describes known issue on Microsoft Windows Server 2003 operating system. The Win32_Environment Windows Management Instrumentation (WMI) class does not return the value of the PATH environment variable. This situation occurs if the PATH environment variable contains more than 1024 characters.

Solution:
KB950681

Description/Problem:
This article describes how to solve problem with NT Backup application when backup of System State hangs in phase “Preparing to Backup using Shadow Copy”.

Solution:
KB940032, KB913648, KB891957