I found a weird error in Citrix the other day.

The fix:

1
2
3
4
5

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions
Change the DWORD value for EnableLockdown from 1 to 0.
Close Registry Editor and try to launch the application again.

Comment and share

To install (requires a restart):

dism /online /Enable-Feature /FeatureName:Internet-Explorer-Optional-amd64

To uninstall (doesn’t require a restart):

dism /online /Disable-Feature /FeatureName:Internet-Explorer-Optional-amd64

Comment and share

Just a quick function to sign PowerShell scripts with a code-signing certificate. Very useful for deploying scripts in a domain to all computers without changing the execution policy.

Throw it in your $profile, reload, run with Sign-PSScript -Script c:\path\to\script.ps1.

Comment and share

This is a possible scenario that can happen with Veeam and Server 2012 deduplication:

1

You cannot write to a file anymore and you get the error "ERROR_FILE_SYSTEM_LIMITATION". There is still plenty of space left on the volume however this file can't grow. This is a big issue wince you use rollback chains in Veeam.

To fix this unfortunately you need to start a whole new chain on a new volume. When formatting the volume, use format drive: /fs:ntfs /v:volumelabel /Q /L. The /Q switch does a quick format, and the /L switch enables large-size file records.

Unfortunately this switch isn’t very well documented - it’s not even in the format.exe knowledgebase article. You can however get some information from format /? in command prompt.

1
2

/L	NTFS Only: Use large size file records.
	By default, the volume will be formatted with small size file records.

A Microsoft primer on how NTFS works (Source.aspx)) sheds some light but it doesn’t show you the limit of setting large-size file records.

Reference: Microsoft KB2891967

Comment and share

Our Exchange 2013 servers had a near-meltdown last week due to no free disk space on the C: drive, which would have been pretty catastrophic if we didn’t have the appropriate monitoring in place. After some investigation, I found that the IIS instances on the boxes had been happily logging away since we implemented them and the log directories had grown to a gigantic 40gb each. Not happy with just deleting them, I figured I would ship them to our logging server and delete them from the servers themselves.

I have been using the ELK stack (Elasticsearch, Logstash, Kibana) for about a year now and it’s been great. Logs are searchable and if any issues arise we can quickly pinpoint exactly what has been happening over a number of devices over that time, such as switches, wireless access points, firewalls, Windows servers etc.

Logging input

First, you will need to install a log shipper on the Windows server. I went with nxlog as it has good support and it seems to be what everybody else uses on Windows. As a bonus, it doesn’t require Java to be installed unlike Logstash. Download the installer from the nxlog website and install it to the machine. After it is installed, open C:\Program Files (x86)\nxlog\conf\nxlog.conf and put the following in:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

<Input iis_1>
      Module	im_file
      File	"C:\inetpub\logs\LogFiles\W3SVC1\u_ex*.log"
    ReadFromLast True
    SavePos True
    Exec	if $raw_event =~ /^#/ drop();
</Input>
<Input iis_2>
      Module	im_file
      File	"C:\inetpub\logs\LogFiles\W3SVC2\u_ex*.log"
    ReadFromLast True
    SavePos True
    Exec	if $raw_event =~ /^#/ drop();
</Input>
<Output out_iis>
    Module  om_tcp
    Host    <LOGSTASH_IP>
    Port    3516
	OutputType	LineBased
</Output>
<Route 1>
	Path	iis_1, iis_2 => out_iis
</Route>

Make sure you replace <LOGSTASH_IP> with your Logstash servers’ IP address.

Logging Output

I won’t go in to deploying the ELK stack as there are a tonne of guides available. Make sure it all works before proceeding below.

On the Logstash instance in your logstash.conf, place the following:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

input {
      tcp {
          	type => "iis"
          	port => 3516
          	host => "10.100.21.156"
      }
}
filter {
	if [type] == "iis" {
    	grok {
        	match => ["@message", "%{TIMESTAMP_ISO8601:timestamp} %{IPORHOST:hostip} %{WORD:method} %{URIPATH:page} %{NOTSPACE:query} %{NUMBER:port} %{NOTSPACE:username} %{IPORHOST:clientip} %{NOTSPACE:useragent} %{NOTSPACE:referrer} %{NUMBER:response} %{NUMBER:subresponse} %{NUMBER:scstatus} %{NUMBER:timetaken}"]
		}
	}
}
output {
	elasticsearch_http {
    	host => "<ELASTICSEARCH_IP>"
        port => "9200"
	}
}

Again, make sure you replace <ELASTICSEARCH_IP> with your Elasticsearch servers’ IP address.

After you have done all this, start nxlog on your Windows server with Start-Service nxlog in a PowerShell prompt and watch the logs pour in to your ElasticSearch instance.

Truncating IIS logs

This part is easy. Just set up a scheduled task to run the following PowerShell command:

Get-ChildItem -Path C:\inetpub\logs\LogFiles -Recurse | ? {$_.PSIsContainer -eq $false -and $_.lastwritetime -lt (get-date).adddays(-15)} | Remove-Item -Force

This may vary if you have chaned the logging directory and if you want to keep the files longer than 5 days.

Comment and share

Backups in my work environment are done on the folder level through Veeam (excellent product), and sometimes virtual machines are moved around and get loosed from backups without us noticing. This little script monitors the folder and alerts on any changes when combined with Task Scheduler.

A few things:

• Make sure the account you run it under can send email
• Make sure the account has vSphere read permissions

Enjoy.

Comment and share

This script produces a simple report to get the mailbox, archive and total sizes in a mailbox database. This helps with estimating space needed for mailbox moves.

To use, just load it up then use Get-MailboxSizes -Database DBName.

Comment and share

I’m not too sure why this isn’t exposed through the Exchange cmdlets, but here we go.

Run with Get-DatabaseSize -Database DatabaseName and it will return the database name, server, and database size in megabytes.

EDIT: well, it turns out you can just use Get-MailboxDatabase -Database DatabaseName -Status | select name,server,databasesize. Rookie error on my part.

Comment and share

I’ve just pushed a little project to GitHub. It uses Powershell, Exchange EWS API and D3 to make a little timeline of calendar appointments for meeting rooms.

https://github.com/jacobludriks/meetingroomhud

Feel free to give it a try and see if you hit any bugs.

Comment and share

I ran in to an issue with a user getting a 400 error on an IIS server. Turns out it was related to a large Kerberos token size due to being in too many groups. Here is a little script to enumerate the information you need to determine the token size:

This is all outlined in Microsoft KB327825 and relates to Microsoft KB2020943.

Comment and share