Sunday, 2 April 2017

Enable Diagnostic and Logging Windows Logs

Hello Professionals,

Today sharing a very useful details with all you guys, which seriously helps out in difficult troubleshooting,. Logging help admins to troubleshoot the issue of the failure or possible cause of the failure. with some advanced options you can get very details information of the possible cause of the issue.
Analytic and Debug logs are disabled by default. When enabled, they quickly fill the disk space with large number of log files with huge size.Its recommended that after finishing the troubleshooting  steps disable the logging settings settings.

1. Enabling Kerberos Event Logging on a Specific Computer
    Start Registry Editor.
    Add the following registry value:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro\Lsa\Kerberos
    \Parameters
    Registry Value: LogLevel
    Value Type: REG_DWORD
    Value Data: 0x1

2.To enable Windows Time Service debug logging: First Create a folder to config to save the log file location. I made it like D:\W32Time_Log file, and then press ENTER. Then
 w32tm /debug /enable /file:d:\W32Time_Log\w32time.log /size:10000000 /entries:0-116

3. Verbose logging: Verbose logging tracks all changes and settings applied using Group Policy and its extension to the local computer and to users who log on to the computer and  SystemDrive \Debug
To Enable browse to below reg path
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows NT/Current Version/Winlogon key then Add Value , and enter the value name UserenvDebugLevel and  Data Type to REG_DWORD with number 30002 in HEX value.
30002 value is for verbose logging, 30001 value is for errors and warnings only, and 30000 logs nothing.

To disable verbose logging, delete the UserenvDebugLevel from below path.
    HKEY_LOCAL_MACHINE/Software/Microsoft/Windows NT/Current Version/Winlogon

4.Netlogon Logging to troubleshooting Authentication Issue
run command with administrative privilege
Nltest /DBFlag:2080FFFF
then net stop netlogon
then net start  netlogon

Stop Netlogon Logging
Nltest /DBFlag:0x0

The netlogon.log file located in %SystemRoot%\Debug and The NetLogon logging level is stored in the following registry value:
HKLM\System\CurrentControlSet\Services\Netlogon Parameters\DBFlag

Computers that are running Windows Server 2003 and after versions of the MS operating system, you can use the following policy setting to enable verbose Netlogon logging Browse to
\Computer Configuration\Administrative Templates\System\Net Logon\Specify log file debug output level
and type 0x2080FFFF in bytes value.

The Above method can also be used to enabling the netlogon by group policy to multiple computer, but its not recommended with the concern of practical scenario to do this by Group Policy.

5. Enable Analytic and Debug Logs:
 a.Open event viewere
 b.On the Action menu, click Properties
 c.On the properties dialogue box, select Enable logging and click OK

this can be done by giving the command as administrative privilege
  wevtutil sl <logname> /e:true

6.Diagnostic logging for domain controllers is drive for the following registry path:
HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics

Logging can be configured by modifying these REG_DWORD entries:
1 Knowledge Consistency Checker (KCC)
2 Security Events
3 ExDS Interface Events
4 MAPI Interface Events
5 Replication Events
6 Garbage Collection
8 Directory Access
9 Internal Processing
10 Performance Counters
11 Initialization/Termination
12 Service Control
13 Name Resolution
16 LDAP Interface Events
18 Global Catalog
19 Inter-site Messaging
20 Group Caching
21 Linked-Value Replication
22 RPC Client
23 RPC Server
24 Schema
25 Transformation Engine
26 Claims-Based Access Control

Diagnostic Logging Settings: The values below are used to configure the level of diagnostic logging provided by the host:
If you put 0 (Zero) then its not collecting any data and this is by default settings on the server.
If you put 1 (One) then its configured to collect that events that includes message/alert/information/warning for task that is performed by the service.
If you put 2 (Two) that means its configured to collect the Basic type of event details for each task.    
If you put 3 (Three) that means its configured to collect the detailed information than the lower levels,This is very helpful and recommended when you have an issue and you want to go to depth of diagnose with the question like how, why and what.
If you put 4 (Four) that means its configured to collect the Verbose logging for task and activity.    
If you put 5 (Five) then its configured for all events, including debug strings and configuration changes. A complete log of the service is recorded. Use this setting when you have traced the problem to a particular category of a small set of categories.

DCPromoUI.log :The DcpromoUI.log file contains a detailed progress report of the Active Directory installation and removal processes. Its default location is the % SystemRoot %\Debug folder.
Its Start with the dcpromo command. This file contains below important details
    1.The name of the source domain controller for replication.
    2.The directory partitions that were replicated to the target server
    3.The number of items that were replicated in each directory partition
    4.The services configured on the target domain controller
    5.The access control entries (ACEs) set on the registry and files
    6.The SYSVOL directories
    7.Applicable error messages
    8.Applicable selections that were entered by the Administrator during the installation or removal process

Netsetup.log:When joining a computer to a domain, the Networking Setup (NetSetup) installs all the necessary Microsoft supported networking components.
Userenv.log: This log file can be helpful in troubleshooting problems with user profiles and Group Policy processing. The log file resides in the % SystemRoot %\Debug folder.

Enabling LDAP logging :This is a great feature included in 2012 server.

Reg setting path
Domain controller: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics
LDS: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\<LDS instance name>\Diagnostics.

Learn, Earn and share the knowledge. Never let sleep your zeal to learn.
please comment and feedback will be really helpful for us. I will be very happy to listen from you.

many many thanks for you guys to support.

Saturday, 1 April 2017

Active Directory Replication and Lingering Objects

Hello Professionals,
Today we will discuss about the Active Directory Object who will be responsible for replication failure in your environment most of time in the domain.
When there is a replication failure from long time in domain, there will a objects that will be created automatically called Lingering objects. In very straight forward you can say the attributes updates of active directory that failed to replicate in the domain controller from Root to child or other available domain controllers. As an example if user added to any security or distribution group from any domain controller but the updates are not showing to other available domain controllers.
For replication you can wait for 15 to 20 min but if it not updated then there is a case of failure.
There are different inbuilt windows tools and command, which gives youa better output of the replication status.
   1. command to check repadmin /showrepl * /csv >showrepl.csv,
   2. AD health analyser
   3. AD inbuilt tool
There are couple of ways too to detect and remove that culprit lingering objects. You can run this command to see what are the objects that are not replicated
repadmin /removelingeringobjects <ServerName ServerGUID DirectoryPartition> /advisory_mode

repadmin /showrepl <DomainControllerName> { to check GUID of Domain controller}  
There is a registry key called StrictReplicationConsistency -- which we'll refer to as Strict Mode -- that will protect a DC from lingering objects:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters
ValueName = Strict Replication Consistency
Data Type = Reg_DWORD
Value Data = 1 = Strict 0=Loose


If this value is set to 1, it will prevent a partner from replicating lingering objects to the DC it is defined on. Thus, if every domain controller has Strict Mode enabled, they are protected from lingering objects being propagated to them. If the value is set to 0, however, it is said to be in Loose Mode, and will allow the lingering objects to be replicate and update in environment.
To check and troubleshoot any issue in windows servers, admin should follow and go through with event logs first. For Replication and Lingering Object there are couple of event which am sharing here.
Event ID 1864:This event will indicate if there are lingering objects are all-ready there or starting. Note that it contains a count of how many DCs have not replicated in a day, week, month, two months, or the tombstone lifetime. The last entry is important. Unfortunately, the event will not tell us the name of the domain controller that hasn't replicated in the tombstone lifetime.

 Event 2042 (Error)Source: NTDS Replication: This identifies that strict replication is enabled, the "source DC" has not replicated in tombstone lifetime days and is attempting to replicate, thus replication has been disabled from the source. The event provides the GUID of the source in the format of the CName (alias) DNS record.

 Event ID 1388 (Error) Source: NTDS Replication: Description: Another domain controller (DC) has attempted to replicate into this DC an object which is not present in the local Active Directory database. The object may have been deleted and already garbage collected (a tombstone lifetime or more has past since the object was deleted) on this DC.

 Event 1988 (Error)Source: NTDS Replication: Description: Active Directory Replication encountered the existence of objects in the following partition that have been deleted from the local domain controllers (DCs) Active Directory database.  This event is being logged because the source DC contains a lingering object which does not exist on the local DCs Active Directory database.

A very brief event logs details with there meaning and solution from Ask Active Directory Team 

Fantastic tool from Microsoft to check Health check and Lingering Objects. You have to login with your Microsoft ID and check it,
If you are good with powershell command and script you can get and fix the issue very easily, let me know if you need any kind of help there.

I experienced this situation and very frankly it was very irritating to find this objects.As precaution your AD environment should healthy. There are lots of script and tool, where you can schedule to check and send email for replication status. The worst and horrible activity was when Group Policy folder was missing on branch domain controllers and policy folder were not matched with root Domain Controller. 

Personally and on base of issue i faced AD Replication tool of 2012R2 and commnad repadmin /showrepl * /csv >showrepl.csv is awesome, they give you more deep data with details.Never get irritated when you are doing AD troubleshooting because for that you need to think act very smartly.
There are lots of real time issues on Replication, please free to ask or comment on the blog.We will be happy to listen from you. 


Learn, Earn and Share the Knowledge. comment and feedback for this section will help me more. Really happy to listen from your side.

 

Wednesday, 29 March 2017

Citrix Apps getting disconnecting and disappeared



Hello Professionals,
Its being 15 days that am getting ping to suggest for some Citrix Apps Issue, Apps getting crashed and disconnecting after launch.Here updating some of scenario case what i found and worth to share it. Just tried to put all the issues with solution to techie plate. Review and comment and if any point or line is disturbing you for the solution or any other steps solve your issue. 

Infrastructure Setup:
Domain Controller: 2 No's ( Windows 2012 and Windows 2016)
Citrix Farm: 2 No's ( Windows 2008 R2)
Client : 5 No's (Windows 7 32 bit and 64 bit)

Issue: Apps Console disappeared after some time Ater Launching the Apps in different scenario.
Resolution Steps: Here are some basic points to check with troubleshooting.

1. Any Recent changes
2. Apps is working fine with Citrix Server
3. Users are from Same domain or different domain.
4. Citrix Event Log diagnose
5. Create new Apps for test and see if the same behaviour with new Apps too.
6. Check you Antivirus behavious and logs, in some case i found due to AV Apps  
    traffic getting blocked.

Issue-1: The application initially begins to open. After loading the application, the dialogue box disappears and the application fails to appear.
 
Solution: To resolve the issue, re-provision the base image with the timeout value:
registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Citrix\wfshell\TWI (create the key if it is not available.)

Name: ApplicationLaunchWaitTimeoutMS

Type: REG_DWORD

Data: Required additional time-out, in milliseconds

Note: Set this value using Decimal. Specifying a value less than 10000 reverts to 10000 because 10 seconds is the minimum override.
Issue Explanation: The issue occurs when the default one-minute time-out is exceeded and the session logs off automatically because the application takes a longer time to start.

Issue-2 : Explorer.exe failing again and again and disconnecting after Launch.
    1.The session initially begins to connect as expected. After the loading, the  
       dialogue box disappears and the explorer application fails to appear.
    2.If the session is viewed in the Delivery Services console while the  
      application is loading, it initially shows as connecting, and later shows as 
      disconnected, until finally the session disappears.
 
Solution:
     1. Update the Citrix farm server with Latest Hotfix and reboot.
     2. On the XenApp Server use the following registry key to configure the  
        time-out:
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Citrix 
         \wfshell\TWI

Name: ApplicationLaunchWaitTimeoutMS
Type: REG_DWORD
Data: <required additional time-out, in milliseconds>

Note: Specifying a value of less than 10000 reverts to 10000 because 10 seconds is the minimum override.
 
Issue-4: On the XenApp Server use the following registry change to set the length of time a client session waits before disconnecting the session.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Citrix\wfshell\TWI

Value Name: LogoffCheckerStartupDelayInSeconds
Type: REG_DWORD
Value: An integer that denotes the time to wait for the application to start.

Note: Setting this value also increases the time it takes for a user to log off the server. Enter the delay time in seconds, up to 10 minutes (600 seconds).

It is more useful as a troubleshooting step to confirm that the issue is because of the length of time required for the application to launch.
Issue Explanation:The issue occurs when the default one-minute time-out is exceeded and the session exits automatically. The explorer.exe application takes longer time to start as it is integrated into the Windows shell.

Issue-5: Apps Getting crash and disconnecting.
Solution: apply CTX128953 and CTX131628 by registry or policy XA 

Issue-6:  MS Word is keep crashing after saving some time for all users.
Solution: There is an option in MS word called Auto-Save, that feature was causing that Apps to crash. Just set to turn off the Auto Save feature and it works.

Issue-7: Published Citrix application starts and then exits immediately on a Windows 2008 SP2-based Citrix server

Solution: From Microsoft there is a patch available for this issue, Refer this Link

Learn, Earn and share the Knowledge. Please comment and feedback will help me to understand more on the blogs side, where the suggested solutions worked or not. Appreciate your comment and feedback if any other solution worked for you.