Add TCP/IP printer – Access Denied

Yesterday I was trying to install a network printer on Windows Server 2008 system. After typing printer’s IP address, I received an “Access denied” error.

The problem was that I tried to install the printer while I was logged on with a user that had domain admin privileges, but not the default domain Administrator account.
When I logged in with domain admin user – Administrator – I was able to install the printer successfully.

Searching the internet, I saw that some people are saying that this error appears only when having UAC turned on.

Windows cannot obtain the domain controller name error

Today a client called me and said that his second domain controller, which is on Hyper-V, is having connectivity problems. For example, running the ping command from DC2 results in very bad response times or timed out requests.

Searching the event viewer, I saw many errors with Event ID 1054: “Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or exist or could not be contacted). Group Policy processing aborted.

Found a Knowledge Base article on Microsoft website that basically says this is happening if the computer has some AMD technology enabled in the BIOS. Well, my client only has computers with Intel Xeon processors, so this is not the case. Anyway, having experience with such articles vs. errors, I read the article till the end. This way I found similarities with my client’s environment: computers with more than one processors.

Basically, Dual Core or multiprocessor processors may encounter Time Stamp Counter (TSC) drift if certain conditions are met:

  • number of processors
  • operating system
  • technologies enabled in the BIOS
  • BIOS version.

This conditions can affect important operations like network communications and performance monitoring tasks that are sensitive to system time

Windows XP, 2000 and 2003 servers use the TSC as a timekeeping source. Each processor core (whether it is a single-core processor or dual-core processor) includes a TSC. When the TSC for different processor cores are not synchronized, the above symptoms and behaviors can occur if the operating system is using the TSC as a timekeeping source.

The KB article’s resolution is to install a newer CPU driver that modifies the boot.ini file by adding a switch in order to force the computer to use the PM_Timer instead of TSC. Also, it says that the boot.ini file can be manually modified.

So, to manually modify boot.ini file follow the following steps:

  • Log on to the computer by using an account that has administrative credentials.
  • Click Start, click Run, type notepad c:\boot.ini, and then click OK.
  • In the Boot.ini file, a line that starts with “default” is located in the “[boot loader]” section. This line specifies the location of the default operating system. The line may appear as follows:multi(0)disk(0)rdisk(0)partition(2)\WINDOWS=”Windows Server 2003 Enterprise x64 Edition” /fastdetect /NoExecute=OptIn
  • At the end of the line, add a space, and then type /usepmtimer. The line should now resemble the following.multi(0)disk(0)rdisk(0)partition(2)\WINDOWS=”Windows Server 2003 Enterprise x64 Edition” /fastdetect /NoExecute=OptIn /usepmtimer
  • Save the file, and then exit Notepad.
  • Restart the computer

This resolved the connectivity problem, however I wanted to test one more thing. As DC2 was a virtual machine with 2 cores assigned, I changed it to use only one processor and modified the boot.ini file to its original state. After restarting the VM and monitoring the server for bout 20 minutes, looks like the problem went away. So this can also be a workaround. I used the first method as client preferred this one.

These are the articles I read during troubleshooting and used now to write this post:

WMI query for processor manufacturer

Following the post regarding how to install drivers based on computer model using WMI query, here is another query you can use in your task sequences to install some processor specific software for example.

To find the processor manufacturer during a task sequence, insert a condition for the step you need, and select Query WMI. Then, for WMI Namespace use root\cimv2. For WQL Query use SELECT * FROM Win32_Processor WHERE Manufacturer like “%GenuineIntel%” or SELECT * FROM Win32_Processor WHERE Manufacturer like “%AuthenticAMD%” depending on what you need.

To find the processor manufacturer of your computer, open a command prompt and type the following: WMIC CPU GET Manufacturer.

Remote Server Admin Tools for Windows 7

Some time ago I used Admin Tools and RSAT for Vista and it saved my time from using remote desktop to log on to several servers. Now it is available (RTM, not RC or something…) for Windows 7 x86/x64.

Using RSAT for Win7, you can manage the following roles and features from Windows Server 2008 R2, 2008 and 2003:

After installing it, you can enable the roles and features you want to manage, by doing the following steps:

  1. Click Start, click Control Panel, and then click Programs.
  2. In the Programs and Features area, click Turn Windows features on or off.
  3. If you are prompted by User Account Control to enable the Windows Features dialog box to open, click Continue.
  4. In the Windows Features dialog box, expand Remote Server Administration Tools.
  5. Select the remote management tools that you want to install.
  6. Click OK.

Now you’ll find the tools in Administrative Tools menu.

Group Policy – User Configuration Logon script

Something I have learned the other day…

I had to install a small .msi using Group Policy, using a logon script. As it was a small package and not very important, I used a User Configuration Logon script.I created and linked a new GPO to a specific OU with some users (with no admin privileges) and client computers only. The script run well and the package installed very quickly on all machines in that OU.

The problem was that I have another OU with member servers and at the moment I logged on to one server using a normal user account, I had the package installed right after first logon. This is because I configured User Configuration logon script instead of Computer Configuration startup script.

What I’ve learned? That I should plan more careful even the installation of a small package.

*009* error codes

During “troubleshooting period”, I have found a very nice website with error codes’ descriptions. Now, every time I get an error in any program, I check the list from this blog http://blogs.msdn.com/joshpoley/pages/errors-009-facility-sspi.aspx.

This is how the table with error codes looks like:

Code

HRESULT

Description

#define

1 0xC0090001 The specified event is currently not being audited. ERROR_AUDITING_DISABLED
1 0x80090001 Bad UID. NTE_BAD_UID
2 0xC0090002 The SID filtering operation removed all SIDs. ERROR_ALL_SIDS_FILTERED
2 0x80090002 Bad Hash. NTE_BAD_HASH
4103 0x80091007 The hash value is not correct. CRYPT_E_HASH_VALUE

The last row shows an error I got the day before yesterday and reading this description helped me understand the problem I was having.

Thought it might help you sometimes…