I have two Window Server 2016 servers configured as a failover pair DHCP servers. Everything had been working fine for more than a year until suddenly clients were not able to get leases and the DHCP scope statistics indicated that the pools had no more addresses to assign. Using a bit of PowerShell
$computername = “server01”
$scopeid = "10.20.0.0”
foreach ($object in Get-DhcpServerv4Lease –ComputerName $computername –ScopeId $scopeid)
if ($object.AddressState –eq 'BAD_ADDRESSES')
I saw the following:
IPAddress ScopeId ClientId HostName AddressState LeaseExpiryTime
--------- ------- -------- -------- ------------ ---------------
10.20.0.101 10.20.0.0 65-00-14-0a BAD_ADDRESS Declined 7/17/2018 4:04:...
10.20.0.107 10.20.0.0 6b-00-14-0a BAD_ADDRESS Declined 7/20/2018 4:16:...
10.20.0.108 10.20.0.0 6c-00-14-0a BAD_ADDRESS Declined 7/18/2018 2:50:...
10.20.0.111 10.20.0.0 6f-00-14-0a BAD_ADDRESS Declined 7/9/2018 4:18:4...
10.20.0.120 10.20.0.0 78-00-14-0a BAD_ADDRESS Declined 7/9/2018 6:30:2...
Edited for brevity. Nearly the entire scope was filled up like this.
After much head scratching, I looked in the Windows Event Viewer on both servers and saw the following error repeatedly logged on one of the servers “The server detected that it is out of time synchronization with partner server: server02.domain.net for failover relationship: SLP-DHCP-Failover. The time is out of sync by: 163 seconds .” This error was logged under the “Applications and Service Logs -> Microsoft -> Windows-DHCP Server -> Microsoft-Windows-DHCP Server Events/Admin”
I checked the clock on the partner server and noticed it was more than four minutes off from the other DHCP server. When looking at the NTP status using the command “w32time /query /status” there wasn’t any NTP server defined! Once I re-issued the “w32tm /resync /rediscover” command it discovered the domain controller and after a bit of time the clocks were in sync and all my DHCP issues were resolved.
In order to leverage host header capabilities with SSL enabled sites you need to use a command line tool as the IIS GUI management tool does not allow you to bind multiple SSL sites to the same IP.
The ‘appcmd’ executable is in the following path %windir%\system32\inetsrv
The syntax is:
appcmd set site /site.name:"Site Name" /+bindings.[protocol='https',bindingInformation='*:443:site.name.com']
I ran across a server that was running Windows Server 2003, but it was actually an upgraded Windows Server 2000 machine. This meant that the glorious tab completion function didn’t work within a command prompt window.
In order to enable this functionality a simple registry change is required.
Navigate to HKEY_CURRENT_USER\Software\Microsoft\Command Processor and edit the CompletionChar value to the hex equivalent of the key you’d like to use. to use the tab key a value of 9 is required.
Here’s the Microsoft page on this topic (KB 244407)
I had an issue today that required me to determine what virtual directory was responding to a particular host header. I quickly located a VB script that handled this task with ease. The script is courtesy of this page: http://serverfault.com/questions/107619/how-do-i-get-a-list-of-websites-from-iis-showing-the-host-header-value-descript
DIM CRLF, TAB
TAB = CHR(9)
CRLF = CHR(13)& CHR(10)IF WScript.Arguments.Length =1THEN
strServer = WScript.Arguments(0)ELSE
WScript.Echo "Enumerating websites on "& strServer & CRLF
SET objWebService = GetObject("IIS://"& strServer &"/W3SVC")
SUB EnumWebsites( objWebService )DIM objWebServer, objWebServerRoot, strBindings
FOREACH objWebServer IN objWebService
IF objWebserver.Class="IIsWebServer"THENSET objWebServerRoot = GetObject(objWebServer.adspath &"/root")
"Site ID = "& objWebserver.Name & CRLF & _
"Comment = """& objWebServer.ServerComment &""" "& CRLF & _
"State = "& State2Desc( objWebserver.ServerState )& CRLF & _
"Path = "& objWebServerRoot.path & CRLF & _
"LogDir = "& objWebServer.LogFileDirectory & _
""' Enumerate the HTTP bindings (ServerBindings) and' SSL bindings (SecureBindings)
strBindings = EnumBindings( objWebServer.ServerBindings )& _
EnumBindings( objWebServer.SecureBindings )IFNOT strBindings =""THEN
WScript.Echo "IP Address"& TAB & _
"Port"& TAB & _
"Host"& CRLF & _
ENDIFENDIFNEXTENDSUBFUNCTION EnumBindings( objBindingList )DIM i, strIP, strPort, strHost
DIM reBinding, reMatch, reMatches
SET reBinding =NEW RegExp
reBinding.Pattern ="([^:]*):([^:]*):(.*)"FOR i = LBOUND( objBindingList )TO UBOUND( objBindingList )' objBindingList( i ) is a string looking like IP:Port:HostSET reMatches = reBinding.Execute( objBindingList( i ))FOREACH reMatch IN reMatches
strIP = reMatch.SubMatches(0)
strPort = reMatch.SubMatches(1)
strHost = reMatch.SubMatches(2)' Do some pretty processingIF strIP =""THEN strIP ="All Unassigned"IF strHost =""THEN strHost ="*"IF LEN( strIP )<8THEN strIP = strIP & TAB
EnumBindings = EnumBindings & _
strIP & TAB & _
strPort & TAB & _
strHost & TAB & _
EnumBindings = EnumBindings & CRLF
NEXTENDFUNCTIONFUNCTION State2Desc( nState )SELECTCASE nState
State2Desc ="Starting (MD_SERVER_STATE_STARTING)"CASE2
State2Desc ="Started (MD_SERVER_STATE_STARTED)"CASE3
State2Desc ="Stopping (MD_SERVER_STATE_STOPPING)"CASE4
State2Desc ="Stopped (MD_SERVER_STATE_STOPPED)"CASE5
State2Desc ="Pausing (MD_SERVER_STATE_PAUSING)"CASE6
State2Desc ="Paused (MD_SERVER_STATE_PAUSED)"CASE7
State2Desc ="Continuing (MD_SERVER_STATE_CONTINUING)"CASEELSE
State2Desc ="Unknown state"ENDSELECTENDFUNCTION
When using Exchange 2007 in a single domain environment users can log in using just a username instead of domain\username. This was problematic in Exchange 2003 because of the DS2MB background process, but simple to do in Exchange 2007.
Open Exchange Management Console
Expand Server Configuration
Select Client Access and click the Outlook Web Access tab
Select owa (Default Web Site) and click the Properties action
Click the Authentication tab
Under Use forms-based authentication, select User name only
Click Browse and select the domain name
Or, using PowerShell:
Set-OWAVirtualDirectory -Identity “owa (default web site)” -LogonFormat username -DefaultDomain companyabc.com
Finally run IISRESET /NOFORCE from a command promp to restart IIS and enforce the change.
This will update the logon page to display the new logon requirements.
I found this utility today when searching for a way to recover an unknown VNC password on a Windows 20003 server.