EzDev.org

windows-server-2008 interview questions

Top 15 windows-server-2008 interview questions

19 Jobs openings for windows-server-2008


"ipv6 equivalent" of 192.168.x.x (configuring a static ipv6 address)

Background: I have a windows 2008 machine and I want to make it a Domain Controller in a test domain made of two virtual machines. dcpromo pops up a warning if IP addresses for the machine are not statically configured. Disabling IPv6 is not an option since it's required by Exchange, which in turn is a prerequisite for the software I must test.

The question: How should I configure the IPv6 properties of the network adapter to use a static ipv6 address? what is the "ipv6 equivalent" of a static 192.168.x.x ipv4 address?


Source: (StackOverflow)

How do I turn off IE's protected mode in Windows 2008 R2?

How do I turn off IE's protected mode in Windows 2008 R2?

I'm building development servers, and it is just getting in the way.


Source: (StackOverflow)

Setting Low Disk Space Alerts on Windows Server 2008

I was wondering if there is an easy way to trigger an e-mail alert on Windows Server 2008 when any logical disk partitions become low on space. I have 2 SQL servers that have come close to running out of disk space because of the DB log files.

Thanks, Ryan


Source: (StackOverflow)

How to inspect remote SMTP server's TLS certificate?

We have an Exchange 2007 server running on Windows Server 2008. Our client uses another vendor's mail server. Their security policies require us to use enforced TLS. This was working fine until recently.

Now, when Exchange tries to deliver mail to the client's server, it logs the following:

A secure connection to domain-secured domain 'ourclient.com' on connector 'Default external mail' could not be established because the validation of the Transport Layer Security (TLS) certificate for ourclient.com failed with status 'UntrustedRoot. Contact the administrator of ourclient.com to resolve the problem, or remove the domain from the domain-secured list.

Removing ourclient.com from the TLSSendDomainSecureList causes messages to be delivered successfully using opportunistic TLS, but this is a temporary workaround at best.

The client is an extremely large, security-sensitive international corporation. Our IT contact there claims to be unaware of any changes to their TLS certificate. I have asked him repeatedly to please identify the authority that generated the certificate so that I can troubleshoot the validation error, but so far he has been unable to provide an answer. For all I know, our client could have replaced their valid TLS certificate with one from an in-house certificate authority.

Does anyone know a way to manually inspect a remote SMTP server's TLS certificate, as one can do for a remote HTTPS server's certificate in a web browser? It could be very helpful to determine who issued the certificate and compare that information against the list of trusted root certificates on our Exchange server.


Source: (StackOverflow)

"Peaky" CPU Usage on Domain Controllers

We have two Windows Server 2008 SP2 (sadly not 2008 R2) Domain Controllers in a small 150 client domain that are exhibiting very "peaky" CPU usage. The Domain Controllers both exhibit the same behavior and are hosted on vSphere 5.5.0, 1331820. Every two or three seconds the CPU usage jumps up to 80-100% and then quickly drops, remains low for a second or two and then jumps up again.

DC3 Task Manager Performance


Looking at the historical performance data for the virtual machine indicates that this condition has been going on for at least a year but the frequency has increased since March.

DC3 Virtual Machine Performance



The offending process is SVChost.exe which is wrapping the DHCP Client (dhcpcsvc.dll), EventLog (wevtsvc.dll) and LMHOSTS (lmhsvc.dll) services. I'm certainly not a Windows internals expert but I could not seem to find anything especially amiss when viewing the process with Process Explorer other than it appears the EventLog is triggering a ton of RpcBindingUnbind calls.

DC3 Process Explorer for SVCHost.exe



At this point I'm out of coffee and ideas. How should I continue to troubleshoot this issue?


Source: (StackOverflow)

Logging in as the same user multiple times in Remote Desktop Windows Server 2008

Quick question: I have a situation where I need to let multiple people on different PCs log into one server 2008 machine as administrator simultaneously over remote desktop. I have the CALs for it, it's just not set up correctly. When one user tries to log in, it boots the other out. What I need is to present to them a different session, just each as logged in as admin. Sorry for the slightly rambling post, I'm new here. Thanks!


Source: (StackOverflow)

Windows Server 2008: specifying the default IP address when NIC has multiple addresses

I have a Windows Server which has ~10 IP addresses statically bound. The problem is I don't know how to specify the default IP address.

Sometimes when I assign a new address to the NIC, the default IP address changes with the last IP entered in the advanced IP configuration on the NIC. This has the effect (since I use NAT) that the outgoing public IP changes too.

Even though this problem is currently on Windows Server 2008.

How can you set the default IP address on a NIC when it has multiple IP addresses bound?

There is more explication on my problem.

alt text

Here is the output of ipconfig:

DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.99.49(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.51(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.52(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.53(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.54(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.55(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.56(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.57(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.58(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.59(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.60(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.61(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.62(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.64(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.65(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.66(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.67(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.68(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.70(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.71(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.108(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.109(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.112(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.63(Duplicate)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.99.1

If I do a pathping there is the answer, the first up is the 99.49, also if my default IP address is 99.100

Tracing route to www.l.google.com [72.14.204.99]
over a maximum of 30 hops:
  0  Machine [192.168.99.49]

There is the routing table on the machine:

 Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0     192.168.99.1    192.168.99.49    261
           10.10.10.0    255.255.255.0         On-link       10.10.10.10    261
          10.10.10.10  255.255.255.255         On-link       10.10.10.10    261
         10.10.10.255  255.255.255.255         On-link       10.10.10.10    261
         192.168.99.0    255.255.255.0         On-link     192.168.99.49    261
        192.168.99.49  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.51  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.52  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.53  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.54  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.55  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.56  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.57  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.58  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.59  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.60  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.61  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.62  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.64  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.65  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.66  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.67  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.68  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.70  255.255.255.255         On-link     192.168.99.49    261
        192.168.99.71  255.255.255.255         On-link     192.168.99.49    261
       192.168.99.100  255.255.255.255         On-link     192.168.99.49    261
       192.168.99.108  255.255.255.255         On-link     192.168.99.49    261
       192.168.99.109  255.255.255.255         On-link     192.168.99.49    261
       192.168.99.112  255.255.255.255         On-link     192.168.99.49    261
       192.168.99.255  255.255.255.255         On-link     192.168.99.49    261
            224.0.0.0        240.0.0.0         On-link     192.168.99.49    261
            224.0.0.0        240.0.0.0         On-link       10.10.10.10    261
      255.255.255.255  255.255.255.255         On-link     192.168.99.49    261
      255.255.255.255  255.255.255.255         On-link       10.10.10.10    261

I think my route should look like:

Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0     192.168.99.1    **192.168.99.100**    261
           10.10.10.0    255.255.255.0         On-link       10.10.10.10    261
          10.10.10.10  255.255.255.255         On-link       10.10.10.10    261
         10.10.10.255  255.255.255.255         On-link       10.10.10.10    261
         192.168.99.0    255.255.255.0         On-link     192.168.99.100    261
        192.168.99.49  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.51  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.52  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.53  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.54  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.55  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.56  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.57  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.58  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.59  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.60  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.61  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.62  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.64  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.65  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.66  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.67  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.68  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.70  255.255.255.255         On-link     192.168.99.100    261
        192.168.99.71  255.255.255.255         On-link     192.168.99.100    261
       192.168.99.100  255.255.255.255         On-link     192.168.99.100    261
       192.168.99.108  255.255.255.255         On-link     192.168.99.100    261
       192.168.99.109  255.255.255.255         On-link     192.168.99.100    261
       192.168.99.112  255.255.255.255         On-link     192.168.99.100    261
       192.168.99.255  255.255.255.255         On-link     192.168.99.100    261
            224.0.0.0        240.0.0.0         On-link     192.168.99.100    261
            224.0.0.0        240.0.0.0         On-link       10.10.10.10    261
      255.255.255.255  255.255.255.255         On-link     192.168.99.100    261
      255.255.255.255  255.255.255.255         On-link       10.10.10.10    261

How can I be sure the IP address used in the image (supposed to be the default IP address) will be use by my server as the default address?


Source: (StackOverflow)

IIS7: can't set host name on site with SSL cert and port 443

Consider a Win 2008 SP2 machine with IIS7. The task is to apply a certificate and host name to the one and only Site on this machine. The site's host headers need to be abc.123.example.com

The first step was installing the .pfx to the Personal Store, which was successful.

IIS7 finds the cert as available, but won't allow the entry of a host name. The host name textbox is ALWAYS disabled/greyed out, even before selecting my cert. I've even deleted the default port 80 binding.

Site Bindings

Question: how can I set a host name for this site? Is it a matter of this cert being a wildcard cert? I understand that the SSL request comes into the web server, and the host header in the packet is encrypted. Why then would IIS6 allow the host header to be specified, but IIS7 not?

Update: The cert isn't part of the problem. I've created a new Site on the machine, and when choosing https binding, the host name textbox is disabled.


Source: (StackOverflow)

Cheapest iSCSI SAN for Windows 2008/SQL Server clustering?

Are there any production-quality iSCSI SANs suitable for use with Windows Server 2008/SQL Server for failover clustering?

So far, I've only seen Dell's MD3000i, and HP's MSA 2000 (2012i), which both are around $6K with a minimal disk configuration. Buffalo (yea, I know), has a $1000 device with iSCSI support, but they say it will not work for 2008 failover clustering.

I'm interested in seeing something suitable for failover in a production environment, but with very low IO requirements. (Clustering, say, a 30GB DB.)

As for using software: On Windows, StarWind seems to have a great solution. But it's actually more money than buying a hardware SAN. (As I understand, only the enterprise edition supports having replicas, and that's $3000 a license.)

I was thinking I could use Linux, something like DRBD + an iSCSI target would be fine. However, I haven't seen any free or low-cost iSCSI software that supports SCSI-3 persistent reservations, which Windows 2008 needs for failover clustering.

I know $6K isn't much at all, just curious to see if there are practical cheaper solutions out there. And finally, yes, the software is expensive, but many small business get MS BizSpark, so the Windows 2008 Enterprise / SQL 2008 licenses are completely free.


Source: (StackOverflow)

Should I install Windows Management Framework 3.0?

I'm posting this as a BIG CAVEAT to everyone. I know it's not a standard Q&A, but I think this is something every Windows admin should know. There is a very real risk of falling into Big Troubles.

Microsoft has recently released Windows Management Framework 3.0 for Windows Server 2008 and Windows Server 2008 R2 systems, which includes some nice things native to Windows Server 2012 (like PowerShell 3.0) and lots of improvements to WMI, WinRM and other management technologies.

Windows Update is advertising it as an optional update.

Should I install it on my servers?


Update: Microsoft has removed the update from Windows Update after major compatibility issues with various products (including the ones being discussed here) have been reported by multiple users.


Source: (StackOverflow)

Disable password complexity rule in Active Directory

Where do I go to disable the password complexity policy for the domain?

I've logged onto the domain controller (Windows Server 2008) and found the option in local policies which is of course locked from any changes. However I can't find the same sort of policies in the group policy manager. Which nodes do I have to expand out to find it?


Source: (StackOverflow)

Windows 2008 ignores Gratuitous ARP requests

We recently saw an issue after a fail over of our router where our Windows 2008 Boxes didn't start talking to the primary router after fail-back.

When we did some digging they still had the ARP entry from the secondary router. According to the TechNet Blog this is by-design:

First, a Windows Vista or Windows Server 2008 will not update the Neighbor cache if an ARP broadcast is received unless it is part of a broadcast ARP request for the receiver. What this means is that when a gratuitous ARP is sent on a network with Windows Vista and Widows Server 2008, these systems will not update their cache with incorrect information if there is an IP address conflict.

Secondly, it appears that the windows neighbor-cache (arp-cache) is only updated if the machine can no longer talk to the machine that is in it's cache currently. It does not send out occasional ARP requests to make sure the cache is not stale. While this isn't an issue during the initial fail over, during fail back when both boxes are alive this causes windows to keep talking to the secondary box.

Is there any way to force Windows 2008 to accept Gratuitous ARP requests?


Source: (StackOverflow)

How can I get a list of shared directories on local Windows server?

If I have a Windows server (typically 2000, 2003 or 2008), is there a simple way to list all local directories shared on that server?

I can find the shares themselves easily enough, but I would love a quick way to find the local directories they represent on disk.

Thanks!


Source: (StackOverflow)

Removing an (apparently) infinitely recursive folder

Somehow, one of our old Server 2008 (not R2) boxes has developed a seemingly infinitely-recursing folder. This is playing havock with our backups, as the backup agent tries to recurse down into the folder and never returns.

The folder structure looks something like:

C:\Storage\Folder1
C:\Storage\Folder1\Folder1
C:\Storage\Folder1\Folder1\Folder1
C:\Storage\Folder1\Folder1\Folder1\Folder1

... and so on. It's like one of those Mandelbrot sets we used to all play with in the 90's.

I've tried:

  • Deleting it from Explorer. Yeah, I'm an optimist.
  • RMDIR C:\Storage\Folder1 /Q/S - this returns The directory is not empty
  • ROBOCOPY C:\temp\EmptyDirectory C:\Storage\Folder1 /PURGE - this spins through the folders for a couple of minutes before robocopy.exe crashes.

Can anyone suggest a way to kill this folder off for good?


Source: (StackOverflow)

Active Directory Health Checks

I've had some Active Directory troubles lately was was wondering what checks I could do on a regular basis I could do to ensure everything is working optimally?


Source: (StackOverflow)