Change the Heap Memory

 

https://kb.vmware.com/s/article/2150757

 

Advertisements

To check if you vCenter Server Appliance root password is expired.

1. SSH into the vCenter Server Appliance. (If the password isn’t working right away reboot)

2. Type “Shell”

3. Type “chage -l root”

 

To change the password

1. Type “passwd root”

2. Once the new password is entered check to see when it expires by typing “chage -l root”

 

To change the expiration policy

1. Log into the vCenter Server Appliance MOB at :5480 and click on the administration tab

 

https://my.vmware.com/group/vmware/patch

 

I had a client call in about their Xenapp users getting temporary profiles. I logged into the Application Servers and found lots of event ids 1508 , 1502, 1511, and 1500.

“Windows is unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.”

After investigating the problem and checking all the obvious things like space, security permissions, etc… I found the problem to be the Registry Hive on the Application Server was extremely bloated. Digging deeper I found the users Roaming profiles had an NTUSER.DAT file anywhere from 250MB to 800MB.

To find out what was bloating the NTUSER.DAT file, I rebooted the Application Server so no users were connected. Logged in with a user with a large NTUSER.DAT file and opened Regedit. Investigated the “HKEY_CURRENT_USER” key and exported HKEY_CURRENT_USER\Printers and HKEY_CURRENT_USER\Software. Looking at the size of the two exported files I noticed that HKEY_CURRENT_USER\Software was where the problem was as that file was 2GB in size. I began drilling further down specifically looking at printer manufacturers and issues with Universal Print Drivers. Exported each of the main printer companies HKEY_CURRENT_USER\Software\Hewlett-Packard , HKEY_CURRENT_USER\Software\Ricoh , HKEY_CURRENT_USER\Software\Konica Minolta , etc… I compared the file sizes of each and drilled down into each one individually to see which drivers were being loaded. Found several drivers that we no longer needed so I searched for a way to remove them from all the users NTUSER.DAT files.

I came across this link

https://www.experts-exchange.com/questions/27668833/Tool-for-Compacting-offline-registry.html

and Lester Clayton was able to write an application that did exactly that and you can download it from here

http://www.nsasp.net/CompactRegistryFile.zip

Next I made notes of all the drivers and items that I could clear out of the HKEY_CURRENT_USER registry (NTUSER.DAT).

Executed the removal by using the following commands

CompactRegistryFile.exe “C:\Profiles\USERNAME.V2\ntuser.dat” “software\KONICA MINOLTA\KONICA MINOLTA Universal PCL”

CompactRegistryFile.exe “C:\Profiles\USERNAME.V2\ntuser.dat” “software\KONICA MINOLTA\KONICA MINOLTA 554eSeriesPS”

CompactRegistryFile.exe “C:\Profiles\USERNAME.V2\ntuser.dat” “software\KONICA MINOLTA\KONICA MINOLTA C360SeriesPCL”

CompactRegistryFile.exe “C:\Profiles\USERNAME.V2\ntuser.dat” “software\KONICA MINOLTA\KONICA MINOLTA C360SeriesPS”

CompactRegistryFile.exe “C:\Profiles\USERNAME.V2\ntuser.dat” “software\KONICA MINOLTA\KONICA MINOLTA C364SeriesPCL”

CompactRegistryFile.exe “C:\Profiles\USERNAME.V2\ntuser.dat” “software\KONICA MINOLTA\KONICA MINOLTA C368SeriesPCL”

CompactRegistryFile.exe “C:\Profiles\USERNAME.V2\ntuser.dat” “software\KONICA MINOLTA\KONICA MINOLTA C652SeriesPCL”

 

Once that completed my NTUSER.DAT files were down to anywhere from 4MB to 26MB

Lastly I downloaded SYSInternals suite and ran the following commands to compress NTUSER.DAT even further

ru -h C:\Profiles\USERNAME.V2\ntuser.dat

Ran into an issue migrating from Exchange 2010 to Exchange 2016 on premise. Two mailboxes got to 95% and stopped TransientFailureSource. Looking at the logs I found the error “Transient error MapiExceptionNotFound has occurred. The system will retry”.

RESOLUTION

I found that the Content Index Databases on the Destination Exchange 2016 DAG were failed and suspended. I got them healthy again and was able to repair the mailboxes on the Exchange 2010 MBX server by running this command in EMS

New-MailboxRepairRequest -Mailbox userID -CorruptionType SearchFolder, AggregateCounts, ProvisionedFolder, FolderView

To verify the repair had finished I created a new view on the Exchange 2010 Event Viewer with the following settings. Event ID 10048 confirmed it was complete

Event-Viewer-Exchange-Health

I then restarted the mailbox migration and everything completed successfully.

 

Today I setup two brand new Exchange 2016 Servers running CU6. Created IP-Less DAG and multiple databases. I noticed that the databases Content Index State was Failed. I tried the usual

Get-MailboxDatabaseCopyStatus * | where {$_.ContentIndexState -eq “Failed”}

Get-MailboxDatabaseCopyStatus * | where {$_.ContentIndexState -eq “Failedandsuspended”}

Get-MailboxDatabaseCopyStatus * | where {$_.ContentIndexState -eq “Failed”} | Update-MailboxDatabaseCopy -CatalogOnly

Get-MailboxDatabaseCopyStatus * | where {$_.ContentIndexState -eq “Failedandsuspended”} | Update-MailboxDatabaseCopy -CatalogOnly

NONE of those worked.

RESOLUTION:

I changed the databases activation preferences from 1 to 2 on each of the hosting servers. Shortly after the databases began to crawl and then showed healthy.

Configuring Remote Desktop Passthrough Authentication

  1. Create a new GPO named RDP-Passthrough
  2. Edit the policy and navigate to “Computer Configuration->Policies->Administrative Templates->Windows Components->Remote Desktop Services->Remote Desktop Session Host->Security
  3. Set the “Require Use of specific security layer for remote connections” to enabled and choose “Negotiate” as the security layer
  4. In that same policy navigate to¬†“Computer Configuration->Policies->Administrative Templates->System->Credentials Delegation
  5. Enable the setting “Allow delegating default credentials” and add your servers to the list. Examples below
    1. TERMSRV/192.168.1.100
    2. TERMSRV/*.domain.com
    3. TERMSRV/*
  6. Next select “Allow delegating default credentials with NTLM-only server authentication and list the same items you listed in Step 5
    1. TERMSRV/192.168.1.100
    2. TERMSRV/*.domain.com
    3. TERMSRV/*
  7. Save the policy and link it to any OU that has the servers in which you want Passthrough authentication configured.