Can’t mount a Windows 2008 share?

September 27, 2011 at 10:34 am (linux, TechTips, windows)

If you are trying to mount a Windows 2008 (or potentially other versions of windows) share using mount.cifs and you keep getting an input/output error like the one below, then read on.

[jason@superfreak ~]$ sudo mount // /mnt/ecomm/ -tcifs -orw,username=doctor
mount error 5 = Input/output error
Refer to the mount.cifs(8) manual page ( mount.cifs)

The error reporting that is provided by mount.cifs is really not that good.  That input/output error could really mean anything.  Let’s use smbclient to attempt a connection to the share.  smbclient is sort of like a FTP client, but used to connect to a SMB share.  However, the real reason why we are using it is because it gives much more detailed error reporting by default.  Also, you could increase the debug level to some truly insane detail.

[jason@superfreak ~]$ smbclient // -U doctor
Enter doctor’s password:
Domain=[POWERHOUSE] OS=[Windows Server 2008 R2 Standard 7601 Service Pack 1] Server=[Windows Server 2008 R2 Standard 6.1]
tree connect failed: NT_STATUS_DUPLICATE_NAME

Finally, some more detail.  The error message ‘NT_STATUS_DUPLICATE_NAME’ indicates that the connection was denied by the windows server because the destination host name that I provided was different then the computer name set on the actual destination server.  This is a security feature in Windows Server 2008 (and likely other versions of Windows).  In my case this is because I access the server through a load balancer.  There is a special virtual service on the load balancer to allow the SMB connection into the server.  However, for you the mismatch might be caused by a alias in your hosts file, bad DNS entry or simply even a mistype.

Now try the mount operation using the IP addresses instead of the hostname.  Using just the IP address will not cause that security check to trip.  Now it should work with no issues.

Happy Hacking.


Permalink 1 Comment

Great WMI CLI article.

March 10, 2010 at 10:49 am (TechTips, windows) (, )

I used to great article as a reference when trying to find how to kill a process on a remote windows machine using WMI CLI.

Permalink Leave a Comment

dotDefender putting wrong result code in IIS log.

February 8, 2010 at 11:38 am (Technology, windows) (, , )

I work with a IIS server that has a application firewall called dotDefender.  This host also has a HIDS (Host Based Intrusion Detection System) called OSSEC.  Which, by the way, I highly recommend, it is an excellent open source software package.  One of the functions of OSSEC is to monitor the IIS logs looking for URL requests that match a pattern of potentially bad requests.  Once it spots one of these requests, it checks the HTTP result code.  If the result code is a success type, then OSSEC will generate an alert.  However, if the result code indicates that there was not success, then no alert will be generated.

I have been receiving many alerts from this web server about bad requests that have resulted in success.  To test exactly what was happening I manually recreated the process that the client makes connecting to the server to see what it responds with.

Connected to
Escape character is '^]'.
GET /examples/jsp/source.jsp?%2e%2e/%2e%2e/%2e%2e/%2e%2e/system/autoexec.ncf HTTP/1.1

HTTP/1.1 302 Denied
Connection: close
Date: Mon, 08 Feb 2010 14:49:09 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-dotDefender-denied: 1
Content-Type: text/html

<html></html>Connection closed by foreign host.

Well, that looks good.  The client was given a error 302 which is ‘denied’.  Nice!  But what got logged by IIS for the transaction?

2010-02-08 14:49:09 W3SVC1 www GET /examples/jsp/source.jsp %2e%2e/%2e%2e/%2e%2e/%2e%2e/system/autoexec.ncf 80 - HTTP/1.1 - - - 200 0 0 247 112 5125

Wowzers!  For some reason IIS has logged status code 200, ‘OK’, for that transaction.  This makes it look like that nasty URL has succeeded.  As a result OSSEC does it’s job and alerts me about that.

This behavior by dotDefender is completely wrong.  I’m guessing it’s likely a bug.  They probably don’t have dotDefender reporting the status code correctly into ISS.  I’d trouble shoot and fix it myself if I had access to the source code.  However, the application is proprietary so my hands are tied in that regard.  I have opened a support ticket with the provider AppliCure.  I’ll provide an update when I get more information from them.

Update #1 (Tue Feb  9 11:02:14 EST 2010):

AppliCure has confirmed that the issue is reproducible in their lab.  I actually have a ticket number now.  Exciting!

Update #2 (Tue Mar  2 09:57:40 EST 2010):

Well, I haven’t heard any news from AppliCure support on my ticket in a long time now.  I decided to contact support through the Online Support Chat widget.  For some reason, I never receive any emails from their support department.  They tell me that they are still investigating the issue.  They hope to have a fix in the next release.  The next release?  They can’t give me a fix for it?  Ouch.  They will call me to let me know when the next release is available and if it contains the fix.

Permalink 3 Comments

Installer Service is not Accessible

February 4, 2009 at 11:41 am (Technology, TechTips, windows) (, , , )

I have run into a strange condition on some Windows XP boxes before(imagine that).  When I try to install or uninstall anything (including windows updates), I get this error message:

The Windows Installer Service could not be accessed.
This can occur if you are running Windows in safe
mode, or if the Windows Installer is not correctly
installed. Contact your support personnel for assistance.

I don’t have a clue what is causing the Windows Installer Service to not be accessible any longer.  However, I have found that the fix is quite easy.

Essentially, you need to be logged in with Administrative privileges and run these two commands from the command line:
msiexec.exe /unregister
msiexec.exe /regserver

This link is the official MS KB article I found this in:

Permalink Leave a Comment

Creating VSS snapshots on Windows 2003 Server.

January 15, 2009 at 4:36 pm (windows) (, , , )

At work, I recently was chosen to be the administrator for a new SAN system that we are purchasing.  I intend to do a full article at some point about this product once it is installed.  For now, I will just tell you that it runs on CentOS and is called FalconStor.  Anyhow, while I was in initial technical training on this system we began a discussion about how to correctly backup windows systems, especially servers.  The major issue with backing up MS OSes is how to acquiesce all applications running on the system.  What I mean by this, is making the system right all data that is in flight to the disk and freezing it.

Microsoft has created an interesting mechanism to make this task more managable.  It is called Volume Shadow Service.  I suggest reading theese two documents first to get an introduction to what the service is and how it works:

Essentially, when you create a a snapshot using VSS the following highly summarized steps occur:

  1. VSS sends a signal to all apps that have been registered as WritersWriters are applications that are writing data to disk in such a way that there might be in flight data.  Each of these writers have a different method of acquiescing it’s data.  For instance, the file system will flush all of it’s buffers to disk.  Another example of a writer is MS SQL server.
  2. Each writer will signal back to the VSS manager once it’s data is in a acquiesced state.
  3. Once all writers have checked in, a Copy on Write snapshot is created.  This snapshot is essentially a frozen image of the data.  This COW snapshot is only updated with differential data.
  4. The VSS manager will wait until it knows that the COW snapshot has successfully been created.
  5. Finally, the VSS manager will notify all writers that they can now un-acquiesce their data.  Essentially, this will thaw out the data and let whatever was being buffered, be written to disk.
  6. All operations have now been completed and a COW based snapshot now exists.

All applications written for the Microsoft platform are supposed to utilize the VSS sub-system for acquiesceing it’s data.  Therefore, the only way to acquiese data on a MS OS is to use VSS.  The reader of this article who has been paying attention will notice something at this time in relation to Microsoft backup software.  Many software companies that sell backup tools for the Microsoft platform also sell little applications called ‘Agents’.  Such as ‘Agent for Open Files’.  It should now be clear that the only way that these applications could be working, is by creating a VSS snapshot and then backing up from that.  Therefore, it would appear that you really don’t need these agents.  One could simply write some scripts that would be lauched using the pre and post script starters of your backup software that could handle this task.  The scripts would simply create the snapshots when needed and delete then when the backup is done.

How would one access the the snapshot though?  How do you actually get at that volume?  The VSS snapshot is not normally exposed as a drive.  However, you can install the tool vshadow.exe from the VSS SDK pack.  More information about this SDK can be found here.  This tool will allow you to create snapshots and manage them in a variety of ways.  One of the more useful functions of this tool, is that it will allow you to expose a VSS snapshot as either a drive letter or a mount point.  This is excellent for scripting, because now you can create a persistent VSS snapshot and mount it as a drive and copy things off of it…like perhaps a backup.

Lets do a few examples of this process.  Before you can try this out, you must install the VSS SDK as discussed above.

Now run:

vshadow.exe -p c:

This will create a persistent VSS snapshot of the C drive.  There are two types of VSS snapshots: 1) Persistent  2) Temporary.  The default type of snapshot to be created is temporary.  Windows XP is only capable of making temporary snapshots.  This means that an application can request that a snapshot be created.  Once it is created, the VSS system will notify the application of the Global Root ID of the snapshot volume.  The application will then access that volume and process it however it wanted to.  Once the application is done processing the data, it will then notify the VSS system it is done.  The VSS system will then stop holding open the snapshot and it will be destroyed.  In Windows 2003 the concept of a persistent snapshot was introduced.  This is where a snapshot can be requested and it will remain in existence, even when there is no application still attached to it.  We want a persistant snapshot, so we provide the -p argument.

You will now see some output that looks similar to this:

VSHADOW.EXE 2.2 - Volume Shadow Copy sample client
Copyright (C) 2005 Microsoft Corporation. All rights reserved.

(Option: Persistent shadow copy)
(Option: Create shadow copy set)
– Setting the VSS context to: 0x00000009
(Gathering writer metadata…)
(Waiting for the asynchronous operation to finish…)
Initialize writer metadata …
Discover directly excluded components …
– Excluding writer ‘MSDEWriter’ since it has no selected components for restore.

Discover components that reside outside the shadow set …
Discover all excluded components …
Discover excluded writers …
Discover explicitly included components …
Verifying explicitly specified writers/components …
Select explicitly included components …
* Writer ‘System Writer’:
– Add component \System Files
* Writer ‘Event Log Writer’:
– Add component \Event Logs
* Writer ‘Registry Writer’:
– Add component \Registry
* Writer ‘COM+ REGDB Writer’:
– Add component \COM+ REGDB
* Writer ‘WMI Writer’:
– Add component \WMI
Creating shadow set {97147285-295c-4112-ac7b-365a667c62e8} …
– Adding volume \\?\Volume{4910a320-7ecf-11db-8356-806e6f6e6963}\ [C:\] to the s
hadow set…
Preparing for backup …
(Waiting for the asynchronous operation to finish…)
(Waiting for the asynchronous operation to finish…)
Creating the shadow (DoSnapshotSet) …
(Waiting for the asynchronous operation to finish…)
(Waiting for the asynchronous operation to finish…)
Shadow copy set succesfully created.

List of created shadow copies:

Querying all shadow copies with the SnapshotSetID {97147285-295c-4112-ac7b-365a6
67c62e8} …

* SNAPSHOT ID = {647617de-d55b-45c5-a087-74f0143cbffa} …
– Shadow copy Set: {97147285-295c-4112-ac7b-365a667c62e8}
– Original count of shadow copies = 1
– Original Volume name: \\?\Volume{4910a320-7ecf-11db-8356-806e6f6e6963}\ [C:
– Creation Time: 1/14/2009 1:52:16 PM
– Shadow copy device name: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy5
– Originating machine:
– Service machine:
– Not Exposed
– Provider id: {b5946137-7b9f-4925-af80-51abd60b20d5}
– Attributes: No_Auto_Release Persistent Differential

– Mark all writers as succesfully backed up…
Completing the backup (BackupComplete) …
(Waiting for the asynchronous operation to finish…)
(Waiting for the asynchronous operation to finish…)

Snapshot creation done.

The important line to pay attention her is the one called SNAPSHOT ID.  This is the ID number of the snapshot that was just created.  You will need this to expose this volume as a drive letter or a mount point.

You can verify that that the snapshot has been created by running this command:
vshadow.exe -q

At this point you are ready to expose the snapshot as either a drive letter or a mount point.
vshadow.exe -el={18b93c57-ca61-467d-abc4-d4fa19559ded},m:\mypoint

This will expose the snapshot with the ID string that is in the braces on the mount point of M:\mypoint.  This command can also be used to just mount it on a drive letter that is currently not in use.  To do this, just put the drive letter of choice and colon as the second argument:
vshadow.exe -el={18b93c57-ca61-467d-abc4-d4fa19559ded},X:

Next, you might wonder how you can un-expose a snapshot volume from a drive letter or mount point.  I have not been able to find a way to do this, while keeping the snapshot in tact.  The only way that I have found to do this is to delete the snapshot itself.  If you can figure out a way to keep the snapshot while un-exposing it, please post the solution as a comment to this article.

This command will delete that snapshot volume and remove the drive letter or mount point:
vshadow.exe -ds={18b93c57-ca61-467d-abc4-d4fa19559ded}

That should be enough information to get you started with VSS snapshots.  This information should help the skilled SysAdmin take better control of backing up the Windows Server 2003 servers that he is tasked to work with.  There are many other features of VSS that seem like they would be interesting to explore, such as transportable snapshots, etc.  I hope to look more into it in the future.

Permalink 12 Comments

Do neat tricks with WMI from the DOS prompt.

August 28, 2008 at 9:40 am (windows) (, )

In my System Administrator role, I am always looking for ways to make my job easier.  Often I can make my job easier by finding ways to be more efficient.  One of the the best ways to become more efficient is by writting scripts to automate tasks for you….scripts can be like little robots that do work for you.  However, sometimes the task you are trying to do doesn’t need a whole script because it’s something small.  This is where WMI can be really helpful.

We all know that Windows is very high maintenance.  Many tasks related to servicing users’s workstations often requires making a remote desktop connection or physically walking over to their desk.  However, much of this tedious work can be conducted right from your workstation more efficiently by using WMI.

Most articles on the internet discussing WMI that I’ve seen are talking about utilizing WMI via VB script.  I’ve found that usually, I do not need a whole script…rather I just need to remotely launch an application or view all installed updates, etc.  Quick actions like those can be done without writting any scripts even by using WMIC.  WMIC is that WMI console for the DOS prompt.

Here is a good article that demonstrates some basic uses and should get you on a good start using WMI in daily tasks:

Permalink 1 Comment

Message stuck in Microsoft SMTP service Queue

July 28, 2008 at 12:51 pm (Technology, windows) (, )

Recently I ran into a problem where emails that were generated using CDOSys were getting stuck in the Microsoft SMTP service outgoing queue.  If you are having problems with the Microsoft SMTP service, you may have discovered that it is difficult to troubleshoot.  This difficulty is mostly caused by the fact that the service has very little logging available to it.  It is true that you can enable logging via the IIS console, but that logging is minimal at best.  Errors are not recorded very well in that log.

I did spot in the event viewer some interesting entries that were complaining about internal DNS errors that appeared to be coming from the SMTP service.  Upon further research I found that IIS 5.0 running on Windows Server 2000 is not able to make DNS queries via UDP.  IIS is only able to query DNS servers using TCP.  This poses a problem since TCP is usually only used for zone transfers; therefore most DNS servers have TCP blocked and only allow UDP queries.

This will result in the SMTP service being unable to query DNS at all.  In that state SMTP service will initially process mail that is put into the ‘pickup’ directory by CDOSys, and move it into the ‘queue’ directory.  From this directory it is normally processed further and sent to the next MTA.  However, when SMTP service is unable to query DNS it just leaves the message in the queue directory and begins ‘BadMail’ processing.

How can you test to see if this is the issue you are having?  The first step I recommend is using nslookup to verify proper operation of DNS as per the needs of IIS 5.0.  Simply run nslookup from the command line (this can be done on either Windows or Linux), and force it to do all queries using TCP.  While in nslookup enter:

set vc

Now any queries you enter will be done using TCP.  If this fails, try turning off forced TCP and run the query again.  If this works you know that the IIS server cannot make TCP DNS queries to it’s designated DNS server.  You can turn off forced TCP by using this command in nslookup:

set novc

Also there is a useful tool from Microsoft that runs various mail sending steps and can help you in debugging this and other issues with SMTP service.  This tool is called SMTPDiagHere is a good article that shows a little on how to use SMTPDiag.

If you have determined that your mail is getting stuck because of TCP DNS queries being rejected or dropped, there are essentially three options for you to fix this:

  • If your firewall is preventing TCP DNS queries, modify the rules to allow it.
  • If possible, change the configuration of the DNS server to allow TCP queries.
  • Change the IIS server to use a DNS server that is configured to allow TCP queries.

Use the nslookup procedure shown above to determine both that the firewall rules are configured to allow TCP queries AND that the DNS server that you’d like to use is allowing TCP queries.  Once are sure that you have set IIS to query a DNS server that allows TCP queries, simply restart the SMTP service and all mail in Queue should begin to process.

Remember:  On Windows Server 2000, you must reboot the server after you changed the DNS servers for a interface in order for the change to take effect.

Permalink 18 Comments