Failed test VerifyEnterpriseReferences / msDFSR-ComputerReferenceBL / FRS and DFS Replication Member Objects

The following is some research I found while troubleshooting some recent SYSVOL File Replication issues. It is not necessarily a complete solution or even the correct one for you if you are suffering from similar issues. I’ve linked to the original sources, so please review the suggestions in-context of their original situations before deciding if they might help you fix your problems. Good luck!

Running DCDIAG.EXE in a Microsoft Windows Server 2008 R2 environment with a single domain controller resulted in a failure for the VerifyEnterpriseReferences test:

[1] Problem: Missing Expected Value
Base Object: CN=DC01,OU=Domain Controllers,DC=DOMAINNAME,DC=com
Base Object Description: "DC Account Object"
Value Object Attribute Name: msDFSR-ComputerReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: Please See Knowledge Base Article Q312862
LDAP Error 0x20 (32) - No Such Object
.............................DC01 failed test VerifyEnterpriseReferences

Based on the attribute name msDFSR-ComputerReferenceBL, Joson Zhou, a Microsoft employee and Moderator on the TechNet Forums, believes that KB article Q312862 may not apply to environments where the domain function level has been raised to Windows Server 2008.

The error means that the value of the attribute msDFSR-ComputerReferenceBL is not correct. To verify, performing the following steps:

1. On the Domain Controller, open the Active Directory Users and Computers console.
2. In the console, select Domain Controllers, and then double-click the relevant DC object (DC01 in this example) in the right pane.
3. Click the Attribute Editor tab, click the Filter button, and then check the Backlinks.
4. After that, you should see the attribute msDFSR-ComputerReferenceBL. The expected value is CN=DC01,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,Cn=system,DC=DOMAINNAME,DC=com.

Unfortunately, Mr. Zhou’s answer did not provide information on how to actually edit the value if it is “Not Set” and grayed out, and I could not find any suggestions how to do so anywhere else, either. If you discover the answer, please share it in a comment below.

On a follow-up message to the one above, Mervyn Zhang, another Microsoft Moderator, stated that “msDFSR-ComputerReferenceBL is a back reference of msDFSR-ComputerReference which relates to msDFSR-MemberReference“. He therefor recommens following these instructions to Review and Update the FRS or DFS Replication Member Object (http://tinyurl.com/nr5tq9):

You can use this procedure to update the File Replication Service (FRS) or Distributed File System (DFS) Replication member object after you rename a domain controller. This object must be updated with the new domain controller name so that the domain controller can replicate SYSVOL.

For more information about this procedure, see article 316826 in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkId=82821).

Membership in Domain Admins, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at http://go.microsoft.com/fwlink/?LinkId=83477.

To update the FRS member object

1. On the Start menu, point to Administrative Tools, and then click Active Directory Users and Computers.
2. On the View menu, click Advanced Features.
3. Expand the domain node, System, File Replication Service, and Domain System Volume (SYSVOL share). The <DomainControllerName> objects below Domain System Volume (SYSVOL share) are the FSR Member objects that correspond to domain controllers in the domain. Find the <DomainControllerName> object that shows the old name of the domain controller.
4. Right-click the FRS Member object for the old name of the domain controller, and then click Rename.
5. Type the new name of the domain controller.
6. To verify the name change, open ADSI Edit: On the Start menu, point to Administrative Tools, and then click ADSI Edit.

   View the fRSMemberReference attribute of the object CN=Domain System Volume (SYSVOL share),CN=NTFRS Subscriptions,CN=<DomainControllerName>,OU=Domain Controllers,DC=<DomainName> and confirm that the value in CN=<DomainControllerName> is the new name.

To update the DFS Replication member object

1. On the Start menu, point to Administrative Tools, and then click Active Directory Users and Computers.
2. On the View menu, click Advanced Features.
3. Expand the domain node, System, DFSR-GlobalSettings, Domain System Volume, and Topology. The <DomainControllerName> objects below Domain System Volume are the msDFSR-Member objects that correspond to domain controllers in the domain. Find the <DomainControllerName> object that shows the old name of the domain controller.
4. Right-click the msDFSR-Member object for the old name of the domain controller, and then click Rename.
5. Type the new name of the domain controller.
6. To verify the name change, open ADSI Edit: On the Start menu, point to Administrative Tools, and then click ADSI Edit.

   View the msDFSR-MemberReference attribute of the object CN=Domain System Volume,CN=DFSR-LocalSettings,CN=<DomainControllerName>,OU=Domain Controllers,DC=<DomainName> and confirm that the value in CN=<DomainControllerName> is the new name.

See also

Active Directory Schema Specifications: 2.139 Attribute msDFSR-ComputerReferenceBL

http://msdn.microsoft.com/en-us/library/cc220186(PROT.13).aspx

Active Directory Schema Terminology: ms-DFSR-ComputerReferenceBL Attribute

http://msdn.microsoft.com/en-us/library/ms677140(VS.85).aspx

Comments

1

Things have moved

In January 2006, we changed our company’s legal name from Acanthus Technology to Acorn IT Group and established the Allogro™ Business Networking Specialists division to serve our clients’ IT needs. We have maintained our old web site, but have not updated it in a long time.

We are in the process of shutting down the old site, and we are forwarding requests for old content to the current information at our Allogro or Acorn IT Group sites.

If you were redirected to this announcement instead of the content you were expecting, it is because that content no longer exists on any of our sites.

Please contact us if there is something with which you need assistance, and we will do our best to help you.

An easy way to keep plugins and themes updated in multiple WordPress installations

In this article: Introduction, Prerequisites, How my file system is structured, Creating the repositories, Linking to the repositories, Recap, Common problems and fixes, Maintaining your repositories, Using this technique with ZenPhoto and other CMS systems, Additional resources, Comments and feedback

Introduction

WordPress is a wonderful blogging platform and, in certain situations, a good choice for a general content management system (CMS). It is easy to end up with several parallel installations of WordPress—one for each major topic you want to discuss. Everything works great at first, but after a while, the constant barrage of updates to the main application, various plug-ins, and the themes becomes something of a management nightmare. The more blogs you operate, the more time is spent maintaining the blogging environment and the less that is available to actually blog.

If you host your WordPress blog on a Linux-based server (BSD or most any other Unix-like operating system should be able to do this equally well) and you have “shell access”, I might have a way to ease your pain. In a nutshell, you will create a central repository containing every WordPress plug-in that you use in all of your blogs. You create a separate repository containing each of your themes. Next, you create symbolic links (think of them as shortcuts; more about them in just a moment) from each installation of WordPress to your central repositories. From that point on, you only have to update your plug-ins and themes once, and the change will take effect instantly across all your sites. It’s a very slick trick!

This trick works probably works well on many other CMS systems that use plug-ins and themes; I have started using it with my ZenPhoto installations, too. In addition to helping keep things updated, it also saves disk space since you are only maintaining a single copy of the files on your server.

I will provide step-by-step instructions and some quirks for which you need to be aware. One quick word of caution: mistakes, bugs, and goofs can also instantly affect all your sites, so be very careful as you work, take your time, and always backup your files and databases before you start.
(more…)

Vista Quick Launch icon locations change after restart

Background

After every restart, the icons in my Quick Launch toolbar in Windows Vista were rearranged into alphabetical order. The toolbar itself was resized, taking up most of the Taskbar. It didn’t matter how many times I carefully moved the icons around, nor did it matter if I logged off and back on, restarted, or shut down and powered back up—I couldn’t get the icons to stay the way I want them. I don’t remember when it started, so I can’t pinpoint what changed on my system that might have caused it.

After much searching, I found various solutions to a similar problem in Windows XP. Several solutions suggested installing third-party utilities that reset your Desktop back to the way you like after each restart. I’m generally not a big fan of adding on utilities to fix problems with the operating system; I prefer to fix the OS. I finally found one solution that worked for me with Vista that fixed a problem deep inside the Windows Registry.

Read on for the details on how I fixed this annoying quirk.
(more…)

Adding Network Connections to Vista’s Start Menu

The new Microsoft motto seems to be “make everything useful at least one extra step more difficult”. This certainly has been true for all but the most commonly used features with Office 2007’s Ribbon interface. It’s also true with many of the control panels in Windows Vista.

One control panel I use regularly is “Network Connections”.

Using Vista’s GUI interface in non-Classic mode, you have to go to Start > Control Panel > View network status and tasks > Manage network connections.

In Classic View, go to Start > Control Panel > Network and Sharing Center > Manage network connections.

You can also use the Search box (or the Run option if you have unhidden it) and enter ncpa.cpl.

I’m not sure which is the less appealing route—all that clicking or trying to remember a cryptic filename.

What I did to make life a little bit easier was use the search method, and when the control panel appeared at the top of the search results pane, I right-clicked it, chose “Send To”, then “Desktop (create a shortcut)”. A shortcut appeared on my Desktop, which I cut so I could paste it somewhere easier to find (like at the top of my Start menu). Depending on where you save it, Vista might require administrative rights to paste the shortcut.

Adding Folders and Programs to the ‘Send To’ Context Menu in Windows Vista

Special thanks to Andre De Costa’s Teching It Easy blog for this useful information.

I do not know why the developers at Microsoft felt the need to move already somewhat obscure and hidden features to even more obscure locations in Windows Vista. Maybe they figure that it’s helpful to techs to slow them down to stretch out their billable hours or build-in even more job security for system admins by making things more and more difficult for average users.

Under the Windows 9x family, to add programs or folders to the “Send To” context menu, you just plunked a shortcut into “C:\WINDOWS\Send To“.

This was far too easy, and the average user had no problem customizing Windows the way they wanted. When Windows 2000 (followed by XP and 2003) came along and moved user preferences to the “C:\Documents and Settings” folder, I thought that was a good idea. After all, the Windows folder gets very full, and the average user could cause him or herself problems by deleting the wrong thing. Thus, the Send To folder was moved to “C:\Documents and Settings\Username\Send To“. This was still pretty easy and intuitive for anyone who actually wanted to use this handy feature.

Along comes Windows Vista. The familiar “Documents and Settings” folder structure has been replaced by a shortcut (with more shortcuts from there). Security has been tightened to the point that a user with standard user permissions probably can’t even make changes to his or her own settings without a lots of frustration (I haven’t tried, because standard user permissions are SO limited as to make Vista barely usable for anyone who has even moderate experience with Windows.).

So how does one edit the Send To menu? (more…)

CRITICAL – Buffer overflow in VML used by IE and Outlook

Summary

Threat Level: Critical Zero-Day Vulnerability

This threat is currently active and spreading in the wild. Most Windows-based computers, even if fully up-to-date with all the official Microsoft patches, are vulnerable right now unless certain actions are taken to protect yourself (see below).

What it does: Various websites, including advertising sites that generate advertisements appearing on trusted websites, become infected. These sites use a specific type of attack to slip through your computer’s security, leaving a big hole for your computer to be further attacked. Since some versions of Outlook and Outlook Express use Internet Explorer to display some types of e-mail, you can become infected just by displaying infected e-mails you receive.

(more…)

Secrets Often Stay on Cell Phones and PDAs

It seems people swap cell phones, smart phones, and PDAs about as frequently as they change their smoke detector batteries. These miniaturized devices hold a large amount of personal data inside their tiny silicon brains. So what happens to all that data when you trade in your cellular phone for a new one? Or what if you sell it on eBay to help offset the cost of your replacement device?

If you’re like a lot of technologically challenged people, you don’t even think about purging the memory before you hand it over, and if you do think about it, you might not know how to erase the data.

If you are a bit more tech savvy, you might delve into the manual (you didn’t throw it away or lose it, did you?) or search the Web for instructions. It’s not like most devices have a big red “ERASE ME” button on them. It’s kinda tough to delete all your data. And for good reason (I’m referring to the technologically challenged button pushers that can’t resist big red buttons).

The scary thing is that after finding out how to delete the data and pushing the right menu options, the data still might not be completely gone! According to an AP story reported in the Dallas Morning News, secrets often stay on cell phones even after the data is supposedly deleted. That might be good news if you accidentally erased everything, but it would be bad news if you are a government official, a cheating spouse, or just someone who doesn’t like people snooping through their personal information.

Read the article. It’s a bit shocking, has a touch of humor, and it just might help people to “decide whether to auction their used equipment for a few hundred dollars – and risk revealing their secrets – or effectively toss their old phones under a large truck to dispose of them.”

RAID – What is it and what are the differences?

RAID is a method of storing data on multiple hard disks. Through the “magic” of the disk array, all of the individual disks appear as a single disk to the operating system. Large arrays can be split into smaller logical disks, that can be any size up to the total amount of disk space. Depending on exactly how the data is spread across the multiple disks determines the relative speed and security of the data on the disks.

Back in the old days when large (750MB) hard disks were relatively expensive (say $1200 US) and smaller disks (100MB) were relatively inexpensive (maybe $130), somebody figured out that it could be possible to link several of the inexpensive disks together to roughly equal the capacity of a single larger disk. The complete package was called a disk array, and the method of storing the data on the disks was called RAID, for Redundant Array of Inexpensive Disks.

Today, the relative price difference between an 80GB and a 160GB or even a 400GB hard drive is not so great; however, RAID is still very much a part of life with computers—especially with servers. Obviously there is more to RAID than just a cost savings. (RAID now stands for Redundant Array of Independent Devices, which indicates the drift away from price being the motivating factor in choosing a RAID solution.) In fact, by the time you factor in the additional hardware to create and manage the array, RAID usually costs more than non-RAID solutions. So why do we use it? The answers are speed and reliability.

(more…)

Surge Protector vs. UPS

A client asked: Do I need a surge protector? If the power goes out sometime, what happens w/ the computer?

A surge protector is very important for protecting computers and other electronic equipment from damaging electrical spikes and surges. Fortunately this client already had one. Read the rest of the comments I wrote to her explaining the difference and dispelling the confusion surrounding surge protection and uninterruptible power supplies: (more…)

Windows Shortcuts Disappear

It doesn’t happen very often, but when it does, it’s really annoying. Your Windows Desktop refreshes (often after a program crashes), and all the icons on your Desktop and in the Start Menu have been reset to generic icons that all look alike. Sometimes it’s a temporary thing, and restarting the computer will fix it. Other times it takes a different tool.There are a number of nifty tools available from Microsoft’s web site called “Power Toys”. These are a bunch of little applets that tweak or enhance the way Windows works. There are things like fancier calculators, image re-sizers, and ones that are a little difficult to explain (but do really neat things). These Power Toys are version-specific (i.e., you can’t use the Windows XP Power Toys under Windows 98 for example). The WinXP version is available here.

Out of all the Power Toys that are available, TweakUI is probably the most useful tool of all. This TweakUI gives you access to system settings that are not exposed in the Windows XP default user interface, including mouse settings, Explorer settings, taskbar settings, and more. It comes in two versions, one for standard 32-bit processor machines (e.g., Celerons, Pentiums, etc.) and also for 64-bit Itanium processor machines. It runs under Windows XP Service Pack 1 or later, as well as Windows Server 2003.

To restore your Desktop and Start Menu icons, download the appropriate version of TweakUI, install it, and then run it. In the left-hand column at the bottom is an option to “Repair”. Click it, and you will see that “Rebuild Icons” is the selected option in the pull-down menu. Click the “Repair Now” button, and all your icons should magically reappear. It will also reset the order of your icons (which could be slightly annoying if you have carefully lined up your icons up in a particular pattern).

This handy tool can also fix problems related to a messed up Fonts folder, your Unread Mail Count, and many other things. Feel free to poke around and see what else you can tweak. Just remember that all Power Toys are unsupported by Microsoft. I’ve never had a problem with them, but if you do, Microsoft cannot bail you out (and neither can we).

So tweak at your own risk.

Make Disk Cleanup Faster

Running Windows Disk Cleanup on a regular basis is really a great idea to keep your computer running lean and efficient. The only problem is, if you are like me, I’d almost rather visit my dentist than wait for the utility to complete its scan. It turns out that about 90% of the wait is the result of just one type of scan, and that scan is essentially pointless. Here are the steps for disabling this annoying “feature” and making your Disk Cleanups as fast and efficient as they should be!

The instructions are slightly modified from a Microsoft Knowledgebase article. The article discusses what to do if Disk Cleanup stops responding completely. It turns out the “fix” works perfectly well as a preventive measure. (more…)

Alphabet Soup – Chat Acronymns

FWIW there are a lot of acronyms out there, especially on AIM, YIM, MSN, and IRC. I am FAQ about what these things mean. It would be nice to tell people to RTM, but AFAIK there aren’t very many comprehensive lists available (BICBW). So, here is a list of many common acronyms I’ve seen used from time to time. HTH. IAE, if I left some favorite ones out, BMG to add them in the comments. Just keep them kid-friendly. Thx!

A/S/L … Age/Sex/Location
AFAIK … As far as I know
AFK … Away from keyboard (especially mobile users not at a computer)
AIM … AOL Instant Messenger; also verb for transferring files via AIM
ASAP … As soon as possible
ATM … At the moment
B … Back
BAK … Back at keyboard (typically used after AFK or BRB)
BBL … Be back later
BBS … Be back soon
BC … Because
BCNU … Be Seein’ You
BFF … Best Friends Forever
BFN … Bye for now
BG … Big grin
BIAB … Back in a bit
BICBW … But I could be wrong
BMG … Be my guest
BRB … Be right back
BTA … But then again
BTW … By the way

Continued on page 1: A-B / 2: C-I / 3: J-R / 4: S-Z

Outlook Express/Outlook Won’t Save Passwords

Symptoms: Every time you open Outlook Express or Outlook you are asked to re-enter your password even though the Save Password box is checked (or grayed out).

Problem: Generally this is caused by a problem in the Registry with the Protected Storage System Provider key.

Resolution: Follow the steps below to fix this problem or visit Microsoft’s Knowledge Base article 29684 for an even more detailed information.

(more…)

Re: Hidden partition vs. a real Windows CD

My thanks go to Brett for his comments posted on Ed Bott’s blog about Dell’s hidden restore partitions.

I originally posted this message in the comments, but it was too long and got cut off midway. Here is the complete message, including some interesting utilities and tools I found within the Ghost Recovery Console built into some new Dell Dimension 1100 computers. This article is fairly technical and probably only of interest to other techies. (more…)