No matter how sophisticated the technology is , It still takes people !
Subscribe to this blog
Follow by Email
Windows 2008 Server Interview Questions Part II
1. What are the Important Windows port numbers:
RDP – 3389 – (windows rdp port number and remote desktop port number) FTP – 21 – (file transfer protocol) TFTP – 69 – ( tftp port number ) Telnet – 23 – ( telnet port number) SMTP – 25 – ( SMTP port number) DNS – 53 – ( dns port number and Domain Name System port number) DHCP – 68 – (DHCP port number and Dynamic Host Configuration Protocol port number ) POP3 – 110 – ( post office Protocol 3 port ) HTTP – 80 – (http port number) HTTPS – 443 – (https port number) NNTP – 119 – ( Network News Transfer Protocol Port number ) NTP – 123 – (ntp port number and network Time Protocol and SNTP port number ) IMAP – 143 – (Internet Message Access Protocol port number) SSMTP – 465 – ( SMTP Over SSl ) SIMAP – 993 – ( IMAP Over SSL ) SPOP3 – 995 – ( POP# Over SS L) Time – 123 – ( ntp port number and network Time Protocol and SNTP port number ) NetBios – 137 – ( Name Service ) NetBios – 139 – ( Datagram Service ) DHCP Client – 546 – (DHCP Client port number) DHCP Server – 547 – (DHCP Server port number) Global Catalog – 3268 – (Global Catalog port number) LDAP – 389 – ( LDAP port number and Lightweight Directory Access Protocol port number ) RPC – 135 – (remote procedure call Port number) Kerberos – 88 – ( Kerberos Port Number) SSH – 22 – ( ssh port number and Secure Shell port number)
2. How to check tombstone lifetime value in your Forest
Tombstone lifetime value different from OS to OS, for windows server 2000/2003 it’s 60 days, In Windows Server 2003 SP1, default tombstone lifetime (TSL) value has increased from 60 days to 180 days, again in Windows Server 2003 R2 TSL value has been decreased to 60 days, Windows Server 2003 R2 SP2 and windows server 2008 it’s 180 days If you migrating windows 2003 environment to windows 2008 then its 60 day’s
you can use the below command to check/view the current tombstone lifetime value for your Domain/Forest
dsquery * “cn=directory service,cn=windows nt,cn=services,cn=configuration,dc=” –scope base –attr tombstonelifetime
Replace forestDN with your domain partition DN, for domainname.com the DN would be dc=domainname, dc=com
3. How to find the domain controller that contains the lingering object
If we enable Strict Replication Consistency
Lingering objects are not present on domain controllers that log Event ID 1988. The source domain controller contains the lingering object
If we doesn’t enable Strict Replication Consistency
Lingering objects are not present on domain controllers that log Event ID 1388. Domain controller that doesn’t log Event ID 1388 and that domain controller contain the lingering object
You have a 100 Domain controllers which doesn’t enable Strict Replication Consistency, then you will get the Event ID 1388 on all the 99 Domain controllers except the one that contain the lingering object
Need to Remove Lingering Objects from the affected domain controller or decommission the domain controller
You can use Event Comb tool (Eventcombmt.exe) is a multi-threaded tool that can be used to gather specific events from the Event Viewer logs of different computers at the same time.
You can download these tools from the following location:
List of Active Directory Ports for Active Directory replication and Active Directory authentication, this ports can be used to configure the Firewall Active Directory replication- There is no defined port for Active Directory replication, Active Directory replication remote procedure calls (RPC) occur dynamically over an available port through RPCSS (RPC Endpoint Mapper) by using port 135
File Replication Services (FRS)- There is no defined port for FRS, FRS replication over remote procedure calls (RPCs) occurs dynamically over an available port by using RPCSS (RPC Endpoint Mapper ) on port 135
As an administrator you have to check your active directory health daily to reduce the active directory related issues, if you are not monitoring the health of your active directory what will happen
Let’s say one of the Domain Controller failed to replicate, first day you will not have any issue. If this will continue then you will have login issue and you will not find the object change and new object, that’s created and changed in other Domain Controller this will lead to other issues
If the Domain Controller is not replicated more then 60 day’s then it will lead to Lingering issue
Command to check the replication to all the DC’s(through this we can check Active Directory Health)
Repadmin /replsum /bysrc /bydest /sort:delta
You can also save the command output to text file, by using the below command
this will list the domain controllers that are failing to replicate with the delta value You can daily run this to check your active directory health
6. GPRESULT falied with access denied error:
Unable to get the result from gpresult on windows 2003 server, gpresult return with the access denied errors, you can able to update the group policy without issue
Run the following commands to register the userenv.dll and recompile the rsop mof file To resolve the access denied error while doing the gpresult. 1. Open a cmd 1. re-register the userenv.dll Regsvr32 /n /I c:\winnt\system32\userenv.dll 2. CD c:\windows\system32\wbem 3. Mofcomp scersop.mof 4. Gpupdate /force 5. Gpresult
Now you able to run the gpresult without error and even server reboot not required for this procedure
7. What is the command to find out site name for given DC
dsquery server NYDC01 -site
domain controller name = NYDC01
8. Command to find all DCs in the given site
Command to find all the Domain Controllers in the “Default-First-Site-Name” site
dsquery server -o rdn -site Default-First-Site-Name
Site name = Default-First-Site-Name
9. How many types of queries DNS does?
Iterative Query Recursive Query
In this query the client ask the name server for the best possible answer, the name server check the cache and zone for which it’s authoritative and returns the best possible answer to the client, which would be the full answer like IP address or try the other name server
Client demands either a full answer or an error message (like record or domain name does not exist) Client machine always send recursive query to the DNS server, if the DNS server does not have the requested information, DNS server send the iterative query to the other name server (through forwarders or secondary DNS server) until it gets the information, or until the name query fails.
This post is related to the issue what we faced today when we replaced the SSL certificates in our setup. When I launched the web-client and access the update manager tab, I get the message "interface
com.vmware.vim.binding.integrity.VcIntegrity is not visible from class
I started off by
restarting the VMWare vSphere Update Manager Service for the affected vCSA: 1. Log into vCenter
using the firstname.lastname@example.org account. 2. Home - System
Configuration - Services - Restart
This did not resolve
my issue... And we tried restarting all the services by SSH/Console into the
affected server and run the following commands: service-control
--start --all Still no luck. Make sure the certs are applied and it gets reflected in the config file. ( verify if the thumbprint matches) root@homelab71 [
/usr/lib/vmware-updatemgr/bin ]# pwd/usr/lib/vmware-updatemgr/bin root@homelab71 [
/usr/lib/vmware-updatemgr/bin ]# ./updatemgr-util config -g | less
Before a running virtual machine can be migrated from one host to another there are some mandatory requirements that must first be met:
Hyper-V 2008 R2 must be deployed on both hosts. The first version of Hyper-V does not support live migration.
Source and destination Hyper-V hosts must be configured as a Failover cluster with shared storage enabled.
Source and destination systems must be using shared storage (i.e. via SAN or iSCSI configurations)
Source and destination systems must be running processors from the same manufacturer. It is not, for example, possible to migrate a virtual machine from an Intel based host to one containing an AMD CPU.
The virtual machine on which the migration is to be performed must be configured as Highly Available and to use Cluster Shared Volumes.
The virtual machine's Automatic Start Action setting must be set to do Nothing.
All Hyper-V hosts in the Failover cluster must be configured to boo…