00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

15 Jul 2010 2 comments

After increasing the level of LDAP logging for Active Directory troubleshooting, a number of machine accounts were generating an Event 1535, ActiveDirectory_Domain Service error “00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0.” This event appeared about every hour for a variety of machine accounts (i.e, the user is DOMAIN\MACHINENAME$).



It turns out that this error is generated by that machine account not having full access to the AD object that corresponds to that machine’s DNS entry. These ACLs can be manipulated through the DNS MMC, or programmatically through the DC=DomainDNSZones,DC=[DOMAIN_NAME],DC=[TLD] AD LDAP tree.

Microsoft IT Environment Health Scanner – Functional Level Error

7 Apr 2010 Leave a comment
It appears that as of April 7, 2010, the Microsoft IT Environment Health Scaner does not support Active Directory domains in a 2008 R2 functional level.

Dell Unified Server Configuration Platform Update Error

18 Feb 2010 4 comments

On a Dell PowerEdge R710, the Platform Update mysteriously stopped working after one round of platform updates.

After configuring networking, the Platform Update feature in the Dell Unified Server Configurator (Release 1.1)  worked fine with the default settings:


But after the update, the Platform Update feature seemed broken. We kept getting the error “A network error occured while trying to connect to the FTP server. Check your network connections, cables, settings, and configuration. Consult with your network administrator, as required.”

I discovered an easy fix after a bit of trial and error. There was an change in the Platform Update had changed, and now required that the location of the update catalog be specified. Entering “catalog” (without quotes) into the Catalog Location field fixes the problem. I suppose the previous version automatically knew where to look.

You can tell the major and minor version of the USC from it’s first screen. During the writing of this post, the before and after looked like this.

Before Platform Update


After Platform Update


Off of the home screen, there is now an ‘About’ option that will tell you the current USC configuration. Much better.

Team Foundation Server 2008 (October 2008 Release) Best Practices Analyzer Errors

18 Feb 2010 Leave a comment


Despite our TFS installation operating correctly, after running the Team Foundation Server 2008 Best Practices Analyzer – October 2008 Release (which I will just call the TFS BPA from this point forward) , we were getting a variety of strange errors. Particularly, a bunch of calls to web services were complaining that the “property ‘UseDefaultCredentials’ cannot be found on this object.” This error would appear over and over again in the TFS BPA logs and the detailed results view.

It turns out that installing PowerShell 2.0 breaks the TFS BPA in an ungraceful manner. The clue was this MSDN Forums post.

Categories: Uncategorized

File Locations and the Hyper-V New Virtual Machine Wizard

29 Jan 2010 Leave a comment

In our lab, I like to have each Hyper-V virtual machine entirely self-contained within a single folder. The following describes how the answers to the New Virtual Machine Wizard changes the location of the Hyper-V files themselves.

Let [VHDs] and [VMs] be respective placeholders for the default Virtual Hard Disks and Virtual Machines folders defined in the Hyper-V Settings panel.

If, on the Specify Name and Location page, the virtual machine is named [Name], and the Store the virtual machine in a different location checkbox is unchecked, then 

  • The Connect Virtual Hard Disk page defaults to creating a VHD with the (file)name [Name].vhd in the location [VHDs]. Data from multiple virtual machines created in this fashion will be comingled, but traceable to a particular machine.
  • Upon completion, the wizard places all other VM data within the directory [VHDs]. Data from multiple virtual machines created in this fashion will be comingled, but not easily traceable to a particular machine since Hyper-V uses GUIDs (as opposed to machine names) for file and folder names.

If, however, the Store the virtual machine in a different location is checked, then

  • The Location field of the Specify Name and Location page, defaults to [VMs], but can be overwritten. Let [Location] represent the contents of this field.
  • The Connect Virtual Hard Disk page defaults to creating a VHD with the (file)name [Location].vhd in the location [Location]\[Name]\. (Naturally, if you did not override the default data in the location field, then the location would be [VMs]\[Name]\)
  • Upon completion, all of the files for the virtual machine will be located in the folder [Location]\[Name]\. Even when though Hyper-V uses GUIDs for file and folder names, they will be directly traceable to a particular virtual machine, by virtue of their place in the file system hierarchy.

Rotating Windows Event Logs

8 Dec 2009 Leave a comment

Microsoft Knowledge Base article KB312571 discusses how to enable automation rotation of event logs.

Constructing Automated E-mail with Predictable Linefeed Behavior in Outlook

2 Dec 2009 Leave a comment
In our lab, we have a series of system administration scripts that are run on a regular basis. Part of these scripts is sending an automatic email that contains various information about the disposition of those scripts.
Unfortunately, Outlook has a tendency to either delete or insert line breaks in an unpredictable (but deterministic, I imagine) manner. After some searching, I found the article Newsletter Formatting And The Remove Extra Line Breaks Issue that describes a workaround. It turns out, that if each line starts with two spaces, then Outlook will do a better job in preserving your format.
Thank you Robin Good!

Get every new post delivered to your Inbox.