Use Dig to Troubleshoot DNS Issue on Windows

Get dig.exe on Windows

• Download and extract the BIND binary zip file to a folder from ISC.
• Open a command prompt and navigate to the folder
• Enter dig, no installation is required.

Basic syntax

• dig @dns-server name type
• dig @dns-server -q name -t type

Simplify the output

• dig +nocmd +noall +answer @dns-server name
• dig +nocmd +noall +answer +multiline @dns-server name any

Windows Page File Purposes and Sizing

Consider the following for page file sizing

• System crash dump: the page file must exist and be larger than the physical memory (RAM)
• Peak system committed memory:
  • system committed memory = physical memory + all page files combined size
  • 
  • The system with 8GB RAM + 1.3GB page file = 9.2GB committed RAM
• Infrequently accessed pages: Infrequently accessed modified pages are removed from physical memory and stored in the page files. The “\Memory\Modified Page List Bytes” performance counter measures, in part, the number of infrequently accessed modified pages that are destined for the hard disk.

Extend or add a page file if all the following performance counters are true:

• \Memory\Available MBytes is low (more available phyiscal memory is in use): less than 4 MB 
• \Memory\Modified Page List Bytes is high 
• \Paging Files(_Total)\%Usage is high: more than 70%

General recommendation

• Windows Server DC and DFS replication, certificate, and LDS servers are not supported without a configured page file
• Exchange Server requires a page file
• Set a static page file size rather than dymantically managed by Windows
• For Windows Server 2012 or R2 Hyper-V, the page file of the management OS (the host OS) should be left at the default of setting of “System Managed”
• For 64-bit SQL Server, enable “Lock Page in Memory” for the SQL Server service account
• For 64-bit SQL Server, set Page File to be a static 6 GB

Source:

• How to determine the appropriate page file size for 64-bit versions of Windows
• The Windows Page File and SQL Server (performance counter number)
• Windows Page File Explained (example of page file size)

Use \\?\UNC\ on A UNC Name to Work Around Windows 260 Characters File Name Limit

Prefixing the file name with “\\?\” can work around the Windows 260 characters (up to 32,000 characters) file name limit in some command line utilities. For example, for local file, dir \\?\c:\longfilename.txt.

However, the syntax is different on a UNC name, it needs to be \\?\UNC\servername\share\longfilename.txt. For example, dir \\?\UNC\fileserver\dept\it\longfilename.txt.

Not all the command line utilities support this syntax.

• Icacls - support
• PowerShell (get-acl) - not support, because of .NET

For more info see

Long Paths in .NET, Part 1 of 3

Remove OneDrive from File Explorer Side Panel in Windows 10

On my work PC, I use OneDrive for Business instead of OneDrive. By default Windows 10 includes an OneDrive shortcut in File Explorer side panel.

Change the following registry key to remove it.

• {HKEY_CLASSES_ROOT\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}
• In the subkey System.IsPinnedToNameSpaceTree change the DWORD from 1 to 0
• No reboot required.

Source: Microsoft TechNet Forums

Use Sigcheck and VirusTotal to Scan Files for Malware

Sigcheck is a tool to check files digital signature, and recently is updated to auidt the root CA stores. And it can also be used to scan files for malware via VirusTotal.

Unless the -vs option is used, sigcheck only compares the hash of a file in VirusTotal’s database to determine whether the file contains malware.

• Download the latest version of Sigcheck (as of 01/26/2016, v.2.42)
• Unzip the zip file to a folder
• Open Command Prompt as Administrator, and change to the folder
• Run sigcheck.exe -vt, and enter y to agree the VirusTotal policy
• To scan a file: sigcheck.exe -v <filename>
• To upload a file that is not previously scanned to VirtualTotal; the file size is up to 128MB: sigcheck.exe -vs <filename>
• To scan a folder and subfolder: sigcheck.exe -v -s <foldername>
• To scan and create a CSV report: sigcheck.exe -v -s -c <foldername> > <report.csv>
• Check the VT detection column for the number of antivirus engine deteted a malware and used
• Open the URL in VT link in a browser to get the detail of the analysis - which antivirus engine and type of malware

Fix A VSAN Host Shows 0 of 0 Disks In Use

We have three hosts running on VSAN 6.1. Today the Disk Management in vSphere Client shows one of the hosts 0 of 0 Disk in Use.

And in VSAN General, it shows the warning of Mixed On-disk Format Version, and there is an upgrade button next to it. (Do Not Click It - I didn’t click it, and am not sure what the impact would be). Because our VSAN environment is built from scratch with VSAN 6.1, it is not upgrade from VSAN 5.5. It does not make sense the disk format requires an upgrade.

Troubleshoot

• Run VSAN Health check, everthing is green.

• The affected host shows all the disks under its Manage, Storage, Storage Devices.

Solution

• Click the first icon under Storage Devices to refresh the host’s storage information.

Now the Disk Management and On Disk Fromat are back to normal.

Configure ESXi Network Dump Collector

When booting the ESXi from a SD, you probably need to reconfigure the ESXi dump collector location to a persistent datastore or a network dump collector.

The reason is the ESXi installer puts the scratch partition in “/tmp/scratch” on the local ramdisk. see the quote below from Booting ESXi off USB/SD.

3.  Where does the scratch partition get placed when booting from USB?

Because USB/SD devices are sensitive to high amounts of I/O the installer will not place the scratch partition on a USB/SD device.  Instead, the installer first scans for a local 4GB vfat partition, if it doesn’t find one it will then scan for a local VMFS volume on which to create a scratch directory.  If no local vfat partition or VMFS volume is found, as a last resort the installer will put the scratch partition in “/tmp/scratch” (i.e. put scratch on the local ramdisk).  If this happens it’s a good idea to manually reconfigure the scratch partition after the install.

The persistent store can be any available datastore (NFS, FC, iSCSI, local), except the VSAN datastore. If the ESXi host is a VSAN host, it’s likely you need to use the network dump collector instead of the persistent datastore.

There are two parts to set up the network dump collector:

1. On the VCSA: Enable VMware vSphere ESXi Dump Collector service via vSphere Web Client
• Administration, System Configurations, Services, VMware vSphere ESXi Dump Collector
• Actions, Edit Startup Type, Automatic
• Actions, Start
• Note: the coredump file location is /var/core/netdumps
2. On each ESXi host:
• SSH to the ESXi host
• esxcli system coredump network get
• esxcli system coredump network set --interface-name <vmk0> --server-ipv4 <VCSA-IP-Address> --server-port 6500
• esxcli system coredump network set --enable true
• esxcli system coredump network check
• or check the VCSA log file /var/log/vmware/netdumper/netdumper.log
• /sbin/auto-backup.sh
• to save the configuration file to persist after a reboot

See more info from “Booting ESXi off USB/SD”, KB2002955, Configure and Test of ESXi Dump Collector.