Perfmon Blackbox… more better :)

During a recent workshop in southern California I promised my students that I would update an old blog of mine that referenced how to create a blackbox perfmon data collector set. In the instructions I mentioned that the best way to get one of these running and keep it running all the time was to create a startup script. I have since found a better way. I credit my colleague Martin Vokurek with figuring out this neat little trick.

So, first you will want to create the blackbox data collector set and you can see how to do that in my original blog HERE. Afterword, you come back to this post and follow these easy steps.

Number 1… go to the computer management (Start –> right-click Computer –> click Manage)


Number 2… browse down to the “PLA” section of your Task Library (Server Manager –> Configuration –> Task Scheduler –> Task Scheduler Library –> Microsoft –> Windows –> PLA)


Number 3… in this list you’ll see your data collector set and if you don’t you need to enable the hidden tasks (view -> show hidden tasks)

Number 4… double click your data collector set to open its properties

Number 5… go to the triggers tab

Number 6… click on new and add “At Startup”


That’s it. You should now see the blackbox data collector set restart each and every time the system starts.


I also want to use this time to point out a strange behavior that’s been noticed. And it has to do with how perfmon interprets “append” and “circular logging” (or bincirc with is the binary circular logging format).

You basically have two choices, and it really comes down to that double dash in the –v (once again see HERE). With this on, perfmon will use the same filename (thus an actual blackbox) each time it restarts. Turn off the dash dash v and you’ll see it actually create a new file each time it restarts.

There are upsides and downsides to both approaches. If you WANT perfmon to always use the same file (and not risk ever accidentally consuming all the space on your drive with a bunch of 500mb log files) you’ll want to go with the –v option. The downside to this approach is that perfmon will clear out the log file and start fresh with a zero byte log. Meaning if your server reboots you’ll not have any perf data from the previous session.

If you want to keep the file just don’t use the v option. And keep an eye on that disk space. Because what will happen is perfmon will simply create a new blackbox after each restart so you can go back through the previous blg file.

Command line confusion (what do all those brackets mean?)

So… I found out this week that a lot of folks get confused by some of our (Microsoft’s) KB and TechNet articles when we start showing examples of how to use a command line tool. Same holds true when you look at the helpfile for some of the same commands.

It is actually not just random as some folks think 🙂
So here’s how this breaks down:
Text without brackets, braces, angles, etc, means items you MUST type as shown.
Text inside of <angle brackets> are a placeholder that you MUST put a value.
Text inside of [square brackets] are just optional items.

When you see items {inside of braces} these are a SET of required items, you need to pick ONE.

When you see a vertical bar like this | these are just showing mutually exclusive items, pick ONE.

When you see this (…) this indicates something that can be repeated.

For instance lets take the command line REPADMIN. The help file shows this:

repadmin <cmd> <args> [/u:{domain\user}] [/pw:{password | *}] [/retry[:<retries>][:<delay>]] [/csv]

Meaning, repadmin is obviously required. And so is providing some sort of arguement such as /syncall. Everything else is optional.

So then we would look at the help file for repadmin /syncall

repadmin /syncall <DSA> [<Naming Context>] [<flags>]

Meaning to sync the DC, you would need to type something like this:

repadmin /syncall myDomainController.mydomain.local

And optionally you can do some extra stuff like this:

repadmin /syncall myDomainController.mydomain.local /AeP

Which would cause (if you read the helpfile) myDomainController to sync all the naming contexts (NC’s) that it holds in the database enterprise wide and will Push the changes.

What’s actually funny about this one particular command (little off subject but worth mentioning) is that you can also specify the switch /q to run in quiet mode – or the /Q switch to run in REALLY quiet mode 😉

I hope this helps to clarify.

Microsoft patent division taking cash from at least 5 Android vendors

I felt this was definitely worth an echo from:

One of Microsoft’s hottest new profit centers is a smartphone platform you’ve definitely heard of: Android.

Google‘s Linux-based mobile operating system is a favorite target for Microsoft’s patent attorneys, who are suing numerous Android vendors and just today announced that another manufacturer has agreed to write checks to Microsoft every time it ships an Android device.

Microsoft’s latest target is Wistron Corp., which has signed a patent agreement “that provides broad coverage under Microsoft’s patent portfolio for Wistron’s tablets, mobile phones, e-readers and other consumer devices running the Android or Chrome platform,” Microsoft announced.

You won’t find Wistron devices in a Google Shopping search or on, because the company builds components for other brands. The existence of both Android and Chrome in the latest patent agreement shows Microsoft is going after Google products on multiple fronts. Chrome OS laptops, or “Chromebooks,” recently hit the market from Samsung and Acer and contain the Chrome browser running on top of Linux.

“We are pleased that Wistron is taking advantage of our industrywide licensing program, established to help companies address Android’s IP issues,” Microsoft general counsel Horacio Gutierrez said in a press release.

Microsoft has struck more than 700 licensing agreements since launching its IP program in December 2003, including at least five with Android vendors. Just last week, Microsoft announced Android agreements with Velocity Micro, General Dynamics and Onkyo Corp. Since Microsoft is making the announcements one by one, there could be more coming this week.

The biggest win, however, was a patent agreement struck last year with HTC, which has become one of the most successful smartphone vendors on the strength of its Android devices such as the Evo and Thunderbolt.

Microsoft reportedly receives $5 every time HTC sells an Android phone, leading some observers to conclude that Microsoft makes more money from Android than its own WindowsPhone 7 platform.

Microsoft isn’t done, either. After all, there are dozens of Android vendors. Motorola, another major Android device maker, is fighting Microsoft’s patent infringement claims in court, butMicrosoft recently received a ruling in its favor in the ongoing litigation, according to patent watcher Florian Mueller.

Microsoft is suing Barnes & Noble over the Android-based Nook, and has signed patent agreements with Samsung and LG, although it’s not clear whether these agreements extend to Android, Mueller also notes.

Microsoft claims Motorola infringes on 21 patents, including 19 with Android, according to Mueller.

Microsoft’s contentious relationship with Linux-based products goes back many years, of course, to CEO Steve Ballmer calling Linux a cancer in 2001 and a 2007 claim that Linux and other open source software violates 235 Microsoft patents.

The Android patent wars also extend a fierce rivalry with Google, with the two companies fighting on many fronts including search engines, operating systems, browsers, office software and of course, mobile devices.

Ironically, Google’s Android is likely a bigger profit maker for Microsoft than Bing, which has failed to topple Google in the search market. Bing is part of Microsoft’s Online Services division, which lost more than $700 million in the most recent quarter. Microsoft’s Windows Phone revenue numbers haven’t been revealed, but Android is well ahead of Microsoft in smartphone market share.

RemoveReplicaFromPFRecursive.ps1 returns “There is no existing PublicFolder that matches the following identity

I was trying to retire my SBS 2008 box after migrating to SBS 2011 and I couldn’t uninstall Exchange Server. I kept getting errors that I needed to remove the replica sets from the public folders. But when I would run the RemoveReplicaFromPFRecursive.ps1 script is would error out over and over no matter what I put in it. By the way, if you get an error that “A positional parameter cannot be found that accepts argument ‘Folder'” it is because it doesn’t like the space when you tried to type “Public Folder Database” so just use “\” instead.

I was beating myself up over that one for a while.

Anyway – if the script won’t work you probably have an incorrect container with nothing inside in the path: CN=Second Storage Group,CN=InformationStore,CN={servername},CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC={domain},DC=local

I validated it was empty – and deleted it from ADSI edit and was then able to uninstall Exchange Server. If you don’t know what ADSI edit is, you probably don’t want to try this yourself without opening a support case. {sorry}

You can also see this article at my technet blog at

Put a BlackBox (Black Box) on your server!

So something I’ve been recommending to my customers for a while is to have the equivalent of an in flight data recorder on their server. You can do this with Perfmon with circular logging and it isn’t that hard to set up.

Why? Well take for example this scenario. You just got a call from one of your users that said the server was incredibly slow – you log on and everything looks fine. The user says yeah, it’s ok now but what happened?

Well, if it happens a couple more times – especially if someone or some automated process is waking you up in the middle of the night – you’re probably going to want to get to the bottom of this, right? Well, why wait until the problem happens again? Because you don’t have any data. Well now you can.

What you want to do is set Perfmon up so it ALWAYS runs. Keep a log of say 300 MB, 500 MB, or maybe a gigabyte of history. Set it up to start every time the machine starts up. And set it up to overwrite the log. This will always keep a history (similar to your event log) of what was just going on with the server in question.

Here’s how:

So the first thing you want to do is to have some counters, right? Wll which ones should you pick? Here is a template you can use. This is preloaded with all my personal favorites. If you know me very well then you know I teach a class from time to time called Vital Signs, which is all about learning performance monitor and what the various counters mean. This text file linked above are all the counters you’d need to solve 95%+ of the perf issues in the world.

So what do you do with it? First create a subfolder on C:\ (or whatever drive you want) and call it perflogs – if it isn’t already there. Then put the counters.txt file from above into that folder. Then all you need to do is type:

logman create counter BlackBox -cf c:\perflogs\counters.txt -si 05:00 -f bincirc -o c:\Perflogs\Blackbox.blg -a –v -max 500

What this will do is create a BLG (or binary logging file) in the perflogs subfolder. It will take a snapshot of all the counters in that counters.txt file every five minutes. It will run untill it hits 500MB and then it will just append to the file. So it will never grow beyond that size.

Then, all you need to do is start the log. You can type:

logman -start BlackBox

Now, here is the trick – this will keep that counter running until the machine reboots. So if you want it to keep running, put it into a startup script.

Then you’ll be able to look back into the log (to see what happened after someone calls and complains) by stopping the log either from inside of perfmon or from the command line by typing:

logman -stop BlackBox

Then copy the blackbox.blg file to your computer, start the blackbox back up again – and troubleshoot as normal.

(if you’re looking for advice on how to interpret perfmon counters, standby for a quick-tips post from me coming up later this month – or better yet, ask your Microsoft TAM about getting you into a Vital Signs class)

You can also find a copy of this article at my Technet Blog site:

Is metadata cleanup DEAD?!? Really?? – Yes. Yes it is.

OK so it isn’t really dead, but it isn’t necessary anymore. I’ve run into this out in the field a few times recently, it would seem we didn’t get the word out on this very well.

In older versions of Windows (prior to 2008) you had to use a tool called “ntdsutil” to forcably remove dead DC’s (or DC’s that were forcably removed using dcpromo /forceremoval) Here are some screenshots of that process.

As of 2008 this is no longer necessary. Simply deleting the account from the “Domain Controllers” OU will do the trick. Alternatively you can delete the DC from Sites and Services. Few extra steps but it works.

For more information please refer to this technet article.

And before you ask, no. To my knowledge there are no plans to actually remove ntdsutil.

A blurb about Phones and their Operating Systems

This might be a tiny bit off the norm for my blog but I keep getting the same questions from a lot of people. There’s a lot of confusion in the consumer market right now as the big players try and position themselves as the standard.

This confusion is not healthy for consumers. Let’s face it, those little magical pocket companions are becoming more and more a part of our lives, and I truly believe we’ve only scratched the surface. More and more your personal and professional lives will be tied and combined into these devices. Think back five years ago – did you see people in airports, lobby’s, bus terminals, traffic lights, restaurants, etc all looking down at their phones? Typing away on emails or facebook? No, they were staring off into space – a void we didn’t even really know existed. A waste of brain cycles some believe, a necessary break to allow the brain to store and process others would say. Whatever your philosophy, those days are gone.

A year ago I blogged (on another site which will forever remain nameless) about a coming device that someone would inevitably invent which would be a hybrid of the laptop and the phone. This now exists in a rather unrealized and somewhat underengineered form with the Motorola Atrix, but make no mistake. The device that will exist in your pocket for about 85% of what you need to do while mobile, then about 15% of the remaining tasks (like an Excel spreadsheet, long email, blog, or PowerPoint for instance) will be the same device, however either docked at home or docked at work with a full size monitor keyboard and mouse, depending where you are. Technologies that sync your documents (like Windows Phone 7 and the SkyDrive integration for documents and OneNote) up in the cloud aren’t a fad. This is reality. This is the future.

Let me attempt to clear the present state of that future a bit.

There are two schools of thought when it comes to SmartPhones.

Basically you have a slew of different hardware manufacturers (Nokia, Samsung, Dell, HTC, etc) that will build phones that run on varying “open platform” or “hardware agnostic” operating systems such as Google’s Android (which is free) or Windows Phone 7 (which is not free).

Then there are a number of hardware manufacturers that will ONLY build phones that run on their own operating systems (Blackberry which runs RIM or research in motion, and Apple which runs the iOS for example). They control what applications can go on the phones. They control the release cycles for patches and upgrades. Etc.

So if you woke up tomorrow and thought to yourself, “hey, I want to build phones – I have a really cool idea for a phone that might be better than anything out there” you’d have a decision to make. You could either:

-Hire a team of developers to build you a new operating system from scratch, then try and get a bunch of independent app developers out there in the world convinced that your phone was the best and to start writing apps for your phone (games, tools, etc). And convince them to build all these apps months before your phone releases so your app store isn’t lame when you launch the phone.
You would need to build an app store and figure out a way to charge people while also making sure your independent app developers have a way to either get paid for app purchases or for advertising revenue on free apps. Then you’d need to build a music store so your customers can download ringtones and music – while making the folks in Hollywood and Nashville happy by ensuring the devices comply with their outrageously obtuse “digital rights management” or DRM rules so people don’t pirate the music. This is what Apple did.


-You could decide that’s too much of a hassle. All you want to do is build this new killer phone that you dreamt up, right? So, let someone else handle all that mess and buy an existing operating system for your phone. So you might go with Windows Phone 7 because they are, well… Microsoft. Or you might go with Android because they are free.

You might be thinking this is a no-brainer, go with the free operating system. The problem with this is that there is no control over what apps can go on that phone and people will download apps that just aren’t written very well and make the phone perform like garbage. Then what do you have? A customer that thinks your phone is garbage when in reality, it’s acting that way because of some app they downloaded. Also, Google has yet to put in place a very good music store like Microsoft’s Zune or like the iPhone’s app store. Also, with Google you’re talking about an Operating System that is written by a community of developers. Anyone that can write code can contribute and anyone that’s interested can download source code for the operating system – which terrifies most people. Have we had a major virus outbreak on phones yet? No. Will we? Yes, it’s just a matter of time. So some folks chose to go with Microsoft because there is better security on apps, source code, and frankly – with Microsoft you know who to call when things go wrong with the Operating System on your phone.

So the biggest question is, what is the compatibility of applications between the OS‘s? None. If you develop a game, such as Angry Birds for the iOS and then want to sell it on an Android based device, you have to re-write the program. If you want to “port it over” to Windows Phone? Sorry, you’re re-writing a lot of the code again. This is very frustrating for app developers trying to make 99 cents on a game, but unfortunately they have very tiny voices in the mix. For now, this is their lot. Pick a platform and stick with it OR resign yourself to having to re-write every game you invent three or more times. (then fix it every time Apple, Microsoft, or Android updates their OS and breaks your game)

But I digress. Here is the difference:

Apple – writes their own OS and builds their own hardware, controls what apps go on the phone (very tight regulations, heavy approval process), very controlling from a hardware perspective – they have a mentality that those are really THEIR phones, their just letting you use it and you should be damn glad they were nice enough to release them to the world instead of keeping the coolness to themselves. The iPhone is the least customizable phone on the market, not due to limitations in programming but due to the fact that Steve Jobs knows how your phone should look, feel, and sound… and dammit, quit trying to mess with it.

Blackberry – or Research in Motion (RIM) writes their own OS and builds their own hardware. They are highly popular for a couple of reasons but quickly losing traction. The Blackberry WAS for a long time the most secure phone. So IT departments across the world doled out their phones. An IT department could fully control a Blackberry remotely, restrict the websites you visited (and log them), restrict the apps you could download (which there weren’t many to begin with), wipe the phone remotely, enforce password PIN and lockout policies, etc. Lots of phones can do this now but they were the first so they took off as the standard. A lead in the race they are quickly losing. The other reason people love the Blackberry is because they have the easiest keyboard to use. I don’t know why more people don’t try to duplicate this. Touchscreen keyboards suck for guys like me with big thumbs.

Independent Manufacturers – (such as Dell, HTC, Samsung, Nokia, Motorola) have no idea who will win this battle of the operating systems. And they don’t care. They build hardware that will run on operating systems like Android, Windows Phone 7, Microsoft’s older phone OS (6.5 and the like), Symbian, etc. Then they let the consumer decide. They build cool phones and then call AT&T, Verison, T-Mobile, etc and ask them if they want to carry them in their stores. That’s about it.

Google – (Android) is the newest player to the game. They are developing like mad and have quickly become the most prominent OS in the SmartPhone market due to the zero price structure. Their OS is able to run on just about any platform making it ideal for devices other than just phones. Their app store is growing to eventually rival that of Apple. They are still lacking in compatibility with popular products like Microsoft Office (mostly read-only and not-so-great formatting) security, music, and a few other misses but are rapidly trying to overcome this. Their email integration is lacking, a lot of Exchange users don’t like the way it works on the phone and the security piece makes a lot of IT departments steer away from the platform. There is also little control over what types of apps can be loaded on the device. If an app is not good enough for their version of the app store, users can simply “side-load” the app. It it wasn’t good enough for the store, there’s usually a reason. But nevertheless people have had a lot of issues with the lack of app control.

Microsoft – (Windows Phone 7) Microsoft actually invented the SmartPhone and the tablet years ago. They have been in the game the longest, but lacked the vision Apple had to make it sexy. This new version is the most promising but a lot of analysts think it might be too late. The lackluster performance against the 800lb gorilla (Apple) gave way for a third player to enter the game (Google) and they are now playing catch up. They have a superior product in every category listed above but this might be too little too late. Time will tell. Microsoft has integrated WindowsLive, SkyDrive, Xbox, Office, Zune, security features, application development control, and ease of app publishing into the new product that no other company can touch due to the fact that many of these features already existed. The competition just has too much to develop to catch up to the features Microsoft can add – but again, this is a late player to the game.

So, who is winning? Apple right? Wrong.
As of March 2011 here is the footprint:
Android – 39.5%
Symbian – 20.9% (*see note below)
iOS – 15.7%
Blackberry – 14.9%
Windows Phone 7 – 5.5%
Others – 3.5%

(*Symbian which is developed by Nokia will be all but discontinued. Nokia has decided to adopt Windows Phone 7 as their new standard to try and stay relevant in the marketplace. At present Windows Phone is projected to take second place by 2015 behind Android with a projected lead over iOS) Here are the projected 2015 standings (by computerweekly and computerworld):

Android – 45.4%
Windows Phone – 20.9%
iOS – 15.3%
Blackberry – 13.7%
Others – 4.6%
Symbian – 0.2%

openservice remoteregistry failed

So I was getting an “openservice remoteregistry failed” error trying to build a 2008 R2 failover cluster. Turned out to be a time issue. As you probably know, although Active Directory doesn’t rely on syncronized time, Kerberos does – and that impacts a lot of things that AD relies on.

So, after some time researching and seeing some really bad advice (mostly relating to “just reload your server and that should fix your problem” type guidance out there) I figured I should drop this out there in case anyone wants to save a couple hours of needless work.

FYI Microsoft best practice for time is for everything on your network to sync to your PDC emulator – and have that sync to an external (or even better, a hardware based) time source.

DFSR Subfolder Filter Doesn’t Work – folders still appear on replication partners

So there’s a neat little section in DFSR I never really paid much attention to the other day, until a customer was looking for a way to accomplish something that tied into this.


Subfolder filters in DFSR. So, just like a file filter (like *.mp3) where you can keep a file type from being replicated across a replication group (RG) you can actually filter subfolders that match criteria.

In this case the customer needed a single unified namespace for all their projects, but several of the folders in the root of the share didn’t need to be replicated as they were for the home office only (accounting and project management stuff).

So they were creating multiple RG’s per project, per dicipline. This was about to put them up against the DFSR 1024 rule (see, and all the staging and conflict/deleted directories were killing their diskspace.

So, I suggested using a folder filter to keep the home office subfolders at the home office, while allowing all the others to replicate across the various offices around the world.

But it didn’t work. OR so I thought… as it turns out the technology is solid, I was just being impatient. Here’s why.

After setting up the RG and the subfolder filter, I created a subfolder and it immediately appeared on the replication partners. I deleted it and tried again and much to my dismay, there it was again.

After much head scratching I figured it out.

DFSR reads its configuration from AD and, well… I’m a pretty impatient person so I didn’t give the changes time to pick up on the new config. Now, the config showed up on all the partners, so I figured it knew about them but this isn’t the entire configuration – so, rather than waiting for changes to go I found a handy little command, “dfsrdiag pollad”

I ran that on the replication partners, then tried recreating the subfolder again and… viola – it stayed put.

XP can’t see (some) trusted domains in “locations”

Not 100% sure I’ve figured this completely out, but I have a work around so I’ll post it. Pretty sure this has to do with NTLM vs kerberos. I think it needs to go up now without a 100% locked down root cause because I see a couple dozen people out there posting the same issue and nobody wants to listen to them – everyone immediately assume it is DNS related, which it isn’t, but ceases to help after they tag it with that issue.

The problem occurs when you add a forest trust to a couple of domains, then try to add resources directory to an XP box (such as add a user to a local group – in my case when testing some ADMT scenarios for a customer). When you click the locations tab, some trusts show up and some don’t.

What I found was if I removed the forest trust and recreated it as an external trust instead, the XP box could then add resources from that domain. After, I recreated it as a forest trust – the reference was gone again in “locations” but the user from the other forest stuck so I didn’t care.

Anyway, again, not 100% sure what the deal is here and I don’t have time to lock it down today but if you run into that… well, try external and good luck!