Error Applying Security- Access is Denied

Windows server administration is not without those DOH! moments. How is it that I, the administrator cannot change the permissions on a folder?

Access Denied Message

I will not be denied

The easiest way to fix this is to take ownership of the folder using the TAKEOWN command. Takeown is a tool that will allow an administrator to recover access to a file or folder that was denied by reassigning ownership. Open the command prompt and run as administrator.

takeown /f F:\FolderName /r /d y

/f  Specify the file name or directory

/r Recurse through all directories and sub directories

/d  Prompt with an answer of Yes

Now you can change the permissions as needed.

Windows Security Prompt

That’s more like it

BSOD on a Windows VM bugcheck code 24

A VM that is running Windows 2008 R2 has experienced a BSOD. The application owner notified me and sent me some useful information.

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.400.8
Locale ID: 1033
Additional information about the problem:
BCCode: 24
BCP1: 00000000001904FB
BCP2: FFFFF88006C34E28
BCP3: FFFFF88006C34680
BCP4: FFFFF880014E81B2
OS Version: 6_1_7601
Service Pack: 1_0
Product: 400_3
Files that help describe the problem:
C:\Windows\Minidump50415-20202-01.dmp
C:\Users\servername\AppData\Local\Temp\WER-42663418-0.sysdata.xml
Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409
If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt

 Good info here, but with all BSODs, you should look at the dump file for more definitive information.

I grabbed the dump file, and downloaded Windows SDK. During the install, I unchecked all the boxes except the Debugging Tools for Windows and installed.

Features to Install

Launch WinDGB (x64) as administrator. The first step is to configure the symbol file path. It can be any folder on your server, just create an empty one and go to File > Symbol File Path.

In the symbol search path, I entered the following and clicked OK.

SRV*c:\tmp\symbols*http://msdl.microsoft.com/download/symbols

Symbol Search Path

Save the workspace. File > Save Workspace

Opened the dump file. File > Open Crash Dump.

Open Dump File

Before you proceed, read the info under the bugcheck analysis. It tells you what probably caused the error.

NTFS.sys

Click the link in the Bugcheck Analysis section, !analyze -y to get more information.

Read through the info. Note the following:

  • Process Name
  • Bugcheck_str
  • Image Name
  • Area right above the debugging details

At the very top you’ll see a message and some arguments.

Analyze

At the kd> prompt at the bottom of the debugger, enter

.bugcheck

Bugcheck command

In the analysis you see the Arguments. Do a .cxr on the 3rd argument as it suggests.

arguments

.cxr fffff88004523680

CXR command

CXR output

Next,

Run the kb command for a more informative stack trace.

Run KB command

There are now a few pieces of information to hone in on.

  1. The bug check code
  2. The stack track text

Look up the bugcheck code here on the msdn bug check code reference page.

https://msdn.microsoft.com/en-us/library/windows/hardware/hh994433%28v=vs.85%29.aspx

Google the stack trace text and this vmware KB article # 2115997 comes up.

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2115997

This appears to be a known issue with a few versions of vmware tools:

I looked in the vmware.log file for the entries mentioned and they matched.

vmware-logs

The image name on the dump file referenced vds.exe and this VM is running tools version 9.4.11. This issue only appeared since the tools upgrade when we upgraded to 5.5 Patch 4

To confirm what version of tools you’re running, go to the VM and in the notifications bar, right click on the icon and select About  VMware Tools

VMware Tools version

Time to downgrade tools.

Find the tools ISO that will have a version that is not listed in the KB, but one that is compatible with your version of vsphere.

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1036810

https://packages.vmware.com/tools/versions

Search for your current version and find the one closest to it that is not affected with this issue.

Version of tools to downgrade to

You’ll have to uninstall the current version of tools before installing older version. It will require a reboot.

The hardware version will not be an issue with this versions of tools, but confirm that for your specific environment.

Updating Java to 1.7 Breaks Dell EqualLogic VSM

I loathe updating Java because you never know what it will break. This morning, it was the Dell EqualLogic VSM plug-in for vCenter.

Upon launching the plug-in, I got these errors:

Image

Image

I thought to disable the current version and enable the previous version, but there is a way to add this URL as an exception.

Launch the Java control panel (I’m running 2008 R2) and click on the security tab.

Click the edit Site List button:

Image

Add the URL in the above mentioned error, by clicking Add, then typing in the URL.I also added the IP to vcenter as well. Click OK.

Image

Image

One more warning about the HTTP location you’ve entered. Just click continue. Apply the changes and close the java applet. Be sure to close the vCenter client as well.

Launch the client and log into VSM as usual.

Update- info on Windows 7

In Windows 7, there is no exception list under the security tab. To add your site to an exception list, you can create an exception.sites file and add the URL.

win7-java-securitytab

Browse to this location: C:\Users\username\AppData\LocalLow\Sun\Java\Deployment\security

If  there is a file named exception.sites, add the URL to that file. One URL per line.

If not, you can create it and add your URL.

exception-site

 

The command has timed out as the remote server is taking too long

I’m running vSphere 5.1 and I can’t launch the vSphere Client. I am able to launch the web client just fine. Upon launching the fat client, I get an error:

vsphere client could not connect

We updated our domain from 2003 to 2008 R2 and replaced all old domain controllers  (DCs). I’d changed the primary and secondary server URL (there was no port number previously) during the cut over and all has been working well for the past 26 days and today, nothing.

I logged into the web client as admin@system-domain to confirm I was pointing to the new domain controllers and I was. So now I’m really stumped. KB article 203918 solved the riddle.

Web client login as admin

To view the identity sources:  Administration > Sign-On and Discovery > Configuration. Here you can view the identity sources. Click the pencil to edit and see more detail.

Edit Identity Sources

Here are my current settings:

Current Server URL

I added the port number to both the primary and secondary server URLs and tested the connection. Click OK to close the dialog box.

Updated URL with Port Number

test-success

I was then able to launch the fat client without error.

Don’t forget to log out of the web client as admin@system-domain.

It’s safe to assume when I installed 5.1, I didn’t enter the port number as suggested in the Configuring vCenter Single Sign on doc and it worked just fine. Upon upgrading, the port became a required setting.