Blog

Group Policy folder redirection generates Error, The system call level is not correct.

Recently I was working on a client who is setup with a SBS 2008 server and workstations running Windows 7 Professional SP1. I noticed that when a particular user would login it would take upwards of 10 minutes for the welcome screen to go away and the desktop to be displayed. As part of the troubleshooting, I had the user login to a different workstation with their same credentials and we experienced the same slow login. when I looked at the event log, I saw the following error: Log Name:       Application Source:         Microsoft-Windows-Folder Redirection Date:           4/21/2012 10:57:42 PM Event ID:       502 Task Category: None Level:          Error Keywords:       User:           DOMAINfirstlast Computer:       DOMAIN-PC.DOMAIN.local Description: Failed to apply policy and redirect folder “Documents” to “SERVERRedirectedFoldersfirstlastMy Documents”. Redirection options=0×9021. The following error occurred: “Failed to copy files from “SERVERRedirectedFoldersfirstlastDocuments” to “SERVERRedirectedFoldersfirstlastMy Documents””. Error details: “The system call level is not correct. “. I did some research on this error, and came up with one valid result, which claimed that it was being caused by server quotas. As part of the trouble shooting, I turned off quota’s on the server, however I had previously checked the users properties in the SBS 2008 console and verified Folder Redirection was enabled, but the quota’s box was unchecked. I do question why the policy was attempting to take the same server and users folder and move files from the “Documents” folder to the “My Documents” folder. As I checked the GPO, it is set to move the files from the old location which is a default setting. So to take the troubleshooting a step further, I ran GPRESULT /V > C:gpresult.txt  and viewed this text file. I do not see anything out of the ordinary being applied to the computer. Now, when I check the GPO’s on server, I see a old GPO that was created and is no longer being applied. In that GPO, I see the following: As you can see from this screenshot, the disabled “Folder Redirection” GPO had the policy pointed to the SERVERRedirectedFolders%USERNAME%Documents but if we look at the Small Business Server Folder Redirection Policy which is created by the Small Business Server, it is pointed to SERVERRedirectedFolders%USERNAME%My Documents   as shown below On the Windows 7 machine, when I look at the properties of the “My Documents” folder, I see it is still pointed to the old policy’s setting, of SERVERRedirectedFolders%USERNAME%Documents as shown below: So how do we go about fixing this? Well, the best way to fix this is to edit the current GPO, Small Business Server Folder Redirection Policy. On this GPO, I changed the setting “Move the contents of Documents to the new location” to disabled by unchecking the box as shown below: Then, on the Windows 7 machine, at the command prompt type in GPUPDATE /FORCE and then logoff Now I login as that user, and look at the event log. We now see success, as the policy does not need to move the existing “Documents” to “My Documents” and the policy is able to successfully apply as shown below. Now there is one more step to fix this issue. I will need to copy the data from the “Documents” folder to the “My Documents” folder. When I attempted to look at the old Documents folder, it was now empty. The reason for this, Offline Files are enabled on the Windows 7 machine, and as it couldn’t connect to the previous path, all the time the user was saving documents it was offline as you can see in the previous picture of the properties of My Documents it was missing the green sync icon. So when I logged in to the computer with the fixed policy, the Windows Sync Center determined it was now online and able to write to SERVERRedirectedFoldersfirstlastMy Documents , and it has the data in the CSC cache, so it just copied the data back to the server for me. If you don’t have Offline Files enabled, simply copy the data from Documents to My Documents folder. Here is a screenshot showing it now online   If you are wondering why there are two My Documents folders, the second one that is not Sync’d is actually Documents. I just deleted this folder as it is not valid. I suggest re-enabling this policy setting once the issue is resolved so that if you have a user who didn’t have this policy applying or in the SBS Console you checked the box  and you now want it, that the files are moved from their default location to the server location. I also saw that Microsoft released a hotfix titled You encounter a long logon time after you enable the “Do not automatically make redirected folders available offline” Group Policy setting in Windows 7 or in Windows Server 2008 R2 at  http://support.microsoft.com/kb/2525332   however, in this case it does not apply. As you can see, the error The system call level is not correct is a very generic error which by just looking at it, tells you almost nothing. Lyle Epstein Kortek Solutions Lyle Epstein’s Systems Engineer Blog

Internal event: Active Directory has encountered the following exception and associated parameters.

Today I was performing a migration from SBS 2003 to SBS 2011. I performed all the checks and ensured I had all the updates in place. During the migration the SBS 2011 server failed the migration. Upon further investigation I noticed that only 1 role transferred over from the old DC to the new one. On the old SBS 2003 server I saw: Upon doing some more research, I came across this hotfix from Microsoft http://support.microsoft.com/kb/981259 which does not specifically address Exception e0010004 but does address e0010005. I installed this hotfix and then proceeded to manually transfer all FSMO roles using NTDSUTIL on the SBS 2011 server from it’s self to it’s self . This might sound strange, but I wanted to do this per another article I read on Microsoft’s site. Once I confirmed that all the roles transferred over from the new SBS 2011 to it’s self. I then moved the roles back to the old SBS server. Then verifying event logs, everything looked clean and happy. I also noticed this event on the old SBS 2003 server. This seemed odd to me because look at the user….it is a a SID with no matching name. This is not normal. I then unpromoed the failed SBS 2011 server and removed it from the domain. I then decided to inspect the SBS 2003 DNS server. I noticed under GC’s that there were two entries. One was the current server, in this case 10.55.100.10 and another of 10.55.100.60. Well there was no other GC with an IP of this, so that stood out like a sore thumb. I then deleted this invalid entry and looked at all other entries, Name Servers, etc. to verify it was clean. On the old SBS 2003 server, I followed Microsoft troubleshooting to increase my logging. To increase NTDS diagnostic logging, change the following REG_DWORD values in the registry of the destination domain controller under the following registry key: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNTDSDiagnostics Set the value of the following subkeys to 5: 5 Replication Events 9 Internal Processing Note Level 5 logging is extremely verbose and the values of both subkeys should be set back to the default of 0 after the problem is resolved. Filtering the Directory Services event log should be performed to isolate and identify these events. I did this on the source controller even though it mentions to do this on the destination server. Next I restarted netlogon service via command prompt. NET STOP NETLOGON & NET START NETLOGON I performed the migration again. It failed, but I was able to capture a lot more events in the event log. This time I saw Event ID 1925: Attempt to establish a replication link failed due to DNS lookup problem. Following  http://technet.microsoft.com/en-us/library/cc778061(WS.10).aspx   I started looking at DNS as the issue. this lead me to http://technet.microsoft.com/en-us/library/cc785014(WS.10).aspx It turns out, that someone previous had turned of Zone transfers. The DNS server looked like this: and this: To fix it, it should look like this: and Make sure to also check the AD domain, in this case csg.local, as those settings were also modified. I also noticed that they had DNS forwarders on, pointing to external address’s, but when I ran the original Internet Connection Wizard on the SBS 2003 server, it made no mention of this. Weird. Ah, once I did this, I was able to migrate correctly. Note, make sure to cleanup the old failed SBS 2011 servers from AD, Name servers and DNS so you get a clean migration. As this was a new customer for me, I had no knowledge of the previous IT person’s skills or abilities, or how things were setup or should I say not setup correctly. Lesson learned is when you enter a situation where you don’t know what was done before, look at everything, even though it is time consuming, the troubleshooting takes even more time. Lyle Epstein Kortek Solutions Lyle Epstein’s Systems Engineer Blog

Windows Server Solutions BPA Updated September 2011 but is not prompting for update

Microsoft released an update this week for the Windows Server Solutions BPA that covers a number of products, including: Small Business Server 2011 Standard Edition Small Business Server 2011 Essentials Windows Storage Server 2008 R2 Essentials Windows MultiPoint Server 2011 More information about this update is available on the Official SBS Blog page at http://blogs.technet.com/b/sbs/archive/2011/09/29/windows-server-solutions-bpa-updated-september-2011.aspx So how do you get the update? First, make sure you have the Microsoft Baseline Configuration Analyzer 2.0 installed. To get it, go here . Next, make sure to download and install the Windows Server Solutions Best Practices Analyzer 1.0 here During the install, you will be prompted with this screen: Make sure to check this box during your install, or you will not be prompted to automatically update! Once you have it installed, launch the BPA either via the SBS Console under security (if you selected to integrate it in the console) or when you launch it under the start menu. You will see in the system tray an icon/pop up stating to update, like this: Select that, and a window will open Close the BPA you have open and then wait about 5-10 seconds. The next box will change and allow you to click on it. That’s it, you are now updated! Hey Lyle, I don’t see it prompting me. Why? Ok, so you got it installed, but now you launch it and don’t see it prompting you for the update. No problem, here is how to fix this: Open up the registry and navigate to HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsServerSolutionsBPA Look for the DWORD item “Update”.  It is probably set to a 0. We want to change it to a value of 1. It should now look like this:   Close out the BPA if you have it open. Now re-launch it and you will see it appear in the SysTray. Lyle Epstein Kortek Solutions Lyle Epstein’s Systems Engineer Blog

Why the Cloud Can Become a Game Changer

Like everything else in IT today, cloud computing can be either unnecessary in your business operations – or it could be something you really need. However, a recent survey on the perception of the cloud shows that almost half of small business owners are more or less dismissing it outright.

What is the correct model number?

Today we received a batch of new Seagate Enterprise hard disks, which should have been model ST2000NM0011. It looks like someone in the label department in Thailand made a mistake, as the model number is shown with a 1 (1TB) and a 2 (2TB). After plugging it in, it was detected as a 1TB drive. Glad to know we can’t always rely on stickers.

QuickBooks Payroll

Do you use QuickBooks for your accounting at the business? Do you use the payroll feature in QuickBooks to pay your employee’s? Are you a member of Costco? Did you know that as a member of Costco QuickBooks provides a discount on their payroll services? If you did than that is great, if not, pick up the phone and give QuickBooks Costco payroll a call at 800.498.7401 x 87108
I was able to save over $100 a year from our payroll services by using this.

The Motorola XOOM is the first device to run the Android 3

The Motorola XOOM is the first device to run the Android 3.0 (Honeycomb) OS, optimized for tablets. With a 1GHz dual-core processor, 32GB memory, and 1GB RAM, plus a gorgeous 10.1" widescreen HD display and support for Adobe Flash 10.2, you can experience the best in multimedia, and multi-task with the ease and performance of a PC.

The Motorola XOOM is the tablet you've been waiting for.