Supporting Technology

I was getting this error message on my SBS 2008 Server:

Log: Security

Type: Failure Audit

Event: 4625

Agent Time: 11:26:36 am 4-Apr-09

Event Time: 3:26:36 pm 4-Apr-09 UTC

Source: Microsoft Windows security auditing.

Category: Logon

Username: N/A

Computer: ICS-S01.ics.local

Description: An account failed to log on.

Subject:

 Security ID: S-1-5-18

 Account Name: ICS-S01$

 Account Domain: ICS

 Logon ID: 0x3e7

Logon Type: 3

Account For Which Logon Failed:

 Security ID: S-1-0-0

 Account Name: ICS-S01$

 Account Domain:

Failure Information:

 Failure Reason: Unknown user name or bad password.

 Status: 0xc000006d

 Sub Status: 0xc0000064

Process Information:

 Caller Process ID:  0xc88

 Caller Process Name: C:\Program Files\Microsoft\Exchange Server\Bin\Microsoft.Exchange.Search.ExSearch.exe

Network Information:

 Workstation Name: ICS-S01

 Source Network Address: -

 Source Port:  -

Detailed Authentication Information:

 Logon Process: Advapi

 Authentication Package: Negotiate

 Transited Services: -

 Package Name (NTLM only): -

 Key Length: 0

This event is generated when a logon request fails. It is generated on the computer where access was attempted.

The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).

The Process Information fields indicate which account and process on the system requested the logon.

The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

 - Transited services indicate which intermediate services have participated in this logon request.

 - Package name indicates which sub-protocol was used among the NTLM protocols.

 - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Today I had a gentleman leave his computer with me.  He was running Vista, and it would lock up within 2 minutes of starting the computer.  If you left it sitting at the login screen, it would lockup there, if you left it long enough.  If you logged in immediately, it would lockup at whatever you were doing  at the moment.  You could still move the mouse, but you could not interact with any applications or open anything.

After much troubleshooting, I narrowed the problem down to the “Superfetch” service.  To confirm this, you can safely set that service to “Disabled” (in services.msc)and reboot the computer (or just stop the service).  After rebooting, or stopping the service, you can confirm that your machine does not lockup.

If indeed you find that your machine runs as it should with the “Superfetch” service disabled, then the fix is simple.

On your keyboard, hold the Windows Key and “R” at the same time.  That should bring up the “run” dialog box.  Type “prefetch” and hit “Ok.”  Now you should see a folder with a bunch of files.  Confirm that your address bar does indeed show that your are displaying the “prefetch” folder and then delete everything that you see.

Be careful!  Don’t delete anything other than the contents of the Prefetch folder or your problems may be worse than what you started with! 

Now start the “Superfetch” service again and you should be cool!

All the best,

Luke

This problem has several symptoms but basically what is happening is that when a user logs in, they get no desktop icons, no start menu, and no task bar.  If you do a CTRL+ALT+DEL, you will see that explorer.exe is not running, but you can do a File->New Task and start it.  Once started, everything is normal.

You may login and the computer just logs you out immediately without a chance to do the CTRL+ALT+DEL and task manager thing.

In either case, the solution is the same.  The problem is due to a missing userinit.exe file.  This file should be located in C:\Windows\System32 (if you are in XP).  You can restore it from your operating system CD by either starting explorer and browsing your i386 folder on the disk or, if your computer is logging you out before you can do that, you will have to boot from the CD and use the recovery console.

All the best!

Luke

Well, while trying to start an IPSec service today, I got this error:

IPSec Error

Error 10107:  A system call that should never fail has failed.

Almost made me laugh…  anyway, I definitely agree about the “should never fail” part.  Most of my time I spend fixing or troubleshooting things that “shouldn’t have broken!”

Ok, the problem and the fix?

The problem is corrupted Winsock.  The fix is here:  http://support.microsoft.com/kb/811259 or you can use this little tool to do it for you:  http://www.snapfiles.com/get/winsockxpfix.html (which is what I did)

Anyway, let’s go see what else shouldn’t be doing what it is doing.

After a virus removal today, I started getting the above error message. The fix is to click start, run and run the following command:

regsvr32 C:\Windows\system32\msxml3.dll

To save someone else the trouble, if you need the above driver….  Try here:  http://downloadmirror.intel.com/16023/a08/infinst_autol.exe

I had an Optiplex 330 that logged this error message under the “System” Event log.  When you tried to connect to it via remote desktop, it would attempt to connect for about a half second and then the “connect” botton would be available again.

The fix?  Going here:  Display Properties –> Settings –> Advanced –> Troubleshoot, and turning off “Hardware acceleration”.

Don’t ask me…  Some conflict with rdp.dll and the ATI video driver I suppose.  I am also testing updating the video card driver as well.

First let me say that I was impressed with Linksys device.  Nice little box for under $150.

I had some issues when I was deploying the QuickVPN client.  The QuickVPN client allows you to connect from behind other Natting firewalls or other public networks, back to your “corporate” network.  It is a piece of software that can be found at:  http://www.linksys.com/servlet/Satellite?c=L_CASupport_C2&childpagename=US%2FLayout&cid=1169671133867&pagename=Linksys%2FCommon%2FVisitorWrapper&lid=3386724130B176&displaypage=nodata#versiondetail. When I tried to connect the QuickVPN, I would get an error message saying “The remote gateway is not responding, would you like to wait.”  If you waited, it would do the same thing.  If you check the log at C:\Program Files\Linksys\Linksys QuickVPN\log.txt, you see that it is failing to ping the remote gateway’s internal IP address (not the WAN ip).

The solution?  Go to the Linksys’ website and download the latest firmware update - 1.2.11 as of this writing.  That fixed it for me!

All the best of remote computing to you,

Luke

EDIT

It seems like you have to specify a private subnet in the 10.x.x.x range on the Linksys RVS4000.  I had assigned 192.168.15.1 to the router, and I was connecting from clients that had a local IP of 192.168.1.X or 192.168.0.X.  The QuickVPN seemed to work find on the 0.X networks, but on the 1.X networks I got a popup that said that it couldn’t connect.  Changing the local subnet of the RVS4000 to 10.0.0.1 fixed all those problems….

Don’t ask me why it happened, but here’s the fix for some of those frustrations:

1. Make sure that you have all of the correct information under the general settings of your trixbox administration webpage.
2. SSH to your Trix machine
3. Run the following command:  postmap /etc/postfix/saslpasswd
4. Now run this command:  /etc/init.d/postfix restart
5. Now you can do tail /var/log/maillog to check to see if it is sending email successfully!

…Now you should be back in touch with your voicemail!

Excellent forum topic - helped me out a lot:

http://www.trixbox.org/forums/vendor-moderated-forums/sangoma/crackle-line