A few hiccups with Windows Server 2003 on my laptop

April 03, 2005 @ 10:11 pm

I’m running Windows 2003 server on my laptop as my main machine and I installed SP1 on Friday. For the most part this was an uneventful install, but the install broke a few things for me.

Kill.exe no longer works

I use Kill.exe frequently to kill processes from the command line and in a number of scripts. At first Kill.exe would crash completely on every attempt to kill a process. Then I logged off and later came back and a new Windows Message dialog popped up (I can’t dupe this now of course and there’s no way to find this dialog again) – some sort of Application protection application (DEP - Data execution prevention) and it let me know that it considers Kill dangerous – do I want to not allow it. So I add it to the list of exceptions and off I go.

Now Kill.exe runs but it doesn’t work correctly – it only works if I specify a process id. It doesn’t work with the process name any more.

I also thought maybe my version of KILL is a bit dated, maybe I get it out of the Windows 2003 resource kit. Aaack! Denied again – the resource kit no longer includes it. Or maybe I’m not downloading the right thing – I downloaded Resource Kit Tools. If that’s not the same thing then damn Microsoft for choosing a name so close to the real thing…

Anyway this is annoying.

True Image

True image is no longer able to mount drives of backed up images. TI goes off trying to read the image and mount it as a mapped drive, but it fails after a few minutes of trying. This just in time as I was stoked to get TI working for regularily managed full backups onto my huge backup drive.

I haven’t gotten around to trying a reinstall or repair, but I’m hoping that might do the trick.

DCOMCNFG

The DCOM Configuration dialog has a couple of new buttons that allow you to ‘Edit Limitation…’ of the default COM permissions for the server.

I’m at a loss what this setting does. The default COM security for the computer in the past has allowed you to configure which users or groups globally have access to access EXE based COM servers. I’ve never really understood how this works frankly because the default setting alone in many cases does not work for individual servers. It’s always taken having both the global and specific server settings set in order to enable an object.

The new dialogs make this confusion even worse by providing options that seem at first blush identical to the existing global settings.

The Edit Limits dialog like the Edit Default dialog both allow users to be added and both allow setting local and remote access. The default adds the same users into both dialogs. What the heck does that mean? When I think of limits I would have guessed an exception list, but that’s not how that works. Maybe somebody has some insight into this.

The Edit Limits… dialog for Launch and Activation is no better, but here you get 4 checks for local activation and local launch, remote launch and remote activation. The same as the Edit Default… dialog. The dialogs are exactly identical except for the captions.

I think the idea is to allow you to specify a broad list of users that are not allowed access:

Service Pack 1 makes the significant change to the Remote Procedure Call (RPC) service in Windows Server 2003 with the addition of the RestrictRemoteClients registry key. This key enables users to modify the behavior of all RPC interfaces on the system and can be used to eliminate remote anonymous access to RPC interfaces on the system (with some exceptions). Additional changes include the EnableAuthEpResolution registry key and three new interface registration flags.

But the UI really doesn’t make sense for this – I can’t tell whether you are adding a selection list or a refusal list. After all anything you enter gets to choose between allow or deny? So why two dialogs? If this was ever silly UI design I don’t know what is. Of course F1 doesn’t provide help to clarify. I couldn’t really find anything in the SP1 release notes about this either about these dialogs.

As far as I can tell SP1 doesn't affect existing Web Connection applications so the update should go OK on that. The way Web Connection installs specific security rights also should override any of the default settings and thus should be Ok as it stands right now. I've been working with Michel Fournier on working out a bad configuration problem on a new Win2003 server and I was very worried for a while that it was due to SP1. But after double checking here locally everything seems Ok at least on my end.

Feedback for this Weblog Entry

re: A few hiccups with Windows Server 2003 on my laptop
by Kevin Wright April 04, 2005 @ 1:23 am

I hope you find a workaround for Kill - it is one of the most useful utilities you have put me on to over the years.

Kevin

re: A few hiccups with Windows Server 2003 on my laptop
by Arnold Jinkis April 04, 2005 @ 9:41 am

There's always the free pskill.exe utility that performs very well...

re: A few hiccups with Windows Server 2003 on my laptop
by Terry Fisher April 05, 2005 @ 3:45 am

Rick,

Which version of True Image are you using? Corporate Workstation? or Server?

Thanks,

TFISHER
tlfisher@ameritech.net

re: A few hiccups with Windows Server 2003 on my laptop
by Rick Strahl April 05, 2005 @ 4:27 am

Kevin, there's a new utility built-in in Server called TaskKill.exe which is a bit more complete. Just checked my VPC XP session and it looks like it's also on XP.

Terry, Server...

re: A few hiccups with Windows Server 2003 on my laptop
by Kevin Wright April 05, 2005 @ 5:28 am

> Kevin, there's a new utility built-in in Server called TaskKill.exe which is a bit more complete. Just checked my VPC XP session and it looks like it's also on XP.

TVM - I also have it on my XP laptop (it looks as if it has quite a lot of useful options), but it is not on either of my W2K Servers. Do you know whether there is anything about it to prevent it being used on 2000?

Kevin

re: A few hiccups with Windows Server 2003 on my laptop
by Thomas Jacob April 21, 2005 @ 5:17 pm

Hi Rick,

I had the same problem with True Image no longer mounting images and tried everything possible to get around this limitation.
I reinstalled all available versions (7, 8, normal and Server) but everything in vane... Now I'm back to Pre-SP1 and alls fine again.

Acronis support didn't answer my e-mail yet but obviously there's a serious problem with SP1.

Thomas, Germany

re: A few hiccups with Windows Server 2003 on my laptop
by Rick Strahl April 21, 2005 @ 6:55 pm

Thomas, let us know what you find...

re: A few hiccups with Windows Server 2003 on my laptop
by Dan April 27, 2005 @ 6:12 pm

Hey great article.

I've installed SP1 on my 2003 server. Now I have 4 different subnets feeding off this server, and every now and then everyone on the subnets that AREN'T on the subnet the server is one have this error when trying to browse the servers shares..

"\\server\share is not accessible. You might not have permission to use this network resourse. Contact the admin etc etc

The specified network name is no longer avaliable."

When I go to open the UNC \\servername

"\\servername is not accessible. blah blah

The Remote procedure call failed."

The only way I can fix this so far is to restart the server... Which I don't want to have to do , as this is happening nearly once a day..

Anyone got any ideas ?? I have been searching for answers for a long time now.. I've had to take out the other DC due to the high amount of repl errors becuase of RPC error.. Also nothing comes up on the server in the event log about RPC..

re: A few hiccups with Windows Server 2003 on my laptop
by tocoro May 18, 2005 @ 7:28 am

My understanding of the Launch and Activation Permissions>Edit Limits button in the Component Services>Computers>Configure My Computer>COM Security area is that this is the list of people who are ALLOWED to take the ACCESS or LAUNCH permission test. If they are not a member of the EDIT LIMITS area of the Launch and Activation permissions area then 'even if' they have been granted one of the permissions defined under the Edit Default button then they will never get a chance to even ATTEMPT to pass the Remote Launch, Local Launch, Remote Activation or Local Activation test.

It seems as if Edit Limits is a filter so that you can define who has the ability of taking the Remote Launch/Remote Activation test. Sort of like a two tier security test. The requesting user must pass the Edit Limits test first, then they get a chance to pass the Remote Launch or Remote Activation test.

See MSKB 892500 "Programs that use DCOM do not work correctly after you install Microsoft Windows Server 2003 Service Pack 1". In that article there is a registry tweak you can use to troubleshoot remote DCOM authentication failures.

Hope this helps!
--tocoro

re: A few hiccups with Windows Server 2003 on my laptop
by Andre June 17, 2005 @ 4:01 am

I've tried the registry settings mentioned in MSKB 892500 but get no entries in the logs.
Did the obvious - restarted Windows etc.

re: A few hiccups with Windows Server 2003 on my laptop
by BOFH June 22, 2005 @ 5:17 am

I just had the exact same problem with kill.exe from Windows 2000 Resource Kit.
It crashes when I try to kill processes by name on Windows 2003 that has VisualStudio 2002 and VisualStudio2003 installed.
It's run from a buildscript.
Strange, I don't have that problem at all on production systems that have been running for several months.
We just migrated some buildsystems to Win2003, and now the problem occured.

Anyway, here it says that kill.exe has been moved to the Debugging Tools:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/950c43ed-6e26-4b12-a63e-2c0b5c057e08.mspx

Here's a quick link to the Debugging Tools x86 download page:
http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx

Both kill.exe and tlist.exe are much smaller images in that set, although they are still compiled against the VC++ 6.0 runtime.
Oh yes, that version of kill.exe works on my build system. :)

What's up with taskkill.exe anyway, why do I have to suffer from Cobolfingers from typing in all those parameters, why does it not just accept a task name and kill it?

re: A few hiccups with Windows Server 2003 on my laptop
by Jim Burtoft June 29, 2005 @ 1:02 pm

If you find that things work fine locally, but not across the subnet, it is probably the patch from MS that affects the MTU.

http://support.microsoft.com/default.aspx?scid=kb;en-us;898060

This causes some communications across WAN links to fail (you can usually still ping).

If you are running 2000 or 2003 without SP1, just apply the recent updates (they fixed the patch on June 14th).

If you are running 2003 with SP1, you will have to hardwire the MTU.

re: A few hiccups with Windows Server 2003 on my laptop
by David Anderson July 11, 2005 @ 1:21 pm

taskill says tasks are deleted and lists corresponding PIDS, but the jobs are still in TaskManager......sigh

re: A few hiccups with Windows Server 2003 on my laptop
by Rick Strahl July 11, 2005 @ 1:56 pm

TaskKill unlike regular kill seems to need explicit force operation for most kill operations. I create a batch file KILL.BAT that does this:

TASKKILL /IM %1

And that seems to work the same as the old kill.exe did (or actually kill -F).

Better choice though: Use ProcessExplorer from Systernals <g>...

re: A few hiccups with Windows Server 2003 on my laptop
by dave August 02, 2005 @ 7:48 pm

hello everybody,

I will be installing Win 2003 Ent. on my gateway laptop, and I was wondering which Anti Virus and Firewall software I should be getting. It's not gonna serve me as a server or anything like that, rather it's gonna be a simple desktop computer, not connected to any network, mainly for my educational purposes. It's only gonna have cable internet hooked up to it and that's it. I really appraciate a smart suggestion... :)

re: A few hiccups with Windows Server 2003 on my laptop
by Robert October 20, 2005 @ 6:31 am

hey everyone...

the problem i seem to have after sp1 is debugging with vs.net 2003 from a w2k client machine to the w2k3 server sp1

any ideas?

re: A few hiccups with Windows Server 2003 on my laptop
by Renish December 29, 2005 @ 10:34 pm

Hi,

After installing SP1 on web server, it is giving me "Access is denied" for creating MSword object.

Can Windows Server 2003 installed on AMD 64 laptop ?
by RhineDJ February 25, 2006 @ 4:58 pm

Can Windows Server 2003 installed on AMD 64 laptop ?

re: A few hiccups with Windows Server 2003 on my laptop
by AJ June 29, 2006 @ 12:59 pm

Your problems are nothing my toshiba laptop got fried. Oddly enough i was in the middle of installing the battery drive. Thank God for warrenties.