windows-server-2008 interview questions
Top windows-server-2008 frequently asked interview questions
We have two Windows Server 2008 SP2 (sadly not 2008 R2) Domain Controllers in a small 150 client domain that are exhibiting very "peaky" CPU usage. The Domain Controllers both exhibit the same behavior and are hosted on vSphere 5.5.0, 1331820. Every two or three seconds the CPU usage jumps up to 80-100% and then quickly drops, remains low for a second or two and then jumps up again.
Looking at the historical performance data for the virtual machine indicates that this condition has been going on for at least a year but the frequency has increased since March.
The offending process is SVChost.exe which is wrapping the DHCP Client (dhcpcsvc.dll), EventLog (wevtsvc.dll) and LMHOSTS (lmhsvc.dll) services. I'm certainly not a Windows internals expert but I could not seem to find anything especially amiss when viewing the process with Process Explorer other than it appears the EventLog is triggering a ton of RpcBindingUnbind calls.
At this point I'm out of coffee and ideas. How should I continue to troubleshoot this issue?
Source: (StackOverflow)
We have an Exchange 2007 server running on Windows Server 2008. Our client uses another vendor's mail server. Their security policies require us to use enforced TLS. This was working fine until recently.
Now, when Exchange tries to deliver mail to the client's server, it logs the following:
A secure connection to domain-secured domain 'ourclient.com' on connector 'Default external mail' could not be established because the validation of the Transport Layer Security (TLS) certificate for ourclient.com failed with status 'UntrustedRoot. Contact the administrator of ourclient.com to resolve the problem, or remove the domain from the domain-secured list.
Removing ourclient.com from the TLSSendDomainSecureList causes messages to be delivered successfully using opportunistic TLS, but this is a temporary workaround at best.
The client is an extremely large, security-sensitive international corporation. Our IT contact there claims to be unaware of any changes to their TLS certificate. I have asked him repeatedly to please identify the authority that generated the certificate so that I can troubleshoot the validation error, but so far he has been unable to provide an answer. For all I know, our client could have replaced their valid TLS certificate with one from an in-house certificate authority.
Does anyone know a way to manually inspect a remote SMTP server's TLS certificate, as one can do for a remote HTTPS server's certificate in a web browser? It could be very helpful to determine who issued the certificate and compare that information against the list of trusted root certificates on our Exchange server.
Source: (StackOverflow)
Quick question:
I have a situation where I need to let multiple people on different PCs log into one server 2008 machine as administrator simultaneously over remote desktop. I have the CALs for it, it's just not set up correctly. When one user tries to log in, it boots the other out. What I need is to present to them a different session, just each as logged in as admin. Sorry for the slightly rambling post, I'm new here. Thanks!
Source: (StackOverflow)
I have a Windows Server which has ~10 IP addresses statically bound. The problem is I don't know how to specify the default IP address.
Sometimes when I assign a new address to the NIC, the default IP address changes with the last IP entered in the advanced IP configuration on the NIC. This has the effect (since I use NAT) that the outgoing public IP changes too.
Even though this problem is currently on Windows Server 2008.
How can you set the default IP address on a NIC when it has multiple IP addresses bound?
There is more explication on my problem.
Here is the output of ipconfig:
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.99.49(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.51(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.52(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.53(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.54(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.55(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.56(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.57(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.58(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.59(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.60(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.61(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.62(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.64(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.65(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.66(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.67(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.68(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.70(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.71(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.108(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.109(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.112(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 192.168.99.63(Duplicate)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.99.1
If I do a pathping there is the answer, the first up is the 99.49, also if my default IP address is 99.100
Tracing route to www.l.google.com [72.14.204.99]
over a maximum of 30 hops:
0 Machine [192.168.99.49]
There is the routing table on the machine:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.99.1 192.168.99.49 261
10.10.10.0 255.255.255.0 On-link 10.10.10.10 261
10.10.10.10 255.255.255.255 On-link 10.10.10.10 261
10.10.10.255 255.255.255.255 On-link 10.10.10.10 261
192.168.99.0 255.255.255.0 On-link 192.168.99.49 261
192.168.99.49 255.255.255.255 On-link 192.168.99.49 261
192.168.99.51 255.255.255.255 On-link 192.168.99.49 261
192.168.99.52 255.255.255.255 On-link 192.168.99.49 261
192.168.99.53 255.255.255.255 On-link 192.168.99.49 261
192.168.99.54 255.255.255.255 On-link 192.168.99.49 261
192.168.99.55 255.255.255.255 On-link 192.168.99.49 261
192.168.99.56 255.255.255.255 On-link 192.168.99.49 261
192.168.99.57 255.255.255.255 On-link 192.168.99.49 261
192.168.99.58 255.255.255.255 On-link 192.168.99.49 261
192.168.99.59 255.255.255.255 On-link 192.168.99.49 261
192.168.99.60 255.255.255.255 On-link 192.168.99.49 261
192.168.99.61 255.255.255.255 On-link 192.168.99.49 261
192.168.99.62 255.255.255.255 On-link 192.168.99.49 261
192.168.99.64 255.255.255.255 On-link 192.168.99.49 261
192.168.99.65 255.255.255.255 On-link 192.168.99.49 261
192.168.99.66 255.255.255.255 On-link 192.168.99.49 261
192.168.99.67 255.255.255.255 On-link 192.168.99.49 261
192.168.99.68 255.255.255.255 On-link 192.168.99.49 261
192.168.99.70 255.255.255.255 On-link 192.168.99.49 261
192.168.99.71 255.255.255.255 On-link 192.168.99.49 261
192.168.99.100 255.255.255.255 On-link 192.168.99.49 261
192.168.99.108 255.255.255.255 On-link 192.168.99.49 261
192.168.99.109 255.255.255.255 On-link 192.168.99.49 261
192.168.99.112 255.255.255.255 On-link 192.168.99.49 261
192.168.99.255 255.255.255.255 On-link 192.168.99.49 261
224.0.0.0 240.0.0.0 On-link 192.168.99.49 261
224.0.0.0 240.0.0.0 On-link 10.10.10.10 261
255.255.255.255 255.255.255.255 On-link 192.168.99.49 261
255.255.255.255 255.255.255.255 On-link 10.10.10.10 261
I think my route should look like:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.99.1 **192.168.99.100** 261
10.10.10.0 255.255.255.0 On-link 10.10.10.10 261
10.10.10.10 255.255.255.255 On-link 10.10.10.10 261
10.10.10.255 255.255.255.255 On-link 10.10.10.10 261
192.168.99.0 255.255.255.0 On-link 192.168.99.100 261
192.168.99.49 255.255.255.255 On-link 192.168.99.100 261
192.168.99.51 255.255.255.255 On-link 192.168.99.100 261
192.168.99.52 255.255.255.255 On-link 192.168.99.100 261
192.168.99.53 255.255.255.255 On-link 192.168.99.100 261
192.168.99.54 255.255.255.255 On-link 192.168.99.100 261
192.168.99.55 255.255.255.255 On-link 192.168.99.100 261
192.168.99.56 255.255.255.255 On-link 192.168.99.100 261
192.168.99.57 255.255.255.255 On-link 192.168.99.100 261
192.168.99.58 255.255.255.255 On-link 192.168.99.100 261
192.168.99.59 255.255.255.255 On-link 192.168.99.100 261
192.168.99.60 255.255.255.255 On-link 192.168.99.100 261
192.168.99.61 255.255.255.255 On-link 192.168.99.100 261
192.168.99.62 255.255.255.255 On-link 192.168.99.100 261
192.168.99.64 255.255.255.255 On-link 192.168.99.100 261
192.168.99.65 255.255.255.255 On-link 192.168.99.100 261
192.168.99.66 255.255.255.255 On-link 192.168.99.100 261
192.168.99.67 255.255.255.255 On-link 192.168.99.100 261
192.168.99.68 255.255.255.255 On-link 192.168.99.100 261
192.168.99.70 255.255.255.255 On-link 192.168.99.100 261
192.168.99.71 255.255.255.255 On-link 192.168.99.100 261
192.168.99.100 255.255.255.255 On-link 192.168.99.100 261
192.168.99.108 255.255.255.255 On-link 192.168.99.100 261
192.168.99.109 255.255.255.255 On-link 192.168.99.100 261
192.168.99.112 255.255.255.255 On-link 192.168.99.100 261
192.168.99.255 255.255.255.255 On-link 192.168.99.100 261
224.0.0.0 240.0.0.0 On-link 192.168.99.100 261
224.0.0.0 240.0.0.0 On-link 10.10.10.10 261
255.255.255.255 255.255.255.255 On-link 192.168.99.100 261
255.255.255.255 255.255.255.255 On-link 10.10.10.10 261
How can I be sure the IP address used in the image (supposed to be the default IP address) will be use by my server as the default address?
Source: (StackOverflow)
I've just installed Windows Server 2008 on a server and I'm able to connect through Remote Desktop but can't ping. Do I need to open an special port on the firewall to be able to ping a server?
Source: (StackOverflow)
Consider a Win 2008 SP2 machine with IIS7. The task is to apply a certificate and host name to the one and only Site on this machine. The site's host headers need to be abc.123.example.com
The first step was installing the .pfx to the Personal Store, which was successful.
IIS7 finds the cert as available, but won't allow the entry of a host name. The host name textbox is ALWAYS disabled/greyed out, even before selecting my cert. I've even deleted the default port 80 binding.
Question: how can I set a host name for this site?
Is it a matter of this cert being a wildcard cert?
I understand that the SSL request comes into the web server, and the host header in the packet is encrypted. Why then would IIS6 allow the host header to be specified, but IIS7 not?
Update: The cert isn't part of the problem. I've created a new Site on the machine, and when choosing https binding, the host name textbox is disabled.
Source: (StackOverflow)
Are there any production-quality iSCSI SANs suitable for use with Windows Server 2008/SQL Server for failover clustering?
So far, I've only seen Dell's MD3000i, and HP's MSA 2000 (2012i), which both are around $6K with a minimal disk configuration. Buffalo (yea, I know), has a $1000 device with iSCSI support, but they say it will not work for 2008 failover clustering.
I'm interested in seeing something suitable for failover in a production environment, but with very low IO requirements. (Clustering, say, a 30GB DB.)
As for using software: On Windows, StarWind seems to have a great solution. But it's actually more money than buying a hardware SAN. (As I understand, only the enterprise edition supports having replicas, and that's $3000 a license.)
I was thinking I could use Linux, something like DRBD + an iSCSI target would be fine. However, I haven't seen any free or low-cost iSCSI software that supports SCSI-3 persistent reservations, which Windows 2008 needs for failover clustering.
I know $6K isn't much at all, just curious to see if there are practical cheaper solutions out there. And finally, yes, the software is expensive, but many small business get MS BizSpark, so the Windows 2008 Enterprise / SQL 2008 licenses are completely free.
Source: (StackOverflow)
I'm posting this as a BIG CAVEAT to everyone. I know it's not a standard Q&A, but I think this is something every Windows admin should know. There is a very real risk of falling into Big Troubles.
Microsoft has recently released Windows Management Framework 3.0 for Windows Server 2008 and Windows Server 2008 R2 systems, which includes some nice things native to Windows Server 2012 (like PowerShell 3.0) and lots of improvements to WMI, WinRM and other management technologies.
Windows Update is advertising it as an optional update.
Should I install it on my servers?
Update: Microsoft has removed the update from Windows Update after major compatibility issues with various products (including the ones being discussed here) have been reported by multiple users.
Source: (StackOverflow)
Where do I go to disable the password complexity policy for the domain?
I've logged onto the domain controller (Windows Server 2008) and found the option in local policies which is of course locked from any changes. However I can't find the same sort of policies in the group policy manager. Which nodes do I have to expand out to find it?
Source: (StackOverflow)
We recently saw an issue after a fail over of our router where our Windows 2008 Boxes didn't start talking to the primary router after fail-back.
When we did some digging they still had the ARP entry from the secondary router. According to the TechNet Blog this is by-design:
First, a Windows Vista or Windows Server 2008 will not update the Neighbor cache if an ARP broadcast is received unless it is part of a broadcast ARP request for the receiver. What this means is that when a gratuitous ARP is sent on a network with Windows Vista and Widows Server 2008, these systems will not update their cache with incorrect information if there is an IP address conflict.
Secondly, it appears that the windows neighbor-cache (arp-cache) is only updated if the machine can no longer talk to the machine that is in it's cache currently. It does not send out occasional ARP requests to make sure the cache is not stale. While this isn't an issue during the initial fail over, during fail back when both boxes are alive this causes windows to keep talking to the secondary box.
Is there any way to force Windows 2008 to accept Gratuitous ARP requests?
Source: (StackOverflow)
If I have a Windows server (typically 2000, 2003 or 2008), is there a simple way to list all local directories shared on that server?
I can find the shares themselves easily enough, but I would love a quick way to find the local directories they represent on disk.
Thanks!
Source: (StackOverflow)
Somehow, one of our old Server 2008 (not R2) boxes has developed a seemingly infinitely-recursing folder. This is playing havock with our backups, as the backup agent tries to recurse down into the folder and never returns.
The folder structure looks something like:
C:\Storage\Folder1
C:\Storage\Folder1\Folder1
C:\Storage\Folder1\Folder1\Folder1
C:\Storage\Folder1\Folder1\Folder1\Folder1
... and so on. It's like one of those Mandelbrot sets we used to all play with in the 90's.
I've tried:
- Deleting it from Explorer. Yeah, I'm an optimist.
RMDIR C:\Storage\Folder1 /Q/S - this returns The directory is not emptyROBOCOPY C:\temp\EmptyDirectory C:\Storage\Folder1 /PURGE - this spins through the folders for a couple of minutes before robocopy.exe crashes.
Can anyone suggest a way to kill this folder off for good?
Source: (StackOverflow)
What are the major differences between Windows Server 2008, 2008 SP2 and 2008 R2?
Are the code bases for these OSes different?
If I'm developing applications for any one of these three, should I be worried that it might not work on the other two?
Source: (StackOverflow)
I run a (remotely hosted) virtual Server with Windows 2008 Server for a client.
Initially, it had 10 GB of space.
During the course of a few weeks - during which nothing was done on the machine except normal work using a web-basedt icket system - , Windows began to fill up its infamous "winsxs" directory so much that in the end, the hard disk was full and we had to order another 5 GB.
Now, three weeks later, these 5 GB have been consumed by winsxs as well, and again I can't work on the machine. Winsxs is now 8 GB big, the rest of the windows directory 5 GB.
I have found various sources on the web that describe the same problem. Apparently, Windows 2008 stores all language versions for all DLLs it downloads in the normal updating process. Just deleting stuff there is described as mortally dangerous as it contains vital components. I have not found any kind of tool or instructions to identify and remove those files that are no longer needed.
What can I do?
Is this normal behaviour and if it is, how do other servers with equally limited space manage? Is there something I can turn off or on?
Of the pre-defined server roles, only "File services" (or whatever it's called in english, it's a swiss server) is activated. In addition, I have installed Apache, mySQL, and Subversion. Automatic updates are activated.
Edit: The problem persists.
Note: I am aware that the WinSXS directory consist mainly of symlinks and that users often panic looking at its size. Still, Out of 15 GB of space, I have 1.5 MB used by programs and data, and nothing left. I'm glad I can even access the damn machine. *I have already freed up 1 GB of data, which was filled by the windows Windows within 24 hours. It's like in a horror movie.
What I have tried:
- Installing SP2 (which comes with compcln.exe) is not an option, as the disk space is not enough for even that.
- There is no vsp1clean.exe on the machine, probably because SP1 has already been merged into the system. In fact, there exists no file named *cln.exe anywhere.
- There are no shadow copies. Shadow copies are not active.
- As far as I can tell, there are no system restore points active.
- The only server role activated is "file server".
- The standard "cleanup" function (right-click on C: drive) is offering me a baffling 2 MB in trash contents and temporary internet files.
- Using one of the "cleanup winsxs" scripts around is not an option for me, they all look too shady. I can't find anything directly from Microsoft addressing this issue.
Source: (StackOverflow)
Here's an argument that I've had at over a dozen companies:
Should you install an antivirus client on your Windows servers?
Obviously, you should not install AV on your SQL Server. I think there is also a general consensus that it doesn't belong on your web server.
But what about all of the other servers in an enterprise?
- Exchange
- Active Directory
- File server
- OCS
- Utility servers
- etc
Do you think it's appropriate to run AV on those machines?
Source: (StackOverflow)