Archive

Archive for November, 2008

Vista gadgets filling out

November 22, 2008 Leave a comment

One that I’m definitely going to be including on my clients’ desktops from now on is the Office Tips and Tricks gadget!

image image

Categories: Tips

The Black Screen of Death

November 11, 2008 Leave a comment

On Sunday I was doing some updates on a workstation remotely.  When it rebooted, I wasn’t able to contact it again.  It wasn’t responding to anything, including pings.  I figured that when the employees arrived Monday morning, I’d call them, have them reboot the system again and all would be well.  Of course that would have been too easy.

As it turned out, the system would boot past the Vista blippy bar thing but not quite reach the orb thing.  So something was screwy.  I was still remote, so I instructed the employee to insert the Vista install DVD, boot to the repair console and do a system restore to the day prior to the updates.  No go, same response.  So I set up the employee on a spare computer and made plans to go onsite to do more troubleshooting.

When I arrived, I found the system with a black screen and a movable mouse cursor.  Ctrl-Esc and Ctrl-Alt-Del did nothing and a reboot into safe mode reached the same conclusion.  Next I booted to the Vista DVD again and tried Startup Repair which found nothing and tried restoring to an even earlier date which still failed.

Time to turn to the master resource, Google, where I found lots of folks in the same predicament, but few fixes and none that worked on this case.  Most had something to do with MagicISO and Roxio.  Now I was really getting ticked and started digging out the disks to prepare for a reinstall.  Since I had nothing to lose, I decided on a hail Mary and did a system restore to the earliest date in the list.  It worked!

The system booted up to the logon prompt finally!  Of course the computer’s password didn’t match the server, (see previous post), but with a local admin account, that was easily fixed by removing the computer from the domain and then adding it again.

Curiously, after I removed the computer from the domain and deleted the account on the server, I noticed that the system time on the computer was off by two hours!  Checking the event log, I found a bunch of security errors with the failure of the PC’s credentials.  But they didn’t start until the time I got to the logon prompt, so I don’t think the time difference had a bearing on the failure to boot.

Checking the application logs for the PC, I found that the only recent changes were a bunch of LogMeIn updates made by Zenith Infotech on Oct.24th.  (I had restored the system to Oct. 19)  Checking the logs, the system had not been rebooted until I did the system updates Nov 9th.  So it looks like LMI was the culprit.  Now I need to reboot all the systems to make sure they don’t get stuck as well while I still have a system restore window.

Categories: Troubleshooting

Video card for the Optiplex 755

November 7, 2008 Leave a comment

If you ordered one of those low profile Optiplex or some other low profile PCIe desktop PC, and later on the client decides they want a second monitor, you’ll need to buy just the right video card.  The wrong model won’t work or will not fit the tight space.

It’s very difficult finding this stuff via the website and Dell’s after-market ordering process is not fun.  To save you some time, here’s the correct part:

image

Part #A1350914

Categories: Tips

Viruses/spyware on the uptick!

November 7, 2008 Leave a comment

I’ve had three calls on infestations in the last two days from non-managed customers.  From what I could tell, they all acquired the malware from “normal” websites that took advantage of systems that were not fully patched.

Yesterday afternoon had several trojans and the TDSS rootkit.  The following was my process for removal:

1. Ran scan with MalwareBytes (my current goto software for this sort of thing.  It identified and removed lots of stuff, but of course it wasn’t able to remove the rootkit.  Fortunately, it WAS able to identify the files containing the rootkit even though they were hidden.

2. Manually cleaned up the registry run entries and the HOSTS file.

3. Booted to Bart’s CD to remove the rootkit files.

4. Updated AVG and ran scan that identified a few holdover files.

5. Ran a final MalwareBytes scan to make sure I got everything.

6. Installed XP-SP3 and all the rest of the updates to bring the system current.

Whew!  Total 4 hours of scanning/rebooting.  $$$ in my pocket, but rather boring.  I need to remember to bring a good book to these jobs.

Categories: Troubleshooting

Perflib errors on Win2k Server

November 3, 2008 Leave a comment

If you have clients still using Windows Server 2000, you’ll most likely run into the problem of Perflib errors running amok in the event log.

image 

image

One solution I’ve found is to use the Resource Kit tool “Extensible Performance Counter List”.    http://tinyurl.com/yunqr3

Once you run C:\Program Files\Resource Kit\exctrlst.exe (a GUI), you highlight the offending entry, in this case, ASP.NET 2.0.5727 and uncheck the Performance Counters Enabled check box.

image

The change takes effect immediately.  There’s no “OK” button.

I’ve been tripping over this problem for some years, but I originally found this solution on EventID.net.  Great resource!

Categories: Troubleshooting

Word of advice, always create a local admin account!

November 1, 2008 3 comments

Especially with domain member laptops!  When you run across this error upon logon, (“The trust relationship between this workstation and the primary domain failed.”), you’ll be very sorry if there’s no local administrator on the box.  Keep in mind that Vista disables the administrator account by default.  So if the only local account on the box is disabled or non-admin, you’re going to have some serious hacking to do!  It might be possible to still log on as a cached domain admin by disconnecting from the network.

If you do have a local account, then it’s an easy fix.  Just log on as the local admin, remove the computer from the domain, reboot and add it back to the domain.

Here’s the error message that the user will see:

image

What seems to be causing this, usually with laptops is that the end user always logs on to the laptop with cached credentials which may cause the machine’s domain account to eventually expire or get out of synch because it hasn’t been logging on to the domain.

Categories: Troubleshooting