Tuesday, 1 December 2020

Microsoft SQL - Enable SQL Audit Log (in Windows security log)

Prerequisite

1. Enable Audit Object Access.

  • Go to local computer policy (go to RUN, type gpedit.msc). If server manage by GPO, apply in GPO.
  • Go to Computer Configuration >  Windows Settings > Seurity Settings > Local Policies > Audit Policy > Audit Object Access
  • Enable the policy (check the Success or/and Failure)


2. Grant right to SQL service account.

  • Go to local computer policy (go to RUN, type gpedit.msc). If server manage by GPO, apply in GPO.
  • Go to Computer Configuration >  Windows Settings > Seurity Settings > Local Policies > User Right Assignment > Generate security audits
  • Add SQL service account.


3. Change Registry value (optional)

  • Go to Registry  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\MSSQL$<InstanceName>$Audit\EventSourceFlags
  • Change the value from 0 to 1.



Enable SQL Audit Log


1. Connect to SQL database with SQL Management tool.
2. Go to Security > Audits.
3. Right on Audit, select New Audit...
4. Configure audit settings. Select audit destination, Security log.


5. Right click on the newly created audit, select Enable audit.

Posted by at No comments:

Sunday, 8 November 2020

File Server Resource Manager - Quota size not reset / update

Issue: Files deleted in quota folder but disk size not reduce.


Solution 1: Run command below in cmd:-

dirquota quota scan /path:<path>


Example 1 (for folder specified by path):

dirquota quota scan /path:D:\.

Example 1 (for all immediate subfolders of path):

dirquota quota scan /path:D:\*

Example 1 (for fall recursive subfolders of path):

dirquota quota scan /path:D:\...


* you can create a batch file and run in task scheduler

Posted by at No comments:

Sunday, 1 November 2020

This App has been blocked by your system administrator

 


Solution:

1. Go to Regedit

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

Value Name: ConsentPromptBehaviorUser

Value: 3



Posted by at No comments:

Friday, 24 July 2020

#WSUS - Remove WSUS completely / Reinstall WSUS with fresh data

1. Run the Powershell command below to uninstall the WSUS:-

Remove-WindowsFeature -Name UpdateServices,UpdateServices-DB,UpdateServices-RSAT,UpdateServices-API,UpdateServices-UI -IncludeManagementTools

2. Remove WSUS database.

For SQL: 

Delete the SUSDB.mdf and SUSDB_log.ldf in SQL database.

For WID (Windows Internal Database):

Delete SUSDB.mdf and SUSDB_log.ldf in C:\Windows\WID\Data.


Posted by at No comments:

Monday, 30 March 2020

Reset Root Account Password of VMware vCenter Server Appliance (version 5.5 and 6.0)

1. Reboot the vCenter Server Appliance from vSphere Client.

2. When GRUB bootloader appears, press the spacebar to disable the autoboot.

(You can set Power On Boot delay by edit the vm settings)

3. Press p to access the appliance boot options.

4. Enter teh GRUB password. 

(If the vCenter Server Appliance was deployed without editing the root password in the Virtual Appliance  Management Interface (VAMI), the default GRUB password is vmware. If edited, use last set password in VAMI)

5. Select the VMware vCenter Server Appliance and type e to edit the boot commands.

6. Select kernal boot parameters. (example: kernal /vmlinuz-3.0.101-0 ........... resume=/->)

7. Type e to boot the command.


8. Type init=/bin/bash to the kernal boot options. The hit enter button.

9. Type b to start the boot process.

10. Type passwd root to change the root password.

11. Enter your new root password.

12. Screen show password successfully changed.

13. Type reboot to reboot.

*if you unable to reboot run these commands:

mkinfo /dev/initctl

reboot -f
Posted by at No comments:

Thursday, 26 March 2020

VMware consolidation fails. Unable to access file since it is locked

Error: Unable to access file since it is locked
Error: Virtual machine disks consolidation needed.

Cause: Happen while backup running. Backup proxy server doesn't release/delete vm's snapshot properly. Vmdk file locked/used by the backup proxy server or VMware host. 

Solution Method 1: 

1. Go to backup proxy server, edit settings. Check is the vm's vmdk file attached with backup proxy server.

2. Remove the vm's vmdk from backup proxy server. (Remove only. Do Not delete from disk)



Solution Method 2:

 1. SSH to VMware host.
2. Find your VM in datastore.

    cd /vmfs/volumes/your datastore name/your VM name

     (you can use Tab key to list all datastore name and VM name)
    (Use " " of \ if path with space. E.g.: cd "vmfs/volumes/datastore1/AD 1" or  cd vmfs/volumes/datastore1/AD\ 1)

 3. Use vmkfstools to find the current vmdk owner.
   
    vmkfstools -D your VM name-flat.vmdk

   (you can use Tab key to list all vmdk in your VM folder)


4. Check the owner. The last part is the network MAC address. Search the MAC belong to which host. Once your manage to get it, reboot the host. (You also can kill pid command without reboot the host. Use lsof  |grep vmname command).



5. If your environment too huge with many hosts, you can try use vmfsfilelockinfo command.

    vmfsfilelockinfo -p /vmfs/volumes/your datastore name/your VM name -v your vcenter name
 






Posted by at 2 comments:
Subscribe to: Posts (Atom)