Friday, July 26, 2013

W32Time event 47 manually configured peer

Recently I was dealing with some SCOM events for time services on a few machines in the same domain.  When checking the machines, I came across this error:

Time Provider NtpClient: No valid response has been received from  manually configured peer after 8 attempts to contact it. This peer will be discarded as a time source and NtpClient will attempt to discover a new peer  with this DNS name.

On seeing this, I thought this domain may have been configured with manual peers and NTP as the client's provider.  When looking at the registry though, all I was seeing was the typical ntp server setting and source was NT5DS.  So I was stuck for a while thinking, the source should be the domain, and this IP address that I'm seeing is not a domain controller, never was a domain controller, and isn't even pinging.  So I tried manual peer configuration with NTP as the provider on a server, but I hit the same issue with the same error.  Searching the registry for both a host name and the IP came up with nothing.  Searching gpresult for the IP/hostname came up with nothing.  Eventually, I dug a bit further in to the "gpresult /scope COMPUTER /Z" output and found an NTP serverr was set in there.  So apparently this type of GPO setting does not push itself to the register, and just quietly overrides whatever is in the registry.  The reason I couldn't find the IP/hostname in the gpresult the first time was that it comes out in gpresult as an array of byte values.

So anyways, GPO edited, gupdate /force, w32tm /resync...and its all back to normal.

Wednesday, July 17, 2013

ADFS SCOM: Configuration Database unavailable

I'm currently in the process of helping set up the ADFS management pack for a relatively new ADFS 2.0 installation.  All of our servers have continuously been alerting:

Alert: SQL Configuration Database Unavailable
Alert Description: The AD FS configuration database that is stored in SQL Server 'false' is unavailable.

When digging through the SCOM agent's health service state directory, I found all of the scripts for the MP seem to be powershell.  The one that checks this is FederationServerRemoteSQLServerPing.ps1.  Basically the script pulls out the SQL connection string for the configuration database and checks a few things in the format (like is the server local to the machine, or has a backslash in it).  After this, it takes the server value and tries a .NET ping on the host.  The problem with this script is that they forgot a few things about SQL connections.  If your SQL server has a port specified with the servername,portnumber format, the server name is not cleaned up by the script, and the ping attempt blows up due to the badly formatted name.

As for a fix (I'm not a SCOM guy), if the script can be edited, a simple check before the ping...

If ($script:server –match “,”) {
     $script:server = $script:server.substring(0,$script:server.indexof(“,”))

will solve the problem.  Otherwise, you may just need to disable the rule until a fix comes from Microsoft.

Monday, July 15, 2013

Facebook...I thought you would know me better by now

For those who view facebook from a standard browser, I'm sure you are familiar with the right side column showing a lot of "recommendations" and sponsored sites. Sometimes these are good, but usually they just seem to be junk. In my case, I don't feel like seeing them anymore, so I wanted to play around with the site to make them go away. When you want to override websites on a permanent basis (not using the built in browser developer tools to edit/delete content), you can use Greasemonkey (firefox), or TamperMonkey (chrome). If you are using IE... first of all I'm sorry to hear that, but there is probably a greasemonkey version for that. Anyways, find the appropriate add-in for your browser and install it. There should be some management console for it or icon for it somewhere in your browser. For Chrome, it comes up as an icon in the top-right which looks like a black square with two grey circles at the bottom. Click there, add new script. You can use this script below and it should block most of these sponsored adds throughout the standard facebook pages.

// ==UserScript==
// @name       Facebook cleaner
// @version    0.1
// @description  Remove sidebar recommendations
// @match      http*://**
// ==/UserScript==

function hideIt(myObjToHide) { = 'hidden';
function cleanup() {
 var junkContent = document.getElementById('pagelet_ego_pane_w');
    if (junkContent != null) { = 'hidden';

 var junkContent2 = document.getElementById('rightCol');
    if (junkContent2 != null) { = 'hidden';
    var junkContent3 = document.getElementById('pagelet_ego_pane');
    if (junkContent3 != null) { = 'hidden';
    var sponsorPopup = document.getElementsByClassName('ego_section');
    if (sponsorPopup != null) {
     for (i = 0; i < sponsorPopup.length; i++) {
    var sponsorPopup2 = document.getElementsByClassName('ego_column');
    if (sponsorPopup2 != null) {
     for (i = 0; i < sponsorPopup2.length; i++) {

setInterval(cleanup, 800);

//end of Script

Enjoy the cleaner experience in your social networking. Do note that this works as of 7/15/2013. Facebook may change their site in the future and rename tag ID's or class Name's which will cause this to break.