PowerShell Get-WinEvent Bug Workaround on Windows 2008 R2 Server — Importing Windows Forwarded Events into SQL Server using PowerShell
This is sort of a continuation of my earlier post, Importing Windows Forwarded Events into SQL Server using PowerShell, where I mentioned that I was unable to get the script to work on Windows 2008 R2 due to a known bug in Get-WinEvents. I had to end up deploying my solution to a Windows 2008 R2 Server and was required to write a workaround -- here it is. As always, I prefer using natively available commands, so I eschewed LogParser and used wevtutil.exe instead.
# Grab events from the last 65 minutes
[xml]$xml = (wevtutil /r:dc qe Application /e:Events)
# build the sql data connection
$connectionString = "Data Source=SQLSERVER;Integrated Security=true;Initial Catalog=EventCollections;"
$bulkCopy = new-object ("Data.SqlClient.SqlBulkCopy") $connectionString
$bulkCopy.DestinationTableName = "Events"
#/q:"*[System[TimeCreated[timediff(@SystemTime) <= 3900000]]]"
# build the datatable
$dt = New-Object "System.Data.DataTable"
$null = $dt.Columns.Add("ID")
$null = $dt.Columns.Add("LevelDisplayName")
$null = $dt.Columns.Add("LogName")
$null = $dt.Columns.Add("MachineName")
$null = $dt.Columns.Add("Message")
$null = $dt.Columns.Add("ProviderName")
$null = $dt.Columns.Add("RecordID")
$null = $dt.Columns.Add("TaskDisplayName")
$null = $dt.Columns.Add("TimeCreated")
# populate data table
$xml.Events.Event | ForEach-Object {
$row = $dt.NewRow()
$eventID = $_.System.EventID."#text"
if (!$eventID) { $eventID = $_.System.EventID }
$row.Item("ID") = $eventID
$eventlevel = $_.System.Level
switch ($eventlevel)
{
1 {$eventLevel = "Critical"}
2 {$eventLevel = "Error"}
3 {$eventLevel = "Warning"}
4 {$eventLevel = "Information"}
}
$row.Item("LevelDisplayName") = $eventLevel
$row.Item("LogName") = $_.System.Channel
$row.Item("MachineName") = $_.System.Computer
$row.Item("Message") = $_.RenderingInfo.Message
$row.Item("ProviderName") = $_.System.Provider.Name
$row.Item("RecordID") = $_.System.EventRecordID
$row.Item("TaskDisplayName") = $_.RenderingInfo.Task
$row.Item("TimeCreated") = [datetime]$_.System.TimeCreated.SystemTime
$dt.Rows.Add($row)
}
# Write to the database!
$bulkCopy.WriteToServer($dt)
This code imports events from the last 65 minutes. For the initial import, set $xml to wevtutil.exe qe ForwardedEvents /e:Events. As an aside, I was surprised to see that wevtutil is FAR faster than PowerShell's Get-WinEvent, especially during the initial import of a large logs.
PS C:\Scripts> Measure-Command {c:\scripts\final-getwinevent.ps1}
Days : 0
Hours : 0
Minutes : 1
Seconds : 19
Milliseconds : 293
Ticks : 792930218
TotalDays : 0.00091774330787037
TotalHours : 0.0220258393888889
TotalMinutes : 1.32155036333333
TotalSeconds : 79.2930218
TotalMilliseconds : 79293.0218
PS C:\Scripts> Measure-Command {c:\scripts\final-wevtutil.ps1}
Days : 0
Hours : 0
Minutes : 0
Seconds : 4
Milliseconds : 957
Ticks : 49571333
TotalDays : 5.73742280092593E-05
TotalHours : 0.00137698147222222
TotalMinutes : 0.0826188883333333
TotalSeconds : 4.9571333
TotalMilliseconds : 4957.1333
From 79 seconds to 5 for 5500 records! Looks like having to rewrite this was a good thing, after all.
Importing Windows Forwarded Events into SQL Server using PowerShell
Over the past couple weeks, I've looked into a number of ways of parsing and importing Windows Forwarded Events into SQL Server: from using SSIS to LogParser to PowerShell to setting up a linked server to the "Forwarding Events.evtx" file.
Ultimately, the only thing that worked was PowerShell's Get-WinEvent cmdlet. And then, it only worked in one specific case for me -- if the events are collected and parsed on a Windows 2012 server. As of today, there's an unresolved bug in Get-WinEvent that often results in NULL LevelDisplayName, Message, and TaskDisplayName columns. I copied the exact code below on a Win2k8 R2 server and a Win 8 workstation and ran into the NULLs issue repeatedly. Your results may vary, however, as some users have reported success by tweaking a few things in Win2k8 R2 Server.
So, fire up a Windows 2012 box, setup your SQL Server and let's get started:
The SQL Part
After looking at the data returned by Get-WinEvent, I found the following columns to be the most useful: ID, LevelDisplayName, LogName, MachineName, Message, ProviderName, RecordID, TaskDisplayName, TimeCreated. Then I created a table using those columns:
CREATE DATABASE EventCollections
GO
USE EventCollections
GO
-- the table name loosely relates to the name of my Win Event Subscription name
CREATE TABLE [dbo].[GeneralEvents](
[Id] [int] NULL,
[LevelDisplayName] [varchar](50) NULL,
[LogName] [varchar](50) NULL,
[MachineName] [varchar](255) NULL,
[Message] [varchar](max) NULL,
[ProviderName] [varchar](255) NULL,
[RecordID] [bigint] NULL,
[TaskDisplayName] [varchar](50) NULL,
[TimeCreated] [smalldatetime] NULL
)
-- Create Unique Clustered Index with IGNORE_DUPE_KEY=ON to avoid duplicates in sqlbulk imports
CREATE UNIQUE CLUSTERED INDEX [ClusteredIndex-EventCombo] ON [dbo].[GeneralEvents]
(
[RecordID] ASC,
[MachineName] ASC,
[LogName] ASC
) WITH (IGNORE_DUP_KEY = ON)
GO
In order to avoid duplicates during the hourly imports, I created the table using a unique index with IGNORE_DUP_KEY = ON on 3 columns: RecordID, MachineName and LogName.
Next I had to decide how I'd get the data from PowerShell into SQL Server. After reading up on sqlservercentral.com and technet, I decided on hourly imports using sqlbulkcopy.
The PowerShell Part
Forwarded Events are a tricky thing. For some reason, the way that one would usually filter Get-WinEvent results using FilterHasTable kept returning the result Get-WinEvent : No events were found that match the specified selection criteria. I found a number of others who ran into this issue, too and similar errors occurred when people attempted to use LogParser. After all that, I didn't have much hope in FilterXML working, but it actually did! So we're going to use that after we perform our initial import.
Here's the code for the initial import which gathers ALL events in Forwarded Events.
$events = Get-WinEvent ForwardedEvents | Select-Object ID, LevelDisplayName, LogName, MachineName, Message, ProviderName, RecordID, TaskDisplayName, TimeCreated
$connectionString = "Data Source=sqlserver;Integrated Security=true;Initial Catalog=EventCollections;"
$bulkCopy = new-object ("Data.SqlClient.SqlBulkCopy") $connectionString
$bulkCopy.DestinationTableName = "GeneralEvents"
$dt = New-Object "System.Data.DataTable"
# build the datatable
$cols = $events | select -first 1 | get-member -MemberType NoteProperty | select -Expand Name
foreach ($col in $cols) {$null = $dt.Columns.Add($col)}
foreach ($event in $events)
{
$row = $dt.NewRow()
foreach ($col in $cols) { $row.Item($col) = $event.$col }
$dt.Rows.Add($row)
}
# Write to the database!
$bulkCopy.WriteToServer($dt)
You may noticed that I manually built a datatable instead of using Out-DataTable.ps1, which appears to be a fan favorite. I felt the code above kept things a little more tidy and the performance is still quite good.
Since Event Collection is an on-going thing, you'll likely want to import them on a regular basis. I built the necessary XML query by right clicking on Forwarded Events in Event Viewer -> Filter Current Log... -> Logged: (Change to one hour) -> Click XML tab at top -> Copy/Paste -> Voila.
Actually, using the syntax of this query, I figured out the syntax for FilterHashTable but having the GUI build my query makes it easy, so I stuck with that. Here is the code for the hourly import that you can setup in Task Scheduler.
# While this script is intended to run on an hourly basis, the filter is set for going back 65 minutes.
# This allows the script to run for 5 minutes without any missing any events. Because we setup the
# table using the IGNORE_DUPE_KEY = ON, duplicate entries are ignored in the database.
$xml = @'
<QueryList>
<Query Id="0" Path="ForwardedEvents">
<Select Path="ForwardedEvents">*[System[TimeCreated[timediff(@SystemTime) <= 3900000]]]</Select>
</Query>
</QueryList>
'@
$events = Get-WinEvent -FilterXml $xml | Select-Object ID, LevelDisplayName, LogName, MachineName, Message, ProviderName, RecordID, TaskDisplayName, TimeCreated
$connectionString = "Data Source=sqlserver;Integrated Security=true;Initial Catalog=EventCollections;"
$bulkCopy = new-object ("Data.SqlClient.SqlBulkCopy") $connectionString
$bulkCopy.DestinationTableName = "GeneralEvents"
$dt = New-Object "System.Data.DataTable"
# build the datatable
$cols = $events | select -first 1 | get-member -MemberType NoteProperty | select -Expand Name
foreach ($col in $cols) {$null = $dt.Columns.Add($col)}
foreach ($event in $events)
{
$row = $dt.NewRow()
foreach ($col in $cols) { $row.Item($col) = $event.$col }
$dt.Rows.Add($row)
}
# Write to the database!
$bulkCopy.WriteToServer($dt)
With any luck, your SQL output should look something like this:
Woo.
EDIT: If you care about speed, check out this post where I write about using wevtutil instead of Get-WinEvent.
Centralizing Windows Events using a Collector Initiated Subscription
So it seems like the best way to go about centralizing Windows Events in an Enterprise is to use GPO, but if you can't or don't want to involve Active Directory GPOs, here's a guide on using one server to go out and collect Windows Events from other servers on your domain.
Things you'll need: Windows Server 2012 or 2008 R2, the appropriate ports open on your firewall if you're running one, access to a Domain Admin service account or the ability to add a Machine account to a local group on each of the servers you're collecting from.
So here's how to setup a Windows 2012 or 2008 R2 Server as the Event Collection Server: first, open up Event Viewer, right click on Forwarded Events and click Properties.
Note that Application, Security and System look a bit different than the others. I believe that's because they are considered Classic Windows Events. Classic Windows Events can be easily parsed in PowerShell using Get-EventLog and WMI's Win32_NTEventLogFile but the newer Event Types are a bit trickier.
The first thing you see in the Forwarded Events property tab is this:
Note the location of the ForwardedEvents.evtx file as it may come in handy for future troubleshooting or archiving. Next, click on the "Subscriptions" tab, then Create.
Now here, I will create just one generic Subscription to capture all Critical and error events. You can create multiple subscriptions for differing criteria and just send all of them to the Forwarded Events log. So select "Collector Initiated" and "Select Computers." Unfortunately, you have to add each server one by one when using the GUI. If you want to add in bulk, you'll likely have to do it using Group Policy and Source Initiation. I haven't found a way to do it in PowerShell yet.
Click Select Events and select what you'd like. My servers are super verbose, and I really only care about Criticals and Errors so I select those two Event Levels, and then By log: Application and System.
Once you're done with your Event selections, click on Advanced to modify the account you'd like to use as the collector (in my lab, I used a Domain Admin account).
If you use a Machine account or a non-admin, you'll have to go to each of the forwarding servers and add the Computer or User AD account to Event Log Readers.
Here, you can also configure the Event Delivery Optimization. I left it default for now, though later I do plan to explore delivering Events over HTTPS. Click OK until you're back at Event Viewer. Wait a few minutes and the Events should start coming in. In my experience, for each new computer I setup, I'll get one Information event from the Microsoft-Windows-EventForwarder provider. The event itself is kind of useless, saying "the description for Event 111 cannot be found." but I've learned to accept it's the Event Forwarding confirming there's a new computer in the subscription.
When things get going, your Windows Forwarding collection should look something like this:
In this screenshot, I've highlighted Attach Task to Event which allows you to run a program or send an email when the event occurs. Pretty cool.
If you need additional help, Microsoft has a Quick and Dirty Large Scale Eventing for Windows guide that is good for troubleshooting.
HOW-TO Setup Windows 2012 Server Core Remote Desktop Services to Securely Administer Windows over RDP and SSL
Alright, so I've wanted to setup a Remote Desktop Gateway for years, but the configuration seemed so.. time-intensive. Then I moved to Belgium, my living situation changed and I didn't want to setup a whole new VPN server to access my virtual lab.
Initially, I set up my RD Gateway using too many Remote Desktop Services: Remote Desktop Connection Broker, Remote Desktop Gateway & Remote Desktop Web Access, but that was because was lead astray by Windows 2012's new GUI. Now, I've narrowed it down only to RD Gateway and I'm even fond of Metro (:O)
So to get this going, all you have to do is install and configure the Remote Desktop Gateway Services (RD Gateway) Role. That seems obvious, but Server Manager's interface which prominently displays an unconfigured "Remote Desktop Services" tab made me think I was missing something.
During the Role installation do: Role-based or feature-based installation -> Remote Desktop Services -> Remote Desktop Gateway
Then click Next a bunch of times. Something odd, when it asks you "Do you need an alternate source path?", even if you have the Windows Server 2012 ISO attached, you'll still need to click "Specify an alternate source path" and enter D:\sources\sxs (assuming your ISO is attached to D:)
Click Install and wait for the installation to complete. Now it's time to configure RD Gateway.
OPTIONAL: If you're on a domain with a Certificate Authority, you'll want to configure IIS to use a Domain Certificate. Open IIS Manager -> Select your server -> Server Certificates -> Create Domain Certificate. For "Common Name" make sure you enter your external FQDN. Note: I chose to go with dyndns.org since I have a dynamic IP. It's required that you use an externally resolvable hostname, otherwise Remote Desktop will fail if you try to use an IP or mismatched hosts.
Now, you'll need to configure RD Gateway. Go to Server Manager -> Tasks -> RD Gateway Manager.
Click View or modify certificate properties. If you don't have a Domain Certificate, just click Create and import certificate and ensure you use your external FQDN for the certificate name. Otherwise, choose Select an existing certificate.... Choose your certificate
Click Import -> Apply. Now that you're back at the RD Gateway Manager, expand the tree under your server name. Click Policies then on the right, click Create Authorization Polices for RD Gateway. Create an RD CAP and RD RAP (Recommended). In the name field, you can enter whatever you'd like. I chose "Default" -> Next -> Add Group -> Domain Admins -> (leave Client Computer blank)
Next, you'll be given the option to Enable or Disable Device Redirection. I just choose the default (all clients) and click Next -> Next -> Next - Default -> Next -> Allow users to connect to any network resource -> Next -> Allow Connections only to port 3389 -> Next -> Finish
Finally, open up Services and Start Remote Desktop Gateway
Voila! Now you can go modify your router rules to connect port 443 to your RD Gateway Server and/or read the important notes below.
A few important things to note
As an added security pre-caution, I went into IIS and disabled Anonymous access to my root IIS folder and ensured Windows Authentication was still enabled for the RPC folders.
Configuring the Remote Desktop Client is easy. Open up your Remote Desktop Client -> Advanced -> (Connect from Anywhere) Settings.
Enter the external hostname that you entered earlier during the configuration of RD Gateway. Go back to the general tab, and enter the FQDN of the domain server you wish to connect to. Don't worry about resolving the hostname if you're using an external DNS server -- DNS is resolved at the RD Gateway so if the RD Gateway can resolve the hostname, you're set.
If you choose to use a self-signed cert or you are attempting to connect from a computer that's not on the domain, you'll have to import the SSL cert to your Trusted Root Certification Authority. Otherwise, you'll receive the error "This computer can't verify the identity of the RD Gateway 'sample.server.com'. It's not safe to connect to servers that are not identified. Contact your network administrator for assistance."
There are a few ways to do this, but here's how I do it. I use Chrome to hit my server (ex. https://myserver.dyndns.org)
Click Certificate Information -> Details -> Copy to File. Save the cert, then find it using Windows Explorer. Right-click on the cert -> Install Certificate -> Place all Certificate in the Following Store -> Trusted Root Certification Authority -> Next -> Finish -> Yes.
You should now be able to connect and securely manage your network, all over SSL 
MS BizTalk 2006 & 2009 Installation and Configuration Errors
I recently installed BizTalk 2006 and 2009 on a few servers at work. I found the process to be very painful for some reason.
In regards to the BizTalk 2006 installation, I was running into an issue where the installer would error out. I eventually tracked it down to my Virus Scan software blocking the installer from stopping the WMI service on my server. I would recommend disabling virus scan software during the installation. This same issue will also affect the installation of BizTalk 2009.
For my BizTalk 2009 installation, I thought it would be smooth sailing after figuring out what was wrong with the 2006 install, but I was wrong. After the installation, I launched the configuration console. I noticed that I was unable to configure SSO because it said it could not find the database on the SQL Server. Since I had not yet created the database, it was correct for it to not be there. After nearly half a day of troubleshooting, I discovered through different online posts that you have to manually register the SSOSQL.DLL with both the 32-bit and 64-bit .NET framework.
C:\Windows\Microsoft.NET\Framework\v2.0.50727\regasm "C:\Program Files\Common Files\Enterprise Single Sign-On\ssosql.dll
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\regasm "C:\Program Files\Common Files\Enterprise Single Sign-On\ssosql.dll
After fixing the SSO configuration, I ran into an issue configuring the BizTalk Groups. This was an easier fix. You must ensure that Remote DTC is enabled on the server with all of the options checked.
Once all of this was in place, I was able to get BizTalk 2009 up and running in much less time.
FIX: Windows 7 Login Error "The trust relationship between this workstation and the primary domain failed."
Recently, my workstation was suddenly unable to logon to my Windows 2008 domain. After entering my domain username and password at startup, I was presented with the error: "The trust relationship between this workstation and the primary domain failed."
Ahh, I've experienced something similar before and I knew I'd have to rejoin the domain. I hoped and prayed that my user profile wouldn't be recreated and fortunately, I found a solution that not only worked, but my profile stayed the exact same:
My Computer -> Properties -> Advanced System Settings -> Computer Name -> Network ID... -> This is part of a business network... -> My Company uses a network with a domain -> Next -> Enter your domain username and password -> "An Account for this computer ("COMPUTERNAME") has been found on the domain "DOMAIN." Would you like to use this? Yes -> Add the following domain user account (the one you usually logon with) -> Administrator (if that's how you roll) -> Finish -> Restart.
For those of you looking to resolve your trust issues, I hope this works for you as seamlessly as it did for me.
SQL 2008 Installation Failure on Reporting Services
Recently, SQL Server 2008 was uninstalled from a Windows 2008 Server machine due to some configuration issues with Reporting Services. Attempts to re-install SQL Server with the Reporting Services option would fail. I was tasked with the re-install and as always, I welcome this type of work because there is something to learn nearly every time. Before the installation began, I went to "Programs and Features" and uninstalled anything referencing SQL Server. The Native Client installation was still listed, so I removed that. There was also a reference to SQL Server 2008 itself, but attempts to remove it failed instantly saying it was already uninstalled. Red flag number 1.
An installation summary was provided from a previous failed attempt and it provided an exception link with the following information:
Product: SQL Server
ID: 50000
Source: setup.rll
Version: 10.0
Component: SQL Server Native Client
Message: A network error occurred while attempting to read from the file '%.*ls'.
The page went on to explain that an attempt was made to install (or update) SQL Server Native Client on a computer where SQL Server Native Client is already installed, and where the existing installation was from an MSI file that was not named sqlncli.msi.
Having just removed the SQL Server Native Client, I was confident that my next installation attempt would be successful. To make a long story short, my installation failed again when trying to install Reporting Services with the same exact error. Ok, so we must be dealing with a registry key issue, so I decided to run regclean to clean up the system. I would caution to do this at your own risk. In my case, there was nearly nothing else installed on the server and if anything drastic happened, I would have been able to get a file system restore or having the system rebuilt without losing anything major. I reviewed the undo reg file that was created by regclean and found references to Reporting Services.
Attempt 2! I was confident yet again that it would work and to make another long story short - it failed. At the same point, with the same error! Ok, now it's time to go through the error log a little bit closer. And for those of you who don't care about all the steps and only the solution, you should have skipped down to this part.
After the installation failure, the setup directed me to a summary log file. In the log file, there was a path to another log containing the failure information:
C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20100428_094920\sql_rs_Cpu64_1.log
I opened this file and located the following line:
MSI (s) (3C:80) [09:57:00:939]: Specified instance {2453DBC8-ACC4-4711-BD03-0C15353AA3D8} via transform :InstID01.mst;:InstName01.mst is already installed. MSINEWINSTANCE requires a new instance that is not installed.
Fire up RegEdit and search for the instance ID specified in the log. In my case it was {2453DBC8-ACC4-4711-BD03-0C15353AA3D8}.
Delete the registry keys that match up with that ID. You will notice that some of the values contained in that key folder reference Reporting Services and the initial installation path. In my case, I knew it was the right place to be because the previous install was done from a different location than where I was installing from.
After deleting the registry keys, I launched my Setup and added Reporting Services successfully. I was unable to choose the default configurations, however. My only option was to install without configuring. Once the installation was completed, I had to launch Reporting Services Configuration Manager and set up the new ReportServer databases. You have the option to create new databases or use existing ones.
This methodology would probably come in handy in any type of SQL Server 2008 installation failure where you suspect bad registry entries.
Setup WebDAV in Apache2 on SuSE Linux to Support Windows (XP/Vista/7) Clients
Earlier today, a colleague told me that she doesn't like using my servers because I don't have FTP setup thus, she couldn't map my server as a drive. Well, I showed her. I stand firmly against using FTP as any type of web-related solution and thus, decided on WebDAV to address my colleague's demanding needs.
Initially, I set the virtual host up for Basic Authentication but was unable to get Windows 7 and Windows XP to map the drive. Windows complained that "The network path could not be found." I tried mapping the drive from both the command line and from Windows Explorer with no luck. Then I read that theWindows webDAV client does not support Basic Authentication. If this server were on my domain, I'd use Kerberos without a second thought, but it's an Internet web server so that is out of the question. Digest Authentication it is.
I went enable mod_dav, mod_dav_fs, and mod_auth_digest in YaST under Network Services >> HTTP Server >> Server Modules and I restarted the service. I then created the folder /var/davlock, gave it the proper permissions and added the following to httpd.conf
<ifmodule mod_dav.c>
DAVLockDB /var/davlock/DAVlock
</ifModule>
Then I added the new host, sample.acme.com to my vhosts.conf file and restarted the service.
<virtualHost *:80>
ServerAdmin nobody@localhost
ServerName sample.acme.com
DocumentRoot /www/wordpress/sample
ErrorLog /var/log/apache2/sample-error_log
CustomLog /var/log/apache2/sample-access_log combined
UseCanonicalName Off
<directory "/www/wordpress/sample">
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
DAV On
#Auth in the house
AuthType Digest
AuthName "sample"
AuthDigestAlgorithm MD5
AuthDigestDomain http://sample.acme.com
AuthDigestNcCheck Off
AuthDigestNonceLifetime 0
AuthDigestQop auth
AuthDigestProvider file
AuthUserFile /etc/apache2/.htdigest
AuthGroupFile /dev/null
<limitExcept GET HEAD OPTIONS POST>
require valid-user
</limitExcept>
Order allow,deny
Allow from all
</directory>
</virtualHost>
Notice AuthUserFile /etc/apache2/.htdigest. That file was created using htdigest2 (or on most other systems, htdigest).
htdigest2 -c /etc/apache2/.htdigest sample acmeuser
The -c switch creates the file, "sample" correlates with the AuthName directive and acmeuser is the username of my demanding colleague. Also take note that the way I used LimitExcept allows all non-webDAV users to have anonymous access to the site, while any webDAV activity requires a username and password.
Next, I mapped a drive in Windows with the two methods I am familiar with. First, via the command line
W:\>net use * http://sample.acme.com
Enter the user name for 'sample.acme.com': acmeuser
Enter the password for sample.acme.com:
Drive X: is now connected to http://sample.acme.com.
And then via Windows Explorer (My Computer >> Map Network Drive [be sure to click "Connect Using Different Credentials"]). Both worked flawlessly. And of course, this is all better if you can do it over HTTPS, which I plan to setup when I have time. But for now, my servers are totally in style and ready for use by people who aren't fans of vi 
.
Solved: Missing Hard Drive Space in Windows Server 2008
Tonight, I uninstalled Exchange Server 2007 from a development server and was surprised to see that, after the uninstall was complete (and not without a few workarounds), only 50GB of an 80GB hard drive remained. Explorer showed 25GB free, but only 25GB had been used. Where was the remaining 30GB? Poking around the net didn't help -- most of other people's issues revolved around System Restore and Volume Shadowing but I had disabled all of that.
Ultimately, I used a free tool called windirstat not only to find the missing space, but to delete the offending files as well. As I suspected, there were some super hidden files @ C:\Program Files\Microsoft\Exchange Server that took up nearly 30GB. I tried deleting them in Explorer (which showed me that the Exchange folder was 0kb in size) which resulted in FAIL. Windirstat, however, allowed me to right click and quickly delete the multitude of large log files.
Exchange was my issue, but your server may have another -- some people mentioned anti-viruses causing issues. In any case, using windirstat will shed some light on where to find missing drive space.
Phewf! Now to install SQL Server 2008 R2 on that server...
Windows 7: Setup was unable to create a system partition or locate an existing partition.
Over the past week, I've installed Windows 7 and OS X more times than I can count. In attempting to figure out the easiest way to dual boot Windows 7 and OS X, I've also partitioned my drive a good 30+ times. So.. after messing up with an EFI bootloader, I was suddenly unable to re-install Windows 7. I encountered the error: Setup was unable to create a system partition or locate an existing partition. I also ran into the error: Windows cannot be installed on disk 0 partition 1.
I used Gparted to repartition my drive, and even used Disk Utility but repeatedly encountered the above errors.
As it turns out, I had another System disk attached (OS X on a USB drive) to my laptop and once I unplugged it, I was able to successfully install Windows 7.
About
-
We are IT consultants
who grew up living and loving life
in Cajun Country.
Authors
Chrissy LeMaire
Tweet to @cl
Brandon Abshire
Categories
- Oracle
- OS X & iDevices
- PowerShell
- Security
- SharePoint
- SQL Server
- VBScript
- Virtualization
- Windows
- Wordpress
