The Sysadmins

Tips and tricks from the Sysadmins

Category: General (page 1 of 3)

Remote Desktop iOS 8.1.0 – Error 0x03000008


In a recent update to the iOS Remote Desktop client (8.1.0 and above) you receive the following error when connecting using a Remote Desktop Gateway: Can’t connect to the Remote Desktop Gateway. Contact your network administrator for assistance. (Error code: 0x03000008)

iPhone iPad Error 0x03000008

Confirmed on the Remote Desktop Services blog here.


1. Review the TerminalServices-Gateway operational event log on the Remote Desktop Gateway server and look for EventID 301 which states: The user “DOMAIN\user”, on client computer “”, did not meet resource authorization policy requirements and was therefore not authorized to resource “”. The following error occurred: “23002”.


The resource IP should be one of your RDS servers, note healthy connections to the Gateway should (typically) specify the FQDN of the RDS server it is trying to connect to: The user “Domain\user”, on client computer “”, met resource authorization policy requirements and was therefore authorized to connect to resource ““.

Continue reading

SolarWinds – SAM 6.0 New Features [Sponsored Review]

Around this time a year ago, I took a look at SolarWinds Server and Application Monitor version 5.2 and came away pretty impressed with the package. Version 6.0 has just been released and introduces some cool new features. Today I’ll take a look at a couple of the new features, namely the Real-time event log viewer and AppInsight for SQL.

For those unfamiliar with the Server and Application Monitor product, please head over to the SolarWinds product page.

SolarWinds 6.0 New Features

  • AppInsight for SQL – AppInsight is a new feature, with SQL being the first domain released. AppInsight for SQL provides deep insights into SQL performance to include details on the most expensive queries, index fragmentation, database and transaction log size and much more.
  • Baseline threshold calculator – This feature allows admins to calculate thresholds from baseline data for both day and night system performance. Warning and critical thresholds are calculated at 2 and 3 standard deviations from normal performance.
  • IT Asset Inventory Dashboard – Administrators can now maintain a view of current hardware and software asset inventory to include server warranty status, driver software, hard drive inventory, and custom properties like PO number and purchase price.
  • Real-time Event Log Viewer – This feature allows administrators to view and filter Windows events logged by applications, security events, system failures and DNS events. Customers can filter logs by type, event source and severity.

Bringing up and trialing the 6.0 release candidate was as straight forward as you would hope for and I was able to have a fully functioning installation within 15 minutes or so. The installation has retained its straight forward express or advanced installation methods, with the express method installing a local copy of SQL.

AppInsight for SQL

SAM 6.0 introduces a new concept to the product titled AppInsight, with the view of giving you a greater level of detail and monitoring ability for a given application. The first application to get the AppInsight treatment is Microsoft SQL Server, which is typically at the heart of most businesses and can be fairly complicated and time consuming to monitor correctly.

Discovering MSSQL servers as you’d expect with SAM is very straight forward by either adding an individual node, scanning a subnet, list of IP Addresses or adding directly to AppInsight for SQL:


Once setup, the initial polling takes a little while and the counters begin to populate for that particular server, which takes us nicely onto the default AppInsight dashboard… and boy, has this thing got everything covered! The depth of information on one page is fantastic, essentially putting any performance counter that matters for SQL at your fingertips.


The performance counters can be easily switched between 1 hour, 12 hour and the last 24 hours depending on your requirement. Other information such as SQL Error logs can be configured to show x events from the event log.

Basic information like SQL Server version and product level is available, leading you to the real-time process explorer, event log viewer and service control manager. The top 10 databases by active user connection breaks down the active users by database and displays this via a pie chart and expandable list. Beneath this we have the top 10 expensive queries by CPU time, allowing you to hone in on inefficient queries- enabling you to look at optimizing them or scheduling them for off-peak.

AppInsight doesn’t just work at the MS SQL server level, you can also dig into individual databases and access a wealth of information including top 10 indexes by fragmentation, top 10 tables by size, database and transaction file size and white space per database.


Real-time Windows event log viewer

The real-time Windows event log viewer allows you to view, filter and setup monitors directly from the Node details summary within SAM. The interface itself is very similar to the standard Windows MMC, and allows you choose between the various Windows logs types (application, security, system and others depending on the services installed). You then have the ability to dig down into event levels (error, warning, information, security audit and failures). The interface polls via WMI and refreshes every 20 seconds or so, handy if you’re wanting to keep an eye out for a particular event as it happens.


The real-time event log viewer is positioned next to the real-time process explorer and service control manager which were both added in recent versions. This puts 3 very common troubleshooting and monitoring tools right at your fingertips. The reboot button is also very close, but luckily SolarWinds have added a prompt for you to confirm before rebooting the machine! Having these available from one console reduces the need to fire up a remote session to the server, or launch a custom MMC.



I love AppInsight! Having that level of information readily available really takes the complexity out of troubleshooting and monitoring a given application. For those who don’t have the experience or knowledge to choose the right performance counters, this is a great time saver. It will be interesting to see what application SolarWinds choose next to give the AppInsight treatment to. It’s hard to capture just how much AppInsight displays, I’d recommend installing a trial of the software and having a play around yourself. The real-time event viewer, whilst not being revolutionary is a welcome addition.

SolarWinds – Patch Manager [Sponsored Review]

Patch management is a vital part of an organization’s upkeep, not only does it help you stay abreast of bug fixes and features it can also help decrease security risks by patching vulnerabilities as soon as they are fixed. If you’ve ever been tasked with taking charge of patch management, especially for 3rd-party products, you’ll understand the potential difficulty and complexity of getting the updates out in a timely manner. This is where SolarWinds Patch Manager comes in. SolarWinds Patch Manager extends your existing WSUS or SCCM environment to help you efficiently deploy and automate 3rd-party patches.

Here are the ready to deploy 3rd-party patches available to you with the product, as you can see these cover a lot of the commonly deployed baseline applications.

  • Adobe Acrobat Professional, Acrobat Standard, Air, Reader, Shockwave and Flash
  • Apple iTunes
  • Google Chrome
  • Mozilla Firefox
  • Mozilla Thunderbird
  • Opera
  • Oracle/Sun Java Runtime Environment
  • QuickTime Player for Windows
  • Skype
  • WinZip
  • RealPlayer

You can also create your own package to deploy via SCCM or WSUS with the Patch Manager package wizard.

I’m not going to cover the installation or initial configuration, as it was pretty straight forward. Let’s get straight into a real world scenario.

Using Patch Manager to Deploying Java 7 Update 25

If you’ve been keeping your eye on Oracle Java, you’ll know it’s been getting a lot of attention lately and Oracle are releasing some pretty hefty updates. The latest update, update 25 released on the 18 of June contains 40 (yes 40) new security fixes, 37 of which can be remotely exploitable without authentication (Oracle Java SE Critical Patch Update Advisory – June 2013). It’s obvious that this update is of high importance, and must be dealt with as soon as possible. So, let’s run through how this would look using Patch Manager. I’m going to show the majority of the steps, to give you a good feel for how it all ties together and the time required to get this update out the door.

For this demo I’m going to be leveraging my existing WSUS environment.

After a quick synchronization I see Java 7 Update 25 appear in the Sun Packages group (not long after the update was released by Java itself).


Right click the update you would like to deploy and choose download, this gives you a link to download the executable from Oracle.


Download the executable from the link provided and import the source.


Continue reading

Dameware – Remote Support & Mini Remote Control [Sponsored Review]

Chances are you’ve heard of DameWare, two of their main products; DameWare Remote Support (DRS) and DameWare Mini Remote Control (MRC) are both popular tools and have been around for a long time. For those who haven’t heard of DameWare before, or those that just want a refresh; I’ll be looking at both of these products below.

DameWare Remote Support

DameWare Remote Support (DRS) provides a simple, efficient console that integrates various tools and features into a single point. To give you an idea, you can do all of the following (and more) from the console:

  • Remotely reboot servers and notebooks
  • Start and stop Windows Services
  • Clear and view Windows Event Logs
  • Copy and delete files on remote computers
  • Manage Windows® Active Directory
  • Quickly take full control of the end-user’s desktop
  • Take screenshots of remote desktops
  • Automatically install agents as you need them


As soon as I opened the interface it felt familiar. The console is well laid out, and intuitive to use- I was using the software within a matter of minutes without having to refer to a manual or similar. As you can see from the screenshot above, you can view and expand Active Directory, Workgroups and favorite machines. Favourite machines will allow you to add a single machine via FQDN, or a scope of machines via IP. If you cast your eye over the components above, you’ll begin to see what’s available to you.

Managing services from DRS, is as simple as clicking on Services view.


Want a remote console? That’s as simple double click on RCmd View, or RCmd Console- or, if your preference is to use PSEXEC, you can actually add system tools to the menu.

Continue reading

SolarWinds – Log and Event Manager [Sponsored Review]

A couple of years ago I posted an article which explained a couple of free methods to monitor and get reports for event logs. Whilst they might be handy for a smaller environment, as the number of servers and devices that require monitoring increases, a more enterprise and robust solution is needed.

How do you currently monitor your logs, be it your router, firewall or Windows servers? In my travels I find a lot of Sysadmins will manually peruse the logs, normally ad-hoc or when an issue has been detected. This ends in slow detection for potential issues, security threats and isn’t particularly efficient.

This brings us nicely to a review for SolarWinds Log and Event Manager (I’ll called this LEM for the rest of the review). When I was asked to review this product I was keen to try it out. LEM allows you to collect all these logs into a central point and to view live events as they happen, search for past events and even take automatic action with what they call active response.

As with most of these types of products, it’s hard to review everything. So I’ll give a brief overview on installation, real time analysis, active response, nDepth and overall use of the product.

Log Collection, Analysis, and Real-Time Correlation

  • Collects log & event data from tens of thousands of devices & performs true real-time correlation
  • Powerful Active Response technology enables you to quickly & automatically take action against threats
  • Advanced IT Search employs highly effective data visualization tools “ word clouds, treemaps, & more
  • Quickly generates compliance reports for PCI DSS , GLBA, SOX, NERC CIP, HIPAA, & more
  • Out-of-the-box correlation rules, reports, & responses enable speedy deployment in an hour or less


SolarWinds provide a virtual appliance, which makes testing and deploying LEM extremly straight forward. Simply import the appliance into your Hyper-V or ESXi environment. The appliance boots up and presents the options needs to configure LEM intitially, for example setting the IP address, timezone, reboot/shutdown, disk usage, ping, top and other helpful tools for maintenance of the guest.

Agents are required on any device that can’t provide SNMP, for Windows you can either install the Agent locally or use the remote deployment method to deploy the agent to multiple servers. LEM Agents can be installed on Windows, Linux and Mac OS X.


  • LEM 5.5, full install package for VMware ESX/ESXi 4.0+ :

  • LEM 5.5, full install package for HyperV:

Real Time Analysis

Once you’ve pointed your browser at the LEM guest and logged in you’re presented with the Ops Center dashboard, which allows you to get a high level overview of what’s been happening on your network. You can move, delete or add new widgets depending on your requirements/taste. The Monitor tab at the top takes us to the monitor view. In monitor view you are able to see all events occurring live, although you are more likely to choose one of the predefined filters in place. You can also create your own filters, although out of the box the default filters are pretty good (there’s even filters for PCI/HIPAA events).

Selecting one of the events populates the event details pane, which gives you a more detailed view of the event, to the left of this pane you can create your own widgets for quickly identifying trends.


The real time monitoring interface isn’t just for monitoring events, it also allows you to perform various tasks against the events that are being populated live. For example, you’re able to select a particular host/event and run a whois, nslookup or traceroute. It’s nice to have it right there, without having to open a separate command prompt. You can also take the event into nDepth and see historical details for the event.

You can actively respond to an event, some popular items are pre-populated but “All actions” offers a lot more. The respond menu allows you to (for example) restart a machine when you see a particular problem reported or block an IP if you detect a port scan.

Continue reading


Over the last couple of years I’ve started listening to more technical Podcasts. This initially stemmed from having to do more housework (!) but has spread to longer commutes or trips, especially in the car. I find it’s a great way, without having to pay too much attention to keep up to date with various topics and news.

I listen to a small handful of Podcasts regularly, so go and check them out.

Security Now
Windows Weekly
This Week in Enterprise Tech
Runas Weekly
Portforward Podcast

I tried a couple of Android applications to automate the download of new episodes without much success until I stumbled on a recommendation for Pocket Casts. It currently costs £1.99, and it’s the best Android application I’ve found for the job. I’ve set it to automatically download when a new episode is released and to only keep the last 2 episodes. You can also set the episode updates to occur only when using WiFi, which is great for those with more restrictive data tariffs.

Have a podcast to recommend? Please use the comments below.

View .pages File on Windows

I’ve had a few requests to open .pages files lately and found a nice and quick way to extract the .pages file to expose a PDF file which can be opened within Windows. The Pages file extension originates from Apple’s iWorks Pages application.

Right click the .pages file and extract with 7zip (or your favorite alternative).

Open the quicklook folder and open the PDF version of the .pages file, most of the files I’ve come across allow text to be copied from the PDF.

Older posts