Alan

190 89 - CXC 137 1124/4 R5C
2007-03-08
Page 1 of 24
ALAN - AP Audit Script Log Analysis

Checklist
Contents 1 System Information....................................................................................4 2 Error printouts............................................................................................4 2.1 AP not redundant.............................................................................4 2.2 Not enough rights to run Audit script................................................4 2.3 Node names include illegal characters.............................................5 2.4 Node names are 15 characters or longer.........................................5 2.5 Cluster node names faulty................................................................5 2.6 Differences between A-nodes and B-nodes swrprint......................5 2.7 Repair fix R1.1 incorrectly installed..................................................5 2.8 Security patch S2.4 incorrectly installed...........................................5 2.9 No shutdown detected after R1.1 installation...................................5 2.10 Incorrectly installed applications.....................................................6 2.11 Non-default user profile in Pragma Telnet server found.................6 2.12 System variable COMPUTERNAME is faulty.................................6 2.13 Italian keyboard layout used...........................................................6 2.14 Empty User variable Path...............................................................6 2.15 NT4: Backup.FTS is missing........................................................6 2.16 Directories that should be files.......................................................7 2.17 Legal notice is displayed at logon...................................................7 2.18 AP alarm list not empty...................................................................7 2.19 AP maintenance data not normal...................................................7 2.20 AM firmware version is too low.......................................................7 2.21 Watchdog is not enabled................................................................7 2.22 AM boards communication not normal...........................................7 2.23 An account other than built-in Administrator is called Administrator .................................................................................................8 2.24 User is member of Guests or Domain Guests................................8 2.25 Expiry date is set on user account..................................................8 2.26 RAID firmware is too old.................................................................8 2.27 Mismatch in RAID firmware between nodes...................................8 2.28 Cluster support not enabled in RAID..............................................8 2.29 Mirrored disks not redundant..........................................................9 2.30 NT4: IIS database enum metadata is corrupt.................................9 2.31 FTP Server root directory in wrong folder.......................................9 2.32 FTP Server virtual directory incorrectly defined..............................9 2.33 FTP Server virtual directories differ between nodes.......................9 2.34 Anonymous FTP access incorrectly set..........................................9 2.35 FTP logging is incorrectly set.......................................................10 2.36 WinS03: Recovery console folder missing....................................10 2.37 NT4: M:\Images exists in NT4......................................................10 2.38 NT4: M:\ exists in NT4 AP2..........................................................10 2.39 Corrupt ACL in active node - Account Domain not found.............10 2.40 Corrupt ACL in passive node - Account Domain not found...........11 2.41 Corrupt ACL in active node - Unexpected or missing ACE...........11 2.42 Corrupt ACL in passive node - Unexpected or missing ACE........11
190 89 - CXC 137 1124/4 R5C
2007-03-08
Page 2 of 24
2.43 Startup parameters for Distinct TFTP faulty..................................11 2.44 Partition missing from the system disk.........................................12 2.45 NT4: Partition on system disk has wrong file system....................12 2.46 Partition with faulty size on system disk........................................12 2.47 Partition with faulty label on system disk......................................12 2.48 NT4: System disk partition layout cannot be verified....................12 2.49 NT4: F-drive is too small...............................................................12 2.50 Free space limit reached..............................................................13 2.51 WinS03: Dirty bit set on volume....................................................13 2.52 Large DDI-files.............................................................................13 2.53 Persistent network connections found..........................................13 2.54 Wrong hosts file used...................................................................13 2.55 Cluster nodes not normal.............................................................13 2.56 Cluster group not online...............................................................13 2.57 Ownership of cluster groups not normal.......................................14 2.58 Preferred owners for RGAPM_# groups are incorrect..................14 2.59 Ownership of cluster groups differ between nodes.......................14 2.60 Cluster resources not online.........................................................14 2.61 Cluster network interfaces not normal..........................................14 2.62 Public cluster network interface has wrong name.........................14 2.63 NT4: DHCP backup directory contains old sub-directory............14 2.64 NT4: DHCP backup could be corrupt...........................................15 2.65 NT4: Domain communication faulty..............................................15 2.66 WinS03: Nodes missing from DC list............................................15 2.67 WinS03: PDC not found...............................................................15 2.68 WinS03: FSMO roles not normal..................................................15 2.69 WinS03: NTDS parameters differ between nodes........................15 2.70 WinS03: Old frconfig version has been used................................16 2.71 WinS03: Wrong node name in Frconfig.log..................................16 2.72 WinS03: Last Frconfig attempt failed............................................16 2.73 WinS03: AD replication status is faulty.........................................16 2.74 WinS03: Owner of Global Catalog is incorrect..............................16 2.75 WinS03: AD replication disabled..................................................16 2.76 WinS03: USN times are more than 60 minutes apart...................17 2.77 WinS03: Command dsquery computer has failed......................17 2.78 WinS03: AD objects differ between nodes....................................17 3 Warning printouts.....................................................................................18 3.1 Large time gap between log files....................................................18 3.2 Conflicting APM and/or APIO information.......................................18 3.3 NT4: Telnet server version.............................................................18 3.4 NTDS registry key in NT4...............................................................18 3.5 Timezone differ between the nodes................................................18 3.6 Timezone differ between CP and AP..............................................18 3.7 No timezone link.............................................................................19 3.8 IPNA not connected.......................................................................19 3.9 IPN link is blocked..........................................................................19 3.10 IPN software revision differ between CP and AP..........................19 3.11 IPN software revision differ between AP-nodes............................19 3.12 IPNX, IPNA and/or IPNAX boards have too low revision..............19 3.13 CP memory congestion................................................................19 3.14 High temperature on AM or PSU boards......................................20 3.15 Locked user account found..........................................................20 3.16 Disabled user account found........................................................20 3.17 Mismatch in RAID firmware between swrprint and raidutil............20 3.18 Wrong file attributes in C:\............................................................20 3.19 Wrong file attributes in E:\............................................................20
190 89 - CXC 137 1124/4 R5C
2007-03-08
Page 3 of 24
3.20 Low free RAM...............................................................................21 3.21 Pagefile too small.........................................................................21 3.22 Pagefile too large.........................................................................21 3.23 Memory leaks...............................................................................21 3.24 Handle leaks.................................................................................21 3.25 Services have wrong startup state................................................21 3.26 Services not started by service account.......................................22 3.27 Services registered by wrong account..........................................22 3.28 setupservices.def is faulty............................................................22 3.29 AP backup too old or corrupt........................................................22 3.30 Old virus definitions......................................................................22 3.31 NT4: lmhosts file does not match Remote Cache Name Table....22 3.32 NT4: lmhosts file corrupt...............................................................22 3.33 Ping test between nodes failed.....................................................23 3.34 CP users and AP user groups not associated..............................23 3.35 AD-devices have queued printouts...............................................23 3.36 RELFSW0 is not newest in stack..................................................23 3.37 Too few CP reload files................................................................23 3.38 CP reload file missing...................................................................23 3.39 CP middleware does not match RELFSW0..................................23 3.40 DHCP Server client types faulty...................................................24 3.41 DHCP Server broadcast flag faulty...............................................24 3.42 User- or Core memory dumps found............................................24 3.43 Max size of one or more event logs is faulty.................................24
190 89 - CXC 137 1124/4 R5C
2007-03-08
Page 4 of 24
System Information
Various information about the system is derived from the following commands in the AP Audit script:
hostname date /t time /t hwver ver prcstate set cluster /ver swrsid h swrprint type C:\temp\hfix.log |findstr HKEY && del C:\temp\hfix.log type C:\temp\tz.log && del C:\temp\tz.log mml IOEXP; mml SAOSP; fcc_getbib "C:\Program Files\Dptmgr\Raidutil" K fcc_amversion own (only on WinS03) cd /d "C:\Program Files\force\AM_Services\" && fcc_amtest own -f
(only on NT4)
type %computername%.txt (only on NT4) wmic MEMLOGICAL GET AvailableVirtualMemory, TotalPageFileSpace, TotalPhysicalMemory, TotalVirtualMemory (only on WinS03) wmic PAGEFILE GET (only on WinS03) tasklist (only on WinS03)
Error printouts
Error printouts are always generated for every error found in the AP Audit Script log files. Every error printout is preceded by a prompt:
>>> >>>
or, in case of OSU (upgrade to WinS03):

***OSU***
2.1
AP not redundant
Printout from:
prcstate
All other error- and warning printouts are unreliable.
2.2
Not enough rights to run Audit script

Based on several occasions of Access is denied responses. The user account used for running the Audit script does not have enough rights to execute all commands in the script.
190 89 - CXC 137 1124/4 R5C
2007-03-08
Page 5 of 24
2.3
Node names include illegal characters

Printout from:
hostname
Only characters A-Z, 0-9 and - are allowed. Any other character can cause OS Upgrade (NT4 to WinS03) to fail and can also cause cluster and/or domain communication problems.
2.4
Node names are 15 characters or longer

Printout from:
hostname
Due to a bug in APZ 12.0 BURBIN version R5G and older, burbackup will fail if node name is 15 characters or longer.
2.5
Cluster node names faulty

Printout from:
cluster node
Lists cluster nodes that have names lower case.
2.6
Differences between A-nodes and B-nodes swrprint

Printouts from:
swrprint type "C:\Program Files\FORCE\hflist.txt".
Analysis and also comparison between the nodes is made if applicable.
2.7
Repair fix R1.1 incorrectly installed

Printout from:
type C:\temp\hfix.log && del C:\temp\hfix.log
Checks if R1.1 is installed after S3.2, but only if R1.9 has not been installed.
2.8
Security patch S2.4 incorrectly installed

Printouts from:
type RunOnce.txt && del RunOnce.txt type RunOnceEx.txt && del RunOnceEx.txt
Checks if S2.4 has been correctly installed.
2.9
No shutdown detected after R1.1 installation

Printout from:
type C:\temp\hfix.log && del C:\temp\hfix.log
Checks that a reboot has been initiated between the installations of R1.1 and S3.2.
190 89 - CXC 137 1124/4 R5C
2007-03-08
Page 6 of 24
2.10
Incorrectly installed applications

Printouts from:
dir "C:\Program Files\AP\" /s | findstr /ie "\.1" dir "C:\Program Files\F-Secure\ssh server"
Any file called *.*.1 found is listed.
2.11
Non-default user profile in Pragma Telnet server found

Printout from:
type C:\temp\Pragma_HKLM.txt
Any non-default profile will trigger this error printout. A non-default profile can cause upgrade OPS-scripts to fail.
2.12
System variable COMPUTERNAME is faulty

Printout from:
set
System variable COMPUTERNAME is either not set or differs from hostname.
2.13
Italian keyboard layout used

Printouts from:
type C:\temp\Keyb.txt && del C:\temp\Keyb.txt REG QUERY "HKEY_USERS{key}Preload" (only on WinS03)
For NT4, this can cause OSU (upgrade to WinS03) to fail. For WinS03, this can cause unpredictable behaviour in Telnet and SSH sessions.
2.14
Empty User variable Path

Printout from:
type hk_users.txt | find /I "PATH"
An empty user variable called Path can cause OS Upgrade (NT4 to WinS03) to fail.
2.15
NT4: Backup.FTS is missing

Printout from:
dir c:\winnt\backup.fts
(only on NT4)
A missing Backup.FTS file in C:\Winnt\System32 can cause OS Upgrade (NT4 to WinS03) to fail.
190 89 - CXC 137 1124/4 R5C
2007-03-08
Page 7 of 24
2.16
Directories that should be files

Printout from:
dir C:\ /s /b /a /ad|findstr \.|findstr /v /r \..*\\|findstr -v \\\.| findstr -v .IE5
Certain directories that really should be files can among other things cause OS Upgrade (NT4 to WinS03) to fail.
2.17
Legal notice is displayed at logon

Printouts from:
type Legal_Notice.txt type Legal_Notice.txt | find "LegalNoticeCaption" | find "LegalNoticeText"
A legal notice displayed at logon can cause the automated upgrade script for OS Upgrade to fail.
2.18
AP alarm list not empty

Printout from:
alist
Notification if one or more alarms are listed in the AP alarm list.
2.19
AP maintenance data not normal

Printout from:
mml APAMP;
One or more IPN-links are not in normal state.
2.20
AM firmware version is too low

Printout from:
fcc_amversion own (only on WinS03) cd /d "C:\Program Files\force\AM_Services\" && fcc_amtest own -f
(only on NT4) AM firmware version does not match the LBB version.
2.21
Watchdog is not enabled

Printout from:
cd /d "C:\Program Files\force\AM_Services\" && fcc_amtest own -f
AM watchdog is disabled.
2.22
AM boards communication not normal

Printout from:
The AM-board cannot communicate properly with the other node.
190 89 - CXC 137 1124/4 R5C
2007-03-08
Page 8 of 24
2.23
An account other than built-in Administrator is called Administrator

Printout from:
Userdump
Checks that no account other than built-in Administrator is called Administrator.
2.24
User is member of Guests or Domain Guests

Printout from:
Userdump
Users with membership in local group Guests or global group Domain Guests are listed. Such membership can cause OS Upgrade to fail and can also have negative impact on e.g. running certain commands.
2.25
Expiry date is set on user account

Printout from:
Userdump
User accounts with expiry date set are listed. A user account that expires during performing an upgrade can cause unpredictable behaviour.
2.26
RAID firmware is too old

Printout from:
"C:\Program Files\Dptmgr\Raidutil" K
(only on APG40C/2)
Firmware in RAID controller is older than FT06.
2.27
Mismatch in RAID firmware between nodes

Printout from:
"C:\Program Files\Dptmgr\Raidutil" K (only on APG40C/2) "C:\Program Files\Force\Raid\megarc" -ctlrInfo -a0 (only
on APG40C/4)
Firmware in RAID controller differs in A-node and B-node.
2.28
Cluster support not enabled in RAID

Printout from:
"C:\Program Files\Dptmgr\Raidutil" K
(only on APG40C/2)
RAID controller has not cluster support enabled.
190 89 - CXC 137 1124/4 R5C
2007-03-08
Page 9 of 24
2.29
Mirrored disks not redundant

Printouts from:
"C:\Program Files\Dptmgr\Raidutil" -L all (only on APG40C/2) "C:\Program Files\Force\Raid\ScsiDisk" /LD (only on APG40C/4) "C:\Program Files\Force\Raid\megarc" -ctlrInfo -a0 (only on APG40C/4)
At least one of the data disks is not optimal.
2.30
NT4: IIS database enum metadata is corrupt

Printout from:
mdutil enum_all
The metadata is corrupt.
2.31
FTP Server root directory in wrong folder

Printout from:
ftpls
The root directory of Default FTP Site is not placed in C:\Inetsrv\ftproot.
2.32
FTP Server virtual directory incorrectly defined

Printouts from:
vdls -n "Default FTP Site" vdls -n "APIO_1" vdls -n "APIO_2"
Virtual directory mapped towards a network address.
2.33
FTP Server virtual directories differ between nodes

Printouts from:
vdls -n "Default FTP Site" vdls -n "APIO_1" vdls -n "APIO_2"
The virtual directories differ between A-node and B-node.
2.34
Anonymous FTP access incorrectly set

Printouts from:
mdutil enum_all (only on NT4) wmic /namespace:\\root\MicrosoftIISv2 path IIsFtpServerSetting WHERE "ServerComment='Default FTP Site'" GET AllowAnonymous (only on WinS03) wmic /namespace:\\root\MicrosoftIISv2 path IIsFtpServerSetting WHERE "ServerComment='APIO_1'" GET AllowAnonymous (only on WinS03) wmic /namespace:\\root\MicrosoftIISv2 path IIsFtpServerSetting WHERE "ServerComment='APIO_2'" GET AllowAnonymous (only on WinS03)
Anonymous access must be disabled for Default FTP Site and enabled for the two APIO_# servers.
190 89 - CXC 137 1124/4 R5C
2007-03-08
Page 10 of 24
2.35
FTP logging is incorrectly set

Printouts from:
mdutil enum_all (only on NT4) wmic /namespace:\\root\MicrosoftIISv2 path IIsFtpServerSetting WHERE "ServerComment='Default FTP Site'" GET LogType (only on WinS03) wmic /namespace:\\root\MicrosoftIISv2 path IIsFtpServerSetting WHERE "ServerComment='APIO_1'" GET LogType (only on WinS03) wmic /namespace:\\root\MicrosoftIISv2 path IIsFtpServerSetting WHERE "ServerComment='APIO_2'" GET LogType (only on WinS03)
Logging should be enabled for Default FTP Site and disabled for the two APIO_# servers.
2.36
WinS03: Recovery console folder missing

Printout from:
dir /a:h e:\
(only on WinS03)
The recovery console folder cmdcons is missing from E:\. This will disable the use of the recovery console and DAT tape during disaster recovery.
2.37
NT4: M:\Images exists in NT4

Printout from:
cacls M:\*
Checks for remains of an earlier OSU attempt.
2.38
NT4: M:\ exists in NT4 AP2

Printout from:
cacls M:\
2.39
Corrupt ACL in active node - Account Domain not found

Printouts from:
cacls C: - F: cacls I: - Y: type C:\temp\acllist_c.txt|find type C:\temp\acllist_e.txt|find type C:\temp\acllist_f.txt|find type C:\temp\acllist_g.txt|find type C:\temp\acllist_i.txt|find type C:\temp\acllist_j.txt|find type C:\temp\acllist_k.txt|find type C:\temp\acllist_l.txt|find type C:\temp\acllist_m.txt|find type C:\temp\acllist_q.txt|find type C:\temp\acllist_r.txt|find type C:\temp\acllist_s.txt|find type C:\temp\acllist_v.txt|find type C:\temp\acllist_y.txt|find "Account "Account "Account "Account "Account "Account "Account "Account "Account "Account "Account "Account "Account "Account Domain Domain Domain Domain Domain Domain Domain Domain Domain Domain Domain Domain Domain Domain not not not not not not not not not not not not not not found" found" found" found" found" found" found" found" found" found" found" found" found" found"
Files and folders with <Account Domain not found> in their ACL:s in the active node are listed.
190 89 - CXC 137 1124/4 R5C
2007-03-08
Page 11 of 24
2.40
Corrupt ACL in passive node - Account Domain not found

Printouts from:
cacls C: - F: type C:\temp\acllist_c.txt|find "Account Domain not found" type C:\temp\acllist_e.txt|find "Account Domain not found" type C:\temp\acllist_f.txt|find "Account Domain not found"
Files and folders with <Account Domain not found> in their ACL:s in the passive node are listed.
2.41
Corrupt ACL in active node - Unexpected or missing ACE

Printouts from:
cacls C: - F: cacls I: - Y: cacls L:\ L:\* L:\CPS\* L:\CPS\Data\* L:\FMS\* L:\FMS\Data\* cacls M:\ M:\* M:\MCS\* M:\MCS\Data\* M:\Images\* cacls R:\ R:\* R:\STS\* R:\STS\Data\* R:\STS\Logs\* cacls S:\ S:\* S:\STS\* S:\STS\Data* cacls V:\ V:\* V:\APZ\* V:\APZ\Data\* cacls G:\ G:\* G:\Ftpvol\* cacls Q:\ Q:\* Q:\ACS\* Q:\ACS\Data\* cacls Y:\ Y:\* Y:\ACS\* Y:\ACS\Data\* cacls K:\ K:\* K:\ACS\* K:\AES\* K:\FMS\* K:\IMAGES\* K:\MCS K:\OCS K:\SGS) cacls X:\ X:\* X:\MessageStore\* X:\MessageStore\ACA\* cacls E:\* /C
Files and folders with inconsistent ACL:s in the active node are listed. N.B! Only the root folder of all volumes, except for E:\ where the files in root folder are checked if Everyone have full access, and the first two directory levels of all volumes on the data disks are analysed.
2.42
Corrupt ACL in passive node - Unexpected or missing ACE

Printouts from:
cacls C: - F: cacls E:\* /C
Files and folders with inconsistent ACL:s in the passive node are listed. N.B! Only the root folder of all volumes is analysed, except for E:\ where the files in root folder are checked if Everyone have full access.
2.43
Startup parameters for Distinct TFTP faulty

Printout from:
type c:\winnt\win.ini
The file win.ini contains wrong parameters for Distinct TFTP, regarding the APZ version.
190 89 - CXC 137 1124/4 R5C
2007-03-08
Page 12 of 24
2.44
Partition missing from the system disk

Printout from:
type %computername%.txt wmic VOLUME LIST STATUS
(only on NT4) (only on WinS03)
D-drive, E-drive or F-drive is missing from the system disk.
2.45
NT4: Partition on system disk has wrong file system

Printout from:
type %computername%.txt
(only on NT4)
One or more volumes on the system disk have non-NTFS file system.
2.46
Partition with faulty size on system disk

Printout from:
One or more volumes on the system disk have non-standard size.
2.47
Partition with faulty label on system disk

Printout from:
type %computername%.txt (only on NT4) wmic VOLUME LIST WRITEABLE (only on WinS03)
One or more volumes on the system disk have non-standard label.
2.48
NT4: System disk partition layout cannot be verified

Printout from:
(only on NT4)
Sizes and setup of ntserv and ntbackup partitions does not match the default configuration. This can be a sign of partition alignment being out of order. This needs to be verified by using GUI Disk Administrator or CLI partinfo or partitionnt. N.B! If a previous OS upgrade attempt has been made and a fallback has occurred, the partition configuration will no longer match the default configuration.
2.49
NT4: F-drive is too small

Printout from:
(only on NT4)
The F-drive on the system disk is less than 4 GB large.
190 89 - CXC 137 1124/4 R5C
2007-03-08
Page 13 of 24
2.50
Free space limit reached

Printout from:
Volumes that have reached their limit of free space are listed.
2.51
WinS03: Dirty bit set on volume

Printout from:
wmic VOLUME LIST STATUS
(only on WinS03)
Dirty bit is set on listed volumes.
2.52
Large DDI-files
Printout from: dir c:\bur (only on NT4) dir c:\acs\data\bur (only on WinS03) DDI-files with size larger than 500 kB for NT4 and 1 MB for WinS03 are listed.
2.53
Persistent network connections found

Printout from:
net use
Network connections that require different logon credentials will cause the GUI to wait for password to that network connection before logon procedure continues. If the built-in Administrator account has such persistent network connections defined, this will cause automated logon in OS Upgrade to fail.
2.54
Wrong hosts file used

Printout from:
type c:\winnt\system32\drivers\etc\hosts
hosts file contents does not match the connected APZ type.
2.55
Cluster nodes not normal

Printout from:
cluster node
Lists cluster nodes that are not up.
2.56
Cluster group not online

Printout from:
cluster group
Lists cluster groups that are not online.
190 89 - CXC 137 1124/4 R5C
2007-03-08
Page 14 of 24
2.57
Ownership of cluster groups not normal

Printout from:
cluster group
Lists cluster groups with unexpected or no owner.
2.58
Preferred owners for RGAPM_# groups are incorrect

Printouts from:
cluster group RGAPM_0 /listowners cluster group RGAPM_1 /listowners
The A-node must be preferred owner from RGAPM_0 and B-node must be preferred owner for RGAPM_1. If wrong or no owner is listed, FCH might fail.
2.59
Ownership of cluster groups differ between nodes

Printout from:
cluster group
Lists all cluster groups with information about owner derived from both nodes.
2.60
Cluster resources not online

Printout from:
cluster res
Lists cluster resources that are not online.
2.61
Cluster network interfaces not normal

Printout from:
cluster netint
Lists IPN- and Heartbeat interfaces that are not up.
2.62
Public cluster network interface has wrong name

Printout from:
cluster netint
The public cluster network interfaces are not called Public.
2.63
NT4: DHCP backup directory contains old sub-directory

Printout from:
dir C:\WINNT\system32\dhcp\backup\Jet | findstr /I old
The DHCP database backup could be corrupt.
190 89 - CXC 137 1124/4 R5C
2007-03-08
Page 15 of 24
2.64
NT4: DHCP backup could be corrupt

Printouts from:
dhcpcmd.exe 127.0.0.1 checkdb 192.168.169.0 dhcpcmd.exe 127.0.0.1 checkdb 192.168.170.0
The DHCP database backup could be corrupt.
2.65
NT4: Domain communication faulty

Printouts from:
netdom query netdom bdc
A-node is not PDC or B-node is not BDC or secure channel not set up correctly.
2.66
WinS03: Nodes missing from DC list

Printout from:
netdom query DC
Domin Controller list is not complete.
2.67
WinS03: PDC not found

Printout from:
netdom query PDC
PDC can not be contacted or can not be found.
2.68
WinS03: FSMO roles not normal

Printout from:
netdom query FSMO
Listed FSMO roles are either missing or faulty.
2.69
WinS03: NTDS parameters differ between nodes

Printouts from:
reg query \\192.168.202.1\HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Para meters reg query \\192.168.202.2\HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Para meters
The domain name differs in NTDS parameters between the nodes.
190 89 - CXC 137 1124/4 R5C
2007-03-08
Page 16 of 24
2.70
WinS03: Old frconfig version has been used

Printouts from:
type "\\192.168.202.1\C$\Program Files\Force\frconfig"\FrConfig.log | Findstr /I /C:"failed on node" /C:succesful /C:build type "\\192.168.202.2\C$\Program Files\Force\frconfig"\FrConfig.log | Findstr /I /C:"failed on node" /C:succesful /C:build
Frconfig version older than 1.4.0 build 3 has been used. This could cause AD replication problems.
2.71
WinS03: Wrong node name in Frconfig.log

Printouts from:
Last change done by frconfig does not show current node name.
2.72
WinS03: Last Frconfig attempt failed

Printouts from:
Last change done by Frconfig was not successful.
2.73
WinS03: AD replication status is faulty

Printouts from:
"c:\Program files\force\frconfig\domainrename\repadmin" /showrepl ap1a "c:\Program files\force\frconfig\domainrename\repadmin" /showrepl ap1b
One or more recent AD replication attempts has failed or status could not be shown.
2.74
WinS03: Owner of Global Catalog is incorrect

Printouts from:
"c:\Program files\force\frconfig\domainrename\repadmin" /options <Anode> "c:\Program files\force\frconfig\domainrename\repadmin" /options <Bnode>
Global catalog is not exclusively owned by A-node.
2.75
WinS03: AD replication disabled

Printouts from:
"c:\Program files\force\frconfig\domainrename\repadmin" /options <Anode> "c:\Program files\force\frconfig\domainrename\repadmin" /options <Bnode>
AD replication requests are disabled on B-node.
190 89 - CXC 137 1124/4 R5C
2007-03-08
Page 17 of 24
2.76
WinS03: USN times are more than 60 minutes apart

Printouts from:
"C:\Program Files\FORCE\frconfig\DomainRename\"repadmin /showutdvec <A-node> <Domain name> "C:\Program Files\FORCE\frconfig\DomainRename\"repadmin /showutdvec <A-node> <Domain name>
USN time stamps differ more than 60 minutes between the nodes. This could mean that AD replication is not working even if replication status shows OK.
2.77
WinS03: Command dsquery computer has failed

Printout from:
dsquery computer
Possible sign of AD replication problems detected.
2.78
WinS03: AD objects differ between nodes

Printout from:
fc c:\temp\ad_nodea.txt c:\temp\ad_nodeb.txt
The number of objects in Active Directory differs between the nodes.
190 89 - CXC 137 1124/4 R5C
2007-03-08
Page 18 of 24
Warning printouts
Warning printouts are generated for every warning (minor error) found in the AP Audit Script log files, but are omitted if ALAN is run in errors-only mode. Every warning printout is preceded by a prompt:
>>>
3.1
Large time gap between log files

Printouts from:
date /t time /t
The time stamp in the log files differ more than 60 minutes.
3.2
Conflicting APM and/or APIO information

Printout from:
swrprint
There is more than one entry for APM and/or APIO in the software product list.
3.3
NT4: Telnet server version

Printout from:
type "C:\Program Files\Pragma\TelnetD\readme.txt" | findstr /C:"2000 Build"
A corrupt installation of telnet server can lead to swrprint showing Build 10 when in fact Build 7 is still installed.
3.4
NTDS registry key in NT4

Printout from:
type Ntdsnt4.txt && del Ntdsnt4.txt
3.5
Timezone differ between the nodes

Printout from:
type C:\temp\tz.log && del C:\temp\tz.log
The A-node and B-node have different timezone setting.
3.6
Timezone differ between CP and AP

Printouts from:
mtzln -p type C:\temp\tz.log && del C:\temp\tz.log
The timezone differs between the CP and AP.
190 89 - CXC 137 1124/4 R5C
2007-03-08
Page 19 of 24
3.7
No timezone link
Printout from:
mtzln p
No timezone link between CP and AP has been defined.
3.8
IPNA not connected

Printout from:
ipnaadm -list
At least one of ipna00 or ipna01 is missing in the printout. Check IPN data for any faults.
3.9
IPN link is blocked

Printout from:
mml "OCINP:IPN=ALL;OCSIP:IPN=ALL;OCESP:IPN=ALL;"
One or more IPN links are blocked.
3.10
IPN software revision differ between CP and AP

Printouts from:
mml "OCINP:IPN=ALL;OCSIP:IPN=ALL;OCESP:IPN=ALL;" type C:\tftpboot\boot.ipn0 type C:\tftpboot\boot.ipn1 type C:\tftpboot\boot.ipn2 type C:\tftpboot\boot.ipn3
The boot.ipn# files contain other SW revision than whats loaded in CP.
3.11
IPN software revision differ between AP-nodes

Printouts from:
type type type type C:\tftpboot\boot.ipn0 C:\tftpboot\boot.ipn1 C:\tftpboot\boot.ipn2 C:\tftpboot\boot.ipn3
A-node and B-node have different contents in the boot.ipn# files.
3.12
IPNX, IPNA and/or IPNAX boards have too low revision

Printout from:
mml DPHIP;
One or more IPNX, IPNA and/or IPNAX boards in CP have a lower revision than recommended.
3.13
CP memory congestion
Printout from:
mml LABUP;
One or more of the CP memory banks are congested.
190 89 - CXC 137 1124/4 R5C
2007-03-08
Page 20 of 24
3.14
High temperature on AM or PSU boards

Printout from:
Temperature is out of range or near limit on AM board or PSU board.
3.15
Locked user account found

Printout from:
Userdump
Listed accounts are locked out.
3.16
Disabled user account found

Printout from:
Userdump
Listed accounts are disabled. Note: The accounts Guest and krbtgt and SUPPORT_388945a0 are not listed.
3.17
Mismatch in RAID firmware between swrprint and raidutil

Printouts from:
"C:\Program Files\Dptmgr\Raidutil" K (only on APG40C/2) "C:\Program Files\Force\Raid\megarc" -ctlrInfo -a0 (only swrprint
on APG40C/4)
Firmware in RAID controller differs between the printouts.
3.18
Wrong file attributes in C:\

Printout from:
attrib C:\*
The files in the root of C-drive have other than default attributes.
3.19
Wrong file attributes in E:\

Printout from:
attrib E:\* /S
The files in the root of E-drive have other than default attributes.
190 89 - CXC 137 1124/4 R5C
2007-03-08
Page 21 of 24
3.20
Low free RAM

Printout from:
type %computername%.txt (only on NT4) wmic MEMLOGICAL GET AvailableVirtualMemory, TotalPageFileSpace, TotalPhysicalMemory, TotalVirtualMemory (only on WinS03) tasklist (only on WinS03)
Amount of free RAM is low.
3.21
Pagefile too small

Printout from:
type %computername%.txt (only on NT4) wmic PAGEFILE GET (only on WinS03)
Pagefile is smaller than total amount of RAM.
3.22
Pagefile too large

Printout from:
type %computername%.txt (only on NT4) wmic PAGEFILE GET (only on WinS03)
Pagefile is larger than default setting.
3.23
Memory leaks
Printout from: pstat (only on NT) tasklist (only on WinS03) Listed processes use more memory than normal.
3.24
Handle leaks
Printout from: pstat (only on NT)
wmic PROCESS GET Processid, Name, ThreadCount, HandleCount, Priority, PageFaults, WorkingSetSize, QuotaNonPagedPoolUsage, QuotaPagedPoolUsage (only on WinS03)
Either the total handle count is too high or the listed processes have a higher handle count than normal.
3.25
Services have wrong startup state

Printout from:
type %computername%.txt (only on NT4) wmic SERVICE GET displayname, name, startname, startmode, state
(only
on WinS03) Listed services have wrong startup state.
190 89 - CXC 137 1124/4 R5C
2007-03-08
Page 22 of 24
3.26
Services not started by service account

Printout from:
(only
on WinS03) Listed services should be started by the service account, but are not.
3.27
Services registered by wrong account

Printout from:
(only
on WinS03) Listed services should all be started by the same service account.
3.28
setupservices.def is faulty
Printout from:
type C:\Winnt\system32\setupservice.def | findstr /v #
The file setupservices.def does not contain all expected service names.
3.29
AP backup too old or corrupt

Printout from:
burverify -d
Burbackup in D:\ is either older than 14 days or corrupt or missing.
3.30
Old virus definitions

Printout from:
inocmd32 -sig
Virus definitions are older than 14 days.
3.31
NT4: lmhosts file does not match Remote Cache Name Table
Printouts from:
nbtstat c type C:\winnt\system32\drivers\etc\lmhosts
The entries in lmhosts file does not match the Remote Cache Name Table.
3.32
NT4: lmhosts file corrupt

Printout from:
type C:\winnt\system32\drivers\etc\lmhosts
The entries in lmhosts file does not follow standard layout.
190 89 - CXC 137 1124/4 R5C
2007-03-08
Page 23 of 24
3.33
Ping test between nodes failed

Printouts from:
ping <A-node public address> ping <B-node public address>
If a timeout is received, warning is given that public interfaces might have communication problems.
3.34
CP users and AP user groups not associated

Printout from:
cuals
There are no entries in the CP User Association List.
3.35
AD-devices have queued printouts

Printout from:
cpdlist -l
Listed AD-devices have queued printouts.
3.36
RELFSW0 is not newest in stack

Printout from:
mml SYBFP:FILE;
CP reload file RELFSW0 is not the newest file in the reload stack.
3.37
Too few CP reload files

Printout from:
mml SYBFP:FILE;
There are fewer CP reload files than the minimum recommendation.
3.38
CP reload file missing

Printout from:
mml SYBFP:FILE;
At least one CP reload file is not defined.
3.39
CP middleware does not match RELFSW0

Printouts from:
mml LAMIP; bupidls
Running CP middleware doesnt correspond to identity in RELFSW0.
190 89 - CXC 137 1124/4 R5C
2007-03-08
Page 24 of 24
3.40
DHCP Server client types faulty

Printout from:
type C:\temp\dhcptmp.log | find "AllowedClientTypes"
The client types for the DHCP Server are not default.
3.41
DHCP Server broadcast flag faulty

Printout from:
type C:\temp\dhcptmp.log | find "IgnoreBroadcastFlag" (only on NT) REG QUERY HKLM\SYSTEM\CurrentControlSet\Services\DHCPServer\Parameters
(only on WinS03) The broadcast flag is incorrectly set with regards to APZ version.
3.42
User- or Core memory dumps found

Printouts from:
dir /s C:\user.dmp dir F:\ dir /s F:\ACS\logs
There exist user- or core memory dumps on the AP.
3.43
Max size of one or more event logs is faulty

Printouts from:
type type type wmic Appl.txt | Syst.txt | Secu.txt | NTEVENTLOG find find find LIST "MaxSize" && del Appl.txt (only "MaxSize" && del Syst.txt (only "MaxSize" && del Secu.txt (only /FORMAT:LIST (only on WinS03)
on NT) on NT) on NT)
The set maximum size of one or more event logs differs from the default value.

Alan

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Alan

Uploaded by

Copyright:

Available Formats

190 89 - CXC 137 1124/4 R5C

ALAN - AP Audit Script Log Analysis

190 89 - CXC 137 1124/4 R5C

190 89 - CXC 137 1124/4 R5C

190 89 - CXC 137 1124/4 R5C

or, in case of OSU (upgrade to WinS03):

All other error- and warning printouts are unreliable.

Not enough rights to run Audit script

190 89 - CXC 137 1124/4 R5C

Node names include illegal characters

Node names are 15 characters or longer

Cluster node names faulty

Lists cluster nodes that have names lower case.

Differences between A-nodes and B-nodes swrprint

Analysis and also comparison between the nodes is made if applicable.

Repair fix R1.1 incorrectly installed

Security patch S2.4 incorrectly installed

Checks if S2.4 has been correctly installed.

No shutdown detected after R1.1 installation

190 89 - CXC 137 1124/4 R5C

Incorrectly installed applications

Any file called *.*.1 found is listed.

Non-default user profile in Pragma Telnet server found

System variable COMPUTERNAME is faulty

System variable COMPUTERNAME is either not set or differs from hostname.

Italian keyboard layout used

Empty User variable Path

NT4: Backup.FTS is missing

190 89 - CXC 137 1124/4 R5C

Directories that should be files

Legal notice is displayed at logon

AP alarm list not empty

Notification if one or more alarms are listed in the AP alarm list.

AP maintenance data not normal

One or more IPN-links are not in normal state.

AM firmware version is too low

Watchdog is not enabled

AM boards communication not normal

The AM-board cannot communicate properly with the other node.

190 89 - CXC 137 1124/4 R5C

An account other than built-in Administrator is called Administrator

Checks that no account other than built-in Administrator is called Administrator.

User is member of Guests or Domain Guests

Expiry date is set on user account

RAID firmware is too old

Firmware in RAID controller is older than FT06.

Mismatch in RAID firmware between nodes

Firmware in RAID controller differs in A-node and B-node.

Cluster support not enabled in RAID

RAID controller has not cluster support enabled.

190 89 - CXC 137 1124/4 R5C

Mirrored disks not redundant

At least one of the data disks is not optimal.

NT4: IIS database enum metadata is corrupt

The metadata is corrupt.

FTP Server root directory in wrong folder

The root directory of Default FTP Site is not placed in C:\Inetsrv\ftproot.

FTP Server virtual directory incorrectly defined

Virtual directory mapped towards a network address.

FTP Server virtual directories differ between nodes

The virtual directories differ between A-node and B-node.

Anonymous FTP access incorrectly set

190 89 - CXC 137 1124/4 R5C

FTP logging is incorrectly set

Any file called ..1 found is listed.