Error message when you try to log on to a Windows Server 2000 - based terminal server

Last week, I installed and run spybot on a Windows 2000 terminal server, and also some windows updates (NB; For some reason or another, but not known to me, this server has never had any windows and antivirus updates for some time, and it was showing signs of infections), after a restart over the weekend due to the updates, Users this morning started reporting failure to log on to the terminal server with this error:

"Windows cannot log you because the profile cannot be loaded. Please contact your network Administrator (in this case me), insuficiet system resources exists to complete the requested service"

Now, I half expected this or atleast some problems to surface after the maintenance work I did on the server.

However, it did take me a good 30 minutes to sort this one out, microsoft knowledge base, suggested two things, first increasing the maximum registry value (Control Panel -> system -> advanced -> perfomance options -> Change

Secondly tweaking the registry.

1. click start -> run -> type regedit and hit Enter.
2. Locate and click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
3. On the Edit menu, point to New and then click DWORD value
4. In the New Value #1 box, type PoolUsageMaximum, and then pres ENTER.
5. Right-click PoolUsageMaximum, and then click Modify
   
6. In the value data box, type 60, click Decimal, and then click ok
7. if the PagedPoolSize registry entry exists, go to step 8. If the PagePoolSize registry entry does not exist, create it. ( Edit Menu -> New -> DWORD Value -> type PagedPoolSize in the New Value #1 box, and press Enter.)
8. Right-click PagedPoolSize, and thn click OK
9. Exit Registry Editor, and then restart the computer.

Everybody, is working fine now and the phones have gone queit

Trouble Shooting WSUS problems - Clients not populating in WSUS Admin Console

I have had to install WSUS twice on my server due to conflicts with SEPM, the first install WSUS was configured to use Port 80, and I used the Default Domain Policy to direct Client Computers to it.

when i was reinstalling the WSUS to use port 8530, i created a policy called WSUS on the DC, that would control clients automatic Update configuration. unforunately only 4 out of over 120 PC's only reported to the WSUS.

Doing Start ->Run, then rsop.msc on one of the failing machines showed Group Policy was not being applied correctly, i realised that the Default domain Policy was still having the old settings of my first WSUS configuration i.e. the intranet update server was showing http://servename instead of http://servername:8530.

Cleaning out the Default Domain Policy of all windows Updates setting and allowing the WSUS policy that had the right settings did the trick, all my computers populated and reported to the WSUS Console within hours.

Setting Up a WSUS Server along with SEPM

Recently i installed WSUS on a server running Symantec endpoint protection Manager using default settings, and i didn't know that this is not recommended until my SEPM stopped working correctly..

The problem is both WSUS and SEPM create a virtual directory in IIS called content, and whichever was installed first will stop working, normally it's recommended to install WSUS on Port 8530 on a server where sharepoint or SEPM is already installed.

So basically I had to unistall the WSUS, sort out my SEPM, and re-installed my WSUS to use port 8530 and it's own virtual content directory and update the group policy to point to http://servername:8530.

After this I had WSUS and SEPM working in harmony.

Issues with Symantec Endpoint Protection Manager not updating Win32 Clients

For the last three weeks I have struggled to get my SEPM to update win32 clients, what was happening is, only the 64 bit machines running Windows 2008 server were the only machines getting updates from the management server, this was surprising indeed as the SEPM has been functioning without any problems until this point.

Trying to trouble shoot the problem, i started with the usual, reviewing the changes that have taken place between then (meaning when updates were running) and now. I had installed a WSUS server on the same server as my SEPM, so i tried unistalling the WSUS and followed step by step instructions from symantec on how to recover from this situation. all in all, this did not work, it was a desperate situation for me as all my Windows XP and Vista machine ere not updating so I had to allow manual updates.

Yesterday while I was on google, i found a post of almost the same issue with SEPM, so itried the solution and suddenly I had all my client PC's updating.

Briefly this is how i fixed this,

• Log on to ftp://ftp.symantec.com/AVDEFS/symantec_antivirus_corp/jdb/ and download the latest definitions (NB: they will have .jdb extension).
• copy the downloaded Defn to "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\content\Incoming" (this is on the SEPM server)
• In a period of 30 seconds to a minute the .jdb will be processed and all files and subfolders will be processed

to verify that the SEPM has been updated, open "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content\{C60DC234-65F9-4674-94AE-62158EFCA433}" you should see a folder or folders with the ymmddxxx naming convention, look for the current folder , inside it should have a folder named full and a zip file named full as well.

This cleared whatever was blocking my liveupdate, now it's working just fine.