#StackBounty: #windows #windows-server-2008 #active-directory #windows-server-2008-r2 Multiple domain controller and SQL Login Failed w…

Bounty: 100

I have a domain test.local with 4 domain controller.

I have a SQL Server, sometime when rebooting one of my domain controller I got these error :

Description: SSIS Error Code DTS_E_OLEDBERROR. An OLE DB error has
occurred. Error code: 0x80004005.
An OLE DB record is available. Source: “Microsoft SQL Server Native Client 11.0” Hresult: 0x80004005 Description: “Login failed.
The login is from an untrusted domain and cannot be used with Windows
authentication.”.

Why authentication is not done on the other 3 DC? Normally there is load balancing when there are multiple domain controllers.

Thanks for your help


Get this bounty!!!

#StackBounty: #windows-server-2008-r2 #ntfs #disk-volume What are $Extend$Deleted file system entries and how do I get rid of them?

Bounty: 50

I’d like to shrink an NTFS data partition on one of my servers. Unfortunately, it has an “unmovable file” located at an inconvenient position.

Here is the relevant event log entry:

A volume shrink analysis was initiated on volume Daten (C:Daten). This event log entry details information about the last unmovable file that could limit the maximum number of reclaimable bytes.

Diagnostic details:
– The last unmovable file appears to be:
$Extend$Deleted:$I30:$INDEX_ALLOCATION
– The last cluster of the file is: 0x1138f943
– Shrink potential target (LCN address): 0x18a51d6
– The NTFS file flags are: —-I
– Shrink phase: <analysis>

To find more details about this file please use the “fsutil volume querycluster \?Volume{4ad80633-d2d5-415e-97b4-9ad5f648bb0c} 0x1138f943” command.

The command mentioned at the bottom of the event log entry does not yield any useful additional information:

C:> fsutil volume querycluster \?Volume{4ad80633-d2d5-415e-97b4-9ad5f648bb0c} 0x1138f943
Cluster 0x000000001138f943 used by ----I $Extend$Deleted:$I30:$INDEX_ALLOCATION

(Note (note sure if it’s relevant): The last thing I did on the drive was to delete all shadow copies.)

I am aware that $Extend is not a “regular” folder but some kind of NTFS system file. Thus, my question:

What is this $Extend$Deleted file system entry and how do I get rid of it? (Or, at least, get rid of its “unmovability” so that I can shrink my volume…)


Get this bounty!!!

#StackBounty: #windows-server-2008-r2 #ntfs #disk-volume What are $Extend$Deleted file system entries and how do I get rid of them?

Bounty: 50

I’d like to shrink an NTFS data partition on one of my servers. Unfortunately, it has an “unmovable file” located at an inconvenient position.

Here is the relevant event log entry:

A volume shrink analysis was initiated on volume Daten (C:Daten). This event log entry details information about the last unmovable file that could limit the maximum number of reclaimable bytes.

Diagnostic details:
– The last unmovable file appears to be:
$Extend$Deleted:$I30:$INDEX_ALLOCATION
– The last cluster of the file is: 0x1138f943
– Shrink potential target (LCN address): 0x18a51d6
– The NTFS file flags are: —-I
– Shrink phase: <analysis>

To find more details about this file please use the “fsutil volume querycluster \?Volume{4ad80633-d2d5-415e-97b4-9ad5f648bb0c} 0x1138f943” command.

The command mentioned at the bottom of the event log entry does not yield any useful additional information:

C:> fsutil volume querycluster \?Volume{4ad80633-d2d5-415e-97b4-9ad5f648bb0c} 0x1138f943
Cluster 0x000000001138f943 used by ----I $Extend$Deleted:$I30:$INDEX_ALLOCATION

(Note (note sure if it’s relevant): The last thing I did on the drive was to delete all shadow copies.)

I am aware that $Extend is not a “regular” folder but some kind of NTFS system file. Thus, my question:

What is this $Extend$Deleted file system entry and how do I get rid of it? (Or, at least, get rid of its “unmovability” so that I can shrink my volume…)


Get this bounty!!!

#StackBounty: #windows-server-2008-r2 #ntfs #disk-volume What are $Extend$Deleted file system entries and how do I get rid of them?

Bounty: 50

I’d like to shrink an NTFS data partition on one of my servers. Unfortunately, it has an “unmovable file” located at an inconvenient position.

Here is the relevant event log entry:

A volume shrink analysis was initiated on volume Daten (C:Daten). This event log entry details information about the last unmovable file that could limit the maximum number of reclaimable bytes.

Diagnostic details:
– The last unmovable file appears to be:
$Extend$Deleted:$I30:$INDEX_ALLOCATION
– The last cluster of the file is: 0x1138f943
– Shrink potential target (LCN address): 0x18a51d6
– The NTFS file flags are: —-I
– Shrink phase: <analysis>

To find more details about this file please use the “fsutil volume querycluster \?Volume{4ad80633-d2d5-415e-97b4-9ad5f648bb0c} 0x1138f943” command.

The command mentioned at the bottom of the event log entry does not yield any useful additional information:

C:> fsutil volume querycluster \?Volume{4ad80633-d2d5-415e-97b4-9ad5f648bb0c} 0x1138f943
Cluster 0x000000001138f943 used by ----I $Extend$Deleted:$I30:$INDEX_ALLOCATION

(Note (note sure if it’s relevant): The last thing I did on the drive was to delete all shadow copies.)

I am aware that $Extend is not a “regular” folder but some kind of NTFS system file. Thus, my question:

What is this $Extend$Deleted file system entry and how do I get rid of it? (Or, at least, get rid of its “unmovability” so that I can shrink my volume…)


Get this bounty!!!

#StackBounty: #windows-server-2008-r2 #ntfs #disk-volume What are $Extend$Deleted file system entries and how do I get rid of them?

Bounty: 50

I’d like to shrink an NTFS data partition on one of my servers. Unfortunately, it has an “unmovable file” located at an inconvenient position.

Here is the relevant event log entry:

A volume shrink analysis was initiated on volume Daten (C:Daten). This event log entry details information about the last unmovable file that could limit the maximum number of reclaimable bytes.

Diagnostic details:
– The last unmovable file appears to be:
$Extend$Deleted:$I30:$INDEX_ALLOCATION
– The last cluster of the file is: 0x1138f943
– Shrink potential target (LCN address): 0x18a51d6
– The NTFS file flags are: —-I
– Shrink phase: <analysis>

To find more details about this file please use the “fsutil volume querycluster \?Volume{4ad80633-d2d5-415e-97b4-9ad5f648bb0c} 0x1138f943” command.

The command mentioned at the bottom of the event log entry does not yield any useful additional information:

C:> fsutil volume querycluster \?Volume{4ad80633-d2d5-415e-97b4-9ad5f648bb0c} 0x1138f943
Cluster 0x000000001138f943 used by ----I $Extend$Deleted:$I30:$INDEX_ALLOCATION

(Note (note sure if it’s relevant): The last thing I did on the drive was to delete all shadow copies.)

I am aware that $Extend is not a “regular” folder but some kind of NTFS system file. Thus, my question:

What is this $Extend$Deleted file system entry and how do I get rid of it? (Or, at least, get rid of its “unmovability” so that I can shrink my volume…)


Get this bounty!!!

#StackBounty: #ssh #windows-server-2008-r2 #sftp SSH Connection was slow on windows server

Bounty: 50

I try to use OpenSSH to setup SFTP on Windows Server 2008R2.
It can be used but the connection was really slow. It takes around 4+ minutes to make a connection.

By the way, I use local window users for authentication with a password.

I also try to set UseDNS to No and also change to user only IPv4 but it makes no difference at all.

It’s also slow when I try this “ssh -vvv username@localhost” on the server itself.

from the logs, I found that it takes a long time after “preauth child monitor started” line.

Does anyone have any idea about this? Thank you very much for your help.

5528 2020-05-22 19:16:25.119 debug3: unable to load module api-ms-win-security-lsapolicy-l1-1-0.dll at run time, error: 193
5528 2020-05-22 19:16:25.119 debug3: unable to load module api-ms-win-security-lsapolicy-l1-1-0.dll at run time, error: 193
5528 2020-05-22 19:16:25.119 debug3: unable to load module api-ms-win-security-lsapolicy-l1-1-0.dll at run time, error: 193
5528 2020-05-22 19:16:25.166 debug3: unable to load module api-ms-win-security-lsapolicy-l1-1-0.dll at run time, error: 193
5528 2020-05-22 19:16:25.197 debug3: unable to load module api-ms-win-security-lsapolicy-l1-1-0.dll at run time, error: 193
5528 2020-05-22 19:16:25.197 debug3: spawning "C:\Program Files\OpenSSH-Win64\sshd.exe" -y
5528 2020-05-22 19:16:25.197 debug2: Network child is on pid 8040
5528 2020-05-22 19:16:25.213 debug3: send_rexec_state: entering fd = 6 config len 602
5528 2020-05-22 19:16:25.213 debug3: ssh_msg_send: type 0
5528 2020-05-22 19:16:25.213 debug3: send_rexec_state: done
5528 2020-05-22 19:16:25.213 debug3: ssh_msg_send: type 0
5528 2020-05-22 19:16:25.213 debug3: ssh_msg_send: type 0
5528 2020-05-22 19:16:25.213 debug3: preauth child monitor started
8040 2020-05-22 19:17:33.590 debug3: recv_idexch_state: entering fd = 3
8040 2020-05-22 19:17:33.590 debug3: ssh_msg_recv entering
8040 2020-05-22 19:17:33.590 debug3: recv_idexch_state: done
8040 2020-05-22 19:17:33.590 debug2: fd 5 setting O_NONBLOCK
5528 2020-05-22 19:17:33.590 debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
5528 2020-05-22 19:17:33.590 debug3: send packet: type 20 [preauth]
5528 2020-05-22 19:17:33.590 debug1: SSH2_MSG_KEXINIT sent [preauth]


Get this bounty!!!

#StackBounty: #active-directory #windows-server-2008-r2 #kerberos #spn setspn does not affect Active Directory Users

Bounty: 50

I run the setspn command for specific user on Domain Controller.

C:>setspn -s example/username.companyname.com username
Checking domain DC=companyname,DC=com

Registering ServiceprincipalNames for CN=username,CN=Users,DC=companyname,DC=com
        example/username.companyname.com
Updated object

And immediately can see result in console.

C:>setspn -L username
Registering ServiceprincipalNames for CN=username,CN=Users,DC=companyname,DC=com
        example/username.companyname.com

But it never affects this user in “Active Directory Users and Computers”.

His attribute “servicePrincipalName” is not set.

Maybe there is some kind of cache?


Get this bounty!!!