Logic would suggest that once a DC knows it is the only DC in the Forest that it would shake off the USN Rollback blues and start humming away normally again.  Not the case unfortunately.

Rob P recently spent some time and effort with Microsoft support and came up with a solution that can be applied.

!!!Warning!!! !!!Warning!!! !!!Warning!!!

I’m not 100% sure why I’m warning you, but I’ll take Rob’s word on the matter.  Apparently this fix is quite dangerous and not for the faint of heart.  My heart is not the least bit faint, particularly when it comes to my VMWare test environment, so I didn’t mind testing this out.  At the very least you should make sure you have a backup of the server you can go back to if this doesn’t work.

To get a single domain controller out of USN Rollback:

1. Open Regedit
2. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
3. Locate the key “Dsa Not Writable”=dword:00000004
4. Delete the entire key
5. Enable replication by running repadmin /options servername -DISABLE_OUTBOUND_REPL and repadmin /options servername -DISABLE_INBOUND_REPL
6. Reboot

Once your domain controller has rebooted you should find that NetLogon is running again and repadmin /options no longer shows replication as being disabled.

I performed this test on a Windows Server 2003 R2 domain controller and I imagine it works fine on Small Business Server 2003 as well.

Related posts:

• Event ID 2095 and The USN Rollback Adventure
• Exchange 2010 Hub Transport Server Backup and Recovery
• Improved Database Integrity Checking in Exchange Server 2010 SP1
• Exchange 2010 Edge Transport Server Backup and Recovery
• Exchange 2010 Setup Error – The Exchange Server is in an Inconsistent State

This article Recovering a single Domain Controller from a USN Rollback is © 2008 ExchangeServerPro.com

Get more Exchange Server tips at ExchangeServerPro.com

1. Open Windows Explorer and navigate through the folder tree in the left pane (eg, navigate to C:\Temp)

2. Drag and select one or more files or folders in the right pane that you would like to delete

3. Hit delete

Windows Vista wants to delete the Temp folder that you had last selected in the left pane, not the files or folders you just selected in the right pane.  Windows XP or Server 2003 would delete the files you had selected in the right pane.

This feature was stinging me about once a week when I first started using Vista.  Now it catches me out far less often, but it is still very annoying when it does.  Even more annoying is if you are being reckless and hit Yes (the default answer) without really reading the dialog, or are using Shift + Del to bypass the Recycle Bin, or are deleting files from a network drive (when Recycle Bin does not come into play).

Its a very annoying feature, but luckily it won’t be a problem for me any longer.

Related posts:

• Recovering a single Domain Controller from a USN Rollback
• How and why I stopped using Windows Vista
• Security Spin Cycles
• Huge Microsoft Piracy Bust!
• Vista Laptop Keeps Beeping!

This article The most annoying feature of Windows Vista is © 2007 ExchangeServerPro.com

Get more Exchange Server tips at ExchangeServerPro.com

Jeff posts quarterly statistics on his blog that show how many vulnerabilities have been patched for various operating systems.  The LXer.com post takes one of his reports and uses it to demonstrate that Linux is more secure than Windows because Linux vendors fix more security vulnerabilities.

A Microsoft vulnerability report suggests that Microsoft wasn’t able to fix more Windows flaws than the number of open software flaws fixed by the major open source companies . Red Hat, having forty times less employees than Microsoft, did the best job, by fixing and closing the most security bugs, also closing even minor bugs – where Microsoft didn’t even fix one minor bug in the same period. Even Apple did a better job than Microsoft by fixing lots of flaws in Mac OS X.

Jeff found this to be a little amusing.

Seriously, I loved this post, it made me laugh out loud!  Fixing more security vulnerabilities is apparently a good thing in the world of Red Hat Truth.

Well, for those who actively support that theory, I have some fantastic news for them!  According to my calculations, in July 2007, the Red Hat Enterprise Linux 4 team fixed their 1000th unique security vulnerability.  Now, 164 of these were Low severity and 479 were Medium severity, but still, that is a ton of work accomplished by that team, especially given that the product only shipped in February of 2005.

To put that in context, (again by my calculations) Microsoft has fixed only 649 security vulnerabilities for all supported products across the company since the year 2000.

I’m not sure what to think.  Jeff is quite clear on how his reports are generated.  Linux supporters used to tell me that fewer vulnerabilities meant a product was more secure.  Now Linux supporters want to say that more vulnerabilities means the product is more secure, or as one comment on LXer.com puts it:

You spin the data by saying “we fixed the most bugs, leaving the fewest bugs in the new code, therefore we are the best.”

Round and round we go.

Related posts:

• How to Configure a Relay Connector for Exchange Server 2010
• Causes of MapiExceptionNotAuthorized Error Sending to Public Folders
• GFI LANGuard Tutorial
• Bruce Schneier on Certificate Authorities
• Well-designed security systems fail gracefully, SonicWALL does not

This article Security Spin Cycles is © 2007 ExchangeServerPro.com

Get more Exchange Server tips at ExchangeServerPro.com