Monthly Archives: March 2014
This article gives the steps to move the Windows Software Update Service server database (SUSDB) from on database server to another.
Steps Stop IIS and WSUS services on WSUS server net stop W3SVC && net stop wuauserv && net stop WsusServiceDetach SUSDB from current location Copy files to new database server Attach SUSDB database on new SQL server Add <domain>\<wsus server hostname> SQL account if missing Edit registry on WSUS server to point to new SQL server HKLM\SOFTWARE\Microsoft\UpdateServices\Server\Setup\SqlServerNameStart WSUS services net start W3SVC && net start wuauserv && net start WsusServiceTest.
In this article I will outline how to migrate WSUS 3.0 to a new server using a local SQL Express instance and without downloading all of the updates again.
If you want to capture a network trace of a server without installing Wireshark or Netmon ,use command tool netsh trace
Note: This feature works on Windows 7/2008 R2 and above.
C:\>netsh trace start /?
start Starts tracing.
Usage: trace start [[scenario=]<scenario1,scenario2>] [[globalKeywords=]keywords] [[globalLevel=]level] [[capture=]yes|no] [[report=]yes|no] [[persistent=]yes|no] [[traceFile=]path\filename] [[maxSize=]filemaxsize] [[fileMode=]single|circular|append] [[overwrite=]yes|no] [[correlation=]yes|no|disabled] [capturefilters] [[provider=]providerIdOrName] [[keywords=]keywordMaskOrSet] [[level=]level] [[provider=]provider2IdOrName] [[keywords=]keyword2MaskOrSet] [[level=]level2] …
Defaults: capture=no (specifies whether packet capture is enabled in addition to trace events) report=no (specifies whether a complementing report will be generated along with the trace file) persistent=no (specifies whether the tracing session continues across reboots, and is on until netsh trace stop is issued) maxSize=250 MB (specifies the maximum trace file size, 0=no maximum) fileMode=circular overwrite=yes (specifies whether an existing trace output file will be overwritten) correlation=yes (specifies whether related events will be correlated and grouped together) traceFile=%LOCALAPPDATA%\Temp\NetTraces\NetTrace.etl (specifies location of the output file)
Provider keywords default to all and level to 255 unless otherwise specified.
netsh trace start scenario=InternetClient capture=yes
Starts tracing for the InternetClient scenario and dependent providers with packet capture enabled. Tracing will stop when the “netsh trace stop” command is issued or when the system reboots. Default location and name will be used for the output file. If an old file exists, it will be overwritten.
netsh trace start provider=microsoft-windows-wlan-autoconfig keywords=state,ut:authentication
Starts tracing for the microsoft-windows-wlan-autoconfig provider Tracing will stop when the “netsh trace stop” command is issued or when the system reboots. Default location and name will be used for the output file. If an old file exists, it will be overwritten. Only events with keyword ‘state’ or ‘ut:authentication’ will be logged.
netsh trace show provider command can be used to display supported keywords and levels.
Capture Filters: Capture filters are only supported when capture is explicitly enabled with capture=yes. Use ‘netsh trace show CaptureFilterHelp’ to display a list of supported capture filters and their usage.
After it copied to a system which is installed netmon is more appropriate to view the data.*.etl as a file to open as if it was an .cap file from a traditional trace.
go to the tools > options tab so that you can tell netmon which parsers to use to convert the trace
Choose the Windows parsers and dont forget to click “set as active” before you click OK or nothing will happen. The output is ready for analyse
In IE9 F12 developer tools have added a new Network tab to analyze network traffic to capture and analyze data about network traffic save the captured data, search for specific elements.