Windows Server

Some Windows Server 2008 R2 Failover Cluster Notes

Leave a comment
  • You should format you shared disks with NTFS before you form you cluster. If not the disks will not be eligible as witness disks. (NTFS is a requirement for a disk witness.) Do not assign a drive letter or mount point to your witness disk. (Disks used e.g. for a clustered file server needs a drive letter assigned. Do this through Failover Cluster Manager.)
  • If you want to run, say, a clustered file server, the corresponding role must be installed on the nodes of the cluster. This is true for all built-in roles.
    image
  • To be able to add a share to a clustered file server in Failover Cluster Manager; the Remote Volume Management firewall exception must be enabled on all nodes. To enable this exception from the command line:
    netsh advfirewall firewall set rule group=”Remote Volume Managmenet” new enable=yes
  • To move the default cluster group (called Cluster Group by default) with PowerShell:
    Move-ClusterGroup –Name “Cluster Group” –Node <name of destination node>
  • To see the owner of the default cluster group with PowerShell (the only way you can actually see that information, to my knowledge (except with cluster.exe, of course)):
    Get-ClusterGroup “Cluster Group”

Happy clustering!

Morgan

Windows

Getting volume data with PowerShell

2 Comments

It has always irritated me that I cannot export data from the disk management snap-in in Windows. Take this example from an Exchange server:

image

It would be very nice to be able to export this data to a CSV to create a quick storage report. Unfortunately you can’t. But with PowerShell you can!

This command will export the same data:

Get-WmiObject win32_volume | select Name,Label,@{Name=”Capacity (GB)”; Expression={“{0:N2}” –f ($_.capacity/1GB)}},@{Name=”Free Space (GB)”; Expression={“{0:N2}” -f ($_.freespace/1GB)}},@{Name=”Used Space (GB)”; Expression={“{0:N2}” -f ( ($_.capacity/1GB) – ($_.freespace/1GB) ) }} | ft –AutoSize

The result:

Name        Label        Capacity (GB) Free Space (GB) Used Space (GB)
—-        —–        ————- ————— —————
C:                      72,50         18,17           54,33
E:LogLUN1 ExchangeLogs 1 249,87      1 245,32        4,55
E:         Exchange     0,97          0,93            0,03
E:DBLUN1  DBLUN1       2 046,87      1 358,92        687,95
E:DBLUN2  DBLUN2       2 046,87      1 467,69        579,19
E:DBLUN3  DBLUN3       2 046,87      1 527,84        519,03
E:DBLUN4  DBLUN4       499,87        375,19          124,68

Of course, you can export this to CSV etc.

Windows Server

Enabling Windows Search on Windows Server 2008 R2

1 Comment

As with Windows Server 2008, Windows Search is included as part of the OS and can be installed through Server Manager or PowerShell. Unfortunately it is located in a not quite intuitive place…

To enable Windows Search on Windows Server 2008 R2 you must start the Add Roles wizard and then select File Services Role, on the Role Services page you will find Windows Search:

image

The Role Service File Server is selected by default, so if you only want Windows Search uncheck it.

To use PowerShell to install Windows Search run:

Add-WindowsFeature FS-Search-Service

(Remember to do ImportSystemModules first.)

Active Directory, Group Policy

Group Policy WMI filters

Leave a comment

WMI filters are useful to further filter Group Policy Objects (GPOs), beyond what is possible/convenient with groups.

Distinguish between x86 and x64 computers:

x86

Select AddressWidth from Win32_Processor where (AddressWidth=”32″)

x64

Select AddressWidth from Win32_Processor where (AddressWidth=”64″)

Determine Windows version:

Use this filter to determine the Windows version and role:

select * from Win32_OperatingSystem where Version like “6.%” and ProductType = “1”

  • The Version property returns values that begin with the following characters (the % symbol is a wildcard character that represents other characters that can follow, but do not help distinguish the version number):
    Windows Server 2008 R2 or Windows 7 6.1%
    Windows Server 2008 or Windows Vista 6.0%
    Windows Server 2003 5.2%
    Windows XP 5.1%
    Windows 2000 5.0%
  • The ProductType property returns the following values:
    Client versions of Windows 1
    Server versions of Windows that are operating as a domain controller 2
    Server versions of Windows that are not operating as a domain controller (typically referred to as member servers) 3

Determine computer type (laptop, desktop etc.)

NOTE: The PCSystemType property in only available on Windows Vista and later OSs.

SELECT * FROM Win32_ComputerSystem WHERE PCSystemType = 1

These are the possible values for PCSystemType:

Value Meaning
0 Unspecified
1 Desktop
2 Mobile
3 Workstation
4 Enterprise Server
5 Small Office and Home Office (SOHO) Server
6 Appliance PC
7 Performance Server
8 Maximum

(I’d really like a computer with type 8, please!)

Virtualization

Some Windows Virtual PC Notes

Leave a comment
  • Press the DEL key to enter the VM BIOS
  • If you can’t install the Virtual PC Integration Components on Windows XP and you get a 1603 error in the log file; delete the c:windowssystem32driverswdf01000.sys and retry the install.
  • Press SHIFT+ESC while the VM is starting to view the console instead of just the progress bar.
  • To mount a floppy image, use the scripts provided here: http://blogs.msdn.com/b/virtual_pc_guy/archive/2009/10/01/using-floppy-disks-with-windows-virtual-pc.aspx
  • Sysinternals’ Disk2Vhd is an excellent tool to P2V your machines into Windows Virtual PC. It even takes care of setting the correct HAL in the boot.ini file. Get it here: http://technet.microsoft.com/en-us/sysinternals/ee656415.aspx
    NOTE: The technique that Disk2Vhd uses will make it impossoble for you to install a Windows XP service pack. More info here: http://support.microsoft.com/kb/327101
  • If you need to run older OSs on Windows Virtual PC you can use the AV Additions from Virtual PC 2007. This will give you VM Additions support for Windows 2000 and DOS. Get the Virtual PC 2007 install file and extract it, then run an administrative install using msiexec.exe /a <path>. In the folder you specified you will find the ISO file with the VM Additions from Virtual PC 2007. Mount the file in your guest as you would any ISO file.
  • Microsoft has published a Windows Virtual PC Tips document: Windows Virtual PC Tips
  • The Windows Virtual PC blog can be found here: http://blogs.technet.com/b/windows_vpc/
  • The acronym RAIL means Remote Applications Installed Locally. RAIL technology is used to publish apps in the VM to the host.
  • The Windows Virtual PC Home page: http://www.microsoft.com/windows/virtual-pc/default.aspx
Exchange Server

Exchange Move Mailbox logon info

Leave a comment

Event IDs related to Mailbox moves

The Event source for Mailbox moves is Exchange Migration, and the events are logged in the Application log on the server where an administrator started the move. Meaning; where the admin was logged on and used the EMC or EMS to start the mailbox move. It would be nice to have all the mailbox move events gathered in one place, and that can be performed with Event collection.

Event ID Level  
1006 Information Indicates the start of a mailbox move
1022 Error Logon failure on database, caused by the mailbox move
9660 Warning User X failed to log on because their mailbox is in the process of being moved
9873 Information A named property has been created for database XX. Meaning the new mailbox has been created in the destination database.
1007 Information The mailbox was successfully moved.
9354 Information The mailbox is deleted from the source database
1154 Information Rule synchronization between old and new mailbox has completed successfully.
1205 Error Failed to create mailbox

Last logged on user

Whenever you move a mailbox in Exchange Server the LastLoggedOnUserAccount attribute of the mailbox is changed to the user running the mailbox move. This is confusing since that user does not need permission to log on to the mailbox to perform the move.

It can also present a problem if you are trying to figure out which users have yet to log on to their mailboxes after moving them between servers. Let’s say you run this command:

Get-MailboxStatistics | where { $_.LastLogonTime -eq $null }

This would show you which users have never logged on to their mailboxes. Whichever servers they originally were located on cannot be removed before they have logged on at least once and been redirected to their new mailbox servers. Unfortunately, since the user performing the mailbox move is added to the LastLoggedOnUserAccount this command will probably return no users.

Windows Server

SCVMM P2V and ISA Server 2006

Leave a comment

I recently upgraded my home network to Forefront Threat Management Gateway (TMG), retiring my old ISA Server 2006 server. I exported my ISA configuration and imported it into TMG, but to be on the safe side I decided to keep a copy of the server as a virtual machine. I used the P2V wizard in System Center Virtual Machine Manager (SCVMM) R2, but after I hit the Scan System button this error appeared:

VMM is unable to complete the request. The connection to the agent <ISA Server FQDN> was lost.

Ensure that the computer <ISA Server FQDN> exists on the network, WMI service and the agent are installed and running and that a firewall is not blocking HTTP and WMI traffic.

ID: 3157
Details: The RPC server is unavailable (0x800706BA)

Preparing to run the P2V wizard I had already created a new access rule allowing all traffic between the SCVMM and ISA Server computers, and disabled the Strict RPC compliance on the rule:

Apparently something was interfering with the RPC communication. Since my P2V rule was at the top of the Firewall Policy whatever was causing the problem had to be in the System Policy. I displayed the System Policy in the Firewall Editor and looked through each rule that specified RPC communication to the ISA Server. Turns out there was only one; the Microsoft Management Console (MMC) rule. To successfully perform a P2V of an ISA Server you need to disable the Strict RPC compliance setting. There was no way to do that in the MMC rule in the System Policy. Since all System Policy rules are processed before the Firewall Rules the MMC rule matched the RPC traffic and blocked parts of it necessary for P2V. I disabled the MMC rule, leaving only my P2V rule. Now the wizard worked correctly.

Windows Server

Windows Deployment Service Pre-Staging and GUIDs

Leave a comment
Windows Deployment Services (WDS) has the ability to search Active Directory for pre-staged computer accounts to use when deploying images. There are several benefits to this, e.g. you can choose to service only known clients that you have created and ignore others, and you don’t have to provide or generate computer names since the image is deployed with the name of the pre-staged account. The information used to match a pre-staged computer account with a PXE-booting client is one of three things; the MAC address of the NIC executing the PXE boot, the GUID of the system or the GUID of the NIC executing the PXE boot. The latter is most widely used and recommended by Microsoft, since it virtually guaranteed to be unique. The WDS server performs an LDAP query to find the account that matches the booting computer:
(&(objectCategory=<DN of Computer Schema object>)(|(netbootGUID=<GUID>)(netbootGUID=MAC)))
This filter ensures that a device will be found if it is pre-staged using either a computer GUID or a MAC address. The netbootGUID attribute on a pre-staged client is used to store the value of the physical computer’s GUID or the MAC address.
You enter the GUID in two ways; using the GUI and Active Directory Users and Computers (ADUC) or using the CLI and WDSUTIL.EXE. Regardless you need to pay attention to how you format the GUID, because GUIDs can be byte-swapped according to the endianism of the system that handles them. The GUI in ADUC hints at this if you enter an invalid value:
—————————
GUID Not Valid
—————————
The globally unique identifier (GUID) query you entered is not valid. Use one of the following formats to enter a GUID:

0123456789ABCDEFABCDEFABCDEFABCD or

{67452301-AB89-EFCD-ABCD-EFABCDEFABCD}    (Note byte reordering)
—————————
OK
—————————

In this message the first GUID is presented in what is known as binary octet string, the second representation is called just GUID string.
From the message you can work out how to convert between the two.
From Binary Octet string to GUID string (using the octet string in the message above):
  1. Each pair or characters is called an octet. Work with the GUID from left to right.
  2. Take the first 4 octets and reverse their order: 01234567 –> 67452301.
  3. Take the next 2 octets and reverse their order: 89AB –> AB89.
  4. Repeat for the next 2 octets: CDEF –> EFCD
  5. The rest of the octet string is identical for both formats so just add a hyphen: ABCDEFABCDEFABCD –> ABCD-EFABCDEFABCD
Reverse the process to convert from GUID string to binary octet string.
So how do you know which type you have? Sometimes the system will tell you; like ADUC’s Attribute Editor does:
Now, to confuse you completely, take a look at this from the ADUC Attribute Editor:
You have a value that is stored as an Octet String, but displayed in the list as GUID string! You have to double-click the value to see the REAL Octet String! Nice going!
Anyway, back to figuring out which way your GUID is displayed. If the system does not explicitly tell you which type its using I can give you this rule of thumb: GUID strings are usually displayed in braces (squiggly/sexy brackets) and with hyphens, or just with hyphens, while Binary octet string GUIDs are not. Keep in mind though; this might not always be the case. A perfect example of this is PXE boots, where the GUID that is displayed has hyphens, but is still an octet string GUID. All physical machines that I have observed have had octet string GUIDs in their PXE boot screens (see exception below for Hyper-V VMs).
If you want to pre-stage a computer account in Active Directory using this GUID you have to enter it without braces and hyphens:
This will cause ADUC to convert it to a GUID string, which is what the GUI always displays:
A very interesting exception to this is for Hyper-V VM PXE boots. For some strange reason, Microsoft decided that the GUID displayed during PXE boots in a Hyper-V VM is in GUID string format!
If you want to pre-stage a Hyper-V VM in Active Directory using this GUID you have to enter it with braces and with hyphens. This prevents ADUC from converting it, which it would do with a normal (octet string) GUID. So the braces probably mean ‘literal’ string or something.
Way to go Microsoft! 🙁
So to summarize:
  • PXE boot screens always display octet string GUIDs (except Hyper-V VMs)
  • Active Directory Users and Computers always displays the GUID in GUID string format.
  • Active Directory Users and Computers accepts both octet string GUIDs and GUID string GUIDs, but will always convert to GUID string when displaying.
More info:
Active Directory, Group Policy, Windows Server

Microsoft Security Essentials, Sysprep and Group Policy

3 Comments

In smaller deployments Microsoft Security Essentials (MSE) is a good, free alternative for anti-malware. If you decide to use MSE in your images, you will discover that sysprep resets the Out Of Box Experience (OOBE) settings for MSE. In other words; every user that logs on to a machine deployed from your image will see the MSE OOBE Wizard (Figure 1-2), until someone with Administrator privileges completes the wizard. Sometimes you might not want to expose your users to that. Fortunately for us, we can use Group Policy Preferences to bypass the OOBE wizard.

Steps to disable MSE OOBE with Group Policy Preferences:

  1. Create a new Group Policy Object (GPO) or use an existing one.
  2. Create a new Registry preference for computers (Figure 3).
  3. Update the key HKLMSOFTWAREMicrosoftMicrosoft Security EssentialsOOBE DWORD to 0.
  4. Update policy on the client.

The OOBE value has two (known) values:

  • 1: Yes, run OOBE please
  • 0: No thanks, OOBE has already run for this computer

Having shown you how to do this I would like to call attention to the following excerpt from the Microsoft Security Essentials EULA:

  1. INSTALLATION AND USE RIGHTS.
    1. Home Use. If you are a home user, then you may install and use any number of copies of the software on your personal devices for use by people who reside in your household. As a home user, you may not use the software in any commercial, non-profit, or revenue generating business activities.
    2. Small Business. If you operate a small business, then you may install and use the software on up to ten (10) devices in your business.
    3. Restrictions.
      1. The software may not be used on a device running an enterprise version of a Microsoft Windows operating system.
      2. The software may not be used on devices owned by government or academic institutions.
    4. Separation of Components. The components of the software are licensed as a single unit. You may not separate the components and install them on different devices.
    5. Included Microsoft Programs. The software may contain other Microsoft programs. The license terms with those programs apply to your use of them.
Windows

Identifying unknown devices in Device Manager

Leave a comment

Windows and Microsoft do a great job of providing drivers for hardware devices. A lot of drivers ship in the box with Windows and hundreds of thousands more are available online on the Windows Update site. Still you quite often end up with one or two unknown devices in Device Manager. When Windows Update or the Windows DVD cannot help you, you have to turn to the manufacturer of the computer or device. If the machine is a specific model you will probably find the drivers on the drivers page of that model. But if it’s a custom system or a system where hardware has been added or replaced you will have no help.

I recently discovered a website that was incredibly useful in discovering who made a particular device and which device it is. The site is PCIDatabase.com:

PCIDatabase.com offers a very simple and very useful search engine. You can use either vendor or device search:

So just find your unknown device in Device Manager and lookup its Hardware Ids. You find these on the Details tab of the device:

Highlight the value and press Control+C (right-clicking does not work here). Past the value into Notepad or some other text editor and copy just the numbers following VEN_. Past these numbers into PCIDatabase.com’s Vendor Search box. You will see a result like this:

So now you know who made your device. Repeat the process but this time select the numbers following DEV_:

So now you have identified you device and can start looking for a driver. I recommend going directly to the source, that is, the manufacturer of the device. Drives hosted by computer manufacturers are often hopelessly outdated. As you no doubt have noticed it is sufficient to search for the device ID, because that will return the vendor ID as well.

PS: Sometimes the manufacturer of a particular device will not let you download drivers for it from their site. You are instead forwarded to the manufacturer of you machine. This is done because sometimes computer manufacturers modify the hardware device to work a particular way. Using a generic driver in these cases can be problematic. That said I have yet to encounter a device that has been modified in such a way and have used generic drivers directly from the hardware manufacturers for all my devices.

Sometimes the device manufacturers even block you from installing their drives for devices that have been used by the machine manufacturers. The most common examples of this are GPU manufacturers. Both nVidia and ATI (AMD) will check to see if your GPU is one that has been OEMed by a computer manufacturer and prevent the generic nVidia and ATI drivers from installing for such a device. That is quite annoying, especially since the drivers work perfectly with the GPUs. To work around this you can use a custom inf file or a drives modder. The site LaptopVideo2Go provides custom inf files for nVidia drivers, for ATI you can use the MobilityModder application. I am sure there are mode sites and apps that do this, but these are the ones I have used.

Information wants to be free!