lørdag 1. desember 2012

AD: Install a 2008 R2 Replica DC using IFM

If you have ever tried to install a replica domain controller that has to replicate over a slow network path like WAN, you may have had problems doing so ending up with an error. The solution may be to use Installation Media (IFM) instead of Replicating over network. Here is what you would do:

Install your new destination server and make it a member of your domain. Lets assume that you named it dcwansite. Now create a folder on this server called c:\ifm. Make sure you can reach this folder from one of your existing domain controllers by using the administrative share c$ (\\dcwansite\c$\ifm).

For the sake of verification (not mandatory), install the Total Files Received DFS Replication performance counter on your destination server. This you do by using Server Manager > Diagnostics > Performance > Data Collector Sets > right-click User Defined > New > Data Collector Set > Type a name and click Next > Basic and click Next > Type location and click Next > Start this data collector set now > Finish > click the new data collector set > Performance Counter > Properties > Add > double-click DFS Replicated Folders > Total Files Received > SYSVOL Share {C116FC7E-1CE1-4F62-A63F-210204C47BA6} > Add > click OK twice.

Before promoting any new server to a domain controller I strongly recommend to run Active Directory Health Check tests. Log on to an existing domain controller and run the following from Command Prompt by using Run as Administrator (it can take some time to run):
DCDIAG /e /v /c /ferr:dcdiagerror.txt /f:dcdiag.txt
DCDIAG /e /v /test:DNS /DnsAll /f:dcdiagdns.txt

When done open up the dcdiag logs and fix the problems that you find.

Other usefull tests include:
NSLOOKUP to verify that all replication partners can be resolved.
REPADMIN to verify replication (/showrepl)
NETDIAG to verify network connectivity (/v /fix)
NETDOM to verify domain trusts (query /verify)

For the destination server I would recommend verifying network connectivity (NETDIAG), and also DCDIAG with the tests RegisterInDns and DcPromo like this:
dcdiag /test:RegisterInDns /DnsDomain:your.domain 
dcdiag /test:DcPromo /DnsDomain:your.domain /ReplicaDC

To verify how many files of the SYSVOL folder will be replicated from a partner domain controller use Performance Monitor and look at Total Files Received. To do this open up the report by using Server Manager > Diagnostics > Performance > Reports > User Defined > double-click the name of the data collector set > double-click the report that corresponds to the time that you ran Performance Monitor > View > Performance Monitor > Change graph type pull-down menu > Report > Right-click the new data collector set > Start.

Now, log on to an existing domain controller (don't use a read-only domain controller). Start Command Prompt by using Run as Administrator and type as follows:

md c:\ifm
ntdsutil: activate instance ntds
ntdsutil: ifm
ifm: create sysvol full c:\ifm
ifm: quit
ndtsutil: quit
robocopy c:\ifm \\dcwansite\c$\ifm /E /COPYALL /LOG:c:\robolog.txt

Next, when all the files have been copied (make shure to check the log and verify that all files was copied), log on to the destination server.

Open up the folder c:\ifm where you copied the media, open up properties of the SYSVOL folder > Security > Advanced > Auditing > Edit > uncheck "Include inheritable auditing entries from this objects parent" > OK.

Then open up Command Prompt by using Run as Administrator and type:
dcpromo /adv

Follow the wizard to add this server as "Additional Domain controller for an existing domain" and then choose Install from Media and point it to c:\ifm.

After installation, check the Performance Monitor report.

torsdag 29. november 2012

OpsMgr: Monitor Orchestrator Runbooks

Would you like to have Operations Manager monitor your Orchestrator Runbooks?

Then Infront Consulting Group comes to the rescue. They have developed a free Management Pack for this purpose, but you have to register.

When you have made the request they will send you an e-mail with the installer and a guide in addition to the Management Pack targeted to the Management Group you specified in the request form. Therefore you have to make a request for each Management Group you would like to use it with.

The provided Guide I received did not clarify the installation process. When using the installer you only specify installation folder. So clearly it do not install the Management Pack. Instead it installs a program that can decrypt and import the Management Pack into your OpsMgr enviroment. So, what you have to do is to open the installation folder (usually C:\Program Files (x86)\System Center Management Packs\Infront Consulting Group Orchestrator Management Pack), and start the InfrontEncryptedLoader.exe program. Then you specify Server Name, OpsMgr version and browse to find the encrypted Management Pack that you received with the installer. When you press Import the program does the rest.

After this you open up OpsMgr Console and create a Run As Account. The account must have administrator privileges to the Orchestrator management server. Then you link this Account to the Run As Profile "SC Orchestrator Web Service Access".

The last step is to enable discovery of the Runbooks. You do this by selecting Authoring > Management Pack Objects > Object Discoveries > Scope > SC Orchestrator Web Service Server > Right Click SC Orchestrator Web Service Server Discovery > Overrides > Override the Object Discovery > For a specific object of class: Windows Server Operating System > Select Your Orchestrator Web Service server > Set Enabled to True.

Now Operations Manager will start to monitor your Runbooks.

torsdag 11. oktober 2012

OpsMgr: Limit Views for a group of users

In OpsMgr 2012 go to Administration > Security > Right Click User Roles > New User Role:
  1. Choose a profile, e.g. Operator
  2. Type a User role name, e.g. Exchange Server Operators
  3. Add users or user groups under User role members
  4. Limit Group Scope, e.g. check all that apply to Exchange
  5. Limit Tasks if needed.
  6. Limit Dashboards and Views. First select "Only the dashboards and views selected in each tab are approved" and then check what ever you want, e.g. Microsoft Exchange Server
If you later create a new View or Dashboard and you want this group of users to see it, you must update the user role to include it after it is created.

torsdag 20. september 2012

DPM: Tape Detailed Inventory

If you backup to tape and the tape detailed inventory job starts at the same time, it will probably fail. This is because the tape is in the tape drive. Therefore make shure the inventory job runs when no tape backup is running. To change when inventory runs you can use DPM Management Shell and type this command:
Set-MaintenanceJobStartTime -DPMServerName "srv-dpm-1" -MaintenanceJob LibraryInventory -StartTime 19:00

mandag 10. september 2012

Install OS to a Virtual Disk

In this example I have Windows 8 Enterprise installed. I will install Windows Server 2012 as a secondary OS. But I will use a virtual disk. This is how I did it:

PS! You must have Enterprise or Ultimate edition of Windows 7 or 8 for this to work (license issue).
  1. First I boot up with a Windows Server 2012 installation media.
  2. At Language prompt I press SHIFT+F10.
  3. Then I type: DISKPART
  4. To find my disks I type: LIST VOL
  5. I find that my C: drive (when in Windows 8) is listed as D: drive.
  6. To create a new virtual disk on D: with initial small size and max size 40GB I type:
    CREATE VDISK FILE=D:\Win2k8R2.vhd MAXIMUM=40000 TYPE=expandable
  7. I then select this disk and create a primary partition by typing:
    SELECT VDISK FILE=D:\Win2k8R2.vhd
  8. Now I verify my work by typing: LIST VOL
  9. Then I type EXIT two times and continue installing Windows Server 2012. I choose the new disk as installation target.

onsdag 5. september 2012

Activate Windows 8 Pro/Enterprise without KMS

So you installed Windows 8 Pro/Enterprise and signed in with a windows live account. Eager to customize your account you find that you can’t, Windows must be activated first. But how? The activation page offer no option to input the activation key.

This is because the Pro and Enterprise versions are for business use, it’s assumed that you are going to use KMS. So, if you don’t have that, use the the run dialog box, and type:
slui 3
You will then see the Activation wizard, and a product key can be entered.

lørdag 1. september 2012

Exchange 2010: Speed up large migration

By default Exchange 2010 CAS servers limits active moves like this:
MaxActiveMovesPerSourceMDB = 5
MaxActiveMovesPerTargetMDB = 2
MaxActiveMovesPerSourceServer = 50
MaxActiveMovesPerTargetServer = 5
MaxTotalMovesPerMRS = 100
This will allow 5 concurrent moves from the source database, 2 concurrent moves to the target database, 50 per sources server, 5 per target server and 100 per CAS server. If you use high-end disk with plenty of IOPS, you can change the settings gradually up to something like this (be aware of your hardware limitations):
MaxActiveMovesPerSourceMDB = 15
MaxActiveMovesPerTargetMDB = 15
MaxActiveMovesPerSourceServer = 50
MaxActiveMovesPerTargetServer = 40
MaxTotalMovesPerMRS = 250
This will require a restart of the MRS service on the CAS server(s). You can edit these settings in the file MSExchangeMailboxReplication.exe.config, wich would normally exist on the CAS server in C:\Program Files\Microsoft\Exchange Server\V14\Bin\. For more details read this TechNet article.

DPM: Sharepoint Protection

To protect a SharePoint farm, install DPM agent on your front-end Web server(s) and on your back-end SQL server(s). Then enable SharePoint VSS by running ConfigureSharePoint -EnableSharePointProtection on your front-end Web server(s). Read more...

onsdag 29. august 2012

How to size the Windows paging file

Much can be said, but the simple rule is: check the peak commit charge under actual load and determine the proper pagefile that way. If you would like som expert advice in more detail read this Microsoft KB and also Mark Russinovich's Blog. Here is a quote from his blog:
To optimally size your paging file you should start all the applications you run at the same time, load typical data sets, and then note the commit charge peak (or look at this value after a period of time where you know maximum load was attained). Set the paging file minimum to be that value minus the amount of RAM in your system (if the value is negative, pick a minimum size to permit the kind of crash dump you are configured for). If you want to have some breathing room for potentially large commit demands, set the maximum to double that number.
You can use Process Explorer to find Peak Commit Charge.

DPM: SAN without hardware VSS provider

Enable per node serialization. This is done by adjusting this registry key:
HKLM\Software\Microsoft\Microsoft Data Protection Manager\2.0\Configuration\MaxAllowedParallelBackups

Simply change the DWORD value Microsoft Hyper-V from the default of 3 to 1. To finish off restart DPM server and modify Protection Groups for virtual servers.

For more detailed description, read this technet article and this.