Month: July 2010

Failed to Mount Public Folder database after a lossy failover because the current setting for AutoDatabaseMountDial. You Must run Restore-StorageGroupCopy before you can mount the Database

The Error:
Failed to Mount Public Folder database after a lossy failover because the current setting for AutoDataseBaseMountDial. You Must run Restore-StorageGroupCopy before you can mount the Database
image 

Solution:
Restore-StorageGroupCopy won’t work because it is public folder database.

Setting a Vink by Do not Mount this Database at Startup.

image

En give the active clustered mailbox server a  reboot. Then Cluster service will show that the other node is going online. Then the public folder is back online. After every reboot you must start to check if the public folder online is?

Reviewing Least Privilege Security for Windows 7, Vista and XP

I was recently approached to do a book review on “Least Privilege Security for Windows 7,Vista and XP by Russell Smith” published by Packt Publishing. I will review it soon. It show you how to configure your Windows environment so that your users can operate without administrator permissions.

Here is a list of the just some of technologies that this book talks about to achieve a Least Privilege Security:

  • Program Compatibility Wizard
  • Applications Compatibility Wizard
  • User Account Control
  • Group Policy Software Deployment
  • Internet Explorer Add-on Management
  • Troubleshooting Remote Users
  • Configuring Windows Firewall
  • Software Restrictions Policies and AppLocker
  • Microsoft Deployment Toolkit
  • CD Burning
  • ActiveX Controls
  • Changing system time and time zones
  • Power Management
  • Managing networks
  • Standard Users Analyzer
  • Applications Compatibility Toolkit
  • Logon Scripts
  • Remote Desktop Services
  • App-V
  • Med-V

I have read already some chapters. I think it is a great book to have on your collection.
You have always not enough time thinking about security. This book does it for you.

As a special offer Packt Publishing are also letting people download preview chapter of this book by download here Chapter No. 3 – Solving Least privilege Problems with the Application Compatibility Toolkit

clip_image001

Show and move “hidden” Arbitration mailboxes in Exchange Server 2010

When you have a new installation of Exchange 2010 Server and you want to move all mailboxes, including all hidden Mailboxen (Arbitration) from the default database store to a database that you created. Here is how i did it.

When you try to delete the default database you will get this message:

clip_image001

The Database is not empty, even though it does look empty if you do a get-mailbox for the specific database:

get-mailbox -Database “Mailbox Database 1905367170”

clip_image003

There is a switch that you should use if you want to see all mailboxes, even the “hidden” Arbitration mailboxes:

get-mailbox -Database “Mailbox Database 1905367170” –Arbitration

This gives a different result.
clip_image005

As you can se the database is n’t as empty as we first thought. To move these mailboxes to the new database you can easily pipe the result of the get-mailbox command and create new move requests for all Arbitration mailboxes:

get-mailbox -Database “Mailbox Database 1905367170” -Arbitration | New-MoveRequest –TargetDatabase “MailboxDatabase1”

clip_image007

Source: msundis.wordpress.com

Enable Windows 7 Features through Group Policy

I love Windows 7. But there is one thing a hate about Windows 7.
There is no nice way to enable Windows 7 Features trough Group Policy.

So I created a small visual basis script that i used as a startup script.

It checks if adsnapins.txt exist in the program files files. If exsist do nothing if it don’t exsist enable the feature.

Windows7ADSnapIns.vbs

‘Installeerd Windows 7 AD Management Snapins.
’13-07-2010 Ward Vissers

Set fso = CreateObject("Scripting.FileSystemObject")

If Not (fso.FileExists("C:\Program Files\adsnapins.txt")) Then
    Dim Wsh
    Set wsh = CreateObject("WScript.Shell")
    wsh.run "dism /online /enable-feature /featurename:RemoteServerAdministrationTools", ,1
    wsh.run "dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles", ,1
    wsh.run "dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles-AD", ,1
    wsh.run "dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles-AD-DS", ,1
    wsh.run "dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles-AD-DS-SnapIns", ,1
    fso.CopyFile "\\ad.local\afs\install\Windows7Feature\adsnapins.txt", "C:\Program Files\adsnapins.txt"

End If

Set fso = Nothing

MDT 2010 Importing automatically the right driver

Microsoft Deployment Toolkit 2010 has some nice improvements to handle drivers. I will describe how I like to manage drivers in MDT 2010.

Some time I wrote i article about how to get the Name & Model from a computer. This is very important when you want to import only the right drivers automatically.

First we have to build the ‘Out-of-Box Drivers’ folder structure and import drivers. I have subdirectories for each architecture, brand and model.  This is what my folder tree looks like:

MDT 2010 - Out-of-Box Drivers

However, you can build your own structure, as long as you respect the proper model & brand (make) name of the vendors.

Build Out-of-Box Drivers tree

To build up the folder structure you have to know the model name of your hardware. To retrieve the proper computer name execute at powershell command prompt: ‘Get-WmiObject -Class win32_computersystemproduct | fl Name,Model,UUID,Identifyingnumber,Vendor’, to get the exact name WMI queries to determine the computer model. In my case the computer name is “Latitude D830”.

Now that we have drivers imported in our Deployment Share, it’s time to move on.

1. DriverGroups

DriverGroups existed in MDT 2008 already, although the MDT Team added subdirectory support in MDT 2010.

At deployment phase MDT uses WMI to query the proper computer model and only the current model drivers will be injected. In order to get this working properly, you have to use the EXACT model name in your Out-of-Box Driver tree.

Inject the correct drivers in your Task Sequence

Add a new step in your Task Sequence to inject the correct drivers. MDT will query the computer name and inject the drivers which corresponds with the computer name from the Out-of-Box folder structure, right before applying the image at deployment.

MDT 2010 - Set Task Sequence Variable (Add Task) MDT 2010 - Set Task Sequence Variable (DriverGroup)

I use ‘DriverGroup_001’ as Task Sequence Variable, and Win7×64\%Make%\%Model% as value for my Windows 7 x64. You have to adapt this to your Out-of-Box tree.

MDT 2010 - Set Task Sequence Variable

As I use a DriverGroup I’ve disabled the ‘Inject Drivers’ task.

Customsettings.ini

As my Task Sequence handles everything, there isn’t anything needed here.

If you don’t like to use a new Task in your TS, you can add DriverGroup variables in customsettings.ini like this:

DriverGroup_001=%Make%\%Model%

DriverGroup_002=Printers

2. Selection Profiles

New in MDT 2010 are DriverSelectionProfiles. These are easy for new MDT admins, very straight forward and easy to use.

Overview:

MDT 2010 - Selection Profiles Overview

First you have to create a Profile (or use one of the default profiles):

MDT 2010 - Selection Profiles, select folders

You can even select Packages and Applications, use it for “bad drivers” aka driver setup packs.

Select what drivers you want to add to the profile;

MDT 2010 - Selection Profiles, add profile

After making the profiles you can use them in your Task Sequences. The default ‘Inject Drivers’ settings are on the left, the customized one on the right:

MDT 2010 - Selection Profiles, task sequence MDT 2010 - Selection Profiles, task sequence

You can add  Selection Profiles for drivers/packages or whatever you want. Just add an extra step in your task sequence like above.

Customsettings.ini

As with DriverGroups you can choose to handle the DriverSelectionProfile in customsettings.ini or in your TS.

Example:

DriverSelectionProfile=Dell Latitude D520 x64

Enable the Change Password feature with Outlook Web Access on a Windows 2003 Exchange 2007 Server

First Step create the IISADMPWD virtual directory, do the following:

  1. Click Start, point to Programs, point to Administrative Tools, and then click Internet Services Manager.  
  2. Right-click the default Web site, point to New, and then click Virtual Directory. image
  3. In the Virtual Directory Creation wizard, type IISADMPWD in the Alias box, and then click Next.
    image 
  4. In the Directory box, type c:\windows\system32\inetsrv\iisadmpwd or the location where your hard disk is your default hard disk, and then click Next.
    image
  5. Verify that only the Read and Run script check boxes are selected, such as the ASP check box, click Next, and then click Finish.
    image  image
  6. Verify that the IISADMPWD virtual directory has only basic authentication is set
    image
  7. If you use Windows 2003/IIS 6.0, verify that the application pool is set to MSExchangeOWAAppPool
    image 
  8. Register the IISpwchg.dll file in the Iisadmpwd directory:
    Click Start, and then click Run.
    In the Open box, type the following, and then press ENTER:
    regsvr32 c:\windows\system32\inetsrv\iisadmpwd\iispwchg.dll
  9. Configure the PasswordChangeFlags property in the metabase to make sure that the Password Change functionality is enabled:
    Click Start, and then click Run.
    In the Open box, type cmd, and then press ENTER.
    Locate the C:\Inetpub\Adminscripts directory.
    Type the following command, and then press ENTER:
    cscript.exe adsutil.vbs set w3svc/passwordchangeflags 1

    0: This is the default value. This value indicates that you must use a Secure Sockets Layer (SSL) connection when you change the password.
    1: This value permits password changes on non-secure ports. This value is useful if SSL is not enabled.
    2: This value disables the Password Change functionality.
    4: This value disables the advance notification of password expiration.

  10. Do not forget to enable Active Server Pages.
    image 
    Source http://support.microsoft.com/kb/297121

Free Ebook Notes on Desktop Virtualization by Brain Madden

Brain Madden has released a free eBook Notes on Desktop Virtualization by Brain Madden.

Index:
1) Virtualization is MORE than just VDI
2) Why storage matters
3) 3 Issues to address
4) What is IOPS and why does it matter?
5) The dumbest thing you can do
6) The secret to desktop virtualization savings
7) How the *@&% is it possible for multiple users to share the same disk image?
8) How Win7 will affect your storage and virtualdesktop environment 
9) Does the storage protocol matter?
10) Multiple classes of storage are okay
11) Ten questions to ask when evaluating your storage vendor
12) "TCO" and "ROI" Confusion
13) Why VDI?
14) 5 sure-fire ways to get canned
15) Which kind of virtualizer are you?
16) Why do people like VDI?
17) The Vicious Cycle of VDI storage
18) Notes for article “Desktop VM sizing & IOPS”

Just Click on the picture to go to the NetApp site where you can download this free eBook
image
If you click HERE you have the PDF file direct

VMware vSphere 4.1 Released

WHAT’S NEW:

Installation and Deployment

Storage

  • Boot from SAN. vSphere 4.1 enables ESXi boot from SAN (BFN). iSCSI, FCoE, and Fibre Channel boot are supported. Refer to the Hardware Compatibility Guide for the latest list of NICs and Converged Adapters that are supported with iSCSI boot. See the iSCSI SAN Configuration Guide and the Fibre Channel SAN Configuration Guide.
  • Hardware Acceleration with vStorage APIs for Array Integration (VAAI). ESX can offload specific storage operations to compliant storage hardware. With storage hardware assistance, ESX performs these operations faster and consumes less CPU, memory, and storage fabric bandwidth. See the ESX Configuration Guide and the ESXi Configuration Guide.
  • Storage Performance Statistics. vSphere 4.1 offers enhanced visibility into storage throughput and latency of hosts and virtual machines, and aids in troubleshooting storage performance issues. NFS statistics are now available in vCenter Server performance charts, as well as esxtop. New VMDK and datastore statistics are included. All statistics are available through the vSphere SDK. See the vSphere Datacenter Administration Guide.
  • Storage I/O Control. This feature provides quality-of-service capabilities for storage I/O in the form of I/O shares and limits that are enforced across all virtual machines accessing a datastore, regardless of which host they are running on. Using Storage I/O Control, vSphere administrators can ensure that the most important virtual machines get adequate I/O resources even in times of congestion. See the vSphere Resource Management Guide.
  • iSCSI Hardware Offloads. vSphere 4.1 enables 10Gb iSCSI hardware offloads (Broadcom 57711) and 1Gb iSCSI hardware offloads (Broadcom 5709). See the ESX Configuration Guide, the ESXi Configuration Guide, and the iSCSI SAN Configuration Guide.
  • NFS Performance Enhancements. Networking performance for NFS has been optimized to improve throughput and reduce CPU usage. See the ESX Configuration Guide and the ESXi Configuration Guide.

Network

Availability

  • Windows Failover Clustering with VMware HA. Clustered Virtual Machines that utilize Windows Failover Clustering/Microsoft Cluster Service are now fully supported in conjunction with VMware HA. See Setup for Failover Clustering and Microsoft Cluster Service.
  • VMware HA Scalability Improvements. VMware HA has the same limits for virtual machines per host, hosts per cluster, and virtual machines per cluster as vSphere. See Configuration Maximums for VMware vSphere 4.1 for details about the limitations for this release.
  • VMware HA Healthcheck and Operational Status. The VMware HA dashboard in the vSphere Client provides a new detailed window called Cluster Operational Status. This window displays more information about the current VMware HA operational status, including the specific status and errors for each host in the VMware HA cluster. See the vSphere Availability Guide.
  • VMware Fault Tolerance (FT) Enhancements. vSphere 4.1 introduces an FT-specific versioning-control mechanism that allows the Primary and Secondary VMs to run on FT-compatible hosts at different but compatible patch levels. vSphere 4.1 differentiates between events that are logged for a Primary VM and those that are logged for its Secondary VM, and reports why a host might not support FT. In addition, you can disable VMware HA when FT-enabled virtual machines are deployed in a cluster, allowing for cluster maintenance operations without turning off FT. See the vSphere Availability Guide.
  • DRS Interoperability for VMware HA and Fault Tolerance (FT). FT-enabled virtual machines can take advantage of DRS functionality for load balancing and initial placement. In addition, VMware HA and DRS are tightly integrated, which allows VMware HA to restart virtual machines in more situations. See the vSphere Availability Guide.
  • Enhanced Network Logging Performance. Fault Tolerance (FT) network logging performance allows improved throughput and reduced CPU usage. In addition, you can use vmxnet3 vNICs in FT-enabled virtual machines. See the vSphere Availability Guide.
  • Concurrent VMware Data Recovery Sessions. vSphere 4.1 provides the ability to concurrently manage multiple VMware Data Recovery appliances. See the VMware Data Recovery Administration Guide.
  • vStorage APIs for Data Protection (VADP) Enhancements. VADP now offers VSS quiescing support for Windows Server 2008 and Windows Server 2008 R2 servers. This enables application-consistent backup and restore operations for Windows Server 2008 and Windows Server 2008 R2 applications.

Management

  • vCLI Enhancements. vCLI adds options for SCSI, VAAI, network, and virtual machine control, including the ability to terminate an unresponsive virtual machine. In addition, vSphere 4.1 provides controls that allow you to log vCLI activity. See the vSphere Command-Line Interface Installation and Scripting Guide and the vSphere Command-Line Interface Reference.
  • Lockdown Mode Enhancements. VMware ESXi 4.1 lockdown mode allows the administrator to tightly restrict access to the ESXi Direct Console User Interface (DCUI) and Tech Support Mode (TSM). When lockdown mode is enabled, DCUI access is restricted to the root user, while access to Tech Support Mode is completely disabled for all users. With lockdown mode enabled, access to the host for management or monitoring using CIM is possible only through vCenter Server. Direct access to the host using the vSphere Client is not permitted. See the ESXi Configuration Guide.
  • Access Virtual Machine Serial Ports Over the Network. You can redirect virtual machine serial ports over a standard network link in vSphere 4.1. This enables solutions such as third-party virtual serial port concentrators for virtual machine serial console management or monitoring. See the vSphere Virtual Machine Administration Guide.
  • vCenter Converter Hyper-V Import. vCenter Converter allows users to point to a Hyper-V machine. Converter displays the virtual machines running on the Hyper-V system, and users can select a powered-off virtual machine to import to a VMware destination. See the vCenter Converter Installation and Administration Guide.
  • Enhancements to Host Profiles. You can use Host Profiles to roll out administrator password changes in vSphere 4.1. Enhancements also include improved Cisco Nexus 1000V support and PCI device ordering configuration. See the ESX Configuration Guide and the ESXi Configuration Guide.
  • Unattended Authentication in vSphere Management Assistant (vMA). vMA 4.1 offers improved authentication capability, including integration with Active Directory and commands to configure the connection. See VMware vSphere Management Assistant.
  • Updated Deployment Environment in vSphere Management Assistant (vMA). The updated deployment environment in vMA 4.1 is fully compatible with vMA 4.0. A significant change is the transition from RHEL to CentOS. See VMware vSphere Management Assistant.
  • vCenter Orchestrator 64-bit Support. vCenter Orchestrator 4.1 provides a client and server for 64-bit installations, with an optional 32-bit client. The performance of the Orchestrator server on 64-bit installations is greatly enhanced, as compared to running the server on a 32-bit machine. See the vCenter Orchestrator Installation and Configuration Guide.
  • Improved Support for Handling Recalled Patches in vCenter Update Manager. Update Manager 4.1 immediately sends critical notifications about recalled ESX and related patches. In addition, Update Manager prevents you from installing a recalled patch that you might have already downloaded. This feature also helps you identify hosts where recalled patches might already be installed. See the vCenter Update Manager Installation and Administration Guide.
  • License Reporting Manager. The License Reporting Manager provides a centralized interface for all license keys for vSphere 4.1 products in a virtual IT infrastructure and their respective usage. You can view and generate reports on license keys and usage for different time periods with the License Reporting Manager. A historical record of the utilization per license key is maintained in the vCenter Server database. See the vSphere Datacenter Administration Guide.
  • Power Management Improvements. ESX 4.1 takes advantage of deep sleep states to further reduce power consumption during idle periods. The vSphere Client has a simple user interface that allows you to choose one of four host power management policies. In addition, you can view the history of host power consumption and power cap information on the vSphere Client Performance tab on newer platforms with integrated power meters. See the vSphere Datacenter Administration Guide.

Platform Enhancements

  • Performance and Scalability Improvements. vSphere 4.1 includes numerous enhancements that increase performance and scalability.
    • vCenter Server 4.1 can support three times more virtual machines and hosts per system, as well as more concurrent instances of the vSphere Client and a larger number of virtual machines per cluster than vCenter Server 4.0. The scalability limits of Linked Mode, vMotion, and vNetwork Distributed Switch have also increased.
    • New optimizations have been implemented for AMD-V and Intel VT-x architectures, while memory utilization efficiency has been improved still further using Memory Compression. Storage enhancements have led to significant performance improvements in NFS environments. VDI operations, virtual machine provisioning and power operations, and vMotion have enhanced performance as well.

    See Configuration Maximums for VMware vSphere 4.1.

  • Reduced Overhead Memory. vSphere 4.1 reduces the amount of overhead memory required, especially when running large virtual machines on systems with CPUs that provide hardware MMU support (AMD RVI or Intel EPT).
  • DRS Virtual Machine Host Affinity Rules. DRS provides the ability to set constraints that restrict placement of a virtual machine to a subset of hosts in a cluster. This feature is useful for enforcing host-based ISV licensing models, as well as keeping sets of virtual machines on different racks or blade systems for availability reasons. See the vSphere Resource Management Guide.
  • Memory Compression. Compressed memory is a new level of the memory hierarchy, between RAM and disk. Slower than memory, but much faster than disk, compressed memory improves the performance of virtual machines when memory is under contention, because less virtual memory is swapped to disk. See the vSphere Resource Management Guide.
  • vMotion Enhancements. In vSphere 4.1, vMotion enhancements significantly reduce the overall time for host evacuations, with support for more simultaneous virtual machine migrations and faster individual virtual machine migrations. The result is a performance improvement of up to 8x for an individual virtual machine migration, and support for four to eight simultaneous vMotion migrations per host, depending on the vMotion network adapter (1GbE or 10GbE respectively). See the vSphere Datacenter Administration Guide.
  • ESX/ESXi Active Directory Integration. Integration with Microsoft Active Directory allows seamless user authentication for ESX/ESXi. You can maintain users and groups in Active Directory for centralized user management and you can assign privileges to users or groups on ESX/ESXi hosts. In vSphere 4.1, integration with Active Directory allows you to roll out permission rules to hosts by using Host Profiles. See the ESX Configuration Guide and the ESXi Configuration Guide.
  • Configuring USB Device Passthrough from an ESX/ESXi Host to a Virtual Machine. You can configure a virtual machine to use USB devices that are connected to an ESX/ESXi host where the virtual machine is running. The connection is maintained even if you migrate the virtual machine using vMotion. See the vSphere Virtual Machine Administration Guide.
  • Improvements in Enhanced vMotion Compatibility. vSphere 4.1 includes an AMD Opteron Gen. 3 (no 3DNow!™) EVC mode that prepares clusters for vMotion compatibility with future AMD processors. EVC also provides numerous usability improvements, including the display of EVC modes for virtual machines, more timely error detection, better error messages, and the reduced need to restart virtual machines. See the vSphere Datacenter Administration Guide.

Partner Ecosystem

  • vCenter Update Manager Support for Provisioning, Patching, and Upgrading EMC’s ESX PowerPath Module. vCenter Update Manager can provision, patch, and upgrade third-party modules that you can install on ESX, such as EMC’s PowerPath multipathing software. Using the capability of Update Manager to set policies using the Baseline construct and the comprehensive Compliance Dashboard, you can simplify provisioning, patching, and upgrade of the PowerPath module at scale. See the vCenter Update Manager Installation and Administration Guide.
  • User-configurable Number of Virtual CPUs per Virtual Socket. You can configure virtual machines to have multiple virtual CPUs reside in a single virtual socket, with each virtual CPU appearing to the guest operating system as a single core. Previously, virtual machines were restricted to having only one virtual CPU per virtual socket. See the vSphere Virtual Machine Administration Guide.
  • Expanded List of Supported Processors. The list of supported processors has been expanded for ESX 4.1. To determine which processors are compatible with this release, use the Hardware Compatibility Guide. Among the supported processors is the Intel Xeon 7500 Series processor, code-named Nehalem-EX (up to 8 sockets).

You can download VMware vSphere 4.1 HERE

Microsoft Deployment Toolkit (MDT) 2010 Update 1 is RTM

Microsoft has released a new version of MDT 2010 named Update 1.

It’s a great tool im loving it.

What new:

For System Center Configuration Manager 2007 users:

  • New “User Driven Installation” deployment method. An easy-to-use UDI Wizard allows users to initiate and customize an OS deployment on their PCs that’s tailored to their individual needs.

  • Support for Configuration Manager R3 “Prestaged Media.” For those deploying Windows 7 and Office 2010 along with new PCs, a custom OS image can easily be loaded in the factory and then customized once deployed.

For Lite Touch Installation:

  • Support for Office 2010. Easily configure Office 2010 installation and deployment settings through the Deployment Workbench and integration with the Office Customization Tool.
  • Improved driver importing. All drivers are inspected during the import process to accurately determine what platforms they really support, avoiding common inaccuracies that can cause deployment issues.

Bug Fixes and small improvements

  • LTI Wizard performance improvement. The LTI Wizard now takes less time to initialize and shows up faster.
  • Issue in validating connection to the server fixed. In a few scenarios, MDT 2010 used to report the error message, "A connection to the distribution share could not be made" when a task sequence is run. The Microsoft Support article, “Error message when you use MDT 2010: ‘Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed,’” at http://support.microsoft.com/kb/977566 describes this issue in detail. This issue has been fixed in MDT 2010 Update 1.
  • Support for installing Windows 7 roles and features. MDT 2010 Update 1 adds support for installation of Windows 7 operating system roles and features.
  • Looping issue with x64 custom Windows images fixed. In MDT 2010, ZTI–System Center Configuration Manager deployments could get into an infinite loop when deploying an x64 Windows image captured by LTI. This issue has been fixed in MDT 2010 Update 1
  • Error handling improvements in MDT task sequence templates. In MDT 2010, task sequences appear to finish successfully even when they really failed. These issues are fixed in MDT 2010 Update 1.

Download the new version HERE 😀

Translate »