Exchange 2013 and .NET 4.5 fixes KB2803754 & KB2803755

Microsoft published an important hotfix for .NET 4.5 earlier this year. It wasn’t picked up on by many, therefor a quick write up on the matter.

Since Exchange 2013 is built on top of .NET 4.5, it is recommended to install the hotfix on all Exchange 2013 Mailbox and Multi-Role servers. The hotfix will reduce the memory consumption of the store worker processes.

If you’re using Windows Server 2008 R2, the hotfix is KB2803754 and can be requested here; when using Windows Server 2012 the hotfix is KB2803755 which can be requested here.

After installing the hotfix, you need to do one of the following things:

  • Set the following registry key:
    HKLM\Software\Microsoft\.NETFramework\DisableRetStructPinning=1 (REG_DWORD)
  • Set the COMPLUS_DisableRetStructPinning environment variable to 1

I’d prefer the first option. Note that you need to restart the server for the change to become effective.

Thanks to EighTwOne

Configuring disks to use VMware Paravirtual SCSI (PVSCSI) adapters

PVSCSI adapters are high-performance storage adapters that can result in greater throughput and lower CPU utilization. PVSCSI adapters are best suited for environments, especially SAN environments, where hardware or applications drive a very high amount of I/O throughput. PVSCSI adapters are not suited for DAS environments.

This table shows the support matrix for use of Paravirtual SCSI adapters for data disks and boot disks for the various guest operating systems and ESX versions. Support shown in the table is from the listed ESX/ESXi version and later versions.

Guest operating system

Data Disk

Boot Disk

Windows Server 2012 (64 bit only)

ESXi 5.0 Update 1, ESXi 5.1

ESXi 5.0 Update 1, ESXi 5.1

Windows Server 2008 R2 (64 bit only)

ESX/ESXi 4.0 Update 1, ESX/ESXi 4.1, ESXi 5.x

ESX/ESXi 4.0 Update 1, ESX/ESXi 4.1, ESXi 5.x

Windows Server 2008 (32 and 64 bit)

ESX/ESXi 4.x, ESXi 5.x

ESX/ESXi 4.0 Update 1, ESX/ESXi 4.1, ESXi 5.x

Windows Server 2003 (32 and 64 bit)

ESX/ESXi 4.x, ESXi 5.x

ESX/ESXi 4.x, ESXi 5.x

Windows 7 (32 and 64 bit)

ESX/ESXi 4.1, ESXi 5.x

ESX/ESXi 4.1, ESXi 5.x

Windows Vista (32 and 64 bit)

ESX/ESXi 4.1, ESXi 5.x

ESX/ESXi 4.1, ESXi 5.x

Windows XP (32 and 64 bit)

ESX/ESXi 4.1, ESXi 5.x

ESX/ESXi 4.1, ESXi 5.x

Because the default type of newly hot-added SCSI adapter depends on the type of primary (boot) SCSI controller, hot-adding a PVSCSI adapter is only supported for those versions that support booting from a PVSCSI adapter.

Paravirtual SCSI adapters also have these limitations:

  • Hot add or hot remove requires a bus rescan from within the guest.
  • Disks with snapshots might not experience performance gains when used on Paravirtual SCSI adapters if memory on the ESX host is overcommitted.

Active Directory Replication Status Tool

The Active Directory Replication Status Tool (ADREPLSTATUS) analyzes the replication status for domain controllers in an Active Directory domain or forest. ADREPLSTATUS displays data in a format that is similar to REPADMIN /SHOWREPL * /CSV imported into Excel but with significant enhancements.
Specific capabilities for this tool include:

    • Expose Active Directory replication errors occurring in a domain or forest
    • Prioritize errors that need to be resolved in order to avoid the creation of lingering objects in Active Directory forests
    • Help administrators and support professionals resolve replication errors by linking to Active Directory replication troubleshooting content on Microsoft TechNet
    • Allow replication data to be exported to source or destination domain administrators or support professionals for offline analysis

System Requirements

Supported Operating System

Windows 7, Windows 8, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Vista, Windows XP

      • ADREPLSTATUS does not install on server core installs of Windows
      • Windows 2000 not supported due to lack of support for .NET Framework 4.0

    Domain membership requirements:

      • Must be joined to the Active Directory domain or forest you intend to monitor

    .NET Framework requirements:

      • .NET Framework 4.0 (you may be prompted to install .NET Framework 3.5.1 first on Windows Server 2008)

    Required User Credentials:

      • Target forest/domain user account

    Supported DC OS versions that can be monitored by ADREPLSTATUS:

      • Windows Server 2003
      • Windows Server 2003 R2
      • Windows Server 2008
      • Windows Server 2008 R2
      • Windows Server 2012

      image

Active Directory Accidental Deletion – Prevention

Accidental deletions in active directory can cause havoc and unfortunately. This may have been avoided and secondly could have been fixed in less than 10 % of the actual time spent if the environment was using one of the latest features that we included in Windows 2008 R2 ( Active Directory Recycle Bin ). Most critical situations arise due to accidental human /tool interference or configuration and it is important to be able to come out of such situations within minimal down time, Accidental Deletion in Active Directory is one such situation.

Powershell Enable Protected From Accidenta lDeletion:
Get-ADobject -Filter * -SearchBase “DC=wardvissers,DC=local” | Set-adobject -ProtectedFromAccidentalDeletion $true

Microsoft Virtual Machine Converter Solution Accelerator

The Microsoft Virtual Machine Converter (MVMC) Solution Accelerator is a Microsoft-supported, stand-alone solution for the IT pro or solution provider who wants to convert VMware-based virtual machines and disks to Hyper-V®-based virtual machines and disks.

MVMC provides the following features:

  • Converts and deploys virtual machines from VMware hosts to Hyper-V hosts including Hyper-V on Windows Server® 2012. As part of the machine conversion MVMC converts the virtual disks attached to the source virtual machine. It also migrates configuration such as memory, virtual processor and so on from the source virtual machine to the converted virtual machine deployed on Hyper-V. It adds virtual network interface cards (NICs) to the converted virtual machine on Hyper-V.
  • Converts VMware virtual disks to Hyper-V based virtual hard disks (VHDs).
  • Supports conversion of virtual machines from VMware vSphere 4.1 and 5.0 hosts to Hyper-V.
    • Note MVMC also supports conversion of virtual machines from VMware vSphere 4.0 if the host is managed by vCenter 4.1 or vCenter 5.0. You have to connect to vCenter 4.1 or 5.0 through MVMC to convert virtual machines on vSphere 4.0.
  • Offers fully scriptable command-line interfaces for performing virtual machine and disk conversions that integrates well with data center automation workflows and Windows PowerShell scripts.
  • Has a wizard-driven GUI, making it simple to perform virtual machine conversion.
  • Uninstalls VMware tools prior to conversion to provide a clean way to migrate VMware-based virtual machines to Hyper-V.
  • Supports Windows Server guest operating system conversion, including Windows Server 2008 R2, Windows Server 2008 and Windows Server 2003 SP2.
  • Enables conversion of Windows® client versions including Windows 7.
  • Installs integration services on the converted virtual machine if the guest operating system is Windows Server 2003 SP2.

System requirements

Supported operating systems: Windows 7, Windows Server 2008 R2, Windows Server 2012

Before you install MVMC, you must install the following software on the computer on which MVMC will run:

  • Operating systems: Windows 7, Windows Server 2008 R2, or Windows Server 2012 (full installation)
  • Microsoft .NET Framework 3.5 and Microsoft .NET Framework 4 if installing MVMC on Windows 7 or Windows Server 2008 R2
  • Microsoft .NET Framework 4.5 if installing MVMC on Windows Server 2012

Download

An update is available for Windows 7 and Windows Server 2008 R2 KMS hosts to support Windows 8 and Windows Server 2012

This update extends the Key Management Service (KMS) for Windows 7 and Windows Server 2008 R2 to allow enterprise licensing of Windows 8 and of Windows Server 2012.
KMS provides support for the following KMS client activations:

  • Windows Server 2008 R2 and Windows Server 2008 R2 Service Pack 1 (SP1)
  • Windows Server 2008 and Windows Server 2008 Service Pack 2 (SP2)
  • Windows 8
  • Windows Server 2012
  • Windows 7 and Windows 7 Service Pack 1 (SP1)
  • Windows Vista and Windows Vista Service Pack 2 (SP2)

Key Management Service (KMS) uses a KMS host key to activate KMS on a KMS host, and to establish a local activation service in your environment. This update extends support for KMS to provide activation for Windows 8 and for Windows Server 2012.

Download

OS not starting after removing extra bitlocker boot partition

If you remove the 300mb hidden partition your system does not start anymore.

Solution 1:

Open command prompt
bcdboot c:\windows /s c:
Open diskmgmt.msc & Mark Partion as Active.
Reboot the VM.
Delete the BDEdrive partitie.
Extend the C-Disk with the empty space

Solution 2:

Boot with Windows 7 or WIndows 2008 R2 installation DVD, select repair and open a command prompt.
Type diskpart
Type select disk 0
Type list partition
then note the partition number where you installed windows 7.
Type select partition X (X is the partition number where Windows is installed)
type active
type exit
type bcdboot.exe c:\windows (if C is your windows partition)

Setup KMS Server for Windows Server 2008 R2 or Windows 7

Open the command prompt and run the following command:

cscript c: \ Windows \ System32 \ slmgr.vbs / ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx

Enter the product key xxxxx Windows Server 2008 R2. It is also able to activate Windows 7. The following text appears when the command is successful.

Microsoft ® Windows Script Host Version 5.7
Copyright © Microsoft Corporation. All rights reserved.
Installed product key xxxxx-xxxxx-xxxxx-xxxxx-xxxxx successfully.
The installation of the KMS server is complete. The server installs itself on port 1688. This port must be opened to be put in the firewall. To change the port the following command can be used.

Slmgr.vbs / SPRT xxxx
Once the firewall is open and the key is installed, the KMS server service has to be restarted. Do this by using the following command:

slsvc & net stop & net start slsvc

To check whether the data will be registered correctly in the DNS, the following command:

nslookup-type = srv _vlmcs._tcp

Here, the following output should appear:

_vlmcs._tcp.test.local SRV service location:
priority = 0
weight = 0
port = 1688
svr hostname = kms.wardvissers.local
internet address = 192.168.150.7 kms.wardvissers.local

Clients / Servers

The clientele / servers need to connect to the KMS host will automatically find the host by dns. When the client / server using a MAK key is activated. Should this be put back to a KMS client key. These keys are released by Microsoft. When this key is set on the client / server will automatically look for a KMS host. When not present, the client / server activation.

KMS client keys:

Windows 7 Enterprise: 33PXH-7Y6KF-2VJC9-XBBR8-HVTHH
Windows Server 2008 Standard: TM24T-X9RMF-VWXK6-X8JC9-BFGM2
Windows Server 2008 Enterprise: YQGMW-MPWTJ-34KDK-48M3W-X4Q6V
Windows Server 2008 R2 Standard – YC6KT-GKW9T-YTKYR-T4X34-R7VHC
Windows Server 2008 R2 Enterprise – 489J6-VHDMP-X63PK-3K798-CPX3Y

The following commands can the key be changed from MAK to KMS here are the xxxxx is one of the above keys.

slmgr.vbs / ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
Note: To ensure that the client is forced to activate the command to be executed on the client.
slmgr-ato

It can happen that the RMS server returns the following message. This is because the KMS server is just beginning to work with 25 clients and 5 servers.

You can find here the list with error codes & solutions: http://support.microsoft.com/kb/938450

Special thanks to:Harm Hoekstra

Preventing Automatic Service Pack 1 Update to Windows 7 and Windows Server 2008 R2

Microsoft began to distribute Windows 7 and Windows Server 2008 R2 Service Pack 1 (SP1) as a high-priority update through Automatic Updates. However, as with most large corporate environments, IT organizations may want to delay the introduction of a new Service Pack until they have tested compatibility with internal applications and sites.

Microsoft created a tool called “Windows Service Pack Blocker Tool Kit” to stop it from updating your servers and workstations without your permission. Unlike the Blocker Toolkit for IE9, this tool does have an expiration date – the 22nd of February 2012. The tool and can be configured either by running the registry file on the client machines or through Group Policy in domain joined environments.

Download

Download details: www.microsoft.com/downloads/en/details.aspx?FamilyID=D7C9A07A-5267-4BD6-87D0-E2A72099EDB7

The tool can be used with:

  • Windows 7 Service Pack 1
  • Windows Server 2008 R2 Service Pack 1

Toolkit Components

The tool contains three components. All of them function primarily to set or clear a specific registry key that is used to detect and block download of Service Packs from Windows Update. You need to only use one of the components, the one that best serves your organization’s computer management infrastructure.

The components are:

  • A Microsoft-signed executable
  • A script
  • An ADM template

Registry key

The executable creates a registry key on the computer on which it is runs that blocks or unblocks (depending on the command-line option used) the delivery of a Service Pack to that computer through Windows Update. The key used is HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate.

Key value name: DoNotAllowSP

  • When the key value name is not defined, distribution is not blocked.
  • When the key value name is set to 0, distribution is not blocked.
  • When the key value name is set to 1, distribution is blocked.

Blocker Script

The script does the same thing as the executable, but allows you to specify the remote machine name on which to block or unblock delivery of Service Packs.

When the ‘/B’ command line option is used, the key value name ‘DoNotAllowSP‘ is created and its value set to 1. This value blocks delivery of a Service Pack to the computer through Automatic Update or Windows Update.

When the ‘/U’ command line option is used, the previously created registry value that temporarily blocked the delivery of a Service Pack to the computer through Automatic Update or Windows Update is removed. If the value does not exist on the computer on which it is run, no action is taken.

Note: The executable and script have been tested only as a command-line tool and not in conjunction with other systems management tools or remote execution mechanisms.

Group Policy Administrative Template (.ADM file)

The ADM template allows administrators to import group policy settings to block or unblock delivery of Service Packs into their Group Policy environment. Administrators can then use Group Policy to centrally execute the action across systems in their environment.

Add the .ADM file to the Group Policy by going to Computer Configuration > Administrative Templates. Right click and select Add/Remote Templates. Browse to the location of the .ADM file and click Ok.

Windows 7 and Windows Server 2008 R2 SP1 Blocker: Group Policy Settings

Users running Windows 7 and Windows Server 2008 R2 will see the policy setting under Computer Configuration > Administrative Templates > Classic Administrative Templates (ADM) > Windows Components > Windows Update.

Block Windows 7 and Windows Server 2008 R2 SP1 automatic updates

Please note that this toolkit will not prevent the installation of the service pack from CD/DVD, or from the stand-alone download package. This simply prevents Windows 7 and Windows Server 2008 R2 Service Pack 1 (SP1) from being delivered over Windows Update.

MMC could not create the snap-in. CLSID: FX:{18ea3f92-d6aa-41d9-a205-2023400c8fbb} error

I was able to solve this problem by the procedure below.

1. Navigate to the following directory:

x64 OS
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG

x86
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG

2. Copy the ‘machine.config’ file to desktop just in case before you go to 3rd step.

3. Rename machine.config to machine.config.old which is locating in the directory above.

That’s it Winking smile