Tag: Tools

The Windows Server Update Services console gives Unexpected Error after KB3159706

The Windows Server Update Services console gives Unexpected Error after KB3159706

Solution:
Manual steps required to complete the installation of this update

  1. Open an elevated Command Prompt window, and then run the following command (case sensitive, assume “C” as the system volume): 
    "C:\Program Files\Update Services\Tools\wsusutil.exe" postinstall /servicing
  2. Select HTTP Activation under .NET Framework 4.5 Features in the Server Manager Add Roles and Features wizard.

    HTTP activation

  3. Restart the WSUS service.

If SSL is enabled on the WSUS server

  1. Assign ownership of the Web.Config file to the administrators group (run at an elevated command prompt): 
    takeown /f web.config /a

icacls "C:\Program Files\Update Services\WebServices\ClientWebService\Web.config" /grant administrators:f
  2. Locate the Web.Config file in the following path:
    C:\Program Files\Update Services\WebServices\ClientWebService\Web.Config
  3. Make the following changes in the file.

    Note This code sample represents a single text block. The line spacing is used only to emphasize the text changes, which are shown in bold.

    <services>
          <service
                name="Microsoft.UpdateServices.Internal.Client"
                behaviorConfiguration="ClientWebServiceBehaviour">
                   <!-- 
                  These 4 endpoint bindings are required for supporting both http and https
                -->
                <endpoint address=""
                        binding="basicHttpBinding"
                        bindingConfiguration="SSL"
                        contract="Microsoft.UpdateServices.Internal.IClientWebService" />
                <endpoint address="secured"
                        binding="basicHttpBinding"
                        bindingConfiguration="SSL"
                        contract="Microsoft.UpdateServices.Internal.IClientWebService" />
                   <endpoint address=""
                        binding="basicHttpBinding"
                        bindingConfiguration="ClientWebServiceBinding"
                        contract="Microsoft.UpdateServices.Internal.IClientWebService" />
                <endpoint address="secured"
                        binding="basicHttpBinding" 
                        bindingConfiguration="ClientWebServiceBinding"
                        contract="Microsoft.UpdateServices.Internal.IClientWebService" />
          </service>
    </services>
  4. Add the multipleSiteBindingsEnabled=”true” attribute to the bottom of the Web.Config file, as shown: 
    </bindings>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>

https://support.microsoft.com/en-us/kb/3159706

Setup MDT 2013 (Update 2) to encrypt Windows 10 devices (Laptops) automaticlly

This  will show you how to configure your environment for BitLocker, the disk volume encryption built into Windows 10 Enterprise and Windows 10 Pro, using MDT. BitLocker in Windows 10 has two requirements in regard to an operating system deployment:

  • A protector, which can either be stored in the Trusted Platform Module (TPM) chip, or stored as a password.
  • To configure your environment for BitLocker, you will need to do the following:
  1. Configure Active Directory for BitLocker.
  2. Download the various BitLocker scripts and tools.
  3. Configure the rules (CustomSettings.ini) for BitLocker.

Configure Active Directory for BitLocker

To enable BitLocker to store the recovery key and TPM information in Active Directory, you need to create a Group Policy for it in Active Directory. For this section, we are running Windows Server 2012 R2, so you do not need to extend the Schema. You do, however, need to set the appropriate permissions in Active Directory.

Note
Depending on the Active Directory Schema version, you might need to update the Schema before you can store BitLocker information in Active Directory.

In Windows Server 2012 R2 (as well as in Windows Server 2008 R2 and Windows Server 2012), you have access to the BitLocker Drive Encryption Administration Utilities features, which will help you manage BitLocker. When you install the features, the BitLocker Active Directory Recovery Password Viewer is included, and it extends Active Directory Users and Computers with BitLocker Recovery information.

figure 2

Figure 2. The BitLocker Recovery information on a computer object in the contoso.com domain.

Add the BitLocker Drive Encryption Administration Utilities

The BitLocker Drive Encryption Administration Utilities are added as features via Server Manager (or Windows PowerShell):

  1. On DC01, log on as CONTOSO\Administrator, and, using Server Manager, click Add roles and features.
  2. On the Before you begin page, click Next.
  3. On the Select installation type page, select Role-based or feature-based installation, and click Next.
  4. On the Select destination server page, select DC01.contoso.com and click Next.
  5. On the Select server roles page, click Next.
  6. On the Select features page, expand Remote Server Administration Tools, expand Feature Administration Tools, select the following features, and then click Next:
    1. BitLocker Drive Encryption Administration Utilities
    2. BitLocker Drive Encryption Tools
    3. BitLocker Recovery Password Viewer
  7. On the Confirm installation selections page, click Install and then click Close.

figure 3

Figure 3. Selecting the BitLocker Drive Encryption Administration Utilities.

Create the BitLocker Group Policy

Following these steps, you enable the backup of BitLocker and TPM recovery information to Active Directory. You also enable the policy for the TPM validation profile.

  1. On DC01, using Group Policy Management, right-click the Contoso organizational unit (OU), and select Create a GPO in this domain, and Link it here.
  2. Assign the name BitLocker Policy to the new Group Policy.
  3. Expand the Contoso OU, right-click the BitLocker Policy, and select Edit. Configure the following policy settings:

    Computer Configuration / Policies / Administrative Templates / Windows Components / BitLocker Drive Encryption / Operating System Drives

    1. Enable the Choose how BitLocker-protected operating system drives can be recovered policy, and configure the following settings:
      1. Allow data recovery agent (default)
      2. Save BitLocker recovery information to Active Directory Domain Services (default)
      3. Do not enable BitLocker until recovery information is stored in AD DS for operating system drives (Do Not Enable This Winking smile)
    2. Enable the Configure TPM platform validation profile for BIOS-based firmware configurations policy.
    3. Enable the Configure TPM platform validation profile for native UEFI firmware configurations policy.

      Computer Configuration / Policies / Administrative Templates / System / Trusted Platform Module Services

    4. Enable the Turn on TPM backup to Active Directory Domain Services policy.

(Don’t forget to disable Secure Boot & Enable the secure boot again after deployment is succes vol!!)

Set permissions in Active Directory for BitLocker

In addition to the Group Policy created previously, you need to configure permissions in Active Directory to be able to store the TPM recovery information. In these steps, we assume you have downloaded the Add-TPMSelfWriteACE.vbs script from Microsoft to C:\Setup\Scripts on DC01.

  1. On DC01, start an elevated PowerShell prompt (run as Administrator).
  2. Configure the permissions by running the following command: 
    cscript C:\Setup\Scripts\Add-TPMSelfWriteACE.vbs

figure 4

Figure 4. Running the Add-TPMSelfWriteACE.vbs script on DC01.

Add BIOS configuration tools from Dell, HP, and Lenovo

If you want to automate enabling the TPM chip as part of the deployment process, you need to download the vendor tools and add them to your task sequences, either directly or in a script wrapper.

Add tools from Dell

The Dell tools are available via the Dell Client Configuration Toolkit (CCTK). The executable file from Dell is named cctk.exe. Here is a sample command to enable TPM and set a BIOS password using the cctk.exe tool:

cctk.exe --tpm=on --valsetuppwd=Password1234
Add tools from HP

The HP tools are part of HP System Software Manager. The executable file from HP is named BiosConfigUtility.exe. This utility uses a configuration file for the BIOS settings. Here is a sample command to enable TPM and set a BIOS password using the BiosConfigUtility.exe tool:

BIOSConfigUtility.EXE /SetConfig:TPMEnable.REPSET /NewAdminPassword:Password1234

And the sample content of the TPMEnable.REPSET file:

English
Activate Embedded Security On Next Boot
*Enable
Embedded Security Activation Policy
*No prompts
F1 to Boot
Allow user to reject
Embedded Security Device Availability
*Available
Add tools from Lenovo

The Lenovo tools are a set of VBScripts available as part of the Lenovo BIOS Setup using Windows Management Instrumentation Deployment Guide. Lenovo also provides a separate download of the scripts. Here is a sample command to enable TPM using the Lenovo tools:

cscript.exe SetConfig.vbs SecurityChip Active

CustomSettings.ini

[Default]
SkipBitLocker=YES

[LAPTOP]
TaskSequenceID=LAPTOP
MachineObjectOU=OU=Bitlocker,OU=LAPTOPS,OU=Clients,DC=wardvissers,DC=local
BDEKeyLocation=\\mdt01.wardvissers.local\Bitlocker$

Source

RVTools version 3.8 is now available

RVTools is a windows .NET 2.0 application which uses the VI SDK to display information about your virtual machines and ESX hosts. Interacting with VirtualCenter. RVTools is able to list information about VMs, CPU, Memory, Disks, Partitions, Network, Floppy drives, CD drives, Snapshots, VMware tools, Resource pools, Clusters, ESX hosts, HBAs, Nics, Switches, Ports, Distributed Switches, Distributed Ports, Service consoles, VM Kernels, Datastores, Multipath info and health checks. With RVTools you can disconnect the cd-rom or floppy drives from the virtual machines and RVTools is able to update the VMware Tools installed inside each virtual machine to the latest version.
rvtools_small.jpg
Version 3.8 (March, 2016)

  • VI SDK reference changed from 5.5 to 6.0
  • on vInfo tab page new field: ChangeVersion unique identifier for a given version of the configuration
  • on vInfo tab page new field: HA VM Monitoring status
  • on vInfo tab page new fields: Number of supported monitors and Video RAM in KB.
  • on vInfo tab page new field: Config status.
  • Config issues are visible on the vHealth tab page
  • on vInfo tab page new field: OS according to the VMware Tools
  • on vTools tab page new fields: App state, App heartbeat status and Kernel crash state
  • on vTools tab page new fields: Operations availability, State change support and
  • Interactive Guest Operations availability
  • on vHost tab page new field: NTPD running state.
  • NTP issues are visible on the vHealth tab page
  • on vHost tab page new field: Config status.
  • Config issues are visible on the vHealth tab page
  • on vCluster tab page new field: Config status.
  • Config issues are visible on the vHealth tab page
  • on vDatastore tab page new field: Config status.
  • Config issues are visible on the vHealth tab page
  • on vSC+VMK tab page new fields: IP 6 Address and IP 6 Gateway
  • all VM related tab pages now have a VM Object ID and VM UUID columnsall VM related tab pages now have powerstate and template columns
  • all tab pages. Now have a vCenter UUID column (= unique identifier for a vCenterServer)
  • all VM related tab pages. The Custom Attributes columns are now ordered alphabetically
  • all tab pages. A select is now a full row select so it is easier to follow the information across many columns
  • bug fix: Refresh data issue on vRP and vCluster tab pages solved
  • bug fix: Filter issue on vCluster tab page solved
  • bug fix: On vInfo tab page the HA information was not filled with cluster default values
  • bug fix: Content Libraries vmdk files are no longer reported as possible zombie files
  • bug fix: msi installer sometimes installs RVTools in root of c:\ drive. This is solved now.

Windows ADK for Windows 10

ownload the Windows Assessment and Deployment Kit (ADK) for Windows 10 to get the new and improved deployment tools used to automate a large-scale deployment of Windows 10. The Windows ADK includes:

  • Windows Imaging and Configuration Designer (Windows ICD) to customize Windows 10 images
  • The Windows Assessment Toolkit and the Windows Performance Toolkit to assess the quality and performance of systems or components
  • Several tools that are designed to help you deploy Windows

Learn about what’s new in the Windows ADK for Windows 10

Download the Windows ADK for Windows 10

How to setup a remote PowerShell-session with Exchange 2013

Now I want to manage my Exchange 2013 environment from the Windows 8 workstation, no Exchange tools are installed on the Windows 8 laptop. In a few simple steps you can open a remote PowerShell session to one of the Exchange Servers.

Logon to the Windows 8 machine and start the ‘Windows PowerShell ISE

 

$RemoteEx2013Session = New-PSSession -ConfigurationName Microsoft.Exchange `
                                     -ConnectionUri http://servername/PowerShell/ `
                                     -Authentication Kerberos -Credential (Get-credential)
Import-PSSession $RemoteEx2013Session

Save this to Remote Exchange 2013 Powershell.ps1

Don’t forget setting your Powershell to unrestricted with: set-executionpolicy unrestricted

Microsoft Ignite first things about Exchange Server v.Next & Skype for Business

Microsoft Ignite will be hell add may 4-8. The session catalog contains 275 sessions, covering products like Exchange (49), Office 365 (85) and Skype for Business (26). It will be the first major Microsoft event where details will emerge on the next version of Exchange, Exchange v.Next.

The next version of Exchange Server is arriving in the second half of 2015. A short heads-up as the session catalog for Microsoft Ignite has been published. So, if you are still undecided or already want to pick ‘must see’ sessions for your schedule, you can check the session catalog here.

I will not attend Ignite. But i hope the sessions wil be publishd on Channel 9 here.

Short List of sessions:
Tools and Techniques for Exchange Performance Troubleshooting
Meet Exchange Server v.Next
Choosing between Server, Online and Hybrid with Skype for Business
Deploying Exchange Server v.Next
Deep Dive into How Microsoft Handles Spam and Advanced Email Threats
Exchange Server Preferred Architecture
Experts Unplugged: New Exchange Scenarios
Exchange on IaaS: Concerns, Tradeoffs, and Best Practices

Moving to Office 365/Exchange Online? A good idea?

Reducing IT costs: Especially in challenging economic times, organizations need to cut costs wherever possible—but without reducing capabilities.

Increasing predictability of IT costs: Replacing or upgrading on-premises IT systems can require significant one-time capital expenditures.

Increasing user productivity: Users face growing volumes of email, and need tools to help them manage it more efficiently.
Enhancing collaboration: Increasingly mobile and distributed workers need technology that helps them work together wherever they are.

Reducing IT administration: IT can be stretched thin and spend too much time managing hardware, updates, and upgrades.
Increasing reliability and availability of email: Email is a business-critical application, and many organizations face challenges keeping it running—especially with shrinking IT budgets.

Staying up-to-date with the latest technology: To stay competitive and recruit the next generation of talent, businesses need to have the latest functionality. But, upgrading on-premises software can be a significant undertaking.

1 Simplified Administration

Managing corporate email can be complex. With Exchange Online, many of the most time-consuming tasks are taken care of by Microsoft, including the management of hardware, updates, and upgrades. Additionally, Exchange Online delivers a streamlined administration experience, making it easier for IT administrators to configure and manage email services in ways that benefit the business.

2 Conclusion

The benefits of moving email to the cloud are clear; including lower costs, increased agility, simpler management, and higher-quality services. Exchange Online meets these expectations by delivering a wide-range of features and capabilities that support anywhere access, protection and compliance, and simplified administration.

But now the real world experience with Exchange Online

If your organization is using google DNS servers. You will be redirected to the Exchange Online servers in America not Dublin if you live in The Netherlands.

Exchange Online works the best if you use cached mode.

The Question is do you want is you using Microsoft Remote Desktop Services or Citrix XenDesktop or VMware Horizon (View)

Cached Exchange Mode in a Remote Desktop Session Host environment: planning considerations
Limits to using personal folders (.pst) files over LAN and WAN links.

My Conclusion:
Exchange Online is great for most organizations. Lower costs, increased agility, simpler management, and higher-quality services.

But is your organization using Microsoft Remote Desktop Services or Citrix XenDesktop or VMware Horizon (View). You need think twice for you migrate.

As IT admin you don’t want ost files locally on Remote Desktop or XenDesktop or VMware View Servers & Desktops or on your file server.

Saving money can mean angry & complaining customers….

Exchange Administrator’s toolkit

There are lots of tools for Exchange Server available, you can find most of them at the Exchange Server Wiki (some of the tools listed are for previous versions of Exchange).

Here is a short selection from the vast collection available:

Tune and optimize performance of your Office 365 connection

Microsoft has published a new course on Office 365 Performance Management at the Microsoft Virtual Academy, which contains 11 modules across planning and troubleshooting areas including:

  1. Office 365 Performance Management Course Introduction
  2. Office 365 Datacenters and Network
  3. Planning for Office 365 Internet Capacity – Exchange Online
  4. Planning for Office 365 Internet Capacity – Lync Online
  5. Planning for Office 365 Internet Capacity – SharePoint Online
  6. The Baselining Model for Internet Capacity Planning
  7. Best Practices & Real Customer Projects Planning Internet Capacity
  8. Planning for Office 365 Firewalls Whitelisting
  9. Performance Troubleshooting Process and Tools Used
  10. Performance Troubleshooting Tests
  11. Troubleshooting SharePoint Online Customizations

MDT v.Next Coming….

New core tools

Windows 10 ADK supports Windows 7, Windows 8.1 and Windows 10 deployments.

Windows Image Configuration Designer (WICD), pronounced Wicked ?   🙂  Is supposed to be able to build a customized mobile or desktop image, and also create provisioning packages that allow you to customize a Windows device, without re-imaging.

Microsoft Deployment Toolkit v.Next (MDT) (standalone)

New upcoming version of MDT is in development, not much info presented yet, but a few items were mentioned in the session:

Windows 10 Deployment and Upgrade Support, as well as updated Task Sequence binaries

Removed deprecated components from Deployment Workbench, and making OSD more accessibility compliant.

MDT documentation will be on TechNet (removed legacy help file and DOCX)

Translate »