IT Core Blog

Never stop questioning. Curiosity has its own reason for existing…

Archive for April 2010

SCVMM Comprehensive/Recomended Updates

leave a comment »

Many “Recommended”¬†updates are available for SCVMM and the technologies it manages, staying up to date can be hard, fortunately there is a tool called VMMCA that will check the configuration and updates installed on the SCVMM Server and any Hosts specified and produce a simple report.

What about all updates that have been released since the VMMCA was last released?
Here’s a list of all of the updates the VMMCA checks and another one that you will have to verify on your own.

Updates the VMMCA verifies
Install on the SCVMM Server
961983
971244
Install on SCVMM Hosts
950050
956589
956774
958124
954563
955805
Hyper-V updates for SCVMM Hosts
952247
956697
957967
958184
959978
971677
Failover Cluster Management updates for SCVMM Hosts
951308
958065

New updates, not verified by the VMMCA
WinRM
-Win2003
936059 An update is available for the Windows Remote Management feature in Windows Server 2003 and in Windows XP
WMI – Win2008, SP2
968936 Memory corruption may occur with the Windows Management Instrumentation (WMI) service on a computer that is running Windows Server 2008 or Windows Vista Service Pack 1
WMI – Win2008, SP2
971403 A rollup hotfix package for Windows Server 2008 Failover Clustering WMI provider
WMI – Win2008, SP2
970520 The Wmiprvse.exe process creates a memory leak on a computer that is running Windows Server 2008 if you remotely monitor this process by using the WMI interface on a computer that is running Windows Server 2003 or Windows XP
WMI – Win2008R2
974930 An application or service that queries information about a failover cluster by using the WMI provider may experience low performance or a time-out exception
WMI – Win2008R2
981314 The “Win32_Service” WMI class leaks memory in Windows Server 2008 R2 and in Windows 7
Hyper-V – Win2008R2
981618 The computer stops responding or restarts during the Hyper-V Live Migration process in Windows Server 2008 R2
P2V – Win2000
834010 A deadlock occurs when a program that uses WMI calls the LoadLibrary() or the FreeLibrary() function in Windows 2000
P2V – Win2000, 2003
892294 A WMI event notification query does not detect a user permissions change on Windows 2000 or Windows Server 2003
P2V – Win2000
843527 The Win32_SCSIController WMI class cannot obtain SCSI controller information after you install the MS04-011 security update
P2V – SCVMM2008
959596 Description of the System Center Virtual Machine Manager 2008 update to address physical to virtual (P2V) issues
P2V – SCVMM2008
971816 Using P2V together with System Center Virtual Machine Manager 2008 may fail with error 3154 (0x8099319E) or error 13252 (0x809933C4)
VMM Rollup – SCVMM 2008R2
976244 Description of the System Center Virtual Machine Manager 2008 R2 hotfix rollup package: November 10, 2009
VMM Rollup – SCVMM 2008R2
978560 Description of the System Center Virtual Machine Manager 2008 R2 hotfix rollup package: February 9, 2010
Other – SCVMM2008R2
976246 When you remove a virtual hard disk from a virtual machine in System Center Virtual Machine Manager 2008 R2, the .vhd file on the Hyper-V server is deleted without warning

Update for Best Practices Analyzer for HYPER-V for Windows Server 2008 R2 x64 Edition

leave a comment »

You can use Hyper-V Best Practices Analyzer to scan a server that is running the Hyper-V role, and help identify configurations that do not comply with the best practices of Microsoft for this role. BPA scans the configuration of the physical computer, the virtual machines, and other resources such as virtual networking and virtual storage. Scan results are displayed as a list of issues that you can sort by severity, and include recommendations for fixing issues and links to instructions. No configuration changes are made by running the scan.

The Hyper-V BPA is available is as download package and also available through Windows Update.

Get it here

Also check TechNet Documentation for Hyper-V BPA

Written by IT Core

April 28, 2010 at 8:07 PM

HP Virtual Connect for Dummies

leave a comment »

Like other Dummies books it is a easy reference tool that you can refer back to whenever you need to learn more about what HP Virtual Connect

So what does HP Virtual Connect do? Well it simplifies the setup of server connections to both LANs and SANs, thus allowing IT Professionals to quickly add or replace servers and move workloads without needing to involve network and storage teams.

Download it free ūüôā

 

Written by IT Core

April 28, 2010 at 7:29 PM

HP BladeSystem Matrix Application Template for Microsoft Hyper-V R2 Test and Development Environment White Paper

leave a comment »

This white paper describes an HP Insight Dynamics infrastructure orchestration (IO) template for provisioning the infrastructure resources needed to support test and development environments using Microsoft¬ģ Windows¬ģ Server 2008 R2 Hyper-V (Hyper-V R2) in a cluster configuration for live migration and Cluster Shared Volume (CSV). This template, ‚ÄúHyper-V R2 Cluster.xml,‚ÄĚ is specifically designed to provision the server, storage, and network infrastructure resources necessary to support a small test and development environments for VMs. The document also details some specific areas of the template that you will need to modify in order to successfully import and deploy the template.

Read more here
Download it here

Written by IT Core

April 28, 2010 at 7:22 PM

Posted in Documentation, How to..., HP, Virtualization

Tagged with

Domain Controllers and Active Directory Domains Part 7

with one comment

Click if you want to review part 1, part 2, part 3, part 4, Part5 or part 6 of Domain Controllers and Active Directory Domains series.

“How to deploy a Read-only Domain Controller in a Windows 2003 domain”

In part 7 of this series, we’re going to discuss a new type of domain controllers, the Read-only domain controllers (RODCs).

Read-only domain controllers (RODCs) are additional domain controllers that host read-only partitions of the Active¬†Directory database. RODCs were introduced in Windows 2008 as new feature of Active Directory Domain Services. This new type of domain controllers are the Microsoft solution to clients that had the need to deploy domain controllers at locations where security could not be 100% guaranteed (e.g. branch offices, perimeter networks). With RODCs Microsoft “offers” a solution that may help to resolve a number of security or manageability issues that existed in older operating system versions .

¬†So what make the RODCs so especial and what do they have that Read/Writable Domain Controllers (RWDCs) don’t? RODCs have:

  • Read-only copy of Active Directory Database. (Applications can only read data from AD database on RODCs. RODCs will forward certain write operations to writable domain controllers, and they will also send referrals to writable domain controllers when necessary).
  • RODCs have a read-only copy of the SYSVOL folder contents.
  • Unidirectional Replication (RODCs get information from WRDCs, but RWDCs do NOT get information from RODCs, this applies to both AD database and SYSVOL data).
  • Administration Role Separation (ARS) – Domain administrators can delegate both the installation and the administration of RODCs to any domain user, without granting them any additional rights in the domain and without compromising the security of the rest of the domain.
  • Credential caching. By default an RODC does not store user credentials or computer credentials, except for its own computer account and a special krbtgt account for that RODC, this means that by default all authentication requests will be forwarded by RODCs to RWDCs).
  • Password Replication Policy (PRP) – Ability to configure which passwords that are allowed to be cached in a RODC.
  • Filtered Attribute Set (FAS) – Control which attributes are not replicated to RODCs – this allows you to protect sensitive data in scenarios where RODCs are stolen or compromised.

 Active Directory prerequisites to deploy the a RODC?

  • The Forest functional level (FFL) must be set to Windows Server 2003 or higher. FFL 2003 is needed because linked-value replication (LVR) and constrain delegation are only available at this FFL or latter. This also means that all domain controllers (DCs) in the forest must have windows 2003 or later Operating system installed.
  • Before introducing RODCs in a Forest, a¬† writable domain controller running Windows Server 2008 or Windows Server 2008 R2 MUST exist in the same domain as the RODC. The writable domain controller must be a DNS server that has registered a name server (NS) resource record for the relevant DNS zone. RODCs must be able to replicate domain updates from a writable domain controllers running Windows Server 2008 or Windows Server 2008 R2.
  • IF you’ve a Windows Server 2003 domains, you must also run adprep /rodcprep before introducing a RODC in that Forest. Note: The infrastructure master for each domain and for each application directory partition must be available within the environment for the operation to succeed. If these requirements are not met, you may experience the symptoms described at KB 949257. Also read (Known Issues for Deploying RODCs).
  • To learn how to introduce Windows 2008/2008 R2 Domain controllers in your domain/forest, check part 6 of this series.

 Some considerations to be aware of with RODCs:

  • As discussed before, RODCs need at least one 2008 RWDC, this requirement is due the nature of RODCs context in AD. Write operations, DNs updates, Authentication (non-cached accounts), will be forwarded to RWDCs/ authoritative DNS servers. With these operations in mind is generally a good idea to have enough (more than 1) windows 2008 DC available to serve RODCs requests. To learn how to introduce Windows 2008/2008 R2 Domain controllers in your domain/forest, check part 6 of this series.
  • When a RODC that runs 2008 R2 is added to a domain that has RWDC that runs Windows Server 2008, the RODC logs Event ID 2916.This error can be disregarded, and it will not be logged if there is a RWDC that runs Windows Server 2008 R2 in the domain.
  • Cross-domain authentication will fail if the WAN is offline. RODC domain authentication for cached accounts (including User and Computer accounts) succeeds even if the WAN is offline. RODC domain authentication for accounts that are not cached will fail if the WAN is offline.
  • RODCs can only synchronize their time from a RWDCs that run Windows Server 2008, they are restricted from synchronizing with other RODCs and they are restricted from synchronizing with domain controllers outside their own domain (Client computers can synchronize time from any domain controller, including an RODC).
  • Do not use highly privileged accounts (like members of domain admins) to logon in RODCs.
  • Microsoft Exchange Server does not use RODCs. However, you can configure Outlook clients in a branch office that is serviced by a read-only global catalog server to use the read-only global catalog server for global address book lookups (Applications That Are Known to Work with RODCs).
  • Perform staged RODC Installations. The first stage of the installation (requires Domain Admin credentials) is to create an account for the RODC in AD. The second stage of the installation attaches the actual server that will be the RODC in a remote location, such as a branch office, to the account that was previously created for it. You can delegate the ability to attach the server to a non-administrative group or user.
  • When you upgrade a Windows Server 2003 domain controller it always remains a writable domain controller. You cannot make a Windows Server 2003 domain controller an RODC during the upgrade. If you want to upgrade a Windows Server 2003 domain controller and make it an RODC, you must remove Active Directory Domain Services (AD DS). You can remove AD DS either just before or just after you upgrade the operating system. After you upgrade the server and it is no longer a domain controller, reinstall AD DS and choose the RODC option during the AD DS installation.
  • You cannot convert from a full installation to a Server Core installation, or the reverse.

 Deploy RODCs:

Currently there are, at least, 2 ways to deploy RODCs, Staged installation and Direct installation.

Direct installation is the “normal” way to deploy any Domain Controller, basically you complete a full promotion of an RODC as a member of the Domain Admins group or as a member of an additional group with equivalent delegated permissions.

In this blog post I’m going to show you the Staged installation because I think that makes more sense due the nature of the RODCs security context (RODCs are normally placed at unsecure/un-trusted locations, right :)).

 The Staged Installation is divided in 2 stages:

  1. The Domain Admin prepares the Active Directory to receive the new RODC and delegates the final stage of an RODC installation to any user or group.
  2. The delegated user or group installs the RODC at the remote site and adds the RODC to the domain without the need to have a highly privileged account.

¬†I suggest the use of the IFM installation option in conjunction with a Staged installation (I’ll show you how during the video).¬†Using the Install from Media (IFM) option, you can minimize the replication of directory data over the network. This helps you install additional domain controllers in remote sites more efficiently. After you create the IFM installation media for a RODC, you can secure the installation media before transporting it to the branch office by removing secrets such as user account passwords from it. If the installation media is lost or stolen while it is being transported, it cannot be compromised to reveal passwords. This is valid for RODCs because the RODC does not cache any passwords by default, they do not need to be present in the RODC installation media.¬†

That said, let’s check “How to deploy a Read-only Domain Controller in a Windows 2003 domain
(Note: Before introducing RODCs into 2003 domains, you must have at least 1 Windows 2008/2008R2 DC, to learn how to introduce Windows 2008/2008 R2 DCs in an existing 2003 Forest/domain check part 6 of this series).

Final Notes:
Do not use highly privileged accounts (like members of domain admins) to logon in RODCs.

– Consider the RODC installation in Windows Server Core.

– Consider the use of Bit Locker on RODCs to protect data more efficiently.

– Unless you’re using DFS Replication, any changes in the RODC SYSVOL¬† will not be replicated to RWDCs and this change can affect any computer that obtains Group Policy objects or logon scripts from that RODC, not only computers that are defined in the PRP.¬† To synchronize the contents of the SYSVOL folder again, you can make a change on a writable domain controller to force the directory or file to replicate to the RODC, or you can set the Burflags registry setting to D2, check KB315457 for more information. This behavior is by design because FRS provides limited support for read-only SYSVOL on an RODC.

– Extend the RODC FAS to include any attributes that you want to prevent from replicating to any RODC in the forest. When the attributes are prevented from replicating to RODCs, they cannot be exposed unnecessarily if an RODC is stolen or compromised. (As a best practice, make sure that the forest functional level is Windows Server 2008 or latter if you plan to configure the RODC FAS)

– Use remote management tools to administer RODCs (Microsoft Remote Server Administration Tools (RSAT) – Windows Remote Management (WinRM) protocol and Windows Remote Shell (WinRS))

Reliable time synchronization is required for Kerberos authentication. Client computers can synchronize time from any domain controller, including an RODC. An RODC can synchronize time only from a writable domain controller that runs Windows Server 2008 or later.

After 1,500 security principals are in the Allowed List and the RODC stops caching passwords, if you attempt to cache the password for a user in the Allowed List‚ÄĒusing repadmin /rodcpwdrepl for example‚ÄĒyou will see the following error message (Check: Administering the Password Replication Policy):
“Unable to replicate secrets for user CN=user… on read-only DC dsp17a30 from full DC <GUID=126c27dc-cbb2-41b0-b847-71e5d6b69ea2>.
Error: Replication access was denied. (8453)
‚ÄĚ

 Additional Documentation:
Read-Only Domain Controller Planning and Deployment Guide
RODC Technical Reference Topics
Known Issues for Deploying RODCs
Applications That Are Known to Work with RODCs
Read-only Domain Controllers Step-by-Step Guide
Understanding ‚ÄúRead Only Domain Controller‚ÄĚ authentication
Read-Only Domain Controllers and Account Lockouts
KB 944043: Description of the Windows Server 2008 read-only domain controller compatibility pack for Windows Server 2003 clients and for Windows XP clients and for Windows Vista
Active Directory and Active Directory Domain Services Port Requirements
To review all video demonstrations, check video section of Active Directory Windows 2008 and 2008 R2 Documentation

Written by IT Core

April 22, 2010 at 11:59 PM

Posted in Deployment, How to..., Videos

Tagged with

Free ebook: Introducing Microsoft SQL Server 2008 R2

leave a comment »

Introducing Microsoft SQL Server 2008 R2 is to point out both
the new and the improved in the latest version of SQL Server. Because this
version is Release 2 (R2) of SQL Server 2008, you might think the changes are
relatively minor‚ÄĒmore than a service pack, but not enough to justify an entirely
new version. However, as you read this book, we think you will find that there are a
lot of exciting enhancements and new capabilities engineered into SQL Server 2008 R2
that will have a positive impact on your applications, ranging from improvements
in operation to those in management. It is definitely not a minor release!

Read/Get it here

Written by IT Core

April 20, 2010 at 1:23 AM

Posted in Books, Documentation, News

Tagged with

Removing missing VMs from SCVMM DB

leave a comment »

Do you have missing Virtual machines in your SCVMM console? Learn how to remove them using Michael’s¬†scripts:

“it has come to our attention that there are some customer complaints with regards to missing virtual machines in the administrator console after a cluster failover. Since it is not easy to remove those VMs from the VMM administrator console, Gokcen from our team wrote a script that will allow you to clean those VMs up. Here are the steps to follow.”

1.First close the VMM Administrator Console
2.Then, stop the VMMService windows service on the VMM server computer
3.Take a FULL database backup of the VMM database [Just in case; this is a safety net in case something goes wrong]
4.Now you are ready to clean up any missing VMs. it is important to notice that all missing Virtual Machines in this VMM environment will be deleted from the VMM database. we are not deleting any virtual machines from any virtualization host computer. basically we are not touching anything on Hyper-V, Virtual Server, or VMware ESX computers
5.Install Microsoft SQL Server Management Studio Express on the same computer where the VMM database exists. This is a free download from microsoft and you can search for it on Bing.
6.Open SQL Management Studio, select the VMM database and run the SQL script below. That should delete all VMs that are in the missing state in the VMM database.
7.Once the sql script is completed, restart the VMMService and open the Administrator Console. All your missing VMs should now be “eliminated” ūüôā

<<

BEGIN TRANSACTION T1

DECLARE custom_cursor CURSOR FOR
SELECT ObjectId from
dbo.tbl_WLC_VObject WHERE [ObjectState] = 220

DECLARE @ObjectId uniqueidentifier

OPEN custom_cursor
FETCH NEXT FROM custom_cursor INTO @ObjectId

WHILE(@@fetch_status = 0)
 BEGIN

 DECLARE vdrive_cursor CURSOR FOR
 SELECT VDriveId, VHDId, ISOId from
 dbo.tbl_WLC_VDrive WHERE ParentId = @ObjectId

 DECLARE @VDriveId uniqueidentifier
 DECLARE @VHDId uniqueidentifier
 DECLARE @ISOId uniqueidentifier

 OPEN vdrive_cursor
 FETCH NEXT FROM vdrive_cursor INTO @VDriveId, @VHDId, @ISOId
 WHILE(@@fetch_status = 0)
 BEGIN
  DELETE FROM dbo.tbl_WLC_VDrive
         WHERE VDriveId = @VDriveId
  if(@VHDId is NOT NULL)
  BEGIN
       
   DELETE FROM dbo.tbl_WLC_VHD
   WHERE VHDId = @VHDId
   DELETE FROM dbo.tbl_WLC_PhysicalObject
   WHERE PhysicalObjectId = @VHDId
  END
  if(@ISOId is NOT NULL)
  BEGIN
  
   DELETE FROM dbo.tbl_WLC_ISO
          WHERE ISOId = @ISOId
   DELETE FROM dbo.tbl_WLC_PhysicalObject
   WHERE PhysicalObjectId = @ISOId
  END
 
     FETCH NEXT FROM vdrive_cursor INTO @VDriveId, @VHDId, @ISOId
   END
 CLOSE vdrive_cursor
 DEALLOCATE vdrive_cursor

—————–
 DECLARE floppy_cursor CURSOR FOR
 SELECT VFDId, vFloppyId from
 dbo.tbl_WLC_VFloppy WHERE HWProfileId = @ObjectId

 DECLARE @vFloppyId uniqueidentifier
 DECLARE @vfdId uniqueidentifier

 OPEN floppy_cursor
 FETCH NEXT FROM floppy_cursor INTO @vfdId, @vFloppyId
 WHILE(@@fetch_status = 0)
 BEGIN
      DELETE FROM dbo.tbl_WLC_VFloppy 
  WHERE VFloppyId = @vFloppyId
  
  if(@vfdid is NOT NULL)
  BEGIN
   DELETE FROM dbo.tbl_WLC_VFD
   WHERE VFDId = @vfdId
   DELETE FROM dbo.tbl_WLC_PhysicalObject
   WHERE PhysicalObjectId = @vfdId
  
  END
 
     FETCH NEXT FROM floppy_cursor INTO @vfdId, @vFloppyId
   END
 CLOSE floppy_cursor
 DEALLOCATE floppy_cursor

—————-
 DECLARE checkpoint_cursor CURSOR FOR
 SELECT VMCheckpointId from
 dbo.tbl_WLC_VMCheckpoint WHERE VMId = @ObjectId

 DECLARE @vmCheckpointId uniqueidentifier

 OPEN checkpoint_cursor
 FETCH NEXT FROM checkpoint_cursor INTO @vmCheckpointId
 WHILE(@@fetch_status = 0)
 BEGIN
      DELETE FROM dbo.tbl_WLC_VMCheckpointRelation 
  WHERE VMCheckpointId = @vmCheckpointId
  
 
     FETCH NEXT FROM checkpoint_cursor INTO @vmCheckpointId
   END
 CLOSE checkpoint_cursor
 DEALLOCATE checkpoint_cursor

————————-
———Clean checkpoint

 DELETE FROM dbo.tbl_WLC_VMCheckpoint
 WHERE VMId = @ObjectID

        exec [dbo].[prc_VMMigration_Delete_VMInfoAndLUNMappings] @ObjectId

        DECLARE @RefreshId uniqueidentifier
        exec [dbo].[prc_RR_Refresher_Delete] @ObjectId, @RefreshId

        DELETE FROM dbo.tbl_WLC_VAdapter
 WHERE HWProfileId = @ObjectId

        DELETE FROM dbo.tbl_WLC_VNetworkAdapter
 WHERE HWProfileId = @ObjectId

               
        DELETE FROM dbo.tbl_WLC_VCOMPort
 WHERE HWProfileId = @ObjectId

        DELETE FROM dbo.tbl_WLC_HWProfile
        WHERE HWProfileId = @ObjectId

        DELETE FROM dbo.tbl_WLC_VMInstance
        WHERE VMInstanceId = @ObjectId

 DELETE FROM dbo.tbl_WLC_VObject
 WHERE ObjectId = @ObjectId

    FETCH NEXT FROM custom_cursor INTO @ObjectId
  END
CLOSE custom_cursor
DEALLOCATE custom_cursor

COMMIT TRANSACTION T1

>>

Written by IT Core

April 17, 2010 at 8:08 PM

SCVMM Administrator Console does NOT show up properly “Windows 2000”

leave a comment »

Another great article from Michael. This time he explains how to fix a problem that we also had in our¬†SCVMM…

if you are managing a Windows 2000 Server Virtual Machine with Hyper-V, you might notice that VMM does not recognize this operating system in the Administrator Console. Even if you manually change the OS name in the Virtual Machine properties, VMM will make it empty on the next refresh of the VM.

To get around this issue and get the proper name to display follow these steps

1.First close the VMM Administrator Console
2.Then, stop the VMMService windows service on the VMM server computer
3.Take a FULL database backup of the VMM database [Just in case; this is a safety net in case something goes wrong]
4.Now you are ready to edit the database and insert the columns that will allow VMM to recognize the OS name for Win2k.
5.Install Microsoft SQL Server Management Studio Express on the same computer where the VMM database exists. This is a free download from microsoft and you can search for it on Bing.
6.Open SQL Management Studio, select the VMM database and run the two SQL insertion statements/scripts below. That should change the VMM knowledge of supported guest operating systems and also add Win2k to the list (for both Server and Advanced Server).
7.Once the sql script complete, restart the VMMService and open the Administrator Console. Wait for approximately 30 minutes to 1 hour and your VMs will display the proper Win2k operating system in the Administrator Console. Make sure your Virtual Machines are running during this time, otherwise the guest operating system version will not be discovered
8.Good luck

INSERT INTO tbl_IL_OS
(OSId, Name, Description, Edition, ProductType, Version, Architecture, OSFlags, VMWareGuestId)
VALUES (’08f954f9-6475-4e07-9e32-4d2ddefc4c54′, ‘Windows 2000 Advanced Server’, ‘Windows 2000 Advanced Server’, 1, 3, ‘5.0’, ‘x86’, 0x3f, ‘win2000AdvServGuest’)

INSERT INTO tbl_IL_OS
(OSId, Name, Description, Edition, ProductType, Version, Architecture, OSFlags, VMWareGuestId)
VALUES (‘e85f1375-c69e-4cbd-8249-0e32caa04abb’, ‘Windows 2000 Server’, ‘Windows 2000 Server’, 0, 3, ‘5.0’, ‘x86’ , 0x3f, ‘win2000ServGuest’)

ūüôā

Written by IT Core

April 17, 2010 at 8:02 PM

How to use Problem Steps Recorder

leave a comment »

From App-V Team Blog.

“On Windows 7 and Windows Server 2008 R2, there is a great troubleshooting tool called the Problem Steps Recorder (PSR). The PSR allows screenshots and details of actions to be automatically recorded and saved in a .MHT file that is automatically zipped. A user can send this file to Microsoft Support to provide an accurate account of steps to reproduce and issue. There is a short video on TechNet that gives a demonstration of the Problem steps recorder.

We can appropriate this tool and turn it into a Sequencing Steps Recorder to document ‚Äúrecipes‚ÄĚ for sequencing applications. Other App-V blog articles have demonstrated how to use video to document sequencing. The Problem Steps Recorder just provides another alternative, especially for those users that like to read from a printout.

The PSR can be easily be found on Windows 7 or Server 2008 just by clicking on the Windows Logo and typing ‚Äústeps‚ÄĚ ,‚Äúrecord‚ÄĚ, or ‚ÄúPSR.exe‚ÄĚ in the search bar”

Read more at: “Document Sequencing on Windows 7 with the Problem Steps Recorder

Hyper-V KB: The computer stops responding or restarts during the Hyper-V Live Migration process in Windows Server 2008 R2

leave a comment »

When you run Windows Server 2008 R2 Hyper-V on a computer that uses AMD Family 10h processors, the host computer may restart unexpectedly or stop responding. When the computer restarts or stop responding, you receive no error messages.

This issue may occur when the Live Migration feature is used to move a virtual machine (VM) from one Windows Server 2008 R2 Hyper-V-based node to another node. This problem usually affects the source node that is the original location of the VM and usually does not affect the target node that is the new location where the VM will be moved.

This issue occurs because of erratum 383 in AMD Family 10h processors. This erratum generates a machine check exception. This machine check exception causes the hardware to restart or to stop responding.

KB981618

Written by IT Core

April 12, 2010 at 8:44 PM

Posted in MS Hotfixes, Virtualization

Tagged with

How to configure OpsMgr for intrusion detection and security hardening

leave a comment »

Another great article from Kevin Holman, this time Kevin explains how to configure Opsmgr to alert you when security is compromised.

Because I have a lab, that is exposed to the internet over port 3389, I get a LOT of hacking attempts on this lab. Mostly the source is from bots running on other compromised systems. These bots just do brute force attacks against the typical Admin accounts and passwords via RDP. In this article, I am going to show how OpsMgr can not only alert on this condition, but also respond by configuring the Windows Firewall to block these attacks.

Read more at: “Using OpsMgr for intrusion detection and security hardening

Written by IT Core

April 12, 2010 at 8:40 PM

Opsmgr Hotfix: System Center Operations Manager 2007 R2 does not display new properties in some views after you import a management pack

leave a comment »

You import a new management pack that contains new properties for certain views on a computer that is running System Center Operations Manager 2007 R2. After you do this, you may receive the following error message:
An object of type Variable with ID Number was not found
Additionally, you find that the new properties are missing from a specific view.

KB981740 – System Center Operations Manager 2007 R2 does not display new properties in some views after you import a management pack

Written by IT Core

April 12, 2010 at 8:32 PM

SCVMM Admin Console to Slow to start…

leave a comment »

Recently I ran into an issue where the SCVMM consoles were slow at initial load, after some debugging and web search I found a perfect match for my scenario:
FROM Michael’s Blog:
VMM Administrator Console taking too much time to load (because of PRO)
If you have enabled the PRO integration with operations manager in your VMM environment, then this blog post might be for you. If your VMM Administrator Console is taking too long to load and the memory footprint of the vmmadmin.exe is too large (i.e. the vmmadmin.exe is taking up too much RAM), then it is possible that you have a lot of PRO tips in the VMM Database and they need to be purged. During the initial load of the Administrator Console, we also load all PRO tips in the UI, both active and completed ones, causing this side effect.
Even though our Jobs view has a built-in grooming cycle, the PRO tips table does not. if you would like to purge some of the completed PRO tips, you can do that using the SQL script in this blog post.
You can modify the NumberOfDays variable to choose how many days of PRO tips to leave back in the database. Currently the script is configured to purge any PRO tip older than 30 days.
Once you successfully execute the script, you can restart the Administrator Console and see the improved performance
<<
/*
Query deletes all ProTips which
– are closed (@ProTipStateClosed = 7)
– are created @NumberOfDays before today
– don’t have a entry in jobs table
*/
DECLARE @NumberOfDays INT, @ProTipStateClosed INT
SET @NumberOfDays = 30;
SET @ProTipStateClosed = 7;
DELETE FROM tbl_PRO_PROTip WHERE
CreationTime <= GETDATE() – @NumberOfDays AND ObjectState = @ProTipStateClosed AND ObjectId NOT IN ( — ProTips that have a job trail. SELECT Tasks.PROTipID FROM tbl_TR_TaskTrail AS Tasks INNER JOIN tbl_PRO_PROTip AS Protips ON Tasks.PROTipID = Protips.ObjectId )

>>

Written by IT Core

April 11, 2010 at 4:11 PM

Error 2941 when moving VMs accross Hyper-V servers

leave a comment »

One of these days I was using our System Center Virtual Machine Manager R2 to move some VMs from one Hyper-V R2 host to another one, when I try to do that I got the following error:

Error (2941)
VMM is unable to complete the request. The connection to the agent on machine srvhv04.domain.tld has been lost.
(Unknown error (0x80072efe))

Recommended Action
Ensure that the WS-Management service and the agent are installed and running and that a firewall is not blocking HTTP traffic.

Solution:
The error “0x80072efe” means “ERROR INTERNET CONNECTION ABORTED“, this generally means Firewall Problems as described in the “Recommended action” or Certificate Issues. To solve this problem check:
– Make sure that you have connectivity on ports “80“, “443” or “40443 – for SCVMM 2008 R2″ between the Source, destination and SCVMM.
– The hyper-v host server should have under certificate MMC\trusted people folder “only” 1 SCVMM certificate the certificate format should be something like (SCVMM_*…). Make sure that the thumbprint of this certificate matches the one stored in the Personal folder of the VMM machine.
– The SCVMM should have a correspondent Certificate for that Host Certificate under its personal folder certificates and the thumbprint of this certificate should match exactly with the one stored in the Personal folder of the host machine.
You may use Netsh to get that cert information, from cmd type:
netsh http show sslcert

DONE!!!
¬†ūüôā

Written by IT Core

April 11, 2010 at 2:11 PM

Hyper-V Dynamic Memory – How does it work!!!

leave a comment »

After MS announcing the “Hyper-V Dynamic Memory“, now it’s time to explain how does it work!!!

Virtualization team did a great job about discussing the complexities regarding to memory management and also explained why Hyper-V will support Dynamic Memory.

Memory overcommit simply means to allocate more memory resources than are physically present. In a physical (non-virtualized) environment, the use of paging to disk is an example of memory overcommit. Now that we’ve defined it, I’m done using this term to avoid the aforementioned confusion. From here on, I’m going to refer to specific memory techniques.
Read More

Written by IT Core

April 7, 2010 at 9:04 PM