IT Core Blog

Never stop questioning. Curiosity has its own reason for existing…

Archive for the ‘Uncategorized’ Category

Windows Server 2008 R2 Feature Components Poster

leave a comment »

This poster provides a visual reference for understanding key technologies in Windows Server 2008 R2. To download click here.
 
 
For additional information and documentation about AD, check this link.
🙂
 
 
Advertisements

Written by IT Core

May 28, 2010 at 1:20 AM

Posted in Uncategorized

Forefront Threat Management Gateway Web Access Protection

leave a comment »

Yuri and Tom describe how Forefront Threat Management Gateway is a web access protection solution. They dive into:
HTTPS inspection: privacy concerns, how it works
Process of how TMG protects unmanaged clients against malware
Basics on URL Filtering and NIS
Check out the TMG Book
Download a trial of TMG

Check out the video 🙂

Written by IT Core

February 22, 2010 at 11:00 PM

SCVMM Error 2912 when a Virtual Machine Manager 2008 operation fails due to a certificate issue: Element not found (0x80070490)

leave a comment »

According with Virtual Machine Manager Team Blog:
This is an issue that we originally talked about a while back but we’re still seeing some cases come in so I thought it would be worth another mention just in case.
When using System Center Virtual Machine Manager 2008 to perform any action involving file transfers across machines such as new VM or new P2V the operation may fail with the following error message:

Error (2912)
An internal error has occurred trying to contact an agent on the %serverName%.
(Element not found (0x80070490))

Recommendation Action
Ensure that the agent is installed and running. Ensure the WS-Management service is installed and running, then restart the agent.
0x80070490 = Element not found = Certificate not found

This issue is caused by a problem with the Host certificate (incorrect name, IP instead of FQDN or NetBIOS) or the certificate is missing from the VMM server.
The solution is to remove the managed host from the VMM server and also delete any residual certificates from the host on the VMM server, and then re-add the host:
On the SCVMM server, remove the managed host from the console. The steps on how to remove a managed host are outlined in this TechNet article

Now we need to locate and delete any certificates for the Host computer.
Open the Certificate console on the SCVMM server.
a. Open a new mmc and add the certificates snap-in.
b. Select the option of ‘computer account’ and ‘local computer’.
c. Select Finish and Ok to load the snap-in.
The certificates for the Host computer can be in any of the following locations.
a. Personal Certificates.
b. Trusted People (if the host is W2K8).
c. Trusted Root Authorities (If the host is W2K3).
In each store, expand the Friendly Name field and locate the certificate[s] for the Host server that have a Friendly Name starting with ‘SCVMM_CERTIFICATE_KEY_CONTAINER‘ followed by either the FQDN / IP address / NetBIOS name of the Host server and delete them.
Re-add the host in SCVMM which recreates the certificates as needed.
More Information:

SCVMM uses BITS to transfer payload between SCVMM managed computers. These data transfers are encrypted by using a self-signed certificate generated at the time a host machine is added to VMM. If these certificates are missing or corrupted from the VMM server or managed computers, the payload deployment job can fail. Deleting the certificates and re-adding the host will cause the certificates to regenerate.

This same information is documented in our Knowledge base KB971264

🙂

Written by IT Core

February 17, 2010 at 7:00 PM

Posted in Uncategorized

Virtual Machine Manager Rollup Package Issues…

leave a comment »

Today we decided to apply the System Center Virtual Machine Manager 2008 R2 Rollup Package .

Since that our VMM R2 doesn’t have internet access, we downloaded the update package from the Microsoft Update Catalog. The process went okay for VMM server, after that it’s was time to update the agents, and FUN began!!! 🙂

After starting the update in the first host the process fails with the error 403:
Error (403)
VMM01 is not a valid network computer name. 
Recommended Action
Only fully qualified domain names and NETBIOS computer names are valid. An IP address is valid only for hosts on a perimeter network, ESX hosts, and hosts joined to the domain by using an IPv6 address. Check the computer name, and try the operation again.

What!!! VMM01 is our SCVMM R2 computer name??!!! From the error description appears to be a problem with name resolution process!!!

Note that in the previous screen the “Update agent” operation was performed by a user with local Administration permissions on both Server and VMM. After that the VMM server “tries” to refresh the physical host but the process fails with error (2910) using the VMM service account??!!!

Error (2910)
VMM does not have appropriate permissions to access the resource  on the srvhv01.domain.tld server.
(Access is denied (0x80070005))

Recommended Action
Ensure that Virtual Machine Manager has the appropriate rights to perform this action.

Great!!! Nice!!! 😦 – Note, before agent update we can see that no errors occur in refresh process, either using the domain account that we used to update the agent nor using the VMM service account!!!

Weird 😦 – Let’s try to remove the Physical host and re-add it again!!!

Hum… Same 403 error, this is not working… 😦

Okay, in our scenario, and after a couple of more tests, we verify that something went really wrong with this update. Let me describe some of them:

Error (2910)
VMM does not have appropriate permissions to access the resource C:\Windows\system32\qmgr.dll on the srvhv01.domain.tld server.
(Access is denied (0x80070005))

Recommended Action
Ensure that Virtual Machine Manager has the appropriate rights to perform this action.

Error (2910)
VMM does not have appropriate permissions to access the resource D:\VMs\SRVVM015\Hdd01.vhd on the srvhv02.domain.tld server.
(Access is denied (0x80070005))
Recommended Action
Ensure that Virtual Machine Manager has the appropriate rights to perform this action.

Note the previous screen that is saying “VMM  does not have permissions for the VHD file for SRVVM015 in srvhv02“?!! WHAT!!! The SRVVM015 IS NOT hosted in SRVHV02!! This VM is hosted on SRVHV10, what #!#”#@#@#@#@#&#*#kc!!!!

Permissions, Permissions, Permissions!!! 🙂 Self explanatory 🙂

Error (2910)
VMM does not have appropriate permissions to access the resource \\vmm01.domain.tld\MSSCVMMLibrary2 on the srvhv01.domain.tld server.
(Access is denied (0x80070005))

Recommended Action
Ensure that Virtual Machine Manager has the appropriate rights to perform this action.

  

Solution:

In our scenario we need to fix several things before make this all work again.

1 – We had to add the Physical hosts (Name and IP) to the local hosts file in VMM (This process was done only for a few hosts, there’s a possibility that in fact we do have a name resolution problem with specific hosts).

2 – We need to fix the security permissions in the Physical hosts. We need to add the service account of VMM to the  “Virtual Machine Manager Servers” and to local administrators security group.

3 – We need to fix the permissions in the VMM shares, yep, those were all missing as well 😦 – We notice this problem when we uninstall the agent on the Physical hosts and from VMM server. When we tried to add the host to VMM server again we got an error telling us that the permissions for the VMM share were missing.

4 – In some hosts (For hosts in DMZ this is mandatory) we had to remove the physical host from the VMM server, uninstall the VMM agent, and then re-add them again after we did all previous steps mentioned before.

Note: In most scenarios, Step 2 will be enough, but you may need to perform all steps when dealing with several problems at once. 🙂

Let me know if this worked for you – 🙂

Written by IT Core

February 17, 2010 at 3:26 PM