Archive for the ‘windows’ Category

Server 2008 R2 Core

So, I finally have moved into a realm where I want to squeeze as much power out of my new servers. My latest purchase is a nice Dell 710 with a boat load of ram in it. I want that to be my hypervisor managing only the network connections. LOW OVERHEAD. That sounds great to me. Trouble is, I’ve never acutally configured a server without a GUI. I’ve dabbled in powershell and I’ve done plenty of unix/linux work from the command line though. How hard can it be?

Very, it turns out. I’m having a lot of inconsitent problems. I had no problem installing the OS. that went fine. I was even able to find plenty of documentation out there on, but not limited to Microsoft’s site. But I’m having strange problems I can’t find answers to.

The biggest is that I can enable remote desktop (can we really call it that in core? its just a command line prompt) but I cannot remotely access the event viewer, Hyper-v or disk managment…. I’ve configured it to do so.

first I found the sconfig command.

sconfig

That allowed me to “enable” remote access, turn on and install updates and powershell access. RDP seems to function fine. No other functionality is working. with Hyper-v I get RPC connection errors and network path not found with the remote computer managment.

the odd part is this: i removed the computer from the domain, re-added it and then I had access. This was late at night so I called it a win and went home. The next day I got back and there is no connection. restarted the server (its not in production yet) and still no love? what changed?

More as I work this out……

Update:

I spoke with my friend Steve who pointed out that I may be having firewall issues. so I turned it off!

netsh advfirewall set allprofiles state off

Totally worked. I suspected as much, but think my settings aren’t sticking. What could cause this to happen? without me making any changes? GPO!!! (thanks again Steve, good to have friends.)

So I poped open my Group Policy Managment, looked up my server and the GPOs that are applied to it. Turns out there is a firewall policy applied to EVERY computer in my network. Upon inspection I see that there is a section that “allow inbound remote administration exception”. The question is this, “is this policy over-writting the policy in place or is it appending?” I’d think over-writting due to my funny errors. The policy itself is only set to enable remote access. Since I am enabling the policy, does it require that I explicitly set the rules for all the remote access? good question! I disabled the GPO that was setting some firewall options. Restart on the server to get the new GPO setup and viola, connections are working fine. the GPO was interfering. I’m a bit suprised, and now I have a bunch more work to get my GPOs set to provide what that old GPO did without messing up my new systems.
After all the basics got ironed out, I then found a nifty tool for configuring core installations. called Core configurtor 2.0 you can find it here
Core configurator 2.0
Make sure to copy it to a tools folder on your C:\
then you can run it by typing

cscript Start_Coreconfig.wsf

This tool gave me the ability to use a GUI to set some of the things I needed done. I did google for each command I was going to need and entered them one at a time. That’s the hard way. Done that, time for something easier.

Microsoft Lync 2010 install

new project! I’ve been working on installing lync 2010 in my environment. Here’s some prelim notes. I’ll update as I go.

Running the Console:

I attempted to launch the console both with the start menu link directly on the server and by going to https://servername/cscp

both gave me the following error.

Could not load type System.ServiceModel.Activation.HttpModule

What it boiles down to was that the IIS server was installed AFTER  .net  framework 4. The fix is simple. re-register aspnet and IIS.

aspnet_regiis.exe -iru

Adding users:

You cannot add users via the console who already belong to the domain admin’s group. You’ll have to do it via powershell. To make it easy – for those of us who are new at powershell – you can use the Lync Server Management Shell right in the start menu.

Enable-CsUser -Identity "User Name" -RegistrarPool "Name.of.your.server"
-SipAddressType SamAccountName  -SipDomain "domain.local"

Please note that you can change the SamAccountName to use whichever method you like to generate sip address type. the ref link below has options.

Reference:technet.microsoft.com/…/gg398711.aspx

Dell Powervault – Host groups and shared virtual disks

I learned something today! That makes it a good day, and its only 8:30am.  A while back I stood up a new virtual server. I have a few of them and they all use my Dell Powervault to hold the VM files. This works well for a number of reasons. The powervault and servers use their own gigabit LAN to transfer data. Nice and fast. The powervault is fault tolerant, so I sleep better at night.  I tried something new this time though. I created a host group, consisting of two virtual machine hyper-visors. I gave them both access to the same virtual disk. All was well for a while. then one of my servers got itself corrupted. (see my previous post about backing up servers!) Then another got corrupted. The second hyper-visor couldn’t even see the virtual disk anymore even with a bunch of fiddling. That’s tech-speak for troubleshooting until my eyes bleed.

After a lengthy call with Dell’s customer support I found out that even though their documentation shows you how to share a virtual disk between computers, DON’T DO IT. Apparently this can and does cause disk corruption because Microsoft doesn’t play well when sharing a file system. Supposedly I can only get away with this if I had the two hyper-visors clustered. Which I don’t.  Any way, something new!

Server 2008 R2 and IPV6 slowdown – powershell fix!

So the other day a few friends and I were discussing some odd behavior that IPV6 has. I noticed early on that it plays havoc with my DNS between IPv4 and IPv6 workstations and their respective connections to servers. Steve Murawski mentioned that he had problems with bandwidth regarding IPv6 and its desire to tunnel over IPv4. Now I don’t have all the details but disabling IPv6 and its attendant interface objects seems to solve both the DNS and network slowdown issue. I slapped a quick and dirty powershell script together that allowed me to quickly update my servers to remove the IPv6 suite. I should note that the commands are also courtesy of Steve. Thanks Steve!

Some of you may have seen where I made a mistake with my script. this has been updated on 12-23. You can still use my original commands so long as you do them live at the command window. As a script, it fails. So enter the commands one at a time and all is well. This doesn’t help much unless its a script though. So the second block of code is updated to work as a script.

Enter-PSSession PUT COMPUTER NAME HERE
Write-Host "Disabling isatap"
netsh interface isatap set state disabled
Write-Host "Disabling teredo"
netsh interface teredo set state disabled
write-host "Disabling 6TO4"
netsh interface 6TO4 set state disabled

Write-Host "Showing interfaces"

netsh.exe interface ipv6 show interfaces
ipconfig
ipconfig /registerdns
Exit-PSSession

Just a note for me, if you see the system.dns exception, remember to show hidden devices and remove the extra 6t04 and teredo adapters.
Use this section if you want to execute this as a script.

#* Filename: KillStupidIPV6.ps1
#*=====================================================================
#* Created: [12-21-10]
#* Author: Tim Lemmers
#* email: tim@liquidclever.com
#
#*=====================================================================
#get the remote computer name from User input

$Srv = Read-Host "Type Machine name"




$session = new-pssession -ComputerName $Srv 
Invoke-command -session $session -scriptblock { netsh interface isatap set state disabled }  
Invoke-command -session $session -scriptblock { netsh interface teredo set state disabled } 
Invoke-command -session $session -scriptblock { netsh interface 6TO4 set state disabled } 
Invoke-command -session $session -scriptblock { netsh.exe interface ipv6 show interfaces } 
Invoke-command -session $session -scriptblock {  ipconfig } 
Invoke-command -session $session -scriptblock { ipconfig /registerdns }

I nearly forgot! you may need to enable remote access to your servers. the best way I’ve found to do so is this:

Enable-PSRemoting 

Hyper-v remote mmc and the RPC server

On the server run this one command:
netsh advfirewall set allprofiles state off
Then I had to go to my desktop
The problem might have been on my Windows 7 PC
1) Goto run: dcomcnfg
2) Plus out Component Services -> Computers -> my computer
3) Right click on the My Computer in the left pane and select COM Security
4) Under edit limits for access permissions, click on Anonymous and allow Remote Access
Then I was able to connect to the Hyper-v manager!

Powershell and Wsus client reset

Recently I had an issue with my Wsus server. I had to reinstall the software while keeping my old database. I noticed that some of my clients wouldn’t populate in the wsus server. They all seemed to be getting updates though. My first thought was to force the client to check in by running the following on the client machine.

wuauclt.exe /detectnow

Usually that would cause a client to detect the settings it got from the Group Policy I have set up. Then something really odd happened. The “missing” client would show up for a moment or two when I refreshed the wsus console, then dissapear again. The total device count in the wsus console would not increment.

After some banging around I found that I needed to reset the authorization on the client. My guess is that when I reinstalled the Wsus console some of the clients had invalid IDs.

The fix goes like this:
Remove the Registry value for HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
-SusClientId
-SusClientIdValidation
Restart the Automatic Updates service (wuauserv)
Run

wuauclt.exe /resetauthorization /detectnow

from the command line

This solved my issue by re-adding the clients to the Wsus server. problem solved, right? Hardly! I had about 80 of these to do. I’ve been doing some powershell scripting with Steve over at MindOfRoot. I thought this would be a good chance to try writting a script on my own. What I came up with is clumsy and even spits out some errors but works like a charm. Feel free to post comments about how to clean it up.

#* Filename: DelRegValuesRemote.ps1
#*=====================================================================
#* Created: [3-31-10]
#* Author: Tim Lemmers
#* 
#
#*=====================================================================
#get the remote computer name from User input
$Srv = Read-Host "Type Machine name"

#define registry location
$key = "SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate"

#set registry hive HKLM
$type = [Microsoft.Win32.RegistryHive]::LocalMachine
$regKey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($type, $Srv)
$regKey = $regKey.OpenSubKey($key,$true)

#show the server and values found from the registry
Write-Host
Write-host "Server name"
Write-host "------"
$Srv
Write-Host
Write-Host "Values Before Delete"
Write-Host "------"
Foreach($val in $regKey.GetValueNames()){$val}
Read-Host “Press enter to continue”

#Delete the values found above
Foreach($val in $regKey.GetValueNames()){$regKey.DeleteValue($val)}

#show values after deletion to make sure they are gone
Write-Host
Write-Host "Values After Delete"
Write-Host "------"
Foreach($val in $regKey.GetValueNames()){$val}

#Restart the automatic updates service
(Get-WmiObject -computer $Srv Win32_Service -Filter "Name='wuauserv'").InvokeMethod("StopService",$null)
#pause a moment to let snarky services stop - I'm not sure this is needed
Start-Sleep -s 4

(Get-WmiObject -computer $Srv Win32_Service -Filter "Name='wuauserv'").InvokeMethod("StartService",$null)

cmd /c psexec.exe \\$Srv -d C:\windows\system32\wuauclt.exe /resetauthorization /detectnow

Write-Host “This AU client will now check for the Updates on the Local WSUS Server.”
Read-Host “Press enter to continue”
Return top