Friday 20 September 2013

System Uptime on an SQL Server

We are in the process of running some maintenance on a series of servers we rarely get to touch.

image

We have the LoBs offline or in limited usage at the moment:

image

This particular physical server’s sole purpose in life is to host SQL database instances.

So, while it is has been a good run for the server we are about to terminate the close to two year run. :)

For obvious reasons it is our preference to keep things up to date in the server operating system and the server services running on top of that OS. However, sometimes business dictates that we do not touch unless there is a very good reason to.

We do have a number of such situations. In this case, the LoBs provided us with the opportunity to reboot, run some updates, reboot, and then service pack the various SQL instances.

We now have a fairly happy SQL server that will probably keep running for another year or so until we move this particular client over to a Hyper-V failover cluster.

Have a great weekend everyone and thanks for reading. :)

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Thursday 19 September 2013

Microsoft ID 2 Factor Authentication

If you have not already implemented the newly available 2FA for your Microsoft IDs then maybe it is time to look at doing that.

We’ve all seen the plethora of Yahoo and iTunes accounts compromised.

So, why not take a moment to update all Microsoft IDs used both within the business and personally to have up to date cell phone numbers for text verification and then download and configure the Microsoft Authentication App.

Once the app is on the smartphone enable and confirm 2FA in the Microsoft ID profile.

From then on any Microsoft ID protected property will prompt for the code that is presented in the Authentication App.

There is a check mark for don’t bug me here on those 2FA pages but it kind of defeats the purpose to check those on pretty much any online property now doesn’t it?

IMNSHO, this feature rocks!

Hopefully the banks catch up and start utilizing this kind of security beyond the second layer of personal question protection.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Friday 13 September 2013

Why We Never Dedicate a NIC Port to a VM

We never dedicate a NIC port to a VM. We always _team_ NIC ports. Generally there are two teams in standalone and cluster setups.

Team0: Management (Port 0 on NIC 0 and 1)

Team 1: vSwitch (Ports 1+ on NIC 0 and 1) – Dedicated

I kinda understand the logic of doing that, that is dedicating a NIC port to a VM. However, the whole purpose of virtualization is to separate the guest operating system from the hardware. So, one needs to break from that mindset.

There is no reason why the dual Intel quad-port configurations (8 ports total with 6 for the vSwitch) we do would have a problem with the in some cases 20+ VMs running on the host.

Team configuration exception to the rule would be for CAD/CAM/High Bandwidth needs:

  • Team0: Management (Port 0 on NIC 0 and 1)
  • Team1: vSwitch High I/O (Port 1 on NIC 0 and 1)
  • Team2: vSwitch General VMs (Ports 2+ on NIC 0 and 1)

That leaves a dedicated pair to the higher network bandwidth VM or VMs. We would leave VM density on Team1 at two or three maximum.

BTW, in a disaster recovery scenario having things teamed makes recovery a lot simpler. Trying to keep track of all of those vSwitch names mapped to what VM would be a real PITA when things were tense. Plus, getting all that configured would be that much more time wasted getting things back. Keep It Simple Sir

Oh, and one more thing: Why would one use a dedicated physical port on each node in a cluster for a highly available guest hosted on that cluster?

That leaves a single point of failure and yet we see that it is quite common for NIC teaming to not be used.

With NIC teaming now built into Windows Server 2012 RTM and newer there is no real reason to avoid teaming NICs or NIC Port groups to avoid that single point of failure.

So, when architecting a cluster setup please use NIC Teaming.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Thursday 12 September 2013

Office Pro Plus: Setup Error - Files necessary to run the Office Customization Tool were not found. Run Setup from the installation point of a qualifying product.

That was the error we had when we ran setup /admin from our Office 2013 Pro Plus distribution point.

image

It turns out that we do need to download some additional files from Microsoft's download site.

We downloaded the 32-bit version of the tools and extracted them to a folder.

Once the extraction is complete copy the Admin folder to the root of the Office distribution point.

image

We could then run the setup /admin command from the distribution point and voila:

image

We can now go on and create our MST file to allow for automatic installation, activation, and base configuration of the products.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Wednesday 11 September 2013

Windows Features Error: Windows couldn't complete the requested changes 0x800F0906

We hit this today:

image

Windows Features

Windows couldn't complete the requested changes.

Windows couldn't connect to the Internet to download necessary files. Make sure that you're connected to the Internet, and click "Retry" to try again.

Error code: 0x800F0906

Our search turned up the following KB:

The OS affected was Windows 8 Enterprise on a greenfield Windows Server 2012 Essentials virtualization setup.

The relevant point for us was in the WSUS settings as we set up WSUS in Group Policy with the appropriate WMI Filters for each operating system. We did _not_ make the respective changes recommended in the KB article though.

image

We made the necessary change to allow for the required files to be pulled down:

image

We then ran GPUpdate /Force on W2012E and the affected system.

image

We were then able to click the Retry button on the error window and the needed content was downloaded.

image

We were then able to move on with our tasks!

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Outlook: Cannot open this item. Outlook has already begun transmitting this message

We had a strange one this morning:

image

A couple of messages were stuck in the Outbox.

This site has some good troubleshooting tips:

However, after running through all of the steps Outlook eventually did step up and send the messages. Though, that happened when Outlook was _in_ Offline Mode.

It turns out that we now know why the Send/Receive process is being hung up:

image

Our Office 365 account was stuck?

image

Apparently there were no issues? Hmmm...

We tried to add the O365 account to a different system's Outlook and we hit this:

image

Using Men&Mice's awesome freebie online DIG tool we checked to make sure that AutoDiscover was indeed set up (which it was when we configured things back when).

image

So, at least at this point it is looking like the service is indeed having an issue.

And finally, after a huge pause Outlook's Send/Receive coughed up an error:

image

With the volume of e-mail we have flowing about right now having Outlook getting hung up on one of the mailboxes during Send/Receive is outright frustrating! :S

We removed the O365 account and sure enough Outlook has started sending and receiving without a hiccup.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Monday 9 September 2013

Windows Server 2012 and Essentials: Error 80073718 on Update(s)

We may be seeing some issues in Windows Server 2012 and W2012E:

In the end the problem points to a "servicing stack corruption" with the OP needing to re-install the operating system from scratch.

While this may be a possible suggestion for a new server setup, those that have had their systems in production for any amount of time are left in a bit of a conundrum.

At this time there is no "fix" for the "problem".

So given that Microsoft would not recommend a third party action, our suggestion for those that have a full server setup in production is to look into running a Swing Migration. Fellow MVP Jeff Middleton's methodologies will preserve Active Directory, Group Policy, and more.

If the setup is a VM then there are a number of options one can pursue to Swing the AD off and back on again.

This method would save a good chunk of time as one would not need to migrate the local profiles over to the rebuilt domain nor have to deal with Group Policy Tattoos if one rebuilds with the same domain name. Plus, if there are on-premises services running in Exchange, SQL, and other Line of Business applications the time savings would be _huge_.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Thursday 5 September 2013

BitLocker Encrypted Drive: Unable to Unlock

We have a number of external BitLocker encrypted drives that we use to tote around our business data with.

After plugging one of the drives into our newly stood up system with Windows Server 2012 RTM being slowly configured as a desktop we hit this:

image

Normally, a BitLocker encrypted drive gets plugged into any Windows Vista and above operating system and a prompt happens to unlock it for full access.

Double clicking on the drive in Explorer did nothing. Nada. Zippo.

In the end we had missed installing the BitLocker components on the machine:

image

Note that a restart would be required once the installer routine completed.

Sure enough, after the reboot we were prompted for the pass phrase after double clicking on the drive’s icon:

image

With BitLocker now included in Windows 8 Pro there is no reason why organizations that do move their desktop operating system platforms over to Windows 8 should not use BitLocker to encrypt every system and external storage device by default.

In fact, for any organization that has sensitive data housed on their systems the only thing stopping the migration to Windows 8 Professional would be Line of Business applications ... maybe. One could work around that with application virtualization or RemoteApps depending on the LoB.

The tools for BitLocker management are also available in Windows Server as well as a part of the Desktop OS Software Assurance and MDOP offering.

And one more thing: With the horsepower that today’s systems offer whole disk encryption as opposed to encrypting only contents is always the best option. BitLocker Content Only Encryption is a new feature in Windows 8.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

SharePoint: Enable Check-In and Check-Out plus Major and Minor Versions

We posted a little video on how to enable the check-in/check-out system and version tracking for SharePoint Libraries on our YouTube Channel.

Enabling Check-In/Check-Out and Versioning in a SharePoint Library

Note that one needs to be signed in as site owner/admin in order to make these changes.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Wednesday 4 September 2013

A Small Windows Server 2012 Issue

This issue is by no means business critical or threatening to bring down a Hyper-V Cluster or the like.

However, someone somewhere in Quality Control seems to have missed the boat on selecting items in the Roles & Features wizard:

image

Note how there is a Check Mark that seemingly indicates the full Role feature set has been installed.

Yet, when we click into that option we get:

image

It seems to us that since there are features within that Role that have not been installed the top level indicator should be the same as the one beside File and iSCSI Services (Installed) no?

This may be a minor thing, but most certainly indicators should indicate the correct status.

We don’t have a Windows Server 2012 R2 version up and running right now so can’t compare the two. Hopefully this little oversight has been fixed in the soon to be released product.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Monday 2 September 2013

StarTech or Vantec for SuperSpeed USB 3 Enclosures and Hubs?

Hands down our choice is for StarTech.

image

The above is a 2.5" drive enclosure with a Seagate Momentus 7200 RPM SATA drive installed. Mean throughput seems to be around 60MB/Second to 80MB/Second.

image

The 3.5" enclosure has a 2TB Seagate 7200 RPM SATA drive installed. Throughput seems to be about the same as the 2.5" drive.

The following link lists all of StarTech's single drive SuperSpeed enclosures:

We also have a 2.5" SuperSpeed enclosure coming that can mount ISOs and present them to the connected device as an optical drive.

image

Both drives are connected to the above SuperSpeed USB 3 hub.

We are using the 3.5" drive to host VHDX files. We have Windows Server 2012 Essentials, Windows Server 2012 with Exchange 2013 RTM, Windows Server 2012 with SharePoint Foundation 2013, Windows Server 2012 with the Remote Desktop Services Role, Windows 8 Enterprise, and finally a Windows Server 2008 R2 OS set up with RRAS to NAT between the Internal and our own networks.

We've passed _a lot_ of data across these SuperSpeed devices without a hiccup.

The same could not be said for the Vantec SuperSpeed USB 3 hub and enclosures. They would cut out causing everything to come to a standstill. We went so far as to try a D-Link SuperSpeed USB 3 hub to see if it would work better but we ended up with connectivity issues.

In the end, we are quite happy with the StarTech products especially their stability with so much data flying around on the USB 3 bus.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Sunday 1 September 2013

Exchange Server 2013: IE10 on Server 2012 and Windows 8 Crashes in /ECP Exchange admin center

In our greenfield deployments getting Exchange 2013 up and running around RTM time was a bit of a challenge give the reality that IE 10 on both Windows Server 2012 and Windows 8 just did not work.

To fix that problem the following needs to be installed:

Note that some security related settings may be reset once this update is installed.

A  prompt to set IE10 security settings is also to be had after the update was installed.

It is good to see that EAC can now be accessed as expected and without interruption.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer

Exchange 2013 ECP Error: The user has insufficient access rights. Active directory response: 00002098: SecErr: DSID-03150BC1, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

After setting up Exchange 2013 Standard on a VM we hit the following problem:

image

Server Error in '/owa' Application.

The user has insufficient access rights.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.DirectoryServices.Protocols.DirectoryOperationException: The user has insufficient access rights.
Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[DirectoryOperationException: The user has insufficient access rights.]

System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut) +1904

System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout) +381

Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation, Nullable`1 clientSideSearchTimeout) +3849

Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException, Boolean isSync) +1062

[ADOperationException: Active Directory operation failed on vW2012E.MPECSINC.local. This error is not retriable. Additional information: Insufficient access rights to perform the operation.

Active directory response: 00002098: SecErr: DSID-03150BC1, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

]

Microsoft.Exchange.Data.Directory.ADDataSession.AnalyzeDirectoryError(PooledLdapConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer) +3736

Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException, Boolean isSync) +1945

Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException) +27

Microsoft.Exchange.Data.Directory.ADDataSession.Save(ADObject instanceToSave, IEnumerable`1 properties, Boolean bypassValidation) +2082

Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save() +1078

[StoragePermanentException: There was a problem accessing Active Directory. Check your network connections and try again.]

Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save() +1600

Microsoft.Exchange.Clients.Owa2.Server.Core.RequestDispatcher.HandleLanguagePost(RequestContext requestContext, CultureInfo culture, String timeZoneKeyName, Boolean isOptimized, String destination) +2072

Microsoft.Exchange.Clients.Owa2.Server.Core.RequestDispatcher.DispatchIfLanguagePost(RequestContext requestContext) +642

Microsoft.Exchange.Clients.Owa2.Server.Core.RequestDispatcher.InternalDispatchRequest(RequestContext requestContext) +620

Microsoft.Exchange.Clients.Owa2.Server.Core.RequestDispatcher.DispatchRequest(RequestContext requestContext) +297

Microsoft.Exchange.Clients.Owa2.Server.Core.OwaRequestHandler.OnPostAuthorizeRequest(Object sender, EventArgs e) +352

System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +80

System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +165

Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.17929

There was not a lot that turned up in our searches.

In the end, we needed to run the following command on the Windows Server 2012 Essentials server from the Exchange 2013 install disk:

  • Setup /PrepareAD /IAcceptExchangeServerLicenseTerms
  • image

Once the above command finished running we hit refresh in IE and we were in.

image

Please note that these shots are via one of our labs we are running through in preparation for some SMB Kitchen Project content.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
www.thirdtier.net/enterprise-solutions-for-small-business/

Windows Live Writer