Monday 22 September 2014

KB913086: Security Updates Available as ISO Files at Microsoft Download Centre

Microsoft’s security updates can be downloaded in ISO form.

The above site has a list of links to the ISO downloads.

image

We have set up a link on Microsoft’s Download Centre site to sort the ISO files with newest at the top:

image

We suggest bookmarking this link to gain quick access to the newest or latest ISO downloads.

Hat Tip: Thanks to Derek Knight and Russ Stamm (quietman7).

Philip Elder
Microsoft Cluster MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen ASP Project
Find out more at
Third Tier: Enterprise Solutions for Small Business

Monday 15 September 2014

Our SBS (Small Business Solution) Options with Standalone and Cluster Hardware Considerations

We’ve received a number of questions about the “How” we present our SBS to prospective and existing clients.

Our primary focus is on what we have provided with Small Business Server starting with SBS 2003 Standard.

  • Active Directory permissions based security
  • Remote Web Access (RWA/RWW) Portal
  • Remote Desktop access via RD Gateway (since SBS 2008 Standard)
  • RemoteApp access via RD Gateway for LoBs (since SBS 2008 Standard)
  • E-mail services access via Outlook, Outlook Anywhere, Exchange ActiveSync, and Outlook Web Access
  • Remote Folders and Files access
  • SharePoint based document management system
  • SQL backend for LoB, SharePoint, and other needs

We focus on the services the prospect would require while our existing clients are already used to them.

Once we have an understanding of the prospect’s needs, since we already know our client’s business really well, we move forward with a proposal that would be geared towards their business size and sensitivity to downtime.

On the services front where we are installing into a standalone host we would have two options:

  1. Base
    1. Requires two Windows Server OS Licenses
    2. DC, Exchange, RDS, and LoB (WSUS and LoBs)
  2. Premium Add-On
    1. Requires one Windows Server OS License
    2. SQL and SharePoint

Obviously the server and CALs would also be needed for the various components that will be installed into the guest OS.

If we are setting up a cluster then one needs to consider the number of VMs running on one or more of the nodes in the event of a node failure.

On the hardware side we would have a number of options:

  1. Entry-Level Single
    1. E3-1270v3, 32GB ECC, Hardware RAID, 8x 2.5” 10K SAS
  2. Mid-Level Single
    1. Single Socket 1U R1208JP4OC, E5-2600 series, 128GB ECC, Hardware RAID, 8x 2.5” 10K SAS
  3. High-Level Single
    1. Dual Socket 2U R2208GZ4GC, E5-2600 pair, 128GB-256GB ECC, Hardware RAID, 8x 2.5” 10K SAS or 16x 2.5” 10K SAS
  4. Entry-Level Asymmetric Cluster
    1. Pair of 1U R1208JP4OC or 2U R2208GZ4GC and an Intel JBOD2224S2DP
  5. Mid-Level Cluster
    1. Four 2U R2208GZ4GC and an Intel JBOD2224S2DP
      • Two Scale-Out File Server cluster nodes
      • Two Hyper-V cluster nodes
  6. High-End Cluster
    1. Six 2U R2208GZ4GC and three Intel JBOD2224S2DP units
      • Three Scale-Out File server cluster nodes
      • Three Intel JBODS with Two-Way or Three-Way Mirror and Enclosure Resilience
      • Three Hyper-V server cluster nodes

Within the above hardware configurations we would have a lot of flexibility that allows us to customize to the specific needs of the prospective client or our clients.

We work with a number of different firms that are prime candidates for at least an asymmetric cluster setup to minimize the possibility of downtime. The cost associated with these entry-level clusters versus a single larger server for the host platform makes them very attractive.

The basic VM configuration would involve fixed VHDX files unless the files are installed on dedicated partitions/LUNs. Note that we would use a shared set of partitions/LUNs if there are around 10 or more VMs as things get to be a bit of a bear to manage otherwise.

Our base VM configurations would be as follows:

  • DC: 4GB, 95GB OS VHDX, and 1TB Data VHDX
  • Exchange: 8GB, 95GB OS VHDX, and 250GB + 20GB/Mailbox Data VHDX
  • RDS: 4GB+, 95GB OS VHDX, and 100GB + 20GB/User Profile Disk
  • LoB: 8GB, 95GB OS VHDX, and 1TB Data VHDX Minimum
  • SQL: 16GB, 95GB OS VHDX, and 250GB+ Data VHDX
  • SharePoint: 16GB, 95GB OS VHDX, 200GB Data VHDX

We have a set of PowerShell steps and scripts that we use to configure these environments. PowerShell helps to greatly reduce the amount of time required to set things up. It also gives us consistency across all of our client deployments which is vital to troubleshooting if the need arises.

Shameless Plug: We’ve spent some time on the above in our SMBKitchen ASP Author Chats. If you are looking for more information the Author Chat is one of the best ways to do so.

Philip Elder
Microsoft Cluster MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book
Chef de partie in the SMBKitchen ASP Project
Find out more at
Third Tier: Enterprise Solutions for Small Business

Friday 12 September 2014

MANDATORY: Intel JBOD2224S2DP Firmware Update for Same Enclosure ID Storage Spaces Problem

Intel has released a new firmware for the Intel JBOD2224S2DP storage enclosure that deals with the enclosure delivering the same Enclosure ID to Windows Server 2012 R2 Storage Spaces.

Why is this firmware mandatory?

Because up until now when two or more Intel JBOD2224S2DP units were connected to Scale-Out File Server nodes and one ran the Get-StorageEnclosure PowerShell command one would get the same ID back for every one.

The firmware problem killed Storage Spaces enclosure resilience. What is that you ask?

In Storage Spaces, with a Two-Way or Three-Way mirror one can have three enclosures set up to allow one to drop out completely and things keep going.

If one has configured five enclosures with a Three-Way Mirror then the Storage Spaces setup can tolerate two enclosures dropping out.

If the Intel JBOD unit is already in a production setting with plans to add more enclosures at a later date then it is important to note that this firmware update would be required prior to adding the new units.

For new setups, this firmware update should be a part of the preparation steps for the JBOD prior to implementation or baseline testing.

Philip Elder
Microsoft Cluster MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book
Chef de partie in the SMBKitchen ASP Project
Find out more at
Third Tier: Enterprise Solutions for Small Business

Tuesday 9 September 2014

Hyper-V VM: Set Up PDCe NTP Time Server plus other DC's time service

When we are running a greenfield deployment, a migration, or a domain reconfiguration one of the key configurations to get right is the Domain Time setup.

We've had situations where anomalies in the time setup have brought down clusters (node's time was out of whack).

In Hyper-V Management disable time integration for the DC(s).

On the primary DC (PDCe) VM that will be the time authority for the domain we run the following steps (please copy and paste into NotePad to clean up):

w32tm /config /syncfromflags:manual "/manualpeerlist:0.ca.pool.ntp.org,0x1 1.ca.pool.ntp.org,0x1 2.ca.pool.ntp.org,0x1 3.ca.pool.ntp.org,0x1" /reliable:yes
w32tm /config /update
net stop w32time && net start w32time
w32tm /resync /force
w32tm /query /source

If you hit ENTER after the last line above and copy from the line underneath to the beginning of the first line and paste into an elevated CMD all of the steps will run automagically. Note that the NTP.ORG servers are Canadian localized. There are servers for most regions in the world.



On every other DC in the domain we run the following steps in an elevated CMD:
w32tm /config /syncfromflags:domhier /reliable:no /update
net stop w32time && net start w32time
w32tm /resync /force
w32tm /query /source

Note that the above step(s) may need to be run a couple of times to get the settings to seat.

Once the above setup has been completed the domain's time should remain on time. If there are any issues with time, that is it starts to slip or jumps ahead, check in Hyper-V Management to see if the IS setting for Time Sync has not somehow become enabled again.

If it has run the above steps again to reseat the settings.

NOTE: For SQL or high load VMs that tend to skew time, we've seen situations where the VM's time skews before our eyes, then set up a BATCH file with the following in it:
w32tm /resync /force

Set it to run in the VM's Task Scheduler every five minutes. If time still gets too far out of whack then decrease the time increment until the VM keeps its time as much as possible.

Philip Elder
Microsoft Cluster MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book
Chef de partie in the SMBKitchen ASP Project
Find out more at
Third Tier: Enterprise Solutions for Small Business