One Post SBS Configuration

We are doing the following and are quite successful with the setup:

• 2x Windows Server STD
• Windows CALs
• Exchange STD
• Exchange CALs
• RDS CALs

With that we set up one host with Hyper-V (2012 R2 preferred).

• VM 1: DC
• VM 2: Exchange 2013 CU3
• VM 3: RDS
• VM 4: LoB, WSUS

We just finished migrating our last SBS 2003 out to this setup (though with two servers and a few extra licenses).

For larger firms we can set up two identical servers and have licensing in place to allow for the following:

• Server 1 & 2: DC VM with DHCP Failover enabled (new 2012 R2 feature)
• Server 1: LoB VM with Replica to Server 2
• Server 1: Exchange
• Server 1: RDS VM with Replica to Server 2

Because Exchange and SQL have their own built-in redundancy features we have the option to configure in-guest clustering to build out the required redundancy for them.

Or, we can go with two servers with dual SAS HBAs and a dual controller SAS direct attached storage (MD3220, VTrak E610sD, DS3524) and set up an actual Hyper-V Failover Cluster. This option works very well for the very downtime conscious client.

Philip Elder
Microsoft Cluster MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
Third Tier: Enterprise Solutions for Small Business

RDWeb in Windows Server 2012 R2

If you have not seen RDWeb in Windows Server 2012 R2 yet, then a look at the feature along with the full Remote Desktop Services suite of abilities in Windows Server 2012 R2 is a must.

Our "Collaborate Anywhere" solution (sound familiar eh? ;) ) is based upon RDWeb and the AuthAnvil Secure Access Portal that we are investing heavily in.

We believe that Cloud has it's place however on-premises still provides the _same_ feature set and location flexibility to our clients that Cloud vendors extol to Cloud alone with the added benefit of data ownership and security.

Philip Elder
Microsoft Cluster MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
Third Tier: Enterprise Solutions for Small Business

Set Exchange 2010 and 2013 Internal and External Virtual Directory URLs in PowerShell

Here are the elevated PowerShell commands to run to set the virtual directory URLs

• Get-ActiveSyncVirtualDirectory -server EXCHANGE | Set-ActiveSyncVirtualDirectory -ExternalUrl 'https://mail.DOMAIN.ca/Microsoft-Server-ActiveSync' -InternalUrl 'https://mail.DOMAIN.ca/Microsoft-Server-ActiveSync'
• Get-AutodiscoverVirtualDirectory -server EXCHANGE | Set-AutodiscoverVirtualDirectory -ExternalUrl 'https://mail.DOMAIN.ca/Autodiscover/Autodiscover.xml' -InternalUrl 'https://mail.DOMAIN.ca/Autodiscover/Autodiscover.xml'
• Get-ECPVirtualDirectory -server EXCHANGE | Set-ECPVirtualDirectory -ExternalUrl 'https://mail.DOMAIN.ca/ECP' -InternalUrl 'https://mail.DOMAIN.ca/ECP'
• Get-OabVirtualDirectory -server EXCHANGE | Set-OabVirtualDirectory -ExternalUrl 'https://mail.DOMAIN.ca/OAB' -InternalUrl 'https://mail.DOMAIN.ca/OAB'
• Get-WebServicesVirtualDirectory -server EXCHANGE | Set-WebServicesVirtualDirectory -ExternalUrl 'https://mail.DOMAIN.ca/EWS/Exchange.asmx' -InternalUrl 'https://mail.DOMAIN.ca/EWS/Exchange.asmx'

The elevated PowerShell commands to verify the settings:

• Get-ActiveSyncVirtualDirectory | fl internalurl,externalurl
• Get-AutoDiscoverVirtualDirectory | fl internalurl,externalurl
• Get-ECPVirtualDirectory | fl internalurl,externalurl
• Get-OabVirtualDirectory | fl internalurl,externalurl
• Get-WebServicesVirtualDirectory | fl internalurl,externalurl

Please note that we run a split DNS setup to have the external URL map to an internal IP address while folks are in the office (as per SBS STD).

UPDATE 2014-02-14: Dave Shackelford was kind enough to point out the errors in my copy & paste methodology. The proper syntax for each Set command has been done. :)

Philip Elder
Microsoft Cluster MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
Third Tier: Enterprise Solutions for Small Business

Hyper-V: Set Up A Permanent Host OS Flash Drive

All of our Hyper-V hosts whether standalone or clustered 1U/2U nodes have a permanent flash drive plugged into the server.

They also have an Intel RMM, Dell iDRAC Enterprise, or HP iLO Advanced set up for full remote KVM over IP access.

We can then flatten and restore that host to production worthy status in about 30-45 minutes. PowerShell has a lot to do with the ability to make this happen as far as post OS configuration.

Here's how we do it:

1. DiskPart
1. List Disk
2. Select Disk x (flash)
3. Clean
4. Create Partition Primary
5. Select Partition 1
6. Format FS=NTFS Quick Label=”HV_Node-01”
7. Active
8. Assign
2. Have the host OS ISO mounted and copy its ENTIRE contents to the root of the flash drive.
3. We then create the following folders in the root of the flash drive:
1. _Drivers
2. _Utilities
3. _Software

What goes into those folders:

• Drivers = obvious
• Utilities = things like HVRemote, the bind tools, ETC
• Software = Server Management software

We _never_ back up the host. Period.

Once the host OS has been set up please make sure that having that USB flash drive permanently plugged in does not interfere with the host's boot process by verifying the boot order and USB boot settings in the BIOS.

Philip Elder
Microsoft Cluster MVP
MPECS Inc.
Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
Third Tier: Enterprise Solutions for Small Business

Windows Server 2012 R2 and Two Smaller Servers Over One Big One

Having some thoughts on designing client's IT solutions to provide a relatively simple setup that allows for business to continue on in the event of a hardware failure.

Windows Server 2012 R2 gives us a few more options to facilitate business continuity.

Two smaller servers running their workloads allows for a number of different scenarios for recoverability:

• Hyper-V Replica
• For obvious reasons
• DHCP Failover (built-in, run the wizard after installing the DHCP Role on two systems)
• Very easy to do and gives clients full DHCP if one box goes down (no need to flip a switch somewhere else to enable DHCP)
• Shares all Scope Options and Reservations between the two

Some of the benefits of this setup are:

• AD is covered in the event of a full-stop
• Hiccups can be taken care of by Burflags and/or AD Recycle Bin
• AD continues despite one server going full-stop
• File services and LoBs come back online when replica failover kicks in
• A good backup regimen with restore tests allow flexibility (ShadowProtect)

Our preference has grown into having two key resources duplicated:
•    AD/DNS/DHCP across two separate VMs (2x servers)
•    Hyper-V Replica for VM hosting files and key LoBs

That folks is a poor man’s/woman’s "Cluster" setup.

Yes, there is a bit of extra cost involved for the licensing side of things. And, there may be a price difference on the hardware side of things.

But, when we look at the lifetime of the solution and take that extra cost we can then draw up a dollar amount per user per month using a 36 or 48 month amortization table (or even 60 month if five year warranty) and justify it as the cost of insurance relative to business stoppage costs. This works for us pretty much every time! :)

Philip Elder
Microsoft Cluster MVP
MPECS Inc.
Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
Third Tier: Enterprise Solutions for Small Business

Some Hyper-V PowerShell Commands for You

Here is the command set to create a vSwitch that does _not_ share the connection with the host OS:

• New-VMSwitch -Name vSwitch -NetAdapterName vSwitch -AllowManagementOS 0

Note the zero to indicate no sharing with the host OS.

The -NetAdapterName value is the name of the team we created for the VMs.

Installing features and forcing the local source files is an important thing to do otherwise one may wait a long time while the node or nodes, or a standalone host, try and pull from Microsoft's download servers only to fail much later in the game.

In this case we are installing the RSAT-Clustering feature (in our snip the -IncludeAllSubFeature is missing as we later discovered).

• Install-WindowsFeature RSAT-Clustering -Source wim:d:\sources\install.wim:2 -IncludeAllSubFeature -Restart

Even with the installer pulling the needed files from the locally attached storage (flash drive) this one takes a while. We know we are successful when the node reboots.

Note that we are indicating INDEX 2 for the installer to pull from. That index is for the GUI version of the the OS. If we try and pull the source files from CORE INDEX 1 we will eventually end up with a failed result. And, given how long this process takes it is rather painful to discover just what the installer was looking for in the first place. :(

Philip Elder
Microsoft Cluster MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
Third Tier: Enterprise Solutions for Small Business

Some Thoughts On ARM and Intel Windows 8 Devices and the Windows 8 OS

This is a post to the SBS2K Yahoo List.

OP: Windows and ARM are essentially dead.

My thoughts . . .

I don’t think ARM is dead. Cost wise Intel can’t meet them especially with the new FABs they have built and their ongoing yield issues. There needs to be a cost tier in tech.
 
The ARM/RT/Surface 2 experience is aimed at the iDevice user. Folks that are used to a locked in experience where they need to purchase apps outside of the device to get what they need to be productive. The advantage goes to Surface 2 as it has everything one needs to be fully productive short of Enterprise features like DirectAccess _out of the box_. InTune takes care of the management side of things to some degree to give corporate IT some control over the devices.
 
I like my Surface 2. It’s flaky for sure. It reminds me of the day when we started to see motherboards with the “new” 32-bit PCI slots on them and the industry extolling “Plug and Play” as the new end to IRQs and Jumpers. We called it “Plug and Pray” for _years_ before the tech settled down and started doing what it was supposed to.
 
I believe that the Windows ARM line will, and already is, put a lot of pressure on iDevices and Android devices since users see a device that has their Windows experience out of the box.
 
Kill Microsoft with words over the new Metro/Modern UI and its app environment but Microsoft knows what they are doing. They _know_ user pain moving between different platforms and the cost in lost productivity due to the “where’s my cheese” between them.
 
I can’t count the number of times I’ve been approached with a “my Android device updated and now my stuff is gone or changed how do I get it back” question. That’s one area that Google has totally wrong. It’s not about the devs and their toys it’s about the end-user and their need to stay productive. Windows Phone solves this pain point big time as does iOS as they don’t butcher the user experience between versions.
 
And that is the clincher: As the general public becomes more aware that their PC, tablet, and phone can host the exact same environment in a stable and ongoing fashion, especially through device changes, the Windows platform will grow. The Windows 8/RT platform is relatively stable, provides a methodology to move to new devices and inherit everything, and provides a seamless and similar user experience across ALL devices. That’s Microsoft’s long-term vision IMNSHO.
 
An example: I killed the screen on my Nokia 920. It pancaked on the floor. Box tape is holding the glass together and it still works just fine but seeing through the cracks is painful. So, I bought a new Nokia 1020. It took about an hour after signing in with my Microsoft ID to have EVERYTHING as it was on my 920. The device backup and restore process pulls everything back even my text message threads! I don’t have to plug my phone into a computer or WiFi sync it like the iPhone does (not sure if messaging threads come back with a restore to a new iPhone?).
 
I set up a new Windows 8.1 machine for home based on the Intel NUC. I signed in with my Microsoft ID, set up my app passwords, and pulled down my regular apps from the Store’s “What you purchased” list and I was fully productive. All I needed from there was Office, RD Manager, and Camtasia. Everything else I use is in Metro/Modern UI.
 
If you have not experienced the seamless setup between Windows 8+ systems then you are truly missing out again IMNSHO. I NEED to have every second available to me to stay on top of things. Windows 8 has saved gobs of time over the previous days when I was working on setting up new machines for myself. In fact, after signing into my Microsoft ID (it is 2FA protected so I always need my phone for this step) and setting my passwords into the Mail app (the new PC has all of my Exchange mailboxes ready for a password and to start syncing immediately) I can be productive immediately communication wise.
 
Maybe I’ve drunk the Kool-Aid. Maybe not. But I can tell you the benefits of Windows 8+ far outweigh the cons. Oh, and the Start Button in Windows 8.1 rocks. I did not realize just how much I missed it for managing servers via a windowed RDP/iDRAC/iLO/RMM session. :P
 
One more neat bit: Hit the Start button after setting key mail folders on the Start Menu and the Live Tiles give me an at-a-glance view of all communications. I like that.

Philip Elder
Microsoft Cluster MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
Third Tier: Enterprise Solutions for Small Business

IIS Error: There was an error while performing this operation. A specified logon session does not exist. 0x80070520

We were setting up a test site for our Application Request Routing rule set prior to running things in production and hit this:

Edit Site Binding

There was an error while performing this operation.

Details:

A specified logon session does not exist. It may already have been terminated. (Exception from HRESULT: 0x80070520)

Okay, that was right out in left field.

Fortunately search results were right on:

• freakcode: IIS7 Certificate binding issue

The solution was to delete the certificate and then import it again but this time leaving the Allow this certificate to be exported checked.

Once we did that our site went up with no issues.

Philip Elder
Microsoft MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
Third Tier: Enterprise Solutions for Small Business

RD Gateway and RemoteApp Error: Remote Desktop can't connect to the remote computer "RDS.Domain.Local" for one of these reasons:

We just finished setting up a Windows Server 2012 R2 Standard RDS server and began testing the RD Gateway, RDWeb, and RemoteApp features and hit this:

RemoteApp Disconnected

Remote Desktop can't connect to the remote computer "RDS.Domain.Local" for one of these reasons:

1) Your user account is not authorized to access the RD Gateway "remote.domain.ca"

2) Your computer is not authorized to access the RD Gateway "remote.domain.ca"

3) You are using an incompatible authentication method (for example, the RD Gateway might be expecting a smart card but you provided a password)

Contact your network administrator for assistance.

The third reason is out while the first two are not applicable since our access policies are set up correctly.

Our search brought us to:

• Network Blog: Remote Desktop Gateway client fails authentication with “Your user account is not authorized to access the RD Gateway”

Following Solution 1 we puzzled about trying to figure out where the NPS thing was!

Click on NAP in Server Manager and then right click on the server name. Choose Network Policy Server in the menu.

Once the NPS console comes up right click on the root node NPS (Local) and click Register server in Active Directory.

Click OK twice and then test again.

Good to go!

Philip Elder
Microsoft MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
Third Tier: Enterprise Solutions for Small Business

Hyper-V: Number of NUMA Nodes on a Dual Intel Xeon E5-2630 R2208GZ4GC

Here is a snip of the number of NUMA Nodes in a newly stood up Windows Server 2012 R2 Standard server with a pair of Intel Xeon E5-2630 CPUs in the Intel Server Systems Grizzly Pass 2U setup:

Here is the same setup showing the number of Cores/Threads:

Note that we do not have Hyper-Threading turned off on this particular server.

It's important to note that a VM that is set up with more vCPUs than cores on one CPU may actually perform poorer than the same VM set up with the vCPU setting equal to or one less than the number of cores available on one CPU.

This is what is meant by spanning NUMA nodes.

Suffice it to say we can spend a while discussing the performance impact of too many vCPUs assigned to one VM. Ultimately, one needs to stress test a VM setup using a variety of configurations to find what will be optimal for that particular VM.

Happy New Year's Eve everyone. All the best for 2014! :)

Philip Elder
Microsoft MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
Third Tier: Enterprise Solutions for Small Business

Windows Server 2012 R2: Intel PROSet Install Error: No Intel Adapters Present

This is a bit of a puzzle:

Intel Network Connections Installer Information

Cannot install drivers. No Intel(R) Adapters are present in this computer.

The OS is Windows Server 2012 R2 via the most recent build on Microsoft's Open License management site.

The server is an Intel Server Systems SR1695GPRX2AC 1U server that has a pair of dual-port 82576 series Intel Server Network Adapters plus another single shared port with the installed Intel RMM.

The Windows Server OS is obviously seeing the setup correctly.

So, what do do?

Well, a search via Bing lead us to the following site in the Intel Download Center:

We clicked through to the site and downloaded the version 18.8 PROSet driver for Windows Server 2012.

Now, the servers we are working on are Server Core. So, we have a quick cheat to get that driver onto the local machine:

• Start Notepad [Enter]
• CTRL+O (or File --> Open)
• Change Files of type: to All Files
• 
• Navigate to the driver file
• Right Click and Copy
• Navigate to the destination and Right Click then Paste
• 
• Cancel the Open dialogue box and close NotePad

We then executed the archived file:

We then waited:

Ironically while waiting for the installer to spool up we did a search on the indicated PowerShell module and ended up here:

• Intel Communities: Intel 82574L Broken - Win 2012 R2

That in turn took us to here:

• Intel Support: Network Connectivity: Is my Intel Ethernet Adapter supported in Microsoft Windows Server 2012 R2*?

Okay, so our setup will not be supported by Intel's driver set so we will stick with the in-box drivers. That is okay as in our testing we've not seen any issues like we did with the in-box driver on Windows 7 and Windows Server 2008 R2.

On the PowerShell note we've done some digging around but have not come up with any clear documentation on Intel's PowerShell commandlets. We have a few queries out so we shall see if anything comes back. :)

Otherwise, once we stand up an Intel Server Systems R2208GZ with Server 2012 R2 we will investigate and post back.

Happy New Year's everyone! :)

Philip Elder
Microsoft MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
Third Tier: Enterprise Solutions for Small Business

Repeat After Me: SATA Does Not Belong In Servers Part Deux

For the last number of years we have stopped deploying servers with SATA drives installed.

There are so many reasons why we stopped but here are a few comparisons to SCSI/SAS:

• SATA does not have the ability to manage a high I/O workload
• SATA only offers a single inbound and outbound data port while SAS offers dual ports for redundant paths
• SATA does not have the health monitoring capabilities with SMART certainly not cutting it
• SATA does not offer anywhere near the capabilities and command set that SAS does for server related tasks, disk redundancy, disk sharing, and so much more

There is a reason why disk manufacturers have tacked on SAS controllers to SATA platter sets. These so-called NearLine drives offer all of the SAS goodness but with SATA capacities.

Here is the first public, that I know of, presentation from Microsoft on the _why_ SATA does not belong in servers.

• Microsoft KB2801713: Hyper-V storage: Caching layers and implications for consistency

To quote specifically:

1.Use the per I/O control mechanism that is known as Force Unit Access (FUA). This flag specifies that the drive should write the data to stable media storage before signaling (sic) is finished. Applications that have to do this make sure that data is stable on the disk issue FUA to make sure that data is not lost if a power failure occurs.

Server-class disk drives (SCSI and Fibre Channel) generally support the FUA flag. On commodity drives (ATA, SATA, and USB), FUA might not be honored. (emphasis added) This can potentially leave data in an inconsistent state unless the drive's write cache is disabled. Make sure that the disk subsystem handles FUA correctly if you depend on this mechanism

When listening to a discussion on this the above applies even when SATA disks are used in a properly configured RAID setup whether software (host-based) or hardware RAID on Chip.

In addition, if one were to be setting up a Storage Spaces cluster with multiple paths to the JBOD unit then one would be required to set it up with SAS based SSDs for the high performance storage tier. SATA will work in a single server and single enclosure lab like setting but _not_ in production.

We have had other posts on this topic that outline many other reasons for our decision to drop SATA in servers. The SATA category and the SAS category would be one place to start. :)

Philip Elder
Microsoft MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
Third Tier: Enterprise Solutions for Small Business

SMB Kitchen Subscribers: Hyper-V Q&A Chat to start in about an hour

Look in your e-mail for the link to the chat session.

Philip Elder
Microsoft MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
Third Tier: Enterprise Solutions for Small Business

SMB Kitchen: Hyper-V Q&A Chat this Tuesday December 17th at 1800 EDT and 1600MDT

SMB Kitchen subscribers please join me on Tuesday to have a chat about all things Hyper-V.

Hyper-V Deployment and Clustering

It's time to ask Phil Elder, Hyper-V Deployment and Clustering expert, anything you ever wanted to know on the topic. He's been deploying this stuff since Longhorn (which for those not in the know was the code name for Server 2008) which is when Hyper-V really came into its own. He's shed a lot of blood, sweat, tears and lab hours to get these deployments down to a science. So if you want to ask an expert about your configuration, upcoming project, performance issues, BIOS settings, hardware selection, Phil is your man.

Need pointers in your deployment? Then this is the chat session you want to attend.

This would be a good time to jump in and get some guidance on the how/what/when/where and why Hyper-V.

Philip Elder
Microsoft MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
Third Tier: Enterprise Solutions for Small Business

Microsoft Downloads: TechNet Libraries PDF Downloads Search List

This link opens the Microsoft Downloads site:

• TechNet Library - Search Results - Microsoft Download Center

Note the third one listed in the search results (sorted by newest publish date) is the _entire_ Windows Server 2012 R2 and Windows Server 2012 RTM TechNet Library Documentation! It weighs in at a paltry 110MB in PDF form too.

An example of how great it is to have one searchable document is in the search results _within_ the document for the search term "RDMA".

Try searching for Windows Server and RDMA and come up with a Microsoft product focused set of search results on any search engine.

Philip Elder
Microsoft MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen
Find out more at
Third Tier: Enterprise Solutions for Small Business