So finally, the new book is out. This book is about server deployment using MDT 20120 Update 1. In this book we show you how how to create ref images for Windows Server 2008 R2 and Windows Server 2003 and trust me, 2003 is not even close to be funny in this case. We also show you how to deploy them with real drivers and real applications. We have created plenty of task sequences so most of the different server roles are included. We also have something around SCVMM, it is basically an image in SCVMM, but then we use MDT 20120 as a task sequence engine to finalize the configuration. A very nice combo. Just a short note, even I you primary target is client, this book could give you some tips and tricks.
– If we have started the next book, Vol III?
– Yes, we have….
http://www.amazon.com/Deployment-Fundamentals-Vol-Deploying-Physical/dp/9197939005/ref=sr_1_1?ie=UTF8&qid=1324448116&sr=8-1
Technorati Tags:
Deployment,
Book/mike
Back in 1628
The disaster was a fact; the Kings' new ship sank on the maiden voyage, the reason? Basically it was bad planning, bad construction, and bad decisions. The ship was too high, had one cannon deck too much, too much cannons (like 500 or so). It was just one of those bad days, it sallied for about 1300 meters and then came out of lee, the sails was filled with wind and it heeled over to port, then once more and then the water started to rush in to the open gun ports and then it sank. Around 30 of the 150 in the crew died.
It was not a glories day for the Swedish Navy.
You can avoid this disaster when it comes OS Deployment by using tools that are available from Microsoft for free and let us start with the most important tool:
Microsoft Assessment and Planning Toolkit
A starting point, MAP gives you the “what do I have and what options do I have”. I use this tool to create reports (it seems that business people have an easier understanding for pie charts and MAP can create those very nicely), get inventories, and get ideas. I call it an “illuminate-or”, since it illuminates the environment so that you then know what your options are. Below are some screenshots of the tool. There is new version of this toolkit soon to be released, it has some nice new/improved features, most of them related to the “cloud”.
There is very useful training kit, it contains a sample database so you can see how reports and pie charts would like in your or your customers environment. You can download it here
Highlights:
- Does not install any agent
- very light weight
- Works in almost any kind of environment
- A variety of different reports and inventory's
A Windows 7 readiness overview:
A Web application discovery:
A Web Browser discover (Normally it does not look as “clean” as this):
An Office 365 Discovery:
Infrastructure Planning and Design Guide’s
Hey, this is one really nice thing. This is not really White Papers, not really TechNet stuff, this. “Blue Prints”. That means that in these documents Microsoft have explain what technology works in what scenarios, for example, using Direct Access a solution for Contract Workers does not really work, there are other technology that works better. There are MANY documents and here is my list that I think you should read:
Windows Optimized Desktop Scenarios
So, this document helps to understand basically what features and functions that works in different environment and it helps to get a better understanding why most networks are a subject for improvement, you should read this.
Windows User State Virtualization.
Here is the document that describes how to deal with Offline Files, Roaming Profiles and Folder Redirection, you should know all this. But if you don’t know, download and read.
Application Compatibility Toolkit
Since applications tend to be one of the issues we need to take care of, ACT is one of the tools that could help you. It contains multiple applications. The one you normally start with is Microsoft Application Compatibility Manager. In this tool you can create an Inventory packet as an MSI file, distribute that and get data from all the machines back in a short while so you can see what apps you really have. You then use the tools as part of testing apps, planning what apps to test, create reports of applications. You can use a connector between SCCM and ACT to make it even better and here is how it looks:
The one and only (that I know of) that could call himself “King of ACT” is Chris Jackson. If you in any way are responsible for the application to work in the new OS, you should listen to him, very carefully. Check out is blog
Note: If you install ACT 5.6, Chris has done a really horrible application for you to “fix”, it is called Stock viewer. To make it work in Windows 7, just follow the instructions in the self-paced training material that is included in ACT.
And hey, don’t start testing applications BEFORE you have read this very carefully, ok?
Chris Jackson’s Formula (for When to Test For Application Compatibility)
Security Compliance Manager
I have no clue on how many times people have asked me “-How do you secure a Windows 7 client", is there any Whitepaper?”
With SCM you can create security policy's based on different templates that is provided by Microsoft (for now), you can then tweak them using the built help that explain all the settings and then you “lock” it, export it as a GPO, import that in to AD (or apply it locally) and then import the DCM file into SCCM to verify those settings, a neat little toolkit that just have been upgraded to version 2
Internet Explorer Administration Kit (IEAK)
This tool is new for IE9, but has been around for other versions of IE. If possible you should use this tool. It will give you the capability to customize IE pretty much exactly the way you would like it to be. It is easy to use and gives you so much flexibility in IE. The wizard will download the files for IE needed and then you run the Wizard, make all selections and when you are done you have one .EXE file and one .MSI file for the version you just configured, you need one for x86 and x64 for you just run it twice to create two folders, one for x86 and one for x64
There are “some” features to configure. J
Some of the settings you might never seen
This customer wanted me to change the default search provider to another vendor…
Next time I’ll cover the other tools.
/mike
It’s time for Johan Arwidmark and me to deliver the “Geek Week”, this is by far the most exiting training I have ever done, it is fun, it is very technical and I have never ever had so many “-Aha, I did not know you could do that?”
The reason why it is so fun for us and in many cases “exiting” for our attendees is that it is “complete”, that means that we cover everything more or less, we start out with general Windows 7 Deployment, ref images, Windows Deployment Services, Microsoft Deployment Toolkit, Lite Touch, Zero touch, Applications, MAP and ACT and that is only the first 2 days and you build most of this. So what will happen next then? Since the world is not perfect and deployment people normally know less of the “Dark Side” (That is Server Side) we start putting up different solutions for app-compat issues, so we will setup System Center Virtual Machine manager, learn Hyper-V, Scripting Hyper-V, Deploy Terminal Servers, Learn GPP/GPO, learn things around File, Print, Active Directory and everything that you really need know about. We also spend time on troubleshooting of course
We normally stay at the same hotel, that means all of us, so is just happens to be a bar there. So after class there will be a bunch of doing down in the hotel to continue the “class” over a drink.
It is hard to describe this event, but at least I tried. We don’t run those events very often so you might want to join in, I’ll guess we will run the next event in the summer of 2012 or even later than that.
Anyway, you can read what other are saying about this here Microsoft Pinpoint’
and you can read more and sign up here - http://www.truesec.com/infrastructure/labs/deployment/migration/deployment_geek_week
Really hope to see you there.
/mike
- Where = Stockholm, LabCenter
- Date = Wednesday the 9 of November 2011
- Time = 17:00
- Subject = Cloud
- Language = Swedish
During the evening I’ll talk about cloud, cloud services, what I have discovered so far, what I think will happen. I’ll focus on the Microsoft based cloud stuff, since that is what I know. I’ll show you Windows Intune, Office 365, Azure, connectors, things that works, things that… well let’s say everything is not perfect. I’ll try to show as much as I can in demo form. I almost forgot one thing, I’ll also cover Private Clouds of course, that focus will be on System Center Virtual Machine Manager 2012 and Hyper-V
If you think that spending an evening with me is a fun thing, just go to:
http://www.labcenter.se/2w.aspx
and sign up, the event is of course free
Hope to see you
/mike
Göteborg (29 November), Sundsvall (30 November), Stockholm (1 December), Malmö (2 december)
Det har nog inte undgått många att Microsoft släpper en hel svit nya produkter inom System Center under nästa år. I torsdags (27:e oktober) släpptes Release Candidate 1 (RC1) till Configuration Manager 2012.
Microsoft TechNet och Knowledge Factory bjuder in till en teknisk heldag där vi går igenom Configuration Manager (SCCM) 2012 och Microsoft Deployment Toolkit (MDT) 2012. Vi gästas av ingen mindre än Wally Mead - En legend inom Microsoft och Systems Management som vi flyger hit direkt från Redmond. Det Wally inte vet om SCCM 2012 är inte värt att veta :)
Utöver sessionerna med Wally Mead så föreläser av Mikael Nyström från TrueSec samt Johan Arwidmark och Andreas Stenhall från Knowledge Factory. Alla är riktigt tunga namn inom både Systems Management och Windows Deployment... Välkommen till en fantastisk föreläsning!
- Keynote: ConfigMgr 2012 - Software Distribution rocks the world - Wally Mead
- Building the perfect Windows 7 image - Andreas Stenhall
- The power of MDT 2012 Lite Touch - Demo Mania - Mikael Nyström och Johan Arwidmark
- Advanced Software Distribution in ConfigMgr 2012 - Wally Mead
- OS deployment - MDT 2012 - ConfigMgr 2012 - Better together - Mikael Nyström och Johan Arwidmark
Agenda
Anmälan
Hey, don’t think you would like to miss this, one of the master minds behind MDT and and OSD in general Michael Niehaus is delivering a Webcast on Nov the 17. In this webcast will explain the inner details around the OSD TaskSequence in SCCM, what the steps do, how to trouble shot and so on.
For more information, check out http://myitforum.com/myitforumwp/services/events/event/sccm-guru-webcast-series-2/
/mike
Technorati Tags:
Deployment,
SCCM
On October the 27, 2011 between 12 noon and 1 pm (EST) Johan Arwidmark and I (Mikael Nystrom) will do a one hour session on Windows Intune, we are going to cover deployment, configuration, application management, how to play with reports, some tips and tricks on how to get the best from Windows Intune. Since Windows Intune can deploy MSI, MSP and EXE files we will spend sometime creating packages using some nice tools. The number of PPT slides will be “low” but the number of demo minutes will compensate that….
The event is of course free and the only thing you need to do is to sign up here to get the event link.
http://www.truesec.com/livemeetings
/mike
Yes, it works. It is possible to run Windows 8 Preview Version as a boot-from-vhd on your Windows 7 (2008 R2) machine. You do need a version of Windows 7 that supports Boot from VHD (Enterprise/Ultimate) for this to work.
I have played with this in both VM’s and in physical machines and so far no issues at all. To be honest it was bit scary the first time the new version was starting up because it did not show me the OS list, it just started Windows 8 Preview Version. But that is an easy fix, just reboot the Windows 8 Preview Version machine and press F8 and that will give a menu to choose OS from.
The reason for me to do boot from VHD is that a wanted to test Windows 8 Preview Version on my hardware, with drivers and all that stuff. If you just want to see Windows 8 Preview Version you can run it virtualized instead.
So, here are the step-by-step instructions:
First Step – Create the VHD
First we need to create a VHD file from the ISO image you have downloaded and there are more then one way of doing this. Here is the easy method
Download and install WAIK for Windows 7 (We just need Imagex.exe from that so if you have that you can just copy that file from the existing WAIK install)
Download WIM2VHD and store in a folder on your PC (C:\TOOLS\WIM2VHD as an example)
Mount the ISO image using some nice utility (Virtual Clone Drive from www.slysoft.com is my choice)
Open up an elevated command prompt (If you have installed WAIK, there is a special command prompt for the WAIK toolkit which will update the path to ImageX)
Execute the following: (In this case G: is the drive letter on the virtual CD/DVD)
cscript WIM2VHD.wsf /wim:"g:\sources\install.wim" /VHD:"c:\TOOLS\WIM2VHD\win8.vhd" /size:20000
Done! No you have a VHD file with Windows 8 Preview OS. A tip here is to take a copy of the file, that way you can easily “start” over by booting into Windows 7 and replace the file from the copy.
Second Step – Mount the VHD
In the same command prompt start DISKPART.EXE
Execute the following:
List Vol (it will show you all the volumes you have in your machine, take a note if this)
Select vdisk file="c:\WIM2VHD\win8.vhd"
Attach vdisk
List Vol (Compare the list with the note you took, you should have a new volume, that is your Windows 8 Preview OS. Take a note of the drive letter for the new volume)
Exit from DISKPART.EXE
Third Step – Make the volume bootable and reboot
Still in the same command prompt, execute the following:
BCDBOOT E:\Windows (If E: was the new drive letter that is)
Execute:
Shutdown –r –t 0
And wait until Windows 8 Preview boots up
Fourth Step – Configure Windows 8
Follow the Wizard to finish the installation
Just skip the Product key stuff, not needed now.
Licens stuff, Please read the first lines 
Give it a name:
Select express (modify settings later)
Create a local account:
Hey, you are logged on:
Press ctrl-alt-del and select restart.
Press F8 while rebooting to get into the menu
Select what OS you would like to be default:
/mike
A couple of days ago someone asked me, –“Is this correct syntax for Imagex.exe and peimg.exe to inject drivers in WinPE”?
IMHO, Imagex and Peimg should not be used anymore; they belong to the “Generation-Vista”. Today we use other methods. Here is how you inject drivers in to a wim image, both a WinPE and a normal deployment image. So make sure you use WAIK for Windows 7 and WinPE 3.0
The following commands will mount an existing WinPE wim file first index. This is fine when you create your own WinPE, but if you are to use this Image in WDS you need to mount Index 2 and inject the drivers there. We also run two /Get-Drivers, this is an easy way to see the before and after, not really needed when you do it in a script.
dism /Mount-Wim /Wimfile:"c:\WinPEx64\winpe.wim" /MountDir:"C:\WinPEx64\mount" /Index:1
dism /Image:"C:\WinPEx64\mount" /Get-Drivers
dism /Image:"C:\WinPEx64\mount" /Add-Driver /Driver:"C:\USB3Driver\sp47527\Files\x64\nusb3drv.inf"
dism /Image:"C:\WinPEx64\mount" /Get-Drivers
dism /Unmount-Wim /MountDir:"C:\WinPEx64\mount” /Commit
If you need to add more then one driver, you can modify the script so it looks like this instead
dism /Mount-Wim /Wimfile:"c:\WinPEx64\winpe.wim" /MountDir:"C:\WinPEx64\mount" /Index:1
dism /Image:"C:\WinPEx64\mount" /Get-Drivers
dism /Image:"C:\WinPEx64\mount" /Add-Driver /Driver:C:\Drivers /recurse
dism /Image:"C:\WinPEx64\mount" /Get-Drivers
dism /Unmount-Wim /MountDir:"C:\WinPEx64\mount” /Commit
Just a quick note: It is possible to use WDS to inject drivers. If you have MDT and/or SCCM this “feature” is a part of those solutions.
/mike
No, you should not upgrade, always wipe & load. There might be scenarios where you would like this to work, but it does not. Upgrade on the Server preview version has been blocked. The way to solve this issue is to extract the ISO image, open the source folder and delete the file “noupgrade.txt” and then run setup.exe from the folder.
I have done this on 4 Hyper-V host machines so far and it worked for me. The reason was that I did not want to export/import all the machines just to test new Hyper-V stuff.
However, It is not supported, not recommended.
/mike
Technorati Tags:
Windows 8
If you are testing Windows 8 Server just for the fun of it, you will soon realize that the new Metro-Style application interface does not really work great for server administration (right now), so the easy way is to turn it off.
Here is how to use REG.exe to see the setting and to modify it:
Check the setting:
- reg.exe query HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer /v RPEnabled
- 1 = Metro style
- 0 = Classic Desktop and start menu
Modify the setting:
- reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer /v RPEnabled /d 0 /t REG_DWORD /f
Hopefully the new UI will work better for servers in the future.
/mike
Technorati Tags:
Windows 8
The Deployment Guys has done it again, that is, they wrote a very nice blog post about the fact that if you do need to use media based deployment and you have to much data to store on the media, well suddenly life is no fun any more. It can be solved in a couple of different ways, one is to switch over to USB keys, but maybe that solution is not for you and in that case they have a nice solution to it. The solution contains of scripts and a HTA.
Read their solution for “Getting more into DVD Media Based Deployment”
(direct download to the ZIP)
Here is how it looks when running it:
In September I’ll do a Roadshow here in Sweden (yes, the language will be Swedish)
It will be a full day of Windows Server, Client and management around these. It will also contain things like Windows Intune and System Center Suite. During the day we will cover things like Server Manager, Powershell, Active Directory, Hyper-V, Remote Desktop, File , Print , Failover Cluster, OpsMgr, ConfigMgr, WSUS, Event Viewer, WinRM/WinRS, Opalis, Virtual Machine Manger, Backup, Windows Intune and tools around all this.
During the day we will focus on how to build and manage a modern datacenter based on Microsoft Windows, how to make it easer day-by-day, how to save time and money and how to leverage things you already have but don’t know about. One thing that could be worth mentioning here is that this is more about educating customers then selling things. In other words it will not be a standard roadshow with sales people doing PowerPoint by death….
My best guess is that you don’t want to miss this…
(and since this a Microsoft the cost is…nothing)
If you want to attend or read more in detail, here are the links:
19 of September 2011 - Stockholm
20 of September 2011 – Gothenburg
21 September 2011 – Malmoe
22 September 2011 – Sundsvall
/mike
Technorati Tags:
Roadshow
There is a Roadshow going around the globe. The Europe roadshows starts in Sweden and will then go on in most of the other European countries. First stop is in Gothenburg and the day after it will take a break in Stockholm.
This roadshow is unique, very unique for numerous reasons and here is some of them
To make is crystal clear:
If you work with SMB and SBS servers – THIS IS FOR YOU!!!
I’ll be there
Yes it is true, I’ll be there and since I’m not doing all the talking you have the opportunity to have a chat with me
Jeff Middleton – The genius behind Swing Migration will be there
Jeff is a very good speaker and he is also extremely knowledgeable in migration. And he is also an MVP of course
Oliwer Sommer – A top notch SMB MVP from Germany
Trust me, this guy KNOW SBS and the SMB market inside and out
Marina Roos – One of the Magical M & M’s
She is an SBS MVP from the Netherlands and one of the best SBS MVPS on the planet
The content is:
- SBS 2011 Essentials
- SBS 2011 Standard
- SBS 2011Premium
- Windows Multipoint Server (This one is really cool and it is a MUST SEE)
We will cover migrations, installation, troubleshooting and all the information YOU need to move customers from “something” to the new platforms with getting angry or you getting frustrated.
Hewlett-Packard
Since HP is one of the Sponsors behind this (besides Microsoft) they will come along and show there hardware that works in the SMB segment. most likely on of the best SMB engineers from HP will also be there – Greg Starks
So here is the links and dates for the Event
SMB MVP Community Roadshow Goteborg, Sweden October 3:
SMB MVP Community Roadshow Stockholm, Sweden October 4:
Read more here:
For other location:
Please note the following:
The event is free of charge and it will be held in the English language, but since I’ll be there I can translate if there are things you don’t understand.
/mike
Yes, it is true, there will be a new version of MDT
This session will cover the changes and updates we have in MDT 2012 BETA 1. A session full of demos. We will spend time on both the new features but we will also spend some time one advanced/fun scenarios. That means customsettings.ini, userexists, scripts and some tips and tricks.
The session will be in the Swedish language and on the 1 September 2011
Download link for MDT 2012 BETA 1 https://connect.microsoft.com/site14
Link to the event : https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032490004&Culture=sv-SE
/mike
So it is time to start working again. 
(Note, the session will be held using the Swedish language)
On the 31 of August 2011 I’m going to deliver a one hour session trough Microsoft TechNet on the topic of MAP. It will be a session on how to use it and that means 100% demo and no PowerPoint at all.
So, is MAP something for you then?
Well, it depends, if you are into any kind of change in your or your customers environment, the yes MAP is for you. This is the tool we all should use when starting up any kind of projects that has to do with migrating Windows client and server, Virtualization, Office, Azure, Browsers and other similar
if you already know what MAP is, you can download it from Microsoft directly and start using it, if you don’t. You might want to spend one hour on this session. It is of course free of charge. Just one small note, it will be in the Swedish language.
Link for the event is here:
https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032490003&Culture=sv-SE
Link for download and information of MAP is here:
http://technet.microsoft.com/en-us/library/bb977556.aspx
/mike
Technorati Tags:
Deployment
Today’s story is about a driver, a driver that did not really wanted to be installed. I’ll guess you been in that situation before and I will give a tip on how to make those drives install like a charm. The driver of today’s topic is a Smartcard driver, so first of all we need to force the driver in to the deployment solution, which normally is not too advanced. You just down load the driver, unpack the driver and import the driver into the Deployment Workbench in MDT or as a driver package into SCCM, in MDT we need to create a selection profile so we can ignore PNP and just inject the driver and so I did. First test shows that, yes the driver does get into the driver store but it does not work. You can always see what driver you have in Windows 7 using DISM
DISM /Online /Get-Drivers /Format:Table
Ok, so now I need to read about this driver, so after a while it turns out that the driver can only be installed using “Right click on the INF file and select install” method, Well that then tells me that using the old Rundll32 trick should work, but no luck. Ok, ok let us try the Devcon trick the, nope sorry. Now at this time the customer is asking me if I have any problems and of course I don’t have any problems, it’s just a “bad” driver-day…
So, it works when right clicking, ok. But nothing else seems to work, hmm. There is one thing I haven't tried yet and that is to use the IExpress trick, let us try that and 25 minutes later (re-deploy the machine) it worked like a charm. Now you may ask yourself. –What is the IExpress trick?
Package nasty drivers in a self-extracting and self-installing executable
Now, let us be very clear about one thing, all other methods are better than this (if they work) but sometimes I don’t have time to fly over to the developer with my baseball bat and explain how to do things…
1. Get the driver
In this case the driver is downloadable from the vendor and from http://catalog.update.microsoft.com. From the Vendor it’s a ZIP and from MS catalog it’s a CAB file. A nice thing about MS Catalog is that you can search for the PNP number, but in this case I know the name. A search on “HID C200” will give me “HID Global - Input - HID Crescendo C200”
2. Unpack the driver
ZIP files is, well just ZIP file. CAB files can be opened easily using the command Expand
Expand file.CAB –f:* C:\Driver
3. Pack the Driver using IExpress
What you might not know is that included in Windows 7 there is a packaging application called IExpress and in this case it is really useful.
So, here is the step by step:
Start IExpress by typing IEexpress in a CMD prompt and select to create a new package.
Select to “Extract and run an installation command”.
Give it a name.
Select no confirmation prompt.
Don’t display any license agreement.
Browse to the folder where you have unpacked the drivers and select them all.
Use the dropdown list and select the inf file, if you want to run something else like a batch file, just type the name and it will work.
Nope, no windows please…
Nope, don’t need any kind of messages…
Be sure to select “long names” if the driver have that".
Nope, no restart, we will fix that in the task sequences ourselves.
Save it.
Create the package.
Wait…
4. Deploy the package
Now you have an executable application that works in MDT (have not tested in SCCM, but it might work there too) that will deploy the “nasty” driver in a way that works…
/mike - aka the Deployment Bunny
As might have notice, I do a lot of things with my friend Johan Arwidmark (he also happens to be a fellow MVP) and there are many attendees at the different conferences that that claims that we so much alike. Well the professional side of both of us are pretty much the same, not always (we still fight over things just because we can).
But there are some serious differences. This should give you a hint… (Remember, Chaos is not always a bad thing, ok)
/mike aka the Deployment Bunny
Here are the Sessions that Johan and I will do at the MCT Summit in Stockholm.
/mike
Working with customer is fun and challenging, best thing is that the ask very relevant question, questions that I asked my self long ago but never gave it any thoughts. Recently a customer asked me, “How do make Windows pick the correct driver?” and that my friends are a really god question
The secret behind this is called ranking, ranking occurs when drivers are added to the driver store and that happens of course when we deploy a new Windows 7 machine and drivers are injected. When using MDT in a LiteTouch configuration, the LiteTouch script will do a Plug and Play scanning of the hardware and the use the information the get the correct drivers from the MDT out-of box drivers folder. Now, MDT cant really “know” if that particular driver is the perfect driver so it will copy all drivers to the \Drivers folder on the machine to be deployed. But if you use Driver Groups or any other method that will “filter” the drivers the script would then only copy the one and only driver need.
Well that’s in the perfect word and since that does not exist we will get multiple drivers copied down to the \Drivers folder and then when MDT (using DISM in a offline mode) pushes those drivers into the OS there will be scenarios when we are going to have drivers that have the same PNP number and Windows must choose the correct one and now its time for ranking. In the best of worlds, when all the vendors created perfect drivers and everyone is always running the latest and the greatest this would not be a problem. But in the reality not all vendors have a perfect .inf file, in fact some of them are uglier then others and they does not even work.
Before we go into details on how that work, you might want to know how to “see” this, well that is not a secret there is of course a log file for that and the logical name for that is c:\Windows\inf\setupapi.dev.log and here is a sample where it just happens to be two drivers to pick from: (This log files has been modified and shortened just to show you)
The answer is in setupapi.dev.log
dvi: Enumerating INFs from path list 'C:\Windows\inf'
inf: Opened PNF: 'C:\Windows\System32\DriverStore\FileRepository\usb.inf_amd64_neutral_e2b28ecac19a29af\usb.inf' ([strings.0409])
dvi: Created Driver Node:
dvi: InfName - C:\Windows\System32\DriverStore\FileRepository\usb.inf_amd64_neutral_e2b28ecac19a29af\usb.inf
dvi: Rank - 0x00ff2007
dvi: Created Driver Node:
dvi: InfName - C:\Windows\System32\DriverStore\FileRepository\ewusbdev.inf_amd64_neutral_7ed8b2230e11292c\ewusbdev.inf
dvi: Rank - 0x00ff0001
inf: Searched 2 potential matches in published INF directory
ndv: Selecting best match from Driver Store (including Device Path)...
dvi: Selected:
dvi: Description - [HUAWEI Mobile Connect - USB Device]
dvi: InfFile - [c:\windows\system32\driverstore\filerepository\ewusbdev.inf_amd64_neutral_7ed8b2230e11292c\ewusbdev.inf]
dvi: Rank - [0x00ff0001]
setupapi.dev.log explained
- Windows is missing a driver for 0x00ff2007
- It finds two INF files that could be used
- By “ranking” them Windows then make a decision
- The driver with the lowest value wins, since that just have to be the best…
- In this case
- 0x00ff0001 is lower then 0x00ff2007 and therefore the HUAWEI Mobile Connect - USB Device is better then a generic USB driver
Why and how?
It is always nice to know what all these number means and here it is:
(The official “not so easy to understand” page is here http://msdn.microsoft.com/en-us/library/ff546225(VS.85).aspx")
The ranking number is divided into 3 parts 0xAABBCCCC
- AA stands for: – “Signature Code”
- This one is easy, 00 means its signed, ff means that it is not signed. You can also see how the signer is in the log file
- BB stands for: – “Feature Score”
- Well, here is when the fun begins, the feature score is something the vendor decide by themselves, but to be honest I have not seen this being used by anyone. It should popup in the .inf file if they do.
- CCCC stands for: – “Identifier Score”
- This is also pretty simple, almost every device have at least for different PNP number, here is my NVidia card
And you can see that I have four different PNP numbers on this one, the top one is the exact match, the bottom is kind of generic. The better driver I have the better it will match the top of this list and that will make a low value.
So the best driver you could possible have is 0x00000000, but I have not really seen that kind of driver (yet)
You can find some more information on TechEd on this here:
/mike aka Deployment Bunny
A customer asked me:
- Is it possible to block an attempt to upgrade, refresh or install the Operating System if that model is not “certified?
– Yes, we can set the OSinstall property to N based on model, that will block any attempt
- But that will block that model from running any Task Sequence? That is not what I want…
Well, that is correct, so I needed a way to block that particular model on that particular Task Sequence, so I would like something a bit more sophisticated, something like this:
For task sequence “Windows 7 Enterprise x86 – Basic” the following models are supported and for the task sequence “Windows Server 2008 R2 – Basic” the following models are supported (or something like that) and here is how you do it:
(This has been tested on MDT 2010, MDT2010 update 1 and MDT2012)
Create a new group in your task sequence
- Open up your deployment workbench
- Open your task sequence
- Add a new group called “Certified Hardware”
Like this:
Setting condition on the group
- Select the group Certified Hardware
- Select Options for that group
- Add the following condition:
Task sequence variable “Model not equals HP ProBook 5310m” (if that is the model that you support for this Task sequence)
Like this:
![image_thumb[2]](http://itbloggen.se/cs/cfs-file.ashx/__key/CommunityServer.Blogs.Components.WeblogFiles/micke/image_5F00_thumb2_5F00_thumb_5F00_0A3BEB33.png "image_thumb[2]")
Adding the “blocker”
- Select the group
- Add a “Set Task Sequence Variable”
- Task Sequence Variable = OSInstall
- Value = N
Like this:
![image_thumb[4]](http://itbloggen.se/cs/cfs-file.ashx/__key/CommunityServer.Blogs.Components.WeblogFiles/micke/image_5F00_thumb4_5F00_thumb_5F00_310A0173.png "image_thumb[4]")
Adding script that will write in the log and display “why” the OS install failed
Without this step it will just display a “failed”, but maybe, just maybe you would like to have it a bit more sophisticated. So let us add a script
The script should go into the Scripts folder and you can download it from my SkyDrive http://cid-8563304f134ddcb6.office.live.com/self.aspx/BlogFiles/ZTIUnSupportedHardware.zip
- Download it
- Extract it
- Save it in the scripts folder
- Add a run command before the Set Task Sequence Variable
- Use this command : cscript.exe “%SCRIPTROOT%\ZTIUnSupportedHardware.wsf”
It should look like this:
Let us take a look in the BDD.log file
Here is how it looks in BDD.log
Next step
With this in place you can prohibit installations of Domain Controllers on Laptops, Hyper-V servers on Virtual Machines and people trying to refresh a Machine from XP to XP even if you have NO device drivers for that model, my guess is that this will solve a couple of “Ops, sorry”
If you want to you can add scripts and other logic to this, things that automatically runs a scripts that will collect the hardware information to a log so that you then can figure out what drivers are needed or something like that, or you could add the “Send Email” script so it will send an email to you saying that some “***” tried to do something bad. You could also add the userexit script for ModelAlias and use that. You could also add other conditions, like Firmware, certain kind of hardware and so on. It would be for example possible to run a Web Services that checks if this computer is correctly added into the asset management database or something like that.
Yes, you can also use CustomSettings.ini to perform similar
And here is a couple of samples of that:
Sample No:1 – Blocking on Model
Here is the “easy” way, the only downside with this one is that it will only block based on Model and that could be perfectly ok in many situations.
[Settings]
Priority=Model, Default
Properties=MyCustomProperty
[Default]
OSInstall=N
[HP ProBook 5310m]
OSInstall=Y
[Virtual Machine]
OSInstall=Y
Sample No:2 – Blocking on Model + Task Sequence:
In this sample we create one property and two priority blocks. If we run this WHEN the task Sequence is known (That means that you need to re-run the gather process with “process rules”, ZTIGather will set the model + Task Sequence ID in to the property Model_TS in the [Init] section, it will then process the [CertifiedHardware] section and the use the Subsection to continue to the section that matches the Model+Task Sequence ID, in this case since my machine is a VM running on Hyper-V it will be “Virtual Machine” and if the Task Sequence is W7X64 it will process the [Virtual Machine_W7X64] section and OSinstall property will be set to Y.
[Settings]
Priority=Init, CertifiedHardware, Default
Properties=MyCustomProperty, Model_TS
[Init]
Model_TS=%Model%_%TaskSequenceID%
[Default]
OSInstall=N
[CertifiedHardware]
SubSection=%Model_TS%
[Virtual Machine_W7X64]
OSInstall=Y
More tips…
You can of course block OS install temporary, during maintenance could be a valid scenario. A good friend (And fellow MVP) Maik Koster created a solution for that (I tricked him into it) and you can read a bit more about it here. http://myitforum.com/cs2/blogs/maikkoster/archive/2011/04/05/implementing-a-very-simple-maintenance-mode-in-mdt-litetouch.aspx
And here are some more discussions on how to pick the info from the Database: http://social.technet.microsoft.com/Forums/en-US/mdt/thread/412e54d9-549f-4828-9d5d-d41d14df77e8
/mike aka the Deployment Bunny
This is the second part of a story around the MDT Wizard and the Wizard editor and the saga continues, but this time it’s going to be a bit more tricky since we need to add information to the wizard that does not exist by default in MDT. Last post was easy in the way that we just created a new page in the wizard that displays existing environment information, now the game has changed and my customer wants to have some hardware information, something like this:
The reason of having this page is to be sure that the machine has the correct hardware configuration, things like correct BIOS version, memory, CPU configuration but also to see that it has the Mac address that we “assume” it have. Also, we want to know if the model alias user exit script works correct and sets the correct model alias since we use that as a part of the driver group.
Now, most of the values can be collected directly from using Make, Model, Memory, Product, Architecture, AssetTag, SerialNumber, UUID, MacAddress. But for the rest we need to get them into the MDT environment somehow and the somehow in this case spells “UserExit”
UserExit is a way to extend MDT by writing some custom code (yes, that will be provided, hang on…), execute it and return the value into a custom property that can be used in rules or showed in the wizard page.
A user exit script is basically a VBscript with one or more functions and you can have them in one big userexit script or many, it is easier to have just one since that will be a bit cleaner and easier to manage. What we need is to get the name of the CPU, Hard drive, number of physical CPU’s and logical CPU’s and last but not least SMBiosversion. Well, I missed one, we also need to get the ModelAlias, but that user exit is already created by the deployment guys, so we just grab that and use it
But first of all, lets create the new Wizard page and here is how
Modifying the Wizard
Download the MDT Wizard editor from http://mdtwizardeditor.codeplex.com/
Fire it up and open the “DeployWiz_Definition_ENU.xml”. It is in the scripts folder (Make a backup of the file first). Then you add a new Wizard pane like this:
And then you add this HTML code into that page:
<h1>System information</h1>
<span style="width: 95%;">
<table border="1" cellspacing="1" cellpadding="1" width="650">
<tbody>
<tr>
<td width="110" align="right"><em>Vendor</em></td>
<td align="left"><input style="width: 220px" name=Make readonly></td>
<td width="110" align="right"><em>Model</em></td>
<td align="left"><input style="width: 220px" name=Model readonly></td>
</tr>
<tr>
<td width="110" align="right"><em>Product</em></td>
<td align="left"><input style="width: 220px" name=Product readonly></td>
<td width="110" align="right"><em>Memory(in Mb)</em></td>
<td align="left"><input style="width: 220px" name=Memory readonly></td>
</tr>
<tr>
<td width="110" align="right"><em>CPU (in GHz)</em></td>
<td align="left"><input style="width: 220px" name=processorspeed readonly></td>
<td width="110" align="right"><em>No: CPU\Cores</em></td>
<td align="left"><input style="width: 108px" name=ComputerSystemNumberOfProcessors readonly>\<input style="width:108px" name=ComputerSystemNumberOfLogicalProcessors readonly></td>
</tr>
<tr>
<td width="110" align="right"><em>Harddisk Info</em></td>
<td align="left"><input style="width: 220px" name=DiskDriveCaptation readonly></td>
<td width="110" align="right"><em>Capable Architecture</em></td>
<td align="left"><input style="width: 220px" name="CapableArchitecture" readonly></td>
</tr>
<tr>
<td width="110" align="right"><em>Model Alias</em></td>
<td align="left"><input style="width: 220px" name=MODELALIAS readonly></td>
<td width="110" align="right"><em>SMBIOSVERSION</em></td>
<td align="left"><input style="width: 220px" name=SMBIOSVERSION readonly></td>
</tr>
</tbody>
</table>
<table border="1" cellspacing="1" cellpadding="1" width="650">
<tbody>
<tr>
<td width="150" align="right"><em>CPU</em></td>
<td><input style="width: 490px" name=CPUName readonly></td>
</tr>
<tr>
<tr>
<td width="150" align="right"><em>Serial Number</em></td>
<td><input style="width: 490px" name=Serialnumber readonly></td>
</tr>
<tr>
<td width="150" align="right"><em>UUID</em></td>
<td><input style="width: 490px" name=UUID readonly></td>
</tr>
<tr>
<td width="150" align="right"><em>Mac Address</em></td>
<td><input style="width: 490px" name=MacAddress001 readonly></td>
</tr>
<tr>
<td width="150" align="right"><em>Assettag</em></td>
<td><input style="width: 490px" name=Assettag readonly></td>
</tr>
</tbody>
</table>
</span>
You also need to a “condition” to the page so that you can turn it on or off based on rules and that should look like this:
To be sure that you get it correct, here is the code in plain text
Ucase(Property("SkipHardwareInfo")) <> "YES"
Modifying CustomSettings.ini
So, we are done with the Wizard, but if we run it now it will not really work, now it is time to modify CustomSettings.ini and that should look like this:
[Settings]
Priority=Init, ModelAliasInit, Default
Properties=MyCustomProperty, SkipHardwareInfo, ComputerSystemNumberOfProcessors, ComputerSystemNumberOfLogicalProcessors, ComputerSystemProductIdentifyingNumber, SMBIOSVersion, CPUName, DiskDriveCaptation, ModelAlias
[Init]
ComputerSystemNumberOfProcessors=#GetComputerSystemNumberOfProcessors()#
ComputerSystemNumberOfLogicalProcessors=#GetComputerSystemNumberOfLogicalProcessors()#
ComputerSystemProductIdentifyingNumber=#GetComputerSystemProductIdentifyingNumber()#
SMBIOSVersion=#GetBIOSSMBIOSVersion()#
CPUName=#GetCPUName()#
DiskDriveCaptation=#GetDiskDriveCaptation()#
UserExit=HardwareInfo.vbs
[ModelAliasInit]
ModelAlias=#SetModelAlias()#
UserExit=ModelAliasExit.vbs
Adding the scripts
We need two scripts, one called hardwareinfo.vbs and the other is ModelAlias.vbs, you can get ModelAlias from http://blogs.technet.com/b/deploymentguys/archive/2009/09/10/using-and-extending-model-aliases-for-hardware-specific-application-installation.aspx. The VBScript hardwareinfo.vbs however you will find here:
' //***************************************************************************
' // ***** Script Header *****
' //
' // Solution: Custom Script for use with the Microsoft Deployment Toolkit
' // File: hardwareinfo.vbs
' //
' // Purpose: User exit script to get and set properties to be able to display the HardwareInfo Wizardpane.
' //
' // Usage: Modify CustomSettings.ini similar to this:
' // [Settings]
' // Priority=Init, Default
' // Properties=MyCustomProperty, SkipHardwareInfo, ComputerSystemNumberOfProcessors, ComputerSystemNumberOfLogicalProcessors, ComputerSystemProductIdentifyingNumber, SMBIOSVersion, CPUName, DiskDriveCaptation, ModelAlias
' //
' // [Init]
' // ComputerSystemNumberOfProcessors=#SetComputerSystemNumberOfProcessors()#
' // ComputerSystemNumberOfLogicalProcessors=#SetComputerSystemNumberOfLogicalProcessors()#
' // ComputerSystemProductIdentifyingNumber=#SetComputerSystemProductIdentifyingNumber()#
' // SMBIOSVersion=#SetBIOSSMBIOSVersion()#
' // CPUName=#GetCPUName()#
' // DiskDriveCaptation=#GetDiskDriveCaptation()#
' //
' // Version: 1.0
' // Author: Mikael Nystrom - http://deploymentbunny.com
' //***************************************************************************
Function UserExit(sType, sWhen, sDetail, bSkip)
oLogging.CreateEntry "UserExit:HardwareInfo.vbs started: " & sType & " " & sWhen & " " & sDetail, LogTypeInfo
UserExit = Success
End Function
Function SetComputerSystemNumberOfProcessors()
oLogging.CreateEntry "UserExit:HardwareInfo.vbs - Getting ComputerSystemNumberOfProcessors", LogTypeInfo
Dim objWMI
Dim objResults
Dim objInstance
Dim NumberOfProcessors
Dim ComputerSystemNumberOfProcessors
Set objWMI = GetObject("winmgmts:")
Set objResults = objWMI.InstancesOf("Win32_ComputerSystem")
For each objInstance in objResults
If Not IsNull(objInstance.NumberOfProcessors) Then
NumberOfProcessors = Trim(objInstance.NumberOfProcessors)
End If
Next
If NumberOfProcessors = "" Then
NumberOfProcessors = "UNKNOWN"
End If
SetComputerSystemNumberOfProcessors = NumberOfProcessors
End Function
Function SetComputerSystemNumberOfLogicalProcessors()
oLogging.CreateEntry "UserExit:HardwareInfo.vbs - Getting ComputerSystemNumberOfLogicalProcessors", LogTypeInfo
Dim objWMI
Dim objResults
Dim objInstance
Dim NumberOfLogicalProcessors
Set objWMI = GetObject("winmgmts:")
Set objResults = objWMI.InstancesOf("Win32_ComputerSystem")
If Err then
oLogging.CreateEntry "Error querying Win32_ComputerSystem: " & Err.Description & " (" & Err.Number & ")", LogTypeError
Else
For each objInstance in objResults
If Not IsNull(objInstance.NumberOfLogicalProcessors) Then
NumberOfLogicalProcessors = Trim(objInstance.NumberOfLogicalProcessors)
End If
Next
End If
SetComputerSystemNumberOfLogicalProcessors = NumberOfLogicalProcessors
End Function
Function SetCPUName()
oLogging.CreateEntry "UserExit:HardwareInfo.vbs - Getting CPUName", LogTypeInfo
Dim objWMI
Dim objResults
Dim objInstance
Dim Name
Dim CPUName
Set objWMI = GetObject("winmgmts:")
Set objResults = objWMI.ExecQuery("SELECT * FROM Win32_Processor")
If Err then
oLogging.CreateEntry "Error querying FROM Win32_Processor: " & Err.Description & " (" & Err.Number & ")", LogTypeError
Else
For each objInstance in objResults
If Not IsNull(objInstance.Name) Then
CPUName = Trim(objInstance.Name)
End If
Next
End If
SetCPUName = CPUName
End Function
Function SetBIOSSMBIOSVersion()
oLogging.CreateEntry "UserExit:HardwareInfo.vbs - Getting BIOSSMBIOSVersion", LogTypeInfo
Dim objWMI
Dim objResults
Dim objInstance
Dim SMBIOSBIOSVersion
Set objWMI = GetObject("winmgmts:")
Set objResults = objWMI.ExecQuery("SELECT * FROM Win32_BIOS")
If Err then
oLogging.CreateEntry "Error querying Win32_ComputerSystem: " & Err.Description & " (" & Err.Number & ")", LogTypeError
Else
For each objInstance in objResults
If Not IsNull(objInstance.SMBIOSBIOSVersion) Then
SMBIOSBIOSVersion = Trim(objInstance.SMBIOSBIOSVersion)
End If
Next
End If
SetBIOSSMBIOSVersion = SMBIOSBIOSVersion
End Function
Function SetDiskDriveCaptation()
oLogging.CreateEntry "UserExit:HardwareInfo.vbs - Getting DiskDriveCaptation", LogTypeInfo
Dim objWMI
Dim objResults
Dim objInstance
Dim Caption
Set objWMI = GetObject("winmgmts:")
Set objResults = objWMI.ExecQuery("SELECT * FROM Win32_DiskDrive where mediatype like 'Fixed%hard disk%'")
If Err then
oLogging.CreateEntry "Error querying Win32_DiskDrive: " & Err.Description & " (" & Err.Number & ")", LogTypeError
Else
For each objInstance in objResults
If Not IsNull(objInstance.Caption) Then
Caption = Trim(objInstance.Caption)
End If
Next
End If
SetDiskDriveCaptation = Caption
End Function
Function SetComputerSystemProductIdentifyingNumber()
oLogging.CreateEntry "UserExit:HardwareInfo.vbs - Getting ComputerSystemProductIdentifyingNumber", LogTypeInfo
Dim objWMI
Dim objResults
Dim objInstance
Dim IdentifyingNumber
Dim ComputerSystemProductIdentifyingNumber
Set objWMI = GetObject("winmgmts:")
Set objResults = objWMI.InstancesOf("Win32_ComputerSystemProduct")
For each objInstance in objResults
If Not IsNull(objInstance.IdentifyingNumber) Then
IdentifyingNumber = Trim(objInstance.IdentifyingNumber)
End If
Next
If IdentifyingNumber = "" Then
IdentifyingNumber = "UNKNOWN"
End If
SetComputerSystemProductIdentifyingNumber = IdentifyingNumber
End Function
Wrapping up
So, now you have a new Wizard pane that will give you some more information from the computer before you install the machine and if you don’t like to see that page the only thing you need to do is to add SkipHardwareInfo=YES in Customsettings.ini
/mike
Once again, at 33000 feet over the Atlantic Ocean on my way back from TechEd NA in Atlanta I started to think about all the different properties in MDT 2010 Update 1 that I use which are not really documented, trust me there are “some”. Some of them is, well, not really so useful, but some of them I really use and so should you. So this post is solely made for the purpose of giving you the same “relaxed” life that I have. Hmm, that did not really came out right I think, anyway, You know what I mean, right…
Now, since I not work on that team, I just happen to know the a bit. This is NOT any kind of official description, hopefully someone@microsoft.com will update he documentation sometime around this, especially when virtualization is getting to be more of the standard.
Virtualization Information:
We are deploying more and more virtualization stuff and in MDT 2010 Update 1 we have a bunch of them that you can use:
| Property | Can be | Read Only | Description |
| IsHypervisorRunning | True/False | Yes | Detects if the Microsoft Hypervisor is running on the OS Can be used when you need to detect if the Hyper-V role is installed and running. In that vase you know that this really is a Hyper-V server and then scripts to enable core parking should run |
| SupportsVT | True/False | Yes | Returns True if the hardware supports Intel-VT or AMD-V and it is enabled in BIOS If true you know that this machine should be able to run Virtual PC (and MED-V) otherwise not) |
| SupportsNX | True/False | Yes | Returns True if the hardware supports No Execute BIT and it is enabled in BIOS There could be applications that require this to be disabled or the opposite around, anyway, here is a way of detecting this |
| Supports64Bit | True/False | Yes | Returns True if the hardware supports 64 Bit OS Pretty easy, you could use this to pick the correct Task Sequence for the OS install |
| SupportsHyperVRole | True/False | Yes | Returns True if the hardware supports Microsoft Hyper-V Also easy, if True, well then you can enable the Hyper-V role, otherwise, you cannot. You could use this flip OS install switch to NO and that will prohibit the install of the OS you Hyper-V is something you really need. |
| IsVM | True/False | Yes | Returns True if we are running in a VM. This one is really great, if set to True, well the you are running a VM and most common setting I use for this is DoNotCreateExtraPartition=YES, since there are NO reason to create the extra bit locker partition in a VM; It is the opposite around, it is a pain in the neck to have the 300 mb partition in the end since that will prohibit the possibilities to extend the virtual hard drive if needed without spending some manual labor of rearrange the BCD |
Some others
There are some others that I use from time to time and here you have them
| Property | Can be | Read Only | Description |
| Debug | True/False | No | Returns True if you are running in debug mode, You can also run all scripts with the switch /Debug:True to increase the logging If you just read the value, you can create a separate section in the customsettings,ini file that will set other parameters differently if you run in debug mode, as one example you could specify SLShareDynamicLogging if this is set to True |
| OSCurrentVersion | 6.1.7601 | Yes | Will return the version number of the Operating System that we currently run on. |
| OSCurrentBuild | 7601 | Yes | Will return the Build number which is a subset of the operating system version |
| IsUEFI | True/False | Yes | Returns True if the boot using UEFI instead of BIOS |
| OSSKU | ENTERPRISE | Yes | Returns the SKU name from the OS, it is the same name you can see in the WIM file |
| TaskSequenceVersion | 1.0 | Yes | Returns the value for the Task Sequence version number that you set in the Workbench Could be used to detect what version you run of the Sequence, if it is running a certain number then certain settings should be made, otherwise not |
| TaskSequenceName | Windows 7 x86 Image | Yes | Returns the value of the name of the Task Sequence Most common use I have for this is to set _SMSTSOrgName=Deploying %TaskSequenceName% on %OSDComputer% |
/mike
There is a step in the Task Sequence that checks bios, but most people never check what really happens behind the scenes. Well it checks the BIOS, right. But my best guess is that you did not get this one!
Verifying WYSIWYGComputers BIOS
I know many vendors, but I have never come across this one “WYSIWYGComputers”, I mean I heard about ACME but this one…
But here is the important takeaway, as long as they have fun, they will keep on creating great stuff.
/mike
<?xml version="1.0" encoding="Windows-1252"?>
<DATABASE xsi:schemaLocation="urn:schemas.microsoft.com/appx/2006/07/Dbu Driver.xsd" xmlns="urn:schemas.microsoft.com/appx/2006/07/Dbu" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" MAX_HTMLHELPID="110033">
<DRIVER>
<HISTORY>
<DESCRIPTION>
Insert your description here. This field will be written to the log if a match is found.
</DESCRIPTION>
</HISTORY>
<LOOKUP NAME=" _BIOS_DESCRIPTION_HERE_ ">
<DATA NAME="Computer Manufacturer" VALUETYPE="string" VALUE=" _COMPUTER_MFG_HERE_ "/>
<DATA NAME="Model" VALUETYPE="string" VALUE=" _COMPUTER_MODEL_HERE_"/>
<DATA NAME="Date" VALUETYPE="string" VALUE=" _DATE_TIME_HERE_ "/>
</LOOKUP>
</DRIVER>
<DRIVER>
<HISTORY>
<DESCRIPTION>
The WYSIWYG Super Cool Computer 2007 has a bug in version 1.23 of the BIOS that prevents Windows Vista from installing.
Version 1.24 fixes the problem, please update the BIOS. Check http://drivers.WYSIWYGComputers.com/
</DESCRIPTION>
</HISTORY>
<LOOKUP NAME="XXX ROM BIOS Version 1.23">
<DATA NAME="Computer Manufacturer" VALUETYPE="string" VALUE="Wysiwyg Computers"/>
<DATA NAME="Model" VALUETYPE="string" VALUE="WYSIWYG Super Cool Computer 2007"/>
<DATA NAME="Date" VALUETYPE="string" VALUE="20060801000000.000000+000"/>
</LOOKUP>
</DRIVER>
</DATABASE>
My friend Chris Nackers have a great post on an old nasty issue, the basic issue is that when you deploy Win 7 machines it will end with this:
Here is the solution:
http://myitforum.com/cs2/blogs/cnackers/archive/2011/05/11/incorporating-kb2028749-into-your-microsoft-deployment-toolkit-reference-image-build-process.aspx
/mike
It just “happens” from time to time that I travel, pretty often to be honest (I don’t have many pages left for “Homeland Security” to use anymore). Right now I’m on flight LX1250 from Zurich to Stockholm. I’m on my way home from a customer engagement in the US, I’ll guess you know the feeling, tired, have not slept very well, have not seen the loved ones for a while
I did not think this flight would be any different than others, but I was somewhat wrong. It happens that for some reason that flight LX1250 has the best crew in the Swiss fleet. They are extremely nice and try really hard to make you feel comfortable and trust me, that I do. I mean, check this out
I was sleeping so I missed the food (and I rarely ever eat the food either), but as soon as I woke up, the flight attended was directly at my seat and asked – Would you like some lunch Sir?, I mean just the “sir” thing makes you feel good. Anyway, she gave me the food and todays lunch was some kind of risotto and I’m really a risotto guy so I asked if there was something else and she asked if meatballs was my preferred choice. Hell yes, that I do like. It took less then 3 minutes and then she was standing next to me once more, apologizing for the risotto and then she replaced and she said –Enjoy the lunch, sir (there is the Sir again)
Now, this might not be that fantastic when reading it, but she is doing it in a way that that I feel very, very good. I have noticed when she helps the other passengers and she does the same thing for them to, always smiling and always very professional.
I hope that she some that will be responsible for training all new crew member that works in the Swiss fleet. since it’s all about making the customer happy
I’m a very pleased and happy customer.
Thank you Swiss for letting me fly with you. I appreciate your business.
/mike – Passenger on flight LX1250 from Zurich to Stockholm in seat 1C
Hey, don’t believe that this is a correct way of adding driver, but sometime you just need to be a bit a of “MacGyver” (If anyone can remember that TV Series, I’m Old so, hey I remember that anyway. For those that does not remember that it is all about being in trouble and fixing something extremely complicated to get out of trouble using simple things that you have around you and that is exactly what this is)
So, one more I’m working with a customer (still love that) and we are fooling around with drivers for different reasons, anyhow we need to load a bunch of drivers in the running OS and unfortunately you cannot use DISM.exe when the system is online for the purpose of loading drivers or remove them either for that matter, but you can use PNPUtil and that has one easy syntax, now, PNPUtil has one “small” issue, it cannot traverse folder. (Why is it never simple?)
Remembering “The good old days”
Luckily for me I’m a grove up using 8” floppy's, so I know a bit DOS so I have done the “FOR %variable IN (set) DO command [command-parameters]” stuff a bunch of times (Credit to Björn Österman that explained this stuff many years ago). But then Microsoft started creating all the Resource kits for NT and one of the utilities in there was one of my loved ones, let me introduce Mr. ForeFiles.exe, one of of great hero's back in the days.
Say Hi to ForFiles.exe
Forefiles.exe can basically do this “For every file that matches this criteria do the following” this is a perfect tool for automation when you need to remove, archive, delete files, like this:
forfiles.exe /P D:\ /M *.log /C “CMD /c del @Path”
That command will delete all the *.log files from the entire D:\ and all subfolders and by adding /D you can use date as a variable in many different ways, but this time we are not going to delete a bunch of files, instead we are going to add a bunch of drivers using pnputil.exe and forefiles.exe
Meet PNPUtil.exe
PNPUtil has a simple syntax and it is used to add drivers when then OS is running and here is the syntax:
Microsoft PnP Utility
Usage:
------
pnputil.exe [-f | -i] [ -? | -a | -d | -e ] <INF name>
Examples:
pnputil.exe -a a:\usbcam\USBCAM.INF -> Add package specified by USBCAM.INF
pnputil.exe -a c:\drivers\*.inf -> Add all packages in c:\drivers\
pnputil.exe -i -a a:\usbcam\USBCAM.INF -> Add and install driver package
pnputil.exe -e -> Enumerate all 3rd party packages
pnputil.exe -d oem0.inf -> Delete package oem0.inf
pnputil.exe -f -d oem0.inf -> Force delete package oem0.inf
pnputil.exe -? -> This usage screen
There are two things to note here
- The dev guy did believe that there are still floppy drives around (I’ll guess hi is as old as I am…)
- It does not have the traverse folder function that is needed since I don’t ever have all drivers in ONE folder
Time to for some action
By combining forfiles and pnputil we can create this neat little batch file
forfiles /p %1 /s /m *.inf /c "cmd /c pnputil -a @Path"
Save it as impdrv.cmd and run it using the following command
impdrv.cmd C:\Drivers
And it will search through the entire folder structure from C:\Drivers and add all drivers it can find on a running OS. And yes, you could use this in a task sequence to add drivers after the OS has been loaded if you need this for any reason…
/mike
One of the fastest “Quick n Dirty” you can do to test the behavior of customsetting.ini when you are on the deployment server is to create a batch file and store that in the scripts folder that will run the gather process and display the results. To be honest, make a good test bed is my number one priority, time is the enemy and testing just eats up the time. Here is how-to:
Download and install Trace 32 (you should have this already, but in case you don’t have, get it)
Create a batch file called testini.cmd that looks like this
del C:\MININT\SMSOSD\OSDLOGS\VARIABLES.DAT /q
cscript ZTIGather.wsf /inifile:..\Control\CustomSettings.ini
"C:\Program Files (x86)\ConfigMgr 2007 Toolkit V2\Trace32.exe" c:\minint\smsosd\osdlogs\bdd.log
Now, just run it from an elevated command prompt in the scripts folder of your deployment root and you are done. If you don’t have trace 32 in hand, use notepad.exe instead, that is second “best”
If you need more logging and use notepad instead (I don’t recommend that) just add /debug:true on ztigather.wsf part and replace trace32.exe with notepad, like this
del C:\MININT\SMSOSD\OSDLOGS\VARIABLES.DAT /q
cscript ZTIGather.wsf /Debug:True /inifile:..\Control\CustomSettings.ini
notepad.exe c:\minint\smsosd\osdlogs\bdd.log
/mike
When I was working for a customer a while ago, they asked me if it was possible to modify the Wizard in MDT and of course I answered yes, since that is possible. They wanted many things and in this post I will cover the easy stuff. and that is reading from the existing environment and present it on screen during the deployment…
The requirements was pretty easy, something like…
-Could you help us to create a extra page in the wizard that will help the local tech to be able to see and verify that everything is correct when he is deploying the machine?
-You mean something like this?
-Yes, that would be ok, thank you.
Adding a Deployment Runtime Environment page in the Wizard
So, maybe you would like to do this on your own, and here is how you do:
- Download the Wizard Editor from http://mdtwizardeditor.codeplex.com/
- Create a backup of “DeployWiz_Definition_ENU.xml” (it is in the scripts folder in your deployment root folder)
- Open \scripts\DeployWiz_Definition_ENU.xml using the Wizard Editor
(It should look similar to this)
- Select Deployroot
- Click Add (left side in wizard, far down)
- Create a new “Pane ID” and call it “RunTimeInfo”
(It should look something like this)
Now when you have created the new Wizard page (with the amazing context of “Hello world”) you need to “fill” that page with some good information, and here it is:
-HTML-
<h1>Deployment Environment Information</h1>
<table border="1" cellspacing="1" cellpadding="1" width="650" align="center">
<tbody>
<tr>
<td width="300" align="right"><em>IP Address (ipaddress001)</em></td>
<td><input style="width: 340px" name=ipaddress001 readonly/></td>
</tr>
<tr>
<td width="300" align="right"><em>Default Gateway (DefaultGateway001)</em></td>
<td><input style="width: 340px" name=DefaultGateway001 readonly/></td>
</tr>
<tr>
<td width="300" align="right"><em>Deployment root (Deployroot)</em></td>
<td><input style="width: 340px" name=Deployroot readonly/></td>
</tr>
<tr>
<td width="300" align="right"><em>WDS Server (WDSSERVER)</em></td>
<td><input style="width: 340px" name=WDSSERVER readonly/></td>
</tr>
<tr>
<td width="300" align="right"><em>Log Share (SLShare)</em></td>
<td><input style="width: 340px" name=SLShare readonly/></td>
</tr>
<tr>
<td width="300" align="right"><em>Log Share (SLShareDynamicLogging)</em></td>
<td><input style="width: 340px" name=SLShareDynamicLogging readonly/></td>
</tr>
<tr>
<td width="300" align="right"><em>Backup Share (BackupShare)</em></td>
<td><input style="width: 340px" name=BackupShare readonly/></td>
</tr>
<tr>
<td width="300" align="right"><em>Userdata Share (UDShare)</em></td>
<td><input style="width: 340px" name=UDShare readonly/></td>
</tr>
<tr>
<td width="300" align="right"><em>WSUS Server (WSUSServer)</em></td>
<td><input style="width: 340px" name=WSUSServer readonly/></td>
</tr>
<tr>
<td width="300" align="right"><em>BuildAccount (UserDomain\UserID)</em></td>
<td><input style="width: 110px" name=UserDomain readonly/>\
<input style="width: 110px" name=UserID readonly/></td>
</tr>
<tr>
<td width="300" align="right"><em>JoinAccount(DomainAdminDomain\DomainAdmin)</em></td>
<td><input style="width: 110px" name=DomainAdminDomain readonly/>\
<input style="width: 110px" name=DomainAdmin readonly/></td>
</tr>
</tbody>
</table>
-HTML-
Copy the text between the two –HTML- parts in the text and paste it into the HTML tab in the Wizard, it should look like this when your are done.
And if you click the Preview tab you will see this:
There is one thing left and that is “condition”, we would like to set condition for this page, so what about this as a condition?
ucase(Property("SkipRunTimeInfo")) <> "YES"
It basically means that if SkipRunTimeInfo is set to YES, it should not show and that should work just fine for us.
Switch over to the “Settings” tab and paste that in and your are almost done
If you would like to test the wizard, just go ahead and use the” Wizard – Test” menu in top of the editor.
The only thing you need to do is to add the new property we added, the “SkipRunTimeInfo to the Properties in the Rules file (customsettings.ini)
Like this
And now you are done.
You might ask your self if it is possible to get other kind of information into the wizard pane, and yes, that can be done. This time it was the easy part, just reading the information from the environment we already have and just show it, next time, it will be a bit more fun..
Mike
Finally it is here and ready for download.
Remote Server Administration Tools for Windows® 7 with SP1 enables IT administrators to manage roles and features that are installed on computers that are running Windows Server® 2008 R2, Windows Server® 2008, or Windows Server® 2003, from a remote computer that is running Windows 7 or Windows 7 with SP1.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=7d2f6ad7-656b-4313-a005-4e344e43997d&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3a+MicrosoftDownloadCenter+$Microsoft+Download+Center$
Recently I have done a bunch of “Deploying Windows Server 2008 R2” sessions, one at MMS 2011 on Server Deployment using MDT 2010 and one at Geek Week and at both occasions I was asked to give the details on how I do deploy HP servers. Now, this is not a complete guide from A-Z, but it should give you something that covers most of the configuration needed and also you should be able to see the “pattern” on how to do this. If you do have some special requests, just send an email and I’ll do one more posting on the subject.
The goal for this post is too see how you could automate installation of drivers, support pack, firmware update on HP BL/DL/ML series of hardware (Yes, I’ll create another post on how to do it on Dell servers later…)
Support Pack
Ok, so lets assume we have a HP BL 465C G5 and we would like to install Windows Server 2008 R2 x64 SP1. We would also like to have the firmware updated and the support pack installed. I mean, that sound reasonable, right? Yes, it can be done, in fact I do this all the time, in fact so often that I hardly can remember how to do it manually anymore. If you would like to play with all the other switches that hpsum.exe can do, look for a file called CLIHELP.txt, it is in the same folder where you unpack the stuff.
Let’s begin with the support pack, current version is 8.60.
- Download HP PSP 8.60 from: http://h20000.www2.hp.com/bizsupport/TechSupport/DriverDownload.jsp?lang=sv&cc=se&prodNameId=3716247&taskId=135&prodTypeId=18964&prodSeriesId=3716246&lang=sv&cc=se
- Uncheck the “this files is download from internet stuff” on the properties page of the file, otherwise you risk to have that “safety” thing stuck on the files at that might get you to small issues later on.
- Create a folder for the PSP, call it “INSTALL – HP Support Pack 8.60” and in that folder create a folder called “source”. The Source folder is where we store everything that will be installed, the root folder is for storing scripts that works as wrappers to install the application. This very basic principal applies to EVERY application you are installing using MDT.
- In the root folder you create Install-HP_PSP.WSF that works as the wrapper and it should look like this:
<job id="Install-HP_PSP">
<script language="VBScript" src="..\..\Scripts\ZTIUtility.vbs"/>
<script language="VBScript">
'//----------------------------------------------------------------------------
'// Solution: INSTALL
'// Purpose: Install-HP_PSP
'// Usage: cscript Install-HP_PSP.wsf [/debug:true]
'// Version: 1.1 - 15 Mar 2011 - Mikael Nystrom
'// This script is provided "AS IS" with no warranties.
'//----------------------------------------------------------------------------
'// Global constant and variable declarations
'//----------------------------------------------------------------------------
Option Explicit
Dim iRetVal
'//----------------------------------------------------------------------------
'// End declarations
'//----------------------------------------------------------------------------
'//----------------------------------------------------------------------------
'// Main routine
'//----------------------------------------------------------------------------
On Error Resume Next
iRetVal = ZTIProcess
ProcessResults iRetVal
On Error Goto 0
'//---------------------------------------------------------------------------
'//
'// Function: ZTIProcess()
'//
'// Input: None
'//
'// Return: Success - 0
'// Failure - non-zero
'//
'// Purpose: Perform main ZTI processing
'//
'//---------------------------------------------------------------------------
Function ZTIProcess()
oLogging.CreateEntry "Install-HP_PSP: Starting Install", LogTypeInfo
oUtility.RunWithHeartbeat("source\hpsum.exe /silent /use_snmp")
oLogging.CreateEntry "Install-HP_PSP: Finished Install", LogTypeInfo
End Function
</script>
</job>
As you can see, the active part of the install is “hpsum.exe /silent /use_snmp”. There is a bunch of other settings you can use, but these are the ones I use.
Firmware Packages
We also need the firmware, it is possible to combine it so that patches and firmware installs at the same time, or even possible to let them find new firmware updates using the web, but this is the way I like it, a bit boring but it works…
- Download HP Firmware ISO from: http://h20000.www2.hp.com/bizsupport/TechSupport/DriverDownload.jsp?lang=en&cc=us&prodNameId=1844068&taskId=135&prodTypeId=18964&prodSeriesId=1844067&lang=en&cc=us
- Uncheck the “this files is download from internet stuff” on the properties page of the file, otherwise you risk to have that “safety” thing stuck on the files at that might get you to small issues later on.
- Create a folder for the PSP, call it “INSTALL – HP Firmware 9.20” and in that folder create a folder called “source”. The Source folder is where we store everything that will be installed, the root folder is for storing scripts that works as wrappers to install the application.
- Now, the trick is that when you extract the ZIP file that you download, it contains an ISO image, you need to open that and then extract the content from the ISO and save that in the Source folder
- In the root folder you create Install-HP_FW.WSF that works as the wrapper and it should look like this:
<job id="Install-HP_FW">
<script language="VBScript" src="..\..\Scripts\ZTIUtility.vbs"/>
<script language="VBScript">
'//----------------------------------------------------------------------------
'// Solution: INSTALL
'// Purpose: Install-HP_FW
'// Usage: cscript Install-HP_FW.wsf [/debug:true]
'// Version: 1.0 - 4 Apr 2011 - Mikael Nystrom
'// This script is provided "AS IS" with no warranties
'//----------------------------------------------------------------------------
'// Global constant and variable declarations
'//----------------------------------------------------------------------------
Option Explicit
Dim iRetVal
'//----------------------------------------------------------------------------
'// End declarations
'//----------------------------------------------------------------------------
'//----------------------------------------------------------------------------
'// Main routine
'//----------------------------------------------------------------------------
On Error Resume Next
iRetVal = ZTIProcess
ProcessResults iRetVal
On Error Goto 0
'//---------------------------------------------------------------------------
'//
'// Function: ZTIProcess()
'//
'// Input: None
'//
'// Return: Success - 0
'// Failure - non-zero
'//
'// Purpose: Perform main ZTI processing
'//
'//---------------------------------------------------------------------------
Function ZTIProcess()
oLogging.CreateEntry "Install-HP_Firmware: Starting Install", LogTypeInfo
oUtility.RunWithHeartbeat("Source\hp\swpackages\hpsum.exe /silent")
oLogging.CreateEntry "Install-HP_Firmware: Finished Install", LogTypeInfo
End Function
</script>
</job>
SNMP Configuration
We also need to fix SNMP (in most cases), so we need to install it and if you want SNMP to work correctly for the Support Pack you also need to configure it. And that of course is done by a script.
Create a folder called “CONFIG – SNMP”
In that folder create a file called “CONFIG-SNMP_Services.wsf” that looks like this:
<job id="CONFIG-SNMP_Services">
<script language="VBScript" src="..\..\Scripts\ZTIUtility.vbs"/>
<script language="VBScript">
'//----------------------------------------------------------------------------
'// Solution: Hydration
'// Purpose: Used to configure SNMP
'// Usage: cscript CONFIG-SNMP_Services.wsf [/debug:true]
'// Version: 1.0 - 3 Apr 2011 - Mikael Nystrom
'//
'// This script is provided "AS IS" with no warranties, confers no rights and
'// is not supported at all.
'//
'//----------------------------------------------------------------------------
'//----------------------------------------------------------------------------
'// Global constant and variable declarations
'//----------------------------------------------------------------------------
Option Explicit
Dim iRetVal
'//----------------------------------------------------------------------------
'// End declarations
'//----------------------------------------------------------------------------
'//----------------------------------------------------------------------------
'// Main routine
'//----------------------------------------------------------------------------
On Error Resume Next
iRetVal = ZTIProcess
ProcessResults iRetVal
On Error Goto 0
'//---------------------------------------------------------------------------
'//
'// Function: ZTIProcess()
'//
'// Input: None
'//
'// Return: Success - 0
'// Failure - non-zero
'//
'// Purpose: Perform main ZTI processing
'//
'//---------------------------------------------------------------------------
Function ZTIProcess()
oLogging.CreateEntry "CONFIG-SNMP_Services Adding Community string Public to Registry", LogTypeInfo
oShell.RegWrite "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities\Public", 8, "REG_DWORD"
oLogging.CreateEntry "CONFIG-SNMP_Services Stopping SNMP Service", LogTypeInfo
oUtility.RunWithHeartbeat("NET.exe STOP SNMP /y")
oLogging.CreateEntry "CONFIG-SNMP_Services Waiting 1000", LogTypeInfo
wScript.Sleep 1000
oLogging.CreateEntry "CONFIG-SNMP_Services Starting SNMP Service", LogTypeInfo
oUtility.RunWithHeartbeat("NET.exe START SNMP /y")
oLogging.CreateEntry "CONFIG-SNMP_Services Finished SNMP Configuration", LogTypeInfo
End Function
</script>
</job>
Modifying the Task Sequence
There are many ways of dosing this, you can either do it in the database or customsettings.ini, but in most cases I have found it easier to do this in the task sequence.
You need to create a standard server task sequence with Windows Server 2008 R2 x64 and when you have done that you need to open it up and directly under “State Restore – Tattoo”, you add a new tree structure that looks like this:
As you can see I have added a new group called Hardware and under that folder you have HP. You can also see that the condition for running the content of that folder is that “Make” must be HP, same goes for the next step. The group called ProLiant BL 465c G5 has a similar filter, it is only processed when the “Model” is Proliant BL 465c G5. So you just add a folder structure based on make/model. You can get the Make by running “wmic csproduct get name” from the command prompt on the machine and if you need “Make” it is “wmic csproduct get vendor”
Adding the Application and Settings
No, using deployment workbench you browse down to applications and in there I normally create two folders, one is called INSTALL (Contains real applications) and CONFIG (contains only configuration scripts).
- Create a application with source files, pointing to “CONFIG - SNMP Services” folder, give the application the same name as the folder and set the run command to “cscript.exe CONFIG-SNMP_Services.wsf”
- Create a application with source files, pointing to “INSTALL - HP PSP 8.60” folder give the application the same name as the folder and set the run command to “cscript.exe Install-HP_PSP.WSF”
- Create a Bundle called “HP Support Pack”
- Modify the bundle “HP Support Pack” to be dependent of INSTALL - HP PSP 8.60
- Create a application with source files, pointing to “INSTALL – HP Firmware 9.20” folder give the application the same name as the folder and set the run command to “cscript.exe Install-HP_FW.WSF”
- Create a Bundle called “HP Firmware Update”
- Modify the bundle “HP Firmware Update” to be dependent of INSTALL – HP Firmware 9.20.
This way, you will only use the bundles whenever you reference these installations and that makes it so much easier if you update the support pack, the you just add a new support pack, flip inside the bundle, test and if it does not work as expected you can keep the old one while you are investigating “why” it fails. Again, there are at least 10 other ways of doing this, I just think it is easy and convenient.
Add tasks to the task sequence
Now it is time to do the last part of this, modifying the task sequence so it will do all the steps for you.
Open the task sequence and add the following tasks under the group for your server (in my case, the BL 465c G5)
- Install SNMP = Roles and Features with SNMP checked
- CONFIG – SNMP Services = Install Application - CONFIG - SNMP Services
- INSTALL – HP Support pack = The HP Support pack Bundle
- INSTALL – HP Firmware = The Firmware bundle
It should look something like this
So, as you can see it is not that hard to do it, should be able to figure out on how to do other similar tasks and for other vendor/models
/mike
YES !!!
Microsoft is releasing the iSCSI Target Server and that means that you now can use a Windows Server 2008 R2 x64 OS as a SAN by adding this download, it is so cool!!!.
The Microsoft iSCSI Software Target 3.3 provides storage (disks) over a TCP/IP network. It turns a computer running Windows Server into a storage device which provides shared block storage. You can use Microsoft iSCSI Software Target 3.3 to perform a variety of storage-related tasks, including the following:
- Provide shared storage for Hyper-V to enable high availability and live migration
- Consolidate storage for multiple application servers (i.e. Microsoft SQL Server or Hyper-V)
- Provide shared storage for applications hosted on a Windows failover cluster
- Enable diskless computers to boot remotely from a single operating system image using iSCSI
The Microsoft iSCSI Software Target 3.3 is an economical solution suited for a development or test environment and a small, medium, or branch office production environment. It enables storage consolidation and sharing on a Windows Server by implementing the iSCSI (Internet Small Computer Systems Interface) protocol, which supports SCSI-block access to a storage device over a TCP/IP network. For details on how to manage iSCSI targets, see http://technet.microsoft.com/en-us/library/gg232606(WS.10).aspx.
Read more here and get the download
Blog: http://blogs.technet.com/b/josebda/archive/2011/04/04/microsoft-iscsi-software-target-3-3-for-windows-server-2008-r2-available-for-public-download.aspx
TechNet: http://technet.microsoft.com/en-us/library/gg232597.aspx
Download: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=45105d7f-8c6c-4666-a305-c8189062a0d0
/mike
Yes, it is finally here and the major “thing” is that it fully supports Dynamic Memory and RemoteFX (included in SP1 for Windows Server 2008 R2). In most cases you download the Service Pack, apply it and you are done, but that is NOT the case this time. What you do is to download the complete ISO image and install that. There are reasons, one being that once you have installed SP1 you cannot go back to RTM, since the database has been modified and Microsoft would like to be sure that you have the complete package (the ISO) so that you can perform a disaster recovery operation. Well, ok, but still I think it would have been better if they did release it as a SP trough WSUS, but that is me. Anyway, here are the steps:
Download System Center Virtual Machine Manager 2008 R2 SP1 (read more about different locations and different licensed version here)
- Perform a backup of the SCVMM Database (just to be safe)
- Mount the ISO on the server
- Install SCVMM 2008 R2 SP1 (It will detect that you are running RTM and upgrade itself)
- Stop the SCVMM service
- Uninstall the Console
- Install the SP1 Console
- Start the SCVMM Service
- Done
To be honest, not sure that you need to uninstall/re-install the console, but if I did not do that I could not use/see the new features. When I did, it worked like a charm.
List of features in SCVMM 2008 R2 SP1
- Dynamic Memory
- RemoteFX
- Live migration
- Clustered Shared Volume (CSV) support that enables multiple Highly Available Virtual Machines (HAVM) per LUN.
- Hot add of storage
- Support for VMware vSphere 4 (VMware VI3 feature parity only)
- SAN Migration into and out of clustered hosts
- Processor flexibility
- Network optimization
- Quick storage migration
- Maintenance mode for hosts
- Support for third party cluster file system, Sanbolic Melio FS
- Support for third party storage class resource, Veritas Storage Foundation for Windows
- Expanded support for iSCSI SANs
- Support for VMware port groups for virtual switches
- Support for Virtual Machine permissions assigned in Hyper-V
- Dynamic policy based load balancing
Read more:
/mike
The Deployment Guys has done it once more and we say Thank you 
Here it is – The MDT Debugger 2.0 for LiteTouch
/Mike
Technorati Tags:
Deployment
That means that now have a Laptop with dual monitors, 2 x 256 SSD, 8 cores I7 (Yes, it is correct, it only have 4 "real" cores and 4 HT's) and 16 GB of ram, if my demos runs slow I cant really blame the hardware…
I have updated my laptop, it “was” a HP 8540w I7 CPU, 8 GB of RAM and a 256 SSD Drive from the start. No I have added things:
No 1: Since I only use the DVD for, hmm, lets see I have never used the CD/DVD in my Laptop to be honest. Any way, I replaced it with a drive bay instead. I got it last week at MMS 2011 in Las Vegas, took 2 days to get it directly to the hotel (Thank you FedEx) and I bought it online from: http://www.newmodeus.com/shop/index.php?main_page=product_info&products_id=252&zenid=df56a10cf8d674872544505d2e56959b The installation needed a screw driver and luckily I was given one the day before from Jeremy Chapman at his session on Office Deployment (thank you). In that bay I added another 256 SSD drive, so now I have 2 x 256 SSD’s in my 8540w that by the way runs Windows Server 2008 R2 SP1 as a Hyper-V host
No 2: Also needed more memory, so thanks to http://webhallen.com and http://www.kingston.com I found some nice memory http://www.ec.kingston.com/ecom/configurator_new/vendorpn_se.asp?root=se&LinkBack=http://www.kingston.com/seroot&ktc_partno=KTH%2DX3B%2F4G I opened the machine but found only one open slot for memory, but since my friend Johan Arwidmark told me that there will be one other slot under the keyboard it was Easley fixed, took like 2 minutes, so now I have 16 GB of RAM
No 3: I also need a extra portable screen, and so asking around I found one of course. It is from http://www.deltaco.com http://www.deltaco.se/?itemid=(TV-907D) It has touch, can be fitted in cars, desktops, cases and so on. Looks like this when I’m preparing for tomorrows “demos” (For some reason I pointed to .com and .se, it should be .se, sorry)
/mike
Today it was revealed that a serious security breach occurred at Comodo, a trusted certificate provider. The breach appears to have come from Iran and several "high value certificates" were obtained.
These X.509 certificates include:
- login.live.com
- mail.google.com
- www.google.com
- login.yahoo.com (3 certificates)
- login.skype.com
- addons.mozilla.org
- "Global Trustee"
To protect your Windows computer (PC or server) from trusting these high value certificates, download and install KB2524375 Microsoft Security Advisory: Fraudulent Digital Certificates could allow spoofing from Microsoft as soon as possible. The installation takes only a minute and does not require a restart.
KB2524375 updates both the Computer's and User's Untrusted Certificates list to include the compromised certificates.
Here's what the list looks like before the update:
And here's what it looks like after the update:
Please take a minute to update your computers now. This update is also being pushed out through Windows Update as I write this.
There seems to be some kind of confusion on how to create reference images (or golden images, just another name). There has to be one way for each and every one, or does it.
I have decided to create a series of post on “how-to” on Ref Images and this is the first one.
What is a Ref Image?
Reference Image, Custom Image, Golden Image, well same stuff different name. It is when you take the image from Microsoft and add patches, applications and settings and then redeploy it. Now, there are some rules that must be followed and one is that the image must be sysprepped when deploying it. So that basic steps are:
- Install the OS
- Install Applications
- Install Patches
- Tweak it
- Sysprep & capture
Seems pretty easy, but, there are a bunch of “but’s” here that is for sure. Since Windows Vista things have changed. Now what we get is an “Image”, it’s a wim file, so we do not really need to create one, we could use the WIM file as is and we also have Offline Servicing and that means that we could take the WIM file, mount it, update it with patches and save the WIM file and now deploy it and there are other real cool features that we can do, more on that later. Before we begin, there are some rules you need to follow:
The image must be sysprep:ed, otherwise it is not supported nor does it work correctly in the long run. This is NOT an option, you simply MUST sysprep the image.
The ref image should be created on a “neutral” computer system, and that means a Virtual Machine. There are two reasons here, short-term and long-term.
Short-term: Running on a VM makes it easier and faster, you can undo, test, re-test and do whatever stunt you need to. Running an a VM means that it require less infrastructure (I run my lab on my laptop).
Long-term: If you create the ref image on a new fast laptop/desktop, it will work, trust me. But you will most likely have problems later on, Why?. When you install Windows on a computer it will adjust itself to that particular model, regarding settings and drivers, some of these drivers will also install software and that is fine, well. When you capture the image you need to sysprep it first and that process is supposed to “generalize” the OS and it does. But every vendor does not really handle a sysprep the way they should. Applications that was installed as a part of a driver does not always gets “uninstalled” and that will be a problem when deploying on other hardware, vendor, version and so on. It works perfect if you want to have one image per model and per OS, but that will be like going back into the stone age.
Use Thin images as much as possible. It is much easier to add applications at deployment time instead of doing it in the image, the “only” reason I can figure to be a good reason is to save time, meaning it is much faster to install the app in ref image and the deploy the image. Well isn't that obvious?, No, many apps are being updated so often that when ever you deploy the image there will be a new version of that app and the first thing that happens is that the old app will uninstall and then install the new version, well that takes time. So when ever you think of adding an app to the image, think twice and focus on the question “Do I really save time doing this”
Do not try to solve every problem you have, just make it work and then add more and more things you need, but first just make it work. Think versions, V1, V2 and V3. Version number one is the “look it works, almost” and version number 2 is “It works, just some minor stuff to fix” and version number 3 is “WOW, Awesome”, (in most cases I never do V3)
It should e automated, creating ref images manually takes to much time, it is boring and the “human error factor” is the biggest issue and there for it should be as automated as possible
There are some things you need: (You don’t need the trial if you already have the OS of course)
Time to prepare your Image-Creation-System
We are now going to install WAIK, MDT, create a deployment share, import OS, create a task sequence, create boot images and the we are done. After this you will be able to boot a VM, run the wizard and select to install a Ref Image including sysprep and capture.
- Install WAIK using default settings (next, next, next…)
- Install MDT 2010 using default settings (next, next, next…)
- Using Deployment Workbench - Right click on Deployment Shares and select
- Create a Deployment Share
- Location = C:\MDTBuildLab
- Share Name = MDTBuildLAB$
- Share Description = MDT Build LAB
- Click next on rest of the questions…
- Using Deployment Workbench – Right click on the Operating system node and select “Import Operating system”
- Browse to the DVD for the OS and import it using default settings
- Using Deployment Workbench – Right click on the Task Sequences node and select “New Task Sequence”
- Task sequence ID = RW7X86 (if the ref image is going to be Windows 7 x86 as an example)
- Task sequence name = Ref – Windows 7 x86
- Task Sequence Template = Standard Client Task Sequence
- Operating System = Select Windows 7 x86 (if that is what you want)
- Do not specify product key
- OS Settings
- Full Name = A name
- Organization = A Org
- Home page = Any
- Do not specify the local Administrator Password
- Right click on the task sequence you just created and select properties and enable Windows Update (It is disabled by default)
- Using Deployment Workbench – Right click on “MDT Build LAB” and select “Properties”
- On the Windows PE x86 settings and on Windows PE x64 Settings
- Check – Generate a Lite Touch bootable ISO image (This way we will be able to boot the VM on a ISO image and that is MUCH faster then booting over PXE)
- Using Deployment Workbench – Right click and select update and wait
Done, we are ready to install a ref image. Create VM in Hyper-V, VMware or whatever you are using, attach the ISO file (They are in the C:\MDTBuildLAB\Boot folder, be sure to use the correct ISO. The x86 will only install X86 OS and x64 will only install x64 OS)
Next time I will spend more time on how to automate the process
/mike
I got a question some time ago, it was something like this:
-Hi Mike, just a short question, we can’t get the MachineObjectOU to work since we have a bunch of OU’s that are named using Swedish characters. Do you have any ideas?
And yes, ideas I do have, trust me. So I started playing around and I did discover that MDT does not really like the Unicode format at all, MDT works perfectly fine using ANSI.
I also did some research on Internet and I did discover that there was people asking for this, but no answers. After spending some time in MDT, creating scripts with different levels of success my brain begun to work, A of memory from the past pops up, didn’t Active Directory handle that somehow…and yes, it does. But before we go into that, let’s see how we can put a computer in the correct OU.
Alternative 1:
You can use a property called MachineObjectOU and when in use it could look something like this in customsettings.ini
[Settings]
Priority=MacAddress, Default
Properties=MyCustomProperty
[00:15:1a:1b:1c:1d]
OSDComputername=PC001
MachineObjectOU=OU=ComputersA,OU=Company,DC=viamonstra,DC=com
[Default]
OSinstall=Y
Alternative 2:
If you use the wizard you can use “DomainOUs” in customsettings.ini, that way you will be presented with a list of OU’s to pick from, looks something like this:
[Settings]
Priority=Default
Properties=MyCustomProperty
[Default]
OSinstall=Y
DomainOUs1=OU=ComputersA,OU=Company,DC=viamonstra,DC=com
DomainOUs2=OU=ComputersB,OU=Company,DC=viamonstra,DC=com
Alternative 3:
One other option is to use an xml file called “DomainOUList.xml”, you create it in notepad and save it in the scripts folder in MDT and it should look something like this:
<?xml version="1.0" encoding="utf-8"?>
<DomainOUs>
<DomainOU>
OU=ComputersA,OU=Company,DC=viamonstra,DC=com
</DomainOU>
<DomainOU>
OU=ComputersB,OU=Company,DC=viamonstra,DC=com
</DomainOU>
</DomainOUs>
But, what if I have spaces in my OU name?
Easy, it works perfect, just type in the name of the OU including spaces, like this:
DomainOUs1=OU=This OU has Spaces,OU=Company,DC=viamonstra,DC=com
But, what if I have Swedish characters in my OU name, like ÅÄÖ?
Easy, replace the characters according to this: Å=A, Ä=A, Ö=O.
If the OU is named “Vård och Omsorg” in Active Directory it should look like this:
DomainOUs1=OU=Vard och Omsorg,OU=Company,DC=viamonstra,DC=com
I can’t remember what the function in Active Directory is called, but I know it works. You could test this easy, create a OU called “Östra skolan” and the try to create a OU at the same location called “Ostra skolan”. Can’t be done, “object already exist”
/mike
It is time to get out on the road again, 2 weeks and that means 8 cities my friends, Göteborg (1/2), Helsingborg(2/2), Jönköping(3/2), Stockholm(4/2), Västerås(15/2), Örebro(16/2), Norrköping(17/2) and Växjö(18/2).
The roadshow is about the new Servers in the Windows Server family, we are going to talk about:
- Windows Server 2008 R2 Standard
- Windows Server 2008 R2 Foundation
- Small Business Server 2011 Standard
- Small Business Server 2011 Essentials
Go to http://www.microsoft.se/lyftet and look for “Roadshow” and get a spot for the “show”. After the show I will most likely hang around in the hotel bar for a beer, and anyone paying gets frees support of course…
Did I mention that this is totally free, if not it is… 
/mike
Well, let me start with this:
This is NOT a secure solution, it is more of a-controlling-the-wizard-so-it-will-be-harder-do-something-really-bad-thing. This story started 2-3 weeks ago, a customer wanted to deploy windows 7 using LiteTouch. But they need a function to limit the selection of Task Sequences showed to the technician. Now that is somewhat of a challenge but can be done. Here is how you can do this in your own.
Creating Selection Profiles for the Wizard
In MDT 2010 there is a variable called WizardSelectionProfile, using that we can create one selection profile for normal use and one for admin use. The only thing we need now is to feed the script with a parameter for what mode the wizard should run in. So:
Create two selection profiles, call them AllTaskSequences and ApprovedTaskSequences. Pretty much like this:
Update Customsettings.ini
Next thing is to make sure that your customsettings.ini file is correct and here is a sample of that:
[Settings]
Priority=WizardMode, Default
Properties=MyCustomProperty
[ADMIN]
WizardSelectionProfile=AllTaskSequences
[Default]
WizardSelectionProfile=ApprovedTaskSequences
Creating the PIN “application”
The quick and dirty way is to use an old friend of mine called AutoIT, it has been around for as long as I remember, I start using that for many years ago (NT4 something) for deployment and scripting, it has the ability to convert a scriptbased language into a executable file, the script language is very easy and its fast, so AutoIT here we go
Download AutoIT from http://www.autoitscript.com and install it, then open up the editor and create the following script:
$PIN = InputBox("Security Check", "Enter PIN for Admin Mode or wait.", "", "*",300 , 160 , 362 , 200 , 10)
if $PIN = "1044" Then
RunWait("wscript.exe X:\Deploy\Scripts\LiteTouch.wsf /WizardMode:ADMIN")
Exit
Else
RunWait("wscript.exe X:\Deploy\Scripts\LiteTouch.wsf")
Exit
EndIf
The PIN code is 1044 (Yes, you can alter this…) and the timeout value before the message box will close is set to 10 seconds (you can see the last 10 in the first line). This means that it will stop and prompt for PIN, if you type the correct you will run with the /WizardMode switch set to ADMIN, if you enter the wrong PIN or wait (or hit cancel) it will run without that switch. You might want to feed MDT with other parameters to override the default value, as an example you might want to add /Debugcapture or /Debug on your “admin” command line.
Next up is to compile the script into an .exe file and you need two of them, one for 32bit and one for 64bit. You do that with this application (it will be installed when you install AutoIT). Now, open it up and create LTIRunx86.exe and then once more for LTIRunx64.exe. Be sure the you check the x64 checkbox when you create LTIRunx64.exe
Adding the LTIRun32.exe and LTIRunx64.exe files to the media
You need to new folders in your deployment root, open up explorer and browse to the root folder of your deployment share, like C:\Deploymentshare (In my case it is E:\MDTPrd)
and create ExtraX86 and ExtraX64. In those folders you create Windows and in Windows you create System32, like this:
Now, put LTIRunX86.exe in Extrax86\Windows\System32 and put LTIRunX64.exe in Extrax64\Windows\System32
Open up Deployment Workbench and right click on your deployment share and make sure you add those folders in the media like this:
Modifying the unattended.xml files for WinPE
Now, we need to modify the run command in WinPE and we do that by modifying the template files that is used the the media is created. The files are normally located in C:\Program Files\Microsoft Deployment Toolkit\Templates and are called Unattend_PE_x64.xml and Unattend_PE_x86.xml.
Open them and replace the the text that looks like this(Please, make a copy of them before you make the changes…):
wscript.exe X:\Deploy\Scripts\LiteTouch.wsf
with this:
X:\Windows\system32\LTIRunx86.exe
Update the media
Now, the next step is to update the boot media, right click on your deployment share an select update and wait until you have new boot media.
Testing:
Not that complicated, just boot on the media and if you made everything correct, this is how it will look like:
And if you enter the PIN 1044 it will look like this:
And if you typed in something else / waited / Canceled it will look like this:
Now, as you can imagine, you can do much more around this, as an example you could say that if you type in the correct PIN the Wizard will run with all the “skips” set to NO so that you will run the Wizard, but if you don’t type in the correct PIN or wait, it will a normal “silent” deployment.
Once more, from a security standpoint, this is NOT secure, but in many cases this will be just perfect.
Prohibit the F8 – Command Prompt
If you want you can also modify the winpeshl.ini file so that you cannot press F8 to open the CMD when running the Deployment, that is going to make it a bit harder to bypass the PIN.
The file is located in C:\Program Files\Microsoft Deployment Toolkit\Templates and it is called winpeshl.ini and it looks like this:
[LaunchApps]
%SYSTEMROOT%\System32\bddrun.exe,/bootstrap
Modify it so that it looks like this:
[LaunchApps]
%SYSTEMROOT%\System32\bddrun.exe,/BootstrapNoSF8
Now, if you update your media and boot once more, it should not be possible to press F8 to get into the command prompt.
Mikael Nystrom
MVP Setup/Deployment
Using MDT 2010 for server deployment is one of those things that really make sense, it’s free, it is somewhat easy, pretty fast to get up and it does not require a large infrastructure and has very few dependencies. The last two things makes it a very decent candidate for smart server deployment. Yes, there will be a book on the subject…
No, this time we will take a look at two things that I use basically all the time:
No:1 – Time
Many times I flash firmware before installing the OS, make sense to me to have the latest version before the server is put in production, now that normally works well but sometimes it just happens that my servers get affected by a “time-warp”, after flashing the server seems that 1980 is the current year, now that is not really an issue but I have had some bad experience around this, first the 60 days of trial is kind of gone, if you deploy domain controllers, well lets not talk about that. There is a very easy fix for this, you just modify the task sequence in the beginning so that the time gets set from the deployment server before the OS is installed:
No:2 – The Extra Partition…
When you deploy Windows Server 2008 R2 using MDT it will create an extra partition that has a size of 300Mb in the end of the first disk, that partition is meant to be the partition that stores the boot files if we are going to encrypt the drive using bit locker, now that is very nice… but since many of my servers are virtualized there is no point of that, even worse, since the partition is on the “right” side of the disk I cant just remove it if I need to extend the disk and then extend the partition, it is just something I don’t want to have. There is a variable called DoNotCtreateExtraPartiton that we can use, if we use with with the IsVM variable it is really easy, here is to pictures of how I do it in a task sequence, the first picture is the Properties tab where we set it and the next one is the options tab where we set the condition.
/mike
Now, I have to admit that I'm not a guru on PowerShell (Thomas Lee is one of these strange “creatures” that master PowerShell way better than I do), but if I can make it work, so can you. In my work I need to create VMs based on Hyper-V often and fast so I started a bit of thinking, what do I need to make in a way I think is ok…hmmm…. I need:
- Something that can convert the install.wim file from the DVD into a VHD with the correct settings
- Something that then can build a VM using differencing disk
Let me just explain this shortly, the reason for converting WIM to VHD is simple, even if it is funny to install Windows it do take some time. I could have one image, but I would like the possibility to do this in a way that can be repeated and since the source is a DVD I will base my toolset on that. The reason for using differencing disks is simply space, I have in many cases 50-60 VMs on my laptop. So differencing disks are a parent-child related disk, I only create one reference image and then a create one difference disk for each VM.
So, fine, this can of course be done with out any scripts at all, but hey the WIM to VHD are some step to do manually and using Hyper-V manager is also possible, but I don't have that time.
So, the first tool is VIM2VHD (I did a post on that sometime back - http://itbloggen.se/cs/blogs/micke/archive/2010/08/25/using-wim2vhd-to-create-reference-images-for-hyper-v.aspx)
The second tool/script we need is on CodePlex, go to http://pshyperv.codeplex.com/ and download both the PsHyper-V Install.ZIP AND the PSHyperV-R2 documentation. Install PSHyper-V using the installer and we have almost everything we need (WIM2VHD does require some tools from WAIK, so if you have not done it, download and install The Windows® Automated Installation Kit (AIK) for Windows® 7 - http://www.microsoft.com/downloads/en/details.aspx?displaylang=en&FamilyID=696dd665-9f76-4177-a811-39c26d3b3b34)
Now, here is the command line to create a reference image based on VHD from the WIM file:
cscript WIM2VHD.wsf /wim:"C:\MDTLab\Operating Systems\Windows Server 2008 R2 x64 RTM\sources\install.wim" /sku:SERVERENTERPRISE /unattend:"c:\tools\wim2vhd\Unattend - US.xml"
It takes about 6-8 minutes and then my VHD’s is done, moving on to the next step
Since I’m “old” I still use the CMD prompt, So I did batch file with parameters that will be passed into powershell, so lets look at the batch file first:
powershell -ExecutionPolicy RemoteSigned -file bvm.ps1 %1 %2 %3 %4 %5
Really exiting :-), so this cmd file is called mvm.cmd (MakeVM) and when used correctly it looks like this:
First parameter = Location of VM, format is E:\VMs
Second parameter = Name of VM, format is MJ01
Third parameter = Memory, format is 1024 (in Megabyte)
Fourth parameter = Network, format is LAN (name of network)
Fifth parameter = ParentVHD for the OS disk, format is c:\Ref\W2K8r2x64.vhd
mvm.cmd E:\VM MIKE001 1024 LAN c:\Ref\W2K8r2x64.vhd
So, running that command will in this case build a VM called MIKE001 with 1GB of ram, connected to the network called LAB using a child disk based on the parent c:\ref\w2k8r2x64.vhd, place it in E:\VM and fire it up. I know perfectly well that I can do everything from within powershell, but I still prefer to do this from the cmd prompt. Running this takes less then 30 seconds and that's ok. Now we need to see how the powershell script looks like and here it is:
import-module "c:\Program Files\modules\HyperV\HyperV.psd1"
$VMLOC = $args[0]
$VMNAME = $args[1]
$VMMEM = $args[2]
$VMNET = $args[3]
$VMSRC = $args[4]
$VM = New-VM -Name $VMNAME -Path $VMLOC
Set-VMCPUCount -VM $VM -CPUCount 1
Set-VMMemory -VM $VM -Memory $VMMEM
Add-VMNIC -VM $VM -VirtualSwitch $VMNET
Add-VMSCSIController -VM $VM -name "SCSI Controller"
$Disk1 = New-VHD -VHDPaths $VMLOC\$VMNAME-disk1.vhd -ParentVHDPath $VMSRC -Verbose -Wait
$Disk2 = New-VHD -VHDPaths $VMLOC\$VMNAME-disk2.vhd -Size 146gb -Verbose -Wait
Add-VMDisk -VM $VM -ControllerID 0 -LUN 0 -Path $Disk1
Add-VMDisk -VM $VM -ControllerID 0 -LUN 0 -Path $Disk2 -SCSI
Add-VMDisk -VM $VM -controllerID 1 -lun 1 "C:\MEDIA-TSLAB-LTI\LiteTouchMedia.iso" -DVD
Start-VM -VM $VM
As you can see it is “almost” readable :-), this template will create a VM based on what I explained before, but it will also create a blank VHD (dynamic) on the first SCSI and it will also attach the LiteTouchMedia.ISO and the reason for that is simple, on that media I have a bunch of Post-OS Configuration tasks, so to be honest, my unattened.xml file will fire up the LiteTouch wizard and then I can select witch Post OS task I would like to run, something like DC, SQL Server, Deployment Server, TS or something like that
So, here is something else to try, fire up powershell, execute import-module "c:\Program Files\modules\HyperV\HyperV.psd1" and try this 4 different commands:
- get-command -module HyperV
- now you can see that there are some commands in that module :-)
- get-command -module Hyperv| get-help | format-table name,synopsis –auto
- Show-Hypervmenu
- a nice little menu, handy when in core server…
- Get-VMBuildScript
- with this you can create a reversed build script, very handy backup of the configuration
/mike
MVP – Setup/Deployment
Ok, so, no this is not a new cool thing, this is just boring but i hate when I miss it. Let me give you an example here. So, I'm supposed to build a reference image for a customer, fine no problem, I import OS, create a TS, configure, update, well you know the drill. Deploy the reference task sequence to a virtual machine, wait and then wait. Import, create a new task sequence and deploy to the real machine, logon and there it is. The most hated object on the planet, the “beeeeeeeeeeeeeeeeeeeeeeeep” “EU Browser Choice” (I’m sorry, but I don't get the point really, in most of my customers network no one is a local admin, hello? they cant “choose” anyway…)
So, how to avoid it, well you can either block it from being installed. The “blocking” could be really easy if you use your own WSUS and you can manage to fix it there or you can block it using the "WUMU_ExcludeKB" in Customsettings.ini. In that case you should in this case add the following to customsettings.ini: (Or to specific, you can use WUMU_ExcludeKB as any other parameter in MDT) or you can use WUMU_ExcludeID if you know the ID (Note: there are in many cases two differant ID's for 32 and 64 bit components), if you want to know more about WUMU_Exclude, check Keith Garner's blog post - http://deployment.xtremeconsulting.com/2009/11/09/
WUMU_ExcludeKB001=976002
Sometimes that is the perfect choice, but that's not always the case, so we can kill it after it has been installed, and one easy way is to add a reg key, most blog posts I have seen on the subject explain how to “click”, well in a task sequence it is kind of tricky to click, so here is the command line you need to add as a “Run Command” in the task sequence:
reg.exe add HKLM\Software\BrowserChoice /v Enable /t REG_DWORD /d 0 /f
And here you can se a picture on how it looks in action
/mike
Hi, I'm in full prepare “mode” for TechEd EMEA. For some reasons I have 6 sessions this year (My friend Johan has 7) and most of them Deployment. Here is the list:
- PRC07 - Experience a REAL Windows 7 Deployment.
- A full day of Windows 7 deployment, it cannot be more fun then this…
- Date: Monday November 8
- Time: 09:00-03:30
- WCL310 - Choosing the Right Deployment Tool
- A session with me and Johan Arwidmark
- Date: Tuesday November 9
- Time: 09:00-10:00
- WCL306-IS - Top Deployment Issues With Answers From Experts
- An interactive session with me and Johan Arwidmark
- Date: Tuesday November 9
- Time: 12:00-13:00
- WCL307-IS - Certify Client Hardware for OS Deployment
- An interactive session with me and Johan Arwidmark
- Date: Wednesday November 10
- Time: 09:00-10:00
- WSV302 - Inside the LAB – Building your Own Private Cloud
- An session with me and a bunch of computers…
- Date: Wednesday November 10
- Time: 12:00-13:00
- WCL306-IS(R) - Top Deployment Issues With Answers From Experts
- An interactive session with me and Johan Arwidmark
- Date: Thursday November 11
- Time: 14:30-15:30
/mike
Psst, if you attend any of my sessions, step up and say “Hi Mike, I do read your blog”, or come by, I’ll be around in the TLC (you cant miss me, short, fat and talks laud and a lot…)
Hi fellow deployment master,
I'm very proud to announce that a dazzling deployment workshop - Unleash the Power of MDT 2010 Lite Touch - is coming to Copenhagen on November 23 - 24.
In just two days you will learn what you need to build a superior deployment solution based on MDT 2010 Update 1. In addition to the many tips & tricks to get Windows XP migrated, and Windows 7 deployed, you also get the following:
- 2 days with real world information from real world deployment experts
- A workbook packed with guidance and additional material
- Videos of the demos that you can play over and over again
Presenters are me (Mikael Nystrom), and Johan Arwidmark, both Microsoft MVP's in Setup & Deployment.
For more information and registration: Unleash the Power of MDT 2010 Lite Touch
I hope to see you in Copenhagen
Regards / Mikael Nystrom
Ps. Johan also says hi :) Ds.
Yes, It can be done and it is pretty simple to. Here is what you need and how you should do it. Basically, the only thing you need is “BiosConfigUtility.EXE” and a text file with settings in it, add that to the TS and it will work like a charm, :-)
Step One – Get the utility
The utility is a part of HP’s SSM (SP49507), SSM stands for “HP System Software Manager” and version I have been playing with is 2.14 Rev A. Download that from the ftp://ftp.hp.com/pub/softpaq/sp49501-50000/sp49507.exe and if you need to see if your PC is in the list, check ftp://ftp.hp.com/pub/softpaq/sp49501-50000/sp49507.html
Step Two – Create the file
This is how the file should look like and it should have the name TPMEnable.REPSET
If you look at the picture, you can see that in every section there is a *. That is our default value that will be pushed into the bios.
Step Three – Create a Command and verify that it works
Now, be a bit careful, TPM is a security device and if you look your self out, it could be “tricky” to get back, so now you have been notified at least. So, we need a command to set all this and also to set a BIOS password and here it is:
BIOSConfigUtility /SetConfig:TPMEnable.REPSET /NewAdminPassword:"Password1"
So, if you take the BIOSConfigUtility.exe and TPMEnable.REPSET and put them in the same folder and run the command (elevated) with a password that is better then mine and then reboot the machine, you will see that it is going to enable the TPM chip and now you can just enable BitLocker on the machine.
Step Four – Getting stuff into the TS
Now, this can be done in different ways, one is to create a Script, or a batch file or an MDT Application. The reason for me to have an application, is very simple. When I work at customers I create a lot of “things”, if they are applications, they are pretty easy to copy inside the deployment workbench, from my personal Deployment share to the customers and vice versa. I like drag and drop, it makes life more…relaxed…:-) One other story, if they are applications, you could use the “MandatoryApplications001=” in CS.ini
So this is how it looks in my Task Sequence
(No, sorry, my password for TPM is not 111-something, trust my…)
Now when I have the application I can open my Task Sequence and modify that like this:
In the first picture you can see that I have added the application called “CUSTOM – Hewlett-Packard – BIOS Configuration” and in the other picture you can see that I have one condition to run this and that is same condition as the task “Enable Bitlocker” has.
So, that was pretty easy, right :-)
Step Five – some more things…
Configure BitLocker:
This is my settings (also default)
Just one small thing. Modify/Set this BDEKeyLocation= to something, otherwise the keyfile ends up locally on the c: drive…:-)
/mike
Microsoft has changed the game play for Antivirus and Antimalware applications for the SMB market. :-)
They are giving away Microsoft Security Essentials to the SMB market and allowing OEM’s to include it in the image and that so cool…
Read more here:
http://blogs.msdn.com/b/mssmallbiz/archive/2010/09/22/announcing-microsoft-security-essentials-available-free-to-small-businesses-in-october.aspx
Mikael Nystrom – MVP Setup/Deployment
For all members in SWESSUG.
Monday the 18 of October from 6pm to 7pm – OS Deployment using MDT 2010 Update 1. It will be “live” @LabCenter and online using LiveMeeting.
More info on the member site
/mike
Now and then an app that is really nice shows up. You download it and starts to play with it. After a while you realize that this will actually change they you work, it is that good. You might think that I will now start talking about the latest version of Office 2010. No, I will not talk about Office (at least not for now).
Instead I will start talking about RDCMan or Remote Desktop Manager by Julian Burger, a hero that works at Microsoft and apparently knows what IT Pro’s really need, an application where you can collect all the different RDP connection in to one application and save everything to a file so that you can bring it along. Lets start looking at RDCMan, or you might want to download it first. Here is the link for version 2.2
Installing RDCMan is not that tricky and if you want to deploy this tiny app, you can use standard MSI switches like “msiexec.exe /i RDCMan.msi /qb”. It does require NETFX, but hey, how doesn't these days. :-)
The first thing I would recommend you to do is to create an .RDG file, that file will then contain all the underlying groups and connection. Just fire up RDCman and create a .rdg file in a safe location on you computer, mine is called Demo.RDG in this case
Now, next step is to create a group for each “customer” or “set” of computers that share the same domain, username, password and stuff like that. In my case I would create a group for servers at my work and another group for servers at my home (doesn't every IT Pro have a server farm at home?). It is important that you don't add servers in the root, since you cant combine groups and servers in the root level. Be sure to create groups in the root level and you do that by using “Edit – Add Group”. As you can see, you can do all kinds of settings and this is so nice.
Now, you can modify settings regarding TSGateway and Logon Creds on a group basis, and then just add servers to that group. Like this.
The nice thing about that is that you can actually connect to the whole group or every server you have at the same time, and see all desktops like this. I think it is kind of nice to be able to see most of the important servers at one time.
By right clicking on the group I can connect to all servers in the group and if you the click on the label of the machine it will show up as an RDP session in the right window. Like this
Most of our consultants at work that do a lot of server based administration where scripting is not an option has switched over to use RDCMan. And might I suggest you do the same if possible and needed.
Mikael Nystrom – TrueSec
MVP Windows Server – Setup/Deployment
Hi, I have just been told that one of sessions has been “approved”. :-)
So, if you are going to TechEd in Berlin, this might be the session for you:
Inside the LAB – Building your own private cloud
So you need a lab, for testing, for building pilots, doing some dev and testing. In that case you need something that is really flexible, fast, simple and works all the time. In this session we will look into this, how you can do this with simple and in some cases free solutions from Microsoft. This session is all about Hyper-V, SVMM, iSCSI, Cluster, MDT and some PowerShell. You will learn how to deploy the physical servers, including recovery if/when they fail and also how to use the some solution for deploying the VM’s using MDT with SCVMM and of course there will be a bunch of best practices on how-to
Mikael Nystrom – MVP Windows Server – Setup/Deployment
Sometimes you need a fast way to create a reference image. You know, suddenly you need to have a VHD file of Windows Server 2008 R2 and a Windows 7 machine, like NOW. It always seem to be NOW or yesterday that things need to be done, wonder why…
Anyway, you need the following:
- WAIK (Well, you only need Imagex, but if you have WAIK installed you have that)
- WIM2VHD, and that's just a small download
- The OS (You only need the Install.wim, but I’ll guess you already have the DVD somewhere anyway)
WIM2VHD
This tools i really nice actually, but it only supports Windows 7 and Windows Server 2008 R2. The command line to create a VHD file is quite simple:
cscript WIM2VHD.wsf /wim:g:\sources\install.wim /sku:1
That will create a 40gb dynamic VHD file in less than 3 minutes (Yes, I do have a SSD disk), but it also have a bunch of other commands that could be used to make it more fun :-)
Required parameters:
/wim: Path to the .wim file
/sku: Sku number or sku name
Some Optional parameters:
/vhd: Name and path to the VHD file you would like to have
/size: Size (default is 40960 mb)
/disktype: Dynamic, Fixed or FastFixed (FastFixed requires VHDTOOL)
/unattend: Path and name of an unattended XML file
/qfe: A comma-seperated list of .MSU files that you would like to have in the image
/mergefolder: Names of folders that you would like to have in the image
I use it from time to time when a need a fast solution and i don't have time to do it the “real” way and in this case the real way is using MDT of course.
Mikael Nystrom
MVP Windows Server – Setup/Deployment
Microsoft Deployment Toolkit 2010 Update 1 - Now Available!
If you’re making the move to Windows 7, Windows Server 2008 R2, and/or Office 2010, you need tools and guidance to help you through the process. Microsoft Deployment Toolkit (MDT) 2010, a free Solution Accelerator, is designed to fill that need.
The latest MDT 2010 Update 1 release, now available for download, offers something for everyone:
For System Center Configuration Manager 2007 customers:
Next Steps
-
-
Learn more about MDT 2010 by visiting the MDT site on TechNet. -
Get the latest news by visiting Microsoft Deployment Toolkit Team Blog. -
Ask questions, post answers, and share your insights in the MDT Forum. - In Sweden, you can also use ITProffs if you prefer the Swedish language :-)
Number One:
Microsoft announces that in SP1 for Windows Server 2008 R2 they will have Dynamic Memory Allocation. That's nice, not always useful, but nice to have. So now you wonder when SP1 is about the come, right :-), sorry cant tell you that…
But meanwhile, you can read about it here
http://blogs.technet.com/virtualization/archive/2010/03/18/dynamic-memory-coming-to-hyper-v.aspx
The rest:
Well, the requirement for Virtual XP mode has changed, it does no longer require that the hardware has support for hardware assisted virtualization and that super nice, that means that more or less anyone can use Virtual XP mode (A part of Windows 7)
Next up, Remote FX, its a component that will be inside Hyper-V and what it does is provides the VM with accelerated graphics, you can now run Aero/Glass/Silverlight with full acceleration, pretty cool :-)
http://blogs.technet.com/virtualization/archive/2010/03/18/dynamic-memory-coming-to-hyper-v.aspx
http://www.virtualization.info/2008/01/microsoft-acquires-vdi-vendor-calista.html
A change in license is also being done. The separate license that was needed to run a Virtual Desktop is going away. That means that the cost for VDI will be lower, much lower. This will begin July 1, 2010
“Licensing model changes for virtual Windows desktops: Beginning July 1, 2010, Windows Client Software Assurance customers will no longer have to buy a separate license to access Windows in a VDI environment. In addition, on the roaming-rights front, as of July 1, 2010, Software Assurance customers and new Virtual Desktop Access customers will have rights to access their virtual Windows desktops and Office applications hosted via VDI on secondary, “non-corporate” network devices, like home PCs and kiosks”
Citrix & Microsoft are also working on enabling HDX in Citrix to work with Remote FX in Hyper-V. http://www.citrixandmicrosoft.com/
oh, right, also. MS has created a depth performance analyze around Hyper-V, you should read it. http://download.microsoft.com/download/0/7/7/0778C0BB-5281-4390-92CD-EC138A18F2F9/WS08_R2_VHD_Performance_WhitePaper.docx
/m
Mike & Mike (Michael Anderberg & Mikael Nystrom) will travel around in Sweden during springtime and do a one day hands on lab, a day where you can rapidly learn how to deploy Windows 7 at customers. This is a joint venture with Microsoft TechNet. Interested?
go to http://www.deploymentroadshow.com/
See you there :-)
/m
Windows 7 – Utrullning i ”lagom” stora företag
This session is about Windows 7 Deployment for small and midsize business, that means that I will cover things like Upgrade Advisor, Windows Easy transfer, MAP, ACT, WAIK, WDS and MDT. A warning is in place, if you expect a lot of PowerPoint, you will be disappointed…
Building the Master Image in Microsoft System Center Virtual Machine Manager 2008 R2
The session is a bit more complex, I have done this session at Tech US and at Microsoft Management Summit in Las Vegas. Its all about creating reference images for Hyper-V, we will cover how you do this with SCVMM and also with out. Its a pretty geeky and demo intense session…
If your going to TechDays in Sweden next week and your business is Windows Deployment or virtualization, don't miss my sessions :-)
/mike
Well, its not “only” me, Its me (Mike), Johan Arwidmark, Chris Jackson Jeremy Chapman and Mr "MDT" Michael Niehaus. And we are doing a one day full blown Windows 7 Deployment day. Right now we are working on the content to be able to show you real world answers from real world deployments that we have done, this day is going to be the day of all the details, the drivers, the apps, the inventory, the decisions and the big How to do this. So…
Sign up for the event and meet us there, and you, yes you. If you come to the session, walk up to the podium and say “Hey Mike, I do read your blog from time to time”
Last time at TechEd EMEA I did a TechTalk, which is a short interview, in this case Johan Arwidmark is asking all the questions (Well hi does not know Windows 7 Deployment so he keeps asking me all the time, or something)
Anyway, it was kind of fun to do, we talk about MAP, ACT, WAIK and the one we all love, MDT 2010. Enjoy.
/mike
In November I did a LiveMeeting for Microsoft regarding Windows 7 Deployment. For some reason that session was recorded. Surprise :-)
The recording is in the Swedish language and you can watch it here…
/mike
So folks, if you live in Stockholm, Malmö, Göteborg or Sundsvall. Johan and I will come to visit you next week. Johan and I have been talking about doing a road show for many years now, for many reasons it never happened until now (And only “hi” knows when its going to happen again.
So, please com join us for a whole day of OS deployment, as you might know OS Deployment is something that means a lot for Johan and me (yes, we are strange, but in a nice way I think)
We will cover OS deployment from very, very small environment to very very large ones, we will cover Windows 7, Windows Server 2008 R2, Physical machines, Virtual Machines, some really nice tips and tricks and some really odd ones to :-)
And hey, you, don't be afraid to step up and shale my hand and say that you read my blog, I always wanted to see if there is anyone that really do that. I might even have some kind of gift for you in return. :-)
One more thing, if you think that installing Windows using a DVD, watch this and think once more…
/mike
This time it will be fun. There is one thing that many people do not know and that is the fact that you can run the LiteTouch script directly from with in the OS and there seems to be only a handful of people that knows you can use command line parameters using that LiteTouch.vbs script file. So in reality, what does this really mean. Well.
So the feature is not “hidden”, its just so common for people to use it for some reason, I think that in refresh/upgrade scenarios its perfect. That way I can have one settings in customsettings.ini that works nice with “Baremetal Install” and then have command lines for doing refresh/upgrade’s. So if you look in the help file for MDT you can search for settings that you can do to make the install silent and automatic, lets say that you want to use skip the task sequence page, in that case it will be similar to this in customsettings.ini:
SkipTaskSequence=YES
TaskSequenceID=TS01
and similar to this in a command line form:
\\server\deploymentshare$\scripts\litetouch.vbs /SkipTaskSequence:YES /TaskSequenceID:TS01
As you can see, we need to add a slash before every variable and replace the equal sign with a colon
So, as an example, here is how to publish an icon to the desktop for the user to click on and it will then install Windows 7. First we need to create a CMD file, the file will then be published using a GPO: The file content is listed below, but you need to modify parameters or add/remove stuff that you do not need for your environment. For example, it is unlikely that your Task Sequence for Windows 7 Enterprise has an unique ID of WC001 :-)
Creating a CMD file on the deployment server
- Log on to the deployment server
- Create a new share \\SERVERNAME\Public
- Create “WindowsXP2Windows7.cmd” in that share, it should look like this:
@Echo off
CLS
REM Let's delete the old shortcut on the desktop first so that we do not keep it after the refresh/upgrade
del "%allusersprofile%\desktop\Upgrade this computer to windows 7.lnk"
REM Let's deploy the OS now
REM Note, this should all be in the same row, but i need to “bend” it so you can see
\\SERVERNAME\deploymentshare$\Scripts\LiteTouch.vbs /SkipTaskSequence:YES
/TaskSequenceID:WC001 /SkipDeploymentType:Yes
/DeploymentType:REFRESH /SkipComputerName:YES
/SkipDomainMembership:YES /UserDataLocation:AUTO
/SkipUserData:YES /SkipComputerBackup:YES /ComputerBackupLocation:NONE
/SkipLocaleSelection:YES /SkipApplications:YES /SkipAdminPassword:YES
/AdminPassword:TheLocalPassword1
/SkipBitLocker:YES /SkipSummary:YES /FinishAction:REBOOT
Using Group Policy to publish the CMD file to the users desktop
- Logon on to the DC
- Start Group Policy Management Console
- Create a new Policy Called “Upgrade to Windows 7”
- Open Computer / Preferences / Shortcuts
- Create a new Shortcut using the following settings under the General TAB
- Name: Upgrade this Computer to Windows 7
- Target type: File System Object
- Location : All Users Desktop
- Target Path: \\SERVER\Public\WindowsXP2Windows7.cmd
- Run: minimized
- Icon file path: %SystemRoot%\system32\SHELL32.dll
- Icon Index : 137
- Modify the new shortcut under the Common TAB according to the following:
- Remove this item when it is no longer applied
- Item-Level Targeting
Under targeting you can set your conditions for computers to receive this shortcut, this for example is my settings:
Now, on the Windows XP test box that you have, run GPupdate /force and verify that the Shortcut is popping up, and then run it. If you get questions you would like to avoid, set the parameters in customsettings.ini/MDT database or add them to the command line.
So, that's it. Only thing you need to do now is to relax and let the users refresh their own boxes…
/mike
So, you are about to deploy Windows 7, yes perfect. So you have set up your deployment solution, done the apps job and everything is perfect !!!, or…
For some reason when you open up System in the control panel it says:
Rating : Unrated
And that is not good, so you want to rate the system during the deployment phase, so do I(Now just to make this clear, it will fix it self, this runs as a scheduled task once a week, but I hate to wait...)
How-to:
Add a “Run a command” in the end of the Task Sequence that runs the following command
“winsat formal”
and you are done.
btw, it is kind of fun to read inside the VBscript’s:, Check this out :-) (line 1208 in LiteTouch.wsf)
' Are you kidding me? THis is the 21st century, what kind of computer doesn't have a networking adatper?
GetNetworkingErrorHint = "No networking devices were found on this machine!"
/mike
So, this one is nasty, the problem will be that when doing a refresh from Windows XP to Windows 7 the USMT will not apply all settings, due to a small issue. The result will be that some settings are lost, it captures some setting but not all. If you read the USMTcapture.log you will see “Downlevel Manifests folder is not present. System component settings will not be gathered.”
and here is one solution
http://systemcenterideas.com/2009/09/usmt-issues-with-mdt-2010/
And no, there are no official fix for this at the moment…
/mike
So You did not go to TechEd, and you don't want to buy the TechEd Online ticket to see all the sessions, in that case let me show this:
Of course, there are others to, also you will see TechTalks from other TechEd’s around the globe, check this out:
http://www.msteched.com/online/channels.aspx?cname=track&channel=Windows+Client%2c+Server+%26+Management
/Mike
- Storage, store the .VHD file and the settings file at the same location and if possible format the hard drive using 64k blocks instead of using standard, that will increase speed and lower impact on the parent partition
- The Time Synchronization service should ONLY be enabled when the child OS does not have any other way of getting the correct time, that means that member servers, domain controllers, workstations in a domain should NOT get the time from the parent partition. Also it is important the the parent partition get’s the correct time, if the parent partition is part of a domain then it should sync from that of course.
- When upgrading from Hyper-V RTM to Hyper-V R2 you need to turn of all running machines and you need to remove all snapshots. BEFORE you start them up please modify the following:
- Add a SCSI interface and move all disk’s to the SCSI disk instead of having them on the IDE interface, that makes it possible to de-attach them if needed whiteout turning of the machine later on (It has NOTHING to do with performance, just management)
- Check the CPU Setting, there is a new feature that enables you to migrate between machines that NOT have the same CPU, you wnat to have that checked before you want to move it, otherwise you will have to turn it off before moving it, kind of boring
- Use separate NIC’s, the minimum of NIC’s is TWO, one for management, and one for the child partitions. I recommend 4 NIC’s if you use iSCSI or have a decent load on the server. In the case of using iSCSI as storage for the parent partition use one NIC for management (that should have the highest order in the binings list)
(this is NOT my hyper-V server, ok, just want you to understand what I mean with “Binding Order”
Also on the Network adapters that you use for iSCSI, DO NOT USE any kind of loadbalancing stuff from the vendor, iSCSI it self is redundant when you add MPIO and configurea that for iSCSI use (Go into control panel and check the “Support for iSCSI”, wait two seconds and reboot)
Also, use Jumbo Frames if possible on the iSCSI network, it does require that all network devices on that network can handle Jumbo Frames - Will contione later on, need to back to work now.
Next up, day number two. Worked at TLC all day long, the TLC stands for Technical Learning Center. Worked in the EBS Booth. At lunch I meet with people from the Setup and Deployment team, for some reason the where missing staff over at the Windows 7 Deployment boot, and since I’m a very nice guy I helped out the rest of the day in that boot answering question in a steady flow, most people have seen Microsoft Deployment Toolkit 2010 in some demo and then they wanted ask more question and I was happy to help them out. Fun day at work :-)
So you have decided to run Windows Server 2008 R2, using the new Clustered Shared Volumes features and you are going to have a SAN based on iSCSI. Good for you, then you will properly also want to set it up according to best practices, hmm lets see…
Two physical servers, with 4 NIC’s that is perfect. I use one NIC for management, one NIC as the Hyper-V network switch and the other two NIC’s as iSCSI NIC’s and as a best practices you bind off everything except for IP on the iSCSI NIC’s
THAT WILL MAKE Cluster Shared Volumes to FAIL !!!
Microsoft require you to enable the “Microsoft Network Client” and “File and Printer Sharing for Microsoft Networks” on all network that takes part of the cluster, in other words you have two choices here.
1. Do not use the iSCSI NIC’s as “cluster NIC’s”, in other word make sure that they are listed as disabled for cluster use (You cannot use them for Internal or Client use). Bad thing about this is that in that case they cannot be used as heartbeat either.
2. Enable “Microsoft Network Client” and “File and Printer Sharing for Microsoft Networks” on the iSCSI NIC’s, (All NIC’s) bad thing about that is that you will have some traffic on the iSCSI network that is “unwanted”.
For some reason there is no KB article that I have found on this little issue, the problem is that it works perfect as long as you do not use the clustered shared volumes and Live Migration, if you just use Quick Migration it works. It is easy to see if there is anything wrong with the configuration, just open c:\clusterstorage\volume1 on one of the nodes, then try to open the same path on the other node. If it freezes up, you know what the problem is. Option one or option two. I usually take option number two
There are two other articles about this issue, sorry to say, not in English.
Hungarian - http://www.microsoft.com/hun/technet/article/?id=a20a6494-645d-4ee6-993b-f0e341cfdffc
German http://www.server-talk.eu/2009/07/10/error-cluster-shared-volume-is-no-longer-available-mit-hyper-v-failover-cluster/
If you open the event log, you will find this:
Log Name: System
Source: Microsoft-Windows-FailoverClustering
Event ID: 5120
Task Category: Cluster Shared Volume
Level: Error
Description: Cluster Shared Volume ‘Volume1′ (’Cluster Disk 1′) is no longer available on this node because of ‘STATUS_BAD_NETWORK_PATH(c00000be)’. All I/O will temporarily be queued until a path to the volume is reestablished.
Yes, I’ll be there, working in the “Ask The Experts” area, beside me at least five from my company is going to be there, if you have time or any kind of question, please stop by and say “Hi”
/mike
I missed this one!, shame on me and all credits goes to Björn Axell, P-O Axelsson and Bosse Törnqvist for letting me know (A beer sometime?)
Fixing the “Final Reboot in a LiteTouch scenario” Version II
This is the built in “Final reboot”, it does provide the basic need of rebooting. Using the “use shutdown in a TS” method gives you the option of adding a reason in the event log and to set the time before it reboots. This method just reboots (And that can be perfect in most scenarios)
| Value |
Description |
| Action |
- SHUTDOWN
- Shuts down the target computer.
- REBOOT
- Restarts the target computer.
- RESTART
- LOGOFF
- Log off the current user. If the target computer is currently running Windows PE, then the target computer will be restarted.
- blank
- Exit the Windows Deployment Wizard without performing any additional actions. This is the default setting.
|
so if your customsettings.ini looks like this:
[Settings]
Priority=Default
[Default]
FinishAction=RESTART
it will reboot after install
Have a nice Deployment day
/Mike
I have one problem (well there might be more than one problem, but that is beside the point here). Since I have been doing some OS deployment for the last 23 years or so, stuff that I do I take for granted, things that I know must be done, things that I normally never tell people about, I always assume that they know this.
Well, here is the truth, they do not… (some do, some don't…) so here it is:
Fixing the “Final Reboot in a LiteTouch scenario
So the machine is done and ready to be used, but hey it has some summary screen here and it is logged on as the local admin, that means that I need to press ok and then reboot and then let the user logon…
We fix this by modifying customsettings.ini and by adding a reboot command in the end of the task sequence
First step.
Using Deployment Workbench, modify the Task Sequence that you would like to fix.
- Add a Run Command Line
- Type in this as the command
- %systemroot%\system32\shutdown -r -t 20 –c “This box is done”
Second step.
Add the following to CustomSettings.ini
SkipFinalSummary=YES
NOTE: Do not add the “Restart computer” to your task sequence, that will reboot the machine, but it will not end the sequence. That's why we add a “Run a Command Line” task instead.
Have a nice Deployment day
/mike
Hey, sometimes it just happens and when it does it is normally simple, fun, small, cool and working. I’m talking about when Mark Russinovich and Bryce Cogswell releases new a piece of software. This time they have done a P2V tool called “Disk2vhd v1.0” that is 673kb in a zip archive.
So I have just tested it and as expected, works like a charm :-) and it was so easy, just fire it away and select which disk(s) you want to convert to VHDs and you are done. Copy the file into a Virtual XP or Hyper-V, start it and add VMadditions or Integrated Components. Done, you have virtualized your machine.
*** snapshot from web ***
Runs on:
- Client: Windows XP SP2 and higher.
- Server: Windows Server 2003 and higher.
Disk2vhd is a utility that creates VHD (Virtual Hard Disk - Microsoft’s Virtual Machine disk format) versions of physical disks for use in Microsoft Virtual PC or Microsoft Hyper-V virtual machines (VMs). The difference between Disk2vhd and other physical-to-virtual tools is that you can run Disk2vhd on a system that’s online. Disk2vhd uses Windows’ Volume Snapshot capability, introduced in Windows XP, to create consistent point-in-time snapshots of the volumes you want to include in a conversion. You can even have Disk2vhd create the VHDs on local volumes, even ones being converted (though performance is better when the VHD is on a disk different than ones being converted).
Download Disk2vhd (673 KB)
Read more
I have updated my LAB on MDT to MDT2010, it is 100% focus on setting up a deployment solution that really works and does a god job without so much trouble. We cover all the needed tools like MAPS, ACT, WAIK, WDS, USMT, KMS but main focus will be on MDT2010 and how to make that super solution accelerator work the way it should. We also cover offline media, migrations, refreshes (Some feedback has been that consultants would like to build portable deployment solutions) and we will cover both client and server deployment.
[UPDATE]
English training: http://www.truesec.com/en/lab2010.htm
Swedish training: http://www.labcenter.se/Lab/2052
On the 7th of October we will run the Windows 7 Summit “online”…
/mike
The Swedish Windows 7 Summit is taking place on the 1 of October
For the second year Microsoft in Sweden are going to arrange TechDays, last year was a success, (yes I was there) and now it is time for the event once more. Last time we went to Västerås, but this time it is going to be in Örebro
Anyway, if you sign up before 31 of October, you will have a reduction of cost. Check out the details here
/mike
I’m packing for SMB nation this weekend, so if you are going there I'll see you around.
I have one session this time:
| 5:15pm-6:45pm | GS102 | Deploying Windows 7 using the right tools and the correct method. | Mikael Nystrom | |
and of course it is about deploying Windows 7, what else would it be :-)
/mike
Ok, lets issue a short disclaimer here. If you don't understand spoken Swedish, Stop read NOW. (This recording is in Swedish only which sounds much like the Swedish chef in the Muppet show…)
So if you agree on the following:
- I understand spoken Swedish
- I have nothing to do
- I’m bored
- I like to be humiliated
- I like to listen to someone who thinks he knows everything
- I will not try to harm Mikael in any way
If all this is true, use this link http://www.microsoft.com/sverige/msdn/sommarpratare/vecka30.aspx and listen to nasty kid on the right side…
/mike
Well that is of course obviously , but sometimes it goes beyond your fantasy and it becomes a miracle. Last time when I was flying out from SeaTac (The “home” airport for Microsoft in US I was in no hurry at all, I have already checked in on the Internet.
My mistake, I should have checked at the Airport, there seems to be some special check-in for MVP’s :-) (Unfortunately the desk was not open for business…)
Thanks' Microsoft for keeping the MVP program and thank you for awarding me once more
/mike
So new patch is up for Hyper-V is up for download
This issue occurs because the Virtual Machine Worker process (Vmwp.exe) releases pointer icons by using a function that causes handle leak. Over time, the system runs out of resources, and then the system stops responding.’
When you open the Hyper-V Manager, the connection to a virtualization server fails and a red 'X' appears next to the name of the virtualization server. The system responds slowly, and the processes and services on the virtualization server fail and then generate exceptions. The handle count of the Virtual Machine Worker process (Vmwp.exe) is very large.
http://support.microsoft.com/default.aspx?scid=kb;en-us;972045
Please note that this patch is a “View and request hotfix downloads
$('#kb_hotfix_link').get(0).href='/hotfix/KBHotfix.aspx?kbnum=972045&kbln=en-us';
“
/mike
Finally here, MAPS 4.0 is RTM and ready to be downloaded and used. I have been using it for a while in both real and in test environment and I’m rather pleased, the only thing that annoys me is that very few customers and partners seems to understand the benefit of this very handsome pieces of software. Basically every time I have a class or a session I ask if there is anyone that use MAPS and most of the time I see one or two hands, the rest is looking around in the room like “Have I missed something here” and Yes you have.
- “Mike’s rule number one”
- Whenever you feel to upgrade, migrate, deploy, virtualizes anything in an Microsoft based infrastructure you start with MAPS.
Now, get MAPS and open up your or your customers environment so that you can see what you have to deal with, knowing the fact are far better then guessing IMHO
Its on TechNet and the URL are 115 characters long, but here is an shorter one http://tinyurl.com/maps4
Stuff that are inside:
Version 4.0 of the MAP Toolkit has the following new features:
- Windows 7 Hardware and Device Compatibility Assessment
- Windows Server 2008 R2 Hardware and Device Compatibility Assessment
- Virtualization Candidates Assessment for Hyper-V R2 Server Consolidation
- Integration with the Microsoft Integrated Virtualization ROI Calculator
- Inventory of VMware Server Hosts and Guests
- User Interface and Proposal Customization for Partner co-branding
- Enhanced SQL Instance Discovery
- Enhanced Usability and Improved Inventory Performance
Additional Features
- Virtualization Candidates Assessment for Hyper-V Server Consolidation
- Windows Vista Hardware and Device Compatibility Assessment
- Windows Server 2008 Hardware and Device Compatibility Assessment
- 2007 Microsoft Office Readiness Assessment
- SQL Server Instance Discovery
- Desktop Security Assessment for Anti-virus and Anti-malware Programs Installation
- Forefront Client Security/NAP Readiness Assessment
- App-V Infrastructure Readiness Assessment
- Power Savings “Green IT” Proposal
More info:
/mike
When deploying a new operating system there some things you should be aware of and most of these are covered, but there are some details that seems to be forgotten…
We are in the middle of deploying Windows 7 RC for a customer and most of the stuff works like a charm. We…
- Have done the inventory of systems using MAPS
- Have done the inventory for applications using ACT
- Have deployed the new systems using MDT2010 Beta 2
- Have used USMT included in MDT2010 with No configuration at all, just out of the box
and today one of the user calls me… Hi has a problem (how strange:-)) Word 2007 does not start, it just pops up and wait, like forever. All the other Office apps works fine, but Word is freezing up…
Reason:
Word is still loading the default printer driver when starting, the other Office applications does not do that, they behave “normally”, but Word… Anyway, the reason to freeze is that one printer driver was not “suitable” for Windows 7. When deploying with MDT2010 and doing a “refresh”, that is to save the state of the machine with USMT, wipe the disk clean (except for the “state”) install Windows 7 and restore state it brings the old printer settings back and when the customer was to use the printer it also got the old drivers from the print server. The solution was to replace the drivers and everything worked like a charm.
Lessen learned:
Even if all the tools on the planet tells you that all is god to go, please inventory all your printer and printer driver, verify that they work and verify that you can install the driver on the server to, since the driver on the server will be the driver that is handed out to the client. You may need to replace your printer server and in that case that will affect all the others and the small little pilot is getting big and ugly suddenly
Let me put it this way: Printer drivers are Applications
When Microsoft first came out with EBS they where more or less “forced” to create a tool that evaluate the customer environment before EBS was installed. Based on that tool they have released another tool just to help customer and consultants to verify that their systems are in god shape. It is called “Microsoft IT Environment Health Scanner” You can download it from here... So this tool is suitable for all, even if you do not consider EBS at the moment (if you are less than 250 users you shoudl IMHO)
http://www.microsoft.com/downloads/details.aspx?FamilyID=dd7a00df-1a5b-4fb6-a8a6-657a7968bd11&displaylang=en
And YOU should, if you want to have an overview of your infrastructure this is a very god tool, it checks an massive amount of things, like 100 checks just for to verify Active Directory, but also DNS, Subnets, Network adapters, Exchange and so on.
After download, just install the tool into a computer joined into the domain you want to scan, let it run, check the report and “follow” the guidelines. If you have an all green sheet, just smile and lean back since you have a network in very god shape
It does NOT change anything in your network, but it will provide you with links to KB articles on how to fix your problems…
A while back we had a Windows 7 Summit here in Sweden and our CEO had an idea “Why cant we make some nice and funny videos?”
First, we are NOT in any way actors, but on the other hand how hard could it be to record a short movie… :-)
So here is one of them…. (Do NOT try this and if you do dont blame us for having a “somewhat” broken laptop")
http://www.youtube.com/watch?v=qLT6fVHvXC4
Ok, so you have a perfectly working Hyper-V environment( Well, perfect is a strong word…) anyway, this is something that could be a problem, or a security risk or just a big mess.
Lets go back and take a look on a Hyper-V machine and its Network configuration, Every Hyper-V guru always point out the importance of having one dedicated management NIC and at least one NIC for all the VM’s and hi is 100% right, you should. Also You should disable the VM bus adapter that is created since the parent partition normally do not need access on that same network adapter, it has already access trough the management network adapter. This is perfectly fine, we all do this. (or should do) That means that if we look at a Hyper-V host it should look like this:
So, what's the problem, well it is kind of easy. When installing SP2 for Windows Server 2008 the disabled network adapter will be enabled. Lets think here, what if that adapter is connected to a network outside, lets say the “Internet”, and for some strange reason there is DHCP out there. Then your Hyper-V server will directly connected to the Internet… scary. Or lets assume that this server is a part of a cluster, suddenly the cluster picks up a new network adapter. That does not mean that you will have a problem, but you are getting close. I have not tested this on core server but it should be the same effect, and that is even more scary, since that does not show up in the same way…
So, after you have installed SP2 for Windows Server 2008, make sure that your previous disabled network adapter remains disabled.
To be honest, I like SCVMM, I really like SCVMM and when the R2 version showed up in beta form it was even better than before, and trust me the RC is better again :-) That's the way it should be. So if you have at least one Hyper-V host or Virtual Server or maybe a VMware ESX host you should definitely give this a try. The team has done a good job so far and there are a massive amount of new stuff in R2
Here is the list of improvements…
VMM 2008 R2 supports the following new features of Windows Server 2008 R2: (I Have tested all this, works nice)
- Live migration between Windows Server 2008 R2 clustered hosts. With live migration, you can migrate a virtual machine from one node of a Windows Server 2008 R2 failover cluster to another node in the same cluster without any downtime. Because the virtual machine does not experience any downtime, the move is completely transparent to the users that are connected to the virtual machine.
- Network optimization detection during virtual machine placement. VMM 2008 R2 supports both Virtual Machine Queue (VMQ) and TCP Chimney, which are Windows Server 2008 R2 features that improve network performance for virtual machines.
- Network adapters that support the VMQ feature are able to create a unique network queue for each virtual network adapter and then connect that queue directly to the virtual machine’s memory. This connection routes packets directly from the hypervisor to the virtual machine, bypassing much of the processing in the virtualization stack.
- Network adapters that support the TCP Chimney feature are able to offload the processing of network traffic from the networking stack. Both of these features increase network performance and reduce CPU utilization.
- Hot addition and removal of virtual hard disks (VHDs). In Windows Server 2008 R2, Hyper-V allows users to add and remove VHDs from a virtual machine while it is running.
Clustered Shared Volume (CSV) Support (I have tested all this and use it in production, works great so far)
VMM 2008 R2 supports the Windows Server 2008 R2 clustered shared volume (CSV) feature. CSV enables all hosts on a Windows Server 2008 R2 failover cluster to concurrently access virtual machine files on a single shared logical unit number (LUN). Because all nodes on the cluster can access a single shared LUN, virtual machines have complete transparency with respect to which nodes actually own a LUN. This enables live migration of virtual machines within the cluster because all nodes in the cluster can access any LUN.
Support for Sanbolic Clustered File System (Not tested by me)
VMM 2008 R2 supports the Sanbolic Clustered File System (CFS), a third-party shared volume solution for quick migration on hosts running Windows Server 2008 with Hyper-V, and live migration on hosts running Windows Server 2008 R2 with Hyper-V.
Support for Veritas Storage Foundation for Windows (Not tested by me)
VMM 2008 R2 supports Veritas Storage Foundation 5.1 for Windows (SFW), an online storage management solution for creating virtual storage devices from physical disks and arrays. Volumes created as part of a cluster resource group by using SFW are detected by VMM 2008 R2 and can be selected during virtual machine placement or migration. An SFW volume is limited to one virtual machine.
SAN Migration into and out of Clustered Hosts (I have tested this and this is a life saver, it is so cool…)
VMM 2008 R2 supports the use of SAN transfers to migrate virtual machines and highly available virtual machines into and out of a cluster. When you migrate a virtual machine into a cluster by using a SAN transfer, VMM checks all nodes in the cluster to ensure that each node can see the LUN and automatically creates a cluster disk resource for the LUN. Even though VMM automatically configures the cluster disk resource, it does not validate it. You must use the Validate a Configuration Wizard in Failover Cluster Management to validate the newly created cluster disk resource. To migrate a virtual machine out of a cluster, the virtual machine must be on a dedicated LUN that is not using CSV.
Expanded Support for iSCSI SANs (Not tested by me)
VMM 2008 supports SAN transfers of virtual machines that use initiator-based iSCSI target connections, which requires one iSCSI target for every LUN. VMM 2008 R2 adds support for LUN masking, which allows multiple LUNs per iSCSI target and expands VMM support for iSCSI SAN vendors.
Quick Storage Migration (Yeah, yeah it works…)
For a Windows Server 2008 R2 host or a Storage VMotion-capable host, you can migrate a running virtual machine’s files to a different storage location on the same host with minimal or no service outage. If you use a wizard to migrate a virtual machine to a host that is running Windows Server 2008 R2 and you use a network transfer, VMM 2008 R2 now gives you the option to specify separate storage locations for each virtual hard disk (.vhd) file for the virtual machine.
Maintenance Mode for Hosts (I have tested this, really nice feature)
In VMM 2008 R2, you can start maintenance mode for a Windows-based host anytime you need to perform maintenance tasks on the host, such as applying updates or replacing a physical component.
Support for VMware Port Groups for Virtual Switches (Not tested by me)
VMM uses the network location and tag specified for the virtual network adapter in the hardware configuration to determine the network availability of a virtual machine on a host. In VMM 2008 R2, if you are deploying the virtual machine to a VMware ESX Server host, you can select from the VMware port groups that are available for virtual switches.
Support for Virtual Machine Permissions Assigned in Hyper-V (Not tested by me)
In VMM 2008 R2, VMM preserves changes made to role definitions or role memberships in the root scope of the Hyper-V authorization store. All changes to any other scope are overwritten every half hour by the VMM user role refresher. This differs from user role processing in VMM 2008. In VMM 2008, VMM determines access to virtual machines, hosts, and resources based solely on the rights and permissions associated with VMM user roles. VMM 2008 does not make any changes to Hyper-V role definitions and role memberships; it simply ignores the Hyper-V authorization store while the hosts and virtual machines are under its management.
Mikael Nystrom
MCT, MVP
Microsoft has released Microsoft Deployment Toolkit 2010 Beta 2 version: 5.0.1210.0 on Connect. The latest version of MDT2010 contains major improvements and adoption against Windows 7 and Windows Server 2008 R2
https://connect.microsoft.com/content/content.aspx?ContentID=12463&SiteID=14
You can “upgrade” existing MDT solutions if you want to, but please, please read the release notes before you begin doing that. It is very important that you use the correct version of WAIK.
Important Release Information:
- Light Touch Installation(LTI) based deployments should use Windows Automated Installation Kit for Windows 7 RC (build 7100).
- Zero Touch Installation (ZTI) with System Center Configuration Manager 2007 SP2 Beta should use Windows Automated Installation Kit for Windows 7 RC (build 7100).
- Zero Touch Installation (ZTI) with System Center Configuration Manager 2007 SP1 should use Windows Automated Installation Kit v1.1.
Please read Release Notes before installing MDT 2010 beta 2.
This release supports the deployment of the Windows® 7 Release Candidate (RC), build 7100; Windows Vista®; Windows XP; Windows Server® 2008; and Windows Server 2003 operating systems. See the Microsoft Deployment Toolkit Documentation Library for the complete documentation for this release, which is included with MDT 2010 (No support for SMS2003, watch out, just SCCM)
My friend Johan Arwidmark has already made a blog post on this subject with a list of all new features (Hi is always faster…:-))
http://www.deployvista.com/Blog/JohanArwidmark/tabid/78/EntryID/92/language/en-US/Default.aspx
Next up is some kind of step-by-step :-)
/mike
So, it seems that Microsoft is “almost” done with Windows 7. One of the things they do in the end of the cycle is producing the L-Packs. And guess what showed up today in my computer… :-)
/mike
Some time ago Johan and I sat down, we decided to start a new era, the era of “DeploymentGurus”. One part of that is a new site called http://deploymentgurus.com. There are a couple of things that people ask as for, “how to…” is kind of common and we will provide you with information around that in the form of step-by-step guides in the document library. Johan and I have recorded some videos and they will end up here to and since we have a small group of “fans” around the globe we will provide a calendar for those people, that way people can see where we are and see us IRL.
/mike
As some of you know a friend of mine and I record a podcast called “The Nerd Herd”, that has been gone for almost 6 months now, but the plan is to get going after the summer. Meanwhile you can visit our website and listen to old recordings at http://thenerdherd.se or join in the group and tell us what you would like us to talk about at http://thenerdherd.groups.live.com/
(Sorry but the recordings are in Swedish, but if you would like us to switch, just let us know…)
Maps stands for “Microsoft Assessment and Planning Toolkit” and it has been around for a long time, nevertheless, there are still folks out there who do not know about this little Microsoft “Gem”. So what does it do you may ask?
Well, whenever you fell that you need to upgrade, migrate you would almost certain make sure that you know as much as you can before you begin, and here comes MAPS. MAPS does do inventory, performance testing for specific task and in the end it will give you an excel spreadsheet for you to read and and a very nice word document with carts for the people with the money to read. The last part is kind of boring but to get the funding you need you really want to make this project with support from management and they like fancy word document with charts, trust me…
So MAPS 4.0 has a couple of new things compared to the “old” 3.2:
- Windows 7 Hardware and Device Compatibility Assessment
- Windows Server 2008 R2 Hardware and Device Compatibility Assessment
- Virtualization Candidates Assessment for Hyper-V R2 Server Consolidation
- Integration with the Microsoft Integrated Virtualization ROI Calculator
- Inventory of VMware Server Hosts and Guests
- User Interface and Proposal Customization for Partner co-branding
- Enhanced Usability and Improved Inventory Performance
Besides this it also handles the following scenarios like the old 3.2 could do:
- Virtualization Candidates Assessment for Hyper-V Server Consolidation
- Windows Vista Hardware and Device Compatibility Assessment
- Windows Server 2008 Hardware and Device Compatibility Assessment
- 2007 Microsoft Office Readiness Assessment
- SQL Server Instance Discovery
- Desktop Security Assessment for Anti-virus and Anti-malware Programs Installation
- Forefront Client Security/NAP Readiness Assessment
- Online Services (Exchange Online) Assessment
- App-V Infrastructure Readiness Assessment
- Power Savings “Green IT” Calculator - (This is kind of fun to run with the economy situations today, try it)
So this tool make sense to use both for Microsoft partners, consultants and for customers. It is a great way of getting into a “known” state so that we know what options we have to improve the solution. Enough said, time to for action. That means that you have to download it and test it, also since it is still en BETA, you still have the chance to give feedback to the team that is behind this (Yes, they really would like to have your opinion, trust me)
Screenshot from the UI:
Is out and that one should be installed. Fixes a lot of stuff.
http://support.microsoft.com/default.aspx/kb/961983
Issue 1
loadTOCNode(3, 'moreinformation');
When you migrate VMware virtual machines, the resource pools that are associated with the virtual machines are changed.
Issue 2
loadTOCNode(3, 'moreinformation');
Hyper-V virtual machines have a status of "unsupported cluster configuration" if a node in a Windows Server 2008 Failover Cluster does not respond or has been restarted.
Issue 3
loadTOCNode(3, 'moreinformation');
Differencing disks are lost when the following conditions are true:
- You migrate a virtual machine from a Virtual Server host.
- Multiple virtual machines share the same parent virtual hard disk file.
Issue 4
loadTOCNode(3, 'moreinformation');
The agent status is not updated for Windows Server 2008 Failover Cluster nodes.
Issue 5
loadTOCNode(3, 'moreinformation');
Hyper-V virtual machines in a Windows Server 2008 Failover Cluster have a status of "unsupported cluster configuration" if the cluster has a resource that has an MSCluster_Property_Resource_Cluster_Extension_XP_Type type. This resource type is typically used by storage replication software.
Issue 6
loadTOCNode(3, 'moreinformation');
If you add a Virtual Center server by using an account that is a member of the Enterprise Admins group, you receive the following error message when the refresh host job runs:
Error (2951) Virtual Machine Manager cannot complete the VirtualCenter action on server servername.domainname.com because of the following error: Login failed due to a bad username or password. (InvalidLogin).
This hotfix rollup also includes the fixes that are documented in the following Virtual Machine Manager 2008 update:
959596 (http://support.microsoft.com/kb/959596/ ) Description of the System Center Virtual Machine Manager 2008 update to address physical to virtual (P2V) issues
Mikael Nystrom
MCT, MVP
The auto discover feature is really cool but it will give you this error
Why?, Simple, the FQDN is in the certificate that is installed by default. So if you want this to work without any errors you need to replace the certificate with a certificate that also have that name.
In the default certificate Microsoft includes the following name by default, externaldomain.com, remote.externaldomain.com and server.internaldomain.local and we need to put the back in again plus the new name autodiscover.externaldomain.com
So this is how you do
- On the SBS server run MMC.EXE and add the snap-in for Certificates and for certificate templates.
- Change the permission on the “Web Server” certificate template and allow the SBS server to “Enroll”
- Click on Certificates (Local Computer) and open “Personal – Certificates”
- Right click “All Tasks – Request New Certificate”
- Select “Web Server”
- Select Subject Name: as Common name with the value of the external name (remote.externaldomain.com)
- Select Alternative name: as DNS and add all the names you would like to have.
externaldomain.com
remote.externaldomain.com
internaldomain.local
autodiscover.externaldomain.com
plus others if you would like to have… - Hit OK and select Enroll
Now you can open IIS Admin, open the SBS Web Application site, and change the certificate by opening “Bindings” and look for 443. Select Edit and change the certificate. You will se at least two certificates with the same name. With the view function you can see the names in the certificates.
Note. This will not destroy or delete your existing certificate, if you want you can always switch back.
There is of course one other way to fix this issue and that is to change in the external DNS. The SBS Diva has a really nice post about this if you prefer to do it in DNS instead
Mikael Nystrom
MCT, MVP Windows Server – Setup/Deployment
Microsoft has created an article on TechNet that describes the pros and cons regarding running DC’s on Hyper-V. It is pretty god and it covers almost all important stuff. Many of these issues also affects running on other virtualization platforms in the same way.
The basics is:
Do not implement differencing disk virtual hard disks (VHDs) on a virtual machine that you are configuring as a domain controller. This makes it too easy to revert to a previous version, and it also decreases performance. For more information about VHD types, see New Virtual Hard Disk Wizard (http://go.microsoft.com/fwlink/?LinkID=137279).
Do not clone the installation of an operating system without using Sysprep.exe because the security identifier (SID) of the computer will not be updated. For more information about running the System Preparation tool (Sysprep), see "Using virtual hard disks" in Ways to deploy an operating system to a virtual machine (http://go.microsoft.com/fwlink/?LinkId=137100).
To help prevent a potential update sequence number (USN) rollback situation, do not use copies of a VHD file that represents an already deployed domain controller to deploy additional domain controllers. The next three items in this list are also recommended to help avoid potential USN rollback. For more information about USN rollback, see Appendix A: Virtualized Domain Controllers and Replication Issues.
Do not use the Hyper-V Export feature to export a virtual machine that is running a domain controller.
Running Sysprep on a domain controller damages the AD DS installation. Use Sysprep before you install the AD DS role to produce a unique security identifier (SID) for that installation. (Does it? :-))
To prevent issues with Active Directory replication, ensure that only one instance (physical or virtual) of a given domain controller exists on a given network at any point in time.
You can disable host time synchronization in the virtual machine settings in the Integration Services section of the Hyper-V Manager by clearing the Time Synchronization check box.
Guest storage. Store the Active Directory database file (Ntds.dit), log files, and SYSVOL files on a separate virtual disk from the operating system files. Integration Components must be installed so that synthetic drivers can be used for Integrated Drive Electronics (IDE) instead of emulation. Virtual SCSI and IDE disks perform at the same speed when they use synthetic drivers.
Host storage of VHD files. Recommendations: Host storage recommendations address storage of VHD files. For maximum performance, do not store VHD files on a disk that is used frequently by other services or applications, such as the system disk on which the host Windows operating system is installed. Store each VHD file on a separate partition from the host operating system and any other VHD files. The ideal configuration is to store each VHD file on a separate physical drive.
Fixed VHD versus pass-through disks. There are many ways to configure storage for virtual machines. When VHD files are used, fixed-size VHDs are more efficient than dynamic VHDs because the memory for fixed-size VHDs is allocated when they are created. Pass-through disks, which virtual machines can use to access a physical storage media, are even more optimized for performance. Pass-through disks are essentially physical disks or logical unit numbers (LUNs) that are attached to a virtual machine. Pass-through disks do not support the snapshot feature. Therefore, pass-through disks are the preferred hard disk configuration, because the use of snapshots with domain controllers is not recommended.
Do not pause, stop, or store the saved state of a domain controller in a virtual machine for time periods longer than the tombstone lifetime of the forest and then resume from the paused or saved state. Doing this can interfere with replication. To learn how to determine the tombstone lifetime for the forest, see Determine the Tombstone Lifetime for the Forest (http://go.microsoft.com/fwlink/?LinkId=137177).
Do not copy or clone virtual hard disks (VHDs).
Do not take or use a Snapshot of a virtual domain controller.
Do not use a differencing disk VHD on a virtual machine that is configured as a domain controller. This makes reverting to a previous version too easy, and it also decreases performance.
Do not use the Export feature on a virtual machine that is running a domain controller.
Do not restore a domain controller or attempt to roll back the contents of an Active Directory database by any means other than using a supported backup. For more information, see Backup and Restore Considerations for Virtualized Domain Controllers. Do not copy or clone VHD files of domain controllers instead of performing regular backups. If he VHD file is copied or cloned, it becomes stale. Then, if the VHD is started in normal mode, there might be a divergence of replication data in the forest. You should perform proper backup operations that are supported by Active Directory Domain Services (AD DS), such as using the Windows Server Backup feature.
Do not use the Snapshot feature as a backup to restore a virtual machine that was configured as a domain controller. Problems will occur with replication when you revert the virtual machine to an earlier state. For more information, see Appendix A: Virtualized Domain Controllers and Replication Issues. Although using a snapshot to restore a read-only domain controller (RODC) will not cause replication issues, this method of restoration is still not recommended.
So after reading and understanding all this I hope you all understand why I don't run many of my DC’s virtualized…
The full article can be found here…
Mikael Nystrom – TrueSec
MCT, MVP Windows Server – Setup/Deployment
Ok, so this is a problem I never had myself, but friends of mine has had similar problems, the SBS team have found a workaround that works most of the time. You can read about it at “The Official SBS Blog”
http://blogs.technet.com/sbs/archive/2009/01/28/slow-connectivity-for-outlook-anywhere-and-sites-that-use-the-sbs-web-applications-app-pool.aspx
Mikael Nystrom – TrueSec
MCT, MVP Windows Server – Setup/Deployment
This update solves two issues and should be installed.
The first problem that is solved is that the security tab shows the spyware/malware status on Windows Vista SP1 boxes “incorrectly”, and I like to have that information correct for some reason.
The second problem is that when register a domain name with GoDaddy.com as the provider it fails. Not fun to be GoDaddy :-)
(Make sure that you install this patch before running trough the To-do list if you are going to use GoDaddy as a provider)
MS official KB can be found here, the patch is available from http://update.microsoft.com (and WSUS)
Mikael Nystrom – TrueSec
MCT, MVP Windows Server – Setup/Deployment
First day, fresh air, every is happy.
Up early and directly into "duty", it is the "fixing of booth's" time to do. So, in the exebition hall in Barcelona a small group of people meet up from all over the world, my self from Sweden, Oli from Germany. The team from US and so on. We haven't meet in a while, but it takes no more than 5 minutes of "Hi, long time" until he social stuff is over and everybody is working with setting up stuff so that we can do demos on our product.
Rest of that day is booth duty, meeting a lot of people that have a lot of questions. So the "design-pen" is working really hard to give them a view on have they should build their solutions...
Meeting with Liselotte, Joachim, Martin and Hasain. We are planning for TechDays in Västerås (Sweden) in march (17/18)
Back at the hotel we need to get Internet Access and of course there is WiFi, but my a "friend" of mine have discovered that the TV system is connected with a LAN cable, hmm. Can it be done???
Yes sure you can. So instead of using the "slow" WiFi network, we disconnect the tv control cable, put in a switch in the middle and then we plug in the computers. DHCP does not work, but with a static ip it works perfectly, right now I'm on 10.10.0.234/16 and the gateway at 10.10.0.1. So we are using httv :-)
Mikael Nystrom @ TechEd EMEA
So, once again I'm here in Barcelona, this year as a Speaker and Ask-The-Expert. That means that more work, less relaxing, but hey, I do not mind at all.
Arrived Sunday afternoon at the airport after a normal boring flight, but I managed to get a good seat anyway, the emergency seat gives you some extra leg space... At the airport there is a limousine waiting for me, sweet... :-) Well, since I have some friends and some bags, it was like going to work in a subway in japan, kind of packed. It took a short time to hotel (AC Barcelona) where all the speakers stay.
My good friend Olli (SBS MVP from Germany) had no room to stay in in for some reason, so hi has been staying together with me. Small room, with computers/geek stuff all over the room, imagine that :-).
After hotel and other stuff has been "fixed" we needed to run over to the CCIB where the conference is taking place to get all the stuff. Big surprise this year as a speaker you only get a EMPTY bag and the pass, all other (except MS Blue Badges) get the bag stuffed with things, some good some bad, but for speakers. Nope, lets save some... Anyway. Back to the hotel, drop bag and stuff, over the street to Mar Diagonal and pizza for 10 euro... and then bed time...
Mikael Nystrom @ TechEd EMEA
I will be at TechEd 2008 in Barcelona as a Speaker and ATE. Also I will be blog:ing. If you are going, look me up for a chat.
/mike
Snapshots is nice to have, in fact very nice to have when running a virtual platform. In Hyper-V it is easy to do snap-shots and there are no problems, or is there something you should be aware of...
Yes, there is a a issue, it is not a bug but there is something you absolutely need to know, otherwise you will be in serious trouble. So lets here the story...
A snapshot is a way to "freeze" a virtual machine so that you can reverse back to a previous state. As an example, if you want to install a servicepack or a hotfix, it could be a very good idea to do a snapshot before. In case of a big "oops" you can revert back. If all works nicely you can remove the snapshot file.
In Hyper-V the standard way to run a virtual machine is to use Virtual Hard Disks (VHD) and there are different kinds of VHD files, we have fixed size disks and dynamic disk. Fixed size consumes the size that the file have, dynamic files expand them self's while you store data. That means that for performance you always use fixed size disk, also to not dynamic disks, dynamic disk are very good for LAB and/or servers with low disk IO load.
This is how it works:
When you create a snapshot, Hyper-V creates a difference disk (a dynamic disk that is chained into the ordinal disk) and instructs Hyper-V to write data on that instead of the original disk.
That means that the performance will be lower and the load on the host machine will rise, not much but it will. It also means that the snapshot will continue to grow "if" changes occur on the disk, worse case it can be grow up to the same size as the original disk, that means that you can loose 500gb of storage in just a couple of minutes in worst case, but the biggest problem is that most customers does not know that a snapshot is not deleted when they delete it, it is merged into the ordinal disk only when the virtual machines is TURNED OFF, so lets say that you run 4 virtual machines using 127gb of disk, you snapshot them and then you delete the snapshot after 1 second or so after you have done the snapshot, no snapshots right? Sorry to say byt Hyper-V will still use the snapshots, they will grow, they will have lower performance, they will be ugly when you turn the machine off because then it starts to merge....
Let the systems run for 90 days (lets assume they are web servers or something) and then when you turned them off because you want to change the configuration or something like that. Then the 4 machines will turn off and MERGE the 127GB file into an other 127GB file, all server at the same time. I have seen it, it took almost 12 hours to reboot 4 web servers, the customer did not know how snapshot works, we where also forced to add more disk capacity to be able to make room for the merge.
- If you use snapshot, delete them after you have done your job and turn OFF the virtual machine as soon as possible.
- Only use Snapshots as a temporary protection to be able to rollback, not as a backup solution.
- Watch disk space BEFORE shutting down a virtual machine
- Use fixed size disk for performance
- Use dynamic disk for LAB/Demo/Play/low performance
- If you use dynamic disk, be sure to monitor the disk
 | Mikael Nystrom - TrueSec
MCT, MVP Windows Server - Setup/Deployment |
Today, (Bellevue, Washington) Microsoft kicked of an event called "Get Virtual Now". I could not be there but i did read the press release they published. I knew some of it but not all, i did not know that the have decided to release a Hyper-V version for free, yes, thats i correct, free download :-). They say that it will be available 30 days from today. There are some things to remember here, it does not have the same features as the "standard" Hyper-V has. Check Arlindos Blog for details about the feature list http://blogs.technet.com/aralves/archive/2008/09/08/hyper-v-server-for-free.aspx
Also check out the press info about this at Microsoft: http://www.microsoft.com/Presspass/press/2008/sep08/09-07GetVirtualNowPR.mspx
Even if the "Free" Hyper-V lacks of some of the feature, it is very good to run small customers with less then 5-10 servers, they will not need quick migration and similar. So it will be absolutely perfect for customers running SBS2003/8 or EBS2008 solutions.
Besides all that, System Center Virtual Machine Manager 2008 is coming up soon and they did do a demo of Live Migration between two Hyper-V host machines running Windows Server 2008 R2, :-)
It is true, at last the SBS 2008 is RTM, soon it will be possible to download the trial version.
You can read more from the teams blog...
http://blogs.technet.com/sbs/archive/2008/08/21/sbs-2008-released-to-manufacturing.aspx
/mike
Yes, it is supported, but there are something's to keep in mind and to make the installation be a joy.
Make sure you have enough of RAM ! It is possible to run EBS on a 8GB of RAM Hyper-V machine, not supported and very slow, but for you that does not have a very nice boss (or a friend at HP) you can install all three server on one 8GB box. Create all three machines, let the Management server have 4GB during install, when it is finished turn it of and lower the amount of memory to 1,5gb and install the Security server with 2gb, when it is done, turn of and lower the amount of memory to 1gb. Then install the Messaging server. After all servers are up and running, make sure that all services are really started. Since we are running very low on memory booting will take some time and therefore some services may not start. THIS IS NOT FOR PRODUCTION
-
Always use the "Network Adapter" but NOT on the Security Server, you MUST use the "Legacy Network" adapter for now, there are some problems with TMG right now
-
When you have installed the OS the wizard that will guide you starts up, at that time press "shift-F10" and under Action on the Hyper-V tool choose to insert the "integration Services Components" and the in the CM prompt you have type d:\support\amd64\setup /quiet. This will make the installation faster and easier to handle.
-
-
Think of WHY you want to run EBS on Hyper-V?, For test/dev (play) it is fine and for some scenarios it is perfect, but the EBS solution is a compacted, consolidated platform from the beginning so server consolidation is already done.
-
Do I run this on Hyper-V?, Yeas we do, but in production and in my own test lab and it works great.
-
Turn OFF time synchronization for all servers, they sync the time themselves
-
Use multiple .VHD's file on the all servers, one for OS and one for data and make them just the right size some that you can convert them to fixed size for performance
Hi All, long time ...
Anyway, this weekend I started the migration from B2 to RC0 in our own production environment from EBS B2 to EBS RC0. The way to do that can scare anyone, including me. It is done in something called "replacement mode". That means that you turn of the management server, and install a new management server that "replaces" that server. You might think "Holy cow, that is going to mean data loss", That was my thought to, but the EBS solution there is a nice feature call replacement mode. That means that you can replace one server (one at a time) with no data loss.
However when doing the upgrade from B2 to RC0 we cannot use a standard restore for the data so we will need to manually configure some parts.
We have another story than usually, we are both replacing and changing hardware. The old management server was a DL360 and the new one is a BL465c. All data is stored on a SAN, but not the same SAN :-). So we solved that by using iSCSI in a way that think is a really nice way. So here is a step-by-step for that migration.
- Put up a iSCSI SAN (www.rocketdivision.com)
- Attach the iSCSI LUN to the management server
- In disk manager, create a mirror of the data disk between the SAN and the iSCSI LUN (that way the system runs during replication=no angry users)
- Wait
- Wait
- Shutdown the management server
- Install the new one and before the installation of EBS, jump out with shift-f10 and start control panel
- Configure iSCSI to the same LUN and with disk manager, create a mirror between the iSCSI LUN and the other SAN
- Wait (faster this time)
- Fix all disk stuff (like orphan disks and that kind of stuff)
- Install in replacement mode
- Done!
The only problem we had was that one "critical patch" didn't install, it was the "Silver Light" update and that is something I wasn't so sad over.
The first server is done and today will we go for the next one. stay tuned for more...
Mikael Nystrom
MCP, MCDST, MCT, MVP Windows Server - Setup/Deployment
Really cool stuff, a "wiz-kid" from Oslo, Norway has the coolest gadget for Windows Vista ever!
It is a Hyper-V monitor where you can start, stop, save and see all your virtual machines status. If you like, you can just click on them to fire up the console. Great job !!!
Check out the screenshot... and download from Tore Lervik's site
http://mindre.net/post/Hyper-V-Monitor-Gadget-for-Windows-Sidebar.aspx
Anyway, I have been running that for awhile and it works pretty well.
There are some issues that you may want to know about, it is about the "Legacy Network Adapter". I wrote a blog post about the difference between the Legacy and the Synthetic network adapter. But there are some more things you need to know.
-
The Legacy Network adapter is slow, don't use it if you don't must
-
The Legacy Network adapter is running in emulated mode for backward compatibility
-
The Legacy Network adapter does not like moved to another parent partition, it will be reconfigured
-
The Legacy Network adapter consumes more resources from the parent partition
Yes I know, it is a little bit of drama to put it this way, but the basic content is to never use the Legacy Network Adapter if you don't MUST. So when is the Legacy Network adapter a needed thing,
-
You are NOT running Windows Server 2003/2008, Windows XP, Windows Vista in the child partition (well, you need the correct SP level to)
-
You need PXE boot (Do not install VMs this way, it sucks, use template images instead, syspreped and ready to go...)
Mikael Nystrom
MCP, MCDST, MCT, MVP Windows Server - Setup/Deployment
At the Microsoft Worldwide partner conference (Houston, Texas) they showed the EBS RC1 bits for the first time, a lot of stuff has been changed. "The Rise of the Tool" has been a fact. You need to run the preparation tool and planning tool to unlock the installation. They don't want you to be able to make any mistakes here. There has been none support (built in)for backing up a complete EBS solution but that has changed, now there is a solution for backing up everything, including Exchange. The Admin Console has got the first "plug-ins". I have tested the Share point Plug-In and that is very nice, some bugs, but they will be corrected. We run the RC0 bits in production at work, but in my dog food environment I switched to RC1 Escrow, the install went like a charm. I even want to try a "complete remote install", So with some connectivity to that location. I completely manage to install everything from scratch. The hardware was a c3000 with 4 blades and I used iLO access over VPN to a simple firewall...
Read more about the RC1 demo(screens shots)
Mikael Nystrom
MCP, MCDST, MCT, MVP Windows Server - Setup/Deployment
And in that email there whare some information...
. SBS and EBS launch date is November 12 - kicking off availability and launch activities worldwide.
. SBS and EBS will both reach the Release Candidate 1 milestone very soon, another step closer to RTM.
. The EBS SDK and Development Center will go live next week on MSDN. SBS SDK will be available soon.
Please keep this information confidential until Monday morning, after which we certainly encourage you to help spread the buzz. Thanks!
Stay tuned for a blog post about EBS RC1 very, very soon :-)
Mikael Nystrom
but to win we need someone to vote for us, so please if you like the podcast vote for us :-) On the left side, you can click for the BIG vote button.
Mikael Nystrom
There is one special guy working at Microsoft, his name is Kevin Beares. His job is basically to get feedback from the community and provide the community with information. For the third year hi has published the "Survey", the one and only survey that you should fill out. Please help Kevin and your self by going to:
http://connect.microsoft.com/SBSCommunity/Survey/Survey.aspx?SurveyID=6295
One small trick, you may get an "PAGE NOT FOUND" and that is because you are logged on to Connect, this survey is supposed to anonymous so log out if get that messages.
If you want, you can read his blog directly...
http://blogs.technet.com/kevin_beares/archive/2008/05/23/the-windows-small-business-server-2008-ww-community-survey-is-live.aspx
Mikael Nystrom
MVP Windows Server - Setup/Deployment
So Hyper-V is in RC1 and it is available as a public download for all, in total there are four files that you should know of.
Install, update the existing installation (RC0) but please beware that you should:
- Shutdown all the guests, do not use the save state feature. That is NOT supported. All the child needs to be shut down...
- Delete all snapshots and snapshot trees. They can not be used anyway
- All IC's are on the IC ISO, including support for W2K8 (last time the W2K8 was a download from Microsoft)
- If you are running BETA of Hyper-V you need to recreate the child configurations but not the VHD file.
Then you upgrade the parent and then all the child. Improvements in RC1 is (really hard to guess) performance, stability, security, user experience, new programming model, forward capability. Most stuff you don't see or feel, except for the user experience part and the performance :-)
Mikael Nystrom
MVP Windows Server - Setup/Deployment
| Yes, this is going to "sound" a little bit strange, I'm fully aware of that. But the story goes like this. Long time ago I heard about something called "Centro", it was way back in time at a partner conference and the first thing that popped up in my mind was. That is something I want to be a part of, I want to play in the "band" you could say. I tried to pull every string I had, calling, mailing to the folks at MS and the most common answer was "What???". Finally I got contact and I managed to get in to the PV-TAP for "Centro". Suddenly I was working with the greatest team at Microsoft. At During the night I was trying to install and configure and at the same time banging my head every time I it did not work the way I thought it should do :-) . But it was so fun. I spend a couple of times over in Redmond at different conferences, airlifts and other stuff. Every time I was over there i tried to get meetings with the people in the team to discuss solutions, customer demands and my own "wish" list. During that time I worked hard on connect to give the team feedback and during the TAP Airlift for RC0 we had a couple of weeks ago the reward was given to me. Apparently I have been bashing most bugs on the BETA2 platform and the reword for that is a signed electric guitar, A signed guitar... |  |
So, thank you, Mike, Don, Chuck, Steve, Bjorn, Christer and the rest of the team (I'm sorry I dont remeber all the names)
By the way, If the next top price is a piano, could you please help my by letting me know before :-)
Mikael Nystrom
MVP Windows Server - Setup/Deployment |  |
It took a while, but I finally discovered that the error occurs when you want to use VLAN tagging on the child partitions (guests) and the default VLAN Id for the physical NIC is set to 0 (or empty), the physical NIC needs to have something. My guess is that doing that enables the VLAN feature on for the NIC and that makes it possible for the Hyper-V networking components to use VLAN correctly.
Mikael Nystrom
MVP Windows Server - Setup/Deployment
You are not alone, there is a problem with some models of HP's "HP Network Configuration Utility" and when removing or adding the Hyper-V role. The problem is that when adding/removing the Hyper-V role on the RC0/RC1/RTM (According to HP this is going to be solved) release of Hyper-V it tries to modify network settings and the cpqteam.dll does not respond correctly to that kind of call. The result is an endless wait for the configuration to end, and that will never happen so you are "toasted". So to avoid the problem simply uninstall "HP Network Configuration Utility" before adding/removing Hyper-V.
And how do you do that, you may ask, well it is much easier than you think. Go to Network and Sharing Center", Manage "Network Connections", select your network adapter, select properties, find the HP tools in the list of services and protocols, select it and then click "Uninstall". Done
If you already ended up with a rebooting server that get stuck on 78% and never passes that there is a way.
- Shut it down
- reboot on a WinPE cd/dvd (You can use the install DVD and select recover/repair to get a CMD prompt)
- Find the folder for that app (C:\Program files\HP\NCU]
- Rename the cpqteam.dll to cpqteam..dll.pleasemakethiswork
- Reboot
- Change the name of the dll back to the previous name
Mikael Nystrom
MVP Windows Server - Setup/Deployment
You might ask "why", well it is a very simple answer to that, In some scenarios the product key wont work anymore, yes, I know its weird but its true.
The slipstream function does for some reason behaves differently and the result sucks, no keys work on that machine when doing a fresh install. In XPSP3 they have changed the default behavior in a way that makes it possible for a user to install without any key and have trial period of 30 days, for some reason all that is broken when doing the slipstream on a Windows Vista or a Windows Server 2008 machine, The problem was discovered in RC1 of SP3 but for some reason this issue has not been addressed. So the only solution is to slipstream on a Windows XP/Windows Server 2003 box.
Mikael Nystrom
MCP, MCDST, MCT, MVP Windows Server - Setup/Deployment
As you may know I'm a Microsoft Most Valuable Professional in the area of Setup/Deployment. That is a reword I have been given for three years now. That also means that we are invited to Seattle/Redmond every year to meet up with all the other 1752 MVP's around the world and too meet with all the teams (In total it was about 1000 Microsoft employees that meet all of us, that is an amazing opportunity for us (and for Microsoft) to get head-to-head information from us, our customers, our user groups and for Microsoft to be able to explain different choices they have done so that we can get that back to all our customers. It started on Monday with general sessions, but the most interesting days are Tuesday and Wednesday, those are the days when we hook up with the teams. I belong to the Setup/Deployment team and we spent two days in bldg 26/1526. Unfortunately I can't tell you almost anything since that information is under NDA, but they gave us a view of how setup is working, they know about the problems and the best thing is that they are working to fix it. However some things was new to me and one cool toll was the VAMT (Which I will explain some day and some stuff in SP1 that did not know)
The last day we listened to Steve Ballmer and we also had the chance to ask questions, it is amazing that Steve Ballmer has both a great understanding for business and the same time has deep knowledge of technologies, not many people do. In his session hi told us a lot of stories from the "old" days and hi also gave as a couple of promises, the best promise was that if we send an email to ANY Microsoft and we don't get an answer, he told us that we could CC him and that he would take the "correct" action. It had never happened to me, but if it does I will send him an email... Hi also stated that "Windows Vista - Is a work in progress"... :-)
I just want to say a very big THANK YOU!!! to the team and all the others that joined in, Patrick, Daniel, Laura, Michael, Matthew, Ramprabhu, Kimberly, Jeremy, Jeff for letting us come and have this kind of discussions, I love them... (If I'm reworded next year, I'll promise to not to use the "S" words in our discussions)
I also want to say thank you to my fellow MVP's in Setup/Deployment group that was attending the event, Andy, Kenneth, Jay, Johan, Hasim, Jon, Rhonda. You can find the other MVP's in Setup/Deployment here...
https://mvp.support.microsoft.com/communities/mvp.aspx?product=1&competency=Setup+%26+Deployment&page=1
Most important - if you ever are in the mood of doing some serious installation of Windows in any way, please visit the starting page at Microsoft for that http://www.microsoft.com/Deployment (Psst, use the MDT 2008)
Mikael Nystrom - TrueSec
MVP Windows Server - Setup/Deployment
So we all know that Microsoft has released SP1 for Vista, not for every languange but for the most common one (according to MS anywhay), well what you may or may not know is that there are a video recoreded for "customers" to get a grip on whats in that in an other way that you be used with... Check it out at http://uk.youtube.com/watch?v=sPv8PPl7ANU
Its not so many blogs about Essential Business Server (yet), but there are a few, on the other hand its not the amount that is important, the content and quality is in my opinion more important. There are a couple of blogs that are worth reading. First you have the teams official blog, you find it at http://blogs.technet.com/essentialbusinessserver/default.aspx and so far Eric Watson has been writing stuff there (Eric works on the team and hi knows EBS), the other blog is Oliwer Sommer's blog. Olli (like me) has been a part of the TAP for EBS and hi runs EBS in production (like we do at TrueSec). You will find hos blog here http://dnn.ebsfaq.com/
Besides those blogs I will continue to write article stuff around EBS on this blog and on http://dnn.ebsfaq.com/
Mikael Nystrom - TrueSec
MCP, MCDST, MCT, MVP Windows Server - Setup/Deployment
In Small Business Server 2008 a big question has raised, the "big" question is about users, and especially "how many". The simple answer is "the same as before".
So way has this popped up to be a "issue", well,,, let me put it this way, when the marketing people at Microsoft try to explain stuff, they forget about details some times...
So in the simplest way, nothing has changed regarding the amount of CALS you can have and use in SBS 2008
Small Business Server 2008 is designed for 5-50 users, but in the transition(This is Microsoft's idea on why to use more than 50 Cal's, however, many customers are not going to change to an enterprise environment just because they are 51 users. They keep running SBS for good reasons, which perfectly OK) to a new system you can install up to 75 users, This is the same as it was in Small Business Server 2003, But when the marketing people at Microsoft communicate the forget about the real upper level, which is still 75 users/devices. So in this nothing has changed. So why I'm writing this?, well, a large portion of the "community" think otherwise...
In this link you can read hat SBS2008 "Is designed for 50 users or fewer" and on this link the maximum users are 75
Mikael Nystrom
MCP, MCDST, MCT, MVP Windows Server - Setup/Deployment
This year I'm going to Las Vegas as a speaker, I have a session with the flashing title of "How to make a master image in System Center Virtual Machine Manager", so I'm going to explain and to do a lot of demos on bets practices on that subject.
See you in Las Vegas 
Thursday, May 1 11:45 AM - 1:00 PM, Bellini 2102
Speaker(s): Mikael Nystrom
Session Type(s): Breakout
Products(s): Virtual Machine Manager
Creating a new virtual machine in System Center Virtual Machine Manager is no big deal, but doing it the smart and easy way is a whole other story. You need to create a machine somehow, sysprep it and store it - or should you use another approach? There are many ways of achieving your goal and in this session I will show you what works and how to complete them. We will go from nothing to the perfect master image and you will see how it's done. We will also talk about the difference between storing virtual machines on servers or in libraries
Hi, this year I'm going to TechEd US as a speaker for two sessions:
Windows Small Business Server 2008: Deployment and Migration Best Practices
Following on the success of Windows Small Business Server 2003 R2, Small Business server 2008 simplifies setup and installation of all major technology components, such as Microsoft Exchange, SharePoint, and WSUS. The combination of Windows Essential Business Server and HP ProLiant servers provides a robust midmarket business infrastructure solution. This session illustrates best practices for deploying Smalll Business Server in the most common deployment and migration scenarios. It includes recommended server, storage, and networking and configurations for HP ProLiant rack servers.
Windows Essential Business Server – Deployment and Migration Best Practices
Windows Essential Business Server 2008 is a new multi-server solution designed to meet the IT infrastructure needs of mid-size businesses. It is built on the Windows Server 2008 technologies and including key workloads of Messaging, Security, and Management.. The combination of Windows Essential Business Server and HP ProLiant servers provides a robust midmarket business infrastructure solution. This session illustrates best practices for deploying Windows Essential Business Server in the most common deployment and migration scenarios. Includes recommended server, storage, and networking and configurations for both the HP BladeSystem c3000 (“Shorty”), as well as popular HP ProLiant rack servers, resulting in maximum benefits of the HP and Microsoft partnership.
Hope to see you in Orlando
On Microsoft download you can now download the Remote Tools, back in the old days we used to have "admninpak,msi" but the have changed the name to Remote Tools (RSAT). This toolkit works on vista 32/64, but NOT in WXP.
Mikael Nystrom
MCP, MCDST, MCT, MVP Windows Server - Setup/Deployment
A while ago a wrote an article for SMBPC Magazine, the article was about how to create an USB Stickthat boots up in WinPE 2.0(2.1). A lot of people have mailed me and asked for the script, so here it is...
Dont forget that you need WAIK from Microsoft
Script No:1 (This creates the WinPE image)
REM Usage pimpit x86 or amd64
REM First we remove old stuff
rd C:\winpe_%1 /s /q
REM Use copype.cmd to create the WinPE image
call copype.cmd %1 C:\winpe_%1
REM Mount the Image for customization
imagex /mountrw C:\winpe_%1\winpe.wim 1 C:\winpe_%1\mount
REM Add HTA support
peimg /install=*HTA* C:\winpe_%1\mount\Windows
REM Add MDAC support
peimg /install=*MDAC* C:\winpe_%1\mount\Windows
REM Add Scripting Support
peimg /install=*Scripting* C:\winpe_%1\mount\Windows
REM Add WMI Support
peimg /install=*WMI* C:\winpe_%1\mount\Windows
REM Add XML Support
peimg /install=*XML* C:\winpe_%1\mount\Windows
REM Add 3:rd party drivers
peimg /inf=C:\winpe_drivers\nic\%1\*.inf C:\winpe_%1\mount\windows
REM Add the Imagex tool
copy "c:\Program Files\Windows AIK\Tools\%1\imagex.exe" C:\winpe_%1\mount\windows
REM Add ollfine servicing tool
xcopy "c:\Program Files\Windows AIK\Tools\%1\servicing" C:\winpe_%1\iso\servicing /s /i
REM Add an XML component
copy %windir%\system32\msxml6*.dll C:\winpe_%1\iso\Servicing
REM Add the bootsect tool (you need it to be able to switch between /nt60 and /nt52 boot style (Vista/Xp)
copy "C:\Program Files\Windows AIK\Tools\PETools\%1\bootsect.exe" C:\winpe_%1\mount\windows
REM Add 3:rd party apps
copy c:\winpetools\*.* c:\winpe_%1\mount\windows\system32 /Y
REM Prepering the Image
peimg /prep C:\winpe_%1\mount\Windows /f
REM Comitting an dismounting
imagex /unmount /commit C:\winpe_%1\mount
REM Copy the new wim fil to the right location
copy C:\winpe_%1\winpe.wim C:\winpe_%1\ISO\sources\boot.wim
REM Creating the ISO image
oscdimg -n -bC:\winpe_%1\etfsboot.com C:\winpe_%1\ISO C:\winpe_%1\winpe_%1.iso
However, this script has some modifications, first of all there is a couple of folders that you need to make this work.
-
c:\winpe_drivers\nic\x86 - This is where you put 32 bit nic drivers that are not included in WinPE
-
c:\winpe_drivers\nic\amd64 - This is where you put x64 bit nic drivers that are not included in WinPE
-
c:\winpetools - The location for all apps you want in the system32 folder for direct access
Next thing you need to know is how to prepere the USB stick. So goahead plug it in the computer, fire up the command prompt and start diskpart:
diskpart
list disk
You get a list with all disks, take a note of the number to the left for your USB drive
sel disk 1
clean
cre par pri
sel par 1
active
format fs=fat32
assign
exit
The disk is now format and bootable, last thing to do is to open the folder called c:\winpe_x86\iso and copy all of that to the USB stick.
Done !
You can download this file or just copy/paste...
Mikael Nystrom
Senior Executive Consultant
MCP, MCDST, MCT, MVP Windows Server - Setup/Deployment
Finally Microsoft has released the tool that enables you to sit down at your Windows Vista SP1 and control your Hyper-V virtual machines remotly. I have been running this for a little bit over two weeks, works great. The tool handles commandline syntax and normal GUI style by clicking...
vmconnect.exe <ServerName> <VMName>
you will find it in the folder c:\program files\Hyper-V
http://support.microsoft.com/?kbid=949758
Now things are getting fun, the RC0 is a milestone and Microsoft is getting somewhere with their virtualization and they are getting in the right direction as i looks now.
You can download and read about upgrading/migrations stuff here http://support.microsoft.com/kb/949219.
This is some of the changes in Hyper-V RC0:
-
Partial Localization. Hyper-V Release Candidate is partially localized in Japanese & German. This means that when Hyper-V is enabled on Windows Server 2008 Japanese or German many of its text strings will appear properly translated. In other cases, text strings may still appear in English. Hyper-V will be full localized at Hyper-V RTM.
-
International Locales: The Hyper-V Beta could only be enabled on an EN-US locale. Hyper-V Release Candidate can now be enabled on international locales; however, Hyper-V Release Candidate is only partially localized for Japanese and German. Thus, if you enable Hyper-V Release Candidate on any other language (such as Spanish, French, or Italian) it will appear in English
-
Compatibility: Compatible with more hardware configurations
-
Stability: Numerous issues under heavy load have been addressed
-
Performance improvements
-
Additional fixes for scalability and reliability
-
Support for Windows XP (X86) and Windows VIsta (X86) as guests
-
Support for Windows Server 2003 (x86) 2-way SMP (still only support for W2K8 x64)
-
Using pass-through disks is faster
-
Installing guests over RIS/PXE/WDS has improved (speeeeeeeeeeeed)
-
-
Mikael Nystrom - TrueSec
MCP, MCDST, MCT, MVP Windows Server - Setup/Deployment
Now i really know how all the tests are created, well I don’t know all detail and even if a could most of that information is classified as "secret", which means that I can’t talk about. But I'm going to tell you a little bit about this anyway and that’s for a very good reason. They have changed and I really mean changed. Let me explain. I'm not working on Microsoft, but I'm hired as a SME (Subject Matter Expert) and together with a group of other SMEs we are working for a couple of days here in Redmond to help Microsoft to get the right idea, the right mindset and the right qualification of the "candidate", We as SMEs are those who tell them real world examples, real world experience and what we think a candidate who has passed the exam should know. The idea of using people from the field and the world outside of campus id of curse very, very smart when developing exams. So when you take the exam, have in mind that I spent tree days on that just for you :-)
Mikael Nystrom – TrueSec
MCP, MCDST, MCT, MVP Windows Server – Setup/Deployment
I will start by informing you on the fact that i need to switch from Swedish to English in this blog...
Today, March 18, 2008, Microsoft announced the release of Windows Vista SP1 to the web.
From today, customers can get Windows Vista SP1 in English, French, German, Spanish, and Japanese by visiting Windows Update or the Microsoft Download Center. In about a month Windows Update will begin automatically downloading SP1 to PCs set to receive updates automatically. (Note: it will download automatically, but not install without the user explicitly agreeing). Windows Vista SP1 will be available in the remaining 31 languages beginning in April.
Microsoft has identified a "small" set of device drivers that may be problematic, if installed on a Windows Vista PC that is subsequently updated to SP1 and therefore they have configured Windows Update to delay offering SP1 to PCs with these identified drivers installed.
Microsoft have worked with their partners to produce driver updates for a majority of the issues found and they use Windows Update to deliver these updated drivers to PCs in advance of offering them SP1.
If you would like to download the service pack, but finds it is not offered via Windows Update—even after updating their PC with the latest “optional” driver updates from Windows Update and from their computer manufacturer’s website—you can download it via the Microsoft Download Center .However, Microsoft recommends users install SP1 via Windows Update, as that will help ensure that you "the best experience". If you download from the Microsoft Download Center be sure to read these Knowledge Base articles: 948187 and 948343
Mikael Nystrom - TrueSec
Senior Executive Consultant
MCP, MCDST, MCT, MVP Windows Server - Setup/Deployment
Microsoft har släppt en enkelt dokument som beskriver hur man lägger till en Windows Server 2008 i en Small Business Server 2003 miljö, dokumentent omfattar även hur man lägger till den nya servern som en DC, vilket man kanske vill göra. Här ligger det iallfall:
http://technet2.microsoft.com/WindowsServerSolutions/SBS/en/library/eca2caef-d7be-41c1-8cf8-02cf8681e84f1033.mspx?mfr=true
Mikael Nystrom - TrueSec
MCP, MCDST, MCT, MVP - Windows Server - Setup/Deployment
Jaha, nu är det snart *** på allt hemlighetsmakeri då, det är korten på bordet som gäller, lite skönt, lite tråkigt, fast det ska bli superkul att skriva det här, det är ett som är säkert:-) det finns ju förståss en samlings websida för hela kalaset http://www.microsoft.com/windowsserver/essential/default.mspx
Så Windows Essential Server Soultions är alltså en "familj" och i den familjen kan man välja mellan "Windows Small Business Server 2008" och "Windows Essential Business Server 2008", just finns "bara" dessa medlemmar och dom två tillsammans täcker upp området mellan 5 och 250 användare (faktiskt kan man köra upp till 300 om man vill) Några detaljer som du kanske vill veta är att det fortfarande är beta och det kan komma att ändras, det kommer att finnas två olika typer av CAL:ar, Std resp Premium CAL:s, migrerings/uppgraderings scenarion är det som man har lagt ner det största jobbet på hitills.
 Windows Small Business Server 2008 Standard Edition
- Windows Server 2008 standard (x64)
- Windows SharePoint Services v3
- Exchange Server 2007
- Forefront Security for Exchange
- Windows Live OneCare for Server
- Integration with Office Live Small Business
Small Business Server 2008 är sig lik på det sättet att den körs på en enda server. Vill/Behöver man ytterligare servrar så är det bara att köpa till flera (dessa kan dock INTE vara SBS servrar utan måste vara vanliga servrar) Förutom alla dessa produkter så innehåller den förståss nya RemoteWebWorkplace som är riktigt bra och det finns också en central konsol att hantera hela miljön ifrån. Du kanske undrar vad Windows Live OneCare for Server är och är en Antivirus lösning för servern som räcker ett år och ingår i lösningen, kunden kan sedan köpa loss ytterligare år om han vill. Det där som kallas Office Live Small Business är faktiskt rätt tufft, det är en online tjänst från MS där man kan bygga upp en stor del av sin verksamhet, det finns verktyg för att bygga sin egen web, rapport hantering, email, domännamns hantering och liknande, i princip skulle jag vilja säga att det är "en extern website" som kunden kan sköta själv. Med SBS2008 kommer alltså Microsoft att erbjuda kunderna en mycket mer komplett paketlösning har ett mer affärsinrikat fokus, SBS2008 har på nått sett fått ett "jobb" att utföra. http://www.microsoft.com/windowsserver/essential/sbs/default.mspx |
 Windows Small Business Server 2008 Premium Edition
- Standard Edition plus a second server running...
- –Windows Server 2008 standard (x86)
- –SQL Server 2008 Standard Edition
I premium versionen så får man ett extra OS och en SQL2008, SQL2008 behöver faktiskt INTE installeras på just den här extra servern, man kan om man vill installera den på den första och iså fall kan man använda den andra servern till i princip vad som helst, den måste dock vara med i SBS2K8 domänen som en memberserver eller en additional domain controller, man skulle kanske kunna använda den som terminal server om man vill, vet inte om det är ok att göra så men skulle tro det, annars kanske en del 3:e parts företag skulle bli riktigt glada, då har dom ju en server att lägga sina app:ar på :-) Anledningen till den där extra servern är att när man närmare sig den övre gränsen för vad SBS är tänkt för så brukar dom servrarna inte orka så mycket mer och där för körs alltså premium versionen helst på två servrar, vilket man får licenser för. http://www.microsoft.com/windowsserver/essential/sbs/default.mspx |
 Windows Essential Business Server 2008 Standard Edition
- Windows Server 2008 standard (x64)
- Exchange Server 2007
- Forefront Security for Exchange
- Microsoft System Center Essentials
- Microsoft Forefront Security for Exchange Server
- Microsoft ISA Server (Next Version)
Det som folk vet minst om är uppenbarligen Essential Business Server och det kanske inte är så konstigt, den har inte funnits tidigare och det är nog den första och för tillfället enda produkt/lösning som kräver flera servrar, man måste alltså ha TRE servrar för standard versionen. Den första servern är en "Manager-Server", den andra en "Security-Server" och den tredje är en "Messaging-Server". Man får alltså med alla licenser och program i ett litet kit som installerar hela rasket, hur snyggt som helst. Förutom dom listade produkterna så innehåller den också verktyg för att kunna administrera hela miljön från en enda konsol med översikt och verktyg för att se och åtgärda i princip allt, tanken är ju att "Chris Green" (killen som är Admin på företaget) ska kunna sköta allting själv och dessutom med halva lillfingret, man kör hela kalaset på tre olika servrar som samtliga måste vara x64 så klart. En förbaskat tuff grej är att man har samarbetat med bland annat Symantec, HP och några till, faktiskt ganska många till och dom gör så kallade "plug-ins" till EBS, alltså kan man i admin konsolen också hantera dom flesta tredje part program från samma ställe och i och med att System Center Essentials ligger i så kan du övervaka och monitorera både hårdvara och mjukvara så länge det finns managmentpack, klart bra. Att RemoteWebWorkplace finns här är ju givet (för mej) men det var ett tag när dev teamet uppe i Redmond inte trodde att det skulle vara något som tilltalade deras kunder, jag har vi dupprepade tillfällen förklarat att dom har fel och det lönade sig tydligen... http://www.microsoft.com/windowsserver/essential/ebs/default.mspx
|
 Windows Essential Business Server 2008 Premium Edition
- Windows Server 2008 standard (3x x64 + 1x x86)
- Exchange Server 2007
- Forefront Security for Exchange
- Microsoft System Center Essentials
- Microsoft Forefront Security for Exchange Server
- Microsoft ISA Server (Next Version)
- Microsoft SQL Server 2008
Det som i princip inträffar här är att man får en ytterligare server med Windows Server 2008 x86 och SQL 2008. Tanken är ju här att man ska kunna köra kundens LOB:ar på en separat server. Så det totala antalet servrar i Essential Business Server 2008 Premium är alltså 4 st http://www.microsoft.com/windowsserver/essential/ebs/default.mspx
|
Som du säkert har klurat ut redan nu så går det åt lite servrar och när det gäller hårdvarukrav på EBS så skrev jag en blogpost om det här http://dnn.ebsfaq.com/EBS/Setup/Hardwarerequirements/tabid/1217/Default.aspx dessutom kanske du ska börja fundera på att ha riktiga servrar till en sådan här lösning, jag tänker framförallt på en HP cs3000 blad server lösning istället för att köra en trave rackservrar
Vill du se när Microsoft kör demo på EBS så finns det en videoinspelning som togs på ITForum 2007 (Jag och Olli satt längst fram och kollade) så kan du kolla på filmen här http://www.microsoft.com/emea/spotlight/sessionh.aspx?videoid=729 och det är bland annat Kent Compton från teamet som är med och presenterar, han har sin egen blog här http://blogs.technet.com/kent_compton/archive/2008/02/06/essential-business-server-video-shot-at-it-forum-is-now-online.aspx
Faktum är att Essential Bussiness Server redan har dykt upp som en WiKi, http://en.wikipedia.org/wiki/Windows_Essential_Business_Server
Det finns HUR mycket som helst att säga om dessa produkter och kommer att göra mitt bästa för skriva så mycket jag kan om det här, å du, de e nu det roliga börjar...
Om du är sugen på att lära dej dom här bitarna innan det finns kurser och sånt så kommer jag att köra LAB:ar med dom här grejerna, kolla in http://www.labcenter.se/Lab/2010
Mikael Nystrom
Senior Executive Consultant - TrueSec
MCP, MCDST, MCT, MVP Windows Server - Setup/Deployment
Ben Armstrong som arbetar med virtualisering hos Microsoft hade förut en BLOG artikel kring hur man använder BitLocker tillsammans med virtualisering, men den var han tvungen att ta bort då det stred mot EULA:n.
Det har nu ändrats och därför finns den nu uppe igen och är reviderad.
http://blogs.msdn.com/virtual_pc_guy/archive/2008/01/23/using-bitlocker-under-virtual-pc-virtual-server.aspx
In Hyper-V there are TWO kinds of network adapters inside the virtual machines, first there is the "Network Adapter" and then there are the "Legacy Network Adapter". The difference between those are very simple. The Legacy Network Adapter is needed when you need PXE boot OR your OS needs access to the network before you can install "Integrated Components". That happens when you try to run "Some new package solutions from Microsoft" on Hyper-V. The "Network Adapter" requires that you install "Integrated Components" (yes the contain the synthetic driver that is required for the Network Adapter" to work. So if you want to be 100% sure that the network is going to be there during the installation phase, use the "Legacy Network Adapter".
When the OS is installed, add the integrated components. If you install "The new server solution" you will have to wait until the setup is complete or you can use the "Shift-F10" function. Pressing Shift-F10 when the OS is installed but you don't have explorer up yet, brings up a command prompt, then use the Hyper-V tools to insert the Integrated Components ISO image and install the IC from the CMD prompt (32 bit is in the x86 folder and the 64bits are in the amd64 folder), and then restart. The simplest way is to use the "Legacy Network Adapter" all the way trough the install phase, then add the Integrated Components, shut down, edit the settings and remove the "Legacy Network Adapter" and replace that with an "Network Adapter", you also may want to be sure that the boot order is correct since that could have been changed.
So to simply this:
-
Create the Virtual Machine in Hyper-V, select to "install the operating system from the network". Dont start the machine
-
Edit the machine so that you have 2 or four CPUs (This only works with some OS, among thooese are W2K8 64 bit)
-
Change the boot order so that this fits your purpose (Boot on ISO is preffered)
-
Start the machine, run trough the installation, finnish and install the "Integrated Components"
-
Shut down the virtual machine, edit the settings and replace the "Legacy Network Adapter" by removing it and then you add a "Network Adapter"
One question you might ask is "why?", simple answer, The Legacy Network Adaapter is a bit slower as it runs in the workprocess in ring 3 in the parent partition, the "Network Adapter" uses the new highspeed vmbus instead.
note: "The new server solutions" are not supported on Hyper-V (This could however be changed in the future)
note 2: One thing to keep in mind here is that if you select to install from network (when crating the machine), Hyper-V is going to select a "Legacy Network Adapter", otherwise it picks the "Network Adapter"
Mikael Nystrom
MCP, MCDST, MCT, MVP Windows Server - Setup/Deployment
In English
Mmm, nu är det dags att börja lätta på locket kring EBS igen, BETA 2 är ute och det är nu 3 företag som kör den skarpt, TrueSec kommer att bli företag nummer fyra, vår installation drar igång i nästa vecka. Det ska bli lite spännande faktiskt, men skit i det nu. Essential Business Server består av 3 eller 4 servrar, en Management Server, en Security Server och en Messaging Server. Alla tre kräver x64 arkitekturen och det behövs ganska mycket hårdvara.
Här är vad du behöver:
| |
Minimum |
Recommended |
| The Management Server |
Single core CPU x64 with 2.5Ghz or Multi core/Multi CPU x64 with 1.5Ghz
2 GB RAM
OS part 100Gb + Data part 100Gb
Bootable DVD ROM
1 NIC |
Multi core/Multi CPU x64 with 2 GHz
4 GB RAM
OS part 100Gb + Data part 100Gb
Bootable DVD ROM
1 NIC |
| The Security Server |
Single core CPU x64 with 2.5Ghz or Multi core/Multi CPU x64 with 1.5Ghz
2 GB RAM
OS part 100Gb + Data part 100Gb
Bootable DVD ROM
2 NIC |
Multi core/Multi CPU x64 with 2 GHz
2 GB RAM
OS part 100Gb + Data part 100Gb
Bootable DVD ROM
2 NIC |
| The Messaging Server |
Single core CPU x64 with 2.5Ghz or Multi core/Multi CPU x64 with 1.5Ghz
2 GB RAM
OS part 100Gb + Data part 100Gb
Bootable DVD ROM
1 NIC |
Multi core/Multi CPU x64 with 2 GHz
4 GB RAM
OS part 100Gb + Data part 100Gb
Bootable DVD ROM
1 NIC |
Nu finns det ju lite saker att tänka på här, ska du eller ska du inte använda SAN och isåfall vilket SAN, vilken typ av SAN? En väldigt bra fråga att ställa sig, själv skulle jag välja SAN så fort ekonomin tilläter det hela och i en sådan här liten miljö kommer ett ISCSISAN att fungera utmärkt faktiskt. Det finns två aktörer på marknaden tycker jag, dels Microsoft som har sin "Windows Unified Data Storage Server" och dels "StarWind" från RocketDivision, Med StarWind gör du enkelt om en vanlig Windows Server till en ISCSI server. Använder man INTE SAN, tja då har vi en disk konfiguration som ser ut ungefär så här:
The management server, 1 RAID1 for OS and 1 RAID5 for DATA,
The Security Server, 1 RAID1 for OS
The Messaging Server, 1 RAID1 for OS and 1 RAID5 for DATA
Som vanligt så är detta inte helt klara siffror, se det mer som om det är det här dom gäller just nu men det kan säkert ändras av politiska skäl...
Mikael Nyström
MCP, MCDST, MCT, MVP Windows Server - Setup/Deployment
Nu har Micke & Micke suttit och snackat skit igen, avsnitt nummer 13 av The Nerd Herd är ute.
Den här gången så pratar vi om framtiden för Windows Server 2008 och vad som kommer att hända med The Nerd Herd (nej, dessvärre kommer vi inte att sluta...)
Skulle gissa att Micke har skrivit ungefär samma sak, men vill du kolla så är hans post här: http://blogs.technet.com/michand/archive/2007/12/16/the-nerd-herd-avsnitt-13-windows-server-2008-and-beyond.aspx
Mikael Nyström
MCP, MCDST, MCT, MVP Windows Server - Setup/Deployment
Verkar som om Microsoft har lagt i en ny växel, nu har dom nämligen släppt loss den senaste BETA versionen av Hyper-V. Jag ska vara ärlig och säga som det är, jag har forfarande inte hunnit testa allt...:-)
Ok så vad har dom gjort den här gången, jo en hel del men innan vi ger oss i kast med vad den innehåller för skoj så några saker jag har upptäckt...
Nummer 1:
Att uppgradera Windows Server 2008 RC0 till Windows Server 2008 RC1 är helt ok och supporterat, men att göra det när Hyper-V är installerat och sedan uppgradera till den versionen som nu finns att ladda hem som heter Windows Server 2008 RC1 with Hyper-V Beta är INTE supporterat och bör inte ens tänkas på enligt MS själva, det är på nivån "brrr". Så ominstallation är det enda riktiga och vettiga just nu.
Nummer 2:
Samtliga maskiner måste skapas på nytt, det interna formatet på XML filerna är förändrat. VHD filen behöver dock INTE förändras, det är fortfgarande samma format och förväntas fortsätta vara i samma format. Alltså skapa nya maskiner men använda dom gamla VHD filerna.
Nummer 3:
Lägg till servern i en eventuell domän INNAN du lägger till rollen Hyper-V, annars kommer certifikatet som används att vara felaktigt och du kan inte starta dina maskiner (BUG)
Nummer 4:
Som en del redan har märkt så kan man förståss INTE ha andra "locales" än US English när man installerar OS:et, det gäller INTE bara just när man jobbar med Hyper-V, Windows Server 2008. Det gäller i princip allt som inte heter RTM eller RC1/2, det är alltså inte förräns i RC fasen som Microsoft ens har ett team som jobbar med det. Installera OS:et på "finska", alltså next-next-finnish och efter att du har loggat in går det utmärkt att ändra tgn bord. Som den självgoda besserwisser jag är så råkar jag inte längre ut för detta då jag helt och hållet har slutat testa "localized stuff" innan RCx.
Nummer 5:
För att kunna köra Hyper-V måste du ha rätt CPU och det som gäller som krav är att det är en x64 med DEP stöd och Hårdvaruvirtualiseringsstöd. Både Intel och AMD har det, men inte alla deras system dock. Intel har dock på sin website en tabel http://processorfinder.intel.com/List.aspx?ProcFam=2558&sSpec=&OrdCode= där man kan se vilka CPU:er som stöder IntelVT och AMD har en site här http://www.amd.com/us-en/Processors/ProductInformation/0,,30_118_8826_14287,00.html , deras teknik kallas AMD-V
Ett verktyg man kan använda för att se om CPU:n har grundförutsättningar för att klara virtualisering på en 64bits CPU är att använda ett verktyg från VMware faktiskt http://download3.vmware.com/software/wkst/VMware-guest64check-6.0.0-45731.exe. Det garanterar inte att Hyper-V fungerar, men det ger ändå en "hint"
Nummer 6:
Som min vän Johan Tollstorp redan har märkt så måste man avinstallera sina gamla VM additions innan man kan installera dom nya syntetiska drivrutinerna som kallas för "Integrated Components". Om man har en tidigare versiona av VMadditions än 13.813 måste man avinstallera dessa INNAN man startar upp dom i sin Hyper-V server, dom gamla går nämligen bara att avinstallera när dom körs i en VirtualPC eller Virtual Server. Har man 13.813 eller senare så kan dock dessa avinstalleras i Hyper-V. Detta är en sak som antigen inte är klart eller så är det en BUG, det ska nämligen gå att uppgradera sina VMadditions 13.813 och senare direkt ill Integrated Components, har inte fått svar ännu...
Nummer 7:
Om du importerar en maskin som tidigare har körts under VirtualPC/Virtual Server så kommer dom virtuella datorerna bli redigt förbannade varje gång du startar upp dom, det är nu mämligen så att vi dessvärre saknar en virtuell paralell port i Hyper-V, sådelse kommer du varje gång att få "At least one service..." vid varje omstart. Lösningen är dock enkel: Logga in i den virtuella datorn, ut i CMD och skriv "SC config parport start= disabled" och ja, det ska vara ett mellanslag efter start=
Hur stabil den är vet jag inte, men jag kan säga så här att dom som är med i TAP har nu fått klartecken till att börja köra system som används i produktion, vilket inte betyder att allt är "hurra", men det är ett steg på vägen.
Nyfiken på features?
-
Quick Migration under failover fluster är nu supporterat, (Windows Server 2008 stöder nu upp till 16 noder, ifall man vill flytta runt en virtuell maskin bara för att de tär skoj.
-
Hyper-V kan nu köras på core server (yeeees)
-
Man kan nu importera och exortera maskiner (vilket man alltså inte kunde göra i förra versionen, helt horribelt)
-
Hyper-V integrerar bättre med Windows Server Manager
-
Integration Components ligger redan I Windows Server 2008, så dom är alltså redan installerade från början, vilket löser VMadditions problemen man hade tidigare. Alltså är det viktigt att du använder rätt RC1:a för att slippa behöva installera IC.
-
Verktyg för VHD ingår, alltså compact, expand, inspect
-
Grafikkortet är inte längre ett S3, det är ett standard VESA kompatibelt kort
-
Fyra SCSI conrollers per VM
-
Massor med fixar för prestanda och annat
-
Beta komponetera för Linux finns nu, men dom finns bara på connect, den version man verkar snöa in på just nu är SUSE Linux Enterprise Server 10
Ladda hem?
Filmer finns det också, har dock inte kollat dom ännu
http://video.msn.com/video.aspx?vid=26086837-dd73-444b-9466-65a1ed759544
Hyper-V Networking:http://video.msn.com/video.aspx?vid=5f2b04d7-c501-4c28-8046-dece495cb5c9
Hyper-V Storage:http://video.msn.com/video.aspx?vid=e1eb9aeb-9cb4-413e-982f-283667232590
En och annan länk har det dykt upp kring Hyper-V beta:n också
Microsoft Virtualization Home:http://www.microsoft.com/virtualization/default.mspx News Links:http://www.microsoft-watch.com/content/server/microsoft_gets_hyper_about_virtualization.htmlhttp://www.news.com/8301-13860_3-9833445-56.html?tag=blog.1http://www.eweek.com/article2/0,1895,2233957,00.asphttp://money.cnn.com/news/newsfeeds/articles/prnewswire/AQTH03913122007-1.htmhttp://servervirtualization.blogs.techtarget.com/2007/12/13/vmware-competition-nears-microsoft-ships-hyper-v-beta/http://www.infoworld.com/article/07/12/13/Microsoft-releases-beta-of-Hyper-V-virtualization-technology_1.htmlhttp://www.informationweek.com/news/showArticle.jhtml?articleID=204803022http://blogs.zdnet.com/microsoft/?p=1043http://www.virtualization.info/2007/12/microsoft-launches-hyper-v-beta-1.htmlhttp://www.windowsitpro.com/Articles/ArticleID/97822/97822.html?Ad=1 Mike Neil, Virtualization GM Bloghttp://blogs.technet.com/windowsserver/default.aspx Jeff Woolsey, Windows Server Virtualization Blog (with Hyper-V videos I might add…)http://blogs.technet.com/virtualization/
Mikael Nyström
MCP, MCDST, MCT, MVP Windows Server - Setup/Deployment
![]()
Är nu nere där jag ska jobba under veckan "Ask The Experts", Essentials Business Server teamet är här och håller på att installera "vår" demo miljö, lagom i tid innan alla kommer innanför dörrarna, klockan är nu 17:22 och dörrarna öppnas klockan 19:00. Installationen är förnärvarande INTE klar, jag känner på något sett igen mej :-) Jag tog i vilket fall som helst en bild på BETA 2 (som inte finns ännu)
http://itbloggen.se/cs/photos/screenshots/picture857.aspx
Microsoft har nu bestämt sig för vad deras virtualserings plattform ska heta, för en del av oss har etta varit känt sedan ett tag tillbaka, men nu får vi äntligen berätta detta för alla andra. WSv blir alltså "Hyper-V". Senare under dagen kommer det att dyka upp en press-release kring det hela, men jag var före :-) Det kanske inte är så konstigt, jag sitter i audutorium i Barcelona och lyssnar på keynote.
Mikael Nyström
MCP, MCDST, MCT, MVP Windows Server - Setup/Deployment
Äntligen börjar Microsoft lyfta på locket kring Windows®Essential Business Server som den nu kommer att heta och det är lagom till ITForum 2007. EBS (som förkortningen bara måste bli) består av tre komponenter:
-
Windows®Essential Business Server Management Server – Centralizes management of your Windows Server "Centro" network. Enables and manages worker collaboration and network services.
-
Windows®Essential Business Server Security Server – Manages security, Internet access, and remote-worker connectivity.
-
Windows®Essential Business Server Messaging Server – Provides messaging capabilities and manages network services.
Det är alltså tre st 64bits servrar man kör på tillsammans, man kan självklart ha andra servrar i miljön för olika ändamål om man vill, men man kan inte ha färre. EBS stöder inte för närvarande att köras virtuellt, men det finns ideer kring det, bland annat har jag kontakt med några i teamet som själva kör virtuellt, vilket jag också gör och vi bollar med varandra. Det finns flera skäl till att att köra en Centro lösning, troligtvis kommer kostnaden att vara mycket låg, helhetsintrycket är riktigt bra och installations tiden är i förhållande till en motsvarande miljö 1 dag istället för 4 (man har gått från 140 dialog rutor till 28 för att bygga hela lösningen)
Det finns mycket mer att berätta men tyvärr så är inte hela locket borta ännu, på IT forum nästa vecka kommer jag att jobba i "Ask The Experts" för Centro/Cougar och jag kommer att träffa folket där nere, troligen kommer det att släppas på mycket där nere. Så om du ska dit så syns vi där :-)
Mikael Nyström
MCP, MCDST, MCT, MVP Windows Server - Setup/Deployment
Som jag skrev i förra bloggen så "är" den på väg, men nu har den alltså blivit släppt. Du kan ladda hem den från MS
http://www.microsoft.com/downloads/details.aspx?FamilyId=3874527A-DE19-49BB-800F-352F3B6F2922&displaylang=en och på SBS Teamets hemsida http://blogs.technet.com/sbs/archive/2007/10/16/sbs-now-has-a-best-practices-analyzer.aspx
Mikael Nyström
MCP, MCDST, MCT, MVP Windows Server - Setup/Deployment
Att kunna analysera att miljön fungerar som den ska är ett grundkrav för alla som underhåller IT system, problemet är bara att i Small Business Server finns många komponenter, en del är lite annorlunda konfigurerade för att kunna fungera tillsammans, samtidigt som många SBS tekniker inte kan vara experter på samtliga delar av en SBS. Av bland annat den anledningen är det så ballt när Microsoft faktiskt släpper en SBS BPA, den har funnits på Connect sedan i sommras för alla som är en del av "SBS Family", alltså MS folk och MVP:er som har ett intresse kring SBS. Dessvärre finns den inte att ladda hem "ännu", men den lär dyka upp när som helst. Under tiden får du hålla tillgodo med ett "screen-shot"
Du kan läsa lite vad andra MVP:er har skrivit här:
http://msmvps.com/blogs/thenakedmvp/archive/2007/09/29/small-business-server-best-practices-analyzer.aspx
http://jasonmiller.ca/archive/2007/09/28/sbs-bpa-best-practices-analyzer-is-coming.aspx
Mikael Nyström
MCP, MCDST, MCT, MVP Windows Server - Setup/Deployment
För er som känner mej seda tidigare och vi som träffas lite då och då brukar jag ibland säga -Jag ger mej f-n på att Microsoft kommer att göra si eller så. Nu har det förståss hänt och jag log så det såg löjligt ut. Jag har nämligen sagt att om Microsoft vill få några fjädrar i hatten med sin virtualiserings satsning så måste dom vara anpassningsbara, allts deras managment lösning måste fungera ihop med VMware.
Och kan ni tänka er, precis så blev det. Man kan alltså managera VMware datorer i SCVMM, förvisso måste det självklart finnas ett Virtual Center installerat, men ändå.
Men det räcker inte, det kommer mer. Från början och fram tills för inte så länge sedan så var planen att SCVMM endast skulle finnas som en del i ett SA avtal för servrar, alltså var det inte intressant för mindre kunder, men det har man ändrat på. Det kommer i januari en Workgroup version som kan hantera upp till 5 host maskiner och oändligt antal virtuella gäster som köras ovanpå detta, prislappen är också satt, 499$ vilket är helt ok för dom funktioner man får då. Jo, just det produkten är ju släppt också, det kanske jag glömde att säga. http://www.microsoft.com/systemcenter/scvmm/default.mspx
En annan sak som hände för inte så länge sedan är att samarbetet mellan Citrix och Microsoft snäpper upp sig lite till, man kommer nämligen att tillsammans bygga lösningar som använder VHD formatet, vilket då gör att den standarden växer ytterligare. Det här gäller bland annat Softgrid lösningar och Citrix's Desktop Server lösning. Du kan läsa mer om det här http://www.microsoft.com/presspass/press/2007/sep07/09-11VirtualizedDesktopPR.mspx
Mikael Nyström
MCP, MCDST, MCT, MVP Windows Server - Setup/Deployment
Laddar just nu hem den senaste versionen av codename "Cougar", Cougar är alltså namnet på efterföljaren och det som kommer att ersätta Small Business Server 2003 R2 när tiden är inne. Versionen som är ute på connect är en så kallad IDS, vilket i princip betyder:
"Ja, vi vet att det är massar med fel i den, men vi har ändrat på allt som ni har begärt, kolla om det är som ni ville ha det och återkom"
Nu tar det ju en liten stund att ladda hem .iso filen, den är ju ca 4gb. Man kan vänta på att dom skickar ut DVD skivor, men så länge kan jag absolut inte vänta, jag menar, som data-nörd så lastar man ju hellre ner familjens bredband ett par timmar och skyller på allt möjligt än väntar på en brevbärare med en DVD skiva. Eller hur? Min förhoppning är att dom har jobbat hårt med att förändra dom delarna som jag inte tyckte var helt genomtänkta. Dom har även ändrat andra saker, men det visar sig är den väl är installerad...
Mikael Nyström
MCP, MCDST, MCT, MVP Windows Server - Setup/Deployment
Jag undrar faktiskt bara en enda sak, jag har nu skrivat "blog" i cirka ett halvår och under den tiden har jag haft sisådär 10.000 träffar, men helt ärligt. Är det verkligen någon som läser det jag skriver? Varför jag undrar?, jo, man skulle ju kunna tro att man fick någon kommentar eller kanske något mail någon gång, eller är vi så förbaskat svenska att vi inte håller på med sånt.
Jag vill inte ha en monolog, jag vill ha en dialog, men här i Svergie tycks det vara kört, eller?
/m
UPDATE! 2007-07-16
Det finns nu en Hotfix för att stänga av RSS hanteringen ifall man har problem med SP2 på en SBS och en detaljerad beskrivning kring det hela samt några alternative workarounds.
"You may experience network-related problems after you install Windows Server 2003 SP2 or the Scalable Networking Pack on a Windows Small Business Server 2003-based computer that has an advanced network adapter"
http://support.microsoft.com/kb/936594
Det finns många saker kring SP2, eller effekter av SP2 på en SBS. Jag tror jag har tagit upp allt som finns, men jag har säkert missat något. Är det något du vet, hör av dej.
Har du SBS2003 och vill lägga på Windows Server 2003 SP2 bör du undvika det i vissa fall, Du kan bli tvungen att avinstallera SP2.
- Om du kör en trial och vill uppgradera till en full version så får inte SP2 vara installerad
- Om du kör Windows Server 2003 och vill uppgradera till Small Business Server 2003 (R1/R2), får inte SP2 vara installerad
- Vill du kunna köra "Transition Pack" för att kunna gå ur SBS in i Enterprise så får inte SP2 vara installerad
Även om det är möjligt att avinstallera, uppgradera, ominstallera så tar det tid, hemskt lång tid.
http://support.microsoft.com/kb/932600
Exchange System Manager tillsammans med IE7 gör att man inte kan öppna hjälpfilerna
Lösningen:
Stoppa all IIS och Exchange tjänster och ändra namn på PSAPI.DLL som ligger i Exchange\bin mappen till PSAPI.DLL.OLD
http://blogs.technet.com/sbs/archive/2007/02/02/esm-with-ie7-unable-to-open-the-help-file.aspx
SBS2003 R2 får ett fel när man försöker godkänna SP2 för utrullning.
Lösningen: Tryck på continue, det kommer att funka
http://blogs.technet.com/sbs/archive/2007/03/19/error-when-trying-to-approve-windows-2003-sp2-within-update-services.aspx
Nätverksproblem i Outlook, routing och annat. Problem med vissa NIC drivers i kombination med TCP Offloading, SecureNAT och/eller ISA2004.
Lösningen: Uppdatera Nic Drivers, Stäng av TCP Offloading, Stäng av RSS.
http://itbloggen.se/cs/blogs/micke/archive/2007/03/20/Windows_Server_2003_SP2_Problem_med_Receive_Side_Scaling.aspx
http://blogs.technet.com/sbs/archive/2007/03/19/vpn-securenat-nat-and-outlook-clients-not-working-after-installing-windows-service-pack-2-in-sbs-2003-premium.aspx
Help and Support Center slutar att fungera på grund av att den blir avregistrerad som tjänst.
Lösningen: Registrera om komponenten genom att starta CMD, ställ dej i mappen "%windir%\PCHealth\HelpCtr\Binaries" och kör "start /w helpsvc /svchost netsvcs /regserver /install", starta tjänsten.
http://blogs.technet.com/sbs/archive/2007/03/20/help-and-support-service-missing-after-installing-windows-2003-service-pack-2.aspx
Sega Windows Vista Datorer.
Lösningen: Stänga av "Recive Windows Auto-Tuning"
http://support.microsoft.com/?kbid=934430
http://groups.google.com/group/microsoft.public.windows.server.sbs/browse_thread/thread/2b524ff9b4fcfcac/df47b19530cb6819?lnk=st&q=&rnum=1#df47b19530cb6819
OBS: Windows Vista datorer kräver en uppgradering/uppdatering lokalt och på servern för att fungera korrekt:
http://itbloggen.se/cs/blogs/micke/archive/2007/02/11/sbs2003_windows_vista_office_2007.aspx
Avinstallation av SP2 och MMC 3.0 gör att gamla MMC filer inte kan öppnas.
Lösningen: Ta bort alla filer I mappen "%APPDATA%\Microsoft\MMC"
http://msmvps.com/blogs/bradley/archive/2007/03/29/removing-sp2.aspx
MMC Snap-In fel I olika App:ar, vilket beror på att MMC 3.0 körs istället för 2.0
-
Health Monitor MMC
- Lösning : Kör, det funkar ändå.
-
ISA 2004
- Lösning: Installera ISA 2004 SP2 and KB930414
- POP3 Connector
- Lösning: Install KB921096
- Group Policy Editorn
- SQL Server 2000 Analysis Services
- Lösning: Kör, och läs KB915091
Windows Server gängets egna blog
http://blogs.technet.com/windowsserver/archive/2007/03/13/sp2-goes-live.aspx
Windows Server 2003 SP2 release notes
http://download.microsoft.com/download/8/0/9/80939c86-d75c-48a2-abc2-a1fe7e657171/relnotes.htm
Community KB
http://support.microsoft.com/kb/555912
SBS Teamets blog
http://blogs.technet.com/sbs/default.aspx
Mikael Nyström
MVP Windows Server - Setup/Deployment
Nu vet vi att Cougar inte kommer att ha stöd för mer än ett NIC, vilket gör att man inte kommer kunna använda Cougar som en front mot Internet, man måste ha en extern brandvägg helt enkelt. Det finns legala och tekniska skäl till att ISA servern inte kommer att kunna köras på Cougar, för min egen del är det tråkigt, jag gillar ISA servern skarpt. Man skulle ju då kunna tänka sig att ma kan köra med brandväggen i Windows Server 2008, men det går tydligen inte heller.
Kommer det att spela någon roll vilken brandvägg jag väljer? Bortsett från säkerhetsmässiga aspekter, jo. Det kommer förmodligen att finnas mer "SBS" vänliga, nu när MS och tillverkarna vet att det inte finns någon ISA med SBS boxen så kommer ju viljan att integrera den externa brandväggen med SBS:en att vara större, så det mest troliga är att i samband med att Cougar släpps så kommer det att finnas en eller flera brandväggar som "passar" ihop, dvs SBS kommer troligen kunna konfigurera firewallen direkt, precis som den gör med ISA:n
Det finns ju några saker som direkt slår mej, dels för alla glada konsulter. Ni måste ju hitta en brandvägg att trivas med och arbeta med och man kan ju faktiskt köra ISA som en separat server, det är inget problem. ISA servern finns ju också som "hårdvara" ifrån några leverantörer. En annan sak är ju att man i händelse av att kunden uppgraderar till ny hårdvara i samband med en installation av "Cougar". Man kan då ta den gamla SBS:en och använda den som en ISA server om man vill.
Kommer det att finnas en standard och premium version av SBS? Jag vet att det kommer att finnas minst två olika SKU:er (som det så vackert heter på Microsoftis:ka.), vilka SKU:er som kommer att finnas är långt ifrån klart, dom kan baseras på olika scenarion, olika storlekar på företag, typ av verksamhet eller något i den stilen.
Jo, just det. Vi har ju haft en begränsning på 4GB i RAM och två CPU:er, men nu byter man ju till x64 hårdvara och då är inte 4GB en naturlig begränsning, alltså kan man ha oändligt med minne? Nej, det kommer dock troligen att finnas en begränsning, men hur mycket RAM man kommer att kunna hantera är inte bestämt ännu, bara att det blir mer än 4GB
Mikael Nyström
MCP, MCDST, MCT, MVP Windows Server - Setup/Deployment
Visst e det fint med servicepackar, så mysigt att man ibland fullständigt ruttnar. Sitter med ett migreringsprojekt som använder VSMT som i sin tur bygger på ADS. Microsoft's senaste SP till Windows Server 2003 förstör dock ADS vilket märks genom att följande spännade dyker upp i loggen.
Event Type: Warning
Event Source: ADSBUILDER
Event Category: Builder
Event ID: 775
Date: 2007-04-19
Time: 20:17:24
User: N/A
Computer: VS
Description:
An error occurred during an attempt to access the following file: c:\windows\temp\adsbuild.tmp\{e597073d-bca9-4935-8257-25530a5677d0}\{57641743-8b7d-a469-b5c1-cf09c89bb857}.ramdisk
The ADS Builder service requires exclusive access to this file, and if any other service or application has open handles on this file, ADSBUILDER will fail.
Please ensure that no other service or application is currently accessing this file.
Error Code: 20
Event Type: Error
Event Source: ADSBUILDER
Event Category: Builder
Event ID: 774
Date: 2007-04-19
Time: 20:17:12
User: N/A
Computer: VS
Description:
An error occurred during the building of an image for the product {e597073d-bca9-4935-8257-25530a5677d0} and client hash {57641743-8b7d-a469-b5c1-cf09c89bb857}.
Error Code: 81070307
Enligt Microsoft så ska detta lösas, men det hjälper ju knappast mej eller kunden när vi sitter här och migrerar, förlåt "skulle" migrera... Tillfällig "workaround" är att avinstallera SP2 från ADS servern. Det funkar.
EDIT
Det finns nu Hotfixar som löser problemet:
To ensure the interoperability of ADS 1.1 application and Windows Server
2003 SP2, you would need to install the following updates:
1. Windows OS Hotfix KB937088
http://support.microsoft.com/kb/937088/en-us
2. ADS1.1 Hotfix KB939466
http://support.microsoft.com/kb/939466/en-us
Mikael Nyström
MVP Windows Server - Setup/Deployment
Som en del av er vet händer det ju att man upptäcker ett fel, jo, jag lovar ibland uppstår det problem. :-) Ok, så di letar, googlar, irptoffsar och till slut hittar du en KB artikel från Microsoft som klart och tydligt förklarar att det finns en fin fix som löser det hela, men för att få den måste man ringa till PSS och förklara det hela. Själv har jag inte haft något problem med detta, men det känns ibland lite onödigt, kunder/ms-partner jag träffar har ibland andra åsikter.
I vilket fall som helst så har nu Microsoft gjort ett web baserad formulär där man kan beställa sin hotfix online och alltså slipper man ringa, varför dom inte släpper alla patchar helt fritt är en anna sak.
Du beställer patchen från:
http://go.microsoft.com/?linkid=6294451 om du vill ha möjligheten att att välja annat produkt språk än Engelska (Nä, självklart finns inte Svenska)
Vill du beställa en patch för ett engelskt OS går du direkt till:
http://go.microsoft.com/?linkid=6516433
Tänk bara på att det fortfarande är en person som fixar till det i andra ändan, det enda du slipper är alltså att "ringa", att beställa en av dessa hotfixar på en Söndag morgon är fortfarande inte enkelt (snabbt)
Mikael Nyström
MCP, MCDST, MCT, MVP Windows Server - Setup/Deployment
Nu finns det en KB på ämnet (tack och lov), man kommer också att göra om release notes när man laddar hem SP2 för Windows så att man hänvisar till den informationen. Två saker är extra viktiga:
- Se till att din SBS2003 är SP1:ad och klar INNAN du lägger på SP2 för W2K3
- Du bör vara på plats vid servern, risken finns att du råkar ut för RSS felet och då tappar servern förmågan att prata TCP/IP, taskigt att sitta på distans då.
Microsoft Support:
http://support.microsoft.com/?kbid=939421
Mickes BLOG:
http://itbloggen.se/cs/blogs/micke/archive/2007/04/08/Windows_Server_2003_SP2_on_SBS2003_R1_R2.aspx
SBSBLOG:
http://blogs.technet.com/sbs/archive/2007/06/30/new-best-practices-for-sp2-kb.aspx
Mikael Nyström
MCP, MCDST, MCT, MVP Windows Server - Setup/Deployment
Som många vet så har Microsoft en "lifecycle" på alla sina produkter, vilket också innebär servicpackar och liknande. Detaljer om varje produkt står på deras web http://support.microsoft.com/gp/lifesupsps men jag skulle inte tro att alla går in där varje dag direkt. Det förändras också beoender på när varje SP kommer ut, i vilket fall som helst så har nu support från Microsoft kring Small Business Server 2003 SP0 (alltså RTM, eller den första versionen som kom ut) upphört, den gjorde det den 10/7.
Vad innebär det egentligen? Jo, om du ringer till PSS (deras support) och vill ha hjälp med en SBS2003 server så måste det vara SP1 eller en R2 server, utan SP1 installerat så får du ingen hjälp alls. För min egen del så är SP1 för SBS2003 en självklarhet, men uppenbarligen så har inte alla installerat det ännu och då kan man alltså inte längre få support.
Ett hett tips är alltså att se till att SBS SP1 är installerat på alla dina (dina kunders) SBS:er, eller så borde du åtminstone förklara för din chef (dina kunder) att du inte längre kan få hjälp från Microsoft ifall det skulle hända något och det är en dålig situation att sätta sig i tycker jag. SP1 finns att ladda hem/beställa härifrån:
http://www.microsoft.com/WindowsServer2003/sbs/downloads/sp1/default.mspx
Mikael Nyström
MCP, MCDST, MCT, MVP Windows Server - Setup/Deployment
Microsoft har släppt ett litet tufft "kit", ett kit för att rensa ut malware på små och medelstora företag (stora råkar ju aldrig ut för sånt) som är hur ballt som helst. Det består av av en lösning som bygger WinPE och ett antal fria antivirus defenitioner som man laddar hem, jag hörde att detta var på gång i våras, men som vanligt så var det "hemligt". Men nu är det alltså släppt så ladda hem dokumentet och skapa din skiva med WinPE så är du förberedd när det smäller. Förutom dokumentet i sig så får du också reda på hur man lägger upp en plan för incidenter och likanande, alltså LÄS!!!
How to Combat Malware Using Windows PE
The Malware Removal Starter Kit provides tested guidance to help IT Generalists combat malware attacks against small- and medium-sized organizations. Using the Windows Pre-installation Environment (Windows PE) in combination with free anti-malware scanning programs, the kit provides a low-cost, effective strategy that you can use to vanquish malware attacks.
http://www.microsoft.com/technet/security/guidance/disasterrecovery/default.mspx
http://www.microsoft.com/downloads/details.aspx?familyid=6cd853ce-f349-4a18-a14f-c99b64adfbea&displaylang=en&tm
Mikael Nyström
MCP, MCDST, MCT, MVP Windows Server - Setup/Deployment
Enligt Kevin Turner så är nu datum satt för RTM av Windows Server 2008, SQL 2008 och Visual Studio, enligt Kevin så kommer deom att finnas klara 2008-02-27. Om det är sant?, det lär ju visa sig, jag bruar inte ta det så allvarligt, jag väntar hellre några dagar om det minskar mängden problem...
http://sbsc.techcareteam.com/archives/8
Mikael Nyström
MCP, MCDST, MCT, MVP Windows Server - Setup/Deployment
Äntligen får jag skriva om, prata om och framförallt visa var du kan ladda hem det bästa MS har gjort till Virtual Server 2005 R2 SP1 på länge, nämligen VMRCplus.
VMRCplus är inte helt ny, den har funnits internt hos Microsoft och varit en leksak dom har haft för sig själva, men efter mycket gråt och tandagnissel har dom äntligen lyckets bli övertalade om att det är en , riktigt förbannat bra till och med. Men VMPRCplus behövs ingen WEB alls faktiskt, man kan göra allt från en som samma 32bit (finns som 64bit också) app. Jag hinner inte räkna upp allt men jag kan ju "låna "information från hjälpen:
Det finns ingen support på produkten och den kommer att finnas med i Virtual Server 2005 Rescource Kit som komer senare under hösten. För er som är med i TAP:en till VMM och just nu bara amvänder VMM för "att se allt" kommer att märka att VMRCPlus kommer att räcka rätt långt för den typen av uppdrag. Så var laddar man hem det, njae det var ju det som var problemet. Den finns inte på MS websida ännu, men "någon" har lägt upp dom på en annan site. Jag har några snapshots (nope, inte jag som har tagit) som du kan kolla på ifall du av nån anledning skulle vara tveksam.
Programmet som det ser ut när man startar och ansluter
Skapa ny maskin
Översikt över alla maskiner
Skapa Snapshots
[Uppdaterat]
Filerna finns nu direkt hos Microsoft på http://www.microsoft.com/downloads/details.aspx?FamilyID=80adc08c-bfc6-4c3a-b4f1-772f550ae791&DisplayLang=en
[Slut]
Nedan har jag "lånat" text från hjälpen...
-------------------------------------------------------------
VMRCplus provides an alternative management interface to that of Microsoft Virtual Server 2005. It covers 98% of the functionality and offers an easier to use User Interface to administer and configure virtual machines over many remote Virtual Servers.
With VMRCplus you can manage multiple Virtual Server hosts from within the same interface. You can switch between Virtual Server hosts using tab pages. Each tab page lists all registered Virtual Machines on that specific host.
You can manage each guest by opening its console. You can manage multiple guests and switch between them using tab pages in the Console Manager. VMRCplus enables both configuration management of Virtual Server and management of each guest within the same application.
Key features
· Direct control of local or remote instances of the Virtual Server service. IIS and IE browser are no longer required!
· Tabbed interface to quickly jump between Virtual Server hosts and guest VMRC sessions.
· Reusable saved states: this feature allows users to preserve a particular saved state and return to that state at any time.
· Multiple guest selection supported for startup/shutdown/save/display.
· Browse button navigation for media, hard disk images, ISO images, .VMC files, etc.
· Drag and Drop support for .VMC files, ISOs images, VHD and VFD files.
· Resizable desktop support for guests running Virtual Machine Additions (maximize VMRC window supported).
· Limited cut and paste of text from host to guest (only).
· A built-in utility to take JPG screenshots of running guests. Useful when filing bugs.
· Built-in error notification with Virtual Server eventlog viewer.
· Virtual Networks Manager and Virtual Disks Manager that cover all features.
· Keyboard shortcuts (e.g. Ctrl-S to save state a guest).
· Create multiple guests at once.
· Create guest from parent (or multiple guests)!
· Automatic reconnect to a designated Virtual Server host.
· Toolbars in both Guest and Console Manager for quick access.
· Unlimited number of guests.
· Maximum of 32 Virtual Server hosts.
· Reorder (sort) of the guest list in the Guest Manager.
· Automatic detection of Virtual Machine Additions and notification.
· Detection of Virtual Server 2005 R2 SP1.
Skulle du vilja se allt om Microsofts virtualiserings tekniker så kan du komma till Microsoft i Kista den 5/7 för då kör jag en heldag med det, det är en del av Sommarkollo. Anmälan gör du här http://www.microsoft.com/sverige/events/sommarkollo2007/default.aspx#tors0705
Du kan läsa från orginalposten som jag såg hos Keith här:
http://blogs.technet.com/keithcombs/archive/2007/06/27/vmrcplus-goes-public-download-now.aspx
Mikael Nyström
MCP, MCDST, MCT, MVP Windows Server - Setup/Deployment
The Microsoft Enterprise Engineering Center, eller EEC som det heter är ett lab där man kan testköra olika scenarion, man beställer helt enkelt dom servrar man vill testa, nätkonfiguration, Internetförbindelser, WAN länkar, SAN, märke, model. Men även en viss konfiguration, simulerade VPN kopplingar, eller en AS/400 med ett visst prgram. Anläggningen är värt lite styvt $40 million i hårdvara och nätverksprylar. http://www.microsoft.com/windowsserver/evaluation/eec/default.mspx
Jag är ju med i TAP:en kring Centro och i förra veckan fick jag via Microsoft Connect en liten notis om att Centro teamet har fått "låna" 8 veckor i EEC Lab:et, vilket gör att dom bjuder in deltagare i TAP:en att få använda hela deras EEC lab, inklusive personal, tekniker, utvecklare under en hel vecka. Problemet var bara just det antalet, åtta stycken, inte åtta stycken tekniker varje vecka, varje dag eller så, nä. Det är åtta stycken ifrån den här planeten, som får chansen att låna hela deras EEC Lab, för att ensam med allt stöd från Microsoft bygga sin egen Centro lösning med 3 server, 250 klientdatorer, fördelat på 4 olika "orter" med VPN och hela kalaset och under tiden som man sitter där och leker har man hela tiden tillgång till hela Centro Teamet. Jag var ju bara tvungen att anmäla mitt intresse, men jag räknade inte riktigt med att komma med, sannolikheten att vara 1 på 8 av alla Centro nyfikna tekniker är INTE stor.
Men undrens tid är här för den 20-24 augusti åker jag, jag fick en "slot" tid, helt otroligt. Så den 9 juli ska jag ha skickat min "kravspec" på hur min miljö som jag vill testa ser ut och så fort den är inskickad så börjar Microsoft att bygga mitt LAB. Helt ärligt, det blir inte mycket ballare än så här(tror jag). Det jag går och funderar på just nu är om jag ska "ha" en Amiga eller en AS/400 med i min "miljö" och jag ska bygga miljön på HP, IBM eller något annat... En sak är säker, jag lär återkomma med en rapport... För att inte ha så förbaskat tråkigt så frågade jag Michael Anderberg om han vill följa med och han sa inte nej :-)
Undrar du vad "Codename Centro" är så står det lite om det här
Mikael Nyström
MCP, MCDST, MCT, MVP Windows Server - Setup/Deployment
Det händer ju då och då att man skulle vilja läsa lite om funktioner i Small Business Server, eller kanske leta efter en "how-to" eller "Best Practices". Microsoft har haft dokument liggandes på flera olika ställen, men nu försöker man samla ihop allting på ett enda ställe, framför allt blir det ju lite lättare att söka på saker, typ :-)
Introducing the Windows SBS 2003 Technical Library!
The Windows SBS User Assistance team is pleased to announce the launch and availability of the Windows SBS 2003 Technical Library at http://technet2.microsoft.com/WindowsServerSolutions/SBS/en/library. The WSBS Technical Library centralizes all of the core product documentation for WSBS
2003 and WSBS 2003 R2. In doing so, it significantly improves your ability to search for and discover topics of interest. By centralizing this documentation within a common interface, you are assured of getting quick access to the latest information. There is also far less chance of being confused or annoyed by running into multiple and conflicting versions of the same document.
An added bonus of this release is that it also enables you to take advantage of the built in feedback system. The feedback system makes it possible for you to let us know if you find the documentation helpful or to share your thoughts on how we can correct or improve it.
On the back end, it is much easier for us to collect and evaluate your feedback. Updates to documentation are handled more efficiently and the library is refreshed on a weekly basis.
You can access the library by clicking on any document link on the SBS Product Documentation Web pages
(http://www.microsoft.com/windowsserver2003/sbs/techinfo/productdoc/default.mspx)
or from the SBS TechNet site
(http://www.microsoft.com/technet/prodtechnol/sbs/2003/default.mspx).
In the coming months, we will introduce more features that enhance your experience with our product documentation on the Web. Stay tuned!
Mikael Nyström
MCP, MCDST, MCT, MVP Windows Server - Setup/Deployment
Microsoft ligger inte på lat sidan och nu är det telefon system dom är inne på. Produkten/Tekniken heter "Microsoft Reponse Point" och dom har redan börjat krydda marknaden med info omkring det hela, om jag inte är helt felinformerad så kommer prylarna under hösten, vet dock inte om det kommer finnas på den svenska marknanden. Det som är lite annorlunda är att detta är direkt riktiat mot små företag och det förväntas att det kan köras på en Small Business Server 2003, å det är ju rätt tufft...
Teamets BLOG: http://blogs.technet.com/rp/archive/2007/06/21/response-point.aspx
Produktens hemsida: http://www.microsoft.com/responsepoint/default.mspx
Mikael Nyström
MCP, MCDST, MCT, MVP Windows Server - Setup/Deployment
"The Windows Small Business Server Product Team would like to hear from the Windows SBS Community. This anonymous survey of the Windows SBS Community is brought to you by the Windows SBS Product Team.
We want to know how valuable your experience is with the community resources and information that is available to you today as a member of the Windows SBS Community. We also want to know what you think could be done to improve your Windows SBS Community Experience. Please take a couple of minutes to provide us your candid feedback via this survey and let us know what you think."
SBS WW Community Survey 2007
Så gör Kevin glad, fyll i blanketten så har han nått att göra i midsommar :-)
Mikael Nyström
MCP, MCDST, MCT, MVP Windows Server - Setup/Deployment
Microsoft jobbar just nu rätt hårt med info kring virtualisering. Två saker har dykt upp nu.
En uppdaterad version av "Windows Server Virtualization licensing calculator", en liten app som hjälper till att räkna ut vad hela kalaset kostar om man gör si eller så. Det roliga och nya att den nu är "två", alltså den gamla calculatorn finns kvar men det finns en ny som kan beräkna kostnader för innehållet i dom virtuella systemen beroende på vilka olika virtualiseringstekniker du använder, alltså "3:e part" Kolla in den nya och gamla här: http://www.microsoft.com/windowsserver2003/howtobuy/licensing/calculator.mspx
Det andra som har kommit fram ur någon liten hemilg byrålåda är ett licensdokument som beskriver alla detaljer kring licensiering och virtuelisering beroende på vilken virtualiseringsteknik du kör, faktiskt riktigt enkel att förstå. Om du kör Windows som guest OS och du kör dom virtualiserat (oavsett vilken teknik) ska du absolut läsa dett, med lite tur kan du sänka licenskostnaderna genom att göra lite annorlunda.
http://download.microsoft.com/download/7/a/a/7aa89a8b-bf4d-446b-a50c-c9b00024df33/Windows_Server_2003_R2.docx
Det har varit "lätt" invecklat med licensiering i kombination med virtualisering, men nu kändes det lite enklare att förstå faktiskt.
Mikael Nyström
MCP, MCDST, MCT, MVP Windows Server - Setup/Deployment
Så nu har den äntligen gått och blivit "RTM", virtual server 2005 SP1. Finns för nedladdning och mer info på http://www.microsoft.com/windowsserversystem/virtualserver/
Stulet direkt från webben kan man läsa:
|
|
Change |
Description |
|
Hardware-assisted virtualization |
Supports both Intel Virtualization Technology (Intel VT) and AMD Virtualization (AMD-V) hardware-assisted virtualization. |
|
VHD Mount Command-line Tool and APIs |
Provides the ability to mount a virtual hard disk file (.vhd file) as a virtual disk device on another operating system. |
|
Support for Volume Shadow Copy Service |
Allows back-up of Virtual Server and its running virtual machines without needing to install backup agents inside the guest operating system of the virtual machines. |
|
Larger default size for dynamically expanding virtual hard disks |
The default size for dynamically expanding virtual hard disks has been changed from 16 GB to 127 GB, making the VHD file format even more useful for enterprise production, test, and disaster-recovery workloads. |
|
Support for greater than 64 virtual machines on x64-based hosts |
Virtual Server can run more than 64 virtual machines on x64-based hosts. The 64 virtual machine limit remains when running on 32-bit hosts. |
|
Host clustering step-by-step guide |
Host clustering allows you to extend the high-availability benefits of clustering to non-cluster-aware applications and workloads. |
|
Virtual SCSI fix for Linux guests |
This fix resolves an issue some customers encountered when trying to install certain Linux distributions inside a virtual machine on the emulated SCSI bus. |
|
VMRC ActiveX control and Internet Explorer Security Zones |
The Virtual Machine Remote Control (VMRC) ActiveX control now uses the security zone information in Internet Explorer to determine whether to prompt you for your credentials when you load the control. |
|
Service Publication using Active Directory Service Connection Points |
Virtual Server service now publishes its binding information in Active Directory as a Service Connection Point (SCP) object. |
en sak som dom faktiskt INTE nämner men som är nytt är att man kan hantera multipla anslutningar till en virtuel dator när man använder VMRC, låt mej förklara lite bättre. I tidigare versioner kan man alltid ha multipla anslutningar men det finns då förståss en säkerhets risk när flera administratörer kan "se" vad du sitter och gör i en virtuell dator utan att du själv vet att dom tittar, det kan ju vara så att dom inte har behörighet att använda den virtuella datorn och då alltså "tittar" över axeln
Det står också att den kan "run more than 64 machines", vilket stämmer, närmare bestämt 512 maskiner kan köras, det är dock en teoretisk gräns då Microsoft bara har testkört upp till 508 st, det fans inte någon större maskin från Unisys som kunde få in dom sista också. Vi kommer säkert att tycka att den begränsningen på 512 virtuella datorer är löjlig, men det dröjer nog....
|
Mikael Nyström
MCP, MCDST, MCT, MVP Windows Server - Setup/Deployment
Nu har vi spelat in avsnitt nummer 8 av "The Nerd Herd", Podcast:en där Micke & Micke (Nyström och Anderberg) sitter och snackar skit om både det ena och det andra. Den här gången har vi med oss Jocke från Qbranch. Han var för övrigt med på Microsoft Live. Avsnitt 8 handlar om virtualisering och jag är inte helt säker på om vi reder ut begreppen eller om vi lyckas röra till det ännu mer, en sak är säker, kul hade vi iallfall, det hoppas jag du får också...
The Nerd Herd - Avsnitt #8 - Virtualisering
Vi har dessutom upptäckt att vi är med i någon sorts tävling, ingen aning om hur men vi är nominerade i olika klasser iallfall. Om du vill och tycker om oss så kan du gå in och rösta här: http://podradio.nu/awards/
Mikael Nyström
MCP, MCDST, MCT, MVP Windows Server - Setup/Deployment
Nu har vi spelat in avsnitt nummer 7 av "The Nerd Herd", Podcast:en där Micke & Micke (Nyström och Anderberg) sitter och snackar skit om både det ena och det andra, just avsnitt sju är är lite speciellt, dels för att vi har med en kille som kommer från USA och arbetar med IIS7, dels för att ni kan få den stora äran att höra mej försöka prata engelska, undrar om han egentligen fattade vad jag sa :-)
The Nerd Herd - Avsnitt #7 - Internet Information Server 7
Vi har dessutom upptäckt att vi är med i någon sorts tävling, ingen aning om hur men vi är nominerade i olika klasser iallfall. Om du vill och tycker om oss så kan du gå in och rösta här: http://podradio.nu/awards/
Mikael Nyström
MCP, MCDST, MCT, MVP Windows Server - Setup/Deployment
Microsoft släppte nyligen en ny firewall klient till ISA 2006 som också fungerar med ISA2000/2004 och den fungerar dessutom på Windows Vista, superbra. Så glad ihågen testar man naturligtvis och det funkar kalas. Men test är en sak och en produktionsmiljö är en annan sak. En av dom första sakerna jag bestämde mej för var så klart att "självklart" ska den rullas ut enligt samma inställningar som den tidigare klienten gjorde, vilket också är korrekt. Tricket är bara att den är ju ny, alltså helt ny. Dessvärre så har också alla commandline växlar bytts ut, morrrr...
Efter lite test och lek så har jag kommit fram till att den korrekta raden ska se ut så här:
setup.exe /Q /P "SERVER_NAME_OR_IP=SERVERNAME ENABLE_AUTO_DETECT=0 REFRESH_WEB_PROXY=1"
Så först laddar du hem den ifrån Microsoft Download och packa upp den genom att köra den med växeln /C
Om du nu har en SBS2003 så kan du rulla ut firewall klienten med verktyg som finns i SBS. Lägg den i ClientApps katalogen på din SBS och skapa en nya app med den sökvägen, använda kommandorade ovan och "vips" så är det utrullat. OBS om klienten behöver starta om så gör den, typ på en gång...
Jo, just det, det finns ju massa andra saker du ska tänka på när det gäller vista/office i en SBS miljö, kolla in den här KB:en
Mikael Nyström
MCP, MCDST, MCT, MVP Windows Server - Setup/Deployment
Här kommer det som några förmodligen har väntat på ett tag, något om Codename "Cougar". Cogar är namnet på nästa generation Small Business Server och innehåller förståss massa nytt smaskigt, det kommer säkert att ta tre år innan jag kommer på hur alla saker hänger ihop. Men skit i det, det här är vad jag kan berätta just nu iallfall:
- Cougar kommer endast att kunna köras på x64 hårdvara, det beror på att Exchange 2007 som följer med bara finns i den formen.
- Den körs förståss på Windows Server 2008 Standard X64 versionen och har allt det godiset i sig. Bland annat NetworkAccessProtection och liknande.
- Bland annat är backupen förändrad, glöm allt vad band heter, nu kommer det bara att bli disk backup och snapshots. Inte till samma disk utan till en ytterligare disk föståss
- En av dom största nyhetera är "Single NIC Only", alltså man måste ha en firewall framför helt enkelt, nu kan detta iofs komma att ändra sig men i dagsläget är det inte troligt. Alltså undrar ni förståss vad som händer med premium versionen, eller om man kommer att kunna få en ISA att köra framför och lite sånt. Enda svar jag har idag är, "det visar sig" :-)
- Uppgradering så kallad "In-Place" kommer inte att vara möjlig, fullt begripligt då x86 och x64 inte är rikigt samma sak. Det kommer att bli en migrering till annan dator som gäller. (jag har redan nu testat hur man kan göra det på samma dator med hjälp av virtulisering och det fungerar)
- 75 user gränsen kommer troligen att vara kvar och fortfarande gäller 5-50 men upp till 75 användare. Licenshanteringn för användare är ocks helt annorlunda.
Mer än så kan jag inte säga just nu vilket beror på att jag är med i beta programmet och har skrivet på ett NDA
SeanDaniel har skrivet ungefär samma som jag och det har även Larry & Sysguy
Mikael Nyström
MCT, MVP Windows Server - Setup/Deployment
(Jag vet, den är inte klar ännu, jag kommer att uppdatera den imorgon med mer detaljer)
Jag fick dock två kommentarer och den ena rör det faktum att "Det nya coola" är ju Microsoft virtualisering och det är helt riktigt, med "Viridian" som MS Hypervisor kallas just nu kommer vi att kunna virtualisera Windows Server 2008 helt annorlunda, i princip emelerar man inte någonting längre, istället "ärver" man enheter och drivrutiner från "ParentPartition", men det fungerar dock bara ihop med Windows Server 2008 (teoretiskt borde det också fungera med Windows Vista, men det har jag inte provat). Nu finns det ju ingen beta utanför MS dörrar av viridian ännu, men TAP programmet startar snart för vissa utvalda företag så vi lär nog höra hur det går under sommaren och därefter, den publika betan kommer senare. Det tråkiga är att Microsoft har belustat plocka bort funktioner som var bra i den första versionen, jag gissar att det beror på att dom vill släppa en version så snrt som möjligt och dom hellre offrar funktioner istället för att för släppa en instabil versionen eller bli försenade. För mej känns det råkigt men ganska logiskt, jag hade nog gjort på liknande sätt.
Den andra frågan jag fick var "Finns det några siffror på hur mycket bättre Windows Server 2008 är på att köra Virtual Server" och nej det gör det inte ännu, det känns som jag var bland dom första att överhuvudtaget prova och se om det går, jag håller på som bäst att utvärdera det hela. Men utan att veta så borde det bli en förbättring på ca 10-30% (Jag gissar rätt friskt här), baserat på bättre hantering av kärna, disk, IO och liknande. Virtual Server är ju fortfarande bara en tjänst så det är ju inte komplicerat direkt.
Har precis fått ihop min installation och allt fungerar "najs", jag var ju bara tvungen att se om man kan köra Virtual Server 2005 R2 SP1 på en Windows Server 2008 "Core" Server och det kan man uppenbarligen göra. Helt ärligt så räknande jag med att det skulle gå, men testa måste man ju, eller hur.
Har precis fått ihop min installation och allt fungerar "najs", jag var ju bara tvungen att se om man kan köra Virtual Server 2005 R2 SP1 på en Windows Server 2008 "Core" Server och det kan man uppenbarligen göra. Helt ärligt så räknande jag med att det skulle gå, men testa måste man ju, eller hur.
En Server Core saknar ju sådeles en IIS server, vilket gör det lite mer avancerat än vanligt, man måste helt enkelt ha en server med IIS. I princip gör man på följande sätt:
- Installera en Windows Server 2008 B3 som Core Server
- Sätt namn, IP och liknande, joina domän
- skriv cscript c:\windows\system32\scregedit.wsf /? för mer info
- skriv cscript c:\windows\system32\scregedit.wsf /CLI för dom vanligaste kommandona
- Installera Virtual Server 2005 SP1, men skippa allt förutom "Virtual Server Service" genom att köra setup.exe.
- Installera sedan Virtual Server 2005 SP1 på en annan dator i samma domän, du kan installera alltihopa eller bara webdelen.
- OBS VIKTIGT
- Installera med "constrained delegation", dvs att man kör Websiten under Local System. Om du redan har installerat enligt den finska metoden så får du avinstallera VirtualServer 2005 R2 SP1 och installera om den igen och välja "constrained delegation", det går inte att fixa till i efterhand vad jag vet.
- Konfigurera hela härligheten för "Configuring constrained delegation"
- Titta det funkar... :-)
Configuring constrained delegation
Step 1:Verify prerequisites:
Before you begin configuring constrained delegation, make sure that you have performed the following tasks:
Complete the installation of Virtual Server, as described in Install Virtual Server.
Important
For constrained delegation to work, you must perform a custom installation and select the installation option to run the Administration Website as the Local System account. If you do not, you will have to uninstall and reinstall Virtual Server before you can configure constrained delegation.
Verify that the domain controller is configured for a Microsoft Windows Server 2003 native domain. If necessary, raise the functional level of the domain from Microsoft Windows 2000 (the default) to Windows Server 2003. For instructions, see "Raise the domain functional level" in Help and Support Center for the Windows Server 2003 operating systems.
Step 2: Allow the Web server to delegate a user's credentials to the Virtual Server service
Follow these instructions to allow the Web server to delegate the credentials of the logged-on user to the computer running the Virtual Server service.
Important
Only perform this step if the Administration Website (VSWebApp.exe) is installed on a different computer than the Virtual Server service (Vssrvc.exe).
- On the domain controller, open Active Directory Users and Computers.
- In the console tree, under DomainName, click Computers.
- Right-click the Web server, and then click Properties.
- On the Delegation tab, click Trust this computer for delegation to specified services only.
- Click Use any authentication protocol.
- Click Add, and then click Users and Computers.
- Type the name of the computer running the Virtual Server service, and then click OK.
- From the list of available services, hold down the CTRL key while clicking cifs and vssrvc, and then click OK.
- Repeat as necessary for additional computers running the Virtual Server service.
Step 3: Allow the Virtual Server service to delegate a user's credentials to another computer
Follow these instructions to allow Virtual Server to delegate the credentials of the logged-on user to another computer. This allows users to access resource files stored on a computer other than the one running the Virtual Server service.
- On the domain controller, open Active Directory Users and Computers.
- In the console tree, under DomainName, click Computers.
- Right-click the computer running the Virtual Server service, and then click Properties.
- On the Delegation tab, click Trust this computer for delegation to specified services only.
- Click either Use any authentication protocol or Use Kerberos only.
- Click Add, and then click Users and Computers.
- Type the name of the computer storing your resource files, and then click OK.
- From the list of available services, select cifs, and then click OK.
Mikael Nyström
MVP Windows Server - Setup/Deployment
Idag blev det officiellt på WinHec att Windows Server Codename "Longhorn" kommer att heta Windows Server 2008. Själv sitter jag i Seattle på Windows Server 2008 RDP-AirLift TAP:en för två kunders räkning. Det är en del nya saker men framförallt är det något djudare dragningar kring en del ämnen, det har varit mycket prat om Core server som i början verkar ganska bra men ju längre in i den man gräver detsto svårare blir vissa saker att göra, mycket nya processer och rutiner och en relativt stor utbildningsinsats kommer nog att krävas. Deployment biten är precis som Windows Vista helt ny, vilket gör att många gamla lösningar måste/bör göras om.
Windows Server 2008 har också fått ny hemsida,
http://www.microsoft.com/windowsserver2008/default.mspx
http://www.microsoft.com/windowsserver2008/audsel.mspx
http://www.microsoft.com/technet/windowsserver/2008/default.mspx
Mikael Nyström
MVP Windows Server - Setup/Deployment
I Virtual PC 2007 så kan man direkt klicka på en VMC fil för att starta den virtuella datorn, den kommer då också att registrera den i consolen, vilket är bra. Men ibland vill man bara registrera den utan att starta den. Det är iofs möjligt att göra genom att starta VPC2007 och genom en wizard välja att lägga till den, vilket är omständligt då det är en mängd "click". Om du laddar hem inf-filen och installerar den så kan du höger-klicka och välja att registrera den utan att starta den, vilket är underbart när man ska lägga till flera maskiner. Jag har också lagt till möjligheten att direkt redigera .VMC filen vilket man behöver göra då och då för att ändra MAC adressen på nätverkskortet. Problemet uppstår när man har gjort en maskin och ska köra den på flera datorer samtidigt, vilket uppstår när man kör utbildnig/lab:ar. Välj då att redigera .VMC filen och gör följande:
"Edit the .vmc file to remove the MAC address. Find the following line:
<ethernet_card_address type="bytes">0003FFxxxxxx</ethernet_card_address>
Remove the number so the line appears as follows:
<ethernet_card_address type="bytes"></ethernet_card_address>
After you remove the number, Virtual PC will create a new MAC address the next time you start the virtual machine."
Du kan ladda hem filen eller kopiera och skapa en egen inf fil.
CODE:
;Adds a context menu for VMC files to be added or edit in notepad.
;If you installed Virtual PC in an other location, please change the path.
;Created by mikael.nystrom@truesec.se<mailto:mikael.nystrom@truesec.se>
;version 1.0 2007-05-12
[version]
Signature="$Windows NT$"
[DefaultInstall]
AddReg=Reg
[Reg]
HKCR,"Virtual.Machine.VMC\shell\Register in VPC\Command",,,"C:\Program Files\Microsoft Virtual PC\Virtual PC.exe" -registervm "%1"
HKCR,"Virtual.Machine.VMC\shell\Edit with Notepad\Command",,,"notepad" "%1"
Mikael Nyström
MVP Windows Server - Setup/Deployment
Vilka OS fungerar egentligen i Virtual PC och Virtual Server, att det är supporterat är en sak, men ibland är jag nöjd om det "bara" fungerar, jag tänker ifall inte ringa Microsoft för att får support på MS DOS 3.21 (Tror inte att det finns så många på supporten som ens har sett den versionen).
I vilket fall som helst har några galningar samlat på sig en lista över vad som fungerar och inte, det finns några tråkiga upptäckter som att Gnoppix 0.8 inte fungerar fullt ut, men 0.6 och 1.0 fungerar tack och lov(1.0 av Gnoppix har iofs också problem, men ändå), det känns ju tryggt. Det är ett tusental som dom har testat tydligen. Håll tillgodo, det är kul läsning.
(Johannes, ger mej attan på att dina hemkokade versioner av freebsd finns med där...)
http://vpc.visualwin.com/
Mikael Nyström
MVP Windows Server - Setup/Deployment
Såg en blog skriven av Dave Northey där han förklarar hur man installerar VHDMount funktionen utan att installera hela Virtual Server 2005 SP1. I korta ordalag så gör man så här:
- Hämta hem Virtual Server 2005 SP1 och spara på din HD
- kör:
- från c:\temp mappen kör du sedan:
- msiexec /i "Virtual Server 2005 Install.msi" /qn ADDLOCAL=VHDMount
- Därefter kan du hämta hem och installera min vhdmount.inf fil så kan du mount VHD filer direkt från explorer
Mikael Nyström
MVP Windows Server - Setup/Deployment
Microsoft Virtual Server 2005 SP1 innehåller VHDMount.exe som gör att man man "mounta" en VHD fil som en hårdisk, underbart för att kunna underhålla och hantera virtuella diskar utan att behöva starta upp den virtuella datorn, eller för att kunna fixa/trixa med virtuella datorer. Men det är ju förståss så att cmd-line baserad applikationer kan vara lite små krångliga att arbeta med även om det inte är hela världen att lära sig, det finns ju å andra sidan "geeks" som älskar när det är lite små meckigt, bara för att det känns "geekigt".
Hursom helst så har jag gjort en .INF fil som du kan ladda hem och installera rakt upp och ner, den ger dej två saker.
- En ikon på alla VHD filer, vilket absolut inte är nödvändigt, men lite tufft
- "Mount" och "DisMount"
Ladda hem .ZIP filen och packa upp den. Öppna mappen och leta rätt på "vhdmount.inf", markera den med höger musknapp och välj att installera(om du har valt att installera Virtual Server 2005 SP1 på någon annan plats än default så måste du redigera filen så att sökvägarna stämmer). Vill du inte ladda hem utan bara se hur jag har gjort så finns innehållet i vhdmount.inf liggandes här. Vill du inte längre ha funktionen kvar så kan du med regedit plocka bort dessa nycklar.
Tänk på att INTE mounta flera VHD filer samtidigt om du kan se en risk att dom har samma IDnummer, ID nummret på varje disk i Windows måste vara unikt vilket det automatiskt blir, men det var innan man kom på det där med virtualisering, man kan ju skapa en kopia på en VHD fil, vilket ger effekten av att du har skapat en "clone" på en fysisk disk, men med samma ID. Windows har ingen felhantering för detta dessvärre.
Mikael Nyström
MVP Windows Server - Setup/Deployment
Fick mail från Ronald Beekelaar, han har tydligen läst min blogpost angånde att mounta vhd filer. Han tyckte att det var en ball grej, men att man kan byta ut %1 mot """%L""" för att få långa filnamn istället för korta som %1 presenterar. Det spelar ingen roll när man mountar/dismountar men om man lägger till vhdmount /q all så ser man longnames istället för shortnames.
Code:
;Adds a context menu for VHD files to be mounted by VHD mount from explorer, if you installed Virtual Server in an other location, please change the path.
;Created by mikael.nystrom@truesec.se
;version 1.0 2007-05-06
[version]
signature="$CHICAGO$"
[DefaultInstall]
AddReg=Reg
[Reg]
HKCR,".vhd",,,"Virtual.Machine.HD"
HKCR,"Virtual.Machine.HD",,,"Virtual Machine Disk Image"
HKCR,"Virtual.Machine.HD\DefaultIcon",,,"C:\Program Files\Microsoft Virtual Server\vssrvc.exe,3"
HKCR,"Virtual.Machine.HD\shell\Mount\Command",,,"c:\program files\Microsoft Virtual Server\vhdmount\vhdmount.exe" /m /f %1"
HKCR,"Virtual.Machine.HD\shell\DisMount\Command",,,"c:\program files\Microsoft Virtual Server\vhdmount\vhdmount.exe" /u %1"
HKCR,"Virtual.Machine.HD\shell",,,"Mount"
HKCR,"Virtual.Machine.HD",BrowserFlags,0x00010001,0x8
HKCR,"Virtual.Machine.HD",EditFlags,0x00010001,0x0
Finns att ladda hem från connect:
Innehåller följande "nyheter" (Det mesta har funnits sedan tidigare)
- Support for Hardware-Assisted Virtualization
- Support for additional guest and host operating systems
- VHD Mount command-line tool and APIs
- Improved scalability support (Up to 256 GB of memory, Up to 512 VMs etc)
- Interoperability with Volume Shadow Copy Service
- Service Publication using Active Directory Service Connection Points
- Installation of Linux guests on a SCSI virtual hard drive
- Default size increased to 127 GB for dynamically expanding virtual hard disks
- VMRC ActiveX control now uses the Internet Explorer Security Zones
- Host clustering whitepaper
- Settings for multiple WMRC Connections (Allow/Disallow)
- Improved performance
- New version of VMAdditions (13.809)
Har bytt ut drygt hälften av mina VS2K5R2SP1B2 till VS2K5R2SP1RC1 utan problem. En sak dock. "Save state" är INTE kompatibelt, så du måste stänga ner GUEST:erna innan du uppgraderar.
https://connect.microsoft.com/site/sitehome.aspx?SiteID=151
Mikael Nyström
MVP Windows Server - Setup/Deployment
Jag fick ett mail från en vän och han förklarade att Microsoft har släppt men uppdatering till Outlook 2007. Det visade sig vara en riktig höjdare. :-)
Ok, så vi tar det från början, jag gillar outlook och jag har stora mailboxar, skit enkelt. Ett problem som jag har är att när man startar outlook tar det i balnd så förbaskat lång tid och under tiden sä är datorn inte riktigt så hörsam på kommandon som man skulle vilja, ett problem jag har haft ända sedan i början tyvärr, men men man är ju på något sett luttrad.
Det visar sig att detta problem har man vetat om ett tag, typ sedan i november eller så men inte riktigt varit säkra på vad det är och/eller beror på. (grrr). På ett antal punkter har man i denna uppdatering nu förändrat komponeterna under "huven" så att slipper frysningar som uppstår när du ansluter och det sker förändrinagr i din mailbox, när man flyttar, kopierar mail och liknande. Med denna uppdatering så sparas inte längre RRS feeds på servern utan i den lokala .pst file, index funktion fungerar lite annorlunda osv, är du osäker så ska du så klart läsa på lite innan du installerar. Man kan ju fråga sig varför man inte har gått ut "wide open" med detta och det beror på man vill få ett stort underlag för kunna avgöra om detta var fixarnas "fix" Enligt min källa så "I can’t say that this will 100 percent solve the latency issues, but users should see a big improvement,"
Gör dej glad, ladda hem Update for Outlook 2007 (KB933493)
PS. Ett problem har jag dock fått av den här uppdateringen och det är BCM som krånglar, vet dock inte om det är ett "lokalt" problem på min dator, men...
Mikael Nyström
MVP Windows Server - Setup/Deployment
Med tiden skaffar man sig verktyg, vissa är bra och andra är oumbärliga. Jag vet också att jag många gånger under LAB:ar och kurser har sagt "Det går inte...", vilket jag får äta upp nu när det faktiskt har kommit verktyg som gör mycket av detta möjligt. Nyfiken? Bra, då tittar vi lite närmare på min verktygslåda.
VhdResizer:
Med VhdResizer kan du konvertera mellan fixed och dynamic samt öka och minska den virtuella stoleken på vhd filerna, jag har testat detta många gånger, det är dels snabbt och det funkar varje gång. Ett måste i min verktygslåda helt enkelt.
Ladda hem från: http://vmtoolkit.com/files/folders/converters/entry87.aspx
Vmdk2Vhd:
Från samma gäng kommer dessutom ett verktyg för att konvertera mellan VMwares VMDK format till Miccrosofts VHD format. Första gången jag satte tänderna i detta trodde jag inte till 100% på verktyget men det har visat sig fungera väl. VMware har ju ett ganska bra verktyg för att göra P2V som är kostnadsfritt (eller Ultimate P2V om man gillar Bart) vilket gör att man kan använda dessa verktyg för själva P2V biten och sedan konvertera filen till VHD ifall man vill köra Virtual Server. Man måste natruligtvis hantera drivrutiner och liknande, man byter ju trots allt "hårdvara", kör du Virtual Server 2005 R2 SP1 så har du ju funktionen VHD mount vilket gör att du kan mounta VHD filen som en disk och hantera drivrutiner och annat.
Laddas hem från: http://vmtoolkit.com/files/folders/converters/entry8.aspx
Virtual Floppy Drive:
Floppy diskar används fortfarande, men datorn man sitter på är inte alltid utrustad med det. Kör man virtual server och behöver mounta en virtuel floppy i host OS:et så är det ganska omständligt dessvärre. Med Virtual Floppy Drive får man ett verktyg som kan användas som en virtuel floppy i host OS:et och på så sätt också i gäst OS:et, så smidigt och enkelt. VFD kan köras både i RAM och mot floppy filer.
Laddas hem från: http://chitchat.at.infoseek.co.jp/vmware/vfd.html
Det finns flera andra som jag använder, bland annat VSMT och numera också VMM, återkommer om det senare. Visste du BTW att det finns en VMRC+ klient också. Rätt cool, men tyvärr "MS Internal Use Only"
Mikael Nyström
MVP Windows Server - Setup/Deployment
Jag skrev ju en post om performance i Virtual Server 2005 och det var faktiskt en sak jag missade som är viktig, jag tror jag missade det därför att jag har det som standard inställning i alla mina "mallar"
Efter att man har installerat VM Additions så BÖR man absolut ändra "Hardware Acceleration" på grafikkortet, den står inställd på ett alldeles för långt värde och det gör att musen hoppar och rycker. Justera också antalet färger så att dom överenstämmer med din host maskin.
Gör så här:
Markakera desktop med höger musknapp, properties, advanced, troubleshooting. Se till att inställningen för hårdvaruacceleration är längts till höger.
Mikael Nyström
MVP Windows Server - Setup/Deployment
Ingen nyhet att den är här, det vet vi alla och den löser problem är ingen tvekan om. MEN det finns problem kring den också, jag sitter med i en MVP mailgrupp och när SP2:an kom så ökade antalet mail till ca 500 på två dagar och alla handlar om problemen kring Windows Server 2003 och SP2.
Det finns framför allt ett problem som har med anslutningar att göra, förändringar i TCP gör att många funktioner helt enkelt upphör att fungera och besynnerliga fel uppstår. Det innebär inte att man ska låta bli SP2, utan mera vara beredd på att lösa problem som uppstår i samband med den. Har man aldrig varit seriös tidigare så är det ett förbaskat bra tillfälle att avsätta tid till läsa, testa och utvärdera. Kan du vänta tills det har lungnat ner sig och dom flesta problem är upptäckta så känns det som en ganska bra ide. Att testa i en virtuel miljkö är helt enkelt smart.
Problemet handlar om "Receive Side Scaling" som dels ligger i SP2 och även i "Microsoft Windows Server 2003 Scalable Networking Pack". Tricket är att det inte fungerar med alla NIC:s (hörde jag någon skrika Broadcom?). Med RSS aktiverad på ett NIC som inte kan hantera det så kommer en server som använder ISA2004 eller SecureNAT helt enkelt att reseta TCP connections. När NAT modifierar paketet genereras en hash som inte matchar hårdvarans hash och då droppas paketet. Det finns ingen KB kring detta ännu, då man inte rikigt vet omfattning och exakt i vilka situationer det uppstår. Skulle du få problemet kan du dock lösa det genom att stänga av RSS och/eller stänga av offloading. Produkter som teoretiskt kan drabbas är Windows Server 2003 med NAT och ISA 2004 (vilket alltså omfattar installtioner med SBS2003 då många har ISA eller NAT)
RSS kan dock stängas av i registret:
HKLM\System\CurrentControlset\Services\Tcpip\Parameters
Skapa eller redigera DWORD:et EnableRSS och sätt den till 0
Vissa personer har rapporterat in problem även efter att ha stängt av RSS och har då provat med att "Disable Offloading"
HKLM\System\CurrentControlset\Services\Tcpip\Parameters
Skapa eller redigera DWORD:et DisableTaskOffload och sätt den till 1
Mikael Nyström
MVP Windows Server - Setup/Deployment
Att Microsoft har en gjort en Windows Easy Transfer Wizard är ingen nyhet, den har funnits med från RTM, den fungerar ganska bra men det tänkte jag skriva om vid annat tillfälle.
Jag var i Seattle(Redmond) förra veckan och samtalade med det teamet som jag som MVP är knutet till (Setup/Deployment), nu är det gänget inte så stort, vär bara 16 MVP:er i hela världen och vi var ungefär 6-7 stycken där som i två dagar diskuterade lösningar och alternativ. Microsoft berättar och visar upp olika lösningar och tekniker och sedan kör vi tumme upp eller ner, njae inte riktigt men vi diskuterar och argumenterar med utvecklarna, arkiteterna (å lite marknads folk)
Mycket av det som vi gick igenom är ju inte direkt några nyheter, utom en sak jag faktiskt hade missat, som dessutom var jäkligt tuff.
"Windows Easy Transfer Companion" är en applikation som kan migrera applikationer (ca 100 st är testade och fungerar) direkt mellan två datorer, alltså om du har migrerat alla inställningar med Windows Easy Transfer så kan du migrera även applikationer, såsom Office, Accrobat Reader och Itunes, typ. Det som finns ute nu är en BETA version och vi har framfört önskemål på att den borde blir CMD-line baserad och att den ska kunna migrera applikationer "offline", som det är idag krävs det att båda datorerna är på tyvärr. Men i mindre miljöer, butiker, hemma så är den ett bra hjälp medel. Kolla in och testa på
http://www.microsoft.com/downloads/details.aspx?familyid=39F724EB-4E37-4BE0-ADFC-786786E73E50&displaylang=en
Mikael Nyström
MVP Windows Server - Setup/Deployment
Nu har Microsoft släppt "Windows Vista Hardware Assessment", ett verktyg som hjälper till att inventera datorer och till viss del applikationer för att se vilka datorer som kommer att fungera med Windows Vista och vilka som måste bytas ut eller uppgraderas. Det kan skanna domäner, eller nätverk på flera olika sätt. Det är inte perfekt men fungerar ändå riktigt bra. Har man redan en miljö med SMS eller liknande system så behövs kanske inte denna applikation, men den har ändå sina små finesser. En av dom snyggaste är att man får två olika rapporter, en business och en technical, vilket är riktigt bra.
Du kan ladda hem den ifrån http://www.microsoft.com/technet/solutionaccelerators/hardwareassessment/wv/default.mspx
Mikael Nyström
MVP Windows Server - Setup/Deployment
Jag och Michael Anderberg har spelat in ett nytt avsnitt av "The Nerd Herd", men det är inte publicerat ännu. Micke sitter just nu hemma och filar/klipper och fixar just nu och han borde hinna klart till klockan 12:00 imorgon . Så vid tolv rycket är det bara att ansluta till " http://thenerdherd.libsyn.com/" för att lyssna när vi pratar TCP/IP eller så går du till Mckes blog och läser hans inlägg http://blogs.technet.com/michand/archive/2007/03/02/the-nerd-herd-avsnitt-6-tcp-ip-i-longhorn-server-och-vista.aspx
Mikael Nyström
MVP Windows Server - Setup/Deployment
AVG, Antivirus programmet från Grisoft kommer i nya versioner och varianter, lite kul att det rör sig på marknaden, jag tror att det under längre tid har varit för många programtillverkare som med tiden har skapat mer och mer komplexa samt fullständigt galet konstruerade AV lösningar, där man ibland undrar om det inte vore bättre att faktiskt ha virus i sin dator än att ha det där systemet som konstanta äter 75% CPU tiden. Jag vet inte om det är bra, men jag har hört av kollegor att det tydligen ska vara bra. Men som sagt, jag har inte testat. Läs mer...
*****************************************
We are preparing new AVG products - AVG Small Business Server Editions and AVG Anti-Rootkit which is currently available for beta testing.
****** AVG Small Business Server Editions ******
It is so exciting to introduce this new product. Many of you have been waiting for it for a long time. AVG Small Business Server (SBS) Editions are intended for small and medium sized customers running small networks, typically Microsoft SBS. They will include the following products:
- AVG Anti-Malware SBS Edition - includes AVG Anti-Malware Network Edition, AVG Email Server Edition (including file server protection), AVG for Share Point Portal Server and AVG Remote Administration.
- AVG Internet Security SBS Edition - consists of AVG Internet Security Network Edition, AVG Email Server Edition (including file server protection), AVG for Share Point Portal Server and AVG Remote Administration.
The number of licenses will be based on the number of connected computers and as a bonus, a server license will be provided for free. License packages will be available online in the following configurations: 5+1, 10+1, 15+1, 20+1, 25+1, 30+1, 40+1, 50+1, 75+1 and 100+1.
AVG SBS Editions have significant advantages compared to two separate AVG Network and Email Server Editions. Your customers will receive just one License Number that will be used for AVG installation on both workstations and servers. In simple terms, your clients will buy an all-in-one package with just one license for easy handling and license management. Release of the new AVG editions is planned for March.
****** AVG Anti-Rootkit Beta Version ******
AVG Anti-Rootkit is a powerful tool for detection and removal of rootkits. Rootkits are used to hide the presence of malicious objects like trojans or keyloggers on a computer. If a threat uses rootkit technology to hide itself, it is very hard to find the malware on the PC. AVG Anti-Rootkit gives you and your customers the power to find and delete the rootkit and to uncover the threat the rootkit is hiding.
AVG Anti-Rootkit highlights:
- Powerful cleaning due to advanced cleaning driver
- Easy to use interface
- Fast and efficient detection (even for NTFS-ADS objects)
- Special interface for visually impaired people
You can also check out how powerful and efficient the AVG Anti-Rootkit is by downloading a beta version from the site http://beta.grisoft.cz/beta/index.php?lang=2 . We appreciate all resellers participating in our Beta Program and filling out a questionaire. Your test results, as well as your opinion about the product, are very important for us.
Mikael Nyström
MVP Windows Server - Setup/Deployment
Microsoft har nu släppt "all" information som behövs kring SBS2003 tillsammans med Vista och Office 2007. Det som krävs för att du ska kunna installera "korringeringspaketet" är att du kös SBS2003 SP1, annars går det INTE. Några roliga saker är att det nu går att hantera lokala profiler på Vista maskiner och att det finns en separat GPO för endast Vista maskiner. Det finns en KB som beskriver hur man lägger till en Vista i en SBS2003 och den ska alltså kastas så långt bort det bara går och istället ska denna användas.
Basdokumentet du behöver hämta hem och läsa igenom är:
http://www.microsoft.com/downloads/details.aspx?FamilyID=46E95C56-1A4C-45BD-8D69-5F41FF8F1F22&displaylang=en
där står i princip allt om hur du ska göra och vilka program du behöver ladda hem. "Kit:et" innehåller bland annat information om:
- ConnectComputer
- Uppgradering av XP till Vista
- GroupPolicy och hantering av detta
- Outlook 2003/2007 på XP/Vista mot E2K3
- Remote Connections
- ISA Server
- Companyweb
- Utrullning av applikationer
- 32/64 bits problem
- Fax och printer detaljer
- Remote Web Workplace problem
- Certifikats problem
- KB 926505 – Update for Windows Small Business Server 2003: Windows Vista and Outlook 2007 compatibility
- Vista och Office 2007 FAQs
-
-
-
KB 930414 – ISA Server 2004 update package for Vista 64-bit editions
-
-
KB 931095 – Regarding Outlook users; note: this is a catch all KB for someone who has XP with Outlook 2007 – a separate update is not required, it is the same update as mentioned in KB 926505
-
-
-
Mikael Nyström
MVP Windows Server - Setup/Deployment
http://www.microsoft.com/sverige/technet/technettv/small_business.aspx
Mikael Nyström
MVP Windows Server - Setup/Deployment
Det är kul med frågor, framförallt är det kul att kunna svara på frågor. Jag fick den stora äran att spela in TechNet TV för några år sedan och det har blivit några stycken (några till är på gång) en del av dessa är bra och en del är mindre bra, men så är det ju alltid.
I vilket fall som helst så kan det ju vara så att några av dina frågor finns besvarade i några av dom filmer jag har gjort.
Alla mina SBS filmer finns samlade på en sida, vissa kan man ladda hem men alla kan man titta på online, dom täcker nog upp det mesta, installation, konfiguration, todo listan, bygga ut, bygga till, backup, restore och liknande.
Kan vara värt en stund...
http://www.microsoft.com/sverige/technet/technettv/small_business.aspx
Mikael Nyström
MVP Windows Server - Setup/Deployment
Alpha versionen är nu tillgänglig på Connect site, (har precis laddat hem den)
Ett verkyg tänkt att fungera som komplement till BDD2007 och ACT5, det ger en bild över vilka dator som kan köra vista och vilka som inte kan det. Uppgraderings rekommendationer och liknande. Alltså typ, RAM minne GPU minne, CD/DVD och GPU, Det är byggt för att kunna hanteras central. Det är tänkt för kunder/partners som har små system, alltså under 5.000 datorer.
Länken till er som vill vara med i betan är
https://connect.microsoft.com/site/sitehome.aspx?SiteID=297
OBS du måste ha ett passport/live konto och jag är inte säker om alla kan vara med i betan, men för er som kan det och vill ha ett inventerings verktyg så kan det vara helt rätt.
Det finns en webcast kring det hela också:
http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032317862&EventCategory=5&culture=en-US&CountryCode=US
Mikael Nystrom - TrueSec AB
MVP Windows Server - Setup/Deployment
Den 26:e februari är det SSBSUG träff och jag satsar på att det ska bli den bästa hitills, vad sägs om att alla som kommer får var sitt fullt fungerande smartcard med eget foto och SSBSUG loggan på. Dessutom kommer "troligen" den nya produktchefen för Small Business Server och håller en session för oss. Jag har ocskå fått en av dom absolut bästa kring säkerhet, smartcard, pki att komma till oss och hålla en session kring hur man gör det i en SBS miljö. Själv tänkte jag prata om hur man bygger ett SW/HW inventory med hjälp av ACT och SharePoint, efter alla festligheter går vi ut och tar en öl och äter lite
Jag kommer att ha tröjorna med mej för alla som inte fick sina vid första mötet också. Anmälan och sånt finns på http://www.ssbsug.se (jo, du måste logga in, det beror på att man måste vara medlem för att komma)
Mikael Nyström
MVP Windows Server - Setup/Deployment
Jo, det är sant, vi är några som har gjort en talkshow kring Longhorn server, det är troligen det nerdigaste jag har gjort. Men det är förståss jättekul. Michael Anderberg och jag satt tillsammans på planet hem från ITForum 2006 i Barcelona och diskuterade och argumenterade och Mr. Anderberg skrev tack ner allt på sin dator. Det var första gången vi pratade om detta men det kändes ändå som det var där och då som talkshowen fick sitt innehåll.
Vi var alla överäns om att det skulle vara någon sorts blandning mellan TechNet TV utan bild och Nattsudd utan att vara fjantigt och med ett bra tekniskt innehåll.
Vi har nu gjort två inspelningar, den första handlar inte alls om Longhorn utan mer om "Windows historia" (Micke och jag är gamla nog att ha varit med i några år) men det andra avsnittet handlar om Longhorn Coreserver som är ett installations alternativ, det körs mer eller mindre utan GUI och kan användas till att vara Innfrastruktur server. Vi är också fler som pratar på den senaste inspelningen, Micke, Micke, Chrisse och Jon är det som håller låda.
En kul grej är att vi diskuterade om hurvida man skulle kunna köra WINS på en Coreserver och sa vi att man inte kunde. Det är ÄNDRAT nu, från och med den sista betan kan man nu köra WINS även på en Coreserver.
The Nerd Herd - Avsnitt 1
Mickes Blog - http://blogs.technet.com/michand/archive/2006/12/22/premi-auml-r-f-ouml-r-the-nerd-herd.aspx
Direkt länk - http://thenerdherd.libsyn.com/index.php?post_id=166780
The Nerd Herd - Avsnitt 2
Mickes - Blog - http://blogs.technet.com/michand/archive/2007/01/05/the-nerd-herd-avsnitt-2-longhorn-server-core.aspx
Direkt länk - http://thenerdherd.libsyn.com/index.php?post_id=167536
Vi vill gärna ha feedback på innehållet så, please post...
Mikael Nystrom
MVP Windows Server - Setup/Deployment
Felaktigt konfigurerade virtuella system belastar värddatorn och begränsar antalet virtuella system på varje värd, att lösa problemet är inte så svårt, bara man vet hur…
Virtualisering kostar alltid i ”overhead”, på ett eller annat sätt. Hur man än vänder och vrider på det så kan CPU:n trots allt bara processa en maskin i taget och alltså får man inte ut 100% av CPU, Minne, Nätverk och Disk IO. Alltså blir målet att med rimliga insaster och en bra design att eliminera så mycket som möjligt. Så hur gör man?
Tjänster:
I gäst OS:et är det viktigt att stänga av tjänster som inte behövs, dels är detta en poteniell attack yta, dels konsumerar dom minne men dom förbrukar också CPU cykler. Exempel på tjänster som kanske inte används eller behövs är indextjänsten, browsertjänsten, webclient.
Den virtuella disken:
I Virtual Server 2005 har man möjlighet att köra IDE eller SCSI diskar och egentligen borde det inte spela någon roll då det egentligen bara är filer, men det spelar faktiskt roll. Om vi väljer IDE (vilket är default) så kommer man att emulera en IDE disk miljö, vilket i sin tur genererar CPU belatsning. Det logiska är då att välja SCSI vilket vi har lärt oss avlastar CPU:n, men HBA:n är ju dessvärre också emulerad varför den belastar ännu mer. För att få lite siffror så tar det ca 8 ggr längre tid att installera Windows Server 2003 med den emulerade SCSI HBA:n än vad det tar med IDE, vilket alltså betyder att IDE är mycket effektivare, men det är inte sant. Det finns nämligen en speciell SCSI drivrutin som man absolut bör använda, den dök upp första gången i Virtual Server 2005 R2 och är en ”Shunt” driver. Den är skriven för att avlasta värddatorn och för att höja prestanda och kapacitet. Alltså använder man den virtuella SCSI HBA: MEN man använder ”Microsoft Virtual PCI SCSI” drivrutinen istället, den är ungefär 30-35% snabbare att använda istället för Adaptec drivrutinen. Under installationen av OS:et trycker man F6 och matar in den virtuella floppyn som innehåller drivrutinerna. Frid och fröjd.
Men det mest troliga är att du idag kör med virtuella IDE interface, så hur byter man?
Byta från IDE till MS SCSI i den virtuella datorn
Stäng ner den virtuella datorn och lägg till minst en virtuell SCSI HBA, starta upp den virtuella datorn och öppna device manager. Kontrillera vilken drivrutin som är laddad. Om du har en ”Adaptec…” så väljer du att uppgradera den, välj inte att söka utan bestäm vilken drivrutin du ska använda, se till att den virtuella floppyn som innehåller Microsoft SCSI driver sitter i din virtuella dator och välj rätt drivrutin baserat på vilket OS du använder, stäng ned den virtulla datorn och ändra under disk konfiguration så att den virtuella disken inte är ansluten till den primärma IDE kontrollern utan istället är ansluten till SCSI ID 0:0 och starta upp. Svårare än så är det inte. Vinsten är bra mycket snabbare start och operation av den virtuella datorn och betydligt mindre last på värddatorn.
VM Addtions i den virtuella datorn:
Att VM Additions är viktiga har du förmodligen redan märkt, men alla vet inte att det är mycket viktigt att man har den senaste versionen hela tiden. VM Additions patchar nämligen RAM minnet i den virtuella datorn för att kunna omdirigera CPU instruktioner som kan hanteras direkt i Usermode (Ring 3) utan att behöva gå igenom binär konvertering via den virtuella kernal mode och vidare genom hostens usermode. Problemet är att VM Additions inte hanterar ny kod som laddas in i systemet, alltså patchar och servicepackar. VM Additions uppdateras hela tiden för att matcha olika OS. Om du inte uppdaterar VM Additions regelbundet kommer den virtuella datorn med tiden att bli långsammare och långsammare samtidigt som du kommer att belasta värddatorn mer och mer. Samtliga VM Additions är bakåtkompatibla och det är samma i både Virtual Server och Virtual PC. Det var många som upptäckte detta när dom installerade Windows Server 2003 SP1, systemet blev ohyggligt mycket långsammare nämligen. Lösningen var en ny version av VM Additions. Den senaste versionen som finns nu ligger med i Virtual PC 2007 BETA (13.724) och bör absolut användas. Det kan verka konstigt att använda en BETA version men det är inte VM Additions
Ett sätt att undvika uppdateringar på nya virtuella datorer är att man faktiskt inte installerar VM Additions på sina mall datorer utan istället lägger med i sysprep.ini en funktion som gör att VM Additions installeras vid första uppstart av en ny virtuell dator. Installationen görs från den lokala disken där man lägger den version som är aktuell för tillfället. När det sedan kommer en ny version av VM Additions kan man öppna VHD filen och ta bort den gamla och lägga till den nya. På så sätt kommer nya virtuella datorer som du bygger baserat på din mall alltid ha den senaste verisonen. Du bör också se till att du har en uppdaterings process så att du kan hantera befintliga virtuella datorer (AD, SMS eller annan metod)
Fragmentering och defragmentering:
Även virtuella diskar blir fragmenterade, framförallt om det inte finns minst 40% ledigt utrymme. Se till att regelbundet defragmentera dom virtuella diskarna. Tänk också på att du kan skapa flera virtuella diskar för att fördela läs och skriv operationer på flera diskar genom att lägga VHD filerna på flera olika fysiska diskar och genom att skapa stora virtuella diskar så undviks fragmentering. På värdatorn är det ännu viktigare att undvika fragmentering och det gör man genom att ha en korrekt disk struktur, den ser dock olika ut beroende på vad och hur systemet används. Men generellt kan sägas att du bör absolut separera värddatorns OS från VHD filerna. Använder du ”fixed size disks” bör du skapa dessa en i taget och helst göra detta på en disk som är helt tom från början. ISO Image:ar och mall datorer bör du lägga på andra diskar som har hög läs prestanda medans VHD filer bör ligga på diskar med hög läs/skriv prestanda. Om du däremot använder differentiela diskar så bör VHD filerna ligga på diskar med hög läs prstanda medans dif diskarna ligger på en diskyta som har hög skriv prestanda.
Minne:
Det absolut värsta är virtuella datorer med för lite minne. Det som händer är att den virtuella datorn behöver generera minne genom att börja använda pagefile:n, det belastar då dels den virtuella datorn men ännu värre, det belastar även den fysiska datorn avsevärt. Se alltid till att du har så mycket minne som datorn faktiskt kräver. När du ska konvertera en fysisk dator till virtuell så kommer du att få en ”overhead” på 32mb för varje dator du skapar, alltså om den virtuella datorn kräver 256mb så kommer värddatorn att belastas med 256+32mb i RAM. Använd performance monitor och mät ”pagefaults/min” i kombination med ”pagefile usage” för att se om det behövs minne.
Nätverkskort i den virtuella datorn:
NIC:arna har en hastighet på 10/100 visuellt sett men det finns egentligen ingen begränsning, man får ut ca 75% av moderdatorns NIC hastighet helt enkelt.
Använder man ISCSI bör man ha dedicerade virtuella NIC:ar som i sin tur är kopplade till dedicerada fysiska NIC:ar för att få ut maximal prestanda.
Nätverkort i den fysiska datorn:
NIC:arna uppträder egentligen som ”switchar” och det åstadkommer man genom att lägga en tjänst på varje NIC (Virtual Network Servies). Det man bör göra är att ha minst två fysiska NIC:ar, en för att administrera host datorn och minst ett för att köra guest:arna på. Vad man gör är att man tar det NIC som är det primära och ”binder” bort ”Virtual Network Services” och sedan väljer det andra NIC:et och väljer bort allt annat än ”Virtual Network Services” (Ja, det innebär att man binder bort TCP/IP). Samma sak gäller för alla andra kort som enbart ska användas av dom virtuella datorerna.
CPU:
Dessvärre kan man inte göra så mycket åt CPU:n, men det skadar ju inte att man förstår vad som händer. Virtual Server 2005 R2 är till skillnad från Virtual PC multitasking och det är bra förståss. CPU:n i host datorn kan bara processa en dator i taget, alltså sig själv eller någon av dom virtuella hostarna som körs. En maskin i taget helt enkelt. CPU:n emuleras inte heller som övriga komponenter utan "mappas" in i systemet och det är viktigt att förstå ifall du gör en "savestate" för att sedan köra på en annan dator, har man inte samma CPU arkitektur så kommer det inte att fungera. Det fungerar problemfritt om du stänger ner den virtuella datorn och sedan flyttar över, men den virtuella datorn tycker inte riktigt om att byta CPU mitt i sitt arbete. Det är också det som gör att man faktiskt ser den riktiga hastigheten i den virtuella datorn. I tidigare versioner av Virtual Server hade man problem med "Hyperthreading" men det har man inte längre. Kan man bör man välja en dator med flera CPU:er eller flera "Core:s" i första hand. Virtual Server 2005 R2 hanterar 32 CPU:er
ISCSI:
Det har ju inte så mycket prestanda att göra men det är ändå viktigt, troligen är ISCSI det enda SAN du kan bygga utan att behöva investera i för att lära dej att bygga host-to-host cluster lösningar. Du behöver egentligen bara två komponenter och det är en ISCSI klient, vilket du kan ladda hem från Microsoft som en vanlig download och en ISCSI target vilket agerar SAN lösning. StarWind har en ISCSI target som kan installeras som en vanlig applikation på i princip vilken dator som helst. Med den på plats kan du nu skapa diskar som du sedan kan dela ut som vilket SAN som helst. StarWind kan du hämta hem från http://www.rocketdivision.com som en 15 dagars trial (som du kan förlänga ytterligare 45 dagar om du skickar ett mail). Microsoft har en egen sida som rör ISCSI och det finns också en speciell artikel kring ISCSI och Virtual Server
Ja, jag tror jag har tagit det mesta (har säkert glömt något) men det borde ge dej lite bättre fart på dina virtuella datorer under Virtual Server 2005 R2.
Om du skulle vilja LAB:a kring detta så kör jag en två dagars LAB kring detta och om det inte passar så får du höra av dej så kanske vi kan lösa det på annat sätt.
Mikael Nystrom – TrueSec AB
MVP Windows Server – Setup/Deployment
Å, du. Om du läser detta och finner det bra så får du gärna slänga in en kommentar...
Av misstag satt jag för några dagar sedan och letade runt på "Office Online" och bland alla olika mallar som fans där så hittade jag helt plötsligt mallar för att göra sina egna interna utbildningar kring Office 2003 och Office 2007. Jag hade inte den blekaste aning om att det fanns och än mindre att det var riktigt bra. Dom fungerar både som slides för att lära sig själv och som slides för att lära andra, man kan konvertera dom till ett "kurshäfte" ifall man vill. I vilket fall som helst så är dom värda att titta på. Du hittar dom här...
På torsdag kör jag ett frukost seminarie, (såg dessvärre att det var fullbokat) om Windows Vista/Office 2007 och Windows XP/Office 2003 i samma miljö och vad mans ka tänka på.
Mikael Nyström - TrueSec AB
MVP Windows Server - Setup/Deployment
Bloggar som ligger i pipen är:
Virtual Server - Performance
Virtual Server 2005 R2 på Windows Vista
Hur det funkar att blanda nya OS, nya Office med gamla miljöer...
Att virtuella miljöer är bra, riktigt bra har Microsoft nu förstått så till den milda grad att dom har färdiga miljöer för nedladdning så att man kan labba och testa själv utan att spendera flera timmar på att sätta upp för att sedan besviket upptäcka att det "blev nått fel" och sedan ge upp. Jag tycker att det här är alldeles förbaskat bra och önskar att dom gjorde detta tidigare, dom har gjort det för MS partners men nu kommer det för alla (jippi!!!)
Du kan hitta det genom att söka på VHD hos Microsoft downloads men det finns också länkar direkt dit. http://www.microsoft.com/vhd funkar iallfall just nu.
VHD filerna är gjorda för Virtual Server men fungerar självklart i Virtual PC 2004/2007.
http://www.microsoft.com/technet/try/vhd/default.mspx
http://www.microsoft.com/downloads/results.aspx?pocId=&freetext=msvhds&DisplayLang=en
Det som finns just nu är Exchange 2007, Windows Server 2003 R2, ISA 2006 och SQL 2005.
Ladda hem och kör :-)
Mikael Nyström
MVP Windows Server - Setup/Deployment
Att mindre företag har behov av säkra system är ingen nyhet, men få av dessa har råd med dyra konsulter och avancerade lösningar. Det går ju faktiskt att göra en hel del i produkterna dom redan har. Säkerhetspolicys finns ju mer eller mindre färdiga att ladda hem och anpassa.
Forfarande idag så använder många kunder WEP eller helt okrypterat när det finns WPA, men WPA blir för krångligt tycker kunden. Men i Windows Server 2003 fins ju möjligheter att automatiskt hantera certifikat och sätta upp policys så att det är helt transparant för kunden. På samma sätt så klagar mängder med kunder över SPAM, trots att IMF ligger i redan från början, varför konfigureras det inte upp? Varför köps det 3:e part i stället.
Kunder som kör SBS, varför ändrar man inte PPTP uppkopplingen till en som använder IPSEC och varför ändrar man inte reelverket så att man inte har tillgång till hela nätverket utan bara dom funktioner som man behöver.
Varför ändrar man inte så att man använder smartcard vid inloggning eller certifikat vid inloggning över VPN och eller webfunktioner, just precis dom här sakerna och alla andra grundläggande säkerhets konfigurationer verkar inte implementeras hos mindre kunder, att vissa inte har råd köper jag men inte att alla saknar pengar. Enligt flera undersökningar är fortfarande säkerhet pri nummer ett hos våra kunderna.
Just nu så sitter jag och skriver på ett flertal dokument, bland annat hur man sätter upp en PKI lösning på SBS, jag tror ju trots allt att folk verkligen vill ha säkra system och en SBS lösning är ju inte så säker som den borde vara och kan bli.
Ta bara Remote Web Workplace, hur bra som helst, funkar verkligen jättebra. Är det svårt att hitta Remote Web Work Place servrar på Internet?
Nej man söker bara lite...
http://www.google.se/search?hl=en&q=%22Welcome+to+Windows+Small+Business+Server+2003%22
3700 Servrar, i princip alla har länken "Remote Web Workplace"
Klicka på den så är det två saker man ska kunna svara på
- Namn, Hmm låt mej gissa, kan det vara Nisse... Nej jag testar med Administrator
- Lösenord, Hmm Kan den vara Password01 eller något liknande hysteriskt komplicerat
Visst lösenordet kan ju ta ett tag att hitta men förr eller senare så är man inne med tillgång till ALLT och alla datorer. Vill man kan man ju förska knäcka lösenordet via SMTP interfacet vilket inte upptäcks därför att loggen är avstängd från början och även om den är påslagen så är det ingen som tittar där.
Allt detta är ju lösbart på bara några minter, kryssa bort ett par rutor i SMTP soppan och i ESM och vill man kan man lägga in ett bevaknings script som spärrar felaktiga lösenordsförsök på websiten via IP låsning under en viss tid.
Mikael Nyström
MVP Windows Server - Setup/Deploymet
Vill du lära dej sätta upp en säker SBS så finns det en LAB.
Om du är intresserad av MOM och SMS, eller rättare sagt om du har ett intresse av att managera din miljö med Microsofts verktyg så borde du vara intresserad av att vara med på detta event.
Man kör bland dom bästa eventet från MMS i San Diego med MOM & SMS. Det coolaste är dessutom att det är riktiga höjdare som kommer, dom här killarna brukar vanligtvis bara tala på TechEd och på ITForum.
- Tim Sinclair – General Manager for Management Practices – Windows Enterprise Management Division
- Tim har jobbat hos Microsoft i 14 år med det mesta, innan Microsoft så jobbade han med Airforce One's programvara (Cool kille), laser system för Texas Instrument så killen har varit med, typ
- Vladimir Joanovic - Program manager at Microsoft working in the Operations and Service management group
- Vladimir arbetar med MOM/OpsMgr 2007, System Center Essentials and "Service Desk"
- Wally Mead - Program manager at Microsoft working with SMS
- Alla som har varit på TechEd/ITForum och varit på en dragning om SMS har sett Wally Mead, han började för 14 år sedan på Microsoft i deras utbildnings team
Vad jag vet ser agendan ut så här
- 09:15-10:15 Keynote - Optimizing your Infrastructure with Microsoft System Center
- 10:30-12:00 MOM 2005 and System Center Operations Manager 2007 Technical Drilldown
- 13:00-14:30 SMS 2003 R2 and System Center Configuration Manager 2007 Technical Drilldown
- 14:45-15:45 Operations Management with System Center Products
- 16:00-17:00 System Center Essentials Overview
Själv kommer jag försöka vara med på något event den dagen, men det blir tight. Eventet är kostnadsfritt och fika (Coca-Cola) ingår, jag tror att lunch ingår också. Men du kan läsa mer på sidan där man anmäler sig.
www.microsoft.se/mmsroadshow
Mikael Nyström
MVP Windows Server - Setup/Deployment
Nu är det dags igen, det är dags för sessioner för Microsoft Partners. Var tredje fredag kommer jag (bland annat) att diskutera och demonstrera produkter och lösningar. Imorgon eftermiddag kommer det att handla om Vista och Office 2007 med fokus på funktioner för småföretag. Jag kommeLive Meetingr att visa dej dom funktioner som tilltalar små företagare bäst. Lite snack om OPK för Vista och Office 2007 blir det också.
Va med från början, läs mer här:
http://www.microsoft.com/sverige/partner/partnerlivemeetings.asp
Mvh
Mikael Nyström
MVP Windows Server - Setup/Deployment
Den här veckan kör Microsoft sitt årliga "Partner Summit" event för alla MS partners i Sverige. Det brukar alltid bli lagom småtrevligt och intressant för att senare på kvällen utvecklas till en mer nattlivs liknande fest stämmning, årets händelse hålls på SF Sergel och Konserthuset. Nyfiken? Kolla på http://www.microsoft.com/sverige/partner
Kvällstillställningen är dessvärre fullbokad men å andra sidan har jag en mycket viktig träff dagen därpå.
Swedish Small Business Server User Group har sitt första möte och det känns som om jag vill vara väl förberedd, dels blir det lite presentationer och dels blir det lite arbete det hela. Veta mera? http://www.ssbsug.se
Ha det så hörs vi...
Mikael Nyström - MVP
Virtual Server 2005 R2 SP1 BETA 2 har kommit
Dom sista bitarna börjar nu komma på plats. Det som är nytt för BETA 2 är:
AMD Virtualization Technology (AVT) compatibility
Virtual Server 2005 R2 SP1 includes support for AMD® Virtualization Technology. By default, hardware assisted virtualization is enabled if present. Support for AMD® Virtualization Technology can also be specifically enabled or disabled on a per virtual machine basis by toggling the "Enable hardware-assisted virtualization if available" option in the general properties configuration page.
Volume Shadow Service Support
Volume Shadow Service provides customers with improved support for backup and disaster recovery. Instead of scheduling downtime for backing up each virtual machine individually, customers will now be able to take snapshot backups of physical machines that will in turn take snapshots of all the virtual machines on that physical host.
Offline VHD Mounting
Offline VHD mounting now enables customers to view and manipulate the files in a VHD from the host OS. This enables administrators to easily deploy scripts and perform virus scans across VHDs without having to start each virtual machine.
Active Directory integration and management features
Virtual Server service now publishes its binding information in Active Directory as a Service Connection Point (SCP) object. System administrators can use this information to easily locate all instances of the Virtual Server service within an Active Directory forest.
I den tidigare BETA 1 så fixade man följande (som har fungerat bra)
Hardware-assisted virtualization (Intel)
Virtual Server 2005 R2 SP1 includes support for Intel® Virtualization Technology. By default, hardware assisted virtualization is enabled if present. Support for Intel® Virtualization Technology can also be specifically enabled or disabled on a per virtual machine basis by toggling the "Enable hardware-assisted virtualization if available" option in the general properties configuration page. Users should refer to their system’s documentation on how to enable Intel® Virtualization Technology.
Virtual Server host clustering step-by-step Guide
The host clustering whitepaper is now included with Virtual Server. It is installed at: ~:\Program Files\Microsoft Virtual Server\Host Clustering.
Larger default size for dynamically expanding virtual hard disks
The default size for dynamically expanding virtual hard disks has been changed from 16 GB to 127 GB.
Virtual SCSI fix for Linux guests
Some users encountered an issue when trying to install certain Linux distributions inside a virtual machine on the emulated SCSI bus. The issue occurred most often with the Linux 2.6.x kernel. This issue has been fixed in R2 SP1 Beta 1.
Mikael Nyström
MVP Windows Server - Setup/Deployment
Saxat från ett mail jag fick idag...
Hello!!
To help customers become more secure and up-to-date, Microsoft will distribute Internet Explorer 7 as a high-priority update via Automatic Updates and the Windows Update and Microsoft Update sites shortly after the final version of Internet...
Vilket alltså betyder IE 7 kommer att få en hyfsad stor spridning ganska tidigt.
För dej som har publika websidor gäller alltså att snarast kontrollera kompabilitet mellan din website och IE 7 och för er som är Admin's så gäller det att se upp så att inte IE 7 kommer ut av "misstag", det kan kännas bättre att ha en planerad utrullning av IE 7.
För att testa och verifiera kan man du INTE använda IE 7 i Vista då det inte är samma version. Versionen i Vista är IE 7+ och den versionen som kommer att finnas till Windows XP är version IE 7. Det finns ett toolkit med info om hur man testar och vad man ska testa (Readiness Toolkit for Developers, Testers & ITPros)
Det finns möjlighet att blockera via Internet Explorer 7 Blocker Toolkit Download som inte är tidsbergänsad (ännu?) och det finns en FAQ som beskriver hur det fungerar (Internet Explorer 7 Blocker Toolkit FAQ"
Vill du vara säker på att ingen utrullning görs i din miljö så ser du till att du laddar hem och konfigurerar "Blocker-kit", se till att du har en lösning för att hantera uppdateringar (WSUS, SMS2003, typ), se till att ingen är lokal administratör (lokala Admins kan ALLTID installera program, exempelvis IE7), informera användare att INTE installera IE 7 föränns du har godkänt den applikationen.
Mer info hittar du här:
Internet Explorer 7 via Automatic Updates
· Internet Explorer 7 via Automatic Updates
Internet Explorer 7
· Internet Explorer Product Site
· Internet Explorer Developer Center
Update Management Lösningar
· TechNet Update Management Center
· Comparing MBSA, MU, WSUS, and SMS 2003
· Windows Server Update Services
· Systems Management Server 2003
Mikael Nystrom
MVP Windows Server - Setup/Deployment
Jag har länge pratat om att kunna köra virtuella datorer på en SBS för att lösa problemet med att behöva ytterligare servrar utan ha möjlighet att köpa flera fysiska, vilket är lösbart.
Man kan använda lösningen för att sätta upp Terminal Servrar, ytterligare DC, RRAS eller LOB:ar. Det kan ju vara så att det finns någon gammal app som vägrar att dö och bara funkar på en NT4 (jodå, dom finns...) eller man behöver terminal server funktion för 4 säljare. Dokumentet har funnits sedan i maj, men jag har sett få diskussioner kring detta.
Installing Virtual Server 2005 R2 on Windows Small Business Server 2003 with Service Pack 1
http://go.microsoft.com/fwlink/?LinkId=33326
Mikael Nystrom
MVP Windows Server - Setup/Deployment
Microsoft har uppenbarligen bestämt sig för att vara med i kriget om virtualisering. Nu har man släppt Virtual PC 2004 SP1 för fri nedladdning och användning.
Virtual PC Is Now Free <http://go.microsoft.com/?linkid=5163431>
Whether Microsoft virtualization technology is an important component of your existing infrastructure or you're just a Virtual PC enthusiast, you can now download Virtual PC 2004 Service Pack 1 (full-version software) absolutely free. Virtual PC 2007 will be available for free in 2007, with support for Microsoft Windows Vista.
Mikael Nyström
MVP Windows Server - Setup/Deployment
Att vara bli Small Business Specialist är naturligtvis förenat med fördelar (jag kan inte se några nackdelar ännu). Man får ett ökat marknadsbidrag för olika aktiviteter, man får partnerpoäng, man hamnar på listan över partner som kan och förstår småföretagare http://www.microsoft.com/sverige/smb/partner/sbsc.mspx
Men jag "känner" på mej att det kommer att bli mycket bättre och det med något som inte är marknadstjafs utan äkta värden i form av teknisk support. Som Small Business Specialist är support bra att ha tillgång till och inte bara Small Business Server utan även andra produkter, exempelvis Office, Windows Server, Terminal Server delen och allt runt i kring. Om man kunde man få support och garanterat svar inom ett par timmar vore det ju helt underbart.
Jag har en "känsla" av det kommer att bli så ganska snart, så ni som är Small Business Specialister håll koll på Microsoft Partner Web http://www.microsoft.com/sverige/partner/sbsc.asp i mitten på juli så kanske det dyker upp något som kan handla om detta. :-)
psst. Om du inte är en Small Business Specialist och arbetar med småföretagare så borde du abslout bli det, det kostar ingenting och du får fler kunder.
Små företag är företag under 100 ifall du undrar vad små företag är.
Mikael Nyström
MVP Windows Server - Setup/Deployment
Det är dags för sommar kollo igen, under sommaren arrangerar Microsoft utbildning och seminarier för både partner och slutkunder. Vista, Office är så klart med men även andra saker, vissa sessioner är dock "Partner only"
Anmälan gör du här http://www.microsoft.com/sverige/events/sommarkollo2006/default.asp
Självklart är dessa kostnadsfria, vi syns :-)
Mikael Nyström
MVP Windows Server - Setup/Deployment
Jag skrev om SBS2003 R2 på min gamla blog men jag tror kanske inte så många av er har läst den så jag tänkte posta den här också. Håll till godo...
Small Bussiness Server 2003 R2 (RC)
Nu börjar det likna något, SBS2003 R2 har kommit som RC och verkar fungera bra än så länge.
R2:n innehåller nya funktioner och dom flesta av dessa finns redan idag som fria nedladdningar men inte alla, Det är nog ganska lätt att tro att SBS2003 R2 är i grund och botten Windows Server 2003 R2, dom bygger ju trots allt på samma OS, men så är det alltså INTE, SBS2003 R2 har inte Windows Server 2003 R2 i botten. Vissa funktioner från Windows Server 2003 R2 finns dock med i SBS2003 R2, men det är synd att dom inte går fullt ut tycker jag. Exempelvis saknar jag den nya DFS hanteringen och Printer Managment biten.
Vad ingår då i SBS2003R2?
MMC 3.0
MMC 3.0 är i huvudsak något som utvecklare blir glada över, det har nämligen blivit bra mycket enklare att tillverka egna snap-ins. men för oss IT Pro's så ger det oss iallfall ett par saker, 3.0 är stabilare än 2.0 och ifall en snap-in dyker så dyker inte hela mmc:n. MMC 3.0 kräver .NET Framework 2.0 för att fungera och vill man använda det "nya" GUI:et så måste du skapa en ny nyckel. Starta regedit och skapa nyckeln "UseNewUI" under "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\", då finns flera nya möjligheter, bland annat kan man se att det finns en "Action Pane" till höger.
MMC 3.0 finns för fri nedladdning så klart:
Microsoft Management Console 3.0 for Windows XP (KB907265)
Microsoft Management Console 3.0 for Windows Server 2003 (KB907265)
Här kan du se "Action Pane" på den högra sidan
.NET Framwork 2.0
Är efterföljaren till 1.1 och innhåller stöd för nya applikationer, stöd för ASP 2.0. Egentligen inget som gör oss lyckligare men 2.0 är ett krav för många applikationer. Ett problem som några har haft är att websiter slutar att fungera. När .NET Framwork 2.0 och ASP 2.0 ligger på så kan man på varje website välja vilken "motor" man vill ha, det går också att köra Companyweb:en på ASP 2.0, vilket ger en säkrare miljö men inga nya funktioner egentligen. Vill du kunna köra på ASP 2.0 så läs http://support.microsoft.com/kb/894903 så står det hur man gör
Här ser du vilken ASP motor som är kopplad till just den här siten
Security Updates till IE
Ja, vad ska man säga, det lär ju inte vad dom sista säkerhetsuppdateringarna iallfall :-)
Windows Server Update Services 2.0
WSUS med andra ord och det är självklart samma WSUS som du kan ladda hem själv, skillnanden är att den är förinstallerad och "ready to use". Tricket är att den laddar hem patchar för alla språk (I BETA och RC), jag har själv ändrat så att det bara blir på dom språk som finns. Vill du installera den på en Small Bussiness Server 2003 R1 så:
Step-by-Step Guide to Getting Started with Microsoft Windows Server Update Services on Windows Small Business Server 2003
Windows Server Update Services
Windows Small Business Server Update Services
Här är nyheten egentligen, det här är snyggt och stilrent. Ett skal till WSUS som gör det enkelt och drägligt att administrera. Den består av flera olika delar, konfigurations delar och vy:er. Man hittar den lätt på "Server Manager" eller i listan på vänster sida.
Här kan du se var den finns
Man ställer helt enkelt in den enligt i fyra olika nivåer för varje dator typ
High, Medium, Low eller None är olika nivåer och Client och Server är olika dator typer. Det rekomenderade läget är:
- Server Updates = Medium, Approve all security and Critical updates for installation.
- Client Updates = High, Approve all security and Critical updates and all service pack for installation.
Därefter får man sedan bestämma hurvida det ska vara autoinstall eller manuell install, hur ofta och vilken tid.
Dator typen väljs inte automatiskt, istället finns en funktion där man kopplar varje dator till en grupp liknande funktion.
Men det dom verkar mest stolta över är
"Increase productivity, lower costs, and get the “green check” of software health " Vilket är snyggt och trevligt men det lär knappast vara något för juryn bakom "Innovation of the year - Hall of fame"
Som du ser så handlar det om att slippa ta reda på om det är något som borde fixas, istället får man "Grönt Ljus" om allt är OK, vilket är bra.
SQL 2005 Workgroup Edition (Premium)
SQL 2005 WGE förljer förståss bara med i Premium och är tänkt att uppgradera SQL2000 som har några år på nacken (och kändes gammal redan när den kom). Faktum är att SQL 2005 Workgroup Edition är tänkt att ersätta SQL 2000 Workgroup Edition( Jo, jag skojar inte det fanns faktiskt en sådan version, kom ungefär när SQL2000 SP4 släpptes) men SQL 2005 WGE har inte samma begränsningar som SQL2000 WGE har, istället har den bättre kapacitet än SQL2000 STD, exempelvis hanterar den upp till 3GB RAM istället för 2 GB RAM. Dessutom finns det ju helt nya funktioner i SQL 2005, ta bara Report Server och alla färdiga rapport mallar som redan nu finns att hämta.
Det jag reagerar på är den enormt omständliga proceduren att uppgradera Sharepoint siten från SQL2000 till SQL2005, jag hoppas och tror att det ska bytas ut mot en "Wizard"
Fileserver Resource Manager
En Windows Server 2003 R2 "pryl", dom har inte gjort någon reklam för den här funktionen, tråkigt, det är dock många som vill ha den. Ok, så vad kan man göra för skoj med FSRM då?
Innan vi går in på vad man kan göra för kul med FSRM så tänkte jag bara tala om att den INTE läggs till per automatik, man måste faktiskt lägga till den alldeles själv, vilket man gör genom "Add/Remove programs" under "Managment and Monitoring Tools".
Här ser du hur man lägger till den.
Efter att man har installerat FSRM så måste man starta om servern för att alla funktioner ska fungera korrekt (Hmm, jag har läst någonstans att omstarter är något man satsar hårt på att ta bort. Dom kanske borde satsa hårdare... )
Ok, så vad kan man göra med FSRM då, jo man kan hantera DiskQuota, FileScreening och Storage Reports.
DiskQuota i FSRM skiljer sig från den vanliga DiskQuotan då den dels baseras på "Templates" och dels går att sätta på mapp nivå. Installationen påverkar inte den diskquota som redan sätts av SBS2003 server under installationen och som påverkar disken där användarna har sina hemkataloger. Men om du vill kan du manuellt byta ut den eller använda den för att sätta diskquota på andra mappar och på ett annorlunda sätt än tidigare. Framför allt så sättet att hantera allt med hjälp av mallar är smart
FileScreening gör att man med hjälp av "Templates" kan skapa filblockerings regler och jag undrar hur många som har längtat efter möjligheten att förhindra att man kan spara .mp3, .avi och liknande saker i "G:\Public\Project"
Storage Reports, Det sista är faktiskt riktigt bra, med hjälp av rapporter kan man se antal stora filer, diskquotas, duplicerade filer och mycket mer.
Licenser
Licenserna, jag det här blir ju genast lite knepigare att förklara, men vi tar det från början. Det finns två licenser inblandade, Produkt licenser och Client Access Licenser (CAL) och det är CAL:arna som är förändrade till det bättre. Det är nämligen så att i en SBS CAL så ingår självklart åtkomst mot servern, men om man köper fler Windows Server 2003 servrar så ingår även åtkomst mot dessa. Om man vill ha en extra Exchange server eller extra SQL server så är det teknikst möjligt och det enda man gör är att köper produktlicenser för serverprodukterna och sedan köper man CAL:ar till alla användare som ska använda dessa.
Det är nu ändringen kommer, om man har SBS2003R2 som server så ingår inte bara CAL:ar för ytterligare Windows Server 2003 utan också CAL:ar för Exchange 2003 och för SQL2005. Det här gör att man kan bygga "branch office" scenarion och andra lösningar, med front-end/back-end Exchange miljöer exempelvis.
Exchange 2003 SP2
Oj, Exchange 2003 SP2 det är ju ett helt kapitel för sej, men några saker som jag tycker är värda att nämna är databas storleken och Junk Email filtret(IMF), även mobility är en viktig funktion.
- Databas storleken
Kan numera bara upp till 75GB, men tänka på att du behöver utrymme ifall du ska defragmentera och tänk på att det krävs ett regedit-hack för att få till det.
- Junk Email
Förbaskat bra, om man bara använder det, men för många använder inte IMF:en av någon anledning, jag förstår inte varför, den är enkel, billig och fungerar.
IMF måste avinstalleras innan man lägger på Exchange 2003 SP2 om det är installerat.
Här kan du läsa mer om Exchange 2003 SP2
Sharepoint Services SP2
SP2:an är i huvudsak en samling patchar för att lösa diverse problem. Men det finns också några highlights faktiskt, förutom prestanda så har man lagt till följande funktioner:
- Support for reverse proxy
- Support for IP-bound virtual servers
- Support for off-box SSL termination
- Support for Microsoft SQL Server 2005
Jaha, ja det var väl allt jag kan komma på just nu...
Mikael Nyström
Senior Executive Consultant
MVP Windows Server - Setup/Deployment
Sedan en tid tillbaka har jag kört både utbildningar men även så kallade CRAM session, där man på kort tid går igenom vad som krävs på provet. Ämnet har varit Small Business Server 2003, vilket är en Microsoft produkt som är lite kul. Dels så konkurrerar den med deras övriga sidor och dels finns det två läger, dom som tycker om SBS och dom som hatar SBS. Jag tycker om SBS därför att den passar så förbaskat bra till dom svenska företagens behov., förutom dom 10 stora företag som finns i llandet och kan klassas som stora. Small Business Server är lite av en ”rennegaid” faktsikt. Jag har sett en och annan lösning och jag blir alltid lika road när jag hör kundernas förbannelse över den befintliga miljön som är stor och kostar pengar. Det finns normalt inget behov att ha fler servrar än anställda även om jag faktiskt har sett det, just den kunden blev naturligtvis förvånad när vi kastade ut 14 servrar, rackskåp, kyla, switchar och en KVM och bar ner alltihpa så att vi kunde köra det till elektronik återvinning. Kvar blev bara hans nya server som gjorde allting, helt korrekt och fungerande. Hela migreringen tog inte mer än ungefär 3 dagar.
Anledningen till att vi fick jobbet var att kunden hade ett antal förfrågningar ute på att uppgradera hans miljö från NT4/Windows 2000 till Windows Server 2003 och alla andra konsult bolag hade just lämnat in offerter på migreringar, men när jag såg anbudet och såg att dom inte var mer än 10 anställda så påpekade jag att deras kostym kanske är lite väl stor, minst sagt.
Det tog förvisso ett tag att övertyga kunden om att vår lösning var bättre än våra konkurrenter, då kostnaden inte riktigt var den samma, men efter att ha visat och förklarat blev det efter ett tag vår kund.
Tricket är att många av teknikerna på dom små konsultbolagen aldrig tar cert och det trots att dom har både kompetens och erfarenhet, men deras kunder kräver aldrig eller ens noterar ifall man är certifierad eller inte. Alltså kan man inte använda argumentet att kunder kräver det, men det finns argument och hur otroligt det än låter så är vår branch under ständig utveckling och kräver att vi tänker i nya banor och ser nya lösningar, alltså förutsätter det att vi som arbetar ständigt söker oss framåt och vill utvecklas. Genom att certiferia sej så tvingas man att läsa in saker man annars inte skulle ha gjort och att läsa och studera håller hjärnan och nyfikenheten igång, man upptäcker alltid något nytt man inte har tänkt på eller så läser man något som man inte trodde fungerande på det viset. Om jag inte hade haft kunskap om olika lösningar hade jag förmodligen inte fått affären och min konkurrent hade vetat lite mer om vad man kan göra så hade dom aldrig offererat så förbaskat korkat, dom saknade nyfikenheten att fråga.
Kanske måste man ta sig lite mer på allvar ibland, bli lite vuxen och visa sej själv och andra att man kan. Eller kan det vara så att man är mer rädd att få underkänt att det är bättre att vara ovetande, det är ju trots allt inte så kul att komma till jobbet dagen efter och förklara att det jag trodde jag kunde, kunde jag inte så bra som jag trodde. Men som min far brukar säga, -Tro, det gör man i kyrkan.
Mikael Nyström
MVP Windows Server – Setup/Deployment