Donnerstag, 30. September 2010

WSUS 3.0 Migration von Windows Server 2003 auf Windows Server 2008 R2

Auf dem alten Server
  • WSUS API Samples and Tools downloaden: http://go.microsoft.com/fwlink/?LinkId=94784
  • In den Ordner C:\Program Files\Update Services 3.0 API Samples and Tools\WsusMigrate\WsusMigrationExport wechseln
  • Ausfuehren von wsusmigrationexport.exe settings.xml
  • Die MSDE Instanz stoppen, Update Dienst stoppen
  • WSUS Verzeichnisse sichern (NTBACKUP)
Achtung: Nur Windows Server 2008 unterstuetzt das separat herunterzuladende Windows NT Restore Utility (NTBACKUP read only). Windows Server 2008 R2 unterstuetzt das nicht mehr

Auf dem neuen Server
  • WSUS 3.0 SP2 ueber den Servermanager installieren (inkl. WMDE)
  • Erstkonfigurationsassistent nicht ausfuehren
  • WSUS Dienst und MSDE Dienst stoppen
  • WSUS Verzeichnisse zurueckkopieren (inkl. WSUS DB)
  • In den Ordner C:\Program Files\Update Services 3.0 API Samples and Tools\WsusMigrate\WsusMigrationImport wechseln
  • Ausfuehren von wsusmigrationimport.exe settings.xml All None
Danach ist die alte WSUS Konfiguration inkl. aller Updates verfuegbar
Anschliessend in den GPO-Einstellungen noch den Pfad zum WSUS Server anpassen

Mittwoch, 29. September 2010

FSRM Beschränkung aufheben


Seit der Einführung von Windows Server 2003 R2 ist es möglich, sich diverse Berichte über die Auslastung eines Fileservers erstellen zu lassen. Leider wird die Freude über das schicke Feature sehr schnell getrübt, denn alle Berichte sind in ihrem Informationsgehalt recht begrenzt. Wenn man sich z.B. alle Dateien von einem bestimmten Besitzer anzeigen lassen will, dann wird mit folgendem Bericht konfrontiert:
Ressourcen-Manager für Dateiserver
Man kann sich also nur die ersten 1000 Dateien für jeden Besitzer anzeigen lassen. Wenn man sich aber für einen einzelnen Benutzer alle Dateien anzeigen lassen will, die er momentan im Besitz hat, dann ist dieses Feature eher  nutzlos. Um trotzdem an diese Informationen zu kommen, war bis jetzt der Einsatz von Skripten oder auch Drittanbietertools notwendig.
Seit Windows Server 2008 ist es möglich, diese Beschränkungen aufzuheben. Allerdings geht das nicht über die grafische Benutzeroberfläche des “Ressourcen-Managers für Dateiserver”, sondern muss aufwendig über Skripting realisiert werden. Um die Sache etwas zu vereinfachen, habe ich das Powershell Skript “set-fsrmstoragereportlimit.ps1” erstellt. Damit können die einzelnen Beschränkungen relativ einfach angepasst werden.
Skript:

##########################################
# Skript konfiguriert die Beschränkungen der FSRM Reports um.
#
# Einsetzbar ab Windows Server 2008
#
# Von
#
##########################################
$values = @{"-maxfiles"=1;"-maxfilegroups"=2;"-maxowners"=3;
"-maxfilesperfilegroup"=4;"-maxfilesperowner"=5;"-maxfilesperduplgroup"=6;
"-maxduplicategroups"=7;"-maxquotas"=8;"-maxfilescreenevents"=9;
"-maxpropertyvalues"=10;"-maxfilesperpropertyvalue"=11}

$int32 = New-Object System.Int32
$fsrm = New-Object -comObject "fsrm.fsrmReportManager"
#prüfe ob Parameter übergeben wurden
if($Args.count%2 -eq 0 -and $Args.count -gt 0)
{
$fsrm.SetReportSizeLimit($values.Item($Args[0]),$Args[1])
}
else{
parameters_alert
}
function parameters_alert(){

Write-host "Falsche Anzahl an Parametern oder ungültiger Parameter! Gültige Parameter sind:" -foregroundcolor red
$values.Keys | ForEach-Object {$_ + [char]9 + "(Erlaubter Wert: 0 bis 9223372036854775807)"}

"Beispiel: set-fsrmstoragelimit.ps1 -maxfiles 50000"
}


Beispiel für Aufruf Parameter:

"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" set-ExecutionPolicy unrestricted
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" C:\Skripts\fsrmstoragelimit.ps1 -maxfiles 1000000
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" C:\Skripts\fsrmstoragelimit.ps1 -maxfilegroups 1000
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" C:\Skripts\fsrmstoragelimit.ps1 -maxowners 1000
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" C:\Skripts\fsrmstoragelimit.ps1 -maxfilesperfilegroup 1000000
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" C:\Skripts\fsrmstoragelimit.ps1 -maxfilesperowner 1000000
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" C:\Skripts\fsrmstoragelimit.ps1 -maxfilesperduplgroup 1000000
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" C:\Skripts\fsrmstoragelimit.ps1 -maxduplicategroups 1000000
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" C:\Skripts\fsrmstoragelimit.ps1 -maxquotas 100000
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" C:\Skripts\fsrmstoragelimit.ps1 -maxfilescreenevents 100000
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" C:\Skripts\fsrmstoragelimit.ps1 -maxpropertyvalues 1000
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" C:\Skripts\fsrmstoragelimit.ps1 -maxfilesperpropertyvalue 1000
CD..


Die Standardwerte für die einzelnen Werte sind:
ParameterStandardwert
MaxDuplicateGroups100
MaxFiles1000
MaxFileGroups10
MaxFileScreenEvents1000
MaxFilesPerDuplGroup10
MaxFilesPerFileGroup100
MaxFilesPerOwner100
MaxFilesPerPropertyValue100
MaxOwners10
MaxPropertyValues10
MaxQuotas1000
Hinweis: Das Skript funktioniert nur unter Windows Server 2008 und kann nicht unter Windows Server 2003 R2 eingesetzt werden. Bei Windows Server 2003 R2 sind die Werte der Speicherberichte statisch hinterlegt!

Dienstag, 28. September 2010

Transparent Hyper-V VLANs now supported with HP NIC Teams


...hier ein weiterer Artikel zu Thema Hyper-V mit Teaming und Vlans bei HP Server.
Using VLANs in Hyper-V virtual machines has always been a bit messy with HP’s teaming sofware, aka HP Network Configuration Utility for Windows Server 2008 R2. Until now a lot of steps had to be taken:
  1. Prepare trunk/channel between Hyper-V host and core network switch(es) and add all possible VLANs
  2. Create NIC Team with HP NCU
  3. Create VLAN’s on the NIC Team
  4. In Network Connections additional NICs are created which each represent one VLAN.
  5. Create a Hyper-V Virtual Network connected to an external network adapter representing a specific VLAN and remove tick in front of Allow management operating system to share this network adapter because we don’t want to see even more NIC’s under Network Connections.
  6. Add VLAN id to virtual network adapter in Virtual Machine, start the machine and add an IP address to the virtual network adapter that belongs to that VLAN.
Step 2
image
Step 3
image
A NIC Team with VLANs is recognized by a V in front of the team name.
image[23]
Step 4
image
Step 5
image
Step 6
image
Recently HP upgraded NCU to version 10.10.0.0 (9 Sep 2010). Appart from additional support for a new Converged Network Adapter (CNA), one of the notable improvements is that it now formally supports VLANs created in Hyper-V Virtual Machines.
image 
image
The help file that goes with the new NCU version states that a new VLAN Promiscuousproperty allows a team to pass VLAN tagged packets between virtual machine and external networks only when there is no VLAN created on that team in the Host operating system. If a team is assigned to a virtual machine, the NCU disables the VLAN button to prevent VLANs from being created on the team in the host operating system. This property is available only on Windows 2008 x64/R2 and only when the Hyper-V role is installed.
VLAN Promiscuous is disabled by default.
If the VLAN Promiscuous property and the VLAN button on the NCU GUI are mutually exclusive. If one is selected or configured, the other is hidden or disabled.
If Hyper-V is installed and VLANs are created on the team in the host operating system, the NCU either hides the VLAN Promiscuous property or disables it.
If we interpret correctly a NIC Team is now transparent for VLAN tags. It now allows us to use more than 64 VLANs when the Virtual Connect is switched into tunneling mode. The only thing to do is create a team from multiple network ports in a ProLiant server, use the teamed NIC as an external adapter for a Hyper-V virtual network and add a VLAN tag to the virtual network adapter in a virtual machine.
As soon as I have been able to test this setup, I will write an extra piece to this blog. After all, the proof is in the pudding!

Terminal Server Printer Redirection Wizard Tool

Geniales Toll um Druckertreiber am TS 2003 durch andere Treiber zu ersetzen !
Geht das Eventlog durch und fragt bei jedem Drucker den er nicht mappen konnte durch was er ihn ersetzen soll.


Link:
http://www.microsoft.com/downloads/en/details.aspx?familyid=9AD27BE9-40DB-484F-862E-38A094EEEAF7&displaylang=en <http://www.microsoft.com/downloads/en/details.aspx?familyid=9AD27BE9-40DB-484F-862E-38A094EEEAF7&displaylang=en>


Danke Martin!

Samstag, 25. September 2010

SBS 2008 Systemstate Backup




The normal backup that SBS 2008 creates contains all the necessary information to restore the entire server. The normal SBS backup includes the system state data. You may wish to create a system state backup of the machine before you make critical changes to the machine or active directory. The ability to take just a system state backup is not exposed in the GUI interface of backup. If you wish to take just a system state backup you must use the wbadmin.exe utility. WBadmin.exe is a command line utility. You must first open a command prompt as administrator.
The command to start a system state backup is:
Wbadmin start systemstatebackup –backuptarget:F:
Where F: is the drive where you wish to store the system state backup.
The target volume for a system state backup cannot be a source volume by default. A source volume is any volume that has a file that is included in the backup. To change that behavior, you can add the AllowSSBToAnyVolume registry entry to the server. However, there are known issues with storing a system state backup on a source volume:
  • Backups can fail. The backup can be modified during the backup process, which might cause the backup to fail.
  • It causes an inefficient use of target space. Twice the amount of space is necessary for a backup than for the original data. The volume must allocate twice the amount of space for the shadow copy process.
The path for adding the new registry entry is as follows:
HKLM\SYSTEM\CurrentControlSet\Services\wbengine\SystemStateBackup\AllowSSBToAnyVolume Type: DWORD Value: 1
A value of 0 prevents the storing of system state backup on a source volume. A value of 1 allows the storing of system state backup on a source volume.
The backup process will create a directory on the target drive named WindowsImageBackup. This directory will contain the system state backup of the server. The system state backup of an SBS 2008 server is considerably larger than the same backup on an SBS 2003 server. The average system state backup size is around 11GB.
If you wish to restore a system state backup, you must first reboot the server into Directory Services Restore Mode (DSRM). Once in DSRM, you would open a command prompt with administrator rights and use the following commands to start the restore.
We must first determine the version of the backup that you wish to restore.
The command WBADMIN GET VERSIONS will display all the backups on the machine and the version identifier.
The output will look similar to this:
Backup time: 10/7/2008 3:33 PM
Backup target: Fixed Disk labeled D:
Version identifier: 10/07/2008-20:33
Can Recover: Application(s), System State
This backup job was completed on 10/7/2008 at 3:33pm and was saved to drive D:. The backup job has the ability to restore the system state and is version identifier 10/07/2008-20:33
Once we have located the version identifier, we can initiate the restore by using the following command:
WBADMIN START SYSTEMSTATERECOVERY -version:
Where version id is the version identifier you obtained with the Get Versions command.
For our example the command would be:
WBADMIN START SYSTEMSTATERECOVERY -version: 10/07/2008-20:33
WBADMIN will restore the system state information back to the data from the backup. Once the restore process is complete, you will have to reboot the machine into normal mode to complete the restore.

Freitag, 24. September 2010

IPv6 wirklich deaktivieren bei Server 2008 und 2008R2

Wenn du IPv6 wirklich deaktiviert haben möchtest, dann schrieb dir ein Reg File mit folgendem Inhalt und führ es auf dem Server aus.

REGEDIT4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters]
"DisabledComponents"=dword:ffffffff

Nach dem nächsten Boot ist IPv6 deaktiviert. Nur der Hacken in den Einstellungen hilft nicht bei Server 2008 und aufwärts.

SBS 2008 Restore to alternate Hardware

SBS 2008 Restore to ML 110 G5

Following on from an earlier blog post where I had tested the restore of my SBS 2008 to alternate hardware, on Saturday I restored my SBS 2008 server to an ML 110 G5. Here’s the process I’ve used to transfer SBS 2008 from an ML110 G4 to an ML110 G5.
  1. Ensure that backups have been running fine for the past few days.  I did this by going into the SBS 2008 console and selecting the Backup & Shared Folders tab and then select “Restore a backup”.  Here you will see the list of all the backups for this server.  I reviewed the last few backups and decided all was good.
  2. I disconnected the SBS 2008/ML110 G4 server from the network and then used the SBS 2008 console to perform a “Backup Now” operation. This ensures that I have everything I need before I start.
  3. Once the backup was complete, I left the old server running so I could easily see anything I needed to in event of emergency.  
  4. I setup the ML 110 G5 on the bench with no network connection.
  5. I inserted the SBS 2008 DVD into the DVD drive and booted up without the USB backup drive connected.
  6. Select the correct Language and Country options and Next
  7. Select “Repair Your Computer”
  8. Connected my USB backup drive to the server
  9. Select “Complete PC Restore” and it scanned the USB Hard Drive for the backup images.  It found the most recent backup and displayed it as 2:29pm on 20th November when in fact I had backed it up at 9:29AM on 21st November.  Thats ok – it also displayed the timezone information which allowed me to see that this was the right backup.  I selected that backup and Next.
  10. SBS 2008 doesn’t have the RAID controller drivers for the ML 110 G5 inbuilt so I had to use the Add Drivers button to add the drivers.  I had to however plug in the USB stick with the RAID drivers on them first which I did.  I selected the right drivers and hit Next.
  11. I ticked the box to confirm that I wanted to erase the drives and proceed with the restore. It’s 9:50am now and the restore is proceeding… time to wait.
  12. 12:20pm – just on 2.5 hours since the restore started, it’s finished and rebooting.  Remove the USB devices while it’s rebooting and take out the SBS 2008 DVD or it might try to boot from that again.
  13. I connected a loopback adapter to the servers NIC so that it had a network interface to bind too.
  14. Logged in to the server and it starts to ask for drivers… I’ve elected to say “Ask me later” as I want to install all the drivers myself first up and then go from there.
  15. I copied the folder I prepared earlier with all the drivers downloaded from the HP website to the desktop of the ML110 G5.  I then set about installing them all beginning with the ML110 G5 Chipset drivers first, RAID Drivers second, and then the Network Card and Video drivers.
  16. I connected the network cable to the server and then opened the SBS 2008 Console and ran the “Connect to the Internet” wizard and used it to confirm and fix my servers IP address as it was before.
  17. Reboot and check the servers event logs – all looks great. Test everything and connect a new backup drive and we’re done.
  18. Total time around 3 hours or so.  Not bad using the inbuilt tools that come with SBS 2008.

SBS 2008 Backup und Restore




SBS 2008 leverages Windows 2008 backup technology.  SBS also includes a wizard to configure scheduled backups. It also provides a centralized location to monitor the status of past backups and other related configurations.
SBS 2008 can backup:
  • Files and folders
  • System State
  • Exchange
  • WSS (SharePoint)
  • SQL 2005 Instances
  • MSDE Instances
With the new SBS 2008 backup solution, the concept of full vs. incremental is very different from what you are used to with previous versions of NTBackup.  With SBS 2008 every backup is incremental from a storage point of view, but full from a restore point of view.  Basically backup stores the changed blocks on the source, and maintains a meta data on which blocks changed per version. On the recovery side you can always recover the full version. The recovery logic looks at the meta data, picks up the correct blocks based on the version and adds them up. This same principle works for Exchange. The exchange recovery logic knows which files it needs to recover for the exchange databases. Then based on the version it picks up the specific blocks from backup drive, adds them up and restores it on the system.
Let’s see a quick simplified example to explain how it works, for this example assume a file on a volume is made up of 4 blocks ABCD:
  1. So first backup all 4 blocks will be moved to destination
        ABCD (Source) ---> ABCD (Destination)
  2. In the next backup cycle let’s say the block A changed to A'. So this time the file is A'BCD.  Therefore only A' will be moved to the destination like this, and the block A will be saved in a separate location
        A' (Source) ---->  A'BCD (Destination)
                                   A (+ Meta data for version info)
  3. In the next backup let’s say again A' changed to A'', so the file is now A''BCD
        A'' (Source)  ----> A''BCD (Destination)
                                    A' (+Metadata)
                                    A (+Metadata)
So on the backup disk, the full version is always the most recent version (for performance reasons), while previous versions are moved out to another location with meta data to link it to the backup version. The above example works the same for multiple disk rotation. It will only transfer the blocks since the last rotation.  Now let’s say you wanted to restore to a particular backup version. So the backup logic will go through the steps described above in reverse order, and restore the specific blocks associated with the particular file and version.

Backup Wizard

image
Click "Next" at the Getting started page.
Select the drive you wish to backup to.  You can back up your data to any external storage drive that supports USB 2.0 or IEEE 1394. Drives of this type offer large storage capacities and the speed that is necessary to efficiently back up your data.  To backup to an internal hard drive check the "Show all valid internal and external backup destinations" checkbox.  Please note that the wizard will only display drives that do not contain system files. 
You can use multiple external storage drives for backups, and you can rotate the drives between onsite and offsite storage locations. This can improve your disaster preparedness planning by helping you recover your data if physical damage occurs to the hardware onsite.
When choosing an external storage drive for your server backup, consider the following when configuring the SBS Backup:
  • Choose a drive that contains sufficient space to store your data. Your external storage drives should contain at least 2.5 times the storage capacity of the data that you want to back up.
  • When reusing an external storage drive, make sure that the drive is empty or contains only data that you do not need.
  • The backup destination drive must be larger than the partition(s) that you want to back up (including freespace).  [I.E. if you want to back up a 200 GB partition that contains 70 GB of data, the backup destination must be larger than 200GB.]
NOTE: The Configure Server Backup Wizard formats the storage drives when it configures them for backup.
image
Enter a meaningful disk label. 
image
Select the drives you would like to backup.  You should back up the system drive (typically, drive C).  You will not be able to exclude your system drive from backup.  You should also back up any drives that contain business information such as:
  • Exchange Server data
  • Windows SharePoint Services data
  • SQL Server databases that support your line-of-business applications
  • Redirected user's My Documents folders
  • User's shared data folders
NOTE: You can only back up data from a local drive that is formatted as an NTFS file system. Drives formatted as FAT (including FAT32) file systems do not appear in the list of drives to back up.
image
You should protect your computer that is running Windows SBS 2008 and its data automatically by scheduling daily backups. It is recommended that you maintain a daily backup plan because most organizations cannot afford to lose the data that has been created over several days.
When you use the Configure Server Backup Wizard that is included with Windows SBS 2008, you can choose to back up server data at multiple times during the day. Because the wizard schedules differential-based backups, Backup runs quickly, and server performance is not significantly impacted. By default, Configure Server Backup schedules a backup to run daily at 5:00 P.M. and 11:00 P.M. However, you can adjust the backup schedule according to the needs of your organization. You should occasionally evaluate the effectiveness of your backup plan, and change the plan as necessary.
It is also recommended that you store your external storage drives offsite and regularly rotate them to protect your data if there is a natural disaster.
image
Once you click "Configure" on the summary page you will be presented the following warning:
image
You must accept this warning to continue.  Please be sure that there is no important data on your target drive, as you will LOSE it.

Backup Now

Once you have completed the "Configure Server Backup" wizard backups will be taken on the schedule you specified.  You can also manually launch a backup by right-clicking the server name and choosing "Backup now".
image

Changing Your Backup Configuration

Once you have completed the "Configure Server Backup" wizard you can change the backup options using the Tasks section of the console.
image
From here you can change:
  • Add or remove backup items
    • Change what is backed up.
  • Add or remove backup destinations
    • Add or remove drives to be used for backup.
  • Change backup schedule
    • Change when backups are taken.
  • View backup history
    • See if past backup attempts were successful.
  • Backup now
    • Immediately takes a backup
  • Pause backup schedule
    • Prevents new backups from being taken.  NOTE: You must click "Resume backup schedule" for future backups to be created.
  • Disable backup
    • Deletes your existing backup configuration. NOTE: You must rerun the "Configure Server Backup" wizard in order to take future SBS backups.
Here is an example of my backup history.  The reason that you see so many failed backups is because I lent my USB hard drive to a co-worker for some testing.
image
Only the most recent entry will have the complete reason for the failure, previous entries will just have a failure, you must reference the Windows Backup event log for more information.  To find the backup event log open Event Viewer and expand Application and Services Logs > Microsoft > Windows > Backup > Operational as seen below:
image



Manually Adding Ubiquiti Unifi Access Point or Switch to Unifi Contoller

This is the process to add a new Unifi AP or Switch to the Unifi controller when discovery doesn’t work.  In our case, we have a central Uni...