## Keeping Track of the Shadow … copies

I have 2008R2 and 2012 servers that has been in production for quite some time, running smoothly – I have never paid attention to VSS.

Various volumes with Shares are setup to capture shadows copies – every hours every day. The storage area is set to unlimited (300GB). VSS captures shadow copies accordingly as per schedule.

The problem I’m having is that the Shadow Copies are not growing to use all of the ‘Maximum Shadow Copy Storage space’. The ‘Used Shadow Copy Storage space’ is at 10.962GB – I’ve seen it go a bit higher, but never over 12GB. As a result, I’m not capturing as many prior versions of the volume as I would like.

There are no errors in the System log. Running ‘vssadmin list shadowstorage’ confirms that max size is 27GB. Running ‘vssadmin list writers’ shows all states as ‘stable’ and no errors. Running ‘vssadmin list providers’ shows there is only one provider (Microsoft Software Shadow Copy Provider, version 1.0.0.7).

Anyhow, I wanted to keep an eye on the shadow copies so I created this dirty script

#variables
$ComputerName = hostname #preflight if ($args.Length -eq 0)
{
write-host &quot;Usage = report-vss.ps1 driveletter:&quot;
exit
}
else
{
$driveletter =$args[0]
$trimmedletter =$driveletter.TrimEnd(&quot;:&quot;)

write-host &quot;Reporting for $driveletter drive on$ComputerName...&quot;
}

#use vssadmin to list the date time and count them
$logfilename = &quot;.\report-vss-$ComputerName-$trimmedletter.log&quot; #vssreports must exists!$message = &quot;VSS info for $driveletter volume on$ComputerName&quot;
echo $message &gt;$logfilename
vssadmin list shadows /for=$driveletter | Select-String contained &gt;&gt;$logfilename
$vsscount = (vssadmin list shadows /for=$driveletter | Select-String contained).count
echo &quot;There are $vsscount shadows for this volume&quot; &gt;&gt;$logfilename

vssadmin list shadowstorage /for=$driveletter &gt;&gt;$logfilename

#use powershell to send an email.
$title = "$message wiht $vsscount shadows"$stringBuilder = New-Object System.Text.StringBuilder
$body = Get-Content -Path$logfilename -Raw
$null =$stringBuilder.Append($body) send-mailmessage -from "powershell@x.ca" -to "y@x.ca" -subject$message -body $stringBuilder.ToString() -priority High -dno onSuccess, onFailure -smtpServer EMAIL.ca #do some clean up rm$logfilename

I then call this from a batch script and use ps-remotesession to get the information on various server volumes.

#remotehost A
$s = New-PSSession -computerName A Invoke-Command -Session$s -filepath &quot;\\gaia\it\Scripts\files\report-vss.ps1&quot; -ArgumentList &quot;f:&quot;
Invoke-Command -Session $s -filepath &quot;\\gaia\it\Scripts\files\report-vss.ps1&quot; -ArgumentList &quot;l:&quot; Remove-PSSession$s

#remotehost B
$s = New-PSSession -computerName B Invoke-Command -Session$s -filepath &quot;\\gaia\it\Scripts\files\report-vss.ps1&quot; -ArgumentList &quot;f:&quot;
Invoke-Command -Session $s -filepath &quot;\\gaia\it\Scripts\files\report-vss.ps1&quot; -ArgumentList &quot;l:&quot; Remove-PSSession$s



I am now thinking, is there anything in WMI do get those metrics?

Yes there is! Let me know dig this out and come back with some other ideas.

http://msdn.microsoft.com/en-us/library/aa394428%28v=vs.85%29.aspx

## Bypassing Java Expired Certificate check – Brocade Switches

Somehow with the latest version of JRE, working with brocade switches (older and newer !!) due to the expired certificate the JavaGUI will not launch and tell you “Application Blocked for security  Failed to validate certificate. The application will not be executed” not allowing you to bypass it.

> .\java.exe -version
java version “1.7.0_71”
Java(TM) SE Runtime Environment (build 1.7.0_71-b14)
Java HotSpot(TM) Client VM (build 24.71-b01, mixed mode, sharing)

My experience shows that it will not work even by adding the devices you are working with in the exception list.

I had success by change the jdk.certpath.disabledAlgorithms located in \Java\jre7\lib\security\java.security from

jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024

to

jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 256

Then only I was able to by allowed to bypass that certificate error.

## Enable Powershell Remoting via Group Policy

While one can run the command below to enable PS remoting, it is good to standardize this by using a GPO on your servers.

>Enable-PSRemoting

I am assuming that you will want to work with windows 7 and up along with windows server 2008R2 and up as there is a great deal of requirements around .net and powershell 2 and up.

You will need a GPO that contains 3 things (which are what enable-psremoting does:

1. The enablement of WinRM
2. The firewall exception
3. The winRM service

Enabling WinRM
Policies > Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM Service
Enable “Allow Remote Server management through WinRM” (win2012 up) or “Allow automatic configuration of listeners” (win2008-)
Set the IPv4 and IPv6 filters to * unless you need something specific there

Punching holes in the firewall
Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Windows Firewall… > Inbound Rules
Add a new rule and choose the “Windows Remote Management” pre-defined rule.

Configure the WinRM service
Policies > Windows Settings > Security Settings > System Services
Select the Windows Remote Management (WS-Management) service and set it for automatic startup.