Copy windows features from a server to another

Sometimes you want to create the (almost) same server where you do not yet Chef or CF or some sort of DSC. The best resort is to use what you have: get-windowsfeature

Imagine you want to configure Server B from Server A and obviously those are microsoft windows servers…

#On server A
#export features
> Get-WindowsFeature | ? { $_.Installed -AND $_.SubFeatures.Count -eq 0 } | Export-Clixml .\serverA.xml
#copy the feature file over
> cp .\serverA.xml ‘\\serverB\c$\Files’

#On server B
PS C:\Files> ls
Directory: C:\Files
Mode LastWriteTime Length Name
—- ————- —— —-
-a—- 6/8/2017 4:15 PM 510824 ServerA.xml
PS C:\Files> Import-Module Servermanager
PS C:\Files> Import-Clixml .\ServerA.xml | Add-WindowsFeature
Success Restart Needed Exit Code Feature Result
——- ————– ——— ————–
True Yes SuccessRest… {Application Server, .NET Framework 4.5, W…
WARNING: You must restart this server to finish the installation process.

Voila, another posh timesaver.

Advertisements

Nutanix AOS 5.1 & Companions are now GA

For the second time this year, Nutanix has released a major feature upgrade to AOS and companion software. Now available, is AOS 5.1! Top of the list of new features is vSphere 6.5 support for NX platforms (Nutanix branded gear). vSphere 6.5 support for OEM platforms is coming soon. But that’s not the only new feature. Here’s a rundown of some (not all) of the new features:

  • 1-click controller VM (CVM) memory upgrade
  • XenServer support on NX-1065-G5, NX-3060-G5, NX-3175-G5 (optionally with NVIDIA M60)
  • All-flash clusters now support adding hybrid nodes (e.g. cold storage only nodes). Minimum 2 AF nodes.
  • Automatic “admin” account password sync across all CVMs, Prism Web console, and SSH interfaces.
  • Docker container management through self-service portal.
  • Prism 1-click feature to install Docker host VM
  • Post-process compression is enabled by default on all new containers with Pro and Ultimate licenses
  • 1-click centralized upgrades from Prism Central
  • 1-click Prism central cluster registration and Prism Central Deployment
  • Pulse (telemetry) enabled for Prism Central
  • Auto-resolved alerts
  • User defined alerts
  • Graphics and compute mode for NVIDIA M60 GPU
  • CHAP authentication for Acropolis Block Services
  • Hot-plug CPU and memory on AHV VMs
  • Metro availability and synchronous replication supported across hardware vendors (NX, Dell, Lenovo). Async support continues.
  • VirtIO drivers updated to v1.1
  • Dynamically increase EC-X strip size as cluster is expanded
  • Much improved storage efficiency reporting in Prism (compression, dedupe, EC-X, etc.)
  • Disk rebuild time estimation
  • AFS supports Mac OS v10.10, v10.11, v10.12
  • Acropolis Block Service enhanced OS support (Solaris 11, RHEL 6, 7, 6.8)

Tech Preview Features include:

  • Software only support for UCS B-series blades
  • GPU pass-through for AHV guest VMs
  • Support 3rd-party network function VMs (e.g. load balancer, firewall, etc.) routed through Open vSwitch (OVS).

Companion Software Updates

  • Prism Central 5.1
  • Acropolis File Services (AFS) 2.1
  • Acropolis Container Services (ACS) 1.0
  • Foundation 3.7.2

Helpful Links

As of 5/1/2017, AOS 5.1 has not been enabled for automatic download and 1-click upgrades. As always, if you don’t want to wait for the automatic download switch to be flipped (in the near future), you can grab the AOS binary from the support portal and use our 1-click upgrade process. As always, thoroughly read the full release notes on the support portal before attempting an upgrade.

Exchange Message Tracking Statistics for Zabbix

I surely missing something but somehow I could not find a way to easily retrieve statistics of Sent and Received messages from Exchange 2013 (SP1 with DAG). I first looked into the performance counters but I could not make sense of all of the MSExchangeTransport – or too lazy to research them up.

typeperf -qx | findstr /ic:MSExchangeTransport

And usually if I am tracking some email flooding or prior to investigating the queues, I go use the get-messagetrackinglog. And so I create a short script to gather the list of the last X minutes of messages, count them, make them available and them to zabbix using zabbix_sender.

So it goes like this:


#import snapin
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010

#list of transport servers
$hts = "EchangeTransport1","EchangeTransport2"
#start one Hour ago from now
$start = (get-date).AddMinutes(-30)
$end = (get-date)
#get all logs
$logs = $hts |% {get-messagetrackinglog -start $start -end $end -server $_ -resultsize unlimited}
#clear stats
$stats = ""| select sent,received
#count Deliver and Send
$logs |% {
if ($_.eventid -eq "Deliver"){[int]$stats.received += 1}
if ($_.eventid -eq "Send"){[int]$stats.sent+= 1}
}
#Display results for debug and info, comment or remove if not needed
$stats | ft -auto > LastCount.log
get-date >> LastCount.log

#cannot run the above using zabbix/system account on exchange
#use zabbix_sender
C:\zabbix\bin\win64\zabbix_sender.exe -z zabbixIP  -s $hts -k Stats.RxMessageCount -o $stats.received
C:\zabbix\bin\win64\zabbix_sender.exe -z zabbixIP -s $hts -k Stats.TxMessageCount -o $stats.sent

It is short and easy but that there some things to do in Zabbix and it can store the sent values, as per above Stats.RxMessageCount and Stats.TxMessageCount.

I went into Zabbix>Configuration>Templates to edit the template I had created to keep all of the Exchange things I monitor. Select the item screen and clicked that “Create Item” button.

msg1

Then the most important is the Type which must be Zabbix Trapper, the rest is up to you.I also chosen a “Unit” and created a new application “Exchange 2013 Statistics”.

msg2

Once the item is create, do the same for the other value. Altogether you’ll end up with 2 new items under the template.

Provided this template is assigned to your exchange host you are running the above script from, the values will be fed to Zabbix accordingly.

I actually set up a scheduled task that matches the timing and now I have some trending of the Sent and Received messages as per the Message Tracking Logs – Yeah it includes the HealthMonitor traffic, I know.

Additionally and once you have a baseline, you can also create a trigger based on the value received.

SCCM2012 (R2) new application creation fails

I had recently migrated my DBs from one volume to another volume due to space concerns, all was successful and life was good 🙂

However the other day, I wanted to create a new application and got the following “unknown” error.

The SMS Provider reported an error connecting to the ConfigMgr site database server. Verify that the SQL Server is online and that ConfigMgr site server computer account is an administrator on the ConfigMgr site database server.

SmsAdminUI.log would something unknown as well.

Description = “CSspConfigurationItem: SQL_ERROR”;
File = “e:\\qfe\\nts\\sms\\siteserver\\sdk_provider\\smsprov\\sspconfigurationitem.cpp”;
SQLMessage = “*** Unknown SQL Error!”;

Scratched my head a few times and started DDGing as the error was pretty self explanatory and found the following KB/Blog entry.

Basically, after such a DB files location move the SQL TRUSTWORTHY setting gets reset and the dbowner may change.

I hope on the MSSQL and executed the following queries to save the day – well only the creation of new packages.

ALTER DATABASE CM_CIE SET TRUSTWORTHY ON;
EXEC sp_changedbowner ‘sa’;

Then tried to create a new application and voilà…

Uninstall GP2010 and installation of GP2015

This document describes how to uninstall GP2010 and installation of GP2015.

Prerequisite: local admin rights to uninstall and install software on the machine

  1. Uninstall GP2010 following components
    1. GP2010, Mekorma MICR 2010, Integration Manager for Microsoft Dynamics GP 2010, Dexterity Shared Components 11.0 (64-bit)
    2. Remove the following folders
      1. C:\Program Files (x86)\Microsoft Dynamics\GP2010
      2. C:\Program Files (x86)\Common Files\microsoft shared\Dexterity
  2. Restart the computer
  3. Install GP2015 (includes dexterity 14) as usual.

Uninstall using WMIC

note that Mekorma not playing nice with wmic or msiexec – must uninstall manually.

wmic call Msiexec GUID
product where name=”Microsoft Dynamics GP 2010″ call uninstall /nointeractive {DC90A0A6-2D90-493E-8D13-D54AD123B9FD}
product where name=”Integration Manager for Microsoft Dynamics GP 2010″ call uninstall /nointeractive {FAFD8B80-E75F-4557-85F3-67B8D7A14E8F}
product where name=”Dexterity Shared Components 11.0 (64-bit)” call uninstall /nointeractive {F5459EB2-A662-4EB3-AD94-E771DC2F542A}
product where name=”Mekorma MICR 2010″ call uninstall /nointeractive {A45282DB-59DC-4A5D-9E1F-08A225D81A44}
To run on several nodes at the same time:
wmic:root\cli>/failfast:on /node:@”c:\temp\trainingwks.txt” product where name=”Microsoft Dynamics GP 2010″ call uninstall /nointeractive

Managing Certificates using Powershell

Because of my recent work with ADFS I was looking for a way to automate most of the certificate configuration by scripts. The usual run-books I write would usually include the use of the mmc and a bunch of screenshot to accompany them.

The answer is that powershell management for Certificates is there and here are some examples:

 

#Powershell exposes certs under cert:\
PS C:\> Get-PSDrive
Name Used (GB) Free (GB) Provider Root CurrentLocation
—- ——— ——— ——– —- —————
A FileSystem A:\
Alias Alias
C 14.37 45.29 FileSystem C:\
Cert Certificate \
D FileSystem D:\
Env Environment
Function Function
HKCU Registry HKEY_CURRENT_USER
HKLM Registry HKEY_LOCAL_MACHINE
Variable Variable
WSMan WSMan
PS C:\> cd cert:
PS Cert:\> dir localmachine
Name : TrustedPublisher
Name : ClientAuthIssuer
Name : Remote Desktop
Name : Root
Name : TrustedDevices
Name : CA
Name : REQUEST
Name : AuthRoot
Name : TrustedPeople
Name : My
Name : SmartCardRoot
Name : Trust
Name : Disallowed
Name : AdfsTrustedDevices

#Browsing through the stores is pretty intuitive
PS Cert:\> dir Cert:\LocalMachine\My
Directory: Microsoft.PowerShell.Security\Certificate::LocalMachine\My
Thumbprint Subject
———- ——-
E31234DEF282437D167A64FD812342B650C20B42 CN=XXXXa
8912343319B07131C8FD1234E250DC67CBE08D7A CN=XXXX
69AD2C21912340919D186503631234A6F0BE9F7F CN=*.xxx.ca,XXX..

#Exporting a cert is something a little less intuitive
PS Cert:\> $ExportCert = dir Cert:\LocalMachine\Root | where {$_.Thumbprint -eq “892F212349B07131C12347F8E250DC67CBE08D7
A”}
PS Cert:\> $ExportCryp = [System.Security.Cryptography.X509Certificates.X509ContentType]::pfx
PS Cert:\> $ExportKey = ‘pww$@’
PS Cert:\> $ExportPFX = $ExportCert.Export($ExportCryp, $ExportKey)
PS Cert:\> [system.IO.file]::WriteAllBytes(“D:\Temp\CertToExportPFXFile.PFX”, $ExportPFX)

#same mess for importing
# Define The Cert File To Import
$CertFileToImport = “D:\Temp\CertToImportPFXFile.PFX”
# Define The Password That Protects The Private Key
$PrivateKeyPassword = ‘Pa$$w0rd’
# Target The Cert That Needs To Be Imported
$CertToImport = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $CertFileToImport,$PrivateKeyPassword
# Define The Scope And Certificate Store Within That Scope To Import The Certificate Into
# Available Cert Store Scopes are “LocalMachine” or “CurrentUser”
$CertStoreScope = “LocalMachine”
# For Available Cert Store Names See Figure 5 (Depends On Cert Store Scope)
$CertStoreName = “My”
$CertStore = New-Object System.Security.Cryptography.X509Certificates.X509Store $CertStoreName, $CertStoreScope
# Import The Targeted Certificate Into The Specified Cert Store Name Of The Specified Cert Store Scope
$CertStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
$CertStore.Add($CertToImport)
$CertStore.Close()

For import/export, I’d recommend using code from here: http://poshcode.org/?lang=&q=import%2Bcertificate

 

ADFS Proxy Trust certificate on WAP doesn’t auto renew

Once upon a time, the web application proxy for ADFS proxy started throwing error.

The Remote Access Management console could not do much complaining with an error code “the operation stopped due to an unknown general error” as always really helpful message.

Looking at the logs, the WAP was also complaining about establishing its trust with the ADFS server.

Fairly enough the ADFS proxy was also complaining about the trust saying that the proxy trust certificate had expired.

Back to the WAP and surely enough it was. However from the GUI I could not find any way to recreate the trust and had to use my DuckDuckGo powers.

So I found that the wizard had to be tricked for reinitialization prior to doing anything as in http://channel9.msdn.com/Events/MEC/2014/USX305

HKLM\Software\Microsoft\ADFS\ProxyConfigurationStatus

We need to set the ProxyConfigurationStatus REG_DWORD to a value of 1 (meaning “not configured”) instead of 2 (“configured”). Once that change is made, re-open the GUI. No reboot is required.

The Remote Access Manager should now allow you to re-run the configuration wizard.

I still don’t know why it would not renew, but given that the certification of the trust goes by every 2 weeks I will seen pretty soon.

How to extend a volume on an IBM DS3400

I inherited an old array that seems easy to manage using Storage Mangement Suite called IBM DS Storage Manager.

I had to extend one of the volumes hosted on that box. So I started up the management GUI, found the box, the correct array, and volume (“Logical drive”), and expected to just right click and add capacity.

I could add disks hence capacity to the array using the GUI but could not find anything about extending the volume.

I had to use my favorite search engine – duckduckgo– and found out that this operation can only be performed from the Shell. Which is actually a special shell utility.

PS C:\Program Files (x86)\IBM_DS\client> .\SMcli.exe 172.17.1.114 -p $#$#@$password
Please type desired command.

show logicaldrive[“COMPANY-FS2-F”]
;
VOLUME DETAILS

STANDARD LOGICAL DRIVES——————————

Logical Drive name: COMPANY-FS2-F

Logical Drive status: Optimal

Capacity: 557.793 GB
Logical Drive ID: 60:0a:0b:80:00:75:26:3d:00:00:01:c7:4d:9e:d3:d0
Subsystem ID (SSID): 0
Associated array: RAID5_ARRAY1
RAID level: 5

Drive type: Serial Attached SCSI (SAS)
Enclosure loss protection: No

Preferred owner: Controller in slot A
Current owner: Controller in slot A
Segment size: 128 KB
Capacity reserved for future segment size changes: Yes
Maximum future segment size: 2,048 KB
Modification priority: High
Read cache: Enabled
Write cache: Enabled
Write cache without batteries: Disabled
Write cache with mirroring: Enabled
Flush write cache after (in seconds): 10.00
Dynamic cache read prefetch: Enabled

Enable background media scan: Enabled
Media scan with redundancy check: Disabled

Pre-Read redundancy check: Disabled

After checking the details about the volume, I was able to extend the volume using:

set logicalDrive [COMPANY-TOR-FS2-F”] addCapacity=500 GB;

show logicalDrive [“COMPANY-TOR-FS2-F”] actionProgress;
Logical Drive COMPANY-TOR-FS2-F
Action: Initialization
Percent Complete: 53%

when growing the volume it does tell you much. Be sure to use the other command to verify the status.

And if you are looking for more information, I found the CLI manual here and not on the IBM website.

 

Troubleshoot KMS

This is the recipe for a KMS activation. This should serve a minimum of 25 machines up to plenty.

You will need:

1 KMS server (aka kms)
1 network
1 or more server to be activated
1 Volume Product Key for your server to be activated
1 working DNS

First of all KMS uses DNS to find where the KMS server is. do a nslookup to find out if this is configure it. Please note the address and port

nslookup -type=SRV _vlmcs._tcp.domain.local
Server:  asterix.domain.local
Address:  172.24.1.20
_vlmcs._tcp.domain.local   SRV service location:
priority       = 0
weight         = 0
port           = 1688
svr hostname   = p1-kms1.domain.local
p1-kms1.domain.local       internet address = 172.24.5.126

Verify connectivity from the server to be activated to the KMS server using [address] and [port]

Do a

cscript.exe slmgr.vbs -dlv

to verify what you have. Expect the VOLUME_KMS_*_* channel.

Do a

cscript.exe slmgr.vbs -ato

to activate

and if you are looking for your keys, and not the key for the KMS server which you get from your MSFT licensing portal, go to technet: https://technet.microsoft.com/en-us/library/jj612867.aspx