Copy windows features from a server to another

Sometimes you want to create the (almost) same server where you do not yet Chef or CF or some sort of DSC. The best resort is to use what you have: get-windowsfeature

Imagine you want to configure Server B from Server A and obviously those are microsoft windows servers…

#On server A
#export features
> Get-WindowsFeature | ? { $_.Installed -AND $_.SubFeatures.Count -eq 0 } | Export-Clixml .\serverA.xml
#copy the feature file over
> cp .\serverA.xml ‘\\serverB\c$\Files’

#On server B
PS C:\Files> ls
Directory: C:\Files
Mode LastWriteTime Length Name
—- ————- —— —-
-a—- 6/8/2017 4:15 PM 510824 ServerA.xml
PS C:\Files> Import-Module Servermanager
PS C:\Files> Import-Clixml .\ServerA.xml | Add-WindowsFeature
Success Restart Needed Exit Code Feature Result
——- ————– ——— ————–
True Yes SuccessRest… {Application Server, .NET Framework 4.5, W…
WARNING: You must restart this server to finish the installation process.

Voila, another posh timesaver.

ESXi5.5u2 install fail on new x240 m5 – failed to resolve circular relocation

The other day I ran into a strange issue. Just received a bunch of Flex Blade x240 for a Vmware cluster and trying to get ESXi installed I was stopped by the following message: Failed to Resolve circular relocation.

vmware esxi failure - failed to resolve circular relocation
failed to resolve circular relocation

It happened on one server so I tried the next one and the next, same thing!

I opened a case with Vmware which resulted in the following KB:2050443 http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2050443

It seems like ESXi doesn’t support MMIO regions above 4GB.

It took me for ever to find the relevant IBM/Lenovo information. Eventually found it at https://www-947.ibm.com/support/entry/myportal/docdisplay?lndocid=MIGR-5096729&brandind=5000020 not thanks to Lenovo support!

So I made the following changes in my BIOS, from 64-Bit resource allocation: Enabled to Disabled. And MM Config Base from 2GB to 3GB.

You will find the above settings under the BIOS>System Settings> Devices and IO ports

vmware esxi failure - lenovo good config

I hope this helps.

The DMZ server that did not want to update

Once upon a time there was a server placed in a DMZ that would not want to update…

symptoms: using sconfig, the server would say that no updates were available.

problems: wsus settings had been deployed

solution: remove wsus settings

It sounds easy said like this but somehow this client manages to present things a different way leading to wasting my time.

As I said, it all started with company X administrator saying they could not update this windows 2012 R2 core server while it worked yesterday. Indeed, once in sconfig, the server is in a workgroup, automatic updates is disabled and running get and install updates would results in no updates to apply.

Steering in this direction, I run

wuauctl /detectnow

I verify the wua version using

$WindowsUpdateAgentVer = (Get-ItemProperty -Path 'C:\Windows\System32\wuaueng.dll' -ErrorAction SilentlyContinue).VersionInfo.ProductVersion

> Write-Host $WindowsUpdateAgentVer

7.9.9600.16384

it looks like a bit out of date as I see a lot of 7.9.9600.256 on the web. I try updating it without success. This URL brings me to some other kb and download which did not work, I guess I am giving up this path and not try to install kb2919355 which is all above WUA update. None of the downloads from this URL do anything for me.

But wait, why did not I check the windowsupdate log? A stroll to c:\windows\windowsupdate.log showed me that it fails getting update lists from some wsus server!

WARNING: There was an error communicating with the endpoint at ‘http://wsus.xxx.ca/SimpleAuthWebService/SimpleAuth.asmx

Bummer, what did not I start here? I hop on the web to look for the reg key and delete it.

Stop-Service wuauserv
Remove-Item -Path 'HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\*' -recurse -force
Start-Service wuauserv

Once removed, I start an update again using sconfig – bingo – updates show up. I then finish it with my favorite WUA script and invoke-windowsupdate to keep things rolling.

It guess it would be so much better for sconfig to actually say there was an error instead of saying that there are no updates available for this server…

Installing .Net3.5 on Windows 2012 R2

I had encountered this in the past, because .net 3.5 became an on-demand addon it would not come installed on a fresh windows 2012 install.

To fix this, one add to play with the following commands to get the feature available on the system and install it.

Dism.exe /online /enable-feature /featurename:NetFX3 /All /Source:c:\dotnet35 /LimitAccess

Somehow, I could not get this to work and even if the source was here with .net 3.5 files, it just would not install saying dotnet35 could not be found.

I eventually found a magic key to actually let the server connect to msupdate instead of trying to get it from a source.

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Servicing] “RepairContentServerSource”=DWORD(2)

By enabling this, I was able to install dotnet35. Apparently there is a GPO for this, but all of the policy templates I found did not include “Specify settings for optional component installation and component repair”.

Keeping an eye on DFS-R

I’ve never really used DFS-R with many file servers but here I am. And the company I work with has been having issues with replication since a member had been taken offline and back.

Due to maintenance they had disabled the member from the namespace servers of that namespace and disabled it from the memberships. When the server was up again, they re-enabled memberships for DFS and replication accordingly

To me, it seems like a good idea but somehow this member is now having issues. Nothing gets in or out as for replications go.

First of, there are a few essential reads for DFS-R. I really recommend spending some time reading those as a refresher or even guidance.

http://blogs.technet.com/b/askds/archive/2007/10/05/top-10-common-causes-of-slow-replication-with-dfsr.aspx

http://blogs.technet.com/b/askds/archive/2010/11/01/common-dfsr-configuration-mistakes-and-oversights.aspx

Also I highly recommends this article shall you want to remember what is means to be a member of the Replication Group.

http://www.adshotgyan.com/2010/12/dfsr-replication-group-in-windows-2008.html

 

Here we go. I just want to share a few things I do and look for when I starting looking for troubles.

Check the Health of a Replication Group (RG)

> dfsradmin health new /rgname:RG_NAME /refmemname:FROM_THE_VIEW_OF_WHICH_MEMBER /domain:YOUR_DOMAIN /ReportName:c:\scripts\dfsmonitor\health\RGNAME_health_rpt.html

This report will tell you what is it doing and if it encountered any errors without having to parse the event logs. Shall you want to automate this, have a look at this basic script.

Do a file replication/propagation test

dfsrdiag offers many options, one of them is to test propagation of a file to the various members of the RG. You would do the following

> dfsrdiag.exe propagationtest /rgname:RG_NAME /rfname:REPLICATION_FOLDER_TO_TEST /testfile:A_FUNNY_NAME

Operation Succeeded

You then will want to wait a little bit for things to happen and after a few minutes verify what has happened with the propagationreport option.

> dfsrdiag.exe propagationreport /rgname:RG_NAME /rfname:REPLICATION_FOLDER_TO_TEST /testfile:A_FUNNY_NAME /reportfile:c:\scripts\dfsmonitor\propagationtest.xml

PROCESSING MEMBER A[1 OUT OF 3]
PROCESSING MEMBER B[2 OUT OF 3]
PROCESSING MEMBER C[3 OUT OF 3]

Total number of members: 3

Number of disabled members: 0

Number of unsubscribed members: 0

Number of invalid AD member objects: 0

Test file access failures: 0

WMI access failures: 0

ID record search failures: 0

Test file mismatches: 0

Members with valid test file: 3

Operation Succeeded

Verify backlogs

>dfsrdiag.exe backlog /rgname:RG_NAME /rfname:REPLICATION_FOLDER_TO_TEST /smem:SOURCE_MEMBER /rmem:TARGET_MEMBER

This will give the number of files in the queue and will list them if you wish. This said it will only output 100 by default.

You can also use this script in order to keep track of the backlogs.

Restart the DFS-R service

If things seems stuck after you checked everything above and the DFS-R log usually located in c:\windows\debug\log. You might want to restart the service once

> Get-Service *dfsr* | Restart-Service

WARNING: Waiting for service ‘DFS Replication (DFSR)’ to finish stopping…

> Get-Service *dfsr*

Status   Name               DisplayName

—–   —-               ———–

Running DFSR               DFS Replication

In the end

If you have read all this and still not sure how to fix your replication issues: contact microsoft. Any mistake while playing with members and their RGs may render files inaccessible for your users. This said I am yet to find a good way to monitor all of my RGs beside loading those health reports. I wish there was a better way to check what is going on, what files it is working on, the queues, the state of the members and so on in a single MMC.

I also want to list here a few other article that may help troubleshooting and recreating your RGs.

Clearing Conflits and Deleted folders

http://blogs.technet.com/b/askds/archive/2008/10/06/manually-clearing-the-conflictanddeleted-folder-in-dfsr.aspx

Preseeding another member

http://blogs.technet.com/b/askds/archive/2010/09/07/replacing-dfsr-member-hardware-or-os-part-2-pre-seeding.aspx