Dario IT Solutions Blog

Hi guys,

We held two open houses this week, one on February 22nd at MediaTech Haifa and the other on February 24th at Microsoft Raanana.

I would like to thank the large number of people who attended, it was great hearing your comments and questions.

Attached below are all the PowerPoint decks from the events:

For your reference, these are the major agent versions (as of December 24th, 2009):

1. DPM 2007 SP0 – 2.0.5820.0
2. DPM 2007 SP1 – 2.0.8793.0
3. DPM 2007 SP1 (with KB963102) – 2.0.8824.0
4. DPM 2007 SP1 (with KB968579) – 2.0.8836.0
5. DPM 2007 SP1 (with KB970867) – 2.0.8844.0
6. DPM 2007 SP1 (with KB970868) – 2.0.8851.0
7. DPM 2007 SP1 (with KB976542) – 2.0.8861.0

I’ve summarized several notes about Hyper-V and VMM. It may be useful for you to take it into account when planning or handling Hyper-V platforms.

1. Enabling NLB on a VM
Follow this procedure in case you need to enable NLB on a VM running under Hyper-V 2008. http://support.microsoft.com/kb/953828
Note that when your VM is running under Hyper-V 2008 R2, you will no longer need to specify a certain MAC. You will only need to check the option to “Enable MAC spoofing”.
Follow this link for detailed steps: http://robwhitehouse.com/virtualisation/enable-nlb-in-a-hyper-v-guest/

2. Max CPUs per VM
This Technet article shows the max number of allowed CPUs per VMs : http://technet.microsoft.com/en-us/library/cc794868(WS.10).aspx

3. Disk alignment
Set the disk alignment on two levels:

1. On the storage level. Set the alignment of the LUN so that the disk that the Host OS sees will see blocks the same as you storage device.
   Follow this link for best practices for Hyper-V on NetAPP : http://www.netapp.com/us/communities/tech-ontap/tot-hyperv-best-practices-0911.html
   Follow this direct link for the complete document, where you will find additional information regarding disk alignment : http://media.netapp.com/documents/tr-3702.pdf
2. Within the VHD. After aligning the partition on the LUN on the Host server, you should also align the partition that exists within the VHD file. The above link to the NetAPP documentation shows this procedure as well. You should notice, though, these point:

i. 2008 R2 allows you to mount a VHD to the host (without booting it to a VM). This allows you to create / change / align partitions from the host itself, before creating the VM.

ii. Aligning the VHD is only relevant for fixed virtual disks. Alignment of Incremental or dynamic disks won’t last, due to the nature of the file.

4. IDE / SCSI
Your boot disk has to be connected to an IDE controller on the VM (SCSI controller is a synthetic device http://technet.microsoft.com/en-us/magazine/2008.10.hyperv.aspx?pr=blog ). Connect all Other drives to a SCSI controller for better performance.controller.

5. Pass Through Disks
For best application disk performance, use Pass-Through disks. Pass-Through disks will give the VM direct access to a physical drive. For more information on this feature: http://technet.microsoft.com/en-us/library/cc768521(BTS.10).aspx

6. Moving VMs from 2008 to 2008 R2
After moving VMs from a Server 2008 to Server 2008 R2 be sure to install the integration services again.

7. General Host / VM Performance
Follow this link for explanation about measuring basic Memory / CPU / Disk performance: http://technet.microsoft.com/en-us/magazine/2008.08.pulse.aspx?pr=blog . Pay special attention to the disk monitoring. It is very likely that you’ve placed several disk intensive VMs on the same LUN.

8. Disconnect ISO files
When working on a Hyper-V cluster, make sure that you disconnect any ISO file from a VM when you’re done using it. Otherwise, when moving or live migrating your VM, it may fail because it wouldn’t find the ISO to connect to on the other node.

9. What’s new in VMM 2008 R2
http://www.microsoft.com/systemcenter/virtualmachinemanager/en/us/whats-new-r2.aspx

10. Disk size planning
When planning the size of the disk holding the VM’s VHDs, make sure that you have enough free space to save also the VM’s snapshots and entire memory. When Saving / Moving or Live Migrating the VM, the VM’s entire memory content is saved to disk.

Ever needed to get alerts on all services that are set to Automatic but not running?

Use the following SCOM monitor to do just that:

1. Create a Unit Monitor of type “Timed script two state monitor”, call it “Check For Not Running Services In Automatic Mode” or name it whatever you want

2. Check of “Monitor is enabled” (we will enable it to run only on specific servers later with overrides)

3. Monitor target – Agent

4. Put the following script:

Call Main ()

Sub Main()

‘ Monitor if automatic process is not running

Dim oAPI, oBag, wshShell
Set oAPI = CreateObject("MOM.ScriptAPI")

Set wshShell = WScript.CreateObject( "WScript.Shell" )
strComputer = wshShell.ExpandEnvironmentStrings( "%COMPUTERNAME%" )

‘strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set colListOfServices = objWMIService.ExecQuery _
("Select * from Win32_Service Where StartMode = ‘Auto’")

For Each objService in colListOfServices
Set oBag = oAPI.CreatePropertyBag()
If Not objService.Started = True Then
strDesc = "Service " & objService.Caption & " is not running on " & strComputer
Call oBag.AddValue("Description", strDesc)
Call oBag.AddValue("State", "BAD")
Else
Call oBag.AddValue("State", "GOOD")
End If

oAPI.Additem(oBag)

Next

oAPI.ReturnItems

End Sub

5. As Unhealthy expression put

Property[@Name='State'] Contains BAD

6. As Healthy expression put

Property[@Name='State'] Contains GOOD

7. Turn on Alerting

8. As Alert Description put

$Data/Context/Property[@Name='Description']$

9. Turn on Override for specified servers and change option Enabled to TRUE

Enjoy!

I wanted to thank the large number of attendees at our open house yesterday. It was a real pleasure for us to spend a morning with you, talk a little about technology but more importantly to laugh and exchange views! the mood was up and we really enjoyed it

I would also like to thank the talented Kobi Akiva, Asaf Nakash & Udi Leutashi for their presentations, the feedback they got from the audience was simply great.

One last thank to Gur Proper, Microsoft Israel’s Windows Server Marketing Manager for organizing this whole event!

And lastly, due to the fact the event registration closed within 2 days and a lot of people were not able to attend, we will held another Open House on October 29th. we will be happy to see any of you that couldn’t attend yesterday.

Hi guys,

I’ll be delivering a session at Intel’s “Life after death using… Intel® vPro™ Technology!” conference held on September 14th 2009 at Air Port City, Israel.

This session will focus on integrating SCCM In-Band management capabilities with vPro Out of Band capabilities.

Out of band management allows an administrator to connect to a computer’s management controller when the computer is turned off, in sleep or hibernate modes, or otherwise unresponsive through the operating system. By way of contrast, in-band management is the classic approach used by Configuration Manager and its predecessors whereby an agent runs in the full operating system on the managed computer and the management controller accomplishes tasks by communicating with the management agent.

Out of band management supplements in-band management. While in-band management supports a wider range of operations because it’s environment is the full operating system, in-band management might not be functional if the operating system is not present or is not operational. In these situations, the supplementary capabilities of out of band management allow administrators to manage these computers without requiring local access to the computer.

Out of band management tasks include the following:

• Powering on one or many computers (for example, for maintenance on computers outside business hours).
• Powering off one or many computers (for example, the operating system stops responding).
• Restarting a nonfunctioning computer or booting from a locally connected device or known good boot image file.
• Re-imaging a computer by booting from a boot image file that is located on the network or by using a PXE server.
• Reconfiguring the BIOS settings on a selected computer (and bypassing the BIOS password if this is supported by the BIOS manufacturer).
• Booting to a command-based operating system to run commands, repair utilities, or diagnostic applications (for example, upgrading the firmware or running a disk repair utility).
• Configuring scheduled software update deployments and advertisements to wake up computers prior to running.

SP2 for SCCM 2007 R2 added some important new features, like:

New Operating System Support
• Windows 7
• Windows Server 2008 R2
• Windows Server 2008 SP2
• Windows Vista Sp2

New Features in Out of Band Management
Configuration Manager 2007 Service Pack 2 improves on the Intel AMT integration provided in Service Pack 1. SP2 adds full feature support for computers that have the Intel vPro chip set and AMT firmware versions 4 & 5. In addition to providing feature parity with SP1 and AMT firmware versions 3.2.1, 4.0 and 5.0, the following new features are supported:

Wireless Management (mobile only)
• Up to eight (8) wireless profiles per out of band service point
• Profiles support SSID, WAP2-Enterprise or WAP-Enterprise security, AES or TKIP encryption, client authentication options of EAP-TLS or EAP-TTLS/MSCHAPv2 or PEAPv0/EAP-MSCHAPv2
• Versions of AMT earlier than 3.2.1 are supported with the Intel translator

Authenticated Wired 802.1x Management
• Single profile
• Profile supports client authentication options of EAP-TLS or EAP-TTLS/MSCHAPv2 or PEAPv0/EAP-MSCHAPv2
• Versions of AMT earlier than 3.2.1 are supported with the Intel translator

Audit Logging
• Supported on AMT versions 4 and 5
• Select which out of band management features to audit (critical events not supported)
• Enable or disable audit logging per computer after provisioning
• View, clear, and export to file the audit log entries by using the out of band management console

Power State Configuration
• Enable configuration of the power settings to specify whether out of band management activity is supported when the host is on (S0), host is on (S0) or in standby (S3), or always on (S0-S5)

Data Storage
• Save up to 4096 bytes in ASCII characters in the AMT data storage of each computer
• View and save to the data store by using the out of band management console

Lastly, check out this cool integration demo from Intel – a ConfigMgr advertisement is used to remotely and securely wake-up (boot) Intel vPro systems and push an automated BIOS upgrade.

References for additional reading:

vPro ROI Analysis / Benefits of Activating
http://communities.intel.com/docs/DOC-1494/

Case Stories
http://communities.intel.com/docs/DOC-2260

vPro / SCCM Check list, Quick start Guide, & Tips & Tricks
http://communities.intel.com/community/openportit/vproexpert/microsoft-vpro

ConfigMgr Administrators Checklist and Prerequisites

http://technet.microsoft.com/en-us/library/cc161943(TechNet.10).aspx

http://technet.microsoft.com/en-us/library/cc161785(TechNet.10).aspx

Self Pace SCCM SP1 / vPro Activation Training

http://communities.intel.com/community/openportit/vproexpert/microsoft-vpro/blog/2008/10/24/microsoft-sccm-2007-sp1-intel-vpro-training-videos-now-available

Infrastructure Prep Checklist for Microsoft SCCM

http://communities.intel.com/openport/docs/DOC-2300

Please pay attention to the following guidelines:

1. Uninstall the SCOM SP1 agent from the SQL server before upgrading your RMS
2. To speed up the upgrade process, run the following query using SQL Management Studio:
   

   use OperationsManager

   exec sp_updatestats

   DBCC FREEPROCCACHE

3. Make sure the OperationsManager DB is configure to accept updates using the following command:
   

   exec sp_configure ‘allow updates’, 0

   RECONFIGURE WITH OVERRIDE

4. Note that if your database cannot accept updates you will get the following error during installation – “Error 25154.Failed to execute SQL script. Error Code: –2147217900”

That’s the main caveats we came across.

Good luck!

Microsoft announced the release of the System Center Operations Manager 2007 R2 Connectors!  This is an important milestone as it provides a foundation for interoperability with other products, both external and internal.  The Connectors are available for download at the following location:

http://www.microsoft.com/downloads/details.aspx?FamilyID=592e4143-c5c8-4270-9a7a-cd0a31ab3189

The Operations Manager 2007 R2 Connectors provide Operations Manager 2007 R2 alert forwarding to remote systems, such as an Enterprise Management System (EMS) or a help desk system. After Operations Manager 2007 R2 forwards an alert to a remote system, the alert data is synchronized throughout the lifetime of the alert.  The result of that data synchronization is a robust and seamless systems management environment. Such an environment enables cross-organization support processes to take advantage of the resources and strengths of formerly independent support groups. The ultimate effect is improved enterprise systems health through improved organizational communication.

Sharing data between Operations Manager 2007 R2 and remote systems enables enterprise correlation of events from Windows-based systems, hardware, network, and UNIX systems. Correlating these events allows IT staff to determine the causes of issues and reduce the time to resolution of IT outages.

Synchronization of data between Operations Manager 2007 R2 and remote systems also enables operational groups to use familiar management interfaces. Users update an alert by using their management tool, and the data is updated in tools that are used by other operational groups.

The following connectors are available in this initial RTM:

1. Operations Manager 2007 R2 Connector for IBM Tivoli Enterprise Management Console
2. Operations Manager 2007 R2 Connector for HP Operations Manager (formerly HP OpenView Operations)
3. Operations Manager 2007 R2 Connector for BMC Remedy Action Request System (ARS)
4. Operations Manager 2007 R2 Universal Connector

For more information regarding the Connectors, you can review the following resources:

Download Details:

- http://www.microsoft.com/downloads/details.aspx?FamilyID=592e4143-c5c8-4270-9a7a-cd0a31ab3189

TechNet Documentation:

- http://technet.microsoft.com/en-us/library/dd795265.aspx

TechNet Forums:

- General:  http://social.technet.microsoft.com/Forums/en-US/interopgeneral/threads

- Connector for IBM Tivoli Enterprise Console:  http://social.technet.microsoft.com/Forums/en-US/interoptivoli/threads

- Connector for HP Operations Manager:  http://social.technet.microsoft.com/Forums/en-US/interophpoperationsmanager/threads

- Connector for BMC Remedy ARS:  http://social.technet.microsoft.com/Forums/en-US/interopremedy/threads/

- Universal Connector:  http://social.technet.microsoft.com/Forums/en-US/interopuniversalconnector/threads

If you had to maintain a SCCM server in an offline environment you know it’s not a simple task. One of the steps you have to carry out is to download all the updates from the Internet or to copy them from another WSUS/SCCM SUP server that is connected to Internet and had already downloaded all the updates.

For the first method you can use this great post:

http://myitforum.com/cs2/blogs/jgilbert/archive/2008/10/28/getting-required-updates-on-non-internet-connected-sups-part-1.aspx

and part 2:

http://myitforum.com/cs2/blogs/jgilbert/archive/2008/10/28/getting-required-updates-on-non-internet-connected-sups-part-2.aspx

If you have another WSUS/SCCM SUP server that is online, the easiest way to get those updates is to copy them from the server. This is where it gets a little bit tricky:

The updates are found in the “WSUSContent” folder or in SCCM’s case in a folder share of your choice, the only problem is that they are scattered in different folders, This causes a problem because when you’ll need to provide the offline WSUS/SCCM SUP with the updates they will have to be in a single folder. For this purpose I found a little batch file that will get the job done (Credit goes to Rems):

@echo off
title WAIT !

Set "sourceDir=c:\1234"
Set "destinationFolder=c:\SHOEBOX"
Set "_report=c:\logxcopy.txt"

IF NOT EXIST "%sourceDir%" (echo.Could not find %sourceDir% &GoTo:done)

:: overwrite previous log
>"%_report%" (
      echo.%date% - %time%
      echo.---------------------------------------------------
      echo.
)

:: copy files
For /F "Delims=" %%! in ('Dir "%sourceDir%\" /b /s /a-d 2^>nul') do (
   @echo.%%! &(
   @xcopy "%%!" "%destinationFolder%\" /i /y /h /f /c >>"%_report%",2>&1)
)

:done
title,Done.......

echo.&pause>nul

This batch will copy all the files from a folder tree to a single folder.

More info about offline WSUS/SCCM SUP environment:

http://technet.microsoft.com/en-us/library/cc720512(WS.10).aspx

http://myitforum.com/cs2/blogs/jgilbert/archive/2008/10/19/synchronizing-non-internet-connected-software-update-points.aspx

Enjoy!

If Your RMS had failed prior to Service Pack 1, and you didn’t have a backup of your encryption key, You were in trouble. Your only option was to rebuild from scratch.

Now with SP1, we have a new CREATE_NEWKEY command line switch that can make recovering from a situation like this potentially much easier. We also made running the encryption key backup process a mandatory process of setup, just so you’ll have a friendly reminder.

So let’s take a look at a couple scenario’s:

1.  The Root Management Server is replaced or reinstalled and the key is not backed up or the password to the key is lost. There are no other Management Servers to promote.

Solution: Install a new Management Server (the RMS replacement) and be sure the computer name is the same name as the previous Root Management Server that is being replaced.  Setup will detect that the machine name is same as the Root Management Server in the database so it will recreate a new key and register the licenses.

2.  The Root Management Server is replaced or reinstalled and the key is not backed up or the password to the key is lost. There is at least one Management Server to promote to Root Management Server.

Solution: On the Management Server that will become the new Root Management Server, run MOM.msi with the CREATE_NEWKEY switch (msiexec.exe /i <Path to MOM.msi> CREATE_NEWKEY=1).  Configure the account for SDK/Config services (this account should have permission to the database, the SDK service account should be added to the SDK_users role, and the config service account should be added to the configsvc_users role).  Promote the Management Server to Root Management Server.

3.  The registry on the Root Management Server got corrupted, thus the encryption key is lost.
Solution: Run MOM.msi with special switch (msiexec.exe /i <Path to MOM.msi> CREATE_NEWKEY=1)

So does this mean you don’t have to worry about backing up your keys?  No, you should always backup your keys and keep them in a safe place as doing so will potentially save you a lot of trouble down the road, but now if something happens there’s possibly a way to recover without having to rebuild.

Backing up your RMS encryption key: http://technet.microsoft.com/en-us/library/bb309563.aspx.

(Taken from: The Manageability Team Blog-http://blogs.technet.com/smsandmom/archive/2007/12/05/opsmgr-2007-what-if-i-lose-my-rms-encryption-key.aspx)