Dario IT Solutions Blog

I’ve summarized several notes about Hyper-V and VMM. It may be useful for you to take it into account when planning or handling Hyper-V platforms.

1. Enabling NLB on a VM
Follow this procedure in case you need to enable NLB on a VM running under Hyper-V 2008. http://support.microsoft.com/kb/953828
Note that when your VM is running under Hyper-V 2008 R2, you will no longer need to specify a certain MAC. You will only need to check the option to “Enable MAC spoofing”.
Follow this link for detailed steps: http://robwhitehouse.com/virtualisation/enable-nlb-in-a-hyper-v-guest/

2. Max CPUs per VM
This Technet article shows the max number of allowed CPUs per VMs : http://technet.microsoft.com/en-us/library/cc794868(WS.10).aspx

3. Disk alignment
Set the disk alignment on two levels:

1. On the storage level. Set the alignment of the LUN so that the disk that the Host OS sees will see blocks the same as you storage device.
   Follow this link for best practices for Hyper-V on NetAPP : http://www.netapp.com/us/communities/tech-ontap/tot-hyperv-best-practices-0911.html
   Follow this direct link for the complete document, where you will find additional information regarding disk alignment : http://media.netapp.com/documents/tr-3702.pdf
2. Within the VHD. After aligning the partition on the LUN on the Host server, you should also align the partition that exists within the VHD file. The above link to the NetAPP documentation shows this procedure as well. You should notice, though, these point:

i. 2008 R2 allows you to mount a VHD to the host (without booting it to a VM). This allows you to create / change / align partitions from the host itself, before creating the VM.

ii. Aligning the VHD is only relevant for fixed virtual disks. Alignment of Incremental or dynamic disks won’t last, due to the nature of the file.

4. IDE / SCSI
Your boot disk has to be connected to an IDE controller on the VM (SCSI controller is a synthetic device http://technet.microsoft.com/en-us/magazine/2008.10.hyperv.aspx?pr=blog ). Connect all Other drives to a SCSI controller for better performance.controller.

5. Pass Through Disks
For best application disk performance, use Pass-Through disks. Pass-Through disks will give the VM direct access to a physical drive. For more information on this feature: http://technet.microsoft.com/en-us/library/cc768521(BTS.10).aspx

6. Moving VMs from 2008 to 2008 R2
After moving VMs from a Server 2008 to Server 2008 R2 be sure to install the integration services again.

7. General Host / VM Performance
Follow this link for explanation about measuring basic Memory / CPU / Disk performance: http://technet.microsoft.com/en-us/magazine/2008.08.pulse.aspx?pr=blog . Pay special attention to the disk monitoring. It is very likely that you’ve placed several disk intensive VMs on the same LUN.

8. Disconnect ISO files
When working on a Hyper-V cluster, make sure that you disconnect any ISO file from a VM when you’re done using it. Otherwise, when moving or live migrating your VM, it may fail because it wouldn’t find the ISO to connect to on the other node.

9. What’s new in VMM 2008 R2
http://www.microsoft.com/systemcenter/virtualmachinemanager/en/us/whats-new-r2.aspx

10. Disk size planning
When planning the size of the disk holding the VM’s VHDs, make sure that you have enough free space to save also the VM’s snapshots and entire memory. When Saving / Moving or Live Migrating the VM, the VM’s entire memory content is saved to disk.

Hi guys,

I’ll be delivering a session at Intel’s “Life after death using… Intel® vPro™ Technology!” conference held on September 14th 2009 at Air Port City, Israel.

This session will focus on integrating SCCM In-Band management capabilities with vPro Out of Band capabilities.

Out of band management allows an administrator to connect to a computer’s management controller when the computer is turned off, in sleep or hibernate modes, or otherwise unresponsive through the operating system. By way of contrast, in-band management is the classic approach used by Configuration Manager and its predecessors whereby an agent runs in the full operating system on the managed computer and the management controller accomplishes tasks by communicating with the management agent.

Out of band management supplements in-band management. While in-band management supports a wider range of operations because it’s environment is the full operating system, in-band management might not be functional if the operating system is not present or is not operational. In these situations, the supplementary capabilities of out of band management allow administrators to manage these computers without requiring local access to the computer.

Out of band management tasks include the following:

• Powering on one or many computers (for example, for maintenance on computers outside business hours).
• Powering off one or many computers (for example, the operating system stops responding).
• Restarting a nonfunctioning computer or booting from a locally connected device or known good boot image file.
• Re-imaging a computer by booting from a boot image file that is located on the network or by using a PXE server.
• Reconfiguring the BIOS settings on a selected computer (and bypassing the BIOS password if this is supported by the BIOS manufacturer).
• Booting to a command-based operating system to run commands, repair utilities, or diagnostic applications (for example, upgrading the firmware or running a disk repair utility).
• Configuring scheduled software update deployments and advertisements to wake up computers prior to running.

SP2 for SCCM 2007 R2 added some important new features, like:

New Operating System Support
• Windows 7
• Windows Server 2008 R2
• Windows Server 2008 SP2
• Windows Vista Sp2

New Features in Out of Band Management
Configuration Manager 2007 Service Pack 2 improves on the Intel AMT integration provided in Service Pack 1. SP2 adds full feature support for computers that have the Intel vPro chip set and AMT firmware versions 4 & 5. In addition to providing feature parity with SP1 and AMT firmware versions 3.2.1, 4.0 and 5.0, the following new features are supported:

Wireless Management (mobile only)
• Up to eight (8) wireless profiles per out of band service point
• Profiles support SSID, WAP2-Enterprise or WAP-Enterprise security, AES or TKIP encryption, client authentication options of EAP-TLS or EAP-TTLS/MSCHAPv2 or PEAPv0/EAP-MSCHAPv2
• Versions of AMT earlier than 3.2.1 are supported with the Intel translator

Authenticated Wired 802.1x Management
• Single profile
• Profile supports client authentication options of EAP-TLS or EAP-TTLS/MSCHAPv2 or PEAPv0/EAP-MSCHAPv2
• Versions of AMT earlier than 3.2.1 are supported with the Intel translator

Audit Logging
• Supported on AMT versions 4 and 5
• Select which out of band management features to audit (critical events not supported)
• Enable or disable audit logging per computer after provisioning
• View, clear, and export to file the audit log entries by using the out of band management console

Power State Configuration
• Enable configuration of the power settings to specify whether out of band management activity is supported when the host is on (S0), host is on (S0) or in standby (S3), or always on (S0-S5)

Data Storage
• Save up to 4096 bytes in ASCII characters in the AMT data storage of each computer
• View and save to the data store by using the out of band management console

Lastly, check out this cool integration demo from Intel – a ConfigMgr advertisement is used to remotely and securely wake-up (boot) Intel vPro systems and push an automated BIOS upgrade.

References for additional reading:

vPro ROI Analysis / Benefits of Activating
http://communities.intel.com/docs/DOC-1494/

Case Stories
http://communities.intel.com/docs/DOC-2260

vPro / SCCM Check list, Quick start Guide, & Tips & Tricks
http://communities.intel.com/community/openportit/vproexpert/microsoft-vpro

ConfigMgr Administrators Checklist and Prerequisites

http://technet.microsoft.com/en-us/library/cc161943(TechNet.10).aspx

http://technet.microsoft.com/en-us/library/cc161785(TechNet.10).aspx

Self Pace SCCM SP1 / vPro Activation Training

http://communities.intel.com/community/openportit/vproexpert/microsoft-vpro/blog/2008/10/24/microsoft-sccm-2007-sp1-intel-vpro-training-videos-now-available

Infrastructure Prep Checklist for Microsoft SCCM

http://communities.intel.com/openport/docs/DOC-2300

SCCM uses a lot of log files, it could be quite confusing finding what you need. I gathered a list of all the log files and a description of their content to make life easy.

The client logs are located in the %WINDIR%\System32\CCM\Logs folder or %WINDIR%\SysWOW64\CCM\Logs (for x64 OS).
The SCCM server log files are located in the <INSTALL_PATH>\Logs or SMS_CCM\Logs folder.

IIS logs can be found in %WINDIR%\System32\logfiles\W3SVC1 folder.

NOTE: Use the Trace tool included in the SCCM Toolkit or MS Log Parser to easily view log files.

Client Log Files

• CAS – Content Access Service. Maintains the local package cache.
• Ccmexec.log – Records activities of the client and the SMS Agent Host service.
• CertificateMaintenance.log – Maintains certificates for Active Directory directory service and management points.
• ClientIDManagerStartup.log – Creates and maintains the client GUID.
• ClientLocation.log – Site assignment tasks.
• ContentTransferManager.log – Schedules the Background Intelligent Transfer Service (BITS) or the Server Message Block (SMB) to download or to access SMS packages.
• DataTransferService.log – Records all BITS communication for policy or package access.
• Execmgr.log – Records advertisements that run.
• FileBITS.log – Records all SMB package access tasks.
• Fsinvprovider.log (renamed to FileSystemFile.log in all SMS 2003 Service Packs) – Windows Management Instrumentation (WMI) provider for software inventory and file collection.
• InventoryAgent.log – Creates discovery data records (DDRs) and hardware and software inventory records.
• LocationServices.log – Finds management points and distribution points.
• Mifprovider.log – The WMI provider for .MIF files.
• Mtrmgr.log – Monitors all software metering processes.
• PolicyAgent.log – Requests policies by using the Data Transfer service.
• PolicyAgentProvider.log – Records policy changes.
• PolicyEvaluator.log – Records new policy settings.
• Remctrl.log – Logs when the remote control component (WUSER32) starts.
• Scheduler.log – Records schedule tasks for all client operations.
• Smscliui.log – Records usage of the Systems Management tool in Control Panel.
• StatusAgent.log – Logs status messages that are created by the client components.
• SWMTRReportGen.log – Generates a usage data report that is collected by the metering agent. (This data is logged in Mtrmgr.log.)

Server Log Files

• Ccm.log – Client Configuration Manager tasks.
• Cidm.log – Records changes to the client settings by the Client Install Data Manager (CIDM).
• Colleval.log – Logs when collections are created, changed, and deleted by the Collection Evaluator.
• Compsumm.log – Records Component Status Summarizer tasks.
• Cscnfsvc.log – Records Courier Sender confirmation service tasks.
• Dataldr.log – Processes Management Information Format (MIF) files and hardware inventory in the Configuration Manager 2007 database.
• Ddm.log – Saves DDR information to the Configuration Manager 2007 database by the Discovery Data Manager.
• Despool.log – Records incoming site-to-site communication transfers.
• Distmgr.log – Records package creation, compression, delta replication, and information updates.
• Hman.log – Records site configuration changes, and publishes site information in Active Directory Domain Services.
• Inboxast.log – Records files that are moved from the management point to the corresponding SMS\INBOXES folder.
• Inboxmgr.log – Records file maintenance.
• Invproc.log – Records the processing of delta MIF files for the Dataloader component from client inventory files.
• Mpcontrol.log – Records the registration of the management point with WINS. Records the availability of the management point every 10 minutes.
• Mpfdm.log – Management point component that moves client files to the corresponding SMS\INBOXES folder.
• MPMSI.log – Management point .msi installation log.
• MPSetup.log – Records the management point installation wrapper process.
• Ntsvrdis.log – Configuration Manager 2007 server discovery.
• Offermgr.log – Records advertisement updates.
• Offersum.log – Records summarization of advertisement status messages.
• Policypv.log – Records updates to the client policies to reflect changes to client settings or advertisements.
• Replmgr.log – Records the replication of files between the site server components and the Scheduler component.
• Rsetup.log – Reporting point setup log.
• Sched.log – Records site-to-site job and package replication.
• Sender.log – Records files that are sent to other child and parent sites.
• Sinvproc.log – Records client software inventory data processing to the site database in Microsoft SQL Server.
• Sitecomp.log – Records maintenance of the installed site components.
• Sitectrl.log – Records site setting changes to the Sitectrl.ct0 file.
• Sitestat.log – Records the monitoring process of all site systems.
• Smsdbmon.log – Records database changes.
• Smsexec.log – Records processing of all site server component threads.
• Smsprov.log – Records WMI provider access to the site database.
• SMSReportingInstall.log – Records the Reporting Point installation. This component starts the installation tasks and processes configuration changes.
• SMSSHVSetup.log – Records the success or failure (with failure reason) of installing the System Health Validator point.
• Srvacct.log – Records the maintenance of accounts when the site uses standard security.
• Statmgr.log – Writes all status messages to the database.
• Swmproc.log – Processes metering files and maintains settings.

Admin Console Log Files

• RepairWizard.log – Records errors, warnings, and information about the process of running the Repair Wizard.
• ResourceExplorer.log – Records errors, warnings, and information about running the Resource Explorer.
• SMSAdminUI.log – Records the local Configuration Manager 2007 console tasks when you connect to Configuration Manager 2007 sites.

Management Point Log Files

• MP_Ddr.log – Records the conversion of XML.ddr records from clients, and copies them to the site server.
• MP_GetAuth.log – Records the status of the site management points.
• MP_GetPolicy.log – Records policy information.
• MP_Hinv.log – Converts XML hardware inventory records from clients and copies the files to the site server.
• MP_Location.log – Records location manager tasks.
• MP_Policy.log – Records policy communication.
• MP_Relay.log – Copies files that are collected from the client.
• MP_Retry.log – Records the hardware inventory retry processes.
• MP_Sinv.log – Converts XML hardware inventory records from clients and copies them to the site server.
• MP_Status.log – Converts XML.svf status message files from clients and copies them to the site server.

Mobile Device Management Log Files

• DmClientHealth.log – Records the GUIDs of all the mobile device clients that are communicating with the Device Management Point.
• DmClientRegistration.log – Records registration requests from and responses to the mobile device client in Native mode.
• DmpDatastore.log – Records all the site database connections and queries made by the Device Management Point.
• DmpDiscovery.log – Records all the discovery data from the mobile device clients on the Device Management Point.
• DmpFileCollection.log – Records mobile device file collection data from mobile device clients on the Device Management Point.
• DmpHardware.log – Records hardware inventory data from mobile device clients on the Device Management Point.
• DmpIsapi.log – Records mobile device communication data from device clients on the Device Management Point.
• dmpMSI.log – Records the MSI data for Device Management Point setup.
• DMPSetup.log – Records the mobile device management setup process.
• DmpSoftware.log – Records mobile device software distribution data from mobile device clients on the Device Management Point.
• DmpStatus.log – Records mobile device status messages data from mobile device clients on the Device Management Point.
• FspIsapi.log – Records Fallback Status Point communication data from mobile device clients and client computers on the Fallback Status Point.

Mobile Device Client Log Files

• DmCertEnroll.log – Records certificate enrollment data on mobile device clients.
• DMCertResp.htm (in \temp) – Records HTML response from the certificate server when the mobile device Enroller program requests a client authentication certificate on mobile device clients.
• DmClientSetup.log – Records client setup data on mobile device clients.
• DmClientXfer.log – Records client transfer data for Windows Mobile Device Center and ActiveSync deployments.
• DmCommonInstaller.log – Records client transfer file installation for setting up mobile device client transfer files on client computers.
• DmInstaller.log – Records whether DMInstaller correctly calls DmClientSetup and whether DmClientSetup exits with success or failure on mobile device clients.
• DmInvExtension.log – Records Inventory Extension file installation for setting up Inventory Extension files on client computers.
• DmSvc.log – Records mobile device management service data on mobile device clients.

Operating System Deployment Log Files

• CCMSetup.log – Provides information about client-based operating system actions.
• CreateTSMedia.log – Provides information about task sequence media when it is created. This log is generated on the computer running the Configuration Manager 2007 administrator console.
• DriverCatalog.log – Provides information about device drivers that have been imported into the driver catalog.
• MP_ClientIDManager.log – Provides information about the Configuration Manager 2007 management point when it responds to Configuration Manager 2007 client ID requests from boot media or PXE. This log is generated on the Configuration Manager 2007 management point.
• MP_DriverManager.log – Provides information about the Configuration Manager 2007 management point when it responds to a request from the Auto Apply Driver task sequence action. This log is generated on the Configuration Manager 2007 management point.
• MP_Location.log – Provides information about the Configuration Manager 2007 management point when it responds to request state store or release state store requests from the state migration point. This log is generated on the Configuration Manager 2007 management point.
• Pxecontrol.log – Provides information about the PXE Control Manager.
• PXEMsi.log – Provides information about the PXE service point and is generated when the PXE service point site server has been created.
• PXESetup.log – Provides information about the PXE service point and is generated when the PXE service point site server has been created.
• Setupact.log Setupapi.log Setuperr.log Provide information about Windows Sysprep and setup logs.
• SmpIsapi.log – Provides information about the state migration point Configuration Manager 2007 client request responses.
• Smpmgr.log – Provides information about the results of state migration point health checks and configuration changes.
• SmpMSI.log – Provides information about the state migration point and is generated when the state migration point site server has been created.
• Smsprov.log – Provides information about the SMS provider.
• Smspxe.log – Provides information about the Configuration Manager 2007 PXE service point.
• SMSSMPSetup.log – Provides information about the state migration point and is generated when the state migration point site server has been created.
• Smsts.log – General location for all operating system deployment and task sequence log events.
• TaskSequenceProvider.log – Provides information about task sequences when they are imported, exported, or edited.
• USMT Log loadstate.log – Provides information about the User State Migration Tool (USMT) regarding the restore of user state data.
• USMT Log scanstate.log – Provides information about the USMT regarding the capture of user state data.

Network Access Protection Log Files

• Ccmcca.log – Logs the processing of compliance evaluation based on Configuration Manager NAP policy processing and contains the processing of remediation for each software update required for compliance.
• CIAgent.log – Tracks the process of remediation and compliance. However, the software updates log file, *Updateshandler.log – provides more informative details on installing the software updates required for compliance.
• locationservices.log – Used by other Configuration Manager features (for example, information about the client’s assigned site) but also contains information specific to Network Access Protection when the client is in remediation. It records the names of the required remediation servers (management point, software update point, and distribution points that host content required for compliance), which are also sent in the client statement of health.
• SDMAgent.log – Shared with the Configuration Manager feature desired configuration management and contains the tracking process of remediation and compliance. However, the software updates log file, Updateshandler.log, provides more informative details about installing the software updates required for compliance.
• SMSSha.log – The main log file for the Configuration Manager Network Access Protection client and contains a merged statement of health information from the two Configuration Manager components: location services (LS) and the configuration compliance agent (CCA). This log file also contains information about the interactions between the Configuration Manager System Health Agent and the operating system NAP agent, and also between the Configuration Manager System Health Agent and both the configuration compliance agent and the location services. It provides information about whether the NAP agent successfully initialized, the statement of health data, and the statement of health response.

System Health Validator Point Log Files

• Ccmperf.log -Contains information about the initialization of the System Health Validator point performance counters.
• SmsSHV.log – The main log file for the System Health Validator point; logs the basic operations of the System Health Validator service, such as the initialization progress.
• SmsSHVADCacheClient.log – Contains information about retrieving Configuration Manager health state references from Active Directory Domain Services.
• SmsSHVCacheStore.log – Contains information about the cache store used to hold the Configuration Manager NAP health state references retrieved from Active Directory Domain Services, such as reading from the store and purging entries from the local cache store file. The cache store is not configurable.
• SmsSHVRegistrySettings.log – Records any dynamic changes to the System Health Validator component configuration while the service is running.
• SmsSHVQuarValidator.log – Records client statement of health information and processing operations. To obtain full information, change the registry key LogLevel from 1 to 0 in the following location:HKLM\SOFTWARE\Microsoft\SMSSHV\Logging\@GLOBAL

Desired Configuration Management Log Files

• ciagent.log – Provides information about downloading, storing, and accessing assigned configuration baselines.
• dcmagent.log – Provides high-level information about the evaluation of assigned configuration baselines and desired configuration management processes.
• discovery.log – Provides detailed information about the Service Modeling Language (SML) processes.
• sdmagent.log – Provides information about downloading, storing, and accessing configuration item content.
• sdmdiscagent.log – Provides high-level information about the evaluation process for the objects and settings configured in the referenced configuration items.

Wake On LAN Log Files

• Wolmgr.log – Contains information about wake-up procedures such as when to wake up advertisements or deployments that are configured for Wake On LAN.
• WolCmgr.log – Contains information about which clients need to be sent wake-up packets, the number of wake-up packets sent, and the number of wake-up packets retried.

Software Updates Site Server Log Files

• ciamgr.log – Provides information about the addition, deletion, and modification of software update configuration items.
• distmgr.log – Provides information about the replication of software update deployment packages.
• objreplmgr.log – Provides information about the replication of software updates notification files from a parent to child sites.
• PatchDownloader.log – Provides information about the process for downloading software updates from the update source specified in the software updates metadata to the download destination on the site server.
• replmgr.log – Provides information about the process for replicating files between sites.
• smsdbmon.log – Provides information about when software update configuration items are inserted, updated, or deleted from the site server database and creates notification files for software updates components.
• SUPSetup – Provides information about the software update point installation. When the software update point installation completes, Installation was successful is written to this log file.
• WCM.log – Provides information about the software update point configuration and connecting to the Windows Server Update Services (WSUS) server for subscribed update categories, classifications, and languages.
• WSUSCtrl.log – Provides information about the configuration, database connectivity, and health of the WSUS server for the site.
• wsyncmgr.log -Provides information about the software updates synchronization process.

WSUS Server Log Files

• Change.log – Provides information about the WSUS server database information that has changed.
• SoftwareDistribution.log – Provides information about the software updates that are synchronized from the configured update source to the WSUS server database.

Software Updates Client Computer Log Files

• CAS.log – Provides information about the process of downloading software updates to the local cache and cache management.
• CIAgent.log – Provides information about processing configuration items, including software updates.
• LocationServices.log – Provides information about the location of the WSUS server when a scan is initiated on the client.
• PatchDownloader.log – Provides information about the process for downloading software updates from the update source to the download destination on the site server. This log is only on the client computer configured as the synchronization host for the Inventory Tool for Microsoft Updates.
• PolicyAgent.log – Provides information about the process for downloading, compiling, and deleting policies on client computers.
• PolicyEvaluator – Provides information about the process for evaluating policies on client computers, including policies from software updates.
• RebootCoordinator.log – Provides information about the process for coordinating system restarts on client computers after software update installations.
• ScanAgent.log – Provides information about the scan requests for software updates, what tool is requested for the scan, the WSUS location, and so on.
• ScanWrapper – Provides information about the prerequisite checks and the scan process initialization for the Inventory Tool for Microsoft Updates on Systems Management Server (SMS) 2003 clients.
• SdmAgent.log – Provides information about the process for verifying and decompressing packages that contain configuration item information for software updates.
• ServiceWindowManager.log – Provides information about the process for evaluating configured maintenance windows.
• smscliUI.log – Provides information about the Configuration Manager Control Panel user interactions, such as initiating a Software Updates Scan Cycle from the Configuration Manager Properties dialog box, opening the Program Download Monitor, and so on.
• SmsWusHandler – Provides information about the scan process for the Inventory Tool for Microsoft Updates on SMS 2003 client computers.
• StateMessage.log – Provides information about when software updates state messages are created and sent to the management point.
• UpdatesDeployment.log – Provides information about the deployment on the client, including software update activation, evaluation, and enforcement. Verbose logging shows additional information about the interaction with the client user interface.
• UpdatesHandler.log – Provides information about software update compliance scanning and about the download and installation of software updates on the client.
• UpdatesStore.log – Provides information about the compliance status for the software updates that were assessed during the compliance scan cycle.
• WUAHandler.log – Provides information about when the Windows Update Agent on the client searches for software updates.
• WUSSyncXML.log – Provides information about the Inventory Tool for the Microsoft Updates synchronization process. This log is only on the client computer configured as the synchronization host for the Inventory Tool for Microsoft Updates.

Windows Update Agent Log File

• WindowsUpdate.log – Located in %WINDIR%. Provides information about when the Windows Update Agent connects to the WSUS server and retrieves the software updates for compliance assessment and whether there are updates to the agent components.

(Taken from: HELO Windows Blog- http://blogs.msdn.com/lxchen/archive/2009/04/03/a-list-of-sccm-log-files.aspx)

Symptoms

Users’ Home Folder maps incorrectly on workstations.
The home folder is mapped to the base share instead of the complete path to the profile.
This only happens on PCs. When logging on to terminal servers the mapping is done correctly.

Example:
Home folder set to: fileServerCompanyDepartmentUserName
The mapping that the user receives : fileServerCompany
Manually mapping the path completes successfully and all files are accessible.

The users are the owners of their folders and all permissions are sufficient for drive mapping.  

Cause

Network delays may cause the workstation to try and map the home folder before completely initializing networking during logon.

Resolution

Apply the following setting using GPO :

Computer Configuration / Administrative Templates / System / Logon / Always wait for the network at computer startup and logon

More Information

Description of the Windows XP Professional Fast Logon Optimization feature
http://support.microsoft.com/kb/q305293/

Info from the policy’s description

Determines whether Windows XP waits for the network during computer startup and user logon. By default, Windows XP does not wait for the network to be fully initialized at startup and logon. Existing users are logged on using cached credentials, which results in shorter logon times. Group Policy is applied in the background once the network becomes available.

Note that because this is a background refresh, extensions such as Software Installation and Folder Redirection take two logons to apply changes. To be able to operate safely, these extensions require that no users be logged on. Therefore, they must be processed in the foreground before users are actively using the computer. In addition, changes that are made to the user object, such as adding a roaming profile path, home directory, or user object logon script, may take up to two logons to be detected.

If a user with a roaming profile, home directory, or user object logon script logs on to a computer, Windows XP always waits for the network to be initialized before logging the user on.

If a user has never logged on to this computer before, Windows XP always waits for the network to be initialized.

If you enable this setting, logons are performed in the same way as for Windows 2000 clients, in that Windows XP waits for the network to be fully initialized before users are logged on. Group Policy is applied in the foreground, synchronously.

If you disable or do not configure this setting, Windows does not wait for the network to be fully initialized and users are logged on with cached credentials. Group Policy is applied asynchronously in the background.

Note: If you want to guarantee the application of Folder Redirection, Software Installation, or roaming user profile settings in just one logon, enable this setting to ensure that Windows waits for the network to be available before applying policy.

Note: For servers, the startup and logon processing always behaves as if this policy setting is enabled.

Quote from Microsoft’s Official eBook "Configuring Windows Server 2008 Active Directory"

"It is highly recommended that you enable the Always Wait For Network At Startup And Logon policy setting for all Windows XP and Windows Vista clients. Without this setting, by default, Windows XP and Windows Vista clients perform only background refreshes (of GPOs), meaning that a client might start up and a user might log on without receiving the latest policies from the domain."

Issue:
Trend Micro OfficeScan Version 8.0 SP1 on a server 2008 Failover Cluster may cause the cluster service to fail while moving a resource group. 

Cause:
Current TDI Driver of the OfficeScan causes a loss of connectivity between the cluster nodes, and may cause the cluster service on one of the nodes to fail. The current version of  office scan doesn’t support Windows Server 2008 Clusters yet. It should be supported in the next version. 

Workaround:
Until the newer version of OfficeScan, a workaround is available for this issue.
Follow these instruction : 

Open Device Manager
Select View > Show Hidden Devices
Expand Non-Plug and play devices
Select Trend Micro TDI Driver  > Properties
Go to Driver tab
Under Current Status press the stop button
Under Startup change the type to Disabled (Uninstalling the driver didn’t work, because it was installed automatically at the next boot.) 

Repeat these steps on both nodes and restart them.

SP 1 for System Center Data Protection Manager 2007 will be available on December 8th 2008. Along with the roll up update this release enhances many of the core features of DPM 2007. The key among them being

1. Protection of Hyper-V� virtualization platforms
2. Enhanced SQL Server 2008 protection
3. Microsoft Office SharePoint Server 2007 and Windows SharePoint Services 3.0
4. Protection for Exchange Server 2007 Standby Cluster Replication (SCR)

In addition to enhancing the protection of each of the core Microsoft application workloads, additional capabilities have also been introduced with the release of DPM 2007 SP1, such as:

1. Provision for a Client DPML answers customer demand for a more cost-effective way to protect Windows XP and Windows Vista clients using the same DPM 2007 infrastructure that protects their servers
2. Disaster Recovery capabilities within DPM 2007 SP1 now include the ability to leverage a 3rd party vaulting partner via the cloud (SaaS) powered by Iron Mountain.

Main Downloads page (catalog, documentation)

http://technet.microsoft.com/en-us/opsmgr/bb498232.aspx

Operations Manager Product Team Blog:

http://blogs.technet.com/momteam

SystemCenterForum.org

http://www.systemcenterforum.org

System Center Content Search (Vista gadget)

http://gallery.live.com/liveItemDetail.aspx?li=49e26ad0-113d-4f3d-a711-57f6530c75d9

System Center Operations Manager Blog Search:

http://search.live.com/macros/microsoft_user_assistance/sc_operations_manager_blogs

Event Flow Diagram

http://blogs.technet.com/momteam/archive/2007/10/30/event-alerts-perf-data-flow-in-opsmgr-2007.aspx

DWDATARP.exe (For setting Data Retention policies in the Warehouse)

http://blogs.technet.com/momteam/archive/2008/05/14/data-warehouse-data-retention-policy-dwdatarp-exe.aspx

End-To-End Task test:

http://www.systemcenterforum.org/testing-end-to-end-notification-in-opsmgr-or-essentials-2007-mp/

Targeting Best Practices Poster:

http://download.microsoft.com/download/f/a/7/fa73e146-ab8a-4002-9311-bfe69a570d28/BestPractices_Rule_Monitor_REV_110607.pdf

Best practices to use when you configure overrides in System Center Operations Manager 2007

http://support.microsoft.com/kb/943239

Authoring Guide:

http://download.microsoft.com/download/7/4/d/74deff5e-449f-4a6b-91dd-ffbc117869a2/OM2007_AuthGuide.doc

Effective configuration Viewer:

http://www.microsoft.com/Downloads/details.aspx?FamilyID=a9db4dca-6716-478d-89b9-42f27ebc76a8&displaylang=en

Override Explorer:

http://blogs.msdn.com/boris_yanushpolsky/attachment/4301837.ashx

Group membership:

http://www.systemcenterforum.org/list-ops-mgr-group-membership-using-powershell

http://blogs.msdn.com/boris_yanushpolsky/archive/2007/10/26/which-groups-is-a-particular-computer-member-of.aspx

Management Group Configuration tool:

http://blogs.technet.com/cliveeastwood/archive/2007/06/04/mginfo-management-group-license-and-summary-info-utility-for-operations-manager-2007-and-essentials-2007.aspx

Maintenance mode Scripts:

http://blogs.technet.com/cliveeastwood/archive/2007/09/18/agentmm-a-command-line-tool-to-place-opsmgr-agents-into-maintenance-mode.aspx

http://blogs.msdn.com/boris_yanushpolsky/archive/2008/03/04/one-more-maintenance-mode-script.aspx

How Microsoft Does IT (includes MOM 2005 and Ops Mgr documents):

http://technet.microsoft.com/en-us/library/bb687791(TechNet.10).aspx

(from http://www.microsoft.com/itshowcase)

Certificates for Windows 2008 and Ops Mgr:

http://blogs.technet.com/momteam/archive/2008/06/02/obtaining-certificates-for-ops-mgr.aspx

Adding Custom Information to alerts and Notifications:

http://blogs.technet.com/kevinholman/archive/2007/12/12/adding-custom-information-to-alert-descriptions-and-notifications.aspx

Last contact time Style reports:

http://blogs.technet.com/kevinholman/archive/2008/06/27/which-servers-are-down-in-my-company-and-which-just-have-a-heartbeat-failure-right-now.aspx

http://blogs.technet.com/kevinholman/archive/2008/06/27/creating-a-new-data-source-for-reporting-against-the-operational-database.aspx

Converting an MP to XMl (unseal it)

http://blogs.msdn.com/boris_yanushpolsky/archive/2007/08/16/unsealing-a-management-pack.aspx

Powershell basics:

http://blogs.msdn.com/scshell/

http://blogs.msdn.com/scshell/archive/2006/09/28/getting-started.aspx

Powershell script examples:

http://blogs.technet.com/brianwren/archive/2008/03/11/mms-command-shell-presentation.aspx

Effective Config Viewer:

http://www.microsoft.com/Downloads/details.aspx?FamilyID=a9db4dca-6716-478d-89b9-42f27ebc76a8&displaylang=en

Developing MPs

http://www.developer.com/design/article.php/3740486

Enable Proxying on Agents UI

http://blogs.msdn.com/boris_yanushpolsky/archive/2007/08/02/enabling-proxying-for-agents.aspx

What Thresholds Monitors Have

http://blogs.msdn.com/boris_yanushpolsky/archive/2007/08/07/so-what-thresholds-do-my-monitors-have.aspx

Boris Yanushpolsky’s blog

http://blogs.msdn.com/boris_yanushpolsky/default.aspx

Bulk Enable / Disable of rules or monitors (Override Creator):

http://blogs.msdn.com/boris_yanushpolsky/archive/2007/08/04/disabling-enabling-multiple-rules-monitors-discoveries-at-once.aspx

New KB Articles / Hotfixes Summary:

http://blogs.technet.com/cliveeastwood/rss.aspx?Tags=New%20and%20upcoming%20KB%20Articles/Operations%20Manager%202007&AndTags=1

Update Custom Fields

http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.opsmgr.powershell&tid=0bdee97c-95b6-4074-9eff-f7edca3d0ff2&cat=01DE69DE-CFDB-E7B7-8849-BF4BC19A6B88&lang=en&cr=US&sloc=&p=1

http://www.systemcenterforum.org/updating-custom-fields-in-alerts-operations-manager-2007/

Design Reports in SCOM:

http://opsmgr.wordpress.com/2007/07/19/want-to-design-a-new-report-in-scom-2007/

DB IOPS Performance

http://blogs.technet.com/momteam/archive/2008/06/24/performance-iops-for-the-db-and-dw-in-opsmgr-2007.aspx

DW Backup and Grooming:

http://searchwincomputing.techtarget.com/generic/0,295582,sid68_gci1316214,00.html

Creating tasks:

http://www.systemcenterforum.org/wp-content/uploads/PowershellTasks_v1.0.pdf

Planning and designing the infrastructure:

http://www.microsoft.com/downloads/details.aspx?FamilyId=AD3921FB-8224-4681-9064-075FDF042B0C&SAMI_Campaign_Name=IPD062708RTM_IPDDL&displaylang=en

Operations Manager Training Videos:

http://technet.microsoft.com/en-us/opsmgr/bb498237.aspx

Publishing Reports to Sharepoint:

http://blogs.technet.com/momteam/archive/2008/02/29/publish-reports-to-sharepoint.aspx

Operations Manager Reporting Guide:

http://download.microsoft.com/download/7/4/d/74deff5e-449f-4a6b-91dd-ffbc117869a2/OpsMgr2007_RprtGuide.doc

Configuring notifications for a specific alert:

http://blogs.technet.com/kevinholman/archive/2008/02/01/configuring-notifications-to-include-specific-alerts-from-specific-groups-and-classes.aspx

System Center Capacity Planner:

http://www.microsoft.com/systemcenter/sccp/default.mspx

Operations Manager Authoring Console:

http://download.microsoft.com/download/f/4/3/f438d6a0-290c-42b8-8f9c-c6660f89e1aa/OpsMgr07_x64_AuthConsole.exe

http://download.microsoft.com/download/f/4/3/f438d6a0-290c-42b8-8f9c-c6660f89e1aa/OpsMgr07_x86_AuthConsole.exe

Have you ever thought that 9 auditing options available in Windows (via Local security policy or GPO) are too general? Have you ever asked to make more granular auditing?

Now you can. You have about 50 new subcategories to audit:

System
  Security State Change
  Security System Extension
  System Integrity
  IPsec Driver
  Other System Events
Logon/Logoff
  Logon
  Logoff
  Account Lockout
  IPsec Main Mode
  IPsec Quick Mode
  IPsec Extended Mode
  Special Logon
  Other Logon/Logoff Events
  Network Policy Server
Object Access
  File System
  Registry
  Kernel Object
  SAM
  Certification Services
  Application Generated
  Handle Manipulation
  File Share
  Filtering Platform Packet Drop
  Filtering Platform Connection
  Other Object Access Events
Privilege Use
  Sensitive Privilege Use
  Non Sensitive Privilege Use
  Other Privilege Use Events
Detailed Tracking
  Process Creation
  Process Termination
  DPAPI Activity
  RPC Events
Policy Change
  Audit Policy Change
  Authentication Policy Change
  Authorization Policy Change
  MPSSVC Rule-Level Policy Change
  Filtering Platform Policy Change
  Other Policy Change Events
Account Management
  User Account Management
  Computer Account Management
  Security Group Management
  Distribution Group Management
  Application Group Management
  Other Account Management Events
DS Access
  Directory Service Access
  Directory Service Changes
  Directory Service Replication
  Detailed Directory Service Replication
Account Logon
  Credential Validation
  Kerberos Service Ticket Operations
  Other Account Logon Events
  Kerberos Authentication Service

Here you can find additional information about auditing:

http://technet.microsoft.com/en-us/library/cc766468.aspx

All events that are written to even log for each subcategory:

http://support.microsoft.com/default.aspx/kb/947226/en-us

And the way to enable and deploy it:

http://support.microsoft.com/kb/921469/en-us

Recommendation for enabling/disabling auditing subcategories are documented in Windows Server 2008 Security Guide:

http://technet.microsoft.com/en-us/library/cc264465.aspx

Have you ever wanted to recover deleted files, only to discover you don’t have a backup ?

With Windows Vista, you don’t have to worry

All of the Vista version support an automatic backup mechanism named VSS (Volume Shadow copy Service).

The VSS creates an automatic backup of files and folders within the OS volume (default setting in Vista), but you can define the VSS to protect any volume.

Windows Vista Business / Ultimate offer a simply GUI based process which enables users to retrieve a backup version of a file/folder by selecting the relevant file/folder’s  “properties” and select the “Previous Versions” tab. You can select to open, copy to restore the file/folder.

The “Previous Versions” tab is unavailable in Windows Vista Home Basic / Premium, however there is a free utility named “ShadowExplorer” which enables users to access the VSS backup versions of the files.

The ShadowExplorer software is available for download from the following URL – http://www.shadowexplorer.com/

There are 2 easy ways to control the VSS setting:

1. Enable / Disable VSS protection per volume through “My computer” -> “properties” -> “System Protection”

2. View & configure advanced VSS settings using the “vssadmin” at the command line prompt.

Check out the October issue of Technet Magazine. it was dedicated to Virtualization and has some good articles in it:

Virtualization: An Introduction to Hyper-V in Windows Server 2008

The introduction of Hyper-V makes virtualization an even more compelling solution for IT environments. Get an overview of today�s virtualization market and see how Hyper-V improves the manageability, reliability, and security of virtualization Rajiv Arunkundram

Virtualization: Manage Your Virtual Environments with VMM 2008

System Center Virtual Machine Manager provides a consolidated interface for managing your virtual infrastructure. The latest version adds support for Windows Server 2008 Hyper-V, as well as for VMware virtual machines. Explore the new features and get an overview of using VMM to centralize your management tasks. Edwin Yuen

Virtualization: Getting Started with Microsoft Application Virtualization

Microsoft Application Virtualization (App-V) allows you to deliver virtualized desktops to client systems throughout your organization. This simplifies system management and liberates employees from their desktops. Take a close look at how App-V works and discover how you can deploy it in your organization. Anthony Kinney

Virtualization: Achieving High Availability for Hyper-V

Consolidating servers onto fewer physical machines has many advantages, but it is extremely important that you plan for your systems to be highly available. Here�s a guide to using Windows Server 2008 Failover Clustering to bring high availability to your Hyper-V virtual machines. Steven Ekren

Virtualization: Backup and Disaster Recovery for Server Virtualization

Virtualization brings significant changes to disaster recovery. Here�s an introduction to how the Microsoft virtualization platform factors into your disaster recovery plan, as well as a deeper look into backup and restore options and considerations for Windows Server 2008 Hyper-V. Adam Fazio

Virtualization: Essential Tools for Planning Your Virtual Infrastructure

Is your infrastructure ready for virtualization? The Microsoft Assessment and Planning Toolkit, a network-wide infrastructure assessment tool, can help you better understand your IT infrastructure and determine whether your systems are ready for upgrade or migration to a variety of technologies, including virtualization. Jay Sauls and Baldwin Ng

From the Editor: It�s a Virtual(ized) World