auto-mount VHD Disks

On Server 2008 R2 and newer, VHD files can be mounted using Windows Disk Management MMC (diskmgmt.msc):

vhd1

You can mount a VHD using the “Action” Menu:

vhd2

But as soon as the Server gets restarted, you need to re-mound the VHD File manually. Microsoft provides no way to do this automatically using onboard tools. So you have the following choice:

  1. either create a batch script that calls fsutil.exe to mount the VHD file on startup
  2. or to use the cool and easy VHDattach Tool: http://www.jmedved.com/vhdattach

This tools allows you to open existing VHD files and select “auto-mount” (see screenshot):

vhd3

I mounted a Backup Exec Dedup Store as VHD file. For my example, it was necessary to re-configure the Dedup Service to Delayed start in services.msc.

Advertisements

Windows Defragmentation Decision Process

Windows Server 2012 Defrag does not just defragment Volumes like in earlier versions. There’s a decision process behind, that selects the appropriate method for each volume.

Decision Process

The following commands are based on the new Optimize-Volume PowerShell cmdlet. Most of the parameters correspond to defrag.exe’s parameters. The Decision process works like this.

# For HDD, Fixed VHD, Storage Space:
Optimize-Volume -Analyze -Defrag

# Tiered Storage Space
Optimize-Volume -TierOptimize

# SSD with TRIM support
Optimize-Volume -Retrim

# Storage Space (Thinly provisioned), SAN Virtual Disk (Thinly provisioned), Dynamic VHD, Differencing VHD
Optimize-Volume -Analyze -SlabConsolidate -Retrim

# SSD without TRIM support, Removable FAT, Unknown
No operation.

Graphical Defrag Tool

The classical GUI Tools for Defrag still extists. If you open it, you’ll see theres a predefined schedule for a weekly defragmentation of your system volume. Depending on the type of storage you’re using, defrag only will run a short trim or other optimization at that time. In virtualized environments, you have either thin provisioned storage from vSphere or from storage. Because of this, Defrag will not start a classical defragmentation anymore on VM’s. Instead, a re-Trim / Slab-consolidation will start and takes only a few seconds / minutes to complete (depends on size).

PowerShell cmdlet

Server 2012 R2 also has a PowerShell cmdlet called “Optimize-Volume” that can be used instead of the classic defrag.exe tool. Both can handle the same functions, the cmdlet has an additional StorageTier Optimization function for Storage Spaces.

Information about the cmdlet is here:
http://technet.microsoft.com/en-us/library/hh848675.aspx

Search Service Cluster Edition

Windows Server File Services is a classic well known Service form Microsoft. If you use the Search bar on the top of every Windows Explorer Window since Windows 7, your fileserver will respond very fast with an result, but only if Search Service is installed. If not, you’ll see a slow and long time working search, that displays one file found aftern another.

Setup Steps

If you follow this order of steps, you’ll have success:

  • Configure Search Service as described below
  • Move Clustered File Server with all Drives to the other Node
  • Configure Search Service on other Node(s)
  • Setup Clustered Service (details at the end of article)

Here are the detailed configuration steps:

Search Service Configuration

Because Search Index can be used for multiple drives of a file server / cluster, we will use an additional, clustered Drive using letter S. The following configuration steps must be dont on both cluster nodes individually, while the file server cluster role is active on that node.

  • Create folder S:\Search, if it doen’t already exist
  • Stop service “Windows Search” and set startup type to “manual”

To force windows to use the new search index location also after a index reset, the following registry key must be modified.

HKLM\Software\Microsoft\Windows Search\
DataDirectory -> S:\Search\Data\
DefaultDataDirectory -> S:\Search\Data\

  • start Service „Windows Search“
  • check folder content: die search put in some files here?

Now we configure the folders to be indexed. The easiest way would be using the GUI in control panel. For easy access, just create a desktop icon for this command:

control /name Microsoft.IndexingOptions

  • click on “modify” to de-select existing indexed locations
  • add all to-be-indexed shares
  • stop Windows Search Service

Configuration complete – on this node. Now the same steps are required on the other node too.

Setup Clustered Generic Service

After configuring both Nodes with the steps above, we can create a Clustered Generic Service for Windows Search.

  • start Failover Cluster Manager
  • Add a “Generic Service” under your fileserver’s Role
  • Open Properties of the new Service and add a Dependency for Drive S:
  • right-click on the Search Service and choose “bring online” to start
  • test if Failover works by doing Failover and re-check the Search Configuration

Done.

Sources:

JetPack for DHCP DB maintenance missing?

During my learning courses of Server 2012, I just tried to do a DHCP Database maintenance using JetPack. I really didn’t found that executable, so I also tried doing the same under Server 2008r2. No success. Know why? JetPack is only installed in combination with the WINS Role. Who does still use WINS?!? (Sorry for that.)

So if you don’t want to install the WINS Role only to get the JetPack executable back, there is one other way.

  1. Open Explorer, Browse to %windir%\System32
  2. Use the Search Box and enter “JetPack”
  3. Copy the executable to %windir%\System32\dhcp
  4. Run your maintenance

Source:

Technet Article; Jetpack.exe on Windows 2008 server

KB145881 How to Use Jetpack.exe to Compact a WINS or DHCP Database

Cluster Shared Volumes (CSV)

Server 2008 R2 / 2012 came with a new failover Cluster feature called Cluster Shared Volumes (abbrev: CSV). This is a new feature that enables accessing a LUN from multiple a Windows Failover Cluster Nodes at the same time.  In past, this was not possible on Windows Failover Clusters.

Lets take a look on to the details.

Advantages

  • all nodes in a cluster can access the LUN at the same time, no failover needed
  • if a node’s storage connection fails / has issues, the node can send the write/read requests over LAN to another Node to write/read the needed stuff for him (“The cluster will re-route the communication through an intact part of the SAN or network”, Technet [1] )

Disadvantages

  • From Technet: “Be sure to review carefully what your backup application backs up. Also, for management operating-system based backup, ask your backup application vendor about the compatibility of your backup application with Hyper-V and with Cluster Shared Volumes.” [3]
  • a MUST for Hyper-V, but no advantage for Applications that don’t run more than one instance on the same volume at the same time (e.g. SQL failover cluster, one instance, two servers)
  • NOT SUPPORTED for SQL Server clustered Workloads [4]

Manuals

add storage to Clustered Shared Volumes in Windows Server 2012

Sources

[1] Understanding Cluster Shared Volumes in a Failover Cluster
[2] Recommendations for Using Cluster Shared Volumes in a Failover Cluster
[3] Backing Up Cluster Shared Volumes

[4] Use Cluster Shared Volumes in a Windows Server 2012 Failover Cluster

.

AD 2008 Password Setting Objects

Nach einiger Internet Recherche habe ich herausgefunden wie man die neuen Password Policies im Active Directory ab Version 2008 einsetzt. Gar nicht so einfach…

Bereits vorhandene PSO anzeigen

Wenn bereits eine PSO erstellt wurde ist sie unter folgendem Pfad abgelegt. Dieser ist nur zu sehen wenn die Advanced Features im View Menü aktiviert sind.

CN=Password Settings Container,CN=System,DC=Domäne,DC=de

PSO über ADSI Edit anlegen

Der ADSI Editor ist unter Server 2008 bestandteil der Administrative Tools und kann direkt aus dem Startmenü aufgerufen werden. Dort navigiert man gleich zum Password Settings Container (Pfad siehe oben) und erstellt über Rechtsklick -> New -> Object ein neues “msDS-PasswordSettings Object. Daraufhin kann man folgende Fragen beantworten:

Attribute
Wert (Beispiel)
Beschreibung
cn
PSO für Chefs
msDS-PasswordSettingsPrecedence
10
muss >0 sein, das niedrigste hat Vorrang
msDS-PasswordReversibleEncryptionEnabled
FALSE
[boolean] FALSE ist dringend empfohlen
msDS-PasswordHistoryLength
3
[0-1024] in Tagen
msDS-PasswordComplexityEnabled
TRUE
[boolean]
msDS-MinimumPasswordLength
8
[0-255]
msDS-MinimumPasswordAge
00:01:00:00
[dd:hh:mm:ss]
msDS-MaximumPasswordAge
120:00:00:00
[dd:hh:mm:ss] muss >= sein als [minimum Age]
msDS-LockoutThreshold
12
[0-65535] Anzahl der Fehlversuche bis Sperre
msDS-LockoutObservationWindow
00:00:20:00
[dd:hh:mm:ss] Zeitspanne der Fehlversuche
msDS-LockoutDuration
00:00:20:00
[dd:hh:mm:ss] Zeitspanne bis Account freigabe

Erscheint beim erstellen eine Fehlermeldung kann dies zwei Gründe haben:

(1)  Falsche Angaben bei den Attributen
Die Verdächtigen sind dabei die Attribute, die eine Zeitangabe in Form von Tage:Stunden:Minuten:Sekunden enthalten. Z.B. darf der Wert im Attribut msDS-LockoutObservationWindow nicht größer sein (höchstens gleich) als der Wert im Attribut msDS-LockoutDuration.

(2) UAC
Möglicherweise muss ADSI Edit explizit als Administrator gestartet werden.

PSO über PowerShell Anlegen

Über PowerShell ist das Anlegen einer PSO natürlich viel einfacher, sofern man nicht schon an fehlenden Modulen scheitert: PowerShell Module und SnapIn’s
Mit dem New-ADFineGRainedPAsswordPolicy Befehl kann jede Option über Parameter mitgegeben werden. Schön dargestellt mit jedem Parameter auf einer Linie (verbunden mit dem `-Zeichen am Ende jeder Zeile) sieht das dann so aus:

New-ADFineGrainedPasswordPolicy `
-Name “PSO for Manager” `
-Precedence 10 `
-ReversibleEncryptionEnabled $false `
-PasswordHistoryCount 3 `
-ComplexityEnabled $true `
-MinPasswordLength 8 `
-MinPasswordAge “1:00” `
-MaxPasswordAge “120” `
-LockoutThreshold 12 `
-LockoutObservationWindow “0:20” `
-LockoutDuration “0:20”

Details zum Befehl: http://technet.microsoft.com/en-us/library/ee617238.aspx

PSO an Benutzergruppen knüpfen

Nun muss über die Eigenschaften nur noch definiert werden für welche Benutzergruppen die PSO gelten soll. Dazu trägt man bei msDS-PSOAppliesTo einfach eine Benutzergruppe ein:

Quellen
http://blog.dikmenoglu.de/…

Creating a RODC

This is a short quick step guide to create a RODC on Server 2008 R2.

Requirements:

  • Create an additional Security Group (i.e. “RODCx Admins”)

Step-to-Step Guide:

  • Go to Roles and add Active Directory Services as usual
  • Start “dcpromo” using the Run Command
  • “Use advanced mode installation”, what else? 🙂
  • Add the domain controller to an existing forest
  • On the “additional Domain Controller Options” Page choose “Read-only domain controller (RODC)
  • Enter the manually created Security Group to manage the RODC Server

There’s another possibility to create to RODC without having any connection to any “normal” DC using an previously created installation media.

Source:
http://technet.microsoft.com/en-us/library/cc754629%28WS.10%29.aspx