leedesmond’s blog

Background:
Migration to Active Directory Certificate Services based on Windows Server 2008 R2 from Windows Server 2008 RTM or Windows Server 2003 SP2.

Problem statement:
Not able to install Certification Authority Web Enrollment role services in Active Directory Certificate Services, AD CS.

[Window Title]
Add Role Services

[Main Instruction]
Cannot install Certification Authority Web Enrollment.

[Content]
Active Directory Certificate Services setup failed with the following error:  The parameter is incorrect. 0×80070057 (WIN32: 87)

[OK]

Resolution:
Modify SetupStatus at HKLM\System\CurrentControlSet\Services\CertSvc\Configuration to 0×6001.

Thanks Rob for helping to sort this out!

Technorati tags: Security, Windows Server 2008 R2

No Comments »

All you want to know about Remote Desktop Services in Windows Server 2008 R2 in a visual component architecture poster highlighting:

• Remote Desktop Session Host
• Remote Desktop Virtualization Host
• Remote Desktop Connection Broker
• Remote Desktop Web Access
• Remote Desktop Gateway
• Remote Desktop Licensing
• RemoteFX

Use this in conjuction with the other visual references to complete the big picture around Windows Server 2008 R2.

• Windows Server 2008 and R2 Feature component posters (here and here)
• Windows Server 2008 R2 Hyper-V Component Architecture poster (here)

Technorati tags: Windows Server 2008 R2 , Remote Desktop Services/Terminal Services

No Comments »

The following error may appear if you restore a virtual hard disk (VHD) and attempt to attach it to a new guest virtual machine (or child partition) in Hyper-V R2:

[Window Title]
New Virtual Machine Wizard

[Main Instruction]
The server encountered an error while configuring hard disk on virtualMachineName.

[Content]
Failed to add device ‘Microsoft Virtual Hard Disk’.

User Account does not have permission to open attachment.

Cannot get information for attachment ‘C:\ClusterStorage\Volume1\virtualMachineName\virtualMachineName_disk_1.vhd’

Account does not have permission to open attachment.

[Expanded Information]
‘virtualMachineName’ failed to add device ‘Microsoft Virtual Hard Disk’. (Virtual machine ID  - - - - )

‘virtualMachineName’: User account does not have permission required to open attachment ‘C:\ClusterStorage\Volume1\virtualMachineName\virtualMachineName_disk_1.vhd’. Error: ‘General access denied error’ (0×80070005). (Virtual machine ID  - - - - )

‘virtualMachineName’: Cannot get information for attachment ‘C:\ClusterStorage\Volume1\virtualMachineName\virtualMachineName_disk_1.vhd’. (Virtual machine ID  - - - - )

‘virtualMachineName:  account does not have permission required to open attachment ‘C:\ClusterStorage\Volume1\virtualMachineName\virtualMachineName_disk_1.vhd’. Error: ‘General access denied error’ (0×80070005). (Virtual machine ID  - - - - )

[^] Hide details  [Close]

This error is caused by the file level NTFS permissions that were restored together with the VHD. The resolution is simple: navigate to the folder containing the affected VHDs, call out the VHD’s properties, go to the Security tab and change permissions to inherit from the parent folder.

Technorati tags: Hyper-V, Windows Server 2008 R2

No Comments »

Looking at the excitement around Communications Server “14″, one of the most common question that an IT Professional or administrator should always ask about is the system requirements. Whether in a test, proof-of-concept (POC), migration/co-existence or production environment, a successful roll-out and trouble-free operations require thorough considerations of all aspects of the CS “14″ specifications.

In this blog post, you will find a summary that you can adopt as a guide to the recommended requirements. Microsoft noted that the enterprise configuration is tested to be capable of supporting up to 10′000 user pool with ten Front-End and one SQL Back-End physical servers running all CS “14″ modalities. Naturally your mileage may vary depending on your unique environment.

Unless otherwise stated, the suggested configurations are applicable to all CS “14″ roles (Front/Back-End, Edge, Monitoring, Archiving, etc.). They are based on official information released during Tech.Ed NA 2010 (New Orleans) and are subject to change.

Hardware Requirements

• Intel/AMD CPU 8-core x64 (dual quad-ore) 2.00GHz+
• 12 GB+ (Front-End), 32 GB+ RAM Memory (Back-End)
• 72GB+ size, 10K+ RPM hard disk storage (multiple spindles preferred)
• 2 network adapters, 1 Gbps+ (with 1 NIC dedicated for CS “14″)

Software Requirements

Apart from those that are shipped in the Windows platform, CS “14″ will prompt you to install the necessary setup prerequisites for the selected server roles/services if they are missing (marked with *):

• x64 editions of Windows Server 2008 R2 or Windows Server 2008 SP2 (Standard, Enterprise, Data Center Editions)
• Windows PowerShell v2.0 RTM
• .NET Framework 3.5 SP1
• selected IIS modules e.g. IIS logging*
• IIS Rewrite Module 2.0 (redistributable)*
• Visual C++ 2008 (redistributable)*
• Message Queuing (MSMQ)*

Back-End Database

The Standard Edition of CS “14″ comes with SQL 2008 Express Edition and is automatically installed as an integral part of the server role. For the Enterprise Edition, the back-end requirements are listed here. As of this writing, no announcement has been made for the support of SQL Server 2008 R2.

• Microsoft SQL Server 2008 SP1 or SQL Server 2005 SP3
• x86 or x64 editions of SQL Server (64 bits recommended)
• SQL 2005 Back Compatibility Mode*

Active Directory Environment

The Forest and Domain Functional Levels can be one of the following listed. Note that Read-only Domain Controllers (RODC) are supported and no specific Windows Server 2008 R2 features are used by CS “14″.

• Windows Server 2003
• Windows Server 2008
• Windows Server 2008 R2

On top of the pre-requisites for software requirements, the “Active Directory Domain Controller Tools” feature and CS “14″ PowerShell Provider are required if the AD Schema Prep step were to be performed remotely on a member server.

Technorati tags: LCS/OCS/CS14, Communications Server 14

No Comments »

Due to an unforeseen event, Marc thepowershellguy.com will not be able to moderate the PowerShell Script Club session as part of the Swiss IT Pro User Group every 1st Tuesday monthly event.

Same time, same place (Tue 6 Jul 10 from 1815 hrs UTC+2) in its place, I shall be delivering a presentation on the following topic. The other session on Communications Server “14″ First Look will go on as planned.

PowerShell Script Club – Introduction to PowerShell Remoting

Windows remoting is a new feature in Windows PowerShell and widely deployed in many Microsoft enterprise applications from Exchange 2010 to the new Communications Server “14”. What is actually the fuss about? What do I need to start using this advanced feature? This presentation will walk you through with a basic introduction to this essential topic.

The entire team and community looks forward to seeing you in person!

Technorati tags: PowerShell, LCS/OCS/CS14, Community/User Groups, Communications Server 14

No Comments »

Running natively on Windows Server 2008 R2 is now supported with the release of Service Pack 3 for Exchange Server 2003 (link). In addition, SP3 adds support for running the Exchange Management Tools on Windows 7. The version of SP3 is 8.03.0083.006 and is available for x86 as well as x64 bits.

CDO for Exchange (CDOEx) users should consult KB982720. System requirements for SP3, release notes, and “how-to” install SP3 on Small Business Server 2008 are described here.

Technorati tags: Exchange Server, Windows Server 2008 R2

No Comments »

To have the ability to recover individual files and folders in a guest virtual machine hosted on Hyper-V RTM / R2, the protection group must specify Disk as the backup media (short term).

The DPM agent only needs to be installed on the physical Hyper-V host. It is not a prerequisite to setup the DPM Agent in each and every VM. Doing so, however, enables the administrator to define separate and complementary backup schedules with added flexibility in recovery, both at the VM (as seen from Hyper-V) and application (child partition’s viewpoint) levels.

Additionally, the Hyper-V server role must be installed on the DPM 2010 Server. This requires Windows Server 2008 RTM / R2, which in any case is the only supported x64 operating system for DPM 2010. It is not sufficient to just install the Hyper-V Manager.

Technorati tags: System Center, Data Protection Manager, Windows Server 2008 R2

No Comments »

If you deploy SCVMM to manage your virtual infrastructure, navigating to DPM / Protection Group and expanding the <clusterName> on the “Select Group Members” page will present you with the opportunity to pick from a list of virtual machines prefixed with <SCVMM> for backup.

Assuming that you have a clustered VM resource named Exchange, it will read “SCVMM Exchange Resources” below “<clusterName> (Cluster)”. Drill down to “HyperV” and put a check against “Backup Using Child Partition Snapshot\Exchange”. Complete the remaining steps to finalize your backup requirements (backup media, goals, schedule, etc.).

For the reverse procedure (data restore), click on the Recovery tab and move to the Browse tab. On the left hand pane, expand “Recoverable data” and choose the node representing the Active Directory domain name. Instead of the <clusterName> name, you will find “SCVMM Exchange Resources (<clusterNameFQDN>)” along with other protected servers and resources (SQL, SharePoint, etc.).

In order to recover the entire VM - virtual hard disks (vhd), Virtual Machines folders, XML/bin/vsv files, etc. - it is imperative to first select “All Protected HyperV Data” in the tree view (Protected Data) on the left hand side. Be aware that these files do not show up as individual items for selection.

On the list pane to the right, highlight “Backup Using Child Partition Snapshot\Exchange” and locate the desired recovery point, date, time and backup media using the calendar. Click on Recover where you have a choice on the “Recovery Type” page to perform restore using one of the options:

Recover to original instance
Recover as virtual machine to any host
Copy to a network folder
Copy to tape

For restoration of just the associated vhd files of the VM, double click “Backup Using Child Partition Snapshot\Exchange”. You can only pick a single vhd for recovery one at a time. The recovery target in this case is limited to “Copy to a network folder”. Should you attempt to replace the vhds using this approach, VMM may fail to start the VM and complain with the error:

Error (12711)
VMM cannot complete the WMI operation on server <clusterNodeNameFQDN> because of error: [MSCluster_Resource.Name=”SCVMM Exchange”] The group or resource is not in the correct state to perform the requested operation.

(The group or resource is not in the correct state to perform the requested operation (0×139F))

To learn more about a cluster and its nodes under DPM, simply hover and pause the mouse over the entity to see the corresponding tool tip:

<clusterName> consists of multiple servers, which may have unclustered resources. Unclustered resources are listed separately under server names. Since this list is sorted alphabetically, server names may appear somewhere else in this tree view.

<clusterNodeName> is part of a cluster. Unclustered resources on this server are listed here. Clustered resources belonging to the same cluster are listed under cluster name separately. Since this list is sorted alphabetically, cluster name may appear somewhere else in this tree view.

Environment
Hyper-V R2 in a 2-node Fail-over Cluster with Cluster Shared Volume, CSV*
System Center Virtual Machine Manager 2008 R2, v2.0.4273.0
Data Protection Manager 2010 RTM*

*  Windows Server 2008 R2

See also:
Restore of hyper-v VM’s on DPM 2010 in Data Protection Manager

Technorati tags: System Center, Data Protection Manager, Virtual Machine Manager, Windows Server 2008 R2

No Comments »

Es gibt nur wenigen Platz für den Windows Server 2008 R2 Basics Kurs bei EB Zürich, den nächste Woche in Zürich am Montag 31.5.2010 (für 4x) stattfinden wird. Interessern bitte melden Sie sich unverzüglich hier an.

Technorati tags: Event, Training, Windows Server 2008 R2

No Comments »

Various network settings on local and remote machines can be configured using the netsh utility shipped in Windows. Run it interactively at the command line or deploy it together with scripts and batch files, netsh provides functionality that are typically exposed in Microsoft Management Console (mmc) snap-in and more!

Certain network functionality and client technologies can only be accessed through netsh. Some examples include IPv6, remote procedure call (RPC), network bridge to Network Access Protection (NAP) client and Wirelesss Hosted Network. With no native graphical user interface to configure network settings in Windows Server 2008 R2: Server Core, netsh knowledge can save you hours of potential frustration.

You can consult the Windows Server 2008 R2 and Windows Server 2008 Netsh Technical Reference to learn more about netsh. The acquired skills are applicable to Windows XP and above.

Technorati tags: Windows 7, Windows Server 2008 R2

No Comments »