Decommission problem in AD

January 30th, 2017 No comments

In long time I was asked to decommission one domain controller. It’s kinda straightforward process. But, yes again, I had a problem. When decommission process started I received error stated:”The operation failed because: Active Directory Domain Services could not configure the computer account DC_ACCOUNT$ on the remote Active Directory Domain Controller DC2_ACCOUNT$: “Access Denied.””.

 

 

I have checked my account and I was domain admin. My rights were alright.

Error “Access Denied” was interesting. Problem was checkbox called “Protect object from accidental deletion” on domain controller object which denied system to delete domain controller object:

 

To see this option you need to enable Advanced Features in Active Directory Users and Computers (dsa.msa) console.

Have a nice day,

Exchange 2010 versioning

April 28th, 2016 No comments

From some update there is no relevant information about version in Exchange 2010 SP3. Let’s try it in Powershell:

It says it’s 123.4 build which should coresponds to plaint Microsoft Exchange Server 2010 SP3 (Exchange Update Rollup numbers). This is not corrent information, because those servers have UR installed.

Using EMC I can see:

Which are also incorrect information about server versions. I suppose it’s just nicer output of Powershell cmdlet 🙂

Best way to find out it’s to use EMC console on server and use “About”:

You will get information which are correct:

It’s Update Rollup 11 for Exchange Server 2010 SP3.

It’s really bad that you cannot find Exchange version of all your Exchange servers in one place (Powershell or EMC). Let’s hope they will fix it in new Update Rollup 🙂

That’s all fokls for today.

Categories: Exchange, Microsoft Tags:

Quickie: DFSR not working

April 27th, 2016 No comments

Problem: One of our customer has about 30 locations across our country and they wanted to use DFSR to replicate folder content to all locations. At each location there is one Hyper-V host running Windows Server 2012 R2 OS with DFSR installed. Each server has three disks – C:\, D:\ and E:\. I have configured DFS Replication in DFS console, replicated AD across environment, and … and nothing happened. DFSR didn’t do anything. It did NOT even create its own private folders in “System Volume Information” folder. No error event in Event viewer. DFSR was set to replicate folder on disk D:\ – didn’t work. I tried to replicate directory on E:\ disk – didn’t work. So I tried to replicate folder on C:\ disk – it did work 🙂

Solution: I enabled DFSR debug logging. There was no error mentioned, but what I noticed was that disks D:\ and E:\ had same serial numbers and also same volume IDs. It was weird. But after some discussion I found out that those two disks were “copied” and “cloned” in Hyper-V environment. So that’s why they had same serial numbers and volume IDs. I found out that it can be a problem. So I had to change volume ID using Microsoft utility VolumeID. After I changed one disk volume ID and rebooted system, DFSR started to work as expected.

So never do disk cloning. Or if you do, change at least volume ID for those disks so Windows services don’t get confused. Looking into this problem took me one and half day! Thank you Microsoft 🙂

Categories: Microsoft, Quickie, Windows Tags:

VMWare vExpert 2016

February 8th, 2016 No comments

I was honored to be VMWare vExpert also this year 🙂

(http://blogs.vmware.com/vmtn/2016/02/vexpert-2016-award-announcement.html)

 

Categories: Unassigned Tags:

Lenovo/IBM manual update from BOMC medium

September 23rd, 2015 2 comments

Couple days ago I had following problem. I wanted to install the newest firmwares on Lenovo (IBM) x3650 M5 server. I used Bootable Media Creator to create CD with latest firmwares for this machine. Problem came when I looked into firmwares BOMC wanted to upgrade:

BOMC

BOMC

Problem was that I wanted to upgrade firmware for SAS card ServeRAID N2225 which was installed in this server. This card is also supported and there was also new firmware downloaded into BOMC directory:

BOMC

It looked like BOMC didn’t detect card in server and therefore it didn’t put it into the list of firmwares which should be upgraded. I tried other server which was in same configuration and it was same result. Then I tried to press ALT+F1 combination in BOMC. New bash shell came on screen. I tried list directory “ls -al” and I was there are all the files with firmwares. So I have tried to run binary with mentioned firmware:

BOMC

Tadaaaaa….firmware upgraded. It looks like Lenovo has some bugs in its tool BOMC. I hope Lenovo support will get at least close to IBM support.

Have a nice day,

 

Categories: Unassigned Tags: , , , , ,

Server to Server Storage Replication

September 10th, 2015 1 comment

Today I played with Windows Server 2016 and its new feature called “Server to Server Storage Replication”. First of all I had to create two virtual server with Windows Server 2016 installed. I also created new domain. After all was done I installed two features on both servers using powershell:

Install-WindowsFeature -Name Storage-Replica -IncludeAllSubFeature -IncludeManagementTools -Restart

There is couple conditions that have to be met before you can use Server Storage Replication:

  • You must create two volumes on each enclosure: one for data and one for logs.
  • Log and data disks must be initialized as GPT, not MBR.
  • The two data volumes must be of identical size.
  • The two log volumes should be of identical size.
  • All replicated data disks must have the same sector sizes.
  • All log disks must have the same sector sizes.
  • The log volumes should use flash-based storage, such as SSD.
  • The data disks can use HDD, SSD, or a tiered combination and can use either mirrored or parity spaces or RAID 1 or 10, or RAID 5 or RAID 50.
  • The data volume should be no larger than 10TB (for a first test, we recommend no more than 1TB, in order to lower initial replication sync times).
  • The log volume must be at least 8GB and may need to be larger based on log requirements.

So I have created two new disks on both VMs. One was E: (DATA) 15 GB and other F: (LOGS) 10 GB.

Here is a list of all cmdlets which came with Storate Replication:

Storage Replication cmdlets

Let’s use Test-SRTopology to test if our VMs are ready for Storage Replication:

Test-SRTopology -SourceComputerName W2016-01 -SourceVolumeNames E: -SourceLogVolumeName F: -DestinationComputerName W2016-02 -DestinationVolumeNames E: -DestinationLogVolumeName F: -DurationInMinutes 10 -IntervalInSeconds 1 -ResultPath C:\tmp\

This cmdlet checks all the prerequirements and also test performance between servers:

Testing prerequirements

When everything is alright and working you get nice report. Now you are ready to create new Storate Replication Partnership and Group.

Let’s create SR partnership:

New-SRPartnership -SourceComputerName W2016-01 -SourceRGName RG01 -SourceVolumeName E: -SourceLogVolumeName F: -DestinationComputerName W2016-02 -DestinationRGName RG02 -DestinationVolumeName E: -DestinationLogVolumeName F:

When new partnership is created you can see the result in powershell:

Storage Replication Partnership

and it also created logfiles on log volume. Default size is 8GB. You can change it if you want based on report after Test-SRTopology:

Storage Replication LOGS

Other interesting thing is that data volume on destination server is disconnected/dismounted. So replicated data are not accessible. So let copy some files on Source volume. When I copied something on source data volume I noticed activity on network between nodes:

Store Replication Performance

We can also see some events saying about replication between nodes:

Store Replication Event

When we want to check if anything was copied on other side we need to switch replication other way around. It’s because replicated data disk is not accessible on destination server. This can look very odd, but replication is only one-way. If we want to switch replication direction we do this using powershell:

Set-SRPartnership -NewSourceComputerName W2016-02 -SourceRGName RG02 -DestinationComputerName W2016-01 -DestinationRGName RG01

There is also problem with low memory servers (2GB and less). They stop replicate because of low memory problem. I would expect some GUI console to this feature even Powershell is fine 🙂

If you want to see events from Storate Replication provider you can use following cmdlet:

Get-WinEvent -ProviderName Microsoft-Windows-StorageReplica | select timecre*,id,messa*

So let’s wait what will be in the final version of Windows Server 2016.

That’s all folks.

HP wasn’t ready to split

August 4th, 2015 No comments

Yesterday I was trying to download HP Service Pack for ProLiant (SPP) from HP.COM website. It didn’t work at all – still some HTTP errors. Finally I found out that HP moved all its stuff to new domain hpe.com (HP Enterprise). That’s fine, but they forgot to rewrite all urls on websites to new hpe.com. 🙂 Finally I tried couple google hacks and I found HP FTP server where I could browse and find what I was looking for ftp://ftp.hp.com/pub/softlib2/software1/cd-generic/p67859018/.

Maybe this help someone faster than looking on slow HP’s websites.

 

Categories: Unassigned Tags:

Upgrade na Windows 10

July 31st, 2015 No comments

Prisiel ten cas ked je Windows 10 vonku a vela ludi sa chysta na migraciu. Danu aktualizaciu z Windows 8.1 na Windows 10 som absolvoval aj ja. Ak sa vam nechce cakat na to, aby vas vas operacny system vyzval k danej aktualizacii, tak si mozete danu aktualizaciu vynutit. Vynutit sa da stiahnutim cca 20 MB suboru z tejto stranky.

Spusti sa vam sprievodca, ktory vam ponukne stiahnut data pre vytvorenie DVD/USB media alebo spustenie aktualizacie. Ja som sa rozhodol spustit aktualizaciu. Stahovalo to cely windows na C: disk:

Windows 10 downloading

A nasledne sa spustila aktualizacia. Lenze mna zarazilo nasledovne okno:

Windows 10 selection

Mozno cislo jedna bola vysedena a nebolo mozne ju vybrat. Microsoft, bohuzial, dovoli pouzit prvu moznost len pre Windowsy, ktore su v jazykoch: Anglicky, Brazilsky, Portugalsky a jednoducha Cinstina. Je to smutne ale je to tak. Skusal som zeditovat aj instalacku a jej nastavenia ale nic nepomohlo. Taktiez som skusal zmenit nastavenia Windowsu na inu ako Slovensku lokaciu a taktiez nepomohlo. Vyzera, ze pri stahovani aktualizacie si dana aplikacia stiahla slovensku verziu aktualizacie a aj instalacky:

Windows 10 Slovak

Takze neostavalo nic ine ako ist na tuto stranku a stiahnut anglicku verziu instalacky. Ked sa po stiahnuti dana instalacka pustila, tak vsetko slo ako po masle:

Windows 10 Eng

Vsetky nastavenia mi ostali. Par aplikacii bolo potrebne preinstalovat (VPN klienti) ale inak vsetko funguje ako ma a uz fungujem na Windows 10:

Windows 10 ver

Nemam odskusane ci pri instalacii anglickej verzie Windows 10 sa zanecha slovenske prostredie alebo treba este doinstalovat slovencinu.

Dufam, ze dany navod pomoze niekomu dalsiemu 🙂

Set account to expire on midnight

April 20th, 2015 No comments

Customer requested to force active directory accounts to expire on midnight or in the night and not during the day. So I’ve created following script to do so:

$UserList = Get-ADUser -Filter * -SearchBase "OU=USERS,DC=domain,DC=local" -Properties "DisplayName", "PasswordLastSet"
$Today = (Get-Date)
$MaxPasswdAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge

ForEach ($User in $UserList)
   {
   $ExpireDate = ($User.PasswordLastSet) + $MaxPasswdAge
   $DaysToExpire = (New-TimeSpan -Start $Today -End $ExpireDate).Days
   If ($DaysToExpire -eq 1)
      {
      Set-ADUser -Identity $User -ChangePasswordAtLogon $true
      }
   }

#EOF

This script runs everyday at 23:55.

I found couple examples how to change pwdLastSet attribute on AD user’s object, but I don’t like that. I think this is cleared way to do so.

Have a nice day,

Problem with MTU

April 15th, 2015 4 comments

Problem

One of our customer has two branches. There is Site-2-Site VPN (based on Cisco ASA devices) between those two branches. There was weird problem when traffic went through that Site-2-Site VPN tunnel. Some communications were fine, but most of them didn’t work. Problems that we noticed:

  • OutlookAnywhere didn’t work
  • Domain controllers from both sides couldn’t replicate
  • HTTPS connections didn’t work
  • ESX client didn’t connect to ESXi server via tunnel (Call “ServiceInstance.RetrieveContent” for object “ServiceInstance” on Server…)

Solution

Change MTU on computer to something lower than 1500 MTU. You can use following commands:

netsh int ip show int

netsh interface ipv4 set subinterface “Local Area Connection” mtu=1300 store=persistent

If everything works, you need to adjust MTU on Cisco ASA devices. There is great article about it HERE. We used Method 2.

This change made local administrators very very very happy 🙂

Categories: Computer network Tags: