Creating Azure-like Windows Server Images with System Center

Update

——————————————————————————

A small update on this topic. If you do not want your customers to face error 0x800F0906 when they try to install .NET Fraemwork 3.5 on Windows Server 2012 or 2012 R2 I would suggest you to install and disable .net FRamework 3.5 feature with DISM prior syspreping your images. The following commands should do the work:

For Windows Server 2012:

dism /image:”D:\2012″ /enable-feature /featurename:NetFx3 /All /Source:G:\sources\sxs

dism /image:”D:\2012″ /disable-feature /featurename:NetFx3

where D:\2012 is your mounted 2012 VHD and G:\sources\sxs is the installation files on your Windows Server 2012 setup DVD.

For Windows Server 2012 R2

dism /image:”D:\2012r2″ /enable-feature /featurename:NetFx3 /All /Source:G:\sources\sxs

dism /image:”D:\2012r2″ /disable-feature /featurename:NetFx3

 

where D:\2012r2 is your mounted 2012 R2 VHD and G:\sources\sxs is the installation files on your Windows Server 2012 R2 setup DVD.

After executing the commands you can commit the image. That way when your customers try to install .NET Framework 3.5 will not recieved the error and do not have to uinstall KB2966828: MS14-046: Description of the security update for the .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2: August 12, 2014 or KB2966827: MS14-046: MS14-046: Description of the security update for the .NET Framework 3.5 on Windows 8 and Windows Server 2012: August 12, 2014.

—————————————————————————–

When you go to Microsoft Azure and try to create a Windows Server virtual machine you will see that Microsoft displays a couple of images with different dates:

image

As you can see you can choose a different patch level.

And when you create virtual machine in Azure and logon on it to see installed updates you will see that most of them are installed on one particular date:

image

This got me thinking on how Azure makes them own Windows Server images? And of course is there a way to do that on-premise?

So you’ve probably figured out already how Azure probably do it:

  1. Create base image for every OS version without none or some updates.
  2. Make a copy of a base image and update it with the latest updates.

  3. Publish the updated image to the portal.

But let’s go into detail about the three main OS versions (Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 SP1) and how to create these images with some System Center magic.

Let’s first start with:

Creating base image for Windows Server 2008 R2 SP1

First you need to grab Windows Server 2008 R2 SP1 iso from MSDN or Volume license. As Azure is using Datacenter Edition for all their server versions I will use the same.

Than you can easily convert the iso to VHDX with the following script:

.\Convert-WindowsImage.ps1 -SourcePath “D:\en_windows_server_2008_r2_with_sp1_x64_dvd_617601.iso” -VHDFormat VHDX -Edition “ServerDataCenter” -SizeBytes 120GB -RemoteDesktopEnable -VHDPath D:\WS2008R2SP1Base.vhdx -VHDType Dynamic

If you want to use other editions or different disk size you can change the parameters to whatever makes sense in your case.

After that it is good to install IE11 in advance. That could happen by mounting the VHDX file with dism:

dism /mount-image /imagefile:”D:\WS2008R2SP1Base.vhdx” /mountdir:D:\2008r2 /index:1

Than you apply IE11 prerequisites:

dism /Image:”D:\2008r2″ /add-package /Packagepath:”D:\Windows6.1-KB2729094-v2-x64.msu

dism /Image:”D:\2008r2″ /add-package /Packagepath:”D:\Windows6.1-KB2726535-x64.msu

dism /Image:”D:\2008r2″ /add-package /Packagepath:”D:\Windows6.1-KB2670838-x64.msu

dism /Image:”D:\2008r2″ /add-package /Packagepath:”D:\Windows6.1-KB2834140-v2-x64.msu

dism /Image:”D:\2008r2″ /add-package /Packagepath:”D:\Windows6.1-KB2786081-x64.msu

And now you can install IE11 itself:

dism /Image:”D:\VHD\2008″ /add-package /Packagepath:”D:\IE11-Windows6.1-KB2841134-x64.cab

As you will probably use this image on Hyper-V server 2012 or 2012 R2 it is good to install the latest Integration Service. They can be found by mounting iso file located in “C:\Windows\System32\vmguest.iso” on  Windows 8.1 or Windows Server 2012 R2:

dism /Image:”D:\2008r2″ /add-package /Packagepath:”E:\support\amd64″

After applying this last update you can save the image by committing the changes:

dism /unmount-image /mountdir:”D:\2008r2″ /commit

If you want too apply some additional configurations to that base image like firewalls rules and etc. you need to create a VM from that image. Install the OS. Make the changes you want to the VM and sysprep it with the following command:

.\Sysprep.exe /generalize /shutdown /oobe

After the sysprep command your Windows Server 2008 R2 SP1 base image is ready.

Creating base image for Windows Server 2012

The steps for Windows Server 2012 base image are similar. Download your iso from MSDN or Volume License.

Convert the iso:

.\Convert-WindowsImage.ps1 -SourcePath “D:\en_windows_server_2012_x64_dvd_915478.iso” -VHDFormat VHDX -Edition “ServerDataCenter” -SizeBytes 120GB -RemoteDesktopEnable -VHDPath D:\WS2012Base.vhdx -VHDType Dynamic

Mount the vhd with dism:

dism /mount-image /imagefile:”D:\WS2012Base.vhdx” /mountdir:D:\2012 /index:1

There is no IE11 for Windows Server 2012 but there is one important update that you need to apply in advance:

dism /Image:”D:\2012″ /add-package /Packagepath:”D:\Windows8-RT-KB2871777-x64.msu

Through several tests I’ve found that this update is needed for future proper updating of this base image.

Apply the latest Hyper-V Integration services if needed:

dism /Image:”D:\2012″ /add-package /Packagepath:”E:\support\amd64″

Commit the changes:

dism /unmount-image /mountdir:”D:\2012″ /commit

If also you need to apply some configuration changes to this image you need to start it as a virtual machine, make the changes and sysprep it:

.\Sysprep.exe /generalize /shutdown /oobe

And now your Windows Server 2012 base image is also ready.

Creating base image for Windows Server 2012 R2 Update

This one is the most easy one as you just need to convert it:

.\Convert-WindowsImage.ps1 -SourcePath “D:\en_windows_server_2012_r2_with_update_x64_dvd_4065220.iso” -VHDFormat VHDX -Edition “ServerDataCenter” -SizeBytes 120GB -RemoteDesktopEnable -VHDPath D:\WS2008R2SP1Base.vhdx -VHDType Dynamic

You do not need to mount it dism as there are no updates that you need to add and the the latest Integration services are already there.

For additional configurations you have to do the same steps as the other two.

 

Prerequisites

Now that we have our base images let’s on the solution how to have new updated image every month. I will start with the prerequisites. Later on when you look at how the whole solution works you may find other ways to do it in your environment if you do not have some of them.

We will need the following servers:

  • WSUS
  • VMM
  • SCSMA

The WSUS server is needed so we can grab all Windows Updates directly from the WSUS Content share. But when you have WSUS server connected to VMM the updates will be downloaded on the WSUS content share after you create Update Baselines in VMM, add updates to these baselines and assign at least  one server in VMM to these baselines. So let’s create 3 empty Update baselines in VMM:

  • WS2012R2
  • WS2012
  • WS2008R2

Do not add updates to them but assign at least one server in VMM to them. We will update these baselines later with SMA Runbook.

On the VMM server on C:\ drive you can create three folders:

  • C:\ovpWS2012R2
  • C:\ovpWS2012
  • C:\ovpWS2008R2

We will use these folders to mount the different images on them with DISM.

Next create a share on a server. For example named Base. I create such share on my VMM Library server. On that share I copy all the base images we’ve created earlier.

The last part of the prerequisites puzzle is Service Management Automation.

Let’s start first by creating some assets in my new favorite automation solution.

Create Connection asset named VMMConnection and for type VirtualMachineManager. For credentials use service account that has Administrator rights on your VMM server. That account should also have full share and NTFS permissions on the Base share that you’ve created earlier. And for computer name you should use the FQDN of your VMM server.

image

Next you need to create Variable asset of Type String. For name enter WSUSServer and for value the FQDN of your WSUS server.

image

The last asset you need to create is also variable. For name use VMMLibraryServer and for value the FQDN of your VMM Library server.

image

Now that we have our SMA assets create 5 empty SMA Runbooks:

  • Update-VMMBaslines
  • Update-BaseImageWS2012R2
  • Update-BaseImageWS2012
  • Update-BaseImageWS2008R2
  • Set-VHDProductKey

In SMA you can open Update-VMMBaselines for edit. Remove the empty workflow and copy the following runbook directly:

workflow Update-VMMBaselines
{

Connection to access VMM server.

$VmmConnection = Get-AutomationConnection -Name ‘VmmConnection’
$VmmServerName = $VmmConnection.ComputerName  

# Create a PSCredential from the ‘Username’ and ‘Password’ fields within

‘VmmConnection’ because this is the form of authentication that an

inlinescript accepts.

$SecurePassword = ConvertTo-SecureString -AsPlainText -String $VmmConnection.Password -Force
$VmmCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $VmmConnection.Username, $SecurePassword

inlinescript {  

 

# Import VMM module.
Import-Module virtualmachinemanager

Connect to VMM server.

Get-SCVMMServer -ComputerName $Using:VmmServerName  

Import-Module VirtualMachineManager

Get-SCUpdateserver | Start-SCUpdateServerSynchronization
#Windows Server 2008 R2 Update Baseline
$ContosoBaseline2008R2 = Get-SCBaseline | where { $_.Name -eq “WS2008R2″ }

$baseline2008R2 = Get-SCBaseline -ID $ContosoBaseline2008R2.ID

$addedUpdateList2008R2 = @()

$SCVMMJobGUID = [System.Guid]::NewGuid()

$ContosoLatestUpdates2008R2 = Get-SCUpdate | where { ($.UpdateClassification -eq “Security Updates” -or $.UpdateClassification -eq “Critical Updates” -or $.UpdateClassification -eq “Updates”-or $.UpdateClassification -eq “Update Rollups”) -and ($.Products -eq “Windows Server 2008 R2″ -or $.Products -eq “Windows Server 2003, Datacenter Edition, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2″ -or $.Products -eq “Windows 7, Windows Server 2008 R2″ -or $.Products -eq “Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2″ -or $.Products -eq “Windows 7, Windows Embedded Standard 7, Windows Server 2008 R2″ -or $.Products -eq “Windows Server 2003, Datacenter Edition, Windows Server 2003, Windows Vista, Windows XP x64 Edition, Windows Server 2008, Windows 7, Windows Server 2008 R2″ -or $.Products -eq “Windows Server 2003, Datacenter Edition, Windows Server 2003, Windows XP, Windows Vista, Windows XP x64 Edition, Windows Server 2008, Windows 7, Windows Server 2008 R2″ -or $.Products -eq “Windows Server 2003, Datacenter Edition, Windows Server 2008, Windows Server 2003, Windows Server 2008 R2″ -or $.Products -eq “Windows Vista, Windows Server 2003, Datacenter Edition, Windows Server 2008, Windows 7, Windows Server 2003, Windows Server 2008 R2″) -and $.IsExpired -eq $false -and $_.CreationDate -gt ‘2/16/2011 10:00′}

# Compare existing updates with new one

      Compare-Object -ReferenceObject $ContosoBaseline2008R2.Updates -DifferenceObject $ContosoLatestUpdates2008R2 -IncludeEqual | % {
if($.SideIndicator -eq ‘=>’) { $addedUpdateList2008R2 += Get-SCUpdate -ID $.inputobject.id }
}

Set-SCBaseline -Baseline $baseline2008R2 -Name $ContosoBaseline2008R2.Name.ToString() -RunAsynchronously -AddUpdates $addedUpdateList2008R2 -JobGroup $SCVMMJobGUID.ToString() -StartNow

#Windows Server 2012 Update Baseline
$ContosoBaseline2012 = Get-SCBaseline | where { $_.Name -eq “WS2012″ }

$baseline2012  = Get-SCBaseline -ID $ContosoBaseline2012.ID

$addedUpdateList2012 = @()

$SCVMMJobGUID = [System.Guid]::NewGuid()

$ContosoLatestUpdates2012 = Get-SCUpdate | where { ($.UpdateClassification -eq “Security Updates” -or $.UpdateClassification -eq “Critical Updates” -or $.UpdateClassification -eq “Updates”-or $.UpdateClassification -eq “Update Rollups”) -and ($.Products -eq “Windows Server 2012″ -or $.Products -eq “Windows 8, Windows Server 2012″) -and $_.IsExpired -eq $false}

# Compare existing updates with new one

      Compare-Object -ReferenceObject $ContosoBaseline2012.Updates -DifferenceObject $ContosoLatestUpdates2012 -IncludeEqual | % {
if($.SideIndicator -eq ‘=>’) { $addedUpdateList2012 += Get-SCUpdate -ID $.inputobject.id }
}

 

Set-SCBaseline -Baseline $baseline2012 -Name $ContosoBaseline2012.Name.ToString() -RunAsynchronously -AddUpdates $addedUpdateList2012 -JobGroup $SCVMMJobGUID.ToString() -StartNow

#Windows Server 2012 R2 Update Baseline
$ContosoBaseline2012R2 = Get-SCBaseline | where { $_.Name -eq “WS2012R2″ }

$baseline2012R2 = Get-SCBaseline -ID $ContosoBaseline2012R2.ID

$addedUpdateList2012R2 = @()

$SCVMMJobGUID = [System.Guid]::NewGuid()

$ContosoLatestUpdates2012R2 = Get-SCUpdate | where { ($.UpdateClassification -eq “Security Updates” -or $.UpdateClassification -eq “Critical Updates” -or $.UpdateClassification -eq “Updates”-or $.UpdateClassification -eq “Update Rollups”) -and ($.Products -eq “Windows Server 2012 R2″  -or  $.Products -eq “Windows 8.1, Windows Server 2012 R2″) -and $_.IsExpired -eq $false}

# Compare existing updates with new one

      Compare-Object -ReferenceObject $ContosoBaseline2012R2.Updates -DifferenceObject $ContosoLatestUpdates2012R2 -IncludeEqual | % {
if($.SideIndicator -eq ‘=>’) { $addedUpdateList2012R2 += Get-SCUpdate -ID $.inputobject.id }
}

 

Set-SCBaseline -Baseline $baseline2012R2 -Name $ContosoBaseline2012R2.Name.ToString() -RunAsynchronously -AddUpdates $addedUpdateList2012R2 -JobGroup $SCVMMJobGUID.ToString() -StartNow

}-PSComputerName $VmmServerName -PSCredential $VmmCredential  

}

I’ve took some parts of this script and made some changes to adopt it for my needs. Thank you Markus Lassfolk.

The script basically connects to VMM, Synchronizes the updates in VMM with the WSUS server and adds updates to the three baselines we’ve created earlier. The script is made in a way to add all the updates available for every corresponding OS version including .net Framework updates. Of course you can modify it whatever suits your needs.

After you import the runbook, save it and run it for first time you may need to wait some time until all added updates are downloaded on your WSUS server. Remember that download will be initiate only if you have at least one server assigned to your VMM baselines.

Next you can open for edit Update-BaseImageWS2012R2 SMA Runbook. Delete the contents in it and copy the following SMA runbook in it directly:

<#
Version 1.0
.SYNOPSIS
Update WS2012R image
#> 

 

workflow Update-BaseImageWS2012R2
{

Connection to access VMM server.

$VmmConnection = Get-AutomationConnection -Name ‘VmmConnection’
$VmmServerName = $VmmConnection.ComputerName  

# Create a PSCredential from the ‘Username’ and ‘Password’ fields within

‘VmmConnection’ because this is the form of authentication that an

inlinescript accepts.

$SecurePassword = ConvertTo-SecureString -AsPlainText -String $VmmConnection.Password -Force
$VmmCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $VmmConnection.Username, $SecurePassword

#Connection to access WSUS Server
$WSUS = Get-AutomationVariable -Name ‘WSUSSERVER’
#Connection to access VMM Library Server
$VMMLirbary = Get-AutomationVariable -Name ‘VMMLibraryServer’

inlinescript {  

 

# Import VMM module.
Import-Module virtualmachinemanager

Connect to VMM server.

Get-SCVMMServer -ComputerName $Using:VmmServerName  

#Get all available Update at WSUS
$Updatelistcab = get-childitem -Path “\$using:wsus\wsuscontent” -include *.cab -recurse -File
$Updatelistmsu = get-childitem -Path “\$using:wsus\wsuscontent” -include *.msu –recurse -File  

#Path for mounting
$OVPPath=”C:\ovp2012R2″

#Get Path to Base Image
$VHDGOLDPath=”\$using:VMMLirbary\Base\WS2012R2VLBase.vhdx”

#Get Path to Updated Image
$VHDPath=”\$using:VMMLirbary\Base\WS2012R2Updated.vhdx”

#Check if Updated VHD exists and delete it
$VHDexists=Test-Path $VHDPath
If ($VHDexists) {
Remove-Item $VHDPath
}

#Try to copy Base VHD
try {
Copy-Item $VHDGOLDPath $VHDPath
}

Catch {
Write-Output “GODL VHD cannot be copied”
}

#Mount Image and try to updated from WSUS updates
try{
Mount-WindowsImage -ImagePath “$VHDPath” -Path “$OVPPath” -Index 1
}
catch {
Write-Output “Cannot mount VHD”
}

Foreach ($Updatecab in $Updatelistcab)
{
$UpdateReady=get-windowspackage -PackagePath $Updatecab -Path “$OVPPath”
If ($UpdateReady.PackageState -eq “installed”)
{Write-Output $UpdateReady.PackageName “is already installed”}
elseif ($updateReady.Applicable -eq “true”)
{Add-WindowsPackage -PackagePath $Updatecab.Directory -Path “$OVPPath”}
}
Foreach ($Updatemsu in $Updatelistmsu)
{
add-windowspackage -PackagePath $Updatemsu.Directory -Path “$OVPPath”
}  

#Try Dismount and save VHD
Try {
Dismount-WindowsImage -Path “$OVPPath” -save
}
catch {
Write-Output “Cannot Dismount and save VHD”
}      


}-PSComputerName $VmmServerName -PSCredential $VmmCredential
}

The runbook will take the WS 2012 R2 base image make a copy of it in the same folder with other name, mount the copied image on a folder on the VMM server and will start updating. Updating is done by taking all available updates on the WSUS content share and trying to apply them one by one. When it is done changes are committed. When running this runbook you may see a lot of errors and warnings but this is normal as many of the updates that are tried to be applied are not for this OS version and are just rejected. This solution for updating is taken from Building Clouds blog and modified for our needs. Depending on your environment this runbook can run for a couple of days even.

I will not post the Runbooks for the other two images as they are basically the same with a few modifications on names.

The last runbook Set-VHDProductKey is kind of optional. If you are deploying Windows Azure Pack VM Roles you might want to embed product keys into your updated VHDs:

<#
Version 1.0
.SYNOPSIS
Set Product Keys to VHDs
#> 

workflow Set-VHDProductKey
{

Connection to access VMM server.

$VmmConnection = Get-AutomationConnection -Name ‘VmmConnection’
$VmmServerName = $VmmConnection.ComputerName  

# Create a PSCredential from the ‘Username’ and ‘Password’ fields within

‘VmmConnection’ because this is the form of authentication that an

inlinescript accepts.

$SecurePassword = ConvertTo-SecureString -AsPlainText -String $VmmConnection.Password -Force
$VmmCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $VmmConnection.Username, $SecurePassword

#Connection to access WSUS Server
$WSUS = Get-AutomationVariable -Name ‘WSUSSERVER’
#Connection to access VMM Library Server
$VMMLirbary = Get-AutomationVariable -Name ‘VMMLibraryServer’

inlinescript {  

# Import VMM module.
Import-Module virtualmachinemanager

Connect to VMM server.

Get-SCVMMServer -ComputerName $Using:VmmServerName  

#LibraryName
$tVMMLibraryName=”Library”

#Set KMS Key for WS 2008 R2 Datacenter
$VHD2008R2=Get-SCVirtualHardDisk | where -Property Location -eq “\$using:VMMLirbary\$VMMLibraryName\WS2008R2.vhdx”
Set-SCVirtualHardDisk -VirtualHardDisk $VHD2008R2 -ProductKey “74YFP-3QFB3-KQT8W-PMXWJ-7M648″

#Set KMS Key for  WS 2012 Datacenter
$VHD2012=Get-SCVirtualHardDisk | where -Property Location -eq “\$using:VMMLirbary\$VMMLibraryName\WS2012.vhdx”
Set-SCVirtualHardDisk -VirtualHardDisk $tVHD2012 -ProductKey “48HP8-DN98B-MYWDG-T2DCC-8W83P”

#Set Autmoatic Virtual Machine Activation Key for WS 2012 R2 Datacenter
$VHD2012R2=Get-SCVirtualHardDisk | where -Property Location -eq “\$using:VMMLirbary\$VMMLibraryName\WS2012R2.vhdx”
Set-SCVirtualHardDisk -VirtualHardDisk $VHD2012R2 -ProductKey “Y4TGP-NPTV9-HTC2H-7MGQ3-DV4TW”

}-PSComputerName $VmmServerName -PSCredential $VmmCredential
}

You might want to change some values in it depending on where you store your VHDs.

Let’s look at the the whole process of this solution:

image

The step of copying the updated images to your VMM library is manual but of course you can make that automatic. In fact you can make the whole solution automatic. There are certainly many ways to do that solution like using Orchestrator instead of SMA, mounting the images on your SMA servers and etc.

Hope this solution will be workable and useful solution for you.

System Center Advisor Restarted – Time Matters in Dashboard (Part 6)

So far I’ve covered almost every Intelligence Pack. Last week a new feature “My Dashboard” was released. This is one of the features I’ve voted on. With this short post I want to share a tip how to make your tiles in My Dashboard more useful.

When you create Tiles in my dashboard you may found that more information than needed is displayed.

You can have a query like that:

Type:RequiredUpdate UpdateClassification:”Security Updates”  Product:”Windows Server 2008 R2″ or Product:”Windows Server 2012″ or Product:”Windows Server 2012 R2″   | select UpdateTitle,KBID,UpdateClassification,UpdateSeverity,PublishDate,Server

image

and such query will return a lot of results because it is based on the last 7 days. This is the default when you go to the search pane. Of course you can narrow down the time trough the bar on the left but if you save the query that narrowing of time will not be saved.

If you than later you use the same query in My Dashboards you will end with result Test instead of the result in Test2

image

Test2 is more accurate in our case and it is simple achieved by adding time constrain in our query:

Type:RequiredUpdate UpdateClassification:”Security Updates”  Product:”Windows Server 2008 R2″ or Product:”Windows Server 2012″ or Product:”Windows Server 2012 R2″ TimeGenerated:NOW/DAY  | select UpdateTitle,KBID,UpdateClassification,UpdateSeverity,PublishDate,Server

image

As you probably see these events are generated always at midnight and that is why I’ve chosen NOW which gives me the current date and time and by providing /DAY gives me midnight of the current date. Basically this query gives me the latest information on missing updates and not information that is 5 days old. That way your tiles become more meaningful.

image

Similarly  we can have this query :

Type:ProtectionStatus   | measure max(ProtectionStatusRank) as Rank by DeviceName | where Rank:270

image

Which gives us inaccurate current information. A simple time constrain statement results in  accurate up-to-date results.

Type:ProtectionStatus  TimeGenerated>NOW-2DAYS | measure max(ProtectionStatusRank) as Rank by DeviceName | where Rank:270

image

In this example I get current date(NOW) and return two days from now (-2DAYS) and I get every result after that date (TimeGenerated>).

With this query now I can have a tile that will be highlighted if the query returns more than 2 counts:

image

You can see that time matters in search queries and especially in Live tiles. It is also very useful when you search information for specific time frame in the past.

Adding Windows Server Gateway Cluster as Network Service in VMM 2012 R2 UR2 for Monitoring with SCOM

Not so long ago I’ve reported an issue where Multi-Tenant RRAS (Windows Server Gateway) is not discovered by by the Multi-Tenant RRAS Management Pack. This problem has been fixed in Update Rollup 2 for System Center  2012 R2 Virtual Machine Manager. If you add Windows Server Gateways as Network Service in VMM as usual you will not notice a difference in the wizard and after the gateway is added successful you will probably had to create that Client Access Point resource manually. That is because the fix is not exposed directly in the wizard, it is actually a parameter that you have provide in the connection string. And actually the parameters are two:

  • MPDiscovery=true
  • MPDiscoveryIPAddress=<IP if static>

MPDiscovery parameter is mandatory and MPDIscoveryIPAddress is required when you are not using DHCP for your gateway clusters.

In the end it will look something like this:

image

Keep in mind that this works on newly added Network Services with VMM 2012 R2 UR2 and it is only needed for Windows Server Gateway clusters. For existing Windows Server Gateway clusters you have to apply the workaround in my article.

Thank you Microsoft for fixing this bug and providing the information.

Note: The IP that is entered for the parameter is from your management network subnet and not the public one.

Update

————————————————

When you use the described solution above a new Client Access Point resource will be created on the cluster. That resource will have the name cluster01rsip where cluster01 is the name of your cluster. Basically the solution takes your cluster name and adds “rsip” for the name of the Client Access Point. The Client Access Point resource creates computer object in AD and if you cluster name is longer than 11 characters you may exceed the 15 character limit when rsip is added. In such cases whatever exceeds 15 characters will be cut off. In such situations you will have two cluster objects in your SCOM server – one with the full name and one with the cut off characters. There is a way your Client Access Points to be created with different than the “rsip” suffix and with fewer characters suffix. Just create string type reg key with the following name HNVGatewayRRASNetworkNameSuffix

in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft System Center Virtual Machine Manager Server\Settings

on your VMM server/s. For example if you cluster is name cluster01 and you create that reg key with value “r” your Client Access Point will be cluster01r.

————————————————-

System Center Advisor Restarted – Change Tracking (Part 5)

As System Center Advisor is in Preview there are a lot of changes. One such change is new Intelligence Pack – Change Tracking.

image

The name explains it clearly – it track changes. On the main tile you will see the number of Software and Windows Services happening every day. Currently Change Tracking Intelligence Pack has those two features: tracking software changes and tracking Windows Services changes. In the Advisor User Voice site there are more suggestion for features for this Intelligence Pack and I am sure that the Advisor team will add more with time. Let’s click on the tile and dive deeper:

image

image

We have the familiar interface of graphics and statistics in Advisor. If we look at the Software Changes I can quickly see that I have three software changes. Let’s click on every one of them and see the results:

Of course the result is depicted from a query. I’ve found that this management pack is being modified all the time so I guess the way the MP is built.

image

Let’s moved to the next one:

image

You can see that the software Microsoft Azure Site Recovery Provider (x64) has been modified on my vmm server. You may ask what modified means? As I was playing with that software I’ve removed and installed the software again. So instead of having two separate events for this Advisor is giving one single event. If you ask me that is the right way as if you have two events you may miss one of them for example and think that the software was completely removed. I guess if there is a bigger interval between the removal and the installation than we will have separate events may be.

And the third result:

image

Here you can see that I’ve installed a management pack in my SCOM server.

For getting Services changes I will go directly with a query:

Type=ConfigurationChange ConfigChangeType:WindowsServices SvcName!=AeLookupSvc SvcName!=BITS SvcName!=wuauserv SvcName!=WinHttpAutoProxySvc SvcName!=wmiApSrv SvcName!=TrustedInstaller SvcName!=sppsvc SvcName!=RemoteRegistry  SvcName!=CcmExec  SvcName!=ccmsetup  SvcName!=msiserver  SvcName!=WPDBusEnum  SvcName!=AppXSvc  SvcName!=defragsvc  SvcName!=ddpsvc  SvcName!=smphost  SvcName!=WerSvc  SvcName!=ScDeviceEnum  SvcName!=WdiSystemHost

With such query for example I want to see all services changes but excluding certain services in the result:

image

With similar query you can search for example on service changes on specific server/s or service changes for specific service/s.

I hope this gives you some view of this new Intelligence pack. I really like this Intelligence Pack it is my second favorite after Log Management.

One thing that I saw was missing that on Software changes you cannot see the user who made the change but I guess that can be added later easy.

Error Code:10002 When You Configure Cloud for Protection in Azure Site Recovery

Recently I’ve been dealing with wide range of technologies – Windows Server and System Center stuff, PowerShell/SMA Workflows, DevOps, Azure IaaS and Azure RemoteApp and Azure Site Recovery. This is part of my plan on expending my knowledge.

Anyway this blog post will be focused on an error that I’ve stumbled upon twice when configuring Azure Site Recovery. After you’ve added your VMM server/s in ASR your next will be to configure protection on Cloud. I’ve went to through that step but suddenly when configuration of my target and source Clouds started the jobs failed for both of them with the same error:

VMM Server VMM.Contoso.com couldn’t be configured (Error code: 10002).

Provider error: A request couldn’t be validated with the vault key. To ensure that the VMM server has a valid vault key, run the provider installation wizard on the VMM server and paste in the current key from the Vault Key page in Quick Start. If this doesn’t regenerate the key. This will replace the previous key and update the key settings on VMM servers in the vault. Than retry the operation. (Provider error code: 31255)

Possible cause: The VMM Service might not have the required permissions to install the certificate on the Trusted Root CA store.

Recommendation: Verify the permissions and retry again.

image

So I’ve registered my VMM servers in ASR successfully and my VMM service account has administrator rights on the VMM servers but still I had this error. The workaround is simple:

Open MMC. Open the Local computer Certificate store. Go to the personal Certificate store. Find all certificates deployed by ASR. You will spot them easily. Copy the ASR certificates from the Personal store to the Trusted Root Certificate Authority Store. If you have VMM cluster you will need to export the certificates and deployed them on the passive node also. If you are configuring protection from one VMM instance to another VMM instance you will need to do that on both VMM servers probably.

image

After that you should restart the job for enabling protection on Cloud in ASR and the job should complete successfully this time.

Where is My SQL SCOM Dashboard Performance Data?

I’ve seen cases where you have SCOM 2012 or higher and latest SQL Management Pack but the performance data is not showing in the SQL dashboards for some or for all of your SQL servers:

image

In such case the solution can be simple as rebuilding SQL WMI described here:

http://support2.microsoft.com/kb/956013

I also recommend restarting the SCOM health service on the SQL nodes for which you will rebuild SQL WMI.

Windows Server and System Center vNext Technical Preview are Now Available

Windows Server and System Center vNext Technical Preview is out. Just go out grab the bits from here and here and start exploring.

Begin Your Journey to the Cloud with the Cloud Administrator

Follow

Get every new post delivered to your Inbox.

Join 923 other followers