Feed on
Posts
Comments

SCCM 2012 404 error

Jan 27th, 2012 by

So I’ve been working on trying to get the SCCM 2012 RC to work in my test lab at work so that I can test patching in various environments with it. It was a bear to install, with very specific pre-req’s that it doesn’t bother to tell you about until after you’ve gone thru the install. It’ll either blow up or just plain not work. More into that in a later post.

But one of the big things I wanted to test was getting the web console to work so that I can see what functionality you have thru it. The first time I went there I got:

404 Server Error on CMApplicationCatalog

Turns out this error is produced because you don’t have the .Net Framework 4.0 either installed or configured. I DID install it as one of the pre-req’s but apparently that wasn’t enough. You still have to enable it, so to do so:

  1. Open an Administrator Command Prompt
  2. Browse to %windir%\Microsoft.net\Framework64\v4.0.30319
  3. Run the following command -
aspnet_regiis.exe -i -enable

Then just re-open your browser and you are good!

Tags: , , , ,

Posted in SCCM, Windows | No Comments »

SCCM 2012

Jan 20th, 2012 by

Whoo hoo! As you can tell from the image I’m playing with the SCCM 2012 RC next week. (Systems Center 2012 Configuration Manager). Aren’t you jealous? Looking to see what kind of advances it gives us for patch management. I’ll keep you updated as I find stuff.

An update on the CA post… still no update. I finally got Patch Manager to install, but it’s still not working. I’ve got a call in to CA support and haven’t heard back. So we’ll see.

Tags: , , ,

Posted in Windows | No Comments »

CA Patch Management

Jan 18th, 2012 by

Arrgghhh!! I’ve been working for over a week to try to get the CA Patch Management software installed so that I can evaluate it. A pre-req for it is CA IT Client Management (ITCM) and I cannot get the frakking software to install.

Let me take that back.. I can get it to install, just can’t get the blasted software to actually work.

PM requires ITCM to be up and working, because it needs the web services to work. You can install CM and it doesn’t complain about anything, but the Web portal does absolutely nothing.

Documentation, you say? Sure, there are several thousand pages you can troll thru, but none are of any help whatsoever.

I’ve never been a fan of CA products, and this certainly isn’t helping!

/end rant

Tags: , , ,

Posted in Randomness, Windows | No Comments »

SQL Mirroring with SQL 2008, part 2

Jan 12th, 2012 by

So in my previous post I went through the reasons why you might want to use SQL mirroring and how you could possibly sell the added expense to your management. In this post I’m going to cover the actual SQL commands for doing so. There is a wizard you can run through to actually set this up (right-click your database, go to Properties, click on Mirroring on the left side, run the “Configure Security” wizard, but what’s the fun in that? Plus I’ve had issues with the wizard not quite setting things up right before.

Pre-req’s: for the purpose of this article let’s assume that you have 3 servers (physical or VM, doesn’t matter), with Windows 2008 R2 installed, joined to your AD domain. You also have SQL 2008R2 installed, latest service pack. All instances of SQL are running the default instance and running under the same Windows AD service account.

Let’s assume your servers are called SQLRepl01, SQLRepl02, and SQLRepl03. We’ll use SQLRepl01 as the Principal instance, SQLRepl02 as the Mirror, and SQLRepl03 as the Witness. You can actually use any of the 3 for any of these roles and for your next database you could change it completely.

For my test I created a database called ReplicationTest and populated it with data using this wonderful article: http://www.mitchelsellers.com/blogs/articletype/articleview/articleid/249/creating-random-sql-server-test-data.aspx

Okay, so now that all that’s done, let’s actually get started.

  1. First we need to create an EndPoint for each SQL server so that they can listen to the traffic for the Mirroring. This needs to be run on all 3 SQL instances. 5022 is the default port used for this, but you can specify any unused port you want, just make sure that the servers can talk to each other on this port (i.e. opened in the Windows Firewall or any other firewalls that exist):
    2. CREATE ENDPOINT Mirroring
    STATE=STARTED
    AS TCP (LISTENER_PORT=5022)
    FOR DATABASE_MIRRORING (ROLE=ALL)
GO
  2. Okay, so now that your endpoints are all created we need to do a backup of the existing database and then restore it on your mirror instance. This creates, in essence, a “seed” database. Run the following backup commands on SQLRepl01
    3. USE MASTER
GO
BACKUP DATABASE ReplicationTest TO DISK='C:\TEST.BAK'
GO
BACKUP LOG ReplicationTest TO DISK='C:\TEST.LOG'
GO
  3. Browse to C:\ on SQLRepl01 and copy test.bak and test.log to \\SQLRepl02\c$. Then login to SQLRepl02 and run the following commands. Note that you have to restore with NORECOVERY to leave the database in a state that allows us to replicate. If you don’t then you’ll need to restore the database again. This ensure that the 2 databases are a mirror of each other.
    4. RESTORE DATABASE ReplicationTest FROM DISK='C:\TEST.BAK' WITH NORECOVERY
GO
RESTORE LOG ReplicationTest FROM DISK='C:\TEST.LOG' WITH NORECOVERY
GO
  4. This is what the restored database will look like:

  5. Okay, now that the databases are there we can actually set up the mirror. IMPORTANT: run this command on the mirror instance (i.e. SQLRepl02). If you changed the port away from the default of 5022, change it in the code below.
    6. ALTER DATABASE ReplicationTest
SET PARTNER= 'tcp://SQLRepl01:5022'
GO
  6. Run the following commands on the Principal server (i.e. SQLRepl01). The first one tells it that the second server is the Mirror and the 2nd command tells it that the 3rd server is the witness.
    7. ALTER DATABASE ReplicationTest
SET PARTNER='tcp://SQLRepl02:5022'
GO

ALTER DATABASE ReplicationTest
SET WITNESS='tcp://SQLRepl03:5022'
GO

At this point your Mirroring set up is complete. This is what it will look like on the Principal and Mirror:

You can test it by shutting down the primary server and making sure that your Principal automatically fails over. Or you can add data to the principal and take a snapshot of the secondary to ensure the data is getting there (because you can’t access the mirror directly this is the only way to query the data). Note that even though mirroring works with SQL standard, snapshots don’t so if you’re using standard the only way to view the data would be to failover:

CREATE DATABASE Test_snapshot
ON (NAME = 'ReplicationTest', FILENAME = 'C:\Backups\Test_Snapshot.SNP')
   AS SNAPSHOT OF ReplicationTest
GO
Select * from Test_snapshot
GO

One of the true values of this is that you can set up 3 databases (or as many as you want) and have each one be Principal on any of the 3 servers and their Mirror and Witness on any of the other 2. Note that if you use the Wizard to create all of this it won’t set up the Endpoint on the Witness instance correctly. Since we created the endpoint with the code ROLE=ALL we can use each of the servers for any of the roles we want.

And that’s it! Let me know if you have any questions.

Tags: , , , , ,

Posted in cluster, SQL, Windows | No Comments »

SQL Mirroring with SQL 2008, part 1

Jan 12th, 2012 by

So you’ve made the decision that you want to use SQL Mirroring for your DR solution. You have several options for DR for SQL databases: you can use Windows clustering, log shipping, or mirroring. My preference in any scenario is to just use Windows Clustering, but there are reasons why you could go with another solution. Clustering is nice because it’s outside of SQL and just sits at the OS-level, but by definition you are going to have some hardware sitting there idle even if you go Active/Active (assuming you planned for 1 server going down and allocated your CPU/RAM appropriately. Plus doing it at the OS level doesn’t require you to be an expert or have a fair bit of knowledge of SQL. Using mirroring also allows you to be fully HA as you can have both servers sitting in different sites on different subnets and not have to worry about having your network guys stretch a subnet geographically, which they never want to do.

Note that SQL 2008 (and all versions, for that matter) cannot be used on a Windows 2008 geo-cluster that is on different subnets.

And in case you weren’t aware: HA = Highly Available, DR = Disaster Recovery. Separate, but not necessarily mutually exclusive technologies.

All that being said, let me give you a quick rundown on SQL Mirroring. I can’t say it better than Microsoft, with their gaggle of technical writers, so here’s an article from them on the benefits of Database Mirroring:

http://msdn.microsoft.com/en-us/library/ms189852.aspx

A few items of note that I always like to tell my clients:

  • You need a minimum of 3 instances of SQL for full redundancy on Mirroring (Principal, Mirror, Witness). You can technically do it in 2, but you lose the capability for automatic failover without the witness. Think of it as the 3rd vote if this were a cluster.
  • All SQL servers need to be a member of an AD domain and running under the same service account
  • There is a copy of the database on both the Principal and the Mirror.
  • The Witness allows for automatic failover in the event of a server failure
  • Mirroring is on a per-database level, not per-server level. A SQL server can be a mixture of single databases plus mirror instances.
  • The database can be set in synchronous or asynchronous mode
    • Under asynchronous operation, the transactions commit without waiting for the mirror server to write the log to disk, which maximizes performance
    • Under synchronous operation, a transaction is committed on both partners, but at the cost of increased transaction latency

There are also a few selling points for Mirroring, if you’re having trouble selling having all these servers to your management or to your clients.

  • Since mirroring requires 3 servers be active at all times, you can run databases on all 3 servers, some mirrored and some not. You can also have any combination of Principal/Mirror/Witness running across the 3 servers (i.e. Active/Active/Active)
  • Mirroring can be done across multiple sites and subnets, thus allowing for full HA/DR

In my next article I’ll get into the nitty-gritty of how to actually set this up and show you all the SQL commands for this.

Tags: , , , , ,

Posted in cluster, SQL, Windows | No Comments »

vCloud Director and clustered Guest OS

Dec 2nd, 2011 by

Just a quick post to try to save some effort here…

After a few days of investigation and testing (and speaking to a VMWare consultant) it’s been determined that the current version of vCloud Director does NOT support clustering a guest OS. vCD does not have the ability to create shared disk resources and even if you try to bypass it by going directly to the vCenter instance and edit the hardware yourself (unsupported by VMWare, btw), all the options for creating a shared SCSI controller/disk are grayed out. vCD overrides the ability to do any of this.

Bummer, but not completely unexpected.

Tags: , , , , , ,

Posted in VMWare | No Comments »

ForFiles!

Nov 28th, 2011 by

Recently discovered an awesome little batch command that’s apparently been around forever and I’ve never heard of it.

Have you ever wanted to search a directory from the command line for all files older than a year? Or wanted to search for all txt files newer than a certain date?

And wanted to do it all without writing a massive for loop or powershell command?

Use forfiles!

To list all of the files in the current directory that are at least one year old, type:

forfiles /s /m *.* /d -365 /c "cmd /c echo @file"

Check it out!

Link

Posted in Randomness | No Comments »

vCloud director and LDAP

Nov 17th, 2011 by

Started with a new client recently who is using ESX 5 and vCloud Director, so I should be able to branch these posts out a bit!

Ran into an interesting problem almost immediately. They’ve got several Organization vDC’s set up and are trying to get them each to authenticate against Active Directory groups using Custom LDAP queries. An account was already created and the LDAP connection was set up.

It was able to pull in the groups successfully and when you ran a test against AD everything seemed to be working correctly, however when a user tried to log into that vDC who was in the AD group, they couldn’t log in.

We fooled around with turning SSL on and off, changing the AD Domain Controller (DC) it was pointed to.. all that jazz. And nothing made a difference.

The Custom LDAP setup has a place to run a test query against LDAP and pull up specific users and what it came back with was kind of out of whack. It would pull most of the user information (name, description, etc.) but wouldn’t pull back any group information on them. We also played around with the LDAP mappings and changing what information it pulled, but that did nothing either.

I finally did what I should’ve done from the beginning and looked at the account that was being used for the connection. It’s only membership was in Domain Users. Okay, that’s an easy test. I went to one of my test accounts that wasn’t working (and was in the AD group we were sync’ed with) and granted the LDAP connection account Full Control to my test account.

And voila, it worked!

Took out the security perms and could no longer get in, so security was obviously the problem.

As it turns out, Domain Users does not have the permissions to pull the group membership on users. That is not a public field. As a work around (because we didn’t want to grant that account any more permissions than it needed), we placed it in the domain RAS and IAS group (which did have the permission). This is only a temp fix as you still need to modify the adminsdholder to allow it to pull group membership for administrators, but at least it’s a step in the right direction!

Tags: , , , , , ,

Posted in VMWare, Windows | No Comments »

Reverse Engineering a vDisk (VHD)

Nov 4th, 2011 by

So you’ve got this awesome Golden Image that has everything on it you could possibly want. You can make that puppy boot to bare metal and to ESX and even to Hyper-V if you feel like it.

But then Citrix comes out with a new Provisioning Server update that requires you to unprovision or Reverse Engineer that vhd to do updates. There are a handful of reasons why this might be unnecessary:

  • New versions of PVS require Target Device software updates
  • New NIC
  • New NIC driver update that needs to be applied

Any one of those could BSOD your server if you try to do them to a provisioned vDisk so you need to RE them to do the update.

      1. Make a copy of your vhd and boot it into Private Mode on a server
      2. Open Disk Management and ensure that the local hard disk is showing online. It should show up as Disk 0
      3. Format the local hard disk (if you’ve moved your page file or spooler or anything to this disk, you’ll need to move those off first)
      4. Go to a command prompt and run C:Program Files (x86)CitrixXenAppPrepXenAppPrep.exe /pvs
      5. Click on Start —> All Programs —> Citrix —> XenConvert
      6. Select “From Volume to Volume”
      7. Select Source Volume as D: and destination volume as C:
      8. Select Next and start the Conversion. This will take several hours.
      9. After Conversion reboot and go into the BIOS and select to Boot from Local Disk
      10. Go to control panel and uninstall the “Citrix Provisioning Services Target Device x64”
      11. Reboot
      12. After the reboot make any changes you need to make (NIC updates, adding/removing NICs, etc)
      13. Reboot again
      14. Reinstall the Target Device software from the PVS disk
      15. Go to your PVS server and open the PVS Console
      16. Go to properties of the target device and select “Boot from: Hard Disk
      17. Create a new vDisk in the PVS Console and assign it to the target device
      18. Reboot the target device and go into the BIOS. Change the boot order to boot from network.
      19. Open Disk Management and ensure the local hard disk is showing online. It should show up as Disk 1. You should also see a Disk 1
      20. Format Disk 1
      21. Go to a command prompt and run C:Program Files (x86)CitrixXenAppPrepXenAppPrep.exe /pvs

      22. Run XenConvert again and image from the local hard drive (C:) to the VHD (D:)
      23. This will take several hours.
      24. When it’s done, shut down the target device.
      25. Go back into the PVS console and change the properties of the Target Device to boot to vDisk.

 

You’re done! At this point you’ve still got your old VHD and now your new one with all the updates. You’ll also have everything on the local hard disk on that target device so you may want to go back after you boot it thru PVS and re-format that disk so that you don’t have any booting accidents.

Tags: , , , , ,

Posted in Citrix | No Comments »

Creating/converting a MNS 2008 Cluster with EMC RecoverPoint (part 2)

Oct 21st, 2011 by

In my previous post I covered the considerations you’d want to make when adding a 3rd node to your existing shared quorum cluster at a new site. Now that you’ve made the decision and are using EMC RecoverPoint with Cluster Enabler (RP/CE) to manage the data replication and management of the disks and are converting your cluster to MNS, I’ve written up the steps to actually do this.

The EMC documentation is clear as mud on this. Literally you’ll go to the index where it says “Cluster Enabler install” and it’ll have step 1, then say “go to page 127”. You’ll go there and it’ll have step 2 and then will say “go back to page 76”… On and on. It’s actually so confusing that the consultant we had come from EMC to help answer our questions later called me and asked for my documentation so that he could use it at an installation at another client.

Please note that the below steps worked explicitly in my environment, but may need some changes to conform to specifics in your environment. Where noted there are different steps for 2003 and 2008 clusters. This assume that your SAN group has already replicated all the appropriate LUNs with RecoverPoint and that you’ve base-installed any new nodes.

1) Install Windows Installer 4.5 (if not already installed)

2) Install CE on all host nodes in the cluster (including the 3rd node that you’ve already base installed and have not yet added to the cluster).

  • Copy both the *base.msi and *plugin.msi to the same directory on your target machine (i.e. C:temp)
  • Run *base.msi, accept all the defaults. Reboot
  • Repeat for the existing nodes in the cluster, moving resources around as necesary. Note that at this point you’re only installing the files, you’re not actually enabling the cluster yet.

3) If your SAN group was nice enough to name the Consistency Group (replicated LUNs on the SAN. All the disks in the same Windows Cluster Group must be in the same Consistency Group on the SAN side) the same as your Cluster Group, then you’re fine. Otherwise you need to rename the Windows Cluster Group to match the name of the RP CG. All of the disks in the CG need to match the disks in the Windows Cluster Group. Renaming a Cluster Group doesn’t affect anything.

4) Have your SAN group ensure that your disks are replicating successfully and in sync.

5) Convert your cluster to MNS

  • Windows 2008: Right click on the cluster and go to More Actions —> Configure Cluster Quorum Settings. Check the box for “Node Majority”. Click Finish thru the wizard
  • Windows 2003: Right click on the “Cluster Group”, select New —> Resource and select the name as “MNS Resource”. Change the resource type to “Majority Node Set”. When done, bring the resource online. Right click on the root name of the cluster and select the Quorum tab. Select the “Quorum Resource” drop down box and change it to the “MNS Resource” you created.

6) Delete the old Quorum disk (Q:) from the cluster groups.

7) Assuming you have it, delete any Private networks from the cluster. You can’t use them anymore for cluster communications unless you’re extending 2 different subnets.

8) Have your SAN resource go into RP and enable image access on the 3rd node at the remote site.

9) Right-click the cluster and select Add Node. Add the server name and run through the validation wizard. You now have a 3 node MNS cluster.

10) Have your SAN resource go into RP and disable image access on the 3rd node. They also need to go into the RecoverPoint Management Applications and select the Consistency Group. In the Components pane, select the Policy tab. In the stretch Cluster Support area, check Use RecoverPoint/CE. Ensure that Group is managed by CE, Recoverpoint can only monitor is selected.

  • This step is very important! If you have trouble later it’s likely that your SAN resource did not do something in this step correctly.

11) On each node of the cluster go to All Programs —> EMC —> Cluster Enabler —> RecoverPoint Access Settings

  • Type in the IP of the RPA (you’ll get this from your SAN resource). There should be one on both sides of the WAN. Use your local one on each side.
  • The default userid/password is plugin/plugin. I suggest having the SAN guys change the default and tell you what the new account is.

12) In the same Start Menu group, go to EMC Cluster Enabler Manager

  • Click Configure CE Cluster
  • You should be able to accept the defaults on the rest of the wizard. If you get an error it’s likely because of step 10 or 11.

13) At this point you’re technically done. You’ve got a 3 node MNS cluster with RP/CE. You should be able to fail your cluster groups between the 3 nodes without any issues. If you can’t bring the disks up on any of the other nodes, check step 10. You HAVE to have CE manage the cluster. CE is what’s installed on your cluster nodes and you now have a new resource in the cluster that all your disks are dependent on.

But of course before you can truly fail over to the 3rd node you need to install your application onto the new node. I can’t tell you those steps since I don’t know your app, but it should be the same steps as when you did the 2nd node. Note that SQL installs vary by version on how you do the 3rd node install. Sometimes you have to slipstream Service Packs into your base SQL binaries and then just run setup. Older versions may require you to do a command line install with certain switches. Make sure you read documentation!

Tags: , , , , , , , , , ,

Posted in cluster, SQL, Windows | No Comments »

Older Posts »