This Holiday Season, win with Hornetsecurity! #Hornetsecurity #M365 #win #Holiday

This Holiday Season, win with Hornetsecurity!

‘Tis the season to be caring – for your loved ones, for each other, and yes, even for your data and mailboxes. If you’re a Microsoft 365 administrator, celebrate with us. All you have to do is sign up for free to 365 Threat Monitor and set up your account!

How does it work?

  • Sign up to 365 Threat Monitor
  • Receive a guaranteed $10 Amazon voucher and a chance to win one of the Grand Prizes!
  • For every valid entry, we’ll make a $10 donation to One Laptop per Child

What are you waiting for? Sign up now!

How to use Azure proximity placement groups #Azure #SAP #Latency

When moving to Azure or building new infrastructure workloads latency is important and where do I find the numbers of how do I configure it for the best and what is the difference between Azure Availability groups or Azure Availability zones or do I need Azure Site Recovery. Well as a Consultant IT depends.

Availability Sets

Availability Sets takes the virtual machine and configures multiple copies of it.  Each copy is isolated within a separate physical server, compute rack, storage units and network switches within a single datacentre within an Azure Region.

When you create your virtual machine you can specify the Availability Set, you can’t change it or move it in or out of an Availability Set after creation.  If you wanted to make changes you would need to start again and recreate the virtual machine.  Availability Sets only apply to virtual machines, they can’t be used for any other type of resource within Azure. So Local Datacenter redundancy.

Availability Zone

The next level of availability for your virtual machines within Azure is Availability Zones.  With Availability Zones utilized your acceptable downtime a month moves to less than 5 minutes as you’ve got a 99.99% SLA.With Availability Zones you are starting to use zone aware services. Your workload will be spread out across the different zones that make up an Azure region.  An Azure region is made up of multiple datacenters and each zone is made up of one or more datacenters.  Each datacenter is equipped with independent power, cooling and networking.

thumbnail image 1 captioned Availability Zone

You Can imaging when using this there could be some extra latency between the VM’s it all depends on the zone where you are deploying this but that can be tested .

In many Azure regions, the number of datacenters has grown. Azure datacenter latency could be tested here. https://www.azurespeed.com/Azure/Latency

In the next setup I use a Azure VM both in west europe and we test the latency in the same region between vm’s. The tool I use is Latte

On the Server sender we placed the remote receiver IP

Here on the receiver we use the local vm IP and after the test the latency is shown. this is a common setup. If we want to improve this or to make sure that these numbers are not getting worse we need to change the setup.

516 Latency(usec)

When running SAP latency is important, Azure has an option that is called Proximity placement groups. An Azure proximity placement group is a logical construct. When a proximity placement group is defined, it’s bound to an Azure region and an Azure resource group.

A single Azure resource group can have multiple proximity placement groups assigned to it. But a proximity placement group can be assigned to only one Azure resource group.

Proximity placement groups offer co-location in the same data center. However, because proximity placement groups represent an additional deployment constraint, allocation failures can occur (for example, you may not be able to place your Azure Virtual Machines in the same proximity placement group.)

When you ask for the first virtual machine in the proximity placement group, the data center is automatically selected. In some cases, a second request for a different virtual machine SKU may fail since it does not exist in the data center already selected. In this case, an OverconstrainedAllocationRequest error will be returned. To troubleshoot, please check to see which virtual machines are available in the chosen region or zone using the Azure portal or APIs. If all of the desired SKUs are available, try changing the order in which you deploy them.

In the case of elastic deployments, which scale out, having a proximity placement group constraint on your deployment may result in a failure to satisfy the request.

Graphic for proximity placement groups

If you want to use availability zones together with placement groups, you need to make sure that the VMs in the placement group are also all in the same availability zone.

In this sample we gona make an Azure proximity placement group and place Two VM’s in it As an sample I also use a Azure Virtual desktop machine

How to create an Azure proximity placement group, In the azure portal type proxi and the Azure proximity placement group are there.

Select Create , add resource group and pick a name that fits your name convention

Add some tags and that is all or do this in powershell

$resourceGroup = "rg-proxim-demo-weu-01"
$location = "West Europe"
$ppgName = "ppg-avd-sap-01"
New-AzResourceGroup -Name $resourceGroup -Location $location
$ppg = New-AzProximityPlacementGroup `
   -Location $location `
   -Name $ppgName `
   -ResourceGroupName $resourceGroup `
   -ProximityPlacementGroupType Standard

Adding a VM to the new created Azure proximity placement group is selecting the configuration of the VM and add it to the VM. In my case I have an availability set added to my VM. So I must upgrade the entire Availability set to add the Azure proximity placement group

Now that we added the Azure proximity placement group to the VM we need to run the same test again.

Both machines are already in the same availability set that is now added with the Azure proximity placement group

testing from outside the avail from a B2 vm to a D2v3 sku

running this on a d4ds_4 as this is in the av set I need to choose what is in the limit of this set so bound to the VM sku

as you can see it really depends vm sku type what kind of latency you will get but basically it is lower when you are using Azure proximity placement groups

Interesting to see in the PowerShell commands from the Azure proximity placement groups there is also an ultra section, this is currently in preview but can give you even better results but keep in mind you can’t fix it with just one setting check your chain and fix that instead of fixing just one link.

-ProximityPlacementGroupType

Specifies the type of the proximity placement group. Possible values are: Standard or Ultra

$resourceGroup = “rg-proxim-demo-weu-02”
$location = “West Europe”
$ppgName = “ppg-avd-sapultra-02”
New-AzResourceGroup -Name $resourceGroup -Location $location
$ppg = New-AzProximityPlacementGroup -Location $location
-Name $ppgName -ResourceGroupName $resourceGroup
-ProximityPlacementGroupType Ultra

New-AzProximityPlacementGroup: The subscription is not registered for private preview of Ultra Proximity Placement Groups.

Think I need to do some research for this to add my subscription to this preview. Hope it was helpfull thanks for visiting my blog.

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Http://nl.linkedin.com/in/robertsmit

#Free #eBook – How to Get the Most Out of Windows Admin Center #Altaro #WAC #Hybrid

Free eBook – How to Get the Most Out of Windows Admin Center – Second Edition.

If you have experience with the Windows Admin Center, you might already have deduced it is a powerhouse of functionality making light of important server management tasks. If you’re just adding it to your system administrator toolbox, welcome to the wonder of Windows Admin Center!

With so much functionality, figuring out where to focus is key. Whether you’re just setting out with Windows Admin Center or wanting to realize its full potential, start with Altaro’s free 160+ page second edition eBook, How To Get The Most Of The Windows Admin Center.  

Written by Microsoft Cloud & Datacenter Management MVP Eric Siron, it covers the latest developments like the Control Azure Stack HCI, use of WinRM over HTTPs and integration with Azure Monitor, amongst others. It’s a comprehensive guide on everything from installation methods and security considerations to integrating Windows Admin Center into an existing environment. There is even a brief history lesson along with a comparison to alternatives so you should get a solid overview of Windows Admin Center, why chose it and how to work with it.  

An all-new server management experience when it was introduced, Windows Admin Center modernized administrative activities with a centralized HTML 5 web application. Just add servers, clusters, desktops, and Azure virtual machines into a personalized, persistent interface, and manage their roles, features, software, registry, PKI certificates, and more. And with Microsoft’s latest investment into the Windows Admin Center and new functionality, there is now even more server management power to work with.

Learn to simplify and optimize your server management tasks – Download your free eBook now!

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Http://nl.linkedin.com/in/robertsmit

Problems on Joining Windows Server 2022 to a domain controller forest functional level is not supported #winserv #AD #Azure

This is the first post in the new layout, personally I think I will change it again as the text frame is to small, but let me know your thoughts

When migration machines to Azure or to a different OS You will often face all kinds of errors and issues. that you think why and that is an old message and didn’t I do this already. Well In the AD there is also dfsrmig.exe yes the DFS migration tool in the old days you had only FRS for the sysvol folder replication. But If you have still a FRS than you can’t join a Windows server 2022 domain controller. In the following steps I’ll show you how to do this. I had to build a server 2003 domain again(painfull)

image

Joining a Windows server domain controller to a old 2000 domain it will fail.

image

Windows functional level and domain level are on windows 2000.  We need to raise the DFL and the FFL .

Going to the new ADPrep and it fill be fixed, as I had a greenfield AD site some items maybe different in the production site.

image

image

Now that the DFL is 2008 we can go the the next phase.

image

image

Windows Server 2003 and 2003 R2 uses File Replication Service (FRS) to replicate SYSVOL folder content to other domain controllers. But Windows server 2008 and later are using Distributed File System (DFS) for the replication.  DFS is better than FRS.

The dfsrmig.exe tool is supported only on domain controllers which are running in the Windows Server 2008 domain functional level DFL. This is because SYSVOL migration from FRS replication to the DFS Replication service is possible only on domain controllers running in the Windows Server 2008 domain functional level.

image

In the overview you can see all the options that can be used in the dfsrmig tool.

image

dfsrmig.exe /GetGlobalState

image

Now we can see the levels of the domain, and we raise the level , keep in mind a reboot is needed it is not mentioned but you need a reboot of the domain controllers.

imageimage

PS C:\Users\Administrator> dfsrmig.exe /GetGlobalState

Running the tool will give you the required information

The current domain functional level is not at least Windows Server 2008.
DFSRMig is only supported on at least Windows Server 2008 level domains.
PS C:\Users\Administrator> dfsrmig.exe /GetGlobalState

DFSR migration has not yet initialized. To start migration please
set global state to desired value.PS C:\Users\Administrator>

Global Migration States

0

‘START’ state

1

‘PREPARED’ state

2

‘REDIRECTED’ state

3

‘ELIMINATED’ state

In the 4 steps we gona transfer the FRS in DFS

dfsrmig.exe /setGlobalState 1

image

dfsrmig /getmigrationstate

image

When it is ready, we can check and go to the next step.

image

dfsrmig /setglobalstate 2

image

Type dfsrmig /getmigrationstate to confirm all domain controllers have reached redirected state. every step can be checked with the /getmigration state.

image

image

We can set the next step 3 dfsrmig /setglobalstate 3

image

After these steps we can check if all domain controllers are changed, remember this can take some time when you have multiple domain controllers and long replication schedules.

Checking the migration state is the best way to see if it has finished. dfsrmig /getmigrationstate to confirm all domain controllers have reached eliminated stateimage

Checking the proper state can be done with the sysvol share. This completes the migration.image

imageHere are the before and after status.

image

Also make sure in each domain controller FRS service is stopped and disabled.

Now it should all be good

image

Now the domain join should work.image

Got another error warning.

Verification of replica failed. The forest functional level is not supported

Let me get the Ad info get-adforestimage

As you can see the forest mode is still windows2000forest so we need to raise this. In domain and trust we can set this.

image image

Now that everything is fixed we can add a new Windows server 2022 domain controller to the existing domain. 

image

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Http://nl.linkedin.com/in/robertsmit

Website maintenance

During some events on the blog I need to redo some work. in the next x time this will be fixed.

Little update here, seems my WordPress theme was no longer supported, good time to start with a fresh setup. Still struggling on what to place or not.

let me know if you have suggestions if you find links that are not working place it in the comment and I will try to fix them as quick as I can.

During the website work I’ll point you out to my sponsors check out the products from Altato and

This SysAdmin Day, WIN with Hornet security

For SysAdmin Day  we launched an interesting contest that might interest your audience.

To participate one must sign up for a 30-day free sign up for free to 365 Threat Monitor and set up an account! 

What they can win?

  • Receive a guaranteed €20 Amazon voucher when they sign.
  • Get a chance to WIN one of our Grand Prizes.

If you are seeking a monitoring solution take a look at NiCE

Complex Environments Made Transparent

Intelligent monitoring, data correlation and visualization help you understand the status of any given system at any given point in time.

NiCE Monitoring Solutions enable pinpoint availability, performance and User Experience optimization for better business outcomes. They integrate into Micro Focus OBM, Microsoft SCOM and Microsoft Azure.