NetApp OnCommand #Shift and #MAT4Shift using #MAT #NetApp #OnCommand #NetAppCommunity

During the migration of several VMware Vm’s to hyper-v I tested several migration scenario’s and I had a Netapp Storage device so why not using Netapp instead of 5nineEasyConverter,StarWindConverter or Migration Automation Toolkit (MAT). and I must say every tool has its own privilege. you should combine them all into a godmode toolkit. but for now I tested the Netapp Shift tool but it seems it has be upgraded to netapp Oncommand.

So the big difference there is between shift and OnCommand is that shift is using a Database and OnCommand is using apache with powershell.

Both methods are nice but when the conversion of the servers has multiple domains different user accounts in the netapp and VM’s then you have a big task for movement en then the OnCommand is better and more Flexible.

So what is netapp OnCommand :

Convert data with ease across hypervisor platforms using OnCommand Shift. Cut virtualization costs to stretch IT spend. With fast, scalable, and simple virtual machine conversion, you can shift data with ease across hypervisor platforms—stretching your IT budget and avoiding vendor lock-in. The NetApp® OnCommand® Shift data-conversion tool (evolved from MAT4Shift) accelerates VM migrations between VMware® ESX/ESXi and Microsoft® Hyper-V




Because OnCommand Shift enables extreme VM conversion speed, bi-directional migrations, and automates bulk VM conversion, you can expect less downtime and greater flexibility—even for large VM migration projects. Conversions now take just minutes.

OnCommand Shift captures the success with and learning gained from the MAT4Shift tool and takes it to the next level. What does OnCommand Shift do? You, our customers, told us that you love the fact that you can migrate your VMs in minutes with it, with near zero touch! Check! And it does that faster than with MAT4Shift. You also told us that the fact that we use PowerShell rocks! Not only do we use PowerShell, but it’s a true PowerShell module with real CmdLets. So script to your heart’s content. If you want to migrate your VMs in either direction, NetApp can do that too.

OnCommand Shift in action looks like sorcery and magic. Well, it kind of is—NetApp magic! It leverages three unique capabilities that NetApp delivers:

  • NFS and CIFS shares on a single volume
  • The capability to clone files nearly instantaneously regardless of size
  • Conversion of VM disk formats while leveraging the cloning technology for extremely rapid cloning and conversion

Below is a nice overview on how things are handled. And this brings me on another migration scenario that is also a nice opportunity.

share the VMware nfs share with Hyper-v so both can access the Volume. use the  StarWindConverter or Migration Automation Toolkit to Convert the VM.

Time about 40GB in 15 Minutes what was fine for me. this config saves you the Slow copy from VMware to hyper-v with all conversion tools. #NetApp will do this faster 5 Minutes.

Figure 1) Cloning and Converting VM Disk Files.jpg


The Powershell usage with the get-shiftserverstate you can call the apache server or with the verbose option get more info.




This will convert the ESX to Hyperv with name and IP to name and IP


Below is the Conversion script I used  keep in mind to change the Passwords / user accound and server names. As I did create a variable for the user and password. As I did several test and find it useful to get a lot of checksums something’s may be double as I copied some rules for easiness. and the useraccounts need to be a local admin to uninstall the vmware tools.

My conversion machine was also the hyper-v server.

# OnCommand Shift PowerShell Cmdlets Example  admin Password
$password = ConvertTo-SecureString -AsPlainText -Force "Password"
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist  "admin", $password
Connect-ShiftServer -host -port 8443 -credential $cred


#### change password on command shift server
$newpassword = ConvertTo-SecureString -AsPlainText -Force "Password"
$newcred = new-object -typename System.Management.Automation.PSCredential -argumentlist "admin", $newpassword
Set-ShiftServerCredentials -cred $newcred


Get-ShiftServerState -Verbose
Connect-ShiftServer -host -port 8443 -credential $cred

$password1 = ConvertTo-SecureString -AsPlainText -Force "Mat4Shift"
$cred1 = new-object -typename System.Management.Automation.PSCredential -argumentlist  "Mat4Shift", $password1
Set-ShiftOntapConfig -clusterIp "" -destinationPath "Sharename01" -force -Verbose -credential $cred1

#some checksums

winrm get winrm/config/client

Set-ShiftGuestOSConfig -domain mvp.local -force

# Set Vmware passwords
$password = ConvertTo-SecureString -AsPlainText -Force "Password"
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist "mvp\vmware", $password
Set-ShiftHypervisorConfig -credential $cred -name vmware -datacenter "Data Center" -force -hostname vmw01.mvp.local -IPaddress

#set hyperv passwords

$password = ConvertTo-SecureString -AsPlainText -Force "Password"
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist "mvp\admin", $password
Set-ShiftHypervisorConfig -credential $cred -name "Hyper-v" -IPaddress "" -hostname "hyp01.mvp.local" -datacenter "" -force

#Add-ShiftNetworkConfig -name "Primary Network" -sourceSwitch "VM Network" -destinationSwitch "VM_Converged_Network"
Add-ShiftNetworkConfig -hypervSwitch VM_Converged_Network -name LAN -vmPortGroup vSwitch0 -vLanId 10 -force

# Remove-ShiftNetworkConfig -name Network-A

#first trail conversion

Convert-VirtualMachine -source esx -destination hyperv -name "vmconvert01" -ipAddress -force

#get all the info in the job status or get a CSV file

Get-ShiftJobStatus J_ddc0f6ed-0bdf-48ee-8a7e-60264b7e7a7e -loop
Get-ShiftReport -file c:\shiftreport.csv
notepad c:\shiftreport.csv

$password = ConvertTo-SecureString -AsPlainText -Force "Password"
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist "administrator", $password
Convert-VirtualMachine -source esx -destination hyperv -name "vmconvert02" -credential $cred -ipAddress -domain mvp.local
Convert-VirtualMachine -source esx -destination hyperv -name "vmconvert02" -ipAddress

# with the verbose option you get more info As I tested with different accounts!

$password = ConvertTo-SecureString -AsPlainText -Force "Welkom01"
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist "mvp\admin", $password
Convert-VirtualMachine -source esx -destination hyperv -name "vmconvert02" -credential $cred -ipAddress  -domain mvp.local -Debug –Verbose

#get the jobstatus in verbose mode – best to use verbose all the time!

Get-ShiftJobStatus J_59661117-fcc3-416f-b3f7-bd5ec926237b -loop -Verbose -Debug

#get the results

Get-ShiftReport -file c:\shiftreport.csv
notepad c:\shiftreport.csv



# Create Netapp SVM
# OnCommand Shift PowerShell Cmdlets Example  admin Password
$passwordsvnm= ConvertTo-SecureString -AsPlainText -Force "Password"
$credsvm new-object -typename System.Management.Automation.PSCredential -argumentlist  "admin", $passwordsvm
New-SVM -file C:\svm_params.txt -Verbose -Debug

If you need more info about the Powershell Commands 

import-module *
Get-Command -Module ShiftClient

My conclusion is it is hard to get NetApp OnCommand to work because you need network/storage guys to work together and you will need the correct user accounts for the servers. but when is is running it is fast and true every server in less than 5 Minutes. But not usable in some situations when using multiple domains and the netapp configured and no option to reconfigure. And yes a dedicated NetApp would be nice but hardly the case.

Still Conversion takes time and this is also the point of moving or staying on VMware cause it takes so much time and effort to migrate / downtime projects could fail on this.

Of all the tools I used proven method for me is create a new lun mount this to VMware and make sure Hyper-v can also access this LUN. then do a storage migration of the VM to the LUN and turnoff the VM and use the Migration toolkit to convert the machine yes this is slow but not all have a NetApp. with fast storage SSD I got 3,66 GB/Minute and that was fine with an average VM size of 150 GB. And as a DC you can easily build a new one and replicate the AD to the Fresh server.


Happy clustering

Robert Smit


Quick Create a Windows Server 2012 R2 Network Load Balancing (NLB) ,How To , Step by Step #winserv #NLB #ws2012

As there are still many questions on how to setup a Windows NLB. Or not getting a working situation with all kind of different errors.

I made already two Blog post about NLB. This blog post will be a bit off Both.

So for starting I have 4 NLB nodes MVPSQL141 to MVPSQL 144

The NLB tools I installed with Powershell Run this on every NLB node!

Install-WindowsFeature nlb –IncludeManagementTools



Now that the tools are installed We can start with the Configuration of the NLB.

Starting the NLB manager to Create the NLB cluster and joining the Other Nodes.


All my nodes have multiple network cards and for the NLB I use always a dedicated NIC to avoid problems.

I select the create new cluster from the menu and add the First NLB node.


As you can see there are 3 nic’s in this case I use the Ethernet connection. The Public connection is connected to the Domain.

And All NIC’s have a fixed IP Addresses.


As you can see the nic has a dedicated IP if the nic has a DHCP Address you can give here a fixed IP by selecting ADD


This step is adding the Cluster IP by selecting ADD and then choose the right NLB Cluster IP!


Right Creating a DNS name for the NLB Cluster.


As I will only use Port 80 I changed the Rule and selected only port 80. I does not make sense to select all the ports when using only 80 and or 443.


Now that the Cluster is created We can join other Nodes with add host to the cluster I the menu. You can do only One Node at the time. the same screens as above are showing so no reason to capture this. However I have one node that has no fixed IP


When Adding this node there is a little warning.

image image

As you can see the IP is not there therefore I do ADD and create a FIX IP on the NIC when I select Next the port policy will appear and the node Will be joined to the Cluster.


If anything fails to join the NLB node to the Cluster you need to look on this node. Creating NLB is a simple Process. Basic rule all nics need to See and Ping on FQDN and IP incoming and outgoing ! and make sure the NLB DNS entry is there and make sure the reversed lookup is also there!

When joining the NLB IP to IIS make sure you use the Cluster NLB IP and remove all other IP bindings!!



Happy nlb clustering

Robert Smit


How to setup Azure VPN for Site-to-Site Cross-Premises or Create a Virtual Network for Point-to-Site #VPN #Azure #winserv

There are a lot of real good Blog post on how to create Azure Site to Site. And as the Vnext Windows Server is more and more connecting to the Cloud. I’ll show you how to create a S2S & P2P VPN setup. And The VPN option will get you to a real hybrid Network and This could be awesome. keep reading my blog posts. The Next blog post will be more about Hybrid Configurations.


So what do we need for a hybrid Environment Well I’ll setup a poor men’s version, that means One Hyper-v server home Router and an Azure Subscription.

First We setup a windows Server No special needs for this 4GB memory and 1 Disk but with two network cards. ( this is a VM )

So one NIC is on my corp network and the other NIC is connected to the friendly Internet.

When you have the server installed you only need to install RRAS Role Service and no direct configuration needed.

So by GUI or with Powershell   add-WindowsFeature DirectAccess-VPN,Routing


That is all what needed and you will need to create two NAT rules on your router ( however NAT is not supported )


But this all depends on you network configuration. 

The next step is Azure .

As I do net have a Network in azure I create a network that I will use for my VM’s that I will build after the network configuration, But I you already have a network in azure you can use that network.



But what Do I need Well It does not mater the Quick is configurable after creating the network. And the Custom is more Wizard driven.

For the screenshots I’ll pick Custom.

image The First step is pick a network name, No Change can me made afterwards ( well not easily )



Next step is Setting Checkboxes and DNS. I use an on premise DNS server but If you run a DNS in Azure You can use this server.


If you have already a network then you can pick the DNS servers from the list and pick also a local network.

I this case everything is New So give the DNS server a name and IP this is my local DNS server and I use a Internet DNS server. Just because this is an Easy IP address.

And I selected the Configure a point-to-site VPN and Configure a site-to-site VPN and on the Local Network I choose a new local network.



Now that the Diagram is filled we do some configuration, As my local network is a 10 network and I like to not have this in the same range in this Scenario.


So I pick a For my point-to-site VPN.

The next step is more Complicated, We need to pick a Local-Network name and We need to find the External IP on you network.



To find My external IP I use Bing just ask “ what is my IP “



The Next step is create a Address space for this network.




You have to check the Add Gateway Subnet this is uses for the Site-to-Site VPN

see Virtual Network Address Spaces page in About Configuring a Virtual Network using the Management Portal.


image image

Check the Box and you can see it is creating the network configuration but not the Gateway this is done in the next step.



After the Network Creation is Done We add the Gateway Configuration / Creation



This will take about 30 minutes to create ( and Will cost you about 12 euro a month )

While this is creating we will configure the P2P VPN.


One way to create an X.509 certificate is by using the Certificate Creation Tool (makecert.exe). To use makecert, download and install Microsoft Visual Studio Express 2013 for Windows Desktop, which is free of charge.

In this case I’ll use make cert.

Generate a self-signed root certificate the name can be your name or what you like.

makecert -sky exchange -r -n "CN=BlogRootCert" -pe -a sha1 -len 2048 -ss My "BlogRootCert.cer"

Generate a client certificate

makecert.exe -n "CN=BlogClientCert1" -pe -sky exchange -m 96 -ss My -in "BlogRootCert" -is my -a sha1


All certificates are stored in your Personal certificate store on your computer. Check certmgr to verify. You can generate as many client certificates as needed based on this procedure. Recommend is that you create unique client certificates for each computer that you want to connect to the virtual network.

A client certificate must be installed on each computer that you want to connect to the virtual network. This means you will probably create multiple client certificates and then need to export them. To export the client certificates, use certmgr.msc. Right click on the client certificate that you want to export, click all tasks, and then click export.


Export the client certificate with the private key. This will be a .pfx file. Make sure to record or remember the password (key) that you set for this certificate.


Copy the .pfx file to the client computer. On the client computer, double-click the .pfx file in order to install it. Enter the password when requested. Do not modify the installation location.

But the ROOTCERT is needed in Azure and we need to import this. When the Gateway is ready you can see in the Clients that it needs a certificate



Uploading the Certificate is the Certificate that we just Created

makecert -sky exchange -r -n "CN=BlogRootCert" -pe -a sha1 -len 2048 -ss My "BlogRootCert.cer"



Now that all the Azure Configuration is Done We configure the RRAS server as you can see in the overview the Gateway and P2P VPN is not Connected.



On the right there is a little list with some Download links


First we download the RRAS Configurations Script   Download VPN Device Script

Just make sure You select the Windows Server 2012 R2 as we are using this for the gateway.


When running this script in the RRAS server there is a Common Error the RRAS service is restarted so therefor it can not connect just run the connect line again and it will work.

However this is a CFG script you can rename this to PS1 Or Run this in Powershell ISE like I did.



# Dial-in to Azure gateway
Connect-VpnS2SInterface -Name



The Site To –Site VPN is now connected

For the Client You will use the Download the 64-bit Client VPN Package



Keep in mind Windows Does not trust an Downloaded EXE file so before you can install this it needs to unblock 



Now that the File is unblocked we can install the VPN this is a real quick install and no screens to view but in the network You can see a new network, in this case BlogHybrid.

For connecting just click the network and connect.


image  image

Now I’m Connected.


As you can see I’m connected With point-to-site VPN and a site-to-site VPN.


With a site-to-site VPN I can use Windows Azure Servers connecting To my local Domain.

With point-to-site VPN I can Connect With a Windows Azure VM on the Internal IP without using the IP.

And you can also connect Azure to Azure VPN between Subscriptions

This Will be the basic’s for my next Blog post Azure is very useful for easy testing an getting a heavy machine for your workload even for one day.


Happy clustering

Robert Smit


Technorati Tags: Windows Azure,Azure File service,Windows,Server,Clustermvp,Blob,cloud witness

Azure File share usage for Windows Server 2012R2 and Cluster Quorum usage #Azure #winserv #cloud

The file share option in azure can be used for several configurations. Say you want a azure share on your desktop or build a DFS in azure and use this in your private cloud. or build a file share witness for your cluster, and in the Windows Server technical preview there is the Cloud witness. But this can be done in windows server 2008 also.  there is no change but only the method on how to do this and maybe the cluster Support.

Azure Files is built on the same technology as the Blob, Table, and Queue Services, which means Azure Files is able to leverage the existing availability, durability, scalability, and geo redundancy that is built into our platform.





The File share can be used for several Scenarios

  • “Lift and Shift” applications

Azure Files makes it easier to “lift and shift” applications to the cloud that use on-premise file shares to share data between parts of the application. To make this happen, each VM connects to the file share (see “Getting Started” below) and then it can read and write files just like it would against an on-premise file share.

  • Shared Application Settings

A common pattern for distributed applications is to have configuration files in a centralized location where they can be accessed from many different virtual machines. Such configuration files can now be stored in an Azure File share, and read by all application instances. These settings can also be managed via the REST interface, which allows worldwide access to the configuration files.

  • Diagnostic Share

An Azure File share can also be used to save diagnostic files like logs, metrics, and crash dumps. Having these available through both the SMB and REST interface allows applications to build or leverage a variety of analysis tools for processing and analyzing the diagnostic data.

  • Dev/Test/Debug

When developers or administrators are working on virtual machines in the cloud, they often need a set of tools or utilities. Installing and distributing these utilities on each virtual machine where they are needed can be a time consuming exercise. With Azure Files, a developer or administrator can store their favorite tools on a file share, which can be easily connected to from any virtual machine.


Again this is just a preview Just be sure to understand the limitations of Azure Files the most important are:

  • 5TB per share
  • Max file size 1TB
  • Up to 1000 IOPS (of size 8KB) per share
  • Up to 60MB/s per share of data transfer for large IOs
  • SMB 2.1 support only


Here are the Links to the How to create a azure file share and build your desktop share

Build the Windows Server Cluster Azure Quorum Cloud Witness  in just a few Steps.

And yes you can build several configurations with the Azure File share Cloud Storage is there to use it. there is only one thing with the Cloud you will need an internet connection to your servers. unless you already use expressroute.


Happy clustering

Robert Smit



Technorati Tags: Windows Azure,Azure File service,Windows,Server,Clustermvp,Blob,cloud witness

Failed to install .NET Framework 3.5 Feature Windows Server 2012R2 OR on #Azure VM Error 0x800f081f Working Solution #winserv #MVPBuzz

you have just installed a fresh new Windows Server 2012R2 on premise or in Azure and you need to install .Net Framework 3.5 Features

But it fails with an error 0x800f081f

a quick search says you need this command to do this well eh why ? but any way it is on the web so it must be right .

dism.exe /Online /Enable-Feature /FeatureName:NetFx3 /All /LimitAccess /Source:E:\sources\sxs  <> Will not Work

But why everybody says thanks! let me that you to the real problem. Reminder this is for all Servers even in Azure !


We checked the .Net Framework 3.5 Features and failed


Next attempt Give the Source to the installation. not very handy in Azure first download a ISO then mount this to the OS.

But it is on the Web so it must be true and the installation says he I need a Source I do not have these files and the OS is not lying or does it ?


So we put in the Source and give it a try.




Same error and with the source, maybe my source is not right , yeh right.

Test tis one more time form the Command

Then there is this line, this should work eh yes is did not.

dism.exe /Online /Enable-Feature /FeatureName:NetFx3 /All /LimitAccess /Source:E:\sources\sxs



See it did not work, I told you so in the first line So what is really going on in this system.

The Real fix for installing .NET Framework 3.5 Feature and Error 0x800f081f

If you open a PowerShell window and query the roles and features Get-WindowsFeature take a look at .NET Framework 3.5.


In the last column the Install state is different, it says Removed ?

  1. Removed means that you can install the feature but the source files for that are not available for this OS (not always)
  2. Installed means that the role or feature is already enabled and in use
  3. Available means that you can install the feature and the source files are on the machine and the OS can use them

But Removed, If the @Azure Team has removed this feature could this be the problem ?

Let me check if there are Updates for my system.



What there is an update for me and I do not have the .NET 3.5 Framework features installed.

then there must be an update there for me that is nagging me. Let me search the updates for .NET 3.5 Framework and compare them to the Installed updates.


This is an .NET 3.5 Framework update ad must be installed when the .NET 3.5 Framework was installed and patched


I uninstalled this update


Reinstalled .NET 3.5 Framework feature and see now it is working.


So all the time a Windows Update is keeping me from installing the .NET 3.5 Framework Feature.

Sometimes Windows can be a pain, But you are in control !

Happy Clustering!

Robert Smit




Technorati Tags: ,,,,,,
WordPress Tags: Framework,Feature,Windows,Server,Azure,Error,Solution

Hyper-v Virtual Machine Connection in Windows Server 2012R2 #hyper-v #winserv

Did you know that you could connect to other Hyper-v servers and then open the Console ?

In the system32 folder there is a file vmconnect.exe

You can connect to the local or to other Hyper-v servers in your domain




Just type your Hyper-v server and all the VM’s are listed and you can easy connect to them.


The console is opened and you can even change the settings. how cool is that!


With this there is less reason to connect with RDP to the Hyper-v Servers for just to change something in the VM. this is an easy tip.

Happy Hyper-v

Robert Smit


StorScore A test framework to evaluate SSDs and HDDs #Cloud Server Infrastructure Engineering #CSI #ssd #winserv @microsoft

StorScore is a component-level evaluation tool for testing storage devices.
When run with default settings it should give realistic metrics similar to
what can be expected by a Windows application developer.


You must download and install the following or StorScore will not work:

    A Windows Perl interpreter:

Strawberry Perl is a perl environment for MS Windows containing all you need to run and develop perl applications. It is designed to be as close as possible to perl environment on UNIX systems.


With the output you can create some pivot tables and get great output.


Create a New Network Load Balancing NLB Cluster On Windows Server 2012 R2 #Winserv #nlb

Still I thought NLB is so common that there is no point here to create a blog. but recently I see a lot of misconfigurations of NLB or people trying to do the easy way and not listen to the guidelines. So this blog is all about NLB only in the private cloud you can’t extend this to Azure even if you have a S2S.

So I have two servers in my private cloud.  MVPNLB001 and MVPNLB002 Both Machines have two NIC’s one for LAN and the other is for the NLB actions.

and yes it can be with one but with two is it much easier and fault tolerant. Less errors and less administration.

Both domain joined and ready for Setup of my basic IIS.

First we setup IIS with the Management tools


Install-WindowsFeature -Name Web-Server Or Add-WindowsFeature Web-WebServer –IncludeAllSubFeature to get all the features

Install-WindowsFeature -Name Web-Mgmt-Tools
Add-WindowsFeature NET-Framework-45-ASPNET

Get-WindowsFeature nlb*



add-WindowsFeature –Name NLB

add-WindowsFeature RSAT-NLB

Now we are ready to configure the NLB. We can do this With powershell but the GUI also Works.  ( I show both )



The First Step will be Create a New NLB Cluster. As I do like things clear and therefor I start with rename the NIC names

Rename-NetAdapter -Name "Ethernet 2" -NewName "NLB"

Rename-NetAdapter -Name "Ethernet" -NewName "LAN"


Open the NLB Manager and select Cluster NEW


Or use powershell

Rename-NetAdapter -Name "Ethernet 2" -NewName "NLB"

New-NetIPAddress -IPAddress -InterfaceAlias "NLB" -AddressFamily IPv4 -PrefixLength 24

In this case we renamed the adapter and give the nic a static IP.

The next steps Will be creating the NLB with his own IP and Remove the default port rule and use only ports that I want say port 80


Well that was easy Creating the NLB Next step will be delete the port rule and create a 80 port rule 


We will remove the default line and just create a rule for one port that I need in this case port 80

Network Load Balancing parameters



These steps can be done in just a few more PowerShell lines ( I use variables see below the post for the complete script )

#Creating new cluster
Write-Host "Creating NLB Cluster…" -ForegroundColor yellow
New-NlbCluster -ClusterName $ClusterFqdn -InterfaceName $InterfaceName -ClusterPrimaryIP $ClusterPrimaryIP -SubnetMask $ClusterPrimaryIPSubnetMask -OperationMode $OperationMode

#Removing default port rule for the new cluster
Write-Host "Removing default port rule…" -ForegroundColor yellow
Get-NlbClusterPortRule -HostName . | Remove-NlbClusterPortRule -Force


But now what we have only One Server and we need to add the other node or nodes.


With two more confirmations screens you are done and have a Configured NLB on One 1 IP listening on port 80

Suppose you have multiple websites and all running on different IP or hostnames just add a cluster IP


Now that the NLB is created We can do some testing

Now to get this to work with IIS


That is right page not found. Check the DNS see if the record is created. and make sure the website IIS is running on this IP

Go to the IIS manager and check the website bindings, default it is listening on all IP but this is not the behavior that I want I want a NLB. So we need to set the website on the NLB IP configured earlier.  When Having multiple IP on the NLB pick the right IP!


Remember this you need to do this on all the Webservers!



A complete script to automate all these steps and add a second node. only the IP is fixed in the script and can be set as variable but this is up to you.

use this at free will. I created small steps so you can use also little steps if you need this or just give you an Idea.


#Set IP for NLB
Write-Host "Set NLB IP and change Network adapter" -ForegroundColor yellow
Rename-NetAdapter -Name "Ethernet 2" -NewName "NLB"
New-NetIPAddress -IPAddress -InterfaceAlias "NLB" -AddressFamily IPv4 -PrefixLength 24

#Set ExecutionPolicy
Write-Host "Set ExecutionPolicy" -ForegroundColor yellow
Set-ExecutionPolicy -scope LocalMachine RemoteSigned –force

Write-Host "Add-WindowsFeature NLB" -ForegroundColor yellow
add-WindowsFeature NLB
add-WindowsFeature RSAT-NLB

#Variables for creating the new cluster
Write-Host "Variables for creating the new cluster" -ForegroundColor yellow
$ClusterFqdn = Read-Host "Enter NLB cluster Name FQDN"
$InterfaceName = Read-Host "Enter interface name for NLB-adapter"
$ClusterPrimaryIP = Read-Host "Enter cluster primary IP"
$ClusterPrimaryIPSubnetMask = Read-Host "Enter subnetmask for cluster primary IP"

Write-Host "Choose cluster operation mode"
Write-Host "1 – Unicast"
Write-Host "2 – Multicast"
Write-Host "3 – IGMP Multicast"
switch (Read-Host "Enter the number for your chosen operation mode")
1 {$OperationMode = "unicast"}
2 {$OperationMode = "multicastcast"}
3 {$OperationMode = "igmpmulticast"}
default {Write-Warning "Invalid option, choose ‘1’, ‘2’ or ‘3’";return}

#Creating new cluster
Write-Host "Creating NLB Cluster…" -ForegroundColor yellow
New-NlbCluster -ClusterName $ClusterFqdn -InterfaceName $InterfaceName -ClusterPrimaryIP $ClusterPrimaryIP -SubnetMask $ClusterPrimaryIPSubnetMask -OperationMode $OperationMode

#Removing default port rule for the new cluster
Write-Host "Removing default port rule…" -ForegroundColor yellow
Get-NlbClusterPortRule -HostName . | Remove-NlbClusterPortRule -Force

#Adding port rules

Add-NlbClusterPortRule -Protocol Tcp -Mode Multiple -Affinity Single -StartPort 80 -EndPort 80 -InterfaceName $InterfaceName | Out-Null
Write-Host "Added port rule for http (tcp 80)" -ForegroundColor yellow

Add-NlbClusterPortRule -Protocol Tcp -Mode Multiple -Affinity Single -StartPort 443 -EndPort 443 -InterfaceName $InterfaceName | Out-Null
Write-Host "Added port rule for https (tcp 443)" -ForegroundColor yellow

#Adding additional cluster nodes based on user input
Write-Host "Give Second NLB host" -ForegroundColor yellow
$Node2Fqdn = Read-Host "Enter 2e NLB node"

#Set Network Adapter
Enter-PSSession -ComputerName $Node2Fqdn
invoke-command -computername $Node2Fqdn -scriptblock { Rename-NetAdapter -Name "Ethernet 2" -NewName "NLB"}
invoke-command -computername $Node2Fqdn -scriptblock { New-NetIPAddress -IPAddress -InterfaceAlias "NLB" -AddressFamily IPv4 -PrefixLength 24}
Write-Host "Placed NLB IP and changed NIC to NLB" -ForegroundColor yellow

Write-Host "Add-WindowsFeature NLB" -ForegroundColor yellow
Enter-PSSession -ComputerName $Node2Fqdn
invoke-command -computername $Node2Fqdn { add-WindowsFeature NLB}
invoke-command -computername $Node2Fqdn { add-WindowsFeature RSAT-NLB}

#Add Remote Node To NLB
Write-Host "Adding cluster node $Node2Fqdn" -ForegroundColor yellow
Get-NlbCluster | Add-NlbClusterNode -NewNodeName $Node2Fqdn -NewNodeInterface NLB


Have fun

Robert Smit

Twitter : @clustermvpTwitter : @clustermvp

Windows 2012R2 UR1 Cluster Event ID 1223,1069,1077 does not have a valid value for the read-only property ‘ObjectGUID’ #winserv #network

You just created a fresh new cluster based on a PowerShell script and you checked the validation report and read only “Success” great you open the Failover cluster manager and yes there is a cluster

image image

#Install cluster options
Get-WindowsFeature Failover-Clustering
install-WindowsFeature “Failover-Clustering”,”RSAT-Clustering” -IncludeAllSubFeature
#Create cluster validation report
Test-Cluster -Node mvpsql141,mvpsql142
#Create cluster
New-Cluster -Name MVPSQL1401 -Node mvpsql141,mvpsql142 -NoStorage -StaticAddress “”
#Add disks to the cluster
Get-ClusterAvailableDisk -Cluster MVPSQL1401
Get-ClusterAvailableDisk -Cluster MVPSQL1401 |Add-ClusterDisk
#Add disk to CSV
Add-ClusterSharedVolume -Cluster MVPSQL1401 -Name “Cluster Disk 1”
#Set Cluster Quorum
Set-ClusterQuorum -Cluster MVPSQL1401 -FileShareWitness \\mvpdc01\cluster
#set network configuration
(Get-ClusterNetwork “Cluster Network 1”). Role =0


But you want to setup some resources but it fails you double check your script and again it failed. you looked at the last error and see an error

“ The network name Name: MVPSQL2014 does not have a valid value for the read-only property ‘ObjectGUID’.”

Followed by several event ID Event ID 1223 1069 1077

You checked the networks



but after open the IP resource you can’t select a network ! but all networks are up !

So what is the problem ?  lets check all the events this must be a but I did everything right

This resource is marked with a state of ‘Failed’ instead of ‘Online’. This failed state indicates that the resource had a problem either coming online or had a failure while it was online

The network name Name: MVPSQL2014 does not have a valid value for the read-only property ‘ObjectGUID’. To validate the service principal name the read-only private property ‘ObjectGuid’ must have a valid value. To correct this issue make sure that the network name has been brought online at least once. If this does not correct this issue you will need to delete the network name and re-create it

Health check for IP interface ‘Cluster IP Address’ (address ‘’) failed (status is ‘1168’). Run the Validate a Configuration wizard to ensure that the network adapter is functioning properly.

Cluster IP address resource ‘Cluster IP Address’ cannot be brought online because the cluster network ‘Cluster Network 1’ is not configured to allow client access. Please use the Failover Cluster Manager snap-in to check the configured properties of the cluster network.

Event ID 1223 1069 1077

See the last error “ ‘Cluster Network 1’ is not configured to allow client access. “ but I did set this option , yes you did see the script

(Get-ClusterNetwork “Cluster Network 1”). Role =0


but Role 0 ?

Cluster Network Roles:

Cluster networks are automatically created for all logical subnets connected to all nodes in the Cluster.  Each network adapter card connected to a common subnet will be listed in Failover Cluster Manager.  Cluster networks can be configured for different uses.




Disabled for Cluster Communication


No cluster communication of any kind sent over this network

Enabled for Cluster Communication only


Internal cluster communication and CSV traffic can be sent over this network

Enabled for client and cluster communication


Cluster IP Address resources can be created on this network for clients to connect to. Internal and CSV traffic can be sent over this network


I changed the Role to 3

(Get-ClusterNetwork “Cluster Network 1”). Role =3

Or in the gui



One happy cluster again as you can see mistakes are easily made and not always detected directly so just make sure your cluster is running healthy before you move further

Windows Server 2012 R2 Update KB2919355 #update #winserv #PoshPAIG #Patch #Audit/Installation GUI

Don’t forget to update your servers with update 1 and keep in mind that if you choose to update your clusters by hand. That you patch all the servers and not leave the cluster is a split-patched environment!. You will not be the first that have cluster troubles by mispatching.

now that there is a Update 1 you can see different patch models from 800 Mb to 3 MB depends on the update status from the machine.



Windows Server 2012 R2 Update is a cumulative set of security updates, critical updates and updates. You must install Windows Server 2012 R2 Update to ensure that your computer can continue to receive future Windows Updates, including security updates. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

But if you don’t know the status of your servers and you don’t use wsus but patching from Microsoft update and there is no SCCM in place. you need some other tool to audit your servers. Write a Powershell script DSC or use a tool from codeplex Enter the PowerShell Patch Audit/Installation GUI (PoshPAIG).


This is a little toolkit that can do this for you If you don’t have tools in place and you need fast results this is the best way.

The tool is self explaining So I don’t go in to detail the source is here:



/Happy Patching

Windows Server 2012 R2 with SQL Server 2014 Cluster installation in less than 15 minutes #winserv #Rocks #movie

SQL Server 2014 now Generally Available Build your Cluster #sql

Robert Smit MVP Blog

Just for the fun I recorded a movie on the installation of Windows Server 2012 R2 . I thought just a quick recording and done but as it turns out it took longer than I expected, I made a typo in the script or clicked the wrong script or forgot to clean out my netbios name. then you gona build failsafe items in the scripts and they will be shown as errors because some items are already be set and can’t set twice.

The basic Idea was record a quick movie of an unattended installation of a SQL cluster in a few minutes is this possible yes it cab be done in les than 15 minutes. installation of the OS , Cluster with full Storage validation and a two node SQL cluster based on normal disk and a two node cluster based on CSV.

Eh in 15 minutes two full…

View original post 249 more words

A port on the virtual switch has the same MAC as one of the underlying team members on Team Nic Event ID 16945 #winserv

If you are using Windows Server 2012 R2 and configured NIC Teaming you could have this Event ID : 16945

This is showing up as a Warning in the event log.
What the event is saying is that you have a host vNIC (virtual NIC presented to the host that is connected to the Virtual Switch)
That has the same MAC address as one of the NIC (physical NIC) members of the NIC team.  
This shouldn’t cause an issue as long as the team member that has the same MAC as the vNIC remains in the team. If that team member is ever removed from the team and attempt standalone operation with that MAC then there could be duplicate MAC address on the network assuming the vNIC is also in operation.  


What is NIC Teaming?

A solution commonly employed to solve the network availability and performance challenges is NIC Teaming. NIC Teaming (aka NIC bonding, network adapter teaming, Load balancing and failover, etc.) is the ability to operate multiple NICs as a single interface from the perspective of the system. In Windows Server 2012, NIC Teaming provides two key capabilities:

  1. Protection against NIC failures by automatically moving the traffic to remaining operational members of the team, i.e., Failover, and
  2. Increased throughput by combining the bandwidth of the team members as though they were a single larger bandwidth interface, i.e., bandwidth aggregation.

My current Team


You can see a all the vNIC/pNIC and MAC addresses by doing a “get-netadapter | sort macaddress” in PowerShell. 
You should see one of your physical NIC and a virtual NIC called something like "vEthernet" and both will have the same MAC. 

get-netadapter | sort macaddress


But what If I change the MAC of the Team by looking at the properties of the team interface (in Network Connections, "Microsoft Network Adapter Multiplexor", then click the Configure button, then select the Advanced tab.
The 7th item in the list is MAC Address. You could configure a MAC there for the team.



The Team is has now the given MAC More about the MAC reservations

Hyper-V How To: Manage MAC Address Conflicts

Windows Server 2012 NIC Teaming (LBFO) Deployment and Management

Capacity Planner for Hyper-V Replica #hyperv #winserv #scvmm

The Capacity Planner for Hyper-V Replica guides the IT administrator to design the server, storage and network infrastructure which is required to successfully deploy Hyper-V Replica.

Hyper-V administrators of Windows Server 2012 and Windows Server 2012 R2 can replicate their virtual machines from a primary server / cluster to a replica server / cluster for business continuity and disaster recovery purposes. The Capacity Planner for Hyper-V Replica provides server, storage and network provisioning guidance which would allow IT administrators to successfully plan for a Hyper-V Replica deployment

Get Hyper-V Replica Capacity Planner

The Setup is real easy and a comprehensive report is prepared that shows CPU, RAM, Disk and Network capacity needed to successfully support your specific configuration and environment.


First we choose a time to collect utilization metrics for the Vm’s to replicate. best way to test this is during work hours and 30 minutes or longer. 


10 hyper-v server can be selected in one Run.

image image

If you use a Cluster use the Broker and not the Hyper-v FQDN.


And If a server is not enabled for replication you will see this error. and you can run this with or without Certificates.


You can only pick VM’s that are not Replica Enabled and if the VM holds more Disk you can unselect the disk.


After running this there will be a HTML report with all the metrics CPU,Memory,IOPS,Storage usage, network throughput.

This way you get insight information on what can I expect when using hyper-v replica


How many IOPS do I need and gives you the optimal setting


The Network info is great info What do I need and how many is consumed during the Replica.

And read the documentation there is a lot of useful info in this document and this will help you to understand the report.

Get Hyper-V Replica Capacity Planner

Separate VM in Hyper-V virtual machines using anti-affinity #winserv #hyperv #DRS

For some Virtual machines you don’t want to run them on the same hyper-v server in a cluster. sys you have a two node cluster and running two DC’s you don’t want to run the VM’s on the same hyper-v box.

With anti-affinity you can prevent this that both VM’s are running on the same box. But this is not the same as preferred owner.

With the preferred owner you prevent that the VM will failover to a other Hyper-v host. If the hyper-v host is failing so are all the VM’s on this host there will be no failover to an other Hyper-v host.


With the anti-affinity you create a “rule” that says he these two VM’s or cluster roles may never be seen on the same hyper-v host. unless there is no other way.

Anti-Affinity – For a given VM (technically any cluster Group) there is a cluster group property called AntiAffinityClassNames that allows you to configure the preference to attempt to keep that VM off the same node as other similar VMs. Let’s say for example you have two domain controllers running in VMs. It would probably be best to keep those running on different nodes if possible. When determining failover, the cluster service will deprioritize any node which is hosting a similar VM. If there is no other option (in the goal of making VMs available) it will place them on the same host. More information:

but there is no GUI option for this. PowerShell only and this need settings on all your hyper-v nodes in the cluster.

So get some listing of the classes

Get-ClusterGroup | get-member -name AntiAffinityClassNames

these are the objects “System.Object AntiAffinityClassNames {get;set;}”

If you need more info check this link :



With a quick check we can see the current affinity settings

Get-ClusterGroup | Select AntiAffinityClassNames


Currently there are no rules in place.

Because I need to run this on all servers I create a nice step by step and easy to change Powershell script

I create several groups names  SQL,VM,DC,APP now I know what machines I can place in the groups.

So I create a small amount of variables


$SQLAntiAffinity = New-Object System.Collections.Specialized.StringCollection

$SQLAntiAffinity.Add("SQL Server Instance")

$DCAntiAffinity = New-Object System.Collections.Specialized.StringCollection

$DCAntiAffinity.Add("Domain Controllers")

$WEBAntiAffinity = New-Object System.Collections.Specialized.StringCollection

$WEBAntiAffinity.Add("WEB Servers")

$APPAntiAffinity = New-Object System.Collections.Specialized.StringCollection

$APPAntiAffinity.Add("Application Servers")



The last part is assign the VM to the group.

(Get-ClusterGroup –Name VMSQL01).AntiAffinityClassNames = $SQLAntiAffinity

(Get-ClusterGroup –Name VMSQL02).AntiAffinityClassNames = $SQLAntiAffinity

(Get-ClusterGroup –Name VMDC01).AntiAffinityClassNames = $DCAntiAffinity

(Get-ClusterGroup –Name VMDC02).AntiAffinityClassNames = $DCAntiAffinity

(Get-ClusterGroup –Name VMWEB01).AntiAffinityClassNames = $WEBAntiAffinity

(Get-ClusterGroup –Name VMWEB02).AntiAffinityClassNames = $WEBAntiAffinity

(Get-ClusterGroup –Name VMAPP01).AntiAffinityClassNames = $APPAntiAffinity

(Get-ClusterGroup –Name VMAPP02).AntiAffinityClassNames = $APPAntiAffinity


and You did know you can use the + = to add a VM to the group or Clear the group

(Get-ClusterGroup –Name NEWVM01).AntiAffinityClassNames += $SQLAntiAffinity

or clear the VM from all Groups

(Get-ClusterGroup –Name NEWVM01).AntiAffinityClassNames = “”


the rules are in place lets see if we can find them back

Get-ClusterGroup |Select-Object -Property name,AntiAffinityClassNames


(Get-ClusterGroup demo01).AntiAffinityClassNames

Now that the roles are in place We can see how It works. I paused a hyper-v node and As soon as I resume the node the anti-affinity rule kicks the VM Winking smile


Changing Quorum disk in Windows server 2012R2 No downtime #winserv #iscsi

If you want to change the Quorum disk in your cluster and you are afraid to get downtime or lost connectivity you don’t have to afraid. In windows server 2012R2 you can drive and change the tire.

In the failover cluster manager (FCM) right click the cluster and under more actions you can set the cluster quorum.

  Configure and Manage the Quorum in a Windows Server 2012 Failover Cluster

In the next screen you can do the default/select/advanced config.

I choose the advanced , This is a fresh Cluster and currently there is only one node.

image Configure and Manage the Quorum in a Windows Server 2012 Failover Cluster

But you can make a selection of the nodes that can vote, So if you have a node that is less important and or you don’t want to have the vote you can un select them.  And you can find this easily in the nodes assigned vote



This step you can create a fileserver witness or a disk witness. Remember when creating your cluster and all disk are presented to the cluster the smallest disk is auto assign to be the witness disk. unless there is only one disk then this disk is used as quorum even if this disk is several TB.

image I can choose between two disk and I select the 500MB disk after this the cluster is quorum ready.


as you can see in the disks the Quorum is configured.

and yes all these steps can be don in PowerShell

Set-ClusterQuorum –Cluster Left01 -NodeAndDiskMajority "Cluster Disk 2"

but now for changing the quorum ? yes the same steps are needed

but in the disk selection there is already a disk selected and you can’t use two disks so flip the check box for the other disk and you are ready to go.



Set-ClusterQuorum –Cluster Left01 -NodeAndDiskMajority "Cluster Disk 3"

So now downtime no reboots and flip it back to disk 2 easy

Configure and Manage the Quorum in a Windows Server 2012 Failover Cluster