Category: Windows Server 2016

https://github.com/Microsoft/windows-admin-center-sdk/

Windows Admin Center Update,formerly Project Honolulu! #servermgmt #WAC ‏#S2D #WSSD #WindowsAdminCenter @docsmsft

Windows Admin Center is a new, locally-deployed, browser-based management tool set that lets you manage your Windows Servers with no Azure or cloud dependency. Windows Admin Center gives you full control over all aspects of your server infrastructure and is particularly useful for managing servers on private networks that are not connected to the Internet.

Windows Admin Center is the modern evolution of "in-box" management tools, like Server Manager and MMC. It complements System Center and Operations Management Suite – it’s not a replacement.

To get started get the latest version from the Windows insiders page.

Windows Admin Center also provides these solutions:

Computer Management – Provides a subset of the Server Manager features for managing Windows 10 client PCs
Failover Cluster Manager – Provides support for ongoing management of failover clusters and cluster resources
Hyper-Converged Cluster Manager – Provides an all-new experience tailored for Storage Spaces Direct and Hyper-V. It features the Dashboard and emphasizes charts and alerts for monitoring.

So the installation is just a simple MSI file Downloaded here https://aka.ms/wacdownload

When not using a self signed certificate you can use your own certificate and add the thumbprint to the installation

You can also create your own self signed certificate and use a silent setup

New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname MVP16core10.mvp.local

Silent setup for Installing Windows Admin Center

msiexec /i WindowsAdminCenter1804.25.msi /qn /L*v log.txt SME_PORT=443 SSL_CERTIFICATE_OPTION=generate

msiexec /i WindowsAdminCenter1804.25.msi /qn /L*v log.txt SME_PORT=443 SME_THUMBPRINT=F377B0BC731AFB1F93558C035155DE148C6214F3 SSL_CERTIFICATE_OPTION=installed

After installing and opening the webpage there is a welcome screen. guess we all do the Skip Tour.

Adding servers is really easy. do it manually or import a csv file

Now that Windows servers are added real time info is visible in the portal.

With the extra extensions new features are added to the Windows Admin Center WAC

Currently more and more add on extensions are added to the Windows Admin Center. this makes the tool even more important to use.

There are some great extensions for Windows Admin center. like the Storage Migration preview or the DataOn extention. Or adding the login to the Azure AD.

In the services wen can add the Azure Active directory. Keep in mind once it set I couldn’t it set back to the local account.

For Connection to the Azure AD you need a little Powershell script download it here : https://aka.ms/WACAzureConnectScript

To allow the Windows Admin Center gateway to communicate with Azure to leverage Azure Active Directory authentication for gateway access, or to create Azure resources on your behalf (for example, to protect VMs managed in Windows Admin Center using Azure Site Recovery), you must first connect your Windows Admin Center gateway to Azure. You only need to do this once for your Windows Admin Center gateway – the setting is preserved when you update your gateway to a newer version.

To connect your gateway, you must run the New-AadApp.ps1 PowerShell script (there is also a hyperlink in the Windows Admin Center UI for this download, which is visible wherever you try to use an Azure integration feature for the first time), which creates a web application in Azure AD with the name "SME-gateway" and registers the application with the Windows Admin Center gateway. This allows Windows Admin Center to connect to Azure resources like Azure AD on your behalf. You can run the script from any computer that has access to the Windows Admin Center gateway and to Azure.

You need to install the AD powershell modules on the Server.

Install-Module AzureRM.Resources

Install-Module AzureAD

$cred = Get-Credential

.\New-AadApp.ps1 -GatewayEndpoint "https://mvp16core10.mvp.local" -Credential $cred

The Logon Box will appear and logon with your Azure Credentials.

Now that you are logged on you will see an App registration in your Azure AD.

If needed you need to give the App permissions

Close browser and login into the Windows admin center

Windows Admin center will ask you for the Azure AD credentials

Keep in mind for Connection to the On premise Windows Admin Center you need to have WinRM firewall ports open to the WAC and WinRM enabled. but this is logical. The connection is over a Public IP or better a Site to Site VPN or express route connection. Make sure your NSG is correct configured.

One on the nice options of WAC – Windows Admin Center is the HTML5 RDP connection. Quick and easy RDP into the VM.

Remember that I installed the extensions Storage migration service. ( this works only with server 2019)

The new Storage Migration servers will be added to the admin center. But optional server features must be added before usage.

the Above are the migration options. Migrate directly all your files to a Server 2019 or Azure Files storage

And on the Windows Server 2019 you must enable the following features.

And you need an orchestrator role therefore you need to install the RSAT Storage Migration Server tools

After this you can create a migration JOB to move all the files.

A full blog post from Ned Pyle gives in-depth details how to migrate the files

https://blogs.technet.microsoft.com/filecab/2018/04/12/introducing-the-windows-server-storage-migration-service/

Next week there is the Windows Server Summit 2018 there will be more info about Windows server 2019 and Windows Admin Center.

Join the meeting!

Get started now

The Windows Server Summit is on June 26, 2018, but you can get started now by joining the Windows Insiders program and downloading the Windows Server 2019 preview. Don’t forget to also download Windows Admin Center, the evolution of Windows Server in-box management tools.

see you on June 26th!

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Windows Server Summit 2018 regardless of whether you’re running Windows Server on-premises or in the #Cloud #Winserv #WindowsAdminCenter #Containers #WindowsServerSummit #S2D #CloudOS

In Almost a week Microsoft is hosting a Virtual event:Windows Server Summit This year Windows Server reaches the incredible mark of 25 years in market. If you’re a Microsoft professional, you probably built your career on the Windows platform and we appreciate the trust you deposited on us. The launch of Windows Server 2019 later this year solidifies the importance of Windows Server on Microsoft’s hybrid strategy and now we want to help you take the next step in your career and support you in the journey of either move to the cloud, leverage cloud services on-premises, or evolve your datacenter infrastructure and applications.

Join us on Tuesday, June 26, 2018 for a virtual experience to learn tips and tricks for modernizing your infrastructure and applications—regardless of whether you’re running Windows Server on-premises or in the cloud.

We’re just a week away from the Windows Server Summit. The event will be on June 26, 2018 at 9:00 AM Pacific Time. We have a packed agenda with tons of good content, lots of demos, and excellent speakers.

Erin Chapple, Director of Program Manager and Arpan Shah, General Manager of Azure Infrastructure Marketing will kick of the event with a keynote to discuss what’s new around Windows Server, Microsoft’s hybrid strategy, roadmap, and much more. After that, we dive into the new functionalities of Windows Server 2019 and Windows Admin Center.

Learn how to build the future with Windows Server

Explore the roadmap for Windows Server, discover new skills and best practices, and get your questions answered in conversations with the Microsoft experts behind our products.

Hybrid

Learn how Windows Server helps you integrate Azure services into your on-premises environment and how to better run Windows Server in Azure.

Security

Better security starts with the Operating System. Learn how Windows Server helps you elevate your company’s security posture.

Application platform

Containers are changing the way developers and operations teams run applications. Learn how Windows Server helps you modernize yours.

Hyper-converged infrastructure (HCI)

Windows Server 2016 introduced new HCI capabilities that are game-changers. Now, check what’s new around HCI for Windows Server 2019.

Get started now

We can’t wait to (virtually) see you on June 26th!

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Clustering FileServer Data Deduplication on Windows 2016 Step by Step #sofs #winserv #ReFS #WindowsServer2016 #Dedupe

Building a File server in Server 2016 isn’t that different tan in Server 2012R2 except there are different options, ReFS, DeDupe and a lot more options. As we start with the basic file server clustered and using ReFS and Data Duplication. This is a common scenario and can also be used in Azure.

Data Deduplication can effectively minimize the costs of a server application’s data consumption by reducing the amount of disk space consumed by redundant data. Before enabling deduplication, it is important that you understand the characteristics of your workload to ensure that you get the maximum performance out of your storage.

In this demo I have a two node cluster a quick create of the cluster. This is a demo for file services.

Create Sample Cluster :

#installing the File server and cluster features

Get-WindowsFeature Failover-Clustering
install-WindowsFeature "Failover-Clustering","RSAT-Clustering" -IncludeAllSubFeature
Restart-Computer –Computername Astack16n014,Astack16n015 –force

#Create cluster validation report
Test-Cluster -Node Astack16n014,Astack16n015

#Create cluster

New-Cluster -Name Astack16R5 -Node Astack16n014,Astack16n015 -NoStorage -StaticAddress "10.255.255.41"

Now that the Cluster is in place we can start with the basic of the file cluster, the disks need to be sharable so no local disks.

If you want to build a file server with local disk only then we should use storage spaces direct, I’ll use this in the next blog post.

We add a shared disk to the cluster. Enable the disk and format the disk.

I format the disk with ReFS as this is the next file structure and has more options than NTFS.

The next iteration of ReFS provides support for large-scale storage deployments with diverse workloads, delivering reliability, resiliency, and scalability for your data. ReFS introduces the following improvements:

ReFS implements new storage tiers functionality, helping deliver faster performance and increased storage capacity. This new functionality enables:
- Multiple resiliency types on the same virtual disk (using mirroring in the performance tier and parity in the capacity tier, for example).
- Increased responsiveness to drifting working sets.
- Support for SMR (Shingled Magnetic Recording) media.
The introduction of block cloning substantially improves the performance of VM operations, such as .vhdx checkpoint merge operations.
The new ReFS scan tool enables the recovery of leaked storage and helps salvage data from critical corruptions.

The disk is formatted and added to the cluster,showing as Available Storage.

Our next step would be Adding the File server role to the cluster.

The question here is is this a normal file server or do you want to build a sofs cluster. Currently SOFS is only supported for RDS UPD,Hyper-v,SQL. Comparing both SOFS and a file server.

SOFS = Active – Active File share

Fileserver = Active – Passive File share

We are sing the file server for general usage.

Give your file server a name. Remember this is the netbios name and needs to be in the DNS!

Default is a DHCP IP but I assume you will set this to fixed or make this static in the DHCP & DNS

Now that the file server and the disk is added to the cluster we can start the file Server and add some shares to this

add the file share.

When adding the file share we see this error “ client access point is not ready to be used for share creation”

This is a brand new File Server and already broken ? well no reading this error message it said we can’t access the netbios name

We we do properties on the file server you can see there is a DNS failure. It can’t add the server to the DNS or the registration is not correct.

Just make sure the name is in the DNS and a nslookup works.

When adding the file share you get a couple off options, and lets pick the SMB share Quick option

Get the file share location, this would be on the shared disk in the cluster. if there are no folders make the folder first.

I Give the folder a name and put this to the right disk.

Here you can pick a couple of options and some are already tagged. I this case I only use access-based enumeration.

The file server is ready. clients can connect. Access ACL must be set but this depends on the environment.

Our next step is enable Data Deduplication on this share. It is a new option in Server 2016. Want to know what is new in Windows Server 2016 https://docs.microsoft.com/en-us/windows-server/storage/whats-new-in-storage

Data Deduplication

Install Data Deduplication every node in the cluster must have the Data Deduplication server role installed.

To install Data Deduplication, run the following PowerShell command as an administrator:

Install-WindowsFeature -Name FS-Data-Deduplication

Recommended workloads that have been proven to have both datasets that benefit highly from deduplication and have resource consumption patterns that are compatible with Data Deduplication’s post-processing model. We recommend that you always enable Data Deduplication on these workloads:
- General purpose file servers (GPFS) serving shares such as team shares, user home folders, work folders, and software development shares.
- Virtualized desktop infrastructure (VDI) servers.
- Virtualized backup applications, such as Microsoft Data Protection Manager (DPM).
Workloads that might benefit from deduplication, but aren’t always good candidates for deduplication. For example, the following workloads could work well with deduplication, but you should evaluate the benefits of deduplication first:
- General purpose Hyper-V hosts
- SQL servers
- Line-of-business (LOB) servers

Before enabling the Data Deduplication we can first check and see if there any savings are by doing this.

Run this in a Command or powershell command where e:\data is or data location that we are using for the dedupe

C:\Windows\System32\DDPEval.exe e:\data

Even with a few files there is a saving.

get-volume -DriveLetter e

To enable the dedupe go to server manager , volumes and select the disk that need to be enabled.

Selecting the volume that needs Dedupe other volumes won’t be affected. It’s important to note that you can’t run data deduplication on boot or system volumes

The setting of the # days can be changed in to something what suite you.

When enabling Deduplication, you need to set a schedule, and you can see above that you can set two different time periods, the weekdays and weekends and you can also enable background optimization to run during quieter periods, and for the rest it is all powershell there is no gui on this.

Get-Command -Module Deduplication will list all the powershell commands

Measure-DedupFileMetadata -Path e:\data

I places some of the same ISO files on the volume and as you can see there is a storage saving.

get get the data run an update on the dedupe status.

Update-DedupStatus -Volume e:

It is all easy to use and to maintain. If you have any cluster questions just go to https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverClustering and I’m happy to help you there and also other community or microsoft guys are there.

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Bing : Find me on Bing Robert Smit

LMGTFY : Find me on google Robert Smit

Part2 Ultimate Step to Remote Desktop Services HTML5 QuickStart Deployment #RDS #VDI #RDP #RDmi

Ready for Part 2 of the RDS setup. As I did already an step by Step Step by Step Server 2016 Remote Desktop Services QuickStart Deployment #RDS #VDI #RDP #RemoteApp https://robertsmit.wordpress.com/2015/06/23/step-by-step-server-2016-remote-desktop-services-quickstart-deployment-rds-vdi-rdp-remoteapp/

Then I did the Part 1 Ultimate Step to Remote Desktop Services HTML5 on Azure QuickStart Deployment #RDS #S2D #VDI #RDP #RDmi https://robertsmit.wordpress.com/2018/01/15/part1-ultimate-s…s2d-vdi-rdp-rdmi/

Where I decided I do a blog on how to build my perfect RDS environment and yes it always depends but some components are just there to use in Azure. I did cover all the basics but currently there are so many options that I thought it is time to build a new reference guide for RDS. Remember this is my opinion. The good or bad this works and yes you can combine all the roles en split them in use the GUI version and use the other product as well.

As Microsoft Ignite is behind us, and as expected the New RDmi (RDS modern infrastructure) is almost there (see Channel 9 https://channel9.msdn.com/Shows/OEMTV/OEMTV1760 ). Totally new design If you are using the Azure Components. But this is more like a RemoteApp replacement but what about on premise ? you can build some interesting configurations. The Hybrid model of the RDS farm with the Azure File Sync option. I see great possibility’s is some configurations. and usage of the HTML5 client. On your own build you can have those benefits also.

Building the RDS on Premise is not multi domain It all needs to be in one domain. But should you wait if you want RDS ? well then you could wait for ever as there is always new exiting technology around the corner.

Just start with RDS and learn and yes maybe next year your design is obsolete but it will still work. So for now I want to touch the Current RDS build as I see on my old blog post a lot of you are building RDS on premise but also in azure. To build to max scalable Solution you will need to separate all roles.

But in this case I want to use the option to build a feature reference for RDS and yes this can also be a RS3 or above release(that’s core anyway). I use core Server where I can and after the traffic manager there is no firewall but it would make sense that you use one of your choice. Do use NSG’s for the public networks and or IP’s ! https://robertsmit.wordpress.com/2017/09/11/step-by-step-azure-network-security-groups-nsg-security-center-azure-nsg-network/

The basic Remote Desktop Services with HTML5 I build is below. in Part 1

When you don’t have the right performance in your RDS host and you are running this in Azure like me you can always change the RDS host size. Currently I use all BxMs machines Good for making Blog posts and save some costs. and running this with minimal load it performs well.

We have the RDS farm in place and we added the HTML5 client – the Bits are for preview users only there for there is not a dive deep yet on the installation.

But the HTML5 client is the same as on the Remote desktop services modern infrastructure the only difference is that you are using your own RDS setup just the way you always did in server 2016 (see part1)

HTML5

Now that the RDS site is up and running, we can take a look at the new HTML5 client. Running this combined with the default RDS page makes it easy to test.

The usage is a bit different but I must say it is fast and instead of multiple windows open it all opens in just one tab with sub icons. in the browser.

As you can see a lot of sub icons in the bar but there is only one tab open. In this case there is more offloading to the RDS host. With using less local compute power.

So you can use less heavy clients and work faster & better

All the Explorers are combined to one single icon. (Everything is running in the back ground)

All the applications that started more than once are combined in the upper bar

So Connection is made on just the same method.

the web client is added to the RDS site and if you want to make this page default you can easy change this.

In the HTTP redirect use the webclient.

A nice option is that publishing the RDP client it opens also in the Tab and Checking the Memory usage.

It is less than expected, this is on the client. and still We have some applications open.

On the back ground (RDS server) you can see all the processes are there. And running the 32 bit Internet explorer eating memory.

Above the task manager of the RDS host the first is the HTML5 usage and the second is the default RDS usage.

below all the icons on the taskbar instead of one browser tab.

See the load on the local machine based on the above workload.

That is all for now In the next part I’ll show you more on deployment and the RD modern Infrastructure.

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Http://nl.linkedin.com/in/robertsmit

Google Me : https://www.google.nl

https://robertsmit.wordpress.com/2015/06/23/step-by-step-server-2016-remote-desktop-services-quickstart-deployment-rds-vdi-rdp-remoteapp/

Part1 Ultimate Step to Remote Desktop Services HTML5 on Azure QuickStart Deployment #RDS #S2D #VDI #RDP #RDmi

As I did already an step by Step Step by Step Server 2016 Remote Desktop Services QuickStart Deployment #RDS #VDI #RDP #RemoteApp

that’s Covering all the basics but currently there are so many options that I thought it is time to build a new reference guide for RDS. Remember this is my opinion. The good or bad this works and yes you can combine all the roles en split them in use the GUI version and use the other product as well.

I started this post a while ago and thinking about the best configuration but every time there is a little thing well maybe this isn’t the best. With that in mind I started to this blog post at least 6 times. And the best configuration is always “it depends” there are so many options and it is hard to say one size fits all it never is.

As Microsoft Ignite is just behind us, and as expected the New RDmi (RDS modern infrastructure) is almost there. Totally new design If you are using the Azure Components. But this is more like a RemoteApp replacement but what about on premise ? you can build some interesting configurations. The Hybrid model of the RDS farm with the Azure File Sync option. I see great possibility’s is some configurations. Building the RDS on Premise is not multi domain It all needs to be in one domain.

But should you wait if you want RDS ? well then you could wait for ever as there is always new exiting technology around the corner.

But if you can make use of the Azure Security Center and point the Webroles to the Azure Application Proxy.

As there is no default firewall I used a AAD application Proxy to access the Remote desktop Gateway website.

The Configuration is not that hard and well documented on the Microsoft Doc site : https://docs.microsoft.com/en-us/azure/active-directory/application-proxy-publish-remote-desktop

In this Blog Item I want to place the RDS basics to the next level, as everybody can install a next next finish installation, but this should be a next step. There is no need for slow performance with the right configuration.

I’m using Core only except for the Session hosts or on servers that its not handy. Separated the Web Roles ,Gateway & Connection Brokers and all is High available. And in front a Traffic manager that determine what Webserver is near you. But this is “only needed” if you use multiple regions or want to separate the traffic.. The Use Profile disk will be hosted with a 3 node Storage Space Direct Cluster As I think a 3th or even a 4th node will give you more benefit of the Storage and Uptime. But this is also a “depends” you can even use a Single file server (non redundant) in this case the UPD are redundant and say I want 3 TB disk space for the UPD. I did some performance testing and the results are below.

with the Premium disk we got a good amount of performance. As I’m using SMB3 storage I will also add a second nic to all my RDS hosts for the SMB3 storage. This will take some extra steps to get the right performance.

As you could also go for a single file server with a lot off disk, It saves money as there is only one server and onetime the disks, but there is no redundancy for the UPD. But in this case the backup is easier. If you can handle the downtime and make the UPD that way that it is less important. then this is a nice option.

If you build this in Azure you must be aware that even Azure is not AlwaysOn. Therefor we need to make sure the RDS site is always Up. And again this seems to be a lot of servers and maybe you don’t want all this and want to have only one frontend server and one RD Session host it is all up to you but I think the Holy Grail is between this and a Single server.

In this case I use Powershell for the deployment. And I deploy all VM’s from a template that way I know that All VM’s are the same in this configuration.

First I setup Traffic Manager this is an easy setup and based on performance. I deployed all the VM’s in azure with a Powershell script.

As all new machines are added to the server manager we can use the to add to the farm.

When adding the machines just do one gateway and one Connection broker. then configure the RD connection broker HA Database

For the Connection broker Database I use a Database as an Service in Azure.

Just create the Database and use the connection string in the RDS farm

On the Connection brokers you will need the Native SQL client.

https://docs.microsoft.com/en-us/sql/connect/odbc/download-odbc-driver-for-sql-server

https://www.microsoft.com/en-us/download/details.aspx?id=50402

Now that the Database is Connected we can add all the other servers and add the certificate.

The Used String looks like :

Driver={ODBC Driver 13 for SQL Server};Server=tcp:mvpserver.database.windows.net,1433;Database=rdsbd01;Uid=admin@mvpserver;Pwd={your_password_here};Encrypt=yes;TrustServerCertificate=no;Connection Timeout=30;

The SQL native client is required for the connection on all Connection brokers!

Now that the connection High available mode is configured we can add another connection broker

Now that the connection broker is redundant we start adding some web servers

First we are adding the Web role to the new core webservers.

Adding the Servers could take some time. Just as the Webserver we add extra connection brokers and Gateway servers. Same method.

Even if the servers don’t need a reboot I reboot them anyway just to make sure my config is working.

The Same we do with the Gateway role and the Connection broker. Now that all roles are added we can do some configuration.

As we already placed the RDS Database to a Azure we need to apply the Certificate to all the servers in the Farm (Web/gateway/RDCB)

In this Configuration I use a Azure load balancing option this is Free and easy to use. I will use 3 Azure Load balancing configurations in this.

Two internal and one Public. The public gets an external IP.

The important setting here is the Load balancer type Public or internal

Azure Load Balancer can be configured to:

Load balance incoming Internet traffic to virtual machines. This configuration is known as Internet-facing load balancing.
Load balance traffic between virtual machines in a virtual network, between virtual machines in cloud services, or between on-premises computers and virtual machines in a cross-premises virtual network. This configuration is known as internal load balancing.
Forward external traffic to a specific virtual machine.

All resources in the cloud need a public IP address to be reachable from the Internet. The cloud infrastructure in Azure uses non-routable IP addresses for its resources. Azure uses network address translation (NAT) with public IP addresses to communicate to the Internet.

Building the VM’s We keep them in the same availability set as described below.

Update Domains

For a given availability set, five non-user-configurable update domains are assigned by default (Resource Manager deployments can then be increased to provide up to 20 update domains) to indicate groups of virtual machines and underlying physical hardware that can be rebooted at the same time. When more than five virtual machines are configured within a single availability set, the sixth virtual machine is placed into the same update domain as the first virtual machine, the seventh in the same update domain as the second virtual machine, and so on.

Fault Domain

Fault domains define the group of virtual machines that share a common power source and network switch. By default, the virtual machines configured within your availability set are separated across up to three fault domains for Resource Manager deployments (two fault domains for Classic). While placing your virtual machines into an availability set does not protect your application from operating system or application-specific failures, it does limit the impact of potential physical hardware failures, network outages, or power interruptions.

When creating the availability groups we are using the Managed disks and we always can change the VM Size and or disk type. That is the flexible use of Azure.

If your VM(s) are deployed using the Resource Manager (ARM) deployment model and you need to change to a size which requires different hardware then you can resize VMs by first stopping your VM, selecting a new VM size and then restarting the VM. If the VM you wish to resize is part of an availability set, then you must stop all VMs in the availability set before changing the size of any VM in the availability set. The reason all VMs in the availability set must be stopped before performing the resize operation to a size that requires different hardware is that all running VMs in the availability set must be using the same physical hardware cluster. Therefore, if a change of physical hardware cluster is required to change the VM size then all VMs must be first stopped and then restarted one-by-one to a different physical hardware clusters.

As changing the disk type to premium we can also adjust the disk size to get more local IOPS. But the cost will get up !!

Simple and scalable VM deployment
Managed Disks handles storage for you behind the scenes. Previously, you had to create storage accounts to hold the disks (VHD files) for your Azure VMs. When scaling up, you had to make sure you created additional storage accounts so you didn’t exceed the IOPS limit for storage with any of your disks. With Managed Disks handling storage, you are no longer limited by the storage account limits (such as 20,000 IOPS / account). You also no longer have to copy your custom images (VHD files) to multiple storage accounts. You can manage them in a central location – one storage account per Azure region – and use them to create hundreds of VMs in a subscription.

Now that we have several RDS host deployed we can add them to the Farm.

Adding RDS host. Is just the seam as adding the Gateway servers or Connection brokers.

Now that the basics are installed We can do some configuring.

Building the UPD share you can use the blog post for Storage spaces with the SOFS : https://robertsmit.wordpress.com/2015/05/12/windows-server-2016-with-storage-spaces-direct-building-sofs-with-storage-spaces-direct-winserv-win2016-s2d-howtopics/

But keep in mind that there is no one size fits all. Calculate how big your storage must be and do not size the total on your top users but on average usage.

Azure VM sizing is also not just pick one, a lot off new sizes are there and pick the one that you need. High performance or memory optimized does not mean you can only use that VM for that role. checkout the specs and test your vm. I think the B Sizes are promising and cheap for a lot off roles.

Check this site for your Azure VM https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sizes

If you want a regular share then use the file server or just share a folder and use this in the RDS. but remember users are reading and writing to this share it will use bandwidth and IOPS on the disk.

Setting the File share can only be done once per RDS collection. As shown below. Create a collection and user your share for the User profile disk to land.

If you want to change the UPD size it can only be done in PowerShell . Also the file share Setting and changing the URL of the Gateway can only be done with powershell after the first config.

Set-RDSessionCollectionConfiguration -CollectionName Collection -MaxUserProfileDiskSizeGB 40

Now that everything is in place we launch the RDS webpage. As I modified the page. Just make a modified page and save it somewhere and after a new deployment Copy past it in the C:\Windows\Web\RDWeb.

So the page can be with or with out “ public computer”

Now that the Gateway ,Connection Broker and the RDS hosts are in place we can open the web frontend. As mentioned above I customized the page a bit. (save your modifications on a save place for the next deployment)

That’s all for part 1

In the next part I’m showing you a quick overview of the HTML5 client.

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Http://nl.linkedin.com/in/robertsmit

Google Me : https://www.google.nl

https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892

Check with Powershell for Meltdown and Spectre #exploit critical vulnerabilities Protection #Meltdown #Spectre #KB4056892

Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.

Edit:5-1-2018

Meltdown is Intel-only and takes advantage of a privilege escalation flaw allowing kernel memory access from user space, meaning any secret a computer is protecting (even in the kernel) is available to any user able to execute code on the system.

Spectre applies to Intel, ARM, and AMD processors and works by tricking processors into executing instructions they should not have been able to, granting access to sensitive information in other applications’ memory space.

Meltdown work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider’s infrastructure, it might be possible to steal data from other customers.

Microsoft is aware of a new publicly disclosed class of vulnerabilities referred to as “speculative execution side-channel attacks” that affects many modern processors and operating systems including Intel, AMD, and ARM. Note: this issue will affect other systems such as Android, Chrome, iOS, MacOS, so we advise customers to seek out guidance from those vendors.

Microsoft has released several updates to help mitigate these vulnerabilities. We have also taken action to secure our cloud services. See the following sections for more details.

Microsoft has not received any information to indicate that these vulnerabilities have been used to attack customers at this time. Microsoft continues to work closely with industry partners including chip makers, hardware OEMs, and app vendors to protect customers. To get all available protections, hardware/firmware and software updates are required. This includes microcode from device OEMs and in some cases updates to AV software as well.

The following sections will help you identify and mitigate client environments affected by the vulnerabilities identified in Microsoft Security Advisory ADV180002.

The Windows updates will also provide Internet Explorer and Edge mitigations. We will also continue to improve these mitigations against this class of vulnerabilities.

Customers who only install the Windows January 2018 security updates will not receive the benefit of all known protections against the vulnerabilities. In addition to installing the January security updates, a processor microcode, or firmware, update is required. This should be available through your device manufacturer. Surface customers will receive a microcode update via Windows update.

Install the powershell module from the Gallery.

Install-Module SpeculationControl

With Get-SpeculationControlSettings you can check your settings

As my system is not protected, but after all the fixes it should be like this below.

But you need to do more than just a software patch.

checking the BIOS of you machine with

get-wmiobject win32_bios

As there is no later Bios from my system, I’m out off luck. good moment to renew my test machine.

SO I need to patch my system, As I’m a windows insider I run several versions of windows. First check there was KB4056890 but this is already updated to KB4056892 make sure you get the latest version of the patch. you don’t want to patch and reboot the machine twice.

Get the hotfix http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4056890

The Updated version!

Get the hotfix http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4056892

In this case I installed the KB4056890 Update installation may stop at 99% and may show elevated CPU there is a fix for that read this :

https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892

You need a reboot for this fix.

Remember this is not just a Microsoft Windows thing if you are on Citrix,Xenserver,Amazon or VMWare You need to check your hardware.

https://blogs.vmware.com/security/2018/01/vmsa-2018-0002.html

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Http://nl.linkedin.com/in/robertsmit

Google Me : https://www.google.nl

https://robertsmit.wordpress.com/2016/01/05/using-windows-storage-spaces-direct-with-hyper-converged-in-microsoft-azure-with-windows-server-2016/

#Azure Storage Spaces direct #S2D Standard Storage vs Premium Storage

I see this often in the Forums Should I use Standard Storage or should I use Premium storage. Well it Depends Premium cost more that Standard but even that depends in the basic. Can a $ 4000 Azure Storage space configuration out perform a $ 1700 Premium configuration. this blog post is not on how to configure Storage spaces but more an overview on concepts, did I pick the right machine or did I build the right configuration well it all depends.

I love the HPC vm sizes https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sizes-hpc but also expensive.

So in these setups I did create a storage space direct configuration all almost basic. but Key is here pick the Right VM for the job.

Standard 6 node cluster 4 core 8GB memory total disks 96 Type S30 (1TB) RAW disk space 96TB and 32TB for the vDisk

Premium 3 node Cluster 2 core 16GB memory Total disks 9 Type P30 (1TB) RAW disk space 9TB and 3TB for the vDisk

Standard A8 (RDMA) 5 node cluster 8 core 56GB memory total disks 80 Type p20 (500GB) RAW disk space 40TB

So basically comparing both configs makes no sense Couse both configs are different. bigger machines vs little VM

and a lot less storage.

Standard Storage storage vs Premium

The performance of standard disks varies with the VM size to which the disk is attached, not to the size of the disk.

So the nodes have 16 disk each 16 * 500 IOPS and with a max bandwidth of 480 Mbps. that could be a issue as would I use the full GB network than I need atleast 125 MB/s

In the Premium it is all great building the same config as in the standard the cost would be $3300 vs $12000. If you have a solution and you need the specifications then this is the way to go.

Can I out perform the configuration with standard disks ? In an old blog post I did the performance test on a 5 node A8 machine and 16 premium storage P20- 500GB 40TB RAW and got a network throughput of 4.2Gbps

Measurements are different on different machines and basically there is no one size fits all it all depends on the workload or config or needs.

using the script from (by Mikael Nystrom, Microsoft MVP) on the basic disk not very impressive list high latency but that’s the Standard storage.

The premium Storage is way faster and constant. So when using Azure and you need an amount of load or VM’s there is so much choice if you pick a different machine the results can be better. when hitting the IOPS ceiling of the VM. Prepare some calculations when building your new solution. Test some configurations first before you go in production.

Azure is changing everyday today this may be the best solution but outdated tomorrow.

Below are some useful links on the Machine type and storage type.

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/acu

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/standard-storage

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sizes-memory#ds-series

Thanks for reading my blog. Did you check my other blog post about Azure File Sync : https://robertsmit.wordpress.com/2017/09/28/step-by-step-azure-file-sync-on-premises-file-servers-to-azure-files-storage-sync-service-afs-cloud-msignite/

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Http://nl.linkedin.com/in/robertsmit

Google Me : https://www.google.nl

https://robertsmit.wordpress.com/2016/02/12/azure-server-management-tools-offers-a-set-of-web-gui-tools-to-manage-azurestack-servers-rsmt-asmt/

#ProjectHonolulu the new future of Windows Server GUI management #servermgmt #SMT #winserv

As Azure Server management tools discontinued the SMT preview service in Azure on June 30, 2017 and we where stuck to Windows Server management such as Remote Desktop, Server Manager, Remote Server Administration Tools (RSAT), and other MMC-based management tools. See my old blog post about this : https://robertsmit.wordpress.com/2016/02/12/azure-server-management-tools-offers-a-set-of-web-gui-tools-to-manage-azurestack-servers-rsmt-asmt/

But Microsoft created a fresh new tool to manage all our servers, Project “Honolulu” is the next step in our journey to deliver on our vision for Windows Server graphical management experiences.

Looking at the interface it is great, real-time graphs, single point of management. Loading of some components can take some time(Seconds). But it runs not in the IE 11 version. So if you run this on a management server you will need Google chrome . I had the chance to work with Microsoft during the last couple of months in the Alpha versions. there is a lot of improvement done. There are some options disappeared in the Project ‘Honolulu’ (Technical Preview) and there is a huge whish list and probably when you test the tool you think he this would be nice also. Then go to the Uservoice page and create or vote for your item. There are a lot of items in UserVoice with some of the more popular requests from Private Preview so vote for you item and make Project “Honolulu” a piece of your self https://aka.ms/HonoluluFeedback

Below is a overview of the standard tool set that Project “Honolulu” is offering.

And there is also a light foot print on memory

So what does it take to run this a huge server ? no just a quick install and you are ready to go. it runs with a self signed certificate if you don’t have a public one.

As you can see the Installation is quick and simple easy to setup. Just pick a port number for the website and a Certificate. If you doesn’t have one there will be a self signed cert created. It does say 60 Days and you can look this up in the local computer Certificate store

After the Installation you can open the icon or open a Chrome session to server name and the port number. eh wait what was the port number again ?

The port number is stored in the register

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerManagementGateway]
"SmePort"="51358"
"UseHttps"="1"

Opening the Wrong Browser :

After starting Honolulu in the right browser there is a quick tour. But as always who does this. just skip the tour brave IT person.

In case the tool hangs or is not responding just restart the service.

So after opening we all want to see the nice dashboards and overview. Well you need to add the machines first and that is a lot of work.

No AD select all all typing and fill in the Credentials Luckily there is also a Import.

And the best part is it is just a Text file TXT fill in the names comma or line separated and you are good to go.

Wait for the credentials as you are doing this with the last server and check the box us this for all servers.

Configure-SMremoting.exe -enable

Running this on Server 2012R2 you will need WMF 5 or Windows Management Framework 5.1 Preview

Windows Management Framework 5.1 includes updates to Windows PowerShell, Windows PowerShell Desired State Configuration (DSC), Windows Remote Management (WinRM), Windows Management Instrumentation (WMI). Release notes: https://msdn.microsoft.com/en-us/powershell/wmf/5.1/release-notes

https://www.microsoft.com/en-us/download/details.aspx?id=53347

But running a Quick Cluster in Azure does not bring me the nice dashboard yet.

Well In a few days I have this in an environment where the dashboards are showing but for now I used the screenshot from Msignite

There are two sessions on ignite about Honolulu

Don’t forget your Feedback on Uservoice https://aka.ms/HonoluluFeedback

More info : https://blogs.technet.microsoft.com/servermanagement/2017/09/21/video-series-an-inside-look-at-project-honolulu/

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Http://nl.linkedin.com/in/robertsmit

Google Me : https://www.google.nl

https://technet.microsoft.com/en-us/windows-server-docs/compute/remote-desktop-services/rds-storage-spaces-direct-deployment

Xenapp Essentials the replacement of Azure Remote App ? or #NoGo #ARA #Citrix #CXE #Cloud #RemoteApp

Well it is here it took some time but now you can start testing with the Xenapp Essentials. Is it any good and Can I use it for production. Well I was a little disappointed I was charged upfront and the VM image I used was not usable because the Xenapp Essentials can’t handle Azure managed disks, As azure is pushing use managed disk. is Citrix Xenapp Essentials not capable of using managed disk. therefore I had to rebuild a new Image. The look and feel is the same as in Azure RemoteApp the nice thing is you can change sizing and scaling and to save money a time schedule. But for testing in a MSDN subscription I hate the upfront billing and Citrix did not tell this.

But why not build a RDS farm in Azure ? will show this in a the post below and using a Profile Cluster in Azure is also supported.

For those who are unfamiliar with Azure Remote App check my blog post below.

https://robertsmit.wordpress.com/2014/06/20/microsoft-azure-hybrid-deployment-of-remoteapp-step-by-step-azure-microsoft-remoteapp-mvpbuzz-rds-hrdaas/

In this part I show you how to set things up. there are multiple ways and each has is own choices. Citrix is delivering a default Image and this is a Windows 2012 Image, well I’m not going for a default image but a custom. this need some work. This will be a log blog post and tons of pictures in it, As I tried to do step by step but some items you just need to know in Azure. Else it is gonna be a real long blog. But If you need more info on any item just ping me.

Well first I thought lets do this and writ a quick blog on hoe great this is. The amount off steps it took to get thing running is more than I expected. but it is not a bad thing. But be prepared it takes time!

The interesting part is should I use the Same Image or is there an easy migration path. Well it all depends as most things in IT.

The Deployment Xenapp Essentials workflow in just 7 tiles you are done. but some tiles takes several other little steps.

localized image

Do you want to stay on Windows server 2012R2 ? Well I don’t think so but there are good reasons to migrate as is but will this work. As this blog post is just on how to setup the Citrix Xenapp Essentials, the next post would be this integration and migration

As the Citrix Xenapp Essentials is in the Azure market place we also need a Citrix Account.

You can easily create a new Citrix Cloud by going to the following site: https://onboarding.cloud.com

there are a couple of questions and then you are ready to use the account.

In case you have an issue with your account just open a support ticket and the Citrix Support will fix your issue quickly.

So In the Azure portal you can add the Citrix to the menu and go from there.

You can only manage from here and not add any this, so go to the Azure Marketplace (click NEW or +) do a Citrix search.

Select the Citrix XenApp Essentials

Do Create. and pick a name for the resource and use or create a resource group.

Give it a name and create or use an existing Resource Group.

As things are default you can change it and read the Text. Default it creates 25 users Cost Estimate : $456.25 per month

Well for my demo I don’t need 25 users In need just 1.

Oh the minimum usage is 25 Ok then I need 25 users.

Pricing

$12.00 per user per month for XenApp Essentials Service, including Citrix NetScaler Gateway Service for secure access and 1 GB data transfer per user per month.

Users added today will be charged at the a prorated rate of $11.60 for the remainder of the current month. This amount will be charged immediately.

$6.25 per user per month for Microsoft Remote Access fee to use XenApp Essentials Service without purchasing a separate RDS CAL for this workload. Contact your Microsoft representative to bring your own RDS CAL.

Users added today will be charged at the a prorated rate of $6.04 for the remainder of the current month. This amount will be charged immediately.

You can purchase additional 25 GB Data Transfer Add-on. The cost is $12.00 per add-on per month

When you add users and data transfer add-on to the service, the new charges apply immediately. You can change the number of users and data transfer add-on each month. Your subscription renews automatically at the end of each month unless canceled.

Well the deployment took 6 seconds. that is the Place holder and not the VM’s self An order may take up to 4 hours to provision your service.

Shown from the Azure Portal

Visit Citrix Cloud to simplify the provisioning, on-going management and monitoring of Windows apps hosted on Azure. Here in the Azure portal, purchase additional seats and data transfer add-ons on-demand to meet the needs of a dynamic workforce.

Manage through Citrix Cloud

An order may take up to 4 hours to provision your service, and you will receive an email from the Citrix Cloud when your service is ready. If you do not receive an email within this time, please contact Citrix Support

Log into the XA Essentials Portal https://essentials.apps.cloud.com/

If you need more users you can add them in Azure.

Log into the XA Essentials Portal https://essentials.apps.cloud.com/

An order may take up to 4 hours to provision your service, and you will receive an email from the Citrix Cloud when your service is ready. If you do not receive an email within this time, please contact Citrix Support

In almost 4 hours I got the email

Your Citrix product has been shipped via electronic delivery on April 01, 2017, to the email specified on your
purchase order.
Your Citrix order is completely fulfilled. All items on your purchase order have been shipped to the requested
address.

Depending on your other Citrix product you choose the Xenapp Service.

There are 3 steps needed Linking the Subscription and upload a master Image and last create your catalog.

The Microsoft login dialog box us prompting for credentials . You mus use an account that has admin privileges to your Azure Subscription.

Remember : If your user account is not working. the Account MUST be an Azure AD Account.

Next step is creating the XA Essentials Catalog. In these steps the Image will be mounted ,AD connections ,Network,Applications.

A important step with full of options. To setup XA Essentials you need:

Azure Subscription
Resource Group’s for Cloud connector,Images,etc but you can also use just one Resource Group
Domain Controller with Active Directory Domain Services and DNS
Virtual Network configured for domain usage
A Subnet with free IP addresses

Click Create Catalog.

Select the Network and the Resource group

As I need some extra resources for creating Image I’ll use Extra Storage accounts

Image Requirements

Use the following requirements to create a custom image:

Create the image by using Azure Resource Manager.
Configure the image to use standard (not premium) storage.
Select Windows Server 2012 R2 or later.
Install and configure your apps
Install the Server OS VDA. You can download the VDA by using the Downloads link on the navigation bar.
Shut down the virtual machine and note the VHD location. Do not Sysprep the image.

And DON’T use Managed Storage accounts for a Custom Image in Xenapp Essentials Can’t use this in the Citrix Images #Fail.

and a good thing there is a brake on my Azure credits. Not for the blog. Seems Citrix is charging upfront. another Failure #Fail but this is only on my MSDN subscription. at this point I can’t finish my blog post #GRRRRR

So but the nice thing are picking my machine type like an G5 just for fun or needed.

Using a default VM as a D2 and for a default of 25 users. Think again and see your Perf resources right now. the cost will be at least the double for 25 users.

Scale settings For my Current Costumers we had a custom script in place for Automatic Scaling of Remote Desktop Session Hosts in Azure Virtual Machines

https://gallery.technet.microsoft.com/scriptcenter/Automatic-Scaling-of-9b4f5e76/view/Discussions

but in Citrix it is all there Currently it is maximized to 200 users but If I build more collections I can scale up even in the test environment

yes there are flaws in it but it is a replacement for ARA. second building this could take up some time but as you already paid for a month that renewing every month!

the pricing is as described on the citrix site

Requires 25 user minimum. Includes NetScaler Gateway Service with 1 GB Data transfer per user per month. Additional NetScaler Gateway Service 25 GB Data transfer Add-on available for $12 per pack per month
Available from Azure Marketplace when purchasing XenApp Essentials. Please consult your Microsoft representative to bring your own RDS CAL.

So there are now a couple options build a RDS farm in Azure good for large Company’s or who are in need of more flexibility or using Citrix XenApp essentials and will microsoft come with an replacement for Azure remote App, when checking my blog post I see a huge hit on Azure RDS. the Citrix solution isn’t that cheap and has a minimum of 25 users. but building it you self it could be done on 1 server but the price will be more than $486 but who wants to run >2 users on a D2. when using SaaS applications or other Webbase stuff the 3 Gb memory and 14% or more CPU usage is not uncommon

Cheap No use full yes and an Azure Remote App Replacement yes Perfect absolutely NOT

In my next post I will do a dive deep into some configuration issues. see this like Azure RDS vs CXE.

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Http://nl.linkedin.com/in/robertsmit

Google Me : https://www.google.nl

https://msdn.microsoft.com/en-us/library/aa383811(v=vs.85).aspx

Windows Server 2016 Setting port priority Adjusting the Network #Protocol Bindings multiple networks #winserv

When building complex network configurations with Server 2016 you will need to adjust sometimes configuration settings that are not that easily to change in the GUI.

Suppose I have a big S2D cluster Or a NLB farm

In this configuration I have a Cluster that is using Storage spaces direct #S2D but On the SMB nic I don’t want to connect with RDP

Or in the NLB farm I want to use a NLB nic that is used for RDP.

with the Get-NetIPInterface we get a listing of the networks

Get-NetAdapter shows us the name and nic name

Our net step is list the current configuration and his settings for the Ports, in this case RDP

# list current settings
gwmi Win32_TSNetworkAdapterSetting -filter "TerminalName=’RDP-Tcp’" -namespace "root/cimv2/TerminalServices" | Select NetworkAdapterLanaID,NetworkAdapterName

ID 0 which is "All network adapters configured with this protocol"

More info about Win32_TSNetworkAdapterSetting can be found here :

when we combine this in a variable to get some more info

#show netadapter bindings for RDS

$MVPRDP = gwmi Win32_TSNetworkAdapterSetting -filter "TerminalName=’RDP-Tcp’" -namespace "root/cimv2/TerminalServices"

$MVPRDP | select -expand DeviceIDList

As this is the network name it is not that handy use this with the get-netadapter
$MVPRDP | select -expand NetworkAdapterList

Now we know what to set on which adapter

# ID 0 which is "All network adapters configured with this protocol". 0,1,2,3

SO ID 0 is all and start counting with 1 as I want RDP only on my MGT lan I set this on Adapter 2

$MVPRDP.SetNetworkAdapterLanaID(2)

gwmi Win32_TSNetworkAdapterSetting -filter "TerminalName=’RDP-Tcp’" -namespace "root/cimv2/TerminalServices" | Select NetworkAdapterLanaID,NetworkAdapterName

now a little reboot and just to make sure there are no old connections and your done.

Or use a register key to set this option but what fun is that.

set HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\Winstations\RDP-tcp\LanAdapter

Flickr Tags: NLB,RDP,TCP,Regedit,Server 2016,win32

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Http://nl.linkedin.com/in/robertsmit

Google Me : https://www.google.nl

Windows Server 2016 With Hyper-v Yellow exclamation on Microsoft Virtual Machine Bus #winserv #HyperV #Windows

Don’t you love it when you are running Hyper-v and you can adjust the VM en reboot your cluster and everything is redundant.

Well except the VM after a reboot of the VM it has a Yellow exclamation on Microsoft Virtual Machine

So it seems the VM integration services is not there at all. and the Update-VMVersion VMNAME –Force is not helping

So this seems like an old issue but it isn’t tried to delete the network keys in the register and no results. BUT DON’T DO that !!

All my VM’s are running the latest patches could this be the issue ? recently there is KB3216755 which has some issues with DeDupe https://support.microsoft.com/en-us/help/4011347/windows-10-update-kb3216755

Placed a snapshot back from before the updates and guess what Same issue eh.. so it is not the VM ? can it be the Hyper-v Server it self ? Patched this server before the VM’s a few days ago.

Ok my hyper-v server is not sleeping Winking smile

But checking the problem VM’s I see something unusual why is the VM sitting on his default memory. I use Dynamic memory and the startup memory is 512 MB yes it is low but still ?

Odd why <> well there is no network so basically the VM does nothing

changed it and this was working on 1 VM so still no solution.

the one that worked is delete the Network Adapter in the VM settings, Boot the VM <>shutdown.

Add the Nic’s and boot the VM and you are ready to go.

Well you need to reconfig the network adapter again. but that are just a few Powershell Lines.

Hope this helps you solving your issue

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Http://nl.linkedin.com/in/robertsmit

Google Me : https://www.google.nl

Building a Windows Server 2016 Domain Controller #winserv #Hybrid #cloud #Azure #powershell

Building a Domain Controller is not that Difficult but what about building this with Powershell and use the 2016 Bits.

Well lets take a peek at the Technet site https://technet.microsoft.com/en-us/library/hh974720(v=wps.630).aspx nothing about 2016.

-DomainMode<DomainMode>

Specifies the domain functional level of the first domain in the creation of a new forest. Supported values for this parameter can be either a valid integer or a corresponding enumerated string value. For example, to set the domain mode level to Windows Server 2008 R2, you can specify either a value of 4 or Win2008R2. So

The following are the supported values:
     — Windows Server 2003: 2 or Win2003
     — Windows Server 2008: 3 or Win2008
     — Windows Server 2008 R2: 4 or Win2008R2
     — Windows Server 2012: 5 or Win2012
     — Windows Server 2012 R2: 6 or Win2012R2

Well it makes sense that the Next line would be — Windows Server 2016: 7 or Win2016

Le me try that in Azure.

First I deploy the windows feature Active Directory

Install-windowsfeature AD-domain-services -IncludeAllSubFeature –IncludeManagementTools

The next step would be Deploy Active Directory and at the end you will be asked for a recovery password.

Install-ADDSForest `
-CreateDnsDelegation:$false `
-DatabasePath "C:\Windows\NTDS" `
-DomainMode "7" `
-DomainName "mvpdemo01.local" `
-DomainNetbiosName "mvpdemo01" `
-ForestMode "7" `
-InstallDns:$true `
-LogPath "C:\Windows\NTDS" `
-NoRebootOnCompletion:$false `
-SysvolPath "C:\Windows\SYSVOL" `
-Force:$true

I did a Force:$true So a reboot is following so no time for a screenshot and wait for things.!

But After the reboot you will have a DC

and Joining a DC Member : Add-WindowsFeature AD-Domain-Services

Install-windowsfeature AD-domain-services -IncludeAllSubFeature –IncludeManagementTools

Add-WindowsFeature AD-Domain-Services `
-CreateDnsDelegation:$false `
-DatabasePath "C:\Windows\NTDS" `
-DomainMode "7" `
-DomainName "mvpdemo01.local" `
-DomainNetbiosName "mvpdemo01" `
-ForestMode "7" `
-InstallDns:$true `
-LogPath "C:\Windows\NTDS" `
-NoGlobalCatalog:$false `
-NoRebootOnCompletion:$false `
-SysvolPath "C:\Windows\SYSVOL" `
-Force:$true

Joining a Member server

I created a noob account that is only allowed to join a server to the domain

Write-Host "Hostname / Node Names" -ForegroundColor yellow
$domain = "mvpdemo01.local"
$password = "Password01" | ConvertTo-SecureString -asPlainText -Force
$username = "$domain\noob"
$credential = New-Object System.Management.Automation.PSCredential($username,$password)
Add-Computer -DomainName $domain -Credential $credential
restart-computer -force

See how easy things can be.

Flickr Tags: Windows Server 2016,CloudOS

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Http://nl.linkedin.com/in/robertsmit

Google Me : https://www.google.nl

Upgrading Hyper-v Server 2012R2 to Server 2016 now what ? #hyperv #winserv #RollingOS

So you have done a rolling Upgrade – see Cluster operating system rolling upgrade To all your Hyper-V servers but other than a different logon screen you see no difference. Where are all the options ? Well you will need to do some extra steps. To get the full Hyper-v 2016 Server.

Illustration showing the three stages of a cluster OS rolling upgrade: all nodes Windows Server 2012 R2, mixed-OS mode, and all nodes Windows Server 2016

All the VM options are the Same Did I miss something or is there another configuration option as I created a new VM it has all the new options.

Do I need to recreate all the VM’s ?, where is the hidden option to change this ? a while a go I created a blog post on

Windows Server 2016 with Hyper-v Upgrading Configurations —Windows Server 2016 with Hyper-v Integrations tools & configuration versions

Well this was still on a TP version so the numbers has changed but not the methods. But there is no gui option in the Hyper-v Server that can flip the bit to the new Configuration version. It is done only by Powershell. with that Let us see how this is changed.

Old VM settings vs the New VM Settings.

Do I need to recreate all the VM ? NO are you nuts. this would be odd. Lets dive in a little bit deeper.

In the Hyper-v Manager you can see the configuration and generation version in the 2012R2 this is version 5.0

In windows server 2016 the Hyper-v configuration version is now 8.0

With the get-VM we can see the Configuration version of the VM

Get-VM | ft Name, IntegrationServicesVersion,version

as you can see I have a version 5.0 and a 8.0 just as in the screen shots above.

Now changing this is a ONEWAY thing and If you have an OLD none 2016 version in your Cluster then the VM would fail if it runs on this node. Version 8.0 runs only on Hyper-V 2016 !

To list all the Supported Configurations On this Server we can do a “ Get-VMHostSupportedVersion “

So there are Currently seven different versions. With all the options why should I care setting this.

Well there are a couple of reasons why you should set this option. Make the latest Hyper-V features available on your virtual machines by upgrading the configuration version. Don’t do this until:

You upgrade your Hyper-V hosts to the latest version of Windows or Windows Server.
You upgrade the cluster functional level.
You’re sure that you won’t need to move the virtual machine back to a Hyper-V host that runs a previous version of Windows or Windows Server.

And you you replicate from a Hyper-v 2016 Server to a Hyper-v 2012 Server for DR then make sure you don’t run in a higher version than 5.0

When you move or import a virtual machine to a computer that runs Hyper-V on Windows Server 2016 or Windows 10, the virtual machine’s configuration isn’t automatically updated. This means that you can move the virtual machine back to a Hyper-V host that runs a previous version of Windows or Windows Server. But, this also means that you can’t use some of the new virtual machine features until you manually update the configuration version. You can’t downgrade the virtual machine configuration version after you’ve upgraded it.

The virtual machine configuration version represents the compatibility of the virtual machine’s configuration, saved state, and snapshot files with the version of Hyper-V. When you update the configuration version, you change the file structure that is used to store the virtual machines configuration and the checkpoint files. You also update the configuration version to the latest version supported by that Hyper-V host. Upgraded virtual machines use a new configuration file format, which is designed to increase the efficiency of reading and writing virtual machine configuration data. The upgrade also reduces the potential for data corruption in the event of a storage failure

Building a VM based on Windows 2012R2 configuration You should use this PowerShell command as you could see the 8.0 Configuration is default.

New-VM -Name “DemoVM17” -Version 5.0

When listing the VM Configurations you can see the difference. and easily see the 5.0 Version VM’s config.XML

Virtual machine configuration information that is stored in binary file format. File name extension: .vmcx

But what if I want to upgrade the VM’s ? yes you can but only to the default level and PowerShell Only

Update-VMVersion “VM Name”

as you can see the DemoVm06 is already at the max level but when updating the DemoVM01 which has Version 5.0 it will be upgraded to Version 8.0 and the Config file will be transferred this can’t be undone!

Virtual machine configuration information that is stored in binary file format. File name extension: .vmcx

you can automate this and do all upgrades in onetime or have a pick list to do this. But the VM needs to be OFF no running VM can be upgraded.

TO upgrade all VM’s Update-VMVersion * -force

Or pick the VM by yourself with a before and after version.

#Select a VM to upgrade
$vm2016= (Get-VM | select Name, Status, version | Out-GridView -Title "Select VM for update the configuration version" -PassThru).Name
#list VM configuration Version
Get-VM $vm2016 | ft Name, IntegrationServicesVersion,version
#Convert the Config TO the default Configuration
Update-VMVersion $vm2016 -Force -Verbose
#list VM configuration Version
Get-VM $vm2016 | ft Name, IntegrationServicesVersion,version

Flickr Tags: Windows Server 2016,CloudOS

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Http://nl.linkedin.com/in/robertsmit

Google Me : https://www.google.nl