Archive for the ‘Windows Server 2012 R2’ Tag

How to setup Azure VPN for Site-to-Site Cross-Premises or Create a Virtual Network for Point-to-Site #VPN #Azure #winserv   5 comments

There are a lot of real good Blog post on how to create Azure Site to Site. And as the Vnext Windows Server is more and more connecting to the Cloud. I’ll show you how to create a S2S & P2P VPN setup. And The VPN option will get you to a real hybrid Network and This could be awesome. keep reading my blog posts. The Next blog post will be more about Hybrid Configurations.


So what do we need for a hybrid Environment Well I’ll setup a poor men’s version, that means One Hyper-v server home Router and an Azure Subscription.

First We setup a windows Server No special needs for this 4GB memory and 1 Disk but with two network cards. ( this is a VM )

So one NIC is on my corp network and the other NIC is connected to the friendly Internet.

When you have the server installed you only need to install RRAS Role Service and no direct configuration needed.

So by GUI or with Powershell   add-WindowsFeature DirectAccess-VPN,Routing


That is all what needed and you will need to create two NAT rules on your router ( however NAT is not supported )


But this all depends on you network configuration. 

The next step is Azure .

As I do net have a Network in azure I create a network that I will use for my VM’s that I will build after the network configuration, But I you already have a network in azure you can use that network.



But what Do I need Well It does not mater the Quick is configurable after creating the network. And the Custom is more Wizard driven.

For the screenshots I’ll pick Custom.

image The First step is pick a network name, No Change can me made afterwards ( well not easily )



Next step is Setting Checkboxes and DNS. I use an on premise DNS server but If you run a DNS in Azure You can use this server.


If you have already a network then you can pick the DNS servers from the list and pick also a local network.

I this case everything is New So give the DNS server a name and IP this is my local DNS server and I use a Internet DNS server. Just because this is an Easy IP address.

And I selected the Configure a point-to-site VPN and Configure a site-to-site VPN and on the Local Network I choose a new local network.



Now that the Diagram is filled we do some configuration, As my local network is a 10 network and I like to not have this in the same range in this Scenario.


So I pick a For my point-to-site VPN.

The next step is more Complicated, We need to pick a Local-Network name and We need to find the External IP on you network.



To find My external IP I use Bing just ask “ what is my IP “



The Next step is create a Address space for this network.




You have to check the Add Gateway Subnet this is uses for the Site-to-Site VPN

see Virtual Network Address Spaces page in About Configuring a Virtual Network using the Management Portal.


image image

Check the Box and you can see it is creating the network configuration but not the Gateway this is done in the next step.



After the Network Creation is Done We add the Gateway Configuration / Creation



This will take about 30 minutes to create ( and Will cost you about 12 euro a month )

While this is creating we will configure the P2P VPN.


One way to create an X.509 certificate is by using the Certificate Creation Tool (makecert.exe). To use makecert, download and install Microsoft Visual Studio Express 2013 for Windows Desktop, which is free of charge.

In this case I’ll use make cert.

Generate a self-signed root certificate the name can be your name or what you like.

makecert -sky exchange -r -n "CN=BlogRootCert" -pe -a sha1 -len 2048 -ss My "BlogRootCert.cer"

Generate a client certificate

makecert.exe -n "CN=BlogClientCert1" -pe -sky exchange -m 96 -ss My -in "BlogRootCert" -is my -a sha1


All certificates are stored in your Personal certificate store on your computer. Check certmgr to verify. You can generate as many client certificates as needed based on this procedure. Recommend is that you create unique client certificates for each computer that you want to connect to the virtual network.

A client certificate must be installed on each computer that you want to connect to the virtual network. This means you will probably create multiple client certificates and then need to export them. To export the client certificates, use certmgr.msc. Right click on the client certificate that you want to export, click all tasks, and then click export.


Export the client certificate with the private key. This will be a .pfx file. Make sure to record or remember the password (key) that you set for this certificate.


Copy the .pfx file to the client computer. On the client computer, double-click the .pfx file in order to install it. Enter the password when requested. Do not modify the installation location.

But the ROOTCERT is needed in Azure and we need to import this. When the Gateway is ready you can see in the Clients that it needs a certificate



Uploading the Certificate is the Certificate that we just Created

makecert -sky exchange -r -n "CN=BlogRootCert" -pe -a sha1 -len 2048 -ss My "BlogRootCert.cer"



Now that all the Azure Configuration is Done We configure the RRAS server as you can see in the overview the Gateway and P2P VPN is not Connected.



On the right there is a little list with some Download links


First we download the RRAS Configurations Script   Download VPN Device Script

Just make sure You select the Windows Server 2012 R2 as we are using this for the gateway.


When running this script in the RRAS server there is a Common Error the RRAS service is restarted so therefor it can not connect just run the connect line again and it will work.

However this is a CFG script you can rename this to PS1 Or Run this in Powershell ISE like I did.



# Dial-in to Azure gateway
Connect-VpnS2SInterface -Name



The Site To –Site VPN is now connected

For the Client You will use the Download the 64-bit Client VPN Package



Keep in mind Windows Does not trust an Downloaded EXE file so before you can install this it needs to unblock 



Now that the File is unblocked we can install the VPN this is a real quick install and no screens to view but in the network You can see a new network, in this case BlogHybrid.

For connecting just click the network and connect.


image  image

Now I’m Connected.


As you can see I’m connected With point-to-site VPN and a site-to-site VPN.


With a site-to-site VPN I can use Windows Azure Servers connecting To my local Domain.

With point-to-site VPN I can Connect With a Windows Azure VM on the Internal IP without using the IP.

And you can also connect Azure to Azure VPN between Subscriptions

This Will be the basic’s for my next Blog post Azure is very useful for easy testing an getting a heavy machine for your workload even for one day.


Happy clustering

Robert Smit


Technorati Tags: Windows Azure,Azure File service,Windows,Server,Clustermvp,Blob,cloud witness

What is change in Windows Server 2016 (10) cluster – Setting Cluster Common Properties #winserv   5 comments

In the new Windows Server 2016 ( Windows Server Technical Preview )there are a lot of new features an not all are clear what they are doing.

I call it here Windows server 2016 there is currently no indication that the server 10 will be named 2016 but as the product will come in 2015 it will make sense that it will be called Windows server 2015.

I made a Quick compare from the old cluster Windows Server 2012R2 to the new Windows server 2016

In the GUI there is not much change the only part that is real changed is the Enclosure part. ( See my other blog about this )

image  image

But what is change is underwater. when we do a Get-cluster | fl *  We get a list of all the cluster property’s that can be set.


Check this MSDN site for more info about Cluster Common Properties


There are a lot of new options but one option is gone RootMemoryReserved is not longer available.

cluster environment variable RootMemoryReserved was introduced to ensure that clustered VM hosts have a minimum amount of physical memory reserve for the host.

The RootMemoryReserved is by default set at 512 MB. This should be sufficient for the host VM that is not performing any operation other than manage the VMs.

As above windows10 is my cluster name and must be used in the PowerShell command

(get-cluster windows10).RootMemoryReserved

To change the RootMemoryReserved, the desired reserved memory size is assigned to the PowerShell cmdlet above. Use the following PowerShell cmdlet to set RootMemoryReserved to 1024 MB:

(get-cluster <cluster name>).RootMemoryReserved=1024

So it is no longer there.!

But now what is new.

When we do a Get-cluster | fl *

It will give us a long list but I filtered out and here are only the new parts that is only available in Windows Server 2015

ClusSvcRegroupStageTimeout        5
ClusSvcRegroupTickInMilliseconds        300
ClusterFunctionalLevel        9
ResiliencyDefaultPeriod        0
QuarantineDuration        0
ResiliencyLevel        Default
ClusterGroupWaitDelay        120
QuorumArbitrationTimeMax        20
RequestReplyTimeout        60
DumpPolicy        69913

When we need to change these options that can be done with (get-cluster).ClusterFunctionalLevel=9

(get-cluster).< with the name> = Value

As I noticed there are options from 2008 back and all have to do with latency so a logical conclusion would be will the cluster go to Azure or is there something coming that we need the values to get a better cluster. and all

Let us review these Commands



These options where there in 2008 but removed in 2012 and now they are back.

Controls the amount of time, in seconds, that a node waits on other nodes in a membership stage before deciding that they have failed.

Controls the interval of time, in milliseconds, that the membership algorithm waits between issuances of periodic membership messages.


Upgrading a Hyper-V or Scale-Out File Server cluster from Windows Server 2012 R2 to Windows Server Technical Preview no longer requires downtime. The cluster will continue to function at a Windows Server 2012 R2 level until all of the nodes in the cluster are running Windows Server Technical Preview. The cluster functional level is upgraded to Windows Server Technical Preview by using the Windows PowerShell cmdlt Update-ClusterFunctionalLevel.


The default resiliency period for the cluster, in seconds


Specifies the amount of time groups will wait for their default or preferred owner node to come up during cluster cold start, before the groups are moved to another node.


Specifies the maximum number of seconds a node is allowed to spend arbitrating for the quorum resource in a cluster.


Describes the length of time a request from a node with a cluster state update will wait for replies from the other healthy nodes before the request times out. Any nodes that do not reply within the request time out period will be removed from active membership in the cluster. The following table summarizes the attributes of the RequestReplyTimeout property.


Queries that can be used to export resource type specific logs.


There a fresh new options and currently not well documented or <NDA> but I’m sure when the server product is right a lot more new features will be made public.

When the next release of Windows Server will be available I’ll discuss the DASMode properties in a future blog

Happy clustering

Robert Smit


Azure File share usage for Windows Server 2012R2 and Cluster Quorum usage #Azure #winserv #cloud   2 comments

The file share option in azure can be used for several configurations. Say you want a azure share on your desktop or build a DFS in azure and use this in your private cloud. or build a file share witness for your cluster, and in the Windows Server technical preview there is the Cloud witness. But this can be done in windows server 2008 also.  there is no change but only the method on how to do this and maybe the cluster Support.

Azure Files is built on the same technology as the Blob, Table, and Queue Services, which means Azure Files is able to leverage the existing availability, durability, scalability, and geo redundancy that is built into our platform.





The File share can be used for several Scenarios

  • “Lift and Shift” applications

Azure Files makes it easier to “lift and shift” applications to the cloud that use on-premise file shares to share data between parts of the application. To make this happen, each VM connects to the file share (see “Getting Started” below) and then it can read and write files just like it would against an on-premise file share.

  • Shared Application Settings

A common pattern for distributed applications is to have configuration files in a centralized location where they can be accessed from many different virtual machines. Such configuration files can now be stored in an Azure File share, and read by all application instances. These settings can also be managed via the REST interface, which allows worldwide access to the configuration files.

  • Diagnostic Share

An Azure File share can also be used to save diagnostic files like logs, metrics, and crash dumps. Having these available through both the SMB and REST interface allows applications to build or leverage a variety of analysis tools for processing and analyzing the diagnostic data.

  • Dev/Test/Debug

When developers or administrators are working on virtual machines in the cloud, they often need a set of tools or utilities. Installing and distributing these utilities on each virtual machine where they are needed can be a time consuming exercise. With Azure Files, a developer or administrator can store their favorite tools on a file share, which can be easily connected to from any virtual machine.


Again this is just a preview Just be sure to understand the limitations of Azure Files the most important are:

  • 5TB per share
  • Max file size 1TB
  • Up to 1000 IOPS (of size 8KB) per share
  • Up to 60MB/s per share of data transfer for large IOs
  • SMB 2.1 support only


Here are the Links to the How to create a azure file share and build your desktop share

Build the Windows Server Cluster Azure Quorum Cloud Witness  in just a few Steps.

And yes you can build several configurations with the Azure File share Cloud Storage is there to use it. there is only one thing with the Cloud you will need an internet connection to your servers. unless you already use expressroute.


Happy clustering

Robert Smit



Technorati Tags: Windows Azure,Azure File service,Windows,Server,Clustermvp,Blob,cloud witness

Failed to install .NET Framework 3.5 Feature Windows Server 2012R2 OR on #Azure VM Error 0x800f081f Working Solution #winserv #MVPBuzz   20 comments

you have just installed a fresh new Windows Server 2012R2 on premise or in Azure and you need to install .Net Framework 3.5 Features

But it fails with an error 0x800f081f

a quick search says you need this command to do this well eh why ? but any way it is on the web so it must be right .

dism.exe /Online /Enable-Feature /FeatureName:NetFx3 /All /LimitAccess /Source:E:\sources\sxs  <> Will not Work

But why everybody says thanks! let me that you to the real problem. Reminder this is for all Servers even in Azure !


We checked the .Net Framework 3.5 Features and failed


Next attempt Give the Source to the installation. not very handy in Azure first download a ISO then mount this to the OS.

But it is on the Web so it must be true and the installation says he I need a Source I do not have these files and the OS is not lying or does it ?


So we put in the Source and give it a try.




Same error and with the source, maybe my source is not right , yeh right.

Test tis one more time form the Command

Then there is this line, this should work eh yes is did not.

dism.exe /Online /Enable-Feature /FeatureName:NetFx3 /All /LimitAccess /Source:E:\sources\sxs



See it did not work, I told you so in the first line So what is really going on in this system.

The Real fix for installing .NET Framework 3.5 Feature and Error 0x800f081f

If you open a PowerShell window and query the roles and features Get-WindowsFeature take a look at .NET Framework 3.5.


In the last column the Install state is different, it says Removed ?

  1. Removed means that you can install the feature but the source files for that are not available for this OS (not always)
  2. Installed means that the role or feature is already enabled and in use
  3. Available means that you can install the feature and the source files are on the machine and the OS can use them

But Removed, If the @Azure Team has removed this feature could this be the problem ?

Let me check if there are Updates for my system.



What there is an update for me and I do not have the .NET 3.5 Framework features installed.

then there must be an update there for me that is nagging me. Let me search the updates for .NET 3.5 Framework and compare them to the Installed updates.


This is an .NET 3.5 Framework update ad must be installed when the .NET 3.5 Framework was installed and patched


I uninstalled this update


Reinstalled .NET 3.5 Framework feature and see now it is working.


So all the time a Windows Update is keeping me from installing the .NET 3.5 Framework Feature.

Sometimes Windows can be a pain, But you are in control !

Happy Clustering!

Robert Smit




Technorati Tags: ,,,,,,
WordPress Tags: Framework,Feature,Windows,Server,Azure,Error,Solution

Posted October 20, 2014 by Robert Smit [MVP] in Windows Server 2012 R2

Tagged with ,

Hyper-v Virtual Machine Connection in Windows Server 2012R2 #hyper-v #winserv   Leave a comment

Did you know that you could connect to other Hyper-v servers and then open the Console ?

In the system32 folder there is a file vmconnect.exe

You can connect to the local or to other Hyper-v servers in your domain




Just type your Hyper-v server and all the VM’s are listed and you can easy connect to them.


The console is opened and you can even change the settings. how cool is that!


With this there is less reason to connect with RDP to the Hyper-v Servers for just to change something in the VM. this is an easy tip.

Happy Hyper-v

Robert Smit


Posted October 4, 2014 by Robert Smit [MVP] in Windows Server 2012 R2

Tagged with

Cluster-Aware Updating Windows 2012R2 with SQL Server 2014 AlwaysOn availability groups #Cau #winserv #SQL   Leave a comment

Cluster Aware Updating or CAU is a great tool for patching your cluster but there are some situations that you need to be carefully when using CAU.

Patching your SQL Clusters is no problem unless you have a Windows Server 2012 cluster with SQL Server AlwaysOn availability groups.

then you can’t use CAU the #NNFW (next next finish way) For Cluster.

Windows Server 2012 cluster with SQL Server AlwaysOn availability groups

I’ll not showing the Setup for this you can jump to my blog

but what I do show you is the basic steps for updating the Windows Server 2012 cluster with SQL Server AlwaysOn availability groups


Here is my SQL Cluster and it is a two node cluster ready for patching but most of the time the advanced options are skipped.

who cares about a pre and after setup I just want to install the updates.   let me show you why this is important !



My cluster is hitting the download and after this one node is set on Pause.


Eh pause but what about my SQL Server AlwaysOn availability group yes this is no longer working. eh the DBA guy is calling you right now Winking smile

How CAU Affects SQL Server AlwaysOn Availability Groups

Disclaimer: Microsoft does not support the use of CAU to update Windows Server 2012 clusters with SQL Server AlwaysOn availability groups. CAU is currently not aware of AlwaysOn availability groups. When CAU brings a node into maintenance mode to update the node, AlwaysOn availability groups are affected by the following known issues. Potential mitigations for these issues are provided to be transparent about our findings, and are meant for your non-production test environment only. These mitigations are not guaranteed to solve all issues.

review the document, please download the Patching SQL Server Failover Cluster Instances with Cluster-Aware Updating (CAU)

Main reason why you must be careful :

Do not use the Failover Cluster Manager to manipulate availability groups:


  • Do not change any availability group properties, such as the possible owners.

  • Do not use the Failover Cluster Manager to fail over availability groups. You must use Transact-SQL or SQL Server Management Studio.


But what Can you do ?

first connecting to all the SQL boxes and clicking on the SQL Server AlwaysOn availability group that is a lot of work.

Connect to the server instance that hosts the replica whose database you want to suspend.

  1. Suspend the database by using the following ALTER DATABASE statement:


Well a TSQL Script still connecting to my SQL box manually

Using PowerShell

To suspend a database

  1. Change directory to the server instance that hosts the replica whose database you want to suspend.

  2. Use the Suspend-SqlAvailabilityDatabase cmdlet to suspend the availability group.

  3. For example, the following command suspends data synchronization for the availability database MVPDB in the availability group MVPSQLAG01 

    Suspend-SqlAvailabilityDatabase -Path SQLSERVER:\Sql\Computer\Instance\AvailabilityGroups\MVPSQLAG01\Databases\MVPDB

To resume a secondary database

  1. Change directory to the server instance that hosts the replica whose database you want to resume. 

  2. Use the Resume-SqlAvailabilityDatabase cmdlet to resume the availability group.

  3. For example, the following command resumes data synchronization for the availability database MVPDB in the availability group MVPSQLAG01

    Resume-SqlAvailabilityDatabase -Path SQLSERVER:\Sql\Computer\Instance\AvailabilityGroups\MVPSQLAG01\Databases\MVPDB


So I placed the scripts on the CSV from my Cluster 






Disclaimer: Microsoft does not support the use of CAU to update Windows Server 2012 clusters with SQL Server AlwaysOn availability groups. CAU is currently not aware of AlwaysOn availability groups. When CAU brings a node into maintenance mode to update the node, AlwaysOn availability groups are affected by the following known issues. Potential mitigations for these issues are provided to be transparent about our findings, and are meant for your non-production test environment only. These mitigations are not guaranteed to solve all issues. 


Robert Smit

Posted September 24, 2014 by Robert Smit [MVP] in Cluster-Aware Updating

Tagged with

StorScore A test framework to evaluate SSDs and HDDs #Cloud Server Infrastructure Engineering #CSI #ssd #winserv @microsoft   2 comments

StorScore is a component-level evaluation tool for testing storage devices.
When run with default settings it should give realistic metrics similar to
what can be expected by a Windows application developer.


You must download and install the following or StorScore will not work:

    A Windows Perl interpreter:

Strawberry Perl is a perl environment for MS Windows containing all you need to run and develop perl applications. It is designed to be as close as possible to perl environment on UNIX systems.


With the output you can create some pivot tables and get great output.


Posted August 21, 2014 by Robert Smit [MVP] in Windows Server 2012 R2

Tagged with

  • Twitter

  • RSS Azure and Microsoft Windows Server Blog

  • %d bloggers like this: