Use SysMon and finding it hard going ?

July 30th, 2017  / Author: Philip Flint

Nifty little GUI to help you interpret that capture much faster

https://nosecurecode.blog/2017/07/29/visualizing-tracking-sysmon-events-with-sysmon-view-1-2/amp/

Royalty Free Images for Presentations

July 27th, 2017  / Author: Philip Flint

Need some high quality royalty free images for your presentations ? Why not try one of the following sites ?

http://pixabay.com

http://unsplash.com

http://freeimages.com

Enjoy.

How to delete a host that is in (pending) state in SCVMM

July 24th, 2017  / Author: Philip Flint

When deleting a Hyper-V host from SCVMM, it may shows the status as “Pending” under VMs and Services / Fabric sections.

If this occurs then the following Microsoft provided fix should be able to help you out (everything done at your own risk naturally).

0) Migrate all VMs off the host to be removed and shutdown host if you haven’t done it before
1) Stop the SCVMM services on the SCVMM server
2) Open SQL Management Studio and attach to the VirtualManagerDB. The name may be different if you modified it during installation.
3) Take a full backup of the database.
4) Right click on the VirtualManagerDB and select New Query
5) Paste the following script in

/*Remove host hardware */
BEGIN TRY
BEGIN TRANSACTION T1

DECLARE @ComputerName AS NVARCHAR(50)
DECLARE @HostID AS NVARCHAR(50)
DECLARE @AgentServerID AS NVARCHAR(50)

/* set variables */
SET @ComputerName = ‘server1.contoso.com‘ /* Insert FQDN of host to be removed here */

SET @HostID =
(
SELECT HostID FROM tbl_ADHC_Host
WHERE ComputerName = @ComputerName
)
SET @AgentServerID =
(
SELECT AgentServerID FROM tbl_ADHC_AgentServerRelation
WHERE HostLibraryServerID = @HostID
)

/*Start removal*/
/* Remove of HBA networking */
DELETE FROM tbl_ADHC_ISCSIHbaToPortalMapping
WHERE ISCSIHbaID in
(
SELECT hbaid FROM tbl_ADHC_HostBusAdapter
WHERE HostID = @HostID
)

DELETE FROM tbl_ADHC_ISCSIHbaToTargetMapping
WHERE ISCSIHbaID in
(
SELECT hbaid FROM tbl_ADHC_HostBusAdapter
WHERE HostID = @HostID
)

DELETE FROM tbl_ADHC_HostInternetSCSIHba
WHERE ISCSIHbaID in
(
SELECT hbaid FROM tbl_ADHC_HostBusAdapter
WHERE HostID = @HostID
)
DELETE FROM tbl_ADHC_FCHbaToFibrePortMapping
WHERE FCHbaID in
(
SELECT HBAId FROM tbl_adhc_HostBusAdapter
WHERE HostID = @HostID
)

DELETE FROM tbl_ADHC_HostFibreChannelHba
WHERE FCHbaID in
(
SELECT HbaID FROM tbl_adhc_HostBusAdapter
WHERE HostID = @HostID
)

DELETE FROM tbl_ADHC_HostSASHba
WHERE SASHbaID in
(
SELECT HBAId FROM tbl_adhc_HostBusAdapter
WHERE HostID = @HostID
)
DELETE FROM tbl_adhc_HostBusAdapter
WHERE HbaID in
(
SELECT HBAId FROM tbl_adhc_HostBusAdapter
WHERE HostID = @HostID
)

/* Remove Host Networking */

DELETE FROM tbl_NetMan_HostNetworkAdapterToLogicalNetwork
WHERE HostNetworkAdapterID in
(
SELECT NetworkAdapterID FROM tbl_ADHC_HostNetworkAdapter
WHERE HostID = @HostID
)
DELETE FROM tbl_ADHC_HostNetworkAdapter
WHERE NetworkAdapterID in
(
SELECT NetworkAdapterID FROM tbl_ADHC_HostNetworkAdapter
WHERE HostID = @HostID
)

/*Remove host hardware */
DELETE FROM tbl_ADHC_VirtualNetwork
WHERE HostID = @HostID
DELETE FROM tbl_ADHC_HostVolume
WHERE HostID = @HostID
Delete FROM tbl_WLC_VDrive
WHERE HostDiskId in
(
SELECT diskid from tbl_ADHC_HostDisk
Where HostID = @HostID
)
DELETE FROM tbl_ADHC_HostDisk
WHERE HostID = @HostID
DELETE FROM tbl_WLC_PhysicalObject
WHERE HostID = @HostID
DELETE FROM tbl_WLC_VObject
WHERE HostID = @HostID

/* Remove references to host */

DELETE FROM tbl_ADHC_HealthMonitor
WHERE AgentServerID in
(
SELECT AgentServerID FROM tbl_ADHC_AgentServerRelation
WHERE HostLibraryServerID = @HostID
)
DELETE FROM tbl_ADHC_AgentServerRelation
WHERE AgentServerID in
(
SELECT AgentServerID FROM tbl_ADHC_AgentServerRelation
WHERE HostLibraryServerID = @HostID
)
DELETE FROM tbl_ADHC_AgentServer
WHERE AgentServerID in
(
SELECT AgentServerID FROM tbl_ADHC_AgentServerRelation
WHERE HostLibraryServerID = @HostID
)

/*Remove physical machine info*/
DELETE from tbl_PMM_PhysicalMachine
WHERE PhysicalMachineID in
(
SELECT PhysicalMachineID from tbl_ADHC_Host
WHERE HostID = @HostID
)

/* Final host removal */
DELETE FROM tbl_ADHC_HostCluster
WHERE AvailableStorageHostID = @HostID
DELETE FROM tbl_NetMan_InstalledVirtualSwitchExtension
WHERE HostID = @HostID
DELETE FROM tbl_RBS_RunAsAccountConsumer
WHERE ObjectID = @HostID
DELETE FROM tbl_VMMigration_EndpointLUNMapping
WHERE EndPointID = @HostID
DELETE FROM tbl_ADHC_HostBusAdapter
WHERE HostID = @HostID
DELETE FROM tbl_ADHC_Host
WHERE HostID = @HostID
DELETE FROM tbl_WLC_VNetworkAdapter
WHERE HostID = @HostID
DELETE FROM tbl_TR_RefresherState
WHERE RefreshRootObjectID = @HostID
COMMIT TRANSACTION T1
END TRY

BEGIN CATCH

IF @@TRANCOUNT > 0
ROLLBACK TRAN T1
END CATCH

6) Change server1.contoso.com to be the FQDN yourserver@yourdomain.com of the server we would like to remove. Make sure to leave the single quotes around the name.

7) Highlight the entire script and click Execute. You should execute teh script twice. On the second time there should be 0 rows affected, if the transaction worked as it should the first time.

8) Exit SQL Management Studio and start the SCVMM services.

9) On VMM Server Run Get-SCVMHost -ComputerName yourserver@yourdomain.com to make sure it is not there. Or you can search for it in VMM admin console

10) Host has been removed successfully

 

If you have any issues, step 3 did recommend that you take a backup of the database and you should restore this database to return you to the starting position if necessary.

Default NetScaler changes

July 7th, 2017  / Author: Philip Flint

When deploying a NetScaler, Citrix recommend that you make these changes by default (https://support.citrix.com/article/CTX121149 ).

The Windows Scaling one was particularly useful on a customer site recently where connections over CAG would drop due to window size on the TCP stream not being negotiated with the ASA filrewall correctly. Enable windows scaling and the issue went right away.

Configuring Anti-Virus for VDI

May 15th, 2017  / Author: Philip Flint

While this article is specific to Microsoft Defender, it does give good recommendations as to how to configure any vendors A/V for a VDI environment.

https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus

Display make and model of server hardware

May 9th, 2017  / Author: Philip Flint

Ever been in that place where you need to know that is the make and model of a server ? For documentation or planning purposes for example ?

You know, the time when you might have to work out what the power draw is of your hardware before moving into a hosted data center or know which spares to hold for physical servers ?

A quick way to get the make and model of the hardware is to run the command below:

wmic computersystem get Name, domain, Manufacturer, Model, NumberofProcessors, PrimaryOwnerName,Username, Roles, totalphysicalmemory /format:list

Geo Location Database

April 15th, 2017  / Author: Philip Flint

Need a free geolocation database ? Why not give the guys over at MaxMind a go ?

GeoLite2 Free Downloadable Databases

Create new contacts folder in users mailbox (Exchange 2010)

June 6th, 2016  / Author: Philip Flint

In this post I’ll walk you through how to use PowerShell to create a new folder under the users contacts folder in Exchange 2010. I imagine this will also work for later version os Exchange as the command still exists in Exchange 2016.. but I haven’t tested it.

The things you need to make this work are:

  1. Rights to the users mailbox
  2. CAS stole installed
  3. Exchange PS-Snapin imported

If you have those 3 items, then it works fine.

So, the issue is that if you run the New-MailboxFolder command out of the box it wont work unless the snapping is installed so the first command you run from the Exchange Administrative Shell is

add-pssnapin Microsoft.Exchange.Management.PowerShell.E2010

Even after running that command you will receive an error that says “Cannot open mailbox”

error1

So, next we grant the account running the command access to the users mailbox.

 

error2

 

If you want to do this using PowerShell (for all mailboxes perhaps) then you can run the command:

Get-Mailbox –result size unlimited | Add-MailboxPermission –User “domain\usernamerunningthecommand” -AccessRights “FullAccess”
To subsequently remove access to all mailboxes run the command:
Get-Mailbox –result size unlimited | Remove-MailboxPermission –User “domain\usernamerunningthecommand” -AccessRights “FullAccess -confirm:$false”
If you try and run the New-MailboxFolder command, you may still get an error.
error3

This is due to the command being run on a non-Exchange server (perhaps a management workstation). if the command is run on a server with the CAS role installed, it will then execute fine.

error4

Deploying a reg key with SCCM

June 3rd, 2016  / Author: Philip Flint

One easy way is to create a batch file

In the batch file enter

regedit /f /s regfile.reg

the batch file can just be published as a standard package or application.

while the /f isn’t necessary, it does force an overwrite of any pre-existing keys and so can be useful if you want to correct some keys rather than simply adding them.

Extract ProxyAddresses to a CSV file

May 10th, 2016  / Author: Philip Flint

The code snippet below will allow you to extract a users proxy addresses, one per line, to a CSV fie ready to import into a foreign exchange system.

 

$recordset = get-mailbox -resultsize unlimited | select samaccountname, displayname, emailaddresses

$result = @()

foreach ($record in $recordset) {

foreach ($address in $record.emailaddresses) {

$add = $record.samaccountname + “,” + $record.displayname + “,” + $address.proxyaddressstring

$result += $add

}

}

$result | out-file c:\support\alladdresses.txt

 

 

When importing into the other system, you may want to convert SMTP (uppercase) to smtp (lowercase) and similar for X400, X500 and SIP addresses or ad .tolower() to $address.proxyaddressstring when extracting the addresses above.