Philip Flint

Installing System Centre Virtual Machine Manager 2008 R2

Nov 4

Posted by Philip Flint in SCVMM 2008 R2, Virtualisation | 1 Comment

If you are like me then you may be a little nervous when it comes to installing a piece of software for the first time and so it’s comforting, I think, if you can see a walkthrough with an explanation or demonstration of the decision points when it comes to installing a piece of software for the first time. Below I’ve provided some screenshots and instructions for getting SCVMM up and running. My installation was performed in a lab environment with Widows 2008 Server R2 installed on my laptop providing the Hyper-V functionality so that the hypervisor can have access to the virtualisation extensions of the processor (i.e. hyper-v will work). I’ve then created two virtual machines, scvmmdc as a domain controller and scvmm to run SCVMM and control hyper-v on my laptop as a host. True, it’s now what you would expect to see in production but it does give you an idea of how to install the software.

The first thing you will note is that I’m not installing a full install to a clustered sql server and, equally, I have not clustered SCVMM to make it highly available … both of these things being best practice for a full multi host production environment. You can, of course, get away without doing either of these things in production as you can still control clustered hyper-v from the built in server administration tools, it’s just that you won’t have access to SCVMM if your single server is not up and running. So, the more physical hosts you have, the “better” practice it is to provide high availability for SCVMM.

The first thing to note after installing the setup disk is that the very first link gives you access to the SCVMM help file which gives excellent advice as to sizing the solution, supported SQL, required software etc (the Setup Overview link).

Straight from that guide, the software requirements are:

Software requirement	Notes
A supported operating system	For more information, (generally 2003 SP2 and later).
Windows Remote Management (WinRM)	This software is included in Windows Server 2008 and the WinRM service is set to start automatically. If the WinRM service is stopped, the Setup Wizard starts the service.
Microsoft .NET Framework 3.0	This software is included in Windows Server 2008. If this software has been removed, the Setup Wizard automatically adds it (i.e. no need to download unless you want the latest version – always patch afterwards though).
Windows Automated Installation Kit (WAIK) 1.1	If this software has not been installed previously, the Setup Wizard automatically installs it (i.e. no need to download unless you want the latest version – always patch afterwards though).

If you use the same computer for your VMM server and your VMM database, you must install a supported version of Microsoft SQL Server.

Supported versions of SQL are

SQL Server 2008 Express Edition
SQL Server 2008 (32-bit and 64-bit) Standard Edition
SQL Server 2008 (32-bit and 64-bit) Enterprise Edition
SQL Server 2005 Express Edition SP2
SQL Server 2005 (32-bit and 64-bit) Standard Edition SP2
SQL Server 2005 (32-bit and 64-bit) Enterprise Edition SP2

If you do not specify a local or remote instance of SQL then the Setup Wizard will install SQL Server 2005 Express Edition SP2 on the local computer. The Setup Wizard also installs SQL Server 2005 Tools and creates a SQL Server instance named MICROSOFT$VMM$ on the local computer. To use SQL Server 2008 for the VMM database, SQL Server Management Tools must be installed on the VMM server. If you use Express Edition then SCVMM will not allow reporting and the database size is limited to 4GB.

After reading the pre-requisites we can prepare the server and domain to host SCVMM. The domain needs to be at Windows 2003 domain level as a minimum. Equally, if the SCVMM server is to host the self service portal then IIS needs to be installed and configured. For Windows 2003 this is a simple matter of installing the Application Server role. For Windows 2008 and above add the Web Server (IIS) role and ensure the following role services are selected:

Static Content
Default Document
Directory Browsing
HTTP Errors
ASP.NET
.Net Extensibility
ISAPI Extensions
ISAPI Filters
Request Filtering
IIS 6 Metabase Compatibility
IIS 6 WMI Compatibility

We can then check the server for suitability for hosting SCVMM. This can be done locally or form a remote machine but whichever machine is being used for this task, that machine needs to have the Microsoft Baseline Configuration Analyzer installed which can be downloaded from http://go.microsoft.com/fwlink/?LinkId=97952. Once the MBCA has been installed we can then click the link for the VMM Configuration Analyzer. This will allow you to download the analyzer tool to your local machine and pre-check the machine for suitability for hosting SCVMM.

When starting the Analyzer tool from the start menu we have the following choices (SCVMM is the name of my lab machine). The tool should really be run in the context of an account that is a domain administrator in order that the tool can accurately check the domain level.

After clicking Scan and waiting a short while you will be presented with a report for which you will need to correct any errors.

Once all errors are resolved we can move onto installing the SCVMM software. Simply click on “SCVMM Server” under the setup section of the welcome screen. Setup will extract some temporary files and then begin the installation routine. Read and accept the license terms if you agree with them and wish to proceed.

I recommend that you participate in the customer experience program if you wish to see Microsoft improve their software for you and all other users.

Complete the User registration details according to your corporate standards.

Complete the prerequisites check and, if passed, click on Next.

Select where to install the software binaries.

As I don’t have a separate SQL server in my lab I chose to install SQL Express locally on my server.

I created a new folder called “Library” and changed the path for the library share to used that new location. In the normal course of events I would usually put this on a drive other than C to allow for growth.

While it is a best practice to change the port numbers used (one for security and two, because you have to uninstall and reinstall SCVMM if you want to change the ports later) I have left them at their defaults for my lab. Similarly, it is a security best practice to leave the service account as the system account. A network account should be used if SCVMM is being installed in a clustered environment where SCVMM is itself clustered.

At the summary of settings page click on Install to proceed.

The software and pre-requisite software will then be installed.

Finally, once the installation has completed select Close to check for any SCVMM updates.

This will have installed SCVMM server. Next, we need to install the Administrators Console. After any required patching, reboot the server and start setup from the CD once more and select VMM Administrator Console in the setup section. Once again temporary files will be extracted and the installation process will begin. As before, we first read and accept the license agreement if we want to proceed.

There is no need to join the Customer Experience Improvement Program as this screen will pick up the choice made when installing SCVMM server (this choice is available if installing the administrative console onto an administrators workstation).

Complete the prerequisites check and, if passed, click on Next.

Select the installation location and click on Next.

Next, we assign the port that we want the console to use to communicate with the SCVMM Server. This is the port that you assigned when installing SCVMM Server above. The port setting that you assign for the VMM Administrator Console must identically match the port setting that you assigned for the VMM Administrator Console during the installation of the VMM server or communication will not occur.

On the Summary of Settings page, if all settings are fine then click on Install.

The installation will then proceed.

Once again, click on Close and check for any updates to the software.

Once any updates have been installed and the server has been rebooted we can proceed to install the optional VMM Self-Service Portal. The Self Service Portal allows identified users to create and manage virtual machines within a Hyper-V or VMWare environment where SCVMM is managing VMWare hosts. To begin the install simply click on the VMM Self-Service Portal link under the Setup section of the welcome page. Once again temporary files will be extracted and the installation process will begin. As before, we first read and accept the license agreement if we want to proceed.

Complete the prerequisites check and, if passed, click on Next (remember, IIS must have been installed to install this service).

We can then choose where to install the application binaries. Here, I have chosen the default location for my lab. In a production environment I would move these to a drive other than C.

Next we tell the installation what port we would like users to connect to the self-service portal over. Generally this is port 80 but if another web site is being hosted on the server then we can either select a different port or, more usually, set a different host / web address to be used by the solution by way of host headers. If port 80 is already in use (by the default web site for example) then we receive the error message below.

I’ve used the hostname selfservice and registered this in my DNS servers as a host (A) record to enable clients to find the site. Additionally, we once again have to connect to our SCVMM server and need to enter the port number chosen earlier for connections. We can then click on Next to move to the next screen.

On the Summary page we can now select Install if we are happy with all of our settings.

Once again we click on Close and check for any updates to the software.

Once the installation is complete we can once again check for any updates and reboot the server to ensure that all services start cleanly (checking the event log for any issues on startup).

Once restarted you can take time if necessary to harden your self-service portal environment by deploying SSL (to encrypt traffic), using integrated logon (to prevent users having to enter passwords) and disabling unwanted ISAPI filters. The full guide on recommended hardening measures can be found at http://go.microsoft.com/fwlink/?LinkId=123617.

If you have followed these steps you should now have a fully functional SCVMM server which can be connected to your Hyper-V or VMWare servers. Connecting to Hyper-V couldn’t be simpler. When you add a virtual machine host or library server that is in an Active Directory domain, SCVMM remotely installs an SCVMM agent on the Hyper-V host. The SCVMM agent deployment process uses both the Server Message Block (SMB) ports and the Remote Procedure Call (RPC) port (TCP 135) and the DCOM port range. You can use either SMB packet signing or IPSec to help secure the agent deployment process. You can also install SCVMM agents locally on hosts, discover them in the SCVMM Administrator Console, and then control the host using only the WinRM port (default port 80) and BITS port (default port 443). Even though we do not need to install the Local Agent manually as all of our servers reside in a domain I run through the procedure for installation below. First we insert the SCVMM disc into our hyper-v server (or map a drive to it) and start the setup routine and then click on Local Agent under setup. The installation of the Local Agent will then begin.

Accept the terms of the agreement to continue.

Select the installation path.

Change the ports the Hyper-V server will use to connect to the SCVMM server to those set earlier when SCVMM was installed.

Our server is not sitting in a DMZ – if it were we could encrypt traffic between the Hyper-V server and SCVMM.

You can then continue to Install the Agent

Click on Finish when completed.

Next we need to start the SCVMM Admin console on the SCVMM server by double clicking the link created on your desktop or by using the link in the Start menu.

From the Outlook like interface we can select the Hosts section and from there we can create a new host group if we have a number of physical Hyper-V or VMWare hosts we would like to control. For our purposes we’ll just use the All Hosts group. On the right hand side (Actions column) we can select Add Host.

In my lab the Hyper-V server is part of my domain as it would have to be if we were running a Hyper-V cluster and so we select the first choice and enter the domain administrator credentials to allow SCVMM access to the Hyper-V host.

Next, type in the name of the physical server running Hyper-V or browse for it in Active Directory. Note: Hyper-V does not need to be installed on the host at this point – if it is not then SCVMM will install and activate the role on the target server and reboot it.

Add the host machine to a host group.

Add a default path where Virtual Machines should be created on this host. When you add a stand-alone Windows Server-based virtual machine host as we are doing here to Virtual Machine Manager (SCVMM), you can add one or more virtual machine default paths, which are paths to folders where SCVMM can store the files for virtual machines that are deployed on the hosts. However, For a Hyper-V or VMWare cluster the default path is a shared volume on the cluster that SCVMM automatically creates when you add the host cluster. When you are adding the host cluster, you cannot specify additional default paths in the Add Host Wizard.

We then get asked to confirm the settings and can select to add our host.

Once added a job will auto-run to add the host followed by a further series of jobs to add in any already configured Virtual Machines running on that host into SCVMM.

You should now be able to control your Hyper-V host using SCVMM and configure the self-service portal for your users.

Tags: SCVMM 200 R2, Virtualisation

Synchronising time in an Active Directory Forest

Nov 3

Posted by Philip Flint in Active Directory | No Comments

Windows Servers use time synchronisation to ensure against replay attacks and thus increase the security of Kerberos authentication within an Active Directory environment. Kerberos tickets are presented to domain controllers by clients and the authenticating domain controller checks that the time stamp on the ticket is within a certain amount of time of the clock on the domain controller, generally 5 minutes although this can be set by group policy. To ensure that the clocks between clients and domain controllers are reasonably in synch at all times, Windows operating systems use the windows time service (W32Time) to synchronise clocks within the forest. They do this by following a synchronisation hierarchy which can be described as below.

All client desktop computers nominate the authenticating domain controller as their in-bound time partner.
All member servers also nominate the authenticating domain controller as their in-bound time partner.
All domain controllers in a domain nominate the primary domain controller (PDC) operations master as their in-bound time partner.
All PDC operations masters follow the hierarchy of domains in the selection of their in-bound time partner and synchronise with the server holding the PDC operations master role in the forest root domain.
In this hierarchy, the PDC operations master at the root of the forest becomes authoritative for the organization and should be set to synchronise with an external atomic time source or will use its own CMOS clock to set its internal time.

When deploying domain controllers, the server holding the PDC operations master role must then be granted access to the internet to synchronise its time with an atomic clock using the NTP protocol (UDP port 123). This is fine when a data centre is first deployed but what happens when the PDC emulator operations master role is moved to another server ? Synchronisation will still occur within the forest with the new server holding this role other than for the original server hosting the role which will still synchronise with its external source.

This can raise two issues.

One of the servers, over time, could drift in terms of its clock and so the original PDC emulator may not be in sync with the rest of the forest and therefore reject authentication attempts.
If an application is Active Directory integrated and using the AD servers for its time source then that application or service may not be accurately recording its time in the application or any logs. This can be an issue, for example, for systems “clocking in” staff where staff are fined for late arrival or, perhaps, when accurate recording of access times for network assets is important for security reasons. If the time recorded is out by a few minutes then this may be an issue.

This raises the question then “how do I set my clocks accurately for all machines if I move my PDC Emulator role”. There are three solutions.

Set all domain controllers to synchronise to the same external atomic clock. Whilst this should certainly keep all clocks within a reasonable skew time the same issue can occur as described above if one server should, for some reason, not have external access. It is likely to eventually drift from the other server clocks and create issues.
Set two domain controllers to synchronise externally and only move the PDC emulator role between those two servers. This is a standard answer to this conundrum and can work well. It has the advantage that administrators are likely to know where the FSMO roles are for the domain and reduces the amount of setup time. However, there is still a small risk of drift if one server loses its external access for any reason. There is also the possibility that the PDC Emulator role will be moved to a server other than those nominated.
Use a GPO to set domain controllers to follow the hierarchy above and be compliant with RFC 1305 unless they are the PDC Emulator in which case they go to an external source. While all domain controllers still need to be provided access to the internet over UDP port 123, should a mistake be made then all servers will at least have the same clock time and so, using this method, the likelihood of failed authentication attempts are very much minimised.

The preferred method then is option C above. To configure this is relatively simplistic. A GPO is created and applied at the “Domain Controllers” OU level. The GPO itself is scoped by way of a WMI script to affect just the server holding the PDC Emulator operations master role. This GPO configures the W32Time service on that server with the external clocks to synchronise to.

To create the GPO, open Group Policy Management Console and create a new GOP linked to the Domain Controllers OU (I have called mine PDC Time Sync). Access the Scope tab of the GPO.

Note that WMI Filtering is net to <none>. You can only apply a WMI filter if one exists and so, next, we right click the WMI Filters node above and select “New…“. We give the WMI filter a name and description as below.

We then click Add to add a query to the filter. The WMI query will be as below:

Select * from Win32_ComputerSystem where DomainRole = 5

We then click on OK and “Save“.

The WMI script selects computers whose DomainRole method of the Win32_ComputerSystem class (i.e. DomainRole value) is set to 5. The allowed values for this method are as below.

Value	Meaning
0	Standalone Workstation
1	Member Workstation
2	Standalone Server
3	Member Server
4	Backup Domain Controller
5	Primary Domain Controller

Active Directory follows the multi-master method of replication whereby each domain controller “owns” a copy of the Active Directory database and can update values in that database and replicate changes to all other domain controllers. This is as opposed to the NT4 methodology where a primary domain controller existed and all other domain controllers were backup domain controllers. However, Active Directory maintains the PDC Emulator role for those times when a PDC is still required for down level clients, password replication and time synchronisation. The server hosting this role has DomainRole 5 and all other domain controllers hold domain role 4, even though they are not backup domain controllers in the traditional meaning of that term.

As the WMI filter now exists it can be assigned to the GPO as a filter. Access the scope tab of the GPO created earlier and set the WMI filter to the one just created.

The GPO can now be edited and values set to control the W32Time service on the server holding the PDC Emulator role. If the role is moved between servers then the GPO ceases to apply and the W32Time settings are reverted to their original values forcing the server to sync to the new server holding the PDC Emulator role. The appropriate policy to set is the “Configure Windows NTP Client” policy found at “Computer Configuration | Policies | Administrative Templates | System | Windows Time Service | Time Providers” in Windows Server 2008 R2. The default values for these settings are shown below.

The meaning of each value is as follows:

Policy Setting	Effect of Setting
NtpServer	Establishes a space-delimited list of peers from which a computer obtains time stamps, consisting of one or more DNS names or IP addresses per line. Computers connected to a domain must synchronize with a more reliable time source, such as the official U.S. time clock. This setting is used only when Type is set to NTP or AllSync. 0×01 SpecialInterval 0×02 UseAsFallbackOnly 0×04 SymmetricActive 0×08 NTP request in Client mode
Type	Indicates which peers to accept synchronization from: NoSync. The time service does not synchronize with other sources. NTP. The time service synchronizes from the servers specified in the NtpServer registry entry. NT5DS. The time service synchronizes from the domain hierarchy. AllSync. The time service uses all the available synchronization mechanisms.
CrossSiteSyncFlags	Determines whether the service chooses synchronization partners outside the domain of the computer. None 0 PdcOnly 1 All 2 This value is ignored if the NT5DS value is not set.
ResolvePeerBackoffMinutes	Specifies the initial interval to wait, in minutes, before attempting to locate a peer to synchronize with. If the Windows Time Service cannot successfully synchronize with a time source, it will keep retrying, using the settings specified in ResolvePeerBackOffMinutes and ResolvePeerBackoffMaxTimes.
ResolvePeerBackoffMaxTimes	Specifies the maximum number of times to double the wait interval when repeated attempts fail to locate a peer to synchronize with. A value of zero means that the wait interval is always the initial interval in ResolvePeerBackoffMinutes.
SpecialPollInterval	Specifies the special poll interval in seconds for peers that have been configured manually. When a special poll is enabled, Windows Time Service will use this poll interval instead of a dynamic one that is determined by synchronization algorithms built into Windows Time Service.

A list of NTP Time servers can be obtained from http://support.microsoft.com/?id=262680. The values I tend to set for the GPO are as below.

I use the flag 0×1 on the NtpServer setting to make the time service take note of the SpecialPollInterval setting (which is a value in seconds) which sets how often the server should poll for a new time. In this way we can, if desired, poll for a time update more or less often. The NTP type setting tells the service to go direct for its time updates to the NtpServer specified.

One the GPO is configured you can wait for it to be applied to the PDC Emulator or force its application using GPUpdate. To check that the policy is working simply note the difference between the server clock and your wristwatch or other clock and, around an hour later, check again and you should see that the difference between the two time sources has changed as the server is drawing its time from an accurate time source.

The final thing to do is to change the GPO status to disable user configuration settings within the GPO as this will lead to a slightly faster GPO processing time.

I hope this post will help remove some of the mystery surrounding how to configure time synchronisation settings within an Active Directory domain.

Tags: Active Directory

How should I license my virtualised environment ?

Nov 3

Posted by Philip Flint in Virtualisation | 4 Comments

Many people know that if you purchase a copy of Windows Server 2008 R2 Enterprise Edition then you get to run 4 copies of Enterprise or down level versions in a virtualised environment on that physical host for which the Enterprise license was purchased. This is true even if you don’t install Enterprise on the physical host. That is, you can install XenServer or VMWare and still take advantage of this fantastic deal.

What you may not be aware of though is that you can also but Windows Server 2008 R2 Datacenter Edition and run an unlimited number of Windows Server guest VM’s on that physical host. Datacenter is licensed per processor socket (not core) and you have to license a minimum of 2 sockets (processors) in the physical server but, and here’s the thing, with hexa (6) and octo (8) core processors now on the market then, with 2 octo-core processors and one physical core assigned to each VM then you can run 16 VM’s on a single host for the price of 2 Datacenter Edition licences or 4 Enterprise Edition licences. If you go for even higher densities then the gap widens still further. With the difference in price between versions being only a couple of hundred bucks then there are savings to be made in even the smaller virtualised data centers.

But, how do you tell which is the right choice for you ? Microsoft have published an online tool to help you out. Simply type in the price you pay for Enterprise, Standard and Datacenter Editions, the number of processors per server and the average number of VM’s per server and the calculator will tell you which is the cheaper option to go for.

You can find this tool online at http://www.microsoft.com/windowsserver2008/en/us/hyperv-calculators.aspx.

Tags: Virtualisation

What is the difference between a Role and a Feature

Nov 3

Posted by Philip Flint in Windows 2008 R2 | No Comments

Before Windows 2003 if you wanted to add functionality to a Windows Server you would have to access “Add / Remove Programs” in control panel and then “Add / Remove Windows Components” and choose which components to install. You may or may not have chosen the right components for what you were trying to achieve and you may have installed the correct dependencies (leading to a potentially unstable server if you didn’t) or, indeed, too many dependencies making your server less secure. This situation led to a high number of calls to Microsoft for “broken” software when, in reality, the solution had not been deployed correctly.

Because of this, from 2003 Microsoft onwards Microsoft introduced the “Configure your server” wizard which allowed users to add core functionality to a server with a reduced set of configuration options. That is, the wizard only installed those items necessary to get the server to do the chosen job. This not only led to more stable servers but also more secure servers.

This philosophy has now been extended out for Windows 2008 onwards such that a whole raft of functionality is no longer deployed by default leading to a more secure base server environment (secure by design). Instead, you have to expose this functionality to Windows Server if you want to use it and the wizard will then deploy that functionality for you without introducing flaws due to mis-configuration of the base requirements for a solution. This functionality has been encapsulated in two areas under Server Manager – Roles and Features. So, now you know how we got here, what’s the difference between the two ?

Well, its simple really, a role is something that the servers offers to someone else (clients) such as Logon (AD), IP addresses (DHCP), name resolution (DNS) etc. A feature is something the server consumes or uses itself, for example Network Load Balancing, Telnet Client, Failover Clustering etc. Now if you need to find a certain “feature” of Windows Server I hope this will help you know the most likely place to find it.

Tags: Windows 2008 R2

Forcing Exchange to use specific Domain Controllers

Nov 2

Posted by Philip Flint in Exchange 2010 | No Comments

When you read Microsoft’s sizing guides then the basic advice for mailbox servers, for example, is to use 4 processor cores for Exchange for every 1 Active Directory processor core (Exchange 2007 with AD running on 32 bit). However, the situation you often get is that the domain controllers exist in a data centre servicing many solutions or even in a server room servicing user logons and so you can’t really assign specific domain controllers to service just Exchange. Now, what you can do is tell Exchange to just use certain DC’s but this doesn’t stop those DC’s from servicing other requests. But, there is a solution ….. Active Directory sites.

As you know, Active Directory “knows” which Domain Controller to direct a logon request to by using the clients IP address and directing the request to a domain controller in the same site as the user (or another site assigned to the users IP subnet). But requests are directed to the “most likely” subnet or, to put it another way “best match” subnet. Where this leads us to is that you can use subnets in Active Directory Sites and Services to direct logon requests.

For example, your data centre may have the subnet 10.1.1.0/24 (10.1.1.0, 255.255.255.0) and you may have the following servers.

Server	IP Address
DC1	10.1.1.1
DC2	10.1.1.2
SQL1	10.1.1.3
SQL2	10.1.1.4
DC3	10.1.1.5
DC4	10.1.1.6
Exchange1	10.1.1.7
Exchange2	10.1.1.8
Backup1	10.1.1.9

So, what we don’t want to do is just assign the subnet 10.1.1.0/248 to a site as this will not include Exchange2 and, indeed, will remove all DC’s from our server site. Similarly, we can’t just use 10.1.1.0/240 as a subnet as this will also include our backup server and, once again, all DC’s. That is, we could assign a more specific subnet to the Exchange “site” but, if needs be and for the purposes of this article, we can also assign individual servers. Below is an example of our site setup before we start with all servers assigned to the subnet OU.

The first thing we would do is create a new Site called, for example “Exchange” and, in this case, assign it to our default site link.

We then create a new Site Link to link the Exchange servers back to the Server site. We do this so that we can change the replication schedule as we will want “fast” replication between the DC’s in the Server site and in the Exchange Site (If required the sites can then be removed from the Default Site Link).

We can then create a series of new subnets, one for each server, and assign them to the “Exchange” Site.

In this way, individual servers can be added to the site until all servers that should be treated as one unit exist in the same site.

The Domain Controllers can then be moved to the Active directory site by right clicking the server in Sites and Services and selecting “Move”

This means that all the servers should perform lookups and any authentication against the domain controllers in their own local site. This technique can also be used in any other situation where particular AD servers have to be used by particular servers (for example when a certain level of domain controller must be used in a still mixed environment). All that remains is to change the site link to replicate rapidly.

By default, changes are not replicated between sites when the change is made (with the exception of urgent replication items such as password changes). Instead changes are replicated according to a schedule as defined on the site link. By default the replication interval is set to 180 minutes.

However, as these servers all sit on the same high speed network we can configure change notifications to traverse the site link in near real time as though the servers are in the same site. This is done by setting a value in Active Directory by using the ADSI Edit tool (installed by default in Windows 2008 R2 and part of the support tools pack in Windows 2003.

To enable change notification between sites

In ADSI Edit, expand the Configuration container.
Navigate to the Inter-Site Transports container, and select CN=IP . (You cannot enable change notification for SMTP links.)
Right-click the site link object for the sites for which you want to enable change notification (CN=Exchange Servers in our case), and then click Properties .
In the Select a property to view box, select options .
In the Edit Attribute box, if the Value(s) box shows <not set> , type 1 in the Edit Attribute box. If the Value(s) box contains a value, you must derive the new value by using a Boolean BITWISE-OR calculation on the old value, as follows: old_value BITWISE-OR 1. For example, if the value in the Value(s) box is 2, calculate 0010 OR 0001 to equal 0011. Type the integer value of the result in the Edit Attribute box; for this example, the value is 3. In this case, as this is a new site link that we have set up then the value should be set to <not set> and so we can enter 1.
Click OK and the OK again and exit ADSI Edit.

Changes should now be notified across the site link with the same frequency as they would if the servers were in a single site (around 15 seconds for 2003 / 2008).

Tags: Active Directory, Exchange 2010

How to duplicate entries in Excel

Nov 2

Posted by Philip Flint in Tips | No Comments

You know how it is. You are filling out an Excel spreadsheet and you need to copy the value above. Now, everyone knows the two ways to do this (copy /paste and to “drag and fill” the data down). Well, I was shown a third way today and thought I’d share it with you.

Simply select the cell where you want the data to be copied into and press CTRL + D (for Duplicate) and that’s it.

Before and After

Tags: Tips

How to tell if your PC supports XP Mode on Windows 7

Nov 2

Posted by Philip Flint in Virtualisation, Windows 7 | No Comments

Thinking of rolling out Windows 7 ? Then it could be that you will want to run XP Mode for backwards compatibility of older applications. XP mode allows you to run applications in a Windows XP SP3 virtual machine and present the application to the user as though it is running locally on the Windows 7 machine. Well, if you have a fleet of machines in your organisation then its likely you have purchased over time and don’t know which support hardware assisted virtualisation and which don’t. Microsoft have now bought out a simple tool that you can run on a logged on machine (admin privileges using run as required of course) that will tell you if the processor supports virtualisation and, more importantly, if its enabled for virtualisation.

There’s also a command line giving the opportunity to run a start up script and write a log file centrally so that you can see which machines can support this feature and which can’t.

You can download the free tool from http://go.microsoft.com/fwlink/?LinkId=163321.

Tags: Virtualisation, Windows 7

Best Practices for Virtualising Exchange

Nov 1

Posted by Philip Flint in Virtualisation | No Comments

Hold on to your hats. Microsoft are drawing a line in the sand and broadcasting what they believe are the best practices for virtualizing Exchange servers. Its an online broadcast and anyone can attend. Its due this Wednesday 4th November and you can sign up here.

Tags: Events, Virtualisation

Piping out to the clipboard

Nov 1

Posted by Philip Flint in Tips | No Comments

We all know how to pipe out to text files, right ? From a command prompt type in your command followed by > and then the name of the file to output the result to.

For example

ipconfig /all > c:\myfiles\ipconfigresults.txt

will put the results of ipconfig /all into a text file called ipconfigresults.txt in the myfiles folder and the more advanced ones among us know how to not only pipe the command out but also open that text file automatically after the command has completed.

For example

ipconfig /all > c:\myfiles\ipconfigresults.txt & c:\myfiles\ipconfigresults.txt

Well, that leaves a permanent file on your hard drive which you might or might not want. Plus, if you want the text in another file you have to open the text file as above, select it all and then copy it to the clipboard.

Now, you can doo all of that in one go without leaving that pesky file behind – just pipe the command to the clipboard !

For example

ipconfig /all | clip

will put the output of the ipconfig / all command on your clipboard. You can now either paste it into notepad for a temporary file or paste it into any more permanent file, as part of producing customer documentation for example.

Tags: Tips

Initial Configuration Tasks lost on Windows 2008 R2

Nov 1

Posted by Philip Flint in Windows 2008 R2 | No Comments

If you’ve selected to “Do not show this window at logon” and then can’t get back to the initial configuration taks pane in Windows Server 2008, simply click on the start button and type oobe.exe in the the search field and press return.

This command can also be run from a command prompt.

Tags: Windows 2008 R2