Hyper-V Replica DC not working

I used the capabilities of Hyper-V 2012 to create a test environment that mirrors production systems (including a Domain Controller).  I couldn’t get the other computers in the environment to use the replica for authentication.  After a little more testing, I figured out that I couldn’t open AD DS on the DC. 

Lots of searching on various errors eventually let me to this blog post, where a simple registry edit solved my problem:

http://exchangeonline.in/windows-server-2012-naming-information-located-because-domain-exist-contacted/

Error after upgrading Orchestrator to 2012 R2

After upgrading from System Center Orchestrator 2012 sp1 to 2012 R2, my Runbooks weren’t running via my scheduled tasks.  After some digging, I figured out that I couldn’t open the Orchestration Console, because I kept getting this error:

Error executing the current operation.
[HttpWebRequest_WebException_RemoteServer]
Arguments: NotFound
Debugging resource strings are unavailable. Often the key and arguments provide sufficient information to diagnose the problem. See http://go.microsoft.com/fwlink/?linkid=106663&Version=5.1.20913.0&File=System.Windows.dll&Key=HttpWebRequest_WebException_RemoteServer

I did some research, but couldn’t figure it out, and there was a particular Runbook that I needed to have run every night.  So I opened a ticket with Microsoft.  In order to save you the trouble, if you come across this issue, here is the solution:

1. Enable detailed logging for the connection attempt.

Create a folder to store the log file: C:\Logs in this sample:

    initializeData="C:\logs\SRV_Traces.svclog" />

Edit the Web.Config file located in the following default location:

C:\Program Files (x86)\Microsoft System Center 2012 R2\Orchestrator\Web Service\Orchestrator2012

======================

Part1 add the following just below section <configuration>

<system.diagnostics>

    <sources>

      <source name="System.ServiceModel"

              switchValue="Information, ActivityTracing"

              propagateActivity="true" >

        <listeners>

          <add name="xml"/>

        </listeners>

      </source>

      <source name="System.ServiceModel.MessageLogging">

        <listeners>

          <add name="xml"/>

        </listeners>

      </source>

    </sources>

    <sharedListeners>

      <add name="xml"

           type="System.Diagnostics.XmlWriterTraceListener"

                 initializeData="C:\logs\SRV_Traces.svclog" />

    </sharedListeners>

</system.diagnostics>

==============

Part2 added into the  section: <system.serviceModel>

<diagnostics wmiProviderEnabled="true">

      <messageLogging

           logEntireMessage="true"

           logMalformedMessages="true"

           logMessagesAtServiceLevel="true"

           logMessagesAtTransportLevel="true"

           maxMessagesToLog="3000"

       />

</diagnostics>

2. Perform an IISRestart and test connecting to the Orchestration console to generate the error.

3. Stop the IIS Site and view the resulting log file.

4. Opening the log file using: SvcTraceViewer.exe make it much easier to parse.

You can get it either by installing (a non-express version of) Visual Studio, or by installing the (free) Windows SDKs

(http://www.microsoft.com/downloads/details.aspx?FamilyID=E6E1C3DF-A74F-4207-8586-711EBE331CDC&displaylang=en)

5. Drilling into the XML data for the "Handling an Exception" entry and locating the inner exception we found the following:

System.Data.SqlClient.SqlException: The EXECUTE permission was denied on the object ‘GetSecurityToken’, database ‘<SCO DB Name>’, schema ‘Microsoft.SystemCenter.Orchestrator’.

It appears that in uninstalling/reinstalling the Web Console the needed permissions were not updated in SQL.

6. To address this issue we ran a SQL script that was contained in the following MSI

%localappdata%\Microsoft System Center 2012\Orchestrator\Microsoft.SystemCenter.Orchestrator.ManagementServer.msi"

From the *.SQL located the file:  Microsoft.SystemCenter.Orchestrator.Roles.SQL

Using the text from this file, we created a new query to run  against the Orchestrator database to reapply the permission grant operations.

The key was step 6.  The security evidently didn’t get setup correctly on the update, and needed to be fixed manually.

Failed to power on with error the process cannot access the file

I have been moving some of my Hyper-V installs from 2008 R2 to 2012.  Because of the large number of VHD’s attached to a particular VM, I elected to disconnect the disk from the old host and connect them to the new host, and then do an import.

I did this on a few smaller instances and it worked fine, but on this one I kept getting an error every time I tried to start the VM.  The error was “Failed to power on with error The process cannot access the file…” and the path to one of the many VHDs.

In the end, I removed the antivirus.  I believe what was causing the problem was a time out trying to access all the VHDs and the antivirus was slowing it down too much.

SQL Auto Protection Fails

Using DPM 2012 had an error with SQL Auto Protection.  In the error, it says to run “AutoProtectInstances.ps1”  When I did that, I got this error:

Start-DPMAutoProtection : DPM could not enumerate SQL Server instances using Wi
ndows Management Instrumentation on the protected computer <ComputerName> . (ID: 965)
Please make sure that Windows Management Instrumentation for SQL server is in g
ood state.

A quick search turned up this article talking about protecting SharePoint.  The underlying problem was with the SQL instance that they were using so this fix worked:

http://www.mysharepointadventures.com/2013/01/fixed-dpm-could-not-enumerate-sql-server-instances-using-windows-management-instrumentation/

You do have to run the cmd from an elevated prompt.

Error (415) adding a host to SCVMM 2012 sp1

I kept having errors adding hosts to a VMM server, even though all of the prereqs were met.  

I received the following errors every time I tried to add the hosts:

Error (415)
Agent installation failed copying C:\Program Files\Microsoft System Center 2012\Virtual Machine Manager\agents\I386\3.1.6011.0\msiInstaller.exe to \\<hostname>\ADMIN$\msiInstaller.exe.
The specified network name is no longer available

Recommended Action
1. Ensure <Hostname.FQDN> is online and not blocked by a firewall.
2. Ensure that file and printer sharing is enabled on <Hostname.FQDN> and it not blocked by a firewall.
3. Ensure that there is sufficient free space on the system volume.
4. Verify that the ADMIN$ share on <Hostname.FQDN>exists. If the ADMIN$ share does not exist, reboot <Hostname.FQDN> and then try the operation again.

Warning (10444)
The VMM management server was unable to impersonate the supplied credentials.

Recommended Action
To add a host in a disjointed domain namespace, ensure that the credentials are valid and of a domain account. In addition, the SCVMMService must run as the local system account or a domain account with sufficient privileges to be able to impersonate other users.

This took me much longer than the 5 minutes it should have taken to figure out. 

Basically, we have two links to the remote hosts.  Traffic to that remote site is routed differently depending on the which subnet it is on.  Also, we have a VLAN that is specifically set for switch management.  Once I moved the VMM server to a VLAN that was NOT restricted, the hosts added just fine.

If that isn’t your issue, but you get the Error (415) above, there is a knowledge base article that says you may have to enable the fileserver role first on a 2012 host.

Using SCOJobRunner

We have started using System Center Orchestrator (2012 SP1) to do some automation.  Most of what we have done so far could be done outside of Orchestrator pretty easily.  Having it in Orchestrator makes it easier to keep track of all the automated tasks that we have.  ( A central repository in theory.)

I have had a few different issues so far with the way that Orchestrator works.  It seems there is a common issue of Runbooks not showing up in the web console.  This isn’t hard to correct is seems, but it is annoying that they don’t automatically show up.

The way to get them to show up seems to be to clear the AuthorizationCache:

Hi, by default the orchestrator console refresh every 10 minutes. You could try update your AuthorizationCache, that is done by default every 10 minutes. If you run

TRUNCATE TABLE [Microsoft.SystemCenter.Orchestrator.Internal].AuthorizationCache in the Orchestrator database, do they show up direct then? Make sure you have a DB backup Before you do anything in the database.

http://social.technet.microsoft.com/Forums/sv/scogeneral/thread/3a4f49f1-b282-465c-84aa-e84335c4a7f9

Once they show up in the web console, you can use SCOJobRunner to call the Runbook.  That utility can be found here: http://blogs.technet.com/b/orchestrator/archive/2012/05/15/cool-tool-new-command-line-utility-to-start-a-runbook.aspx

Once you have that, you can use Task Scheduler to call the Runbook with SCOJobRunner.  The one thing that is kind of un-obvious is finding the ID.  There are a couple of ways, but here is a simple one:

An easy trick to getting the runbook ID is to go to the Orchestrator web console and click on the runbook itself in the left hand pane.  Within the URL you will find the runbook ID.

Example: http://server:82/#/RunbooksPage$FolderId=cdafbfdc-363f-49c4-81a0-62a18236a5ce&RunbookId=e46304a1-f900-4665-b0bc-ea0ad6c9f86e&RunbookInstanceId=&TabId=1&Filter

Vaughn

http://social.technet.microsoft.com/Forums/ko/scogeneral/thread/24c13d8c-b6d6-45c5-87c3-a68801a9005b

Which time wasting manager type are you?

I am the “Firefighter”…

http://www.inc.com/jessica-stillman/the-4-types-of-time-wasting-bosses.html?nav=next

Script to fix “unknown” power state in Xen Desktop

 

After an unpretty Hyper-V cluster failover, several machines in our Xen Desktop deployment were showing an “unknown” power state.  After a call to Citrix, they gave my coworker a few commands to use to fix it.

This has to be done from the Xen Desktop controller:

Load the Citrix PSSnapIn:

Add-PSSnapIn Citrix.*

This gets information from VMM about all of the VMs in VMM:

Cd XDHyp:\
Get-ChildItem -recurse | Out-File –Filepath c:\xdhyp.txt

This command gets all of the machines that are PowerState Unknown in Xen Destkop:

Get-BrokerMachine -PowerState Unknown

The problem is that the “Id” from the first command doesn’t match the “HostedMachineId” from the second command.  To fix this, you run this command with the correct domain and machine name from the second command and the  “Id” from the first command:

Set-BrokerMachine -MachineName <MyDomain\MyMachine> -HostedMachineId <Id>

You have a lot of machines where this is a problem, it could take a while to go through and match these up.  To save some time with the 75 or so we had to do, created this script to do it:

#Add-PSSnapIn Citrix.*
#$ErrorActionPreference=Continue

$x = 0
$UnknownList = Get-BrokerMachine -PowerState Unknown
# HostedMachineId          : 51c7f7a2-64bf-481a-86fd-49b9a3fbf993
# MachineName              : Domain\MachineName
foreach ($_ in $UnknownList)
    {
        $UnknownMachine = $_
        Write-Host $_.MachineName
        $UnknownMachineName = $_.MachineName
        #trim the domain to search
        $SearchName = $UnknownMachineName.TrimStart("<domain>\")
        Write-Host "Search Name is $SearchName"
        $Group =  "XDHyp:\Connections\<VMMSERVER>\<Vmmhostgroupname>.hostgroup\<clustername>.cluster"
        $GroupList = Get-ChildItem $VDCB | Where-Object {$_.Name -match $SearchName}
        # Name    : MachineName
        # Id    : 8d9d4e54-d374-406b-b4e3-7dcd2f47e7a9
        foreach ($_ in $GroupList)
            {
                $x ++
                Write-Host $_.Name
                $HostedMachineId = $_.Id
                Write-Host $HostedMachineId
            }
        Write-Host $x
        set-BrokerMachine -MachineName $UnknownMachineName -HostedMachineId $HostedMachineId
    }

Import .msg files into Outlook using Powershell

We have some old email database backup files that we extracted messages from.  The purpose of this was to be able to expire the backups and do away with them, while keeping the messages in our Journal for e-discovery purposes.  There are better ways to do what we did, that the way we did this, but it has been a process of learning, and one of the things I was able to learn is how to import .msg files into Outlook.

You have to have a machine that has Outlook installed.  Outlook 2007 is the version I used. This would work with Outlook 2010, but you will get a popup about allowing scripting access to Outlook.

First, create the connection to Outlook:

$outlook = New-Object -comobject outlook.application
$namespace = $outlook.GetNamespace("MAPI")

Then connect to the folder, such as the Inbox:

$objInbox  = $outlook.Session.GetDefaultFolder(6)

Other examples:

$olAppointmentItem = 1
$olFolderDeletedItems = 3
$olFolderOutbox = 4
$olFolderSentMail = 5
$olFolderInbox = 6
$olFolderCalendar = 9
$olFolderContacts = 10
$olFolderJournal = 11
$olFolderNotes = 12
$olFolderTasks = 13
$olFolderDrafts = 16

$objDraftFolder = $outlook.Session.GetDefaultFolder($olFolderDrafts)
$objDeletedFolder = $outlook.Session.GetDefaultFolder($olFolderDeletedItems)

I like to know how many messages are in the folder before I begin the import:

$colItems = $objDraftFolder.Items  #this gets the items in the folder
$FolderItemCount = $colItems.Count #this counts them
Write-Host $FolderItemCount

Now you have to open the item and then move it to the folder you want to save it in:

$olMailItem = $NameSpace.OpenSharedItem($MailItem)
$olMailItem.Move( $objDraftFolder )   

If you put the above lines in, you will get a lot of data on the screen about the email.  To prevent that while still accomplishing the goal of moving the message to Outlook, simply put [void] in front like this:

[void]$olMailItem.Move( $objDraftFolder )

I am working with around a million files, so this was a rather involved script to create.  Here is the script I used:

 

$olMailItemPath = "F:\Sorted\MoveToOutlook\ByThousands\*"
$AfterTime = "12/21/2007"
$olAppointmentItem = 1
$olFolderDeletedItems = 3
$olFolderOutbox = 4
$olFolderSentMail = 5
$olFolderInbox = 6
$olFolderCalendar = 9
$olFolderContacts = 10
$olFolderJournal = 11
$olFolderNotes = 12
$olFolderTasks = 13
$olFolderDrafts = 16

Write-Host $olMailItemPath
$x=0
$SourceFolders = Get-Item $olMailItemPath
echo $SourceFolders.count
$outlook = New-Object -comobject outlook.application
$namespace = $outlook.GetNamespace("MAPI")

foreach ($_ in $SourceFolders)
    {
    $SourceFolder = $_
    Write-Host "SourceFolder is $SourceFolder"
    $SourceFiles = Get-ChildItem -path $SourceFolder -recurse -include *.msg   
    $SFCount = $SourceFiles.count
    Write-Host "Source File Count is $SFCount"
    $objDraftFolder = $outlook.Session.GetDefaultFolder($olFolderDrafts)
    $objDeletedFolder = $outlook.Session.GetDefaultFolder($olFolderDeletedItems)
    $colItems = $objDraftFolder.Items
    $FolderItemCount = $colItems.Count
    IF ($FolderItemCount -ge 10000)
        {
            Write-Host "Draft Folder Item Count is $FolderItemCount"
            Write-Host "Sleeping…"
            sleep -s 300
        }
    foreach ($_ in $SourceFiles)
        {
        $x ++
#         Write-Host $x
        $MailItem = $_
#         Write-Host "Mail Item is $MailItem"
        $olMailItem = $NameSpace.OpenSharedItem($MailItem)
        $DateRecieved = $olMailItem.ReceivedTime
#         Write-Host "Date Recieved is $DateRecieved"
        If ($DateRecieved -le $AfterTime)
            {
#             Write-Host "Bad Date $DateRecieved"
            [void]$olMailItem.Move( $objDeletedFolder )
            }
        else
            {   
#             Write-Host "Moving $MailItem"   
            [void]$olMailItem.Move( $objDraftFolder )       
            }
#         Write-Host "Removing $MailItem"
        Remove-Item $MailItem
        }
    }

Citrix Worker Groups

Lately, we have been deploying XenApp servers using Citrix Provisioning Services.  This is a great tool, that we have only just started using. 

In our current process, we are creating a group of machines using PVS.  When they come up, the join the farm and by virtue of the AD OU they are in, they become members of a worker group.  We are also creating machines for test purposes that we want to get the same Group Policies, but we don’t want them to be in the worker group by default.  We deploy the production apps to the Worker Groups, but not to individual machines.  If the test machines are part of the Worker Groups, then the apps are also published to the test machines. 

To prevent this, we created a sub OU to put the particular test machines in, so they would get the Group Policies, but not have the apps automatically published to them.  Except that the machines wouldn’t come out of the Worker Group…

Turns out, if the machines joined the farm in the OU that the Worker Group is looking at, they will remain in the worker group.  In order to correct this, you simply remove the offending machines from the farm.  When they come back up and join the farm again, they are no longer part of the worker group.  (As long as the machine accounts aren’t in the target OU.)