21 Nov 2012

Offline USMT excluding Local Accounts in SCCM 2012 & MDT 2012

Local Machine accounts can be excluded from the USMT process by specifying an additional Task Sequence variable and then either explicitely excluding the local account(s) or explicity including the domain accounts. An issue with the offline USMT method is that the machine is unable to determine the domain by it's name and therefore it's necessary to use the Domain's SID based on the fact that each user account within a given domain will have a similar SID apart from the RID which forms the last section of the SID string.

See the Wikipedia explanation

  1. First of all create the necessary TS variable in a new step before the Scanstate operation named OSDMigrateAdditionalCaptureOptions
  2. Give it a value of /ue:* /ui:<Domain SID>*
Multiple instances of /ui can be used to specify additional domains if required.

A domain's SID can be retrieved by using PSGetSID.exe from SysInternals and using the following syntax; psgetsid.exe <Domain Name>

4 Oct 2012

SCCM 2012 Application Catalog - Login Prompt (Multiple Domains)

In a AD Multi Domain environment, I've found that even after following the guidance from Microsoft regarding delegating permissions to the relevant web application folders (found here) I've still encountered prompts for credentials when accessing the web based Application catalogue which is by default http://servername.domain.com/CMApplicationCatalog.

Based on some research and also backed up by Chris Bradford's blog post, it appears that the problem can be caused by the 'Add default Application Catalog website to Internet Explorer trusted sites zone' option in the SCCM Client Settings. I've found it best to set this to 'False' and fallback on our internal namespace being registered via other means in the correct IE Security Zone.

To ensure that the NTLM credentials are passed through when accessing internal namespace addressed resources either add your domain with a wildcard (*.domain.com) or your server name to your IE Intranet Zone. This can be done via manually or by script but certainly appears to produce better results than using the SCCM Client option.

3 Oct 2012

Portal Web Site Control Manager detected PORTALWEB is not responding to HTTP requests. The http status code and text is 401, Unauthorized.

I've found the message "Portal Web Site Control Manager detected PORTALWEB is not responding to HTTP requests.  The http status code and text is 401, Unauthorized." in the logs of the server which hosts our SCCM 2012 Application Catalog, when diagnosing the issues with the 'SCCM Software Center' failing to display available software showing a message of "Loading Software Center returned error code 0x80041001(-2147217407)". Also when browsing to the Application Catalog it displays a "Server Error in '/' Application" error. Googling the issue, it appears to be widespread with SCCM 2012 and related to WCF Activation.

The resolution can be found in the following MS KB - http://support.microsoft.com/kb/2015129

I would also recommend testing any Application Catalog related issues experienced on a client by accessing the Catalog via other clients. I have found clients can be at fault more times than the server.

16 Aug 2012

Quick and Dirty .NSF Audit Script

In order to better understand our mail environment we wanted to ascertain approximately how much email was being held locally on our workstations in the form of local archives. I therefore wrote the script below in VBScript to be ran as a Computer Startup Script via Group Policy. The script performs a WMI query and then hands the result over to a Stored Proc in a SQL Server DB.

 Option Explicit  
 On Error Resume Next  
 Dim strDBServerName, strDBName, strDBUser, strDBPass, strConnString, strComputerName, strNSFSize, strLine, strNSFMarkerPath  
 Dim wshNetwork, cmdObj, recObj, sysinfo, objFSO, objFileMarker, colFiles, objWMIService, objFileNSF  
 Set objFSO = CreateObject("Scripting.FileSystemObject")  
 strNSFMarkerPath = "C:\NSFSurvey.txt"  
 If NOT objFSO.FileExists(strNSFMarkerPath) Then  
      Set wshNetwork = WScript.CreateObject( "WScript.Network" )  
      Set sysInfo  = CreateObject("ADSystemInfo")  
      strComputerName = wshNetwork.ComputerName & "." & sysInfo.DomainDNSName  
      strDBServerName = ""  
      strDBName = "NSFSize"  
      strDBUser = ""  
      strDBPass = ""  
      strConnString = "driver=sql server;server=" & strDBServerName & ";database=" & strDBName & ";uid=" & strDBUser & ";pwd=" & strDBPass  
      Set cmdObj=createobject("adodb.command")  
      Set recObj=createobject("adodb.recordset")  
      Set objWMIService = GetObject("winmgmts:\\" & wshNetwork.ComputerName & "\root\cimv2")  
      Set colFiles = objWMIService.ExecQuery _  
   ("Select * from CIM_DataFile Where Extension = 'nsf' AND (Drive = 'C:')")  
      If colFiles.Count = 0 Then  
           Set objFileMarker = objFSO.CreateTextFile(strNSFMarkerPath)  
      End If  
      For Each objFileNSF in colFiles  
           strNSFSize = CLng(strNSFSize) + objFileNSF.FileSize  
      'Wscript.Echo strNSFSize  
      With cmdObj  
           .parameters(1).value = strComputerName  
           .parameters(2).value = strNSFSize  
      End with  
      Set objFileMarker = objFSO.CreateTextFile(strNSFMarkerPath)  
 End If  

The TSQL for the table is below;

 CREATE TABLE [dbo].[NSFSizes](  
      [Timestamp] [datetime] NULL,  
      [computerFQDN] [varchar](55) NOT NULL,  
      [NSFSize] [bigint] NOT NULL  

And also the Stored Proc

      @strComputerName varchar(55),  
      @strNSFSize bigint  
 INSERT INTO dbo.NSFSizes (Timestamp, computerFQDN, NSFSize) VALUES (GETDATE(),@strComputerName, @strNSFSize)  

Configuring IBM IMM from Windows (Remotely)

I had a server shipped to a remote site today and had forgotten to preconfigure the network settings for the IBM IMM. Luckily this can be configured from the machine from within Windows.

To do this, first of all download the Advanced Settings Utility for appropriate operating system, in this case Windows Server 2008 R2, so I selected the x64 version from the IBM site.

Download and extract the utility and then run it from  a command prompt. I required just the IP Address, Subnet Mask and Default Gateway address changing to static values. This will also disabled DHCP on the IMM interface and then reboot the IMM to apply the new address.

asu64.exe set imm.hostipaddress1

asu64.exe set imm.hostipsubnet1

asu64.exe set imm.gatewayipaddress1

asu64.exe set imm.dhcp1disabled

asu64.exe set imm.reboot

1 Jun 2012

IBM Hardware Warranty Lookup

The URL for the IBM Hardware Warranty lookup site is here

15 May 2012

Exchange 2010 Management Console connecting to a decommisioned server

You may find that the Exchange Management Console still attempts to connect to a previous Exchange 2010 server when opening, this can be resolved by navigating to the "HKCU\SOFTWARE\Microsoft\ExchangeServer\v14\AdminTools" registry key and deleting the NodeStructureSettings value.

Once deleted start the Exchange Management Console and it should automatically detect the On-Premises organisation and this time connect to a live server.

16 Apr 2012

HP MPIO & DSM Install

For those servers that show the yellow question marks in Device Manager labelled as "HSV300 SCSI Array Device"

The  HP MPIO & DSM Install can be found here

28 Mar 2012

Updating IBM System x Server Firmware

Being used to primarily dealing HP hardware, I was at a loss to how to go about updating the firmware on IBM System x  (x86) servers. It's straight forward with a bit of googling..

One approach is to download the appropriate firmware using IBMs 'UpdateXpress' to a local repository and then use the 'Bootable Media Creator' to either create CD, USB or PXE boot media.

UpdateXpress can be found http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=SERV-XPRESS

BoMC - http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=TOOL-BOMC

21 Mar 2012

The Accidental DBA Survival Kit - Part 1

I occasionally get drawn into some DBA related tasks, so yes I'm an "Accidental DBA" and I've decided to start compiling the snippets of code that I often have to use.

How to get a quick overview of a database

USE Database Name
EXEC sp_helpfile

Getting out of a Transaction Log 'Bear Trap'  

The following T-SQL can be used if you have exhausted your Transaction Log disk space and you have no other way either granting additional space. ***Warning this will break the transaction log chain***
USE DatabaseName
DBCC SHRINKFILE(TransactionLogName, 1)
DBCC SHRINKFILE(TransactionLogName, 1)

Update 1:

View all Databases on a SQL Server

EXEC sp_databases
View all Databases and some brief information
 EXEC sp_helpdb

9 Mar 2012

Lessons learnt while P2Ving Servers

I'm in the process of P2Ving some legacy servers to reduce rack space and thought I'd document the issues/errors/recommendations that I've encountered while doing it.

Recommendation: Document at least the following details before performing a cold clone of a physical server;
  1. Local Admin password (Reset if required)
  2. Current NIC Speed/Duplex
  3. IP Address, Subnet Mask & Default Gateway
  4. All drive space usage, add ~50% when resizing for the VM
  5. Disable the connect to network so that the VM doesn't knock the physical server off when it comes up initially
Recommendation: Try and use a Gigabit network connection for the source server that you're converting, it'll save a lot of time.

Recommendation: I've found that I can monitor the Host's network usage in vCenter to give an indication of the status of the conversion. If there's network activity above the normal trends then the server is receiving information from the P2V process.

Issue: Stuck at 2% progress with the log displaying "Formatting target volume c:..."

Resolution: Change Speed and Duplex of the NIC to 'Auto' if not already configured that way or if at 'Auto' change to a compatible speed.

23 Feb 2012

Firewall rule for IIS 7.5 on Server 2008 R2

I've been attempting to install and configure FTP on IIS 7.5 today and had an issue which I believed to be related to the Windows Firewall on the server, while the FTP service appears to be in the list of allowed applications which can pass through the Windows Firewall, a remote FTP connection would still not work.

I found an interesting article advising to add svchost to the allowed applications, which then led me to this article

To get "insecure" FTP working, I ran the following from an elevated command prompt on the server and sure enough it work :o)
netsh advfirewall firewall add rule name="FTP (non-SSL)" action=allow protocol=TCP dir=in localport=21

IIS 7/7.5 Best Practices and Inetpub Relocation

When building Server 2003 web servers, I used the unattended install method to relocate IIS 6 to a drive other than the C: drive, with Server 2008, this isn't possible but the inetpub can be relocated post install.

A list of IIS 7/7.5 best practices compiled by Vivek Kumbhar can be found here and a move script for the relocation of the IIS inetpub can be found at Thomas Deml's blog.

N.B. The syntax for the moveiis7root.bat script is
moveiis7root.bat driveletter