Ron's profileRon Williams IT BlogPhotosBlogLists Tools Help

Ron Williams IT Blog

Writeups related to Microsoft infrastructure technologies

Ron Williams

Occupation
Location
I am a Senior Consultant with Catapult Systems in Dallas. My specialty is Microsoft infrastructure technologies, specifically related to messaging, management, and security. I have over twelve years experience in the industry and 10 technical certifications including MCSE+Security, MCSA, MCDBA, MCTS-OpsMgr, A+, Network+, and Security+.
April 23

Sending a Parameter or Argument to Get-Alert as a Criteria

I was having issues sending an arguemnt into a get-alert using "criteria" .  The issue was due to all of the single (or strong) quotes in the criteria statement.
 
When i add an argument, it stopped working:
(passing script an argument, still all single quotes)
get-alert -criteria 'Id = ''$args'''
 

Scott Moss on powershellcommunity.org sent me a working example!  Thanks for your help
Here is what I am using:

get-alert -criteria "Id = '$($args)'"
 
thanks Scott!
 
April 08

High Health Service Handle Count on RMS

If you experience a high handle count on a RMS,  apply the steps in http://support.microsoft.com/kb/938626/en-us   and apply KB951979.

If you still experience the problem, create an override to up to 50,000 handles, or create a recovery action to restart the health service.

Microsoft is aware and working on fix.

To measure health service handle count, open perfmon, and add the counter for Process>Handle Count>HealthService.exe

clip_image002

Batch Script to Force Windows Update Downloads

I recently had an issue where a client needed to quickly download and install all windows updates.  They originally had all clients pointed to a non-existent SUS server, so most of their servers and workstations were out of date.

We removed the line from the GPO that pointed the clients to the nonexistent SUS server, meaning that the agents will look on the internet for updates; however, they still didn’t get the updates.

Windows Update logs are located here:  %systemdrive%\windows\SoftwareDistribution

When I opened the log file, I saw several errors that looked like this: Windows Update Client failed to detect with error 0x80072efd.

There errors are due to the fact that windows update uses WINhttp, and the client had a proxy server configured, but did not have a proxy server set using proxcfg.

You can check to see if a proxy server is configured for WINhttp by typing proxycfg at the command prompt.

I wrote a batch script to run on all agents that updates the proxy for WINhttp, stops the windows update service, removes the registry keys that indicate when windows update last ran, restarts the service, then forces an update download.

Here is the script, save as a .bat file, and run at will!:

@echo off
REM ======================================================================
REM
REM Batch File
REM
REM NAME: Force Auto Updates Download
REM
REM AUTHOR: Ron Williams ,
REM DATE  : 4/8/2009
REM COMMENT  : Replace [proxyserverIP]:[proxyserverPort] with the ip and port of
REM              your proxy server in the format 192.168.1.2:8080  (no brackets)
REM ======================================================================

proxycfg -p [proxyserverIP]:[proxyserverPort]
net stop wuauserv
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v LastWaitTimeout /f
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v DetectionStartTime /f
Reg Delete "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v NextDetectionTime /f
net start wuauserv
wuauclt /detectnow

January 21

Installing Additional OpsMgr Component Fails After Applying Hotfixes

Environment Details: OpsMgr SP1 on Server 2008 Std 64-bit with the following OpsMgr hotfixes applied: KB951256, KB954049, and 954903.  These KB’s are request only, and cant be uninstalled using Programs and Features like a normal OS hotfix.

I had a MonitoringHost.exe application hang error on the RMS which was causing console crashes, high CPU usage, WerFault.exe high CPU usage, and general system instability.  I determined the error might be related to the installation of .NET 1.1 which was installed on the RMS and has known compatibility issues with Server 2008.
Here is the Application Hang error i was getting:
Log Name:      Application
Source:        Application Error
Date:          1/21/2009 9:21:41 AM
Event ID:      1000
Task Category: (100)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      RMS
Description:
Faulting application MonitoringHost.exe, version 6.0.6278.0, time stamp 0x47b71488, faulting module HealthServiceRuntime.dll, version 6.0.6278.0, time stamp 0x47b71484, exception code 0x40000015, fault offset 0x0000000000004321, process id 0xf24, application start time 0x01c97bdb36ec44ea.

My Original Plan For Troubleshooting:

  1. Uninstall OpsMgr Console/Command Shell/Web Console (all of the .NET dependent components) using the Programs and Features control panel
  2. Uninstall .NET 1.1 using Programs and Features control panel (NEVER TO BE INSTALLED AGAIN)
  3. Remove the .NET 3.0 Feature using REMOVE FEATURE
  4. Reboot
  5. Reinstall only the .NET 3.0 feature using ADD FEATURE
  6. Reinstall the OpsMgr Console/Command Shell/Web Console

So I uninstalled .NET 1.1, the OpsMgr console, command shell, and web console.  Then removed the .NET 3.0 feature, rebooted, and added the .NET 3.0 feature.

Then to reinstall the OpsMgr components, I double clicked the mom.msi from the OpsMgrSP1 media, chose Console, Shell, and Web Console and hit OK.  The got a huge glaring error that the installation failed because “The file F_Microsoft.MOM.UI.Console.exe.E6A9F744_14F8_46BE_9DA9_B6BAB981D36E cannot be installed because the file cannot be found in cabinet file Data.Cab.

The following event was logged in the application log:

Log Name:      Application
Source:        MsiInstaller
Date:          1/21/2009 2:44:32 PM
Event ID:      11334
Task Category: None
Level:         Error
Keywords:      Classic
User:          FS\catapult
Computer:      RMS
Description:
Product: System Center Operations Manager 2007 -- Error 1334.The file F_Microsoft.MOM.UI.Console.exe.E6A9F744_14F8_46BE_9DA9_B6BAB981D36E cannot be installed because the file cannot be found in cabinet file Data.Cab. This could indicate a network error, an error reading from the CD-ROM, or a problem with this package.

The components would not reinstall, because the product version was different due to the hotfixes that were installed.  We figured out a way to trick the installer into thinking that this was a base SP1 install by deleting contents the following registry key, after backing up the registry key

HKEY_CLASSES_ROOT\Installer\Products\DF6E5EFF035E66C49971553D96AA0E4D\Patches\
(The long number starting with DF6E5 in the path would be different on another system).  I identified the right key location, because under the long number key name,  there is a value “ProductName” which is equal to “System Center Operations Manager”. 

I copied the current value of the “Patches” value to notepad then deleted the data in the value (E525AFA…), leaving the REG_MULTI_SZ value, but just emptying it.
image

After clearing this value, I was able to reinstall the console, command shell, and web console.

Then I restored the key’s original value, and have not seen any more application hang errors.

WHEW!!!

January 15

Disabling POP3 and IMAP Monitoring for Exchange 2007

The best way to disable POP3 and IMAP monitoring in OpsMgr, is to disable the following monitors using overrides:

  1. IMAPConnectivity
  2. POPConnectivity

These are the only two monitors that you need to disable.

I accidentally disabled the Aggregate Rollup Monitor, instead of the actual monitor, which was causing me to continually get an unhealthy state on the rollup monitor, even though all the children monitors are healthy:


 image

Here is the procedure for properly disabling POP3 and IMAP Monitoring in Operations Manager 2007

  1. Open the OpsMgr console and navigate to Authoring>Management Pack Objects>Monitors
  2. Click on Change Scope, and choose “Ex. Client Access”
  3. Type “POPConnectivity” in the find box
  4. Find the monitor labeled “POPConnectivity” which is located under MOM 2005  Computer Role Health>POP Connectivity>POPConnectivity
  5. Make sure you choose the individual state monitor, NOT the aggregate rollup monitor.  The individual monitor is located under the aggregate rollup monitor
  6. Right click on the individual state monitor labeled POPConnectivity and choose Overrides>Override the Monitor>For All Objects of type: Ex. Client Access
  7. Set the Enabled parameter to FALSE
  8. Choose a custom management pack for your override and click save
  9. Do the same steps for the monitor labeled IMAPConnectivity
January 12

Rollup Monitors Showing an Incorrect State

I had a persistent problem on one of my OpsMgr managed agents, who had an incorrect state rollup.  In other words, the parent monitor showed a warning state, even though all child monitors we in a healthy state.

I tried the accepted procedure of putting the health service and health service watcher in maintenance mode, waiting for the agent to show NOT MONITORED, then stopping maintenance mode, but this didnt work.

I resolved the issue by restarting the OpsMgr health service on the agent WHILE it was in maintenance mode, and the issue resolved.

image

Avoiding Spam on Internet Email Sent to a Blackberry

I had email forwarding to my Blackberry from three sources:  My corporate email using a BES, and two online accounts hosted at yahoo and mail.com. 

I was getting an excess of 50 v!4gra and pr0mn spam messages on my blackberry per day, and it was getting really annoying.

I mean, in a perfect world, all email servers would be Exchange, and all would be protected by Forefront for Exchange, and all mobile devices would be windows mobile 6.1… But, at times, we must exist in conditions other than ideal :-)

In a previous position, I worked with Postini, which was acquired by Google about 2 years ago.  I remember that it was a really accurate scanning engine, and that it cut out most of my spam, and had very few false positives.

With that in mind, I signed up for a new Gmail account, forwarded my other two internet email addresses to Gmail, then enrolled the Gmail account on my blackberry.  I deleted email forwarding for the two original accounts.

It has been one week now, and i have only gotten 2 spam messages sent to my blackberry.  So thanks Google!

Maybe someday we can convince Google to use Exchange, but now I'm only dreaming….

November 18

Another Way to Block Context Sensitive Adds on Web Pages

My friend, Joe Stocker, the illustrious Director of IT at Catapult Systems, pointed out another way of blocking contextual ads.  I think it's a super cool idea:

From Joe:

Another way to do this is to download a copy of this hosts file which changes most ad companies to 127.0.0.1 (so your computer doesn’t route to their content). Ingenious, eh?

I got this from this MVP site:
http://www.mvps.org/winhelp2002/hosts.htm

November 16

Blocking Context Sensitive Adds on Web Pages

I get really annoyed when I’m reading an article on a web site (thank you msnbc) and a contextually sensitive add pops up.  I use my mouse cursor to keep my place when I am reading an article, so it the ads really get in my way.

You can block them in IE7 by going to Tools>Intenet Options>Security> click on Restricted Sites then Sites.  Add the following two sites to Restricted Sites:

1. *.intellitxt.com

2. *.vibrantmedia.com

clip_image002

So you will never see one of these again!

clip_image004

November 08

Requesting Certificates for Monitoring in OpsMgr

Here is a REALLY cool tool that will automate requesting certs for the purpose of monitoring non-domain objects with OpsMgr.  I just found this blog, and I LOVE IT.  http://blogs.technet.com/momteam/archive/2008/08/22/obtaining-certificates-for-non-domain-joined-agents-made-easy.aspx
October 10

VBScript to Create Mail Enabled Users with Populated Mailboxes

Here is a vbscript that I wrote that will create a specified number of Exchange 2003 mail enabled TestUsers with populated mailboxes.   It really helps when creating (and recreating) lab users to test Active Directory and Exchange migrations in a Proof Of Concept (POC).  It should be run from an Exchange 2003 box in a non-production environment. 
 
Here is what it does:
1.       Creates Root level OU called TestOU
2.       Creates a specified number of users in that OU
3.       Creates mailboxes for all those users (mailbox enabled users)
4.       Waits 60 seconds
5.       Fills each mailbox with a specified number of emails using SMTP
 
Here is the syntax:
cscript scriptname.vbs (Number of Users) (SMTP Namespace specified in Recipient Policies) (Number of Emails to Create) (Name of the mailbox store) (Active Directory Domain Name)
For example, to create 50 users with 10 emails in each mailbox, here is the command:
cscript CreateRecipients.vbs 50 "domain.com" 10 "Mailbox Store (EX2003)" "domain.local"
 
 
'This script creates an OU called TestOU in the root of the domain.
'Then it creates the specified number of mailbox enabled users which are not disabled
'All users have the same password
'Then it populates their inboxes with the specified number of emails.
'Always enclose arguments with spaces in quotes,
'Seperate the arguments with a space
'Should be run on the exchange 2003 server in a lab environment.
'For help, email ron dot williams at mail dot com
'Arguments= (number of test mailboxes)(domain name)(number of test emails to create)(name of mailbox store) (Active Directory Domain Name)
'an example of the command used to run this script to create 50 users with 10 emails in each mailbox is:
'cscript CreateRecipients.vbs 50 "domain.com" 10 "Mailbox Store (EX2003)" "domain.local"
 
'Argument1 = oArgs.Item(0) = number of test users to create
'Argument2 = oArgs.Item(1) = SMTP namespace domain name of the recipients ie "domain.com" is the domain name for TestUser1@domain.com
'Argument3 = oArgs.Item(2) = number of test emails to create
'Argument4 = oArgs.Item(3) = home MDBname, for example "Mailbox Store (EX2003)" this can be found in exchange System Manager next to the mailbox database
'Argument5 = oArgs.Item(4) = Active Directory Domain Name domain name of active directory "domain.local" This may or may not be the same as the SMTP namespace.
 
 
Set
oArgs=WScript.Arguments
If
oArgs.Count < 5 Then 'if the script is run with less than 5 arguments, it errors out.
Set objShell = Wscript.CreateObject("Wscript.Shell")
objShell.LogEvent EVENT_TYPE_ERROR, _
"Script was run with an incorrect number of arguments."
wscript.echo
"Script was run with an incorrect number of arguments."
WScript.Quit -1
End
If
 
 
'get the domain DN from the oArgs.Item(4)argument
DomainDN =
"dc=" & Replace(oArgs.Item(4),".",",dc=")
'Create the OU "TestOU" to house the user objects
'on Error Resume Next
Set
objDomain = GetObject("LDAP://" & DomainDN)
Set
objOU = objDomain.Create("organizationalUnit", "ou=TestOU")
objOU.SetInfo
 
'Create Users
On
Error Resume Next
For
CountUsers = 1 to oArgs.Item(0)
EmailName =
"Test_User" & CountUsers ' this will be the user principle name TestUser1 TestUser2 etc
FirstName =
"Test_"
LastName =
"User" & CountUsers
 
' Bind to Active Directory, TestOU container.
Set objRootLDAP = GetObject("LDAP://rootDSE")
Set objContainer = GetObject("LDAP://OU=TestOU," & _
objRootLDAP.Get(
"defaultNamingContext"))
' Create the actual User.
Set objNewUser = objContainer.Create("User", "cn=" & emailname)
objNewUser.Put
"sAMAccountName", EMailName
objNewUser.Put
"sn", LastName
objNewUser.Put
"givenName", FirstName
objNewUser.Put
"userPrincipalName", emailname
objNewUser.SetInfo
objNewUser.SetPassword
"Password1"
objNewUser.AccountDisabled =
False
objNewUser.SetInfo
Next
 
wscript.echo
"Created " & oArgs.Item(0) & " users."
 
'The next section creates Mailboxes for all users in TestOU
'from http://telnetport25.wordpress.com/2007/10/05/creating-mailboxes-for-user-accounts-that-already-exist-exchange-2003/
strOU =
"OU=TestOU"
strStore = oArgs.Item(3)
Set NC = GetObject("LDAP://RootDSE")
Set oIADS = GetObject("LDAP://RootDSE")
strConfContext = NC.Get(
"defaultnamingcontext")
strADSPath =
"LDAP://" & strOU & "," & oIADS.Get("defaultNamingContext")
Set objCommand = CreateObject("ADODB.Command")
Set objConn = CreateObject("ADODB.Connection")
objConn.Open
"Provider=ADsDSOObject;"
Set objCommand.ActiveConnection = objConn
objCommand.CommandText =
"SELECT distinguishedName FROM "+"'"+strADsPath+"'"+" WHERE objectClass = 'user'"
objCommand.Properties(
"searchscope") = 2
objCommand.Properties(
"Page Size") = 1000
Set objRecordSet = objCommand.Execute
While Not objRecordSet.EOF
Set oIADSUser = GetObject("LDAP://" & objRecordSet.Fields("distinguishedName"))
Set oMailBox = oIADSUser
oMailbox.CreateMailbox FindAnyMDB(
"CN=Configuration," & strConfContext)
oIADSUser.SetInfo
objRecordSet.MoveNext
Wend
 
 
Function FindAnyMDB(strConfigurationNC)
Dim oConnection
Dim oCommand
Dim oRecordSet
Dim strQuery
Set oConnection = CreateObject("ADODB.Connection")
set oCommand = CreateObject("ADODB.Command")
Set oRecordSet = CreateObject("ADODB.Recordset")
oConnection.Provider =
"ADsDSOObject"
oConnection.Open
"ADs Provider"
 
strQuery =
"<LDAP://" & strConfigurationNC & ">;(Name=" & strStore & ");name,adspath;subtree"
oCommand.ActiveConnection = oConnection
oCommand.CommandText = strQuery
Set oRecordSet = oCommand.Execute
If Not oRecordSet.EOF Then
oRecordSet.MoveFirst
FindAnyMDB =
CStr(oRecordSet.Fields("ADsPath").Value)
Else
FindAnyMDB =
""
End If
oRecordSet.Close
oConnection.Close
Set oRecordSet = Nothing
Set oCommand = Nothing
Set oConnection = Nothing
End Function
wscript.echo
"Mailbox enabled " & oArgs.Item(0) & " users."
 
'wait 60 seconds
cscript.echo
"Waiting for 60 seconds...."
Wscript.Sleep 60000
wscript.echo
"Sending " & oArgs.Item(1) & " emails..."
 
'Use SMTP to create mass emails to activate and populate the email boxes
For
CountMailboxes = 1 To oArgs.Item(0)
varDestUser =
"Test_User" & CountMailboxes &"@" & oArgs.Item(1)
For CountEmails = 1 To oArgs.Item(2)
set objEmail = CreateObject("CDO.Message")
objEmail.From =
"TestSender@MassEmailScript.com"
objEmail.To = varDestUser
objEmail.Subject =
"Testing Email Number " & CountEmails
objEmail.Textbody =
"Testing Email message body number " & CountEmails
objEmail.Send
Next
Next
 
wscript.echo
"Done! Check Active Directory Users and Computers to verify " _
&
"the existence of the TestOU and the Test_Users. Use Exchange System Manager " _
&
"to verify that mailboxes were created and populated."
 
'Clear Arguments out of memory
set
oArgs=Nothing

October 09

Blog Comment Spam

I am getting a TON of comment spam from people with World of Warcraft gold and people selling old LCD's.  I get notified of new comments on the windows live spaces home page, but there isnt a link to delete the comments from there (come on MS, catch up to MySpace...  kidding, kidding).
 
There is a link on the MOBILE version of live spaces that will allows you to delete each comment.  You can only do one commment at a time, and you have to verify that you want to delete each one, but it's less clicks than using the full interface.
 
1.  Browse to YourSpaceNameHere.MOBILE.spaces.live.com
2.  Click Delete this Comment under the comment you want to delete.
3.  Verify the deletion
4.  Done!
 
I am eagerly awaiting the following features in Live Spaces:
1.  The ability to delete comments in bulk and from a central place
2.  Comment Verification using Captcha verification, to avoid BOT comments
3.  Limiting the number of comments per time period
4.  Email and or Live Messenger alerts when new comments are added
5.  The ability to approve comments before they are added to your space
6.  The ability to reply to each comment without having to add a new comment.
October 05

AirTunes Stop Working After Upgrade to iTunes 8.0

After upgrading to iTunes 8, my music streaming from iTunes to my stereo stopped working. I was getting the following error:

"An error occurred while connecting to the remote speaker 'speaker_name'. An unknown error occurred (-3256)."

image

I was running the latest firmware (6.3) on my Airport Express, and running iTunes 8.0 on Windows Vista SP1.  I tried reinstalling iTunes, AirPort Admin Utiliity, turning off AirTunes on the AirPort Admin utility, then turning it back on, but I was still getting the same error.

Finally I found info about the error in the Apple forums here: http://discussions.apple.com/thread.jspa?messageID=8225777 Upon investigation, it looked like that windows firewall was blocking the ports I needed.  But I knew my Windows Firewall Service was disabled (I know, I know, bad me...)

I tried to start the windows firewall service, and it failed with the following error in the System Event Log:

The Windows Firewall service terminated with service-specific error 5 (0x5).

UGH.  Found the following MS article: http://support.microsoft.com/kb/943996  Fixed the registry keys as required and got my firewall service started, and AirTunes worked!

I discovered iTunes 8.0 will not connect to remote speakers (at least on Windows Vista) if the Windows Firewall service is disabled or stopped.  I verified this by disabling the service again, and AirTunes stopped working.  Once I started the service, I was able to stream music.  yay

August 29

Hyper-V Virtual Machines wont start with Errors 17040 and 15500

Synopsis:

We have a Hyper-V Host server running Server 2008 Datacenter with Hyper-V RTM.  On this host we have several guest machines:

1.       Domain Controller

2.       DPM

3.       VMM

4.       Etc

 

The host OS had a VMM agent which happened to be managed by Virtual Machine Manager which was running on guest OS #3.  In other words, the guest was managing the host.

 

After installing some windows updates and rebooting the host OS, none of the VM’s would boot, with a dialog box saying that the machines were "unable to start."  Clicking on details would show "ServerName failed to start worker process: The extended attributes are inconsistent. (0x800700FF)."

 

The following errors showed in the event log:

 

Log Name:      Microsoft-Windows-Hyper-V-VMMS-Admin

Source:        Microsoft-Windows-Hyper-V-VMMS

Date:          8/29/2008 1:04:57 PM

Event ID:      15500

Task Category: None

Level:         Error

Keywords:     

User:          SYSTEM

Computer:      Hyper-V Servername 

Description:

'CATDEMO-DC' failed to start worker process: The extended attributes are inconsistent. (0x800700FF). (Virtual machine ID C6A6A456-C58A-45BE-93D4-A94081481267)

 

 

Log Name:      Microsoft-Windows-Hyper-V-Worker-Admin

Source:        Microsoft-Windows-Hyper-V-Worker

Date:          8/29/2008 1:07:06 PM

Event ID:      17040

Task Category: None

Level:         Error

Keywords:     

User:          NETWORK SERVICE

Computer:      Hyper-V Servername

Description:

The authorization store could not be initialized from storage location 'msxml://C:\ProgramData\Microsoft\Virtual Machine Manager\HyperVAuthStore.xml'. Error: General access denied error (0x80070005).

 

 

Resolution:

1.       Back up the C:\ProgramData\Microsoft\Virtual Machine Manager\HyperVAuthStore.xml file by copying it to the desktop

2.       Change security on C:\ProgramData\Microsoft\Virtual Machine Manager\HyperVAuthStore.xml, give “EVERYONE” read access to the file.

3.       Start your virtual machines.

 

The recommended resolution is to reinstall the VMM agent from the VMM server, but this wasn’t possible since the VMM server was a virtual that wouldn’t start.  This is a known error with VMM

 

Related Articles:

http://forums.technet.microsoft.com/en-US/winserverhyperv/thread/d6103439-93cf-4a92-baed-7c042fbe4cd9/

http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=3469073&SiteID=17

http://www.expta.com/2008/06/vmm-2008-managed-hyper-v-s-wont-start.html

August 22

Enable Agent Proxying using a GUI Tool in Operations Manager 2007

I know all my fellow OpsMgr peeps are saying they have known about this tool for a while, but I just started using it to enable proxying on a group of agents.  I scoffed at it before, because I prided myself in being able to use command line tools.  But this tool is just too helpful to ignore!

Download it here

image

from http://blogs.msdn.com/boris_yanushpolsky/archive/2007/08/02/enabling-proxying-for-agents.aspx

August 20

Installing ADSIedit on Server 2008

I searched the internets high and low to find out how to add ADSIedit to a Server 2008 member server.  In previous versions of Windows, you installed ADSIedit and the other Windows Support Tools from the server installation media.  One of the main benefits of Server 2008 is that you should never have to insert the installation media again after the initial install.  No more being asked to insert the Windows 2003 SP2 CD (did this CD ever really exist?? I didn't think so...)

The Windows Support Tools are now included in the RSAT (Remote Server Administration Tools) and can be installed as features in Server 2008. 

ADSIedit is part of the Active Directory Domain Controller Tools feature, and can be added by following these steps:

  1. In Server Manager, click on Features, then Add Features in the right pane
  2. Expand Remote Server Administration Tools>Role Administration Tools>Active Directory Domain Services Tools
  3. Put a check next to Active Directory Domain Controller Tools
  4. Click Next, then Install

Cameron Fuller let me know that these tools are also installed when you add the Active Directory Role to a server.

image

Installing SQL Reporting Services on Server 2008

I installed SQL 2005 Std 64-bit Reporting Services using a default configuration on a clean install of Server 2008.  I followed all the steps in Microsoft’s KB http://support.microsoft.com/kb/938245 entitled “How to install and how to configure SQL Server 2005 Reporting Services on a computer that is running Windows Server 2008” but was still getting an error when browsing to http://localhost/reports or http://servername/reports :

“Error.  Unable to connect to the remote server”

Here is how I fixed it:

  1. In IIS 7 Manager, highlight the ReportServer application
  2. In right pane click on Handler Mappings
  3. Click Edit Feature Permissions in the Actions Pane
  4. Enable Script and Execute.
  5. Click OK
  6. Restart IIS and SQL Reporting Services service

I found the solution here:

http://blog.dastrup.com/?p=48

clip_image001

August 06

How to Enable Proxy on all Agents

ProxyCFG for Operations Manager is a really cool to to allow you to enable agent proxy on a group of Agents.  Agent proxy is needed for certain discovery tasks.  For example, for clusters, or for the Active Directory Management Pack...
 
 
if you wanted to enable proxy on all computers (which is not a best practice, but can help in troubleshooting MP's), use the following command:
ProxyCFG.exe -GroupProxyOn "All Computers"
August 05

ReSearchThis! Management Pack for Operations Manager 2007

This is one of my favorite add on management packs.  It adds Tasks that allow an OpsMgr user to highlight an alert and submit a search to the SystemCenterForum knowledge base for answers, as well as share their own solutions with the community. 
 
It's like adding a whole new knowlege base of community knowledge for alerts in OpsMgr.
 

Alert Forward Management Pack 3.0 for OpsMgr 2007 SP1

Here is a link to download the latest version of my Alert Forward management pack for Operations Manager 2007 SP1:
 
It allows you to select any alert in an alert view in the console, and forward that alert to an email recipient.  It checks to see if Outlook is installed, and if so, allows you to send the email using Outlook (through CDO).  Otherwise, it uses an SMTP server to relay the email.
 
The slickest part of the management pack (if i do say so myself, thank you very much) is the setup.exe installer that I wrote in VB.NET using the OpsMgr SDK.  Here are the tasks it performs:
  1. It prompts the user for the SMTP server address, for the name of the RMS, and for the sender's email address. 
  2. It creates a shared folder on the RMS for the script and MP xml to reside
  3. It copies the script and the xml file to the shared folder
  4. It replaces text in the script with the SMTP servername and with the sender address
  5. Replaces text in the xml file with the RMS servername
  6. Imports the script into OpsMgr (using supercool OpsMgr SDK)

Here are the alert parameters that are sent in the email:

 

  <Parameter>"$MonitoringObjectName$"</Parameter>
  <Parameter>"$Name$"</Parameter>
  <Parameter>"$Description$"</Parameter>
  <Parameter>"$TimeRaised$"</Parameter>
  <Parameter>"$Severity$"</Parameter>

Let me know if you have any questions about it. 

RON DOT WILLIAMS AT MAIL DOT COM

July 31

VMbus Failure in 32-bit Server 2008 VHD

I recently decided installed Server 2008 with Hyper-V on my laptop and migrated all my virtual PC machines. 

If you use a Server 2008 32-bit vhd created in Virtual PC, you may not be able to install and use Hyper-V integration services.  The mouse service will not perform correctly and your network devices will not show up.  The VMbus will show a warning yellow icon in device manager and will say that there aren’t enough IRQ’s to load the bus.

In MSCONFIG, I changed the advanced boot options to check HAL when loading boot.ini and it fixed the problem.

Monitoring Multiple Domains with Operations Manager 2007

I just realized, after much pre-deployment fretting, that it is very simple to assign multiple action accounts to the Active Directory Management pack.  Domain controllers in different domains need different action accounts for Active Directory monitoring to work.

Here is how you do it:

1. Go to OpsMgr console>Administration>Security>Run As Accounts.

2. Create an new action account for each of the domains that you will be monitoring.  Use “windows” as the type, and be careful typing the password, they are not validated in this field.

3. Go to Administration>Security>Run As Profiles and double click AD MP Account.  Click on the Run As Accounts Tab

4. Associate the account to each domain controller by clicking on New…  You must manually select each domain controller and choose an account on a by-machine basis.

clip_image001[11]

June 16

Avoiding Nervousness when Presenting

I have a meeting at one of my really large clients, and for some reason I was a little nervous.  I found a some helpful links related to being a better presenter.  Basically they say to not try to avoid nervousness, but to work with it and accept it for what it is:

http://presenting2007.blogspot.com/2007/02/notes-on-being-nervous.html

http://www.professionalspeakers.org/cgi-bin/allegro.pl?article115

http://www.thepublicspeakingsite.com/

http://eirikso.com/2008/06/04/what-to-do-if-you-are-nervous-when-presenting/ 

June 12

Helpful Links related to Configuring Outlook Anywhere nee 'RPC over HTTPS'

I had a client who wanted some helpful links to articles about Outlook Anywhere.  Here is what i found:

Configuring Outlook Anywhere

http://exchange-genie.blogspot.com/2008/02/configuring-outlook-anywhere-for.html

 

How to Configure Outlook Anywhere in Exchange 2007

http://technet.microsoft.com/en-us/library/cc179036(TechNet.10).aspx

 

Tutorial on Setting Up Outlook Anywhere with ISA (ignore the ISA part)

http://www.msexchange.org/tutorials/Outlook-Anywhere-2007-ISA-Server-2006.html

 

Configuring an Outlook 2003 Client:

http://www.msexchange.org/tutorials/outlookrpchttp.html

You for any client not running outlook 2007, you will have to manually configure the rpc over http settings.  Outlook 2007 will automatically configure itself using the autodiscover feature

 

System Center Capacity Planner Download

http://technet.microsoft.com/en-us/sccp/bb969059.aspx

 

Technet Articles:

http://technet.microsoft.com/en-us/library/bb123741.aspx

http://technet.microsoft.com/en-us/library/7f885b45-cbd4-4349-bdd2-bc1f30fbe1b4.aspx

June 03

MCTS: Operations Manager 2007. Test 70-400 Notes

 

Last week, I took 70-400 to get my MCTS:Microsoft System Center Operations Manager 2007, Configuring.
The test was harder than I thought; I got an 860 but had expected I would do better than that.

 

Here is what I remember about the test:

· 47 total questions, 2 hours long

· All multiple choice with four answers

· There weren’t any “All of These” or “None of these” answer possibilities

· About 5 questions that allow multiple answers, but all specify the total number of answers that you choose, ie “choose two of the following.”

· There weren’t any definition questions

· All the questions were task-based and follow the format: You would like to <do something>.  In order to accomplish this you must <choose answer>.

· Several questions related to backup/restore.  Study different backup/restore scenarios, especially related to the loss of an RMS

· Know how to replicate an environment in a lab by copying the databases and restoring the encryption key

· Know which roles to which restore the encryption key

· Study SecureStorageBackup.exe syntax

· Study ManagementServerConfigTool.exe PromoteRMS syntax

· Study the export-managementpack cmdlet syntax

·  Know how to install a Gateway server to monitor servers in a DMZ

· Know how to authenticate agents using certificates in a DMZ, and how to use MOMcertimport.exe

· Study Audit Collection Services know how to turn it on and off on agents, and how to install on the server.  Also remember that you cant install on a server that is clustered.

· Study Agentless Exception Monitoring, know how to filter the results so not all exceptions are sent to MS

· Know how to use overrides to target a MP to a specific type of target (like all Server 2003 domain controllers for example)

· Remember that to discover cluster resources, you have to turn on agent proxying on the physical nodes

· Remember that to see reports related to specific MP’s, you have to import the MP’s

· Know the basic steps for creating a distributed application

· Know how to monitor a web site using synthetic transactions, and remember what situations would be appropriate for monitoring a site using synthetic transactions

· Know when to create a diagnostic task vs. a recovery task

· Know the difference between a console task an agent task

 
Photo 1 of 6