Building Clouds – Page 3

Set or change Owner on a VMM for SCVMM and Azure Pack

Here is a updated script for modifying the owner of a VM, and/or to make it show up in Azure Pack. For a VM that’s been created in VMM to show up in AzurePack, it has to be assigned to a (not part of these scripts) Cloud and a subscription has to be added as owner to the VM (this is done by the scripts below).

Here is the original post: http://www.isolation.se/script-for-importing-existing-vms-into-azure-pack/

And here are the updated scripts:

#####
#
# Set Owner for one specific VM. 
#
$SCVMMSERVER = Get-SCVMMServer -ComputerName $ENV:COMPUTERNAME -ForOnBehalfOf 

$SCCloud = Get-SCCloud -Name (Get-SCCloud | select Name | where Name -notlike "*Tenants*" | Out-GridView -Title "Select Cloud" -PassThru).Name
$SCUser = (Get-SCUserRole | Where-Object Cloud -Match $SCCloud).Name  | Out-GridView -PassThru -Title "Select User" 
$SCAdmin = Get-SCUserRole -Name Administrator
$vmselfserviceuserrole = Get-SCUserRole | Where-Object Cloud -Match $SCCloud | Where-Object Name -Like $SCUser* 
$SCVM = (get-scvirtualmachine ($SCCloud | Get-SCVirtualMachine | select Name, Owner, UserRole | Out-GridView -Title "Select VM" -PassThru).Name)

Set-SCVirtualMachine -VM $SCVM –UserRole $vmselfserviceuserrole –Owner $SCAdmin

#####

# Set Owner for one specific VM.

$SCVMMSERVER = Get-SCVMMServer -ComputerName $ENV:COMPUTERNAME -ForOnBehalfOf

$SCCloud = Get-SCCloud -Name (Get-SCCloud | select Name | where Name -notlike "*Tenants*" | Out-GridView -Title "Select Cloud" -PassThru).Name

$SCUser = (Get-SCUserRole | Where-Object Cloud -Match $SCCloud).Name | Out-GridView -PassThru -Title "Select User"

$SCAdmin = Get-SCUserRole -Name Administrator

$vmselfserviceuserrole = Get-SCUserRole | Where-Object Cloud -Match $SCCloud | Where-Object Name -Like $SCUser*

$SCVM = (get-scvirtualmachine ($SCCloud | Get-SCVirtualMachine | select Name, Owner, UserRole | Out-GridView -Title "Select VM" -PassThru).Name)

Set-SCVirtualMachine -VM $SCVM –UserRole $vmselfserviceuserrole –Owner $SCAdmin

The script will ask you for a Cloud and list the subscriptions you can choose from, and then ask which VM to set the Owner on.

The difference here is that it will also set the VMM Administrators as an Owner so you can do maintenance tasks on the VM from VMM without modifying ownership back and forth.

And then a second script that will just set the same Owner on all VMs in a cloud. It’s nice when you have a lot of existing VM’s in an environment and would like to assign them to one specific user/subscription in one go.

#####
#
# Set same Owner for all VMs in a specific Cloud. 
#
$SCVMMSERVER = Get-SCVMMServer -ComputerName $ENV:COMPUTERNAME -ForOnBehalfOf 

$SCCloud = Get-SCCloud -Name (Get-SCCloud | select Name | where Name -notlike "*Tenants*" | Out-GridView -Title "Select Cloud" -PassThru).Name
$SCUser = (Get-SCUserRole | Where-Object Cloud -Match $SCCloud).Name | Out-GridView -PassThru -Title "Select User" 
$SCAdmin = Get-SCUserRole -Name Administrator
$vmselfserviceuserrole = Get-SCUserRole | Where-Object Cloud -Match $SCCloud | Where-Object Name -Like $SCUser* 
# $SCVM = (get-scvirtualmachine ($SCCloud | Get-SCVirtualMachine | select Name, Owner, UserRole | Out-GridView -Title "Select VM" -PassThru).Name)

Get-SCCloud $SCCloud | Get-SCVirtualMachine | Set-SCVirtualMachine –UserRole $vmselfserviceuserrole –Owner $SCAdmin

#####

# Set same Owner for all VMs in a specific Cloud.

$SCVMMSERVER = Get-SCVMMServer -ComputerName $ENV:COMPUTERNAME -ForOnBehalfOf

$SCCloud = Get-SCCloud -Name (Get-SCCloud | select Name | where Name -notlike "*Tenants*" | Out-GridView -Title "Select Cloud" -PassThru).Name

$SCUser = (Get-SCUserRole | Where-Object Cloud -Match $SCCloud).Name | Out-GridView -PassThru -Title "Select User"

$SCAdmin = Get-SCUserRole -Name Administrator

$vmselfserviceuserrole = Get-SCUserRole | Where-Object Cloud -Match $SCCloud | Where-Object Name -Like $SCUser*

# $SCVM = (get-scvirtualmachine ($SCCloud | Get-SCVirtualMachine | select Name, Owner, UserRole | Out-GridView -Title "Select VM" -PassThru).Name)

Get-SCCloud $SCCloud | Get-SCVirtualMachine | Set-SCVirtualMachine –UserRole $vmselfserviceuserrole –Owner $SCAdmin

Both of the script are written to be executed on the VMM Server, though you can probably change the $ENV:COMPUTERNAME to point to your VMM Server and then execute the script remotely.

Automatically generate RDCMan connection files with a script

RDCMan has to be my favorite tool. It’s a free program from Microsoft, where you can store all RemoteDesktop connections to your own servers and to your customers servers. I’m using each day, and I’m probably spending more time in that program than even Web Browsing and Outlook combined.

When I’m building new Private Clouds (datacenters) for customers, we deploy 20+ servers in a short time, and it’s quite a lot of work to add each server manually to RDCMan even though I’m of course using inherit on most settings, so all that needs to be done is add the servername and displayname. Though repetetive! So, lets use powershell!

RDCman is using a XML file for all the information, which it’s possible to create via powershell. I was lucky and found an almost perfect script done by powershell guru and MVP Jan Egil Ring.

I’ve modified that script a bit to be more in line with what I need, and updated it for RDCman 2.7 (no big deal, the old file worked in 2.7 too).

Version 2.0 of the script released 15/07/2015:

Updated for RDCMan 2.7
Only including ComputerObjects (no ClusterNames, Cluster Resources etc)
Only including Enabled Computer objects
Adds Computer Description as Comment
Not using a Group. I felt no need for that as there is just one environment in each RDG File
Support for Providing a RDGateway Address
Changed file name to reflect FQDN of Domain (we have several customers with the same Netbios name)
Sort servers alphabetically in the list.

Just run the script on a server with powershell and AD module installed, and it will create a brand new RDG file for you in your profile.
Note that it’s possible to provide a RDGateway Address and if it’s should be enabled by default.

The script gets scrambled when I’m publishing it on my blog, so please download the script from TechNet Gallery here: https://gallery.technet.microsoft.com/scriptcenter/Automatically-generate-da1d502b

Please let me know if you have any issues or suggestions for making the script even better.
Thanks!

Set MPIO Policy via PowerShell for Storage Spaces

Here is a small script to set the MPIO Policy via Powershell according to Microsofts Best Practices for Storage Spaces as seen here https://technet.microsoft.com/library/0923b851-eb0a-48ee-bfcb-d584363be668

It will set the Global MPIO policy to Least Block and then change the MPIO Policy for all SSD’s to Round Robin. Though, it’s possible that mpclaim.exe will use a different DiskID from what Powershell/Device Manager is using.
So the script has a built-in feature to adjust the DiskId if needed, though you have to verify and set the value manually before running the script!

# As you can see in the ForEach section I had to subtract -1 from the DiskID to make the DiskIDs right. 
# It's because mpclaim can only see MPIO Disks, and will not see the OS Disk (that Powershell lists) 
# You need to verify this manually before running the script like this: 
#
# 1. Open DeviceManager 
# 2. Locate one random SSD 
# 3. Manually change MPIO Policy to Round Robin 
#    Select Details Tab
#    Select "Physical Device Object Name" in the dropdrown list. 
#    Take note of the DiskId 
#    Click OK
# 4. Run this command line: 
#    mpclaim -s -d | findstr /i /c:RR
#    Take note of the DiskId 
# 5. Compare the Numbers from #3 and #4. How much do they differ? 
# 
# When I wrote this script, the numbers in this environment differed -1 (mpclaim was 24 and DeviceManger was 25). 
# So I adjusted the script below to reduce the number by -1. 
# 
# While in another environment the Numbers between DeviceManager and mpclaim matched. So no need to subract. 
# Adjust $subtract below accordingly to the test above. 

#################
# 
# Set Global MPIO Policy to Least Blocks according to Microsoft Best Practices 
Set-MSDSMGlobalDefaultLoadBalancePolicy –policy LB 

# Get all SSD Drives 
$ssds = Get-PhysicalDisk | where MediaType -EQ SSD

foreach ($ssd in $ssds) { 
 
 $subtract = "1"    # set to 0 if numbers match in the test above. 
 $id = (($ssd.DeviceId) -$subtract).ToString()
 # Set Policy to Round Robin = 2 
 start-process "c:\windows\system32\mpclaim.exe" -ArgumentList "-l -d $id 2" -Wait  
 }

Write-Output "Show all Drives with Round Robin MPIO Policy"
c:\windows\system32\mpclaim.exe -s -d | findstr /i /c:RR

# As you can see in the ForEach section I had to subtract -1 from the DiskID to make the DiskIDs right.

# It's because mpclaim can only see MPIO Disks, and will not see the OS Disk (that Powershell lists)

# You need to verify this manually before running the script like this:

# 1. Open DeviceManager

# 2. Locate one random SSD

# 3. Manually change MPIO Policy to Round Robin

# Select Details Tab

# Select "Physical Device Object Name" in the dropdrown list.

# Take note of the DiskId

# Click OK

# 4. Run this command line:

# mpclaim -s -d | findstr /i /c:RR

# Take note of the DiskId

# 5. Compare the Numbers from #3 and #4. How much do they differ?

# When I wrote this script, the numbers in this environment differed -1 (mpclaim was 24 and DeviceManger was 25).

# So I adjusted the script below to reduce the number by -1.

# While in another environment the Numbers between DeviceManager and mpclaim matched. So no need to subract.

# Adjust $subtract below accordingly to the test above.

#################

# Set Global MPIO Policy to Least Blocks according to Microsoft Best Practices

Set-MSDSMGlobalDefaultLoadBalancePolicy –policy LB

# Get all SSD Drives

$ssds = Get-PhysicalDisk | where MediaType -EQ SSD

foreach ($ssd in $ssds) {

$subtract = "1" # set to 0 if numbers match in the test above.

$id = (($ssd.DeviceId) -$subtract).ToString()

# Set Policy to Round Robin = 2

start-process "c:\windows\system32\mpclaim.exe" -ArgumentList "-l -d $id 2" -Wait

}

Write-Output "Show all Drives with Round Robin MPIO Policy"

c:\windows\system32\mpclaim.exe -s -d | findstr /i /c:RR

Software-Defined Storage (SDS) Design Calculator

The Excel calculator that Microsoft showed during Ignite has finally been release and is available for download here: http://aka.ms/sdscalc

List of resources to find Hotfixes and updates for Windows Server 2012 R2

When you use the more advanced features of Windows and System Center components, you tend to run into issues and undocumented features once in a while. Here are a couple of useful links to websites which lists the recommended hotfixes that should be installed before contacting Microsoft support. And I’m usually deploying them in our own live environment as soon as they are released, to hopefully not run into the issues or sometimes find out potential problems with the fixes before recommending them to our customers.

Updated: 2015-08-23 with additional collections (DFS).

Recommended hotfixes and updates for Windows Server 2012 R2-based failover clusters
https://support.microsoft.com/en-us/kb/2920151

List of currently available hotfixes for the File Services technologies in Windows Server 2012 and in Windows Server 2012 R2
https://support.microsoft.com/en-us/kb/2899011

Recommended hotfixes, updates, and known solutions for Windows Server 2012 and Windows Server 2012 R2 Hyper-V Network Virtualization (HNV) environments
https://support.microsoft.com/en-us/kb/2974503

Updates for Active Directory Federation Services (AD FS)
https://technet.microsoft.com/en-us/library/mt126278.aspx

Available Updates for Remote Desktop Services in Windows Server 2012 R2
https://support.microsoft.com/en-us/kb/2933664

Recommended hotfixes and updates for Windows Server 2012 DirectAccess and Windows Server 2012 R2 DirectAccess
https://support.microsoft.com/en-us/kb/2883952

Hyper-V: Update List for Windows Server 2012 R2 – kept up to date by the community (MVPs mostly).
http://social.technet.microsoft.com/wiki/contents/articles/20885.hyper-v-update-list-for-windows-server-2012-r2.aspx?PageIndex=2

List of Public Microsoft Support Knowledge Base (KB) Articles for System Center 2012 R2 Virtual Machine Manager (VMM 2012 R2)
http://social.technet.microsoft.com/wiki/contents/articles/22074.list-of-public-microsoft-support-knowledge-base-kb-articles-for-system-center-2012-r2-virtual-machine-manager-vmm-2012-r2.aspx

List of currently available hotfixes for Distributed File System (DFS) technologies in Windows Server 2012 and Windows Server 2012 R2
https://support2.microsoft.com/kb/2951262/en-us?sd=rss&spid=17383

Remember that you can import Hotfixes directly into WSUS and deploy them that way, just like any other update.

And this is a RSS Feed that lists the Latest KB Articles for Windows Server 2012 R2
https://support2.microsoft.com/common/rss.aspx?rssid=17383
I’ve got the RSS feed imported into Outlook, so I’ll easily see when there is a new one and will hopefully remember the issue when/if I run into it in the future.

Scale Out File Server – Latest Hotfixes of June 4, 2015

When I had contact with Microsoft Premier Support about a SOFS (Scale Out File Server) problem they provided me with this list of hotfixes, to get all components up to the latest version.

Ensure the SOFS nodes are updated with *ALL* the Cluster recommended updates:

Recommended hotfixes and updates for Windows Server 2012 R2-based failover clusters http://support.microsoft.com/kb/2920151

Plus 4 additional ones below:
3023894 Cluster fixes for deadlock and resource time-out issues in Windows Server 2012 R2 Update 1 http://support.microsoft.com/kb/3023894/EN-US

3027115 Custom values for various MPIO timers in Windows Server 2012 R2 may not be honored http://support.microsoft.com/kb/3027115/EN-US

3022333 Hotfix to avoid a deadlock situation on a CSV file system volume on Windows Server 2012 R2 http://support.microsoft.com/kb/3022333/EN-US

2970653 A SQL Server that is running in a Hyper-V virtual machine takes a long time to restore a database to a dynamic VHD http://support.microsoft.com/kb/2970653/EN-US

All theses hotfixes can be imported to WSUS via Microsoft Update for easy distribution.
In addition to SOFS, I’ve also deployed all the cluster hotfixes to my Hyper-V Clusters.

The Interactive Services Detection service terminated with the following error: Incorrect function.

This morning I noticed that one of the Hyper-V Hosts at a customer were logging this error regularly in the system Eventlog;

Error    5/19/2015 7:40:14 AM    Service Control Manager    7023    None
The Interactive Services Detection service terminated with the following error:
Incorrect function.

Error 5/19/2015 7:40:14 AM Service Control Manager 7023 None

The Interactive Services Detection service terminated with the following error:

Incorrect function.

The full detailed entry:

Log Name:      System
Source:        Service Control Manager
Date:          5/19/2015 7:40:14 AM
Event ID:      7023
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      FAHOST03.fabric.xxxxxxxxxx.com
Description:
The Interactive Services Detection service terminated with the following error: 
Incorrect function.
Event Xml:

  
    
    7023
    0
    2
    0
    0
    0x8080000000000000
    
    223591
    
    
    System
    FAHOST03.fabric.xxxxxxxxxx.com
    
  
  
    Interactive Services Detection
    %%1
    5500490030004400650074006500630074000000

Log Name: System

Source: Service Control Manager

Date: 5/19/2015 7:40:14 AM

Event ID: 7023

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: FAHOST03.fabric.xxxxxxxxxx.com

Description:

The Interactive Services Detection service terminated with the following error:

Incorrect function.

Event Xml:

7023

0x8080000000000000

223591

System

FAHOST03.fabric.xxxxxxxxxx.com

Interactive Services Detection

%%1

5500490030004400650074006500630074000000

It looks like the events are happening every 30 minutes, and at the same time as Windows is for some (so far) unknown reason doing a reinstall of a lot of MSI packages, and the above Interactive Service is triggered at the same time as it’s reinstalling the DHCPExt.msi

Log Name:      Application
Source:        MsiInstaller
Date:          5/19/2015 7:40:14 AM
Event ID:      1035
Task Category: None
Level:         Information
Keywords:      Classic
User:          FABRIC\SVC-VMM_ADM
Computer:      FAHOST03.fabric.xxxxxxxxxx.com
Description:
Windows Installer reconfigured the product. Product Name: Microsoft System Center Virtual Machine Manager DHCP Server (x64). Product Version: 3.2.7768.0. Product Language: 1033. Manufacturer: Microsoft Corporation. Reconfiguration success or error status: 0.
Event Xml:

  
    
    1035
    4
    0
    0x80000000000000
    
    223173
    Application
    FAHOST03.fabric.xxxxxxxxxx.com
    
  
  
    Microsoft System Center Virtual Machine Manager DHCP Server (x64)
    3.2.7768.0
    1033
    0
    Microsoft Corporation
    (NULL)
    
    
    7B46434337463337462D463635352D343437352D394130342D3239423142463731444639397D3030303063613232326561376464646365306534303839613538386434636362343261633030303030393034

Log Name: Application

Source: MsiInstaller

Date: 5/19/2015 7:40:14 AM

Event ID: 1035

Task Category: None

Level: Information

Keywords: Classic

User: FABRIC\SVC-VMM_ADM

Computer: FAHOST03.fabric.xxxxxxxxxx.com

Description:

Windows Installer reconfigured the product. Product Name: Microsoft System Center Virtual Machine Manager DHCP Server (x64). Product Version: 3.2.7768.0. Product Language: 1033. Manufacturer: Microsoft Corporation. Reconfiguration success or error status: 0.

Event Xml:

1035

0x80000000000000

223173

Application

FAHOST03.fabric.xxxxxxxxxx.com

Microsoft System Center Virtual Machine Manager DHCP Server (x64)

3.2.7768.0

1033

Microsoft Corporation

(NULL)

7B46434337463337462D463635352D343437352D394130342D3239423142463731444639397D3030303063613232326561376464646365306534303839613538386434636362343261633030303030393034

I can so far unfortunately not find anything that’s logging why Windows is reconfiguring all MSI Packages on the server every 30 minutes.

It does look like it’s the DHCP Server extension that’s causing the Interactive Service errors, as they always happen at the same time. Though, the DHCP Server extension shouldn’t be reconfiguring in the first place.

We always enable the Reliability History on all servers which can be handy at times to see when a problem begun happening.
Check this Out!

It looks like the problem started on April 28 at 8:42 PM.

As the Reliability History tool is disabled by default, I’ll make another blogpost showing how you can enable this feature for all your servers.

When I wanted to see what had happened around April 28th. I noticed that was the oldest entries in the Application log. When the log has become full, it has removed the oldest entries according to the settings.

So I don’t think I’ll get any more details that way, and it does look like this problem has gone on for quite some time.

I’ll just reinstall the Hyper-V Host as it’s done in a few minutes compared to spending hours trying to fix the problem.
AND… I’ll create a Group Policy that will increase the Eventlog Size to x10 the default. So the next time something like this happens, I’ll have information to dig deeper.

Updated 2015-05-19 09:08:

After doing some more digging, it seems according to this KB Article (KB974524 : Event log message indicates that the Windows Installer reconfigured all installed applications) that this problem can happen if one of the following is true:

You have a group policy with a WMIFilter that queries Win32_Product class.
You have an application installed on the machine that queries Win32_Product class.

As the problem is not happening every 90-120 minute which would be true if it was GPO Triggered, I would say it’s an application that uses the Win32_Product class. And after doing some digging, it turns out it’s a known problem with VMM which will be fixed in UR7. Or hopefully earlier with a hotfix.

Updated 2015-05-19 10:12:

Wow, I got a hotfix for the issue within 15 minutes after contacting the VMM Team.
I’ve just installed it in our test environment and will later install it in the customers production environment.

Unfortunately I don’t have a KB or Hotfix ID for this, but if you contact Premier Support I think you can mention that you need a hotfix for Engine.Adhc.Operations.dll which gives support for RegKey: UpdateDHCPExtension
That info should make them able to find the correct hotfix.

Update VMM Agent via PowerShell

PowerShell script to update VMM Agent on all VMM Managed Computers after Update Rollup is installed on VMM Server.

You can find the AgentVersion here: http://social.technet.microsoft.com/wiki/contents/articles/15361.list-of-build-numbers-for-system-center-virtual-machine-manager-vmm.aspx

$credential = Get-SCRunAsAccount -Name "VMMAdminAccount" 
$managedComputer = Get-SCVMMManagedComputer | where -Property VersionState -eq "UpgradeAvailable" 
foreach ($server in $managedComputer) { 
Update-SCVMMManagedComputer -Credential $credential -RunAsynchronously -VMMManagedComputer $server 
 }

$credential = Get-SCRunAsAccount -Name "VMMAdminAccount"

$managedComputer = Get-SCVMMManagedComputer | where -Property VersionState -eq "UpgradeAvailable"

foreach ($server in $managedComputer) {

Update-SCVMMManagedComputer -Credential $credential -RunAsynchronously -VMMManagedComputer $server

}

Unable to Connect to VMM in AzurePack after UR install

After upgrading to Update Release 6 (UR6) we got the same issue as seen in earlier UR’s. It’s not possible to connect to VMM in AzurePack so you can’t see your Virtual Machines, Clouds or Networks.

It turned out that when UR6 gets applied to SPF, the bindings are once again messed up. To fix this, just logon to the server hosting SPF and in IIS check the bindings as seen here;

The SPF Website is not running and you can see two Bindings.
In my case, one has a certificate and the other doesn’t. So I just remove the binding without a certificate. Then start the Website and everything is working as expected again.

In earlier UR’s I’ve also seen how there is no bindings at all listed here. So you may have to create some binding then.

The request size exceeded the configured MaxEnvelopeSize quota

Today when I was updating our AzurePack WebSites Servers, I got an error which prevented the upgrade of most of the WebSite Roles like these;
Management Servers, Publishing Servers, Front End Servers and all the Web Workers. Yes, everyone except the Web Sites Controller.
Resulting in some unexpected downtime. Luckily, all that was affected was this blogsite.

The error message I got was;
The WinRM client sent a request to the remote WS-Management service and was notified that the request size exceeded the configured MaxEnvelopeSize quota.
And I could also see that the files being copied to c:\windows\temp (WebFarmAgent.msi) were broken.

I also had an error “Failed to copy role artifacts to agent” in the logfile seen on Windows Azure Pack Websites Controller.

First of all, I ran this command in an Elevated Command prompt on the server hosting the Controller Role;
C:\Windows\system32>winrm g winrm/config

And then the same command on one of the failing servers;
C:\Windows\system32>winrm g winrm/config

Notice the difference in MaxEnvelopeSizekb between the servers. One of the other servers had MaxEnvelopeSizeKB set to 700.

I don’t know why it’s different between the servers or what has suddenly changed it, my guess it’s some Windows Update patch. Though it’s the same patches being installed on all the servers, and I’ve seen three different values. Wicked.
So by using the same value on all the servers I got the setup to work. And as you can see, this blog site is now also running. YAY!

I chose to set the value to the same as on the Controller Server which is the one trying to run the commands and copy the files to the other servers.
winrm set winrm/config @{MaxEnvelopeSizekb=”8192″}
It will now take 5-60 minutes for all update and repair jobs to complete.

I couldn’t find any Group Policy object to use to set that value as a default value on all AzurePack WebSites servers. So I’ve got to come up with another longterm solution. Maybe doing it with Desire State Configuration (DSC) or via Configuration Manager?