Server 2012

How to check Hyper-V replication status automatically

Copy and paste the following into a text file and save as c:\checkrep.ps1.

*****************************************************************

Add-PSSnapin Microsoft.Exchange.Management.Powershell.Admin -erroraction silentlyContinue

##### Configuration Section Starts #####

$SMTPName = “mail.ncol.net”
$EmailMessage = new-object Net.Mail.MailMessage
$SMTPServer = new-object Net.Mail.SmtpClient($SMTPName)
$EmailMessage.From = “admin@domain.com”
$EmailMessage.To.Add(“techsupp@ncol.net”)
#$EmailMessage.To.Add(“9197021111@vtext.com”)

##### Configuration Section Ends#####

#Build a nice file name
$date = get-date -Format M_d_yyyy_hh_mm_ss
$csvfile = “.\AllAttentionRequiringVMs_”+$date+”.csv”

#Build the header row for the CSV file
$csv = “VM Name, Date, Server, Message `r`n”

#Find all VMs that require your attention
$VMList = get-vm | where {$_.ReplicationHealth -eq “Critical” -or $_.ReplicationHealth -eq “Warning”}

#Loop through each VM to get the corresponding events
ForEach ($VM in $VMList)
{
$VMReplStats = $VM | Measure-VMReplication

#We should start getting events after last successful replication. Till then replication was happening.
$FromDate = $VMReplStats.LastReplicationTime

#This string will filter for events for the current VM only
$FilterString = “<QueryList><Query Id=’0′ Path=’Microsoft-Windows-Hyper-V-VMMS-Admin’><Select Path=’Microsoft-Windows-Hyper-V-VMMS-Admin’>*[UserData[VmlEventLog[(VmId='” + $VM.ID + “‘)]]]</Select></Query></QueryList>”

$EventList = Get-WinEvent -FilterXML $FilterString  | Where {$_.TimeCreated -ge $FromDate -and $_.LevelDisplayName -eq “Error”} | Select -Last 3

#Dump relevant information to the CSV file
foreach ($Event in $EventList)
{
If ($VM.ReplicationMode -eq “Primary”)
{
$Server = $VMReplStats.PrimaryServerName
}
Else
{
$Server = $VMReplStats.ReplicaServerName
}
$csv +=$VM.Name + “,” + $Event.TimeCreated + “,” + $Server + “,” + $Event.Message +”`r`n”
}
}

#Create a file and dump all information in CSV format
$fso = new-object -comobject scripting.filesystemobject
$file = $fso.CreateTextFile($csvfile,$true)
$file.write($csv)
$file.close()

#If there are VMs in critical health state, send an email to me and my colleague
If ($VMList -and $csv.Length -gt 33)
{
$Attachment = new-object Net.Mail.Attachment($csvfile)
$EmailMessage.Subject = “[ATTENTION] Replication requires your attention!”
$EmailMessage.Body = “The report is attached.”
$EmailMessage.Attachments.Add($Attachment)
$SMTPServer.Send($EmailMessage)
$Attachment.Dispose()
}
Else
{
$EmailMessage.Subject = “[NORMAL] All VMs replicating Normally!”
$EmailMessage.Body = “All VMs are replicating normally. No further action is required at this point.”
$SMTPServer.Send($EmailMessage)
}

*****************************************************************

Change the relevant email information at the beginning of the document.

Now open Task Scheduler.

Create a Basic Task. Name it Check Replication. Next.

Set the Trigger to the frequency you want the script to run. Next.

Set the Action to Start A Program. Next.

Enter powershell.exe in the Program box.

Enter c:\checkrep.ps1 in the Add Arguments box.

Enter c:\ in the Start In box. Next.

Open the properties of the Task and on the General tab select “Run whether user is  logged in or not” and “Run with the highest privileges”.

******************************************************************

If you receive an error:

“Your script is blocked from executing due to the execution policy.”

You need to set it on the client PC to Unrestricted. You can do that by calling Invoke with

Set-ExecutionPolicy Unrestricted

within Windows Powershell (x86) app.

How to configure an internal relay connector for Exchange 2013

Go to the webpage of the exchange management page (https://exchangeserver/ecp)
Go to the Mail flow > Receive Connectors > + for add a new connector.

exchrelay1

Enter a name for the connector. If you want to relay outside your organization than you need to select Frontend Transport role instead of the Hub Transport role.

exchrelay2

Leave the setting below unchanged.

exchrelay3

Remove the IP address which are shown in the picture below.

exchrelay4

You get an error that the field is required. (click on the + to add a new range)exchrelay5

Enter a single IP address or a local LAN address which is allowed to email via the exchange server.

 

 

 

exchrelay6

The remote network settings will show the list like below.exchrelay7

When clicked on finished. You have to edit the relay connector and go to security tab.
Select the option “Anonymous users”.exchrelay8

Click on Save..

Now you have to open a powershell CLI of exchange on the exchange server ( with administrative rights ).

Get-ReceiveConnector “Receive Connector Name” | Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “Ms-Exch-SMTP-Accept-Any-Recipient”

 

Exchange 2013 mailbox move stuck at StatusDetail FailedOther

You have to remove the current move request and resubmit:

Remove-MoveRequest -Identity userID

New-MoveRequest -Identity “userID” -TargetDatabase “Mailbox Database 0422167200” -BatchName “userID” -BadItemLimit “200”

How to find and remove a Service on Server 2008, 2012 and 2016

Run command prompt as Administrator

Find the keyname with “sc getkeyname”:

C:\Users\administrator.LOCAL>sc getkeyname “Atlassian JIRA”
[SC] GetServiceKeyName SUCCESS
Name = JIRASoftware151216105308

Now delete the key using:

C:\Users\administrator.LOCAL>sc delete “JIRASoftware151216105308”

 

 

Perform a full backup on Exchange to purge logs

1. Open Command prompt as Administrator
2. Launch Diskshadow

A.Add volume d:
B.(optional, add one line for each additional drive to include) Add volume X:
C.Begin Backup
D.Create
E.End Backup

3. At this step you should notice the following events in the application log indicating that the backup was indeed successful and logs will now be deleted.

Here’s some screenshots from the process:

Command promptdiskshadow

Event Logese-event-id-2005

 

 

Backup all SQL Databases at once

Problem

Sometimes things that seem complicated are much easier then you think and this is the power of using T-SQL to take care of repetitive tasks. One of these tasks may be the need to backup all databases on your server. This is not a big deal if you have a handful of databases, but I have seen several servers where there are 100+ databases on the same instance of SQL Server. You could use SQL Server Management Studio to backup the databases or even use Maintenance Plans, but using T-SQL is a much simpler and faster approach.

Solution

With the use of T-SQL you can generate your backup commands and with the use of cursors you can cursor through all of your databases to back them up one by one. This is a very straight forward process and you only need a handful of commands to do this.

Here is the script that will allow you to backup each database within your instance of SQL Server. You will need to change the @path to the appropriate backup directory.

File Naming Format DBname_YYYYDDMM.BAK

DECLARE @name VARCHAR(50) — database name
DECLARE @path VARCHAR(256) — path for backup files
DECLARE @fileName VARCHAR(256) — filename for backup
DECLARE @fileDate VARCHAR(20) — used for file name

— specify database backup directory
SET @path = ‘C:\Backup\’

— specify filename format
SELECT @fileDate = CONVERT(VARCHAR(20),GETDATE(),112)

DECLARE db_cursor CURSOR FOR
SELECT name
FROM master.dbo.sysdatabases
WHERE name NOT IN (‘master’,’model’,’msdb’,’tempdb’) — exclude these databases

OPEN db_cursor
FETCH NEXT FROM db_cursor INTO @name

WHILE @@FETCH_STATUS = 0
BEGIN
SET @fileName = @path + @name + ‘_’ + @fileDate + ‘.BAK’
BACKUP DATABASE @name TO DISK = @fileName

FETCH NEXT FROM db_cursor INTO @name
END

CLOSE db_cursor
DEALLOCATE db_cursor
File Naming Format DBname_YYYYDDMM_HHMMSS.BAK

If you want to also include the time in the filename you can replace this line in the above script:

— specify filename format
SELECT @fileDate = CONVERT(VARCHAR(20),GETDATE(),112)

with this line:

— specify filename format
SELECT @fileDate = CONVERT(VARCHAR(20),GETDATE(),112) + REPLACE(CONVERT(VARCHAR(20),GETDATE(),108),’:’,”)

Notes

In this script we are bypassing the system databases, but these could easily be included as well. You could also change this into a stored procedure and pass in a database name or if left NULL it backups all databases. Any way you choose to use it, this script gives you the starting point to simply backup all of your databases.

How to Setup a Legal Notice Before Login in Group Policy

This is a very easy setting that may also substitute for signing the computer usage agreements every year.
legal-notice-group-policy-settings
1.Open up your Group Policy Management Console (gpmc.msc)
2.Go to the Group Policy Object in your domain, right click on Default Domain Policy and select Edit…
3.Once the Group Policy Editor is up, using the treeview on on the left go to Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
4.To edit the title of the windows change: Interactive logon:Message title for users attempting to log on
5.To edit the message text change: Interactive Logon:Message text for users attempting to log on

Use Robocopy to move shares with permissions.

robocopy source destination /E /ZB /DCOPY:T /COPYALL /R:1 /W:1 /V /TEE /LOG:Robocopy.log

Here’s what the switches mean:

source :: Source Directory (drive:\path or \\server\share\path).
destination :: Destination Dir (drive:\path or \\server\share\path).
/E :: copy subdirectories, including Empty ones.
/ZB :: use restartable mode; if access denied use Backup mode.
/DCOPY:T :: COPY Directory Timestamps.
/COPYALL :: COPY ALL file info (equivalent to /COPY:DATSOU). Copies the Data, Attributes, Timestamps, Ownser, Permissions and Auditing info
/R:n :: number of Retries on failed copies: default is 1 million but I set this to only retry once.
/W:n :: Wait time between retries: default is 30 seconds but I set this to 1 second.
/V :: produce Verbose output, showing skipped files.
/TEE :: output to console window, as well as the log file.
/LOG:file :: output status to LOG file (overwrite existing log).

How to configure Exchange to redirect OWA HTTP requests to HTTPS requests in IIS 7

To enable SSL redirection to the OWA virtual directory, follow these steps:

  1. Start IIS 7 Manager.
  2. Expand the server, expand Sites and select the Default Web Site.
  3. Double-click HTTP Redirect.
  4. Select the Redirect requests to this destinationcheck box, and then enter /owa.
  5. Select the Only redirect requests to content in this directory (not subdirectories)check box.
  6. Select Found (302) from the Statuscode drop-down list.
  7. Click Apply to save the settings.
    Note The changes that you made to the Default Web Site will propagate down to the virtual directories for that site.
  8. Expand the Default Web Site.
  9. Select the aspnet_client virtual directory.
  10. Double-click HTTPRedirect.
  11. Clear the check box for Redirect requests to this destination.
  12. Click Apply to save the settings.
  13. Repeat steps 9-12 for the following virtual directories:
    • Autodiscover
    • Ecp
    • EWS
    • Microsoft-Server-ActiveSync
    • OAB
    • Owa
    • PowerShell
    • PowerShell-Proxy
    • Rpc

How to add Trusted Sites

We need to go to the Computer Configuration ““> Administrative Tools ““> Windows Components ““> Internet Explorer ““> Internet Control Panel ““> Security Page and then double click to the zone assignment list in the right pane as you can see below.

iegp1

After you double click on site to the zone assignment list you will see a window to enable the settings and configure it. Click enabled. Then click show. On the show contents screen click add.

iegp2

By clicking add we can add URLs and specify what zone we want them to be placed in like so:

iegp3

The number 2 denotes the number of the zone. In this case it is the trusted zone. Microsoft breaks down the settings as follows:

  1. Intranet zone – sites on your local network.
  2. Trusted Sites zone – sites that have been added to your trusted sites.
  3. Internet zone – sites that are on the Internet.
  4. Restricted Sites zone – sites that have been specifically added to your restricted sites.

After clicking OK you can wait for your default refresh of Group Policy which is 15 minutes by default or you can run gpupdate.exe from any workstation to see if it worked. You can also restart the workstations to force the update.

 

To configure the behavior of Automatic Updates


 

  1. In Group Policy Object Editor, expand Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Windows Update.
  2. In the details pane, click Configure Automatic Updates.
  3. Click Enabled and select one of the following options:
    • Notify for download and notify for install. This option notifies a logged-on administrative user prior to the download and prior to the installation of the updates.
    • Auto download and notify for install. This option automatically begins downloading updates and then notifies a logged-on administrative user prior to installing the updates.
    • Auto download and schedule the install. If Automatic Updates is configured to perform a scheduled installation, you must also set the day and time for the recurring scheduled installation.
    • Allow local admin to choose setting. With this option, the local administrators are allowed to use Automatic Updates in Control Panel to select a configuration option of their choice. For example, they can choose their own scheduled installation time. Local administrators are not allowed to disable Automatic Updates.
  4. Click OK.

How to create mapped drives in Group Policy

To create a new Mapped Drive preference item

  1. Open the Group Policy Management Console . Right-click the Group Policy object (GPO) that should contain the new preference item, and then click Edit .
  2. In the console tree under User Configuration , expand the Preferences folder, and then expand the Windows Settings folder.
  3. Right-click the Drive Maps node, point to New , and select Mapped Drive .
  4. In the New Drive Properties dialog box, select an Action for Group Policy to perform. (For more information, see “Actions” in this topic.)
  5. Enter drive map settings for Group Policy to configure or remove. (For more information, see “Drive map settings” in this topic.)
  6. Click the Common tab, configure any options, and then type your comments in the Description box. (For more information, see Configure Common Options.)
  7. Click OK . The new preference item appears in the details pane.

Disable Firewall on users using group policy in server 2008, 2012

Computer Config > Administrative Templates > Network > Network connections > Windows Firewall > Domain Profile  > Windows Firewall: Protect all network connections = Disabled

After that go to client machine;

Start > Run > CMD > Gpupdate /force

Reboot.

How To Enable Remote Desktop Via Domain Group Policy Windows Server 2012 / 2008 R2 / 2008

Open the Group Policy Management and create a new GPO, and edit.

1 – Computer Configuration > Policies > Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile > “Windows Firewall: Allow Inbound Remote Desktop Exception”

2 –  Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections > enable the policy “Allow Users to connect remotely using Remote Desktop Services” Note: this used to be  > Windows Components > Terminal Services > “Allow users to connect remotely using Terminal Services”

To deploy printers to users or computers by using Group Policy

To deploy printer connections to users or computers by using Group Policy, you must add the printer connections to a Group Policy object (GPO) as described in the procedure.

To deploy printers to users or computers by using Group Policy

  1. Open Print Management.
  2. In the left pane, click Print Servers, click the applicable print server, and click Printers.
  3. In the center pane, right-click the applicable printer, and then click Deploy with Group Policy.
  4. In the Deploy with Group Policy dialog box, click Browse, and then choose or create a new GPO for storing the printer connections.
  5. Click OK.
  6. Specify whether to deploy the printer connections to users, or to computers:
    • To deploy to groups of computers so that all users of the computers can access the printers, select the The computers that this GPO applies to (per machine) check box.
    • To deploy to groups of users so that the users can access the printers from any computer they log onto, select the The users that this GPO applies to (per user) check box.
  7. Click Add.
  8. Repeat steps 3 through 6 to add the printer connection setting to another GPO, if necessary.
  9. Click OK.

Change Windows password in Remote Desktop

CTRL-ALT-END is the key combo to send a CTRL-ALT-DEL to the remote RDP desktop. Useful for changing passwords on workstations and servers remotely.

How to set NTP on Windows Server 2012

This is all you need if you want to keep it simple. Run using PowerShell as admin:

w32tm /config /manualpeerlist:pool.ntp.org /syncfromflags:MANUAL
Stop-Service w32time
Start-Service w32time

If the machine is a VM inside Hyper-V, you have to disable time sync. Open VM settings -> Management -> Integration Services and uncheck Time Synchronization.

How to log off/sign out of Server 2012

Go to the Start “screen”, click on your user account picture/name in the upper-right hand corner of the screen, and select “Sign out”.2012logoff 

 

How To Give Windows Server 2012 Users a Traditional User Experience

 

Windows Server 2012 is here, and like many of you who have downloaded it and tested it, I have been messing around with the new operating system for a while now. I’ve been exploring new features and capabilities, some of which I like, and others I don’t care for all that much. All in all, however, I think both Windows 8 and Windows Server 2012 will be successful over time and I say that because the user experience will take some getting used to.

Once you install the new OS, many will be taken aback and will find navigating and finding old tools and utilities a bit of a challenge. I expect many administrators will be looking for a way to change the new Metro style and trade it in for the traditional Windows Start Menu. The good news is that we can tweak the user interface in Windows Server 2012 to get really close to what a Windows Server 2008 would look like, with the caveat that you will not get everything back. I think Microsoft is trying to push everyone to adopt the new interface and it will be successful over time in accomplishing this, especially if the upcoming Surface tablets takes off.

Let’s take a look at what we need to do in order to make the changes:

  1. Install the Desktop Experience
  2. Restart the Server
  3. Pin icons and useful tools and utilities to the desktop
  4. Disable Server Manager from automatically starting
Roles and features wizard
Figure 1. Roles and features wizard. (Click image to view larger version.)

Let’s tackle the Desktop Experience. First, in order to gain access to icons like My Computer, Control Panel and many of the traditional features we have been using for years (and keep in mind that when I say gain access, I mean gain access the traditional way — all the tools still exist; you simply have to learn to access them the new way), follow these steps:

  1. Launch Server Manager from the taskbar (if it is not started already) and click on Add roles and features.
  2. Go through the wizard until you get to a screen similar to Fig. 1; make sure to select Features on the left node and scroll down to User Interfaces and Infrastructure.
  3. Click the arrow to expand this feature and select Desktop Experience.
  4. Click Next and follow the wizard to completion, which will require a restart of the server.

Even a simple power operation like restart takes some getting used to, so in order to restart your server follow these steps:

  1. Hover your mouse to the top right-hand corner of the screen and select the Settings icon.
  2. Now click on the Power icon and restart the server.

Once the server comes back up, you can right-click on your desktop and click on Personalize in order to configure our icons. Select Change desktop icons and add the icons you want to your desktop.

If Server Manager is annoying you every time Windows starts and you want to prevent it from automatically starting, do the following:

  1. Launch Server Manager.
  2. On the top right menu, select Manage.
  3. Select Server Manager Properties.
  4. Check the box next to “Do not start Server Manager automatically at logon”.

At this point your desktop will look pretty close to what what you’re used to in Windows Server 2008. I recommend creating shortcuts for some of your favorite tools and utilities and adding them to the desktop. For those of you who like the simplicity of the traditional Start Menu and user interface, in future blogs I will walk through further customizations that will make Windows Server 2012 a bit more friendly.

Permissions that need to be set to allow automate users home directory creations

share1When you configure home directory for user (from “Active directory users and computers” – in Windows 2000/2003/2008/2012 domain or “User manager for domains” – in NT4 domain), you should add root share that will contain the user home directory – \\servername\users$\%username%. To allow automatic creation of this home folder, there need to configure correct NTFS and Share permissions on home folder root share.

Right click the folder > Properties > Sharing > Advanced Sharing. Name the share and add a “$” to the end to make it a hidden share.

Click Permissions on the share.

share2

To allow automate home directory creations, please make sure to apply this security settings on the root folder that should contain the user home directory.

Administrators: Full Control
System: Full Control
Authenticated Users: Full Control

Now click OK > OK to get back to the Folder Properties.

Now we need to configure the NTFS permissions, so we need to be on the “Security” tab of the folder we created earlier.

1. Turn off inheritance on the folder and copy the permissions. You do this by:

a. Click the Advanced button found on the Security tab.
b. Clear Allow inheritable permissions to propagate to this object check box in the Advanced Security Settings dialog box.
c. Click Copy when prompted by the Security dialog box.

2. Click OK to return to the Security tab. Ensure we have the following permissions set:

Administrators: Full Control
System: Full Control
Creator Owner: Full Control
Authenticated Users: Read & Execute, List Folder Contents, Read

3. Change permissions for Authenticated Users so they cannot access other users’ folders. You do this by:

a. Click Advanced on the Security tab.
b. Click Authenticated Users, and then click Edit.
c. On the Permissions Entry for HOME dialog box, drop down the Apply onto and select This folder only.
d. Click OK twice.

Hyper-V Replica Capacity Planner

The Capacity Planner for Hyper-V Replica which was released on 5/22, allows you to plan your Hyper-V Replica deployment based on the workload, storage, network and server characteristics. The guidance is based on results gathered through our internal testing across different workloads.

You can download the tool and it’s documentation from here – http://www.microsoft.com/en-us/download/details.aspx?id=39057

Instructions:

1) Download the tool (exe) and documentation

2) Read the documentation first and then try out the tool. You should familiarize yourself with some nuances listed in the documentation before using the tool.

So go ahead, use the tool in your virtual infrastructure and share your feedback and questions through this blog post or in the community forum. We would love to hear your comments!

How to activate Windows Server 2012

This is the easiest way:

Bring up the Start Menu

Right click and choose All Apps

1. Right click Command Line -> run as administrator

2. Type slui 3

3. You get the product key activation wizard pop up. Enter the key here and select activate. This will Activate the server license.