Thursday, December 30, 2010

New Rollups Released for TMG 2010 and ISA 2006

The ISA / TMG Team in MS have released a new rollup for each product. Make sure that Service Pack 1 is installed on ISA and TMG before installing these rollups.

Link Below:

UAG Maximum Number of Logon Attempts Error when using a 20 Character Password

I came across this interesting blog post last night relating to an issue within UAG when a user's password is longer than 20 characters, the UAG server will not allow logon due to truncation of the password and eventually read the logon attempt as failed and locks it out.

Paul Harper - Microsoft Premier Field Engineer - has supplied the information needed to get around this particular issue if you come across it. check the link below:

Wednesday, December 29, 2010

Automatically Live Migrate Multiple Virtual Machines in a Hyper V Cluster

Over the Christmas break, I decided to use the time off to carry out some essential maintenance of our 3 Node Hyper V Failover Cluster that we currently have in our datacentre (I know, sad as I am working over the holidays!).

What I wanted to do was to update all of the Hyper V hosts with the latest HP Support Packs and Firmware updates, install the latest Windows Updates and Patches and also run scripts to identify which hotfixes are missing that are specific to Hyper V, Clustering and SCVMM (see this link for a really handy script that I recommend any Hyper V admin to use regularly -

With all of these updates to be applied to the Hyper V hosts, it means in that although there will be no need for downtime of the virtual machines on each host (approx 15 VM's on each one), I will still need to 'Live Migrate' these machines to the other Hyper V hosts before I add the updates and reboot the hardware.

This 'Live Migrate' process can be a tedious process as unlike VMWare's VMotion, you cannot 'Live Migrate' any more than one virtual machine at a time from a physical host to another - you can 'Live Migrate' more than one virutal machine at a time within a Hyper V cluster but not more than one VM from each physical host. For example, I can migrate a VM from Host 1 to Host 2 and at the same time, I can migrate a machine from Host 3 to Host 4 as long as each host only has one 'Live Migration' occuring at any given time.

With a large amount of VM's to 'Live Migrate', clicking on each VM one at a time and waiting for it to migrate before you can do the next one is a time consuming process and a waste of valuable time over the Christmas holiday period!

As previously mentioned, although you cannot 'Live Migrate' more than one virtual machine at a time in a Hyper V cluster from one host to the other, there are several ways that you can automate this process with a couple of clicks of a mouse that will systematically move each virtual machine to a different host without the need for you to do each VM one by one.

My preferred method of automating this process requires that you have Microsoft's System Center Virtual Machine Manager 2008 R2 managing your Hyper V cluster (shame on you if you don't!).

I remembered reading through the SCVMM documentation a while back and coming across a feature for host management called 'Maintenance Mode'. Maintenance Mode allows you to specify if a host is going to be offline within your Hyper V cluster and when you enable Maintenance Mode on a particular Hyper V host, a wizard pops up explaining that this process will automate the 'Live Migration' of your virtual machines to another physical host. Just the solution I was looking for!

Simply browse to the 'Hosts' section from within SCVMM, right mouse click on the host, select 'Maintenance Mode' from the menu and then follow the wizard to move all machines automatically.

There is another way to automatically move all the Virtual Machines from one Hyper V host to another but that involves pulling the power cables from the back of the host and I really don't recommend to do that....................

Now, back to enjoying the time off work!

Tuesday, December 21, 2010

BPOS versus the new Office 365

For those of you that have been out of the loop the last while, you might be excused for thinking that the new Microsoft Office 365 was a new version of your standard locally installed Office client.

Microsoft Office 365 however is the opposite of a locally installed client. It is the new version of Microsoft's current Online (Cloud) offering called Business Productivity Online Suite (BPOS).

So what are the differences you might ask? Read below for a comparison of the two composed by Aaron Leskiw.

How does Office 365 compare to BPOS?

Microsoft describes Office 365 as a “significantly enhanced” version of BPOS. Although it’s basically the same service, as you’ve seen, it includes new features like Office Web Apps. And, it also has enhancements to make administration easier.

On the desktop side of things, Office 365 includes the new Service Connector application, replacing the single sign-on tool.  The Service Connector should make user desktop management a little easier, and simplify the login process for users. The Service Connector also takes care of patches and updates.

Speaking of the desktop, system requirements have changed. Office 2003 will no longer be supported, and neither will Office Communicator 2007.  Workstations will need to run Office 2007 or newer, and the new Lync 2010 software for instant messaging.

Office 365 is scheduled for availability in 2011. If you’re currently a BPOS customer, then you’ll have 12 months to migrate to Office 365 from the time the service becomes available. For more information, check out the Office 365 transition center, where Microsoft has done a great job at providing information for admins, including a helpful transition checklist. There's also a helpful FAQ.

With the release of Office 365, Microsoft has really stepped-up the game for hosted-cloud services. Time will tell how successful this play will be, but recent big wins have demonstrated that they are definitely a player. If Office 365 looks like something you want to learn more about, you can get more information on the Microsoft Office 365 home page.

Or, download the Office 365 fact sheet for full details on the different Office 365 offerings.

Microsoft BPOS - How to configure an iPhone for BPOS Exchange Online

I came across this article in one of my all time favorite IT sites - Daniel Petri's - I started using this site way back when I started out studying for my old Windows NT 4 MCSE.

Anyhow, as more and more people have iPhones and more and more companies are moving to BPOS, here's the link to an article explaining what you need to do to configure your iPhone with BPOS:


Friday, December 17, 2010

Deploying Virtual Machine Templates using SCVMM 2008 R2

O.K., so this isn't new information but still can be a little bit tricky if you're not used to the process of creating templates and if you don't have a full understanding of the sysprep utility and why it is needed to deploy multiple copies of the same machine.

An engineer came to me a while back and told me a story that sounded kinda familiar to me when I started using Hyper V a few years back. The engineer had a Hyper V deployment to do that involved creating 10 virtual machines all with the same Operating System but each would be used for different applications and roles. His quick solution to deployment was to build one virtual machine, make the necessary modifications to password policies, rdp connections, firewall etc., then shut down that vm and make another 9 copies of the VHD to use on the other virtual machines.

A good idea in theory but lacking one train of thought and that was that when the original VHD was created, this VHD had it's own SID unique to this installation and when he made another 9 copies of the VHD, each of these contained the exact same SID on the network. When all of the copied VHD's were brought online and added to the domain, it wasn't long before duplicate SID entries started to appear within the event logs on each of these, specifically the one that had the Domain Controller role!

What should have been done first to avoid this problem was to build the initial VHD and configure it as needed. Then he should have opened up a command line and browsed to the 'C:\Windows\System32\sysprep' folder and ran the following command:

sysprep /oobe /generalize

Once this command was completed from running on the VM, it shuts it down and the Virtual Hard Disk is now ready for deployment as an Out Of Box Experience (oobe) and Generalized machine with no SID!

All that has to be done now is to make a copy of this VHD and store it for safe keeping as it is going to be your master VHD for deployments in the future. In this engineers case, he could then make 9 copies of this newly sysprep'd VHD and when each one is run within Hyper V, the VM will start to request the relevant configuration settings such as Product Key and user settings to complete the installation.

Now, I know the title of this blog topic is 'Deploying Virtual Machine Templates using SCVMM 2008 R2' and I haven't yet even mentioned SCVVM!

The above process is quite laborious and can take a bit of getting used to along with still leaving a lot of configuration steps to finalise on each newly deployed VM. Within SCVMM however, this process is simplified greatly and takes away the need to run a command line sysprep from within the initial VM.

If you take a look at the document in the link below created by Virtualisation MVP Aidan Finn that outlines a comprehensive step by step process to creating and deploying an SCVMM 2008 R2 Template:

SCVMM 2008 R2 Service Pack 1 RC Released

O.K., so I'm about a week behind on this one, but busy schedule means I'm only getting around to blogging about it now!

SCVMM 2008 R2 Service Pack 1 RC combines the usual gamut of bug fixes and tweaks as well as adding a new feature set for Windows Server 2008 R2 Dynamic Memory.

Check out all the info on SP1 right here:

Hyper V Performance Tuning

Here's some good steps to follow when trying to tune your Hyper V deployment. These steps were published on Jason Conger's Virtualisationadmin Blog:

Hyper-V is pretty easy to set up in Windows Server 2008 R2 - just enable the Hyper-V role and start building virtual machines. However, there are a lot of performance tuning measures that can be made to ensure you get optimum performance from your hardware. Paul Schnackenburg has put together a series of articles detailing these performance tuning techniques. Paul’s articles include detailed analysis of the following:
  • Virtual processors - According to Microsoft as a general rule of thumb it’s best to have four virtual processors per logical processor in the system, maximum is eight. But the question of course is how can you find out the ratio on your hosts?
  • Memory, Storage, and Networking - Optimizing memory for VMs is a challenge in Hyper-V of today as the memory you assign to each VM is fixed whether the VM actually uses it or not. The good news it’s going to become a whole lot easier when Microsoft releases SP1 for Windows Server 2008 R2 and Dynamic Memory comes into play.
  • Tuning Tips and Tricks - integration components, guest OS, Hyper-V manager, Services, Host OS, Background CPU activity, network configuration.
  • Monitoring Hyper-V performance - The first rule is don’t ever measure performance of a VM from within a VM. Most sys admins first reaction to performance complaints will be to have a look in Task Manager. Unfortunately that doesn’t work in a VM because it can only see its little keyhole view of the world.

UAG Service Pack 1 Released!

UAG Service Pack 1 has been released and it comes packed with some new GUI enhancements as well as some neat new features.

For anyone who has configured Direct Access using UAG in the past, they will notice that some of these changes are welcome enhancments!

A really nice feature in SP1 is the ability to update or modify the existing UAG GPO's that the configuration wizard generates initially. This is quite cool because previously, if you wanted to make any changes to the Direct Access configuration, you nearly always needed to manually remove these GPO's first to ensure the new ones took precedence when you re-ran the wizard.

You can now also specify a GPO that houses the client laptop's or computers that you want to enable Direct Access on instead of the previous option of just a security group.

There is also some major changes to the Direct Access Configuration Assistant to help troubleshoot those hard to get going configurations!

Here's the links needed to get the download and give you some extra information on whats included:

Thursday, December 16, 2010

Exchange 2010 Virtualisation Support

I have decided to post this for those of you not familiar with Microsoft's stance on virtualising Exchange Server 2010 as there seems to be conflicting reports of what is and is not supported within a virtual environment.

Microsoft supports Exchange Server 2010 in a virtualised environment with just two exceptions.

Hyper V is of course supported as well as all vendors that are listed on the 'Server Virtualisation Validation Platform' listed here:

The Exchange 2010 UM role is the only role not supported in a virtual environment (it still works if you want to try it, just not supported by MS!)

Here's the catch however that most people are not aware of - Microsoft DO NOT support a virtualised DAG environment if the DAG servers are made Highly Available (HA) within the HyperVisor. Again, this configuration will work if you set it up this way, however, if you have problems and want to call Microsoft for support, they won't want to know if you have the DAG members Highly Available and configured to fail over to another host in the event of hardware failure.

Amazingly though, VMWare are quoted as recommending their VMWare HA Solution with the Exchange application-aware high availability solution which is an unsupported configuration!!

Here is a link from the Microsoft Exchange Team's Official Blog and it makes for some interesting reading on the subject!

Troubleshooting 'Redirected Access' on a Cluster Shared Volume (CSV)

Here's a really interesting post from Chuck Timon - Microsoft Enterprise Platforms Support Senior Support Escalation Engineer - surrounding the dreaded 'Redirected Access' message that can appear sometimes (rarely for me thankfully!) on a Hyper V Failover Cluster.

The post covers 4 reasons as to why this message will appear on your CSV and the solutions to diagnose and bring the CSV back online.

Here's the link:

Wednesday, December 15, 2010

Exchange 2010 Personal Archive support in Outlook 2007 is here!

Finally, for those of you that are using Exchange 2010 Personal Archives and are tired of having to upgrade Outlook Clients to 2010 version, then Microsoft have recently released a rollup and hotfix that enables this support, here's the link: