Archive

Archive for the ‘Windows Server 2008’ Category

Remove failed DC from AD manually… Never been easier

November 11, 2010 10 comments

You perform metadata cleanup on a domain controller in the domain of the domain controller that you forcibly removed. Metadata cleanup removes data from AD DS that identifies a domain controller to the replication system. Metadata cleanup also removes File Replication Service (FRS) and Distributed File System (DFS) Replication connections and attempts to transfer or seize any operations master (also known as flexible single master operations or FSMO) roles that the retired domain controller holds.. Removing failed DC manual was hard process that need some level of professionalism as I used to do it with Ntdsutil command-line tool.

Please check “How to remove data in Active Directory after an unsuccessful domain controller demotion”

http://support.microsoft.com/kb/216498

How to remove orphaned domains from Active Directory

http://support.microsoft.com/default.aspx?scid=kb;en-us;230306

Clean up server metadata

http://technet.microsoft.com/en-us/library/cc736378%28WS.10%29.aspx

I used to use it since Windows 2000, 2003. But I was suprized to discover that Windows 2008, 2008 R2 has new GUI. Really easy and efficient one.

http://technet.microsoft.com/en-us/library/cc816907%28WS.10%29.aspx

Clean up server metadata by using GUI tools

When you use Remote Server Administration Tools (RSAT) or the Active Directory Users and Computers console (Dsa.msc) that is included with Windows Server 2008 or Windows Server 2008 R2 to delete a domain controller computer account from the Domain Controllers organizational unit (OU), the cleanup of server metadata is performed automatically. Previously, you had to perform a separate metadata cleanup procedure.

You can also use the Active Directory Sites and Services console (Dssite.msc) to delete a domain controller’s computer account, which also completes metadata cleanup automatically. However, Active Directory Sites and Services removes the metadata automatically only when you first delete the NTDS Settings object below the computer account in Dssite.msc.

As long as you are using the Windows Server 2008, Windows Server 2008 R2, or RSAT versions of Dsa.msc or Dssite.msc, you can clean up metadata automatically for domain controllers running earlier versions of Windows operating systems.

Membership in Domain Admins, or equivalent, is the minimum required to complete these procedures. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477).

To clean up server metadata by using Active Directory Users and Computers

  1. Open Active Directory Users and Computers: On the Start menu, point to Administrative Tools, and then click Active Directory Users and Computers.
  2. If you have identified replication partners in preparation for this procedure and if you are not connected to a replication partner of the removed domain controller whose metadata you are cleaning up, right-click Active Directory Users and Computers <DomainControllerName>, and then click Change Domain Controller. Click the name of the domain controller from which you want to remove the metadata, and then click OK.
  3. Expand the domain of the domain controller that was forcibly removed, and then click Domain Controllers.
  4. In the details pane, right-click the computer object of the domain controller whose metadata you want to clean up, and then click Delete.Metadata Cleanup in ADUC
  5. In the Active Directory Domain Services dialog box, click Yes to confirm the computer object deletion.
  6. In the Deleting Domain Controller dialog box, select This Domain Controller is permanently offline and can no longer be demoted using the Active Directory Domain Services Installation Wizard (DCPROMO), and then click Delete.DC offline in AD Users and Computers
  7. If the domain controller is a global catalog server, in the Delete Domain Controller dialog box, click Yes to continue with the deletion.
  8. If the domain controller currently holds one or more operations master roles, click OK to move the role or roles to the domain controller that is shown.You cannot change this domain controller. If you want to move the role to a different domain controller, you must move the role after you complete the server metadata cleanup procedure.

To clean up server metadata by using Active Directory Sites and Services

  1. Open Active Directory Sites and Services: On the Start menu, point to Administrative Tools, and then click Active Directory Sites and Services.
  2. If you have identified replication partners in preparation for this procedure and if you are not connected to a replication partner of the removed domain controller whose metadata you are cleaning up, right-click Active Directory Users and Computers <DomainControllerName>, and then click Change Domain Controller. Click the name of the domain controller from which you want to remove the metadata, and then click OK.
  3. Expand the site of the domain controller that was forcibly removed, expand Servers, expand the name of the domain controller, right-click the NTDS Settings object, and then click Delete.Metadata Cleanup in AD Sites and Services
  4. In the Active Directory Domain Services dialog box, click Yes to confirm the NTDS Settings deletion.
  5. In the Deleting Domain Controller dialog box, select This Domain Controller is permanently offline and can no longer be demoted using the Active Directory Domain Services Installation Wizard (DCPROMO), and then click Delete.DC offline in AD Users and Computers
  6. If the domain controller is a global catalog server, in the Delete Domain Controller dialog box, click Yes to continue with the deletion.
  7. If the domain controller currently holds one or more operations master roles, click OK to move the role or roles to the domain controller that is shown.
  8. Right-click the domain controller that was forcibly removed, and then click Delete.DC Deletion in AD Sites and Services
  9. In the Active Directory Domain Services dialog box, click Yes to confirm the domain controller deletion.

Creation date wrong for snapshots on VMs imported to #Hyper-V 2008 R2

August 18, 2010 1 comment

I think this forum post is deserve sharing

Situation : Windows Server 2008 R2 with latest patches (SP1 beta is NOT installed)

Windows Server 2008 SP2 with latest patches

CreationTimes for snapshots of virtual machines that were originally created on the same server are correct.

CreationTimes for snapshots of virtual machines that have been exported/imported between 2008 SP2 virtual hosts are correct.

But CreationsTimes for snapshots of virtuals that have been exported and imported onto 2008 R2 virtual hosts are incorrect.

Cause of the issue: As per Vincent Hu Hyper-V product team is aware of it.

For CreationTime property we rely on configuration file creation time until someone calls SetCreationTime() on configuration. Once SetCreationTime is called, we add a property, “creation_time”, to config xml file and subsequent GetCreationTime() call will get its value from this property. While taking snapshot we do not call SetCreationTime() and hence, after import, the newly created snapshots also get incorrect creation time.

Here is the workaround: Removing the creation_time data from the vm’s configuration file.

BlackBerry server on Hyper-V

July 2, 2010 1 comment

As many customer are working with BB server I always hear this question.. Can I run my BB Server on Hyper-V ?!!!

Okay..The answer from our experience is YES  BUT….. With limited support from RIM

BES 5.0 and Hyper-V has currently “limited” support from RIM ( Which means that this is a supported environment but RIM has not fully assessed the impact of  this configuration)  . Please check the support matrix from RIM for further details: http://na.blackberry.com/eng/support/software/server_compatibility.jsp#tab_tab_compatibility

So I would recommend BES installation on Hyper-V just in case that you have a small number of users with simple environment and polices. If you are planning to go with big implementation you should get direct contact with RIM before making up your decision.

Microsoft Looks to Third-Parties to Extend DPM 2010

June 22, 2010 2 comments

Source

It’s a big week for Microsoft Data Protection Manager 2010 … even though it’s a month or more away from general availability.  At the Microsoft Management Summit this week, DPM 2010 was released to manufacturing, and i365 and Iron Mountain both made DPM 2010-related announcements that extend its capabilities.

Microsoft continues to make strides since joining the disk-based backup and recovery space with DPM 2006, adding features that have increased its appeal to Microsoft-centric buyers.  Among other things, DPM 2010 promises to:

  • Increase scale.  A single DPM server can protect 100 production servers (up from 30-40) and 80 TB of data, 1000 Windows clients, 2000 SQL databases, 40 TB Exchange databases, and 25 TB SharePoint farms.
  • Provide a single agent for all Microsoft workloads, including support for Windows 7, MOSS 2010, Exchange 2010, and SAP running on a SQL server.
  • Support Hyper-V on Windows 2008 r2, including support for LiveMigration scenarios with cluster-shared volumes, recovery of .VHDs to an alternate host, and VM-level backup with either VM-level or file-level recovery.
  • Protect connected or disconnected Windows clients with continuous backup (backup is performed locally until a connection/synchronization is possible), allowing data to be recovered locally and enabling end-user self-service restore.
  • Enable SharePoint farm-level protection with document-level restore, eliminating the need for a SharePoint recovery farm.
  • Replicate a DPM server off site to third-party cloud providers, such as Iron Mountain or i365.

Iron Mountain and Microsoft previously teamed up to deliver a cloud storage option for DPM 2007 customers over a year ago, allowing users to extend their data protection strategies with cloud-based copies for DR.  This week, Iron Mountain announced support for DPM 2010 and enhancements to Iron Mountain CloudRecovery—beefing up its scalability, streamlining DPM-CloudRecovery integration, and altering its licensing/pricing model to provide greater cost efficiency and predictability to subscribers.

i365 is partnering with Microsoft in a slightly different way. i365 is delivering an all-in-one hardware-software-cloud solution: Evault for System Center Data Protection Manager (EDPM).  The Dell server ships with both Microsoft DPM and Evault backup software accessed via a single user interface and with a unified policy engine.  Why both?  Since DPM is limited to protecting Microsoft’s operating system, hypervisor, and applications, EDPM allows Microsoft to address a wider audience—including Linux, UNIX, NetWare, IBM i, VMware, and Oracle users.  Optionally, the EDPM storage can be replicated to the i365 cloud—creating a more economically-feasible DR copy for mid-market and small enterprise companies.

Missing from Microsoft’s DPM 2010 strategy is any statement that the company will leverage its own cloud service capabilities in Windows Azure.  Will DPM be offered as software as a service (SaaS)?  Will Windows Azure cloud storage be used for DPM 2010 DR copies?  Stay tuned.

Exchange 2010 DAG and Hyper-v Cluster supportability statement – Supported but how

May 12, 2010 4 comments

Source
We all have been tought that Exchange 2010 DAG cannot be installed on a hyper-v Cluster or ESX Cluster (generally any hypervisor clustering), this is a correct statement but not entirely true.
the correct statement that Installing Exchange 2010 DAG is not supported on Hypervisor Clustering only when you confiure the VM that hosts the Exchange as highly available machine, thus you control the High availability of he VM using clustering.

if you Install Hyper-v or ESX clustering, you can Install Exchange 2010 DAG normally on a VM that is hosted on any single host of the Hypervisor cluster as long as this machine is not highly available from the Hypervisor point of view meaning that you cannot move it using live migration or Vmotion.
you can now install the DAG on your Hypervisor Cluster physical server normally, don’t make the VM highly available, size the IOPs and Memory and you are fine.
Hope that this helps you in your virtualization and Exchange Project

Linux Integration Services v2.1 Release Candidate Now Available

Microsoft announces the availability of the RC release of the Linux Integration Services v2.1. This new version includes new functionality, including timesync, integrated shutdown, and SMP support.

When installed on a virtual machine that is running a supported Linux operating system, the Linux Integration Services for Hyper-V provide the following functionality:

  • Driver support for synthetic devices: The Linux Integration Services support the synthetic network controller and the synthetic storage controller that were developed specifically for Hyper-V.
  • Fastpath Boot Support for Hyper-V: Boot devices now take advantage of the block Virtualization Service Client (VSC) to provide enhanced performance.
  • NEW: Timesync: The clock inside the virtual machine will now remain synchronized with the clock on the host.
  • NEW: Integrated Shutdown: Virtual machines running Linux can now be shut down from either the Hyper-V Manager or the VMConnect application using the “Shut Down” command.
  • NEW: Symmetric Multi-Processing (SMP) Support: Supported Linux distributions can now properly use up to 4 virtual processors (VP) per virtual machine.
  • NEW FOR RC: Heartbeat: Allows the host to detect whether the guest is running and responsive.
  • NEW FOR RC: Pluggable Time Source: A pluggable clock source module is included to provide a more accurate time source to the guest.

This version of the integration services for Hyper-V can be downloaded from here, and supports Novell SUSE Linux Enterprise Server 10 SP3, SUSE Linux Enterprise Server 11, and Red Hat Enterprise Linux 5.2 / 5.3 / 5.4 / 5.5.

MS DTC could not correctly process a DC Promotion/Demotion event ID 53258

April 4, 2010 5 comments

After installing new Windows 2008 Domain controller and moving the FSMO roles to it I found a warning message on my Windows 2003 DC

Event Type:      Warning
Event Source:      MSDTC
Event Category:      SVC
Event ID:      53258
Date:            4/4/2010
Time:
User:            N/A
Description:
MS DTC could not correctly process a DC Promotion/Demotion event. MS DTC will continue to function and will use the existing security settings. Error Specifics: %1

Event Type:      Warning
Event Source:      MSDTC
Event Category:      SVC
Event ID:      53258
Date:            4/4/2010
Time:
User:            N/A
Description:
MS DTC could not correctly process a DC Promotion/Demotion event. MS DTC will continue to function and will use the existing security settings. Error Specifics: d:\nt\com\complus\dtc\dtc\adme\uiname.cpp:9351, Pid: 5392
No Callstack, CmdLine: C:\WINDOWS\system32\msdtc.exe


To resolve this issue do the blow steps:

  • Click Start -> Administrative Tools -> Component Services.
    Right click “My Computer” in the window pane and select Properties.
  • Click the MSDTC Tab.
  • Click the “Security Configuration” button, a dialog box appears. Click “OK”.
  • Click “OK” on the “My Computer Properties” box; this will take you back to the console.
  • Right click “My Computer” and select “Stop MS DTC” (this stops the MSDTC service.
  • Again, right click “My Computer” and select “Start MS DTC”.
By following the above steps, it appears that this sets the MS DTC defaults resolving the error messages.
To make sure open the Event Viewer–> Application
%d bloggers like this: