Great article explaining, in-depth, maintenance windows in ConfigMgr.
November 20, 2009
November 12, 2009
SCCM OSD Custom Front End Script
Are you wondering how you can prompt for a computer name and OU location within an SCCM 2007 using MDT to deploy and OS?
Follow this link for instructions: http://myitforum.com/cs2/blogs/cnackers/archive/2009/10/15/custom-front-end-name-and-ou-prompt-configmgr-mdt-2010-pre-execution-hook.aspx
Thanks to Chris Nackers for providing this information in his blog.
October 27, 2009
AD DS Database Maintenance
- Defrag database file
Stop ADDS service ( you can’t use ‘files’ if the service is running)
Go to cmd line and type: ntdsutil
Type activate instance ntds
Type files
Type Compact to %s where %s is a directory location (Ex. Compact to c:\)
Backup system state using wbadmin for DR
Quit out of ntdsutil
Copy compacted ntds.dit file to c:\windows\ntds\
Delete all log files in c:\windows\ntds\ (del c:\windows\ntds\*.log)
2. Check AD database integrity
Within the Files maintenance section, type integrity.
3. Check AD Consistency
Type Quit to exit out of Files maintenance
Type Semantic Database Analysis
Type Go Fixup (you can enable verbose logging by using the Verbose On command)
Start ADDS service
**Needs to be performed on every DC**
**If the DC isn’t 2008, you need to boot the server up in restore mode to defrag the AD db**
DC Authoritative Restore
Prereqs: The Forest and Domain functional level must be 2003 or higher. If you are still at 2000, you will need to use the ldifde utility to restore backlinks.
- Restart the DC into Domain Service Recovery Mode (F8)
- Logon with ./Administrator and the Recovery Mode password that was created during DC Promo
- Type wbadmin get versions to figure out which backup and version number you will use.
- Type wbadmin start systemstaterecovery -version:<version #> -backuptarget:<backuplocation>
- Type ntdsutil activate instance NTDS
- Type authoritative restore
- Depending on what you need to restore, you can either use restore object or restore subtree
Ex. Restore subtree “ou=Users,ou=location,dc=domain,dc=com”
If your domain is 2000 functional level, run the following steps after the steps above:
1. repadmin /syncall DCNAME /a /d /A /P /q where DCNAME is the name of the DC you just restored
2. Change to the location where your ldif file is located, should be in the same location of where your log files are from the restore.
3. Type ldifde -i -k -f filename where filename is the ldif file.
4. Rinse and repeat stpes for multiple ldif files.
October 26, 2009
Reset Local Administrator Password(s)
Here are two PowerShell scripts to reset the local administrator password on multiple machines. The first one seaches an OU with a filter on objectClass=Computer and prompts for a new password. The second script you use a text file imported with computer names which the script reads from. Either way works, I prefer the first.
## This variable creates the LDAP connection to Servers, you must enter in the correct DN name of the OU you will be using.
$objDomain = [adsi] (“LDAP://OU=Servers,OU=OU,dc=domain,dc=local”)
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.PageSize = 1000
$objSearcher.Filter = ‘(objectClass=Computer)’
#$objsearch.propertiestoload.add(“name”)
$colResults = $objSearcher.FindAll()
$password = read-host “Please type in the new password.”
$erroractionpreference = “SilentlyContinue”
foreach ($Computer in $colResults) {
$ServerName = $($Computer.properties.name).ToUpper()
$ping = new-object System.Net.NetworkInformation.Ping
$Reply = $ping.send($ServerName)
if($Reply.status -eq “success”) {
Write-Host “$ServerName is online”
$Admin=[adsi](“WinNT://” + $ServerName + “/administrator, user”)
$Admin.PSBase.Invoke(“SetPassword”, $password)
# Verify password was just changed
$PasswordAge = $Admin.PasswordAge
If($PasswordAge -ne $null) {
Write-Host “$ServerName password change SUCCEEDED”
} Else {
Write-Host “$ServerName password change FAILED”
}
} Else {
Write-Host “$ServerName is not online – skipping”
}
}
#This script will change the local adminstrator password for every machine in serverlist.txt
#Only if the server is online via ping request
$erroractionpreference = “SilentlyContinue”
##for <directorylocal> type in the correct location of the serverlist.txt
foreach ($Computer in get-content <directorylocal>\serverlist.txt) {
$ServerName = $Computer.ToUpper()
$ping = new-object System.Net.NetworkInformation.Ping
$Reply = $ping.send($Computer)
if($Reply.status -eq “success”) {
Write-Host “$ServerName is online”
$Admin=[adsi](“WinNT://” + $Computer + “/administrator, user”)
##replace –-password—with the actual password
$Admin.PSBase.Invoke(“SetPassword”, “–password–”)
# Verify password was just changed
$PasswordAge = $Admin.PasswordAge
If($PasswordAge -ne $null) {
Write-Host “$ServerName password change SUCCEEDED”
} Else {
Write-Host “$ServerName password change FAILED”
}
} Else {
Write-Host “$ServerName is not online – skipping”
}
}
DPM Agent failed to install on Server Core
We currently have DPM 2007 SP1 installed and am trying to push the DPM client to a Server 2008 R2 Core server to backup our Hyper-V VMs. Doing so generates this error:
Install protection agent on <dpm fqdn> failed:
Error 313: The agent operation failed because an error occurred while running the installation program on <dpm fqdn>.
Error details: Fatal error during installation (0×80070643)
Recommended action: Review the log files on <dpm fqdn>: [windir]\temp\msdpm*.log and take appropriate action. Retry the operation, and if the error persists, restart the computer and then retry the operation again.
To fix this I had to perform the following steps:
1. Install DPM Hotfix rollup 970867. http://support.microsoft.com/kb/970867/
2. From the 2008 server, run the DPM agent installation manually. (Ex. “\\dpmserver\c$\program files\Microsoft DPM\DPM\Agents\RA\2.0.8844.0\amd64\1033\DPMAgentInstaller_KB970867_AMD64.exe”) Use the x86 if your machine is 32-bit. ***Will require a reboot***
3. From the 2008 server, run the following command: <installdirectory>:\Program Files\Microsoft Data Protection Manager\dpm\bin\ SetDpmServer.exe –dpmServerName <servername> where <servername> is equal to your DPM server.
4. On the DPM server, use the DPM Management Shell and type Attach-ProductionServer.ps1 which will run a script where you can manually add the server to DPM. First it will ask for the DPM server, type that in and press enter. Next type in the Server 2008 name and press enter followed by the correct credentials.
5. Verify your servers has been added to the DPM console.
October 25, 2009
Migrate VMs from Virtual Server to Hyper-V
Thanks to Richard Carpenter for the script.
- Uninstall VM Additions on each VM
- Power down VM(s)
- Run this script which will change all SCSI controllers to IDE as Hyper-V only supports IDE.
‘==========================================================================
‘
‘ VBScript Source File — Created with SAPIEN Technologies PrimalScript 4.1
‘
‘ NAME:
‘
‘ AUTHOR: richardCarpenter , Microsoft Corp
‘ DATE : 9/21/2008
‘
‘ COMMENT: checks the disk adapters and type and if it is SCSI it changes
‘ the type to IDE
‘
‘==========================================================================
option explicit
‘On Error Resume Next
dim id
dim rtn
dim objvs
dim colvms
dim objvm
dim colArgs
DIM hdskConnections
dim objhdskconnection
dim objHardDisk
dim strfile
Set objVS = CreateObject("VirtualServer.Application")
set colVMs = objVS.VirtualMachines
set colArgs = wscript.Arguments
id = 0
For Each objVM in colVMs
If objVM.Name = colArgs.item(0) then
set hdskConnections = objVM.HardDiskConnections
For Each objhdskconnection In hdskConnections
set objHardDisk = objhdskconnection.HardDisk
strFile = objHardDisk.File
wscript.echo "VM Disk File" & strfile
If objhdskconnection.BusType = 1 Then
rtn = objhdskconnection.SetBusLocation (0,0,id)
id = id+1
End If
Next
End if
Next - Use VMM to migrate VM to Hyper-V server
Unable to install Virtual Guest Services
Here was my scenario.
I have Server 2008 R2 Core running Hyper-V and when I created a VM, Server 2003 Standard x86 w/ SP1, I couldn’t install Virtual Guest Services with the following error:
Error (13233)
Unable to install Virtual Guest Services on virtual machine Vista. The
Hyper-V Integration Services setup exited with error code 60001.
I found out from searching the web that the VM must be up to SP2 to allow the Virtual Guest Services to start. This resolved my issue.
October 24, 2009
Microsoft patch stops OCS 2007 R2 service
I was patching our OCS servers and the FE and Edge servers OCS service wouldn’t start with the error:
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7038
Date: 10/17/2009
Time: 7:04:25 PM
User: N/A
Computer: OCS
Description:
The RtcSrv service was unable to log on as domain\RTCService with the currently configured password due to the following error:
Logon failure: unknown user name or bad password.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7024
Date: 10/19/2009
Time: 8:52:23 AM
User: N/A
Computer: OCS
Description:
The Office Communications Server Front-End service terminated with service-specific error 3286842403 (0xC3E93C23).10/19/2009 5:37:19 AM OCS Server 1000 12290
In reading a few blog post I found that:
Please make sure you don’t install the “MS09-056: Vulnerabilities in CryptoAPI could allow spoofing” KB974571 until this problem has been fixed.
MS09-056: Vulnerabilities in CryptoAPI could allow spoofing:
Known issues that affect this security update
Services that are required by Communications Server are not started after you install this update and then restart a computer that is running any of the following versions of Communications Server:
- Live Communications Server 2005 (LCS)
- Live Communications Server 2005 SP1
- Office Communications Server 2007 Enterprise edition (OCS)
- Office Communications Server 2007 Standard edition
- Office Communications Server 2007 R2 Enterprise edition
- Office Communications Server 2007 R2 Standard edition
- Office Communicator 2007 Evaluation version only*
- Office Communicator 2007 R2 Evaluation version only*
When this problem occurs, the required services behave as if an expired trial version of the product is installed. This behavior affects the whole Communications Server enterprise that is hosted by the affected server or servers.
Microsoft is investigating this issue, and will determine the most appropriate way to address it. Customers who are not running OCS or LCS server are not affected by this known issue, and can safely ignore this issue.
Customers who have deployed the OCS or LCS product on a server should assess the risk that is involved to decide whether to install the security update on that server. These customers should revisit this Knowledge Base article often, because this article will be updated as soon as more information and a resolution are available.
Here are a few links to this issue:
October 19, 2009
Phew
Well, the Vikes luckily found their way into the winners circle on Monday as the field goal slid left of the goal giving them a 33-31 victory. The offense has really found their stride as Favre has been spreading the rock around to all of his weapons and Sidney and Visanthe have really stepped up their game. Yesterday’s tailgate was fantastic as the weather turned from chilly to beautiful and the ribs and shrimp was superb!
Next week the Vikes travel to defending Super Bowl champs where they will have their stiffest challenge of the season. Should be a fun game to watch, lets hope AP, Winfield, Sapp and Percy heal up!
