Tuesday, 31 December 2013

2013 - A Year in Review

As is the norm with the end of the year I thought I would add my 2 pennies and present my 2013 summary post.

Significant software releases:

Microsoft are in the process of adopting a new development cycle or "Rapid Release Cadence" that we started to hear more about as people talked about the "Windows Blue" project code name.

The first fruits of this saw the following releases this year:
  • January 15th
    General Availability (GA) release of System Center 2012 Service Pack 1 (SP1)
  • August 27th
    Release to Manufacturing (RTM) of Windows 8.1 & Windows Server 2012 R2
  • September 9th
    RTM versions of Windows 8.1 & Windows Server 2012 R2 released to TechNet and MSDN
  • October 18th
    General Availability (GA) of Windows 8.1 & Windows Server 2012 R2 & System Center 2012 R2
    Windows Intune "Wave E"
    Visual Studio 2013 
  • October 22nd
    Just a few Windows Azure Releases...
    General Availability (GA) of Windows Azure Backup Services
    Public preview of Windows Azure Hyper-V Recovery Manager
    Virtual Machines Imporvements (Delete Attached Disks, Availability Set Warnings, SQL AlwaysOn Configuration)
    Windows Azure Active Directory 
    Windows Azure SDK 2.2
  • October 28th
    General Availability (GA) of Windows Azure HDInsight

That's not bad going if you ask me, 7 months between 2 major System Center and Windows releases and a raft of Azure releases.
Not only that but the R2 releases packed in more than a few new features that we have been used to in the past.

However, this new rapid release cycle not been without its problems.
This year has been plagued with problematic software updates, some (KB2887595) with quite disastrous effects (BSOD your Hyper-V cluster anyone?).

There were also numerous problems with the SP1 update for ConfigMgr.

Aidan Finn has a good summary post of Microsoft's new rapid release cadence here:

Addons, Tools and Utils

Over the year there's been some excellent community and partner releases for System Center.  Here's a round-up of some of my personal favourites.

Third Party/Partner Releases
  • Ensight Dashboards and Project Connector from expit
  • Orchestrator End User Portal from ITQ
  • Various Service Manager Utils from SCUtils
  • The ever excellent App Store from Cireson
  • An excellent replacement Service Manager Portal from Syliance
  • Operations Manager Dashboards from Coretech
  • It goes without saying, LiveMaps from Savision
Community Releases


There was a flurry of good books released:

And there's nothing better than some free books!!
The following titles can be found via the summary link below the list.
  • Designing Orchestrator Runbooks
  • Configuration Manager Field Experience
  • Troubleshooting Configuration Manager
  • Cloud Management with App Controller
  • Optimizing Service Manager
  • Network Virtualization and Cloud Computing (Coming Soon)
  • Building a Virtualized Network Solution (Coming Soon)
  • Integrated Cloud Platform (Coming Soon)
  • Introducing Microsoft System Center 2012 R2 Technical Overview


Biggest thing in Private/Hybrid Cloud this year?

Well, I think it has to go jointly to the Windows Azure Pack (WAP) and one of the new components of Orchestrator - Service Management Automation (SMA) that works in conjunction with WAP.

These new additions to System Center 2012 with the R2 release aren't going to jump into place in every datacentre overnight, but they're well worth taking the time to take a look into and start getting your hands dirty with them.

WAP brings the familiar interface of the Public Azure Cloud management portal into your own datacentres bring the ease of management and familiarity to your Private Cloud.

SMA brings the power of PowerShell workflows to enhance your automation in conjunction with WAP to really help drive your Private/Hybrid cloud offerings.

There's an excellent blog series for WAP here along with a "Getting Started" guide for SMA here

If you prefer a more visual/auditory approach, come join us at CloudOS Community for a webinar by Damian Flynn (MVP) who is presenting on WAP on the 8th January 2014.
Tickets are available here from Eventbrite.

So what's happened personally to me in 2013?

Well at the end of August I left my then employer and decided to be brave and setup my own company (PowerONPlatforms) to provide Private/Hybrid Cloud consultancy and also bring a new product to the market, a Cloud Management Appliance based on System Center 2012 R2.  It's almost ready and 2014 should be a great year /fingers crossed.

I got a nice surprise in October when I received the e-mail announcing that I had been awarded the MVP award in System Center Cloud and Datacentre Management!

I became involved in the www.CloudOSCommunity.com community site as a director and we're slowly building up to what should be an amazing community to be a part of.

I was invited to come and do some sessions at the UK Tech Days Online in November, you can watch the on demand stream here and see me floundering about as what should have been a good session on building up networking in VMM went to pot thanks to the demo gods and my Surface struggling to get a network connection /facepalm

As part of the Cloud OS community I jumped on the road, along with a bunch of talented people that we corralled into joining us, where we presented at sessions around the UK as part of our CloudOS Relay event which was a huge success.

In-between the Cloud OS Relay events I managed to skip across the pond to Seattle to join some of the cleverest and most down to earth nice people that I've ever had the pleasure of meeting at my first MVP Summit.

So all in all, I've not really stopped since September (not to say that I wasn't busy before that!)

I'm hoping that I can start hitting the blog posts a bit more in the New Year and that I'll also be out and about doing some more presenting so watch this space...

Happy New Year to you!

Tuesday, 3 December 2013

Network speed issues in Windows Server 2012 R2 Hyper-V with Broadcom NICs

It’s been well documented that there are various problems with Broadcom network drivers in implementations of Hyper-V.
Some of these examples are:
Microsoft KB2902166 – Recommendation to disable VMQ with Broadcom NICs - http://support.microsoft.com/kb/2902166
Guest Clustering Issues - http://www.hyper-v.nu/archives/pnoorderijk/2013/06/virtual-guest-cluster-and-nic-teaming-in-the-host-results-in-an-evicted-cluster-node-broadcom-emulex/
Guest Clustering Issues - http://systemscentre.blogspot.co.uk/2013/05/problems-clustering-virtual-machines-on.html
Updated Dell Driver for Broadcom NICs - http://datacenter-flo.de/?tag=broadcom
Various other posts that a simple Bing search will find you - http://www.bing.com/search?q=broadcom+hyper-v&qs=n&form=QBLH&filt=all&pq=broadcom+hyper-v&sc=3-16&sp=-1&sk=

I was hoping that with the release of Windows Server 2012 R2 that these might be a thing of the past and the fixes introduced in the latest 2012 RTM drivers carried across.
How wrong could I be…

After deploying a 2 node 2012 R2 Hyper-V cluster I started to immediately notice slow network performance both deploying new VM’s and copying files between guest virtual machines.
To further confuse me, the problems were heavily present when copying to the host, or VM’s running on the host, that wasn’t the CSV owner.  This originally started me looking down the wrong path.

So, after trying multiple things, I came full circle back round to retesting VMQ & Broadcom settings.

At the moment it looks like the problem that I (and others) had experienced in the past with having VMQ enabled on Broadcom adapters is present with the inbox driver in R2 (version

As well as enabling/disabling VMQ I also stepped the driver down to the previous 2012 RTM version driver ( and it works fine with VMQ enabled.
I can now even swap between drivers without a reboot and show speed impact.

With VMQ Enabled, poor transfer speed between VM’s:

With VMQ Disabled, consistent (and better) transfer speeds regardless of VM/Node placement (Live Migration while copying):

In my environment that I was testing, I have Broadcom NetXtreme  B5720 Quad Port NICs in my blades and all firmware is up to date

Obviously I don’t really want to miss out on the VMQ features so for a while I ran the down level driver, hoping that a fix would appear.

Well, Broadcom have recently released an updated driver directly to their site.

This driver is dated 5th November 2013 and version

I’ve flattened my environment and let VMM install the updated driver during bare metal deployment and, touch wood, so far all VMQ related speed issues are fixed.

Looks like it’s something to bear in mind that the in-box Broadcom driver in R2 is broken while the current direct from Broadcom works.

Sunday, 3 November 2013

Tech Days Online (6th November - 8th November)

Event Registration Link: https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032564581&Culture=en-GB&community=0

Come and join (virtually) a barrage of MVP's and experts presenting on a variety of topics over 3 days.  All online and streamed to the comfort of your, erm.. workplace??

Wednesday November 6 – Windows Client for IT Pros and Developers
Overview of Day 1
Windows 8.1 - Devices Galore
Windows 8.1 - MDOP (App-V, UEV)
Device Mgmt - InTune Configuration Manager
Interview with Steve Ballmer
Device Mgmt - Heteregeneous Device Management
Cloud Productivity - Managing Office 365
Building Business Applications  with Visual Studio DevOps
Windows 8.1 - Workplace Join
Windows 8.1 - VDI
Things you need to know about Intel vPro
Interview with Craig Ashley - Windows Product Management
Wrap-up of Day 1 + Preview of Next Two Days

Thursday November 7 – Server and Cloud for IT Pros
Overview of Day 2
2012 R2 - Virtualisation
Building Windows Server 2012 R2 Networking with System Center 2012 R2 Virtual Machine Manager
2012 R2 - Storage
Extreme Automation (Learn automation or get better at golf!)
What's new in Ops Manager
Cluster in a box
Moving VMs from on-premise to Azure
Automating the Azure Datacentre with PowerShell
Cloud backup
Windows Azure Platform
Wrap-up of Day 2 and Preview of Day 3

Friday November 8 – Visual Studio, Azure, Dev tools for Developers
Overview of Day 3
What's new in Visual Studio 2013 for App Developers
Agile development with Team Foundation Server
Building a Cloud Back-End to connect your Windows Phone and Windows Apps
Using the Nokia Music C# API on Windows Phone 8 / Windows 8
Azure Cloud Services Architecture
From Whiteboard to deployed in 15 minutes
What's new in Visual Studio 2013 for web developers
What's new in Windows 8.1 for App Development
Asynchronous C# development in Visual Studio 2013
Wrap-up of Day 3

Wednesday, 30 October 2013

New and Deprecated PowerShell commands in System Center 2012 R2 Virtual Machine Manager

Since I’m in the middle of doing some heavy scripting in VMM at the moment, I thought I’d take five minutes to dive into what new cmdlets we gained with the R2 release and to check that my scripts weren’t using any cmdlets that had been deprecated/removed.

In total we now have 97 new cmdlets in R2 and we loose 7.

Grand Total
New to R2
Present in SP1
Grand Total

Grand Total
Removed in R2
Grand Total

So what is new in R2?  The following is a list of the new Cmdlets:

Command Type
Cmdlet Add-CloudResource New to R2
Cmdlet Add-SCBGPPeer New to R2
Cmdlet Add-SCNATConnection New to R2
Cmdlet Add-SCNATRule New to R2
Cmdlet Add-SCNetworkConnection New to R2
Cmdlet Add-SCNetworkService New to R2
Cmdlet Add-SCUserRolePermission New to R2
Cmdlet Add-SCVMMManagedComputer New to R2
Cmdlet Get-CloudResource New to R2
Cmdlet Get-CloudResourceExtension New to R2
Cmdlet Get-CloudService New to R2
Cmdlet Get-CloudVMRoleSizeProfile New to R2
Cmdlet Get-SCBGPPeer New to R2
Cmdlet Get-SCKMSNetworkSetting New to R2
Cmdlet Get-SCNATConnection New to R2
Cmdlet Get-SCNATRule New to R2
Cmdlet Get-SCNetworkConnection New to R2
Cmdlet Get-SCNetworkRoute New to R2
Cmdlet Get-SCNetworkService New to R2
Cmdlet Get-SCNetworkServiceCertificateUrl New to R2
Cmdlet Get-SCPhysicalComputerNetworkAdapterProfile New to R2
Cmdlet Get-SCPhysicalComputerProfile New to R2
Cmdlet Get-SCStorageClusterDisk New to R2
Cmdlet Get-SCStorageFabric New to R2
Cmdlet Get-SCStorageFabricClassification New to R2
Cmdlet Get-SCStoragePhysicalDisk New to R2
Cmdlet Get-SCStorageSwitch New to R2
Cmdlet Get-SCStorageZone New to R2
Cmdlet Get-SCStorageZoneAlias New to R2
Cmdlet Get-SCStorageZoneSet New to R2
Cmdlet Get-SCSupportedRecoveryPointObjective New to R2
Cmdlet Get-SCUserRolePermission New to R2
Cmdlet Get-SCVirtualFibreChannelAdapter New to R2
Cmdlet Get-SCVirtualFibreChannelAdapterConfiguration New to R2
Cmdlet Get-SCVMHostFibreChannelHba New to R2
Cmdlet Get-SCVMHostFibreChannelVirtualSAN New to R2
Cmdlet Import-CloudResourceExtension New to R2
Cmdlet Install-SCStorageFileServer New to R2
Cmdlet New-CloudService New to R2
Cmdlet New-CloudVMRoleSizeProfile New to R2
Cmdlet New-SCPhysicalComputerConfig New to R2
Cmdlet New-SCPhysicalComputerNetworkAdapterConfig New to R2
Cmdlet New-SCPhysicalComputerNetworkAdapterProfile New to R2
Cmdlet New-SCPhysicalComputerProfile New to R2
Cmdlet New-SCStorageFabricClassification New to R2
Cmdlet New-SCStoragePool New to R2
Cmdlet New-SCStorageZone New to R2
Cmdlet New-SCStorageZoneAlias New to R2
Cmdlet New-SCVirtualFibreChannelAdapter New to R2
Cmdlet New-SCVMConnectFedAuth New to R2
Cmdlet New-SCVMHostFibreChannelVirtualSAN New to R2
Cmdlet Read-SCNetworkService New to R2
Cmdlet Read-SCVMMManagedComputer New to R2
Cmdlet Read-SCVPNConnection New to R2
Cmdlet Remove-CloudResource New to R2
Cmdlet Remove-CloudResourceExtension New to R2
Cmdlet Remove-CloudService New to R2
Cmdlet Remove-CloudVMRoleSizeProfile New to R2
Cmdlet Remove-SCBGPPeer New to R2
Cmdlet Remove-SCNATConnection New to R2
Cmdlet Remove-SCNATRule New to R2
Cmdlet Remove-SCNetworkConnection New to R2
Cmdlet Remove-SCNetworkRoute New to R2
Cmdlet Remove-SCNetworkService New to R2
Cmdlet Remove-SCPhysicalComputerNetworkAdapterProfile New to R2
Cmdlet Remove-SCPhysicalComputerProfile New to R2
Cmdlet Remove-SCStorageFabricClassification New to R2
Cmdlet Remove-SCStoragePool New to R2
Cmdlet Remove-SCStorageZone New to R2
Cmdlet Remove-SCStorageZoneAlias New to R2
Cmdlet Remove-SCUserRolePermission New to R2
Cmdlet Remove-SCVirtualFibreChannelAdapter New to R2
Cmdlet Remove-SCVMHostFibreChannelVirtualSAN New to R2
Cmdlet Remove-SCVMMManagedComputer New to R2
Cmdlet Repair-CloudVmRole New to R2
Cmdlet Set-CloudResourceExtension New to R2
Cmdlet Set-CloudService New to R2
Cmdlet Set-CloudVmRoleScale New to R2
Cmdlet Set-CloudVMRoleSizeProfile New to R2
Cmdlet Set-SCKMSNetworkSetting New to R2
Cmdlet Set-SCNATConnection New to R2
Cmdlet Set-SCNetworkConnection New to R2
Cmdlet Set-SCNetworkService New to R2
Cmdlet Set-SCPhysicalComputerProfile New to R2
Cmdlet Set-SCStorageDisk New to R2
Cmdlet Set-SCStorageFabric New to R2
Cmdlet Set-SCStorageFabricClassification New to R2
Cmdlet Set-SCStorageZone New to R2
Cmdlet Set-SCStorageZoneAlias New to R2
Cmdlet Set-SCStorageZoneSet New to R2
Cmdlet Set-SCVirtualFibreChannelAdapter New to R2
Cmdlet Set-SCVirtualFibreChannelAdapterConfiguration New to R2
Cmdlet Set-SCVMHostFibreChannelVirtualSAN New to R2
Cmdlet Set-SCVMMManagedComputer New to R2
Cmdlet Test-SCNetworkService New to R2
Cmdlet Uninstall-SCStorageFileServer New to R2
Cmdlet Update-CloudResource New to R2

And what’s gone?

Command Type
Cmdlet Add-SCPatch Removed in R2
Cmdlet Copy-SCStorageVolume Removed in R2
Cmdlet Get-SCComputerConfiguration Removed in R2
Cmdlet Get-SCGatewayConnection Removed in R2
Cmdlet New-SCComputerConfiguration Removed in R2
Cmdlet New-SCP2V Removed in R2
Cmdlet Remove-SCComputerConfiguration Removed in R2

Saturday, 12 October 2013

Setting the Correct Permissions On An OU for Cluster Name Objects (CNO) Using PowerShell

I'm busy automating a lot of things at the moment so expect a few of these "snippets".

When you create a Failover Cluster during the process a Cluster Name Object (CNO) is created to enable the use of Kerberos authentication during operation.

When you then create a role such as a Clustered File Server Role, a Virtual Cluster Object (VCO) will attempt to be created in the OU that the parent CNO resides in.

Unlike the CNO which is created using the security permissions of the account forming the cluster, the VCO uses the security rights of the parent CNO.

You can read more on CNO's and the changes made in Windows Server 2012 here: http://blogs.technet.com/b/askcore/archive/2012/09/25/cno-blog-series-increasing-awareness-around-the-cluster-name-object-cno.aspx

Below is a quick and dirty script/function that allows you to provide the Organisational Unit distinguished path (OU=Name of OU, DC=Domain, DC=DomainFQDN) and the CNO Computer Account Name.

 function Set-CNOOUPermissions {
    Param (
    Set-Location AD:
    $ADObject = [ADSI]("LDAP://" + $OUPath)
    $ClusterSID=[System.Security.Principal.SecurityIdentifier](Get-ADComputer -Filter "name -eq `"$CNO`"").SID
    # SchemaIDGuid for the Computer Class: bf967a86-0de6-11d0-a285-00aa003049e2
    $ObjectGUID = New-Object guid bf967a86-0de6-11d0-a285-00aa003049e2
    $guidNull = New-Object guid 00000000-0000-0000-0000-000000000000
    $ace = new-object System.DirectoryServices.ActiveDirectoryAccessRule $ClusterSID,"ReadProperty,WriteProperty,GenericExecute","Allow",$guidNull,"All",$ObjectGUID
    $ace = new-object System.DirectoryServices.ActiveDirectoryAccessRule $ClusterSID,"CreateChild, DeleteChild","Allow",$ObjectGUID,"All",$guidNull

I've also uploaded the script to my SkyDrive here: http://sdrv.ms/19FCp8K

Usage Example:

$OUTarget=(Get-ADOrganizationalUnit -Filter 'name -eq "Clusters"').distinguishedname

Set-CNOOUPermissions -OUPath $OUTarget -CNO "PowerONCMA"

Tuesday, 1 October 2013

Microsoft Most Valuable Professional (MVP) Award

Well, didn't today make me smile with pride.

Busy working away when this e-mail landed in my inbox...

This is my first year that I've been awarded this and I hope all the blogging, tweeting and book writing has been useful and helped at least a few people.

No time to rest on my laurels now... more content and books to come!

Steve Beaumont / MVP
Technical Director / PowerONPlatforms
Twitter: @StevybSC
Blog: http://systemscentre.blogspot.com/
Community: http://cloudoscommunity.com/

SCOM Console Install on VMM Server Causes Service Crash

Had a strange one today.

Customer had tried previously to setup the connection between VMM and SCOM but made some mistake somewhere along the line and then uninstalled the SCOM console without removing the connection as they said the console was causing the VMM service to constantly crash.

Having not seen that behaviour before and slightly doubting it somewhat I re-installed the console and sure enough was prevented from accessing the VMM console as the service was crashing.

Just as an added check, I tried running some PowerShell commands to check it wasn't a GUI issue only to be created by error messages complaining that the VMM service wasn't running or accessible.

So I uninstalled the console again which allowed me access back to VMM and running the Get-SCOpsMgrConnection showed me the broken connection.  However attempts to remove via the console or PowerShell were both met by errors telling me I needed the SCOM console installed first in order to manage the connection.  Arh.. slight problem...

After checking everything I could think of (SPN's, SCP's, Service Accounts etc etc) and not finding anything that stood out (Including nothing useful in the event logs) I thought I'd try a timing trick.

So I opened up a SCVMM PowerShell window ready, kicked off the SCOM console install again and then repeatedly spammed Remove-SCOpsMgrConnection -Force and wouldn't you know it after a few messages saying the SCOM console must be installed, just before the install completed the command completed successfully and removed the broken connection.  More to the point the SCOM console installation completed and the VMM service didn't crash.

After recreating the connection everything remained stable, but even though the create connection job ran successfully, the following error was present in the connector details:

“Operations Manager discovery failed with error: “Exception of type ‘Microsoft.VirtualManager.EnterpriseManagement.common.discoverydatainvalidrelationshipsourceexceptionOM10’ was thrown.

This is because the SCOM connection was created with the PRO-Tips enabled but without a SCOM monitoring agent deployed to the VMM Server.
Easily fixable, just untick the PRO and Maintenance Mode connection settings, deploy a SCOM agent to the VMM server and once the agent is installed and reporting, re-enable the options.

Monday, 30 September 2013

Offload Data Transfer (ODX) in Windows Server 2012

I've been working on a nice Dell R720 host based Hyper-V cluster this week with a Dell Compellent array providing the storage.

One of the things I was looking forward to with this job was getting hands on with the ODX feature of the Compellent.

ODX (Offload Data Transfer) is a feature found on some of the newer storage arrays that helps with large file operations by (in simplified terms) keeping the transfers within the array rather than passing the file to the source then destination servers then back to the array.

The first thing to do (assuming you know the hardware supports it) would be to check that the OS and it's software components supports ODX.

Now this is a Windows Server 2012 and 2012 R2 only feature so if you're on 2008 R2, time to upgrade.

From a PowerShell prompt, run the following command:
Fltmc instances

Take a note of the volume name of either the drive, or in my case the CSV volume you want to check.  Then run:
Fltmc instances -v <Volume Name>

e.g. Fltmc instances -v C:\ClusterStorage\Volume1

This will give you the filter names that you will need to check.
Run this command, replacing the <Filter Name> with those shown by the previous command.

Get-ItemProperty hklm:\system\currentcontrolset\services\<FilterName> -Name "SupportedFeatures"

So for my two filters of FsDepends and MpFilter I get the following output:

The property that needs checking is "SupportedFeatures".  If this has a value of 3 then ODX is supported and you're good to go.  Anything else and you'll need to look into it further.

Lastly, check if ODX is enabled on your server using this command:
Get-ItemProperty hklm:\system\currentcontrolset\control\filesystem -Name "FilterSupportedFeaturesMode"

If it returns a "FilterSupportedFeaturesMode" other than 0 as shown below then ODX isn't enabled.

Run this to enable ODX:
Set-ItemProperty hklm:\system\currentcontrolset\control\filesystem -Name "FilterSupportedFeaturesMode" -Value 0 -Type DWord

Or this to disable ODX if needed:
Set-ItemProperty hklm:\system\currentcontrolset\control\filesystem -Name "FilterSupportedFeaturesMode" -Value 1 -Type DWord

In order to demonstrate to the client that ODX was indeed enabled and more to the point worth having, I modified the script on Hans Vredevoort shows on his blog post discussing ODX testing between 3Par and Compellents here: http://www.hyper-v.nu/archives/hvredevoort/2013/07/notes-from-the-field-using-odx-with-hp-3par-storage-arrays/

I ran the script which loops through creating 10 x 50Gb and 10 x 475Gb fixed disks with ODX enabled and then does the same but with ODX disabled.

This was the timings from the test:

With ODX
12.6 seconds for 10 x 50Gb vhdx files
84.2 seconds for 10 x 475Gb vhdx files
96.8 seconds total for all vhdx files

Without ODX
1015.5 seconds (nearly 17 mins) for 10 x 50Gb vhdx files
8615.8 seconds (just over 2 hours) for 9 x 475Gb vhdx files (N.B. I ran out of disk space for the 10th)
9631 seconds or 2.7 hours total for all vhdx files

There is a MASSIVE difference in creation times!

ODX is a feature well worth having in my opinion.  What I really can't wait for is ODX support with SCVMM libraries in the SCVMM 2012 R2 release!!

I've uploaded the ODX Test script to SkyDrive here: http://sdrv.ms/16QhZZE

Thursday, 26 September 2013

Using PowerShell CIM Sessions to Query Dell Hardware

I've been "playing" with some Dell hardware recently and as with everything I like to try and automate as many tasks as possible.

Dell have a really useful tool called Racadm which is a command line utility which you can call from a script to read and write various properties of Dell iDRAC and CMC (Chassis Management Controller).

However, since the latest iDRAC and CMC are built around WSMAN and DMTF standards, I prefer a more PowerShell only approach.

The key PowerShell command for querying is Get-CimInstance. Before we can use this command however we first need to establish a remote CIM Session to the hardware.

This is accomplished by using the New-CimSession and New-CimSessionOption cmdlets.

Use some variables to store the IP, username and password for the iDRAC


Convert the username and password into a PS Credential
$SecurePass = ConvertTo-SecureString $Password -AsPlainText  -Force
$DracCred = new-object -typename System.Management.Automation.PSCredential -argumentlist $UserName,$SecurePass

We can then create a new CimSessionOption object, which for the Dell Hardware the below works nicely
$cimop=New-CimSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck -Encoding Utf8 -UseSsl

Then using the above variables and new session object we can create a new CIM session to the iDRAC
$Dracsession=New-CimSession -Authentication Basic -Credential $DracCred -ComputerName $DracIP -Port 443 -SessionOption $cimop -OperationTimeoutSec 10000000

Once we have the session established, we can then use the Get-CimInstance cmdlets to query various properties by passing in a WSMAN/WinRM ResourceURI.

For example, if we just wanted to query the general BIOS properties, we could use the following URI: http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/root/dcim/DCIM_SystemView

That would form the following command (cmdlet - session - resourceuri):
Get-CimInstance -CimSession $Dracsession -ResourceUri "http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/root/dcim/DCIM_SystemView"

Which supplies information like this:

This way if you assign the object to a variable ($BIOSINFO=Get-CimInst ...) then we can pull out specific items within scripts:

Again, you can do similar things with other hardware properties, for example I can use the resource URI for getting the network card information from a server (http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/root/dcim/DCIM_NICView)

Drop this into a command:
$NICS=Get-CimInstance -CimSession $Dracsession -ResourceUri "http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/root/dcim/DCIM_NICView"

... and now we can get the various MAC Addresses of the various NICs

Hmm... Useful for SCVMM Bare Metal deployment scripting maybe?

The only thing that I struggled with this very simple method of querying the hardware for info, was the resource URI needed.

Well to help with this, the following bits of information from Dell are a god send:

DCIM Profile Library

WinRM WebServices for Lifecycle Controller

Next time I'll post about using PowerShell to set the values rather than just query them.

Microsoft System Center 2012 Orchestrator Cookbook

Better late than never...
In the last few days of August, Packt released the latest book I've had the pleasure of co-authoring.

The book is stocked by all major online retailers, below are the links for Packt and Amazon (UK)

Book Outline
In Microsoft System Center 2012 Orchestrator Cookbook you will learn how to plan, create, and manage powerful runbooks to help you automate mission critical and routine administration tasks.
In this practical Cookbook you will learn how to master System Center 2012 by creating runbooks to control and automate every feature possible. You will start by learning how to efficiently install and secure System Center Orchestrator.

You will then learn how to plan and create functional and fault-tolerant System Center runbooks to automate daily tasks and routine operations. Diving deep into runbooks, you will learn how to create powerful and practical runbooks for the entire System Center family of products.
Unleashing your inner control freak, you will then master System Center automation by creating IT Service Management process runbooks and advanced runbooks to help you control every feature imaginable of System Center. If you want to save time and energy automating mission critical tasks with System Center 2012 Orchestrator, then this book is for you!

This book is written in a practical, Cookbook style with numerous chapters and recipes focusing on creating runbooks to automate mission critical and everyday administration tasks.

Who this book is for
System Center 2012 Orchestrator is for administrators who wish to simplify the process of automating systems administration tasks. This book assumes that you have a basic knowledge of Windows Server Administration, Active Directory, Network Systems, and Microsoft System Center technologies.

Saturday, 21 September 2013

Converting a WIM file to VHD on a UEFI system

I always use the excellent Convert-WindowsImage.ps1 script by Mike Kolitz for taking the WIM files from the Windows media and converting them into bootable VHD files.  It's the quickest and easiest way for creating VM Templates in SCVMM.

The script can be found here: http://gallery.technet.microsoft.com/scriptcenter/Convert-WindowsImageps1-0fe23a8f/

However, I ran into a problem today with the script throwing an error about "Could not get the BootMgr object from the Virtual Disks BCDStore"

It turns out from a couple of replies in the discussion thread of the TechNet Gallery listing that this will generally happen if trying to run the script from a device that uses UEFI to boot, which I happen to be doing.

Thankfully the fix is relatively easy, you just need to modify the script slightly.

  1. Do a search in the script for $bcdBootArgs which is usually first referenced at line 4055
  2. On the line a couple below (usually 4057) change the following
    "/s $Drive" modify to "/s $Drive /f ALL"
This tells the BCDboot.exe command to create boot entries to enable the vhd(x) to boot for both BIOS and UEFI systems.

Save the script and you're good to go!


Wednesday, 11 September 2013

Cloud OS Week - Empower People Centric IT

As part of the Microsoft Cloud OS Week, Thursday will be the day for learning about everything "desktop" related and how Microsoft can help you shift from looking at managing devices to how you can empower your users with self-service and a seamless experience across devices.

I've been lucky enough to be asked to help out on the day and take over the Virtual Desktop Infrastructure and Remote Desktop Services in Windows Server 2012 session.


If you're not already signed up to attend the session, I definitely recommend signing up quick and attending as it's sure to be a brilliant day packed full of information from some brilliant MVP's!

Friday, 30 August 2013

Why is Microsoft System Center 2012 Service Manager not in the Gartner Magic Quadrant?

Shaun Ericson from Cireson post an interesting article the other day, discussing why Service Manager doesn't appear in Gartner's Magic Quadrant alongside other staple service desk vendors such as LanDesk, BMC, Hornbill etc.

You can find the post here:

This has also started some discussions on LinkedIn which you can find here:

Kathleen Wilson on that discussion raises a very good point. a) You have to pay to be ranked b) What benefit/ROI will being ranked give Microsoft & Service Manager?

While I do feel it a shame that SCSM isn't on the Quadrant, purely down to the solution being more than capable of holding it's own against the other competitors, I'm not so sure adding it would bring much more value.

As Shaun says in his post, the overall approach with SCSM is different from a normal call logging system.  SCSM is designed to be the beating heart of your Service Management process and is there to offer unparalleled links into the other System Center components and help drive down your IT costs and time by automating all those mundane/time consuming tasks and delivering customer focused self-service.

What do you think?  Read Shaun's post and then join in the discussion on LinkedIn.

Wednesday, 28 August 2013

System Center 2012 - Lab Setup Notes

I was looking back through my draft posts that I never got round to fully finishing the other day and found a list post with tips in that I was jotting down while rebuilding the lab just after SP1 went RTM.

Tip #1 - Server Core/Firewall
I choose to use Server 2012 Datacenter Core for the Hyper-V hosts in the cluster.  Good practice, more secure, less reboots etc etc...
However, if you're still learning the ins and outs of PowerShell as I am it can prove a challenge sometimes to tweak all of the settings just as you want them. #1 being firewall rules.

In hind sight, a group policy setting the rules before deployment would have gone a long way to help.

I also went though them and added in all the firewall rules I'd need for the various System Center and SQL components.

Tip #2 - Live Migration
Had I been physically located in the office (I got kicked out at 19:00) then moving the DC & SCVMM to the cluster might have been relatively easy.
When working remotely, connected to SCVMM it's a little more challenging, especially when SCVMM refuses to Live Migrate from the temporary Hyper-V host to the Cluster.

Remember - to Live Migrate using Shared Nothing LM, the Hyper-V hosts must all be members of the domain (I'd left the temp server in workgroup as it was only supposed to be there for a couple of hours!)

Tip #3 - VM's & Clusters
I build some virtual machines to cluster (1 SQL cluster & 1 File Server Cluster) as part of the core infrastructure.  I'd had some issues before with VM's being clustered but put it down to my old lab environment.  Well I ran into the same issue again.

Basically the cluster wizard kept timing out when trying to add the nodes to the cluster.  It would create a cluster with a single node fine showing that permissions etc were fine.

The stranger bit came when I migrated both VM nodes to the same physical host and they joined the cluster fine straight away, yet broke the cluster each time one was on a separate physical host.

I came across a TechNet forum post discussing the issue here and then reached out to Twitter.
Thankfully, Hans Vredevoort ‏@hvredevoort came back with a reply confirming I wasn't going mad.

It looks like an issue with certain NICs (I have Broadcom and Intel in my hosts).  Hans thinks that Intels work ok so when I get chance I'll drop the Broadcom from my team and try again.

Tip #4 - Deployment Order
Microsoft have an official upgrade sequencing order here but for deployment it's not so strict.  However my approach is:
  • Virtual Machine Manager (VMM)
  • App Controller
  • Configuration Manager
  • Orchestrator
  • Operations Manager
  • Service Manager
  • Data Protection Manager (DPM)
VMM goes in first, closely followed by App Controller so that I can build the Service Templates that I use for deploying the rest.

Configuration Manager next so that we can get clients out for deploying software updates/pre-reqs and inventory the systems.

Next Orchestrator and SCOM as we'll be linking them into both SCVMM and SCSM

Then Service Manager last so we can consume the information from the other components and start to build the service catalog.

Oh, I forgot DPM... meh...

Tip #4a Deployment Order - Updates
I was talking to Sam Erskine the other day and he mentioned he hit an issue when installing Update Rollup 2 for Service Manager to the Data Warehouse and wondered if I could replicate it.

Well I did.

It looks like if you do a fresh installation of SCSM SP1 and then apply Update Rollup 2 before registering the Data Warehouse, the install will fail with the error:

An error occurred while executing a custom action:_PatchMP

Easy fix, register the DW from the console and wait for management pack sync jobs to finish (This will take a while!!) and then run UR2 again for it to succeed.

Tip #5 Account Preparation
Deploying all the System Center Components requires a fair few domain accounts if you're doing it right and not just using Local System or the same account for everything.

Use my previous blog post here on Service Accounts as a starter and prepare all the accounts in advance.  Use something like KeePass to store the accounts and their passwords to make it easier for yourself during deployment.

Tip #6 SCSM Portal
9 times out of 10 after the install you'll be presented with a blank middle pane or can't even get near the portal without being prompted for credentials constantly.

Credentials - Login as a user with SharePoint farm admin rights to the portal then use the Site Settings option in the top left to edit the site permissions to grant something like Domain Users read access.

If the content area is blank, chances are the URL doesn't match what it expects for the webcontent.  I used a DNS alias http://ServiceDesk to point to the IP of the server hosting my SM Portal, but the webcontent URL during setup was set to the server NetBIOS address.  Same thing applies if trying to use the FQDN most times.
Use IIS Manager to browse to the "Service Manager Portal" site and choose "Application Settings"
Edit SMPortal_WebContentServer_URL and modify the value to reflect the URL you are trying to connect to (and which matches your certificate if using SSL!)
Tip # 7 Orchestrator Users Group & Cloud Services Process Pack
I went to install the Cloud Services Process Pack (CSPP) and hit an error during install that I've seen a few times and still annoys me no end.

During the install of Orchestrator you're prompted to select a group to use to control access to Orchestrator.  It defaults to a local group, but as best practice it's best to change this to a domain account (as it says on the setup wizard).

However I've seen a few times where it still insists looking for a local group with direct membership, the CSPP is a prime example of this and it's hard coded into the install.

Manually create a local group called OrchestratorUsersGroup and assign the account you're installing the CSPP with to that account, re-run the setup wizard and it will allow you to proceed with the install.

Tip #8 SCOM Product Key
All the System Center 2012 setup wizards prompt you for the key during setup to ensure they don't install in eval mode.  Some can be converted from eval to fully licensed after install but watch out for Service Manager as this can't.

SCOM however, doesn't prompt you for a key.  Licensing SCOM is done via an Operations Manager Shell PowerShell command after install.

Rather annoyingly, if you open the shell without elevation it tells you that you don't have permission to the registry.

Yet if you run the shell elevated, you get messages that you can't load the PS Modules.

Quick and dirty, in the elevated shell type the following to load the modules:

cd '.\Program Files\System Center 2012\Operations Manager\Powershell\OperationsManager'

Then use this command to set the product key:

Set-SCOMLicense -ProductId "yourlicensekey“



Tip #9 - Where's my Runbooks
Sometimes the web console will fail to show any runbooks or the SCSM connector will return no runbooks after a sync.

The quick fix for this is to run the following query from SQL Management Studio connected to the Orchestrator database:
TRUNCATE TABLE [Microsoft.SystemCenter.Orchestrator.Internal].AuthorizationCache

You may also find this query useful which will run a stored procedure to clear auth cache every 10 minutes if it keeps reoccuring:
EXEC [Microsoft.SystemCenter.Orchestrator.Maintenance].EnqueueRecurrentTask 'ClearAuthorizationCache'

Tip #10 - Don't Deploy a Site Role to manage.microsoft.com
When extremely tired and you've not had enough relentless at 3am, it's often not a good idea to be making configuration changes to System Center...

I accidently placed the Application Catalog Web Service Point site role on the manage.microsoft.com site server that is added to the CM console when you have an Intune connector setup.

Nothing within the console checks and stops you from doing this and to take matters worse, it won't then allow you to remove the role from the console.

However, these two lines of PowerShell run from a ConfigMgr PS Session should sort it out.

$web = Get-CMApplicationCatalogWebServicePoint
Remove-CMApplicationCatalogWebServicePoint -InputObject $web -force