Wednesday 30 October 2013

New and Deprecated PowerShell commands in System Center 2012 R2 Virtual Machine Manager

Since I’m in the middle of doing some heavy scripting in VMM at the moment, I thought I’d take five minutes to dive into what new cmdlets we gained with the R2 release and to check that my scripts weren’t using any cmdlets that had been deprecated/removed.

In total we now have 97 new cmdlets in R2 and we loose 7.



Cmdlet
Function
Grand Total
New to R2
97
 
97
Present in SP1
518
4
522
Grand Total
615
4
619




Cmdlet
Grand Total
Removed in R2
7
7
Grand Total
7
7



So what is new in R2?  The following is a list of the new Cmdlets:

Command Type
Name
State
Cmdlet Add-CloudResource New to R2
Cmdlet Add-SCBGPPeer New to R2
Cmdlet Add-SCNATConnection New to R2
Cmdlet Add-SCNATRule New to R2
Cmdlet Add-SCNetworkConnection New to R2
Cmdlet Add-SCNetworkService New to R2
Cmdlet Add-SCUserRolePermission New to R2
Cmdlet Add-SCVMMManagedComputer New to R2
Cmdlet Get-CloudResource New to R2
Cmdlet Get-CloudResourceExtension New to R2
Cmdlet Get-CloudService New to R2
Cmdlet Get-CloudVMRoleSizeProfile New to R2
Cmdlet Get-SCBGPPeer New to R2
Cmdlet Get-SCKMSNetworkSetting New to R2
Cmdlet Get-SCNATConnection New to R2
Cmdlet Get-SCNATRule New to R2
Cmdlet Get-SCNetworkConnection New to R2
Cmdlet Get-SCNetworkRoute New to R2
Cmdlet Get-SCNetworkService New to R2
Cmdlet Get-SCNetworkServiceCertificateUrl New to R2
Cmdlet Get-SCPhysicalComputerNetworkAdapterProfile New to R2
Cmdlet Get-SCPhysicalComputerProfile New to R2
Cmdlet Get-SCStorageClusterDisk New to R2
Cmdlet Get-SCStorageFabric New to R2
Cmdlet Get-SCStorageFabricClassification New to R2
Cmdlet Get-SCStoragePhysicalDisk New to R2
Cmdlet Get-SCStorageSwitch New to R2
Cmdlet Get-SCStorageZone New to R2
Cmdlet Get-SCStorageZoneAlias New to R2
Cmdlet Get-SCStorageZoneSet New to R2
Cmdlet Get-SCSupportedRecoveryPointObjective New to R2
Cmdlet Get-SCUserRolePermission New to R2
Cmdlet Get-SCVirtualFibreChannelAdapter New to R2
Cmdlet Get-SCVirtualFibreChannelAdapterConfiguration New to R2
Cmdlet Get-SCVMHostFibreChannelHba New to R2
Cmdlet Get-SCVMHostFibreChannelVirtualSAN New to R2
Cmdlet Import-CloudResourceExtension New to R2
Cmdlet Install-SCStorageFileServer New to R2
Cmdlet New-CloudService New to R2
Cmdlet New-CloudVMRoleSizeProfile New to R2
Cmdlet New-SCPhysicalComputerConfig New to R2
Cmdlet New-SCPhysicalComputerNetworkAdapterConfig New to R2
Cmdlet New-SCPhysicalComputerNetworkAdapterProfile New to R2
Cmdlet New-SCPhysicalComputerProfile New to R2
Cmdlet New-SCStorageFabricClassification New to R2
Cmdlet New-SCStoragePool New to R2
Cmdlet New-SCStorageZone New to R2
Cmdlet New-SCStorageZoneAlias New to R2
Cmdlet New-SCVirtualFibreChannelAdapter New to R2
Cmdlet New-SCVMConnectFedAuth New to R2
Cmdlet New-SCVMHostFibreChannelVirtualSAN New to R2
Cmdlet Read-SCNetworkService New to R2
Cmdlet Read-SCVMMManagedComputer New to R2
Cmdlet Read-SCVPNConnection New to R2
Cmdlet Remove-CloudResource New to R2
Cmdlet Remove-CloudResourceExtension New to R2
Cmdlet Remove-CloudService New to R2
Cmdlet Remove-CloudVMRoleSizeProfile New to R2
Cmdlet Remove-SCBGPPeer New to R2
Cmdlet Remove-SCNATConnection New to R2
Cmdlet Remove-SCNATRule New to R2
Cmdlet Remove-SCNetworkConnection New to R2
Cmdlet Remove-SCNetworkRoute New to R2
Cmdlet Remove-SCNetworkService New to R2
Cmdlet Remove-SCPhysicalComputerNetworkAdapterProfile New to R2
Cmdlet Remove-SCPhysicalComputerProfile New to R2
Cmdlet Remove-SCStorageFabricClassification New to R2
Cmdlet Remove-SCStoragePool New to R2
Cmdlet Remove-SCStorageZone New to R2
Cmdlet Remove-SCStorageZoneAlias New to R2
Cmdlet Remove-SCUserRolePermission New to R2
Cmdlet Remove-SCVirtualFibreChannelAdapter New to R2
Cmdlet Remove-SCVMHostFibreChannelVirtualSAN New to R2
Cmdlet Remove-SCVMMManagedComputer New to R2
Cmdlet Repair-CloudVmRole New to R2
Cmdlet Set-CloudResourceExtension New to R2
Cmdlet Set-CloudService New to R2
Cmdlet Set-CloudVmRoleScale New to R2
Cmdlet Set-CloudVMRoleSizeProfile New to R2
Cmdlet Set-SCKMSNetworkSetting New to R2
Cmdlet Set-SCNATConnection New to R2
Cmdlet Set-SCNetworkConnection New to R2
Cmdlet Set-SCNetworkService New to R2
Cmdlet Set-SCPhysicalComputerProfile New to R2
Cmdlet Set-SCStorageDisk New to R2
Cmdlet Set-SCStorageFabric New to R2
Cmdlet Set-SCStorageFabricClassification New to R2
Cmdlet Set-SCStorageZone New to R2
Cmdlet Set-SCStorageZoneAlias New to R2
Cmdlet Set-SCStorageZoneSet New to R2
Cmdlet Set-SCVirtualFibreChannelAdapter New to R2
Cmdlet Set-SCVirtualFibreChannelAdapterConfiguration New to R2
Cmdlet Set-SCVMHostFibreChannelVirtualSAN New to R2
Cmdlet Set-SCVMMManagedComputer New to R2
Cmdlet Test-SCNetworkService New to R2
Cmdlet Uninstall-SCStorageFileServer New to R2
Cmdlet Update-CloudResource New to R2



And what’s gone?

Command Type
Name
State
Cmdlet Add-SCPatch Removed in R2
Cmdlet Copy-SCStorageVolume Removed in R2
Cmdlet Get-SCComputerConfiguration Removed in R2
Cmdlet Get-SCGatewayConnection Removed in R2
Cmdlet New-SCComputerConfiguration Removed in R2
Cmdlet New-SCP2V Removed in R2
Cmdlet Remove-SCComputerConfiguration Removed in R2

Saturday 12 October 2013

Setting the Correct Permissions On An OU for Cluster Name Objects (CNO) Using PowerShell

I'm busy automating a lot of things at the moment so expect a few of these "snippets".

When you create a Failover Cluster during the process a Cluster Name Object (CNO) is created to enable the use of Kerberos authentication during operation.

When you then create a role such as a Clustered File Server Role, a Virtual Cluster Object (VCO) will attempt to be created in the OU that the parent CNO resides in.

Unlike the CNO which is created using the security permissions of the account forming the cluster, the VCO uses the security rights of the parent CNO.

You can read more on CNO's and the changes made in Windows Server 2012 here: http://blogs.technet.com/b/askcore/archive/2012/09/25/cno-blog-series-increasing-awareness-around-the-cluster-name-object-cno.aspx

Below is a quick and dirty script/function that allows you to provide the Organisational Unit distinguished path (OU=Name of OU, DC=Domain, DC=DomainFQDN) and the CNO Computer Account Name.

 function Set-CNOOUPermissions {
    Param (
           [Parameter(Mandatory=$true)]
           [String[]]$OUPath,
           [parameter(Mandatory=$true)]
           [String]$CNO
           )
    Set-Location AD:
    $ADObject = [ADSI]("LDAP://" + $OUPath)
    $ClusterSID=[System.Security.Principal.SecurityIdentifier](Get-ADComputer -Filter "name -eq `"$CNO`"").SID
    # SchemaIDGuid for the Computer Class: bf967a86-0de6-11d0-a285-00aa003049e2
    $ObjectGUID = New-Object guid bf967a86-0de6-11d0-a285-00aa003049e2
    $guidNull = New-Object guid 00000000-0000-0000-0000-000000000000
    $ace = new-object System.DirectoryServices.ActiveDirectoryAccessRule $ClusterSID,"ReadProperty,WriteProperty,GenericExecute","Allow",$guidNull,"All",$ObjectGUID
    $ADObject.ObjectSecurity.AddAccessRule($ace)
    $ace = new-object System.DirectoryServices.ActiveDirectoryAccessRule $ClusterSID,"CreateChild, DeleteChild","Allow",$ObjectGUID,"All",$guidNull
    $ADObject.ObjectSecurity.AddAccessRule($ace)
    $ADObject.CommitChanges()
    }

I've also uploaded the script to my SkyDrive here: http://sdrv.ms/19FCp8K

Usage Example:

$OUTarget=(Get-ADOrganizationalUnit -Filter 'name -eq "Clusters"').distinguishedname

Set-CNOOUPermissions -OUPath $OUTarget -CNO "PowerONCMA"

Tuesday 1 October 2013

Microsoft Most Valuable Professional (MVP) Award

Well, didn't today make me smile with pride.

Busy working away when this e-mail landed in my inbox...


This is my first year that I've been awarded this and I hope all the blogging, tweeting and book writing has been useful and helped at least a few people.

No time to rest on my laurels now... more content and books to come!

Regards,
Steve Beaumont / MVP
Technical Director / PowerONPlatforms
Twitter: @StevybSC
Blog: http://systemscentre.blogspot.com/
Community: http://cloudoscommunity.com/

SCOM Console Install on VMM Server Causes Service Crash

Had a strange one today.

Customer had tried previously to setup the connection between VMM and SCOM but made some mistake somewhere along the line and then uninstalled the SCOM console without removing the connection as they said the console was causing the VMM service to constantly crash.

Having not seen that behaviour before and slightly doubting it somewhat I re-installed the console and sure enough was prevented from accessing the VMM console as the service was crashing.

Just as an added check, I tried running some PowerShell commands to check it wasn't a GUI issue only to be created by error messages complaining that the VMM service wasn't running or accessible.

So I uninstalled the console again which allowed me access back to VMM and running the Get-SCOpsMgrConnection showed me the broken connection.  However attempts to remove via the console or PowerShell were both met by errors telling me I needed the SCOM console installed first in order to manage the connection.  Arh.. slight problem...

After checking everything I could think of (SPN's, SCP's, Service Accounts etc etc) and not finding anything that stood out (Including nothing useful in the event logs) I thought I'd try a timing trick.

So I opened up a SCVMM PowerShell window ready, kicked off the SCOM console install again and then repeatedly spammed Remove-SCOpsMgrConnection -Force and wouldn't you know it after a few messages saying the SCOM console must be installed, just before the install completed the command completed successfully and removed the broken connection.  More to the point the SCOM console installation completed and the VMM service didn't crash.

After recreating the connection everything remained stable, but even though the create connection job ran successfully, the following error was present in the connector details:

“Operations Manager discovery failed with error: “Exception of type ‘Microsoft.VirtualManager.EnterpriseManagement.common.discoverydatainvalidrelationshipsourceexceptionOM10’ was thrown.

This is because the SCOM connection was created with the PRO-Tips enabled but without a SCOM monitoring agent deployed to the VMM Server.
Easily fixable, just untick the PRO and Maintenance Mode connection settings, deploy a SCOM agent to the VMM server and once the agent is installed and reporting, re-enable the options.