Category: Microsoft

MDT 2010 Multiple Partitions Issues & hidden Bitlocker partition

I had a new laptop where I wanted to deploy Windows 7 x64 Enterprise and walked to a bug in MDT 2010. Default config.

I configured 2 partitions to use the whole disk. See screenshot.
imageimage
When I deploy the task I get the following error

IMAG0003
He wants to format partition D. But partition D is not availably. 
I ended the task and opened the PE window and started Diskpart and listed the volumes.

IMAG0001

The strange thing was that the extended partition has the drive letter S had and it was a raw partition.

After studying ZTIDiskpart.log (X:\MININT\SMSOSD\OSDLOGS\ZTIDiskpart_diskpart.log)

I found out that there was no space left to create a 300mb partition for saving Bitlocker information.

So what did ZTIDiskpart.wsf. ZTIDiskpart.wsf gave the last partition that was created the drive letter S. This is the default letter for the Bitlocker partition. So hey wanted to format the file system with fat32. Because in my case the partition size was 200GB he cannot format the disk.

Solution:

Setting the extended partition to use 95%. Then MDT have enough space to create a 300mb hidden partition for Bitlocker.

image image

Windows Cannot Find GPEdit.MSC

I get this error on a Windows 2003 R2 x64 machine when I wanted to use the Group Policy Management Console.

image

Solution is really simple:

1- Browse to "%windir%\system32\" and copy gpedit.msc
2- Browse to "%windir%\syswow64\" and paste gpedit.msc
Now it works again Smile

Exchange 2010 MapiExceptionLogonFailed: Unable to make connection to the server

The Error that I get when I did a local move request to move a user to a another mailbox database.
The new user cannot send email & could not login to Outlook Web Access.

image

Error:
Failed to communicate with the mailbox database.

MapiExceptionLogonFailed: Unable to make connection to the server. (hr=0x80040111, ec=1010)
Diagnostic context:
    Lid: 37053   Win32Error: 0x6A6
    Lid: 23065   EcDoConnectEx called [length=48]
    Lid: 17913   EcDoConnectEx returned [ec=0x0][length=48][latency=31]
    Lid: 18969   EcDoRpcExt2 called [length=313]
    Lid: 27161   EcDoRpcExt2 returned [ec=0x3F2][length=342][latency=46]
    Lid: 41073   StoreEc: 0x3F2    
    Lid: 48243 
    Lid: 50033   StoreEc: 0x3F2    
    Lid: 1494    —- Remote Context Beg —-
    Lid: 1238    Remote Context Overflow
    Lid: 49213   StoreEc: 0x8004010F
    Lid: 48573 
    Lid: 64957   StoreEc: 0x8004010F
    Lid: 56253 
    Lid: 65085   StoreEc: 0x8004010F
    Lid: 40381 
    Lid: 56765   StoreEc: 0x8004010F
    Lid: 31229   Error: 0x0
    Lid: 19149   Error: 0x0
    Lid: 24509   Error: 0x0
    Lid: 1219    StoreEc: 0x8004010F
    Lid: 3225    StoreEc: 0x8004010F
    Lid: 60049   StoreEc: 0x8004010F
    Lid: 49469 
    Lid: 65341   StoreEc: 0x8004010F
    Lid: 56125 
    Lid: 47933   StoreEc: 0x8004010F
    Lid: 32829 
    Lid: 49213   StoreEc: 0x8004010F
    Lid: 48573 
    Lid: 64957   StoreEc: 0x8004010F
    Lid: 31229   Error: 0x0
    Lid: 19149   Error: 0x0
    Lid: 24509   Error: 0x0
    Lid: 1219    StoreEc: 0x8004010F
    Lid: 24041 
    Lid: 13488   StoreEc: 0x3F2    
    Lid: 28780 
    Lid: 20076   StoreEc: 0x3F2    
    Lid: 57713   StoreEc: 0x3F2    
    Lid: 49009   StoreEc: 0x3F2    
    Lid: 1750    —- Remote Context End —-
    Lid: 52465   StoreEc: 0x3F2    
    Lid: 60065 
    Lid: 33777   StoreEc: 0x3F2    
    Lid: 59805 
    Lid: 52209   StoreEc: 0x3F2    
    Lid: 19778 
    Lid: 27970   StoreEc: 0x3F2    
    Lid: 17730 
    Lid: 25922   StoreEc: 0x3F2    

Exchange Management Shell command attempted:
‘wardvissers.local/wardvissers/wardtest2’ | New-MoveRequest -TargetDatabase ‘MailStore II’

Elapsed Time: 00:00:01

Solution:

I backup the AD with Windows Backup for sure.

Then I suspend and dismounted every mailbox database.

I opened ADSIEDIT.MSC to check the value of HomeMDB and homeMTA:

Go to:
CN=Configuration->CN=Services->CN=Microsoft Exchange->CN=wardvissers->CN=Administrative Groups->CN=Exchange Administrative Group (FYDIBOHF23SPDLT)->CN=Servers->CN=DAGEK10-01->CN=Microsoft System Attendant

The value by my mailbox server looks a bid strange:
HomeMDB: CN=InformationStore,CN=DAGEK10-02,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=wardvissers,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=wardvissers,DC=local

HomeMTA: CN=Microsoft MTA,CN=DAGEK10-01,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=wardvissers,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=wardvissers,DC=local

Clear the Value bij HomeMDB & HomeMTA like the picture below.
image

Important:
Clear the value by every mailbox server if you have a dag cluster

Restarted the Microsoft Exchange System Attendant Service on every mailbox server.

Mounted & Resuming the mailbox database. Now the users could login again in OWA Smile.

Exchange 2010 Autodiscovery Issues

Two weeks ago a build my first production Exchange 2010 cluster. The Exchange 2010 web services are causing a lot of issues to people, and my self not any more.

Well, let us first list the directories that are used in the Exchange web service:

EWS is used for OOF, Scheduling assistance and free+busy Lookup.
OAB provides offline address book download services for client.
Autodiscover is used to provide users with autodiscover service.
EAS provides ActiveSync services to Windows Mobile based devices.
OWA provides outlook web access for users.
ECP provides Exchange control panel feature for Exchange 2010 users only.

Issues that might be resolved using the troubleshooting steps here:

You cannot set the OOF using outlook client, you receive the server not available error.
You cannot view free/busy information for other users.
You cannot use scheduling assistance, also you might receive not free/busy information data retrieved.
You cannot download Offline Address book errors.
You cannot use autodiscover externally.
Certificate mismatch error in autodiscover, users prompted to trust certificate in outlook 2007/2010.

First let us start by settings the right virtual directory configuration required for Exchange 2010 to work correctly:
Configure External and Internal URLs for OWS, ref: http://technet.microsoft.com/en-us/library/bb310763.aspx

You have to configure the internal URL to be the server name. In case you have multiple cas/hub servers configured in a NLB then can use the nlb cluster name for the internal url. 
External URL will be the URL used by users to access webmail e.g. https://webmail.wardvissers.nl/owa 

Configure the autodiscover internal URL, ref: http://technet.microsoft.com/en-us/library/bb201695.aspx

You will use the powershell cmdlet : Set-ClientAccessServer –Identity <CAS Server Name> -AutoDiscoverServiceInternalUri: <Internal URL>, this FQDN must match the URL included in the certificate. If you have NLB cluster then you put the internal name here like nlbek10.wardvissers.local

If you cannot use autodiscover.wardvissers.nl internally (you have a domain name of domain.local and you must use it), you will get a certificate miss match error, you will have to include the internal name in the SAN certificate if you purchase an external SAN certificate. 

You cannot set autodiscover external URL since outlook will try to access https://autodiscover.wardvissers.nl/autodiscover/autodiscover.xml, this behavior is by design and cannot be changed.

Best Practice: Use SAN Certificates

Depending on how you configure the service names in your Exchange deployment, your Exchange server may require a certificate that can represent multiple domain names. Although a wildcard certificate, such as one for *.wardvissers.nl, can resolve this problem, many customers are uncomfortable with the security implications of maintaining a certificate that can be used for any sub-domain. A more secure alternative is to list each of the required domains as SANs in the certificate. By default, this approach is used when certificate requests are generated by Exchange.

Best Practice: Use the Exchange Certificate Wizard to Request Certificates

There are many services in Exchange that use certificates. A common error when requesting certificates is to make the request without including the correct set of service names. The certificate request wizard in the Exchange Management Console will help you include the correct list of names in the certificate request. The wizard lets you specify which services the certificate has to work with and, based on the services selected, includes the names that you must have in the certificate so that it can be used with those services. Run the certificate wizard when you’ve deployed your initial set of Exchange 2010 servers and determined which host names to use for the different services for your deployment.

Which Names you must include when you use a third party SAN certificate, ref http://technet.microsoft.com/en-us/library/dd351044.aspx:
External:
webmail.wardvissers.nl
autodiscover.wardvissers.nl
legacy.wardvissers.nl (If you migrating from 2003 to 2010)
Internal:
autodiscover.wardvissers.local
legacy.wardvissers.local
nlbek10.wardvissers.local(Internal NLB CAS/HUB Cluster)
casarray.wardvissers.local(I use this address for the casarray. It has the same ip as the nlbek10)

How to Install & Configure Immidio Flex Profiles Advanced Edition

Install Immidio Flex Profiles Advanced Edition with setup.exe. There is one thing you must no.

The Management console is there in to flavors x86 and x64.

The Immidio Flex Profiles Advanced Edition.msi that you need later works both fine on x86 and x64 machines.

clip_image001clip_image002

clip_image003clip_image004

clip_image005clip_image006

clip_image007clip_image008

Start Immidio FlexProfile Kit
clip_image010
clip_image011
Best Practice is that the ini are placed on a domain controller because If one domain controller fails you have no problems with your flex profile kit.
clip_image013
Import the ini files that you will find in the package
I have al ready some ini files (Word 2007, Outlook 2007, Excel 2007) that i used with a older version of flex profile kit.
clip_image015

Create on a File Server an application install folder. I named it Immidio Flex profiles
Copy the Immidio Flex Profiles Advanced Edition.msi to that folder and the following script.

flexprofilesinstall.cmd

REM Voor Immidio FlexProfiles.
IF EXIST "C:\Program Files\Immidio\Flex Profiles\flexengine.exe" GOTO END
msiexec.exe /i "\\ward-dc01\install\Immidio Flexprofiles\Immidio Flex Profiles Advanced Edition.msi" /qb! LICENSEFILE="\\ward-dc01\Install\Immidio Flexprofiles\wardvissers.lic" /l* c:\InstallFlex.log

:END

Create A New GPO on the computers where you want to install Immidio Flexprofile kit. I named Install Immidio Flexprofiles. Asssign the  flexprofilesinstall.cmd als a startup script. Set the maximum wait time on 3600.
image 

Afther that i created a new policy for my domain users witch a named Immidio FlexProfiles Users

Add the Immidio Flex Profiles.adm to the new created GPO Immidio FlexProfiles Users
clip_image018 
I did some settings where to find the ini files and where to save the settings.
image

Now you have a working roaming profile based on Immidio Flexprofiles. It’s a great tool a im loving it.

It’s works great when you migrate from XP to Windows 7

Vizioncore release free VMware Management Pack for OpsMgr

Vizioncore, a wholly owned subsidiary of Quest have released a free Management Pack for System Center Operations Manager 2007 R2 which enables the monitoring of VMware virtual infrastructures.  Now, before I get into the features and capabilities of what the MP gives you, it’s important to point out that this is the first free MP to deliver these capabilities, and may stir things up a little over at both Veeam and Bridgeways, who both have established MP’s for OpsMgr to enable monitoring of VMware environments.  It’s important to say, both Veeam and Bridgeways offer trails of their solutions, so it would be important to compare the different MP’s for yourselves, however looking at a high level, one of the key elements that Veeam seems to have today, is that it’s PRO-enabled, thus provides more automated, dynamic and agile responses within the environment based on changing conditions.  That’s not to say both Bridgeways and Vizioncore won’t evolve their technologies in the future, and bring in PRO capabilities, however today, you would have to classify it as a differentiator for Veeam.  One you have to pay for however.

ScreenshotVizioncore Logo

So, what are the key features of the Vizioncore MP?

  • Essential alerts from the virtual infrastructure to reduce mean time to resolution (MTTR) of problems
  • Integration to System Center Operations Manager to centralize and consolidate monitoring efforts
  • Low cost and simple to use while allowing administrators to work in their familiar System Center Operations Manager views
  • Native management pack delivers alert and event management as well as trending inside the SCOM console
  • Agentless architecture for simple deployment and low overhead
  • Performance monitoring & availability event monitoring for fast resolution in the virtual environment
  • Out-of-the-box reports for host and guest metrics provides flexibility and clear communication between stakeholders

There’s even more features here

What’s nice from my perspective, is the growth of the ecosystem around the Microsoft virtualisation platform, from Partners that have, in the past, been quite VMware focused.  That’s more Vizioncore than Quest, but still, it’s moving in the right direction.

If you’re interested, you can get all the info, and download the MP, from here.

Source

Failed to Mount Public Folder database after a lossy failover because the current setting for AutoDatabaseMountDial. You Must run Restore-StorageGroupCopy before you can mount the Database

The Error:
Failed to Mount Public Folder database after a lossy failover because the current setting for AutoDataseBaseMountDial. You Must run Restore-StorageGroupCopy before you can mount the Database
image 

Solution:
Restore-StorageGroupCopy won’t work because it is public folder database.

Setting a Vink by Do not Mount this Database at Startup.

image

En give the active clustered mailbox server a  reboot. Then Cluster service will show that the other node is going online. Then the public folder is back online. After every reboot you must start to check if the public folder online is?

Show and move “hidden” Arbitration mailboxes in Exchange Server 2010

When you have a new installation of Exchange 2010 Server and you want to move all mailboxes, including all hidden Mailboxen (Arbitration) from the default database store to a database that you created. Here is how i did it.

When you try to delete the default database you will get this message:

clip_image001

The Database is not empty, even though it does look empty if you do a get-mailbox for the specific database:

get-mailbox -Database “Mailbox Database 1905367170”

clip_image003

There is a switch that you should use if you want to see all mailboxes, even the “hidden” Arbitration mailboxes:

get-mailbox -Database “Mailbox Database 1905367170” –Arbitration

This gives a different result.
clip_image005

As you can se the database is n’t as empty as we first thought. To move these mailboxes to the new database you can easily pipe the result of the get-mailbox command and create new move requests for all Arbitration mailboxes:

get-mailbox -Database “Mailbox Database 1905367170” -Arbitration | New-MoveRequest –TargetDatabase “MailboxDatabase1”

clip_image007

Source: msundis.wordpress.com

Enable Windows 7 Features through Group Policy

I love Windows 7. But there is one thing a hate about Windows 7.
There is no nice way to enable Windows 7 Features trough Group Policy.

So I created a small visual basis script that i used as a startup script.

It checks if adsnapins.txt exist in the program files files. If exsist do nothing if it don’t exsist enable the feature.

Windows7ADSnapIns.vbs

‘Installeerd Windows 7 AD Management Snapins.
’13-07-2010 Ward Vissers

Set fso = CreateObject("Scripting.FileSystemObject")

If Not (fso.FileExists("C:\Program Files\adsnapins.txt")) Then
    Dim Wsh
    Set wsh = CreateObject("WScript.Shell")
    wsh.run "dism /online /enable-feature /featurename:RemoteServerAdministrationTools", ,1
    wsh.run "dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles", ,1
    wsh.run "dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles-AD", ,1
    wsh.run "dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles-AD-DS", ,1
    wsh.run "dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles-AD-DS-SnapIns", ,1
    fso.CopyFile "\\ad.local\afs\install\Windows7Feature\adsnapins.txt", "C:\Program Files\adsnapins.txt"

End If

Set fso = Nothing

MDT 2010 Importing automatically the right driver

Microsoft Deployment Toolkit 2010 has some nice improvements to handle drivers. I will describe how I like to manage drivers in MDT 2010.

Some time I wrote i article about how to get the Name & Model from a computer. This is very important when you want to import only the right drivers automatically.

First we have to build the ‘Out-of-Box Drivers’ folder structure and import drivers. I have subdirectories for each architecture, brand and model.  This is what my folder tree looks like:

MDT 2010 - Out-of-Box Drivers

However, you can build your own structure, as long as you respect the proper model & brand (make) name of the vendors.

Build Out-of-Box Drivers tree

To build up the folder structure you have to know the model name of your hardware. To retrieve the proper computer name execute at powershell command prompt: ‘Get-WmiObject -Class win32_computersystemproduct | fl Name,Model,UUID,Identifyingnumber,Vendor’, to get the exact name WMI queries to determine the computer model. In my case the computer name is “Latitude D830”.

Now that we have drivers imported in our Deployment Share, it’s time to move on.

1. DriverGroups

DriverGroups existed in MDT 2008 already, although the MDT Team added subdirectory support in MDT 2010.

At deployment phase MDT uses WMI to query the proper computer model and only the current model drivers will be injected. In order to get this working properly, you have to use the EXACT model name in your Out-of-Box Driver tree.

Inject the correct drivers in your Task Sequence

Add a new step in your Task Sequence to inject the correct drivers. MDT will query the computer name and inject the drivers which corresponds with the computer name from the Out-of-Box folder structure, right before applying the image at deployment.

MDT 2010 - Set Task Sequence Variable (Add Task) MDT 2010 - Set Task Sequence Variable (DriverGroup)

I use ‘DriverGroup_001’ as Task Sequence Variable, and Win7×64\%Make%\%Model% as value for my Windows 7 x64. You have to adapt this to your Out-of-Box tree.

MDT 2010 - Set Task Sequence Variable

As I use a DriverGroup I’ve disabled the ‘Inject Drivers’ task.

Customsettings.ini

As my Task Sequence handles everything, there isn’t anything needed here.

If you don’t like to use a new Task in your TS, you can add DriverGroup variables in customsettings.ini like this:

DriverGroup_001=%Make%\%Model%

DriverGroup_002=Printers

2. Selection Profiles

New in MDT 2010 are DriverSelectionProfiles. These are easy for new MDT admins, very straight forward and easy to use.

Overview:

MDT 2010 - Selection Profiles Overview

First you have to create a Profile (or use one of the default profiles):

MDT 2010 - Selection Profiles, select folders

You can even select Packages and Applications, use it for “bad drivers” aka driver setup packs.

Select what drivers you want to add to the profile;

MDT 2010 - Selection Profiles, add profile

After making the profiles you can use them in your Task Sequences. The default ‘Inject Drivers’ settings are on the left, the customized one on the right:

MDT 2010 - Selection Profiles, task sequence MDT 2010 - Selection Profiles, task sequence

You can add  Selection Profiles for drivers/packages or whatever you want. Just add an extra step in your task sequence like above.

Customsettings.ini

As with DriverGroups you can choose to handle the DriverSelectionProfile in customsettings.ini or in your TS.

Example:

DriverSelectionProfile=Dell Latitude D520 x64

Translate »