Getting Started with Azure Bicep and Github Actions
Secure your Azure DevOps agents and pipelines
Starting point
Azure DevOps provides several ways to host your pipelines. While the public AzureDevops service provides hosted and self-hosted agent functionality, Azure DevOps Server (formely TFS), only provides the self-hosted variant. I personally prefer to work with the public service for the following reasons:
What if - you just need to connect a virtual network interface
Starting point
Larger enterprises might have more complex requirements controlling network traffic in Azure as well as maintaining the “least privilege” principle. Most of them are using a so called “hub-spoke” architecture, where the hub network is placed within a dedicated “core subscription”. Also other virtual networks are seperated into dedicated subscriptions or just resource groups.
PowerShell 7 behind corporate proxy server
A legacy problem - refactored
Using modern Devtools can be challenging if you need to connect through a corporate proxy server. Not all frameworks and tools have a proper support for all proxy scenarios.
Know who is accessing externally shared files using Microsoft Cloudapp Security (MCAS) API
People are sharing files using Teams, Sharepoint or OneDrive for Business and that’s ok. That’s one of the collaboration feature these tools where built for. But what if people are sharing files externally, how can you track who is effectively accessing the shared files?
Accessing Azure KeyVault secrets from an Azure Function
Azure Load Balancer and global vNet peering
Just coming back from a strange troubleshooting session where an application running on an AKS Cluster was not responding anymore after a network architecture change. It turned out quickly, that the root cause had to be searched in the recent configuration change. The change included a new routing configuration in the customers Azure global network. The AKS cluster’s network has been peered with a new hub network. The hub network is located in SwitzerlandNorth region whereas the AKS application vnet is located in WestEurope. So we have created a so called cross-region or “global” vnet peering.
Azure VM backup jobs fail – a root cause analysis
Recently I received a support request from a customer – backup jobs of Azure VMs where failing. Some of the jobs where still working as expected, while others suddenly where not. The following error message was logged in the job log:
How to limit user app consents in Azure AD
Applications can integrate with the Microsoft Identity platform to allow users to sign in using their work or school account in Azure Active Directory (Azure AD), and to access your organization’s data to deliver rich data-driven experiences. Different permissions allow the application different level of access to your users’ and your organization’s data.
When your Azure Policy interferes with Azure Network Watcher
Network Watcher is a regional service that enables you to monitor and diagnose conditions at a network scenario level in, to, and from Azure. Scenario level monitoring enables you to diagnose problems at an end-to-end network level view. Network diagnostic and visualization tools available with Network Watcher help you understand, diagnose, and gain insights to your network in Azure. Network Watcher is enabled through the creation of a Network Watcher resource. This resource allows you to utilize Network Watcher capabilities.
How to stop | start an Azure Firewall
Azure Firewall is a fully managed, stateful layer 7 firewall. In contrary to classic NVA based concepts, there is no need to care about scale and throughput because all of this is managed by Azure in the background. I always recommend it to customers, unless there are specific killer reasons to still use NVA based firewalls. As you might know, deploying highly available NVA solutions hurts big time, because you need load balancers on both, the internal and external NVA interface.
Pimp your Azure VPN Gateway Performance
Why you really want to protect your terraform state file
I’ve been using terraform for Azure IaC in various customer projects the last months. One thing which is really critical is to have a proper terraform backend configuration. As long as you’re the only one working with a specific terraform configuration you only have to care about your own state file. But for production environments, where deployments are usually triggered by a CI/CD pipeline, you’re no longer handling with local state files and have to store them on a cloud storage. For Azure, it’s obviously an Azure Storage Account where you put your state file inside a blob container.
How to manually trigger an Azure Policy Evaluation Cycle
Azure Policy is a comprehensive tool to control and govern your azure environments. Whether you want to audit or prevent things from happening in your azure subscriptions, there are plenty of built-in policies you can customize according to your needs. Now I often get the question when and where policies get evaluated once created.
Microsoft MVP for another year
Getting up early this morning was worth it. As per 1st of July all Microsoft MVPs are curious if they contributed enough to the community to become re-awarded for another year, I got THIS! 🙂 . Awarded for the 6th time in a row, I’m really honored and proud to be a part of an exclusive group of smart people from all over the world. Being in close contact with the Microsoft product groups also helps me in my day to day life. Also the annual MVP Summit conference provides a unique opportunity to meet my MVP fellows and the people from the PGs in person and discuss the latest and greatest and to handover feedback.
Using Azure DevOps Pipelines with Azure Automation
Azure Automation is a robust, cross platform and powerful automation engine for script based process-automation. If you are unfamiliar with Azure Automation, have a look at the official docs here.
Where do you run your Azure Pipelines?
Azure Pipelines is a part of Azure DevOps service portfolio. Azure Pipelines help you to build,configure and run your CI/CD (continuous integration / continuous delivery) processes for application development and infrastructure as code.
Immutable (WORM) Blob Storage on Azure
In a previous post I covered Azure Storage DLM (policy based data lifecycle management) to leverage automatic storage tiering and archival. In this post I’m going to show how immutable compliant WORM storage can be enabled and used on Azure Blob Storage.
Data Lifecycle Management with Azure Storage
Introduction
Demystifying Windows Defender Application Guard
Windows Defender Application Guard (Application Guard) was introduced with Windows 10 build 1709 and is designed to protect from current and future attacks against internet exposed applications such as Edge or Office applications. WDAG leverages Microsoft virtualization and hardware isolation technology, in fact Hyper-V containers to isolate applications from the operating system. Hyper-V containers seem to be an ideal solution for this as the have a more secure virtualization abstraction layer than classic container.
“Bring your own key” for Azure Storage Encryption at Rest
On March 7th, Microsoft made SSE (Storage Service Encryption) using your own keys GA (generally available).
Posh-SSH to automate Linux hosts using PowerShell
In this post I’m going to demonstrate a little bit of cross-platform automation using PowerShell and the PoSH-SSH module written by Carlos Perez.
Starting new Cross-Platform DevOps Blog Post Series
With this post I’m kicking off a new series of blog post covering cross platform and DevOps topics for IT Pros.
SCVMM 2016 UR3 is out
After we had the possibility to pre-test the UR3 early bits, it has now been officially released. Update Rollup 3 for System Center Virtual Machine Manager 2016 includes several fixes and enhancements.
Windows Server 2016 March Quality Update
Today Microsoft released the March monthly Quality Update for Windows Server 2016 / Windows 10.
Online extending a Storage Replica Volume
Extending Cluster Shared Volumes is a common task which is required from time to time. Although my favorite action is to create a new volume if existing ones lack in free space, sometimes there’s no way around extending an existing volume. I’m really happy Microsoft did listen on our feedback we provided on Storage Replica, in the early stages of Server 2016 TP version, where we yelled for the feature (online-extending a replicated volume).
Why deploying Hybrid Runbook Workers on Azure makes sense
A “Hybrid Runbook Worker” is basically an extension the the MMA (Microsoft Management Agent), meant to execute Azure Automation Runbooks on premises. For a general introduction I’m referring to the following documentation:
Cluster Aware Update for Nano Server
CAU and Nano, huh?
Migrating GRE Tenant Networks to another Gateway
At some point in time every SDN deployment hits it’s scale limit. In Microsofts SDNv1, a single NVGRE gateway can serve up to 100 tenant virtual networks and 200-300Mbit/s throughput. To scale out the network virtualization deployment, additional gateways or gateway clusters have to be deployed. But how can we migrate existing virtualized tenant VM networks from one gateway to another?
Deploy Packages and Windows Updates to Nano Servers
Nano Server is a new deployment option for Server 2016 where you need to create the images prior the deployment. If you’re unfamiliar with Nano Server I highly recommend the following “getting started” documentation.
Building Storage Spaces Direct hyper-converged Cluster using Nano Server in virtual Machines
In this article I’m going through the steps required to build up a S2D hyper-converged cluster using virtual machines. S2D BTW stands for “Storage Spaces Direct”, which is has been introduced with Server 2016.
Change Storage Location of RDS VDI Collections
The time will come, where you have to “re-home” your RDS VDI collections, respectively the master images and the deployed desktop instances to a new storage location. In this post I’ll guide through the steps which worked for me. As they involve direct modifications to the RDS Database, this is probably not officially supported and you’ll do it on your own risk!
Sneak Peek on Nano Server 2016 TP5
Yesterday Microsoft made Windows Server 2016 TP5 public available. With it, Nano Server also comes in a new version and the two flavors.
WMF 4.0 / .Net Framework Bug brakes Variable Scoping in Inlinescripts
In an earlier post I showed how-to-deal-with-variable-scoping inside PowerShell Workflows to be usable within InlineScript blocks. While the $USING way is simple and easy it conflicts with proper error handling inside InlineScripts.
Azure Automation Role based Access Control (RBAC)
Since December 24th, Azure Automation supports RBAC. We really asked Microsoft to implement this enhancement, as lots of sensitive information and code may live within an Azure Automation account. Assets are used to store credentials, variables, connection objects. As you might have more and more contributors to the system, you probably don’t want to share all your credential objects to anyone writing automation runbooks. Before RBAC, the only way was to create multiple Automation accounts, but of course this introduced other difficulties.
Configuring Cloud Witness on Server 2016 Cluster fails: Server failed to authenticate the request
While preparing my Demo Environment for the next TechNet Event, in fact re-bulding it with Technical Preview 4, I stumbled over an error while configuring the Cloud Witness for the storage clusters. Cloud Witness is a new feature of Server 2016. To have a Quorum for your clusters you can now leverage a file share resource on your Azure Storage Account. See here for more information about Cloud Witness.
The year is not over yet again – My upcoming speeches and trips
As last year, November 2015 will be a very busy month. Beside lot of customer projects all around private- and hybrid Cloud deployments, first stop on my road trip is Seattle. During the week of 1st to 06th of October I’m honored to join the annual MVP Summit in Redmond.
Apply changes to virtual Port Profiles in SCVMM
If you use Logical Network / Logical Switch capabilities in SCVMM, and you hopefully do so ;-), then you might want to change virtual port profile / uplink port profile settings from time to time. Changes to the following properties can be made on the fly:
Fix RDS Virtualization Host assignment after re-reployment
Microsoft based VDI deployments require to install a specific Windows Feature called “RDS-Virtualization” onto all Hyper-V hosts being part of a RDS VDI Deployment.
Starting SMA Runbooks in untrusted environments or dedicated workers
The unpleasant question
Getting Started with Storage Replica and Storage Spaces Direct in Server 2016 Technical Preview 2
With Windows Server 2016, Microsoft is once again going to mix up the storage vendor market. Continuing the ASD (all Software defined) strategy, some new cool features arise with the new version. If you’re familiar with Storage Spaces / JBOD architectures already you might now, that there are some limitations today, which may prevent some customers adapting this technology. The current version does not allow:
How to change SQL Server, Instance or Port for SMA Web Service and Runbook Service
This is a quick post on how to change SQL connection parameters for SMA Web Service and SMA Runbook Worker Service.
Performing Maintenance on busy SMA Runbook Workers
Starting Point
Guidance for a SCVMM / Hyper-V deployment in a locked down, multi-forest environment
This is a “lessons learned” post and a follow up to an earlier post on “SCVMM in multi-forest environments” to keep others away from “trial and error” when integrating SCVMM with Hyper-V in a secured environment. So what does “secured” and “locked down” mean in this context? Let me first describe the environment and use case a bit. The options to change the architecture below where limited due to customer’s internal security regulations.
When SCVMM baremetal host deployment fails at early stages
After recently updating a customer’s HP Blade environment to the current firmware release, Hyper-V baremetal deployment stopped working. The environment is managed via HP OneView. HP OneView is a linux based, virtual appliance for central management of HP components, such as servers, blade chassis, interconnect flex modules, etc. An important thing to know is that fact that the servers will get an additonal, virtual SMBIOSGUID, as soon as they get under control of HP OneView. And these are the issues I had, after the FW upgrade thru OneView.
Set default values on Storage Pools to minimize layer 8 issues
Storage Spaces allows you to define default values on a Storage Pool, so every new created virtual disk (space) is using those values, even if the administrator does not provide them or doesn’t know how to provide them. A common issue arises when fabric administrators are using one of the GUI options to create spaces, either the Server Manager or SCVMM. Why?
SMA and the issue with job concurrency
Job concurrency can be something you really want, or on the other hand something you really want to avoid. What if you want to enforce a particular runbook to have only a single job instance running at any given time? Unfortunately, SMA doesn’t have a built-in method to control runbook concurrency as Orchestrator 2012 / R2 had it on a per runbook base. My fellow co-worker Fulvio Ferrarini reached out if there’s a known work around and referred to the following discussions:
Troubleshooting SMA (Service Management Automation) – Part 3
As SMA is almost anywhere around in my daily job, I’m also faced with usual and unusual troubles of course. Especially the authentication part can be a tricky one. Therefore I decided to dedicate the 3rd and last episode of the “Troubleshooting SMA” series to the “Authentication” topic.
In this post I’m focusing on several considerations regarding authentication within SMA Runbooks. After a relatively dry theory block, I’ll pick up some scenarios from the field.
How to change SMA Service Accounts
A SMA (Service Management Automation) infrastructure has typically two different service accounts being used for running the basic environment.
Troubleshooting SMA (Service Management Automation) – Part 2
Troubleshooting SMA (Service Management Automation) – Part 1
As I work more and more with SMA in my daily job, I’m of course also running into situations where things go wrong. I decided to share some troubleshooting tips and therefore, this is the first post in a series of 3, explaing how to troubleshoot SMA infrastructure, failing jobs, stuck / stalled jobs, etc.
Creating clustered storage spaces a lot faster
The process for creating a new clustered space includes a fair amount of single steps to be processed in the right order, no matter if you use the Server Manager GUI or PowerShell.
This year isn’t over yet…Next speakings… #E2EVC Barcelona and #TechSummit Berlin
SMA Runbook to update SCVMM R2 UR3 DHCP Server Extension on all Hyper-V Hosts
Some weeks ago Microsoft released Update Rollup 3 for System Center 2012 R2. Part of this RU, SCVMM components also got updated. This time, unfortunately it was not sufficient to update the SCVMM Server / Console components and to execute the post-update SQL script. Microsoft has also updated the SCVMM DHCP Agent extension running on all managed Hyper-V hosts. The KB article states to manually check for a recent version and update it.
Get a brief Storage Spaces Status Overview via Powershell
One of the things I like with Powershell is the way you can handle object output and format conversations in a very easy and efficient way. In this example I’m going to show a Powershell script to generate a HTML report on the current Windows Storage Spaces Status. Although you can monitor the most relevant eventlogs like Cluster and Storage Spaces driver, it’s useful to have a single script, which generates a brief overview about the Windows Storage Space status and it’s configuration.
Hyper-V Replica initial Replication suddenly stops with error (0x800704CD)
The simple the root cause is in this case, the longer it took me to figure it out. Sometimes you don’t see the things which are very close.
System Center Universe Europe 2014 is around the corner
System Center Universe opens its doors for the second time in Europe. From September 17-19, 2014, Basel (CH), the community event is going to deliver best of class technical sessions and networking opportunities. SCU Europe will host the crème-de-la-crème of the Windows Server and System Center Community from all over the world including 27 MVPs as well as some Microsoft employees and program managers.
Updated: Service Management Automation White Paper
In February 2014 I released a Service Management Automation white paper on TechNet. It became quite popular, so I decided to make this an ongoing project. I decided to release an update to the document at least 3 times a year. So my next editor round came along a request from Aleksandar Nikolic, the co-founder and editor of the famous Powershell Magazine. He also invested a fair amount of time to review my SMA white paper. A lot of useful and interesting comments where the result and along with other additions from myself, i’ve put all together into a version 1.04. The most recent version is available by now on TechNet Gallery.
My first post as a Microsoft MVP
Yesterday was an exciting day as I received the confirmation email from Microsoft for my first MVP Award. I’m proud now being part of this worldwide experts community. I was awarded with MVP for Cloud and Datacenter Management, which is a group of ~80 experts around the world. This not only shows that Microsoft is recognizing my work for the community over the last years, it also shows that these efforts together with the support of my fellow geeks, friends and co-workers have pushed me a huge step forward. I’m really looking forward to the MVP Global Summit, kicking of in Redmond this November. I’ll meet a lot of fellow MVPs and Program Managers in person. Lots of them I’m knowing “only” from Twitter or Email. This award motivates me to continue working with and for the community, to share knowledge and experience, and to inspire more people building Microsoft based clouds.
SCVMM / Converged Network Setup and duplicate MAC Addresses explained
In this post I’m not going through the topic why you should use a software defined network architecture (SDN), there are plenty of posts out there explaining why THIS is the way to go. Instead I’ll explain how the teaming works in Server 2012 R2 and how it can hurt you while pushing a logical switch from SCVMM to your Hyper-V Cluster Nodes.
A first look on SMA Studio
Although Service Management Automation is IMHO the future of automation and orchestration, it has some downsides compared to the graphical editor capabilities of System Center Orchestrator. I assume that the next version of SMA, will address at least some of the missing features. In the meantime the community starts developing own solutions to make SMA runbook management a bit easier, especially when dealing with lot of runbooks and workflow code.
SCVMM Setup fails at post processing step: “server name could not be resolved”
Some times things go wrong and sh** hits the fan. But in my case I was pretty sure I’m doing everything correctly when installing a HA SCVMM Cluster. So almost at the end of the SCVMM Server setup process, the setup engine throw an exception and performed a full rollback.
My wish list for SMA vNext
Automating the world of datacenters and infrastructures has always been one of my passions. Starting with Service Management Automation (SMA), the capabilities have been extended in very cool ways. While still, SC Orchestrator is used heavily to automate IT processes, SMA is IMHO the little twinkle star. Released as a Version 1.0 together with Windows Azure Pack last year, the way Microsoft goes with automation in SMA has significantly changed the game. SMA is purely based on PowerShell Workflows. This brings some great enhancements like direct interoperability with DSC (Desired State Configuraton). PowerShell Workflows are rock solid, do support checkpoints and can be re-used even outside of SMA. Of course there are also some things you might miss in the current version of SMA when you compare it to SC Orchestrator.
DRMIRU @ ITNETX / Upcoming Speeches
DRMIRU @ ITNETX
Linking SMA Runbooks to Azure Pack VM Cloud Events and get Job Parameters
One of the awesome capabilities in Service Management Automation I like very much, is the ability to link SMA Runbooks with VM Cloud action events. Action events are triggered when SPF executes actions against Windows Azure or System Center Virtual Machine Manager. There are a lot of actions you can choose to trigger and fire up a particular SMA Runbook. Refer to this link for a complete list of action events and their related objects.
Visualize Runbook Nesting in Service Management Automation
Currently I’m working alot on SMA (Service Management Automation) and the transitions from SC Orchestrator. One big advantage SC Orchestrator still has, is the visualization, especially when following the best practice. Runbooks should not contain too many activities and should be generalized wherever possible. This keeps the Runbooks clean and reusable. So how can you nest Runbooks in SMA?
Generally this is explained in my SMA Whitepaper on the TechNet Gallery.
Troubleshooting Windows Azure Pack Console Connect
What is WAP Console Connect?
Using DSC to keep SMA Runbook Workers up-to-date
In this post I’m going to show how Powershell Desired State Configuration and Service Management Automation can be combined to ensure, all SMA Runbook Workers have the same configuration and set of additional Modules and SW packages installed.
Access Denied to Windows Azure Pack Admin Site after RU1 upgrade
Several days ago Microsoft released Rollup 1 for Windows Azure Pack. The KB article describes how to update your WAP deployment.
How to change Subnet / VLanID on an existing Logical Network Definition in SCVMM
A lot of people are still using VLAN based isolation for their Software defined Network in System Center Virtual Machine Manager. Although you have 4096 VLanIDs to assign, sometimes things have to be changed. Did you ever try to change a Subnet or VLANId on a Logical Network Site that is in use?
Why Column Size does matter with Storage Spaces
I get this question a lot from customers when I’m on the road to implement and teach Windows Storage Spaces / JBOD solutions.
SMA Workflows and Remoting, how to deal with Variable Scoping
At the moment I’m working a lot with SMA (Service Management Automation) in Windows Azure Pack. You you’re unfamiliar with this topic, I’d recommend to read my white paper about SMA.
Introducing HVRSMA Toolkit
Some days ago I published a whitepaper about Service Management Automation (SMA) using Windows Azure Pack. It covers a basic guide through setup and operating SMA inside your private/hybrid cloud environment. You can get the Whitepaper here on TechNet.
Service Management Automation (SMA) Whitepaper
In a recent blog post I wrote about the importance of Windows Azure Pack and Service Management Automation and why I think, Windows Azure Pack isn’t just for Service Providers. I’m glad to release a whitepaper today, giving guidlines to deploy and manage SMA.
BSOD on Hyper-V 2012 R2 Cluster Nodes after installing KB2887595
After recently patching all 2012 R2 Hyper-V Cluster Nodes in our own datacenter, I noticed randomly BSODs. After a short investigation I was able to narrow it down a little bit. As soon VMM started to rebalance the VMs, one after each node went into BSOD. It seemed that the first live migration task succeeded, while subsequent tasks failed. As soon the second LM process started, the target host died. So WTF… was going on here.
Extending a Cluster Shared Volume (CSV) natively with Powershell
In one of my recent posts, I showed how to extend a CSV using Powershell and DISKPART. As I’m constantly trying to avoid using “legacy” command line tools, I decided to find a way around DISKPART.Therefore I was able to create a Powershell Function to extend a CSV on a Windows Failover Cluster.
Why I think Azure Pack isn’t just for Service Providers
Windows Azure Pack (codename “KATAL”) has been released together with the R2 wave of the Server and System Center platform. Windows Azure Pack, I’ll call it WAP in this post brings Azure style self-service and automation to your private cloud.
How to manually remove a Host / Cluster from SCVMM 2012 SP1
Before you read further here, As far as I’ve worked with SCVMM 2012 SP1 RU4 and SCVMM 2012 R2 now, the issue seems to be fixed in those releases.
When Hyper-V Replica fails to initialize
Enabling Hyper-V Replica is usually a no-brainer. But what if it fails to establish a replication? Weird error messages and corresponding weird event log entries don’t help to debug most of times. In this blog post I’m going to go through the basics of Hyper-V Replica and the most common configuration issues which can prevent a successful replication initialization.
Why I’m consistently returning to E2E Virtualization Conference
Back in the days, my first E2EVC (formerly called PubForum) in 2005 was already a great event having smart people discussing technical related stuff around server based computing. The attendee count was around 30 while nowadays, we have around 120 attendees on each event, which kicks off twice a year. This time we met in Rome (Italy) and, we’ve had attendees from 18 countries, including 18 MVPs, 15 CTPs and 6 vExperts. This has been the 20th event since the initial launch 10 years ago.
Upgrading SCVMM and Hyper-V Clusters to 2012 R2
In this post I wanted to give a short wrap up about my experiences upgrading existing Hyper-V 2012 Clusters and VMM 2012 SP1 to the new R2 version. I decided to leave out all print screens to keep the post short and useful as a guidline.
Upcoming: E2E Virtualization Conference Rome (Italy)
In about less than a month, the E2E Virtualization conference will kick off, this time in Rome (Italy) from November 1-3
Unveiling Cluster overcommit in SCVMM 2012 / Hyper-V
The story
Analyze and visualize Hyper-V Performance using PAL
Hey, do you know PAL? Of course you know it as a color encoding system for analogue Television. But in this post I’ll introduce PAL from codeplex.
Enrich SCVMM using Custom Properties
SCVMM does provide ten default custom properties (CustomProperty1-10). Like the custom properties of an AD object, objects in VMM can be enriched with information by adding data to those properties. Now there’s even more. You can define additional custom properties at will. So thinking about possible use cases I came along the following…
How to return unused IP Addresses to Pools in SCVMM
It’s common to create and dispose / delete lots of virtual machine in an automated private cloud. SCVMM comes with it’s own implementation of a tiny DHCP-Server like service. The feature allows the assignment of IP addresses from a pool to deployed virtual machines. SCVMM tracks the assignments by adding them as “AllocatedIPAddress” object types. SCVMM R2 together with Server 2012 R2 will allow an integrated IP address management using IPAM extensions for SCVMM. For now we have to manage it ourselves.
SCVMM in multi-forest environments
In this article I’m going to highlight some of the most common multi-forest scenarios you may have to deal with operating a System Center Virtual Machine Manager. The official Technet documentation claims that multi-forests scenarios are supported using Kerberos. Unfortunately I did not find an official deep dive on that yet.
How to delete obsolete Logical Networks in SCVMM within seconds
Deleting a Logical Network within VMM can be painful if it’s already configured end-to-end, meaning all components plugged together and Hyper-V Hosts equipped with a Logical Switch accordingly. If you’re not an expert on how the different components are plumbed together, you’ll probably waste a lot of time digging the various dependencies. To save also time for my own while playing in LAB and Demo environments I created a little Powershell script that does all the work for me. It performs the following steps.
Creating tiered Storage Spaces in Server 2012 R2
Storage Spaces is a technology Microsoft introduced with Server 2012. It allows creation of high performing, redundant and flexible storage architectures using common hard disks (JBOD).
Key takeaways from TechEd Europe 2013
When I first thought about joining TechEd Europe this year, I did not had a lot of expectations regarding new products and features showing up. Fortunately I’ve been corrected and completely flushed with amazing, incredible new stuff coming up with R2 versions of Server 2012 and System Center 2012.
Single Sign On in RDS 2012 demystified
Server 2012 RDS has been a huge game changer for shared hosted desktops as well as for hosted VDI deployments. The capabilities you get out of the box fit the requirements of a lot companies I’d say, and when I say a lot I don’t mean all. There are still uses cases where Citrix has to be in place and I feel that being still a good point because it keeps the innovation cycle up and running.
UE-V Logoff Helper Tool
In one of my recent posts I covered an issue with Microsoft UE-V regarding open applications at logoff. To keep it short here, application settings of opened applications are not synced back to the central location store when logging off. This behaviour is by design in the current UE-V release and might change in a future version.
How to execute 64-Bit Powershell Scripts in System Center Orchestrator
I came along a weird issue when trying to automate a SCVMM Hyper-V Bare metal Deployment using System Center Orchestrator 2012 SP1. As the System Center Integration Pack for SCVMM is focused on virtual machine automation tasks, I had to create my own Powershell scripts.
Hyper-V & SCVMM – Constrained Delegation VS. CredSSP
A lot of customers I’m currently engaged in Hyper-V Projects have started their Hyper-V 2012 deployments without SCVMM. As they are trying to integrated it actually one of the most popular questions arising is:
Refreshing a Virtual Machine in SCVMM fails with error: 13992
**Scenario:
**
How to import Hyper-V VMs with compatibility issues
I recently came along some issues while trying to import previously exported or copied virtual machines for a customer. The recent admin did not document what he tried to do so far, but several of the virtual machines where in a likely “inconsistent” state. Importing those VMs using the Hyper-V Manager GUI or Powershell CMDLETS failed with different errors, but all pointed to the same root causes.
Automating online Extension of a CSV using Powershell
In this article I’d like to give an example on how to automate an online extension of a Cluster Shared Volume on a remote Server (Cluster Node).
How to control and prioritize Client authentication and logon requests on Domain Controllers
Each domain joined Windows client locates an appropriate Domain Controller using a component called “DCLocator” as part of the NETLOGON service.
Hyper-V / SCVMM Converged Fabric : Nice.. but how to?
Hyper-V with Server 2012 and SCVMM 2012 SP1 offer great network management and virtualization features. Even if the MS Technet documentation covering this is not bad at all, you might struggle trying to configure a converged fabric or network virtualization. This blog post just provides useful links to other blogs from fellow geeks and SMEs which will help you a lot to understand and configure virtual networks and switches. Personally I prefer the software defined networking approach using SCVMM, as it also shows the power of centralized definition and configuration.
How the Kerberos token size can affect WinRM and other Kerberos based services
Why UE-V is not ready yet for volatile VDI envionments
Coming up: Next E2E Virtualization Conference (Copenhagen)
I got the confirmation that I will present again @ E2EVC in Copenhagen, this time together with MVP Thomas Maurer about System Center Virtual Machine Manager 2012 SP1 .
How to use a dedicated interface / VLAN for Hyper-V replica traffic
How to update group membership without logoff / logon /restart
This might be very useful for certain situations where you want to update a user’s or computer’s group membership without the need to re-logon / restart. The whole magic is behind the issued kerberos tickets after you logged on to a machine or a machine has been started. The tool “klist.exe” cannot only be used for troubleshooting to display the current issued TGT / TGS, it is also capable to purge all current tickets. The purge command results in a re-issuance of the tickets, as soon as the next auth or service request is taking place. Keep in mind that this method only works for services which authenticate via Kerberos. NTLM based authentication still requires a fresh logon with updated group membership token.
How to kill a hung or stucked VM on a Hyper-V 2012 host.
Even this happens very rarely on a Hyper-V host 😉 , it might still be useful under some circumstances to kill a hung or stucked VM. Most of the times the hung situation is caused by a guest shutdown request which does not get completed successfully. The GUI doesn’t provide you a solution here (neither SCVMM, Hyper-V Manager or Failover Cluster Manager). Good old Powershell will solve it for you.
Find a Hyper-V VM by MAC Address
This simple but useful approach became very popular if I watch my blog hit stats. So here’s the final part for Hyper-V.
Not just another „wait for network“ script
Using Appsense Environment Manager to copy files at computer startup trigger can lead to headaches, because the action is executed by default without respect to the network connection / domain connection status. Therefore I created an intelligent Powershell script which can be used as a reusable condition prior to the copy jobs.
Microsoft UEV 1.0 uncovered (part one)
Microsoft UEV could be called as “just another profile management solution”. I agree it’s a bit late for MS to publish the solution as there are vendors like Appsense or RES, which focus on user virtualization and user workspace management since many years with success. In the meantime UEV can be a value add for customers which think traditional roaming profile just suck, but don’t want/can spend a fortune for a high end solution… and… It’s included in MDOP 2012. For an overview about UEV I’d like to refer to a geek mate of mine, Helge Klein. Find his article here.
Debugging a hanging process
In this article I wanted to cover a step by step documentation on “how to debug hung processes” using debugging tools for Windows.
MPNotify not called by Winlogon when Kerberos authentication is used on XenApp 6.x
As I first noticed this behavior in March 2012 I didn’t expect to have a support case with Citrix, Microsoft and Appsense for about 6 months duration. The behavior affects services and applications implemented as network credential providers on a XenApp host. Usually they get launched by MPNotify which is spawned by Winlogon upon a correct and regognized logon method. But MPNotify was never kicked off when using Kerberos or Kerberos Pass-through logon method on XenApp servers. So in my case this affected the Appsense Environment Manager on the XenApp hosts, because the agent runs under LOCALSYSTEM and uses a credential provider for impersonation. So long story in short words.. Appsense EM was off the game when using Kerberos logon method on XA session hosts.
A sad day for the community. Laura Whalen talks about her departure from Citrix
As I read these bad news I thought about like many other geeks, how to find the right words for a tribute to Laura. I can’t say better than Chris Marks, that Laura’s contribution and her spirit inspired me to be a Citrix geek even in hard times when Citrix product versions 1.0 sucked. She is one of a few persons in the world, which you can’t easily replace with just another. I’m not sure who lost more by this move, the community or Citrix. At the end both will miss the charming, geeky girl pushing the community to be the most active and respected in the vendor’s world.We will miss her so much and I hope that wherever she moves to, we’ll be able to enjoy her charisma again.
Powershell one-liner to find XenServer guest by MAC address
In a previous post I showed a Powershell one-liner to find a vSphere client based on a MAC address search string. This time I’ll do the same for Citrix XenServer.
Deep Dive – XenDesktop 5 Policies: Part 1 – Access Policy Rules
XenDesktop 5.x provides very flexible and fine grained access policy rules to control resource access to broker desktops or applications. This post covers the basics behind the functionalities and provides a lot of examples for advanced configuration of Access Policy Rules. Advanced rules have to be configured with Powershell, so get your PS console ready!
Server 2012 Hyper-V and VMware vSphere comparison white paper
Microsoft has released a white paper which compares features and capabilities between Hyper-V from Server 2012 and VMware’s vSphere 5.
How to redirect certain URL requests to XenApp published browser with “URLRedirect” version 1.0
Starting point
Appsense EM / Office 2003 – “send via email” forces Outlook.exe to crash
Assuming that you followed Appsense best practice for Office personalization Settings, you might still have an issue with Office (Outlook) when using the “send via email” function out of 3rd party applications like (Acrobat Reader, IE, etc.)
XenApp / XenDesktop authentication methods uncovered
After receiving a lot of positive feedback regarding my session @E2EVC I decided to publish the slides on my blog.
Powershell script to fix XenDesktop 5.x DDC / vSphere VM assignment
As the issue described in the previous post might also affect XenDesktop 5 deployments with vSphere I decided to create a script for XD 5.x too and post it to the community.
Powershell script to fix XenDesktop 4.0 DDC / vSphere VM assignment
Due to an administrative action, restore or rebuild of the vCenter database, assignments between the hypervisor connection from DDC’s pool management service and the vSphere vCenter might be lost. The XenDesktop PoolManagementService manages the assignment by adding a special annotation attribute to each VM which has been added to a pool. The attribute name is CTXGuestOSId where the value represents the SID of the VM’s AD computer account.
Powershell one-liner to find vSphere guest by MAC address
Somebody has stolen an IP address which belongs to one of your vSphere guests and you have an IP conflict reported in Windows Event Log? Just note the suspicious MAC and execute the following statement within vSphere PowerCLI
Smart Card PIN pass-through not working with Windows 7 client on XenApp
**Issue description
**
Redirect AGEE VPN users to a different Web Interface
FIM Ressources in a nutshell
If you are new to FIM (Forefront Identity Manager) , this blog article might help you a lot.
Installing Hyper-V on Server Core 2008 R2, a journey into the abyss of CLI administration
This week i decided to take myself into a Hyper-V installation running on a Server 2008 R2 SP1 Core. To share my experience and to conserve my own knowledge I’d like to share my personal experiences in this blog post.
Citrix Cloud Gateway Express CTP, a first look and my hands on
By the end of Synergy Barcelona last week, Cloud Gateway Express is available for download in a CTP Version. (www.citrix.com/techpreview)
Exchange 2010 Administrative Group Name decrypted
I’m sure almost everyone dealing with upgrading an existing Exchange Org to MS Exchange 2010 wondered about the name of the administrative group created automatically under the configuration container.
How to create a Windows 7 Default Profile
Leaving the “Default” user profile as it is can hurt your VDI / RDS deployment, because Windows needs certain amount of time to create a new user profile from the initial default one. The Default has not been initialized, meaning e.g. the HKCU hive is not generated, active setup has not initialized components.
UAC prompts when running scripts which perform high privileged operations, even if you are a local administrator
Imagine this:
vSphere 5 – what’s new , a closer look under the hood
Attending the vSphere 5 upgrade class gave me a pretty good overview of vSphere 5’s new features and enhanced functionalities. VMware has again made a step forward to provide a – please forgive me – “Cloud proven” virtualization solution.
How to remove Favorites and Libraries from Explorer shell
I tried multiple solutions to remove these annoying links in the windows explorer shell (win7 / 2008 R2), but none worked perfectly. But thanks to Appsense EM it’s pretty easy to get rid of these useless things.
Using regex function to have a powerful split/replace functionality in Powershell
Powershell provides easy replace and split method to manipulate text/string values. They are easy to use but…if you want to replace content only on subsequent positions or split a string using a pattern containing more than a single character, you’ll fail.
How to add a smtp proxy address to a Exchange 2010 maibox via Powershell
This is a Powershell snippet to add a smtp proxy address to an existing mailbox in a Exchange 2010 environment.
It must run on a machine with installed Exchange 2010 Management Shell.
Xendesktop 5 and Hyper-V. Lessons learned from a joint venture
This Citrix Blog article posted by Thomas Berger covers lessons learned implementing Xendesktop 5 i
XenClient: unlock a locked VM
If a XenClient VM which is registered to a synchronizer couln’t contact the synchronizer for a while it will be marked as “locked” on the XenClient. The default lease time for “offline” VMs is 14 days.
XenApp 6.5 (Iron Cove) uncovered by Stephane Thirion
Stephane, not just another member of E2E virtualization conference community has posted a cool overview around the new features of XenApp 6.5.
Tired of OSD scripting App-V packages? Try this out. Not just another App-V Powershell script
How to create a App-V package that fits different environments and location based configurations? Well there are several ways to achieve that.
How to search for a VM by MAC address on XenServer and vSphere ESX via Powershell
If you have hundreds or thousands of VMs you could run into a problem if someone wants to now the correspondig VM to the MAC address XYZ. Because the network administrator isn’t a big help finding virtual adapters on his physical network infrastructure, the hypervisor is the choice to search for the apropriate virtual NIC. If you have a plenty of VMs you would probably going crazy clicking through each VM’s NIC properties.
RDS Session / Server Management via Powershell
Once upon a time there was a cool wrapper dll for accessing TS session info from scripts and .NET programs without accessing the complex and poorly documented WTS API. The dll was called WTSadmin.dll. Unfortunately this assembly does not work any more on 2008 R2 RDS. Googling and binging sent me to a project named Cassia, which is in fact another wrapper for the WTS API. And theeeeeere.. is a Powershell module using the Cassia wrapper. It can be downloaded here.
Bulk unregister / register VMs on vSphere
If you want to unregister all VMs on a particular vSphere Cluster / Host you’re pretty done using the GUI, registering all VMs on a datastore could take you to the “hell of clicking masters” depending on the amount of VMs to register. I created two powershell functions which do that stuff for you.
E2E virtualization conference Dublin 2011 / Day #2
Pubforum is no more, it’s now called E2E virtualization conference. The most of us think that it’s a good change to gain a more professional touch also for the sponsors by this rebranding.
Pubforum Dublin 2011 / Day #1
Session #1 (Jim Moyle and Andrew Wood about “Nirvana Phone”
Updated version: Globalfunctions.ps1
I’ve published a new version of Globalfunctions.ps1 Powershell script, which includes a lot of userful functions for your daily PS scripting life.
Save and restore user certificates using Powershell
After a lot of unsuccessful tries (even with Appsense Personalization Manager it’s hard to save and restore user certificates, if AppData is not redirected), I found a valuable way to export and import user certificates at Logoff / Logon.
How to enable certificate based authentication on Exchange 2010
This article describes all steps to activate certificate based authentication to Outlook Web Application on Exchange 2010 / IIS 7.We assume here that you already have configured the SSL server certificate for the CAS server and the user accessing OWA has a valid user certificate for authentication installed.
Exchange 2010 SP1 Rollup 2 available
The rollup can be downloaded here.
Exchange 2010 with Blackberry service
Microsoft has recently published an article here which covers the required steps to integrate Blackberry Enterprise Service in a Exchange 2010 environment.
Windows RDS 2008 R2 / Xenapp 6 Tipps
Tuning:
How to reset a password on a windows box
Update!: Regardless of the fact that the method described below still works for Windows 2012 incl. Domain Controllers, it is not a supported way and you use it at your own risk.
Repurposed PCs together with XenApp / RDS for delivering Win7 like desktops
Want to deliver Windows 7 like desktops centrally using your thousands of old x86 PCs but…
Exchange 2010 SP1 Setup fails while checking prerequisites for CAS Role
Trying to install Exchange 2010 SP1 on 2008 R2 was not that easy as I thought. Everything but the CAS role could be installed.
After installing latest windows patches setup asked always for two additional hotfixes while checking prerequisites for CAS role. Google and MS KB showed up weird results..
Citrix XenDesktop 5 Powershell command reference
XenDesktop 5 has a powerful powershell interface which can much more for you than the 4.0 SDK could.
But……
Due to the fact that some configurations can’t be made anymore using the Desktop Studio GUI your only way is to get familar with Powershell.
Crash Dump Analysis
The traditional Windows BSOD has turned into a rarely occuring phenomen, sometimes you might see still see it. Didn’t you crossed your hands over your head and thought… What the f*** shall I do with this information on the bluescreen?
I’ve collected some useful links which will help you to get a knowledge of analyzing crash dumps (system and application crashes). Finally it shows you which component was responsible to crash your system / application.
An important note here:
MOST of user executed applications can’t be responsible for a system crash cause they are executed in the user mode of the operating system memory. So mainly kernel mode sw/hw drivers are causing your winbox to show a BSOD. Instead of asking your users, “which application did you start before it crashed?” you better have a look into the following pages and make yourself fit in basics of crash dump analysis. A special thank here to Mark Russinovich, Dmitri Vostokov and Lalit Kaushal for sharing their tremendous knowledge about this stuff.
How to change the pool master in a XenServer farm
First you have to disable HA on the pool
Citrix XenApp debugging tools overview
The following link provides a collection of debugging tools used in Citrix XenApp environments.
Very useful overview, some of the tools are quiet oldschool but still provide a value add
App-V / Database Mirroring
SQL DB fail over for App-V Management Server
Remoting protocols…why Citrix HDX beats them all
A nice overview of current capabilities of the different remoting protocols. The difference at least shows up on WAN.
Unified Computing
A bunch of useful links around UC and UCS from Cisco.
Citrix updates their communication ports sheet
Citrix has relased a brandnew whitepaper about communication ports used by citrix products now including XenServer.
PubForum 2010 Berlin – 3rd conference day
Session #1 Authentication on Citrix level by Lalit Kaushal
PubForum 2010 Berlin – 2nd conference day
Session #1 Rick Dehlinger about BYOC
PubForum 2010 Berlin – 1st conference day
Some known and also a lot uf unknown faces I see here at PubForum. Because of Synergy we’ll have a lot of Cirix people onsite, which will be a value add to the community I think.
After a short keynote from Alex Jushin the sessions start with the session of Markus Klein and Oliver Lomberg from Citrix Systems
The lates news from Synergy are brought to the commubnity.
VDI … and the most common errors and misunderstandings
Designing and deploying a virtual desktop environment can be a pai* in the a** if you do not watch carefully the most common keypoints, errors and misunderstandings.
Windows 7 KMS with Citrix PVS
A good post from Citrix community shows up how to deal with Windows 7 and KMS in a PVS environment.
Currently the best VDI feature comparison Matrix
Ruben Spruit and his team created a VDI Smackdown white paper which includes a complete feature comparison Matrix.
How to mass modify VM config parameters using PowerCLI
Greate post here, although a greate blog for datacenter admins!
Browser fingerprinting – how unique is your browser?
Many people are asking: “how in the world they know that’s me returning to their website?” Well.. the most known reason is that the website stores a cookie on your local harddrive.
VMware releases vSphere 4 hardening guide
It’s still beta but, vmware has released a document covering security and hardening guidelines.
Understanding esxtop output statistics
The following doc outlines in detail the esxtop output. A must for everyone before using esxtop on your host to discover bottlenecks and performance issues.
What’s New in Windows Server 2008 R2
http://www.microsoft.com/windowsserver2008/en/us/whats-new.aspx
Determining why a VMware virtual machine was powered off or restarted
Who did restart or poweroff my virtual machine? As an ESX admin this could be a question from one of your VM admins. The following artice describes how to find the issuer and the method behind such an event.
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1019064
iSCSI multipathing with vSphere 4
After having esx 3.x deployed, we noticed quiet fast that network based storage can’t be multipathed and load-balanced really. There are a small number of tricks using LACP, channeling.. but… This does not help at all. The following article describes in detail, why VI 3.x can’t load balance the IP based storage traffic.
How to convert a vmdk to vhd and vice versa?
Starwind Software offers a free tool to convert virtual disk files from vmdk to vhd format and vice versa. This is especially useful if using Provisioning Server and there is the need to update PVS Agent or Hypervisor Tools inside the guest (such as vmware tools). Just convert to vmdk, boot and update your stuff, then convert back to vhd… done!
Powershell: Dealing with single quotes within arguments
A run in a very special issue when I tried to pass arguments to a powershell script if one of the arguments contained single quotes within the argument string like “this is damn ‘quote’ inside the arg!!” Your powershell script would then think that these are separated arguments. You won’t get the hell out of this sh*t. One possible solution is to place the “wracky” argument at the end, in fact use is as last argument. Install the Powershell Community Extensions and use the join-string cmdlet. Here’s an example.
How to implement a file based locking mechanism within a powershell script
The following code enables a file based locking mechanism within a powershell script. It checks for existance of a lock file and checks if a running process exists, which is capturing this file. This can be used in situations, where a script is beeing launched paralell by another script or programm, but you want to have your script executed exclusively and serialized.
Microsoft launches Security Essentials
Microsoft has launched it’s new PC security solution “Security Essentials”, an all in one client protection suite, all free and after a first look at it – really not too bad. It protects from virues and malware.
Remove blanks, find replace within a file using powershell
These two small Powershell functions could save an admins live at daily work 🙂
Microsoft App-V Application Virtualization
Because there are a lot of useful docs, links and other useful information about MS AppV (formerly SoftGrid), I tried to help myself and others to keep this stuff a bit together for future use.
What’s new in VMware vSphere 4 @ Magirus – Day 2
What’s new in VMware vSphere 4 @ Magirus – Day 2
What’s new in VMware vSphere 4 @ Magirus – Day 1
What’s new in VMware vSphere 4 @ Magirus – Day 1
How to create an enhanced CLR Database Trigger in SQL Server
In SQL Server 2005 and later Triggers can be more than simple T-SQL statements. You can include complete procedures and program code.
This post describes how to create a “Common Language Runtime” Trigger on a SQL Database which fires on INSERTS into a specific table.
A CLR Trigger is a kind of stored procedure including .net compiled program code.
How to run an ESX 3.x Host inside VMware Workstation 6.5
This post describes how to configure a VMware Workstation 6.5 VM to run an ESX 3.x Hypervisor inside it.
Follow the steps below…
How to dot-source a powershell script
Have you ever been interested to include (to dot source) another powershell script into your own one?
VDI the future of workplaces?
As VDI turns from being a hype to getting a defacto standard, there are some questions and open issues I’m thinking about.