Datacenter’s and companies everywhere generally rely on a core piece of software to store their data and metrics, SQL Server. It’s nice to keep it up to date, but sometimes, and a lot of the time, if it’s not broken, don’t fix it. SQL Server has been around for quite a while, there are many databases hosted by SQL Server. Microsoft has released many upgrade advisors over the years, but recently the SQL Server team has overhauled their traditional SQL Server Upgrade Advisor and have created a new product – SQL Server Data Migration Assistant (DMA), which is different than SQL Server Migration Assistant (SSMA). To pull off a successful migration or upgrade, you need to do your detective work.
SECURE ACCESS INTERNAL NETWORK RESOURCES WITHOUT VPN – DIRECTACCESS PART2 #DIRECTACCESS #WINDOWSSERVER #MVPHOUR #STEP-BY-STEP
Windows 10 Enterprise as DirectAccess Client. Because Windows 10 supports automatic entry point selection and transparent failover, better scalability and performance. Also, windows 10 built-in DirectAccess connectivity status indicator, the administrators don’t have to deploy, manage, and maintain additional software.
SECURE ACCESS INTERNAL NETWORK RESOURCES WITHOUT VPN – DIRECTACCESS PART1 #DIRECTACCESS #WINDOWSSERVER #MVPHOUR #STEP-BY-STEP
DirectAccess provides users with the experience of being seamlessly connected to their intranet any time they have Internet access. When DirectAccess is enabled, requests for intranet resources (such as email servers, shared folders, or intranet websites) are securely directed to the intranet, without the need for users to connect to a VPN. DirectAccess enables increased productivity for a mobile workforce by offering the same connectivity experience both inside and outside of the office.
Well I’ve been buried lately under a lot of LUNs. Spring is over and a customer I’m at has forgotten to do their spring cleaning! Needless to say, the LUN presentation and maintenance to their VMware clusters is a mess! In order to audit the system and ensure things were going in my favor, I wrote quite a few PowerShell code blocks/1 liners.
UPDATE MELLANOX NIC FIRMWARE AND DRIVER FOR NON-RDMA STORAGE SPACE DIRECT CLUSTER SERVERS #STORAGEPACEDIRECT #POWERSHELL #WINDOWSSERVER #MVPHOUR #STEP-BY-STEP #MELLANOX
Today, let’s talking about how to step by step to update Mellanox NIC firmware and driver for non-RDMA Storage Space Direct Cluster Servers. You can easy to do via follow steps.
A pretty simple request came across my desk today. I was requested to send a report of users that were created after a specific date. Do you remember the Windows Server 2003 and prior? Before PowerShell? We had to use what I’ll term loosely as “wonderful” LDAP queries. Also the query result was pure text, we couldn’t do anything easily with it short of magical text parsing! Well here is my PowerShell script I quickly whipped up!
NON-RDMA STORAGE SPACES DIRECT STRESS TEST STEPS and RESULT – #WINDOWSSERVER #S2D #MVPHOUR #STEP-BY-STEP
Today, I am going to do stress test for NON-RDMA Storage space direct servers, the customer use their existing Cisco Catalyst 4500-x for Storage space direct servers, as we know, it doesn’t support DCB and PFC function, so, we will focus on stress test result for Storage space direct servers without enable RDMA and see how’s the performance.
Ok, it’s time to demote existing Windows server 2003 and migrate all Windows server roles to new Windows server 2012 R2, there are no down time for Part1 steps and Part2 steps, but we need to schedule down time for Part3 steps to cut over all services.
After done for Active Directory Preparation, now we need to install a new Windows Server 2012 R2, export data from existing windows server 2003 and then import to new Windows Server 2012 R2.
As we know Windows Server 2003 was end support on July 14, 2015, but there are some customers still using it for some reasons. Today, my customer asked me to migrate their Windows server 2003 to Windows Server 2012 R2, there are many windows roles on that server, let’s follow below steps to migrate it with minimal downtime.
STEP BY STEP MIGRATE EXCHANGE FROM ON-PREMISES TO OFFICE 365 PART 16 – MOVE MAILBOXES BETWEEN ON-PREMISES WITH EXCHANGE ONLINE #OFFICE365 #MVPHOUR #STEP-BY-STEP
You can use the remote move migration wizard on the Office 365 to move existing user mailboxes between the on-premises organization with the Exchange Online organization
STEP BY STEP MIGRATE EXCHANGE FROM ON-PREMISES TO OFFICE 365 PART 15 – ENABLE MRSPROXY SERVICE AND CREATE MIGRATION ENDPOINT #OFFICE365 #MVPHOUR #STEP-BY-STEP
Prior to performing on-boarding and off-boarding remote move migrations in an Exchange hybrid deployment, we recommend that you create Exchange remote migration endpoints. The migration endpoint contains the connection settings for an on-premises Exchange server that is running the MRS proxy service, which is required to perform remote move migrations to and from Exchange Online.
STEP BY STEP MIGRATE EXCHANGE FROM ON-PREMISES TO OFFICE 365 PART 14 – CONFIGURE ON-PREMISES EMAIL SERVER RECEIVE CONNECTOR TO RELAY EMAIL #OFFICE365 #MVPHOUR #STEP-BY-STEP
By default, Exchange 2010 does not allow clients to use the SMTP service for anonymous relay, so we need to configure a Receive Connector for this purpose.
STEP BY STEP MIGRATE EXCHANGE FROM ON-PREMISES TO OFFICE 365 PART 13 – CONFIGURE ON-PREMISES EMAIL SERVER SEND CONNECTOR TO OFFICE 365 #OFFICE365 #MVPHOUR #STEP-BY-STEP
Configure on-premises email server send connector to Office 365.
SITE-TO-SITE VPN FROM CISCO MERAKI TO AZURE AND VEEAM BACKUP COPY TO AZURE – PART 2 #AZURE #MVPHOUR #CISCO #MERAKI #VEEAM
After build Site-to-site VPN between Cisco Meraki with Azure, let’s continually settings for Veeam backup copy to Azure.
STEP BY STEP MIGRATE EXCHANGE FROM ON-PREMISES TO OFFICE 365 PART 12 – CREATE A CONNECTORS FROM ON-PREMISES TO OFFICE 365 #OFFICE365 #MVPHOUR #STEP-BY-STEP
Create a connector from on-premises email server to Office 365.
SITE-TO-SITE VPN FROM CISCO MERAKI TO AZURE AND VEEAM BACKUP COPY TO AZURE – PART 1 #AZURE #MVPHOUR #CISCO #MERAKI #VEEAM
Today, a customer asks me to build a Site-to-Site VPN between their Meraki environment with Azure, they also need Veeam backup copy to Azure, they are using other cloud provider for their remote backup repository, this will save customer 13K per year after switch to Azure, let’s follow the steps and do it.
STEP BY STEP MIGRATE EXCHANGE FROM ON-PREMISES TO OFFICE 365 PART 11 – CREATE A CONNECTOR FROM Office 365 TO ON-PREMISES #OFFICE365 #MVPHOUR #STEP-BY-STEP
Create a connector from Office 365 to on-premises email server.
#VEEAM REPLICATION JOB FAILED AND CREATED MYSTERIOUS REPLICA VMS AT TARGET HYPER-V HOST SERVER #WINDOESSERVER #MVPHOUR
A mystery is happening, there is a VM be created on the target host server when I run the replication job even it failed, so if I run 10 times and there are 10 VMs be created.
STEP BY STEP MIGRATE EXCHANGE FROM ON-PREMISES TO OFFICE 365 PART 10 – VERIFY HYBRID CONFIGURATION #OFFICE365 #MVPHOUR #STEP-BY-STEP
To further verify that you have successfully created and configured your hybrid deployment.
STEP BY STEP MIGRATE EXCHANGE FROM ON-PREMISES TO OFFICE 365 PART 9 – FULL HYBRID CONFIGURATION #OFFICE365 #MVPHOUR #STEP-BY-STEP
Install and Run Hybrid Configuration wizard with Full Hybrid Configuration.
STEP BY STEP MIGRATE EXCHANGE FROM ON-PREMISES TO OFFICE 365 PART 8 – MINIMAL HYBRID CONFIGURATION #OFFICE365 #MVPHOUR #STEP-BY-STEP
The Hybrid Configuration wizard helps you establish your hybrid deployment by creating the Hybrid Configuration object in your on-premises Active Directory and gathering existing Exchange and Active Directory topology configuration data. The Hybrid Configuration wizard also enables you to define and configure several organization parameters for your hybrid deployment, including secure mail transport options.
STEP BY STEP MIGRATE EXCHANGE FROM ON-PREMISES TO OFFICE 365 PART 7 – Verify AD FS Server #OFFICE365 #MVPHOUR #STEP-BY-STEP
You can follow below steps to verify AD FS Server.
STEP BY STEP MIGRATE EXCHANGE FROM ON-PREMISES TO OFFICE 365 PART 6 – CONFIGURE THE FIRST FEDERATION SERVER IN A NEW FEDERATION SERVER FARM #OFFICE365 #MVPHOUR #STEP-BY-STEP
Configure the first federation server in a new federation server farm (if you Install Azure AD Connect with Customized settings, this was being configured).
#VEEAMON2017 HIGHLIGHTS – MORE INFORMATION MORE AVAILABILITY ON AND MORE EXCITING #VEEAM #VEEAMON #MVPHOUR
VeeamON is one of big Conference events of the world, I am glad that got a chance to join VeeamON 2017 in New Orleans. (Thanks @ClintWyckoff, @DaveKawula, @SuperCristal1 and Tricon Elite Consulting team members) This is my first time to join VeeamON event, what an amazing week!! Let’s review the most wonder sessions.
The SSL certificate is not expired but this site is not secure.
STEP BY STEP MIGRATE EXCHANGE FROM ON-PREMISES TO OFFICE 365 PART 5 – Deployment Active Directory Federation Service #OFFICE365 #MVPHOUR #STEP-BY-STEP
Active Directory Federation Service, the main thing is to allow office 365 services through the federation service host to us AD to verify, and then achieve the goal of Single Sign-On with Office 365.
STEP BY STEP MIGRATE EXCHANGE FROM ON-PREMISES TO OFFICE 365 PART 4 – ENABLE PASSWORD CHANGE FOR AD FS #OFFICE365 #MVPHOUR #STEP-BY-STEP
If you have an ADFS or Dirsync with Password sync identity it will not allow you to change your password in the cloud. You will receive. But you can configure change password functionality for ADFS server to solve the issue.
The last day of VeeamON 2017. My head is hurting from all the great information that Veeam and other vendors have brought to the table. Today I’ve written about the highlights of the 3rd day!
STEP BY STEP MIGRATE EXCHANGE FROM ON-PREMISES TO OFFICE 365 PART 3 – DEPLOY AZURE AD CONNECT WITH CUSTOMIZED SETTINGS #OFFICE365 #MVPHOUR #STEP-BY-STEP
If you have multiple forests or you need to customized your sign-in option or customize synchronization feature, then this is the recommended option to use.
The morning of day 2 started off a little different for myself. Some of the media and Veeam Vanguards attended a media and session where they disclosed some information about Veeam and some of the new products. After that it was a free for all! Which breakout session to attend, do I have time to see all the vendor presentations!? Read on to see what I attended.
STEP BY STEP MIGRATE EXCHANGE FROM ON-PREMISES TO OFFICE 365 PART 2 – DEPLOY AZURE AD CONNECT WITH EXPRESS SETTINGS #OFFICE365 #MVPHOUR #STEP-BY-STEP
If you need a tool to connect your on-premises directory with Azure AD and Office 365, Azure AD Connect is the best way to do it.
STEP BY STEP MIGRATE EXCHANGE FROM ON-PREMISES TO OFFICE 365 PART 1- PRE-REQUISITES #OFFICE365 #MVPHOUR #STEP-BY-STEP
The MOP (Method of Procedure) is assumed you have an office tenant account and the domain have been added to Office 365. I am going to do multi-post and let you know how to migrate your exchange services to Office 365 via step by step.
DHCP SERVER FAILOVER CLUSTER WITH CISCO CALLMANAGER /IP PHONE #CISCO #WINDOWSSERVER #MICROSOFT #MVPHOUR
Today, let’s talking about how to configure DHCP Cluster with Cisco Call manager service (TFTP services).
Microsoft was ending support for the Windows server 2003 operating system on July 14, 2015, but still have some customer are using Windows server 2003 and need us to migrate them to windows server 2012 R2 or Windows server 2016.
In the morning we listened to Michael White present on VAO and how it empowers businesses to maintain business continuity or at least speeds it up. If you’ve heard of VMware’s Site Recovery Manager (SRM) Product, well you’ve got a great handle on how it works.
Almost all of ISP block TCP port 25 for some reasons, if You would like to build your own exchange server but you don’t want to pay extra money for static IP address or ISP business account, here is some tips you can easy to build your own exchange server.
If you haven’t gotten your tickets and cannot be a part of #VeeamON this year, all is not lost! We here at http://Checkyourlogs.net will have you covered. If you’ve been following us or go look back at the #MVPHour posts, you’ll see that we have arrived here early. We are continuing to blog, tweet (@AllanRafuse) and are currently setting up our Live Stream system!
Today, I tried to troubleshooting windows 2016 mysterious shutdown for my client, I found it was NT Authority\System that shutdown the system because the windows 2016 server license was expired, this is easy enough to solve the issues, I thought.
In this post I’m going to touch on a few basic components that make Veeam 9.5 and Windows Server 2016 a winning combination. I will be presenting at a #VeeamOn breakout session on Thursday. We’ll be talking about using a Microsoft’s Storage Spaces Direct technology as a Veeam Backup and Restore File Repository. Which Operating and Filesystem do you think I’ll recommend?
I think we’ve all heard of Veeam by now, the most innovative and leading backup provider for virtual and physical environments. Regardless of hardware vendor, and regardless of hardware type, rackmount or hyper converged, it just works. But why is Veeam 9.5 and Windows Server 2016 a winning combination together? The two companies have worked hard together to simply and enhance existing technology not only to decrease backup and restore times, but to with storage technology to allow you to save space without deduplication and to guarantee the integrity of your data at rest. How? You’ll find out if you keep reading.
I’ve seen this pop up a few times in forums and even in a few SCCM implementations. It’s actually a fairly simple fix if you know which log files to look at. Check your logs and/or keep reading this post to see how to fix the wonderful Microsoft Software License Terms have not been completely downloaded WSUS Issue.
Now that we know about the great advantages that The Patch solution provides, understand the main goals of The Patch Solution, it’s time to look at how it’s configured. Keep on reading to see how easy it is to set up and get going.
Active Directory Authentication (LDAP) for Cisco Unified Computing System Manager (UCS) – Part 1 #ActiveDirectory #UCS #MVPHour
UCS Manager supports LDAP Authentication along with a specific setting for Microsoft’s LDAP implementation, Active Directory. After configuring this a few times for multi-domain support, I’ve found a few things that can become troublesome if you don’t watch out.
Having an email in your inbox outlining which machines in your organization that are going to be patched in the next day or two is every service owner/managers dream. So simple and proactive. The email also outlines when the machines are going to be patched and displays how many outstanding updates there are. This is a summary of what will happen in the days to come. Keep reading to see how you can dive into seeing the details of what is about to happen in your organization.
If you’ve ever run an installation of SQL Server, you’ll know it’s a database, and databases love, love, love memory. By design and by default, Microsoft SQL Server thinks it’s the only process on the system and is therefore given all the available memory and CPUs. As a best practice, I limit this. Here is the script I use to edit these values.
The previous posts on The Patch Solution have outlined the though process and goals to a patching strategy. Now it’s time to start taking that strategy and putting it into practice. Now that we have defined some of our goals (See
The Patch Solution – Part 3 post), we can start looking at how we reach those goals. In my opinion, one of the easiest goals to attain is reporting. This gives you an attainable goal which is completely measurable and trackable. Simply run a report, see where you’re at, update a few machines, run a report and see where you got to. The solutions that we try and come up with at TriCon Elite is all about being free and giving back to the community. We like to strive for secure and simple. For The Patch Solution, we opted to use Windows Server Update Services (WSUS).
There have been quite a few times that I’ve needed to do some comparisons, or even move some objects from one SCCM environment to another. The System Center Configuration Manager console has quite a few options for exporting objects, or saving things to CSV, but then you still need to import it. Check out the rest of this blog post to see how easy it is to report, compare or recreate things between your SCCM environments with PowerShell.
In the previous part of this blog series (PowerShell – The Patch Solution – Part 1) we introduced The Patch Solution. Simple, elegant, but yet empowering! In this post, I want to talk about some of the issues I’ve seen and heard about around patching. After you understand this, you’ll have a deeper understanding of The Patch Solution.
Over the last few years, we here at TriCon Elite have been using what we call “The Patch Solution”. Boring name, but it also fits its purpose. Who loves deploying patches and reporting? There are many ways to patch your Windows Servers, but our slim, simple, PowerShell solution was created to solve a few key areas, for free. It has been released to the community for quite some time, but keep reading on why you should use it too!
One of these tasks was to add a computer directly to a SCCM collection. According to their requirements, they had to use direct membership and could not do a WMI call. So I created the following script and added it to their task sequence.
PowerShell to the rescue again! Datadog is a Cloud service for aggregating real-time metrics, events and logs from all your servers. The easiest way is to install an agent and let it report via HTTPS directly to the internet or via a web proxy. Another cloud aggregation solution that I’m more familiar with is Microsoft Operations Management Suite (OMS). Both of these services provide access via PowerShell.
Today at the #MVPDays Vancouver we talked to people who had never heard of Microsoft Storage Spaces Direction (S2D). It’s hard to believe, but yes there are people out there that haven’t had the chance to get up to date on the latest Windows Server 2016 Operating System. This is usually due to meetings, ongoing projects and running older version of the Windows OS. So what were the big take aways from the session?
Nothing truly new here, but it is a new year and a new environment for me. I’ve just sat down at my seat at a customer’s location and wanted to inventory a bunch of things inside their System Center Configuration Manager 2012 R2 CU3 environment. Regardless it’s older and we’re in the process of migrating to Configuration Manager 2016! Exciting times ahead! In any case, I installed the Configuration Manager 2012 R2 console on my Windows 7 laptop (64-bit). See where things are going. We’re not running the latest and greatest… yet 😉
One of the issues that data center or even any Windows Administrator has is managing the local administrators group on each and every one of their domain members. There is a lovely security setting that has been around for many years, Restricted Groups, which can be controlled via local security policies of via GPO. This works, but has a few pitfalls as you’ve probably run into once in a while. Keep reading to see how you can solve some of them with Group Policy Preferences.
One of the issues I’ve come across is using Configuration Managers (2012 R2+) feature of being able to deploy multiple Software Update Points (SUP) within a site. This scenario is essentially to avoid using traditional network load balancing (NLB) and offload the work to the clients. One would think, if one SUP is not available it’s pretty simple, switch to the next one in the list. Well this doesn’t always happen as one may expect. Why?
I was working on a SCCM deployment where there was already one existing Software Update Point (SUP). Due to new firewall restrictions, a few new SUPs were required. Microsoft has changed their best practices with SCCM in regards to using multiple SUPs. The best practice is to share the WSUS Database (SUSDB) and the WSUS content directory. This cuts down on a lot of space, replication and administrative issues.
Well it’s finally happened, I’m officially going to accept the title of author. After previous collaborating on a few books, and after a lot of time collaborating with other MVP rock stars and some hard work, our eBook, Master PowerShell tricks (Volume 1) has been released on Amazon.
Install-Module is a wonderful new cmdlet that comes with PowerShell v5 and can be found in Windows Management Framework (WMF) 5.0. This allows us to skip the whole search the Internet to find modules and pull them from pre-configured repositories. By default, your machines should be configured to look at https://www.powershellgallery.com/api/v2/ .
When writing PowerShell scripts, one of the most time consuming tasks is validating input and handling invalid input. PowerShell does have built in mechanisms to deal with this and ease these tasks so that we can focus on creating a production level script.
As I get called on a lot of to do SQL Server installations, I’ve come up with what I’ve found works best for me. Every location has different infrastructure, security, networks and their way of doing things. Since I’m the one doing the installation, and I know I’ll get called back in the future at some point to upgrade, troubleshoot or manage the SQL Server environment, I like to have a set of standards. Documentation, I actually do enjoy writing it (yes I may be sick), but having a self-documenting PowerShell script is even better!
Well as the title suggests, I’m happy with the code, but I always find myself adding more and more code around the cmdlets. Service control in Windows has been pretty straight forward for the past few decades. Obviously PowerShell can control the state and configuration of services, but one thing I’ve always run into with service control is reacting to how the service stops and starts and also managing the state of dependent services. I’m sharing some short code functions that I use.
Well I recently blogged about time syncronization issues in Windows Time Sync – The fixes!. This troubleshooting still works on Windows Server 2016, but hopefully we don’t need to do it as often!
Do you empower your customers whether they’re colleagues, internal departments or even 3rd party entities to provision virtual machines, databases or websites in your data center?
This has been a very common pain point for Active Directory administrators. AD is perfectly planned according to Microsoft’s best practices and successfully deployed. But as time goes on, network admins change the network topology, devices are added here and there and if there is no formal process of adding new networks, AD Sites and Services will mostly likely not be updated to reflect these changes.
How often are you given a list of servers and you need to quickly copy files to them? I used to always take the wonderfully format list given to me and format them into a PowerShell array buy putting quotes around each of them and commas. Example:
$Computers = @(
As many of you know when running a simple standalone machine at home, at work, in a datacenter or in the cloud, time keeping can be tricky. Very odd though, it’s been around for over a decade and people/enterprises still can’t seem to figure out how it really works or how they should configure it.
Every Windows computer has a lovely service on it that is called W32Time with a description that reads “Windows Time Service”. This service is set to manual, and for all intents and purposes can be left that way.
The goal of this project is to bring affordable Hyper-Converged infrastructure to environments of all sizes using 100% native Microsoft technologies and a few cool Open Source tools too. The cost to you is FREE.
What did you miss by not attending #MVPDays, Seattle 2016?