Windows Server 2012 Cluster Aware Updating In Action


You might have noticed that Microsoft recently released some important hotfixes for Windows Server 2012 Hyper-V Clusters. These are You cannot add VHD files to Hyper-V virtual machines in Windows Server 2012 and Update that improves cluster resiliency in Windows Server 2012 is available

So how do you deploy these easily and automatically to your Windows Server 2012 Clusters? Cluster Aware Updating! Here’s a screenshot of cluster Aware Updating in action deploying these hotfixes without a single interruption to the business services.

image

So what are you waiting for?Start using it Smile It will make your live easier, save time, and help you with continuous available infrastructure.

Here’s a link to the slide deck of a presentation I did on Cluster Aware Updating in a TechNet webcast http://www.slideshare.net/technetbelux/hands-on-with-hyperv-clustering-maintenance-mode-cluster-aware-updating

We’ve been enjoying the benefits of Windows Server 2012 since we got the RTM bits in August 2012. I can highly recommend it to everyone.

Advertisements

RD Gateway Messaging Tab Windows Server 2008 R2 & 2012


Since Windows 2008 R2 and as such in Windows Server 2012 RD Gateway has a nice couple of new features in it’s properties under the tab Messaging.

System Message

image

That’s great as now you can warn logged on users of the gateway of any impending maintenance actions that otherwise might be a disconcerting loss of connectivity to them. Just go to the messaging tab and type in your message. Set the start and end date/time and that’s all there is to it. A user that is logged or logs in during the specified time frame will see this window appear. I like the fact that we can communicate to the active users via the system message. It makes for a better experience of the service delivered.

image

Logon Message

Another option you have under the messaging tab is to to specify a logon messageimage

You simply type this into text file that you then browse to and apply so that it will be displayed.image

You have to browse and apply every time you edit the text file. 

Below is a screen shot what a user logging on to a system via your RD Gateway would see. It all depends on the legal department of the manager what will go in here. Do note that you cannot continue until you accept the terms. This could be annoying to regular users after a while. That’s why you have the option of selecting “Do not ask again unless changes to the policy occur”. That should keep both legal and the users happy Smile.

image

Fixing Event ID 2002 “The policy and configuration settings could not be imported to the RD Gateway server "%1" because they are associated with local computer groups on another RD Gateway server”


Introduction

I was working on a little project for a company that was running TS Gateway on 32bit Windows 2008. The reason they did not go for x64 at the time was that they used Virtual Server as their virtualization platform for some years and not Hyper-V. One of the drawbacks was that they could not use x64 guest VMs. Since then they have move to Hyper-V and now also run Window Server 2012. So after more than 5 years of service and to make sure they did not keep relying on aging technology it is time to move to Windows Server 2012 RD Gateway and reap the benefits of the latest OS.

All in all the Microsoft documentation is not to bad, all be it that the information is a bit distributed as you need to use various tools to complete the process. Basically, depending on the original setup of the source server you’ll need to use the TS/RD Gateway Export & Import functionality, Web Deploy (we’re at version 3.0 at the time of writing) and the Windows Server Migration Tools that were introduced with Windows 2008 R2 and are also available in Windows Server 2012.

In a number of posts I’ll be discussing some of the steps we took. You are reading Part 3.

  1. x86 Windows Server 2008 TS Gateway Migration To x64 Windows Server 2012 RD Gateway
  2. Installing & using the Windows Server Migration Tools To Migrate Local Users & Groups
  3. TS/RD Gateway Export & Import policy and configuration settings a.k.a  “Fixing “The policy and configuration settings could not be imported to the RD Gateway server "TARGETSERVER" because they are associated with local computer groups on another RD Gateway server”

The Migration

Their is no in place upgrade from a x86 to an x64 OS. So this has to be a migration. No worries this is supported. With some insight, creativity and experience you can make this happen. The process reasonably well documented on TechNet, but not perfectly, and your starting point is right here RD Gateway Migration: Migrating the RD Gateway Role Service. These docs are for Windows Server 2008 R2 but still work for Windows Server 2012. Another challenge was we needed to also migrate their custom website used for the employees to check whether their PC is still on and if not wake it up or start it up remotely.

As you read in the previous part we had to migrate local users and groups that are also used by the TS Gateway x86 Windows 2008 Server as we still need those in the Windows Server 2012 RD Gateway. The Active Directory users and groups used in Connection Authorization Policies (CAP) and Resource Authorization Policies (RAP) require no further work.

TS/RD Gateway Export & Import

I’m not going to write on how to install  a brand new RD Gateway. That’s been done just fine by Microsoft and many other. I’ll just discuss the import and export functionality in the TS/RD Gateway manager and help you with a potential issue.

Export

This is easy. On the source TS/RD Gateways server you just right click the server in TS/RD Gateway Manager and select Export policy and configuration settings. In our case this is a Windows Server 2008 TS Gateway, X86, so 32 bit. But that doesn’t matter here.

image

Give the export file a name and chose a location.

image

You’ll get a notification of a successful import.

image

Import

Ordinarily you’ll launch the RD Gateway Manager Import policy and configuration settings feature and follow the wizard.image

Select a export file (from the old TS Gateway server) to import

 image

image

image

But instead of getting a success message you get an error.

image

If you are moving the TS/RDGateway to a new server and will not recuperate the name you’ll have to deal with the following issue: The policy and configuration settings could not be imported to the RD Gateway server "TARGETSERVER" because they are associated with local computer groups on another RD Gateway server.

This also manifests itself as an error in the TerminalServices-Gateway Admin log with Event 2002

image

“The policy and server configuration settings for the TS Gateway server "%1" could not be imported. This problem might occur if the settings have become corrupted.”

What? Corrupt? The Export went fine!? Now if you start researching this error you’ll end up here http://technet.microsoft.com/en-us/library/cc727351(v=ws.10).aspx which will tell you what to do if you get this error duse to a bad export but basically tells you you’re stuck otherwise. Not so! The solution to this is very easy, you just have to know it works. I found out by testing & verifying this. All you have to do is edit the source TS/RD Gateway export XML file.

Open op the XML file in notepad. Select Edit/Replace from the menu and do a Find "SOURCESERVER" with Replace All "TARGETSERVER" and use that XML File. Save the file and use that for the import.

image

So now start the import again with your edited file and after a while you’ll see that you have been successful this time.

image

If you are recuperating the name you will not have this issue as the name in the export file will match the host name. However as this server is domain joined to the same domain as the original one you’ll have to respect the order of taking down the original one, resetting it’s AD computer account and reusing it for then new RD gateway server. This is more risky as you take down the service before you switch over. With a new server and a DNS alias you can just swap between the old and the new one by simply updating the DNS record(s) or even recuperating the old IP address, that switch can go fast.

Installing & using the Windows Server Migration Tools To Migrate Local Users & Groups


Introduction

I was working on a little project for a company that was running TS Gateway on 32bit Windows 2008. The reason they did not go for x64 at the time was that they used Virtual Server as their virtualization platform for some years and not Hyper-V. One of the drawbacks was that they could not use x64 guest VMs. Since then they have move to Hyper-V and now also run Window Server 2012. So after more than 5 years of service and to make sure they did not keep relying on aging technology it is time to move to Windows Server 2012 RD Gateway and reap the benefits of the latest OS.

All in all the Microsoft documentation is not too bad, all be it that the information is a bit distributed as you need to use various tools to complete the process. Basically, depending on the original setup of the source server you’ll need to use the TS/RD Gateway Export & Import functionality, Web Deploy (we’re at version 3.0 at the time of writing) and the Windows Server Migration Tools that were introduced with Windows 2008 R2 and are also available in Windows Server 2012.

In a number of posts I’ll be discussing some of the steps we took. You are reading the second post.

  1. x86 Windows Server 2008 TS Gateway Migration To x64 Windows Server 2012 RD Gateway
  2. Installing & using the Windows Server Migration Tools To Migrate Local Users & Groups
  3. TS/RD Gateway Export & Import (Fixing Event ID 2002 “The policy and configuration settings could not be imported to the RD Gateway server "%1"" because they are associated with local computer groups on another RD Gateway server”)

As discussed in the first part we need to migrate some local users & groups on the TS Gateway (source) server as they are also being used for some special cases of remote access, next to Active Directory users & groups for the Remote Access Policies (RAPs) & Connection Authorization Policies (CAPs). The tool the use is the Windows Server Migration Tools. These were introduced with Windows 2008 R2 and are also available in Windows Server 2012.

Some people seem to get confused a bit about the installation of the Server Migration Tools but it’s not that hard. I have used these tools several times before in the past and they work very well. You just need to read up a bit on the the deployment part and once you have it figured out they work very well.

Installing the Windows Server Migration Tools on the DESTINATION Server

First we have to install the on the DESTINATION host (W2K12 in our case, the server to which you are migrating)). For this we launch Server Manager and on the dashboard select Manage and choose Add Roles & Feature.clip_image001

Navigate through the wizard until you get to Features. Find and select Windows Server Migration Tools. Click Next.clip_image001[4]

Click Install to kick of the installation.clip_image001[9]

After a while your patience will be rewarded.clip_image001[11]

Installing the Windows Server Migration Tools on the SOURCE Server

To install the Windows Server Migration Tools on the SOURCE server, you need to run the appropriate PowerShell command on the DESTINATION server. This is what trips people up a lot of the time. You deploy the correct version of the tools from the destination server to the source server, where you will than register them for use. Do this with an admin account that has admin privileges on both the DESTINATION & SOURCE Computer.

Start up the Windows Server Migration Tools from Server Manager, Tools.image

This launches the Windows Server Migration Tools PowerShell window.image

Our SOURCE server here is the32 bit (X86)  Windows 2008 TS Gateway Server. The documentation tells us the correct values to use for the parameters /architecture and /OS to use.

SmigDeploy.exe /package /architecture X86 /os WS08 /path \\SourcerServer\c$\sysadmin

Now before you run this command be sure to go to the ServerMigrationTools folder as the UI fails to do that for you.

Also this is PowerShell so use .\ in front of the command otherwise you’ll get the error below.image

While you want this:image

Now you have also deployed the correct tools to the SOURCE server, our old legacy TS Gateway Server. Next we need to register these tools on the SOURCE Server to be able to use them. You might have gotten the message already you need PowerShell deployed on the SOURCE Server as documented.

If you have PowerShell, launch the console with elevated permissions (Runs As Administrator) and run the following command: .\SmigDeploy.exeimage

Congratulations you are now ready to use the Windows Server Migration Tools! That wasn’t so hard was it? Smile

Using the Windows Server Migration Tools To Migrate Local Users & Groups

To export the local users and groups from the source TS/RD Gateway server you start up the Windows Server Migration Tools on the SOURCE server (see the documentation for all ways to achieve this) and run the following PowerShell command:
Export-SmigServerSetting -User All  -Group –Path C:\SysAdmin\ExportMigUsersGroups –Verboseimage

As you can see I elected to migrate all user accounts not just the enabled or disabled ones. We’ll sort those out later. Also note the command will create the folder for you.

To import the local users and groups to the target RD Gateway server you start up the Windows Server Migration Tools on the Destination server (see the documentation) , i.e. our new Windows Server 2012 RD Gateway VM.

image

and run the following PowerShell command:

Import-SmigServerSetting  -User Enabled  -Group -Path C:\SysAdmin\ExportMigUsersGroups -Verbose

Do note that the migrated user accounts will be disabled and have their properties set to "Next Logon". This means you will have to deal with this accordingly depending on the scenarios and communicate new passwords & action to take to the users.image

image

Do note that the local groups have had the local or domain groups/users added by the import command. Pretty neat.image

You’re now ready for the next step. But that’s for another blog post.

x86 Windows Server 2008 TS Gateway Migration To x64 Windows Server 2012 RD Gateway


Introduction

I was working on a little project for a company that was (still) running TS Gateway on a 32 bit  x86) version Windows 2008. The reason they did not go for x64 at the time of deployment was that they then used Microsoft Virtual Server as their virtualization platform and had been for some years.

In a number of posts I’ll be discussing some of the steps we took. You are reading the first one.

  1. x86 Windows Server 2008 TS Gateway Migration To x64 Windows Server 2012 RD Gateway
  2. Installing & using the Windows Server Migration Tools To Migrate Local Users & Groups
  3. TS/RD Gateway Export & Import (Fixing Event ID 2002 “The policy and configuration settings could not be imported to the RD Gateway server "%1"" because they are associated with local computer groups on another RD Gateway server”)

In those early days of W2K8 they had not yet switched to Hyper-V. As an early adopter I was able to show the the reliability of Hyper-V, so later they did.

One of the drawbacks of using Microsoft Virtual Server was that they could not use x64 guest VMs and that’s how they ended up with x86, which was still available for a server OS for W2K8. Since then they have move to Hyper-V and now also run Window Server 2012. Happy customers! So after more than 5 years of service and to make sure they did not keep relying on aging technology it is time to move to Windows Server 2012 RD Gateway and reap the benefits of the latest OS.

The Migration

Their is no in place upgrade from a x86 to an x64 OS. So this has to be a migration. No worries this is supported. With some insight, creativity and experience you can make this happen. The process reasonably well documented on TechNet, but not perfectly, and your starting point is right here RD Gateway Migration: Migrating the RD Gateway Role Service. These docs are for Windows Server 2008 R2 but still work for Windows Server 2012. Another challenge was we needed to also migrate their custom website used for the employees to check whether their PC is still on and if not wake it up or start it up remotely.

There are some things to take care of and I’ll address these I some later blog posts but I want you to take to heart this message. While an in place upgrade of an 32 bit X86 operating system to X64 version of that OS is not possible that doesn’t mean you’re in  a pickle and will have to start over from scratch. For many scenario’s there are migration paths and this is just one example of them, or better two combined,TS Gateway and a Website.

The Dilbert Life Series – A Bad Manager’s Priorities


As usual the normal disclaimer applies: don’t take yourself to seriously. Relax Smile

Where great managers can make a serious difference in many ways to both the success of a company and to the personal achievements of their employees the opposite also happens. Many types of managers exist. Dealing with or even controlling them, depending on whether you live above or under them is well documented. The aim of that is to get the best out of the resources and people available. The better the managers, the better this will work out. Perfection is not of this world and you won’t have the best possible manager for every possible position. That’s a given, just like they won’t have the best possible employee or consultant for every job or project. So there is no need to get emotional about it or expect perfection before calling something good. There is however one type, the bad manager, that should not be controlled. They should be dealt with in only one way which is termination. If that’s not possible you need to get as far away from them as possible. Mind you the latter is only an option if you’re a subordinate employee. If, as a boss you run away from bad subordinate manager than you really need to reconsider your career choices.

Me, Myself and I

A bad manager will never choose you over his or her own priorities, nor will they put the organizations needs first. The first is by definition. Don’t take it personal. The company does not exist for your needs. The second is more problematic as the organization’s needs are priority one. Let’s take a look their priorities in order of declining importance as determined by experience.

  1.  Me, myself and I. This is normal and it applies to everyone. But there is more to this than just plain self-interest. People who are given or rise to power, have a strong tendency to put their own needs and interests above those of others. Your manager’s ambitions & agenda (professional, personal and financial) will always take precedence of any need you might have. They need to fill their treasury and the pressure to “live up to expectations” of their overlords is on.
  2. Reputation. Managers need to be seen & act as very reliable, trustworthy persons who can get results. With some luck they are. But we all know about “perception is reality”. This is true until you hit the ground after jumping of the 36 floor because you pretend you can fly. Whether a bad manager actually delivers anything is irrelevant as long as the perception is there. Office politics are part of the game and they don’t take prisoners. Your boss is going to be more prone to protect his or her reputation than to protect yours. That’s why managers get pissed off about even only a perceived loss of reputation. In the dog eat dog world they’ll even ruin your reputation if and when needed as they can’t be seen as the root cause of problems. They’ll blatantly steal your work and take credit for all that goes well in the same way. You’re an expendable asset and you should never forget it.
  3. Their superiors. This is both hierarchical and functional. It’s not only the fact that a lot of people feel the need to please others for whatever reason. It is also just self-interest (promotions, ego) and self-preservation. So realize that your managers will almost always choose to follow their bosses or the peers they fear or need in order to gain a stronger or more favorable position with them. Yes, they will do so even if it is bad for the company or organization. This holds a warning: if you’re a functional superior to your managers than you’re a threat and they might try to get rid of you.
  4. Customers. You can forget about being more important than the needs of the customers. Whether these are external or internal customers is irrelevant. Your managers job is to serve the need of the customers. Your managers will not get ahead if he doesn’t serve their needs.
  5. The team. Yes the team, the assets are more important than you. As long as managers can have the team do what needs to be done, they have a way of serving the above priorities, which are more important. In that respect the ability of a manager to keep the team running is paramount. They’ll feed the teams just enough to keep them alive, hopeful enough to carry on and will challenges them to keep them sharp. Keep ‘m mean, lean & hungry.
  6. You. Sure you have some skills they needs. If not they might keep you around just to add another FTE to the head count in order to proof the importance or the weight of their jobs. So he won’t kick you most of the time and will even throw you a bone every now and then. Good doggy. But you know that saying “People are our biggest asset?” It’s a lie, especially to them.

How to deal with this?

The above is always true in a lesser way for all individuals and as such also for managers. The big difference is that the balance has totally shifted to the dark side with really bad ones. In essence you have a couple of options. Grow a pair of balls and make sure you have some power as well, play the same game and get them terminated. If your upper management is worth their pay they might be way ahead of you and that will bet the end of it for you. If it has to come from the bottom realize that this is not easy. Terminating a manager from lower in the hierarchy always upsets the powers that be. To them such an event is highly disconcerting and visions of guillotines, tar, feathers and pitch forks pop up. Another option is to take evasive maneuvers. You could do so by moving laterally or vertically in the organization out of harm’s way. Last but not least. Leave. Yes, that might not be fair on you and what you already accomplished at the company but life is not fair and is certainly too precious to put up with the above. In the end you must know your opponent and know yourself. Perhaps you can live with them and there are various ways of dealing with various types of managers, who all have their weaknesses and strengths. It’s a personal decision, but a real bad manager, that’s something you really can do without and shouldn’t tolerate ever, for your own health and well-being.

If You Can, You Should Attend TechEd 2013 Europe


It’s that time of the year again, when TechEd is coming closer. I’m attending the European Edition in Madrid, Spain. But I can guarantee you I will be on line a lot during the USA edition as well. At be attending the USA edition this year if I could but work, time and budget wise I can’t make that happen. This isn’t because the European edition is less, absolutely not. The reason is that at MMS2013 in Las Vegas last month we got the heads up that Microsoft will start talking publicly about the new version of Windows and I’m game for that. Windows Server 2012 is the best Windows version ever but I know what I’d like to see in there to make it even better. I’m kind of curious if anyone at MSFT follows my thinking on this subject. I hope so!

TechEdEU_250x250_7

So yes I’m a TechEd advocate, you bet! If you want to know why, read my blog post here on https://workinghardinit.wordpress.com/2010/06/05/why-i-find-value-in-a-conference/.

Come and learn amongst your peers, network with them and industry experts. To become competent and gain expertise you are going to have to get out there and expose your ideas, insights and thinking to your peers around the globe. That’s how it works. To those who dismiss quality conferences like this I can only say that you are wrong. To those who claim it’s a paid holiday I can only say that to a liar all other men are liars and to a thief all other men are thieves.  Enough said. Invest in knowledge and competence development, it will pay of better than some extra thousands of € in the bank!

So if you can please join me and attend TechEd. It’s a blast and a tremendous learning experience. I never ever miss attending TechEd, not even at times it wasn’t easy for me to do so. You can register here. I hope to see you there!