Feb 01

Windows Server 2016 might cost more than you want to pay

I’ve got it up and running in the lab. Now I see this article;

 

A few years ago, Microsoft switched from per-processor to per-core licensing in SQL Server, and it’s about to do the same with Windows Server 2016. You may not be thrilled with the results.

“Microsoft’s auditors likely will have a field day with these new requirements for Windows Server, in the same way that they have used the ever-more-complex licensing rules for SQL Server to increase the company’s audit-based revenue in recent years,” warned Christopher Barnett, an associate attorney with Scott & Scott LLP.

Read the full text here;

http://www.pcworld.com/article/3028525/windows-server-2016-could-cost-you-more-than-you-think.html

Dec 02

Windows Server 2016 Technical Preview 4 install and first boot

Here are two quick videos showing the install and first boot of Server 2016 Technical Release 4

Server 2016 Technical Review 4

Server 2016 Technical Review 4

 

number1This first video we install and boot to Core. Core is the default of the two options; Core or GUI. So, if you select all the defaults, you will have Core.

 

 

number2In this second video we install and boot to the GUI install.

 

Jun 24

Windows Server 2012 R2 (70-412) Configure High Availability – Study Guide

These notes are my personal notes from the FREE training on Pluralsight. You can get your FREE signup through technet/MSDN or Dreamspark. The title of this course is exactly the title of this post. These notes are from this specific course only. I use these as a refresher Study Guide. POWERSHELL topics and2012GregShieldscmdlets are in purple. I have a few notes with the “DEMO” each time the training included a DEMO just so you can see how many demos there were which were really helpful. Thanks to Greg Shields @ConcentratdGreg, the trainer, contact info at the end.

All, or nearly all, sections include DEMOS so I’m not notating that separately.

  1. Configure Network Load Balancing
    1. most commonly used with IIS
    2. stateless (doesn’t matter what node user connects with)
    3. Configure NLB Prerequisites
      1. install Feature
      2. Unicast, Multicast, IGMP Multicast
      3. Unicast
        1. always works
        2. 1:1
        3. requires a second NIC on each server
        4. causes subnet flooding; all traffic to all hosts goes to all hosts
      4. Multicast
        1. no second NIC
        2. network configurations
        3. does not solve subnet flooding
      5. IGMP Multicast – best practice
        1. no second nic
        2. network requirements
        3. solve subnet flooding problem
    4. Install NLB Nodes
    5. Configure Cluster Operation Mode
    6. Configure Port Rules and Affinity
    7. Upgrade an NLB Cluster
  2. Configure Failover Clustering (read prior post here)
    1. Cluster Storage
      1. shared storage is not built in Windows; it’s a foreign concept
      2. proper configuration of storage is critical
      3. iSCSI, FC, Storage Spaces (in our previous FS training)
      4. we’re using iSCSI here in this demo
    2. Configure Cluster networking
      1. best practice to separate cluster private network and storage network
      2. Failover Cluster Manager – console for cluster management
      3. Cluster Validation wizard (lots of experience with this 😉
      4. In this Demo, Cluster Private network, Storage network, and Management / Production
      5. Check the networks in Failover Cluster Manager
    3. Cluster Shared Volumes (CSV) used by Hyper-V virtual machines
      1. Quorum (chosen by smallest size)
      2. Available Storage LUNs (if containing a VM, they all would have to fail over at the same time (or each have dedicated LUN)
      3. CSV, each VM can fail over individually
      4. you can define a disk as a CSV, and you can revert also.
      5. More here on Using CSV for Failover Cluster
        1. CSV cache size configuration; (Get-Cluster).BlockCacheSize = 512 for Server 2012 R2, for more read the link above.
      6. Quorum configuration
        1. Quorum is only to identify if enough of a cluster remains to still operate as a quorum.
        2. Quorum Models (dependent on number of nodes)
          1. Node majority (used for ODD number of nodes)
          2. Node and Disk Majority (even number of nodes)
          3. “split brain” when cluster breaks into two separate groups of nodes who each think they are quorum
          4. No Majority Disk Only (old, not used any more)
          5. Node and File Server Majority (special considerations) even nodes, multi site. The separate vote goes to a disk file share somewhere.
        3. Configure quorum model in Failover Cluster Manager
          1. MS automatically manages cluster quorum setting now. “use default quorum configuration”
          2. Or, you can go to advanced features and dance with the complexity on your own.
      7. Clusters without network names (detached cluster) Deploy an Active Directory-Detached Cluster
        1. SQL server outside your firewall
        2. not supported for several additional roles
        3. no bitlocker
        4. no CAU (Cluster Aware Updating)
        5. read the link
        6. cannot use FOCM
        7. PS – (Get-Cluster).AdministrativeAccessPoint
          1. read the link for more
      8. CAU (Cluster Aware Updating)
        1. “update cluster” item in Server Manager
        2. allows cluster to manage resource movement to update nodes/hosts.
        3. configure self-updating options wizard
        4. add the ROLE on the cluster
        5. choose schedule (normal WSUS stuff)
        6. reboot timeouts, max retries, pre or post scripts, recommended / important
        7. All the above is for Windows updates, not WSUS
        8. “Analyze cluster updating readiness”
        9. PS
          1. Cluster-Aware Updating Cmdlets in Windows PowerShell
      9. Restoring single node of cluster
        1. Evict = kicking node out
        2. restore configuration from backup (make sure you have system state)
      10. Upgrading a cluster
        1. not recommended to directly upgrade a cluster
        2. this is a cut and move
        3. “copy cluster roles” from a wizard from the TARGET cluster, connect to OLD cluster to get configs.
  3. Manage Failover Clustering Roles
    1. remember MSCS is a “general purpose” clustering solution
    2. role-specific settings
      1. DFS, SHCP, DTC, FIle Server, iSCSI target, etc., etc..
      2. Generic application, script, or service
      3. DEMO – clustered NOTEPAD via Generic Application
      4. cluster is a SINGLE instance of the app that fails from node to node, moving the resources (including created drives) as needed
      5. Continuously available file server
        1. General Use, or SOFS (Scale Out File Server) (used for Hyper-V and SQL)
      6. Configure Virtual Machines
        1. do not put SOFS and VMs on same CSV
    3. fail-over and preferences
      1. ROLES (shared app, file server, VM, etc.)
      2. move, stop, change startup priority
      3. no autostart
      4. add resources or storage
      5. “show dependency” report
        1. graphical representation of dependencies
      6. “preferred owner” unchecked can be used, just not preferred
      7. failover max
      8. failback now/yes, set hours it can happen
      9. cluster handles DNS records for cluster required records
      10. you can manually add dependencies
    4. possible and preferred owners
      1. possible owners (cannot be on any node that is not checked)
      2. preferred owner (can use unchecked nodes, they’re just not preferred)
    5. guest clustering
      1. another layer of abstraction
      2. simply means clustering VMs that are on the MSCS cluster
      3. shared .VHDX2012EnableVirtualHardDiskSharing
      4. new feature (like RDMs) in VMware
      5. advanced features “enable virtual hard disk sharing”
  4. Manage VM Movement
    1. Migration – Live, Quick, Storage
      1. Quick
        1. the old fashioned, with a quick period of loss of service
      2. Live
        1. no loss of service
      3. Storage
        1. moving the .vhdx, the data
      4. Quick is technically faster, and uses less bandwidth than Live
      5. Live – procs need to be same manufacturer and similar family
      6. virtual switches needs to be named the same
      7. physical devices must be disconnected
      8. DEMO
        1. constrained delegation has to be configured to the hosts that you want to migrate to/from
        2. CredSSP alternative to Kerbos/constrained delegation but CredSSP requires you to log onto the machine to start the migration
    2. Import, Export, Copy
      1. have to export/import if you can’t do quick/live migration
    3. Configure VM Health Protection
      1. move to locations without proper networks, or something similar
      2. VMHP is under Network Adapter / advanced features
      3. it will move it back to prior location if it ends up isolated
      4. ENABLED by default
    4. Configure Drain on Shutdown
      1. drain a node on shutdown
      2. ENABLED by default
    5. Configure VM Monitoring
      1. “resources” tab on bottome of Failover Cluster Manager
      2. checkbox to enable automatic recovery for application health monitoring
      3. if/when enabled, you can select services via checkbox that you want to include for application monitoring.
Jun 16

Windows Server 2012 R2 (70-412) Configure Active Directory – Study Guide

These notes are my personal notes from the FREE training on Pluralsight. You can get your FREE signup through technet/MSDN or Dreamspark. The title of this course is exactly the title of this post. These notes are from this specific course only. I use these as a refresher Study Guide. POWERSHELL topics and2012GregShieldscmdlets are in purple. I have a few notes with the “DEMO” each time the training included a DEMO just so you can see how many demos there were which were really helpful. Thanks to Greg Shields @ConcentratdGreg, the trainer, contact info at the end.

  1. Introduction
    1. Not about the basics, this is 412 training so the basics should be in place
    2. Multiple Forests, multiple domains
    3. Configure a Forest or Domain
    4. Configure Trusts
    5. Configure Sites (remember from an era when WAN connectivity and site replication was expensive)
    6. Manage Active Directory and SYSVOL Replication
      1. RODC
  1. Configure a Forest or Domain
    1. implement multi domain and multi forest AD, with interoperability with previous versions of AD.
    2. Upgrading existing domains and forests, including preparation and functional levels
    3. Configure multiple UPN suffixes
    4. Used to require contiguous namespace; contoso.com, denver.contoso.com, paris.contoso.com.
      1. now we can use DISJOINTED namespaces. can have a forest with the following domains;
        1. contoso.com
        2. denver.contoso.com
        3. widget.com
        4. This is called a TREE DOMAIN (as in “forest”, “trees” I suppose….) vs. the old
          2012TreeDomain

          TREE (disjointed) domain

          CHILD DOMAIN

    5. When would you want to use a multi domain structure (desired state now is to minimize)?
      1. habit essentially
      2. political or organizational
      3. Autonomy (separation)
      4. Data isolation
      5. Segregation for replication /authentication /authorization
      6. SECURITY is not one of the reasons as part of the same forest.
    6. Multi Forest structure
      1. when two forests merge (purchase a company, etc.)
      2. two forests connected by a TRUST of some sort.
      3. Trusts require MANUAL creation
      4. Different requirements for AD Schema can dictate multiple Forests
      5. Exchange Organizations (In Exchange, only allowed one, so if your Exchange needs require more, then you are multi forest)
    7. Permissions required for creation
      1. To build a new forest, Local Admin on first DC (there is no AD yet)
      2. To build a new domain tree or child domain, you must be Enterprise Admin
      3. To add additional DCs, you must be a Domain Admin
    8. Upgrade Process for Domain or Forest (know this process)
      1. get healthy (make sure everything is working right)
      2. extend the schema (essentially adding columns to AD database, or new characteristics or fields) (ADPREP)
      3. upgrade DCs to new OS (all DCs need to be upgraded prior to raising functional level). Hopefully you don’t have hundreds of DCs.
      4. relocate FMSO roles if needed
      5. raise domain/forest functional level
    9. DEMO – extend schema
      1. adprep (link above)2012_adprep_cmd
      2. uses the stack of .ldf files where adprep resides
      3. remember you can view these attributes in the ad database using ADSI Edit.
      4. adprep
        1. first use /forestprep
        2. then /domain prep
        3. optionally /gpprep, and /rodcprep
      5. now raise the functional level
        1. ad domains and trusts
        2. cannot go backwords, this is a one way road.
      6. What’s new in the functional levels
      7. Creating new UPN suffix
        1. AD Domains and Trusts, UPN suffixes
        2. add what you want in AD D and T
        3. then in ADUC you can use them in the user account tab
  2. Configure Trusts
    1. Configure External, Forest, Shortcut, Realm
    2. Configure trust authentication
      1. Forest wide, or “selective”
    3. Configure SID filtering
      1. Get-ADUser  -filter * | select SAMAccountName,sid (returns SIDS for users)
      2. SID filtering is on my default in external trusts.
      3. used in domain object migrations (from domain to another)
      4. has to be turned OFF to migrate (only time you would do this)
      5. SID history has to be ENABLED to migrate objects, which requires turning off SID filtering. Example; move a user to different domain, if you don’t do this properly a new SID is created and they lose access to printers they used prior. With SID history ENABLED, user object retains a history of both SIDs
      6. Detailed explanation and example of disabling SID filtering, enabling SID history here.
    4. Configure Name Suffix Routing
      1. determine what name suffixes get passed / routed to other side of trust
    5. Fundamentals
      1. trusts have direction – trusting, vs. trusted
      2. the direction is opposite of the direction of access
      3. remember by “wing it” is ‘eng -> ‘ed.   From trustING to trustED.
      4. most are bi-directional
      5. can be transitive (if A trusts B, and B trusts C, then A trusts C)
      6. different types
        1. External from one domain in one forest to domain in a different forest
        2. Shortcut – literally a shortcut to another domain in same complex forest. Not common as AD simplifies
        3. Forest – between two forest roots; everything in forest is trusted. Transitive. Most common type of trust. Acquisitions. Always transitive. Can configure rules of authentication.
          1. Need name resolution to set up. Can be done by consolidating nameservices. In larger environment, conditional forwarders.
          2. create from AD Domains and Trusts
          3. can create both halves of trust from one side (one server)
        4. Realm trust – to non-AD Kerberos realm / Linux
  3. Configure Sites
    1. Created for AD replication across geographical locations
    2. Associated with subnets (VYOS router for lab)
    3. KCC (knowledge consistency checker)
    4. Configure Sites and Subnets
      1. rename “Default-First-Site-Name”, use it and create additional as needed
      2. create subnets and associate to sites
    5. Create and Configure Site Links
      1. Inter-Site transports
      2. most of the time is IP, NOT SMTP
      3. all sites are added to IP default site link
      4. absolute value of the cost is meaningless, only the RELATIVE value (compared to other links) has meaning
      5. A lot of this had more meaning when network connectivity was expensive and low capacity
    6. Manage Site Coverage
      1. you need a DC in each site
      2. are the DCs Global Catalogs (old times was limited due to processing power, bandwidth)
      3. now best practices are simply make every DC a GC
      4. if multiple DCs in a site, define a preferred BridgeHead server. Or leave this alone and leave it to KCC.
      5. best practice is leave it to KCC
    7. Manage Registration of SRV Records
      1. determines what DC site computers use
      2. ipconfig -registerdns make the DC set srv records
    8. Move DCs Between Sites
  4. Manage AD Replication and SYSVOL replication
    1. Upgrade SYSVOL replication to DFS-R (Distributed File System Replication)
      1. If you have an old, upgraded, AD, you might not be on DFS-R and still on the old FRS (File Replication Service)
      2. upgrading to DFSR
        1. three steps after get healthy, migrate to prepared state, migrate to redirected state, migrate to eliminated state
        2.  dfsrmig /?  (powershell for DFSR migration)
        3. dfsrmig /getglobalstate
        4. results will be “prepared”, “redirected”, or “eliminated”
        5. only do one step at a time then WAIT
        6. Some health check commands
          1. gwmi – class win32_logicaldisk – ComputerName yourcomputername (shows drive space)
          2.   repadmin /syncall /force /aped (forces domain sync and ignore all schedules)
          3. update-DfsrConfigurationFromAD
    2. Configure replication to RODCs
      1. single use case; unsecure branch location. only contains passwords and content for that branch
      2. never log onto RODC with privileged  account
      3. delegated RODC administrator (the selected group can administer the RODC (“managed by” tab)
    3. Configure password policy replication for RODCs
      1. set policy for which PWs you want to cache on RODC (password replication TAB)
      2. you can see what users/computers are replicated to RODC on “advanced” tab.
    4. Monitor and manage replication
      1. sites and services – right click and “replicate now” from AD Sites and Services
      2. repadmin /replicate server1 server2
      3. repadmin /showrepl
      4. repadmin /kcc
      5. repadmin /prp view servername reveal (shows RODC replication)
      6. in GPMC, look at a domain, you can see replication status
      7. dfsdiag
      8. nltest (tests if you can locate a DC)
      9. AD Change Notification (replicates to all sites instantly)
        1. ADSI edit
        2. sites
        3. “options”, from blank to “1”, now replicates across sites at same replication as intrasite replication.

 

 

Jun 15

Windows Server 2012 R2 (70-412) MCSA and the 70-412 Exam – Study Guide Part 2 – build a lab

These notes are my personal notes from the FREE training on Pluralsight. You can get your FREE signup through technet/MSDN or Dreamspark. The title of this course is exactly the title of this post. These notes are from this specific course only. I use these as a refresher Study Guide. POWERSHELL topics and2012GregShieldscmdlets are in purple. I have a few notes with the “DEMO” each time the training included a DEMO just so you can see how many demos there were which were really helpful. Thanks to Greg Shields @ConcentratdGreg, the trainer, contact info at the end.

As mentioned previously, the second section of this course seem like it was going to focus on how to build a lab in preparation for training, so I broke it into a separate post.

Windows Server 2012 R2 (70-412) MCSA and the 70-412 Exam

Building Your 70-412 R2 Environment

  1. VMware workstation
    1. please note; VM Workstation is a licensed product; you have to PAY for it. You can get a 30
      TG-LAB

      My physical lab 5 DL380 G5s (one not in picture) and two DL360 G5s. The G4s are being decomissioned.

      day trial of VM Workstation here. Also, if you have ever passed a VMware certification (like me) then you get a free license as one of your benefits. So, for example, I have a permanent license for Workstation 10, but cannot upgrade without buying a new license. I suppose you could do this lab on VBOX also if you have familiarity there. At the end of this I will also post some links to good sites about virtual labs.

  2. VM infrastructure and IP scheme
  3. Forest infrastructure
  4. Understanding the Network Infrastructure
  5. VyOs router for network routing
  6. Use of templates or clones. Discussion of Linked Clones to minimize disk use. Linked Clones are a VMware specific ability. VMware Linked Clones use the same virtual disks as the parent. So you could have 10 linked clones using one set of disks, with a very much improved storage use scenario especially in a lab.
  7. Reviewing lab IP scheme and host design;
    1. 4 Domain Controllers
    2. 1 File Server
    3. 2 NLB hosts
    4. 5 Failover Cluster hosts
    5. 1 Certificate server
    6. 1 RMS (Rights Management Server)
    7. 1 ADFS (Active Directory Federation Services)
    8. 1 desktop
    9. Total of 1,2,3 let’s see 16 machines looks like all in VM Workstation running on one PC
  8. Forest infrastructure
    1. company.whatever
    2. separate forest to test ADFS
    3. three different sites
    4. 4 subnets; VMware Workstation doesn’t support subnetting which is why we have VyOS
  9. Setting up VYOS
    1. default username and pw is “vyos”
    2. setting up multiple NICs to support the subnetting
    3. adding 4 more NICs
    4. Configured VYOS
    5. Configured internal home router for the appropriate vlans

Ok that’s about it. It does looks like a pretty good way to set up this all in a virtual lab. I’d like to see how it performs but probably pretty well since he put all the drives on a separate SSD.

Here are some of the other links I have gathered on building a lab. Some focus on low power (electricity costs), some focus on being quiet (don’t need the disturb the spouse) and some on different things. I’ve had the good fortune to be able to collect some HP G5 servers which I have been able to use, using iSCSI and / or VMware VSAN for storage. I used this lab to study for and pass my VCP-DCV5.1 test.

Links;

Labs in general

While this one could go under “low noise” or “low power” they’re not really stated goals so I’m putting it here, it’s one of the best; http://packetpushers.net/vmware-vcdx-lab-the-hardware/

Similar lab build; http://rickmur.com/home-lab-server/

A more expensive ($3,000.00) work office targeted option using HP / CDW parts; (can this run ILO?) https://virtualizationreview.com/blogs/virtual-mattox/2012/03/build-cheap-screaming-virtualization-lab-server.aspx

Another good follow along lab; http://ethancbanks.com/2014/03/15/my-home-lab-esxi-5-5-server-build-and-the-logic-behind-it-all/ but this guy had a couple of Cisco SG300-52 switches that are worth min $400.00 each so not really cheap.

 

Nested / Low Power / Low noise or some combination

“nested” generally simply means you have one hypervisor running on another, or one hypervisor running as a VM.

Nested lab on VMware Workstation; low cost; http://www.heathreynolds.com/2014/02/building-nested-esxi-lab-on-vmware.html

Nested lab on ONE DL380 G5; http://www.running-system.com/how-to-build-a-nested-lab-on-a-hp-dl380-g5-server-step-1/ You can sometimes get a G5 on Craigslist for cheap or free. I got a couple for free, and I got a couple for as little as $90.00. There are thousands of these G5s still in production and they are solid hardware. Anything older than G5 won’t have processors that will support virtualization.

First one I have seen specifically on VMware 6.0 which just came out a few months ago; http://www.vladan.fr/nested-esxi-6-in-a-lab/

This looks cool; Intel NUC, low power (15w with 5 running VMs) http://www.vclouds.nl/how-to-build-a-low-cost-low-power-and-fast-esxi-home-lab/

Around 30w; https://matthill.eu/projects/vmware-esxi-low-power-home-lab/

VBOX lab

http://pc-addicts.com/building-the-ultimate-virtualbox-lab-intro/

In my experience, Memory is going to be the first constraint on a lab system no matter which method you choose. After that, probably storage. On nested environments (like this Pluralsight training) SSD would be a great idea.

Sep 24

Server 2012 Resources

For any of you interested in Server 2012, I can point you to resources to;

 

1)      Set up your own lab (if you have hardware)

2)      Set up your own lab on Azure if you don’t have hardware

3)      Get the free eBook for 2012 from Microsoft Press (.pdf or .mobi). No physical books are published yet, that I can find.

4)      Join an early study group to learn and prepare for the 70-410 exam

5)      Get enrolled in a 40 hour MS training course for free, targeting the 70-410 exam

 

If anyone is interested in this stuff let me know.
JL