Using TLS 1.2 Windows Server 2008 R2 & 2012 R2, SQL and SharePoint

Everyone uses a certificate when requiring authentication on an internet facing site. However it’s surprising how many folks don’t take the time to understand SSL/TLS. Securing SSL/TLS protocols is a pretty common thing to do on any Windows Server running IIS and web applications that uses HTTPS, especially if they require some sort of compliance. It is a good idea to do this on all of your servers in your SharePoint farm, to ensure your secure connections really are secure. It’s also important to note that while I have several SharePoint 2016 environments where I have removed both TLS 1.0/1.1. However, I have not removed TLS 1.1 from the any of my SharePoint 2013 environments. However, all of my clients with SharePoint 2013 are using a HW Load Balancer like the F5 and have offloaded SSL and removed TLS 1.0/1.1 using the HW…

All Microsoft Windows devices using SSL/TLS protocols use SCHANNEL, where you have to install something like OpenSSL on Linux. You may also notice that while OpenSSL has more security vulnerabilities they tend to respond quickly to them. However, Microsoft has been disappointingly slow in updating the cryptography stack in its OS and Applications. Note: there may be flags when running SSL Lab scans against your servers that you may not be able to resolve at this time. This may also apply to the availability of the latest cipher suites as well.

All of the configuration changes to SCHANNEL are stored in the registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL

 

The first time I created a GPO to Configure SSL/TLS, and deploy to the farm. I spent a few days with Regedit and reading technet, I recommend using IISCrypto from Nartac to make the changes to ensure the process goes a smooth as possible on your first server then after reboot, exporting the SCHANNEL Key for use with a GPO to automate the deployment for all additional servers in your farm

You can use the following command to export up the SCHANNEL registry settings prior to making the changes and again after for use with the GPO, should you need to restore it: reg export HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\ SChannel-Export.reg

Known issues

There are a few gotchas when making modifications to SCHANNELL on Windows, please QA as necessary in the lab prior to deploying to production:

  1. SQL Server used to require TLS 1.0, when you disabled it your SharePoint Servers would not be able to communicate with the SQL Cluster. Please review the information about the SQL updates and additional known issues using the following link TLS 1.2 support for Microsoft SQL Server, then download and install the appropriate SQL Updates. All versions prior to SQL Server 2016 require the updates regardless of Service Pack or Cumulative Update
  2. Please make sure you download and installed KB3080079 if you are running a version of Windows Server prior to Windows Server 2012 or RDS/RDP will break when after disabling TLS 1.0 and rebooting. Note: If you are using IISCrypto you may see a pop like the following screenshot after reviewing TLS 1.0/1.1

     

  3. Older clients > Windows XP and earlier may not be able to connect if they do not support the newer SSL/TLS technologies and you disable the older ones. Out of the box Windows Server is configured to be relatively compatible with older clients, which in turn makes it less secure. You can find a complete browser compatibility list here: https://en.wikipedia.org/wiki/Template:TLS/SSL_support_history_of_web_browsers
  4. Qualys will ding you for supporting 1024 bit DHE groups, and will recommend DHE key exchanges be increased to 2048 bit or disabled, but 1024 is the limit on all versions of Windows prior to Windows 10 at this time.
  5. Be sure to thoroughly test your applications after making any changes, mainly looking for connection failures over HTTPS. The errors will be listed in the system event log with SCHANNEL as the source

The following configuration works with most modern software (Windows Vista and newer) while providing a relatively robust SSL/TLS configuration, and earning an A ranking on Qualys’s SSL Labs tester.

IISCRYPTO

  1. Download IISCrypto and apply the “Best Practices” Template
  2. Use The Best Practice Template; Click Templates, Use the drop Down choose Best Practice, then click Apply
  3. Disable TLS 1.0 Assuming SQL updates have been applied and KB3080079for RDS/RDP has been applied
  4. Disable MD5 under Hashes enabled
  5. Click Apply
  6. Reboot
  7. Test your site with Qualys’s SSL Labs tester

QUALYS SSLLabs Ranking

 


 

RMS SP2 Administration Toolkit – Download

It’s amazing sometimes when you attempt to download a tool from Microsoft and its no longer available for download and a lot of the documentation still available has links that do not work for the download.

The following is a list of tools and their commands that are included in the toolkit. This is mostly copied from the rteadme.htm that is part of every tool

AD SCP Register   

Use this tool to register or unregister a service connection point in Active Directory.

  1. Open Command Prompt, by clicking Start, Run. In the Run dialog box, type cmd, and then click OK.
  2. At a command prompt type the following command: ADSCPRegister.exe <Operation/> <URLtoRegister>

Using the following information to select the appropriate options for your installation:

  • <Operation> specify either unregisterscp or unregisterscp

Example: ADSCPRegister.exe unregisterscp https://adrms.contoso.com/_wmcs/Certification

  • registerscp – this operation registers the service connection point specified in URLtoRegister in Active Directory.
  • unregisterscp – this operation unregisters the service connection point specified in URLtoRegister in Active Directory.

For <URLtoRegister>, type the URL that you want to use as the service connection point, for example, https://adrms.contoso.com/_wmcs/Certification.

3. Verify that the tool has run correctly by viewing these two objects in Active Directory:

  • objectClass=container with CN=RightsManagementServices
  • objectClass=serviceConnectionPoint with CN=SCP and the serviceBindingInformation attribute set to the URL specified for the URLtoRegister you provided in step 2.

Usage Notes: The service connection point (SCP) for RMS identifies the connection URL for the service to the RMS-enabled clients that are in your organization. Clients will not be able to discover RMS to request use licenses, publishing licenses, or RMS account certificates without a valid SCP. Incorrectly using this tool could result in users being unable to use Rights Management Services.

Get RMS SCP

Use this tool to validate the current service connection point registered in Active Directory

To run GetRMSP

  1. Open a command prompt by clicking Start and then Run, In the Run dialog box, type cmd, and then click OK. or Windows Command Prompt(Admin). Depending on OS
  2. Navigate to the location where the tool is saved (C:\Program Files (x86)\RMS SP2 Administration Toolkit\GetRMScp). At a command prompt type the following command: GetRMSCP

Example: GetRMSCP

IRM Check

For enterprises that are using RMS with Office System 2010/2013/2016. Use this tool to create an html-based report of the client configuration, Office version, registry keys, and other settings that impact the RMS system. If the RMS-enabled application used on the client computer is a 32-bit application, make sure to use the 32-bit version of IRMCheck in the RMS Toolkit. Similarly, if you are running a 64-bit RMS-enabled application on the client computer, make sure to use the 64-bit version of IRMCheck from the RMS Toolkit

To run IRMCheck

  1. On the affected computer, launch IRMCheck.
  2. Open File Explorer and GoTo C:\Program Files (x86)\RMS SP2 Administration Toolkit\IRMCheck
  3. A report will be created that will give you diagnostic information specific to your Windows® Rights Management Services environment.

Example Report:

RMS Cert Analyzer

Use this tool to check the certificate chain on a given rights account certificate, view rights data and certificate information.

How to use the RMSCertAnalyzer

Using the RMSCertAnalyzer tool includes the following two tasks:

  • Specify the configuration information
  • Run the RMSCertAnalyzer

To specify the configuration information

  1. In the location where you saved the RMSCertAnalyzer tool, use an XML editing tool (or a text editor such as Notepad) to open the RMSCertAnalyzer.exe.config file that was included with the tool.
  2. Copy the contents of web.config of the licensing IIS virtual root to CertAnalyzer.exe.config.

To run the RMSCertAnalyzer

  1. On the RMS server, navigate to the location where you saved the RMSCertAnalyzer tool (C:\Program Files (x86)\RMS SP2 Administration Toolkit\RMSCertAnalyzer).
  2. Start the tool by double-clicking the RMSCertAnalyzer.exe application. The RMS License Analyzer window appears.
  3. From file menu, open the certificate file you want to analyze. Once the license is selected, you can analyze it in the following manner. The opened file is displayed in RMS License label.
  • The License Information is displayed from the License chain in edit box.
  • From the Tools menu, you can select Verify License Chain to validate license signature, trust chain and display trusted domains in the view window.
  • From Tools menu, you can select View Rights Data for any license. If the selected license is a publishing license, the tool will decrypt the encrypted rights data and display it in the window. If the license is any other RMS license, the tool displays rights data if the license has any.
  • From the Tools menu, you can select License Information to view license data such as issued time, validity time, issuer, issued principal and trust chain from the license.

Usage notes

  • License files analyzed using this tool must use UNICODE text formatting. If the license file is saved using the ASCII text format the file cannot be analyzed.
  • Using this tool will not make any changes to the licenses and certificates.
  • This tool can only be used on front-end RMS servers.

RMS Config Editor

Use this tool to easily view and edit data in the RMS configuration database.

To run RMS Config Editor

  1. Open the folder where you saved the RMS Administration Toolkit, open the folder for RMS Config Editor, and then double-click RMSConfigEditor.exe to start the tool. The RMS Config Editor window opens.
  2. In Server, type the name of the computer that hosts the RMS configuration database. If the tool is being run on that computer, select localhost.
  3. Click the Go button to connect to the specified server.
  4. In Database, select the RMS database you want to view from the drop-down list.
  5. Click the Go button to connect to the specified database. A list of database tables appears in the left pane of the window.
  6. Select a database to view by clicking the table name in the left pane. The contents of the table are displayed in the right pane.
  7. If you want to modify a field value, in the right pane, click the field and type a new value.
  1. To save the change to the database, click the Persist button.

Note: You must save your changes using the Persist button before you select another table. If you do not, your modifications are lost.

  1. When you are done using the tool, click the Exit button.

Usage notes

  • This tool can be used on either local or remote computers.
  • The names of the computers and the databases that the toll connects to are retained in the drop-down lists until you exit the tool.
  • If you have a previous version of this tool installed, you must remove it before installing this version.
  • Although designed with the configuration database in mind, this tool can be used to view or edit other RMS databases, such as Logging and Directory Services cache.
  • The intended use of this tool is for viewing and editing data that is not exposed by the RMS Server Administration interface. As such, it is limited as to the type of data that it can edit.
  • This tool cannot be used to view extremely large databases.

RMS Event Viewer

Use this tool to map RMS log entries to events, enabling the logs to be viewed using the Event Viewer.

To run RMS Event Viewer

  1. Open the folder where you saved the RMS Administration Toolkit, open the folder for RMS Event Viewer (C:\Program Files (x86)\RMS SP2 Administration Toolkit\RMSEventViewer), and then double-click the RMSEV.exe application to start the tool. The RMS Log Viewer window opens.
  2. In Machine, type the name of the server on which you want to view logging databases by using Event Viewer.
  3. In Logging Database, type the name of the SQL server that contains the source logging databases.
  4. Click the Step 1: Connect to server button. This creates a connection between the servers and retrieves a list of databases from the SQL server.
  5. Click the arrow next to the third drop-down box to see the list of available databases.
  6. Select the database you want to view from the list and then click the Step 2: Connect to database button. A list of events is displayed in the RMS Event Log area.
  7. Click an event in the RMS Event Log area to highlight it. The logging record related to the event is displayed in the RMS Logging Database area in the left pane.
  8. To view the details associated with a log record, double-click the record. The details are displayed in the RMS Logging Database area in the right pane.

Usage notes

  • This tool can be used on either local or remote computers.
  • The names of the computers and the databases that the tool connects to are retained in the drop-down lists until you exit the tool.
  • If you have a previous version of this tool installed, you must remove it before installing this version.
  • Gathering events from remote computers may take a substantial amount of time.

RMS Log Analyzer

Use this tool to analyze the log file of your RMS server to track server errors, query for specific users, and other logged events.

How to run RMS Log Analyzer

To run the RMS Log Analyzer, you perform three procedures:

  • Create the DRMS_Log_Admin database
  • Specify the configuration list
  • Run the RMS Log Analyzer

To create the DRMS Log Admin database

  1. Save the RMS Log Analyzer tool on the computer running SQL Server where you wish to host the DRMS_Log_Admin database. (C:\Program Files (x86)\RMS SP2 Administration Toolkit\RMSLogAnalyzer)
  2. Run the SQL Script file GenerateRMSAdmin.sql to create the database that the tool will write data to.

To specify the configuration list

  1. In the location where you saved the RMS Log Analyzer tool, use an XML editing tool (or a text editor such as Notepad) to open the DBConfig.xml file that was included with the tool.
  2. Add entries into the file for each of the servers running SQL Server that you want to gather RMS log data from by using the following syntax: <Server HostName=”SQL_Server_name” DatabaseName=”DRMS_Logging_hostname_subdomain_secondleveldomain_topleveldomain_port”> </Server>
  3. Once all of the servers that you want to gather data from have been added to the list, save the file and exit your editing application.

To run the RMS Log Analyzer

  1. On the server where you created the DRMS_Log_Admin database, navigate to the location where you saved the RMS Log Analyzer tool.
  2. Open a command prompt by clicking Start, and then Run. In the Run dialog box, type cmd, and then click OK.
  3. At a command prompt, navigate to the location where the tool is saved and type RMSLogAnalyzer.exe.
  4. To stop RMS Log Analyzer, press CTRL+C in the RMS Log Analyzer command prompt window.

While the tool is running, you will see the following progress indicators in the command window.

During the first run of the tool, it will process up to 20,000 log entries from each database you listed in the configuration file. If your databases contain more than 20,000 log entries, repeat this step until all of the logs are processed. Subsequent runs of the tool will process 5,000 log entries.

If a processing error is encountered while processing a log entry, the logID and the exception are displayed in the command window. The database will reflect the error by creating an entry for the logID and the related data will contain the text “RMS Admin processing error.” This error will not stop the processing of subsequent log entries; the tool will continue to the next entry automatically.

If you want to automate the process of starting RMS Log Analyzer, you can configure it as a scheduled task so that Log Analyzer is started every time that the system is started.

To run RMS Log Analyzer as a scheduled task

  1. On the server where you created the DRMS_Log_Admin database, click Start, click Control Panel, and then click Scheduled Tasks.
  2. Double-click Add Scheduled Task, and then click Next.
  3. Click Browse.
  4. Navigate to the location where you saved the RMS Log Analyzer tool.
  5. Type RMS LogAnalyzer for the task name, click When my computer starts, and then click Next.
  6. Enter credentials of a user on the network who has at least read access to the RMS Logging database, click Next, and then click Finish.

Usage notes

  • In previous versions of RMS Log Analyzer, RMS Log Analyzer had to be installed on the SQL Server. In RMS Log Analyzer Service Pack 2, a command-line option was added to pull data from remote SQL servers. To use the new command-line option, type RMSLogAnalyzer.exe /ALTDB <SQL_Server_Name> at the command prompt.
  • Using this tool will not make any changes to the source RMS logging databases.
  • One DRMS_Log_Admin database can be used to store any number of RMS databases so long as the full logging database names are unique.
  • The Windows RMS Newsgroup is a great place to ask questions of other RMS users and find general information about other user’s experiences with RMS. You can subscribe to the RMS newsgroup from the Microsoft newsgroup server (http://go.microsoft.com/fwlink/?LinkId=74714).

RMS Queue Recovery

Use this tool to recover logged events from the MSMQ dead letter queue.

To run RMS Queue Recovery

  1. Open a command prompt by clicking Start and then Run. In the Run box, type cmd, and then click OK.
  2. Navigate to the location where the tool is saved. At a command prompt, type the following command, replacing the parameters with the appropriate values for your installation: LogRecoveryCmd <operation> <queue name>

The tool can perform the following operations:

When specifying the <queue name> parameter, you must use the direct format, for example, .\Private$\Drms_Queue.

Following are two examples of how to use this tool on a server with a local logging database. These examples assume that the queue name is .\private$\drms_logging .

  • To resend all messages from the dead letter queue back to the logging queue, type:LogRecoveryCmd.exe resend .\private$\drms_logging

Usage notes   

  • This tool must be run on the RMS server.

RMS Service Locator

Use this tool to provide a report of all the URLs that RMS uses.

To run RMS Service Locator

  1. Open a command prompt by clicking Start and then Run. In the Run dialog box, type cmd, and then click OK.
  2. Navigate to the location where the tool is saved (C:\Program Files (x86)\RMS SP2 Administration Toolkit\RMSServiceLocator). At a command prompt, type the following command: RMSServiceLocator

The tool will run and will display the services available for the server to enroll with.

Usage notes

  • This tool must be run on the RMS server.

 

Download RMS SP2 Administration Toolkithttps://1drv.ms/u/s!AqPEeJPr6wHFlPAiLhfZOIS_kZ4qJw

 

 

PowerShell: Backup your running Hyper-V Virtual Machines

If your like every one else including me its been a complete drag attempting to get clients to allow you to shut down Virtual Machines that are in production to allow you to back them up.  Windows Server 2012 R2 (a free upgrade of Windows Server 2012) can be upgraded remotely using RDP without too much risk. I competed 4 Hyper-V Hosts Friday night without issue. The upgraded is pretty fast but we had to migrate the running VMs prior to the upgrade, and it too about an hour to bring the  the new 2012 R2 Hyper-V hosts current with all Security and Hot Fixes (132 patches) .

image

 

Set-VMBackup.ps1

We have the backups  using task scheduler, since we have multiple Hyper-V hosts, we created the schedule once then exported to xml, and imported the task on all additional Hyper-V Hosts.

 

 

Also, since the VMs rarely change we keep two backups locally and the rest are moved to the SAN in this case a NetApp for two weeks and copied to tape. Note: You only need to modify the drive and root folder, if the folder does not exist it will be created.

PowerShell Script

<# Set-VMBackup.ps1 #>

#Get date string
$timestamp = Get-Date -UFormat "%Y%m%d"

#Change the Drive / Folder where the exports should be stored
$BackupPath = “D:\VMBackup\$timestamp#Export running VMs to Export path
GET-VM | where {$_.state -eq ‘running’} | Export-VM -Path $BackupPath

Download http://1drv.ms/1PPFoUg

 

Ivan

Bastille Day – July 14th, 2015 Migration is worth it!!

Windows Server 2003 & 2003 R2 Support is ending July 14, 2015

Bastille Day, Symbol of the French Revolution

What does end of support mean for you? After July 14, Microsoft will no longer issue security updates for any version of Windows Server 2003:

  • If you are still running Windows Server 2003 , you need to take steps NOW to plan and execute a migration strategy to protect your infrastructure.
  • By migrating to Windows Server 2012 R2, Microsoft Azure or Office 365, you can achieve concrete benefits, including improved performance, reduced maintenance requirements, and increased agility and speed of response to the business.
  • Extended support for Windows Server 2003 will end on July 14, 2015, and customers are once again looking at the final months of a generous Windows product support cycle. Recommendations for customers using Windows Server 2003 include the following:
  • Customers that go beyond the termination of extended support place themselves at risks and potentially in a regulatory noncompliance situation. Even if regulatory compliance is not a concern, the security improvements that Windows Server 2012 R2 provides are worth adopting if just to help defend against industrial espionage.

 Key issues if you are still supporting Windows Server 2003 after July 14th 2015:

  • Lack of patches/updates/non-security fixes. No-cost, non-security-related update support terminated on July 13, 2010. However, support for non-security-related updates was available on a for-fee basis to customers that felt it was important to continue to have access to fixes that could help their system run optimally and perform well.
  • Elimination of security fixes. Customers see security fixes as being among the most critical fixes for their installed servers. These fixes will no longer be delivered to customers for their Windows Server 2003 servers, regardless of how severe a given issue may be. This may be less of a problem with many aging Windows Server 2003 applications, mainly because the applications still in use are increasingly likely to be inward facing rather than outward facing.
  • Lack of support. Customers no longer have the ability to contact Microsoft for technical support in the event of a server problem. This becomes particularly important when a system experiences an outage and customers are unable to restore the system and recover data and applications from the stalled machine.
  • Application support challenges. Application ISVs dislike having a complex support matrix and typically support current versions along with a finite number of earlier editions of the product. For most ISVs, an 11 -year-old application is probably already past its rational support life cycle, and in most cases, these application ISVs are about to discontinue or have already discontinued support for aging operating system environments such as Windows Server 2003.

Regulatory Compliance :

  • Customers in regulated industries or handling regulated data, including healthcare and payment card industry (PCI) data, may find that they are out of compliance, which could mean fines or being cut off from key trading partners that seek to protect their own regulatory compliance status.
  • Inability to leverage modern cloud options from Microsoft and other vendors. Windows Server 2003 can run on virtually every hypervisor in the market, but that does not mean it is an equal player in these modern deployment scenarios. For example, Windows Server 2003 installations cannot be re-hosted in a Microsoft Azure environment, unless it is a 64-bit image, but the vast majority of Windows Server 2003 installations are 32-bit solutions. So even if customers bring the 32-bit image to the Azure cloud, they cannot continue using that operating system instance. When spinning up new infrastructure-as-a-service (IaaS) instances in Azure, Microsoft provides catalog images only for 64-bit instances of Windows Server 2012 R2.

Bottom Line:

Security vulnerabilities could arise for which no protection is possible. Attackers who exploit these openings could gain control of systems based on Windows Server 2003. Then use the compromised system to launch attacks from within the data center against other, newer systems to capture and relay data from the network to the attacker outside and introduce false transactions or tamper with legitimate business activities. If such an attack were to take place, it may be impossible or impractical to stop it from succeeding and from being repeated, since the code vulnerability inside the OS will not be patched. Business functions dependent upon the system running under Windows Server 2003 may be unexpectedly subject to complete loss of access to the functionality of the system if it has to be shut down due to compromise. Alternatively, lack of viable alternatives for the business function may dictate that the system remain in operation despite compromises, thus endangering other systems that are not based on Windows Server 2003.

Wow 13 Years who would have thought…

If you have NOT decommissioned your Windows Server 2003 Servers then you should purchase an Extended Sup[port agreement for these servers and actively be in the process of moving to new Hardware and Software… You can use the Windows Server 2003 Migration Planning Assistant which will walk you through a migration assessment and help you choose a Microsoft partner if you need help in the migration and decommissioning of your old hardware.

 

Ivan

Converting Windows Server 2012 Evaluation to a FULL Licensed Version

I came across a client the other day who had began implementing a new domain about 6 months ago with with 4 Hosts Windows Server 2012 Data Center Edition 2 XEON PROCS, with 12 Cores 24 Threads, 256GB RAM, along with 32TB Sata3 6GB Drives Internally RAID5, and 2 Internal Disks 1TB RAID0. However, they had used the Windows Server 2012 Data Center Evaluation Edition and were somewhat stuck.

image

What I found through friends and Google was though you couldn’t just add the Datacenter Edition Key using the GUI and we were unable to find a solution to resolve a group of Servers  that hosted the AD-DS Feature,

1. DISM /online /Get-CurrentEdition

image

 

The GUI doesn’t not work For Converting from Evaluation to FULL License

 

Make note of the Current Edition : In our case since we know its Data Center Edition the Current Edition : ServerDatacenter

 

Now that we know the Current Edition ID, its simple to run the next command

2. DISM /online /Set-Edition:ServerDatacenter /ProductKey:1234-5678-9876-5432-1234 /AcceptEula

image

Note: Obviously you will need to use your own product Key as the one I have provided will not work.

Once you modify the PID to use your own licensed version. You will notice that the process will update components, then Install PID, Remove the Evaluation Components and ask you to reboot..

Once the server has rebooted, the bottom of your screen will no longer have the Evaluation Count Down

Happy Holidays imageHappy Holidays

Happy Holidays happy Holidays Happy Holidays Happy Holidays

Don’t forget to check Microsoft 12 Days of Deals with Surface RTs as low as $$99 dollars HAVE FUN

 

Happy Holidays,

-Ivan

SharePoint 2013 Migrations with metalogix verse MetaVis

One of the larger disappointments I have had this summer is the number of crashes using the new Content matrix from metalogix seems to deliver when moving simple WebApps and Site Collections from SharePoint 2007 to SharePoint 2013. I mean simple like having a single Custom Site definition, a few Custom WebParts, with lots of ECM using Choice Site Columns and Custom Content types and all Branding is already deployed

Its almost embarrassing except that I designed and deployed all of the hardware from the SAN Configuration to the F5 Load Balancers and all hardware in between. In addition, I scripted the entire build for DEV, UAT, and PRD and luckily we rocked during the last two migrations one using of all tools Bulk List migrator from Bamboo Solutions and the last time using metelagix SSMM.

I guess my concern is: though metalogix is now one of the dominant players in SharePoint the quality of the migration tools from them seem diminished. I have multiple crashes per day, failure to move simple pieces of content like list items and documents, where it will now take three iterations per job in order to finally get it right.

As much as I dislike having to learn additional tools as there is never enough time I will begin testing MetaViz this weekend and I am greatly saddened that I would have to do so. But on with the show, I realize it makes sense to have a common interface for all of the metelogix products, I would only beg them to not do so at the cost of the value of the products in their own right.. I will let you know how this all works out in the next few weeks. As we have an end date of March 2013…

This project also includes building a One World taxonomy  and is takes getting a lot of people together to mostly agree on the majority of the terms your business will be using. We did a great Job in 2008 with the Global Communications Group in charge of technical Publications, Translation and more, now we just have to do the same for the rest of the company and support multiple languages with follow the sun data centers. So its all kinds of fun and march is not very far off.

I am sure I will be sending out another Blog or two this week but just in case you don’t have a chance to read those have a Very Happy Halloween

Cheers,

-Ivan

Ivy-Bridge Processor LGA-2011 x79 Chipset with Windows Server 2012 R2

This was a lot more fun than I had planned, I thought cool I will get a LGA 2011 board with 8 slots of the Corsair Vengence 2133mhz 8GB chips, a new Ivy Bridge Processor, mother board, a Cooler Master HAF Case, I already had a couple of NVIDIA 570s, Corsair Power Supply’s so for under a 1.5k I was able to buy a new server though admittedly I had a few of the parts, the new 22nm Ivy Bridge Rocksimage.

The first thing that went wrong is that the board wouldn’t boot, though everything was wired properly, to make sure it was the mother board, I purchased a MSI X79-GD45A and had the same issue.

I now knew it had to be the BIOS, and another trip to the store to purchase a Sandy Bridge Processor Xeon E5-3950 and replaced the Ivy Bridge Processor I7-4890, I had been using and everything booted….

Then Updated to the latest BIOS, replaced the Sandy Bridge Processor with the Ivy Bridge Processor and the system mostly worked except for the Ethernet adapter

I say mostly working due to Intel’s unique concept of disabling the installation of the 82576V Ethernet Adapter Driver Installation from ALL downloadable installation packages including the OEM motherboard manufacturers. including both Asus and MSI x79 Motherboards use Intel’s 

Asus P9X79 Pro

 

Since both boards use an x79 Intel Chipset and the same 82579V Ethernet Adapter, this shouldn’t be an issue right and you will not have an issue if you install a desktop OS. But I needed the extra RAM to run Hyper-V and was installing Windows Server 2012 R2, when you attempt to install the drivers for the the Intel 82576V Ethernet Adapter, you will not be able to do so.

 

MSI X79A-GD45

image

 

During the installation of the Ethernet Adapter you will receive a screen pop up that states “You do not have an Intel Network Ethernet adapter installed” Intel doesn’t want to have a Server OS installed using the the 82576V Ethernet Adapter which looks 90 percent of all motherboards using X79 Chipsets use, so after you have paid up to $400 for the board and up to $1100 for the Processor, and $1200 for memory from trusted OEMs / ISVs  you will only be allowed to install one Ethernet Adapter in the PCIeX1 slot is you are running server software.

 

Before Deletion of lines 47 – 49

imageAlso, the Motherboards OEM Disks did not have Drivers for Windows 8 / 8.1 or Windows server 2012 / 2012 R2.

After Deletion of Lines 47 – 49

image

Download the PROWinx64.exe from Intel’s website, and extract it to C:\Apps.

Then edit the e1c64x64.inf from C:\Apps\PROWinx64\PRO1000\Winx64\NDIS64, remove the 3 lines beneath [ControlFlags] lines 47 – 49, and Copy lines 60 through 63 to line 72. and save the file. (please see before and after screen shots below)

Before Copy of Lines 60 – 63

image

 

 

 

 

 

 

 

After Copy of lines 60 – 63 , to Line 72

image

The next issue will be the Hash value will not match the Certificate since the CRC value has changed due to modification of the  e1c64x64.inf file, Right Click from File Explorer and Choose to delete the e1c64x64.cat file that contains the certificate.

Then right click on This PC or Computer, Advanced System Settings, Startup and Recovery, Settings, Click the Check Box, Time to display recovery options when needed, Click OK twice, and reboot the server.

Prior to the server restart and just after POST press F8 then Choose Boot with Device Driver Signing Disabled. Once you have logged in to the OS, Press the Windows Key + X, Choose Device Manager, Right Click on your Computer Name, Add Legacy Hardware, Click Next, Choose Install Hardware that I manually Select from a list, Click Next, Choose Network adapters and Click Next, Click Have Disk, Browse to C:\Apps\PROWinx64\PRO1000\Winx64\NDIS64 and choose the modified e1c64x64.inf file.

Once the 82576V Ethernet Adapter Device driver is installed, test and reboot the server the reboot resets your server to requiring all drivers to be signed by the OEM / ISV.

I hope this helps anyone attempting to use the new IVY Bridge Processors with the X79 Chipset as I could have saved a lot of time if there had been any documentation from the OEMs, or Microsoft or from any one at Frys on this issue..

Bottom Line LGA-2011 with the x79 Chipset is NOT Ready for Prime Time until the motherboards that are in stock have been sold and replaced with motherboards that contain the newer BIOS and either Intel improves the x79 Chipset, modifies the Driver Installation Package, or Scraps x79 Chipset all together.

As much as I would like to have 128GB of RAM on my Desktop I don’t need it (yet) and I think most of the people using the boards may be using them to run Server Software which obviously Intel has chosen NOT to support. Oh, and I guess I forgot to mention there not any PRE-POST Beeps that let you know if there is an issue and there isn’t an integrated video card I any of the LGA-2011 X79 Chipsets I have reviewed.

Reference:

 

-Ivan

BRDLite Reference Templates

BRDLite Reference Templates

A friend of of mine John Spinella is an Visio Studio ALM Ranger and the first person I know who could get the SharePoint builds automated in TFS. He and the Team have just released a set of build process  / reference templates

The Build Release and Deploy (BRD) Lite is a set of build process reference templates that allows you to quickly setup a real-world build process in your environment. It leverages extensions from Community TFS Build Extensions, which provide capabilities for your Team Foundation builds such as automatic compile, build version number customization, build packaging, code signing, basic deployment functionality, and environment configuration file management into your Team Foundation builds.

The “Lite” comes from giving you a build template that you or your Build administrators can use “out of the box” for most scenarios. Of course, you can always customize and extend as needed.

image[18] image[19] image[20]

Visual Studio ALM Rangers

This guidance is created by the Visual Studio ALM Rangers, who have the mission to provide out of band solutions for missing features and/or guidance. This content was created with support from Microsoft Product Group, members of Microsoft Services, Microsoft Most Valued Professionals (MVPs) and technical specialists from technology communities around the globe, giving you a real-world view from the field, where the technology has been tested and used.

What is included in the downloads?

The solution is divided in separate packages to give you the choice of selective downloads. The default download is the first of the listed packages:

  • Hands-on Labs (HOL)
  • Build Templates

The Epics included in the guidance are:

  • As Abu, the build master, I would like to understand the changes and impact of Visual Studio 2012 on BRDLite  As Abu, the build master, I need guidance on extending the BRDLite reference template with new custom activities. As Abu, the build master, I would like a number of BRDLite reference templates, which implement scenario based custom activities.

 

External References

Build Customization Guide
  • BRDLite was originally shipped with the Build Customization Guide as a practical build template that would provide hands on guidance on how to implement the TFS Build Extensions.   Refer to the Build Customization Guide for practical guidance on build customization, an overview of BRDLite and the BRDLite v1.0 templates.
  • SPDisposeCheck
  • The current version of the SPDisposeCheck can be downloaded from the SharePoint Dispose Checker site.
  • CAT.NET 2.0
  • The 2.0 CTP of Cat.NET can be downloaded from Microsoft Connect
  • Community TFS Build Extensions
  • Community TFS Build Extensions – this project makes use of the Community TFS Build Extensions which is a collection of custom build activities, templates and other resources for Team Foundation Build. Please visit and follow this project for the latest releases.
  • Team
  • Bijan Javari, Brandon Haw baker, Jim Lamb, John Jacob, John Spinella, Mike Fourier, Richard Fennell, William Bartholomew, Willy-Peter Scab
  • How to submit new ideas?
  • The recommended method is to post ideas to the Discussions Page or to contact the Rangers at http://msdn.microsoft.com/en-us/vstudio/ee358786.aspx.
  • Feedback
  • Post comments on the Discussions Page.

image232

If you haven’t downloaded and used the reference templates and guidance now is the time …

Thank you Jon it look pretty cool I will be post a follow-up and let you know what I find

 

-Ivan

PASS Business Analytics Conference – Quick Facts

image

Key Dates

Pre-Conference

April 10

Welcome Reception

April 10 (evening)

Day 1 Keynote: Microsoft

April 11

Appreciation Event

April 11

Day 2 Keynote: Steven Levitt

April 12

General Sessions

April 11-12

Highlights

  • § 60 + technical sessions presented by Microsoft and Community Speakers
  • § Steven Levitt Keynote – Bestselling co-Author of Freakonomics and Super Freakonomics
  • § 5 session tracks including:
  •    ▫ Data Analytics and Visualization
  •    ▫ Advanced Analytics and Insights
  •    ▫ Information Delivery and Collaboration
  •    ▫ Big Data Innovations and Integration
  •    ▫ Strategy and Architecture

imageWhy Attend?

  • § Top community speakers including big data ZDNet blogger Andrew J. Brust; BI experts Alberto Ferrari, Stacia Misner, Peter Myers, Marco Russo and Chris Webb; data mining and predictive analytics gurus Mark Tabladillo and Cristian Vava; data science expert Mark Whitehorn; and Decision Sciences professor, Mathletics expert, and two-time Jeopardy! champion Wayne Winston.
  • § Hear from the Microsoft experts: Kamal Hathi, Director of the BI Group for Microsoft SQL Server; Ashvini Sharma, Group Program Manager in the Office Data Experiences team; and Tim Mallalieu, Principal Group Program Manager for Microsoft HDInsight.
  • § Connect with us for real-word insights, prescriptive guidance, best practices, and strategic vision
  • § Expand your ability to analyze, manage, and share information to predict business performance
  • § Walk away with the tools and connections for maximum impact within your organization
  • § Dig deeper into Microsoft’s collaborative BA platform – Excel, SharePoint, Azure, Hadoop,
  • Parallel Data Warehouse, and SQL Server.

Connect with us: clip_image001 clip_image002 clip_image003[7]

 

-Ivan

Windows Server 2012 New Features – Data Deduplication

This is another post based on migrating the functions of a few of my Servers to Windows Server 2012. Another favorite features even better than DHCP Failover is Data De-Duplication.

Data deduplication optimizes the file data on the volume by performing the following steps:

1. Segment the data in each file into small variable-sized chunks.
2. Identify duplicate chunks.
3. Maintain a single copy of each chunk.
4. Compress the chunks.
5. Replace redundant copies of each chunk with a reference to a single copy.
6. Replace each file with a reparse point containing references to its data chunks.

I assume everyone is familiar with Server Manager in Windows server 2012, Click on Server Manager from the lower left of your task bar, then click on File and Storage servicesimage

Then Click on Volumes and one of the issues you notice immediately is the disk space savings if you have enabled data deduplication. I am saving 856GB out of 3258GB total space for a 26% savings and I am rounding down the benefit. I would think I might say it looks like you have another 465GB for 3723GB. well one of the rules is you should not deduplicate data on you Boot Partition and there are a few more that I will either mention later in this post or provide the reference on TechNet for your review and use.image

Prior to walking through the 4 or 5 steps to enable Data Deduplication in the next post, there are a couple of issues that you need to be aware of, Data deduplication Requirements:

Data deduplication is supported only on the following:

  1. 1. Windows Server operating systems beginning with Windows Server 2012 with NTFS data volumes

Deduplication is not supported on:

  • 1. System or boot volumes
  • 2. Remote mapped or remote mounted drives
  • 3. Cluster shared volumes (CSV) (but it does support clustered configuration with NTFS volumes)

Deduplication skips over the following files:

  • 1. System/ state files
  • 2. Encrypted files
  • 3. Files with extended attributes
  • 4. Files whose size is less than 32 KB
  • 5. Reparse points (that are not data deduplication reparse points)
  1. Best Practices:
  2. 1. Exclude your Virtual Server Volumes from Data Deduplication
  3. 2. Always perform a full backup before and after the first time you run data deduplication on a volume.
  4. 3. Schedule backups to be performed after your scheduled Garbage collection due to the number of changes that occur in the chunk-store during Garbage Collection
  5. 4. By default Garbage Collection, is configured to run weekly

Note: using data deduplication on SSDs has not had any effect on the SSDs.

  1. Requirements for Drive removal for use in other systems, if keeping the data on the drive
  2. 1. The OS is Windows server 2012 
  3. 2. You have configured Data deduplication on the new system.
  4. 3. OR, You have removed data deduplication from the drive prior to moving the drive to a platform that does not support Data deduplication

Note: as mentioned above to get the drives to work without the documents / files having the appearance of corruption when you attempt to open them on the new system, you will to install and configure data duplication on the new system .prior to moving the drives to the new systems What this means is that you would need to remove data deduplication from the volume prior to installing the drive in ANY Operating System that is MOT Windows Server 2012, this includes Windows 8, I have been attempting to get Data deduplication on my Laptop and it would ne awesome if any of you have done so, I enjoy hearing the step’s you took to get data deduplication to work ion Windows 8

-Ivan

 

Next Page »