Stopping All Running Virtual Machines (Hyper-V)
Published April 6, 2012So, a good friend and fellow MVP asked me for a script to shut down all running virtual machines on a server so she could do cold backups of them. This seemed like a perfectly reasonable request, and my first thought was “Well, this gets really obvious and easy in Windows Server 8” since we have a full set of Hyper-V cmdlets there. But then I sort of remembered doing something like this before, and hunted around and found this old TechNet Wiki article I wrote over a year ago. It wasn’t a full fledged script, but had all the pieces I needed to put together a simple script to stop all the VMs on the local Hyper-V host:
# This is a simple script to stop all the currently running VMs on the local
# Hyper-V host. It could easily be extended to accept a command line
# argument of the name of a remote yper-V hosts or a list of hosts into an array$VMs = Get-WmiObject MSVM_ComputerSystem -computer "." -namespace "root\virtualization"
ForEach ($vm in $VMs) {
if ( $vm.name -ne $vm.elementname ) { # skip the parent’s name
if ( $vm.EnabledState -eq 2 ) { # If the VM is running
$shutdown = Get-WmiObject MSVM_ComputerSystem -namespace "root\virtualization" –query “Associators of {$vm} where ResultClass=Msvm_ShutdownComponent”$shutdown.iniateShutdown($true,”System Maintenance”)
sleep 5
}
}
}
So, what’s happening in that script? Well, Get-WmiObject grags a list of all the VMs on the local Hyper-V Host (-computer “.”), then we simply loop through the list (skipping host itself ($vm.name -ne $vm.elementname), and for each VM that is running ($vm.EnabledState -eq 2), we get a shutdown object for that specific VM and then call the initiateShutdown method on that object.
Note that this is a “forced shutdown”, so is equivalent to “shutdown –s –f” at the command line. Some processes may not get politely shutdown. Too bad, so sad. Since we need this to work regardless of what else is happening, that’s a necessary risk.
Charlie.
Post Footer automatically generated by Add Post Footer Plugin for wordpress.
Remote Desktop Protocol Vulnerability
Published March 15, 2012I don’t usually bother to write about Microsoft patches. After all, they happen every month, and we all are in the habit of patching (updating) moderately regularly. However, the update in MS12-020, described in this post, is both serious, and very likely to be a target in the very near future, though there aren’t any known exploits. Yet.
First, download and install the patch. That’s the obvious fix. However, if there is some particular reason why you can’t install the patch immediately, then you should configure all clients and servers that have Remote Desktop enabled to require Network Level Authentication (NLA). Microsoft has even made it easy for you. At the bottom of the TechNet post are links to apply a registry change to enforce Network Level Authentication. If you’ve got Windows XP or Windows Server 2003 clients, there’s even a Fix-It to turn on CredSSP so that they can connect using NLA.
Finally, you can configure group policy to require NLA on your network (and really, isn’t it about time you did?) Instructions are here: http://technet.microsoft.com/en-us/library/cc732713.aspx.
I know I was lazy about it for a long time, even after pretty much all my downlevel clients were long gone. But now that GPO is set and enabled. And my SBS WSUS server is sending that patch to every computer in my network. No playing around with this one, folks.
Post Footer automatically generated by Add Post Footer Plugin for wordpress.
Posted in Patching, RD Session Host, Security | 
Exploit, Patch, Remote Desktop, Vulnerabilty | 
Leave a commentMapping Drives
Published January 3, 2012My standard environment expects to have several drive mappings wherever I’m logged in to my network. Even when I’m running on a computer that isn’t joined to the domain. To facilitate that, I have a simple “mapdrives.cmd” file that has the necessary net use commands in it to map them. Then my default PowerShell $profile calls mapdrives.cmd. This works well, except that the result is fairly messy if there’s a problem.
Problem? Sure. For example, if my laptop isn’t in the office, then it won’t be able to map the drives on my office network. Or, if the dries are already mapped as part of a group policy, I’ll get an error when I try to map them. So, I decided to get smarter about it. Here’s the relevant section of my $profile:
$InOffice = test-connection -quiet 192.168.50.3
$isMapped = Get-WMIObject -query "Select * from Win32_LogicalDisk where DeviceID=’A:’"
if ($InOffice -and ! $isMapped ){
$maps=’C:\Windows\system32\mapdrives.cmd’
if ($maps) {& $maps }
}
Now there may be even better ways to do this, but for me this works well. The $InOffice test checks for the presence of a server that should be reachable if I’m in the office, but that will not be reachable anywhere else. The $isMapped test checks to see if one of my standard drive mappings has already been done.
The result? If I’m not in the office, it won’t bother mapping drives and thus save some significant startup time while it tried to map them and then failed. And if I’m in the office, but they’ve already been mapped, it won’t bother either, saving no time but keeping my PowerShell window from echoing all those errors as it tries to map something that is already mapped.
Find this useful? Got a better way to do it? Leave a comment, please.
Charlie.
Post Footer automatically generated by Add Post Footer Plugin for wordpress.
Windows MultiPoint Server 2011 UR 1.1 Released
Published November 8, 2011Microsoft has released an update rollup to WMS. This update rollup replaces UR1, which had an installation order problem when installed on an SBS Essentials network (or with Windows Storage Server 2008 R2 Essentials). The details of the update are covered in MS KnowledgeBase article 2626067. UR1.1 is cumulative, so you can install it over the top of UR1 if you already have that installed, or you can install it on a plain RTM system. It will supersede UR1 on WU/MU/WSUS.
(note: if you already have problems because of installing the existing UR1, you need to re-install the SBS Essentials to correct the issue — just connect to http://sbseservername/connect and re-install.)
Charlie.
Post Footer automatically generated by Add Post Footer Plugin for wordpress.
RemoteFX and Windows MultiPoint Server 2011
Published November 3, 2011Windows MultiPoint Server 2011 (WMS) has an option to “Enable RemoteFX” under Server Settings
.
But what does that option actually do? And what IS RemoteFX anyway?
RemoteFX is technology that was included in Windows Server 2008 R2 that is designed to make virtual machines and remote sessions work better. When used with Windows 7 VDI sessions, and with the appropriate graphical hardware, it can leverage that hardware to create a virtual GPU for the VDI session. However, that isn’t something that WMS can take advantage of. However, another piece of the RemoteFX story is an improved codec for RDP sessions, and that is something that WMS can use. The RemoteFX codec is designed to handle video and mixed video and text better across RDP sessions than the native NScodec. When you enable RemoteFX under Server Settings, WMS switches from using the NScodec to using the RemoteFX codec for encoding content that is rendered on the server and sent over the wire via RDP.
To take advantage of it, however, your WMS station needs to be running RDP version 7.1, which means your client needs to be running Windows 7 SP1, Windows ThinPC, Windows 7 Embedded, or one of the third party RDP clients that are 7.1 compliant. I’ve enabled this on my WMS, and it definitely helps with streaming video to an RDP session. It won’t help to a zero USB client, unfortunately, but works well with my repurposed old laptop that is running Windows ThinPC.
Finally, if you have a lot of multimedia needs for WMS, and your physical layout allows it, I suggest using directly connected video for your client stations. This is the best video solution, and with a couple of modern video cards in your WMS server you can easily get 8-10 stations directly connected. If you need more stations than that, using RemoteFX and a client running an version 7.1 compliant RDP client will provide a quite acceptable experience.
(Thanks to Dean Paron at Microsoft for clarifying some key points around RemoteFX. Any errors are my mine, not his.)
Charlie.
Post Footer automatically generated by Add Post Footer Plugin for wordpress.
Office 365 Integration Module Beta
Published November 1, 2011The beta of the Office 365 connector (officially known as the “Office 365 Integration Module”) for Windows Small Business Server 2011 Essentials is now available. See the post on the Official SBS Blog. This is still only a beta, but is now widely available. I haven’t heard any news about when we will finally have a released version of this connector.
Charlie.
Post Footer automatically generated by Add Post Footer Plugin for wordpress.
Windows MultiPoint Server Disconnects
Published October 19, 2011There is a known issue with Windows Server 2008 R2 (and Windows 7) that causes the network interface to change “location” from a Domain network to a Public network under some conditions. This is described in MS KnowledgeBase article: 2524478. The situation that causes this is made more likely to happen on a WMS server because of the Loop Back Adapters. I’ve been running this particular hotfix here for more than a week, with no ill effects. And a whole lot fewer WMS disconnects from my RDP clients! If you are using WMS, and using RDP clients, I strongly recommend that you download a copy of this hot fix and apply it if you’re seeing any unexplained disconnects from these clients.
Charlie.
Update1: There’s a new blog post up on the Official SBS Blog that talks about this. If you’re running WMS, you really want to get this hotfix.
Update2: If you’re running through a Remote Desktop Gateway (RD Gateway) to connect to your WMS server, you should install this hotfix on the RDGateway box as well. For example, on my SBS 2011 Standard network, my laptops use applications on the WMS server using RemoteApps. But I have them set to go through the RD Gateway on my SBS server, even when I’m in the office. This allows my connections to stay the same regardless of whether I’m in the office or on the road. I was still getting some disconnects even after installing this hotfix on the WMS server. But when I added them to the SBS server (my RD Gateway, remember), the disconnects went away. I haven’t had one all day. WOOT!
Post Footer automatically generated by Add Post Footer Plugin for wordpress.
Configuring Applications for Windows MultiPoint Server, part II
Published October 18, 2011As I said in my previous post on application compatibility in Windows MultiPoint Server 2011 (WMS), most applications run without any special configuration or changes. They see WMS as just another Windows Server 2008 R2 or Windows 7 computer. Or, if they’re fairly smart applications, as a Remote Desktop Session Host (aka, Terminal Server). But every once in a while, some aspect of a particular application doesn’t play well with WMS. Sometimes, as in the previous post, it’s really that it doesn’t play well with any terminal server because it doesn’t understand about multiple users. But other times, it’s strictly a WMS problem, and that usually makes me want to look at what is going on with networking and the application.
Why networking? Because WMS uses a bunch of “loop back adapters”(LBAs) to do some of the magic it does. And when an application sees that many network cards on a computer, sometimes it gets confused about which one to use. One such application is Amazon’s Kindle for PC (K4PC). On a normal Windows 7 or Windows Server 2008 R2 computer, it starts up fairly quickly and loads your current library, and if you’re currently reading a book, it opens to the latest page read on any device you might happen to be reading it on. Cool. But that means it needs to “phone home” to find out if you’ve read past the current point it knows about locally, and while it’s at it, it checks for a new version. Apparently, this phone home can get confused about which adapter to use and ends up taking what seems like forever to load. (It’s actually only about 30-40 seconds, but that’s a long time when you’re waiting for it.)
So, what to do about it? Two changes can make all the difference, and both are disabling automatic proxy checking. First, in K4PC, open Options from the Tools menu, and select Network in the left pane, as shown here:
Select No Proxy, or set the specific proxy settings that your network requires. Either is better than Auto-Detect. Next, change the settings on Internet Explorer to disable autodetect. (Depending on your IE version, this will be in the LAN Configuration settings, as shown below: )
Again, disable Automatically Detect Settings.
Restart your WMS server to make sure there are no open IE windows and you should see a noticeable improvement in the speed of K4PC. And consider this a likely culprit for any application that has a very slow start in WMS.
Charlie.
Post Footer automatically generated by Add Post Footer Plugin for wordpress.
Posted in Kindle, MultiPoint, RD Session Host, WMS | AppCompat, Application Compatibility, MultiPoint, Terminal Server | Leave a commentConfiguring Applications for Windows MultiPoint Server
Published October 6, 2011Most applications install cleanly in Windows MultiPoint Server 2011 (WMS) without any special tricks. They’re smart enough to not attempt to write critical files that can’t be shared into locations where they shouldn’t be. But some applications simply aren’t Terminal Server aware, and those can be an issue. One we ran into recently is Audible Manager. If you’re using a Zune or Sansa or other non-Apple product to listen to your Audible books, you need Audible Manager to transfer your books to the device. Well, needless to say, as we’re moving users to WMS, one of their requirements is to be able to use Audible Manager.
The first problem was USB support so they can connect their device. That was easy, I just installed KernelPro for them. But that brought up a second issue. When two people try to run Audible Manager at the same time, the second person gets a “Can’t open Content.aud” error. Why? Because Audible Manager installs it into “C:\Program Files (x86)\Audible\bin”. That’s a really bad idea, and bad programming practice, to say the least. But I found a workaround, and it actually does what Audible should have already been doing.
- Close audible manager.
- Navigate to "C:\Program Files (x86)\Audible\Bin".
- Cut "content.aud" and paste someplace you can find it and get to it.
- For EACH USER (this is the part that’s a pain!):
- Navigate to %userprofile%\AppData\Roaming
- Create a new folder "Audible"
- Drop a copy of "Content.aud" into the folder
- Start Audible Manager.
- When Audible Manager can’t find content.aud, it will prompt you to either “Create A New, Empty File" or "Browse For An Existing File".
- Choose Browse, and then point to the file you just dropped in Roaming for the user.
- Repeat the sub-steps for each user. (or, if you’re doing this on a new server, do this and then copy to the default profile, and it will happen automatically when you add a new user.)
You’ll probably want to start with an empty content.aud file to do this. And, yes, it shouldn’t be necessary. I’ve already filed a report with Audible.com, but don’t expect any fixes any time soon.
While this is just one application, it also points to a way that can work with other ill-behaved applications. No guarantees, of course. But worth a try.
Post Footer automatically generated by Add Post Footer Plugin for wordpress.
Microsoft ITPro Satisfaction Survey
Published October 3, 2011A couple of times a year, Microsoft sends out a satisfaction survey to ITPros. I have no idea how one does, or does not, end up on that list, but should you happen to get an email, I’d strongly suggest you take the time to fill it out. If you’re like me, you undoubtedly have a few issues you’d like to raise, and this can be a good way to do it. But you should also take the time to make sure you tell them what they’re doing right, not just what they’re doing wrong.
A few thoughts on things to think about as you’re filling out the survey:
1.) Help and support – how well do you think MS is doing? How easy is it to find the answers you need? And how useful are the support people when you really need help? What are some of the resources for answers? Here are a few:
- · Microsoft Product Solution Center – Get product support information for the majority of Microsoft products.
- · Microsoft Answers – Ask questions and get answers from real people, or search for answers others have received.
- · Microsoft Fix it Solution Center – Find automated solutions for your issues.
- · @MicrosoftHelps – Follow Microsoft Customer Service and Support on Twitter. Experienced customer service agents respond to your questions in real-time tweets.
- · Enterprise Business Center – Access resources for enterprise customers.
- Microsoft Small Business Center – Find resources for small and medium-sized businesses.
One of the changes I’ve appreciated is the ease of getting hot fixes – either automated fix-its, or just the ability to download a hotfix without having to go through a bunch of rigmarole .
2.) Security – Here, I think MS is doing an excellent job. Are there things I would like? Yes – Forefront Endpoint Protection for my SBS Server. But meanwhile, Security Essentials for home and very small businesses, or Microsoft InTune for small to mid-sized businesses are both great solutions on the desktop. And IE9 is safer even than IE8, and I thought IE8 was a darn good browser. Some security resources:
- · Microsoft Security Essentials – Free Anti-Malware software from Microsoft, great for Small Businesses and Home PCs alike.
- · Security Bulletins by the Regular IT Guy – A monthly podcast to help simplify details about the monthly Security patch releases.
- · Security TechCenter – Find top tasks, get the latest news, find a wiki article or download a featured tool.
- · Windows Update Services – Businesses of all sizes can help manage and control the rollout of updates in their organizations.
3.) Licensing – they keep telling us they’ve made it easier and simpler. Sorry, I’m not seeing it. I just spent 4 days in Las Vegas at SMBNation (good show for any one in the SMB space, by the way.) And the one thing I’m sure of is that people do NOT understand Microsoft licensing and they don’t much like it either. I’m annoyed no end that I can’t buy a copy of Windows Storage Server 2008 R2 Essentials (WSSE) from HP or Dell or my favourite distributor to build my own. So far, there’s only one OEM of WSSE available in North America, and that’s from High Rely. But by all means, put MS to the test on their licensing claims. Try one of these resources, and let them know what you think:
- · Licensing FAQs: Frequently Asked Questions About Product Licensing
- · The SMB How to Buy Portal: receive clear purchasing and licensing information that is easy to understand in order to help facilitate quick decision making.
- · Microsoft License Advisor (MLA): Use MLA to research Microsoft Volume Licensing products, programs and pricing.
- · Volume Licensing Service Center (VLSC) – Already have a volume License? Use the VLSC to get you easy access to all your licensing information in one location.
- · Windows 7 Comparison: Compare versions of Windows and find out which one is right for you
- · Office 2010 Comparison: Find out which Office suite is right for you.
4.) Training and Online Resources – OK, I think they are doing a pretty good job here. There are quite a few free or reasonably priced resources available for training, and TechNet has some excellent content. Even if you have to use a third-party search engine to find it sometimes.
For training, try: . The Microsoft Virtual Academy
For eval versions to train with: Microsoft Eval Center
Post Footer automatically generated by Add Post Footer Plugin for wordpress.