Luka Manojlovic » MS Windows server

Hyper-V virtual machine backup script…

manojlovicl — Thu, 29 Sep 2011 10:59:27 +0000

Today my friend Marko Cepe sent me his VBS script that does great job to backup virtual machines that are running on Hyper-V.
This script does shut down virtual machine by sending shut down command to machine using integration services, then it waits virtual machine to enter stopped state, after that it does export of the machine and turns the machine back on.

Usage:

C:\SKRIPTE\> ExportVM.vbs VMName ExportDirectory

Example:

C:\SKRIPTE\> ExportVM.vbs TestVM X:\Backup\TestVM

Click, download and enjoy the script.

Comments appreciated…

SBS2011 RDGateway (g)UI?

manojlovicl — Wed, 03 Aug 2011 16:29:24 +0000

Many of you have asked where you can find RDGateway user interface in SBS 2011 – in fact RDGateway is working but you can not access its interface in SBS 2011. Well you can do that by reading this MS KB article…

How to Manage the Remote Desktop Gateway Service in SBS 2011
http://support.microsoft.com/kb/2472211

My contribution to IPv6 day – Configuring IPv6 in Windows server 2008 R2 – video tutorial

manojlovicl — Wed, 08 Jun 2011 21:44:20 +0000

My contribution to IPv6 day will be this small “lab” test where I will show you some basic IPv6 configuration that you can do with Windows server 2008 R2.
Here are the videos:

IPv6 day – configuring IPv6 in Windows server 2008 R2 part 1 - http://www.screencast.com/t/Ifj2lx4hTG
IPv6 day – configuring IPv6 in Windows server 2008 R2 part 2 – http://www.screencast.com/t/PSf3q5yr4BF

What do we have in our LAB?

1. Windows server 2008 R2 with two network cards:
External – with IPv6, gateway and DNS configured
Internal – with IPv6 address only

External IP has internal class static routed on our Cisco router in front of Windows server external card.

2. Windows 7 machine with single network card that is connected to the same switch as servers’ internal card.

What will we do:

In the fist video:

First we will start with some basic checking of network configuration on server.
Then we will run netsh (I run a command prompt with “Run as administrator”) and go to
netsh / interface / ipv6

with command

show route we can see ipv6 routes currently configured – we would like to enable publishing of route that I have highlighted in the video.

set route PREFIX INTERFACE_NUMBER publish=yes

then we will run an command to enable advertising, to disable address management (so Windows 7 will generate IPv6 without help od DHCPv6) (M flag) and we will disable other stateful configuration (O flag).

set interface INTERFACE_NUMBER adv=enabled managed=disabled other=disabled

Meanwhile we are checking IPv6 connectivity from our Windows 7 machine… Windows 7 is still unable to ping outside the network…

well we need to configure some other stuff on server now… we will enable forwarding on our two interfaces (External and Internal)

set interface INTERFACE_NUMBER forwarding=enabled

still no connectivity from win 7?

last step that we need to do on our server is to advertise default route to our clients…

set interface INTERFACE_NUMBER advertisedefaultroute=enabled

So our Windows 7 sudenly start to recive ICMPv6 echo replyes from some IPv6 machine outside our network WUHU!

But Windows 7 machine is not able to resolve hostnames to IPV6 addresses – this is becouse we have now global IPv6 address configured and default gateway – so we have connectivity but we are not able to resolve hostnames as we do not have any DNS servers to do that.

On Windows server 2008 R2 I will start the installation of two roles – first DHCP role which I wil configure later and DNS role.

When the roles are installed I will configure so called forwarders on my DNS server so my clients will be able to use my server as a DNS server for their queries.

In the second video:

I will first flush IPv6 configuration on Windows 7 machine by using command
ipconfig /release6
ipconfig /renew6 (is the opposite command to regain IPv6 configuration)

Secondly I will configure DHCPv6 server by starting New Scope wizard under IPv6 settings…

I will configure prefix – this ipv6 prefix of Internal network card

Skip the exceptions and activate the scope…

You will see that Windows 7 still did not ask DHCPv6 servers for address this is becouse managed flag is set to disabled on server so…

in netsh / interface / ipv6 we need to activate managed flag by inserting this command:

set interface INTERFACE_NUMBER managed=enabled

Our Windows 7 machine can now be found in IPv6 leases on our DHCP server – but still it is unable to ping hostnames on the internet… This is becouse our DHCPv6 server is not giving DNS servers as scope options and Other stateful flag is disabled.

So we first need to add DNS Recursive Names Server IPv6 Address in our Scope options and then use netsh command:

set interface INTERFACE_NUMBER other=enabled

Yeeepppeee!!! Our Windows 7 is ready to ping hostnames on the internet – so it is able to surf the IPV6 internet…

When I am finishing this article is 8.6.2011 23:37 – this is my small contribution to IPv6 day so happy IPv6 day to all of you!

Get IP address of virtual machines running on Hyper-V – FIXED!

manojlovicl — Wed, 16 Mar 2011 14:10:48 +0000

Big thank you – goes to Max Trinidad my fellow MVP from Powershell group…

Here is errorless script - much better than mine!

Copa, paste and save as .ps1 - then run on your Hyper-V server and you will get IP’s of your virtual machines…

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned

## – Use Line below to list all your Virtualization Class
#get-wmiobject -namespace “root/virtualization” -list

## – Load filter (or function first)
filter Import-CimXml{

    $CimXml = [Xml]$_
    $CimObj = New-Object -TypeName System.Object

    foreach ($CimProperty in $CimXml.SelectNodes(“/INSTANCE/PROPERTY”)){
        if ($CimProperty.Name -eq “Name” -or $CimProperty.Name -eq “Data”){
            $CimObj | Add-Member -MemberType NoteProperty -Name $CimProperty.NAME -Value $CimProperty.VALUE
        }
    }

    $CimObj
}

## – Collect WMI Virtual information
$getWmiVirtual = Get-WmiObject -Namespace “root\virtualization” -Query “Select * From Msvm_ComputerSystem” | sort-object elementname

## – Build your results from your collected objects
ForEach($v in $getWmiVirtual){
    $vm = $v.ElementName;
    $VmObj = Get-WmiObject -Namespace “root\virtualization” -Query “Select * From Msvm_ComputerSystem Where ElementName=’$vm’”;
    $KvpObj = Get-WmiObject -Namespace “root\virtualization” -Query “Associators of {$VmObj} Where AssocClass=Msvm_SystemDevice ResultClass=Msvm_KvpExchangeComponent”;
    if($KvpObj.GuestIntrinsicExchangeItems -ne $null){
        write-host $vm;
        $KvpObj.GuestIntrinsicExchangeItems | Import-CimXml | where {$_.NAME -match “NetworkAddressIPv4″} | ft;
    }
}

## – End of Script

Get IP address of virtual machines running on Hyper-V

manojlovicl — Sun, 20 Feb 2011 15:33:01 +0000

I have been searching for an easy solution to somehow “scan” virtual machines and get their IP addresses becouse sometimes you need to find your virtual machines and it is more practical to somehow get a whole list of machines + IPs in stead of loging in from machne to machine and check IP… Well it can be done using Powershell… I have encountered an article but the problem is that here you need to put machine name on which you want to get data… I modified this script a bit so it looks like:

Get-WmiObject -Namespace root\virtualization -Query “Select * From Msvm_ComputerSystem”| sort-object elementname | ForEach-Object {$vm = $_.Elementname
write-host $vm
filter Import-CimXml
{
    $CimXml = [Xml]$_
    $CimObj = New-Object -TypeName System.Object
    foreach ($CimProperty in $CimXml.SelectNodes(“/INSTANCE/PROPERTY”))
    {
if ($CimProperty.Name -eq “Name” -or $CimProperty.Name -eq “Data”)
{

$CimObj | Add-Member -MemberType NoteProperty -Name $CimProperty.NAME -Value $CimProperty.VALUE

}
}
$CimObj
}
$VmObj = Get-WmiObject -Namespace root\virtualization -Query “Select * From Msvm_ComputerSystem Where ElementName=’$vm’”
$KvpObj = Get-WmiObject -Namespace root\virtualization -Query “Associators of {$VmObj} Where AssocClass=Msvm_SystemDevice ResultClass=Msvm_KvpExchangeComponent”
$KvpObj.GuestIntrinsicExchangeItems | Import-CimXml
} | where {$_.NAME -match “NetworkAddressIPv4″} | ft
read-host

So… Copy paste this script to an text file and save it as getip.ps1 and run it using powershell – it does need any other modules you should only run it on Windows Server where you have Hyper-V role installed… (I do not remember but I think you should enable execution policy for ps1 scripts… If you have truble executing your ps1 check here…)

By the way… This script has an error first virtual machine name will not fit in table (I do not know why ) and you will get an error when this script will try to analyze your Hyper-V host machine… I do not know how to solve this two errors if someone out there solves it please provide feedback. Thank you!

SBS 2011 – Import PST in Exhange 2011

manojlovicl — Tue, 11 Jan 2011 22:56:02 +0000

To enable import and export of mailboxes on SBS 2011 you need to:

Go to Windows SBS console and create a security group – that shuld be universal (by default) for example: Mailbox management

Add administrator / admin account to the group

Then you need to enable “import / export” feature on members of this group. To do that you need to open Exchange Management Shell (Powershell with Exchange 2010 modules) as administrator and write:

New-ManagementRoleAssignment -Name “Import Export Mailbox Admins” -SecurityGroup “Mailbox management” -Role “Mailbox Import Export”

After that you can folow my article to import or export mailboxes…

Sinergija 2010 q&a 2 – sbs 2008 / sbs 7 – tips and tricks

manojlovicl — Thu, 18 Nov 2010 10:47:09 +0000

Here are answers to the questions that we were discusing on my session @ Sinergija 2010

Wsus and port question:
http://www.wsus.info/index.php?showtopic=10906
http://www.wsuswiki.com/WSUSServerFAQ

Console crash reasons?
http://blogs.technet.com/b/sbs/archive/2009/03/12/sbs-console-crashes-when-duplicate-entries-from-av-products-are-written-into-security-center.aspx

Migration? Check this out:
http://www.sbsmigration.com/

Backup solutions for SBS 2008 – we had a presentation on Slovenian Small Business Specialists Community SI try this one…
http://www.backupassist.com/index.html

SBS 2008 / Exchange 2007 remote.company.com and TLS…

manojlovicl — Sun, 05 Sep 2010 12:18:02 +0000

Everyone that has ever installed SBS 2008 has encountered the wizard that create certificate and remote workplace – by default called remote.company.com (yes, you can chose other prefixes but let say that I like remote becouse it is easy to remember for my users…).
SBS wizards generates a certificate for this hostname and uses it for all services (Outlook web access, Active Sync stuff and also for SMTP receive and send connectors…).
The problem is when you want to rename your SMTP receive and send connectors to match the records in DNS. It is a best practice to have same SMTP greetings as the records in DNS so for example if you have a domain company.com and you have an host record A called mail.company.com and MX record pointed to mail.company.com it is correct and I suggest you to folow this rule to have SMTP greeting or fqdn for SMTP connectors to match mail.company.com.

You can rename your connectors however you want by using Exchange management console but you will lose functionality of TLS in SMTP traffic – becouse the certificate remote.company.com does not match fqdn or smtp greeting of a connector that advertise mail.company.com. You will also get an error in Event log saying:

Microsoft Exchange could not find a certificate that contains the domain name mail.company.com in the personal store on the local computer…

Ok, what can we do now?

Well turn on Exchange Management Shell – that is Powershell with modules for Exchange 2007 management – you can find it in star menu… And first of all we want to see current Exchange certificates that are enabled for Exchange services by using cmdlet:

[PS] C:\Windows\System32>Get-ExchangeCertificate

and you wil receive something like this:

Thumbprint                                Services   Subject
———-                                ——–   ——-
45EEEB44DF4BFE2EB1B7A7592EA1DF5BF93F44B4 IP.WS      CN=remote.company.com
42F146B12BEF918A6A8FC730F5AA87AC4ACB1CEB IP..S      CN=remote.company.com
817F1311CB72FB70F962EC0FAD2D8FA857F114A4 ….S      CN=sbssrv01.company.local
4BAAC7906689AFF0129767CF492AAE058B5DF494 ….S      CN=Sites
8F1D9C5FEB6EF0C39F25175AFBDEA54FE9668EF9 …..      CN=xxxxxx-xxxxxxxx-CA
8E4F33523325500F38ECF41FCDFBBE684AFC6145 …..      CN=WMSvc-WIN-K7KGUV5MQ40

Now we should create a new certificate that we will use for SMTP connectors by using cmdlet:

New-ExchangeCertificate -domainname mail.company.com -PrivateKeyExportable:1

Warning! When you are asked if you want to overwrite certificates chose No!

Confirm
Overwrite existing default SMTP certificate,
’45EEEB44DF4BFE2EB1B7A7592EA1DF5BF93F44B4′ (expires 14.1.2012 22:37:04), with
certificate ’59D62E7850EE4093AFF1EC73E2623D52058C2B35′ (expires 27.1.2015
17:09:02)?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help
(default is “Y”): N

so we get output:

Thumbprint                                Services   Subject
———-                                ——–   ——-
59D62E7850EE4093AFF1EC73E2623D52058C2B35 …..      CN=mail.company.com

Great! If we want to be shure that everything is working correctly and that Exchange SMTP service is using our new certificate we can use cmdlet:

[PS] C:\Windows\System32>Get-ExchangeCertificate

[PS] C:\Windows\System32>

Thumbprint                                Services   Subject
———-                                ——–   ——-
59D62E7850EE4093AFF1EC73E2623D52058C2B35 ….S      CN=mail.company.com
45EEEB44DF4BFE2EB1B7A7592EA1DF5BF93F44B4 IP.WS      CN=remote.company.com

42F146B12BEF918A6A8FC730F5AA87AC4ACB1CEB IP..S CN=remote.company.com

817F1311CB72FB70F962EC0FAD2D8FA857F114A4 ….S      CN=sbssrv01.company.local
4BAAC7906689AFF0129767CF492AAE058B5DF494 ….S      CN=Sites
8F1D9C5FEB6EF0C39F25175AFBDEA54FE9668EF9 …..      CN=xxxxxxxxxxx-xxxxxxxxxxxx01-CA
8E4F33523325500F38ECF41FCDFBBE684AFC6145 …..      CN=WMSvc-WIN-K7KGUV5MQ40

We can now see that SMTP connectors are using all certificates (S defnies SMTP service).

Ok… How can you test that TLS works?

You can try it by using telnet client and connect to your server:

telnet mail.company.com 25

Exchange should respond something like:

220 mail.company.com Microsoft ESMTP MAIL Service ready at Wed, 27 Jan 2010 17:
12:09 +0100

then you can write:

helo test.blablabla.com

220 mail.company.com Microsoft ESMTP MAIL Service ready at Wed, 27 Jan 2010 17:
13:07 +0100
helo test.blablabla.si
250 mail.xxxxxxxxxxxxxxxx.si Hello [xxx.xxx.xxxx.xxx]

after that enter command:

starttls

server should respond:

220 2.0.0 SMTP server ready

Server ready? Super!

PS.

If you did miss something you will receive error from server saying:

starttls
500 5.3.3 Unrecognized command

If you get that? Read this tutorial again

PS. PS. You do not need to restart anything when you apply this commands… No need for restarting Exchange services…

Special thanks to Saso Erdeljanov for some hints about this issue…

Exchange 2007 / 2010 – remove headers

manojlovicl — Mon, 24 May 2010 21:57:47 +0000

If you are using Windows server 2008 SBS or Exchange 2007 or Exchange 2010 you send with your e-mail also mail headers that (I think) you would not like to “share” with external world:

Received: from mail.server.si (xxx.xxx.xxx.xxx) by mail.server2.si
(172.31.200.2) with Microsoft SMTP Server (TLS) id 8.2.247.2; Wed, 19 May
2010 13:08:47 +0200
Received: from SRVEXCH01.domain.local ([10.11.12.2]) by SRVEXCH01.domain.local
([10.11.12.2]) with mapi; Wed, 19 May 2010 13:08:02 +0200
From: xxxxx xxxxx xxxxx@xxxxx
To: =?iso-8859-2?Q?xxxxx_xxxxx=E6_=28xxxxx=xxxxx=2Exxxxx=29?=

Return-Receipt-To: xxxxx@xxxxx
Date: Wed, 19 May 2010 13:08:00 +0200
Subject: xxxxx
Thread-Topic: xxxxx
Thread-Index: Acr3Q4r6dSBNnU37R9ypBLYy8PMzcA==
Message-ID: <13204AAD07BCDD4EB69C3367FF1783A9124C065BB2@SRVEXCH01.domain.local>
Accept-Language: sl-SI
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: sl-SI
Content-Type: multipart/alternative;
boundary=”_000_13204AAD07BCDD4EB69C3367FF1783A9124C065BB2_”
MIME-Version: 1.0
Return-Path: xxxxx@xxxxx
X-MS-Exchange-Organization-PRD: xxxxx.si
X-MS-Exchange-Organization-SenderIdResult: Pass
Received-SPF: Pass (xxxxx.xxxxx.xxxxx: domain of xxxxx@xxxxx
designates xxx.xxx.xxx.xxx as permitted sender) receiver=xxxxx.xxxxx.local;
client-ip=xxx.xxx.xxx.xxx; helo=mail.xxxxx.si;
X-MS-Exchange-Organization-SCL: 1
X-MS-Exchange-Organization-PCL: 2
X-MS-Exchange-Organization-Antispam-Report: DV:3.3.8917.498;SV:3.3.8919.449;SID:SenderIDStatus Pass;OrigIP:xxx.xxx.xxx.xxx

If you want to remove this stuff we need to create a Hub Transport Rule:
Open Microsoft Exchange Console
Navigate to:
Microsoft Exchange \ Organization Configuration \ Hub Transport \ Transport Rules

Right Click and select New Transport Rule and name it “Remove headers” click Next,

chose From users inside or outside the organization and select Inside click Next,chose Remove header and as message header just write: Received twice click Next…

You are done… Headers will not be sent any more to users outside the organization…

Bye,
Luka (under influence of wonderful NT Konferenca 2010)

Windows Server 2008 R2 Foundation on HP ML 110 G6 – SBSBIOSLock

manojlovicl — Fri, 21 May 2010 16:59:15 +0000

NT Konferenca 2010 is almost here…

While preparing my demos for my sessions I needed to install Windows server 2008 R2 Foundation on an HP ML 110 G6 which was given to me for demos…
After unpacking and starting the server I inserted DVD with installation inside… I get this nice screen telling me Validantih HP Platform Please Wait …

After a minute I got this error – a popup windows came up with folowing message:

SBSBIOSLock

could not find the media

If you want to continue your installation you need to get to HP BIOS and change the value on SATA emulation from RAID to AHCI. It worked for me… Well leave me alone I need to finish my installation.