Reconfigure Hyper-V replica replication interval

I like the feature of Hyper-V replica – but sometimes if you are configuring it quickly you might fail to set the right replication interval (by default 5 minutes). There is a possibility in PowerShell to change the interval so for example if you have configured your replication to happen every 5 minutes and you want to change that to 30 seconds you can do it by using this cmdlet (this one will change all current replicas to 30 seconds – you can do it for individual replication also):

Get-VMReplication | Set-VMReplication -ReplicationFrequencySec 30



Sending SMS using Infobip service and MikroTik tool / fetch feature

My recent article related to enhancement of Netwatch feature in MikroTik was created as a prerequisite for a simple alerting solution with e-mail / SMS notifications channels.

I am using Infobip SMS platform and they have clear and simple API solution (nicely documented) for sending SMS messages (I was able to make it work from Powershell – documented here.).

I was searching a bit and I saw that MikroTik changed something in the way tool called fetch works when we need to send header fields – as it can be read here, here and in official documentation here.

The working command – tested on MikroTik with RouterOS 6.44.3 (june 2019) is:

/tool fetch http-method=post mode=https http-header-field=”content-type:application/json,Authorization:Basic key23123832″ http-data=”{ \”from\”:\”MyMonitoring\”, \”to\”:[\”386xxyyyzzz\”], \”text\”:\”HOST x.x.x.x DOWN\”}” url=

So – the important thing to point out is the way you provide http-header-field:
http-header-field=”content-type:application/json,Authorization:Basic key23123832″

Hope it helps!

MikroTik – Netwatch enhanced (updated June 2019)

With MikroTik one can create an excellent e-mail / SMS alerting system when a host goes down or returns up.
In Tools there is Netwatch feature – but it has one disadvantage – it triggers “up” or “down” commands / scripts – but sometimes one missed ping does not mean that the host is permanently offline / online. Because of that I have written a script that can extend the ping checks (in my example for another 10 seconds – after first ping failed (triggered by Netwatch)) and only after being absolutely sure that host is offline or online triggers an event – e-mail message or SMS message (using some SMS gateway – covered in this article).

As you can see scripts can successfully handle event when host goes offline and when it comes online again:

Scripts can also handle “flapping host” (host going down and returning up in less then 10 seconds) behavior:


What do you need to setup such monitoring system:
1. Tools / Netwatch – create two entries for same host:
example 3

2. System / Scripts – you will need to create two scripts – for down and up events:

on-down – script:
:log error message=”Host x.x.x.x is down! Disabling Netwatch host down monitoring – taking over with script on-down – checking reachability of host x.x.x.x each second for ten seconds!”
:tool netwatch disable numbers=0
:local countup value=0
:while (($countup < 10) && ([:ping address=x.x.x.x interval=1 count=1]=0)) do={:set countup value=($countup+1); :delay 1000ms; :log error message=”Host x.x.x.x is offline. Check number: $countup” };
:if ($countup < 10) do={:log warning message=”Host x.x.x.x online again in less than ten seconds/checks – up on check number: $countup. Enabling netwatch.”; :tool netwatch enable numbers=0; :tool e-mail send subject=”Host Up after $countup” body=”Host Up after $countup”; } else={:log error message=”After ten seconds/checks host x.x.x.x is still offline – probably there is an major issue/outage – sending e-mail/SMS.”; :tool e-mail send subject=”Host x.x.x.x Down” body=”Host x.x.x.x Down! Host x.x.x.x Down!”;}
:tool netwatch enable numbers=1

on-up – script:
:log warning message=”Host x.x.x.x is up! Disabling Netwatch host up monitoring – taking over with script on-up – checking reachability of host x.x.x.x each second for ten seconds!”
:tool netwatch enable numbers=0
:local countdown value=0
:while (($countdown < 10) && ([:ping address=x.x.x.x interval=1 count=1]=1)) do={:set countdown value=($countdown+1); :delay 1000ms; :log warning message=”Host x.x.x.x is online. Check number: $countdown” };
:if ($countdown < 10) do={:log error message=”Host x.x.x.x offline again in less than ten seconds/checks – down on check number: $countdown. Enabling netwatch monitoring.”; :tool netwatch enable numbers=1; :tool e-mail send subject=”Host x.x.x.x Down after $countup” body=”Host x.x.x.x Down after $countup”; } else={:log warning message=”After ten seconds/checks host x.x.x.x is still online – probably everything is ok – sending e-mail/SMS.”; :tool e-mail send subject=”Host x.x.x.x Up” body=”Host x.x.x.x Up! Up!”;}
:tool netwatch enable numbers=0


S2D 2.0 (Windows server 2019) – Nested mirror and Nested mirror accelerated parity – how to expand a tier / volume?

As a big fan of S2D since Windows server 2016 and with more than 15 implementation of various systems and configurations I wanted to help you out with resizing of new (only 2 node S2D on Windows server 2019 supported) feature called Nested mirror and Nested mirror accelerated parity volumes.

First of all – just to be short – Microsoft did a great job to address the possibility of two simultaneous failures in two node S2D scenarios. You have the possibility to use two resiliency mechanisms – one that gives you more performance but it takes a lot of space called – Nested mirror (so all the data is written 4 times – 2 times on one node an 2 times on the other) which gives you ~ 25% of usable space and Nested mirror accelerated parity where you combine nested mirror with parity so you are able to achieve around 40-45% of usable space – but yes – party tier is more compute intensive as redundancy must be calculated – so it reduces performance (test so far do not show dramatic impact).

You can read more about this two options that were released with Windows server 2019 on a Microsoft website – official documentation.

I was playing a bit with configuration of some volumes by using this two new options and I decided to create a mirror accelerated parity which can be done by using Powershell (for not that is the only option).

I created tier templates as described in MS documentation (mentioned earlier). So I finished with the result that looks like:

Get-Volume -FriendlyName NestedMirrorAcceleratedParity | ftps2

Underneath you can see that there are two tiers that are fundamental parts of this volume.

Get-StorageTier | ft FriendlyName,TierClass,ResiliencySettingName,FaultDomainREdundancy,Size,FootprintOnPool

So if you want to extend your volume you must extend first of all every tier (or only one of them) – so in this case: NestedMirrorAcceleratedParity-NestedParity and/or NestedMirrorAcceleratedParity-NestedMirror.

You can do it just by using commandlet – for example for party tier:

Resize-StorageTier -FriendlyName NestedMirrorAcceleratedParity-NestedParity -Size 6TB

*System will not allow you to go over size of total pool capacity – for example my pool has 24 TB of space – my nested mirror and resiliency have a pretty nice footprint on pool so what I did was a volume that was created from 1 TB of nested mirror (for speed) and 7 TB of parity (for capacity) – S2D / ReFS will take care of dynamic hot/cold data placement.

As you can see the sum of FootprintOnPool in TB is under my total capacity and system does not allow me to make a bigger tiers. You can also see storage efficiency that I get from physical disks after using this two resiliency mechanisms.


After resizing one or both tiers than you can query your virtual disk for supported size that it can be extended to.

Get-VirtualDisk -FriendlyName NestedMirrorAcceleratedParity | Get-Disk | Get-Partition | Where Type -eq Basic | Get-PartitionSupportedSize

After receiving the maxsize parameter you can expand your virtual disks partition (in my case from 6 TB to 8 TB (of which 1 TB nested mirror and 7 TB nested parity):

Get-VirtualDisk -FriendlyName NestedMirrorAcceleratedParity | Get-Disk | Get-Partition | ? Type -eq Basic | Resize-Partition -Size 8796076224512

As a result you can see that disk that was resized from 6TB to 8TB in Admin center which I encourage you to try and to start using if you are jumping in Microsoft software defined storage / network journey!

admin center

Running MikroTik router on Azure

Yes, it is possible to do it – you just need to:

1. Download pre-prepared vhdx image from MikroTik downloads site,
2. Run it for the first time on your on-prem Hyper-V (accept licence agreement and just check the basic configuration (username / password, interface(s)).
3. Convert (in Hyper-V manager) disk from VHDX to VHD and from Dynamic to Fixed size VHD (you can do it in a single operation)
4. Go to Azure portal and upload your VHD file to Blob storage
5. Prepare a disk image and vm image (that you will later deploy).
6. And finally – deploy. 🙂

What can you do with MikroTik router on Azure network? A lot of things:
1. You can use other VPN solutions to get connected to Azure network
2. You can (by using EoIP) make L2 connection to Azure network (so you can run VMs without changing IP addresses (and DNS records) which might be cool for DR solution? Unfortunately you can not do that as Azure VNet gateway captures and replies to all ARP requests so everything passes via VNet gateway (x.y.z.1) so it is not possible to extend the network as far as I was able to test.
3. You can “bring” IPv6 network (from on-prem location) to Azure

running mikrotik on azure


Get e-mail alert for failed logon attempt on Outlook Web Access (OWA)

Just for fun I tried to establish a mechanism that will allow me to get information for failed logon attempt on Outlook Web Access (OWA).

If you open event viewer on your CAS server (where OWA is located) you can find out that failed requests are logged with Event ID 4625.

In general information you can find interesting things like – username which was used and IPv4 or IPv6 address from where the attempt was made.
All you need to do is to Attach task to this event
As all other actions are deprecated you should use the option to Start a program – here we will run a Powershell script to do the job.
We need to create a PS1 (powershell script) with content:

$EventMessage = get-winevent -FilterHashtable @{Logname=’Security’;ID=4625} -MaxEvents 1 | fl TimeCreated, Message
$eventmessagetstring = $EventMessage | Out-String
$EventMessageAccountNameText3array = $EventMessagetstring | Select-String -Pattern “Account Name:\s+\S+” -AllMatches | Select -ExpandProperty matches | Select -ExpandProperty value
$EventMessageAccountNameText3 = $EventMessageAccountNameText3array[-1]
$EventMessageAccountNameText = $EventMessagetstring | Select-String -Pattern “Failure Reason:\s+\S+\s+\S+\s+\S+\s+\S+\s+\S+\s+\S+” -AllMatches | Select -ExpandProperty matches | Select -ExpandProperty value
$EventMessageAccountNameText2 = $EventMessagetstring | Select-String -Pattern “Source Network Address:\s+\S+” -AllMatches | Select -ExpandProperty matches | Select -ExpandProperty value

$EmailTo = “”
$EmailFrom = “”
$Subject = “OWA attack from $EventMessageAccountNameText2”
$Body = “Owa attack from: `n $EventMessageAccountNameText2 `n $EventMessageAccountNameText3 `n $EventMessageAccountNameText”
$SMTPServer = “IPOfYourSMTPServer”
$SMTPMessage = New-Object System.Net.Mail.MailMessage($EmailFrom,$EmailTo,$Subject,$Body)
$SMTPClient = New-Object Net.Mail.SmtpClient($SmtpServer, 25)

So in task properties we should choose:
In Add arguments (optional) field we should add:

-ExecutionPolicy ByPass -File X:\PathToScript\OwaAttack.ps1

So if everything is correct – next time someone fail to enter correct password or an attack on OWA is performed you will get an e-mail like this:


How to monitor “unmonitorable” stuff on Windows server with PRTG Network Monitor

I really love PRTG Network Monitor, simple and efficient monitoring solution I have been using for many years… It has a lot of sensors that you can use to monitor various stuff – from network devices to storage devices, to some predefined WMI sensors for disk monitoring on Windows …
But there are some things that are not that simple to monitor… For example DNS server cache entries… Or, DHCP server leases in use? There is no predefined sensor in PRTG to do that – but there is something very nice and useful – it is called: HTTP content sensor


This sensor can “read” the numeric value from HTTP page (even more than one (so you can have multiple channels = multiple lines in single graph for similar stuff))…

So… The challenge to get from this list:

Let’s do it:
1. Let’s somehow get from that list (Show-DnsServerCache) to numeric value in PowerShell
2. Publish result on some web server (could be IIS on the same server)
3. Schedule PowerShell script to run (every 1 minute) to get the value
4. Collect result with PRTG HTTP Content sensor

1 (and 2). Create PS1 script (by using PowerShell ISE or maybe Visual Studio Code or just by using Notepad :)):

$dnsservercache = Show-DnsServerCache
$dnsservercache = $dnsservercache.Count
$dnsservercache = “[” + $dnsservercache + “]”
$dnsservercache = $dnsservercache.Replace(” “,””)
$dnsservercache | out-file -Encoding utf8 C:\inetpub\wwwroot\dnsservercache.txt

In that (dnsservercache.txt) TXT file you should find something like (number may be different): [13863]

In this case I am “publishing” TXT file on IIS server on the same server – you should write file somewhere else if web server is not running locally.

3. Schedule Powershell script to run every 1 minute to get value
Just create basic task in Task Scheduler, choose Start a program and fill the form:
Program/script: PowerShell.exe
Add arguments: -ExecutionPolicy Bypass C:\ps\Stats.ps1
Start in: C:\ps

When you finish creating task you should modify it to run every one minute here:


4. Collect value from website / txt file

In PRTG you can now create new sensor by choosing HTTP Content and just fill the form like this:
http content2

In a couple of minutes you should get this beautiful graph:


graf day 2