Category Archives: Windows server 2012 R2

(Mass) Modifying SOA record values by using Set-DnsServerResourceRecord

Today I wanted to update all serial numbers (to make sure that are written in YYYYMMDD00 way) on my primary DNS zones on my Windows server 2019 DNS server.

This is the script to do this massive change – by using this script anyone can modify any parameters in DNS.

$allzones = Get-DnsServerZone | Where-Object -Property ZoneType -EQ -Value “Primary”
foreach ($allzone in $allzones) {
$old = “”
$new = “”
$old = Get-DnsServerResourceRecord -ZoneName $allzone.ZoneName -Name “@” -RRType Soa
$new = $old.Clone()
$new.RecordData.SerialNumber = 2019080400
Set-DnsServerResourceRecord -OldInputObject $old -NewInputObject $new -ZoneName $allzone.ZoneName -PassThru
}

Advertisements

Demystifying SMB 3.x multichannel – part 4 – Hyper-V server to Hyper-V server example with windows teaming tool (server manager / powershell) and VMSwitch with multiple virtual network cards

We are pushing it forward – in previous example (part 3) we made virtual switch just by simply using Hyper-V Manager (or Powershell) but with no extra configuration – the result was that when copying from server to server we got only 1 gigabit throughput.

Now, we are trying to upgrade the scenario by using Powershell (you can only do this by using Powershell or by using System Center Virtual Machine Manager (that below also uses Powershell :)) – we are going to create Virtual Switch but then we are going to assign more than just one virtual network card to host operating system (our Hyper-V host):

So by doing:

New-VMSwitch -Name Team01 -AllowManagementOS $false -NetAdapterName Team01

We simply create a virtual switch, that does not have in previous part mentioned checkbox  “Allow management operating system to share this network adapter” checked so, no Virtual Network card is created – !Warning! If you run only this cmdlet you will cut yourself out of your Hyper-V host – so it is better to prepare also the second part and run it all together so we will continue by using cmdlet Add-VMNetworkAdapter:

Add-VMNetworkAdapter -ManagementOS -SwitchName Team01 -Name MGMT01
Add-VMNetworkAdapter -ManagementOS -SwitchName Team01 -Name MGMT02
Add-VMNetworkAdapter -ManagementOS -SwitchName Team01 -Name MGMT03
Add-VMNetworkAdapter -ManagementOS -SwitchName Team01 -Name MGMT04

This cmdlets will create 4 virtual adapters for your Hyper-V Host to use (yes, you can also use VLANS with this network adapters).

As can be seen in the video we are getting better results than with a single virtual network adapter but still we are getting not more than 2 gigabit of bandwidth – and it is not stable.

Demystifying SMB 3.x multichannel – part 3 – Hyper-V server to Hyper-V server example with windows teaming tool (server manager / powershell) and VMSwitch on top

As I told you at the beginning of this series I am a big fan of Hyper-V – I have been implementing it since 2008 (when nobody believed this would ever become a serious virtualization platform :)). So in Windows server 2012 / 2012 R2 the most common way of setting up your Hyper-V networking was to just team your NICs by using Windows provided tool and then just to create a VMSwitch on top of it – by using Hyper-V manager or Powershell and by using the checkbox Allow management operating system to share this network adapter. After this process you ended up with a new virtual NIC called for example vEthernet (Team01).

Like in previous scenario (part 2) we have 1 gigabit speed when copying files from server to server. And yes, if there was a third server we would probably start using next NIC so we would have 2 gigabit traffic from server 1 – 1 gigabit to server 2 and 1 gigabit to server 2 – but still just a gigabit to each of them.

In this video you can see that we are upgrading previous scenario (teamed NICs) by enabling Hyper-V Virtual Switch (External type) using Hyper-V Manager – you could also do that by using Powershell following the documentation.

Demystifying SMB 3.x multichannel – part 2 – server to server example with windows teaming tool (server manager / powershell)

As you probably saw in my previous post – if you leave your cards just as they are – connected to switch SMB multichannel kicks in when you start to copy something to another machine that also has multiple NICs … But what happens in server to server scenario when you team your interfaces by using teaming that is included in windows – the one that you can configure by using server manager (and of course by using PS).
Well when you team your interfaces you get a new interface (you will see an interface with Microsoft Network Adapter Multiplexor).
Well in server to server scenario it means that you have only one NIC which reduces the speed of your copying to a speed of a single card in NIC.
As you can see also in Powershell by using Get-SmbMultichannelConnection cmdlet we have just one session.
Yes, if there was a third server we would probably start using next NIC so we would have 2 gigabit traffic from server 1 – 1 gigabit to server 2 and 1 gigabit to server 2 – but still just a gigabit to each of them.

Just a quick remark … You can create teaming interface by using Server manager or you can use Powershell – more information about creating teamed interface can be found here.

Demystifying SMB 3.x multichannel – part 1 – quick introduction

I am a big fan of SMB 3.x multi-channel feature that Microsoft implemented for the first time in Windows server 2012. As I am also a big fan of Hyper-V and I want my hosts to have the ability to copy files between them (ISOs, VHDXs …) as fast as possible I wanted to create this short series of articles about multi-channel feature. I was really happy when I saw Mr. Linus Sebastian posted a video Quadruple Your Network Speed for $100 with SMB 3.0 Multichannel! so I decided to create a small series of videos to also see what advantages of using it in a production environment are and why.

For this test I used 2x Dell R730xd with 2 CPUs (Xeon E5-2620) and with Dell Intel I350 Quad-Port Gigabit Ethernet and MikroTik switch CRS226-24G-2S+.

For those not familiar with SMB 3.x multichannel I would like to point out an (old) article by Mr. Jose Barreto: https://blogs.technet.microsoft.com/josebda/2012/06/28/the-basics-of-smb-multichannel-a-feature-of-windows-server-2012-and-smb-3-0/

So in this first part I would like to show, how SMB 3.x multichannel (I am putting that x there as SMB versions are changing (table at point 4) in each release of Windows server (and client too!) works.
In this demo I will be using Windows server 2019 which uses SMB dialect 3.1.1. You can check the dialect that your servers / clients are using by typing following cmdlet in Powershell: Get-SmbConnection

smb dialect

In the following video you can see the first example – two servers connected with 4 NICs each to the switch – without any extra configuration (there are no IP addresses configured) but you can see that when we copy files from server 1 to server 2 we utilise all 4 NICs on server 1 and all 4 NICs on server 2 – it can be clearly seen also on switch. To get information how your server utilizes SMB 3.x multichannel you can use Powershell cmdlet: Get-SmbMultichannelConnection

 

Get e-mail alert for failed logon attempt on Outlook Web Access (OWA)

Just for fun I tried to establish a mechanism that will allow me to get information for failed logon attempt on Outlook Web Access (OWA).

If you open event viewer on your CAS server (where OWA is located) you can find out that failed requests are logged with Event ID 4625.
003

001
In general information you can find interesting things like – username which was used and IPv4 or IPv6 address from where the attempt was made.
002
All you need to do is to Attach task to this event
004
As all other actions are deprecated you should use the option to Start a program – here we will run a Powershell script to do the job.
005
We need to create a PS1 (powershell script) with content:

$EventMessage = get-winevent -FilterHashtable @{Logname=’Security’;ID=4625} -MaxEvents 1 | fl TimeCreated, Message
$eventmessagetstring = $EventMessage | Out-String
$EventMessageAccountNameText3array = $EventMessagetstring | Select-String -Pattern “Account Name:\s+\S+” -AllMatches | Select -ExpandProperty matches | Select -ExpandProperty value
$EventMessageAccountNameText3 = $EventMessageAccountNameText3array[-1]
$EventMessageAccountNameText = $EventMessagetstring | Select-String -Pattern “Failure Reason:\s+\S+\s+\S+\s+\S+\s+\S+\s+\S+\s+\S+” -AllMatches | Select -ExpandProperty matches | Select -ExpandProperty value
$EventMessageAccountNameText2 = $EventMessagetstring | Select-String -Pattern “Source Network Address:\s+\S+” -AllMatches | Select -ExpandProperty matches | Select -ExpandProperty value

$EmailTo = “admin@domain.com”
$EmailFrom = “alert@domain.com”
$Subject = “OWA attack from $EventMessageAccountNameText2”
$Body = “Owa attack from: `n $EventMessageAccountNameText2 `n $EventMessageAccountNameText3 `n $EventMessageAccountNameText”
$SMTPServer = “IPOfYourSMTPServer”
$SMTPMessage = New-Object System.Net.Mail.MailMessage($EmailFrom,$EmailTo,$Subject,$Body)
$SMTPClient = New-Object Net.Mail.SmtpClient($SmtpServer, 25)
$SMTPClient.Send($SMTPMessage)

So in task properties we should choose:
007
In Add arguments (optional) field we should add:

-ExecutionPolicy ByPass -File X:\PathToScript\OwaAttack.ps1

So if everything is correct – next time someone fail to enter correct password or an attack on OWA is performed you will get an e-mail like this:

006

How to monitor “unmonitorable” stuff on Windows server with PRTG Network Monitor

I really love PRTG Network Monitor, simple and efficient monitoring solution I have been using for many years… It has a lot of sensors that you can use to monitor various stuff – from network devices to storage devices, to some predefined WMI sensors for disk monitoring on Windows …
But there are some things that are not that simple to monitor… For example DNS server cache entries… Or, DHCP server leases in use? There is no predefined sensor in PRTG to do that – but there is something very nice and useful – it is called: HTTP content sensor

http-content

This sensor can “read” the numeric value from HTTP page (even more than one (so you can have multiple channels = multiple lines in single graph for similar stuff))…

So… The challenge to get from this list:
show-dnsservercache
to:
graph

Let’s do it:
1. Let’s somehow get from that list (Show-DnsServerCache) to numeric value in PowerShell
2. Publish result on some web server (could be IIS on the same server)
3. Schedule PowerShell script to run (every 1 minute) to get the value
4. Collect result with PRTG HTTP Content sensor

1 (and 2). Create PS1 script (by using PowerShell ISE or maybe Visual Studio Code or just by using Notepad :)):

$dnsservercache = Show-DnsServerCache
$dnsservercache = $dnsservercache.Count
$dnsservercache = “[” + $dnsservercache + “]”
$dnsservercache = $dnsservercache.Replace(” “,””)
$dnsservercache | out-file -Encoding utf8 C:\inetpub\wwwroot\dnsservercache.txt

In that (dnsservercache.txt) TXT file you should find something like (number may be different): [13863]

In this case I am “publishing” TXT file on IIS server on the same server – you should write file somewhere else if web server is not running locally.

3. Schedule Powershell script to run every 1 minute to get value
Just create basic task in Task Scheduler, choose Start a program and fill the form:
Program/script: PowerShell.exe
Add arguments: -ExecutionPolicy Bypass C:\ps\Stats.ps1
Start in: C:\ps

When you finish creating task you should modify it to run every one minute here:

schedule

4. Collect value from website / txt file

In PRTG you can now create new sensor by choosing HTTP Content and just fill the form like this:
http content2

In a couple of minutes you should get this beautiful graph:

graph2

graf day 2