We have recently gone through the process of wiping out our lab and rebuilding from scratch on Windows Server 2008 R2 Enterprise. During this process, I recorded the steps I used to configure MPIO with the iSCSI initiator in R2. Just to make life more complex, our servers only have 2 NICs, so I am balancing the host traffic, virtual machine traffic, and MPIO across those two NIC devices. Is this supported? I seriously doubt it. :-) In the real world you would separate out iSCSI traffic on dedicated NICs, cables, and separate switch paths. The following step-by-step process should be relatively the same though.
Editorial Note: I do not work for the iSCSI team, I’m a field guy. If you see something you disagree with here don’t be angry, instead comment your point and I will update the article. Thanks.
The workflow I am following assumes that when starting out one NIC is configured for host traffic and the other for a VM network. On the WSS the secondary NIC was already configured not to register in DNS. Also, since I am using WSS and the built-in iSCSI Target I don’t have to configure a DSM for the storage device. If your configuration is different than that, you may have to ignore or add to a few parts of the below instructions. Sorry about that. I can only document what I have available for testing…
First I just want to show a screenshot of the iSCSI target on our Windows Storage Server, to indicate that it does have two IPs. Once again, I am cheating the system here. These are not dedicated TOE adapters for iSCSI on a separate network. This is a poor man’s environment with 1 VLAN and minimal network hardware. My highly available environment is anything but! To view this information on your own WSS, right-click on the words “Microsoft iSCSI Software Target” and click Properties.
Next I needed to enable MPIO on the servers making the iSCSI connections. MPIO is a Feature in Server 2008 R2 listed as Multipath I/O. Adding the Feature did not require a reboot on any of my servers.
Configuring MPIO to work with iSCSI was simple. Click Start and type “MPIO”, launch the control panel applet, and you should see the window below. Click on the Discover Multi-Paths tab, check the box for “Add support for iSCSI devices”, and click Add. You should immediately be prompted to reboot. This was consistent across 4 servers where I followed this process.
After rebooting, if you open the MPIO Control Panel applet again, you should see the iSCSI bus listed as a device. Note on my servers, the Discover Multi-Paths page becomes grayed out.
Now click Start and type “iSCSI”. Launch the iSCSI Initiator applet. Add your iSNS server or Target portal. There is plenty of documentation on how to do this on TechNet if you need assistance. I want to stay focused on the MPIO configuration.
Once you are connected to the target, click the button labeled “Devices…”. You should see each of the volumes you have connected listed in the top pane. Select a Disk and click the MPIO button. In the Device Details pane you should see information on the current path and session. If you click the Details button, you can verify the local and remote IPs the current connection is using. It should be the IPs that resolve from the hostnames of each server. See my remedial diagram below.
I recommend taking note of this IP, to make life easier later on!
So everything is setup for MPIO but you are only using a single path and that’s not really going to accomplish much now is it? Since I only have 2 NICs in my test server I need my host to share the second NIC with the VM network. This is not ideal but again I am using what I have and this is only a test box.
In R2 the host does not communicate by default on a NIC where a virtual network is assigned. To change this, open the Hyper-V console and click “Virtual Network Manager…”. Check the box “Allow management operating system to share this network adapter”.
This will create a third device in the network console (to get there click Start, type “ncpa.cpl”, and launch the applet). You should see the name of the new device matches your Virtual Network name. In my case Local Area Connection 4 has a device name “External1”. Right click on the connection and then click Properties. Select “Internet Protocal Version 4 (TCP/IPv4)” and click the Properties button. Configure your address and subnet but not the gateway as it should already be assigned on the first adapter. You also shouldn’t need to set the DNS addresses in the new adapter. You will however, want to click the “Advanced…” button followed by the DNS tab and uncheck the box next to “Register this connection’s address in DNS”. This really should be the job of your primary adapter, no need to have multiple addresses for the same hostname registering and causing confusion unless you have a unique demand for it.
Back in the iSCSI Initiator Applet, click the Connect button. I know you already have a connection. In this step we are adding an additional connection to the Target to provide a second path.
In the subsequent dialogue make sure you check the box next to “Enable multi-path” and then click the Advanced… button. In the Advanced Settings dialogue you will need to choose the IP for your second path. In the drop-down menu next to “Local adapter:” select Microsoft iSCSI Initiator”. In the drop-down next to “Initiator IP:” select the IP on your local server you would like the Initiator to use when making a connection for the secondary path. In the third drop-down, next to “Target portal IP:” select the IP of the iSCSI Target server you would like to connect to. This should be the opposite IP of the session we observed a few steps back when I mentioned you should take note of the IP.
Just one more step. Let’s verify that you now have 2 connections available for each disk, that they are using separate paths, and have the opportunity to choose the types of load balancing available. Once you have hit OK out of each of the open dialogues from the step above, click on the Devices… button again and check out the top pane. On each of my servers I see each disk listed twice, once per Target 0 and once per Target 1, as seen below. If you follow my remedial diagrams one more time and select a disk, then the MPIO button, you should now see two paths. Select the first path and click the Details button. It should be using the local and remote IPs we took note of earlier. Click OK. Now select the second path and then the Details… button. You should see it using the other adapter’s IP on BOTH the local and remote hosts.
Windows activation is simple and straightforward if you understand the components. I have had a few customers that stumbled when getting a KMS online and in every case it has been an issue with name resolution, network connectivity, or they simply did not understand how to use the keys. Activation is designed to help you with deployments and sustain your environment even in the event a key gets lost. KMS is the simplest of all the activation methods because you only need to worry about putting a key in one machine. You can then deploy new machines without having to ever worry about keys unless your device will be off the network for more than 6 months.
This is the first of a two part series to break down KMS troubleshooting in to a process that should help identify exactly what is at fault. I don't want to mislead or instill fear to those who are just starting out - the process is normally simple by design. However, for those who have run in to trouble, I'd like to publish a guide that will help you isolate and correct the issue you've encountered without spinning your wheels. Part 2 will be published next week with a focus on troubleshooting the server.
Let's assume you are a consultant from outside the organization and you know nothing about the environment, server or workstation. The first thing you'll want to do is understand how the client was built. It is possible the machine is retail or OEM, and neither of those use KMS for activation. Any of the "Home" versions, Basic, Premium, or Ultimate, are retail builds and do not use volume licensing methods at this time. Windows XP observed the same rules, neither XP Media Center or XP Home Edition were not capable of using the VLK. If you are using the OEM media such as a recovery DVD you would see the machine come online "pre-activated". This is a result of a marker in the BIOS that corresponds with the OEM media. Note: if this marker is not present, such as the case of "naked" OEM workstations, then KMS is not an option for activation. So we are assuming the machine was built using volume media and is capable of being a KMS client. You can test this to be sure by running a the command line and looking for the Name and Description. Right click on the command line icon on the start menu and select "Run As Administrator". Then type -
c:\windows\system32\cscript slmgr.vbs -dlv
My machine returned this output, I replaced any sensitive data with <>:
Software licensing service version: 6.0.6000.16386Name: Windows(TM) Vista, Enterprise editionDescription: Windows Operating System - Vista, VOLUME_KMSCLIENT channelActivation ID:<>Application ID:<>Extended PID:<>Installation ID:<>Partial Product Key:<>License Status: LicensedVolume activation expiration: 259060 minute(s) (179 day(s))
Key Management Service client information Client Machine ID (CMID):<> DNS auto-discovery:<> KMS machine extended PID:<> Activation interval: 120 minutes Renewal interval: 10080 minutes
This also provided some insight in to resolving the KMS name. If no server name is given for the "DNS auto-discovery" field, you already know there is an issue. This may also occur if you did not run the command prompt as an administrator.
Next you will want to ensure you are able to contact the server. In the same command prompt, run some basic diagnostics to ensure you are able to resolve names and that you know which DNS servers/zones your machine is querying.
Retrieve your networking details, specifically the default DNS suffixes and search order -
ipconfig /all
My machine returned this output, I replaced any sensitive data with <> and am including only the first section:
Windows IP Configuration
Host Name . . . . . . . . . . . . : migreene-nc8430 Primary Dns Suffix . . . . . . . : <> Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : <> System Quarantine State . . . . . : Not Restricted
I am assuming you know/understand basic network connectivity troubleshooting and will be able to diagnose any of those issues should they exist. The address should be valid, ping the DNS server, ping the local hostname, etc. Take note of the Primary DNS suffix such as "domain.edu" and the DNS Suffix Search List. If the wrong name is given, you know there is an issue with addressing and the wrong suffix is being assigned. If no name is given, there may be an issue or it is possible that no suffix is being given and the environment is relying on the DNS server to resolve FQDN's. If you are not providing a DNS suffix to clients either manually, via the domain, or via DHCP, you will want to hard-code your clients to the KMS.
This next step is as important as the first. Make sure the client can retrieve the SRV record. You may even find this step should be taken first, and then work backwards once you know that DNS is in order. In this case I have given an example, "servername.domain.edu". If you were actually troubleshooting you would use a known hostname, or the KMS hostname -
nslookup> servername.domain.eduServer:<>Address:<>
Non-authoritative answer:Name:<>Address:<>
This tells you which DNS server your client is querying and whether it is responding. You should have returned a valid IP. If not, you now know the issue is on your DNS server or client configuration. Now query for the SRV record while still in nslookup -
>set q=srv>_vlmcs._tcp
Server:<>Address:<>
Non-authoritative answer:_vlmcs._tcp.<> SRV service location: priority = 0 weight = 0 port = 1688 svr hostname = <>
<> internet address = <>
If you are not able to resolve this SRV record, and you have not hard-coded a client to a KMS, the machine will not have enough information to find a KMS and activate. If you need to publish an SRV record manually to an existing forward lookup zone, instructions are published here -
KMS Publishing to DNS
Finally, it is a good idea to attempt an activation manually to see if any actionable error messages are returned. The command line can be run from the same elevated command prompt -
c:\windows\system32\cscript slmgr.vbs -ato
The result should be -
Activating Windows(TM) Vista, Enterprise edition (<>) ...Product activated successfully.
If the activation fails, you may get actionable feedback such as notification that the KMS does not have at least 25 active clients, or the record could not be found in DNS. If an error code is returned you can find more information by running -
c:\windows\system32\slui.exe 0x2a 0x<error code>
If everything appears to be working on the client but the machine will still not activate, the issue may be some type of failure within the imaging process. For best results, sysprep should always be used when an image is being created for the purpose of deployment. One other possibility is the case of a "naked pc". If the machine was acquired from an OEM and did not have Windows installed, you should leverage MAK for activation instead of KMS. Windows volume licensing requires that the OS come from the OEM, and then an upgrade is performed to volume media for mass distribution via imaging. Key Management Service is not available if the machine was originally sold as "naked". My recommendation would be to use MAK and distribute it through either your image or the VAMT.
You may find other faults at the workstation level. For example, if there was a host based firewall preventing outbound traffic the client would not be able to contact the server (port 1688). It's also possible that some drive "freezing/thawing" tool is resetting the machine to a state before activation. New versions of such tools should allow exceptions for activation just as they would have been allowing for other OS components.
I can't possibly list every potential obstacle here but if I have missed something you faced and resolved through some other workflow, please let me know and I will post an update. Remember, on any new machine you have 30 days plus 2 -rearms using slmgr.vbs for a total of 90 days to bring a new install online, and for existing KMS clients you have 6 months to resolve any new issues. This provides a large window for troubleshooting and resolving any client-side difficulties you might encounter.
Once a KMS is online, you can resolve the name, and connect to it, it really does make imaging simple. There is no longer a need to contact licensing administrators to find a key or store it somewhere in a file. You can simply roll out new installations and by default they will look to the KMS and activate without the user or deployment specialist ever needing to worry about keys or activation. Above all, remember that volume activation was designed to create a process for remediation when a volume key is lost, without needing to redeploy existing machines.
This is an incredibly valuable task. Windows Vista employs "Image Based Setup", meaning their is no more i386 folder. Instead, Windows now comes on the DVD as an image that is copied and expanded during setup. An admin can capture a custom .WIM windows image and mount the WIM to add/modify/remove files. Did you know you can also edit the registry?
Mount the WIM file to a local folder using ImageX.
C:\ImageX>imagex /mountrw install.wim 1 c:\mount ImageX Tool for WindowsCopyright (C) Microsoft Corp. 1981-2005. All rights reserved. Mounting (RW): [C:\ImageX\install.wim, 1] ->[c:\mount] Successfully mounted image (RW).
C:\ImageX>imagex /mountrw install.wim 1 c:\mount
ImageX Tool for WindowsCopyright (C) Microsoft Corp. 1981-2005. All rights reserved.
Mounting (RW): [C:\ImageX\install.wim, 1] ->[c:\mount]
Successfully mounted image (RW).
Load the registry hive you need. In this case let's mount HKLM\Software.
C:\mount>reg load HKLM\test c:\mount\windows\system32\config\software The operation completed successfully.
C:\mount>reg load HKLM\test c:\mount\windows\system32\config\software
The operation completed successfully.
Open Regedit to make changes or use Reg Add from the command line.
Unload the reg hive.
C:\Windows\system32>reg unload HKLM\test The operation completed successfully.
C:\Windows\system32>reg unload HKLM\test
Unmount the image.
C:\ImageX>imagex /unmount /commit c:\mount ImageX Tool for WindowsCopyright (C) Microsoft Corp. 1981-2005. All rights reserved. Unmounting: [c:\mount]... Successfully unmounted image.
C:\ImageX>imagex /unmount /commit c:\mount
Unmounting: [c:\mount]...
Successfully unmounted image.
It really is that simple. Changes to be made without having to apply, sysprep, and recapture the image. You could leverage this as a tool in a variety of ways such as to embed a script to run application installations after the image has been deployed, automate activation using slmgr.vbs, etc.
I've heard a few people actually say ImageX.exe is included with Vista. That's not technically accurate. ImageX is most certainly a value add to Vista but it is packaged separately in a download called "WAIK" or Windows Automated Installation Kit. So let's say you want to use ImageX but don't want to run the full WAIK install. You copy imagex to a separate machine and run it. Works, but certain things fail, why? There are a number of other files you'll want to copy in addition to the EXE. To mount a WIM read/write and do other interesting things copy these files (everything in the same folder). Combine their total size is 1.01 MB.
imagex.exeintlcfg.exewimfltr.infwimfltr.syswimgapi.dll
Ok, now you attempt to mount read/write and you receive an error that imagex was unable to find the file? That's because it needs to load the filter to be able to mount an image stored within the WIM. WIM supports single instance storage and allows appending a new image to an existing file. This considerably saves file size and disk space but does mean you need to install the wimfltr.inf file.
Simply open the folder in Windows Explorer, right click on wimfltr.inf and click "install". Approve the UAC prompt. Done. If you need to script the install or want to run it from the command line, by using the context menu you actually executed the following command.
%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 <filename.inf>
We have the best partners in the world. I got an Email shortly after my last post for another article on the same topic.
http://spaces.msn.com/bhandler/blog/cns!70F64BC910C9F7F3!730.entry
Hopefully the trackback is automatically created.
and securely embed your MAK!
I've had several requests to document this since I posted the how-to on embedding your MAK in a custom WIM for departmental usage. The next logical step is to create your own DVD using this image. So if you haven't read my first article on this topic, now would be the time to go back and do so.
<edit - just a quick editorial note - although this does not expose your MAK in clear text, you should still be cognoscente of who you are trusting with an embedded key. See your licensing documents for more details.>
This operation is actually quite simple. Let's start out by assuming you have created a customized WIM by running setup and installing Vista on a workstation or VM, optionally using an autounattend.xml file on removable media, possibly including your MAK in pass 4 if desired. Run sysprep with OOBE and Generalize selected, shutdown, and finally capture the image either using ImageX or WDS. You could also automate the whole process, quite easily, using BDD (I did).
Next we leverage a tool that is conveniently provided with WAIK, named "oscdimg". This executable has been around for a long time as part of the OPK, and has for many years been a tool I keep handy. The process for building a custom DVD is very similar to creation of spanned media, so I recommend you also take a look at the article named "Create Spanned Media" in the WAIK User's Guide.
In addition to WAIK, we also need a Vista DVD image. Copy everything from the DVD in to a new folder, in my case I already had the files in my BDD deployment point.
Now, take your custom WIM image and rename it to install.wim. Copy or cut and paste this file in to the \Sources folder in the location where you copied your DVD.
Note: You can also specify the location of a custom WIM in an answer file using the "Install From" parameter. This way, you could point to a network location and use the original, unmodified Vista DVD.
<edit> - After further testing and feedback from a University customer, I discovered that if you would like to embed the MAK, it is also necessary to delete the PID.txt file from \Sources folder you copy from the Vista DVD. Otherwise the default KMS client key will be injected and the MAK will be overwritten after the image has been applied. The result is the media will prompt for a key but if none is provided and the user selects "Next" and then "No", the embedded MAK will be used.
Now open a command prompt as Administrator and execute the following command. This will initiate the process of building your ISO using the etfsboot.com file to make the image bootable.
C:\Program Files\Windows AIK\Tools\PETools>oscdimg -n -m -b"c:\program files\windows aik\tools\petools\x86\boot\etfsboot.com" "<location where you copied the Vista DVD>" "<location and filename where you want the new DVD image>.iso"
If all went according to plan, you should see the following operation complete successfully. Typically if I have an error it was a bad keystroke or I left a backslash (\) at the end of the string for "location where you copied the Vista DVD". BTW, that's the root folder where you copied the DVD where setup.exe is located, not the \Sources folder.
You can now boot a VM from the ISO to test or burn it to disc and boot a workstation from it. Note than any pass 4 settings that you applied during setup using an answer file on the original machine where you captured the WIM will be retained in the cached c:\windows\system32\sysprep\panther\unattend.xml. If you followed the instructions from my first article, that file would at minimum include your MAK which would now be stored securely within the WIM file on the DVD.
The documentation for volume activation 2.0 has been updated today for Server 2008. You can find it here:
http://go.microsoft.com/fwlink/?LinkId=75674
Running KMS on Server 2008 is functionally very similar to running it on Vista RTM. You leverage slmgr.vbs to bring the service online and then clients find the server based on the DNS srv record. BTW, Server 2008 KMS can be run within a virtual environment.
There are online videos to understand volume activation and how to setup a KMS host if this is all new to you. See the links below.
Setting up KMS - http://go.microsoft.com/fwlink/?LinkId=104718 VA overview - http://go.microsoft.com/fwlink/?LinkId=104707
If you want to know which volume license keys to use when activating new machines running Server 2008, see page 19 in the Planning Guide and the FAQ. You only need to put one key in your KMS, and it will handle requests from both Vista and Server 2008. There are separate keys, and unique keys based on which version of server you need to activate. Before you get excited - this is much easier to understand than it might first seem. Simply decide the "top" version of Server 2008 you might install and then use that MKS key to activate the service on a 2008 server. All versions in groups below that version will also activate off that key. The groups are simple.
The groups are named "C, B, A, and Client" respectively. So if you want to activate Server Enterprise, Standard, and client machines, just use your B key to bring the KMS online and the work is done.
The other major change from KMS 1.0 is that in order to activate servers you only need 5 machines online, vs. 25 to activate clients. The client activation still only comes online after you have 25 machines activating, but servers will begin activating after 5. The 5 do not have to be all servers. I mentioned above that KMS 2008 can be run in a virtual environment, which is a change from KMS 1.0. The client requirements have not changed, they can be physical or virtual but only the physical count towards your initial 5 or 25.
Just in case you missed the link above, the table listing which versions of Windows are in each tier is up to date on this page - http://www.microsoft.com/licensing/resources/vol/ActivationFAQ/default.mspx See - Are there any changes with Windows Server 2008 keys?
Last, there is also an MAK for Server 2008 just as there was for Vista, and it works much the same way. The key tiers for MAK are relative to the same groupings as KMS, but differently from KMS they do not support the groups under them. So you will have an MAK for Vista, and an MAK for Server Web, Server Std/Ent, and Server DataCenter/Itanium respectively.
addendum:
Just wanted to add a note on adopting this for Server 2003. Server 2003 installations will continue using the VLK as they have in the past, but will get an update for being a KMS host that can activate Server 2008 and Vista. It will then have support for the tiered keys I mention above. Look for this "KMS 1.1" update in the coming weeks. It will also support running in a virtual environment.
The guys over at OXD are ever-impressive. John Greer has posted 2 sample documents originally created in Word 97-2003 format and converted to Office 2007 .docx format.
http://openxmldeveloper.org/articles/SampleDocs2.aspx
I believe the point is to provide samples of the file formats and let users see the differences/similarities but you can't help but notice the difference in file size. One of the samples is the full text of Alice's Adventures in Wonderland including illustrations. The Office 2003 version is 528 KB. The Office 2007 version is 276 KB or roughly 52% the original. I'm sure the compression depends on content but this is an amazing example.
At a presentation last week a gentleman asked me if Vista includes a tftp client. Today I was poking around in the Vista add/remove features and there it is! Below is the command line output of tftp /?.
Working on another project and I needed a way to wake up an offline server from within my PS script. I found this genius blog post and converted it to a script.
Genius blog post - The PowerShell Guy : PowerShell Wake-on-lan script
I saved the below text as send-wol.ps1 for re-usability. This code came from The PowerShell Guy blog, I cannot claim credit!!!! I just made it a script. Mainly, I combined two snippets from his post and added the args reference.
$mac = [byte[]]($args[0].split('-') |% {[int]"0x$_"})
$UDPclient = new-Object System.Net.Sockets.UdpClient
$UDPclient.Connect(([System.Net.IPAddress]::Broadcast),4000)
$packet = [byte[]](,0xFF * 102)
6..101 |% { $packet[$_] = $mac[($_%6)]}
$UDPclient.Send($packet, $packet.Length)
So how would you run it? I would proactively open a command prompt and get the mac addresses from your arp table and save them to a file. You can get at the table by running “arp –a” and locating the IP address for the node you are concerned about. Later if you want to wake the host up, just open PowerShell, and run the script as follows:
Other ways to get the arp address for an offline machine? If your network devices have SNMP enabled you may be able to leverage vendor tools to retrieve arp data from there. If you have an inventory too such as System Center Configuration Manager, it would also store that data.
There is no add/remove programs or programs and features dialogue, so how do you remove applications?
Start by opening regedit and expanding to the section where all applications should publish their installation data (according to the Windows Application Compatibility Guidelines). If the application does not store data here, you will need to seek out additional support from the vendor.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
In this case I’ll use the C++ Redistributable as an example but it could be any application. See the value “UninstallString”. Double click and copy the contents to the command line. This funny looking string of characters is the GUID for the application. Windows Installer will associate the value with the application and initiate the uninstall process.
This may not seem all that interesting at face value but there are a LOT of people in higher education who have workstations that use public IP's. There is a secure way to connect to your machine remotely. Here's how to setup your Windows Vista workstation to accept new incoming VPN connections. This was also available in Windows XP but you have to know where to look in Vista to enable it.
Start - Network
Open the Network and Sharing Center
Click on Manage network connections
No using your keyboard, press Alt and select File or do an Alt+F to open the File menu and choose New Incoming Connection.
Approve the UAC prompt.
A new wizard opens to walk you through the process. First select who should have access.
Select how they may access the machine.
Select the protocols that should be available and click Allow Access.
The conclusion screen provides details. You can print the information if you need it.
Very nice, it adds a new icon on your Network Connections page.
If you view the properties dialogue you can manage the settings you choose in the wizard.
Out of those dialogues, these are the settings I found to be most interesting.
IOW, encrypt the connection and don't let the VPN connection interfere with connections from handhelds.
That's it, you now have a VPN connection available. To connect, setup a new VPN connection on your other workstation from the Network and Sharing Center.
Select Connect to a workplace.
Create a new connection.
Choose Use my Internet connection (VPN).
Provide the name or address of the machine you are connecting to.
Provide the username and password for the account you selected on the first machine. You may also need to provide the computer name as the domain name.
I choose to let the wizard go ahead and connect when finished.
The new icon on Network Connections shows the VPN connection. In the future you can right-click on this icon or use the Connect To button on the Start Menu.
On both machines you will be prompted to set the network profile. Work should suffice.
The connection and remote user appear on your host machine's Network page. If you right-click on the username, you have the option of disconnecting them from the host.
Enjoy!
I long ago deleted the stock RSS gadget in Vista since I wasn't using it. Just the other day I decided I wanted it back for a special application. All is not lost. Those gadgets are stored in Program Files, presumably just to prevent people like me from doing permanent damage. I found the following step in the online help articles to recover the gadget.
Note: If you uninstall gadgets that came with Windows, you can restore them to the Gadget Gallery by following these steps: a. Open Windows Sidebar properties by clicking the Start button , clicking Control Panel, clicking Appearance and Personalization, and then clicking Windows Sidebar Properties. b. Click Restore gadgets installed with Windows.
Note: If you uninstall gadgets that came with Windows, you can restore them to the Gadget Gallery by following these steps:
a. Open Windows Sidebar properties by clicking the Start button , clicking Control Panel, clicking Appearance and Personalization, and then clicking Windows Sidebar Properties.
b. Click Restore gadgets installed with Windows.
Windows Vista Help: Customize Windows Sidebar
I was recently asked if there is any way to disable protected mode in IE7 via GPO for a set of users. First off, I highly recommend against disabling protected mode. There are substantial security benefits gained by having it enabled. It would be far better to put the site or sites in the trusted sites zone and adjust settings accordingly. If you need to modify these settings via GPO you can, there is an MSDN site with information to understand protected mode and with guidance on managing it through GPO.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/IETechCol/dnwebgen/ProtectedMode.asp
I have seen a flurry of Email over the past two days on volume license keys for Mac Office 2008. It seems that information has not been made clear on whether you need a volume license key and where to get it.
I do not work for the MacBU so I cannot speak on their behalf but I am happy to share the results of our discussion thread. Mac Office comes in two versions, volume and retail. The volume license is available from a licensing agreement (such as a Campus or School Agreement) and retail refers to the version you would purchase in a store.
Just like other Microsoft products, the retail version of Mac Office has a key printed on a label packaged with the media. That key should be used when installing or re-installing. To the best of my knowledge you cannot use a volume key with the retail media, or a retail key with volume media. (when I say media I am referring to the disc)
The volume media is available for download (Visit the Microsoft Volume License Services Web site). You do not need to also obtain a separate volume license key. The key is embedded in the media so you can deploy Mac Office without having to worry about which key to use. The how-to documentation for installing from a central file share is available at:
http://www.microsoft.com/mac/itpros/default.mspx?clr=99-15-0&srcid=aa7ed869-4d89-4c4e-b143-647d5141f8cc1033&ep=9&target=d79a5153-0a7b-40f0-ac1b-8a725ce70f0a1033&CTT=InContent&usid=e2de0337-6aa2-436e-98ca-842788fbf1f5
See the screen capture to the left I took from the page. Here it specifically notes that the installation will not ask for a key.
If you happen to get information indicating otherwise, rest assured you now have the answer!
Now, being the Windows guy I have to say - go install Vista on it... ;-)
I try to hit on this point in every Hyper-V presentation. Snapshots are GREAT for maintenance and roll-back, but they are very, VERY different than what you might be currently using as “snap-mirrors” on your SAN environment. The similarities in syntax have lead to some understandable misunderstanding. (how’s that for prose)
Snapshots are storing all changes out to .AVHD files. Yes, you can expect these AVHD files to grow over time because only “reads” are now being drawn from your original VHD, all “writes” are now going in to the .AVHD file for your current position. That’s why it is important to consider where you are going to store snapshots. This value is configured in the properties of each virtual machine. If you are planning to take a snapshot and make changes that involve a lot of incoming data, you will want to first make sure your volume has enough free space available for this data until you are ready to delete the snapshots which will merge your changes back in to your original VHD.
So you are about to apply some change to a file server vm. You take a snapshot:
Notice that in either case, when the maintenance for my VM is complete I DELETE the snapshots so changes are merged. You might even consider checking the snapshots location after the merge is complete to ensure nothing is waiting for a VM reboot to finish merging active files. Why is this important?
Let’s assume my datacenter has been completely wiped out by natural disaster. Also assume I have not setup Windows Server 2008 to cluster my VMs across physical locations and my only recovery option is off site VHD file backups. I can take my VHD file and from any server running Hyper-V I can boot that VM and be back up and running in seconds. If I have snapshots still in place, I have to restore the host and then restore my VM to that host with the original configuration so my snapshot is still available when the machine boots. Otherwise I risk losing some data.
If you find yourself in the second case and are searching for any possible solution, see this community article. Although this would not be technically on the “support” list, it may be your shortest path out of a bad situation.
Community Link: How to Manually Merge Hyper-V Snapshots Back into one VHD http://blog.networkfoo.org/?p=384
In my test environment I just discovered an issue and need to remove the Domain Controller role from one of my Hyper-V hosts which happens to be running Server Core. This brought a question to mind, if I want to demote a DC running Core, what is the path of least resistance?
I found that if I am willing to accept all default parameters I could do it with just one command line argument –
dcpromo /AdministratorPassword:<password>
To review the default parameters, type “dcpromo /?:Demotion”. Unfortunately my RDP session closed before I could copy/paste the full output of the command. If anyone captures it, feel free to drop it in the comments. It basically confirms each step of removing the role, dns records, binaries, etc. Note that if your DC is the last DC within the domain you would need to specify additional parameters.
This is a great reference for configuring or troubleshooting VA technical issues. 100% of the issues I had heard so far have been related to network access or name resolution. In most cases it was name resolution. The SRV record must be in the default DNS zone for the client.
The Technical Attributes document provides in detail the WMI and registry attributes where information is defined. Some of these values are configurable. For example, you can set the interval that a new KMS client that has not been activated uses to determine how frequently it should attempt to contact the server. You can provide the same interval for clients that have been activated.
Clients which have not been activated:
VLActivationInterval (default 120 or 2 hours) The activation frequency, in minutes, of how often the current machine should contact the key management service machine before the client is licensed."
VLActivationInterval (default 120 or 2 hours)
The activation frequency, in minutes, of how often the current machine should contact the key management service machine before the client is licensed."
Clients that have been activated:
VLRenewalInterval (default 10090 or 7 days) The renewal frequency, in minutes, of how often the current machine should contact the key management service machine after the client is licensed.
VLRenewalInterval (default 10090 or 7 days)
The renewal frequency, in minutes, of how often the current machine should contact the key management service machine after the client is licensed.
Both values have an acceptable range of 15 (minutes) to 43,200, or 30 days. You cannot configure the period of time used as a grace period for activated clients. An activated client has 180 days to reach the server again before it begins prompting the user to either provide a network connection where the KMS server may be contacted or enter an MAK. However, you can query this information using WMI.
Source: Windows Vista Volume Activation 2.0: Technical Attributes
This can be scripted quite easily using PowerShell. See below, simply query the SoftwareLicensingProduct class in WMI, filtering for LicenseStatus = 1 and then return Description to see what type of key is being used and GracePeriodRemaining to show how many days until the client gets in to trouble.
PS C:\>get-wmiobject softwarelicensingproduct -filter "LicenseStatus='1'" | format-table -property Description,GracePeriodRemaining Description GracePeriodRemaining----------- --------------------Windows Operating System - Vista, VOLUME_KMSCLIENT channel 257780
PS C:\>get-wmiobject softwarelicensingproduct -filter "LicenseStatus='1'" | format-table -property Description,GracePeriodRemaining
Description GracePeriodRemaining----------- --------------------Windows Operating System - Vista, VOLUME_KMSCLIENT channel 257780
So in the above table, it appears my machine is a KMS client and has a little better than 179 days to contact the server again.
Last week a windows admin asked if I knew what the permissions should be for the root level share of home directories or redirected folders. It has been a few years since I looked this up and I wanted to be certain I had all necessary ACLs, so I committed to researching the question and posting what I found to my blog.
I knew this KB article existed but it is not terribly easy to find since you have to search for "folder redirection" instead of "home directory". This includes the full description for the root ACL.
http://support.microsoft.com/kb/274443
These are the two steps I was most interested in finding:
2. Set Share Permissions for the Everyone group to Full Control.
3. Use the following settings for NTFS Permissions:
Pay attention when configuring the home directory or folder redirection policies. If you enable the setting to give the user exclusive access to the folder, you will override the inherited permissions and need to reset the ACL.
Every time I am discussing MAK with a desktop engineer and I explain they can script activation you can see them sort of look off somewhere like "great, now I get to be a programmer too". Well, you don't have to!
Slmgr.vbs is included in the System32 directory of Vista, which means it is in the path and can be called from anywhere. This script includes everything you'll need to automate MAK activation. It also includes everything you need to remotely give a machine it's key and activate, or activate a KMS, or clear a key, or see when a machine expires, or what type of key it used, or switch between KMS and MAK! See the following screenshot. To generate this yourself just click start, and in the search field type "slmgr.vbs /?".
Why does this matter? Well, let's say you embed your MAK in an image and want to have the machine activate when it comes online. Just add "slmgr.vbs -ato" to the runonce key and as long as the machine has Internet access it will activate. You could also embed this in a startup script and check activation status. If not activated, do it now, etc.
I mentioned above you also use this script to activate a KMS. If you are using a Vista machine to host the Key Management Service, there is nothing to install. You simply pass this script your key and it will activate the service. There is a great deal of how-to information in the Step-by-Step guide.
Got this question twice this week so I’d say it is blog worthy. How to configure a Hyper-V server to be remotely managed (manage stand alone server or across domains). You might also consider reviewing the ACLs he describes if you are troubleshooting some anomaly in a trusted domain environment.
John Howard has instructions but he also has written a tool specifically more making the changes easier.
John Howard - Hyper-V and virtualization blog : Configure Hyper-V Remote Management in seconds
A few questions have come up as to why when you go out to download Windows Server 2008 there is a "without Hyper-V" option. Further, if Hyper-V is only offered on the 64-bit version, why is there a "without Hyper-V" option for 32-bit?
The answer is not-so-complicated. Windows Server 2008 is offered with and without Hyper-V.
The 64-bit version with Hyper-V (no special notation in the download name) allows you to install Windows server and fully enable the Hyper-V role to create, manage, and host virtual machines. The option for "without Hyper-V" in 64-bit does not offer the role, so you cannot create, manage, and host virtual machines. This includes the administrative console. There is no Hyper-V admin console available in the "without Hyper-V" option, so you cannot create and manage virtual machines running on some other server that has Hyper-V.
The 32-bit version with Hyper-V (no special notation in the download name) does not allow you to host virtual machines because Hyper-V can only be installed on 64-bit hardware, but it does include the administrative console so you can create and manage virtual machines on some other server that is 64-bit and has Hyper-V enabled. The option for "without Hyper-V" in 32-bit does not offer the role, so there is no admin console available to manage another server.
One more detail to know - there is no way to upgrade from "without Hyper-V" to the version with Hyper-V.
One item in the volume activation step by step guide that is a bit confusing is the method for moving a Vista machine that is currently using the MAK back to being a KMS client.
Convert a client using MAK Activation to use KMS Activation
The instructions are easy to follow, you use slmgr.vbs and the extensions "-ipk <setup key>". No problem! Wait. Setup key?
If you search the document for pid.txt you will find a section titled Product Key Considerations. In the section the paragraph contains:
"Volume editions of Windows Vista default to KMS-based activation and do not require a product key to be entered during setup. Windows Vista Volume License editions use a specific pre-defined setup key in the sources\pid.txt file."
That is the setup key referenced by the example. So if you open .\Sources\pid.txt on your Vista volume media, you will find a generic product key that is used for your installations by default. That key tells the machine to become a KMS client, and is what should be used in the operation where <setup key> is given. You can use it for any of the volume media installations where you were using MAK and want to convert back to being a KMS client.
I received a link to this site from one of our field resources. Very nice GUI tool to kick off the command lines that are needed to manage server core. Could be handy. See the link below for details.
Features: Product Activation Configuration of display resolution Clock and time zone configuration Remote Desktop configuration Management of local user accounts (creation, deletion, group membership, passwords) Firewall configuration WinRM configuration IP configuration Computer name and domain/workgroup membership Installation of Server Core features/roles
Features:
CoreConfigurator - MS Israel Community
Why so excited? See the list of things this update includes. WDS!!! Windows Deployment Services will update RIS to support network deployment of Windows Vista.