Que Nguyen's Microsoft techology blog

Hyper-V Scripting

* Dung K Hoang (HP USA) blog: http://dungkhoang.spaces.live.com/default.aspx 

* Hyper-V remote management configuration: http://code.msdn.microsoft.com/HVRemote

Windows Server 2008 R2 Server Core

* Windows Activation steps:
- slmgr.vbs -ipk [product key here]. This step is only needed for MAK keys.
- slmgr.vbs -ato
- slmgr.vbs -dli
- slmgr.vbs -dlv

More info: http://www.windowsnetworking.com/articles_tutorials/Windows-Server-License-Manager-Script-slmgrvbs.html 

* To configure various settings such as domain joining, networking, remote management, Windows update, date/time: just issue the command sconfig

 

Exchange 2010: Getting Started

* Exchange 2010 RC1 Typical installation on a single Windows Server 2008 R2 domain controller:

If you use the WS08R2 Server Manager GUI to install IIS and W3SVC... you may still receive errors saying that the metabase database cannot be accessed. The solution is to use PowerShell scripts to install those prerequisites as described in http://technet.microsoft.com/en-us/library/bb691354(EXCHG.140).aspx

Summary of the steps:
- Download and isntall Office 2007 System Converter: Microsoft Filter Pack from http://www.microsoft.com/downloads/details.aspx?FamilyId=60C92A37-719C-4077-B5C6-CAC34F4227CC&displaylang=en
- Right click PowerShell, Run As Admin:
+ Import-Module ServerManager
+ Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy -Restart
+ Set-Service NetTcpPortSharing -StartupType Automatic
and then you can run setup.

Windows Server 2008 R2 overview

* WS08R2 overview slide download (6M)

* Live Migration demo video (short version, 3M)

* Live Migration & System Center POC demo video (8M). The video is from http://www.caosonblog.com and was done by Son Vu (MSVN HCMC) and HPT HMSC HCMC.

Windows 7 Introduction

* Windows 7 Enterprise introduction slide (2.8M)

Hyper-V tips and tricks

* Want to copy files from the host to VMs quickly? I have been so comfortable with drag-and-drop support in Virtual PC so I find it frustrating when Hyper-V VMs do not support it. Here you are the solution: create a virtual private network in the host, assign the newly created NIC with 192.168.1.100, in VMs try to ping that IP, if you are OK pinging it, issue the command net use \\192.168.1.100 /user:host_user_name and then you can copy files from the host to VMs and vice-versa!

ConfigMgr 2007 client deployment using WSUS

* If you have not done so, configure the client workstations (both domain-joined and workgroup) to use the WSUS server (by using Group Policy or registry files)

* Enable Client SUP installation method in Site Database / Site Management / <site code> – <site name> / Site Settings / Client Installation Methods.

* Behind the scene, the Configuration Manager Client update bits get automatically approved in WSUS and then pushed to the client workstations. 

* On the client machine, open c:\windows\WindowsUpdate.log and check for something simiar to the below (use the wuauclt /detectnow command to expedite the process)

2009-06-15 13:46:13:628  832 66c Agent ** START **  Agent: Installing updates [CallerId = AutomaticUpdates]
2009-06-15 13:46:13:628  832 66c Agent *********
2009-06-15 13:46:13:628  832 66c Agent   * Updates to install = 1
2009-06-15 13:46:13:638  832 66c Agent   *   Title = Configuration Manager Client Installation
2009-06-15 13:46:13:638  832 66c Agent   *   UpdateId = {428DF9AD-10A9-4B6E-8FD1-6FBA23B41E22}.1
2009-06-15 13:46:15:013  832 66c DnldMgr Preparing update for install, updateId = {428DF9AD-10A9-4B6E-8FD1-6FBA23B41E22}.1.

* Fore more information, please visit: http://technet.microsoft.com/en-us/library/bb633194.aspx

ForeFront Client Security: standalone (agent only) 120 day evaluation guide

What is ForeFront Client Security (FCS) then? This is a client/server solution that helps scan and remove malware (virus, spyware, rootkit, Trojan...) in client and server operating systems. This is a new product from Microsoft.

For quick evaluation, only FCS agent is needed (no FCS server is necessary)

* Standalone FCS (agent only) detailed setup guide download (4.5M)

Below is the summary of the above guide:

a. First of all, make sure you are using "Microsoft Update" and not "Windows Update". To check, go to http://update.microsoft.com, and if you see the "Microsoft Update" link, click it to install.

b. The 120-day evaluation FCS agents can be downloaded here: 32bit x86 agent (16M), x64 agent (13M). Extract files to a folder.

c. Open a command prompt. Note: In Windows Vista/Windows 7/Windows 2008, you need to open an elevated "Command Prompt" by right clicking it and choose "Run as Administrator".

d. Go to the CLIENT folder and type clientsetup /NoMOM

e. You will then see the FCS icon on the system tray (a yellow circle with an exclamation mark). In Windows 7, the icon might be hidden and you need to click the triangle button on the system tray to reveal it.

f. If you open the FCS screen, the AV engine version is out of date (back to 2006!). Do not click any button in this screen.

g. Instead, from the Start Menu, open "Microsoft Update" (in Windows XP/2003) or "Windows Update" (in Windows Vista/Windows 7/Windows 2008) to update your Windows, your applications and of course your FCS agents.

h. After 30 minutes or so, you will see the FCS icon becoming green with a check mark.

i. Want to test it? Just click this link to download a sample (harmless) virus http://www.eicar.org/download/eicar.com 

* ForeFront Client Security - Single server deployment guide

Microsoft Ranks First in AV-Comparatives May Edition for Proactive Detection Testing!

We are #1 this time!  And it is our first time scoring Advanced+ in AV-comparatives testing.  We scored very well on both ends: second best in detection rate and we had the fewest false positives. AV-Comparatives.org published the May edition of the proactive/retrospective testing of the May Edition.  This was the continuation of the February test which focused on none-proactive testing.  This test turned to proactive and retrospective to measure the vendors’ capability in detecting new threats.  Our detection rate was 60%, the second best among the participants, and we had the fewest false positive samples.

 

This result is consistent with some recent proactive tests conducted by other industry test organizations.  In the VB100 April edition, VB introduced a new metric, Reactive and Proactive (RAP), in their test criteria.  Vendors scored from 8.0% to 94.7%.  Both FCS and OneCare score at 80% in the RAP test cases.  In addition, in the WildList response time testing by AV-test.org in 2008, Microsoft was in the clear leading position on proactive detection

 

For details, please check AV-comparatives May edition published below: http://www.av-comparatives.org/images/stories/test/ondret/avc_report22.pdf)

 

 

Installing Windows 7 from a USB stick

I found the steps from the below article:

http://www.intowindows.com/how-to-install-windows-7vista-from-usb-drive-detailed-100-working-guide/

 

Make sure your USB stick is big enough to accomodate the Windows 7 installation bits. And here below is the summary of steps and output on my own machine:

 

C:\Windows\system32>diskpart

 

Microsoft DiskPart version 6.1.7054

Copyright (C) 1999-2008 Microsoft Corporation.

On computer: MY-PC

 

DISKPART> list disk

 

  Disk ###  Status         Size     Free     Dyn  Gpt

  --------  -------------  -------  -------  ---  ---

  Disk 0    Online           37 GB      0 B

  Disk 1    Online          189 GB  5120 KB

  Disk 2    Online        15320 MB      0 B

 

DISKPART> select disk 2

 

Disk 2 is now the selected disk.

 

DISKPART> clean

 

DiskPart succeeded in cleaning the disk.

 

DISKPART> create partition primary

 

DiskPart succeeded in creating the specified partition.

 

DISKPART> select partition 1

 

Partition 1 is now the selected partition.

 

DISKPART> active

 

DiskPart marked the current partition as active.

 

DISKPART> format fs=ntfs

 

  100 percent completed

 

DiskPart successfully formatted the volume.

 

DISKPART> assign

 

DiskPart successfully assigned the drive letter or mount point.

 

DISKPART> exit

 

Leaving DiskPart...

 

C:\Windows\system32>e:        (E: drive is where the Windows 7 installation bits are located)

 

E:\>cd boot

 

E:\boot>dir

 Volume in drive E is GRC1CULFRER_EN_DVD

 Volume Serial Number is F0D7-C053

 

 Directory of E:\boot

 

03/22/2009  08:37 PM    <DIR>          .

03/22/2009  08:37 PM    <DIR>          ..

03/22/2009  08:37 PM           262,144 bcd

03/22/2009  08:37 PM         3,170,304 boot.sdi

03/22/2009  08:37 PM             1,024 bootfix.bin

03/22/2009  08:37 PM            97,280 bootsect.exe

03/22/2009  08:37 PM    <DIR>          en-us

03/22/2009  08:37 PM             4,096 etfsboot.com

03/22/2009  08:37 PM    <DIR>          fonts

03/22/2009  08:37 PM           484,928 memtest.exe

               6 File(s)      4,021,240 bytes

               4 Dir(s)               0 bytes free

 

E:\boot>bootsect.exe /NT60 G:

Target volumes will be updated with BOOTMGR compatible bootcode.

 

G: (\\?\Volume{396ea864-1e62-11de-a02a-000c76b0f5c0})

 

    Successfully updated NTFS filesystem bootcode.

 

Bootcode was successfully updated on all targeted volumes.

 

If "could not be locked" & “Access denied” error happens, try this command: bootsect.exe /NT60 G: /force

 

Then copy all files from DVD to USB, and there you go!

KMS activation for Windows Vista, Windows Server 2008 and above

- PowerPoint slide presentation (1.6M) download (courtersy: Phung Phuoc Linh, Microsoft Vietnam) 
- Volume Activation 2.0 Deployment Guide - http://technet.microsoft.com/en-us/library/cc303280.aspx
- VA 2.0 Poster http://download.microsoft.com/download/4/5/f/45fb677a-c215-442e-afd0-419e08b6c5d1/VA%202.0%20Vertical%20Wall%20Poster%20RTM.pdf
- KMS setup demo video: http://www.microsoft.com/downloads/details.aspx?FamilyID=bbf2eb61-2b30-4f2d-bccd-df53e220b8e9&displaylang=en

Posted by quenguyen | 0 Comments

Filed under: {Windows 2008}, {Windows Deployment}

ForeFront Client Security - Single server deployment guide

What is ForeFront Client Security (FCS) then? This is a client/server solution that helps scan and remove malware (virus, spyware, rootkit, Trojan...) in client and server operating systems. This is a new product from Microsoft. It uses WSUS 3.0 or Configuration Manager 2007 for distributing agent+definition. All agent policy can be managed remotely using AD Group Policy.

* Slide download (3.4M)

* Demo video download (5.5M). This is for single FCS server deployment.

Troubleshooting NOTE: if after configuring WSUS and approving the FCS agent+definition and the client just downloads only some Windows XP updates but not the agent+definition, the reason might be that the FCS policy has not yet been created and deployed, therefore the client (WinXP) machine does not see the agent+definition as necessary updates (the wuauclt /detectnow will report that 0 updates are found in the \windows\WindowsUpdate.log)

* The 120-day evaluation (of both FCS server and agent) can be downloaded from http://technet.microsoft.com/en-us/bb738009.aspx

* ForeFront Client Security: standalone (agent only) 120 day evaluation guide

Windows Mobile topics

* Windows Mobile 6 and Exchange Server 2007 demo slide (2.6 M)

* Guide to set up Windows Mobile 6 Pro to wirelessly synchronize with Exchange Server 2007 SP1 via ISA 2006 (0.7M)

Engine update time-out error in ForeFront Server for Exchange

Recently I noticed the following error in the Application Event log:

Event Type: Error
Event Source: GetEngineFiles
Event Category: Engine Error
Event ID: 6014
Date: 2/9/2008
Time: 10:08:43 AM
User: N/A
Computer: GATEWAY
Description:
Microsoft Forefront Server Security encountered an error while performing a scan engine update.
Scan Engine: Kaspersky5
Update Path: http://forefrontdl.microsoft.com/server/scanengineupdate/x86/Kaspersky5
Proxy Settings: Disabled
Error Code: 0xC0001F58
Description: The operation timed out.

Followed immediately by:

Event Type: Information
Event Source: GetEngineFiles
Event Category: General
Event ID: 2017
Date: 2/9/2008
Time: 10:08:43 AM
User: N/A
Computer: GATEWAY
Description:
Forefront Server Security has rolled back a scan engine.
Scan Engine: Kaspersky5

This was happening every 5 minutes after Event ID 2034, which reports that Microsoft Forefront Server Security is attempting a scan engine update of the Kaspersky5 scan engine.

To solve this error make the following change to the registry on the server running Forefront:

• Open Regedit
  
• Navigate to the following key (64bit Exchange):

HKLM\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server

(Note for 32bit Exchange: the path is HKLM\SOFTWARE\Microsoft\Forefront Server Security\Exchange Server)

• Click New DWORD Value
  
• Type EngineDownloadTimeout, and then press ENTER
  
• Right-click the new value and select Modify
  
• Select Decimal as the base, enter 600 in the Value data box, and then click OK. This setting causes the scan engine download process to time out after 600 seconds (10 minutes, instead of 5 minutes)
  
• Exit Regedit

Note: You do not have to restart Forefront Server services or Exchange Server services after you change this registry entry.

Now perform a manual scanner update in Forefront:

• Open Forefront Server Security Administrator
  
• Click Scanner Updates under Settings
  
• Select the appropriate scan engine that was previously timing out. In my case, Kaspersky Antivirus Technology
  
• Click the Update Now button on the right side of the screen

Check the Application event log to ensure that the scan engine has updated properly (Event ID 2012).

Source: http://social.technet.microsoft.com/Forums/en-US/sharepointgeneral/thread/09d6222b-1106-4a92-8516-0660e698a4db/ 
Courtesy: Jimmy Patel

Installation notes of my demo Exchange 2007 with SP1 x64 installation on a Windows 2008 Ent x64

* Server Manager, Features --> Windows PowerShell

* Server Manager, Roles --> Web Server
- IIS6 Metabase Compatibility & Management Console
- Performance/Dynamic Content Compression & Static Content Compression
- Security/Basic Authentication, Windows Authentication, Digest Authentication

* TROUBLESHOOTING NOTES:
- Make sure IPv6 is enabled (IP may be set to automatic) before running Exchange 2007 with SP1 x64 (Typical) Setup, otherwise Hub Transport installation will fail.
- Windows Server 2008 R2 x64 (build 7100): When installing the Mailbox role, if you get the error number 3221684229 and error description ...Access is denied...: just right click SETUP.EXE, Compatibility tab, select Compatibility box, choose "Windows Vista SP1", then rerun setup.