DPM could not enumerate one or more components for application – Error ID 963

When trying to add a Primary Backup source to my Secondary DPM Server i’ve got the following Error;

Error ID: 963
DPM could not enumerate one or more components for application <Component> on protected computer <ServerName>.

Every where on the internet the solutions was to check the DPM Writer on the Production Server. With no succes.

On the following blog i’ve found that it could be in the name of one of the protecting members on your Primary DPM Server.
http://blogs.technet.com/b/dpm/archive/2008/07/11/known-issues-and-recommended-solutions-on-secondary-protection-disaster-recovery.aspx
Apperently if a Protected Member has a “&” in its name dpm can’t Enumerate the data.

So i changed the name of the VM i’m protecting and finaly it works.

0  

SCOM alert – AD FS application pool (ADFSAppPool) is stopped in the IIS Manager

In SCOM 2012 I’ve got errors about ADFS Webservices.

SCOM Alerts

  • AD FS application pool Is Not Running On The Federation Server
  • Federation Passive Web Site Application Is Missing On The Federation Server

After checking the specific server and Application Pool “ADFSAppPool” I couldn’t see anything wrong.

So I checked the monitoring rule that was causing this alert. The ADFS management packs runs several Powershell scripts that’s checks WMI.

WMI Query
Get-WmiObject -namespace root/MicrosoftIISV2 -Class IIsApplicationPoolSetting | Where-Object {$_.Name -eq “W3SVC/APPPOOLS/ADFSAppPool”}


The WMI query looks for the namespace “root/MicrosoftIISV2” so I tried to open the namespace in powershell and the namespace doesn’t exits:
Get-WmiObject -namespace root/MicrosoftIISV2 -Class IIsApplicationPoolSetting

To query which root namespaces exits on a specific machine you can use the following PowerShell command:
Get-WMIObject -class __Namespace -namespace root | Format-Table name

You see that the namespace is missing. So after checking when the namespace is installed and read the implementation guide of the ADFS Management Pack I found out that the following IIS features were missing:

  • IIS 6 Management Compatibility
  • IIS 6 Metabase Compatibility
  • IIS 6 WMI Compatibillity

After installing these IIS features the alerts are gone and ADFS is working fine.

0  

DPM 2012 Service won’t start after Reboot (Internet Access)

A collegue of my asked me for helping him with some troubleshooting.
At a customer DPM console and services won’t start after a reboot and some updates that were installed.
First thing on my mind was that this was caused by installed updates, but the simple solution was to give the Server Internet Access.

The following services wouldn’t start:
– DPM service
– Reporting services (ReportServer$MSDPM2012)
– DPM Access Manager (DPMAMService)

DPM Service TimeOut:

dpm

SystemLog: Error 7009

DPM SystemLog

ApplicationLog: Error 17052

DPM AppLog

Internet Acces:
After some searching the web i found one guy was having the same issue and resolved it by giving the DPM Server Internet Access.
In this case all the servers at the customer have no Internet Accees unless for specific reason. So we have make a TMG trace to see what DPM wants to reach.

TMG Log:
In the TMG logs we see that the server is trying to reach http://technet.microsoft.com and want to check http://<IP>/pki/crl/products/microsoftrootcert.crl.
all this communication is done over port 80.

So we allowed the server to communicate over port 80… reboot the server and everything is working fine again.

0  

Unwanted change of the public IP address of your Windows Azure Cloud Service

I recently had some cases where I lost the public IP address which was assigned to a cloud service within Windows Azure. This was not really a desired scenario because these IP addresses were already used and registered in DNS. The use of a CNAME to *.cloudapp.net was not an option because the use of certificates.

The reason why I lost the public IP address on these services was because of the state of the Virtual Machines within the services. Because of the changes of the billing mechanism in Windows Azure (June, 2013), there was a new status introduced for the Virtual Machines. The new status: Stopped (Deallocated) places the VM in a special state which means that the configuration of the VM is not actively being associated with fabric resources. This results in the fact that you are not being billed for the hourly compute time while the VM is in that state. This is of course a very useful feature, however when all of your VM’s in a Cloud Service are put in this state, the public IP address associated with that service will be released. The next time you start a VM in the Cloud Service it will have a new public IP address assigned. How can we prevent this? Just be aware about the way you shutdown your VM’s in a Cloud Service and/or assure that there’s at least one VM running all the time. There are three ways to shutdown/stop a VM within Azure:

  1. Shutdown VM via Windows Azure Management Portal
    When using the Shutdown button within the Azure portal by selecting the VM, it puts the VM in the Stopped (Deallocated) state.
  2. Shutdown Guest Operating System inside the VM
    Using shutdown (via RDP) from within the VM causes it to go into Stopped state.
  3. Stop VM via Windows PowerShell using Windows Azure PowerShell Module
    In the latest version of the Windows Azure PowerShell Module there’s a new StayProvisioned parameter added to the Stop-AzureVM cmdlet. With this parameter you can determine the state that the VM goes in when shutting it down:
    – Stop-AzureVM -ServiceName “myservice1” -Name “MyVM”
    This causes the VM to go in the Stopped state.
    – Stop-AzureVM -ServiceName “myservice1” -Name “MyVM” –StayProvisioned
    This causes the VM to go in the Stopped (Deallacated) state.

Summary: just put your VM’s in a Cloud in the correct state (stopped) and/or keep at least one VM running. This way you don’t lose your public IP address.
For more information: http://msdn.microsoft.com/en-us/library/windowsazure/dn133803.aspx

0  

ConfigMgr 2012 OSD Installing Package Hangs

Deploying a captured image hangs at the first install package step when you start the OSD deployment just after you update the Distribution Point with the caputered image. The strange thing is that when you wait for 12hours the deployment will work fine.

In the smsts.log you will find repeatedly;
<![LOG[Waiting for job status notification…]LOG]!>

When searching the web i found a request for help on the Technet Forum. It seems to be a bug and has not been fixed in ConfigMgr 2012 CU1, CU2 or CU3.
Link to the Technet Forum: http://social.technet.microsoft.com/Forums/en-US/54a01410-ebe5-4bba-8f62-01415a6dac7a/tasksequence-stops-randomly

Happely there is a fix that came from a support call with Microsoft.
The fix delete a Maintenance Taks which has a “MaxRunTime” of 43200 seconds  what is 12hours. See the below image:
SMS_Maintenancetask

Just put this Visual Basic Script or PowerShell Command Line in your Build and Capture Task Sequence before the step “Capture the Reference Machine”. Or you can add the script in your deploy Task Squence just before your first Install Package step.
In my case i added it in the B&C Task Sequence like the below image.

TS

Visual Basic Script
strComputer = “.” Set objSWbemServices = GetObject(“winmgmts:\\” & strComputer & “\root\ccm”)
Set colSWbemObjectSet = objSWbemServices.InstancesOf(“SMS_MaintenanceTaskRequests”)
For Each objSWbemObject In colSWbemObjectSet
strInstance = “SMS_MaintenanceTaskRequests.TaskID='”&objSWbemObject.TaskID&”‘”
objSWbemServices.delete strInstance
Next

PowerShell Command Line (thanks to Trevor Sullivan)
C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe -noprofile -command “&{Get-WmiObject -Namespace root\ccm -Class SMS_MaintenanceTaskRequests | % { $_.Delete(); };}”

After the new capture i updated the Distribution Point and succesfuly deployed the Task Sequence.

2  

Upgrading Windows 8 to 8.1 using ConfigMgr 2012 (SP1 CU3 or R2)

When you have deployed Windows 8 Enterprise to your environment you might have noticed that you users are unable to upgrade to Windows 8.1 through the store like RT and Pro users are.

This is “as-designed” behavior as you might not want users to upgrade themselves without thorough testing before it’s being released to your environment.

Once your organization is ready to deploy Windows 8.1 to the environment it is no longer necessary to completely reinstall the Machine.

With the introduction of Windows 8.1 Microsoft has made some changes to the way the update process goes in comparison to previous versions of Windows.

In our organization we use ConfigMgr for all of our deployments, including the upgrade of Windows 8.1

Previously with any new release of Windows we would reinstall the end users machine using ConfigMgr and USMT. With the release of Windows 8.1 you now have the ability to add “/auto:upgrade” as a setup parameter, allowing for unattended upgrades of Windows.

Below are the steps to create an application and deploy it to your users.

First, you need to download the ISO, extract it and place it on your default application share.

Now, to create the application :

From the ConfigMgr console, navigate to \Software Library\Overview\Application Management\Applications

From the ribbon select Create Application


In the Create Application Wizard, select “Manually specify application information”

This is needed because we are deploying a so called “script” installation for which we need to specify the information like detection method manually.


In the General Information tab, enter the name of the application, manufacturer and any information you would like to add.

Please remember that most of this information is for administrative purposes, so don’t be bothered with what the users sees at this point.


Next you can set the Application Catalog preferences. Your end users will see this information so adding custom descriptions and any support information might be necessary.


Next you need to add a deployment type


In the General tab, you need to select “Script Installer” and the wizard will automatically require you to manually specify the deployment type information


Specify the name of you deployment type :


For content location you need to specify the location where you extracted the ISO earlier, and as Installation Program enter :

Setup.exe /auto:upgrade


For detection method specify the following :

Setting Type : File System

Type : File

Path : C:\Windows

File of folder name : Explorer.exe

“The file system settings must satisfy the following rule to indicate presence of this application:

Property : Version

Operatior : Greater than or equal to

Value : 6.3.9600



You detection rule should then look like this :


In the User Experience tab, select the following :

Installation behavior : Install for System

Logon requirement : Whether or not a user is logged on

Installation program visibility : Normal

Maximum allowed run time (minutes) 120 (you might want to change this value if your machines require more time to upgrade)


Since this is an upgrade from Windows 8.0 to Windows 8.1 you need to specify a requirement rule which only allows to upgrade to run on Windows 8 machines :


Your summary should look something like this :


Now that you have created an application for the upgrade to Windows 8.1 you need to test this out with some users. The deployment will be the same as normal deployment, so it will be present in the software catalog, and the progress will be visible to your end users.

The only thing that is different is that the Windows 8.1 setup will be on screen and will inform the users of reboots etc.

Important note : The Upgrade to Windows 8.1 will break the ConfigMgr client, but it will repair itself once the installation is completed. Now worries here, but just a heads up :)


0  

Assign License to Users with Group Membership

This script can be used to assign users a license who are member of a specific Office365-Security Group.
The password in this script is encrypted!
Please note that this script only works for users who do not have a license assigned yet.
There are a couple of variables used in this script. Please adjust them if necessary:

Variable Description
GName Name of the Office 365 Security Group
LicenseN Name of the license that will be assigned to the users
Make sure you fill in the license in the correct format! For example: a P1 license is: EXCHANGESTANDARD
UsageLocation Set user location
Make sure you use the correct format! For example: Netherlands = NL
AdminUser Username of the admin user in Office 365 to run this script
Use the UID of the user. For example: AssignLicenses@wortelltechready.com

Script

Here’s the code for the script:

#### Set Variable
Set-Variable -name GName -value &quot;AssignLicenses@wortelltechready.com&quot;
Set-Variable -name LicenseN -value EXCHANGESTANDARD
Set-Variable -name UsageLocation -value NL
Set-Variable -name AdminUser -value &quot;admin@wortelltechready.com&quot;

#### Set Encrypted Password
$Password = &quot;01000000d08c9ddf0115d1118c7a00c04fc297eb010000000ec5c2fd088ac741a6882556fafff2bd0000000002000000000003660000c00000001000000040e00f5a263e04689f6499394c5c6bbe0000000004800000a000000010000000bd5dea3f12458d5030966c7c2cbd0f5528000000474330610cdcc62da9e80a3f19a1eb3b144b1c819ee6d6457906ddbad33baa9cd0944e904bf50000140000003974ffe84f0b9fa5df07c79eaeb3b2b84e5d0023&quot;
$PasswordSecure = ConvertTo-SecureString -String $Password
$cred = New-Object system.Management.Automation.PSCredential($AdminUser, $PasswordSecure)

#### Create Function Logon to Office365
function Logon {
    Import-Module MSOnline
    Connect-MsolService -Credential $cred
               }

############################################################################################################################
############################################################################################################################

#### Logon to Office 365
Logon

#### Create Log File + Start Logging
$Log = &quot;AssignLicenseByGroup.ps1&quot; + &quot;.log&quot;
$ErrorActionPreference=&quot;SilentlyContinue&quot;
Stop-Transcript | out-null
$ErrorActionPreference = &quot;Continue&quot;
Start-Transcript -path $Log -append

#### Get DistributionGroupMembers
$GUIDT = Get-MsolGroup -SearchString $GName
$GUID = $GUIDT.ObjectId

#### Set License
$CompanyInfo=Get-MsolAccountSKU
$CompanyName=$CompanyInfo.AccountName
$LicenseName=$CompanyName+&quot;:&quot;+$LicenseN.ToUpper()

#Get-MsolGroupMember -GroupObjectId $GUID -All | Set-MsolUser -UsageLocation $UsageLocation
Get-MsolGroupMember -GroupObjectId $GUID -All | ForEach-Object {
    Set-MsolUser -ObjectId $_.ObjectId -UsageLocation $UsageLocation
	Set-MsolUserLicense -UserPrincipalName $_.EmailAddress -AddLicenses $LicenseName
    }
#### Stop Logging
Stop-Transcript

Copy and paste the code in notepad (for example) and save it as “AssignLicenseByGroup.ps1”. Go through the following steps to use the script.

Steps


This is the final part of a series of posts about some PowerShell scripts I created or used and modified for some Office 365/Exchange Online migrations.
An overview of the series can be found here.

0  

Create External Contacts with CSV and PowerShell

To create External Contacts in Office 365/Exchange Online I’ve created a script which uses a CSV file for input. The file must be saved as “Unicode, Semicolon separated” (;) and must contain the following fields:

Name Description
ExternalEmailAddress Email Address for the contact (this filed cannot contain spaces!)
Name Full / Display Name
FirstName First name
LastName Last name
StreetAddress Street Address
City City
StateorProvince State or Province
PostalCode ZIP or Postal Code
Phone Office Phone
MobilePhone Mobile Phone
Pager Fax
HomePhone Address
Company City
Title State or Province
Department ZIP or Postal Code
CountryOrRegion Country or Region
Fax Fax
Initials Initials
Notes Notes
Office Office
Manager Manager
Hidden Hide or show the contact in the Global Address List with this field.It can contain only two values: TRUE or FALSE. When using TRUE the contact is hidden. If this field is left blank, the contact is made visible (=TRUE).

Script

Here’s the code for the script:

#### Create Function Logon to Office365 - Exchange Online
function Logon {
    #### Pop-up a dialog for username and request your password
    $cred = Get-Credential
    #### Import the Local Microsoft Online PowerShell Module Cmdlets and Connect to O365 Online
    Import-Module MSOnline
    Connect-MsolService -Credential $cred
    #### Establish an Remote PowerShell Session to Exchange Online
    $msoExchangeURL = “https://ps.outlook.com/powershell/”
    $session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri $msoExchangeURL -Credential $cred -Authentication Basic -AllowRedirection
    Import-PSSession $session
                }

#### Create Function Logoff Office365 &amp; Exchange Online
function Logoff {
    #### Remove the Remote PowerShell Session to Exchange Online ----
    Get-PsSession | Remove-PsSession
    #Remove-PsSession $session
                }

############################################################################################################################
############################################################################################################################

#### Logon to Office 365 &amp; Exchange Online
Logon

#### Ask the user for input CSV File
[void] [System.Reflection.Assembly]::LoadWithPartialName(&quot;System.Windows.Forms&quot;)
$ofd = New-Object System.Windows.Forms.OpenFileDialog
#$ofd.InitialDirectory = &quot;d:scripts&quot;
$ofd.ShowHelp=$true
if($ofd.ShowDialog() -eq &quot;OK&quot;) { $ofd.FileName }
$File = $ofd.Filename

#### Create Log File + Start Logging
if ($File -ne $Null) {
$Log = $File + &quot;.log&quot;
$ErrorActionPreference=&quot;SilentlyContinue&quot;
Stop-Transcript | out-null
$ErrorActionPreference = &quot;Continue&quot;
Start-Transcript -path $Log -append
   }

#### Import CSV
Import-csv -Delimiter &quot;;&quot; $File | ForEach {

#### Create Contacts
New-MailContact -Name $_.Name -DisplayName $_.Name -ExternalEmailAddress $_.ExternalEmailAddress -FirstName $_.FirstName -LastName $_.LastName

#### Add Extra Information depending on Manager Field
if (!$_.Manager) {
    Set-Contact -Identity $_.Name -StreetAddress $_.StreetAddress -City $_.City -StateOrProvince $_.StateOrProvince -PostalCode $_.PostalCode -Phone $_.Phone -MobilePhone $_.MobilePhone -Pager $_.Pager -HomePhone $_.HomePhone -Company $_.Company -CountryOrRegion $_.CountryOrRegion -Title $_.Title -Department $_.Department -Fax $_.Fax -Initials $_.Initials -Notes $_.Notes -Office $_.Office
    }
if ($_.Manager) {
    Set-Contact -Identity $_.Name -StreetAddress $_.StreetAddress -City $_.City -StateOrProvince $_.StateOrProvince -PostalCode $_.PostalCode -Phone $_.Phone -MobilePhone $_.MobilePhone -Pager $_.Pager -HomePhone $_.HomePhone -Company $_.Company -CountryOrRegion $_.CountryOrRegion -Title $_.Title -Department $_.Department -Fax $_.Fax -Initials $_.Initials -Notes $_.Notes -Office $_.Office -Manager $_.Manager
    }

#### Hide or show the DistributionGroup in the Global Address List
if ($_.Hidden) {
[boolean] $StoreBool = [System.Convert]::ToBoolean($_.Hidden)
Set-MailContact $_.Name -HiddenFromAddressListsEnabled $StoreBool
    }

}

#### Stop Logging
Stop-Transcript

#### Logoff
Logoff

Copy and paste the code in notepad (for example) and save it as “CreateExternalContacts.ps1”. Go through the following steps to use the script.

Steps


This is part 5 of a series of posts about some PowerShell scripts I created or used and modified for some Office 365/Exchange Online migrations.

In the final part (6) of this series I will share a script which can be used to assign a license to users based on group membership.

An overview of the series can be found here.

0  

Predefining and customizing the Modern UI Start Screen on RDS 2012 R2

In a previous blog post called Predefining and customizing the Modern UI Start Screen on RDS 2012 I explained a way to predefine the contents and layout of a Start Screen in Windows Server 2012 and publish that to your users by creating and distributing the file appsfolder.itemdata-ms (with the read attribute either disabled or enabled).

As a quick recap, the new modern UI Start Screen can no longer be controlled by commonly used techniques (despite their downsides) like folder redirection, only the All Apps section can be controller. The Start Screen contents and look and feel are stored in a binary file as part of the users (roaming) profile. The previous article showed a step-by-step guide how to create a pre-defines start screen, publish that to your end users and be allow them to modify that pre-defined Start Screen to their needs.

So what’s new?

As you might have heard Windows Server 2012 R2 was announced June 3rd 2013 at Tech Ed 2013 NA. During one of the sessions a new way to customize, predefine and distribute a Start Screen to end users got introduced. So it’s time for an update!

Note that Windows Server 2012 R2 has not been released yet, I too am not able to personally test this new mechanism until preview release, which will be later this month, so the screenshots and steps below are taken from the sessions held at Tech Ed.

After you have modified the Start Screen the way you want it to look for your end users, you can use the following PowerShell command to Export the Start Screen

You can then store that .XML file in a central location use the following Group Policy Object called “Start Screen Layout” which is inside:

User Configuration Polcies Administrative Templates Start Menu and Taskbar

To define the centrally stored .XML file

In case you’re wondering, this is the description of the GPO setting.

So the process became much easier compared to before! As it now seems this method will be supported on Windows Server 2012, Windows 8.1 and Windows RT 8.1.

Source: http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/Key01#fbid=YavD-8dO8_f

0  

Configuration Manager 2012 and Pooled VDI’s

 

There is a lot of confusion about the use of Pooled VDI’s and the Configuration Manager 2012 client.

Why would we even install the client if the machine only lasts for a short time, what can we do with the inventory data, do we need (managed) antivirus software on the VDI, and do we get a lot of obsolete data in the ConfigMgr database once the machine is removed from the infrastructure?

While designing a Pooled VDI infrastructure, a lot of these questions can rise, and can make decisions hard to make.

In ConfigMgr 2012 the way Pooled VDI’s are handled is a huge difference compared to 2007. A few new inventory attributes are added to the ConfigMgr client to make sure that managing Pooled VDI’s

  • Reporting and Compliance. Gathers discovery information from Guest VMs for Broker Site Name, Desktop Type and Pool Name which become attributes of a system that can be used for compliance monitoring and inventory reports. The new CCMPropertyName values are “IsVirtual”, “IsMachineChangesPersisted”, “IsAssignedToUser”, and “HostIdentifier”. As an example, the “IsMachineChangesPersisted” property enables you to tell a Pooled vs. Personal desktop apart from one another in your management environment.
  • Application Deployment. Delivers new conditional rules for application deployment based on VDI specific attributes. For example, you can build requirement rules to evaluate Desktop Type and Pool Name that make tracking the exact origin or the desktop much easier.
  • User and Admin Experience. Persists uniqueness throughout multiple Pooled VM shutdowns and startups. This prevents an explosion of obsolete client records, keeping your environment clean and manageable across VDI sessions, and eliminates delays in user application delivery.

Using these inventory classes makes managing Pooled VDI’s the management of these machines identical to the management of normal machines in the network. The basic principle that was built in to ConfigMgr 2012 is persistence of Client ID with ConfigMgr.

This means that when a Pooled VDI is shutdown, and therefore deleted, and a new one spins up, the machine will not be identified as a new machine, but will get the client ID of the previous Pooled VDI applied, and retains the inventory data.

This makes managing the desktops, and maintaining the database much easier, and will keep your workload low as it should be.

Now specific on the subject of antivirus. Windows 8 has the default instance of Windows Defender built in. a discussion that may rise is the need of an alternate antivirus product like SCEP. In almost any scenario I would advise to use SCEP when using ConfigMgr to manage the desktops. Even if a Pooled VDI is online for an hour, the change still exists of spreading viruses in the environment and infecting other desktops. When deploying SCEP to your infrastructure, including Pooled VDI’s enables you to have management and reporting of the current health of your environment regarding antivirus. Patches of SCEP can be pre-deployed to the Pooled VDI’s creating a safe and secure environment for you end users, while enabling a consistent and up to date reporting experience for the management.

When we look at application deployment to Pooled VDI’s most of the applications will be pre-installed on the template VHD enabling a complete out of the box experience for the end user. With ConfigMgr 2012 and the integration with App-V 5 streaming directly from the distribution point is possible. This enables you to offer much more flexibility when building your master template. You will be able to keep the size of the master template low, and therefore be able to deploy it much faster than when it is pre built with all of the apps needed in the environment.

0