Archive for the ‘Microsoft TechEd’ Category

So after yesterday’s party from 1E in the Puro Lounge, which ended by 3h00 AM, I was glad I didn’t plan any breakout session this morning. Do I need say that it was a good party if it ended that late Sarcastic smile. Before getting into the Hands On Labs (HOL) I paid a visit to the stand of E1 in the exhibition hall to thank for the great party last night. Apparently they had a after party which lasted until 5h00 AM so they were pretty tired.
I went to the HOL area and starting some labs around System Center Configuration Manager vNext. I’m not a Configuration Manager guy but would like to develop some general knowledge about it. What I did see is that the collections have been removed from the product. Hopefully I can get to work with this product more in the future.

Time for another breakout session; Microsoft System Center Virtual Machine Manager 2008 R2: Advanced Virtualization Management.  On my way this session I bumped into Alex De Jong. I had Alex as a trainer for SCOM and Hyper-V. He does lots of interviews with speakers here at TechEd, these interviews are posted on TechNet Edge site, definitely worth checking out! Actually he was searching for a guy that has been to 20 editions of TechEd, it wasn’t even called TechEd at that time! Surprised smile
Getting to my next session, I should have known that this would be a session where PowerShell would dominate strongly. When the question was asked who does PowerShell automation for VMM, only 5% of the room raised their hand. For those who do not know this yet, like Exchange and Lync, the SCVMM console runs on top of PowerShell. The SCVMM GUI has a great option which shows you the PowerShell code it wil execute depending on the actions you have chosen. By using this code you have a good starting point to start PS automation. There were some other topics then PS in this session, like SP1 for Windows Server 2008 R2 which brings the Dynamic Memory option. Before you can use this make sure that you upgrade the Integration Services for those VM’s.
It was amazing that not many people in the room know the PRO feature (Performance and Resource Optimization) in SCVMM. That’s really a shame knowing that the PRO tips actually come from the SCVMM management pack in SCOM (yeah, I like SCOM Hot smile). So for those of you who don’t know what PRO is, I’ll explain in short. PRO tips will tell SCVMM to migrate VM’s automatically when a Hyper-V host is under heavy stress, so basically it’s nothing more then dynamic VM’s management for your Hyper-V cluster.
A handy tool is VMM Configuration Analyzer 2008 R2, which is a free and useful tool that you can use the troubleshoot when PRO tips are not being applied.
A best practice tip to take home; if you want to live migrate the VM with SCVMM installed in it and this VM is High Available, use the Cluster Administrator console to Live Migrate this VM. If you should live migrate this VM from within the SCVMM console the behavior is unpredictable.

My last session today was: Under the Hood: What Really Happens During Critical Active Directory Operations. This was an interactive session where admins can ask question towards to speaker who will try to clarify or help the admins out. So I’ll try to give you a overview on some of the covered topics:

  • Forestprep updates the AD shema but it does not change the security rights, so it only add information in the AD .
  • Domainprep does change permissions. In Windows 2003 they changed infact the permissions to secure the AD better by limiting what a anonymous access account can view.
  • Computer accounts that are not used in AD, disable or delete them or join the computer so that the password is changed every 30 days, otherwise this could be a security issue because someone might access your network with this computer account.
  • Automatic site coverage is a mechanism for scenarios were a site does not have a domain controller, a domain controller from a other site will register itself is a domain controller for that site. The mechanism is best on which DC is closest to that site (based on site link cost)

Today no parties, might go out with some peer to grab a meal and a beer and had to bed early, because after the convention is done, we have a 8 hour drive back home.


3th day at TechEd 2010 in Berlin. I got up at 5h45 AM to go out for a short run in Berlin before going to the conference center. We’ve doing some sightseeing in the evening  the last 2 days so I know some routes at this time. A quick 6,5 km, nothing better to clear the brain after yesterday’s session and a few beers . First session planned for today was Microsoft Exchange Server 2010 SP1 Upgrade and Coexistence: Questions and Answers From Previous Versions of Exchange. It was a interactive session on upgrade scenarios for Exchange 2010. I’m not an Exchange implementer but I picked up some good tips and found out what the look for during Exchange upgrades. An example is this site; You can use this site to test your Exchange external connectivity configuration. It’s even recommended that you use this site whenever you make any changes consider external connectivity in your Exchange environment.
My second session  I attended was given by Ilse Van Criekinge and was about the new OCS-server: Microsoft Lync Server 2010 Management, Administration, and Delegation. She showed lots of PowerShell stuff during the demo’s which (again) indicates that PowerShell is THE way to manage your servers today and for future releases. If you do not use PowerShell, make sure you pick it up because all Microsoft products will have PowerShell integrated and like in Exchange, not all configuration can be done in the GUI. Also as in Exchange, and again, this will be for all Microsoft products in the future, the GUI uses PowerShell CMD-lets in the background. Lync Server 2010 is no exception to this and uses the PowerShell is 2.0, so remote PowerShell is there for you to use! That being said, the GUI for Lync is web-based and makes use of the SilverLight technology. If you know that I’m a pro-SCOM IT-dude, you’ll know that I’m happy the say that Lync Server 2010 already has a MP for SCOM 2007 R2  .To install a Lync server you need use the Topology builder, which connects to central management store (CMS) and will configure the Lync-servers via file transfer (SMB).
I didn’t attend any session during lunch today but I made my way to the exhibition hall because I only passed there briefly yesterday. I had a nice chat with the guys from JalaSoft who offer a Operations Manager console for Mobile devices. For the moment only for Blackberry and Windows Mobile devices are supported. For iPhone the console should become available by the end of the year. Future versions should also support connecting to multiple SCOM infrastructures, but that is still under development. The software, which is called Wings by the way, is a service running in the Operations Manager MS-server. I’ll need to play with that later when I get back home…
My next session: Troubleshooting Group Policy. This session was given by Jeremy Moskowitz, the driving force behind (great site!). I picked up some good resources to troubleshoot some GPO problems like the GPO-tool. GPO troubleshooting needs to be done at 2 parts, one is the AD replication and the 2nd is SYSVOL replication. To troubleshooting SYSVOL replication, you can put a TXT file in the SYSVOL folder to check the replication to other servers. A other great tool for troubleshooting GPO problems is Gplogview which can be downloaded from Microsoft site to do advanced troubleshooting on a client. To troubleshoot GPO preferences you should use the Application log in the event viewer. If you can’t find the problem using the event log, you can always enable Tracing for final troubleshooting. 
Next planned session for the day was System Center Data Protection Manager 2010 in the Datacenter given by Jason Buffington. I attended a session of Jason last week when I went to the System Center day in Belgium, great and passionate speaker. When he checked how much people are using DPM 2007 or 2010 almost half of the room raised their hand , meaning that DPM is a great and commonly used product in the System Center portfolio. One of the most things you need to know about DPM agents is that the VSS writer is written by product team, for example the VSS for Exchange is written by the  exchange guys. These means that there is only one type of agent that needs to be installed, as with other backup products you need to buy and install a agent for file backup, SQL, exchange … VSS has 3 components, the Requester, the Writer and the Provider. The way a backup works is like this, the backup server talks to backup agent. The agent talks to VSS requester and says give me want you got, at this point the agent does not know what kind of data is going to be backup-ed. Requester talks then to the Writer, what happens then depends on the data (exchange, sql, file …). Writer send data to requester which sends it to the agent which on his turn sends the data over to the DPM server. Regarding client backups, the licensing is great. If you have the client licenses, the server is free! (reason for this is that server does not do anything). DPM 2010 has now the ability to protect a complete SQL instance, in DPM 2007 you had to add each new db that was created because DPM did not add this automatically (could be scripted however). Now with DPM 2010 if you select the entire instance to be protected the new created databases are automatically protected. If you add a volume to your DPM server, do not format them because DPM cannot use them, it needs block level storage. When the DPM server starts a backup is talks to the DPM agent installed in the host is going to backup. The DPM agent is then going to take to the VSS (Volume Shadow Copy Service). The VSS exist out of 3 components, the Requester, the Writer and the Provider. The DPM agent then talks to VSS requester and says give me want you got. Requester talks then to the Writer, what happens then depends on the data (exchange, sql, file …), remember that the VSS is not DPM related, it  depends on the product. Writer send data to requester which sends it to the DPM agent who on his turn send the data over to the DPM server. For Hyper-V VM on Hyper-V host the process is the same. You need to only install a agent on the host, there is no agent required in the guest VM. The Hyper-v Integration components install a VSS for this and take care of the rest (the same process as for other backups). The overhead of the backup data is removed by the agent on the Hyper-V agent on the host. Jason had a announce to make for DPM 2010; with a single DPM 2010 server you can now backup 3000 clients instead of 1000. I should play with this technology in my home lab Smile.
My last session today would be What’s New in Operations Manager Since R2. Yeah, I know, another SCOM session, but what can I say, I like this product! The agenda for this session had a lot of topics which indicates that SCOM is still growing rapidly. I’ll summarize the topics without going into details:

  • Default MP contains reports to find out which monitors are generating (too much) alerts
  • Bulk URL Editor to import mutiple URL’s at the same time. Tool is available on the installation media (part of the resource kit)
  • Service Level Dashboard 2.0 for OpsMgr R2.
  • Management Pack Authoring:
    • Trace Workflow is a tool you can use to do online tracing of workflow. It also available via the resource kit. NOTE: when the trace workflow is enabled it can have a small impact on performance.
    • There is a BPA in the Authoring console available to check your created MP.
    • The Autoring console contains a spell checker so you can check your MP before deploying it with a customer, I definitely can use that :p
  • You can generate reports for ACS for Cross platform
  • Visio Add-in enables you to create user friendly views to show the health state of the components. The components contains a link which opens the OpsMgr webconsole where, if sufficient rights, the user can perform actions, like mount a db.
  • In CU3 there is a view which shows the state of the agents being updated (after an update), in 2007 SP1 you needed to create this view yourself, but it wasn’t as nice as the new view.
  • Also in CU3 there is the Azure MP. The implement it you will be guided through a wizard which ask you some information and 2 RunAs accounts.

Off course every SCOM admin should know that you do NOT store your distributed applications in the Default Management Pack, create a new MP and store it in there.

This evening me and 2 other colleagues are invited to a party from 1E. The party will be held in a Puro Sky Lounge in Berlin which is on the 20th floor. It should have a great view over Berlin, I’ll let you know tomorrow how it was Winking smile.

So the first day of TechEd with breakout sessions, besides meeting with peers, this is what TechEd is all about for me. First session of the day was Advanced Storage Infrastructure Best Practices to Enable Ultimate Hyper-V Scalability. The session was given by someone from EMC but was not therefore EMC branded. It was given in such a way that the content will generally applicable, no matter what kind of storage vendor you will use. The session was orientated to deploy a private cloud where you would use the storage system for faster provisioning and deployment of your VM’s. In a normal way of deployment of Hyper-V VM’s you would use the SCVMM console (with the Self Service Portal) to provision your VM’s. What the guys from EMC had done was using snapshot technology and some Power Shell scripting to deploy VM’s which actually resulted in a much faster deployment of VM’s. The concept is that they create a golden VM, take a snapshot from the VM, import the disk, re-signature the disk and then add them as CSV’s to the Hyper-V cluster.During the demo movie the first 5 VM’s deployed by SCVMM were a lot faster but from thereon the snapshot/scripting solution was a lot faster.
Next was a level 400, so good thing I was awake at this time. Impact of Cloning and Virtualization on Active Directory Services. With the environments of today where everything is being consolidated into virtual machines this session was simple a most follow in my agenda. Several examples/situations were given were cloning could have some really (nasty) effects on your virtualized AD environment. Without going into to much details about this session, because this would be a very long blog, some topics that you should keep in mind or definitely should consider when cloning in virtualized (AD) environment are:

  • When a domain is created, it uses the computer SID to create to domain SID. This means if you create a VM, clone it, create a DC out of it, and you want to create a another DC with a child domain you need to do a clear install of a server or run SYSPREP on the clone. If not the domain SID would become the same and you will have serious issues.
  • So use SYSPREP if you are cloning!!
  • If a DC is demoted, the computer SID is regenerated

My 3th session today was Attack & Defense; Authentication and Passwords. During the session some live demo’s were giving on how to easily it is to take advantage of bad configured networks/servers the get access. The main message is that with applications moving into the cloud, certificates are being installed on the client and that you need to secure your clients because these certificates can be easily abused.
The next session was about SCOM, one of my most favorite System Center products. Introducing the Next Generation of SCOM. One the measure announcements was that in the new version the topology of Operation Manager has changed in such a way that there is no more RMS (Root Management Server) required which I’m sure more people will be pleased with. There are some new dashboard views which have multiple views combined, specially those for monitored network devices looks very slick! The new web console is now Silverlight based and personalization that have been done in the SCOM console are pushed back into the web console as well. The new version of SCOM will have the capability to monitor J2E and it will be an in-place upgrade from the current version of SCOM so that your customer investment is protected. The beta version should be available somewhere in Q2 of 2011, RC in Q3 of 2011 and should go RTM in Q4 2011 (a good reason to go next years TechEd) Smile
Next session: Small Business Server 2011 Standard. This should be release by the beginning of December 2010. To make it easier for customers there is now the option of being able to buy Add-On offers. In previous versions customer needed to choose between the Standard and  Premium versions (which was fairly great difference in pricing). For CAL’s (Client Access Licenses) customers only have to buy only extra CAL’s for Premium Add-ons for the users that connect to the SQL instance. Line Of Business (LOB) should best be installed on member server since the new version of SBS using Exchange 2010, which already creates a heavy load on the SBS box itself.
For the last session of the day I followed another Hyper-V track being: Disaster Recovery by Stretching Hyper-V Cluster across Sites. One of the first things that was being told there is that disaster recovery scenarios should be automated because people are not reliable. The technical part of the session was cut into 3 pieces, the network, the storage and the Quorum of the cluster. For the network you can configure some parameters so that if the sites are to far apart, you can change the settings for the heartbeat link between the cluster nodes to prevent from failover because a heartbeat was timed out over the WAN. Cluster Shared Volumes (CSV’s) must be on the same subnet so if you are going over a WAN, a VLAN should be configured. On the storage side of clustering across sites it’s best to have a hardware enabled replication, you should talk to your storage vendor about this because Hyper-V does not have technology like SQL DB mirroring or Exchange log shipping. Whether the synchronization is  synchronise or asynchronise  depends on your business need and much data you are willing to loose. Node & File Share Witness is the best solution for multisite clusters. For the Quorum of the cluster it’s a best practice to not put the Folder Shared Witness on the same cluster because you can loose 2 votes during a cluster failure which can cause the whole cluster to go down. Using PowerShell commands u can force the quorum when the nodes do not have enough votes but note that this might have a performance impact on the cluster.
To close of the day I went to a steakhouse in Berlin went 2 other colleagues and had a few beers, I’ll probably going out for a run tomorrow morning before heading towards to conference.