IT Consultant Everyday Notes

Just some problems/solutions storage

2012 R2: File Server Cluster migration (mounting points disappear)

 

I helped one of our Customers with a File Server Cluster migration. The procedure is described in http://777notes.wordpress.com/2013/12/13/server-2012-r2-file-server-cluster-migration/

The source Cluster was 2008 R2 and were migrating to 2012 R2. backend storage – 3PAR. It was ~50 LUNs to migrate and some of them were connected as mounting points to save letters (see more: http://technet.microsoft.com/en-us/library/cc938934.aspx)

After migration we saw some mounting points disappeared. It turned out the mounting point folders got Hidden and System attributes assigned for some reasons. An attempt to reset the attributes was unsuccessful. Attrib command finished without errors, but attributes remained assigned Smile

In order to fix the situation we needed to unmount the mounting point, use attrib –S –H <<folder>>  to clear attributes and mount the point back to the folder. That brought the mounting points back to (visible) life.

2012 R2 Cluster: “Validate Storage Spaces Persistent Reservation” test failed with warning

 

I recently installed a Failover Cluster on two 2012 R2 nodes with 3PAR SAN storage. Cluster verification tool failed with a single abovementioned warning. Drilling down to the report I found:

Failure. Persistent Reservation not present on Test Disk 0 from node <<MY_SERVER_FQDN>> after successful call to update reservation holder’s registration key 0xb.

Test Disk 0 does not support SCSI-3 Persistent Reservations commands needed to support clustered Storage Pools. Some storage devices require specific firmware versions or settings to function properly with failover clusters. Please contact your storage administrator or storage vendor to check the configuration of the storage to allow it to function properly with failover clusters.

Important to note the validation failed in “Validate Storage Spaces Persistent Reservation” test. Google search brought an article from Microsoft  Clustering Team Blog: http://blogs.msdn.com/b/clustering/archive/2013/05/24/10421247.aspx

The bottom line: if you are not planning to use Storage Spaces (introduced with Server 2012) in your cluster – the warning can be safely ignored. Otherwise storage firmware and drivers should be updated.

 

Here is a quote from the article:

“Question:  What should I do when I get this warning?

Check the disks that are identified in the warning message and verify whether you will ever want to use those disks with Storage Spaces.

If you want to use the disks with Storage Spaces on the cluster, then you should check your storage configuration and documentation to see if there are settings or firmware/driver versions required to support clustered storage spaces.  

If you aren’t going to use Storage Spaces with this cluster and storage, and the other storage validation tests indicate the tests passed, then you can ignore this warning.”

SCCM: OSD on Lenovo M83

I downloaded a driver pack for M83 model from Lenovo website , imported it in SCCM and tried to deploy my Win 7 image.

After driver installation the process stopped on the first boot with error:

Driver ipf63x64.inf is missing or corrupted

It looks like a known issue for Lenovo community http://forums.lenovo.com/t5/Enterprise-Management-IT/Introducing-ThinkPad-Driver-Packs-for-SCCM/td-p/800691/page/9

 

Resolution:  I removed all FCoE-related components (net, SCSI and system classes) from my driver pack (for that you need to find all drivers under “Drivers” node, right-click Edit-Package and clear a checkbox corresponding to your package. Updated the package on DPs. I actually left just one network friver from multitude provided by Lenovo in the driver pack.

After that installation passed successfully.

 

As a side note – the pack from Lenovo did not impress me too much – it looks like manufacturer put all available drivers there and did not bother to test it.

Driver Grabber in its turn missed some drivers (for example Lenovo Application Integration driver – LBAI.sys).

SCOM 2012 R2: Prerequisites installation script

Inspired by this script  by Richard Qi I created a modified version for SCOM 2012 R2 on Windows Server 2012. The difference is Report Viewer 2012 (and its prerequisite – SQL Control Types)

Here is the script content (copy it to .ps1 file and run from Power Shell)

NOTE: ReportViewer URL is updated April 14th 2014

#This section installs the .NET and IIS Prereqs for Windows Server 2012#
Import-Module ServerManager
Add-WindowsFeature NET-Framework-Core,AS-HTTP-Activation,Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web-Http-Logging,Web-Request-Monitor,Web-Filtering,Web-Stat-Compression,AS-Web-Support,Web-Metabase,Web-Asp-Net,Web-Windows-Auth –restart#This section will download SQL System CLR and the Report Viewer 2012 Runtime Prereq for Windows Server 2008 or Windows Server 2012#
#to a folder called C:\SCOM2012SP1Prereqs. Once the file has been downloaded it will automatically install       #

$dwnld = “C:\SCOM2012SP1Prereqs”
if (!(Test-Path -path $dwnld))
{
New-Item $dwnld -type directory
}
$object = New-Object Net.WebClient

$RPTurl = ‘http://go.microsoft.com/fwlink/?LinkID=239644&clcid=0×409′
$object.DownloadFile($RPTurl, “$dwnld\SQLSysClrTypes.msi”)
Start-Process -FilePath “msiexec.exe” -ArgumentList ” -i $dwnld\SQLSysClrTypes.msi /qb” -Wait

$RPTurl = ‘http://download.microsoft.com/download/F/B/7/FB728406-A1EE-4AB5-9C56-74EB8BDDF2FF/ENU/x86/ReportViewer.msi
$object.DownloadFile($RPTurl, “$dwnld\ReportViewer.msi”)
Start-Process -FilePath “msiexec.exe” -ArgumentList ” -i $dwnld\ReportViewer.msi /qb” -Wait

SCOM 2012: How to test e-mail notification channel in SCOM

A nice step-by-step from Microsoft is here. In addition to test the channel gives an example of basic operations.

SCOM 2012: Set-SCOMLicense cmdlet fails

I attempted to add my SCOM Product key to SCOM 2012 R2 installation using Set-SCOMLicense cmdlet as recommended by setup program.

It failed with the following error:

Requested registry access is not allowed

SNAGHTML209a8903

solution is to start a standard (non-SCOM) Power Shell as Administrator, run “Import-Module OperationsManager“  and retry Set-SCOMLicense from that window.

the solution was found in Michael’s blog  here

SCOM 2012: Setup failed–Account validation error

SCOM 2012 R2 installation failed with the following error:

One or more accounts provided could not be validated. Please provide valid user names and passwords

image

 

Only one account validation failed. This account was created while setup application was running; other accounts were pre-created.

To bypass the error I used one of pre-created accounts instead of the new one and the error disappeared.

SCOM: How to set Agent Proxy on all Clients

Ken posted a nice PowerShell script that can be ran on a scheduled basis to set it up (requires a single parameter – RMS name)

 

param($RMS)
## prepare OpsMgr shell 
if ((Get-PSSnapin | Where-Object {$_.Name -eq 'Microsoft.EnterpriseManagement.OperationsManager.Client'}) -eq $null) 
{ 
   Add-PSSnapin Microsoft.EnterpriseManagement.OperationsManager.Client -ErrorAction SilentlyContinue -ErrorVariable Err 
   if ($Err) { $(throw write-Host $Err) } 
} 
if ((Get-ManagementGroupConnection | Where-Object {$_.ManagementServerName -eq $RMS}) -eq $null) 
{    
   New-ManagementGroupConnection $RMS -ErrorAction SilentlyContinue -ErrorVariable Err 
   if ($Err) { $(throw write-Host $Err) } 
} 
if ((Get-PSDrive | Where-Object {$_.Name -eq 'Monitoring'}) -eq $null) 
{ 
   New-PSDrive -Name: Monitoring -PSProvider: OperationsManagerMonitoring -Root: \ -ErrorAction SilentlyContinue -ErrorVariable Err 
   if ($Err) { $(throw write-Host $Err) } 
} 
Set-Location Monitoring:\$RMS

## connect to management group 
$ManagementGroup = New-Object Microsoft.EnterpriseManagement.ManagementGroup($RMS) 
$ManagementGroup.Reconnect()

## set proxy enabled for all agents where it is disabled
$NoProxy = get-agent | where {$_.ProxyingEnabled -match "False"}
$NoProxy|foreach {$_.ProxyingEnabled=$true}
$NoProxy|foreach {$_.ApplyChanges()}

ADFS: Integration with VMWare Virtual Cloud Director

 

Milos and I tested an integration between VMWare Virtual Cloud Director (VCD) and Microsoft SSO implementation – ADFS installed on Windows Server 2012 R2. We used this ARTICLE in Dutch as a guidance.

1. Install ADFS role on 2012 R2 Server

2. Plan a name for ADS services. The name cannot be the same as the server name: if your server called server1.yourdomain.com call ADFS as sso.yourdomain.com  for example. Think abut external name if applicable. Request a certificate with EKU = Server Authentication (from WEB template) for the server. ADFS supports wildcard certificates or add all your ADFS service names to it as Subject Alternative Names (SANs)

3. Create an account for ADFS or use Group Managed Service Account (GMSA).

3.1 To create a GMSA:

Add-KdsRootKey –EffectiveTime (Get-Date).AddHours(-10)
New-ADServiceAccount FsGmsa –DNSHostName server1.yourdomain.com -ServicePrincipalNames https/server1.yourdomain.com

3.1 Create a test user in AD and set its email. Email is important it will be used for claims.

4. Add KDS Root Key (if not added with GMSA)

Add-KdsRootKey –EffectiveTime (Get-Date).AddHours(-10)

2. Go to ADFS roles and Click Additional Configuration Required. Configure ADFS (default configuration with Internal Database)

3. Add SSO.yourdomain.com to your DNS to be sure both VCD and Clients can resolve it.

4. After installation go to https://sso.yourdoamin.com/FederationMetadata/2007-06/FederationMetadata.xml and save it.

———————————   VCD SIDE   ———————————————-

5. Log on to VCD as administrator https://vcd.yourdomain.com/cloud/org/yourorg/.

6. Go to Administration-Federation

7. Select SAML Identity Provider

8. Copy content of XML file saved in step 4.

9. Go to User Management – Import Users and import a user as SAML User  with Name ID matching to e-mail of the user in Active Directory. For example user@yourdomain.com

10. Open Internet Explorer and navigate to https://vcd.yourdomain.com/cloud/org/yourorg/saml/metadata/alias/vcd save the file.

11. Copy vcd file to ADFS as vcd.xml

————————————————–  ADFS Part   ————————————————————–

12. Configure Relying Part Trust

12.1 login to ADFS as a Domain Administrator

12.2 Open ADFS Management Console

12.2 Right-Click “Relying Party Trust” and select “Add Relying Party Trust”

12.3 Click Start

12.4 Select “Import data about the relying party from a file and point the Wizard to the file saved in step 11

12.5 Click Ok in Warning Window

12.6 Add a Display name (for ex. VCD)

12.7 Do not add Multi-factor authentication or rules. Just finish the Wizard.

12.8 Right-Click newly created Relying Party Trust and select Properties

12.9 Under Advanced tab switch Hash Algorithm to SHA-1

i13. n original step it is marked as Optional but we found iintegration does not work without it. So, open PowerShell as Administrator and run:

Add-PSSnapin Microsoft.Adfs.Powershell       <—– NOT REQUIRED FOR Server 2012 R2
Set-ADFSRelyingPartyTrust -TargetName “vCD” -EncryptClaims $False

14. Configure ADFS Claims

14.1 Right-Click Relying Party Trust created in step 12. And select Edit Claim Rules

14.2 Click Add Rule

14.2.1 Select Send LDAP Attribute as Claims; Click Next

14.2.2 Add Claim Rule Name (for example “LDAP Attribute E-Mail Address”)

14.2.3 Select Active Directory as Attribute Store

14.2.4 In LDAP Attribute column select “E-mail Addresses”

14.2.5 In Outgoing Claim Type select “E-Mail Address”

14.2.6 Click Finish

14.3. Click Add Rule again

14.3.1 Select Transform an Incoming Claims; Click Next

14.3.2 Add Claim Rule Name (for example “Transform an incoming claims”)

14.3.3. In Incoming Claim type select “ E-MAil Address”

14.3.4 In Outgoing Claim Type select “Name ID”

14.3.5 Verify Pass through all claim values is selected

14.3.6 Click Finish

At this point you should have two rules like this:

 

image

ADFS is configured and you should be able to connect to VCD via ADFS

Server 2012 R2: File Server Cluster Migration

 

I need to migrate a File Server hosted by Windows 2008 R2 Storage Server to a new 2012 R2 cluster

This GUIDE was used as informational base.

NOTE: In my test environment I do not have mount points on clustered disks so I am not sure if that scenario will work.

I have two 2008 R2 Storage Servers clustered with a File Server Clustered Resource set:

image

I can access the shares:

image

For test purposes I added a user to Share permissions and customized rights

image

 

I also built a fresh 2012 R2 Cluster (without File Server Role)

image

 

Migration:

0. In AD check the Cluster accounts have full rights to File Server accounts. Especially 2012 Cluster account to 2008 File Server Account. I.e. if my 2012 Cluster name is demvhvw12cl and my 2008 File Server Cluster called demvhvw2k8cfs I provide Full rights to demvhvw12cl  on demvhvw2k8cfs

image

1. Microsoft recommends to check if Cluster networks are configured properly – there is no Cluster communication on Storage network, for Example:

2008 Cluster:

image

 

2012 Cluster:

image

2. Start Migration Wizard from 2012 Cluster:

image

3. Select cluster to migrate FROM

image

4.  Select a role to migrate (you can take a look at Reports to see what can be migrated)

image

5. Verify configuration and start migration

image

6.

image

7. Check if migration was successful (use “View Report” button)

image

8. Put File Server role OFFLINE on W2k8 Cluster (source cluster)

image

image

9. Disconnect data LUNs from the source Cluster and connect them to the new one:

I am using ISCSI on W2k12 Server. On the screenshot it is reconnected to 2012 Cluster nodes:

image

Refresh ISCSI initiator on all nodes of W2k8 Cluster and 2012 Cluster and Connect LUNs to 2012 nodes (to ALL nodes!):

2008 Cluster nodes should look like:

image

2012 nodes:

image

10. Check what 2012 node is File Server Role owner

image

and bring connected LUNs online (all Data LUNs) on that machine (from Computer Management/Disk MAangement:

image

image

11. Start File Server Role on 2012 Cluster (right-click – Start Role):

image

12. Check the disk resources and shares are available:

File Server Name resource and IP address should be migrated

image

13. Check if custom permissions are migrated (right-click the test Share and go to Properties/Permissions)

image

14. Try to connect to the share from a test machine to be sure File Server is up and running on the new Cluster:

Auto-fill is working (good sign):

image

and files are there:

image

15. Remove File Server Resource from the old Cluster:

image

Follow

Get every new post delivered to your Inbox.