IT Consultant Everyday Notes

Just some problems/solutions storage

Lync: Presence information is missed in Outlook

One day I noted Presence information is no longer available in my Outlook.

I tried to apply KB https://support.microsoft.com/en-us/kb/2726007 but that did not help

Resolution: it turned out Cisco Jabber installed recently switched  “DefaultIMApp” under HKEY_CURRENT_USER\Software\IM Providers to “Cisco Jabber”. I changed it back to “Lync” (without quotation) and presence is back Smile

Windows 7: April 2016 Convenience Pack

How to integrate all post SP1 updates to your Win 7 SP1 media. Great time saver!

http://www.fosund.com/slipstream-the-convenience-rollup-update-april-2016-with-windows-7-enterprise-x64/

Bitlocker: Disable protection of system drive during Microsoft updates

 

Here is an elegant technique to automate Bitlocker protectors disable while Microsoft updates are installing.

This was shared by one of Microsoft Support Engineers.

 

Sometimes Microsoft updates can introduces changes locking the machine. To avoid that you can disable protectors for update time and re-enable them after.

To do that you can use Scheduler and monitor for Windows Updates event.

We need to create two scheduled tasks (either locally or using GPO):

image

First one is Suspend Bitlocker

SNAGHTML5837d2f

It will start on Event

image

When MSInstaller starts Windows Updates it generates Event ID 1040

image

At that event we want to run a command to suspend protectors on C:

image

image

The second Scheduled Task is similar except Event ID we monitor and action.

When updates are installed an Event ID 1042 is issued

image

We are going to resume protectors at that event:

image

 

Note: The machine will have protectors in suspended state during Microsoft updates (they will be resumed after installation finish or after reboot), so it is a potential breach in your security. Use it on your own risk!

Azure: Regional Data Center is not available for resource deployment

Recently Microsoft made Canadian Data Centres available and I tried to put some workload there.

I tried to create a Resource Group and figured out Canada Central is not an available region to place RG into.

After googling/troubleshooting I was found a Microsoft.Compute provider must be re-registered for my Azure subscription. So I made it from PowerShell:

Register-AzureRmResourceProvider -ProviderNamespace Microsoft.Compute

After some time Canadian region appeared for Resource Group, Storage Account and VM resources. But, when I tried to add a VNet to the RG Canada Central was not available for that resource again.

After some troubleshooting with help of Microsoft it turned out Microsoft.Network should be re-registered too

Register-AzureRmResourceProvider -ProviderNamespace Microsoft.Network

Lesson learnt: if anything else will not be available for my region I probably need to find a resource provider to restart.

Azure: Amazon-Azure feature comparison

Microsoft published it her: https://azure.microsoft.com/en-us/campaigns/azure-vs-aws/mapping/

remember both platforms are constantly changing.

SCCM: List of SQL views you may need for SCCM CB (1602) custom reports

SCCM: SCCM CB–list of communication ports

 

SCCM_CB_Intune_Architecture_Diagram

 

Excel spreadsheet can be downloaded from:  https://gallery.technet.microsoft.com/List-of-SCCM-ConfigMgr-CB-d8c72077

Azure: Azure Site Recovery (ASR). Virtual Network is NOT assigned to a migrated machine.

I set up ASR to protect my VMWare-based VM and tried to use “Test-Failover” to verify the machine can be successfully restored.

SNAGHTML75a3c8

The “Test-Failover” wizard has only one question – what Virtual Network use to restore the VM (it is not recommended to use a Production networks since this is the test).

SNAGHTML772855

so I selected my ASR-failover-test network and start the Test Failover.

When the VM was restored and started I assigned a RDP endpoint (another surprise, even though the machine is created endpoints are not set by default).

When I RDPed to the VM I found assigned IP is from a random 100.x.x.x range, not from the VNet I indicated.

From several troubleshooting attempts I opened a case with Microsoft.

 

Resolution:

For unknown reasons, after you set up a Protection Group and add a VM to protect to this group you need to go to Configuration Tab in Properties of that VM and set up ANY Microsoft Azure Vnet there manually (by default it is set to “Not Connected”

SNAGHTML7ce7a5

Save the settings and wait for operation to complete.

 

After that if you select a VNET in “Test Failover” Wizard that VNET will be assigned properly and a VM will get a proper IP.

Thank you Microsoft for the help.

Azure: How to save drive letters during Azure Site Recovery (ASR)?

Update: Article is working for Classic ASR only. For Enhanced ASR Microsoft added the policy to the recovered machine automatically, so you do not need to tweak the policy in on-prem machine.

 

By setting the SAN policy to “OnlineAll,” you can make sure that the drive letter is maintained when the virtual machine starts to run in Azure (i.e. you will have Drive D: assigned to your drive and Azure scratch disk will be at the end).
To view the current SAN policy from the guest system, follow these steps:

  1. On the VM (not on the host server), open an elevated Command Prompt window.
  2. Type diskpart.
  3. Type SAN.

If the drive letter of the guest operating system is not maintained, this command returns either “Offline All” or “Offline Shared.”
To make sure that all disks are brought online and are both readable and writeable, set the SAN policy to OnlineAll. To do this, run the following command at the DISKPART prompt:

SAN POLICY=ONLINEALL

After you make this change, wait for the Copy Frequency (Recovery Point Objective) value to be configured to make sure that the changes are replicated to Azure. Then, run a test failover to verify whether the drive letters are preserved.

 

This Microsoft Article is gold!

 

Update: Article is working for Classic ASR only. For Enhanced ASR Microsoft added the policy to the recovered machine automatically, so you do not need to tweak the policy in on-prem machine.

SCCM: Downloading updates fails zero percent complete

From Steve Thompson’s blog:

Examined a server recently that refused to download deployed security updates. This server was also a Distribution Point in a remote location. Further, this site is running CM Current Branch read more

Follow

Get every new post delivered to your Inbox.