Pages

Friday, 9 September 2011

Citrix XenApp6 Discovery Fails “Errors occurred when using CTXS-XA1 in the discovery process” An Unexpected Error Occurred

xenapp6discoveryfails2

This error may appear when you try to run the discovery process using the Xenapp6 evaluation VHD. I was using the VHD on Hyper-V and decided to change over to VMWare VSphere. I managed to convert the virtual machine to be used on VMWare (using the Standalone Converter http://downloads.vmware.com/d/info/infrastructure_operations_management/vmware_vcenter_converter_standalone/5_0). That worked fine but the problems started when trying to use XenApp 6 on a VM hosted on Vsphere. I tried using the local Administrator account (the one used to create the original image) but could not run the discovery process using Citrix Delivery Services Console. I then tried this:

  1. Logon as the local Administrator
  2. Try to run the discovery process
  3. If it fails (as it did for me) open a command console
  4. Change directory to the following path: C:\Program Files (x86)\Citrix\Independent Management Architecture
  5. Type the following command: dsmaint config /user:administrator /pwd:Evaluation1 /dsn:"c:\Program Files (x86)\Citrix\Independent Management Architecture\mf20.dsn"
  6. For the password use your local administrator account password
  7. You will see the following output:

    Attempting to connect to the data store with new configuration settings.
    Successfully connected to the data store.
    Configuration successfully changed.
    Please restart the IMA Service for changes to take effect.

  8. Open Services in Admin Tools and stop the Citrix Independent Management Architecture
  9. Using the same command console type the following command: dsmaint recreatelhc
  10. Now restart the Citrix Independent Management Architecture service
  11. Try the discovery process again and it should work!

Thursday, 8 September 2011

Reset Licence Administration Console Password Citrix XenApp 6

If you need to change the administration account (Admin) for Citrix XenApp 6, try the following steps:

  1. Locate the Server.xml file (C:\Program Files (x86)\Citrix\Licensing\LS\conf)
  2. Edit with WordPad
  3. Locate the following entry <user firstName="System" id="admin" lastName="Administrator" password
  4. Delete the encrypted password between quotation marks
  5. Replace with a clear text password of your choice
  6. Set passwordExpired to True
  7. Save the xml file
  8. Restart the Citrix Licensing service
  9. Open the Licence Administration console once more and select Administration
  10. Logon using using the new password. You will be requested to change the password.
  11. Hey Presto!

Sunday, 4 September 2011

Citrix XenApp 6 Fundamentals Installation Has Failed

I had a problem installing XenApp Fundamentals. During the installation process I received an installation error that indicated that the installation had failed and that I should check the ‘Citrix Access Essentials Install Log.txt’

I presumed that installing the program on Server 2008 R2 would be enough. However the setup that finally worked for me was as follows:

  1. Install a fresh 2008 R2 member server
  2. Do not install any roles, features or Windows updates
  3. Configure the correct network settings
  4. Disable the firewall (I prefer this but you may not be able to!)
  5. Join the server to your existing AD domain
  6. Install the .NET 3.5.1 Feature using the Server Manager
  7. Install the Remote Desktop Host services role using Server Manager
  8. Run the Citrix XenApp 6 Fundamentals Installation

If you follow the above procedure, you should be OK. Also when applying a licence, make sure that the name you use is matches the NetBIOS name of the server (case-sensitive).

Wednesday, 24 August 2011

Move Arbitration Mailboxes In Exchange 2010

Quite simple really. I have found that in certain situations, (help in backup) I have needed to delete databases (perhaps several databases exist on a single drive). You can move mailboxes from one database to another simply by typing the following cmdlet:

[PS] Get-Mailbox –Database TheDatabaseID  | New-MoveRequest –TargetDatabase TheDatabaseID

Now this will move the ‘regular’ mailboxes but not those marked as arbitration mailboxes. You can identify those by using the following:

[PS] Get-Mailbox –Database TheDatabaseID –Arbitration

Now you know what mailboxes to look out for, move them to the database of preference.

[PS] Get-Mailbox –Database TheDatabaseID –Arbitration | New-MoveRequest –TargetDatabase TheDatabaseID.

And then check that the arbitration mailboxes have been moved to an alternative database. You can also check out the move requests themselves:

[PS] Get-MoveRequest

Now that the mailboxes (hidden ones included) have been moved, try deleting the database now. It should work but remember that you will still have to remove the database files manually.

For Matt and Mark!

Sunday, 21 August 2011

Exchange 2010 MountDial

The setting is set per server. You can determine the value on your server by typing the following cmdlet:

[PS] Get-MailboxServer | FL Name,AutoDatabaseMountDial

MountDial determines if a passive copy of a DAG can automatically come online based on how many log files being copied to it. If you run the above command, you will see one of several values for AutoDatabaseMountDial including:

  1. BestAvailability
  2. GoodAvailability
  3. Lossless

These mean the following:

BestAvailability

If you specify this value, the database automatically mounts immediately after a failover if the copy queue length is less than or equal to 12. The copy queue length is the number of logs recognized by the passive copy that needs to be replicated. If the copy queue length is more than 12, the database doesn't automatically mount. When the copy queue length is less than or equal to 12, Exchange attempts to replicate the remaining logs to the passive copy and mounts the database.

GoodAvailability

If you specify this value, the database automatically mounts immediately after a failover if the copy queue length is less than or equal to six. The copy queue length is the number of logs recognized by the passive copy that needs to be replicated. If the copy queue length is more than six, the database doesn't automatically mount. When the copy queue length is less than or equal to six, Exchange attempts to replicate the remaining logs to the passive copy and mounts the database.

Lossless

If you specify this value, the database doesn't automatically mount until all logs that were generated on the active copy have been copied to the passive copy.

BestEffort

This will mount no matter the copy queue length. Be careful with this setting as you could loose a lot of mailbox data!

 

To manually switch from passive to active type the following cmdlets:

[PS] Move-ActiveMailboxDatabase DB4 -ActivateOnServer MBX3 -MountDialOverride:None
As the MountDialOverride property is set to ‘none’ whatever is currently set (probably the default) remains. 
The default on my server is GoodAvailability. So, replace none with one of the three options listed above to change this.
Read an earlier post regarding DAGs 
Ref.

Saturday, 20 August 2011

How to Export Exchange 2010 Queues

You can use the Shell to export messages from a queue on a computer that has the Microsoft Exchange Server 2010 Hub Transport server role or the Edge Transport server role installed to a specified file path. You can't use Queue Viewer to perform this task. However, you can use Queue Viewer to locate, identify, and suspend the messages before you perform this task.

Messages that get ‘stuck’ in a queue can be exported to a folder and you can later resubmit the messages once you fix the mail flow problem. To export a message (or all messages in a queue) you should first suspend the queue. Suspension does not prevent messages entering the queue, but it will stop them leaving. The following cmdlet suspends the queue.

[PS] Get-TransportServer | Get-Queue

This command will show you the queues on your transport servers (you may have more than one in your site).

You might have an example where your messages are failing to be sent because of name resolution:

 

q1

 

You can see that the DeliveryType is set to DNSConnectorDelivery. The messages are queued for delivery to an external recipient by using an SMTP connector that's located on the local server and that's configured to use Domain Name System (DNS) for routing resolution.

To export the messages, first suspend the queue:

[PS] Suspend-Queue –Identity SRV1\20

Now that the queue is suspended you suspend the messages.

[PS]Get-Queue -Identity srv1\20 | Get-Message -ResultSize unlimited | Suspend-Message –Confirm:$False

-ResultSize unlimited is used as the default is set to 1000.

Now the messages are suspended you can export them. To see the list of messages in the queue type the following:

[PS] Get-Queue -Identity srv1\20 | Get-Message -ResultSize unlimited

The status should show the messages are suspended and you should see the Email subject heading and from address. Notice how the message ID is created and includes the Queue ID.

Now to export a single message:

[PS] Get-Message -Identity srv1\20\75 | AssembleMessage -Path c:\exportfolder\email1

 

To export all the messages from the queue is a bit more complicated. Try the following:

  • [PS] $array = @(Get-Message -Queue srv222\20 -ResultSize unlimited)
  • [PS] $array | ForEach-Object {$i++;Export-Message $_.Identity | AssembleMessage -Path ("c:\exportfolder\"+ $i +".eml")}

The above cmdlets will produce .eml files in c:\exportfolder\ with names like 1.eml, 2.eml. At a later stage you can ‘import’ the messages back into the submission queue by using the replay directory. The Replay directory receives messages from foreign gateway servers and can also be used to resubmit messages that administrators export from the queues of Exchange 2010 servers. Read this post for more.

Tuesday, 16 August 2011

How to Change the Version of Windows 2008 r2 Standard to Enterprise Without Reinstalling

Useful procedure for changing the product version of windows 2008 r2 standard to enterprise without reinstalling from media.

To determine the installed edition, run:
DISM /online /Get-CurrentEdition

To check the possible target editions, run:
DISM /online /Get-TargetEditions

Finally, to initiate an upgrade, run:
DISM /online /Set-Edition:<edition ID> /ProductKey:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX

For example, to upgrade to Enterprise from a downlevel version, run:
DISM /online /Set-Edition:ServerEnterprise /ProductKey:YOUR SETUP KEY

(Thanks to Kimani and Jon)

Friday, 12 August 2011

Role-Based Access Control (RBAC) Exchange 2010 Legal Hold and Discovery Search

RBAC can be used to allow administrators to perform a specific exchange task by being assigned a management role that has permissions to perform the task. Administrators can be assigned these roles directly, or multiple roles can be grouped together into management role groups. Management role groups are infact AD universal security groups. As you will see however, Exchange administrators should NOT be added to these groups using AD tools directly!

Each management role consists of management role entries. A management role entry is an EMS cmdlet or a script that users in a management role can execute.

For a list of management roles, type the following cmdlet:

[PS] Get-ManagementRole | Get-ManagentRoleEntry

The list you will see has quite a few roles!

If you take just one role for example, say ‘databases’ you will begin to see what's involved:

[PS] Get-ManagementRole –Identity Databases | Get-ManagementRoleEntry

mr1

So, users are assigned a management role (that can execute scripts that are defined by management role entries) by being assigned to a management role group. This can be very useful. For example we can create a management role group that only allows users to create exchange recipients. After we create the group and add users, management role(s) are then assigned to the group.

Several role groups exist in Exchange 2010 by default.

[PS] Get-RoleGroup

mr2

If we take a single role group for example ‘Help Desk’

[PS] Get-RoleGroup –Identity “Help Desk” | fl

The will list associated parameters for this group.

mr3

As you can see from the above screenshot, the roles assigned to the Help Desk management role group are shown. These are ‘User Options’ and ‘View Only’. You can also see under role assignments that it shows that these roles are assigned to help-desk! These default role groups can be found in AD in the Microsoft Exchange Security Groups

To add users to the role group of Help Desk use the following cmdlet:

[PS] Add-RoleGroupMember –Identity “Help Desk”  -Member “Andrew Stevens”

This will add Andrew Stevens to the Help Desk role group. To determine the membership of the management role group try the following:

[PS] Get-RoleGroupMember -Identity "Help Desk"

This is great if the Help Desk group has the needed management roles assigned to it. From the screenshot above this includes management roles of “User Options” and View-only Recipients”.

User Options is a management role with the following management role entries, determined by typing the following:

[PS] Get-ManagementRole -Identity "User Options" | Get-ManagementRoleEntry

mr4

View-Only Recipients is a management role with the following management role entries, determined by typing the following:

[PS] Get-ManagementRole -Identity "View-only Recipients" | Get-ManagementRoleEntry

mr5

So you can see what Andrew Stevens can do having been placed in the Help Desk group.

 

You can also customize a role group to contain the roles that you need if you find the default roles assigned to a group do not fit correctly. If you find yourself changing the roles assigned to the default groups beyond recognition you might as well create a new group.

So, to add a role to an existing group try the following:

[PS] New-ManagementRoleAssignment -SecurityGroup "Help Desk" -Role "MailBox Import Export"

Now type the following again to determine the roles now ‘held’ by the Help Desk group:

[PS] Get-RoleGroup –Identity “Help Desk” | fl

You will notice that the RoleAssignments has changed to include Mailbox Import Export!

To remove the assignment type the following:

[PS] Remove-ManagementRoleAssignment -Identity "Mailbox Import Export-Help Desk"

If you need to you can create a role group from scratch. Lets create a role group called London Help Desk and assign roles to the group:

[PS] New-RoleGroup "Help Desk London" -Roles "User Options","View-Only Recipients"

Try the Get-RoleGroup cmdlet and you should see it listed.

So far the London help Desk team have the role of View-Only recipients and User Options. This is no different to the default Help Desk assignments. However you can add to it

[PS] New-ManagementRoleAssignment -SecurityGroup "Help Desk London" -Role "MailBox Import Export"

 

Legal Hold

An interesting role is Legal Hold. A legal hold in Exchange 2010 will keep e-mails even if the user tries to delete them. Note, the user will think the e-mail is deleted. The only way to actually see the e-mails is by doing a discovery search, and opening the discovery mailbox.

The legal hold role has the following assignments:

[PS] Get-RoleGroup | Where-Object {$_.roleassignments -match "Legal Hold"}

The output will show you that both Organization and Discovery Management groups have this role by default.

To grant our London Help Desk team Legal Hold type the following cmdlet:

[PS] New-ManagementRoleAssignment -SecurityGroup "Help Desk London" –Role “Legal Hold”

Type the following cmdlet for confirmation:

[PS] Get-RoleGroup | Where-Object {$_.roleassignments -match "Legal Hold"}

You should now see Help Desk London listed.

To turn this feature on we need to enable it for specific mailboxes. First you must have the role to do so. As mentioned, those in the Organization Management (and Discovery Management) have the Legal Hold role assigned. If you are doing this as a Domain Administrator then you are a member of Organization Management already.

[PS] Get-RoleGroup -Identity "Organization Management" | ft name,members

Now, determine which recipients you wish to define Legal Hold to and type the following:

[PS] Set-Mailbox –Identity “A User” –LitigationHoldEnabled $True

To check to see which mailbox has been enabled, type the following cmdlet:

[PS] Get-Mailbox  | ft name,lit* –au

 

Performing a Discovery Search

You can still find and open the deleted emails using a discovery search. A discovery search can be made against any organisation mailbox (not just those on litigation hold). Here’s what happens:

  1. User deletes a message.
  2. The message moves to a 'Deleted Items' folder. At this point the user can see the deleted messages and can move the deleted message back to the inbox. This is known as a 'soft delete'. Messages can also be moved to the 'dumpster' by emptying the deleted items folder.This is a 'hard delete'.
  3. Message moves to the 'Dumpster'. This removes the message from view. Deleted item retention is 14 days by default. Users can still recover items by using the recover deleted items tool (right click deleted items in OWA and select 'recover deleted items')
  4. If the end user purges data from the "Recover Deleted Items" view (hard delete from the Recoverable Items\Deletions folder), the item will be moved to the Recoverable Items\Purges folder. The purges folder is a special folder that sits within the dumpster. The user will not be able to see the deleted message from this folder. However administrators granted the rights to perform 'discovery searches' can search through the purges folder and restore deleted items.

Enabling Litigation Hold means that items never will be purged from the “Purges” subfolder, which of course results mailboxes growing considerably in size over time!

To perform a discovery search perform the following steps:

1. Perform a discovery search for the item you need to restore. This first involves navigating a browser to https://servername/ecp. This is on the CAS role (ecp is the exchange control panel). In Figure 1, the user ‘Al Pacino’ is in the LegalAdmins role group. This group has been assigned the roles ‘User Options and View-only Recipients’ (which is the same as the default Help Desk role). At this point Al cannot perform a discovery search and this is his ECP view (only Users & Groups). 

mr6

2. Assign the Mailbox Search role to the LegalAdmins group using the following cmdlet: [PS] New-ManagementRoleAssignment -SecurityGroup LegalAdmins -Role "Mailbox Search"

mr7

3. The above screenshot shows us the ECP view after applying this step. You can now see that the ‘Reporting’ link is shown. Select this link.

mr8

4. After you select this link you should see a similar view as shown above. Remember that you can also add a user to the Discovery Management role group instead of creating a group and assigning roles to it.

Select 'New'.

m11

5. As you can see there are a number of search methods. Select mailbox to search and select the user mailbox that has purged deleted items.

6. Provide a search name

7. Select 'Select a mailbox in which to store the search results' and choose the 'Discovery Search Mailbox' and click save.

8. After the search has completed (you may have to refresh) select the link that says open by the results output on the right hand side.

9. If you cant open the discovery search mailbox, you will need to grant the user access to it by typing in the following:

[PS] Add-MailboxPermission DiscoverySearchMailbox -User al -AccessRights FullAccess
NB. I changed the alias of the mailbox to this simpler name

10. You should now be able to open the discovery search mailbox. Once opened, navigate on the left to the search name and open the sent\deleted items folder. You should be able to find the item that was purged.

NB. If you wish you can create a new discovery search mailbox by using the following cmdlet:

[PS] New-Mailbox "HelpDeskDiscovery" -UserPrincipalName HelpDeskDiscovery@yourcompany.com –Discovery.

[PS] Add-MailboxPermission HelpDeskDiscovery -User al -AccessRights FullAccess

 

In the above example, our test user Al, can perform the discovery search and open the discovery search mailbox to find deleted items.

Thursday, 4 August 2011

RMS Shared Identity user FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042 Not Found

Having removed an Exchange Server (and arbitration mailboxes), reinstalling a second  Exchange 2010 can be problematic. The deletion of the discovery mailbox will mean that the reinstallation of your Exchange 2010 server will fail. Run the following command:

[PS] New-Mailbox -Arbitration -Name FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042 -UserPrincipalName FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042@<Default_Accepted_Domain>

This should allow you to now rerun the installation program without failure.

Wednesday, 3 August 2011

Cannot Uninstall Exchange 2010 Because of Arbitration Mailboxes

To list the arbitration mailboxes type the following command:

[PS] Get-Mailbox –Database database name  -Arbitration

This will list all the mailboxes that can be moved or removed.

To move them to another database, type the following command:

[PS] Get-Mailbox -Arbitration -Database db1 | New-MoveRequest -TargetDatabase db2

To remove the mailboxes, type the following command:

[PS] Get-Mailbox -Arbitration -Database db1 | Remove-Mailbox -Arbitration –RemoveLastArbitrationMailboxAllowed

Once you do this hopefully you should be able to uninstall Exchange using the Control panel

Monday, 18 July 2011

SQL Backup Strategies Part 2 How To Backup and Restore…

In a previous post I tried to detail some appropriate backup strategies.  This post builds on these concepts and provides some practical details on what to do.

Perform Full Database Backups

A full database backup is a page-level copy of the entire database to backup media. You can execute a full database backup using any recovery model (i.e Simple, Bulk-Logged or Full).

To perform a full backup use the following:

USE master;
GO
BACKUP DATABASE CompulinxDB
TO DISK = ‘D:\Backups\compulinxFULL.bak’
WITH RETAINDAYS = 7, INIT;

RETAINDAYS does not actually delete anything, it is just marking the file to tell SQL Server not to overwrite this file before the retain time is up (in the above case 7 days).

INIT This option indicates that SQL Server will overwrite any existing backups on the target media with new backups. In other words, the backup that you are taking with this statement will be
the initial backup on the media.

 

It is considered good practice to ‘stripe’ the backup to two files on separate disks (and even controllers).  So, the following syntax can be used

USE master;
GO
BACKUP DATABASE CompulinxDB

TO DISK = ‘D:\Backups\compulinxFULL.bak
DISK = ‘E:\Backups\compulinxFULL.bak
INIT;
GO

 

Differential Backup

The following can be used to make differential backups. Here the differential is appended to media containing the full backup:

USE master;
GO
BACKUP DATABASE CompulinxDB

TO DISK = ‘D:\Backups\compulinxFull.bak’
WITH DIFFERENTIAL,
RETAINDAYS = 7, NOINIT;
GO

Notice the use of the command NOINT. This option indicates that SQL Server will append this backup to any other backups on the target media. This option allows you to take multiple backups and target them to the same media set.

 

Perform Transaction Log Backups

Transaction log backups allow the DBA to manage the transaction log size while not requiring the overhead of taking frequent database backups. This is especially useful for large databases that are only moderately volatile. Before you will be able to take a valid Transaction log backup, you must do two things:

  1. Make sure that the recovery model is set to Full or Bulk-Logged
  2. Take a full database backup that will act as the initial point in the recovery process.

Try using the following T-SQL syntax:

USE master;
GO
BACKUP LOG CompulinxDB
TO DISK = ‘D:\Backups\compulinxTLOG.bak’
WITH INIT;
GO

Notice the use of LOG. If you wanted to take a subsequent backup of the transaction log and append it to the existing media, the statement would look like this:

USE master;
GO
BACKUP LOG CompulinxDB
TO DISK = ‘D:\Backups\compulinxTLOG.bak’
WITH NOINIT;
GO

At this point, if the database were damaged due to a corruption or loss of a data device, you would have to capture the orphaned log. You can do this with the following:

USE master;
GO
BACKUP LOG CompulinxDB
TO DISK = ‘D:\Backups\compulinxTLog.bak’
WITH NOINIT, NO_TRUNCATE, NORECOVERY;
GO

The above syntax has some new points to consider. NO_TRUNCATE will make a copy of the log but does not truncate the log. NORECOVERY allows you to capture a trailing log before making a restore. The database will be placed into a ‘restoring state’. Remember the database will not be accessible until a restore is made.

The database will look something like the following:

SQLBACKUP1

 

 Partial Database Backups

In part one I mentioned backing up filegroups; ‘Breaking a large database into files or filegroups for backup allows you to back up portions of it on a rotating schedule when it might be too time-consuming to back up the entire database at once’. Perhaps only a small portion of the database is changing. If this is the case we can backup a filegroup (the group of data files that is dynamic) and therefore make a partial backup. You can also make the non-volatile data read only.

USE master;
GO
BACKUP DATABASE CompulinxDB READ_WRITE_FILEGROUPS
TO DISK = ‘E:\Backups\compulinxDB_Partial.bak’
WITH INIT;
GO

Notice the use of READ_WRITE_FILEGROUPS. This causes SQL to backup only the primary filegroup and any other read/write filegroups in the collection.

 

How to Restore

OK, now we know how to set the different recovery methods for SQL, the different backup methods that use these recovery types and actually how to implement a backup. However, a backup is only as good as knowing how to restore the database.

 

How to Perform a Full Database Restore

There may be several reasons why you need to perform a full database restore. These include the following:

  1. You need to restore a database to single point-in-time
  2. You need to restore a database because the database is damaged
  3. You need to move the database to a different server altogether

To demonstrate this we need to do the following:

  1. Take a full database backup (make a baseline backup)
  2. Next we have to modify the data in some way (perhaps by deleting a row?)
  3. Then performing the restore so that we get our original database again.

So, to take a full database backup,

  1. Make sure the database recovery model is set to Full (see the post before this one for details). I’m using the AdventureWorks DB. It’s a little big but there you go!
  2. Take a full database backup using the following syntax (also shown above)

USE master;
GO
BACKUP DATABASE AdventureWorks
TO DISK = 'E:\Backups\ADWORKSFULL.bak'
WITH RETAINDAYS = 7, INIT;

3.    Using the the following T-SQL code determine the first name of an employee with the last name of Abel

USE AdventureWorks;
GO
SELECT FirstName
FROM person.Contact
WHERE LastName = 'Abel';
GO

The answer that should be returned is Catherine. I used to go out with a Catherine…

4.   Let’s say Catherine wants to change her first name (perhaps to Irene, I won’t say it…). You can use the following to do this:

USE AdventureWorks;
GO
Update Person.Contact
SET FirstName = 'Irene'
Where LastName = 'Abel'

5.   Now make a differential backup which will record the change of Catherine to Irene. You can do this using the following (this is also shown above). This should only take 0.684 seconds (or there a bouts!)

USE master;
GO
BACKUP DATABASE AdventureWorks

TO DISK = 'E:\Backups\ADWORKSFULL.bak'
WITH DIFFERENTIAL,
RETAINDAYS = 7, NOINIT;
GO

6.   Now we need to restore the database using the full database so the first name is Catherine once more. To do this using the interface, simply right click your database and select restore:

 

SQLRes1

 

7.   Select Database and the following window will appear:

 

SQLRes2 

 

8.   Using the backup history, you can select the correct backup or you can find it using the ellipses button on the right. Whatever you choose, select the full database checkbox only. Not the differential.

 

sqlres3

 

9.   Click the Options page to see the restore options. As we are restoring over the top of an already existing database, select the Overwrite option. This prevents you from accidentally overwriting a database. The default is off. Click OK.

 

sqlres4

 

10.  If you run the query to find the first name of the customer Abel, it should be Catherine.

 

 

A. Full Backup Restore (without differential)

You can do the restore without using the interface, by using the following T-SQL code.

USE master;
GO
RESTORE DATABASE AdventureWorks
FROM DISK = ‘E:\Backups\ADWORKSFULL.bak’
WITH FILE = 1,
REPLACE,
GO

Notice the use of FILE. The file value refers to a backup set file number. This option allows you to specify a specific backup in a media set based on its position number. This value was actually shown in the figure under point 7 above. You need this information to ensure that you are restoring the correct backup from the media if there are multiple backups stored on the same media. To determine the different backup set file numbers, try the following:

RESTORE Headeronly
FROM DISK= ‘E:\Backups\ADWORKSFULL.bak’
GO

Using REPLACE this restore will overwrite the existing AdventureWorks database on this server with the Full database backup. The first name of customer Abel is now Catherine.

 

B. Restore with Differential

Since we took a differential database backup after the customer name was updated to Irene we can restore the database using both the baseline full backup and the differential using the following:

USE master;
GO
RESTORE DATABASE AdventureWorks
FROM DISK = 'E:\Backups\ADWORKSFULL.bak'
WITH FILE = 1,
REPLACE,
NORECOVERY;
GO

This looks almost identical to our initial restore code except that we use NORECOVERY. This will put the database into a recovery state allowing us to then include the differential backup (allowing us to get the updated record that has changed customer Catherine to Irene). Just refresh the database in the interface and you will see. We can now include the differential backup while the AdventureWorks is in a recovery state. Remember you can ignore any previous differential backups since the ‘last’ differential is the only one you need. I have taken 2 differential backups following the full backups so the ‘position’ number equals 3. Its this file number that I’m interested in.

USE master;
GO
RESTORE DATABASE AdventureWorks
FROM DISK = ‘E:\Backups\ADWORKSFULL.bak’
WITH FILE = 3
GO

We do not use the REPLACE option as we are using the differential and not the full backup. Also notice that there is no indication that this is a differential. A query should show that the customer is Irene.

 

C. Restore with Full Backup, Differential and T-Log

To do this delete the backup file first and lets start from scratch. Once deleted, make sure our customer record is set back to Catherine. Then take another full backup.

USE AdventureWorks;
GO
Update Person.Contact
SET FirstName = 'Catherine'
Where LastName = 'Abel'

 

USE master;
GO
BACKUP DATABASE AdventureWorks
TO DISK = 'E:\Backups\ADWORKSFULL.bak'
WITH RETAINDAYS = 7, INIT;

Now that we have our initial backup once more, lets change the customer name to Irene, check and take a differential backup

USE AdventureWorks;
GO
Update Person.Contact
SET FirstName = 'Irene'
Where LastName = 'Abel'

 

USE AdventureWorks;
GO
SELECT FirstName
FROM person.Contact
WHERE LastName = 'Abel';
GO

 

USE master;
GO
BACKUP DATABASE AdventureWorks

TO DISK = 'E:\Backups\ADWORKSFULL.bak'
WITH DIFFERENTIAL,
RETAINDAYS = 7, NOINIT;
GO

Now you can check the File Position numbers, and you should see two files.

RESTORE Headeronly
FROM DISK= 'E:\Backups\ADWORKSFull.bak'
GO

OK, now we can change the customer name again (perhaps to Letitia…) and after take a T-Log backup.

USE AdventureWorks;
GO
Update Person.Contact
SET FirstName = 'Letitia'
Where LastName = 'Abel'

 

USE master;
GO
BACKUP LOG AdventureWorks
TO DISK = 'E:\Backups\ADWORKSTLOG.bak'
WITH INIT;
GO

Two .bak files now exist. Lets make a final change to our database. Change Letitia to Magda and check. Then we can backup the T-Log

USE AdventureWorks;
GO
Update Person.Contact
SET FirstName = 'Magda'
Where LastName = 'Abel'

 

USE AdventureWorks;
GO
SELECT FirstName
FROM person.Contact
WHERE LastName = 'Abel';
GO

 

USE master;
GO
BACKUP LOG AdventureWorks
TO DISK = 'E:\Backups\ADWORKSTLOG.bak'
WITH NOINIT;
GO

Now if you check the file position numbers for the T-Log you should see two entries:

RESTORE Headeronly
FROM DISK= 'E:\Backups\ADWORKSTLOG.bak'
GO

OK, so to recap the name changed from Catherine to Irene to Letitia to Magda. Say we want to restore the whole thing. Remove the database. Then restore the database using the full backup. AdventureWorks will be put into into restoring mode.

USE master;
GO
RESTORE DATABASE AdventureWorks
FROM DISK = 'E:\Backups\ADWORKSFULL.bak'
WITH FILE = 1,
REPLACE,
NORECOVERY;
GO

Now that's done, use the last differential. Check the file position numbers:

RESTORE Headeronly
FROM DISK= 'E:\Backups\ADWORKSFULL.bak'
GO

In my case position 2.

USE master;
GO
RESTORE DATABASE AdventureWorks
FROM DISK = 'E:\Backups\ADWORKSFULL.bak'
WITH FILE = 2
GO

Now, that's been sorted I apply the T-Log backup. Use position 1 then 2 in that order

USE master;
GO
RESTORE LOG AdventureWorks
FROM DISK = ‘E:\Backups\ADWORKSTLOG.bak’
WITH FILE = 1,
NORECOVERY;
GO

 

USE master;
GO
RESTORE LOG AdventureWorks
FROM DISK = ‘E:\Backups\ADWORKSTLOG.bak’
WITH FILE = 2,
RECOVERY;
GO

The final log is restored with the RECOVERY option to make the database accessible to users. In a real recovery scenario, this will usually be the orphaned log.

Wednesday, 13 July 2011

SQL 2008 Backup Strategies

For some reason I have found the SQL recovery models and backup strategies a strange mix of being confusing but interesting. To help understand the subject of backup/restore and SQL’s different recovery models I thought I’d share my understanding with the world at large. Maybe if anyone out there is reading this you can contribute as well.

The backup strategy you use depends on a variety of recoverability considerations:

  • What is the level of transaction volume. Does the database change minute-by-minute or say hour-by-hour?
  • What is considered to be an acceptable recovery time?
  • What is considered an acceptable level of data loss? Maybe you need to return to an exact moment in time.
  • How big can a backup be?

A backup strategy will require you to make decisions as to which kind of backup to make. And there are several. So you will need a fundamental understanding of these backup types.

Full Database Backup

A full database backup will truncate the transaction log and then copy every remaining data page and transaction log page to the backup media. The transaction log truncation will be non-reorganizing, meaning that no attempt is made to defrag/compact the log. It is simply truncated to the point of the last required transaction. Most backup strategies require a full database backup as the baseline for recovery. Remember that the log file will be truncated! From what I've read there is little point on having multiple log files. Keep just one. Also place the transaction log on a separate physical structure from the database. That way a loss of the disk containing the data files will not affect the log file. This may also help performance as log files are written to sequentially. Also, use RAID 1 so the log will be available in case of device loss. Regular backups will mean that not only will the log file not get too big but this will help prevent fragmentation.

Differential Backup

A differential backup will store all of the database pages that have been modified since the last full database backup. Note that this is a true differential backup and not an incremental backup. This means that each differential backup is inclusive of all transactions executed since the last full database backup and not simply since the last differential backup.

File or Filegroup Backup

If you are dealing with a very large database, you can back up individual files or filegroups. Breaking a large database into files or filegroups for backup allows you to back up portions of it on a rotating schedule when it might be too time-consuming to back up the entire database at once. If there is a failure affecting only one file or filegroup, only that portion and subsequent transaction logs would need to be restored. The log file is not in a filegroup.

Transaction Log Backup

This backup type will perform a non-reorganizing backup of the transaction log and store the transactions to the backup media. The backup types mentioned above store copies of the data pages at a particular time. This type of backup stores the actual transactions statements. When you restore using the full or differential backups, using the transaction log backup as well will involve replaying (if that’s the right word?) or re-executing the transactions on the log backup again which would be written back to the database. This process could take some time.

Recovery Models

Now that we understand (I hope) the different backup types, you need consider SQL’s three recovery models. Recovery is all about how the log file is treated by the SQL server on a day-to-day basis and what is made available for backup. Remember its all about the log file! Recovery in this context is about the level of logging and log retention.

You can determine the recovery model (which by default will be full) in the following way:

  1. Connect the SQL Server Management Studio to the correct instance hosting the database
  2. Expand the Databases folder and locate the right database
  3. Right click the database and select Properties
  4. Select Options
  5. Decide on the recovery model by selecting Recovery Model

recoverysql

 

You can alter the recovery model using the following statement:

alter database TESTDB
set recovery Full

You should realize that the recovery model you choose will impact on the backup method you choose.

Simple

Simple means that the log file will be truncated each time the data pages and log pages held in RAM are flushed are written to disk (checkpointed).  This keeps the log file small (there’s no point in backing up the log, in fact you can’t) which is good. But, you will not be able to recover to a point in time. You wouldn’t usually use this one. You might if it was a read-only database or you were developing a database application perhaps.

Bulk-Logged

The bulk-logged recovery model uses less disk space than a full logging solution by performing minimal transaction logging for the following operations:

  • SELECT INTO
  • bulk-load
  • CREATE INDEX
  • All operations involving text and image data types

A database that is in bulk-logged recovery mode cannot be recovered to a specific point in time if a bulk transaction has occurred. You still require log backups. A bulk insert (where you might be inserting a million rows into a table) would cause the log file to become very large if every transaction was recorded (if in Full mode) and would have performance implications. So you can switch to bulk logged from full just before the bulk operation. Once complete you set the recovery model back to full.  The bulk operation would be logged as a kind of summary statement. So every transaction would be recorded while being in Full mode, then a summary of the bulk operation and then a continuation of all transactions when in Full mode again. What about the point-in-time recoveries? If the database is in the bulk-logged recovery model and no bulk actions have occurred since the last full backup, the database can be restored to a point in time. If, however, a bulk action has occurred, it can only be fully restored. So, it minimally logs bulk transactions but fully logs other transactions.

Full

The full recovery model is what you would use most of the time. It will give you the best recoverable opportunity at the expense of logging overhead however. Microsoft recommend that you use this model over the other two. The full recovery model will log every transaction to the log and is persistent after a checkpoint. A transaction is a change and any change on the database will cause an entry to be added to the log! A read does not cause a change so this of course will not cause an entry to be made to the log.

 

OK, so we are happy with the different backup types and with the different recovery models. The recovery models really describe how the transaction log is written to and whether the log truncates after a checkpoint or after a backup. With this combined knowledge we can consider the following backup strategies:

 

Strategy One: Simple

This strategy is suitable under the following conditions:

  1. The database is relatively small
  2. The database does not change minute-by-minute (less volatile)

With this strategy transaction log growth is kept under control, you won’t have to backup the transaction logs but this will mean there may be a small amount of data loss.

How do you do it ?

  1. Set the recovery model to simple
  2. Take full backups on a schedule of your choice (every night perhaps)
  3. If there is a failure you will have to restore the most recent full database backup. That’s it.

Simple recovery means no transaction logs to use in the restore process. You won’t be able to return to a point-in-time and data loss will probably occur. But this of course depends on how dynamic the database is.

 

simple backup

Strategy Two: The Database Only Backup Strategy

This strategy is suitable under the following conditions:

  1. Low transaction volume
  2. The transaction log be on a separate hard disk from database. Hardware failure of the database does not affect the log.

With this strategy, the transaction log is truncated because of a full database backup.

How do you do it?

  1. Set the recovery model to Full or Bulk-Logged.
  2. Take full database backups on your preferred schedule (perhaps every night)
  3. If there is a database disk failure, begin by backing up the orphaned log
  4. Restore from the most recent full backup followed by a restore of the orphaned log.

As you can see, database only backup can be restored to a point-in-time where the that time starts from the last full backup to time of disaster. The orphaned log would have transactions from the last full backup to time of disaster. As long as the log stays safe on another disk from the database your OK. If you lose the log though you lose transactions from the last full backup to time of disaster. As long as you make regular full backups and you have low transaction volume you should be OK.

 

Strategy Three: The Transaction Log Backup Strategy

This strategy is suitable under the following conditions:

  1. Higher transaction volumes (causing increased log growth)
  2. Longer restore time is acceptable

Instead of backing up the database file as a way of truncating the log, you backup the transaction log file. Backing up the transaction log will truncate log and keep its size under control. Although the backup up time will be relatively quick to do, the restore process will take time.

How do you do it?

  1. Set the recovery model to Full or Bulk-Logged.
  2. Take a full database backup that will act as the transaction log baseline (perhaps at 1:00AM)
  3. Take regularly scheduled full database backups with periodic log backups in between (perhaps every at 6 hour intervals; 7:00 AM, 1:00 PM, 7:00 PM)
  4. If there is a database disk failure, begin by taking a backup of the orphaned log immediately
  5. Restore the most recent full database backup, followed by each of the subsequent log backups in the order that they were taken.
  6. Finally, restore the orphaned log.

 

So if your first full backup was taken on Monday at 1:00 AM and a disk failure occurred at 6:00 PM on Tuesday you would take the following steps:

  1. Immediately take a backup of the orphaned log file
  2. Restore in the following order:
    • Full backup from Tuesday 1:00AM
    • T-log backup from Tuesday 7:00 AM
    • T-log backup from Tuesday 1:00 PM
    • Orphaned log at Tuesday 6:00 PM
  3. Pray

 

Strategy Four: The Differential Backup Strategy

The transaction log strategy described above can be slow. The more you have the longer it will take to restore the database to the point of failure. If the changes made to a database are restricted to a particular number or subset of data pages, you could take differential backups instead of full backups. The transaction logs would then need to be restored only from the point of the latest differential backup.

  1. Set the recovery model to Full or Bulk-Logged.
  2. Take a full database backup that will act as the transaction log baseline.
  3. Take periodic full database backups as needed (perhaps once once a week)
  4. Take differential backups between the full database backups to record only the data pages that have been modified since the last full database backup
  5. Take transaction log backups between the differential backups to record the individual transactions between each of the differentials.
  6. If there is a database disk failure, begin by taking a backup of the orphaned log.
  7. Restore the most recent full database backup followed by the most recent differential backup.
  8. Restore all transaction log backups taken since the last differential backup in the order that the backups were taken.
  9. Finally, restore the orphaned log.

sql3

Assuming the above model, a disaster at 1:00 Wednesday would require the following steps:

  1. Immediately take a backup of the orphaned log file
  2. Restore in the following order:
    • Full backup from Monday 1:00 AM
    • Differential from Tuesday 6:00 PM
    • Transaction log from Wednesday 10:00 AM
    • Orphaned log at Wednesday 1:00 AM
  3. Beer

Monday, 4 July 2011

Pre-requisites for Installing SQL Server 2008 on Windows Server 2008 R2 Using PowerShell

First step is to allow execution of scripts by changing the execution policy:

[PS] Set-ExecutionPolicy unrestricted (then say ‘Yes’)

 

Then copy and paste the following commands to install the pre-requisite operating system components needed

[PS] Add-WindowsFeature AS-NET-Framework,web-server,Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web-Http-Redirect,Web-Asp-Net,Web-Net-Ext,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Basic-Auth,Web-Windows-Auth,Web-Client-Auth,Web-Cert-Auth,Web-Filtering,Web-Stat-Compression,Web-Dyn-Compression,Web-Mgmt-Tools,Web-Mgmt-Compat,Web-Metabase,Web-WMI,Web-Lgcy-Scripting,Web-Lgcy-Mgmt-Console –restart

Wednesday, 15 June 2011

How to Convert .wav Files to .gsm Files

This is how you convert wav files to gsm files used by Asterisk
 
for i in *.wav
do
sox $i -r 8000 -c 1 $(basename $i .wav).gsm resample -ql
done

Monday, 13 June 2011

How to Configure Asterisk…a very basic guide!

After hours of work and frustration I was greeted with “Is that it?” by her-indoors and “Dad can we play now…this stuff is totally boring!” by the little one. Well it was worth it…

First thing get yourself Asterisk running on Centos (maybe on VMWare etc.). The following link to MiamiManni on YouTube will provide all the information on how to install the operating system and install Asterisk. This guy is brilliant! The only two files that you need to configure are the sip.conf and extensions.conf files. The following configurations should work for you. As you can see I have configured only two SIP phones in my lab.

sip.conf

[general]
port=5060
bindaddr=0.0.0.0
context=other


register => username:account_password@voip_provider_fqdn/username

[2000]
type=friend
context=my-phones
secret=a_good_password
host=dynamic

[2001]
type=friend
context=my-phones
secret=a_good_password
host=dynamic

[ext-sip-account]
type=friend
context=from-voip-provider
username=your_username
fromuser=your_DID
secret=account_password
host=voip_provider_fqdn
fromdomain=voip_provider_fqdn

qualify=yes
insecure=port,invite
nat=yes

 

extensions.conf

[globals]

[general]
autofallthrough=yes

[my-phones]
exten => 2000,1,Dial(SIP/2000,20)
exten => 2000,2,Voicemail(2000,u)

exten => 2001,1,Dial(SIP/2001,20)
exten => 2001,2,Voicemail(2001,u)

exten => 2999,1,VoiceMailMain(${CALLERID(num)},s)


exten => _X.,1,Dial(SIP/${EXTEN}@ext-sip-account)

[from-voip-provider]
exten => your_DID_Number,1,Dial(SIP/2000,20)

As said, this will provide you with just the basics.

Remember to open the following ports:

SIP 5004-5100 TCP and UDP

STUN 3400-3499 TCP and UDP

RTPSIP 10000-20000 UDP

Remember to reload asterisk in the CLI> after you make changes to the sip.conf and extensions.conf changes.

You can test trunk registration by typing “CLI> sip show registry”

 

 

Wednesday, 8 June 2011

Connect CentOS to Windows 7 or 2008

I needed to connect my CentOS system to a Windows 7 machine (which is in a workgroup) quickly.

  • Yum install samba3x
  • Yum install samba3x-client
  • Yum install samba3x-swat

Once installed I was able to connect to a Windows share by typing

smbclient //WindowsNetBIOSName/ShareName –U Username (on WindowsMachine)

You should be prompted for a password for Windows user account. Using ‘get’ command I was able to copy a file to the CentOS machine.

Wednesday, 1 June 2011

Kaspersky Engine Does Not Update in Forefront Protection for Exchange 2010

I found that FPE Kaspersky anti-virus engine failed to update.  FPE should use the Kaspersky 8 engine and not the Kaspersky 5 engine (which has stopped being published).

  1. Download the localenginemapping.cab from this location: http://go.microsoft.com/fwlink/?LinkId=196982
  2. To enable Kaspersky 8, copy the localenginemapping.cab to the following location ( …\Program Files (x86)\Microsoft Forefront Protection for Exchange Server\Data\Engines\metadata). The settings will take effect automatically. The next engine update will provide the Kaspersky 8 engine.

If you need to determine your Exchange server rollup version you can run this script

Tuesday, 31 May 2011

FPE and FOPE ?

Check out this webcast that describes what Exchange provides in terms of anti-spam and anti-virus and how Forefront Protection for Exchange (FPE) and Forefront Online Protection for Exchange (FOPE) improves things.

Click here! 

FPE homepage


FOPE homepage



Saturday, 28 May 2011

Don't put CAS in the Perimeter network!

The following link provides a good read on why Microsoft does not support putting your CAS servers in the DMZ. Well Done Exchange Team!

http://blogs.technet.com/b/exchange/archive/2009/10/21/3408587.aspx

Thursday, 26 May 2011

Enable Anti-Spam Functionality on a Hub Transport Server

In some small organizations, it may make sense to run Microsoft Exchange Server 2010 anti-spam features on Hub Transport servers. For example, some organizations may not have enough e-mail volume to justify the cost of installing and maintaining a full perimeter network together with an Edge Transport server.
You can enable Exchange anti-spam functionality on Hub Transport servers.

Run the following command from the %system drive%/Program Files\Microsoft\Exchange Server\V14\Scripts folder:

./install-AntispamAgents.ps1

After the script has run, restart the Microsoft Exchange Transport service by running the following command:

Restart-Service MSExchangeTransport.

You must specify all internal SMTP servers on the transport configuration object in Active Directory forest before you run connection filtering. Specify the internal SMTP
servers by using the InternalSMTPServers parameter on the Set-TransportConfig cmdlet.

Set-TransportConfig -InternalSMTPServers 192.168.3.1

Tuesday, 24 May 2011

Hyper-V Export Error: “Failed to Create Export Directory”

If you receive this error while trying to export your VMs in Hyper-V, don’t despair! Just rename the virtual machine name in the management console and it will work (as if by magic…)

vmrename

Monday, 16 May 2011

Enable PowerShell Remoting While Running VMWare Workstation in a Domain

After trying to configure WinRM I received the following error:

winrm1

To avoid this I found the following link very usefull

How to Build a VDI Infrastructure Using VM Pools

In previous posts I have detailed steps to create Remote Desktop Services application hosting. The flip side of hosting applications using RDS services on Windows Server  2008 R2, is to use RDS services to provide a pool of virtual machines (Windows 7 clients) that users can connect to and use as there own desktops In some of the training schools I attend, this provides a real benefit. Students can connect to a single virtual machine being hosted on Hyper-V. The VM connected to is a member of a pool of VMs. Once the session is over and the student logs off, the VM is returned to a saved Hyper-V snapshot ready to start over again.

This post will detail steps to create a VDI Infrastructure by using different RDS services including Remote
Desktop Virtualization Host Server. At its most basic, Virtual Desktop Infrastructure (VDI) is a deployment design that puts the user desktop on a virtual machine (VM) in the datacenter, rather than on the physical computer at someone’s desk. There are different types of VDI. These include:
  1. Users can connect to a Virtual Desktop (VD) that has specifically been assigned to that user by using the Remote Desktop Connection Client. The user does not have to know which VM the VD is actually on.
  2. A pool of desktops available to a set of users on a temporary basis. It is this that we will be trying to create.
Some terms that are often used when discussing VDI include the following:
  • The computer that is running the RDC client and that someone sits in front of is called the client.
  • The VM that this person is connecting to is the endpoint, or the guest (a guest of the RD Virtualization Host it’s running on).
  • Preparing a VM to be used (for example, bringing it out of hibernation) is called orchestration.
  • Moving a VM to a new RD Virtualization Host is called placement. Placement is not part of the basic RDS VDI solution but might be supported via a filter plug-in.
The following diagram hopes to expose how a typical VDI 'comes together', and shows you the different RDS services involved. Central to VDI is the role of the Connection Broker. Clients can make connection requests using a web interface, RDC client etc. 
vdi1  As you can see, clients can connect to the VDI in a number of different ways, some of which have been investigated in earlier posts. My personal favourite is by Remote Desktop Web Access! In all these cases, the request is brokered by the RD  Connection Broker. RD Connection Broker works with RDP clients back to RDP 5.2 (which was available for Windows XP SP2 and Windows Server 2003), so the vast majority of Microsoft RDP clients are supported.
To support Microsoft VDI, you’ll need to do the following.
  • Install the RD Virtualization Host.
  • Install and configure the RD Connection Broker (including the Remote Desktop Session Host in redirector mode on the same computer).
  • Install and configure RD Web Access to allow users to discover the VMs.
  • Configure the VMs to work with VDI.
  • Create pools (and assign personal desktops if required).
We will look at these in turn.

Install the RD Virtualization Host

  • Install Hyper-V Server 2008 R2 on a suitable machine ( I am not adding Hyper-V as a role but as an operating system which can be downloaded from Microsoft HERE.
  • Once Hyper-V is installed configure it to have suitable NetBIOS name, IP domain membership etc.
  • Next enable PowerShell v2 on the system by following an earlier post
  • Next you will need to consider management of your Hyper-V server from say a Windows 7 machine. This machine needs to be domain joined and you need to be in as a Domain Administrator. The details can be found by following an earlier post and essentially involves adding the RSAT tools. Don’t forget to also add Server Manager as well because you will need to use this interface in the configuration of the Hyper-V server in addition to Hyper-V management!
  • The next big step is to Install Remote Desktop Virtualization Host on your Hyper-V server. An earlier post details how to do this and you will see how you benefit from installing PowerShell which you did in an above step.

Install and Configure the RD Connection Broker and RD Session Host Roles

On a separate server you will need to install the RD Connection Broker role and RD Session Host role. The RDCB is real brains behind the whole thing. The RDSH role is co-resident with RDCB but it doesn’t have to be.
  1. Log on to the computer as a member of the Domain Administrators group
  2. Select Start Administrative Tools Server Manager.
  3. In the Roles Summary section, click Add Roles.
  4. On the Before You Begin page, click Next.
  5. Select the Remote Desktop Services check box, and then click Next.
  6. Select the Remote Desktop Connection Broker and Remote Desktop Session Host role services check box and then click Next
  7. Click Next on the application compatibility warning
  8. Select ‘Require Network Level Authentication’ and click Next
  9. Select ‘Configure Later’ on the Licensing Mode and click Next
  10. Add Domain Users to allow your users access
  11. Click next on the Client Experience page.
  12. Click Install on the confirmation page.
  13. You will now have to restart the RDCB/RDSH server
Now the two roles have been installed on a server you should continue by configuring the roles.
  1. On the same server, select Admin Tools
  2. Select to Remote Desktop Services
  3. Select Remote Desktop Connection Manager (this is configuring RDCB)
  4. Select RD Virtualisation Host Servers (shown below) and right click

    vdi3

  5. Select Add RD Virtualisation Host Server and enter the name of your Hyper-V machine installed earlier
  6. You should then see the number of virtual machines created on your Hyper-V system. NB. That this works specifically with Hyper-V and no other Hypervisor. The number seen represents all Hyper-V hosted virtual machines be they on or off.
  7. Select Remote Desktop Connection Manager:ServerName  which can be found on the top left part of the window. Their are a number of different configuration settings here (shown below)

    vdi4

  8. You can change the Display Name. This name will appear in the Web Portal (on RD Web Access). This is shown below:


    vdi5

  9. On the RD Web Access tab enter the name of the RD Web Access server. If you don’t have one installed I will go though this later, but don’t forget this needs to be added here! The RDWA server account is made a member of the local TS Web Access Computer Group.
  10. You should see ‘1’ RD Virtualisation Host Server has been added (from step 5 above)
  11. You can now configure ‘RD Session Host server for redirection’. Select Configure. As this server is also running as a RDSH machine, the same server name should be present. See the diagram below:

    vdi6

  12. You can also enable redirection for earlier clients as shown above.
  13. Select Admin Tools
  14. Select Remote Desktop Services
  15. Select Remote Desktop Session Host Configuration (this is configuring the RDSH). Remember that both RDSH and RDCB are on the same machine but you could have them running on separate machines.
  16. Under Remote Desktop Connection Broker on the main page, select ‘Member of Farm in RD Connection Broker’.
  17. On the RD Connection Broker Tab, select Change Settings
  18. Ensure that the Virtual Machine Redirection button is selected
  19. Add the RDCB server name to the RD Connection Broker Server Name field:

    vdi8

  20. You may receive an error. Ensure that the RDSH computer account has been added to the local computer group ‘Session Broker Computers’ on the RDCB.
  21. On the Digital Signature tab, you are required to define a suitable certificate. The following post will describe how to create the certificate using Active Directory Certificate Services. The certificate can be shared (I mean it can be the same certificate) amongst all the RD servers. You do this by exporting the certificate. I have gone to some length to explain this in the referred post.

Install and configure RD Web Access

  1. On a separate server add the RD Web Access Server Role: Log on to the computer as a member of the Domain Administrators group
  2. Select Start Administrative Tools Server Manager
  3. In the Roles Summary section, click Add Roles
  4. On the Before You Begin page, click Next
  5. Select the Remote Desktop Services check box, and then click Next.
  6. Select the Remote Desktop Web Access role service check box and then click Next.
  7. Continue on through the wizard and do not change any of the required components.
  8. Once the role has been installed, you should import the server certificate that you have used on the RDCB/RDSH server. If you have created this certificate correctly, you should have defined the right Subject Alternative names which will mean that when a user connects to the RDWA server using the web portal, no errors should occur.
  9. Once the certificate is in place reboot the server.
  10. Once restarted, select Admin Tools
  11. Select Remote Desktop Services
  12. Select Remote Desktop Web Access Configuration
  13. Sign in as Administrator and select configure. The interface is shown below:

    vdi7

  14. Select the RD Connection Broker and add the RDCB name as the Source Name.
  15. You should not receive any errors if you have added the RDWA computer account to the local TS Web Access Computer Group on the RDCB server (see step 9 of Install RDCB and RDSH above)

Configure the VMs to work with VDI

In my test infrastructure I have installed two Windows 7 virtual machines on Hyper-V. The following configuration is made on both of course.
  1. Each machine needs to be joined to the domain
  2. Click Start, Control Panel, System and Security, click on System, Advanced System Settings and select the Remote tab. Select the radio button that allows connections using Network Level Authentication. Also select the Select Users button. Define which users should have remote access. You will most likely add Domain Users.

    vdi9

  3. You will then need to enable RemoteRPC. Remote Procedure calls (RPCs) allow other processes to connect with the operating system. They’re required to allow the VM Host Agent to wake up the VM. To allow RPC connectivity,
    set the value of AllowRemoteRPC to 1 in the location HKLM/System/CurrentControlSet/Control/Terminal Server.

    vdi10
  4. We next should configure each Windows 7 machines firewall to allow for Remote Desktop. Select Start, type ‘Fire’ and from the list given select ‘Allow Program Through the Windows Firewall’. Select Change Settings and select ‘Remote Desktop’ on the Domain Profile

    vdi11
  5. You will next need to configure RD virtualization host RDP permissions. This is a little tricky. I have found that running a PowerShell script to be the easiest solution. The script can be found here. A copy can be found at the bottom of this post. Just copy the script to a text document and save as a file with a PS1 extension.
  6. Select Start and simply type ‘Power’ in the search field. Select the PowerShell icon that appears (you should run this as an Administrator).
  7. Type the cmdlet set-executionpolicy unrestricted
  8. Locate the directory  that your script is in (created in step 5) and type the following cmdlet: .\yourscript.ps1 –RDVHost yourdomain\RD Virtualisation Server replacing the script, domain and RD virtualisation server with your own

    vdi12
  9. Remember to do this on each Windows 7 machine!
  10. Your next move is to take snapshots of the virtual machines running on your Hyper-V system. Make sure you log off each Windows 7 system. Select each Windows 7 virtual machine and select snapshot as indicated below:

    vdi13
  11. Once each snapshot has been taken, ensure that each one is renamed with RDV_Rollback in the snapshot name:

    vdi14
  12. The above procedure will automatically roll the VM back to this snapshot after the user logs off.

Create VM Pools


Our next task is to create a VM Pool on the RD Connection Broker.
  1. Log on as Domain Admin on the RD Connection Broker.
  2. Open the RD Connection Manager from the RD Services in Admin Tools.
  3. Select RD Virtualisation Host Servers
  4. Under Actions on the right hand side, select ‘Create Virtual Desktop Pool’
  5. Click Next on the Welcome screen
  6. You should now see all of your virtual machines created on your Hyper-V system.
  7. Using CTRL key select each Windows 7 machine. Click Next
  8. Enter a name for the pool. Something like ‘Windows 7 Pool’.
  9. Enter the name for the Pool ID. Something like ‘Pool1’

How Does the User Connect?

A user can connect to the pool using the web portal hosted on the RD Web Access Server.
  1. Opens a browser and types the URL of the RDWA server followed by /owa (E.g. https://RDWAserver/rdweb)
  2. Sign in as an ordinary user
  3. You should now see the Windows 7 pool created above:

    vdi16
  4. Select the pool and provide the password