Archive

Archive for May, 2014

MS14-025/KB2928120: An Update for Group Policy Preferences

May 15th, 2014 No comments

Looking at this article: http://blogs.technet.com/b/srd/archive/2014/05/13/ms14-025-an-update-for-group-policy-preferences.aspx

I grabbed the check script from here (bottom of the page) http://support.microsoft.com/kb/2962486

and ran it on my domain controller.  The script immediately gave me the error “cannot bind to argument to parameter ‘path’ because it is null”.

Apparently this is an uncaught exception when no XML files exist in the path subfolders.  It appears that ONLY group policy preferences are stored in XML, and this XML file will only show up if group policy preferences are implemented, meaning if you don’t have XML files in %windir%\SYSVOL\domain then you are not affected by this patch.  Group policies themselves appear to be stored as INF and other types.

 

Categories: Uncategorized Tags:

Bringing a single domain controller up in an isolated network

May 14th, 2014 No comments

 

I wanted to create a quick test lab so I spun up a copy of a virtualized domain controller into an isolated network. The domain controller came up in a failed state with DNS and Active Directory non-functional.

Apparently in a multi domain controller network it is a requirement that the domain controller be able to sync with other domain controllers/role masters in order to function.

Because this was the only domain controller in the network, and I wanted to get the test network up quickly, I performed the following workarounds:

 

(Thanks to user zabo2012 on the veeam forums at http://forums.veeam.com/vmware-vsphere-f24/restoring-2012-domain-controller-vm-t18629.html for the awesome instructions)

 

boot the machine up in dsrm ( bcdedit /set safeboot dsrepair )

log in with ds repair mode password .\Administrator

run the bcdedit command to set and remove dsrepair mode ( bcdedit /deletevalue safeboot )

net stop ntfrs

open regedit and

Open Regedit
Browse to the following extension: HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
Add the following dword (32 bit) value: Repl Perform Initial Synchronizations
And leave this set to 0.
http://www.veeam.com/kb_articles.html/kb1280
then

open regedit and expand: hklm\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
Set the burflags to d2 (sometimes you will have to use d4, but only do this in isolated network or it will overwrite other DC’s during replication)
http://www.veeam.com/kb_articles.html/kb1278

reboot

Edit:

I noticed that although I was able to get other servers to authenticate off the DC after doing the above, I wasn’t able to access AD Users and Computers on the DC itself.

Seizing the roles from the other DCs (that are not available in the isolated test lab) fixed this.  To seize the other domain controller FSMO roles:

ntdsutil
roles
connections
connect to server <dns name of local dc server>
quit

seize schema master
seize naming master
seize rid master
seize PDC
seize infrastructure master

quit
quit

After seizing roles I now see the expected information in AD Users and Computers

Edit 2:

I continued to have problems with an Exchange server that was in the same test lab as the isolated domain controller so I made a few more changes:

I performed a metadata cleanup, removing all the domain controllers that were not in the isolated lab environment, using the GUI > http://technet.microsoft.com/en-us/library/cc816907%28v=ws.10%29.aspx#bkmk_graphical

I then set the burflag to d4 (below) and restarted the domain controller.  After that exchange was working correctly.

open regedit and expand: hklm\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
Set the burflags to d4
http://www.veeam.com/kb_articles.html/kb1278

 

 

Categories: Uncategorized Tags:

Continuous offline archiving of EMC VNX array performance data

May 8th, 2014 No comments

 

The EMC VNX arrays do not offer a good (inexpensive) way to archive performance data continuously to a management server for future retrieval.  You CAN turn on performance data logging and have it periodically archive to the array itself, but I prefer not to have multiple GB of archived performance data on the same array I may be troubleshooting in the future, not to mention that is one more item to review on my maintenance checklist.

 

Turning on performance data logging

First thing, to enable performance monitoring and generate NAR files check (and uncheck) the following options in Unisphere > System > Monitoring & Alerts > Statistics > Performance Data Logging:

 

vnx_perf_data_archiving_screenshot_1

 

Next click start to start performance logging.  Re-verify you have unchecked the “stop automatically after” option.  The array will periodically archive performance data to .nar files on the array itself.  In my environment the array archives to a nar file about once every 12 hours for each storage processor.  You may force the array to archive to a .nar file by stopping then starting the data logging.

Note: In order to review NAR files after they are generated you must have the Unisphere Analyzer enabler installed on the array, otherwise you will have to engage EMC support to review the performance logs for you.

 

Retrieving performance logs from the array and archiving to a server

Install naviseccli on a server, then edit the below vbscript code, entering your own values for the IP addresses of the SPs, user, password, and file path.  Create a scheduled task that executes cscript.exe against the vbscript code on the server on a daily basis.  The script places a call to each SP, stores all NAR files on that SP to the directory of your choosing, then deletes all the NAR files from that SP.

 


'grab perf logs from array then delete logs off array

Set objShell = WScript.CreateObject("WScript.Shell")
Set objExecObject = objShell.Exec("cmd /c naviseccli -Address <ip of SP_A> -User <san username> -Password <san password> -Scope 0 analyzer -archive -all -o -path <folder path (ex: C:\EMC\data_archive)>
")
WScript.Sleep 60000
Set objExecObject = objShell.Exec("cmd /c naviseccli -Address <ip of SP_B> -User <san username> -Password <san password> -Scope 0 analyzer -archive -all -o -path <folder path (ex: C:\EMC\data_archive)>
WScript.Sleep 60000
Set objExecObject = objShell.Exec("cmd /c naviseccli -Address <ip of SP_A> -User <san username> -Password <san password> -Scope 0 analyzer -archive -delete -all -o")
WScript.Sleep 60000
Set objExecObject = objShell.Exec("cmd /c naviseccli -Address <ip of SP_B> -User <san username> -Password <san password> -Scope 0 analyzer -archive -delete -all -o")

 

Now you have continuously archived data from your array that you can now open in Unisphere Analyzer to review array performance.

 

 

 

Categories: EMC VNX Tags: