JasonSamuel.com

Yes, you can get Exchange 2003 ESM tools working with both Windows 7 x64 and x86 OSes! Microsoft does not seem to want to support Windows 7 and Exchange 2003 system management tools. They have not released ESM for Windows 7 so you have to work around it. Many companies out there are still using Exchange 2003 so I’m not sure why they don’t allow for backwards compatibility.

To get ESM for Exchange 2003 to work on BOTH Windows 7 32 bit and 64 bit OS flavors, perform the following:

1. Download and install RSAT Tools for Windows 7 (Remote Server Admin Tools) here, select x86 (x86fre_GRMRSAT_MSU.msu) or x64 (amd64fre_GRMRSATX_MSU.msu) depending on what flavor of Windows 7 you are using – http://www.microsoft.com/downloads/en/details.aspx?FamilyID=7d2f6ad7-656b-4313-a005-4e344e43997d&displaylang=en

2. Download Exchange System Manager for Windows Vista here (ESMVISTA.EXE) but don’t install it yet (see step 3) – http://www.microsoft.com/downloads/en/details.aspx?familyid=3403d74e-8942-421b-8738-b3664559e46f&displaylang=en

3. Do a silent install of ESM. This circumvents the OS check and allows you to install ESM for Vista on Windows 7. You can do this by opening a command prompt and typing this in the directory you downloaded ESMVISTA.MSI to:

ESMVISTA.MSI /q

4. If you are using Windows 7 x86, you are done and you can open up Active Directory Users and Computers (ADUC) and you will see the Exchange tabs for your users.

5. For Windows 7 x64, it’s a little tricky. It just won’t display Exchange tabs in ADUC when you open it. It took my some trial and error for a few hours before I figured it out. You have to run an MMC snapin in 32 bit mode to get the tabs to work. You can do this by opening a run prompt and typing:

mmc /32

then adding the “Active Directory Users and Computers” snap-in (should be the 3rd option). I am thinking this is because the ESM for Vista package was not designed for x64 and some level of compatibility is missing. Evidence for this is that if you check the target for the ESM or ADUC shortcuts, you will see this which clearly shows it’s installed in the x86 Program Files folder:

C:\Program Files (x86)\Exchsrvr\bin\exchange system manager.msc
C:\Program Files (x86)\Exchsrvr\bin\users and computers.msc

Now the problem is that everytime I added the ADUC snapin in an MMC window, the text for it would disappear and I would get an error saying “MMC cannot initialize the snap-in” followed by the MMC crashing. I checked the application event log and found the following:

Faulting application name: mmc.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3f1
Faulting module name: ntdll.dll, version: 6.1.7600.16559, time stamp: 0x4ba9b29c
Exception code: 0xc0150010
Fault offset: 0x0008454b
Faulting process id: 0x98c
Faulting application start time: 0x01cb970a650fbae3
Faulting application path: C:\Windows\SysWOW64\mmc.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: aac5fead-02fd-11e0-9946-005056b64915

So obviously a core Windows 7 x64 system file is the culprit, ntdll.dll. Luckily, there is a release candidate for Windows 7 SP1 available for download here (windows6.1-KB976932-X64.exe):

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=c3202ce6-4056-4059-8a1b-3a9b77cdfdda

I assumed that the service pack might fix whatever the issue was with ntdll.dll since it is a core system file. Turns out I was right, after installing Windows 7 SP1, I can now successfully open an MMC window in 32 bit mode and add the ADUC snapin. Now all my Exchange tabs show up in ADUC (Exchange General, E-mail Addresses, Exchange Features, & Exchange Advanced). See screenshot below:

Now I’m not advising you deploy a release candidate service pack into your environment. But for systems admins, we typically have a bit more leeway on our systems than end users so if you are under no policy restricting installing a release candidate on your workstation, then go for it. You can even install it in a VM temporarily until SP1 is released so you don’t have to jeopardize your workstation with an RC build. Let me know how it works out for you!

Always remember to sysprep when cloning a node! MSMQ (Microsoft Message Queuing) uses a registry valued called QMId located at:

HKLM\Software\Microsoft\MSMQ\Parameters\Machine Cache

which has to be unique on all your servers or it will cause all sorts of issues. Sysprepping a server generates a new SID which also generates a new QMId in the process. If you don’t do this and have multiple servers out there with the same QMId, you will see strange things like messages remaining in the outgoing queue in limbo and sometimes just disappear completely with no trace in journaling anywhere. Bottom line, don’t confuse MSMQ! It’s fragile!

Thankfully John Breakwell (MSMQ guru at Microsoft) blogged about this exact issue which made me realize what was going on in the environment I was troubleshooting. Well done John!

http://blogs.msdn.com/b/johnbreakwell/archive/2007/02/06/msmq-prefers-to-be-unique.aspx

I simply ran sysprep and resealed the clone to fix it. It automatically generated a new QMId in the process so I didn’t have to follow the exact steps John had blogged about. It was a simple mistake which can be avoided in the future by using the Guest Customization Wizard in VC to automatically sysprep when creating the clone.

BTW, you can check if your SIDs are identical on a server by using getsid.exe. Download the Windows XP Service Pack 2 Support Tools:

http://www.microsoft.com/downloads/details.aspx?FamilyId=49AE8576-9BB9-4126-9761-BA8011FABF38&displaylang=en

and use the getsid.exe tool to compare SIDs on your Windows servers. Usage syntax is here:

http://technet.microsoft.com/en-us/library/cc784314%28WS.10%29.aspx

Since I’m blogging about MSMQ, let me take a moment to plug QueueExplorer (http://www.cogin.com/mq). This is hands down the best MSMQ management software I have ever used and the developer is very open to feature requests. Give them some business and tell them Jason sent ya! Check out a screenshot of it below:

IP Address conflict? Have you narrowed the MAC down to being a VM in one of your ESX/vSphere clusters? Well use vSphere PowerCLI to figure out what device and adapter is causing the conflict.

Example, if your MAC is 005056b60b13:

Get-vm | Select Name, @{N="Network";E={$_ | Get-networkAdapter | ? {$_.macaddress -eq "00:50:56:b6:0b:13"}}} |Where {$_.Network-ne ""}

And it will output the VM name and the Network Adapter causing the conflict.

A co-worker and myself were asked to create a VMware vSphere (ESX) template for Server 2008 R2 and it’s not as easy as you might think. Over the course of a day and half and through much research and trial and error, we have come up with the perfect template for our organization. It’s a perfect base template for us but depending on where you intend to deploy it and your own organization’s requirements, you may have to edit it a bit. We intend to tweak the template even further and possibly even create separate images depending on if the VM will be deployed internally or externally. Please do comment if you have any suggestions or think we may have missed something.

Building a VMware template for Server 2008 vs. Server 2008 R2 has some differences. This blog post will cover everything we did to successfully get it working and a detailed explanation of why we chose certain settings. Big thanks to to Jeremy Waldrop and his blog post that described setting up a template for 2008 which helped us quite a bit in our research to create the perfect template for 2008 R2.

OS Used: Windows Server 2008 R2 Standard (x64) Volume License Edition

VM Hardware config:

• Single vCPU
• 4 GB RAM
• 40 GB Primary Hard Drive (for Operating System)
• 10 GB Secondary Hard Drive (for Page File
• LSI Logic SAS SCSI Controller
• VMXNet 3 Network Adapter

I know most organizations using Server 2003 have always done a 20 GB C: partition. With 2008, I suggest going to 40 GB OS drives as a standard. Server 2008 (especially x64 versions) requires more space. Out of the box 2008 R2 x64 takes up 10 GB. Also Server 2008 has a component store (c:\windows\winsxs) which is very large. This is because 2008 no longer uses i386, everything is stored locally already in this component store folder. Remember, Server 2008 and any future MS product is all about componentization!! When you install a component from this store, my understanding is that it is “projected” to the OS. So basically Windows 2008 installed components run from this component store essentially. As the system receives updates over time, expect this directory to grow even larger since it never deletes old stuff. Think of the different versions of kind of stacking on each other. I believe with each service pack there is a tool to uninstall components that are no longer necessary or superseded. So stick with a 40 GB OS partition and you should be fine for a long time. You will also notice we have a 10 GB secondary drive for a page file. We’ll get to that later in the article.

Now on to the actual build:

1. First create a new VM
   • Select Custom Configuration
   • Enter VM Name and Inventory Location
   • Select Datastore
   • Select Virtual Machine Version: 7
   • Select “Microsoft Windows Server 2008 R2 (64-bit)” as OS Version
   • # of Virtual Processors: 1
   • Amount of RAM: 4GB
   • Network
     • # of NICs: 1
     • Adapter Type: VMXNET 3
     • Select “Connect at Power On
   • SCSI Controller: LSI Logic SAS
   • Create New Virtual Disk: 40GB
   • Advanced Options: No Change
2. Now prepare the virtual hardware:
   • Edit VM Settings > Options > General Section > Uncheck “Enable logging”
   • Boot Options > Check box to force going into the BIOS on next boot
   • Power on the VM (will go directly to BIOS) > Advanced > I/O Device Configuration:
     • Disable Serial port A
     • Disable Serial port B
     • Disable Parallel port
   • Exit and Save
3. OS Installation and Configuration
   • Install Windows 2008 R2 Standard – Full Install
   • After OS install and reboot, change Administrator Password (will prompt)
   • Disconnect Windows 2008 R2 ISO and set device type to Client Device
   • Set Time Zone
   • VMware Tools Install
     • Install VMtools, choose Custom Install Type
     • Disable the “Shared Folders” drive and install Tools ** Note we are disable Shared Folder due to profile loading issues which was documented even back in ESX 3.5 and VMware Tools here on the VMare Communities forum. I have not personally had an issue leaving it enabled but just to be cautious and the fact we don’t use this feature in our organization, we have left it disabled.
     • Set time synching between the VM and ESX host
     • Reboot after Tools Install
   • Network Configuration
     • From Server Manager, select View Network Connections
     • Right click on Local Area Connection and select properties
     • Uninstall QoS Packet Scheduler and both Link-Layer Topologies (Mapper & Responder) ** We don’t do QOS at the server level, our switches do that. Link Layer is not used by us.
     • Uncheck IPv6 and close network connection screens ** We don’t use IPv6 yet so we disabled it for now
   • Server Name
     • From Server Manger select Change System Properties
     • On System Properties screen click Change on Computer Name Tab
     • Set Server Name and restart
   • Windows Updates
     • From Server Manager under Security Information, select Configure Updates
     • Select Let me choose
     • Under Important Updates, select Never check for updates, click ok
     • Start > All Programs > Windows Update > Check for updates and install all Recommended Updates
   • Enable Remote Desktop, choose “Allow connections from computers running any version of Remote Desktop” (2^nd option)
   • Disable Windows Firewall **Not best practice to disable, but my environment requires it
   • From Server Manager, select “Do not show me this console at logon” and close Server Manager
   • Taskbar Changes
     • Right click 3^rd icon from Start Button (Windows Explorer) and select “Unpin this program from taskbar”
     • Right click 2^nd icon from Start Button (Windows PowerShell) and select “Unpin this program from taskbar”
     • Right click Taskbar and choose Properties and choose Customize under Notification Area
     • Select “Turn system icons on or off”, and turn Volume Off, click Ok
   • System Performance
     • From Server Manager select Change System Properties
     • Select Advanced Tab > Settings and choose “Adjust for best performance”
   • Folder and Search Options
     • Open “Computer” > Select Organize > Choose Folder and search options
     • Under View Tab
       • Select “Show hidden files, folders and drives”
       • Uncheck “Hide extensions for known file types”
   • IE ESC
     • From Security Information Section, select Configure IE ESC
       • Change Administrators to Off and leave Users On ** My reasoning for this is the only “Users” should be service accounts on a server so leaving it On should not matter
   • Change IE Home Page to blank so you don’t get that pesky Internet Exploer Enhanced Security Configuration warning page
   • Under Computer, right click c: and select properties, uncheck “Allow files on this drive to have contents indexed in addition to file properties”
     • Apply changes to c:\ and all subfolder/files
     • Continue/Ignore on Access Denied errors
   • Power Options (from Control Panel)
     • Change option to High Performance
   • Disable Hibernation
     • Command Prompt, enter powercfg.exe –h off
   • Delete the Page file and reboot (so c:\ can be fully defragmented)
   • Run defrag
   • Page File
     • Edit VM Properties
     • Add a 2^nd hard drive (10GB) and change to SCSI (1:0)
     • Run Disk Manager and format as Z:\ drive ** We use Z: as the drive letter so it does not interfere with adding additional drives later on.
     • From Server Manager, select System Properties > Advanced > Performance Settings > Advanced > Virtual Memory Change
       • Assign 1024MB Page file to c:\
       • Assign 5120MB Page file to z:\
   • SNMP
     • Server Manager > Add Features > SNMP
     • Server Manager > Configuration > Services > SNMP > Security
       • Accepted community names – Add your community (as READ ONLY)
       • Accept SNMP Packets from these hosts – Add your hosts (remember to leave localhost in there)
4. Turn VM into a Template
   This procedure will copy the Administrator account profile into the default user profile so that all users that login or that will be created in the future will get the same profile with all the customizations you have done above. When you sysrep a server template and create a new VM from it, a new SID is generated which means a new local Administratior account is created during the sysrep procedure. This means all the customizations you have done will be wiped out above unless you copy all your settings above when you create a new VM. In the past with Server 2003 and even Server 2008, you had the “Copy To” feature to copy a user profile to another. With Server 2008 R2, Microsoft has disabled this feature. It is now done via an unattend.xml file using the “CopyProfile” node. I actually prefer this method now after doing it a few times. This procedure is detailed per the Microsoft KB article http://support.microsoft.com/kb/959753
   • Create unattend.xml in “c:\windows\system32\sysprep” folder as follows. NOTE: Do not copy and paste the text below because WordPress messes up the quotes which will lead to errors during sysprep. Please right click-save as this link and copy and paste from the txt file instead.
     

     
     <?xml version="1.0" encoding="utf-8"?> 
     <unattend xmlns="urn:schemas-microsoft-com:unattend"> 
     <settings pass="specialize"> 
     <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> 
     <RegisteredOrganization>Your Organization Name</RegisteredOrganization> 
     <RegisteredOwner>Your Registered Owner</RegisteredOwner> 
     <CopyProfile>true</CopyProfile> 
     </component> 
     </settings> 
     <cpi:offlineImage cpi:source="wim:f:/sources/install.wim#Windows Server 2008 R2 SERVERSTANDARD" xmlns:cpi="urn:schemas-microsoft-com:cpi" /> 
     </unattend>
     

   • At command prompt, type the following command:
     C:\windows\system32\sysprep\sysprep.exe  /generalize /unattend:unattend.xml
   • System Preparation Tool 3.14
     • Choose Enter System OOBE
     • Check Generalize button
     • Leave shutdown option as reboot
     • Click OK
   • Release the IP and turn VM into a template in Virtual Center

I hope this guide we wrote helps someone out there and saves you time. If you have any suggestions or questions, please leave a comment. I can take screenshots of any parts above you are confused on. I am also interested in knowing about more performance related customizations you guys might use we can add to your template so if you have any, please let me know.

Disasters happen and with a bit of skill and some luck, you might be able to get back into your operating system.  But you might notice a bunch of things out of place or missing if you had to do a Windows repair or use the Recovery Console to set things back to factory settings.

One of the tools I like to use is System File Checker (sfc.exe) which compares your file system against the original install disk and replaces missing or corrupt system files as needed.  Just go to a command prompt and type:

sfc /scannow

and Windows File Protection will begin scanning all your protected system files immediately.  If you get a prompt asking you to insert a disk, just cancel out and edit your registry key here:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup

and verify SourcePath is set to your CD-ROM drive with your install CD in it.  You’ll have to reboot to make sure the changes take effect.  Also you might want to verify:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ServicePackSourcePath

is set to C:\WINDOWS\ServicePackFiles just so your service packs you have installed after installing the original OS are taken into account and not overwritten by older versions.

You can use OpenSSL and run this command:

openssl.exe s_client -connect www.mysite.com:443

which will use a generic SSL/TLS client to connect to your site and give you a ton of diagnostic info.  You can see your entire SSL cert chain, the SSL handshake, SSL session info, etc.  Here’s a full list of switches you can use with it:  http://www.openssl.org/docs/apps/s_client.html

And here’s a great online tool to graphically verify your SSL chain is intact:  http://www.sslshopper.com/ssl-checker.html

By default, most applications write events to the Application Event Log.  This is a great central place to write logs to but sometimes you might have a requirement to log informational events from an application and you don’t want it filling up your Application Event Log because of the sheer number of informational events you might get a short period of time.  The solution is to create a custom event log for your application to hold these events.  You can then set max log size, overwrite rules, filters, etc. on this event log while your Application Event Log remains clean and intact.

The first step is to create the new log.  You have to do this in the registry.  Open up regedit and navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog

Right click on the Eventlog key and click New > Key

Name this new key the same name you want your new event log to be named.  By default it will create the new .evt file here:

C:\WINDOWS\System32\Config\New Key #1.evt

You can always rename it by editing the string value data in the registry if you like.

Now you need to add Sources to your new event log.  Right click in the right window pane under your new key and add a new Multi-String value called “Sources” and add the name of each of your applications on each line.  It should look something like this:

Now you need to move the association of your application from the Application event log to your new Custom log.  Just expand the “Application” key located at:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application

and copy whatever key you see in there for your app under your new Custom log:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\CustomLog

There’s no copy/paste command so you can recreate the key if it’s small or you can export/import if it’s something complicated and you are afraid of mistyping something.  MAKE SURE to delete it from Application after you add it to the Custom log or it will not write events to your new log since Windows thinks its still associated with the Application log.  If it is a custom source, you need to create a DWORD value under this key with the value of 1:

You will also notice my custom app in this example is a .NET 2.0 appliaction so I want .NET to write the events to the log.  I have to create a string value called EventMessageFile and give it the path to the .NET 2.0 event log message dll:

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll

Now you should reboot your server.  When it’s back up, check and see if your new event log appears under Event Viewer.  If your application is not writing events to your new log, test it manually by opening a command prompt and going to:

C:\WINDOWS\system32

and typing:

eventcreate /l CustomLog /t Information /so Application1 /id 1 /d "Test message"

You should get a message saying it was successfully written or you should get an error message with details on why it was not written.  If you followed the steps in this blog post, it should write the event just fine.

If you’ve ever used Urchin 6 for web analytics (Google’s pay for version of Google Analytics aimed at enterprises), you have probably seen profiles stuck in a “Running” state.  If you hit Run Now, you get this error message:

12008 – Action: Failed to cancel urchin process.

If you try to reschedule the profile, you get this error message:

12007 – Action: Failed to add profile to the scheduler queue. The profile is already in the queue.

This happens because Urchin’s scheduler is very sensitive to server reboots.  If you have jobs scheduled to run at night and let’s say you push patches to the server and reboot in the middle of the night, it can cause this error to appear on some of your profiles.  You get these errors because the log processing engine and scheduler never received the proper exit signals which means there will be database entries in the MySQL database that will be in an inconsistent state.  When the server boots back up, the log processing engine cannot pick back up where it stopped and the web GUI will show the profile is “Running” even though it is not.

The quick solution for this is to navigate to your Urchin bin folder via command prompt.  Here is an example path:

C:\Program Files\Urchin6\bin

then type:

urchinctl stop

which will stop all Urchin processes.  Then open up MySQL Command Line Client and type:

use urchin;
delete from uprofiles_queue;

This switches the database to the urchin database and deletes all running profiles.  Now if you go to to the web GUI under Profile Task Scheduler, you will see everything looks normal.  Now trying running the job again and it should work.  You should get a message saying:

12009 – Action: Profile has been queued to run. Please check the Profile Task History screen for status and runtime output.

Now don’t forget to restart your Master and Slave scheduler services or the job will remain in a queued state until they are back up:

urchinctl start

Now verify the job is actually running properly by clicking the green “Running” link for the job and you should see it processing the logs.

I was lucky enough to attend the Microsoft New Efficiency event for Windows Server 2008 R2 on Monday.  It was a limited capacity technical briefing aimed at IT Professionals.  They also had an Exchange 2010 and Windows 7 track at the same time but I chose to attend the Server 2008 R2 track.  It was divided into 4 sections and was hosted by Kevin Saye (kevin.saye@microsoft.com) who is the Pre-sales technical support specialist for Windows Server in this region.  I’ve heard him speak at events before but never had a chance to actually do a QA session with him till now.

So, on to the new stuff in Server 2008 R2 that I found interesting!  This is not a comprehensive list by an means, just the stuff I thought was very useful.  I’ll go over each in detail in the coming days and how it will fit into your enterprise environment.

-Active Directory Administrative Center (ADAC)
-Managed Service accounts
-Active Directory Recycle Bin
-Graphical PowerShell
-Turning off CPU cores to conserve power
-Group policy can now execute Powershell scritpts
-Group policy granularity through item level targeting
-FCI to classify data and take actions on it
-.NET now runs on Server Core installs
-Remote Desktop Services now has multi-monitor support (up to 8 monitors), bi-directional audio (useful for VOIP), and enhanced multimedia support using your local graphics card instead of “screen painting” as it was before.
-DirectAccess with Windows 7 and Server 2008 R2 – Extends the network to include remote users instead of just a remote user dialing in via VPN.  Uses the Teredo protocol.  Was able to access the Microsoft intranet site (http://msw) without ever having to dial in and from behind a corporate firewall.  It uses IPsec and it only works with Windows 7 machines which are on the domain. 
-Branch Cache – Caches only the requested data unlike DFS.  Means a lot less space is required unlike DFS which is an exact duplicate.

THE FUTURE
Kevin says expect to see more componentization in MS products.  Expect to moved vhds around on servers like OS, Apps, & Data vhds interchangeably on your VMs.

.NET 2.0 counters won’t show up in perfmon by default when using the /wmi switch.  They will show up in you just use regular perfmon but if you are trying to monitor .NET 2.0 counters via WMI, you are stuck.  Microsoft is aware of this and released 951683 to fix this issue.  You can request the hotfix from CSS here:

http://support.microsoft.com/kb/951683

This hotfix is included with .NET 3.5 SP1 onward so if you have it installed, you shouldn’t experience this issue.  After installing the hotfix (does not require a reboot), just restart the WMI service and run this from command line:

winmgmt /resyncperf

which will resync counters with WMI.  Then open perfmon using “perfmon /wmi”  and you will see the missing counters. 

You can also use the wbemtest.exe utility to test and troubleshoot WMI related issues.  Just run this from command line:

wbemtest.exe

Click the Connect button and change the very first field to “root\cimv2″.  Then press Connect and then click Enum Classes on the next window.  Leave the superclass blank but change it to Recursive and press OK.  It will query every WMI class on the server and you can click on them to get further details.  This should help you tremendously if you write your own WQL queries!