Category: PowerShell

How to enable Azure Backup to Canada (Central)

Earlier in 2016, Microsoft increased the number of  Canadian Data Centers to two: Canada East and Canada Central. With most of my customers being within Canada, naturally they want their Azure Backup data stored within the Canada Data Centers/Regions — makes sense for many (legal) reasons. Only problem is, Azure backup is still very limited to specific locations (see chart below).

Fellow Canadian and MVP — Stéphane Lapointe, was able to get this working with some PowerShell magic — Please visit his blog to get the more details of his workaround. The PowerShell code below is workaround to get Azure Backup services bound to the Canadian Regions/Data Centers, specifically the Canada Central region (note, this is still in Preview state), until Microsoft officially allows all Monitoring/ASR services (along with others) to be generally available. This will allow you to create new Azure Backup services and bound them to Canada Central. For more information on this announcement and code details, please visit Microsoft’s announcement.

Also, worth noting, this will only allow you to use Canada Central region for new setup/configurations. It will not change current setups to Canada Central.

Execute the following code on your machine (Run As Administrator…)

Import-Module AzureRM -Force 

#azure account login stuff
$username = ""
$cred = New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $username, $password
Login-AzureRmAccount -Credential $cred
$SubscriptionName = 'Visual Studio Enterprise'

#update recovery services to Canada Central from whatever region it may be (US East, US Central, etc.)
$ErrorActionPreference = 'Stop'
Get-AzureRmSubscription –SubscriptionName $SubscriptionName | Select-AzureRmSubscription
Register-AzureRmResourceProvider -ProviderNamespace Microsoft.RecoveryServices
Register-AzureRmProviderFeature -FeatureName RecoveryServicesCanada -ProviderNamespace Microsoft.RecoveryServices

powershell-result

After about 5 minutes, I re-ran the query, and the Recovery Services were registered to Canada! Sweet..eh? 🙂

powershell-result-2

Now you can create new Azure Backup services bound to the Canada Central region:

arm

(more…)

Issues with Azure Active Directory and Login-AzureRmAccount

If you’re like me, you have probably banged your head against the wall a few times with the Login-AzureRmAccount cmdlet… I reached out to the Azure Development team and not only is this a known issue, but there is currently no solution at the time…. Hmm.

Here is a bit of the background story, followed with the problem and solution to the issue.

Background:

Using PowerShell to script an auto-login to Azure, and start (and shutdown) Virtual Machines (yes, OMS Automation could help/solve this, but in this scenario my customer is currently not on-board with OMS). At any rate, the script is designed to capture some data on a on-premises server, if the threshold breaks, then begin starting resources in Azure, likewise, if the threshold falls back then shutdown those same resources in Azure.

Problem:

Running the following code, I keep getting the a null entry for SubscriptionId and SubscriptionName. Even though the user I have created is a co-administrator and has access to all the resources necessary. Assuming the login did work and the data isn’t needed…when try to start my Azure VM I get an Azure subscription error. So, let me check the subscription details. Well, there we go, I get the following response, “WARNING: Unable to acquire token for tenant ‘Common’” ….. So what gives?

powershell-reply-1

powershell-reply-2

I check and confirm the test-user is in-fact an administrator in ARM (Azure Resource Manager):

arm-portal-1

Solution:

Turns out, the user account created, not only needs to be created and added to the resources with Azure Resource Manager (ARM), but also needs to be assigned as an Administrator within Azure Classic Portal.

classic-portal-1

classic-portal-2

classic-portal-3

Once the test-user was added within the Classic Portal Administrators and set as Co-administrator, I could then get SubscriptionId and SubscriptionName info populate, and Get-AzureRmSubscription with proper details. Yay! (Still get that tenant ‘Common’ warning however…)

powershell-reply-3

Now I can go ahead with my script!

I hope this helps you as much as it helped me.

System Center Operations Manager (SCOM) 2016 – Requirements for Windows Server 2016 via PowerShell

The following PowerShell code is to install all the necessary IIS components for System Center Operations Manager (SCOM) 2016 Web Console on Windows Server 2016.

Import-Module ServerManager
Add-WindowsFeature Web-Server, Web-WebServer, Web-Common-Http, Web-Default-Doc, Web-Dir-Browsing, Web-Http-Errors, Web-Static-Content, Web-Health, Web-Http-Logging, Web-Log-Libraries, Web-Request-Monitor, Web-Performance, Web-Stat-Compression, Web-Security, Web-Filtering, Web-Windows-Auth, Web-App-Dev, Web-Net-Ext45, Web-Asp-Net45, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Mgmt-Tools, Web-Mgmt-Console, Web-Mgmt-Compat, Web-Metabase, NET-Framework-45-Features, NET-Framework-45-Core, NET-Framework-45-ASPNET, NET-WCF-Services45, NET-WCF-HTTP-Activation45, NET-WCF-TCP-PortSharing45, WAS, WAS-Process-Model, WAS-Config-APIs, web-asp-net -restart

You can also find this in Microsoft’s TechNet Gallery, HERE.

Step-by-Step – Installing System Center Operations Manager (SCOM) 2016 on Windows Server 2016 with SQL 2016

This post I will be installing System Center Operations Manager 2016 (SCOM) RTM, Build Number 7.2.11719.0.

Here is some of the background information. As this post will concentrate on the installation of SCOM 2016, I am going to omit the setup and configuration of the Domain Controller, Windows Server 2016 for both SCOM Management Server and SQL Server (Please note, I am using SQL Server 2016, both servers on Windows 2016).

If you need help setting up SQL 2016 for SCOM 2016, please visit HERE.

Environment:  Virtual; ESX 6.0 Hypervisor

SCOM Management Server:

  • Windows Server 2016
  • 4 vCPU (2.00GHz)
  • 12 GB memory
  • 100GB Diskspace
  • 1GB vNIC

SQL Server:

  • Windows Server 2016
  • SQL Server 2016
  • 4 vCPU (2.00GHz)
  • 24 GB memory
  • 300GB Diskspace
  • 1GB vNIC

Service Accounts and Local Administrator:

Domain\Account Description Local Admin on…
domain\SCOM_AA SCOM Action Account SCOM & SQL
domain\SCOM_DA SCOM Data Access/SDK Account SCOM & SQL
domain\SCOM_SQL_READ SCOM SQL Reader SQL
domain\SCOM_SQL_WRITE SCOM SQL Writer SQL
domain\SCOM_Admins SCOM Administrators Group SCOM
domain\SQL_SA SQL Service Account SQL
domain\SQL_SSRS SQL Service Reporting Services Account SCOM

 

Now, if you’re lazy like me, or are tired of doing this setup for environments, I have scripted the automation of these accounts. You can find that link here, Microsoft TechNet Gallery.


Let’s Begin:

2

3

For completeness, let’s install all the features of SCOM 2016. (I am hosting a default SQL 2016 instance on the SCOM Management Server for SSRS)

4

5

Well, that’s not new… Errors. Since this is a clean, vanilla Windows 2016 server, we will need to install all the necessary Web Console components, along with Report Viewer Controls (probably SQL CLR Types too..).

  • For the Report Viewer Prerequisites, go HERE.

Note, oddly I was unable to install with CLR SQL 2016, Reports Viewer still complained and required CLR SQL 2014.

  • Here is the PowerShell command I ran to install the necessary IIS features/roles:
Import-Module ServerManager
Add-WindowsFeature Web-Server, Web-WebServer, Web-Common-Http, Web-Default-Doc, Web-Dir-Browsing, Web-Http-Errors, Web-Static-Content, Web-Health, Web-Http-Logging, Web-Log-Libraries, Web-Request-Monitor, Web-Performance, Web-Stat-Compression, Web-Security, Web-Filtering, Web-Windows-Auth, Web-App-Dev, Web-Net-Ext45, Web-Asp-Net45, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Mgmt-Tools, Web-Mgmt-Console, Web-Mgmt-Compat, Web-Metabase, NET-Framework-45-Features, NET-Framework-45-Core, NET-Framework-45-ASPNET, NET-WCF-Services45, NET-WCF-HTTP-Activation45, NET-WCF-TCP-PortSharing45, WAS, WAS-Process-Model, WAS-Config-APIs -restart

 

Once the server is back online, you will need to register ASP.Net.

6

You will need to apply the following using Command Prompt (as Administrator)).

  1. cd %WINDIR%\Microsoft.NET\Framework64\v4.0.30319\
  2. aspnet_regiis.exe -r
  3. IISRESET
  4. Reboot your server…

Once the server is back online, let’s try that Prerequisites check again….

7

Great! Now all of Prerequisites have been met!

8

Provide a meaningful Management Group Name (there’s no going back after this…)

9

SQL Server will be where your SCOM SQL instance(s) were installed. For me, I have built two instances on my SQL2016 server (SCOM_OPSMGR & SCOM_DW).

10

11

12

13

14

15

16

17

I recommend always keeping this off, and manually updating your SCOM infrastructure.

18

One quick review. Looks good. Hit Install, and get some fresh air!

19

A few minutes later….

20

Sweet! All good. I hope this helps. If you have any questions or issues, please drop me a line.

Please note, it is STRONGLY ADVISED to install the Update Rollup 1 once you have deployed SCOM 2016. For that walk-through, please visit the following post, HERE.

Happy 2016 SCOM’ing!

(more…)

What’s new with Hyper-V 2016? (PowerShell Direct)

In Windows Server 2016, Hyper-V 2016, Microsoft has created PowerShell Direct. PowerShell Direct allows us Hyper-V administrators to communicate with a VM from the Hyper-V host regardless of the network configuration, firewall settings, security policies,  and/or remote management settings. Provided the VM meets the basic criteria (see below), we can communicate with the VM with simple PowerShell! (Sweet)

*Yes, you could always log in to the VM as well…….<lame>*

PowerShell Direct Requirements:

In order to make use of PowerShell Direct, the following conditions need to be met:

  1. Hypervisor must be either Windows 10, or Windows Server 2016
  2. Virtual Machine must be either Windows 10, or Windows Server 2016
  3. Must have valid user credentials for the VM
  4. The VM must reside on the same Hypervisor
  5. The admin logged into the Hypervisor must be a Hyper-V administrator

Example:

In my example, my Hypervisor is Windows 10, and my guest VM is also a Windows 10 machine. (Sorry too lazy to get my server up =) )

Here are some cmdlets you will need to know:

  • Get-VM will provide a list of all the VMs on your Hyper-V host
    • Get-VM
  • This will establish the connection between you (the host) and the guest VM:
    • Enter-PSSession -VMName <VMName>
  • If you want to run a block of code, rather than single line:
    • Invoke-Command -VMName <VMName> -ScriptBlock { commands }

PowerShell

I got that error as I shutdown the VM too quickly…

As you can see, there was no Network Adapter on my VM. Also in the screenshot above, no information was provided when I queried an IPCONFIG.

VM vNIC Settings

Also, I was able to shutdown the VM from my host. 🙂

shutdown VM shutdown VM(2)

 

I hope you’re excited as I am! Cheers!

For more information on Hyper-V 2016 and/or PowerShell Direct, see HERE.

Azure Automation PowerShell ISE Add-On

Not too long ago, Microsoft released a new PowerShell module add-on for Azure Automation. This is great as it allows us to work locally and connects directly to Azure, connecting us to our existing Runbooks, gather subscription and account information, etc. This is great for anyone that is interested in OMS Hybrid-Runbooks, DSC (Desired State Configuration) and the future! 🙂

Here’s a link to Microsoft’s blog post, HERE.

Cheers!

SCOM 2012R2 – Set-SCOMLicense : Requested registry access is not allowed Error

So you are trying to apply the SCOM 2012R2 Product Licence with the Operations Manager Shell and getting the following error, “Set-SCOMLicense : Requested registry access is not allowed.”

Error

Try launching PowerShell (as Administrator), importing the OperationsManager Module, and trying it again.

Solution

Don’t forget, in order for the Product Key to be applied, you will need to restart all SCOM Services:

  • Microsoft Monitoring Agent (healthservice)
  • System Center Data Access Service (OMSDK)
  • System Center Management Configuration (cshost)

 

Cheers!

SCVMM 2012R2 – Error 25100 – Unable to Delete Logical Network

SCVMM 2012R2 – Error 25100 – VMM is Unable to delete the logical network

This error will occur when you are trying to delete a logical network which still has resources bound to it.

After creating some virtual machines that were bound to this logical network, I realized there was no communication between the VMs. This was a result of not selecting the VLAN-based independent network  as I chose “one connected network”. I went back to each VM and removed the network adapter/logical network. I then tried to delete the logical network and was presented with this error.

Error

Within the SCVMM Fabric and right-clicking the Logical Network in question and viewing its Dependent Resources, I was able to view that there were numerous “Temporary Templates” still associated to the Logical Network. Since time was not of the essence, I could not wait for SQL and/or SCVMM to flush the data on its own time/interval. So, therefore I forcefully removed the dependencies. Here is how:

As mentioned, if you right-click on the Logical Network and view its Dependent Resources, you will get something similar to this. Take note of the name of the string.

List of Dep Resources

Now, launch the SCVMM PowerShell Console (Run as Administrator), and run the following cmdlet, “Remove-SCVMTemplate -VMTemplate “<templateID>“.

PSCode

If the template ID was inputted correctly, you should have got the following output:

PSResult

You will need to repeat this cmdlet for all of the dependent template IDs.

 

Hope that helps!

Hyper-V Network Virtual Switches

So you’ve spun up a Windows 2012R2 machine with Hyper-V installed and ready to go. However, now you’re stuck and not sure which type of  Network Virtual Switch (vSwitch) applies to your environment(s)…

In Windows 2012R2, Hyper-V’s network virtual switch runs at Layer 2 (Data Link layer). If you are unfamiliar with this, or either terms, I suggest good old Wikipedia. 🙂 Layer 2 maintains a MAC address table contains the MAC addresses of all the virtual machines (VMs) connected to it. The switch determines where to direct/redirect the packets to based on MAC addresses. It should be noted, in Hyper-V, you can have an unlimited amount of VMs connected to this vSwitch.

In Hyper-V you have three types of Network Virtual Switches: External, Internal and Private. All have similar functions but are disgustingly different.

  1. External vSwitch allows communication between the VMs running within the Hyper-V hosts, the Hyper-V parent partition, and between all VMs on the remote host server. The External vSwitch does require a network adapter on the host (that is not mapped to any other Hyper-V External vSwitch). You can also tag to a VLAN ID.
  2. Internal vSwitch allows communication between all VMs that are connected to the vSwitch and also allows communication between the Hyper-V parent partition. You can also tag to a VLAN ID.
  3. Private vSwitch allows communication between all VMs that are connected to the vSwitch, and that is it. (Note, no communication between the VMs and its Hyper-V parent partition. Also no VLAN ID tagging can occur on the vSwitch)

Without the use of SCVMM (System Center Virtual Machine Manager), I have found there are two ways to go about creating a vSwitch, one via Hyper-V GUI and second via PowerShell.

Let’s start with the GUI:

Launch the Hyper-V console, and right-click on the Hypervisor’s Virtual Switch Manager. Now selecting New virtual network switch, you can specify your properties here. Name your vSwitch, associate to the correct vNIC, tag to the appropriate VLAN ID, etc.

1 vSwitch HyperV Host

You can now specify which vSwitch for your guest VM to use. Within the VMs properties, you will have the option to chose within the Virtual Switch (you will need to create a Network Adapter if not already done). Once selected you can specify your VLAN ID here. (I am finding you cannot specify the VLAN within the Management vSwitch, but it must be done on the client VM’s end) *Again, this is without the use of SCVMM..yet*

2 vSwitch client OS

 

The same process above can be automated via PowerShell. If you’re like me and need to provision a few dozen Hyper-V hosts, creating vSwitches via the GUI is rather tedious. This can be automated with PowerShell (and SCVMM). Please see the code below:

First you will need to get a list of all the Network Adapters your Hyper-V host has to offer. Hopefully you have named them, if you have not, I highly suggest doing this, and considering this best practice and keeping your sanity.

3 Get Adapter names via PS

Once you have the list of vNICs and their names, you can go ahead and start creating vSwitches.

4 Create vSwitch via PS Code 5 Output Create vSwitch via PS

If the code below worked (note only Line 6 is needed to create the External vSwitch) your Hyper-V host should have the vSwitch, or something similar:

1 vSwitch HyperV Host

 

(more…)

Load Balancing SCOM Agents

So you have multiple SCOM Management Servers, yet you just happen to have all of your SCOM agents reporting to one server, or maybe two if you half tried to load balance your agents. There are several reasons why you would want to have multiple Management Servers, ie. off-load workflows, reduce stress on servers, etc., etc. Well what is the point of having multiple Management Servers yet nearly all of your agents are reporting to one, or maybe two at best Management Servers, while the others are collecting dust. Load balance those agents! You could manually move an agent by right clicking and moving to a new server, or you could let our friend PowerShell automate this for you.

In my experience I have seen many SCOM environments where load balancing is either done manually, or not done at all. And usually manually implies the SCOM administrator takes a look which of the servers has the least agents, and deploys away. That works, but why not deploy to any server then let PowerShell load balance for you.

In the solution below, I am using PowerShell along with Orchestrator 2012R2. The runbook can be setup to run ad-hoc, or run regularly, ie. monthly, weekly, etc. Of course if you do not Orchestrator deployed in your environment, you could very well take the script and schedule it to run via Windows Scheduled tasks.

ce63742c-85d7-402e-b114-c3979b7ce32b

Here I have created a Runbook to execute the script, and then send back a warning notification if the Runbook failed, or an informational notification that the Runbook executed successfully.

See below for the PowerShell script. Please note, you will need to change the Line 5 with a SCOM Management server applicable to your environment, duh. This script can also be modified, and you can load balance between two gateway servers.

The script can be found HERE!

Happy SCOM’ing!