Installing Windows 2008R2 on a Dell R730xd

Unfortunately Dell does not support Microsoft Windows Server 2008R2 on the latest Dell R730xd anymore.
When asked they say it has to do with declining support from Microsoft for the specific OS.
The Operating systems that are still supported are :
– Microsoft Windows Server 2012
– Microsoft Windows Server 2012 R2
– Microsoft Windows Server 2016

I still wanted to install Windows 2008R2 on the machine as my Exchange DAG cluster does not support another OS because of cluster agent compatibility.

So :
I got myself an image of Microsoft Windows Server 2008R2 in my specific required flavor.
Grabbed a 32-bit H730 driver of the dell website, extracted the contents to a folder and used the idrac ‘Virtual Media’, ‘Create Image’ to have the .img file ready.

Important !!!!
The machine prefers UEFI for a BIOS mode which means you will need to enable the video Boot rom.
(source: https://community.spiceworks.com/topic/779348-dell-r730xd-can-t-get-past-windows-is-loading-files)
It was somewhat hard to find, but you MUST turn that option on.
If you dont, you will hit a blue screen wall when booting the setup and a few clicks in.

Boot from the virtual image and DONT use the lifecycle Controller.
When it prompts for the proper driver for the storage controller, make sure the .img is connected to the virtual floppy.
Dig into the file to the Payload folder
It will find the percsas3.inf file and install your raidcontroller.

From there on it is a next,next,finish installation as we are all used to.
Should you encounter a ‘Error: 0x80c00001’ re-check the virtual image or the windows installation.

Good Luck!

Interesting Powershell Read for any Windows Engineer

David Das Neves has produced a very core and basic post explaining the reasons for using powershell, how to use it and how Powershell Security actually works.
Go check it out !

Powershell Security at Enterprise Customers

I am aware that the weight of the article is on powershell Security, but he covers pretty much all the bases here.

Remove WorkResources from the Windows 10 Controlpanel

Context :

In our workenviroment we were offered “RemoteApp and Desktop connections” so we could use Work Resources from pretty much any location we wanted.
On my work laptop the normal office suite was installed and all other tools, so i had no need for the workresources anymore.
Turns out : you cant just remove them.
Refresh them, reconnect them, but not delete them.

Solution :

Regedit.exe
Delete : HKEY_CURRENT_USER\Software\Microsoft\workspaces\Feeds\
Explore.exe
Delete : %USERPROFILE%\AppData\Roaming\Microsoft\Workspaces\

Backup Exchange 2010 Retryable Error

Context :
Everybody that has worked with Exchange 2010/2013 is familiar with A backup failure where the most common is a writer error.
When you type

VSSADMIN LIST WRITERS

It will list back something like this :

Writer name: 'Microsoft Exchange Replica Writer' Writer Id: {75dfb225-e2e4-4d39-9ac9-ffaff65ddf06} Writer Instance Id: {088e7a7d-09a8-4cc6-a609-ad90e75ddc93} State: [1] Stable Last error: Retryable error

Resolution :
Restart whatever Service that corresponds with the failed writer :

VSS Writer Service Name Service Display Name
ASR Writer VSS Volume Shadow Copy
BITS Writer BITS Background Intelligent Transfer Service
COM+ REGDB Writer VSS Volume Shadow Copy
DFS Replication service writer DFSR DFS Replication
DHCP Jet Writer DHCPServer DHCP Server
FRS Writer NtFrs File Replication
FSRM writer srmsvc File Server Resource Manager
IIS Config Writer AppHostSvc Application Host Helper Service
IIS Metabase Writer IISADMIN IIS Admin Service
Microsoft Exchange Writer
Microsoft Exchange Writer
MSExchangeIS
MSExchangeRepl
Microsoft Exchange Information Store
Microsoft Exchange Replication
Microsoft Hyper-V VSS Writer vmms Hyper-V Virtual Machine Management
NTDS NTDS Active Directory Domain Services
OSearch VSS Writer OSearch Office SharePoint Server Search
OSearch14 VSS Writer OSearch14 SharePoint Server Search 14
Registry Writer VSS Volume Shadow Copy
Shadow Copy Optimization Writer VSS Volume Shadow Copy
SPSearch VSS Writer SPSearch Windows SharePoint Services Search
SPSearch4 VSS Writer SPSearch4 SharePoint Foundation Search V4
SqlServerWriter SQLWriter SQL Server VSS Writer
System Writer CryptSvc Cryptographic Services
TermServLicensing TermServLicensing Remote Desktop Licensing
WMI Writer Winmgmt Windows Management Instrumentation

Example:
My Exchange backup failed while running either DPM or Avamar or BackupExec or Veeam.
A retryable error on the “Microsoft Exchange Replica Writer”
Quick script i made:

get-service "MSExchangeRepl" | restart-service

Elaborate version i scheduled 10 minutes before planned backup:

Add-PSSnapin 'Microsoft.Exchange.Management.PowerShell.E2010'


$Servers = Get-ExchangeServer | where {$_.ServerRole -match 'Mailbox'}
ForEach ($server in $servers)
{
Restart-Service -InputObject $(Get-Service -Computer $server -Name MSExchangeRepl);
Invoke-Command -ComputerName $server -ScriptBlock {
Import-Module WebAdministration
Restart-WebAppPool MSExchangePowerShellAppPool
Restart-WebAppPool MSExchangePowerShellProxyAppPool
Restart-WebAppPool DefaultAppPool
}
}

This script does not only restart that nasty Replication writer, but also clears the powershell AppPools and the normal AppPool where most backup products execute powershell on the target server.

DPM: Ignore restart pending after upgrade agent

Context:
When DPM does an upgrade of the agents it will ask for a reboot of the agent system. In some cases the server will be a production server that cannot be rebooted at that specific time.
There is a way to get around this and let DPM resume the normal backup routine without rebooting the specific system.

Solution:
On the agent system DPM will create a registry key
HKLM\Software\Microsoft\Microsoft Data Protection Manager\Agent\2.0\RebootRequired
Delete that specific key and DPM will ignore the request for a restart.

Warning: 
In some cases the DPM agent will update its service or system-files for a new version.
Please make sure to plan the reboot in the near future to avoid DPM crashing from fixed bugs or known issues. Microsoft does not advise or list this workaround for obvious reasons.

Error 346: DPM is unable to retrieve the configuration information from ‘servername’.

Context:
I was trying to attach two domaincontrollers that were located not in the same domain as the Data Protection Management server, but in a trusted domain. Multiple domains exist in this forrest.
I could reach the DPM-server from each of the machines, but every time i tried to attach or install the servers to the dpm the task failed  with the above error.

Description:
Connecting the DPM agents to the server would fail with Error 346 and a reference to the WMI (Windows Management Instrumentation) not being read.

Solution:
Start with the basics and start pinging.
CMD
ping *full FQDN hostname*
example : ping DC1.production.domain1.com
ping *NETBIOS name*
example: ping DC1

You should be getting the same results.
If not : try setting the correct ip’s in the hosts file just to make sure the hosts resolve.
Run > notepad C:\windows\system32\drivers\etc\hosts
192.168.254.1         DC1.production.domain1.com
192.168.254.1         DC1
192.168.254.2         DC2.production.domain1.com
192.168.254.2         DC2

The DPM server will now find the correct hosts you wish to attach.
I’m still not quite sure what caused this, but i am assuming that the trust to the other domains and the fact those domains also feature DC1 and DC2 hosts messed up the dns resolving for the DPM.
All other DPM Error 346 references i foudn were related to firewalling and broken WMI services, but none mentioned the fact that dns resolving could be the issue.

I do realise this is a bit of a dirty fix, but i also assume that other professionals will be able to adjust the dns servers and change persistent routes to reflect a more “acceptable” fix.

References:
Excellent troubleshooting document : http://blogs.technet.com/b/dpm/archive/2012/02/06/data-protection-manager-agent-network-troubleshooting.aspx

DPM Protection agent cannot start (error 10048)

Updated July 30th to reflect the changes introduced by Update Rollup 7 for System Center 2012 Data protection manager SP1. http://support.microsoft.com/kb/2966012

Context :
My project for the last week was to fix the DPM enviroment for my new employer.
I installed and attached the DPM agent to all the machines and was able to set the firewal and permissions correctly.
At some point the DPM reported that it could not reach an agent on a specific machine.
When i logged into the machine i noticed that the DPMRA service had stopped and could not be started anymore.

Description :
After you deploy the DPM protection agent in Microsoft System Center Data Protection Manager 2007, the DPM protection agent service cannot start on the protected servers. (A protected server is a server that contains data sources that are protection group members.)

Additionally, the following event is logged in the System log on the protected servers:

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7024
Date: Date
Time: Time
User: N/A
Computer: ComputerName
Description:
The DPMRA service terminated with service-specific error 10048 (0x2740).

If this happens on an exchange server there is a high chance that the required dpm ports (5718/5719) have been taken by the exchange process.

Through the following KB article i was able to reserve the 6000-6004 range in the tcp parameter in the registry.

(To reserve TCP ports 5718 and 5719, follow the steps that are documented in the following Microsoft Knowledge Base (KB) article: 812873 How to reserve a range of ephemeral ports on a computer that is running Windows Server 2003 or Windows 2000 Server)

To change the ports that are used by the DPM agent, follow these steps on the protected computer that is experiencing the problem. Make sure that the ports that you reassign will not used by any other applications.

  1. Locate the SetAgentcfg.exe file from the DPM server. By default, the file is located at the following path:
    %PROGRAMFILES%\Microsoft DPM\DPM\Setup\SetAgentCfg.exe
  2. Copy the file to the protected computer that is experiencing the problem. Copy the file to the agent DPM\Bin directory. By default, the file is located at the following path:
    %PROGRAMFILES%\Microsoft Data Protection Manager\DPM\bin
  3. On the protected computer that is experiencing the problem, open an administrative Command Prompt window.
  4. In the Command Prompt window, change to the directory to which the SetAgentCfg.exe file was copied. For example, change to the following directory:
    %PROGRAMFILES%\Microsoft Data Protection Manager\DPM\bin
  5. Run the following command to change the ports that are used by the DPM Agent:
    SetAgentCfg e dpmra <port number> <alternate port number>
  6. Restart the DPMRA service.

If these steps do not resolve this problem, determine whether the firewall applications require that you verify these ports. Then, manually open the ports.

The DPM server will immidiately reported the agent to be in working order. If not, you can Always right-click and refresh.

Enviroment:
Note : although this article is supposed to reference DPM 2007 and server 200/2003 it was actually tested on a Windows 2008R2 server running DPM 2010
So this solution works on the following :

– Windows Server 2000/2003/2008/2008R2
– Data Protection Manager 2007/2010/2010R2
– Exchange 2007/2010/2013

References:
Reference article from Microsoft : http://support.microsoft.com/kb/947682
Reference article from Darryl Peijl on Systemcenter 2012 website : http://systemcenter-2012.blogspot.nl/2012/11/setdpmserver-failed-with-errorcode_26.html

Update :

Reference : http://support.microsoft.com/kb/2966012

This update lets administrators configure the DPMRA port and select a nondefault port by following these steps:

  1. Install UR7 for System Center 2012 Data Protection Manager SP1.
  2. Run the setagentcfg.exe command by using the following command line:
    setagentcfg.exe s <protected_server_FQDN><alternate_port>
    Note By default, this is located in %PROGRAMFILES%\Microsoft System Center 2012\DPM\DPM\Setup folder.
  3. Verify that a new entry has been created in the following registry key:
    HKEY_LOCAL_MACHINE \Software\Microsoft\Microsoft Data Protection Manager\Agent\2.0\PsPortConfig
  4. Copy the Setagentcfg.exe file from the DPM server to the following folder on the protected server:
    %PROGRAMFILES%\Microsoft Data Protection Manager\DPM\bin
  5. Run the following command on the protected server:
    setagentcfg.exe e DPMRA <alternate_port>

    Note Use the same port number that’s specified in step 2.

  6. Restart the DPM server.
  7. Restart the DPMRA service on the protected server.