EzDevInfo.com

Mixing disks of different sizes in a Storage Spaces pool

I have a Storage Spaces pool containing 2x 3TB disks. A single mirrored volume is created from this pool with a fixed size (not thin provisioned) and is set to use all space in the pool at the time of creation.

Now, I want to add 2x 4TB disks to the same pool and extend the same volume. I can't seem to dig up documentation that covers this scenario.

What will my total usable space for the volume be? Do I lose any space by using drives of mixed sizes in the same pool if I add them in pairs?

My understanding is that since this is a one-column, two copy setup, I shouldn't "leave any space on the table" as long as disks of the same size are added in pairs, even if that new pair is different in size from the current disks, but I can't seem to find any docs that confirm this.

Powershell Remotely Delete PKI Certificates

I recently rebuilt my PKI and I would like to delete the certificates that were issued to all client machines across my network. Sounds like a job for Powershell! So I wrote this script to be distributed by GPO, ran from SysVol, and triggered on client machines at startup:

set-location cert:\LocalMachine\My
$certname = $env:COMPUTERNAME + ".domain.com"
get-item * | %{
if($_.issuer -like "CN=IssuingCA*" -and $_.DnsNameList.unicode -like $certname) { remove-item .\$_.Thumbprint -Force }
}

From an elevated command prompt:

• When Ran, the script gives no output (simply a new terminal line). It returns no errors and the Certificate is not deleted.
• When the argument -WhatIf is added to the Remove-Item command in the script, again no errors and the Certificate is not deleted.
• When Remove-Item .\CERTIFICATE-THUMBPRINT -Force is ran, the certificate is deleted.

Is this a permissions issue? Is there a smarter/simpler way to do this?

Thanks!

Remote Desktop event ID 20499. No noticeable issues

I get a warning event with ID 20499 for TerminalServices-RemoteConnectionManager.The error is:

Remote Desktop Services has taken too long to load the user configuration from server \server.domain.home for user administrator.

Yet, I don't see any issues (I'm guessing because that user is on the machine local). Why am I getting this warning?

I'm on Windows Server 2012 R2 connecting from a Windows 8.1.

Can I change the update descriptions in WSUS?

On each Microsoft patch day, I have a pretty large amount of new updates I want to approve to my clients. But instead of 'Approve all updates and continue', I gather information on each update at its Knowledge Base article to decide, if this is an important update for us or not.

This is a pretty tedious task, because I have to type the according KB number into my client's browser and wait for the webpage to load. I was wondering why Microsoft isn't using the update description box at the WSUS control panel to show real helpful, detailed information. Instead, all of my updates read:

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

I started to think about a little Powershell script, that adds the neccessary information for me. But I failed on the first step, which is changing an update description by hand:

PS C:\Users\Administrator> $wsus = Get-WsusServer

PS C:\Users\Administrator> $update = $wsus.SearchUpdates('KB3013791')

PS C:\Users\Administrator> $update[0].Description
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

PS C:\Users\Administrator> $update[0].Description = '"0x00000133" Stop error when there''s faulty hardware in Windows 8.1 or Windows Server 2012 R2'

PS C:\Users\Administrator> $update[0].Description
"0x00000133" Stop error when there's faulty hardware in Windows 8.1 or Windows Server 2012 R2

PS C:\Users\Administrator> $update = $wsus.SearchUpdates('KB3013791')

PS C:\Users\Administrator> $update[0].Description
Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.

It seems that my changes are not being committed to the database. Either I'm missing some sort of $wsus.SubmitChanges() or the $wsus.SearchUpdates() command returns an 'update.Clone()' so that my changes are saved to nowhere.

How can I acheive my goal of changing the WSUS update descriptions?

Set-RDSessionCollectionConfiguration Connection Broker connects to localhost

I am running the following command from a PowerShell console on a Windows 8 machine, trying to configure a Server 2012 R2 RDS Connection Broker:

Import-Module RemoteDesktop
Set-RDSessionCollectionConfiguration -CollectionName "Example" -CustomRdpProperty "gatewayhostname:s:rdp.example.com" -ConnectionBroker "ep-ts01.ad.example.com"

However, even though I am specifying which Connection Broker to use, it always tries to connect to localhost:

New-PSSession : [localhost] Connecting to remote server localhost failed with the following error message : The clie cannot connect to the destination specified in the request. Verify that the service on the destination is running an is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". For more information, see the about_Remote_Troubleshooting Help topic.

However, Get-RDSessionCollection -ConnectionBroker ep-ts01.ad.example.com works just fine and returns the collections.

It's the same story if I do Enter-PSSession ep-ts01.ad.example.com and run it from there. However if I run the command from the server itself (i.e. not remotely) it works just fine.

How can I fix this?

Is there a replacement for the removed "Windows System Resource Manager" feature in the Windows Server 2012 R2 release?

Windows System Resource Manager (WSRM) has been removed in Windows Server 2012 R2, and I need a replacement.

I'm running a small RDP server on 2012 R2 Standard. It only has 8 GB of RAM and I need a way to limit resources for each regular user so the system doesn't grind to a halt if a single user takes more than his fair share (for whatever reason).

I can easily use Server 2012 (first "edition") instead, which only has WSRM deprecated instead of removed, as it isn't essential for me to use R2.

Is there any simple way to manage resources (mainly RAM) in Windows Server 2012 R2 since the WSRM has been removed?

What are the implications of exceeding 4 GB in a Windows Event Log?

I found this Microsoft KB that covers recommended Event Log setting maximums for operating systems up to Windows 2008/Vista, which recommends a maximum of 4GB, and have seen some other vague references that an Event Log larger than 4 GB is not recommended in at least 2008 R2, but I'm wondering what actually happens if an event log exceeds this size?

I've exceeded this on a test server (2012 R2) and haven't noticed anything like high memory usage etc. We don't care about OSes before 2008 R2, but want a large log because we are collecting events from many machines via Windows Event Forwarding and want to have all the events in one place.

How to replace permissions and everything inside with icacls on Windows Server 2012?

Using Windows Server 2012 R2 AND Windows Server 2008 R2.

I have a folder called C:\temp\test and I want to grant access to SYSTEM and a user and all files and subdirectories, and remove everthing else. I've tried this command but all the existing permissions remain:

Existing permissions are:

Access : NT AUTHORITY\SYSTEM Allow  FullControl
         BUILTIN\Administrators Allow  FullControl
         BUILTIN\Users Allow  ReadAndExecute, Synchronize
         BUILTIN\Users Allow  AppendData
         BUILTIN\Users Allow  CreateFiles
         CREATOR OWNER Allow  268435456

I want to remove all ACLs except SYSTEM, and add <DOMAIN>\<USER>

I tried this command:

icacls c:\temp\test /grant:r <DOMAIN>\<USER>:(OI)(CI)F /t

processed file: c:\temp\test
Successfully processed 1 files; Failed processing 0 files

When I look at the permissions afterwards, the <DOMAIN>\<USER> has the correct permissions but all the others remain. I thought /grant:r replaced all the permissions? Do you know what command I need to run to remove all the other permissions?

Default browser opens to msn.com when logging into Windows Server

I installed a fresh Windows Server 2012 R2 Standard with GUI instance on a VMware VM. The first time I logged in as Administrator, I noticed an Internet Explorer window automatically opened to http://go.microsoft.com/fwlink/p/?LinkId=255141 and redirected to http://www.msn.com/?ocid=wispr. This seems to be the default Internet Explorer Start Page.

This has continued - every time I log in as Administrator or any other user, this page opens.

Later I installed Firefox, and now Firefox opens to this same page on login (which is the default Internet Explorer Start Page, not the Firefox homepage!).

I've checked the Programs Menu Startup folders for Administrator and all users, and used Sysinternals Autoruns to look for something, all to no avail. There doesn't seem to be anything that should be launching IE on logon.

This was a default install of Windows Server with GUI on a network with very limited (whitelisted) outbound Internet access. In fact, msn.com isn't on the whitelist so I never see the page, only the message from my firewall that it's blocked.

I cloned this VM to a couple of other VMs and they exhibit the same behaviour.

The only hits I can find for this sort of problem involve spyware on desktop machines or shortcuts in the Startup folder. It's a mystery to me.

I've even gone through the registry and removed all four references to LinkId=255141:

• HKLM\Software\Microsoft\Internet Explorer\Main: Start Page and Default_Page_URL (changed both to about:blank)
• HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main: Start Page and Default_Page_URL (changed both to about:blank)

How to disable RDP access for Administrator

We need to disallow the domain Administrator account to access a server directly via RDP. Our policy is to log on as regular user and then use Run As Admin functionallity. How can we set this up?

The server in question is running Windows Server 2012 R2 with Remote Desktop Session Host and Session Based RD Collection. Allowed User groups do not contain the domain Administrator user but somehow he is still able to log on.

Thank you.

How can I view active remote connections (RDP) to a Windows server?

How can I view, who is currently connected to a server (Windows 2012) with a remote desktop client? I am myself connected to this server via RDP.

This question offers a solution to get IP addresses with established connections. I would be interested in a list of users or their sessions and when these sessions were active the last time.

Windows Server 2012 R2 Deduped 356GB to 1.32GB

I'm experimenting with deduplication on a Server 2012 R2 storage space. I let it run the first dedupe optimisation last night, and I was pleased to see that it claimed a 340GB reduction.

However, I knew that this was too good to be true. On that drive, 100% of the dedupe came from SQL Server backups:

That seems unrealistic, considering that there are databases backups that are 20x that size in the folder. As an example:

It reckons that a 13.3GB backup file has been deduped to 0 bytes. And of course, that file doesn't actually work when I did a test restore of it.

To add insult to injury, there is another folder on that drive that has almost a TB of data in it that should have deduped a lot, but hasn't.

Does Server 2012 R2 deduplication work?

Can I disable WSD (Web Services for Devices) on Server 2012/R2? How?

I am looking for a way to disable WSD on Server 2012 and Server 2012 R2. Basically, a number of our printers on a number of our print server have decided that using this bloody service is better than using the TCP/IP ports they were assigned, and they are changing themselves over to WSD ports which results in users being unable to print to these printers.

On Windows 2008 R2 server, I can prevent this behavior by stopping and disabling the PnP-X IP Bus Enumerator service, however, that service doesn't seem to be present in Server 2012.

The only suggestions I've come across for stopping this behavior are all sub-optimal.

1. Turn off Network Discovery (which WDS relies on to function)
2. Block WDS at the Firewall
3. Disable the WDS functionality on the printers.

I'd like a way to disable this service (and only this service) at the print server, because any of the other options involve a lot more work than I'd like (2, 3) or have undesirable side-effects (1). Does anyone know of a way to do this?

Using CA certificate for Remote Desktop Connection

I’m connecting over the web to a remote Windows Server 2012 R2 via Remote Desktop Connection for administration needs. It is a single web and database server without an AD etc.

I’m not talking about Remote Desktop Services / Terminal Server, just the simple Remote Desktop feature activated through Control Panel > System > Remote Settings. The server will automatically create a self-signed certificate to encrypt the connection and the Remote Desktop Connection client will show a certificate error due to the untrusted CA.

I have a CA signed certificate issued to the FQDN of this server and valid for server authentication (I’m using it for MSSQL Server remote access).

I’d like to use that one for RDP connections too. All tutorials (like this question) I’ve found so far describe the process for the Remote Desktop Services or Terminal Service. I have found this question stating a wmic command to set a certificate, but I don't want to try setting some values when I don't know what exactly I'm doing. What I have done is adding it to the Remote Desktop Certificates of Local Computer where the auto generated self-signed is located too.

Is that possible? If yes, what do I have to do?

Thanks!

Is ReFS ready to host production VHDXs on Hyper-V 2012 r2 clusters?

One of the new features that I didn't see listed in all the "Windows Server 2012 r2" posts is that Clustering now supports CSVs that are formatted with ReFS. So, naturally, I would like to change the CSVs where I store the VHDX files to be ReFS. But the VHDX files are being used to store database files in VMs running Sql Server 2012.

The thought is that I would then have RAID at the hardware level, protecting against instantaneous failure. Above that, the real OS (Hyper-V Server 2012 r2) would maintain them as ReFS volumes, which would protect data on those drives against bitrot. Finally, VHDXs are NTFS drives, which means the applications being supported continue to use the filesystem they rely on.

So far, the best I can find is that this is technically supported---because Hyper-V reports that you must turn off the "data integrity" setting in the VHDX file (Set-FileIntegrity cmdlet) when you try to use it from the ReFS volume. But I can't find any more solid information than that. Is it really ready for prime-time, or is it effectively just a tech-preview for clustering?

Edit: 2014-01-22

I found that ReFS only detects bitrot by itself. In order to have ReFS both detect and auto-fix, you must also use Storage Spaces to create a RAID-1 volume using multiple ReFS drives. So it's looking like my solution is evolving into having the hardware RAID present its disks as JBOD, then Windows would take care of the RAID-1 part. I'll be testing if this is a viable setup in Production over the next month or so.