Getting Hyper-V to work

 

Yesterday I was setting up Hyper-V on my new Windows 8 laptop I’ve got from work.

On my own laptop it all worked perfectly and I wanted to have an exact same config. So that’s what I’ve done. Only somehow I just not got it to work. Both laptops had the same configuration settings all identical but one worked and the other one not.

After a lot of auch and oofffs, and removing and creating new virtual switches in the Hyper-V Manager I founding the solution.

Just by disabling the Hyper-V adapter and enabling it everything started to work magically and running very smooth. I don’t have a clue why I had to do this for the first time ever but the disable/enable trick fixed the problem.

 

Multiple SSL sites bind to IIS using a named certificate

Sometimes you like to have multiple sites run with an SSL certificate to be accessed under port 443. If you use a wildcard certificate (*.domain.com) as I can recall there will be no problems. But if you use named certificates weird things are happening.

You bind the wright certificate to a site and up to the next one and so on. Then suddenly an error “the certificate is in use“? You start checking the bindings and everything is mixed up.

After a search on Bing I discovered it happens on IIS 6.0, 7.0 and 7.5 and probably also on 8.0 in server 2012 but I have not checked that. The solution below works for 7.0 and 7.5.

 

Steps

1. First set the certificate in IIS and then bind it using the command described below.
2. Go to  C:\Windows\system32\inetsrv in a command prompt and fill out the command below.

 

Example for a site with a named certificate intranet.domain.com:
Keep an eye out for the double and single quotes!

appcmd set site /site.name:”SITE NAME AS SHOWN IN IIS” /bindings.[protocol=’https’,bindinginformation=’*:443:’].bindinginformation:*:443:name.domain.com

 

appcmd set site /site.name:”intranet – 443” /bindings.[protocol=’https’,bindinginformation=’*:443:’].bindinginformation:*:443:intranet.domain.com

 

Hope it can help you,

 

Failover Cluster Service – Error status 87

A moment a go I was setting up a Windows Failover Cluster for SQL 2008 R2. After configuring both the NIC’s and connecting the LUNS by using SnapDrive from NetApp I thought I was ready to go.

I’ve created the cluster and all the resource groups and ready to go for the final cluster validation. I hoped the best but I already noticed the little red dot on the clusternaam right under the Failover Cluster Manager.

I was presented with a status 87 error meaning he could not retreive all the disk. It turned out that the C:\ drive has a small partition of 100 MB needed for setup and upgrade. This partition doesn’t have a drive letter assigned for good reasons only the cluster manager thought differently.

Here’s how to assign a temporarily driver letter. Because after a reboot it’s gone again but it’s only needed to validate the cluster.

Steps

1. Open the command prompt CMD.exe
2. Type diskpart
3. Type list volume
4. Type select volume 4 (or 1, 2, 3….)
5. Type assign
   

Repeat this step for all the nodes in the cluster.

Event ID 10 – Windows Management Instrumentation

Whenever I scroll true the Windows Event Logs I have the tendency to try to get rid of all the nice red error en yellow warning messages. They appear for a reason and if it’s possible I always like to fix it. 

Sometimes I notice a WMI error with event ID 10 in the Application Log section. It seems to appear every time the system reboots.

 Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99″ could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

 

What is WMI?
WMI stands for Windows Management Instrumentation and let you control certain tasks or read information of a local or remote system. Here you find more information about WMI. ttp://technet.microsoft.com/en-us/library/ee692772.aspx

 

How to fix it?
There are two ways of fixing this,

1. Boot in Safe mode
2. Stop the “Windows Management Instrumentation Service”
3. And take ownership of the folder or the contents of the folder “C:\Windows\System32\wbem\Repository”
4. Restart the system and notice it will not come back. The old messages stay until you delete them.

The method Microsoft gives us is by a VB script. This will script will fix the error but will not stop WMI functionality it continue to work as long as the Windows Service is started. http://support.microsoft.com/kb/950375 

1. Copy and paste the script below in a text file and rename the extention *.txt to *.vbs
2. Run it and a few popups with interesting reading flash by, just click ok a few times.
3. Restart the system and you notice the message is not appearing any more.

 

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" _
& strComputer & "\root\subscription")

Set obj1 = objWMIService.Get("__EventFilter.Name='BVTFilter'")

set obj2set = obj1.Associators_("__FilterToConsumerBinding")

set obj3set = obj1.References_("__FilterToConsumerBinding")

For each obj2 in obj2set
                WScript.echo "Deleting the object"
                WScript.echo obj2.GetObjectText_
                obj2.Delete_
next

For each obj3 in obj3set
                WScript.echo "Deleting the object"
                WScript.echo obj3.GetObjectText_
                obj3.Delete_
next

WScript.echo "Deleting the object"
WScript.echo obj1.GetObjectText_
obj1.Delete_

Windows Updates error 9c48

At the moment I’m deploying 10 new VM’s to host a SharePoint 2010 farm. Beside a little bit of clicking here and clicking their I’m running multiple v-sphere consoles with the good old Windows Updates. After a few reboots I’m getting a nice error message forcing me to stop. No magical reboots can help me out of this one.

I made sure no group policies are aplied to the VM so how to get rid of the pescie Windows Update 9c48 error

The solution is simpeler then exspected. Just go to the control panel and uninstall IE 9.0. After an other reboot just run the updates again but first click check updates so you get more updates then Windows show you. After this little escapade it’s back to business.

Disable SSL Protocols and weak Ciphers IIS SSLv2

 This week at our office we are undergoing a security audit. It’s always a good Idea to let your system being checked out by external guys  who have some tricks up their sleeve. So to security cowboys armed with Linux laptops found a minor issue on my portal. Actually I’m really happy because I learned a new trick.

It turns out that SSLv2 is really old and easy to decipher, only clients who really have an old machine cannot enter over SSL anymore but XP with a recent browser will still work. Anyways they asked me to disable SSLv2 and let their pearl script do his magic. I passed   😉

Here’s what I had to do to turn it off and here ‘s a link to a GUID tool for the people without uber cool pearl scripts.
d

http://foundeo.com/products/iis-weak-ssl-ciphers/

Run the test now for a before and after test, 

d

• Turn your WFE’s off and make a VMware snapshot if you use VM’s that is. better safe then sorry.
• Open regedit and place a DWORD key with the name “Enabled” and the default value off  “0” (zero). at the following registry keys.
  d

• HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56
• HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128
• HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128
• HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128and one more
• HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols\SSL 2.0\Server

d

Now run the test again and your checkmarks are both green.
If you have any banking information you should also do something about the SSL 3.0 medium security to pass an audit. This is just voor SSL 2.0

By the way I did this on a Windows 2003 server with IIS 6.0 As I don’t know the exact keys for 2008 R2 yet but maybe it’s the same.

d

d

How to extract Cumulative Updates and Service Packs

At the moment I’m preparing for a new initial installation and I know it’s smart to slipstream the service packs, cumulative updates and language packs. So below you find the switches on how to extract the files.

Steps

1. Extract the downloaded service pack or cumulative update to an easy folder in the root. Like, C:\abc
2. make a folder in abc like unpacked (C:\abc\Unpacked).
3. Open a command prompt, go to the easy folder (source) and type

   PackageName-KB12345-x64.exe /x:C:\abc\Unpacked

4. or if it doesn’t work (it depents on the CU or SP)try this.

   PackageName-kb12345-x64-fullfile-en-us.exe /extract:C:\abc\Unpacked

5. A small window will popup show the package is extracting.
6. Now you can copy the *.msi’s to the update folder inside the setup binary files or run it by hand.

    

    

Mark Russinovich’s Windows Troubleshooting

I just watched this great presentation from Mark Russinovich (Sysinternal tools) about troubleshooting unexplained Windows mysteries. It’s just an hour and a few minutes but it’s time well spent and a great laugh. I was pointed out on this video true the TechNet Flash newsletter. Just follow the link and enjoy.

Video: Mark Russinovich’s Windows Troubleshooting

Mark Russinovich, the master of Windows troubleshooting, walks you step-by-step through how he has solved seemingly unsolvable system and application problems on Windows, including how to apply the Microsoft Debugging Tools and his own Sysinternals tools to solve system crashes, process hangs, security vulnerabilities, DLL conflicts, permissions problems, registry misconfiguration, network hangs, and file system issues.