Experiment: Application Server on Windows Azure IaaS 90 Day Trial

Windows Azure now allows you to demo the IaaS (Infrastructure as a Service) model with a 90 day free trial. This is a welcome change and I thought I'd walk through the setup of something fun as an experiment: A mumble (murmur) server setup. Mumble is an open source voice chat platform that focuses on low latency and high voice quality. It's primary focus is for use when gaming, but my family uses it from time and time to "call" distant places because the low latency makes long distance chat less awkward. That said, this obviously applies to your app of choice, which is what makes this such a powerful option.

IaaS allows you to host full virtual machines in the Azure cloud. (Among other things) Pre-configured options currently include Windows (2012, 2008r2) and Linux. (CentOS, Ubuntu, Suse)

VM Management Dashboard

In this article, I'll walk you through signing up for Windows Azure, provisioning a basic 2012 server, and installing and configuring a serving platform.

Sign up

Navigate to http://www.windowsazure.com/en-us/pricing/free-trial/ and click "Try it now". You'll need to logon with your Microsoft (Live/Passport/etc.) and enter your credit card information to start an account. Note that after the 90 days you will need to cancel the account or you will be billed for anything you have setup.

Setup

After account setup you should be able to immediately log into the Azure management portal. After logging in (and browsing around; they've really done a nice job on this) click "New" in the bottom lefthand corner. To create the 2012 instance, select "Compute->Virtual Machine->Quick Create". You will then need to populate the following fields:

• DNS Name: This is both the name of the machine and where it will be accessible on the internet. The cloudapp.net suffix will be added on the end of the name. Say, for example, you name it "megawidgetgenerator01". In that case you can find it on the internet by resolving "megawidgetgenerator01.cloudapp.net". Your name will need to be unique among other machines in that DNS zone. (see the green checkbox)
• Image: What you want the VM to be. I'll be selecting "Windows Server 2012 Datacenter"
• Size: This select how many cpus and how much memory you would like. After the trial (and perhaps during depending on usage) you will be charged relative to your resource utilization. "Larger" machines cost more per month. I'll be going with "Medium" for my test, which gives me 2 dedicated cores and 3.5GB of RAM. The processors used (as of the writing of this article) are the AMD Opteron 4171 HE, not a stellar performer but excellent in the cores-per-watt department which makes it a smart choice.
• UserName: Fixed at this time to "Administrator" 
• Password: for the admin account. Pick something good; this is accessible from anywhere. 
• Location: Which datacenter do you want it in? Pick the geo closest to your users. 

After filling that out, click "Create Virtual Machine".  Your new VM will be provisioned within a few minutes. You can now connect to your new server by navigating in the Azure management portal to Virtual Machines->Select your new VM-> Connect (on the bottom). This will send you a .rdp file to connect via RDP, but know you can just connect to the hostname you selected at any time; RDP is automatically enabled and unblocked by the default image.

Configuration

After connecting, you probably want to run Windows Update to ensure everything is patched up. After that, do the following:

• Install your application. (Mumble in my case) 
• Unblock the ports in Windows Firewall
• Set the ports up as Endpoints in Azure EDIT: See my article here.

Windows Azure defeats the IPv4 exhaustion issue by NATing VMs. (boy IPv6 will be nice) Because of this, you need to setup enpoints in Azure so they can update their NAT rules to forward ports on the public IP (visible when you click your VM and look under "quick glance") to the private IP associated with your machine. The current limit for endpoints is 150 ports.  This should be more than enough for most applications. To accomplish this: refer to the following:

• Hey Scripting Guy! Using powershell to create new firewall rules. 
• MSDN: Powershell cmdlets for adding Azure endpoints

Overall I'm impressed. I'm very excited to work with Azure in the future. With these capabilities, I feel I've always got another datacenter on tap for any of my clients I can use for load balancing, DR, or as a primary site for whatever they may need.

Server 2012 Hyper-V + RDP + RemoteFX = a Delicious "Sangwich" of Cheap VDI

Oh man. Microsoft has done well on this; VDI/RDP/HyperV/RemoteFX have come together very nicely in 2012. The incremental improvements over the last 4 or so years to RDP, Hyper-V, and RemoteFX have made a great platform for cost effective VDI. This article will outline setting this entire environment up on one Server 2012 Datacenter box, but this could be scaled to as many machines as you need. (Add VMM for management in a large deployment) In this article I'll be walking through a basic setup of a Hyper-V Virtualization Host, Connection Broker, Web Access, a pool, the whole 9.

Assumptions:

• You have at least one 2012 Hyper-V host setup.
• You've got at least one 2012 server ready to go as the other roles. This can be a VM. 
• You've got a sangwich. You'll need one, this is a bit of a lengthy install. 

Starting in seemingly reverse order will make this while thing easier; you'll see why.

Create an Template/Image to use For VDI

BTW, more template info here.

1. Create a Virtual Desktop template by making a new VM with (generally) default settings. Insert the ISO and install the OS and make sure your product key is applicable to be in a your target VDI environment  (i.e. MAK with a SA or KMS as applicable) 
2. After installing the OS, execute sysprep or something similar. On windows 8, that will be located under %SystemRoot%\system32\sysprep\sysprep.exe. Make sure you generalize and restore to OOB Experience; select shutdown when complete. 

Install Remote Desktop Services Components

1. Prior to starting the RDS installation, you need to add all servers involved in your deployment to server manager to enable them as options during deployment. To do so, click "Add Servers To Manage" from the start screen of server manager and add any servers that will be part of the setup. (Hyper-V host, RDS Connection Broker, Session Host, etc.) 
2. After adding the server(s) in question, start the RDS deployment by clicking "Manage->Add Roles and Features" from within server manager. 
3. Proceed to the "Installation Type" and select "Remote Desktop Services installation" and click "Next".  

4. On "Deployment Type" select "Standard deployment" and click "Next". Unless you've been through this before, I don't recommend Quick Start as it skips some things you should know. 
5. On "Deployment Scenario" we'll be going through "Virtual machine-based desktop deployment". Select it and click "Next". Note that both options here have their uses, we're just covering VDI because it's a newer option. For more information on the differences, see this blog post by Yung Chou. 

6. Based on our choices, it should notify you that RD Connection Broker, RD Web Access, and RD Virtualization Host will be installed. Review and click "Next". 
7. You will be prompted to select a machine from your pool to host the RD Connection Broker role. Select the host(s) you would like for this role, move them to the right plane, and then click "Next". The Connection Broker distributes load across multiple hosts (if applicable) and maintains session information to ensure users are directed to the proper session or virtual desktop. For more information, see this TechNet article. This role can be hosted by a virtual machine. 
8. Now you'll be prompted to select the RD Web Access server. In smaller deployments it is very common to place this on the same server as the RD Connection Broker. In larger environments you'll need to take external connection needs and security into account. Either click "Install the RD Web Access role service on the RD Connection Broker server" or select the server(s) you do want and click "Next". This role can also be hosted by a virtual machine. 
9. Time to select virtualization host(s). This role cannot be hosted by a virtual machine for obvious reasons. Select the machne(s), move them over, and click "Next". 
10. You'll be presented with the confirmation screen; review the information and click "Deploy" to create the whole setup. 
11. The progress of each role installation will be displayed; do not be suprised if this takes some time. 

Setup a VDI Collection

1. In server manager, click "Remote Desktop Services" and then click "3> Create Virtual Desktop Collections" 

2. Click "Next" to bypass the before you begin section and then give your collection an appropriate name and click "Next" again. 
3. Select the type of collection you want, Pooled virtual desktops or Personal virtual desktops. There is a lot that goes into this decision, but as a rule of thumb you can think of it like this: Pooled virtual desktops = many (users) to one relationship and Personal virtual desktops=one to one relationship. For my lab I'll be doing Personal virtual desktops, so please note that the options listed after this may be slightly different should you want Pooled. Unless you know you want otherwise leave "Automatically create and manage virtual desktops" checked and click "Next".
4. When prompted with "Virtual Desktop Template" select the template we created in the first step and click "Next". 
5. (This step unnecessary for pooled desktops) In most cases, you'll want to leave "Enable automatic user assignment" selected because that will give the requesting user access to a newly provisioned VD. If you desire, select "Add the user account to the local administrators group on the virtual desktop" and click "Next". 

6. For "Virtual Desktop Settings" you should provide your Sysprep answer file; this will contain all the provisioning settings for your company. Since this is a lab setup in my case, I'll be selecting "Provide unattended installation settings". Click "Next".
7. You need to know where you want to place automatically created VDI objects in Active Directory. After making that determination you'll need to paste in the path to the OU. Then, we'll need to generate a powershell script and execute it on a machine that has the Active Directory management tools installed on it. First things first, navigate to a machine with the Active Directory management tools installed and logon as an account with appropriate domain privs. On that machine:
8. Open Active Directory Administrative Center and navigate to where you would like the VDI machines go to; create the OU if necessary and double click to go into it. Select the navigation plane (next to the arrow keys on the top) and it will give the DN. Copy and paste this DN to specify in setup. 
9. Switch back to the RDS server. Set the time zone and then select "Specify the distinguished name of the organizational unit" and paste in our DN from the other server; DO NOT click Next yet. 
10. After pasting the DN in, click the "Generate script" at the bottom of the window and copy all the contents of the script.

11. Switch back to the AD server and open notepad. Copy the script into notepad and save it to a temporary location, i.e. C:\temp\Grant-RDSRights.ps1.
12. (Still on AD server) Open Powershell as an administrator. If needed, execute "Set-ExecutionPolicy unrestricted" to allow script execution. 
13. (Still on AD server) Execute the script you just saved. If your rights are correct you will get a success message. 

14. Switch back to the RDS server and click "Next". If it doesn't work you may need to wait for the permissions to replicate. BUG WARNING: Ensure you do not have any "." characters in your DN. (I.E. in you OU names) If you do, this will not work. You will get the message "The RD Connection Broker server does not have access to add the virtual desktops to the Active Directory domain. Configure access by using the Active Directory page of Deployment Properties." despite the fact that permissions are in fact correct. (I wish I could bill someone for time wasted figuring that out) 
15. Select the Active Directory Group, # of initial virtual desktops, the machine prefix, and the machine suffix. I recommend making one AD group per collection to accurately track who has access to what. As for a machine prefix/suffix, pick something that will work for your organization. I use VDI- for a prefix. Click "Next". 
16. The "Virtual Desktop Allocation" screen will come up and allow you to distribute your VDI machines across multiple hosts if desired. Distribute accordingly and click "Next". 
17. For "Virtual Desktop Storage" select what type of storage you would like to utilize for these VDI machines. You have all your standard options here, including Cluster Shared Volumes. For more on CSVs, check this out. Select your desired disk location and hit "Next". 
18. The confirmation screen will come up; use this to review your settings and click "Create". 
19. This may take awhile depending on your disk configuration and it may even report to the window that it's not responding. Don't worry, it'll complete eventually. 

That does it! You've now got your stable of virtual machines ready to dole out to deserving employees. If you're particularly astute you will be able to convince management that there is a monthly cost for each desktop payable to your bank account.

Managing Your Collection

Adding a Desktop

1. Open Server Manager either on the RDS server or a machine with that server registered in its server manager. 
2. Click "Remote Desktop Services"
3. Under "Collections", click your collection name. 
4. Under "Virtual Desktops" on the right, click "Tasks->Add Virtual Desktop"
5. Specify how many virtual desktops you would like to add. 
6. Specify on which server you would like to add them.
7. Click "Create"
8. You will be notified when the creation request is complete. 

Assigning a Desktop

1. Open Server Manager either on the RDS server or a machine with that server registered in its server manager. 
2. Click "Remote Desktop Services"
3. Under "Collections", click your collection name. 
4. Right click on the VDI machine you would to assign and select "Assign Virtual Desktop". 
5. Specify a user to assign to and click "Assign". Note this user must be in the group you specified as the user group for this collection above. 

Configuring Licensing

This is a topic for a whole other article, but for now have a look a this Technet article and this one as well. 

Accessing Your Collection

There is enough here for another article, but to get you started: 

1. Using IE (preferably) navigate to https://your.rdweb.server/RDWeb 
2. You'll probably get a cert warning; you can fix that later by installing the proper web cert on your IIS server. 
3. Log in with your assigned user and double click on the collection you created. 

4. Enjoy your fresh install of Dos 5.0. (I'm assuming that's what you are using) 

Next up, RemoteFX. Update: RemoteFX Article here.

Installing nVidia Consumer Drivers on Server 2012 Core for RemoteFX

I'm wanting to establish Microsoft RemoteFX in my lab, and to do so, one needs a dedicated 3d accelerator. Obviously, nVidia didn't make the drivers with Server 2012 (now 2016 as well, see below) Core in mind. To accomplish this, we need do the following:

1> Download the newest drivers from nVidia. (Note the later half of these points will probably work on ATI cards as well, you just need to unpack the drivers)
2> Execute the driver setup directly on core server the and select a temporary directory. 
3> Hit "OK"; the installer will crash because it's uncomfortable in the lovely world of server core.
4> Navigate to the display.driver directory underneath the extracted files in the temporary directory you selected earlier. You should find the .inf files in this directory. For nVidia it is nv_disp.if. Update 5/3/2015: the .inf file is now nv_dispi.inf, thanks bearkiter.
5> From cmd.exe, execute "pnputil -i -a nv_disp.inf"
6> The screen will blank! Don't be afraid. After completion, you should see a screen that looks like the shot below. (yes the borders are gone)
7> Assuming it's OK to do so execute "Shutdown /r /t 0" to reboot the machine.

I'm working on another article to cover VDI/RemoteFX. Stay tuned. Update: Article here.

Update 2/3/2017: Confirmed working on Windows 2016! Consumer grade hardware works in the lab as well.

Add a GUI to Server Core 2012 and Overcoming Error: 0x800f0906

When Microsoft released server 2012 they included a very welcome new feature that allows you to install and remove the GUI on Windows Server core. There are a couple different levels, essentially one with the desktop experience and one without. While it seems this should be a straightforward process, it turned out more complicated than one would expect; here's how to do the install and work around those issues:

Note: You may see both Install-WindowsFeature and Uninstall-WindowsFeature referenced elsewhere; as Add-WindowsFeature and Remove-WindowsFeature. There is no difference; the later two are aliases for the first two.

Adding the GUI

At the most basic level, you need the following command to add the GUI on server core Install-WindowsFeature Server-Gui-Shell, Server-Gui-Mgmt-Infra . Unfortunately, this doesn't take into account the fact that the binaries we want aren't included on server core. (we'll get into this a bit more under removal) To re-mediate this, insert the Server2012 installation media or an equivalent source and modify the command with the -source parameter accordingly.

powershell

Install-WindowsFeature -source:D:\sources\sxs\ Server-Gui-Shell, Server-Gui-Mgmt-Infra

after completion:

shutdown /r /t 0

This will work if you are NOT using a WSUS server, which I suspect alot of you are. More on that below. This install may take awhile, so be patient.

Removing the GUI

Powershell

Uninstall-WindowsFeature -remove Server-Gui-Shell, Server-Gui-Mgmt-Infra

after completion:

shutdown /r /t 0

By using the -remove switch you will delete the binaries rather than just deactivate them.

Troubleshooting/Dealing with WSUS

So this procedure is not without its flaws. Unfortunately if your server is pointed to a WSUS server you'll have problems. Note that this is a different issue than the one experienced with using Server 2012 against a WSUS 3.0 server; in this case we're using a new WSUS 2012 server. The error you'll see will be 0x800f0906, which has to do with getting updates for the binaries. It seems there is an issue retrieving those binaries when pointed to said WSUS server. The entries in the %SystemRoot%\windowsupdate.log file look like this:

Not Connected to WSUS/ Successful Update:

2013-01-23    12:17:45:088     748    7bc    Agent    *************
2013-01-23    12:17:45:088     748    7bc    Agent    ** START **  Agent: Finding updates [CallerId = TrustedInstaller FOD]
2013-01-23    12:17:45:088     748    7bc    Agent    *********
2013-01-23    12:17:45:088     748    7bc    Agent      * Include potentially superseded updates
2013-01-23    12:17:45:088     748    7bc    Agent      * Online = Yes; Ignore download priority = No
2013-01-23    12:17:45:088     748    7bc    Agent      * Criteria = "CategoryIDs contains '75f164f7-89ef-4f1c-add4-c5404c8c117f' and UpdateID='20b172e5-d0aa-4721-8186-debafe5dc89f'"
2013-01-23    12:17:45:088     748    7bc    Agent      * ServiceID = {00000000-0000-0000-0000-000000000000} Third party service
2013-01-23    12:17:45:088     748    7bc    Agent      * Search Scope = {Machine}
2013-01-23    12:17:45:088     748    7bc    Agent      * Caller SID for Applicability: S-1-5-18
2013-01-23    12:17:45:541     748    7bc    Misc    Validating signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab:
2013-01-23    12:17:46:088     748    7bc    Misc     Microsoft signed: Yes
2013-01-23    12:17:46:088     748    7bc    Misc     Infrastructure signed: Yes
2013-01-23    12:17:46:103     748    7bc    EP    Got 9482F4B4-E343-43B6-B170-9A65BC822C77 redir Client/Server URL: "https://fe1.update.microsoft.com/v6/ClientWebService/client.asmx"
2013-01-23    12:17:46:463     748    7bc    PT    +++++++++++  PT: Starting category scan  +++++++++++
2013-01-23    12:17:46:463     748    7bc    PT      + ServiceId = {9482F4B4-E343-43B6-B170-9A65BC822C77}, Server URL = https://fe1.update.microsoft.com/v6/ClientWebService/client.asmx
2013-01-23    12:17:47:954     748    7bc    PT    +++++++++++  PT: Synchronizing server updates  +++++++++++
2013-01-23    12:17:47:954     748    7bc    PT      + ServiceId = {9482F4B4-E343-43B6-B170-9A65BC822C77}, Server URL = https://fe1.update.microsoft.com/v6/ClientWebService/client.asmx
2013-01-23    12:17:49:032     748    7bc    Agent      * Added update {20B172E5-D0AA-4721-8186-DEBAFE5DC89F}.200 to search result
2013-01-23    12:17:49:032     748    7bc    Agent      * Found 1 updates and 4 categories in search; evaluated appl. rules of 163 out of 309 deployed entities
2013-01-23    12:17:49:063     748    7bc    Agent    *********
2013-01-23    12:17:49:063     748    7bc    Agent    **  END  **  Agent: Finding updates [CallerId = TrustedInstaller FOD]
2013-01-23    12:17:49:063     748    7bc    Agent    *************

Connected to WSUS/ Failed Update:

2013-01-25    00:02:42:866     756    6d8    Agent    *************
2013-01-25    00:02:42:866     756    6d8    Agent    ** START **  Agent: Finding updates [CallerId = TrustedInstaller FOD]
2013-01-25    00:02:42:866     756    6d8    Agent    *********
2013-01-25    00:02:42:866     756    6d8    Agent      * Include potentially superseded updates
2013-01-25    00:02:42:866     756    6d8    Agent      * Online = Yes; Ignore download priority = No
2013-01-25    00:02:42:866     756    6d8    Agent      * Criteria = "CategoryIDs contains '75f164f7-89ef-4f1c-add4-c5404c8c117f' and UpdateID='337d9460-e236-40a9-91f3-a6831e113867'"
2013-01-25    00:02:42:866     756    6d8    Agent      * ServiceID = {00000000-0000-0000-0000-000000000000} Third party service
2013-01-25    00:02:42:866     756    6d8    Agent      * Search Scope = {Machine}
2013-01-25    00:02:42:866     756    6d8    Agent      * Caller SID for Applicability: S-1-5-18
2013-01-25    00:02:42:866     756    6d8    EP    Got WSUS Client/Server URL: "https://wsus.internal.lan:8531/ClientWebService/client.asmx"
2013-01-25    00:02:42:882     756    6d8    PT    +++++++++++  PT: Starting category scan  +++++++++++
2013-01-25    00:02:42:882     756    6d8    PT      + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = https://wsus.internal.lan:8531/ClientWebService/client.asmx
2013-01-25    00:02:42:913     756    74c    AU    Triggering Offline detection (non-interactive)
2013-01-25    00:02:42:913     756    6d8    Agent      * Found 0 updates and 0 categories in search; evaluated appl. rules of 0 out of 0 deployed entities
2013-01-25    00:02:42:913     756    6d8    Agent    *********
2013-01-25    00:02:42:913     756    6d8    Agent    **  END  **  Agent: Finding updates [CallerId = TrustedInstaller FOD]
2013-01-25    00:02:42:913     756    6d8    Agent    *************

Note that no updates were found.

Work Around: 

We're going to use group policy to work around this issue. Assuming you have access to do so or can convince those responsible to do so, perform the following: (note that the GPO containing the setting below cannot be overridden by a higher level GPO or this will not work)

You have two options, enable an alternative install location as outlined in this article from Microsoft, or temporarily override the WSUS setting by doing the following:

1. Without binding it anywhere, create a new group policy object called Computer_Settings_WSUS_Disable or something similar that adheres to your naming standards.
2. Navigate to the "Scope" tab on that group policy object and remove the "Authenticated Users" principal under "Security Filtering"
3. Click "Add..." and add the computer object in question. You'll have to change the object types to include computers. 
4. Right click the GPO object and select "GPO Status->User Configuration Settings Disabled". 
5. Edit the GPO and set the setting "Computer Configuration->Policies->Administrative Templates->Windows Components->Windows Update" and change "Specify intranet Microsoft update service location" to "Disabled". This will revert it to Microsoft.
6. Right click on the OU you would like to bind it to and click "Link an existing GPO..." and select your newly created GPO.
7. Do a gpupdate /force on your target server and execute the command again. No reboot should be necessary. 

After completing the update feel free to un-link or delete the GPO object.


Hopefully that gets you GUI-ing. Here are some additional links below for more reading if you desire. Feel free to leave questions in the comments!

Microsoft Ask the Directory Services Team: "Windows Server 2012 Shell game"

How-To Geek: Turn the GUI off and On in Windows Server 2012

Yung Chou: Windows Server 2012 Installation Options

Jason Yoder: Error when moving from Core to full GUI in Server 2012

HOWTO Connect Powershell to SQL Server

In this article I'll be walking you through using Powershell to connect to SQL database. The objective is to be as straightforward as possible while providing context the whole way. Remember that lines marked with # are comments. Some of these will get long because we're trying to provide in-line context.

Assumptions:

• Powershell 2.0 or higher
• Connecting to a MS SQL server; for other connection strings see the excellent connectionstrings.com
• Appropriate access to the SQL DB in question with your currently logged on account
• Guts. 

Forward (or, WTH are we doing?!)

We'll be using two different objects for this operation: System.Data.SQLClient.SQLConnection and System.Data.SQLClient.SQLCommand. The first is a connection object that allows you to attach to the DB, and the second is a command object that allows you to specify and submit your command. Both these objects are part of the .NET framework, so they should be present on any machine that can run Powershell. Avoid using Microsoft.SqlServer.Management.Smo.Server unless you need to (and you'll know it) because it requires the SQL tools to be installed. 

In this first example, we'll be doing a query and returning the results. I won't be covering specifying UserID and PW in this because that relies on 1> SQL authentication and 2> Stores UserID and PW in the script. Bad idea. 

Setting the Stage

Let's first declare some of our variables to keep things clean down the line.

 #Declare our SQL server name; Make sure to use Server\Instance for instances, or Server:Port if you're on an instance and don't have the access to the SQL Browser service (UDP 1434). Also, try to use the FQDN because it's good practice and will insure NETBIOS issues won't trip you up.  
 $SQLServer="my.server.here"  
 #Provide the database name, i.e. "Northwind"  
 $SQLDBName="DATABASE"  

Now let's get to the meat; create objects, define properties, and open the connection. Here are reference links for the concepts in this section, followed by the comments and code:

System.Data.SQLClient.SQLConnection
System.Data.SQLClient.SQLCommand
ConnectionString Property

 #Create the SQL Connection Object  
 $SQLConn=New-Object System.Data.SQLClient.SQLConnection  
 #Create the SQL Command Ojbect (otherwise all we can do is admire our connection)  
 $SQLCmd=New-Object System.Data.SQLClient.SQLCommand  
 #Set our connection string property on the SQL Connection Object and tell it to use integrated auth, hopefully kerberos  
 $SQLConn.ConnectionString="Server=$SQLServer;Database=$SQLDBName;Integrated Security=SSPI"  
 #Open the connection  
 $SQLConn.Open()  

Now we'll define the query and execute. 

Devguru t-sql reference

 #Define our Command with a parameter (we will cover this below)  
 $SQLCmd.CommandText="SELECT [FOO],[BAR] FROM [dbo].[table] WHERE [COLUMN] = @smalls"  
 #Provide the open connection to the Command Object as a property  
 $SQLCmd.Connection=$SQLConn  
 #Set the WHERE clause in a variable to be referenced in the parameter (See section below)
 $WhereClause="smalls"
 #Prepare parameters  
 $SQLCmd.Parameters.Clear()
 $SQLcmd.Parameters.Add("@smalls",$WhereClause)  
 #Execute this thing  
 $SQLReturn=$SQLcmd.ExecuteReader()  
 #Init arrays to handle multiple returns
 $TheFooReturn=@()
 $TheBarReturn=@()
 #Parse it out  
 while ($SQLReturn.Read())  
 {  
      $TheFooReturn+=$SQLReturn["FOO"]  
      $TheBarReturn+=$SQLReturn["BAR"]  
 }  
 #Clean it up  
 $SQLReturn.Close()  
 $SQLConn.Close()  

Bonus Section: Avoiding SQL Injection

Note the lines $SQLCmd.CommandText="SELECT [FOO],[BAR] FROM [dbo].[table] WHERE [COLUMN] = @smalls", $WhereClause="smalls" & $SQLcmd.Parameters.Add("@smalls",$WhereClause). By using @ to set that value to a parameter we can later associate the parameter to the variable which will sanitize the input if it is provided by an external data source. (Prompt, file, etc.) This will protect from SQL injections; if we had used standard variable in the first place you could inject an inline SQL statement. By adding it as a parameter SQL will essentially treat it as a string. Thanks to my buddy Austin Peters for the education on this. :)

Closing Thoughts:

• You can have multiple SQL connections open at once. When you do so, name your object variables in a way that you can keep track of the DB that variable represents
• To do something other than a query (INSERT, etc.) set the SQLCmd.CommandText appropriately and change the statement SQLcmd.ExecuteReader to SQLcmd.ExecuteNonQuery. 

For more information, see this post by Don Jones. 

Quick Hyper-V VM Templates

Here's a quick guide on how to clone Server 2012 machines in Hyper-V:

Assumptions:  

• You've decided on a standard for you VM folder structure. I won't go into detail in the steps, but if you haven't I'll make a recommendation here. This is how I do it: 
• {Drive}:\VM\VMName\Virtual Hard Disks
• {Drive}:\VM\VMName\Virtual Machines
• You know the basics of VM creation, etc. Perhaps I'll cover that stuff in another article. :)
• You're making a template server 2012, which comes with sysprep. If you're doing another MSFT OS, you should DL and leave sysprep on the image before you shut it down. If it's Linux don't worry about it.

Make the Template

Note: Do not take any snapshots of the template machine because our simple copy method won't work with snaps. If you must have them, you'll need to use the Hyper-V export functionality.

1. Setup a new Hyper-V VM from scratch. The defaults on hardware allocation should be fine unless you're templating an older OS that uses a SMP or Uni processor kernel; in that case give it one or multiple CPUs as you desire. Set the boot disk size to your standard size now and keep it thin provisioned. (you can expand after building if needed) I recommend 60GB or more for newer versions of Windows server. After a couple years that SXS folder will get pretty big.  
2. When naming the machine, pick something meaningful like "_Template_Server_Datacenter_2012_NoGUI" or "ZZZ_Template_CentOS_6_3" or "_Template_OS/2_3_0_Warp_with_emulated_MCA"
3. After doing basic setup, patch the machine up as much as possible.
4. If you want to install/configure anything else on this template so that it will be present on any machine, do so now.
5. (Windows Only)Navigate to the sysprep folder. (c:\windows\system32\sysprep on 2012) and execute sysprep.exe
6. (Windows Only)On the sysprep screen, select "Enter System Out-of-Box Experience (OOBE)" (that's a mouthful) and check "Generalize" then change the "Shutdown Options" to "Shutdown" and click "OK". Sysprep will do the work and then shut down the server.





7. Document the admin password & shut it down. 

How to Use the Template

1. Make a new folder for your VM per your standards.(named appropriately, etc.)
2. Copy the vhdx (or vhd) to your new folder. 
3. In the HyperV manager create a new VM (named the same as you did in step 1) and spec the hardware appropriately but stop when you get to the disk. 





4. Specify the disk you just copied over from the template and finish the wizard.
5. Fire up the new VM
6. (Windows Only) Complete the "OOBE" including entering a product key and a new admin password.

You did it! Depending on how often you use the template it will eventually make sense to fire up the template as a vm, customize it, patch it, and re-sysprep it. Note that according to this, the SID is generated upon reboot, so this template should provide a unique SID every time. 

Just take my monies! How to fix "Something happened and your purchase can't be completed" In Windows 8

I'm trying to buy an app in the Windows store on Windows 8 and I'm greeted with this message:

Amazing. It's like a riddle. Here's how to fix it:

1. In the Metro(oops!) interface, open up the charms bar and select "Settings->Change PC Settings"
2. Select "Users"; your account should be referenced on the right pane. 
3. (Variable) Most folks will need to click "Switch to a local account", but if you, like me, are on a domain account that is linked to your MSFT ID, you will need to click "Disconnect from your Microsoft account". 

4. Log out, then back on. 
5. Buy something from the Windows Store. You should be prompted for your ID and it *should* (see below if not) work. 
6. You can now re-link your account by navigating to "Settings->Change PC Settings->Users" and linking your account under your username on the top right plane.  You'll be prompted for your e-mail, password, and which settings you would like to sync during the process.

However; 

If this didn't work for you like it didn't for me (why'd I write it then!?!) you may need to look deeper. In my case it turned out being the fault of a toxic combination of Displaylink software and Nvidia drivers. While the Displaylink folks noted fixes in their latest driver release I wonder if it didn't also have something to do with the fact that the NV drivers aren't all signed properly. To help determine your problem, try the following: 

1. Re-create the issue by trying to purchase your app again. 
2. Bring up the charms bar and hit the "Start" charm to bring up the Met..Modern UI interface.
3. Start typing "reliability" and click "Settings" then select "View reliability history". 

4. Look for a report from the time frame in which you re-created the problem. In my case, I had issues from "Credential Manager UI Host" and "CredentialUIBroker.exe"
5. "Right click crash report->View Technical Details". 

6. Look for "Faulting module path". In my case it was nvwgf2umx.dll, provided by nVidia. Taking a look at that DLL, I noted it wasn't signed correctly. 

This (and procmon, but that's an article for a different day) is what led me down the track of investigating the graphics drivers. Odd when graphics drivers can be the cause of your inability to buy something from the Windows store. Hopefully in the future MSFT builds a DRM/ID testing path tool that can be used to improve this troubleshooting routine. 

Postscript: While the fix in my case was more on the Displaylink software side, I found it interesting that the newest nVidia drivers still aren't signed right. The signing cert traces back up through the "Microsoft Digital Media Authority 2005" CA which hasn't been valid for quite some time. Two driver revs ago, however, the signing was done correctly. Someone's dev box @ NV needs attention. :) Update 4/21/2014: NVidia contacted me regarding this issue we determined that the "Microsoft Digital Media Authority 2005" certificate is actually "baked into" Vista and higher operating systems. This seems a relatively well hidden fact, but it was revealed in this paper by Symantec. Interesting to say the least... anyhow their cert still has a potential revocation issue and they are working to resolve it.

If this still doesn't work, take a look @ the Windows store logs @ %USERPROFILE%\AppData\Local\Temp\winstore.log and %windir%\temp\winstore.log . Good luck!

Setup and Tweak Your New Asus RT-AC66U or N66U Router! (partially OT)

Asus has been doing an increasingly impressive job in the "home" WiFi router market. With impressive performance approaching enterprise class routing capability and second-to-none Wifi performance, (for an unmanaged single unit) they're hard to beat for the enthusiast market. By using something like TomatoUSB firmware you can get many enterprise-class features. While I may write an article in the future on Tomato or DD-WRT tweaking, I'm going to go through the setup here using the new "Merlin" firmware. Eric Sauvageau, the author of the modified firmware, states of this:

"The primary goals of this project are to fix bugs, add a few basic features and tweaks to the original firmware. This firmware will try to remain as close as possible to the original firmware."

Sounds good to me. I've spent alot of time with Tomato and DD-WRT on my home network, and a change of pace might be nice. Also, you get the piece of mind that you're using mainly the manufacturers' code on this newer hardware.

Note: Some ideas covered in this article may apply to other consumer or enterprise level hardware.

Assumptions:

• You have purchased either a RT-AC66U or RT-N66U (Update 7/6/13: RT-AC56U now supported asw well)
• You have backed up, memorized, or otherwise, your old router settings
• You're comfortable with the basics; I'm not going to re-cover the manual 
• You have power and an internet connection. Setup will be easier and more reliable if you also have a house or apartment, which you should be inside of during this tutorial. 

Let's get to work:

1. Connect the router as described in the manual. If you have a DHCP server (other than the one on the router from your ISP) you'll either need to temporarily disable it or ensure it's assigning the 192.168.1.x range excluding .1.
2. Perform the initial "Quick Internet Setup" wizard
3. After/if it prompts you to update firmware, go ahead and do so.
4. If desired, (and some of my steps will assume this is done) download the "Merlin" firmware from here. In the interface click "Administration->Firmware Upgrade" and specify the path to the trx file. 
5. Now that we've upgraded, let's highlight important setup steps. I'm not going to cover the specifics of your environment, just things I recommend you pay attention to. First, navigate to "Wireless->WPS"  and set it to "OFF". Most implementations of WPS are NOT secure at all. For more information, see: This episode of the wonderful Security Now! podcast or this lifehacker article. There are many ways to get a complex WiFi key to nearly any device securely.

6. Navigate to "Wireless->Professional" and check the "Tx Power adjustment" and reduce it if possible. (Some experimentation required) Make sure you use the dropdown and do both 2.4ghz and 5ghz. Lowering your broadcast power will slightly shorten the range so you aren't broadcasting to your neighbors (polite) and may lengthen your hardware life. (See effect @ "Tools->Radios Temperature")
7. If you disabled the DHCP server, make sure you go to "LAN->DHCP Server->Log DHCP Queries" and hit "Disable".
8. To log stats, insert a USB thumb drive. It can be tiny and slow if you want. Navigate to "System Log->General Log" hit "Refresh". Copy the contents down and search them for the mount messages. In my case, the only message was "Jan  3 18:47:16 hotplug[1032]: USB vfat fs at /dev/sda mounted on /tmp/mnt/1GB", and that corresponds to @ /mnt/1GB for short since /mnt is a symlink to /tmp/mnt. Write this down. 
9. Navigate to "Tools->Other Settings" and set "Traffic history location" to "Custom location".
10. Set "Save history location" to the value you wrote down in step 8, select "Create or reset data files" (if this is the first time you have done this on this disk) and hit "Apply". 
11. (Added 1/12/13) Unless you're using STP with your other switches, etc. navigate to  "Lan->Switch Control" and set "Spanning-Tree Protocol" to "Off".  Cool that it supports STP though! (Update 10/11/2013: There has been some confusion on this, so to simplify: If you have more than one switch not including this Asus router, leave STP enabled. Otherwise, disable it. If you would like to better understand see this.)
12. (Added 1/20/13) If you aren't using IPv6 (yet), navigate to "IPv6"->"Auto Configuration Setting"->"Enable Router Advertisement" and set it to "Disable". 
13. (Added 1/20/13) Let's disable some other services that most people won't need. Unless you're using this router as a filesharing and/or DLNA device, do the following: Navigate to "USB Application"->"Media Server"->"Enable DLNA Media Server" and set it to "Off".
14. (Continued from #13) Navigate to "USB Application"->"Network Place/Samba Share"->"Disable Share" and click "OK" to confirm disabling the service.
15. (Continued from #13) Navigate to "USB Application"->"Miscellaneous Setting" and turn off "Force as Master Browser" and "Set as WINS Server" and click "Apply". 
16. (Added 2/4/2013) Recommended: Though I haven't tested (update 6/7, it's fine as of now, so if you need UPnP go ahead) to see if this firmware is impacted by the recent discovery that a substantial number of firmwares expose UPnP to the external interface of the router(!!) I still recommend turning it of if it's feasible. This means you'll have to forward ports manually, but if you're reading this I suspect you know how to do so anyhow. (If not, comment as such and perhaps I'll write an article about it) To disable the UPnP service navigate to "Advanced Settings->WAN->Internet Connection->Basic Config->Enable UPnP" and set it to "No" Update 5/27/2013:  How to forward ports: 
1. To forward ports, first determine what ports your service/application uses. While a search for "(Service) forward ports" generally returns the  ports needed for that service, you can also use something like portforward.com to look it up. Note that the port spaces of TCP and UDP protocols are separate, so make sure you get the protocol right and know that the port numbers can overlap. There are some pre-baked shortcuts in the Merlin/Asus firmware on the port forwarding page (listed in the next step) that will populate the ports for you; it may be worth checking those out to save some time.
2. After you determine your ports, open the manage interface of your Asus router and navigate to "Wan->Virtual Server/Port Forwarding"
3. Ensure "Enable Port Forwarding" is set to "Yes". 
4. Under "Port forwarding List" type the name of your application under "Service Name". This entry is cosmetic only and serves to identify this forward. 
5. Under "Port Range" enter the port(s) needed for this application. To open a range, separate the lowest port and the top port with a ":". For example, to open up ports 80 through 90 you would put "80:90". You can also put non-joining port ranges on the same rule by adding more ports after a comma. For example, to open ports 80 and 90, you would put "80,90".
6. On "Local IP" put the IP address of the machine hosting the service you would like to expose to the internet. If you don't know this address and you're (as default) using the DHCP server on the router you can find the address by going to the DHCP management on your router. 
7. On "Local Port" you generally want to put exactly what you put under "Port Range". The exception to this rule would be if you want to expose an internal port as a different port externally. 
8. Under "Protocol" select the proper protocol; TCP, UDP, or Both. Again, note that selecting "Both" would result in both sets of ports being opened. 
9. Click the plus icon "Add/Delete" and then click "Apply" at the bottom. Note that if your IP address changes then you'll need to update the rule. 






17. (Added 7/20/2013,Critical) A vulnerability has been discovered with the AICloud software. There is an official firmware that has been released that is reported but not confirmed to fix the problem, but that includes a very poor wifi driver so I would not recommend its use unless you have no 5ghz WiFi clients. The Merlin 372_30_2 build does not address this problem because Eric based it on a pre-release 372 version that didn't yet include the fix. (Confusing versioning by Asus..) If you don't run that new stock FW make sure you disable the AICloud! (AICloud->Smart Disk/Cloud Access) Update 7/24/13: There is a Merlin build that addresses this issue now available. See below for links.  Update 2/18/14: There have been stories about either this exploit and/or a potentially newly found exploit involving FTP and the AI cloud feature. I think the best advice at this time is from Eric (the author of the firmware).  The point: Because it is uncertain if this is entirely based on the old vulnerability, disable these features until the full nature of the exploit is disclosed and confirmed fixed.   Update 3/16/14: This should be fixed with the newest build (374.40) but frankly I would still leave them off.
18. (Added 11/3/2013) If you notice that your WiFi continues to loose connectivity and you need to reboot the router to fix it, try naming your 2.4Ghz and 5Ghz radios differently. I've noticed that some dual band devices (the iPad specifically) will bounce between frequency spectra and this will cause the Asus to become confused and stop relaying requests to the DHCP server correctly. To do so go to Wireless->General and dropdown between "2.4Ghz" and "5Ghz", ensuring they have different SSIDs so that your devices will target one of the two explicitly.

If I find any other important info I'll add it. Enjoy!

Note 1: If you enable "Tools->Other Settings->Enable advanced (per IP) monitoring" it will disable hardware acceleration. While you most likely won't notice this unless you've got an internet connection approaching 100Mbit, be aware that you may loose some performance for that functionality.

Note 2: Check out "USB Application-> 3G/4G"... very interesting stuff.

Note 3: I'm investigating an issue that results in WiFi being unable to communicate with the LAN ports. It manifests itself in the log as: Jan 11 17:05:23 kernel: eth1: received packet with  own address as source address . I'll post updates on this later.

Update 2/2/2013: Merlin posted a new beta build. Discussion, Changelog .

Update 2/23/2013: More new builds & bugs fixed! Release Thread and changelog.

Update 3/16/2013: Another new build! Release Thread, Changelog

Update 3/29/2013: Eric just uploaded a new beta build based on a beta release from Asus. A couple exciting changes here including new wireless driver and tools. Note that you'll need to re-add you WoL clients (if you had any) because Asus added a new WoL tool. Also, note this warning from Eric:
"New wireless driver. This new driver brings quite a few improvements over the older one. Note that if you experience any issue with this new driver, it is strongly recommended to revert back to factory defaults, and re-configuring your router. There are a few low-level changes, and some new default values that you won't pick up until you revert back to factory defaults."  Release Thread, Changelog, Download

Update 4/4/2013: It looks like some folks are having issues on the new build with the 5Ghz radio. There is quite a lively discussion going on and Eric has answered quite a few questions.

Update 7/6/2013: A new build has been released that introduces support for the RT-AC56U! Release Thread, Changelog, Download

Update 7/24/2013: Another new build, (3.0.0.4.372.31) this time fixing the AI Cloud security issue and introducing the Yandex DNS filtering service. Be wary though that Yandex is in Russia, so if you use this feature (off by default) it may noticeably slow internet browsing since it redirects all your DNS queries. Release Thread, Changelog, Download.


Update 10/3/2013: Eric has been hard at work on a new build(3.0.0.4.374.33) based on a new source that includes fixes to general performance, parental controls, and more. Note this warning from Merlin: 

"IMPORTANT:
Due to the SDK change on the RT-N66U, you *MUST* revert back to factory default and manually reconfigure your router if coming from an older firmware! The only exception is if you were previously running either the Pixie Dust release (3.0.0.4.374.32-sdk6), or a previous beta of 3.0.0.4.374.33 (except for the -sdk5 Beta, of course).

Asus also recommends doing the same for the other models, however feel free to try without doing so. It might work fine for most people, but be prepared to do a factory default reset + reconfiguration if you run into any odd issues.

And by "manually reconfigure", I really mean it. Reloading saved settings would totally nullify the action of resetting to factory defaults, since you will just end back to where you started, with all the same (possibly invalid) settings."

Release Thread, Changelog, Download.

Update 12/14/2013: New build! (3.0.0.4.374.35_4) GPL 374.339 (Time machine support for some models), Asus' OpenVPN implementation. (Note this is a total overhaul), Namecheap DDNS, and more.  Release Thread(With Changelog), Download.

Update 1/22/2014: New build! (3.0.0.4.374.38) GPL 374.2078, major driver/SDK changes. RT-N16 is not supported by this build. This is SDK6 only. In short, if you have issues with this build, particularily with wi-fi performance, fall back to an earlier build. That said, the feedback in the forum regarding this build has been great thus far. Note: in most situations, Eric does recommend resetting to factory defaults & manually re-configuring. Release Thread With Changelog, Download

Update 2/16/2014: New build, out for a bit. (3.0.0.4.374.39) Dumps SDK5 and adds a new parental control option to use DNS services to block category based URLs as well as bug fixes. Release Thread, Changelog, Download

Update 3/16/2014: New build: 374.40. Not stable for the RT-AC68U but fixes the RT-N16. DNSFilter enhanced along with IPv6 fixes. This build should also address the highly publicized security issues from last month, but I would still recommend highly against enabling FTP, "Cloud AI", or any other outward facing services on principal. Release Thread, Changelog, Download.

Update 6/6/2014: New build: 374.43. Another new release from Eric today, mostly bugfixes. One feature added; the ability to force a DDNS refresh after a configurable number of days. Release Thread, Changelog, Download. Also, SmallNetBuilder forum member "000111" (7?) had the great idea to start a donation thread for Eric. If you appreciate his efforts it's worth considering heading over to this thread and throwing him a few bucks for the effort.

Update 11/7/2014: New build: 376.48_1. Merge with Asus code 3.0.0.4.376_2769, Samba upgraded to 3.6.24, Miniupnpd to 1.9, Dropbear to 2014.66, OpenSSL 1.0.0o, SNMP enhanced, RT-AC68P support. Release Thread, Changelog ,Download. Also, Eric (Merlin) warns of a but that causes wifi issues. Quoting him: "Note: Previous firmwares (both Asuswrt-Merlin and stock Asus) suffered from a bug where some nvram settings might end up being corrupted, which can lead to the loss of the 2.4 or 5 GHz settings on the webui with newer firmwares. To fix the issue, either do a factory default reset, or run the following commands over SSH:

Code:
nvram set wl0_band=2
nvram set wl1_band=1
nvram commit

The actual bug was fixed both on my end and by Asus a few releases ago, however the corrupted setting will cause issues starting with newer firmware versions if not corrected."

Update 8/292015: There have been several new builds, the last of which was great, but this update is to address how to perform source based routing with Merlin/Busybox:

In my case I've got two different internet connections and I want to selectively route different machines through different internet gateways. To accomplish routing traffic based on the source, we'll use the ip rule and ip route commands.  First, make the rule:

ip rule add from [IP]/[CIDR] table [NAME]

where [IP] is the from addr or range, [CIDR] is the applicable CIDR bitmask, and [NAME] is a unique integer to call the route, i.e.

ip rule add from 10.0.0.1.22/32 table 10

then the custom route:

ip route add default via [Gateway IP] table [NAME] dev [ADAPTER]

where [Gateway IP] is the IP of the desired gateway, [NAME] is the same integer as referenced above, and [ADAPTER] is the NIC to which the rule applies, i.e.

ip route add default via 10.0.0.254 table 10 dev eth0

You can re-use the route for multiple rules if desired. To make these rules persistent you'll need to use user scripts.I use services-start with a 10 second sleep in the beginning. Have fun!

SQL 2012: msiexec.exe running constantly after SP1 install

Heads up on a SQL 2012 SP1 bug; this happened to me on two pretty bare 2012 installs:

Symptoms: 

After installing SQL 2012 SP1, 2 msiexec processes spawn and run constantly. These generate significant CPU and disk activity.

Description: 

An error with the installer causes the .NET NGEN (Native Image Generator) to run in an indefinite loop. According to one post, it may even cause registry bloat to the point where the registry reaches the maximum size and you may need to re-install the OS on the machine. :-/ That said, I haven't verified that claim.

Fix:

None yet available

Update: Microsoft posted the official fix (the same as the early one below) here.

Workarounds:

1. (Per Steve Philip) "Uninstalling the Management Tools (both Basic and Complete) feature seemed to resolve the problem for us on most of our servers. On those that had the Data Tools feature installed, we also had to remove that."
2. (Per the Microsoft SQL Team.. supposedly) "Hello all, we have identified a temporary workaround for this issue. We will continue to work on a permanent fix and will communicate more information as it becomes available.If you are currently experiencing this issue, perform the following steps appropriate for you CPU architecture: 
   1. - Open an elevated cmd.exe 
   2. - If you are on a 64-bit architecture machine, run both of the following commands in the cmd.exe window:
   3.      - %windir%\Microsoft.NET\Framework\v4.0.30319\ngen.exe queue pause
   4.      - %windir%\Microsoft.NET\Framework64\v4.0.30319\ngen.exe queue pause
   5. - If you are on a 32-bit architecture machine, run only the following command in the cmd.exe window:
   6.      - %windir%\Microsoft.NET\Framework\v4.0.30319\ngen.exe queue pause
   7. After running these command(s) CPU consumption should return to normal and the 1004/1001 events should cease being published to the event log.
   8. More information on ngen.exe can be found here: http://msdn.microsoft.com/en-us/library/vstudio/6t9t5wcf(v=vs.100).aspx
   9. Note - after a machine reboot, the workaround will need to be re-applied"
3. (Per "DizzyBadger") "Just stop and disable ALL Microsoft .Net Framework NGEN services, and make sure you kill any lingering msiexec.exe processes. If your software hive has already reached 2GB on the other hand, you are screwed. (Again, unverified) Then you have to reinstall the OS, at least if it is a production machine. You can murk around in the registry and delete the keys manually, but there is no knowing what else has been scrambeled due to the fact that nothing can be added to the registry hive past 2GB. The bloated keys are HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGENService &HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727\NGENService"
4. (Update1; Per Paul D., see comments) Paul came up with a workaround to allow for the optimization tasks to still run; since we're still waiting on the official hotfix from MSFT you may want to have a look at that fix here.

There is another workaround listed on the site involving removing and re-installing the SQL management studio after patching, but this didn't work for me. 

Here is the Microsoft connect article.

Given the potential need to rebuild the OS it would make sense to check your production systems for this problem now.

Update 2: In the Microsoft connect article, MSFT has posted a fix, but gave the following warning about using it: "Please Note: The patch should only be applied if you're on SQL 2102 SP1. If you have already applied a Cumulative update or an "On Demand" fix on top of SP1, please wait for the associated hotfix update to be made available.


Thanks and regards
Shamik Ghosh
[SQL Server Team]"

I can't speak to the success of this patch; I'll be waiting for the associated hotfix.

Exchange 2010 Initial Database Setup

Here's a quick how-to on Exchange 2010 addressing a couple common problems:

Assumptions:

• You have completed Exchange 2010 setup and not yet migrated mailboxes to it. 
• You want to create one or more mailbox databases and delete the default. (The default names make it more difficult to manage) 
• You have more than one domain controller (See point 2 below)
• You are executing commands directly on the server in question. (You can do it remotely, but the syntax of the commands is different) 

Steps: 

1. First things first, let's create your new database. Pick an appropriate name and open up the Exchange Management Shell (as admin)
2. Most Exchange 2010 setups I've been through have been subject the error detailed here. Though the article talks about a multiple domain environment it may still appear in a single domain setup. It is due to the replication delay between your domain controllers. For this reason, I've found that keying your preferred server can alleviate this and a few other issues. Long story short, pick your best (local) domain controller, and execute:  Set-ADServerSettings -PreferredServer DC.FQDN.Here  . If you would like to see the DC configuration, you can use the command Get-ADServerSettings | Format-List . 
3. Now make the DB by using the command: New-MailboxDatabase -server 'NETBIOSNAME' -Name 'DB_NAME' -EdbFilePath ':\DB_PATH\DB_NAME.edb' -LogFolderPath ':\LOG_FILE_PATH'  .  Where: EdbFilePath and LogFolderPath are where you want the DB and its log files. For best performance, put the DB and Logs on different drives. (Different physical disk, not partitions) Use this command to create additional databases if you like. (Archive, for example) 
4. Mount the database with the following command: mount-database -Identity db_name
5. Now we must move the System Mailboxes from the default DB per this article. Execute the command Get-Mailbox -Arbitration | New-MoveRequest -TargetDatabase "db_name"
6. Now the discovery search mailbox; Get-Mailbox | where {$_.Name -like "DiscoverySear*"}| New-MoveRequest -TargetDatabase 'db_name'
7. To check the move request status, execute Get-MoveRequest
8. Once the move requests are completed, clear them all by executing Get-MoveRequest|Remove-MoveRequest and confirm. Note: This will clear all move requests, so if you have setup any moves other than those outlined in this article and don't want to clear them you'll need to be more granular. 
9. Dismount the original db name with the following command: Dismount-Database 'OriginalDBName'  and confirming, I.E. Dismount-Database 'Mailbox Database 1781398675'
10. Remove the old database with the command: Remove-MailboxDatabase 'OriginalDBName' and confirm. 
11. You can now delete the DB folder and the log folder of the db you just deleted. The remove-mailboxdatabase command should have told you where the DB was located and by default the log folder is in the same location. 

You did it, time to celebrate. Now is when you should setup your DAGs, etc. and then move user mailboxes. Let me know if there are any questions. 

Off-Topic: Eac3to 3.24 with Arcsoft dtsdecoderdll.dll 1.1.0.0 on Windows 8

When I'm not doing my job one of my hobbies involves archiving all my movies to my NAS and make them available to my HTPC for my wife to watch at the touch of a button. After upgrading to Windows 8, however, I noted the encoding tool eac3to no longer worked correctly with Arcsoft dtsdecoderdll.dll V 1.1.0.0. (The only version that correctly decodes DTS-MA 6.1 tracks) It seems that the this older version of the DLL is hard-coded to use the Microsoft VC DLL MSVCP71.dll, which will not register correctly on Windows 8. (It uses a newer version of VC out of the box) To work around this, you need to run eac3to in Windows 7 compatibility mode and copy the dlls to the syswow64 directory. (No need to register since the app calls them directly) Here's a step by step:

1. Copy msvcr71.dll and msvcp71.dll from a Windows 7 machine to the :\Windows\syswow64 directory
2. Ensure your copy of ASAudioHD.ax is registered successfully. (This accompanies the dtsdecoderdll.dll) 
3. Navigate to your eac3to folder and right click eac3to.exe-> properties.
4. Click the "Compatibility" tab and click "Change settings for all users" (may as well)
5. Under "Compatibility mode" check "Run this program in compatibility mode for" and select "Windows 7" 
6. Click "OK"

As stated above, there is no need to register the msvcr71 and msvcp71 files because the app calls them directly. Now, you can test it by opening a command prompt, navigating to the eac3to directory, and typing:

eac3to.exe -test

You should see the following: 

If encoding a DTS-MA 6.1 to 5.1, make sure to use the command line -0,1,2,3,5,6,4 -down6 .

Enjoy!

Reccomended Network Adapter DNS Settings for a Domain Controller\DNS Server

DNS client settings for your domain controller

This comes up at nearly every client I've been to, and I have yet to see any comprehensive article from MS on the topic. There is always quite a bit of confusion surrounding what you should set the preferred DNS servers to in the network adapter of the DNS server itself. Here are some quick guidelines to save you some time:

Do:

• Use another DNS server in the same domain as the primary, secondary, etc...

• Use the loopback address, but not as the preferred server. Set it as the last server in the order. (Use the Advanced tab if you have more than two servers)

• Clear the automatically added ::1 as the primary and only DNS server for the IPv6 stack unless you actively use IPv6. If so, then the same rule applies knowing that ::1 is the loopback address for IPv6.

• Bonus, here's the command: netsh interface ipv6 delete dnsservers "Local Area Connection" ::1 where "Local Area Connection" is the name of the connection in question. It may say something to the effect of "No DNS Servers" after you execute the command, but that tingling just lets you know it's working like Denorex.

Example: 

My lab has two DNS servers in one domain: 192.168.1.30 and 192.168.1.110. Here is the IP config of the 1.30 machine:

Where there another DNS server in the domain that would be listed BEFORE 127.0.0.1. Note that the DNS servers list does not include ::1 as the preferred server since I removed that with the command listed above.

Do Not:

• Use the server's own IP as the primary. Why? If something becomes wrong with the zone configuration or the replication of the records you could inadvertently isolate domain controllers from each other and give entirely inconsistent results to clients making troubleshooting the troublesome DC more difficult.

• Use the loopback address as anything but the last entry.

• Disable IPv6 entirely. See excellent blog posts by: Sean Siler, Romainia Networking Team, and Joseph Davies. 

Discussion: Some prefer to set the server's own DNS as preferred to reduce network traffic, and while I don't recommend that myself I will stress one final thing:
Whatever you decide to do with settings, be consistent. Lack of consistency inevitably costs time and money, usually when you don't have either.