Squiggle dot org

During the testing of Hyper-V live migration on a freshly built failover cluster (2008 R2), all seemed to work well apart from one Linux (CentOS) VM. It had been running fine on a single Hyper-V server with the integration components installed, however when I tried to do a live migration it failed, not giving much clue why.

Moving the VM to the other node and starting it using the Hyper-V manager, generated the following error…

‘SV04′ failed to start.
Microsoft Emulated IDE controller (Instance GUID): Failed to power on with error ‘a device attached to the system is not functioning’

Failed to open attachment: C:\ClusterStorage\Volume1\Hyper-V\Virtual Hard Disks\SV04.vhd. Error – A device attached to the system is not functioning. (0x8007001F)

After some investigation, I found that the VM would only start on whichever cluster node was the owner of the CSV (Custer Shared Volume). I later discovered that disabling the AV (Sophos in this case) on the node that wasn’t the CSV owner resolved the issue – Odd, as I had added an exclusion for scanning on c:\ClusterStorage\*, seems that the exclusion didn’t quite work with it being CSV due to the way it links into the filesystem… Adding an exclusion for *.vhd, then renabling the AV fixed the issue.

A large percentage of my users access their corporate email and calendars via their iPhones, ActiveSync and Exchange 2007/2010. I started looking into the possibility of a solution where I could remotely wipe the devices when they get lost/stolen/eaten – turns out I already had the functionality but never knew it!! If you’re users have access to Outlook web access they can even do it themselves!

EMC: Fire up the Exchange management console, navigate to recipient config, then mailbox, and find the user that left their phone on the train. Select manage mobile phone from the actions pane. You can then select to remote wipe the device.

OWA: As I mentioned, users can do this themselves… Log into OWA, navigate to options, then phones – you’ll see all your mobile devices, and also a wipe device option. Fantastic!

The default forms based login for OWA (Outlook Web Access) on Exchange 2010 requires users to login with the username in ‘DOMAIN\Username’ format. Show stopper for most of our users – they just type thier username on its own every morning, and won’t read the instructions. If you’re running in a single domain, you can set the default domain using the Exchange Management Console.

Navigate to ‘Server Configuration’ > ‘Client Access’, select your client access server, then the OWA tab below, right click on your OWA entry then view the properties. In the authentication tab of this window, you can select the logon format… Select username only, specify your domain, click ok – you’ll need to restart IIS for the change to come into operation.

Or you can do it even more quickly with the Exchange PowerShell:
Set-owavirtualdirectory -identity “owa (default web site)” -Sign-inFormat UserName -DefaultDomain “Home.local”

When using Windows SIM (System Image Manager), which is part of the Windows AIK (Automated Installation Kit) you might run inthe the the following error when you try and load a .WIM image…

“Windows sim was unable to generate a catalog”

Chances are that you are trying to open a .WIM image from the $RemoteInstall share. In this folder structure the WIM’s are slightly different as they incorporate metadata and a .RWM that contains the image data. The easy way around this is to fire up the Windows Deployment Services MMC, then find the image, right click and export to somewhere else. You should then be able to create a catalog using the newly exported .WIM.

Another of my little Windows 7 deployment annoyances has been the fact that windows media player is pinned to the new taskbar by default, and with windows 7, it’s not possible to programmatically add or remove pinned items from the taskbar.

After a while of script hunting for something that might get around this, I found out that there is an option that can be used in the unattended xml file will stop it from being automatically added!

In windows system image manager, add the following under phase 7 (OOBE):

   Windows shell setup >> Windows Features >> ShowWindowsMediaPlayer >> false

Over the last few days, I have been having a lot of problems trying to write Lotus Notes .NET applications in Windows Vista. I had no problems writing the apps under XP, but since upgrading I kept getting error messages like “Unable to find user id file” when trying to initiate a Notes Session. The problem was with Windows Vista Virtual Store!

Installing Lotus Notes on Windows Vista, seems to be a normal installation. But when you launch Lotus Notes for the first time, it will start to write the notes.ini file and your id file (plus some other user related files…) to the following location: C:\Users\username\AppData\Local\VirtualStore\Program Files\lotus\. I never realised this before, until a colleague told me that Lotus Notes wrote files to this folder! With Lotus Notes writing to this folder, it made my .NET applications stop working!

The way to fix this, is to browse to: C:\Program Files, right click on “lotus”, go to the security tab and Edit the permissions for “Users” to Full Control. Apply the security settings. If you then copy the lotus folder from the VirtualStore to the normal Program Files folder, you will not lose any of your setting:

Copy: C:\Users\username\AppData\Local\VirtualStore\Program Files\lotus\ To: C:\Program Files

You should now be able to delete the lotus folder from the VirtualStore (or just rename the lotus folder to lotus.old if you are worried about losing the data – this would be useful to see Lotus Notes recreates the folder in the VirtualStore).

Lotus Notes should now not use the Virtual Store, and your .NET apps should run without any error.

When creating a some system inventory groups in Altiris, I noticed that it didn’t seem to be collecting information for certain exe’s that had been deployed onto the system.

After a bit of reading, I found out the the software audit scan can run in two modes… Package and file mode. In package mode, it only reports on a single exe from each package, which makes reporting faster and keeps your Altiris database much smaller. This is what runs from a vanilla installation. The second type of can is file scan, where every exe is audited, you can set this by editing ‘AeXInvSolnAdm2.ini ‘ in the NSCap folder to run the following:

AeXAuditPls.exe /file /hidden /output xml

You’ll have to wait a day or two for all your systems to re-run the inventory, but after you should be able to report on alot more!

From time to time you’ll come across the problem where a system’s machine account in active directory has either become out of sync (Usually due to multiple systems with the same name) or has just been deleted somehow! Telltale signs of this are errors about domain’s being unavailable, and trust relationships failing whenever the system tries to perform any authentication. In these situations you can usually log in as a local administrator, unjoin/rejoin the domain, then reboot and the problem is sorted.

However, this isn’t so easy if you aren’t in front of the system (which is often the case), although it is possible to do:

First you need to locate the IP address of the system (Names will be unreliable if you’ve got multiple systems with the same name!). The best way to find the IP is probably from looking at DHCP leases on your DHCP server. Once you have the IP address, run regedit.exe on another system, then from the file menu select ‘Connect remote registry’. In the following box, connect to \\<IPaddress>. You should then be able to log on to the system as the local admin user (SYSTEMNAME\Administrator), you should then be able to navigate to:

HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server

In this key, look for the ‘fDenyTSConnection’ value, and set this to 0. This should enable remote desktop if it isn’t already, you’ll need to reboot in order to enable this:

shutdown -m \\<IPAddress> -r

Once the system has rebooted, you should be able to remote desktop to it, log in as the local admin user, and rejoin as if you were in front of it. Although if it was a case of multiple systems with the same name, don’t forget to give it a unique name!

I should also point out that if it was a deleted computer account, you could always restore the object in AD, but that’s another story…

If you’re having a problem where collections on your Altiris server are not updating, despite them being set to Membership update: automatic, and the options in ‘Configuration > Server Settings > Notification Server Settings > Automatic Collection updating’ are correctly set…. Take a look at the scheduled tasks on the server… Ours weren’t updating, turned out it was due to the scheduled tasks trying to run with invalid credentials.

In previous versions of Windows, we could install the Windows Server 2003 administration/management tools in order to perform administration tasks on remote servers from your workstation. With Vista these tools kind of install, but don’t fully work. Luckily with Vista SP1 Remote server administration tools (RSAT) is now available as a MS download.

RSAT – 32-Bit version (KB941314)
RSAT – 64-Bit version (KB941314)

Once installed, you won’t see anything new on your system… All the installer does is add some new entries in the windows features list. To fully enable them goto ‘Control panel’ > ‘Programs and features’ > ‘Turn windows features on or off’… You should hopefully see an entry in here that you can tick to install them.

I don’t understand why the isntaller doesn’t just automatically turn the feature on if you’re installing it anyway, but it doesn’t bother me that much – it’s not like i’m rolling this out to hundreds of users!