News Categories
Announcement (9) Amy Babinchak (64) Tips (1) SBS 2011 (6) Windows Essentials 2012 (4) Edwin Sarmiento (28) SQL Server (22) SQL Server 2012 (6) SQL Server Clustering (3) SQL Server Disaster Recovery (6) Windows Server 2008 Clustering (1) log shipping (1) Brian Higgins (3) Uncategorized (42) Hyper-V (67) Virtualization (13) Windows 8 (13) Cisco VPN Client (1) Windows Server 2012 (24) Friend of TT (4) Hangout (2) Office365 (4) DNS (8) Jeremy (7) Cliff Galiher (3) Active Directory (12) ClearOS (4) Linux (4) presentations (2) SQL PASS (6) Chris Matthews (4) Printers (2) SharePoint (8) SQL Server Administration (7) Windows PowerShell (3) recovery model (1) sql server databases (1) Dave Shackelford (7) SMB Nation (1) Steve (1) Boon Tee (5) Kevin Royalty (3) Lee Wilbur (2) Philip Elder (10) SMBKitchen Crew (31) Susan Bradley (15) AlwaysOn (1) AlwaysOn Availability Groups (4) readable secondaries (1) row versioning (1) undocumented (1) The Project (2) Webinar (3) Enterprise for SMB Project (9) Security (25) Remote Desktop Connection for Mac (1) Remote Desktop Services (8) Windows Server 2008 (1) Exchange (15) Powershell (6) Microsoft (15) Performance (7) data types (1) Server 2012 (1) monitoring (1) DevTeach (1) SQL Server High Availability and Disaster Recovery (5) Clusters (44) Hyper-V Server 2012 (2) Business Principles (26) Cost of Doing Business (13) DHCP (7) sbs (15) Windows Server (30) SMBKitchen (26) Windows Server 2008 R2 (4) StorageCraft (1) P2V (1) ShadowProtect (6) StorageCraft ShadowProtect (1) VHDs (1) Intel RAID (2) Intel Server System R2208GZ (1) Intel Server Systems (17) RAID (2) SAS (2) SATA (2) Server Hardware (12) Microsoft Licensing (2) OEM (2) System Builder Tips (4) Intel (5) Intel Channel Partner Program (4) Intel Product Support (10) Intel Server Boards (2) Intel Server Manager (2) Cloud (26) IT Solutions (2) On-Premises (20) SMB (9) WIndows Azure (2) StorageSpaces (1) Error (47) Error Fix (35) Intel Desktop Boards (2) Intel SSDs (2) SSD (2) Business Opportunity (17) Data Security (11) Identity Security (7) Information Security (14) Privacy (2) Intel Modular Server (6) Promise (2) Storage Systems (9) Live ID (2) Microsoft ID (4) User Profiles (2) Articles (2) Building Client Relationships (6) DBCC IND (2) DBCC PAGE (2) filtered indexes (2) SQL Server Index Internals (2) training (11) Adobe (3) Internet Street Smart (8) Intel Storage Systems (2) LSI Corp (2) LSI SAS6160 Switch (2) Storage Spaces (7) Firmware Update (2) Product Support (7) Hybrid Cloud Solutions (3) Server Core (2) MAXDOP (1) SharePoint 2013 (1) SharePoint best practices (1) SQL Server Authentication (1) Family (5) Alternatives (1) SBS 2011 Standard (4) Microsoft Small Business Specialist Community (2) Microsoft Surface (2) SBSC (2) Networking (4) Availability Groups (3) CANITPro (1) HA/DR (1) Step-By-Step: Creating a SQL Server 2012 AlwaysOn Availability Group (1) webcast (1) VMWare (2) Conferences (2) Client Focus (2) Disaster Recovery (6) Error Workaround (8) Troubleshooting (4) Logitech (2) Product Review (7) Windows Features (4) XBox Music (2) SBS 2008 All Editions (4) MDOP (2) Microsoft Desktop Optimization Pack (2) Software Assurance (2) W2012E (6) Windows Server 2012 Essentials (6) Internet Explorer (3) USB 3.0 (2) USB Hard Drive (2) Bug Report (2) Microsoft Office 365 (5) sharepoint online (2) BitLocker (2) Windows (2) Microsoft Update (3) Swing Migration (2) Windows Update (4) Outlook (2) Group Policy (9) WS2012e (2) WSUS (3) Office (3) Microsoft Downloads (5) Microsoft Office (3) DRP (3) Virtual Machines (2) Virtual Server Hardware (2) online course (1) SQL Server learning (7) 2 Factor Authentication (2) 2FA (2) PASS Summit 2013 (4) SQLPASS (5) Contest (1) e-learning (1) Udemy (1) smbtechfest (1) backups (2) PASS Summit First Timers (3) IIS (2) RD Gateway (4) RD RemoteApp (2) RDWeb (4) Remote Desktop Connection (2) Remote Web Access (2) Remote Web Workplace (2) Cryptolocker (6) Backup (4) Restore (2) CryptoLocker (1) AuthAnvil (1) SBS 2003 (1) SBS Migration (1) Windows Server 2012 R2 (9) Documentation (1) IE 11 (4) testimonials (11) SQL Server 2008 (1) Best Practices (1) Support (1) Intel Xeon Processor (1) RemoteApp (1) Android (1) iOS (1) Hyper-V Replica (2) PowerShell (2) SBS (3) Break (1) Business Intelligence (1) Excel 2013 (1) Power Map (1) Power Query (1) PowerBI (1) MultiPoint (2) Surface (1) Net Neutrality (1) Opinion (2) ASP (9) HP (2) Scale-Out File Server (8) SOFS (10) Windows Phone (1) Updates (1) Intel NUC (1) Intuit (1) QuickBooks (1) Office364 (1) Intel Server Systems;Hyper-V (1) Firewall (1) Patching (1) Mobile (1) Mobility (1) sharepoint (1) Microsoft Security (1) Beta (1) Storage Replication (1) outlook (1) Hyper-V Setup (3) JBOD (1) Azure (1) PCI (1) PCI DSS (1) PII (1) POS (1) MicroStaff (2) Catherine Barr (2) Third Tier (1) BeTheCloud (1) BrainExplosion (1) LookAWhale (1) Manuel (1) Rayanne (3) SuperSecretNews (1) TechYourBooks (3) Managed Services (1) Training (1) E-mail (1)
RSS Feed
Cluster: Firewall GPO Settings
Posted by Philip Elder on 01 December 2014 10:59 AM

Original here: MPECS Inc. Blog: Cluster: Firewall GPO Settings

Here are some firewall settings that we configure via GPO for both our AD environment but also for our cluster setups.

Domain linked GPO:


At the domain level, thus all systems are impacted by these settings, we configure Remote Desktop inbound, Remote Event Log Management, Remote Volume Management, and finally Remote Firewall management.

Cluster OU linked GPO:


Here we set the inbound rules that allow us to manage our clusters. The Inbound Rule for Remote Shutdown is a critical one to implement as that allows Cluster Aware Updating to run.

And, there is one rule that seems to be in both places. Chalk that up to export/import. :)

Philip Elder
Microsoft Cluster MVP
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen ASP Project
Find out more at
Third Tier: Enterprise Solutions for Small Business

Read more »

How vCPUs Interact With Physical CPUs – Resources
Posted by Philip Elder on 20 October 2014 02:28 PM

Original Published Here: MPECS Inc. Blog: How vCPUs Interact With Physical CPUs – Resources

Here are some excellent resources on how a hypervisor such as Hyper-V interacts with the CPU pipeline.

Essentially, having a bit of time while waiting for some things to complete I’ve done a bit of digging to figure out if the premise “All VM threads (vCPUs) must be processed in parallel” still applies to the CPU pipelines and architectures of today.

Check out the conversation I’ve been having with Brian Elhert on his blog with the videos as it seems that the premise no longer holds true.

There are other VM performance thoughts that we have had since day one that need to be tested or verified based on Brian’s responses.

In our experience the following can have an impact on a VM’s performance:

  • Assigning more vCPUs to a VM than physical cores (threads) available on one CPU

  • Assigning vCPU count to a VM as the number of physical cores (threads) on one CPU
  • Assigning enough vRAM to a VM to force its contents to be split between memory controllers

Hat Tip: @BrianEh (Brian Elhert)

Further reading on tuning Windows Server 2012 R2:

Philip Elder
Microsoft Cluster MVP
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen ASP Project
Find out more at
Third Tier: Enterprise Solutions for Small Business

Read more »

2 Node 1 JBOD Hyper-V Cluster Connectivity Guide
Posted by Philip Elder on 16 October 2014 03:27 PM

Original Posted Here: MPECS Inc. Blog: 2 Node 1 JBOD Hyper-V Cluster Connectivity Guide

Okay, so just how do we wire up that cluster?


We connect two SAS cables from each HBA on each node to one expander on the JBOD.


We then connect two SAS cables from each HBA on each node to one expander on the JBOD. Note the left/right split between the cable sets to keep things simple and clean.

This gives us two redundant paths between the Hyper-V hosts if setting up an asymmetric cluster (2 nodes 1 JBOD) or redundant paths between SOFS nodes and the JBOD.

The following shows the setup for an Intel Server System R1208JP4OC 1U single socket server:


We always try to keep the cables plugged in identically on each node. So, in this case the bottom HBA is plugged into Expander 0 and the top HBA is plugged into Expander 1.

In a Scale-Out File Server cluster where we have three nodes and three JBODs we would be utilizing an LSI SAS HBA with 4 external ports (-16e). In that case we would cable up each node just as we did here between each JBOD giving us the left/right split.

Given the Intel JBOD2224S2DP’s three external ports per expander we would be limited to the three node setup unless we utilized our LSI SAS6160 SAS Switches to scale beyond three nodes and JBODs.

Philip Elder
Microsoft Cluster MVP
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen ASP Project
Find out more at
Third Tier: Enterprise Solutions for Small Business

Read more »

What’s New in Windows v.Next
Posted by Philip Elder on 07 October 2014 01:46 PM

Original Posted Here: MPECS Inc. Blog: What’s New in Windows v.Next

Here are some resources relative to what may be in the next version of Windows. Note that this list is by far nowhere near complete and rather feature focused.

One can download the Windows 10 TP RSAT here.

Here are some quick snips of Windows Server TP:


Okay, so we’ve gone back to a “traditional” Start Menu format.


The Start Menu right click options:


I’m not convinced. :(

There are a number of us out here that actually _did_ like the Metro style Start Menu.

From what we understand there is a way to toggle between this style and the Metro style but it has not become a priority to figure out yet as we are somewhat buried with projects at the moment.

Here is a PowerShell Get-WindowsFeature output:

Display Name                                            Name                       Install State
————                                            —-                       ————-
[ ] Active Directory Certificate Services               AD-Certificate                 Available
    [ ] Certification Authority                         ADCS-Cert-Authority            Available
    [ ] Certificate Enrollment Policy Web Service       ADCS-Enroll-Web-Pol            Available
    [ ] Certificate Enrollment Web Service              ADCS-Enroll-Web-Svc            Available
    [ ] Certification Authority Web Enrollment          ADCS-Web-Enrollment            Available
    [ ] Network Device Enrollment Service               ADCS-Device-Enrollment         Available
    [ ] Online Responder                                ADCS-Online-Cert               Available
[X] Active Directory Domain Services                    AD-Domain-Services             Installed
[ ] Active Directory Federation Services                ADFS-Federation                Available
[ ] Active Directory Lightweight Directory Services     ADLDS                          Available
[ ] Active Directory Rights Management Services         ADRMS                          Available
    [ ] Active Directory Rights Management Server       ADRMS-Server                   Available
    [ ] Identity Federation Support                     ADRMS-Identity                 Available
[X] DHCP Server                                         DHCP                           Installed
[X] DNS Server                                          DNS                            Installed
[ ] Fax Server                                          Fax                            Available
[X] File and Storage Services                           FileAndStorage-Services        Installed
    [X] File and iSCSI Services                         File-Services                  Installed
        [X] File Server                                 FS-FileServer                  Installed
        [ ] BranchCache for Network Files               FS-BranchCache                 Available
        [ ] Data Deduplication                          FS-Data-Deduplication          Available
        [ ] DFS Namespaces                              FS-DFS-Namespace               Available
        [ ] DFS Replication                             FS-DFS-Replication             Available
        [ ] File Server Resource Manager                FS-Resource-Manager            Available
        [ ] File Server VSS Agent Service               FS-VSS-Agent                   Available
        [ ] iSCSI Target Server                         FS-iSCSITarget-Server          Available
        [ ] iSCSI Target Storage Provider (VDS and V… iSCSITarget-VSS-VDS            Available
        [ ] Server for NFS                              FS-NFS-Service                 Available
        [ ] Work Folders                                FS-SyncShareService            Available
    [X] Storage Services                                Storage-Services               Installed
[ ] Hyper-V                                             Hyper-V                        Available
[ ] MultiPoint Services                                 MultiPointServerRole           Available
[ ] Network Controller                                  NetworkController              Available

[ ] Network Policy and Access Services                  NPAS                           Available
[ ] Print and Document Services                         Print-Services                 Available
    [ ] Print Server                                    Print-Server                   Available
    [ ] Distributed Scan Server                         Print-Scan-Server              Available
    [ ] Internet Printing                               Print-Internet                 Available
    [ ] LPD Service                                     Print-LPD-Service              Available
[ ] Remote Access                                       RemoteAccess                   Available
    [ ] DirectAccess and VPN (RAS)                      DirectAccess-VPN               Available
    [ ] Routing                                         Routing                        Available
    [ ] Web Application Proxy                           Web-Application-Proxy          Available
[ ] Remote Desktop Services                             Remote-Desktop-Services        Available
    [ ] Remote Desktop Connection Broker                RDS-Connection-Broker          Available
    [ ] Remote Desktop Gateway                          RDS-Gateway                    Available
    [ ] Remote Desktop Licensing                        RDS-Licensing                  Available
    [ ] Remote Desktop Session Host                     RDS-RD-Server                  Available
    [ ] Remote Desktop Virtualization Host              RDS-Virtualization             Available
    [ ] Remote Desktop Web Access                       RDS-Web-Access                 Available
[ ] Volume Activation Services                          VolumeActivation               Available
[ ] Web Server (IIS)                                    Web-Server                     Available
    [ ] Web Server                                      Web-WebServer                  Available
        [ ] Common HTTP Features                        Web-Common-Http                Available
            [ ] Default Document                        Web-Default-Doc                Available
            [ ] Directory Browsing                      Web-Dir-Browsing               Available
            [ ] HTTP Errors                             Web-Http-Errors                Available
            [ ] Static Content                          Web-Static-Content             Available
            [ ] HTTP Redirection                        Web-Http-Redirect              Available
            [ ] WebDAV Publishing                       Web-DAV-Publishing             Available
        [ ] Health and Diagnostics                      Web-Health                     Available
            [ ] HTTP Logging                            Web-Http-Logging               Available
            [ ] Custom Logging                          Web-Custom-Logging             Available
            [ ] Logging Tools                           Web-Log-Libraries              Available
            [ ] ODBC Logging                            Web-ODBC-Logging               Available
            [ ] Request Monitor                         Web-Request-Monitor            Available
            [ ] Tracing                                 Web-Http-Tracing               Available
        [ ] Performance                                 Web-Performance                Available
            [ ] Static Content Compression              Web-Stat-Compression           Available
            [ ] Dynamic Content Compression             Web-Dyn-Compression            Available
        [ ] Security                                    Web-Security                   Available
            [ ] Request Filtering                       Web-Filtering                  Available
            [ ] Basic Authentication                    Web-Basic-Auth                 Available
            [ ] Centralized SSL Certificate Support     Web-CertProvider               Available
            [ ] Client Certificate Mapping Authentic… Web-Client-Auth                Available
            [ ] Digest Authentication                   Web-Digest-Auth                Available
            [ ] IIS Client Certificate Mapping Authe… Web-Cert-Auth                  Available
            [ ] IP and Domain Restrictions              Web-IP-Security                Available
            [ ] URL Authorization                       Web-Url-Auth                   Available
            [ ] Windows Authentication                  Web-Windows-Auth               Available
        [ ] Application Development                     Web-App-Dev                    Available
            [ ] .NET Extensibility 3.5                  Web-Net-Ext                    Available
            [ ] .NET Extensibility 4.5                  Web-Net-Ext45                  Available
            [ ] Application Initialization              Web-AppInit                    Available
            [ ] ASP                                     Web-ASP                        Available
            [ ] ASP.NET 3.5                             Web-Asp-Net                    Available
            [ ] ASP.NET 4.5                             Web-Asp-Net45                  Available
            [ ] CGI                                     Web-CGI                        Available
            [ ] ISAPI Extensions                        Web-ISAPI-Ext                  Available
            [ ] ISAPI Filters                           Web-ISAPI-Filter               Available
            [ ] Server Side Includes                    Web-Includes                   Available
            [ ] WebSocket Protocol                      Web-WebSockets                 Available
    [ ] FTP Server                                      Web-Ftp-Server                 Available
        [ ] FTP Service                                 Web-Ftp-Service                Available
        [ ] FTP Extensibility                           Web-Ftp-Ext                    Available
    [ ] Management Tools                                Web-Mgmt-Tools                 Available
        [ ] IIS Management Console                      Web-Mgmt-Console               Available
        [ ] IIS 6 Management Compatibility              Web-Mgmt-Compat                Available
            [ ] IIS 6 Metabase Compatibility            Web-Metabase                   Available
            [ ] IIS 6 Management Console                Web-Lgcy-Mgmt-Console          Available
            [ ] IIS 6 Scripting Tools                   Web-Lgcy-Scripting             Available
            [ ] IIS 6 WMI Compatibility                 Web-WMI                        Available
        [ ] IIS Management Scripts and Tools            Web-Scripting-Tools            Available
        [ ] Management Service                          Web-Mgmt-Service               Available
[ ] Windows Deployment Services                         WDS                            Available
    [ ] Deployment Server                               WDS-Deployment                 Available
    [ ] Transport Server                                WDS-Transport                  Available
[ ] Windows Server Essentials Experience                ServerEssentialsRole           Available
[ ] Windows Server Update Services                      UpdateServices                 Available
    [ ] WID Connectivity                                UpdateServices-WidDB           Available
    [ ] WSUS Services                                   UpdateServices-Services        Available
    [ ] SQL Server Connectivity                         UpdateServices-DB              Available
[ ] .NET Framework 3.5 Features                         NET-Framework-Features         Available
    [ ] .NET Framework 3.5 (includes .NET 2.0 and 3.0)  NET-Framework-Core               Removed
    [ ] HTTP Activation                                 NET-HTTP-Activation            Available
    [ ] Non-HTTP Activation                             NET-Non-HTTP-Activ             Available
[X] .NET Framework 4.5 Features                         NET-Framework-45-Fea…        Installed
    [X] .NET Framework 4.5                              NET-Framework-45-Core          Installed
    [ ] ASP.NET 4.5                                     NET-Framework-45-ASPNET        Available
    [X] WCF Services                                    NET-WCF-Services45             Installed
        [ ] HTTP Activation                             NET-WCF-HTTP-Activat…        Available
        [ ] Message Queuing (MSMQ) Activation           NET-WCF-MSMQ-Activat…        Available
        [ ] Named Pipe Activation                       NET-WCF-Pipe-Activat…        Available
        [ ] TCP Activation                              NET-WCF-TCP-Activati…        Available
        [X] TCP Port Sharing                            NET-WCF-TCP-PortShar…        Installed
[ ] Background Intelligent Transfer Service (BITS)      BITS                           Available
    [ ] IIS Server Extension                            BITS-IIS-Ext                   Available
    [ ] Compact Server                                  BITS-Compact-Server            Available
[ ] BitLocker Drive Encryption                          BitLocker                      Available
[ ] BitLocker Network Unlock                            BitLocker-NetworkUnlock        Available
[ ] BranchCache                                         BranchCache                    Available
[ ] Canary Network Diagnostics                          Canary-Network-Diagn…        Available
[ ] Client for NFS                                      NFS-Client                     Available
[ ] Data Center Bridging                                Data-Center-Bridging           Available
[ ] Direct Play                                         Direct-Play                    Available
[ ] Enhanced Storage                                    EnhancedStorage                Available
[ ] Failover Clustering                                 Failover-Clustering            Available
[X] Group Policy Management                             GPMC                           Installed
[ ] IIS Hostable Web Core                               Web-WHC                        Available
[ ] Ink and Handwriting Services                        InkAndHandwritingSer…        Available
[ ] Internet Printing Client                            Internet-Print-Client          Available
[ ] IP Address Management (IPAM) Server                 IPAM                           Available
[ ] iSNS Server service                                 ISNS                           Available
[ ] LPR Port Monitor                                    LPR-Port-Monitor               Available
[ ] Management OData IIS Extension                      ManagementOdata                Available
[ ] Media Foundation                                    Server-Media-Foundation        Available
[ ] Message Queuing                                     MSMQ                           Available
    [ ] Message Queuing Services                        MSMQ-Services                  Available
        [ ] Message Queuing Server                      MSMQ-Server                    Available
        [ ] Directory Service Integration               MSMQ-Directory                 Available
        [ ] HTTP Support                                MSMQ-HTTP-Support              Available
        [ ] Message Queuing Triggers                    MSMQ-Triggers                  Available
        [ ] Multicasting Support                        MSMQ-Multicasting              Available
        [ ] Routing Service                             MSMQ-Routing                   Available
    [ ] Message Queuing DCOM Proxy                      MSMQ-DCOM                      Available
[ ] Multipath I/O                                       Multipath-IO                   Available
[ ] MultiPoint Connector                                MultiPoint-Connector…        Available
[ ] Network Load Balancing                              NLB                            Available
[ ] Peer Name Resolution Protocol                       PNRP                           Available
[ ] Quality Windows Audio Video Experience              qWave                          Available
[ ] RAS Connection Manager Administration Kit (CMAK)    CMAK                           Available
[ ] Remote Assistance                                   Remote-Assistance              Available
[ ] Remote Differential Compression                     RDC                            Available
[X] Remote Server Administration Tools                  RSAT                           Installed
    [ ] Feature Administration Tools                    RSAT-Feature-Tools             Available
        [ ] SMTP Server Tools                           RSAT-SMTP                      Available
        [ ] BitLocker Drive Encryption Administratio… RSAT-Feature-Tools-B…        Available
            [ ] BitLocker Drive Encryption Tools        RSAT-Feature-Tools-B…        Available
            [ ] BitLocker Recovery Password Viewer      RSAT-Feature-Tools-B…        Available
        [ ] BITS Server Extensions Tools                RSAT-Bits-Server               Available
        [ ] Failover Clustering Tools                   RSAT-Clustering                Available
            [ ] Failover Cluster Management Tools       RSAT-Clustering-Mgmt           Available
            [ ] Failover Cluster Module for Windows … RSAT-Clustering-Powe…        Available
            [ ] Failover Cluster Automation Server      RSAT-Clustering-Auto…        Available
            [ ] Failover Cluster Command Interface      RSAT-Clustering-CmdI…        Available
        [ ] IP Address Management (IPAM) Client         IPAM-Client-Feature            Available
        [ ] Network Load Balancing Tools                RSAT-NLB                       Available
        [ ] SNMP Tools                                  RSAT-SNMP                      Available
        [ ] WINS Server Tools                           RSAT-WINS                      Available
    [X] Role Administration Tools                       RSAT-Role-Tools                Installed
        [X] AD DS and AD LDS Tools                      RSAT-AD-Tools                  Installed
            [X] Active Directory module for Windows … RSAT-AD-PowerShell             Installed
            [X] AD DS Tools                             RSAT-ADDS                      Installed
                [X] Active Directory Administrative … RSAT-AD-AdminCenter            Installed
                [X] AD DS Snap-Ins and Command-Line … RSAT-ADDS-Tools                Installed
            [ ] AD LDS Snap-Ins and Command-Line Tools  RSAT-ADLDS                     Available
        [ ] Hyper-V Management Tools                    RSAT-Hyper-V-Tools             Available
            [ ] Hyper-V GUI Management Tools            Hyper-V-Tools                  Available
            [ ] Hyper-V Module for Windows PowerShell   Hyper-V-PowerShell             Available
        [ ] Remote Desktop Services Tools               RSAT-RDS-Tools                 Available
            [ ] Remote Desktop Gateway Tools            RSAT-RDS-Gateway               Available
            [ ] Remote Desktop Licensing Diagnoser T… RSAT-RDS-Licensing-D…        Available
            [ ] Remote Desktop Licensing Tools          RDS-Licensing-UI               Available
        [ ] Windows Server Update Services Tools        UpdateServices-RSAT            Available
            [ ] API and PowerShell cmdlets              UpdateServices-API             Available
            [ ] User Interface Management Console       UpdateServices-UI              Available
        [ ] Active Directory Certificate Services Tools RSAT-ADCS                      Available
            [ ] Certification Authority Management T… RSAT-ADCS-Mgmt                 Available
            [ ] Online Responder Tools                  RSAT-Online-Responder          Available
        [ ] Active Directory Rights Management Servi… RSAT-ADRMS                     Available
        [X] DHCP Server Tools                           RSAT-DHCP                      Installed
        [X] DNS Server Tools                            RSAT-DNS-Server                Installed
        [ ] Fax Server Tools                            RSAT-Fax                       Available
        [ ] File Services Tools                         RSAT-File-Services             Available
            [ ] DFS Management Tools                    RSAT-DFS-Mgmt-Con              Available
            [ ] File Server Resource Manager Tools      RSAT-FSRM-Mgmt                 Available
            [ ] Services for Network File System Man… RSAT-NFS-Admin                 Available
            [ ] Share and Storage Management Tool       RSAT-CoreFile-Mgmt             Available
        [ ] Network Controller Management Tools         RSAT-NetworkController         Available
        [ ] Network Policy and Access Services Tools    RSAT-NPAS                      Available
        [ ] Print and Document Services Tools           RSAT-Print-Services            Available
        [ ] Remote Access Management Tools              RSAT-RemoteAccess              Available
            [ ] Remote Access GUI and Command-Line T… RSAT-RemoteAccess-Mgmt         Available
            [ ] Remote Access module for Windows Pow… RSAT-RemoteAccess-Po…        Available
        [ ] Volume Activation Tools                     RSAT-VA-Tools                  Available
        [ ] Windows Deployment Services Tools           WDS-AdminPack                  Available
[ ] RPC over HTTP Proxy                                 RPC-over-HTTP-Proxy            Available
[ ] Simple TCP/IP Services                              Simple-TCPIP                   Available
[X] SMB 1.0/CIFS File Sharing Support                   FS-SMB1                        Installed
[ ] SMB Bandwidth Limit                                 FS-SMBBW                       Available
[ ] SMTP Server                                         SMTP-Server                    Available
[ ] SNMP Service                                        SNMP-Service                   Available
    [ ] SNMP WMI Provider                               SNMP-WMI-Provider              Available
[ ] Soft Restart                                        Soft-Restart                   Available
[ ] Telnet Client                                       Telnet-Client                  Available
[ ] TFTP Client                                         TFTP-Client                    Available
[X] User Interfaces and Infrastructure                  User-Interfaces-Infra          Installed
    [X] Graphical Management Tools and Infrastructure   Server-Gui-Mgmt-Infra          Installed
    [ ] Desktop Experience                              Desktop-Experience             Available
    [X] Server Graphical Shell                          Server-Gui-Shell               Installed
[ ] Windows Biometric Framework                         Biometric-Framework            Available
[X] Windows Defender                                    Windows-Defender               Installed
    [ ] GUI for Windows Defender                        Windows-Defender-Gui           Available
[ ] Windows Internal Database                           Windows-Internal-Dat…        Available
[X] Windows PowerShell                                  PowerShellRoot                 Installed
    [X] Windows PowerShell 5.0                          PowerShell                     Installed
    [ ] Windows PowerShell 2.0 Engine                   PowerShell-V2                    Removed
    [ ] Windows PowerShell Desired State Configurati… DSC-Service                    Available
    [X] Windows PowerShell ISE                          PowerShell-ISE                 Installed
    [ ] Windows PowerShell Web Access                   WindowsPowerShellWeb…        Available
[ ] Windows Process Activation Service                  WAS                            Available
    [ ] Process Model                                   WAS-Process-Model              Available
    [ ] .NET Environment 3.5                            WAS-NET-Environment            Available
    [ ] Configuration APIs                              WAS-Config-APIs                Available
[ ] Windows Search Service                              Search-Service                 Available
[ ] Windows Server Backup                               Windows-Server-Backup          Available
[ ] Windows Server Migration Tools                      Migration                      Available
[ ] Windows Standards-Based Storage Management          WindowsStorageManage…        Available
[ ] Windows TIFF IFilter                                Windows-TIFF-IFilter           Available
[ ] Windows Volume Replication                          WVR                            Available
[ ] WinRM IIS Extension                                 WinRM-IIS-Ext                  Available
[ ] WINS Server                                         WINS                           Available
[ ] Wireless LAN Service                                Wireless-Networking            Available
[X] WoW64 Support                                       WoW64-Support                  Installed
[ ] XPS Viewer                                          XPS-Viewer                     Available

The addition of Windows Defender as a regular part of the install leaves us a bit of cause for pause. We generally do _not_ put A/V endpoint clients on servers since the endpoints actively working with the data are the weak links in the chain. Plus, we sanitize all incoming mail to further reduce attack vectors.

We shall see if we run into a situation where servers go offline after an update due to the A/V client eating its own. We’ve seen A/V vendors of all stripes go through this problem thus reaffirming our position.

There’s a lot to learn folks. No doubt. There are most certainly new bits within the various Roles and Features as mentioned in the initial and very incomplete bullet list.

This time around we are being buoyed up by a wave of enthusiasm and support from within Microsoft itself. So, ride the wave and get to know the OS our solution sets will be built on soon!

Oh, and one more thing. We are working with really early release bits. That means that everything above may be wiped out in a single stroke of the pen/keyboard. Just because it’s there now does not mean that it will be there in the next release bits we see or in RTM for that matter!

EDIT: Added the link to the original post. Forgot that prior to posting!

Philip Elder
Microsoft Cluster MVP
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen ASP Project
Find out more at
Third Tier: Enterprise Solutions for Small Business

Read more »

Cluster: Why We Always Deploy a Physical DC in a Cluster Setting
Posted by Philip Elder on 02 October 2014 02:48 PM

Original Posted Here: Cluster: Why We Always Deploy a Physical DC in a Cluster Setting

A somewhat new feature with Windows Server was the ability to cold-boot a
cluster after a full shutdown thus “eliminating the need for a physical DC” in a
cluster setting.

While this feature is indeed there and does indeed work we have found that
there are a number of very key reasons why we have taken up the practice of
always having a physical DC in cluster deployments.

  • AD may be needed in the event of a cluster failure
  • DNS IS required in the event of a cluster failure
  • Physical DC is our time authority (Critical in a virtualized environment
    especially with high-load VMs where time skews)
  • Point of management in the event of a problem

The third point is probably the most important in the mix. Keeping time in a
domain is absolutely critical. One cannot configure a time authority to
continually poll NTP.ORG without receiving a Kiss-of-Death packet from the
polled server.

So, we have a physical DC polling NTP.ORG at the standard interval and all
domain members looking to it for time. Then, any VM that requires a much more
frequent polling frequency can be configured to poll the DC without being shut

For obvious reasons if a VM’s time hits the five minute mark for variance it
loses its ability to continue serving whatever services and/or LoBs that may be
running on it to the domain.

We make sure to install an iDRAC Enterprise, HP iLO Advanced, or Intel RMM in
that physical DC so that we can have out-of-band access to the server along with
KVM over IP to manage from the “console”.

Philip Elder
Microsoft Cluster

Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen ASP Project
Find out more at
Third Tier: Enterprise Solutions for Small

Read more »


Original Post Here: MPECS Inc. Blog: Hyper-V Standalone: Configure the Host as Authoritative Time Server and Guests to Use It

We have a number of single server virtualization solutions where the VMs are running at quite a high load point.

This tends to create timing issues with the VMs not being able to keep up with keeping time. In some cases we have SQL VMs that can skew time visibly.

So, we need a reliable time source. We are not able to set as the time source for the primary DC in this situation as it would not be keeping time very well either thus requiring a more frequent polling interval. Do that with and the server will receive a Kiss-of-Death packet in short order.

So, we configure our Hyper-V host to be an authoritative time server polling’s servers every 30 minutes.

To do so we need to set things up on the host.

  1. Allow UDP Port 123 Inbound on the firewall
  2. Configure the host as a time server: KB816042 How to configure an authoritative time server in Windows Server
  3. We run the Fix It Myself steps
  4. Verify Type is set to NTP
    • image
  5. We specify the regional servers
  6. Set AnnounceFlags to 5 in
    • HKLMSYSTEMCurrentControlSetServicesW32TimeConfigAnnounceFlags
  7. Enable the NTPServer service by setting Enabled to 1
    • image
  8. Default Poll Interval
    • image
  9. Set the SpecialPollInterval to 15 minutes
    • image
  10. Set the phase correction settings to 30 minutes
    • image
  11. net stop w32time && net start w32time

We use this free tool to test our setup from a client system:

Drop in the Hyper-V host’s name and we should see the following:


Once we have a successful time poll we run the following command set on the PDCe VM as per our previous blog post on time skew:

  1. w32tm /config /syncfromflags:manual “/manualpeerlist:Hyper-V.DOMAIN.LOCAL,0×1″ /reliable:yes
  2. w32tm /config /update
  3. net stop w32time && net start w32time
  4. w32tm /resync /force
  5. w32tm /query /source

The final result should be the Hyper-V server as source time.

We then create a batch file with the step 4 command in it and schedule that batch file to run as frequently as every minute on the most demanding VMs.

Philip Elder
Microsoft Cluster MVP
Co-Author: SBS 2008 Blueprint Book

Chef de partie in the SMBKitchen ASP Project
Find out more at
Third Tier: Enterprise Solutions for Small Business

Read more »

Help Desk Software by Kayako Fusion