Wednesday, August 29, 2012

Exchange 2010 DAG Always Replicates from Active Database

Today's article is a tidbit of information, but important to call out for larger scale DAG deployments.

Exchange 2010 always uses the active database in the DAG as the source for log shipping during normal replication.  That means that if you have multiple passive copies in your DAG, Exchange ships transaction logs from the active copy to each passive copy, even if some of the copies are in the same site.  There is no peer-to-peer log shipping between passive copies in a DAG.

Simple four node DAG with three passive copies
In the example above we have a single DAG with the active database and one HA copy in DC1, and one DR copy and a lagged copy in DC2.  Log shipping occurs from the active database to the three passive copies, traversing the WAN twice for the copies in DC2.

This can have quite an affect on a complex enterprise deployment with multiple DAGs and many remote passive copies, so keep that in mind for your designs.

Note: Log shipping is different than seeding.  Seeding is a file copy of the database to another server.  Once seeding completes log shipping is used to keep that copy up to date. It is possible to seed a database from a specific server, perhaps one in the same site.  For more information see the "Selecting the Seeding Source" topic in http://technet.microsoft.com/en-us/library/dd335158.aspx.



Saturday, August 25, 2012

Install and Configure Windows PowerShell Web Access in Three Easy Steps

Windows PowerShell Web Access Gateway Architecture


Windows PowerShell Web Access is a new feature in Windows Server 2012. It is an IIS application that provides a Windows PowerShell console in a web browser. The IIS application acts as a gateway between the web browser and the machines that you can connect to in your environment. These machines should have Windows PowerShell remoting enabled.

There are a number of resources that explain how to configure PowerShell Web Access, including this video.  I want to tell you how to do it in as few steps as possible. 

The following is all done from an elevated PowerShell window of the Windows 2012 server you want to install PWA on.

1.      Import the Server Manager PowerShell module and install the Windows PowerShell Web Access feature

Import-Module ServerManager 
Install-WindowsFeature -Name WindowsPowerShellWebAccess -IncludeManagementTools

2.      Install the Web Application in IIS

Install-PswaWebApplication [-UseTestCertificate]
 
Add the -UseTestCertificate  parameter if you don’t already have an SSL certificate installed on the server.  This will install a self-signed SSL certificate that will expire in 90 days.

To use an existing SSL certificate, make sure it is configured in Bindings on the Website to use that certificate.


3.      Configure Authorization Rules

Add-PswaAuthorizationRule -UserName domain\username -ComputerName * -ConfigurationName *
 
This Authorization Rule will allow the specified account to connect to any computer with any configuration name.
If you are installing on a workgroup server substitute the computer name for domain.

That's all there is to it! 
You can access Windows PowerShell Web Access from Internet Explore using the following URL: https://servername/pswa
Windows PowerShell Web Access Login
Enter your user name, password, and the computer name you want to connect to and then click Sign In
 

Windows PowerShell Web Access
 
A Windows PowerShell window will open in your IE browser, connected to the computer you targeted.
 
As mentioned above, the target computer must have Windows PowerShell remoting enabled.  You can do this by running the following command from an elevated PowerShell prompt:
 
 Enable-PSRemoting -Force

Tuesday, August 21, 2012

Exchange 2010 SP2 Roll Up 4 Does Not Install - Error Code 1603

Event 1024 MSiInstaller - Error code 1603

Update: Microsoft is asking customers who are having this issue to open a support case with Microsoft Technical Support.  They see random support calls related to this going back to Exchange 2007, but want to reproduce the issue with customers currently seeing this issue with Exchange 2010 SP2 UR4. 

See
http://support.microsoft.com/kb/319726 for MTS phone numbers in your area. 
I had an interesting problem installing Exchange 2010 SP2 Update Rollup 4 (UR4) on servers that have never had issues installing updates before.  When I tried to install SP2 UR4 on the Edge Transport or typical installation servers it would rollback the installation and log the following error in the application log:
Product: Microsoft Exchange Server - Update 'Update Rollup 4 for Exchange Server 2010 Service Pack 2 (KB2706690) 14.2.318.2' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages.
Normally this issue us fixed by installing the Update Rollup from an elevated CMD prompt (see http://blog.c7solutions.com/2011/03/exchange-2010-update-rollups-and-error.html), but this time it still wasn't working.

I enabled MSI Installer logging as per http://go.microsoft.com/fwlink/?LinkId=23127 and dived into the setup logs.  I found the following error being logged in the ServiceControl.log:
[19:51:28] [Error] System.Management.Automation.ParseException: At C:\Program Files\Microsoft\Exchange Server\V14\Scripts\ManageScheduledTask.ps1:462 char:5
+                 return $success
+                 ~~~~~~~~~~~~~~~
Control cannot leave a finally block.
 
at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(Object input, Hashtable errorResults, Boolean enumerate)
at System.Management.Automation.PipelineOps.InvokePipeline(Object input, Boolean ignoreInput, CommandParameterInternal[][] pipeElements, CommandBaseAst[] pipeElementAsts, CommandRedirection[][] commandRedirections, FunctionContext funcContext)
at System.Management.Automation.Interpreter.ActionCallInstruction`6.Run(InterpretedFrame frame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
I examined the ManagedScheduleTask.ps1 script which apparently disables the 'Database One Copy Alert' scheduled task, but could not determine what the error is.  I also ran the script from EMS, which returned the same error.  Nothing showed up on the Interwebs other than a few references to PowerShell 3.0, which is not installed on these servers.

I finally resolved it by renaming the ManageScheduledTask.ps1 script to ManageScheduledTask.old and creating a new empty ManageScheduledTask.ps1 script.  The script must exist and return a non-error code when executed for the UR4 installer to work.  I renamed the script back when the installer finished.

This may be an esoteric problem, but I wanted to document it in case anyone else has the same problem.  If this does happen in your environment, please leave a comment below.  Thanks.

Follow Up (10/12/2012)
I've found several times so far that this happens to servers that have the Windows Management Framework 3.0 installed.  The RTW version is found at http://www.microsoft.com/en-us/download/details.aspx?id=29939.  The Windows Management Framework 3.0 includes PowerShell 3.0, which is not compatible with Exchange 2010 and explains why the ManageScheduledTask.ps1 script doesn't run properly.

Check the installed updates on the problem server for the Windows Management Framework 3.0 and try uninstalling it to see if it solves the problem.  The Framework allows you to manage servers remotely from the Windows Server 2012 Server Management Console.

Microsoft re-released the following updates to fix a code-signing issue that may affect some customers in the near future:
See the EHLO Blog article, Re-released Exchange 2010 and Exchange 2007 update rollups for more information.  The re-release of the these update rollups has no bearing on the script issue covered in this article, but I do recommend installing the re-released updates on your Exchange servers to prevent future code-signing issues.

Friday, August 17, 2012

Error 0x8007232B 'DNS Name Does Not Exist' when Activating Windows 8

I have been installing Windows 8 Enterprise RTM on my lab machines using the RTM ISO from MSDN.  I've found that each installation does not activate properly, giving the following error:
Error code:          0x8007232B
Error description:   DNS name does not exist.
I have a valid product key for Windows 8 Enterprise from MSDN, but setup doesn't prompt for this key during installation.


Open System properties and click 'View details in Windows Activation'


Click the 'Activate' button to begin activation


Attempting activation...


Error 0x8000232B - DNS name does not exist.

The same thing happens if you try to activate Windows 8 from the PC Settings | Activate Windows menu in the "modern user interface" (aka Metro):
'Windows can't activate right now. Try activating Windows later. If the issue persists, contact your system administrator or technical support department for assistance.'


This occurs because Windows 8 is using a temporary product key.  You need to install the correct product key to complete Activation using the SLMGR.VBS script installed with Windows.

Here are the steps to perform activation with the correct product key after installation:

  • Open an elevated CMD prompt and run the following command, as shown below:

slmgr.vbs /ipk <product key>

  • You will receive a pop-up window from Windows Script Host indicating the product key has been installed successfully.

Installed product key <product key> successfully.
  • Shortly after that, Windows 8 will automatically activate over the Internet.  Or, if you're impatient like me, just click the Activate button to activate windows immediately.

Windows is Activated
Since you're here, be sure to check out my article about building a super-fast Windows Server 2012 lab server for under $1,000!