Category Archives: Windows

Install SystemCenter DPM 2016 – HowTo…

Prerequisites:

We need the following prerequisites first:

VM:
  • 2 vCPU
  • 4096MB Memory dynamic min. 512MB – max. 8192MB
  • Systemdrive – 128GB Dynamic
  • Backupdrive – <whatever you need>GB
User Accounts:
Login Purpose Permission
DOMAIN\_svc_sqlservice Account for SQL Database Instance on DPM Server none (permissions set by sql setup…)
DOMAIN\_svc_sqlreporting Account for SQL Reporting Instance on DPM Server none (permissions set by sql setup…)
DOMAIN\_svc_sqlagent Account for SQL Agent on DPM Server none (permissions set by sql setup…)
SQL:

Install SQL Server local on DPM Server or use a remote SQL Server (DPM 2016 does not support AlwaysOn Groups – so i will install a local SQL Server instance on DPM VM itself)

<sql.ini>

SQL components you need:

  • DataBase engine
  • Reporting Services Native

..in addition you need SQL Server Management Studio (DPM setup check this prerequisite) – if you do not install management studio you will receive this error while installation of DPM:

..so start install of SQL Management Studio:

Install:

The ISO of DPM you can download, have only a single MSI file that extract the source files for installation – you can mount this from a remote source, extract remote, or as same i will do – copy the MSI to C:\Temp – double-click on the MSI package and enter C:\Temp\DPM2016Setup as destination directory.

After extracting – double-click on setup.exe – install will start:

…enter the localhost-name and the name of the sql instance you installed before with the SQLxxx.ini…

…setup will check and install all prereq´s – while installing Hyper-V PowerShell Modules you have to restart the DPM server and run setup again:

..after reboot – start DPM setup again:

…after finishing of setup – install all updates – at time of creation of this blog it is “Update Rollup 2 – Data Protection Manager 2016”

Remote Administration:

If you want to remotely manage your DPM server and have a “Administration Workstation” you can install “DPM Remote Administration” there. (HINT: other tutorials and howto´s tell you that you need SCOM, Management-Packs,… to install Remote Tools – thats not correct – for “Remote Administration” you need nothing of these – you need SCOM,.. only if you want to install “DPM Central Console”…

…after finish setup of Remote Administration you have to check for Updates – because DPM Console checks the version between Console and Server and need the same on both. (you receive an error starting a console with an old version…)

Post-Task´s after finishing setup:

Add Disks/Volumes to DPM:

DPM uses a new concept called MBS (Modern Backup Storage) – based on ReFS Volumes with Storage Spaces – so adding disks is completely different than in DPM 2012R2 – in my case i will add two virtual disks (dynamic and 64GB) to my DPM Server VM (you can add additional disks later) and start with Server Manager in dem DPM Server VM:

…right click on the first disk and click on new storage pool (choose ONE disk has a reason: this will create a Storage Pool with column size 1 – so you can later simple add single disks to the pool)

..give the new pool a name:

…if you have a physical DPM Server with JBODs – best practice here is to add several disks and configure one of them as Hot-Spare – because we have a DPM virtually – we need no hot-spare:

…now we create a virtual disk:

…best practice is to use a simple layout:

…we use Fixed provisioning type:

…specify a size a little smaller than the disk (we expand this volume later):

…deselect create volume and click on close:

…add the second disk to storage pool:

…and extend the virtual disk:

..i will not use all (in this example) 128GB:

…now we can create a volume on the new vdisk:

..add a drive letter:

…now you can add this volume to DPM:

HINT: you have to click on rescan if you don´t see your new volume here…

…give it a friendly name and click ok:

Add Agents:

Now it´s time to add agents to DPM – click on Agents in console and click Install:

HINT: if you want to install an agent in a untrusted source (not domain joined source or in a domain that do not trust – see my post: Install DPM agent in unstrusted workgroup…

..in my environment in want to install it first on my hyper-v cluster – so i choose my both hyper-v nodes (not necessary to include clustername – ie “hvfc”):

..enter a account that has local admin rights on this servers (you can use your own account, it is only for the installation of agent NOT for service or other purposes..)

..a reboot of ALL (because it is a cluster) is necessary to add hyper-v nodes/cluster to DPM – i will not start automatically (you must restart ALL clusternodes)

..if you receive a error – check your firewall settings on the target computers (for all port exclusions see: https://technet.microsoft.com/en-us/library/hh757794(v=sc.12).aspx – for a list of exclusions only for dpm agents see: https://technet.microsoft.com/en-us/library/hh758204(v=sc.12).aspx):

HINT: easy way – use the following powershell cmdlets on the potentially protected computers:

..or use a GPO – after setting the correct port exclusion – agent installation will work:

 

Create a SET Team in Server 2016 – HowTo…

SET (Switch Embedded Teaming) is a new technology in Windows Server 2016 and the successor to the “standard” teaming technology in Server 2012R2 (LBFO Team) – read more: https://technet.microsoft.com/en-us/library/mt403349.aspx

HINT: only available if you have added the Hyper-V role in Windows, because otherwise no PS-CMDLets are available to configure…

Create a vSwitch

First you have to create a new virtual switch and add the physical NICs:

…a vswitch with the name “TeamedvSwitch” is created – the physical adapters will be connected to this vswitch and a vNIC with the default name “vEthernet (TeamedvSwitch)” are created:

HINT: like in 2012R teaming, it is possible to create a SET team with a single physical NIC and add additional NICs later – so my recommendation is to create always a SET team even if you have only a single NIC.

Rename vNIC(s)

We want to rename the default vNIC for better administration:

HINT: you see that i have two physical NICs from different vendors – it work´s in my vLab but for production environment it is not supported to have a SET team with NICs from different vendors, with different firmware or drivers…

Add vNIC(s)

…and we want to add another vNIC for LiveMigration traffic:

…and additional vNICs for CSV/ClusterHB and Storage Traffic:

Show all “Management” adapters in powershell:

Set VLANid on vNIC(s)

I have different VLANs for the traffic:

VLANid Description
0(native/untagged) Management/RDP/PXE/DHCP….
400 LiveMigration
300 SMB-Storage Traffic
250 ClusterHB

HINT: many switch vendors won´t pass traffic class information on untagged networks. Best practice if using RDMA, DCB and PFC is that the “untagged” network are on VLAN 0 (tagged) – i.e. “Set-VMNetworkAdapterVlan -VMNetworkadapter $NIC -Access -VlanId 0” for the management interface. This set all vNICs in a VLAN, class information can be inserted into the VLAN header of IP packets and the physical switch pass this type of traffic.

Enable JumboFrames

Dont forget to enable Jumbo Frames, this can significant speed up your network.

To enable Jumbo Frames you have to configure it on the switch side with the appropriate tools WebGUI,CLI,.. – i always use 9KB – on most NICs it exist a value of 9014 bits, but this is depending on your NIC vendor and driver. Check the Advanced Properties on the NIC in windows – if you dont see settings for Jumbo Frames and/or 9KB (sometimes if you using original windows drivers for nic) update to the latest vendor driver.

The following is a example of a Realtek NIC with the shipped windows driver in server 2016:

(the max value in JumboPacket is 4k and fixed size, no bigger values available…)

AFTER updating the driver to realtek driver version 10.2.703.2015:

(now 9KB is available in advanced properties…)

Set the value on all physical NICs:

(regarding 9014 bits: i prefer this little smaller value than in the switch port setting (9216) but realtek does not allow 9014 like intel and other vendors, you have to use 9216 if you have realtek nic)

HINT: in Windows 2012R2 the vNICs inherit the settings from the LBFO-Team, so if you set all physical NICs to JumboFrame with i.e. 9014 bits – all the vNICs have automatically 9014 bits in their settings – in Windows 2016 with SET teaming this is different (!) – you have to set explicit ALL physical AND vNICs to JumboFrame.

Set all vNICs to Jumbo Frames:

 

 

Now we have divided the traffic into several VLANs, but every kind of traffic using all of the available bandwith and have no priority of each other – we have two options to deal with that:

  • QoS
  • PFC and DCB

 

 

 

Time Synchronizing Domain Controllers with NTP – HowTo

…to synchronize your DC(s) with a correct timesource and make the DCs authorative to the clients you have to follow these steps:

If you have more than one domain-controller only the PDC-Emulator should sync his time with NTP – all other DCs should sync with NT5DS against PDC-emulator – we can easily filter the PDCe with a WMI query.

Create two WMI filters in Group Policy Console:

DC with PDC emulator -> “Select * from Win32_ComputerSystem where DomainRole = 5”

all other DCs -> “Select * from Win32_ComputerSystem where DomainRole = 4”

Create two Policies (Sync with NTP for DC with PDCe and Sync with NT5DS for non PDCe DCs)

Create a Policy for non PDC-emulator Domain-controllers:

…ignore the default ntpserver entry, because not used if type is NT5DS (domain hierarchy)…

…not necessary to create a policy for workstations/desktops and non-DomainController servers (domain-joined) because they will sync automatically with DC…

Link to Domain Controller OU:

If you running your domain controllers in virtual environments like HV/Azure… – you must disable time-sync againts host on all VMs within the domain (otherwise you play ping-pong – policy set the time, host set it back, policy set time, host set it back,…..).

Change registry:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider]

“Enabled”=dword:00000000

Policy Update:

gpupdate /target:computer /force

check registry settings:

HKLM\SYSTEM\SOFTWARE\Policies\Microsoft\W32Time\Parameters\….

force sync:

net stop w32time && net start w32time

w32tm /resync /force

check eventlog Application/time-source:

Create policy to put users/groups in local admin group…

Prerequisites:

i want to put ie my service account named _svc_vmmservice to the local admin group in my vmm nodes. following the microsoft AGLP (accounts->global groups->local groups->permissions) first i create a global group named “_gg_localAdminVMM” and a local group named “_lg_localAdminVMM” – put _svc_vmmservice in global group and put global group in local group:

…in addition you need a Group for VMM servers/nodes (not users) – do the same for VMM servers:

Create Policy:

 

…remove “Authenticated users” and change scope of this policy to VMM servers group:

…dont forget to link this GPO to your ServerOU..

time to apply this new policy with:

…you can check it with the command:

…before gpupdate:

and after gpupdate:

 

 

HINT: if you dont see your policy applied and you have created the computer group for your VMM servers a short time before – you have to reboot your VMM servers to apply the membership of the group first!

Create a policy to add local admin account – the new way…

Since Microsoft changed the security policies the “old way” via policy to create a local admin account and give them a password does not work anymore – information about this security update can be found at: https://blogs.technet.microsoft.com/srd/2014/05/13/ms14-025-an-update-for-group-policy-preferences/

if you have installed this security patch and want to create a new policy “old-way” with a new user and password – you can not type-in any passwords because the fields are greyed-out:

The new way to do this is with Microsoft´s Local Admin Password Solution (LAPS) – see: https://www.microsoft.com/en-us/download/details.aspx?id=46899

HowTo Install:

you need a Management computer for installing the management tools, powershell module,… – in addition it is useful to have also all the AD management tools (users and computers, group policy editor,..) installed on this management computer.

Download all (you will need x86 and x64 later) packages from: https://www.microsoft.com/en-us/download/details.aspx?id=46899 to the management computer and start LAPS.x64.msi – or x86 if you have a 32bit management computer (build client packages later):

..install all the features:

Policy for installing client package:

LAPS needs a dll on all the computers where laps should store and change the local admin pwd. The easiest way to do that is, create a policy for deploying this package – start group policy editor and create a new policy :

..choose the LAPS x64 package first, for deploying software to 64bit clients/servers:

…we need also the x86 package:

…i will rename the packages (looks better than (2)) – right click -> properties:

…we want to avoid that the x86 package are also distributed to x64 computers – right click on x86 package and choose properties:

…uncheck “Make this 32-bit…..”:

…i have several OUs in my AD – Resources->Computers where all Workstations and Servers reside – i will link this GPO to my Resources OU:

 

..unfortunately LAPS client need a reboot to complete the update – you see this after GPUPDATE /FORCE:

Extend the AD schema:

open powershell with admin rights on your management server and import the laps ps module:

…update schema:

Set/Check Permissions:

…the default permission to manage local passwords are less restrictive (Domain Users can read) – we want to change it – open ADSIEdit:

…because i have my own OU structure Resources->Computers,.. i have to right-click on ComputersOU and select Properties:

…be sure that under Security Tab are only Users that you give permissions are “All extended rights” checked – ie. Remove this checkmark from Everyone… (in Server 2016 permissions are correct (only Domain Admins, Enterprise Admins have rights), nothing to do in this OS…):

…now give all computers under your OU the permission to change their passwords for itself:

next give users the permission to read the passwords for computer in a OU (in my case ComputersOU) – you can make this very granular, ie use a AD group for workstations and another AD group for servers – Domain Admins are ok for my environment:

Create Local Password Policy:

Last step is to create a policy for changing local passwords, complexity and other – LAPS setup had installed a ADM template on your management workstation for that – so if you have also Group Policy Editor installed on this workstation open GPMC create a new policy and browse to CompConfig->Policies->Admin Templates->LAPS:

 

enable pwd management and change the other settings depending on your needs:

…if you have another policy that disables the local account named “Administrator” and create another user with the name ie “_adm_localAdmin” you must enable this policy setting and change the name to the name of your local admin account (if you have no policy like that and want to change the default local account named “Administrator” you can leave this as default – not configured:

 

dont forget to link your password policy to the appropriate OUs..

Read Passwords:

LAPS Setup installs a GUI Utility called “LAPS UI” on your management workstation:

or you find it in AD Users and Computers -> Computer Object -> Attributes (dont forget to check View->Advanced to show this tab):

 

Install DPM Agent in untrusted Workgroup…

To install the DPM Agent on computers running outside the DPM domain is a little bit tricky – hopefully the steps below are helping to describe this procedere:

first find the agent setup files on DPM server – to do this locate the agent setup directory with the newest version – on DPM Server browse to C:\Program Files\Microsoft System Center 2012 R2\DPM\DPM\agents\RA

inside this folder copy the appropriate OS version – ie. amd64 for the 64-bit agent:

paste this on the computer where you want to install the agent – ie. C:\Temp\DPM\Agent:

on the computer where you want to install the agent, open a CMD with admin rights and change to the directory where you copied the setup files – ie. C:\Temp\DPM\agent\amd64\1033

DPM agent needs the FQDN of the DPM server – check nslookup if name resolution working correctly or edit Hosts file to have a local name resolution

HINT: for DPM the fqdn name and NETBIOS name are two different things (!) – if you enter fqdn here, you have to enter also the fqdn on DPM SERVER side while adding the agent…

to install the agent with showing a progress bar – enter the following command:

to install completely silent – enter:

(KBxxxx reference to the newest version of agent – in this case DPM agent 2012R2CU10…)

HINT: ..if you get a 0x80070005 “Access is denied” error – try to start the DPMAgentInstaller without parameters!

confirm the “Restart message” and change to the new install dir of agent:

enter the following command:

…choose a password and DPM is creating a local user account with the name you choose – you can check this with Computer Management->Local User and Groups->Users

Agent setup also creates the following three groups:

  • DPMRADCOMTrustedMachines
  • DPMRADmTrustedMachines
  • DPMRATrustedDPMRAs

…the new account is member in the first two groups..

On DPM server do the following:

click on Management->Add -> Windows Servers:

…be careful here to enter the correct values – FQDN must resolvable from DPM server – username is in format <new_created_local_account_before> (don’t use <DOMAIN>\<accountname> here !)

click attach:

..agent should be attached with status “Success” – you have to restart the agent Computer to finish the agent Installation…

Installing Highly Available SystemCenter VMM 2016 – HowTo…

Prerequisites:

if you want to install a highly available VMM you need two VM´s (to create a VMM cluster) and a extra HA SQL Server (ideally two SQL 2016 core Nodes with AlwaysOn – for installing this SQL nodes see http://blog.mscloud.guru/2016/10/28/installing-sql-server-2016-core-on-windows-server-2016-core/

VM(s):
  • Create two VMs with a OS vhdx (optional one additional Data drive if you want to split OS and VMM in two different drives), 2 vCPUs and at minimum 4096 MB Memory (if you want to use Dynamic RAM, set Startup value to 4096MBs or more and Minimum RAM to 2048 or more, otherwise setup check will fail…) – see SystemCenter requirements: https://technet.microsoft.com/en-us/system-center-docs/system-requirements/minimum-hardware-recommendations
  • Create a cluster with this two VMs, no cluster disks necessary, don’t forget to create a witness (my preferred FileShare or Cloud Witness)

SQL:
  • create a AlwaysOn Listener on your SQL cluster (you can deploy VMM in a “Common” Instance with other databases or you prefer a dedicated instance for VMM – collation should be: SQL_Latin1_General_CP1_CI_AS
Software:

  • Install ADK on both VMM nodes with the following options:
    • DeploymentTools
    • Windows Preinstallation Environment

…copy downloaded ADKSetup Files to both VMM nodes and install with GUI or unattended:

…after a few minutes check c:\temp\install.txt – the last entry should be “…Exit code 0…”:

  • Install the SQL tools in GUI mode or unattended:

  • do this on both vm nodes and restart the servers
Accounts:
Login Purpose Permission
DOMAIN\_svc_vmmservice SCVMM Service Account Local admin rights on VMM nodes
DOMAIN\_svc_vmmrunas Service Account for manageging Hyper-V Hosts Local admin rights on Hyper-V servers/nodes
(optional) DOMAIN\_svc_vmm2scom SCVMM to SCOM connector account SCOM Admin and SCVMM Admin role
(optional) DOMAIN\_svc_vmmtemplate Account used in templates to join Domain and run scripts while deployment you can use delegate control in AD for this account – Computer Objects/Reset Password/Validated write to DNS host name/Validated write to service principal name/Read/Write Account Restrictions (This object and all descendant objects – Create/Delete Computer Objects)
Groups:
Name Members Scope Permission
gg_VMMAdmins your account/_svc_vmmservice/_svc_vmmrunas Global -
lg_VMMAdmins gg_VMMAdmins Local Put this group in local admins group on VMM nodes
AD container:

if you install VMM in HA mode you must create a container in AD to allow VMM to store their key´s. See https://technet.microsoft.com/en-us/library/gg697604(v=sc.12).aspx

open ADSIEdit.msc and connect to the domain partition of the active directory domain:

…double click on “Default namin context…” and right click on domain context:

..give it a name (ie. VMMDKM – “Virtual Machine Manager Distributed Key Management”)

…refresh the console:

…click on domain -> your container -> and check your if your container is created successfully:

 

…close ADSIEdit and open “Active Directory Users and Computers” – click View -> Advanced Features:

…open Properties of your container:

…add VMM service account with R/W/Create child permissions:

…click Advanced and chance permissions to all descendant objects:

FileShare:

In a VMM HA install the FileShare for Library must be created outside of VMM servers – you have to create a fileshare on a MS fileserver or fileservercluster (NAS or other CIFS components are not possible because VMM installing his own VMM agent on the fileserver for management purposes…)

Install:

you can choose between nonGUI and GUI VMM setup – even on server core edition:

Server core install:

change to your VMM setup path and edit the file VMserver.ini (ie: C:\VMMSetup\amd64\Setup\VMserver.ini)

call the setup with the following parameter:

check the VMMLog in C:\ProgramData\VMMLogs

Installation in GUI mode:

..start setup – choose install, click VMM server and next:

Server name -> Name of you AlwaysOn Listener

Port -> Listener Port

Instance name -> name of SQL instance

use your vmm-service account -> see “Accounts” above and the Distinguished Name of the container you created in AD before (see container above)

HINT: ..normally everything should ok – if you get an error like me (see text in screenshot) regarding the SCP in AD – maybe you have moved your Nodes in AD in another OU and forget to give the ClusterObject the permission to create Computer Objects within this OU! – see: https://technet.microsoft.com/en-us/library/dn466519(v=ws.11).aspx or see: http://www.systemcenter.ninja/2014/01/creating-service-connection-point-scp.html

..in my case i manually create the computer object (same OU as FC object) and give the failoverclusterobject Full-rights on this new object – after that i run the configurescptool.exe command (see text above) again and voila – in Cluster Manager the Role can be started with success…

On second node:

start setup (vmmsetup recognize that it runs in a cluster and that a “primary” vmm node exist):

…if you click on VMM management server in next screen you will get the following message:

…enter registration informations again:

…settings for database are greyed-out because setup reads this info from primary installed node:

…reeenter password for vmm-service:

accept all other with next and click install:

…after a while setup should finished with success:

Last step in HA install is to make the VMM DB highly-available – we installed it with the AlwaysOn Listener but the DB itself must be switched to HA with the SQL AlwaysOn Wizard – open the SQL Studio and connect to your AO Database:

…standard SQL setup for join a single DB to AO group – change recovery mode/make backup/add db to ao group:

…right click on AOgroup and select “Add Database…”:

HINT: in SQL Alvailability group dont forget to keep your SQL users on the database in sync (!) – see: http://blog.mscloud.guru/2016/10/28/installing-sql-server-2016-core-on-windows-server-2016-core/ since every works perfekt until the first failover of the DB – then VMM service failed to start, because the (ie. _svc_vmmservice) user does not exist on the failover target server.

FINISH: now you have a fully highly available SCVMM installation – test it with failover of DB (nothing should happen) – and failover of VMM (an open VMM console should simple reconnecting after a few seconds)

Installing SQL Server 2016 Core on Windows Server 2016 Core

Prerequisites:

Account(s):

as a best practice you should create two (domain) accounts for running the sql service and the sql agent:

Login Description
_svc_sqldb SQL Server Service Account – is NOT local Admin on SQL Servers
_svc_sqlagent SQL Server Agent Account – is NOT local Admin on SQL Servers

…in addition i create a global domain and local domain group in AD for SQL Admins – put Members to the global domain group, put global domain group into local domain group (local group gets the permission for sql server –> see sql.ini file…)

Name Description
_gg_SQLAdmins Global Group – All SQL Administrators
_lg_SQLAdmins Local Group – All Glocal SQL Admin Groups
Disk:

best practice for SQL servers is to put Data, Log and Temp Files in different harddrives (in physical word in different raid configs) – i prefer this also in virtual environments even if i have a config that puts all vDisks on the same physical drives – per SQL VM create 4 vDisks:

Filename Description
SystemOS.vhdx Boot Disk with OS
SQL-Data.vhdx Shared SQL Components and Instance Dirs
SQL-Temp.vhdx Drive for SQL Temp DB's
SQL-Log.vhdx Drive for SQL Log's

(see sql.ini for configuring the different drive letters and paths…)

if you want to manage your harddrives remotely by mmc plugin – you have to enable the appropriate firewall-rules on server core AND your workstation machine (if you not enable on your workstation machine you will get the error “RPC server unavailable):

check if the rules for remote disk management are enabled:

image

…not enabled by default – type:

…and check again: image

…if you prefer the GUI – Server Manager from Admin Workstation is great – you can use it to manage disks remotely (change disk label,…)

Hotfixes, CUs, SPs and Patches:

..while setup is running, it can implement existing updates – copy all updates in a directory named i.e C:\SQLSetup\Updates\… and refer this path in your SQL.ini

i.e. for SQL Server 2016 RTM – download CU2: https://www.microsoft.com/en-us/download/details.aspx?id=53338

SQL.INI:

…if you do not created a ini file before, you can copy this sample sql.ini and edit for your own:

Install:

..in CMD Shell on server core type:

image

image

HINT: see troubleshooting section for a bug in the setup routine – you have to add permissions on your backup dir, if you install additional instances…

after setup is finish – you have to manually create the firewall rule for accessing your instance:

SERVER2016/SQL2016:

per server:

per instance:

per listener (if you use alwayson):

older versions SERVER2012R2/SQL2012 (other Profile Parameter and SQL Path):

per server:

per instance:

per listener (if you use alwayson):

you can check if everything is ok with management studio – connect to the sql server\instance name and version number should be 13.0.2164 (SQL2016 with CU2) – see version numbers: https://sqlserverbuilds.blogspot.co.at/

AlwaysOn config:

…if you want to create a AlwaysOn SQL Infra – do exact the same on a second server (don’t forget to create cluster first…)

Enable AlwaysOn:

Open PowerShell with Admin Rights (if you have a fresh install and not reopened your powershell window – no SQL cmdlet will be found (!) – so don´t forget to logoff and logon before start PS)

image

…do this on ALL sql nodes…

HINT – AlwaysOn: if you create a AvailabilityGroup and want to use it for i.e. SystemCenter VMM – see: http://blog.mscloud.guru/2016/10/30/installing-highly-available-systemcenter-vmm-2016-howto/ don´t forget that AlwaysOn does NOT sync user logins on SQL automatically – so if you install VMM every works perfect until the first SQL Failover – after that VMM services crashes, because it can not connect to your database.

Good way to keep the user´s in sync, is a great tool named dbatools – it´s free of charge and you can find it via: https://dbatools.io/getting-started/

Installation is very simple via PSGallery on your SQL server – open powershell and type:

..aswer the following questions about NuGet and so on with Yes (you need a internet connection from your server..)

Test the connection to the server you logged in and the other sql server nodes that part of your Availability Group with:

Keep users in sync type:

i will do this in a scheduled task so have a perfect solution to keep all sql user logins on all sql servers in sync.

Troubleshooting:

you can find any error or information in the SQL Setup log file located in C:\Program Files\MicrosoftSQL Server\130\Setup Bootstrap\Log\ – see the reference article: https://msdn.microsoft.com/en-us/library/ms143702.aspx

HINT: …i found a  bug in the sql setup – if you install the instances with a unattended .ini file and point every instance to backup their databases to ie. E:\backup directory – the setup process create only for the FIRST instance the appropriate permissions for this directory (ie: NT Service\MSSQL$COMMON has Full permission to E:\Backup NOT other instances ie. NT Service\MSSQL$SCVMMDB…..) – to solve this open a Admin CMD Shell on every SQL node and enter:

you can check the correct permissions with:

if you have 2 instances (COMMON and SCVMMDB) it should look like this:

Initialize additional Disk on Server Core

…to get the number of the new disk enter:

 

Get-Disk

 

image

 

Get-Disk –Number 1 | Set-Disk –IsOffline $false

Get-Disk –Number 1 | Set-Disk –IsReadOnly $false

Get-Disk –Number 1 | Initialize-Disk –PartitionStyle GPT

Get-Disk –Number 1 | New-Volume –FriendlyName “Data” –FileSystem ReFS –DriveLetter “D”

 

…if you want to change the drive letter of other drives before:

 

diskpart

select volume x    (list volume –> to get volumes with driveletters)

assign letter=y

exit

Lability – Add Server 2016 RTM as Custom Media

Download:

Lability can download the ISO file (jump directly to “Register-Media” section) for you or if you want to download manually – you find it on the MS Eval Site:

https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2016?i=1

After downloading the ISO file, you need the exact image names within the install.wim of iso file – you can get this with the following powershell cmds:

You get a output like this:

Imagelndex : windows server 2016 SERVERSTANDARXORE ImageName Imageoescription • . windows server 2016 SERVERSTANDARXORE ImageSi ze . 8.840. 650.521 bytes Imagelndex ImageName Imageoescription : ImageSi ze Imagelndex ImageName Imageoescription : ImageSi ze Imagelndex ImageName Imageoescription : ImageSi ze . Wi ndows Server Wi ndows Server : 14.858. 983.050 . Wi ndows Server Wi ndows Server 2016 SERVERSTANDARD 2016 SERVERSTANDARD byt es 2016 SERVERDATACENTERCORE 2016 SERVERDATACENTERCORE . 8.905. 611.811 bytes . Wi ndows Server Wi ndows Server : 14.857. 373.611 2016 SERVERDATACENTER 2016 SERVERDATACENTER byt es

…you need the values in the Field “ImageName” – Dismount the Image with:

 

Register Media:

Now you can register the new ISO and ImageNames with:

 

Do the same with the other three imagenames:

Change your Lability Config file:

Change the media name in your lability config file (.psd1) i.e:

…your vLab is now ready to deploy with the new OS..