Recreating AD DNS SRV records on server 2012

Today I installed a new Domain Controller and I got an interesting error which I’ve never had before on a couple of new Servers as I tried to put them in to the new and fresh created domain.

The Message was:
Note: This information is intended for a network administrator.  If you are not your network’s   administrator, notify the administrator that you received this information,   which has been recorded in the file C:\Windows\debug\dcdiag.txt.The following error occurred when DNS was queried for the service   location (SRV) resource record used to locate an Active Directory Domain   Controller for domain example.com:

The error was: “DNS name does not exist.”
(error code 0x0000232B RCODE_NAME_ERROR)
The query was for the SRV record for _ldap._tcp.dc._msdcs.example.com
Common causes of this error include the following:

- The DNS SRV records required to locate a AD DC for the domain are   not registered in DNS. These records are registered with a DNS server   automatically when a AD DC is added to a domain. They are updated by the AD   DC at set intervals. This computer is configured to use DNS servers with the   following 

IP addresses:

192.168.0.1

- One or more of the following zones do not include delegation to its   child zone:             
example      
.com
. (the root zone)
For information about correcting this problem, click Help.

I went straight to the DNS console and got confused as I couldn’t see any of the common SRV records at the _msdcs and so on.
After reading some threads and looking around I got it fixed and here is how I done it.

First of all you should check your DNS Settings as described here:

http://geekswithblogs.net/technetbytes/archive/2011/10/09/147233.aspx

If it isn’t helpful you can try to do the same as I did and hack into the cmd  ipconfig /registerdns and dcdiag /fix.
After that  I restarted the DNS Server and netlogon service. Another dcdiag /a run later it almost ran through as usual and the missing records appeared in the DNS console.
The Servers I tried to join the domain went through the procedure and the problem was solved.

I learned two things.

First … It doesn’t matter how often you’ve done something and you believe it’s going well as everytime, you have to check it to be safe.

In my case I thought I’m installing an ADC as I done it hundred times before. I don’t need the usual check list.
Wrong!
This time I forgot to check the DNS records after setting up the ADC and creating the Domain.
Half a day later after creating dozens of groups, OUs, users and all this … You can image. 😉

Second … The reason of the problem was made by myself as I forgot to set “Register this connection’s addresses in DNS” checkbox at the advanced TCP/IP Settings before I installed the AD.

I’ve done that to avoid an entry to an existing DNS Server. It’s not unchecked by default. 😉

One of the heaps of different threads I found:

http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/884e59a4-0037-4714-bfdb-957046182e13

Converting a Citrix Server to a virtual Machine

Pain in the… 😉

I tried to convert an old Server 2003 R2 with Citrix on top today but the Virtual Machine Manager couldn’t grab and convert the HDDs.
I got different errors as I also tried it again via offline conversion. The WinPE couldn’t get any informations about the HDD (RAID 10 on LSI SCSI Controller).
Finally I cracked it as I backed up the whole machine and recovered it inside a Virtual Machine.

My experiences with old Systems an on/offline P2V conversions aren’t very well.
Within the last weeks I tried unsuccesfully to virtualize some old Windows XP and Server 2003 (R2) Systems.
The lucky thing was always to catch them via regular backup routines and recover them as I wrote above.

Windows Intune – deinstalling the client agents

As I mentioned before I was using Windows Intune and wasn’t very happy about Wave D.
But I decided to try it again with a more productive system.
Maybe I’m getting a budget to try it out more than the typical 30 day trial period but we will see.

But before I’m starting to enroll something on a (third level) productive machine I want to know how to wipe it out if I have troubles or done enough testing.
First option is to retire the device which means Intune will create a schedule task and deinstall all software and reset all changes made during Intune use.
But if there is a deeper problem or you can’t reach the client anymore you can use a script made by the Intune Team.

Here’s the official Technet Website.
I tried it a couple of weeks before on several machines and the job was done well enough.

Scroll down below and read

Using the Windows Intune uninstall scripts or the Windows Intune command line tool

http://technet.microsoft.com/en-us/library/jj662698.aspx

 

Windows Intune – Home Use capable?

I’d finished a Trial period of Windows Intune several days ago.
I read and heard different things abount Intunes Wave D and thought it’s time to take a look. 😉

The main reason to me was to try how Intune can help me to manage private used Windows Systems they are related to me.
Related means the typical scenario with family and friends who need your Support. 😉

The main focus for Microsoft are small and medium Business users and so I was curious how it can fit to my personal interests.

Is it good enough to get an overview about “your” machines?

First of all I have to say the install and use Procedere of Intune was pretty easy.
Installing the Intune Client with certificate tooks only a bit and short time after that the first machine appeared in the console.

But my main goal was to get an easy to use system to install/deinstall apps, get detailed overviews about whats going on with the machines.
Especially reports would be nice. I mean… wouldn’t that be nice if you get a quick overview about changes or frequently happen errors on your managed machines? You could be a bit more “pro active”. 😉
Deinstalling and/or updating apps would be also very nice.

But…
Installing/Deinstalling apps aren’t easy enough to be a no brainer.
If you have typical msi packages it’s ok and you can install the program remotely very good.
But I found some issues.
Adobe Reader install 11.0 via msi… no worries. But to get it updated was a pain in the ass. In other words… I couldn’t.
Ususally there are some msp packages laying around on the Adobe Servers but it wasn’t possible to update the Reader within the update pane in Intune.
The Update to 11.02 never appeared within Microsoft Update/Intune Update.
I tried different Settings/machines/languages and so on but I don’t know why it wasn’t working and finally I gave up to find a reason.

Deinstalling Programs isn’t also as easy as I wished.
I know the base system is System Center Config Manager and the “real” Config Manager in an AD Environment has also to spread special deinstall packages an admin has to create. Something like deinstall_adobe.cmd filled with commands and paths how to deinstall and all this.
Anyway…
I was amazed (in a negative way) there is no easy way at this time.
Deinstall documentations with some wide spreaded Software or similiar stuff? Nothing…

And that’s the biggest hook.

I would like to see a catalog with approved install and de/install routines.
Click on “Update/Install Adobe Reader” and go for it. Show me how to do it to get a glue… a quick start. You name it.

At the end you need another separat product like Secunias PSI Small Business –> http://secunia.com/products/smb/smallbusiness/
But this is limited to 5 users for free (at the Moment is a beta period) and would cost another couple of bucks per month I you want to get that.

Reports?

I couldn’t find anything which gives me the opportunity to set them up or get something.
I would like to get reports if something is going really wrong or a collection of Event logs of the managed machines with filter or something like that.
Nothing…

Remote Assistance

Oh dear…
If you know tools like Team Viewer/Net Viewer, Royal TS and similiar products you don’t get it…
The Remote console is a kind of a joke… I couldn’t use it after I start dying at the first try as my brain thought I travelled back in time.
Microsoft is a leader in Quality Remote Desktop Environments but this is… ridic… 🙁

There is only a small Windows with nothing really useful.

Some missing stuff:

Record sessions… link them into a Tech FAQ/Database or something… record Support times and Duration…

At the end…

I can say Intune is nice but far away from managing Windows completely remote.
It’s more a collection of some basic stuff. I mean really basic stuff.

At the end… For personal use it is to expensive because the starting Price with close to 5€ per month per user is a bit to high.
I can’t see enough benefits to get machines managed.

As an Intune Admin you really need skills managing software on the Config Manager way to be happy with this System and to get it more unleashed.
Otherwise you don’t get enough benefits back and it’s not worth to spend the money. 😉

 

DPM 2012 SP 1 – Tape import and recataloging

Within the last days I was switching from Data Protection Manager 2012 beta SP1 to the final Build which is available for TechNet and Volume Licensing customers at least since the 1st of January.

And I thought moving the Tapes and the MSL Library from one Server to another without the SQL Database is a kind of disaster recovery and likely an option to proof the concept of long term backups via tape. 😉

If the DPM Server is destroyed you will also lose the knowledge where and what files are located on the tapes and/or disks.
Keep in mind the DPM brain is stored in the SQL Database with reports, client server configurations and all this stuff.
Although you don’t have any of this you can simply get your data back with importing end recataloging the tapes.

What you need is another running DPM Server and, sure, a tape drive that’ll read your tapes. 😉

First step – you start inventorying the whole library or if you use a single drive with the inventory button on the left top side on the ribbons.
After and during the inventory you will see the tag/description (Imported) in front of you tapes.

 

But you also want to know what exactly is stored on the tape?
If you try to take a look and hit the “View tape contents” line in the middle …

… the following info box appears.

Sure you want to do that.
Note: Attentive observers would see there was a shorter way and hitting the line “Recataloging the tape” is quicker.

Anyway… the tapes will be “marked for recatalog and waiting for drive” now.

The tape drive is reading the tape and …

… after finishing you get more information. You see a date and what is stored (and maybe when it is expired or will be).
That should suffice for a first look.

Switch to the recovery and take a look. You’ll see “External DPM Tapes”.
You can browse through the backed up data and dig deeper if you need. 😉

If the tape is still in the library/drive DPM will read more data if needed and you’ll get a message.
“Please wait while DPM reads tapes …”

If the DPM could read enough data from the tapes you can look for whatever you’re looking for and recover your data.

Note: If you don’t need a deeper look and it’s not necessary to search for specific files you can simply recover the whole volumes/system the usual way. 😉

 

Data Protection Manager 2012 – DPM 2012

During the last days I took a deeper dive into DPM 2012 SP1 CTP2 and had some troubles with 2 Domain Controllers and “inconsistent replica data” sets.
It reminds me to an interesting blog post from the last year with different trouble shooting tips.

So here we go… 🙂
http://blogs.technet.com/b/dpm/archive/2011/10/31/troubleshooting-data-protection-manager-system-state-and-bare-metal-backup.aspx

Server 2012 – SMB 3.0 Performance

Last week at the Hyper-V training course we had the opportunity to get a good view on Server 2012 SMB Performance.
The enhancement is really impressive.
The Server is distributing the SMB network traffic up to 5 ports and there is no need to team NICs or something like this.
It works… just like this. 😉

A picture is telling more than words.

http://sdrv.ms/KZSXha