An “Inexpensive” Exchange Lab In Azure

Posted on Leave a commentPosted in 2010, 2013, Azure, cloud, DNS, exchange, exchange online, hyper-v, IAmMEC, Office 365, vhd, vm, vpn

This blog post centres around two scripts that can be used to quickly provision an Exchange Server lab in Azure and then to remove it again. The reason why the blog post is titled “inexpensive” is that Azure charges compute hours even if the virtual machines are shut down. Therefore to make my Exchange lab cheaper to operate and to not charge me when the lab is not being used, I took my already provisioned VHD files and created a few scripts to create the virtual machines and cloud service and then to remove it again if needed.

Before you start using these scripts, you need to have already uploaded or created your own VHD’s in Azure and designed your lab as you need. These scripts will then take a CSV file with the relevant values in them and create a VM for each VHD in the correct subnet (that you have also created in Azure) and always in the correct order – thus ensuring they always get the same IP address from your virtual network (UPDATE: 14 March 2014 – Thanks to Bhargav, this script now reserves the IPs as well as this is a newish feature in Azure). Without reserving an IP, when you boot your domain controller first in each subnet it will always get the fourth available IP address. This IP is the DNS IP address in Azure and then each of the other machines are created and booted in the order of your choosing and so get the subsequent IP’s. Azure never used to guarantee the IP but updates in Feb 2014 now allow this with the latest Azure PowerShell cmdlets. This way we can ensure the private IP is always the same and machine dependancies such as domain controllers running first are adhered to.

These scripts are created in PowerShell and call the Windows Azure PowerShell cmdlets. You need to install the Azure cmdlets on your computer and these scripts rely on features found in version 0.7.3.1 or later. You can install the cmdlets from http://www.windowsazure.com/en-us/documentation/articles/install-configure-powershell/

Build-AzureExchangeLab.ps1

# Retrieve with Get-AzureSubscription 
$subscriptionName = "Visual Studio Premium with MSDN"

Import-AzurePublishSettingsFile 'downloaded.publishsettings.file.got.with.Get-AzurePublishSettingsFile'

# Select the subscription to work on if you have more than one subscription
Select-AzureSubscription -SubscriptionName $subscriptionName

# Name of Virtual Network to add VM's to
$VMNetName = "MCMHybrid"

# CSV File with following columns (BringOnline,VMName,StorageAccount,VMOSDiskName,VMInstanceSize,SubnetName,IPAddress,Location,AffinityGroup,WaitForBoot,PublicRDPPort)
)
$CSVFile = Import-CSV 'path\filename.csv'

# Loop to build lab here. Ultimately get values from CSV file
foreach ($VMItem in $CSVFile) {

    # Retrieve with Get-AzureStorageAccount  
    $StorageAccount = $VMItem.StorageAccount

    # Specify the storage account location containing the VHDs 
    Set-AzureSubscription -SubscriptionName $subscriptionName  -CurrentStorageAccount $StorageAccount
  
    # Not Used $location = $VMItem.Location     # Retrieve with Get-AzureLocation

    # Specify the subnet to use. Retreive with Get-AzureVNetSite | FL Subnets
    $subnetName = $VMItem.SubnetName

    $AffinityGroup = $VMItem.AffinityGroup      # From Get-AzureAffinityGroup (for association with a private network you have already created). 

    $VMName = $VMItem.VMName
    $VMOSDiskName = $VMItem.VMOSDiskName        # From Get-AzureDisk
    $VMInstanceSize = $VMItem.VMInstanceSize    # ExtraSmall, Small, Medium, Large, ExtraLarge 
    $CloudServiceName = $VMName
    $IPAddress = $VMItem.IPAddress              # Reserves a specific IP for the VM
    if ($VMItem.BringOnline -eq "Yes") {
        Write-Host "Creating VM: " $VMName
        $NewVM = New-AzureVMConfig -Name $VMName -DiskName $VMOSDiskName -InstanceSize $VMInstanceSize | Add-AzureEndpoint -Name 'Remote Desktop' -LocalPort 3389 -PublicPort $VMItem.PublicRDPPort -Protocol tcp | Add-AzureEndpoint -Protocol tcp -LocalPort 25 -PublicPort 25 -Name 'SMTP' | Add-AzureEndpoint -Protocol tcp -LocalPort 443 -PublicPort 443 -Name 'SSL' | Add-AzureEndpoint -Protocol tcp -LocalPort 80 -PublicPort 80 -Name 'HTTP' | Set-AzureSubnet –SubnetNames $subnetName | Set-AzureStaticVNetIP –IPAddress $IPAddress        
        # Creates new VM and waits for it to boot if required
        if ($VMItem.WaitForBoot -eq "Yes") {New-AzureVM -ServiceName $CloudServiceName -AffinityGroup $AffinityGroup -VMs $NewVM -VNetName $VMNetName -WaitForBoot}
            else {New-AzureVM -ServiceName $CloudServiceName -AffinityGroup $AffinityGroup -VMs $NewVM -VNetName $VMNetName }
    }
}

Remove-AzureExchangeLab.ps1

# Retrieve with Get-AzureSubscription 
$subscriptionName = "Visual Studio Premium with MSDN"

Import-AzurePublishSettingsFile 'downloaded.publishsettings.file.got.with.Get-AzurePublishSettingsFile'

# Select the subscription to work on if you have more than one subscription
Select-AzureSubscription -SubscriptionName $subscriptionName

# CSV File with following columns (BringOnline,VMName,StorageAccount,VMOSDiskName,VMInstanceSize,SubnetName,IPAddress,Location,AffinityGroup,WaitForBoot,PublicRDPPort)
$CSVFile = Import-CSV 'path\filename.csv'

# Loop to build lab here. Ultimately get values from CSV file
foreach ($VMItem in $CSVFile) {

    # Stop VM
    Stop-AzureVM -Name $VMItem.VMName -ServiceName $VMItem.VMName -Force

    # Remove VM but leave VHDs behind
    Remove-AzureVM -ServiceName $VMItem.VMName -Name $VMItem.VMName 

    # Remove Cloud Service
    Remove-AzureService $VMItem.VMName -Force
}

CSV File Format

The CSV file has a row per virtual machine, listed in order that the machine is booted:

BringOnline,VMName,StorageAccount,VMOSDiskName,VMInstanceSize,SubnetName,IPAddress,Location,AffinityGroup,WaitForBoot,PublicRDPPort
Yes,mh-oxf-dc1,portalvhdsjv47jtq9qdrmb,mh-oxf-mbx2-mh-oxf-mbx2-0-201312301745030496,Small,Oxford,10.0.0.4,West Europe,C7Solutions-AG,Yes,3389
etc,…

The columns are as follows:

  • BringOnline: Yes or No
  • VMName: This name is used for the VM and the Cloud Service. It must be unique within Azure. An example might be EX-LAB-01 (if that is unique that is)
  • StorageAccount: The name of the storage account that the VHD is stored in. This might be one you created yourself or one made by Azure with a name containing random letters. For example portalvhdshr4djwe9dwcb5 would be what this value might look like. Use Get-AzureStorageAccount to find this value.
  • VMOSDiskName: This is the disk name (not the file name) and is retrieved with Get-AzureDisk
  • VMInstanceSize: ExtraSmall, Small, Medium, Large or ExtraLarge
  • SubnetName: Get with Get-AzureVNetSite | FL Subnets
  • IPAddress: Sets a specific IP address for the VM. VM will always get this IP when it boots and other VM’s will not take it if the happen to boot before it
  • Location: Retrieve with Get-AzureLocation. This value is not used in the script as I use Affinity Groups and subnets instead.
  • AffinityGroup: From Get-AzureAffinityGroup (for association with a private network you have already created).
  • WaitForBoot: Yes or No. This will wait for the VM to come online (and thus get an IP correctly provisioned in order) or ensure things like the domain controller is running first.
  • PublicRDPPort: Set to 3389 unless you want to use a different port. For simplicity, the script sets ports 443, 80 and 25 as open on the IP addresses of the VM

Access Is Denied Message After Sysprep–How To Fix

Posted on 1 CommentPosted in 2003, 2007, 2008, 2008 R2, 2012, 64 bit, backup, bios, hyper-v, password, recovery, sysprep, windows, windows 2003, windows 2008, windows 7, windows server, workstation, x64, x86

If before you use Sysprep to prepare a Windows machine for imaging you set the administrators password “User cannot change password” then sysprep will not clear this setting, but will set the “User must change password at next logon” setting. Normally these two settings are mutually exclusive, but in the scenario for sysprep it seems they can both end up being set.

This means you get prompted to reset you password at first logon after sysprep completes and then find you have “Access Denied” as the response. There is seemingly no way around this Catch-22.

That is unless you use the Offline NT Password and Registry Editor. This tool allows password resets when booting the server from a CD or USB key (so physical access to the server is required). As the download for this is an iso file, it can also be used in virtual environments by configuring your virtual machine to boot from the iso you have downloaded.

To allow you to logon to your machine following the above issue, all you need to in the Offline NT Password tool is to blank out the administrators password and unlock the account. These are options 1 and 4 during the password reset stage. Full instructions with screenshots follow:

  1. Boot the server with the issue with the Offline NT Password and Registry Editor iso file:
    image
  2. Choose the correct boot option (or just press Enter for the defaults):
    image
  3. For Vista and earlier select the default of Option 1. For Windows 7 and Windows 2008 and later select Option 2 (to boot into the second partition on the disk). You might need to select a different option if you have more partitions. You need to select the partition that Windows is installed on.
  4. If the disk is marked as Read-Only ensure that the server went through a clean boot and was not shutdown incorrectly. Once the messages indicate a writable partition
    image
  5. Select the presented folder (by pressing Enter again). You can typically just press Enter through most of these stages. You will be asked what you want to do – we want to reset passwords:
    image
  6. Select Option 1 to Edit user data and passwords:
    image
  7. Press Enter to choose the Administrator account:
    image
  8. Type 1 to Clear (blank) user password. You should get back the message “Password cleared!”:
    image
  9. Press Enter again to reselect the Administrator account, and this time select Option 4 to unlock the account (even though this program tells you the account is already unlocked):
    image
  10. Once you see “Unlocked!” you can quit from this program. The process to quit requires you to save your changes. Note that the default setting is not to save changes, so you cannot now use Enter to select the default option.
  11. Enter ! to quit from the password reset program:
    image
  12. Enter q to quit from the script and to ask about saving changes:
    image
  13. Enter y to write back the files that have been changed:
    image
  14. You should have been told “***** EDIT COMPLETE *****”. Press Enter to finish the program scripts:
    image
  15. At this final screen you can remove the CD or unmount the iso image from your virtual machine and press CTRL+ALT+DEL to restart the server. The server should now boot into Windows and auto-logon as it has a blank password.
  16. Change the password and optionally untick the “User cannot change password” setting.

Installing Dell Open Manage 7.1 on Hyper-V R2 Servers

Posted on Leave a commentPosted in 2008, 2008 R2, 2012, dell, hyper-v, openmanage, osma, server administrator, server core, windows server

This set of instructions goes through the process for installing Dell Open Manager on Windows Server 2008 R2 and Windows Server 2012.

  1. Download both the 6.5 and 7.1 versions of Dell Open Manage
    • You need to install 6.5 first, or you will get errors about “omchecks has stopped working” failing during the RunPreReqChecks process and an error about “Failed to load OMIL Library” when running the actual installer.

image

image

  1. On the server run Dism /online /enable-feature /featurename:SNMP-SC to install SNMP
  2. After downloading 6.5 expand the zip to c:\OpenManage65 and if needed copy to the server you are installing on, or burn a DVD and insert it into the server in question.
  3. Install Open Manage 6.5 with the following steps
    1. cd c:\OpenManage65\windows\prereqchecker
    2. runprereqchecks /s
    3. echo Return Code = %ERRORLEVEL%
    4. Check the Return Code with the codes listed at http://support.dell.com/support/edocs/software/smsom/6.1/en/ug/HTML/prereqch.htm#wp1053477
    5. Fix any errors listed. You should get a 2 as the Return Code. You might need to view the prereqchecker HTML file that it creates. This is made in your temp directory. Cd %TEMP% to see what this is. It will be something like c:\Users\username\AppData\Local\Temp\2. To open the HTML output file connect to this temp folder from a machine with IE installed on it and open omprereq.htm. Fix any listed errors.
    6. cd c:\OpenManage65\windows\SystemsManagement
    7. msiexec /i SysMgmt.msi
    8. Choose Custom and add the Remote Enablement option.
  4. Allow remote access to TCP port 1311 (the Open Manage web server port) using netsh advfirewall firewall add rule name="Dell OpenManage Server Administrator Web GUI" dir=in action=allow protocol=TCP localport=1311
  5. Install Open Manage 7.1. The steps here are similar, just from the directory containing version 7.1 instead.
    1. cd c:\OpenManage71\windows\prereqchecker
    2. runprereqchecks /s
    3. echo Return Code = %ERRORLEVEL%
    4. Check the Return Code with the codes listed at http://support.dell.com/support/edocs/software/smsom/6.1/en/ug/HTML/prereqch.htm#wp1053477
    5. Fix any errors listed. You should get a 2 as the Return Code. You might need to view the prereqchecker HTML file that it creates. This is made in your temp directory. Cd %TEMP% to see what this is. It will be something like c:\Users\username\AppData\Local\Temp\2. To open the HTML output file connect to this temp folder from a machine with IE installed on it and open omprereq.htm. Fix any listed errors.
    6. cd c:\OpenManage71\windows\SystemsManagement
    7. msiexec /i SysMgmt.msi
    8. Choose Custom and add the Remote Enablement option (though as this is now an upgrade it should already be selected).
  6. Finish by browsing to https://remoteserver:1311 not forgetting the s in https. You will get a certificate error and once connected you can replace this if you wish or are required to by corporate policies.
  7. With thanks to the following two blogs:

    Building an Exchange Unified Messaging Lab

    Posted on 1 CommentPosted in 2010, exchange, hyper-v

    This is a project I have been meaning to do for some time, and when I got around to doing it found it to be harder than I expected it to be. So this blog series covers the steps needed to build a Unified Messaging lab utilising Exchange Server 2010 and Microsoft Lync Server along with the steps to build a software PBX using AsteriskNOW and a SIP Trunk provider to give me inbound and outbound telephone calls.

    Posts In This Blog Series

     

    Initial Requirements

    We will start with a list of the requirements to build this lab:

    1. A virtualization server. This blog will reference Hyper-V but any will do.
    2. Purchase a domain name for the lab. For the blog we will use mcmemail.co.uk
    3. A domain controller. For this blog the domain is mcmemail.local
    4. An Exchange Server 2010 or 2013 installation.
      1. For Exchange 2010 you need to install the Mailbox, CAS, Transport and Unified Messaging roles onto one or more servers
      2. For Exchange 2013 you need to install the Mailbox and Client Access Front End role on either the same or two machines.
    5. A PBX. For this blog series we will download and install two different software PBX’s. First we will look at AsteriskNOW and then 3CX’s software PBX. The first is free of charge, but requires work to make it work and the second is a paid product (but has a 2 line fully functioning demo version) that has options to work with Exchange without a lot of configuration.
    6. A SIP Trunk Provider. For this blog we are using Voipfone who provide free SIP trunks and a free UK incoming number. You will want to pick a provider in your country and there are plenty to choose from. Voipfone were selected for the lab because they appeared on an “free sip trunk uk” search and no other reason.
    7. The ability to configure the firewall between the lab and the internet. Fixed IP’s preferred, but NATed IP’s are possible (and will be covered here).
    8. You will need some trusted digital certificates if you want to utilise Lync towards the end of the blog series. I am using Start SSL as they provide unlimited UC digital certificates (subject alternative name containing certificates) for a low fee.

    So lets start. We will not cover the detail of the Hyper-V installation or the creation and configuration of virtual machines to host the domain controller and Exchange Servers. So if you are starting from scratch go an build yourself a working Exchange environment now and come back here as we prepare to do the Unified Communications bit.

    All You Need To Know About PBX’s

    The PBX (or Private Branch Exchange) is the hardware or software needed to make your traditional office telephone system work. This connected your physical telephone lines and your office telephones and allowed for internal calls, external calls, voicemail and lots more (at typically incremental cost for each feature). For your lab, if you want to connect Exchange and or Lync to your existing PBX then you will need either an IP PBX or an IP Gateway to connect your non-IP PBX to the IP based software that is Exchange or Lync.
    Or you could install a software based IP PBX just for the lab. This is what we are going to do in Part 2, and once installed we will connect it to Exchange Server to provide voicemail and later “replace it” with Lync Server as that is a full IP PBX in its own right.

    Scheduling Backup on Microsoft Hyper-V Server

    Posted on 2 CommentsPosted in 2008, 2008 R2, backup, hyper-v

    To do a backup of the virtual machines installed on your Hyper-V Server (2008 or 2008 R2 editions) you need to complete the following steps.

    1. Install the backup feature by typing start /w ocsetup WindowsServerBackup from the command prompt.
    2. Get a list of the drives on which Hyper-V Server has stored virtual machines. This will be C: unless you have made changes.
    3. Determine the times you want to run the backup at.
    4. Determine the drive letter of the removable disk by typing at the command prompt each of the following commands
      1. diskpart
      2. list volume
      3. The disk drive letter will be displayed for the disk that matches the size of your removable disk.
      4. Type exit to exit diskpart.
    5. From the command prompt type wbadmin enable backup -addtarget:x: -schedule:hh:mm,h2:m2 -include:y:,z: -systemState -allCritical to backup to drive X: the contents of drives Y: and Z:, the system state and all drives critical to the running of the server.
    6. Confirm you want to schedule the backup at times HH:MM and H2:M2 (for twice a day). If you want one backup a day use HH:MM and if you want more than two just comma separate a group of times. Enter times as per local timezone. Check the current time on the Hyper-V Server by typing time from the command prompt.
    7. Start a backup now if you want by typing wbadmin start backup and confirming to use the same settings as the scheduled backup.
    8. Backup will proceed in the console. If you log out backup will remain running.
    9. Enter wbadmin enable backup to see the settings you have enabled.
    10. Type wbadmin get versions to see what backups have completed.

    Installing Integration Services on Hyper-V Clients

    Posted on Leave a commentPosted in hyper-v

    The installation of the Hyper-V integration services should be easy, but what happens if you have taken the virtual disks from a Windows Virtual PC or Virtual Server installation and is already running the Virtual Machine Additions software from that installation? What happens is that you need to remove the previously installed Virtual Machine Additions software. Except I got the following error:

    image

    It reads that “this installer may only be run inside of a virtual machine”. But as I am inside a “Hyper-V” virtual guest this error is wrong as I am inside a virtual machine.

    If you are running version 13.813 of the Virtual Machine Additions or later then you will be able to uninstall them from within Hyper-V. The problem is with earlier versions. To check which version is installed display the properties for the Virtual Machine Bus device, which is located in System Devices inside Device Manager.

    So how do I uninstall the Virtual Machine Additions without rebuilding the virtual guest.

    1. On the Hyper-V server shut down the virtual guest
    2. Share the folder containing the VHD file (typically c:\users\public\documents\hyper-v) for full control.
    3. Install Virtual PC 2007 or later on another machine.
    4. Create a new virtual PC using the VHD on the shared folder on the network
    5. Boot this new virtual PC guest and uninstall the Virtual Machine Additions.
    6. Shutdown the virtual PC guest and delete the virtual PC (this leaves the VHD file).
    7. Remove the share and restart the virtual guest on the Hyper-V server
    8. Install the Integration Services.

    Uninstalling Virtual Machine Additions in Hyper-V

    Posted on Leave a commentPosted in hyper-v

    The error message “this installer may only be run inside of a virtual machine” appears when you try to remove old virtual machine additions (from Virtual Server 2005/Virtual PC 2004) when running the virtual machine in Hyper-V.

    The migration guidelines recommend the removal (but do not mandate it) of the Virtual Machine Additions. But this is probably because later versions of the additions can be removed from inside Hyper-V, earlier versions cannot.

    The problem is the existence of this software stops the installation of the Hyper-V Integration Services.

    So to remove the Virtual Machine Additions of the Hyper-V guest (that has been previously used in Virtual PC/Server) you need to do the following:

    1. Shutdown the Hyper-V virtual guest
    2. Share the folder containing the VHD for this guest
    3. Install Virtual PC 2007 or later on another computer
    4. Create a new virtual guest on the Virtual PC, pointing the VHD property to the shared VHD on the network and do not create undo disks.
    5. Boot the Virtual PC guest and uninstall the Virtual Machine Additions. Any prompts about new hardware should be ignored by pressing the Cancel button.
    6. The removal process will require a reboot. Once the reboot has completed you can then shutdown the virtual PC.
    7. Remove the Virtual PC guest, stop sharing the VHD folder and restart the guest in Hyper-V.
    8. Install the Hyper-V Integration Services.

    If the virtual guest is so old as to have a Standard PC HAL installed then attempts to install the Integration Services results in the following error “Setup cannot upgrade the HAL in this virtual machine. Hyper-V integration services can be installed only on virtual machines with an ACPI-compatible HAL. For information about hardware requirements, see the Hyper-V documentation”.

    This cannot be fixed and so if you have an old virtual machine that has a Standard PC HAL (from Device Manager > Computer) then do without the integration services or rebuild the guest from scratch.

    Hyper-V on the Dell Optiplex

    Posted on 15 CommentsPosted in hyper-v, virtual server, virtualisation, windows server

    With the correct BIOS settings enabled on a E8500 processor (see http://processorfinder.intel.com/ for the processors that support EM64T, Virtualisation and Execute Disable which is needed for Hyper-V to work), and with them and the Trusted Execution property set to On in the BIOS I got the following errors with Hyper-V RC1 on Windows 2008 Enterprise Server RTM (running Server Core):

    • Hyper-V launch failed; Either VMX not present or not enabled in BIOS.
    • Hyper-V launch failed; at least one of the processors in the system does not appear to provide a virtualization platform supported by Hyper-V.

    Fixed this by rebooting and pressing F2 to enter the BIOS and disabling the following settings

    • Security > Execute Disable (set to Off)
    • Performance > Virtualization (set to Off)
    • Performance > VT for Direct I/O Access (set to Off)
    • Performance > Trusted Execution (set to Off)

    Press Esc and save settings. When the server reboots do a hard power off. Power on, and then in the BIOS again ensure that the following is set:

    • Security > Execute Disable (set to On)
    • Performance > Virtualization (set to On)
    • Performance > VT for Direct I/O Access (set to On)
    • Performance > Trusted Execution (set to Off)

    Press Esc and save settings. Hard power off again once the server reboots. Turn power on and let computer boot normally.

    At this point I got an Hyper-V error in that the entries in the event log above did not appear anymore, but were replaced by an error indicating that Hyper-V was not installed.

    So I removed Hyper-V by running:

    • ocsetup Microsoft-Hyper-V /uninstall

    and reboot.

    Reinstall Hyper-V by downloading the latest build and install it using:

    • wusa <filename_of_download.msu>

    or if you have the latest build already installed, then reinstall using:

    • ocsetup Microsoft-Hyper-V