server2008 | Steve Dolphin

Remote Desktop Services (per user) license monitoring with a script

With Windows Server 2008 (R2) and the new Remote Desktop Services, you need CALs. They’re essentially the same as the Terminal Services CALs that you used to get, and with Server 2008 you get a lovely little GUI that allows you to generate reports of the current users who have valid licenses etc.

What you can’t do (easily) is use something like the old lsreport.exe to generate a list of who’s using a CAL at a given point in time.

After alot of searching I found a blog post which helped over at the Remote Desktop Services Team Blow: http://blogs.msdn.com/b/rds/archive/2009/11/09/per-user-cal-reporting-script.aspx – it dumps a .csv file of current CAL users and their licence state (valid or expired).

Because what I actually wanted was just an updated csv file every hour so I could trend usage, I added a few lines to the script that looked like this:

objTextFile.WriteLine "time, valid, expired, total" objTextFile.WriteLine Now() & "," & NumOfW2K8_Valid & "," & NumOfW2K8_Expired & "," & NumOfW2K8_Total

And commented out all the others before setting on a repeating task.

Quick: Install .NET 3.5 on Server Core 2008R2

No explanation I’m afraid, just a quick post!

Do it like this:
dism /online /enable-feature /featurename:NetFx3-ServerCore

Remote Access Options in Server 2008R2

Server 2008R2 has many different methods that allow connections to your business network from outside for whatever purposes you see fit (most often though, home working). What’s better still is that once you’ve bought your Server 2008R2 installations these specific features don’t require any extra licensing or purchase cost, all it takes is your time and willing!

The roles that I’ll mention today are:

Routing and Remote Access (RRAS)
Remote Desktop Gateway
Remote Desktop Web Access
Remote Applications (RemoteApp)

The different versions of Server 2008R2 have different levels of functionality for the roles that we’re interested in: Network Policy and Access Services and Remote Desktop Services, so you should check using this hugely cropped table that I’ve made from lifting the information found on the Microsoft website about comparing server editions by role.
Continue Reading →

Using the Dell EQL MEM Module to simplify my backups (also, thanks again, veeam!)

Many posts cover the installation and performance benefits that come from using the Dell Multipathing Extension Module (MEM) on EqualLogic arrays (check the spoonapedia.com one), but the big difference for me was a bit of a pleasant side-effect in terms of handling backups! I’ve covered off this strategy from a high level in my previous blog post, Backup Strategies with Virtual Machines in VMware using Veeam, but I wanted to explain in a little bit of detail how I actually got there: it was down to the MEM!

Before – accessing data from within the OS

Because the file servers I’ve been working on access a lot of data (8TB worth), the original setup involved using the EqualLogic Host Integration Tools (HIT kit) from within the file server OS to access LUNs on the EQL array – this provided valuable multipath access and proved to be a very successful way of handling access to the data. The problem was that is complicated backups quite significantly, I could use veeam to backup the OSs (and I did), but I had no way of backing up the actual file data.

With various bad experiences from using market-leading backup software such as BackupExec in the past I wasn’t in a rush to go out and spend money on a software solution to handle all this file data, so I resorted to a very low-tech solution: I bought a nas box and did a nightly robocopy.

This was simple, but it was awful: the backups didn’t finish in time (they’re being taken over a 100mbit LES), they never caught up with themselves. It was a waste of time and it basically meant no backups were worth having.

After – install the MEM and let ESXi deal with it

But then the MEM came out, and essentially claimed to offer the same (if not better) performance via ESXi – no messing around with the HIT kit any more, and more importantly, a chance to re-evaluate my first decision about not using .vmdks… I changed my mind.

The first time round I did thick LUN straight into Windows, formatted as NTFS, simple. This time I re-evaluated and did a thick LUN on the EQL and then allocated thin disks in ESXi and mounted them to the file servers… This gives me greater flexibility if a disk gets close to its limits but it also now means that the extra .vmdks are picked up by veeam allowing me to replicate my previously successful backup strategy.

In summary…

Veeam now handles the file data as incremental .vmdks which means it only transfers the changes in the .vmdk files – the entire series of backups finishes over the 100mb LES in about 12 hours (which, bearing in mind I run it once a week at the weekend is ideal); the previous robocopy never finished in that amount of time: the size of the data transferred is obviously the same, but because robocopy iterated through every single file and folder for a comparison it took much longer whereas now veeam just… does it, and it was a product that I already had so didn’t require any extra spend (not to mention the money that could now be saved on not upgrading the LES to 1GB purely for the purposes of backup).

Next?

Now being quite satisfied with this setup I’m going to investigate the series of advice from ErikZandboer on optimising his ix2-200 backup speeds, specifically the post that looks at jumbo frames to target storage.

Quick: Using DISKPART in Server Core 2008R2 to setup a new disk

Yes, I could use the MMC from another machine, but I was pretty convinced that I could do it all much more quickly using the DISKPART command… I’ve provisioned the LUN on my EqualLogic box, added it via VMware as a new .vmdk on that LUN and, as predicted, it shows up as offline and readonly, I therefore need a combination of the following to make it work:

DISKPART> list disk DISKPART> select disk 1 DISKPART> attributes disk clear readonly DISKPART> online disk DISKPART> create partition primary DISKPART> list volume DISKPART> select volume 4 DISKPART> assign letter=e: DISKPART> EXIT C:\Users\Administrator> format E: /v:Label /Q

You might not need to list and select the volumes as when you create the partition is usually does, but nice to see that little asterisk to indicate the disk/volume you’re working on.

Playing with RemoteApp in 2008R2

As you may know, Server 2008 have changed “Terminal Services”, firstly it’s been renamed to the rather catchy “Remote Desktop Services” (requiring the purchase of concurrent Remote Desktop Services Client Access Licenses); and secondly, and rather majorly, it’s implemented Remote App – a way of delivering applications to clients using remote desktop but without it looking like remote desktop.

An example

Don’t understand? Allow me to illustrate with an example then.

So you’ve got an application, like Microsoft Visio, you’ve got 20 licenses that allow for 20 concurrent uses and you want to be able to share these across an organisation, how do you do it? If you wanted a free option (i.e didn’t want to pay for Citrix or Terminal Services) then you would have a physical hot desk machine that the users would sit at when they wanted to use the application; and if you got bored of that you could use machines with remote desktop on them instead.

Why Terminal Services now, and not before?

The big change here is related to how the application can be delivered, the Remote App packaging:

allows for the application shortcut to be installed via .msi (so easy group policy rollout);
puts the application on the start menu, as if it were local;
allows for file extensions to be automatically associated with the remote app (which is REALLY handy);
means that the program runs in a “normal” application window, rather than in a whole screen-hogging remote desktop session;

The server setup

As always, this is slightly easier if you have virtual servers because you can separate the roles below into distinctly separate servers, but here’s the basic structure I’ve setup:

Clients connect to the Connection Broker (which performs load balancing and reconnects people to the right server if they get disconnected)
Using a round-robin configured DNS name (the farm name) a Remote App server (which actually has the application installed on it) is selected and a session begins
The License server is configured with the purchased CALs (around £60 each) and keeps track of free / available licenses, preventing an overcommit (unlike standard CALs which are not monitored)

Any setup in 2008 will then additionally allow you to set configurable items such as the amount of time before logging someone off and releasing their license back to the pool; whether multiple connections should be merged when from the same client or same user name and so on.

Other stuff

The obvious thing that can go wrong here is licensing, you need to ensure that your remote desktop services CALs do not allow you to run over the number of licenses for any installed applications: you can’t have 20 Project 2010 Licenses, 20 Office 2010 licenses and then assume that 40 CALs will be fine, because that will allow users to open 40 copies of Project 2010 and 0 copies of Office, which would be wrong.

Once you’ve played and are happy you should also consider investigating RD Web Access to allow you to push these Remote App programs out over the internet via a webpage to end users too; or RD Gateway which if configured correctly would allow you to offer these over the internet solely using the RDP technology (so without the need for a VPN or a Web Page showing a list of applications).

Enjoy!

A template for new offices

Now that the first and largest implemtation is almost complete, I have to start thinking about producing an easy-to-understand template that allows us to build site offices in a practically identical manner. One of the main goals of this project was to be able to have a repeatable template of systems and processes that allowed us almost dump a pre-fabricated solution into a physical building, this sort of template would be tried and tested and be the first step to producing a business service of “deploy new office” – a service which until now has been very ad-hoc and piecemeal.

From a very high level there a few things you need to deploy IT systems into a new building:

Connectivity (Telephony and Data)
Hardware (Servers, Cabling, Computers)
Software (Client OSs, Server OSs, Applications)

Our template includes a base for things already which has come as a direct result of building up the first office: We know that a new site wants Dell EqualLogic storage so that it can use the inbuilt replication between sites (for backup etc); two servers for redundancy; an uninterruptable power supply and environmental monitoring. We know that the site needs at least 10mb of internet connectivity, but keeping in line with recent work this will actually start at 25mb, and we know that there is a need for phone lines (for staff to make calls, as well as for alarms etc). In terms of software, the Client OSs are all still going to be Windows XP, (but with a view to upgrade to 7 later on throughout) and the server OSs are going to be Windows Server 2008 R2 – the datacentre licensing here becomes a bit of a no-brainer, which I’ll explain in a follow up post.

So that’s it, that’s the start of our template for a new site office! I’ll explore the three high-level requirements in more detail in future posts.

Quick: Configuring Server Core 2008 R2

Since my post on sconfig.cmd I’ve been pointed at a product called CCCR2 (there’s a non-R2 version too) by its author, Joachim Nässlander. I’ve been using CCCR2 since he pointed me that way and it’s been *much* better than remembering netsh commands and trying to update my multiple vNICs on each new VM I create, it looks like this:

Having had much fun with Server Core (it seems like it should be a great idea, but no-one really supports it or does much with it yet!) I decided to actively search to see if there were any other tools for this sort of thing, there is, a nice little GUI one called Core Configurator:

So now here I am, stuck with a choice between two perfectly good ways of configuring my server core installations and no sensible way of chosing between the two of them! Both are small enough .iso files to be considered floppy-size which makes them quick and portable, both do pretty much the same thing. Interestingly I think I’m going to continue using CCCR2 because it’s a little bit faster to whizz through the menus and set my NICs up (I don’t need to do things like join domains because that’s already handled by a VMware template).

There is one setting that I frequently use which neither support though, and that’s changing the MTU size (jumbo frames on a NIC), I still need my handy netsh commands for that, but at least CCCR2 shows the interfaces with their MTU size alongside them as a reminder during my setup.

Does anyone else have any Server Core tools?

Quick: SNMP in Server Core 2008 R2

Installing SNMP in Server Core 2008 R2 is really simple, as many blogs and guides will have already told you all you need to do is run this command:

start /w ocsetup SNMP-SC

From there though, how on earth do you configure it? You’ll note that if you use the Server Manager or MMC to bring up the properties of the service that all the ones you want aren’t there:

That’s not helpful at all! A few blogs, including this one have pointed out that you can do a registry dump from a GUI-based install and that works fine, but for me that didn’t seem clean enough.

Well, I’ve sussed it, with the help of this Trainsignal article and their phrasing of:

Also, after installing SNMP in Server 2008, the SNMP option tabs will not show up until you have logged off and logged back on again. So, you won’t be able to configure anything until after you log back in. This has caused a fair amount of confusion in the field.

For Windows 7, Install the SNMP Management Tools (from Control Panel, Programs and Features):
Once you’ve done this you’ll need to log off and back on again and then when you open the dialogue box as before (via MMC or Server Manager) you’ll have all the fields.

For Windows 2003 and XP you can kind of see them anyway (on my system this yields a funny message, although seems to work).

Making a KMS in Server Core 2008 R2

There are LOTS of guides about how to make a KMS (Key Management Server) in Server Core 2008, but not that many about how to do it in 2008R2. The process seems to be much the same, but some of the guides have outdated switches and commands which do not work.

From your command prompt register your KMS key:
slmgr /ipk <your key>
Then attempt an automatic (over-the-internet) activation:
slmgr /ato
That should work. If it doesn’t (mine didn’t) then you need to perform a manual activation instead. First you need to get the installation ID:
slmgr /dti
Ring one of the Microsoft numbers and enter that huge number in six-digit-blocks as prompted, and then note the number it gives back to you in notepad or something similar.
Enter the activation code using:
slmgr /atp <confirmation code>

Finally, to check the status of your KMS server you can use

slmgr /dlv
slmgr /dli

I did all this and then got a GUI-version of 2008 R2 to contact the KMS perfectly, however for some strange reason my other Core 2008 R2 installs are not working yet…

Update: I finally got my Core 2008 R2 servers to activate, I was using the wrong key! You don’t use the same KMS key that you registered the server with, you use a specific “activate-me-against-a-KMS-key”, I found mine on this forum which claims they’re publicly available, but I can’t find out where! (Oh, another update, I found the official source for those keys) Either way, for 2008 Datacentre R2 the key I used was 74YFP-3QFB3-KQT8W-PMXWJ-7M648.

Thank you to Shariq Sheikh for your guide which helped a lot, and to Sander Berkouwer’s post which was also very useful. I would also like to thank Joachim Nässlander who is a bit of a Server Core expert and offered many helpful suggestions. He has created a tool for managing server core which I will review in another blog post, it’s called CCC and is available for download from his website.