2014
04.24

Here’s some interesting bits from the last few days that I have not blogged:

2014
04.24

In case you are wondering, I am not blogging everything I come across. Anything that is focused in my key interest areas goes on here. But there are LOTS of other things, and those lots of other things would take up an entire life to blog.

Others have done a good job blogging so why would I waste effort duplicating what they have already done. I tweet as @joe_elway and that’s where you will see everything that I recommend. I’ll link to news, System Center, security, news, and odd-ball stuff. And occasionally, I’ll go off one one Smile

I am also doing a lot of writing and blogging for the Petri IT Knowledgebase. You’ll find 2 long tech articles, 2 op-eds, and 6 KB articles, mainly on Microsoft virtualization and related areas, every month on Petri. My tech stuff has been “back to basics”.

No – I have not stopped writing on this site. This blog continues to be my primary place to write. It is a little quiet lately because there is not much new to write about. I’m continuing to add stuff about fixes, and you’ll continue to find articles on things I’ve learned in the lab or in the field.

I suspect we’ll have new product announcements at TechEd Europe in October (for the alleged “Threshold” releases in April) so expect the pace to pick up then! And I’ll be at TechEd USA next month and I’ll be doing my usual live blogging there. My focus will be anything hybrid cloud – there’s no point in me attending classic WinServ sessions because they were all done last year in one form or another.

2014
04.22

I did a rebuild of the Hyper-V hosts in the lab at work last week. I pushed out a bare metal install of the new ISO for WS2012 R2 with “The Update” (April 2014). I used SCVMM 2012 R2 UR1 to push out the image to the iDRAC cards on the Dell R420 hosts. Afterwards I used SCVMM to cluster the two hosts.

I don’t like SCVMM’s patching system – it’s very SMS 2003 R2, requiring waaaay too much clicking every month. I much rather use Failover Clustering Cluster Aware Updating (CAU). I fired up Failover Cluster Manager (FCM) on my central administration machine, and tried to configure CAU self-updating. And I couldn’t because I kept getting this error:

Failed to load ClusterAwareUpdating module on "<Node Name>"

Hmm. It took me a moment or two, and then I knew what was wrong. SCVMM enable Hyper-V OK. And it enables Failover Clustering. But SCVMM does not install the Remote Administration Tools … and that means the PowerShell module for Failover Clustering was missing from both of the hosts. There was no way to configure CAU on the hosts because the requierd PowerShell cmdlets were missing.

Into Server Manager and I enabled the following feature: Remote Server Administration Tools > Feature Administration Tools > Failover Clustering Tools. Now the cmdlets were there and CAU was fine.

Dear SCVMM, please enable the administration bits (or give us an option to do it) when you enable roles/features. Your patching sucks and FCM is much better at it.

2014
04.16

Microsoft Ireland is running a promotion in the months of April, May, and June for people in Ireland who download and evaluate either Windows Server 2012 R2 or System Center 2012 R2. Download any of the ISOs or VHDs for WS2012 R2 or SysCtr 2012 R2, or even use an Azure trial using the above links.

Once you do that you’ll get an email from Microsoft (check your junkmail folder). Send that email as an attachment to appireland@microsoft.com and send your feedback on the product in less than 140 characters. Alternatively, tweet a screenshot of your download with your live ID to @IEITPRO with this text:

Hey @IEITPRO I just downloaded #WindowsServer2012R2 http://technet.microsoft.com/en-US/evalcenter/dn205286

Each month through to the end of June 2014 someone will win an Xbox One and someone will win a Nokia 520. You can find terms and conditions here. Remember this is open only to residents of the island of Ireland.

2014
04.14

I was working on a customer site today on a new JBOD & Storage Spaces installation. It should have been a pretty simple deployment, one I’ve done over and over.  But a simple step couldn’t be done. When we tried to build a new Storage Pool (an aggregation of disks for Storage Spaces) the primordial pool and the blank disks would not appear in Server Manager or in Failover Cluster Manager. PowerShell was no use either.

My first suspects were the LSI SAS cards. After much troubleshooting we found no solution. And then, I was mucking about in Disk Management when I saw something. I could bring disks online but they came up with strange behaviour, especially for new disks.

The disks came online as GPT disks, without any initialization being done by me. And the disks were … read only. They actually had a status of GPT Protective Disks.

A quick google later and I had a fix:

  • DiskPart
  • List Disk
  • Select Disk X
  • Clean
  • Repeat

With a bit of work I could have probably PowerShelled that up.

What do I think the cause was? The JBOD manufacturer supplied the disks. A part of their offer is that they’ll pre-assemble the kit and test the disks – no two disks from the same production run are made equal, and some are a lot less than capable. I think the tests left the disks in a weird state that Windows interpreted as being in this read only position.

The clean operation fixed things up and we were able to move on.

2014
04.10

In case you have been hiding under an IT rock, the world of the Internet has been rocked by a vulnerability found in the widely used OpenSSL. MVP Troy Hunt has a good description of the vulnerability here.

The list of known vulnerable sites is a who’s who of the Internet. Interestingly, servers that run on Windows Server and use the native SSL features of IIS are not affected. Note that Windows Server and System Center use native IIS functionality. Microsoft has also confirmed that Azure is also not susceptible to this attack.

Hmmm, who else is out there that might be vulnerable? Who do many claim is more secure, but really they’ve been found lacking? Who had a breakout attack (maybe more than one)? Who had a weakness in the design of their virtual storage that allows a guest OS admin to read files (passwords) from the host? Which other virtualization company is susceptible to Heartbleed?

Hmm, would it be …

VMware?

Yup, if you have a recent product from VMware then your virtualization or cloud is vulnerable to attack. Got a public cloud based on vSphere? You are probably vulnerable.

The lesson here is simple: Building alleged enterprise-class software where no-one is responsible for trustworthy computing reviews is negligent. Who reviewed that code?

Now tell me that Microsoft makes insecure software … penguin lovers! Stick your hands up so we can send the men with nets after you conspiracy theorists or your bosses can identify the weak links in their IT departments.

Technorati Tags: ,
2014
04.10

Microsoft has released (another) update overnight (what a week!!!) that deals with a Hyper-V scenario. This one is for when a Hyper-V host may be unable to reconnect to the Windows Server 2012 Cluster Scale-Out File Server (SOFS) share after an unplanned failover of one of the SOFS nodes.

Once again, this is niche. I’ve done many graceful and ungraceful shutdowns of SOFS nodes (both virtual and physical) over the past 18 or so months and not seen this issue.

Symptoms

Consider the following scenarios.
Scenario 1

  • You deploy file storage by using Failover Clustering Scale-Out File Server shares in Windows Server 2012.
  • An unexpected error causes the Cluster service process (clussvc.exe) to stop.

In this scenario, you may receive I/O errors instead of failing over to a working cluster node.
Scenario 2

  • You deploy Windows Server 2012 Hyper-V hosts that run virtual machines that are stored on Failover Clustering Scale-Out File Server shares in Windows Server 2012.
  • An unplanned failover causes the Scale-Out File Server to move to another node.

In this scenario, the Hyper-V host may be unable to reconnect to the share. This causes the virtual machines to become unresponsive and to enter a critical state.

A supported hotfix is available from Microsoft Support.

2014
04.10

This new article from Microsoft refers to “Windows Server Backup running on the host operating system”, but I cannot say if this issue affects third party backup tools, DPM or not. REPEAT: DO NOT ASK ME – ASK MICROSOFT. Very often Microsoft has a bad habit of stating that a backup fix is for a scenario featuring a Microsoft backup product, but it really affects any tool backing up Hyper-V.

Symptoms

Consider the following scenario:

  • You have a Windows Server 2012 hyper-v host and a Windows Server 2012 guest virtual machine (VM).
  • You start Windows Server Backup on the host operating system.
  • You click Backup Schedule to start the backup schedule wizard and then click Next.
  • You select Custom on the Select Backup Configuration tab and then click Next.
  • You click Add Items, select host component and the guest VM, and then complete the wizard.
  • You restart the host operating system.

In this scenario, scheduled backup fails with event backup ID 517 and error 0×80780049.

“The Update” fixes this issue for Windows Server 2012 R2 Hyper-V and Windows 8.1 Client Hyper-V. A hotfix is available for Windows Server 2012 Hyper-V and Windows 8 Hyper-V.

If the problem is limited to Windows Server Backup then it will typically affect just small installations (1 or maybe even 2 hosts) and labs.

2014
04.10

Another niche scenario bug is fixed in this update by Microsoft, affecting the following Windows versions/editions:

  • Windows 8 & Windows Server 2012
  • Windows 7 & Windows Server 2008 R2

Symptoms

Consider the following scenario:

  • You have a computer that is running Windows 8, Windows Server 2012, Windows 7 Service Pack 1 (SP1), or Windows Server 2008 R2 SP1.
  • You create iSCSI connections to multiple iSCSI targets which are storage arrays.
  • There are frequent iSCSI session connections and disconnections, such as logical unit number (LUN) arrivals and removals.

In this scenario, a silent read/write data corruption can occur on an iSCSI LUN.

There is a bunch of links for downloading updates to resolve the issue, depending on your OS and architecture. See the original post by Microsoft for links.

2014
04.10

I’ve done LOTS of live migrations since the beta of WS2012 and through WS2012 R2, and I’ve put the hosts under significant pressure. I can’t say I’ve seen the issue that is discussed & fixed in this new article by Microsoft where a "0x8007007A" error occurs when you migrate a virtual machine that’s running on Windows Server 2012 R2 Hyper-V or Windows Server 2012 Hyper-V.

Symptoms

Consider the following scenario:

  • You have two Hyper-V hosts that are running Windows Server 2012 R2 or Windows Server 2012.
  • You use the Live Migration feature in Hyper-V to migrate a virtual machine from one server to another.

In this scenario, the migration fails. Additionally, a "0x8007007A" error that resembles the following is logged in the System log:

Log Name: System
Source : Microsoft-Windows-Hyper-V-High-Availability
Event ID: 21502
Level : Error
Message :Live migration of ‘VM_Name‘ failed.Virtual machine migration operation for "VM_Name‘ failed at migration source ‘Node_Name‘. (Virtual machine ID VM_GUID) Failed to save the virtual machine partition state: The data area passed to a system call was too small. (0x8007007A). (Virtual machine ID VM_GUID)

To resolve this issue in Windows Server 2012 R2, install update 2919355 (“The Update” via Windows Update). To resolve this issue in Windows Server 2012, install the Microsoft supplied hotfix.

2014
04.10

Microsoft has published a new KB article for when a Hyper-V virtual machine’s network connection fails if the "minimum bandwidth weight" setting is enabled in Windows Server 2012. The scenario where this happens is very niche (negligent bad practice, one might argue).

Symptoms

Consider the following scenario:

  • You have Virtual Machine Manager for Microsoft System Center 2012 installed on a Windows Server 2012 Hyper-V host.
  • You add a third-party virtual network switch extension to System Center 2012 Service Pack 1 (SP1) Virtual Machine Manager or to System Center 2012 R2 Virtual Machine Manager.
  • One of the following conditions is true: 
    • You apply the MinimumBandwidthWeight setting to the network of a Hyper-V virtual machine.
    • You use the System Center Virtual Machine Manager "high bandwidth adapter" or "medium bandwidth adapter" native port profile.

In this scenario, external communication from the virtual machine network fails.

A supported hotfix is available from Microsoft Support.

2014
04.08

The much talked about “Update 1” which is actually called “Update” (and can be thought of as Service Pack 2, after the big GA update) is out via Windows Update. And that’s it. You won’t get this update via WSUS, and downstream products.

And that’s because there’s a problem.

I applaud Microsoft for taking the following action to avoid breaking security patching:

Microsoft plans to issue an update as soon as possible that will correct the issue and restore the proper behaviour for Windows 8.1 Update scanning against all supported WSUS configurations. Until that time, we are temporarily suspending the distribution of the Windows 8.1 Update to WSUS servers.

So if you’re desperate for The Update then you can manually download it via Windows Update but forget about deploying it in business for the time being until Microsoft resolves the WSUS SSL issue.

BTW, if you are using Veeam to backup WS2012 R2 hyper-V then MVP Hans Vredevoort has important news of a hotfix from Veeam that you should read before approving The Update.

2014
04.08

It’s a busy day for fixes. This one is for when you run a Windows Management Instrumentation (WMI) script in a Windows Server 2012 cluster, the memory usage for the Wmiprvse.exe process increases over time.

The cause is this:

… issue occurs because the cluster WMI provider leaks basic strings or binary strings (BSTRs).

To resolve this issue, install update 2934016, the Windows RT, Windows 8, and Windows Server 2012 update rollup: April 2014.

2014
04.08

Waaaaay too many people have tried to test SOFS performance (and therefore SMB 3.0 as the medium and often Storage Spaces as the backend storage) by copying files and watching transfer rates. I have news for you: this is not what SMB 3.0 was intended for. File copies are chatty and inefficient. SMB 3.0 is for application data such as data streaming to/from a Hyper-V virtual machine or SQL database files.

I know that Microsoft got hit with this over and over and over and over. I know I’ve seen it on various social media types over and over and over and over and over. And people don’t listen or read. So Microsoft has a KB article.

Symptoms

Consider the following scenario:

  • You use Storage Spaces to create storage pools on a Windows Server 2012 or Windows Server 2012 R2-based failover cluster.
  • You have a file server or scale-out file server resource that hosts continuously available Server Message Block (SMB) 3.0 (or a later version) shares that are backed by the storage pools.
  • You try to copy large files from a Windows 8 or Windows Server 2012 computer to the continuously available SMB shares.

In this scenario, the observed copy throughput is significantly lower than what the connected network and storage system can support.

The fix is included in KB2934016, the big “Update” for Windows Server 2012 (and Windows 8 and Windows RT).

2014
04.08

Microsoft has published an elective hotfix that they want you to know about if you haveWindows Server 2008 or Windows Server 2008 R2 domain controllers and you are running Windows Server 2012 clusters.

Symptoms

You perform an authoritative restore on the krbtgt account in a Windows Server 2008-based or in a Windows Server 2008 R2-based domain. After you perform this operation, the kpasswd protocol fails and generates a KDC_ERROR_S_PRINCIPAL_UNKNOWN error code. Additionally, you may be unable to set the password of a user by using the kpasswd protocol. Also, this issue blocks kpasswd protocol interoperability between the domain and a Massachusetts Institute of Technology (MIT) realm. For example, you cannot set the user password by using the Microsoft Identity Lifecycle Manager during user provisioning.

Note The krbtgt account is used for Kerberos authentication. The account cannot be used to log on to a domain.

You may experience additional symptoms in a Windows Server 2012-based server cluster. Assume that you try to set the password for the cluster computer object in a Windows Server 2012-based server cluster. Additionally, assume that there are Windows Server 2008-based or Windows Server 2008 R2-based domain controllers in the environment. In this situation, you receive the following error message:

CreateClusterNameCOIfNotExists (6783): Unable to set password on <ClusterName$>

To resolve this issue, apply this hotfix on the Windows Server 2008-based or Windows Server 2008 R2-based domain controllers, and then create the Windows Server 2012-based server cluster.

Note You do not need to apply this hotfix if you have Windows Server 2008 R2 Service Pack 1 installed.

Cause

When a user requests a ticket for the Kpasswd service, a flag is incorrectly set in the Kerberos ticket-granting service (TGS) request for the Kpasswd service. This behavior causes the Key Distribution Center (KDC) to incorrectly build a new service name. Therefore, an incorrect service name is used, and the KPasswd service fails.

Note The expected behavior is that the Key Distribution Center (KDC) directly copies the correct service name from the Kerberos ticket-granting tickets (TGTs).

A supported hotfix is available from Microsoft.

2014
04.08

There are those who are negligent. There are those who tried to think Microsoft would never let this happen (some would say these deniers are also negligent). Today is the day that we finally reach the end of support for Windows XP.

Think about it; Windows XP was released in 2001. That is 13 years ago! How computers and usage has changed since then. Battery life wasn’t an issue. Attacks on security were different. Touch was a thing you did with a loved one (I hope that’s not your phone!). Roaming was when your phone bill rocketed (OK, that hasn’t changed much).

And Windows XP was also greeted with much derision. People were going to cling to Windows NT 4.0 with their cold dead hands. XP was even called “Windows Telly Tubbies” (after the default wallpaper) and “Windows Fischer Price” (FP instead of XP). Admins hated that things had move around. “Oh! imagine the amount of user training that will be required”. Sound familiar? It took the eventual end of support for NT 4.0 to force people to upgrade, eventually to Windows XP. And in the end, the world kept turning, the earth didn’t swallow us whole, and businesses kept ticking along. Hell, I did a project in 2003 where we blasted away Windows NT 4.0 & Office 97 with Windows XP & Office XP (before Office 2003 was out) and we did very little in the way of user training.

So, bye bye Windows XP … except for you laggards who are clinging to this now dead OS in your career graves.

And no, I don’t care to hear sob stories about “I must use XP”.

And while we’re at it, we’re also bye bye also to a range of other products:

  • Office 2003, and all the sub-components
  • Content Management Server 2002
  • Exchange Server 2003
  • InterConnect 2004 Standard (no idea what it is!)
  • InfoPath 2003
  • FrontPage 2003
  • Project Server 2003
  • SharePoint Portal Server 2003
  • Virtual PC 2004
  • Visio 2003
  • Windows Services for UNIX 3.5
  • And yeah, Windows XP Tablet PC Edition. Yah suckahs … tell me that Apple invented the tablet!!! Jean Luc Picard was getting all touchy feely long before Apple copied the tablet concept (admittedly making is actually useful).
  •  

    Technorati Tags:

    2014
    04.08

    Today, April 8th is when support for Windows XP came to it’s extended end of life. It’s now time for you to turn your attention to the next product in your portfolio that is going end of life.

    On July 14th 2015 Windows Server 2003 (W2003) and Windows Server 2003 R2 (W2003 R2) will be going end of life. This should be of no surprise; the information was shared publicly years ago. It will be 10 years since the release of W2003 R2, and 12 years since the release of W2003.

    How big is this challenge for customers? Or from the partner perspective, how big is this opportunity? Personally, I think it’s much bigger than the XP upgrade. There are several reasons. You’re not dealing with standardised builds.  I can’t find market share figures for W2003 but I have heard it said that over 50% of Irish servers are still on W2003 (an 11 year old server OS). And almost every one of those servers has a complex bespoke build that cannot be dealt with using the same levels of automation that we can bring to the desktop. And then there’s the processor architecture challenge.

    Migrating server workloads has it’s own set of complexities when compared to desktops. There are lots of workload specific tools to help with migration, and for most of you, that’s what you’ll be doing … a migration.

    The vast majority of W2003 installations are 32-bit. Microsoft’s last 32-bit server OS was Windows Server 2008. If you’re going to make a substantial effort, then it makes no sense to upgrade to an old OS (WS2012 R2 > WS2012 > W2008 R2 > W2008).

    Realistically, you should be moving to the newest OS that you can. Right now, that is WS2012 R2. You cannot upgrade from x86 to x64, so you’re looking at an opportunity to get fresh rebuilds using your experience at engineering the products that you are running (yeah – that’s a positive spin). In reality, upgrades are messy and bring forward old problems and corruptions. Fresh builds are always best.

    You might argue that a new version of Windows Server (2015?) is coming around April and that gives you a few months to upgrade. If that’s how you plan server migrations, then you’re going to be running W2003 long after support and patch availability ends.

    So get planning … NOW!

    And no, I don’t give a flying monkey’s about your old services that only support W2003. You and your employers need to either pressure those vendors or find a replacement. The world keeps moving, and those who remain static stay in the past and die.

    A number of other infrastructure products are also going end of life in the next year or so:

    • Compute Cluster Pack: 14 July 2015
    • Forefront Client Security: 14 July 2015
    • Host Integration Server 2004: 13 January 2015 (I haven’t heard of this one in years)
    • Internet Security and Acceleration Server 2004 Enterprise Edition: 14 April 2015
    • Internet Security and Acceleration Server 2004 Standard Edition: 14 October 2014
    • Microsoft Operations Manager (MOM) 2005: 13 January 2015
    • Systems Management Server 2003 and 2003 R2: 13 January 2015
    • Virtual Server 2005 and Virtual Server 2005 R2: 13 January 2015

    There are other things going end of life but I’ve stuck to infrastructure.

    2014
    04.07

    This post is about a situation where I was not able to remove a logical switch from System Center Virtual Machine Manager 2012 R2 (with Update Rollup 1). This scenario might affect other versions. And the fix might not work for everyone.

    I was removing a bunch of logical network stuff from VMM, just mucking around with different types of builds to find one that suited my needs in the lab. I came to delete the virtual switch (logical switch) from Fabric in the SCVMM console but it failed to go. The reason given was that there was a remaining dependency. I checked the dependencies but none were listed.

    Very strange!

    I tried everything I could think of. Then I gave my MVP friend Damian Flynn a shout to see if he’d seen it. He had (if Damian hasn’t seen it, then it doesn’t exist in VMM), but wasn’t able to remember exactly what the fix was. I suspected I’d be using PowerShell. Damian confirmed it. So we went “wandering” in SCVMM. I found a remaining VM Network. There is no inter-dependency with it and the logical switch, but I decided to delete it. And it wouldn’t delete because a physical computer network adapter was depending on it.

    That was strange – I had no hosts or physical computer hardware profiles left ,,, apparently. Time for PowerShell. Finding the verb-noun combination was easy. Damian filled in the –all for me. The following cmdlet corrected me.

    Get-SCPhysicalComputerNetworkAdapterProfile -all

    Interesting.

    I tried but it failed.

    Get-SCPhysicalComputerNetworkAdapterProfile -all |Remove-SCPhysicalComputerNetworkAdapterProfile

    Apparently a virtual network adapter depended on these physical NICs. Ah… now I knew what was wrong. More on that later.

    The next cmdlet confirmed my theory:

    Get-SCVirtualNetworkAdapter –all

    I removed that virtual network adapter with:

    Get-SCVirtualNetworkAdapter -all | Remove-SCVirtualNetworkAdapter

    Now I was able to run the following:

    Get-SCPhysicalComputerNetworkAdapterProfile -all |Remove-SCPhysicalComputerNetworkAdapterProfile

    Then I was able to remove both the virtual network and the logical switch.

    So what happened? My previously deleted physical computer hardware profile featured two physical NICs (with CDN defined – don’t know if that’s important for this situation). Those two NICs were teamed using a logical switch and uplink port profile, and a virtual management adapter was connected to the logical switch. That’s what my queries revealed: a virtual network adapter (the virtual management NIC) and physical network adapters. Both the VM Network and the logical switch were dependent on these resources.

    It appears that the process to delete the physical computer hardware profile left behind the physical NICs and the virtual management adapter, and the GUI didn’t have a way to present those stragglers.

    Thanks to Damian for his help … it proved to be a fine opportunity to run through my design with him. Doing Hyper-V networking via SCVMM is quite different to the much more flexible native WS2012 R2 PowerShell option.

    2014
    04.04

    MIcrosoft has posted an article for when the Hyper-V management console may display messages that indicate that the integration services (integration components) of a non-Windows guest are degraded and no formal support will be provided unless the integration services are updated.

    You may see errors such as:

    and:

    and:

    According to Microsoft the cause is:

    The various messages shown in the symptoms section occur because the non-Windows guest integration services may not always have the code to interoperate with the latest Hyper-V protocols. This is due to the fact that Windows release cycles are not in sync with the release cycles of other operating systems. As a hypothetical example, the latest Red Hat Enterprise Linux (RHEL) release may ship in January but the latest Windows release may ship in the following September. Between January and September, the Windows team may upgrade the Hyper-V protocols due to which the RHEL release shipped in January may have integration components that were written based on earlier Hyper-V protocols. Now, when a user tries to run an older RHEL release as a virtual machine on a newer Windows release then they may observe messages suggesting that the RHEL integration components are degraded.

    The resolution is a doozie:

    Users are hereby advised to ignore all messages and warnings that seem to indicate that no technical support will be provided because integration services for a non-Windows guest virtual machine are degraded. Microsoft will provide technical support even if when such messages are visible while running supported non-Windows guests on Hyper-V.

    Technorati Tags: ,
    2014
    04.03

    The first presenter is Scott Guthrie, executive VP of cloud and enterprise, in a red t-shirt as usual. He wants to talk about a strategy that uses IaaS and PaaS together to give customers the best of breed service. 44 new features and services will be announced in this keynote. 2 new regions in Shanghai and Beijing:

    image

    Huge growth:

    image

    Titanfall was a huge multiplayer game, powered by Azure. The game cannot be played without the cloud. >100,000 Azure VMs powered this thing on launch day. That’s incredible; I’d love to see the virtual network design for that. We get some stuff about NBC using Azure. Tuning out for a while – most people do that with NBC.

    New enhancements in Iaas:

    Virtual machines:

    • This week Visual Studio will allow devs to create/destroy/debug VMs in Azure
    • New support to capture images with any number of drives. You then can deploy easily from that image.
    • Can configure VM images using DSC, Puppet (?), and PowerShell.

    Mark Russinovich comes out. He demos Visual Studio to create VMs. Very easy wizard. He then runs PowerShell to create an image from a VM.

    image

    He then shows Puppet puppet master from the gallery. Luke Kanies of Puppet Labs. He gives a demo. Looks like it’s doing a lot of the service template concept that you get from SCVMM in the private cloud. Getty Images (huge pro stock library) dude comes out. They’re moving to Azure. They use Puppet for automation & configuration management. Now they can burst from their own data centre into Azure. Azure gives them Puppet labs and support for Windows & Linux VMs.

    Guthrie is back out. Also announcing:

    • GA of auto-scaling: Great for creating automated elasticity for services based on demand.
    • Dynamic routing: I wonder if this is the “iBGP dynamic routing with best path selection” that was talked about at TechEd in 2013?
    • Point-site VPN GA
    • Subnet migration
    • Static internal IP address: This is a big simplification requirement for deploying hybrid cloud.

    Moving on to PaaS. Azure Web Site service is one of the most popular services in Azure. And other PaaS stuff. I tune out.

    Looks like the IT pro stuff is done, as am I.

    Technorati Tags: ,
    2014
    04.03

    The Windows 8.1 Update, with changes to volume licensing, is bringing changes to the licensing of Enterprise Sideloading.

    Sideloading is where you can use a tool like Windows Intune to push a custom developed/acquired “Metro” app onto Windows without using the Microsoft Store. Note that Intune can also do this with iOS (free license) and Android (not looked into the licensing). The solution is nice. If the device is IT-owned, then IT enrolls the device. If it’s a BYO device, then the user electively enrols to Windows Intune via the Company Store app. And IT then publishes the custom app (and can link Store apps) to the portal that users can pull down. It’s basically a private app store for enrolled devices.

    Prior to May 1st 2014, Enterprise Sideloading requires per-device licensing. And it’s pricey. In fact, it’s only sold in blocks of 100 devices. When you compare that to the free option from Apple, then that iPad or iPhone looked cheap when you needed to push sideloaded apps to your devices. This made Windows devices expensive and the 100-minimum purchase was a blocker for smaller deployments.

    That all changes on May 1st 2014. According to a blog post by Microsoft:

    In May, we will grant Enterprise Sideloading rights to organizations in certain Volume License programs, regardless of what product they purchase, at no additional cost. Other customers who want to deploy custom line-of-business Windows 8.1 apps can purchase Enterprise Sideloading rights for an unlimited number of devices through Volume Licensing at approximately $100. For additional information on sideloading licensing, review the Windows Volume Licensing Guide.

    The Windows 8.1 Volume Licensing Guide goes on to say that the following editions of Windows can sideload:

    • Windows 8.1 Pro Update (that’s Windows 8.1 Pro with the Windows 8.1 Update, by the way)
    • Windows 8.1 Enterprise

    The machines must be domain joined and have a policy setting enabled. That setting is Computer Configuration > Administrative Templates > Windows Components > and then App Package Deployment > Allow all trusted apps to install [TRUE].

    Back to the licensing

    Customers can also enable Enterprise Sideloading of trusted Windows 8.1 apps on Windows RT 8.1 or Windows 8.1 Pro and Windows 8.1 Enterprise devices that are not domain-joined by using a Volume Licensing Multiple Activation Key (MAK).

    OK, what does this all cost? If you are signed up to one of the below licensing schemes then Enterprise Sideloading will be free from May 1st 2014:

    • Enterprise Agreement
    • Enterprise Subscription Agreement
    • Enrollment for Education Solutions (under a Campus and School Agreement
    • School Enrollment
    • Select and Select Plus

    Other customers who want to deploy custom line-of-business Windows 8.1 apps can purchase Enterprise Sideloading rights through the Open License program as of May 1, 2014. These rights include the ability to sideload on Windows 8 and Windows 8.1 devices. MAKs for these customers will be made available through the VLSC.

    This license will be $100 for an unlimited number of devices.

    So in short:

    • The ability to distribute custom apps via Enterprise Sideloading is added to Windows 8.1 Pro via the Windows 8.1 Update.
    • The license for Enterprise Sideloading is free to those larger customers that are enrolled to an applicable large customer volume license agreement.
    • Anyone else can get the Enterprise Sideloading license for an unlimited number of devices for $100 through an Open volume license program.

    Good news, I would say.

    Technorati Tags: ,,
    2014
    04.03

    As I’ve already stated, the “Update” that has so-far been called Windows 8.1 Update (sometimes Update 1) is also applicable to Windows Server 2012 R2. What does this include?

    • Cumulative update: All of the post-RTM updates are included
    • Bug fixes: Lots of elective hotfixes that Microsoft releases but are not distributed through Windows Update
    • Enterprise Mode for Internet Explorer: I hope you don’t browse on your application servers or Hyper-V management OSs! This one is important for RDS session hosts, and offers backwards compatibility for IE11 (simulating IE8).
    • Active Directory fix for Office 365: To enable sign-on using an O365 email address, again for RDS.
    • The updated UI experience: No this is not the Windows xNext experience. This is the Update’s updated experience. Again … intended for RDS session hosts.

    The bug fixes are particularly important. I think there might also be updates in there that have not been publicly released yet too.

    Use the MSDN download to do your testing. And then when ready, wait a week or two, and let someone else do the production testing for you. If the blogosphere and IT news remain clear, then approve the update(s) and let rip!

    As I said yesterday, there is also an updated ISO containing WS2012 R2 with the slipstreamed updates.

    Technorati Tags:
    2014
    04.03

    It appears, judging by Twitter, that lots of people haven’t been following my tweets or reading the stories by Mary Jo Foley and Paul Thurrott. So let’s clear up what is happening in the upcoming updates.

    Windows 8.1 (and Windows Server 2012 R2) Update

    On April 8th, via Windows Update, you will be receiving updates to:

    • Windows 8.1
    • Windows Server 2012 R2

    These updates (6 in the package) will both prepare and update the UI of the OS. These updates are small UI changes to help non-touch users get a better experience. Instead of me wasting bandwidth, go read the comprehensive review by Paul Thurrott.

    A less mentioned change is that this update will change how enterprise sideloading works. This feature allows you to push apps by bypassing the official Microsoft app store. I haven’t seen the specifics that I’ve been briefed on printed in the public so I won’t say much more, other than, it’s a great news story with cost reductions.

    Windows vNext (Windows 9 or Windows 8.2)

    The big changes are coming in the next version of Windows in 2015. These include the return of the Start MENU and the ability to run Universal Windows Apps in windows on the desktop.

    What we know about licensing is that:

    • Windows IoT (Internet of Things): A new micro-device OS edition will be free.
    • Sub-9” devices: Windows for mobile devices will be free.

    Both of these moves are to encourage OEMs to produce using Windows and to give you cost-competitive devices.

    Nothing else is known. However, I continue to advise buying Software Assurance (in the biz) via EA (enterprise) or OVS (small/medium biz) for at least:

    • Server OS (it’s cheaper if you use virtualization, and license per host like you should be)
    • Any server CALs (Windows Server, RDS, etc)

    Why? ….

    Will The UI Updates Be Back-Ported To Windows 8 or Windows Server 2012?

    No.

    Does any software business do this? You see Apple doing this? Does Google do this for Android? No.

    Pay attention to licensing experts next time around, and get that Software Assurance if you don’t want to be left behind. Feeling screwed? Pity, because you probably screwed yourself by locking yourself into a single version of software.

    2014
    04.02

    The update formerly known as Windows 8.1 Update 1 is available on MSDN now as a slipstreamed build called Windows 8.1 with Update

    image

    There is also something called Windows 8.1 Industry Update that appears to be the non-slipstreamed update for existing installs.

    image

    Some may have forgotten, but Windows desktop and server share the same code base, even if they live in different groups within the org chart in Microsoft. Windows Server 2012 with Update is also available on MSDN:

    image

    The Windows 8.1 non-slipstreamed update should also install on existing WS2012 R2 installations.

    I was told by Kirill Andrienko that the ill-fated TechNet also has the updates.

    image

    2014
    04.02

    Myerson is back on stage. Now we get some futures – stuff that is coming but not soon. The next topic is Xbox (television). Universal Windows Applications will be able to run on the Xbox (One I guess). This app can also use Kinect from a single set of source code.

    Kinect v2 for Windows is being updated to match the Xbox One. 1080p camera with wide field of view for a much smaller room.

    The Xbox graphics platform is coming to DirectX 12 and will now also be on Windows Phone and Windows.

    Now onto the next buzzword: the Internet of things. We see an Intel Quark chip (a full x86 system on a chip) which is the size of the nail on your little finger. Basically, it’s a tiny PC. He now logs into a “floor piano” (think Tom Hanks in Big) that is a PC. Belfiore is back to play the piano. We see a live debug of the data stream on the PC/piano.

    image

    They also visually present the data on an Azure app.

    image

    Now on to Windows. They are not announcing Windows 9. But they are going all-in on the desktop experience. Universal Windows Apps can run in a Window. The Start Menu will be back.

    image

    When Windows IoT (Internet of Things) is available it will be available for $0.

    Windows is available now for devices smaller than 9” for $0.

    Now up, Nokia ex CEO Stephen Elop, the man who will run Micosoft devices. Lumia Windows Phone 8 devices will get better with Windows Phone 8.1. The next generation of Lumias are being announced. I’ll tune out a bit here.

    Elop now introduces Satya Nadella, who is dressed comfortably in a t-shirt. He makes the big pitch to developers. He talks about ubiquitous technology and ambient technology and the integration with cloud.

    image

    The DPEs previously went out to get questions for Nadella to answer. Let’s see if he deals with the tough ones or not.

    Q) Why build for Windows?

    A) You want to build for Windows because we are going to innovate. We are not coming at this as the incumbent. We are coming at this from many directions – hardware, services, platform, etc. They will keep pushing. Some USPs by bringing IT pros, devs, and users developers – the magic of the Windows platform. Second big attribute is to create an expanding developer opportunity. Apps can run across all device kinds and in the desktop in the near future. That’s a huge potential market. Don’t forget that there are hundreds of millions of PCs sold every year, and 1.5 billion Windows users out there. And Windows rules the enterprise.

    Q) Will apps developed on Windows run on other platforms?

    A) His answer suggests he gets this: crazy to abandon code. He talks about the integration with 3rd party libraries (Unity, Xamarin, and more)  for cross-platform coding.

    Q) Most are using iPads or Android tablets and not Windows tablets.

    A) There are multiple dimensions of competitiveness. Hardware, platform, price, and apps are those dimensions. Partners are producing a range of devices from low- to high-end. MSFT will innovate Surface. A new touch Office is coming. The key competitiveness is “how do users use the tablet in their device family?”. MSFT want to provide developer consistency and user consistency – a USP.

    …. and there were more dev focused questions.

    That’s all folks!

    Get Adobe Flash player