Windows

Recommended antivirus exclusions for Hyper-V hosts

Posted on


If antivirus software is installed and running on a Hyper-V host, there are several exclusions and options that you should configure for optimal operation of Hyper-V and the running virtual machines.

Configure the real-time scanning component within your antivirus software to exclude the following directories, files, and processes:

  • All directories that contain VHD, VHDX, AVHD, AVHDX, VSV, and ISO files
  • The following default virtual machine configuration directory, if it’s used, and any of its subdirectories:
    C:\ProgramData\Microsoft\Windows\Hyper-V
  • The following default virtual machine virtual hard disk files directory, if it’s used, and any of its subdirectories:
    C:\Users\Public\Documents\Hyper-V\Virtual Hard Disks
  • The following default snapshot files directory, if it’s used, and any of its subdirectories:
    C:\ProgramData\Microsoft\Windows\Hyper-V\Snapshots
  • The following default Cluster Shared Volumes path, if you’re using Cluster Shared Volumes, and any of its subdirectories:
    C:\ClusterStorage
  • Any custom virtual machine configuration directories, if applicable
  • Any custom virtual hard disk drive directories, if applicable
  • Any custom replication data directories, if you’re using Hyper-V Replica
  • If antivirus software is running on your file servers, any Server Message Block protocol 3.0 (SMB 3.0) file shares on which you store virtual machine files
  • Vmms.exe

    Note This file may have to be configured as a process exclusion within the antivirus software.

  • Vmwp.exe

    Note This file may have to be configured as a process exclusion within the antivirus software.

Advertisements

Script to find UUID of RDM Luns in Hyper-V

Posted on Updated on


Run the below command in the Powershell to get the ouput in the text format.

get-cluster ‘custername’ | Get-VM | Get-HardDisk -DiskType “RawPhysical”,”RawVirtual” | Select Parent,Name,DiskType,ScsiCanonicalName,DeviceName | fl | Out-File –FilePath C:\temp\RDM-list.txt

How to rename the local administrator with Group Policy

Posted on


To improve security in your Active Directory domain, you should rename the administrator account because this lowers the risk of brute force attacks. Renaming the administrator account and resetting its password on all computers in your AD domain can be easily done via Group Policy.

Open the Active Directory Group Policy Management console, create a new GPO, and link it to your desired OU. Of course, you can also work with an existing GPO.

Linking a GPO to an OU

Right-click the new GPO or an existing GPO and select Edit. This will launch the Group Policy editor. Now, browse to the following Group Policy setting: Computer Configuration > Preferences > Control Panel Settings > Local Users and Groups.

Renaming the administrator account

As you can see in the screenshot above, right-click Local Users and Groups and then navigate toNew > Local User.

On the next screen, you select the user name you would like to use for the administrator account:

Selecting the user name

Select the following:

Action – Select Update.

User name – Select Administrator (built-in).

Rename to – Enter the new user name.

Full name – Enter your desired name.

Description – Add a description (optional).

Password – Set a new password (optional).

Check boxes – Verify that the check boxes comply with your company policies.

The GPO is now configured and can be deployed in your network. The refresh interval for computer settings is 90 minutes. If you want to apply the GPO immediately on a client computer, open a command prompt and type gpupdate /force at the command line.

Alternatively, you can reboot the computer. If you are finding that a computer isn’t applying the policy, simply run gpresult /r at a command line to see whether your new GPO is listed:

 Checking if the GPO has been applied

If it’s not listed or if you see a permission error message, go back to Active Directory Users and Computers and check the OU to which you have the policy applied. Also check whether the computer contains that OU. Perhaps the computer is in a different OU and therefore doesn’t pick up the policy.

Also check the GPO settings. In the Security Filtering section, ensure that the GPO is applied to Authenticated Users; in the Links section, verify that the correct OU is linked to the GPO :

GPO security filtering

If the policy is still not applied to some of your computers and you have checked all the above, then your domain controllers might not replicate the GPO properly.

 

Standard Windows Monitoring Threshold Parameters

Posted on Updated on


Confused with setting up Threshold Parameters on the Tools Server for Performance Monitoring?

Here are the typical parameters and the threshold limit with Warning, High, Alert levels with polling intervals. This will depend upon the SoW signed with the client.

Standard Windows Monitoring

RoD is nothing but Remedy on Demand.

How to configure a Dell iDRAC card without rebooting

Posted on Updated on


First of all download the Racadm tool from the this link. It is included in Dell OpenManage DRAC Tools. The Dell Remote Access Controller (DRAC) console is management station software designed to provide remote management capabilities for the Dell systems. You can remotely connect to the DRAC hardware and access the DRAC features either by using a web browser or the RACADM Command Line Interface (CLI). RACADM CLI is the command line user interface to the DRAC.

Syntax Usage

The following shows an example of a simple RACADM subcommand, getsysinfo, used with each RACADM utility. See the end of this article for links to documentation containing the full list of RACADM commands.

Remote RACADM

Remote RACADM commands must include the ip address or hostname of the idrac, and the idrac username and password.

racadm -r <ip address or hostname> -u <username> -p <password> <subcommand>

racadm -r 10.1.1.1 -u root -p calvin getsysinfo

NOTE: Remote racadm uses the web server SSL certificate of the iDRAC to authenticate the session. You will receive a warning message if certificates have not been configured or if the certificate is invalid. However, the command will execute normally following the message. If you wish to halt the command on certificate errors, use the -S option in the command. For information on configuring certificates on the iDRAC, see the user’s guide for your iDRAC linked at the end of this article.

Local RACADM

You do not have to specify the ip address, username, or password in Local RACADM commands.

racadm <subcommand> eg. racadm getsysinfo

racadm getniccfg

racadm setniccfg –s 172.17.2.124 255.255.252.0 172.17.0.5
or
racadm getconfig -g cfgLanNetworking
racadm config -g cfgLanNetworking -o cfgNicIpAddress 172.17.2.124
racadm config -g cfgLanNetworking -o cfgNicNetmask 255.255.252.0
racadm config -g cfgLanNetworking -o cfgNicGateway 172.17.0.7
racadm config -g cfgLanNetworking -o cfgDNSServer1 172.17.0.6
racadm config -g cfgLanNetworking -o cfgDNSServer2 172.17.0.5
racadm config -g cfgLanNetworking -o cfgDNSRacName ServerName-DRAC
racadm config -g cfgLanNetworking -o cfgDNSDomainName corp.company.com

SSH/Telnet/Serial (Firmware) RACADM

You do not have to specify the ip address, username, or password in Firmware RACADM commands.

racadm <subcommand>   eg. racadm getsysinfo

or

racadm <Enter> – takes you to a racadm>> prompt  eg. racadm>>getsysinfo

Raising a support case for ProLiant/Blades Series Servers, the step by step approach!

Posted on Updated on


Now a days HP has segregated the support types, the server support comes under Hewlett Packard Enterprise.

Select your product

HP ProLiant BL Server Blades

HP ProLiant CL Servers

HP ProLiant DL Multi Node Servers

HP ProLiant DL Servers

HP ProLiant MicroServer

HP ProLiant ML Servers

HP ProLiant Packaged Cluster Servers

HP ProLiant Scalable Systems

HP ProLiant WS Workstation Blades

HP Server tc Series

Or

if you are not able to find your product, check the below link to manually search the server model/ number in the Hewlett Packard Enterprise Products: eg. ProLiant DL360 Gen9

 

HP warranty and support

You will get log of results like below:

 

HP Support
Select the appropriate one, for me it is in yellow as above. Clicking it will land you to the product page as below. You will find Top issues, Most viewed solutions, manuals, Trouble a problem links which are very useful from troubleshooting point of view as all the known issues will be captured there. Apart from these you will find the latest drivers links with respect to the OS on the server etc. Most importantly, You can check the product warranty information from this page.

 

hp support page

 

Finally if the above of these do not help then you can raise case by clicking the below link. You need to create a HP passport login in case you do not have an account. HP Passport is a single sign in service that lets you use one User ID and password for all HP Passport-enabled websites.

Submit or manage support cases

hp support manager

You may also check existing ticket updates by providing the case ID.

I hope techies find it useful 🙂

 

Unable to view Roles and Features and receive error code 0x800706BE in Server Manager

Posted on


In this scenario, roles and features are not displayed with a yellow bang against them in the Server Manager window. You receive the following error message at the bottom of the Server manager if you try to open it:

Server Manager
Unexpected error refreshing Server Manager: The remote procedure call failed. (Exception from HRESULT: 0x800706BE)
For more information, see the event log: Diagnostics, Event Viewer, Applications and Services Logs, Microsoft, Windows, Server Manager, Operational.)

At the same time, the event below is added into the Microsoft-Windows-ServerManager/Operational log:

Log Name:      Microsoft-Windows-ServerManager/Operational
Source:        Microsoft-Windows-ServerManager
Date:          <date & time>
Event ID:      1601
Task Category: None
Level:         Error
Keywords:
User:          <user name>
Computer:      <computer name>
Description:
Could not discover the state of the system. An unexpected exception was found:
System.Runtime.InteropServices.COMException (0x800706BE): The remote procedure call failed. (Exception from HRESULT: 0x800706BE)
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)
at Microsoft.Windows.ServerManager.ComponentInstaller.CreateSessionAndPackage(IntPtr& session, IntPtr& package)
at Microsoft.Windows.ServerManager.ComponentInstaller.InitializeUpdateInfo()
at Microsoft.Windows.ServerManager.ComponentInstaller.Initialize()
at Microsoft.Windows.ServerManager.Common.Provider.RefreshDiscovery()
at Microsoft.Windows.ServerManager.LocalResult.PerformDiscovery()
at Microsoft.Windows.ServerManager.ServerManagerModel.CreateLocalResult(RefreshType refreshType)
at Microsoft.Windows.ServerManager.ServerManagerModel.InternalRefreshModelResult(Object state)

Here are the steps to fix the issue:

  1. Get the Microsoft Update Readiness Tool from the location: http://support.microsoft.com/kb/947821
  2. Run the Microsoft Update Readiness Tool on the problematic computer.
  3. You open the %Systemroot%\Windows\logs\CBS\Checksur.log file after the scan was completed.
  4. You check corrupt information in the files. Here are some samples:

(f) CBS MUM Corrupt 0x00000000 servicing\Packages\Package_for_KB978601~31bf3856ad364e35~amd64~~6.0.1.0.mum  Expected file name Package_for_KB978601_server~31bf3856ad364e35~amd64~~6.0.1.0.mum does not match the actual file name

(f) CBS MUM Corrupt 0x00000000 servicing\Packages\Package_for_KB979309~31bf3856ad364e35~amd64~~6.0.1.0.mum  Expected file name Package_for_KB979309_server~31bf3856ad364e35~amd64~~6.0.1.0.mum does not match the actual file name

Or

(f) CBS MUM Corrupt 0x800B0100 servicing\Packages\Package_for_KB978601~31bf3856ad364e35~amd64~~6.0.1.0.mum servicing\Packages\Package_for_KB978601~31bf3856ad364e35~amd64~~6.0.1.0.cat Package manifest cannot be validated by the corresponding catalog
(f) CBS MUM Corrupt 0x800B0100 servicing\Packages\Package_for_KB979309~31bf3856ad364e35~amd64~~6.0.1.0.mum servicing\Packages\Package_for_KB979309~31bf3856ad364e35~amd64~~6.0.1.0.cat Package manifest cannot be validated by the corresponding catalog

Or

(f) CBS MUM Missing 0x00000002 servicing\packages\Package_114_for_KB955839~31bf3856ad364e35~amd64~~6.0.1.0.mum
(f) CBS MUM Missing 0x00000002 servicing\packages\Package_83_for_KB955839~31bf3856ad364e35~amd64~~6.0.1.0.mum

Further down you will see:

Unavailable repair files:
servicing\packages\Package_for_KB978601~31bf3856ad364e35~amd64~~6.0.1.0.mum
servicing\packages\Package_for_KB979309~31bf3856ad364e35~amd64~~6.0.1.0.mum
servicing\packages\Package_for_KB978601~31bf3856ad364e35~amd64~~6.0.1.0.cat
servicing\packages\Package_for_KB979309~31bf3856ad364e35~amd64~~6.0.1.0.cat

These files need to be copied into: %systemroot\Windows\Servicing\Packages

  1. You first need to gain control over that folder. In order to do this use the following commands:

    takeown /F c:\Windows\Servicing\Packages /D y /R

  2. Now assign full control using following command. This will grant you full control over the directory:

    cacls c:\Windows\Servicing\Packages /E /T /C /G “UserName”:F

  3. Now you need to gather the missing or corrupted files from the checksur log:
    Download the KB files for the missing files.

    servicing\packages\Package_for_ KB978601 ~31bf3856ad364e35~amd64~~6.0.1.0.mum

  4. Unpack them using the following command:

    Expand -F:* UpdateKBXXXX.msu x:\DestinationDirectory

  5. After you expand you will see a UpdateKBXXXX.cab File. Expand it as well:

    Expand -F:* UpdateKBXXXX.CAB x:\DestinationDirectoryCAB
    Inside of this cab you will need to grab 2 files: update.mum and update.cat

  6. Rename the gathered update.mum and update.cab files exactly as they are in the checksur.log:

    Ex.: update.mum for KB978601 will be Package_for_ KB978601 ~31bf3856ad364e35~amd64~~6.0.1.0.mum
    Do the same for for all the other missing/corrupt files and place them into the directory specified in checksur.log (/servicing/packages)

After these steps the problem should be fixed. No reboot required.