Powershell & WMF v5 Preview – Get me the package with OneGet

Hey there ,

After a while of being quiet time has come to finally write down some interesting technical information.

For those who follow technet blogs you might have already seen the extremly interesting blog entry about publicly available preview version of Windows Management Framework v5.

Why would this be soooooo interesting from administration and automation ?

It brings improvements to Powershell DSC and Network Switches cmdlets. However we will focus on feature included in module called OneGet

What is OneGet you would ask ? Quoted from MS

OneGet is a new way to discover and install software packages from around the web. With OneGet, you can:

·        Manage a list of software repositories in which packages can be searched, acquired, and installed

·        Search and filter your repositories to find the packages you need

·        Seamlessly install and uninstall packages from one or more repositories with a single PowerShell command

Isnt that just great ?! However there is a small catch here… It will run only on Server 2012 R2 or Windows 8.1 Enterprise & Pro

So just to make some test I have installed it on windows 8.1 client. It has installed without any additional software needed or reboot requirements.

Importing module and getting available commands shows below screen :

OneGetPreview01_1_

Now – since that Win8 is a fresh install I like to use other than build in zip app. Especially 7zip. So we just issue command to find something like “zip”

OneGetPreview02

 

Great ! We have found more than one. So lets choose the 7zip package and install it.

OneGetPreview04

The above error you will see if your execution policy is not configured from “default” restricted. So we quickly change it and within current scope user we set it to remotesigned

 

 

OneGetPreview05

Now after this change we can run the command without any problems

OneGetPreview06

 

And voilla package installed and software is ready to use! How awesome that is ?

At this moment only one repository is available but I would presume this number will grow (maybe even own sources at premises will be available? ) which will give IT Pros great tool to automate many tasks.

 

Leave a comment what you think about this!

 

 

 

 

Tagged with: , , ,
Posted in PowerShell

NTLM SAML bridge with F5 Access Policy Manager

F51

Hey ,

In the current days we have more and more demand coming from our users to provide unified experience when accessing resources. By that I mean i.e. “not typing the same username/password” , “having one synced password across systems”

F5 as load balancer and SAML + a bit of customization and voilla :D Friend of mine has blogged about his solution to provide such a thing.You can read more by going to his blog (link directly to his post)

The abovementioned has a great potential for further expansion. Looking forward to hear from you within this subject!

Tagged with: , , ,
Posted in Active Directory, News

Top Support Solutions for System Center 2012

troubleshooting

Recently on Technet they were posted quite useful guidelines in regards to troubleshooting System Center.

Also the following is available : 

Personally I think its great that this way it has been published and hope for more documents (links) like the aforementioned ones!

 

Enjoy Troubleshooting

Tagged with: ,
Posted in All about..., News

Active Directory – Replication problems after domain functional upgrade

LOGO_ActiveDirectory

After making domain functional upgrade to Windows Server 2008R2 a replication issues has occurred. Odd enough it has manifested itself only between 2 servers and only in specific direction.

 

Running repadmin command showed the following issue :

The encryption type requested is not supported by the KDC.

 

When running dcidiag it showed really strange message in form of : “RPC server unavailable”. Well this was far away from truth as both servers were online and reacheable,Directoryt services were running and telnet showed full connectivity (both ways) .

 

Solution to this one was to reboot both of the servers and then manually trigger replication from ADSS and that “really” has solved this problem. Ppl on internet do mention that KCC service needs to be restarted after domain upgrade but in my case it did not help.

Tagged with: , , ,
Posted in Active Directory

Active Directory – Get user last logon time being “tricky”

LOGO_ActiveDirectory

So you have been probably faced multiple times with situations when you had to determine user last logon time.

You would think how easy it is …. but wait! AD is tricky about this and this is why :

we cannot use lastLogontimeStamp as it will be 9-14 days behind the current date (quite interesting reading here http://blogs.technet.com/b/askds/archive/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works.aspx )

o we would just query for LastLogon (dsquery inactive ?) ? Well lastLogon attribute is not replicated throughout the domain (http://msdn.microsoft.com/en-us/library/windows/desktop/ms675155(v=vs.85).aspx ) – so we would need to run query for inactive users on every domain controller within our environment and then consolidate results :D ?!

If you have a different approach to this situation I would be keen to read this (post a comment)!

Tagged with: , ,
Posted in Active Directory

Powershell – LDAP query using DirectoryEntry

If you are querying LDAP  - and would need attributes in nice form of Object with properties assigned take a look at usage of DirectoryEntry and Powershell with use of PSObject

 

Tagged with: , ,
Posted in .Net, Active Directory, PowerShell

Powershell with .Net – Validate domain credentials

Hey ,

Some time ago we have been validating credentials against local machine  <LINK> and with a really small modification of context and adding parameter for domain we can do the same within Active Dirtectory.

 

 

 

Tagged with: , , , ,
Posted in .Net, Active Directory, PowerShell

SCOM Authoring MP – Part 1 – Getting the idea

Hey ,

So I wanted to welcome everyone back after a really long period of time of “silence”. This was caused both by personal and work reasons (workload , projects etc.) however now things straightening back again so time has come to catch up on huuge backlog :D

As promised in our last informational post I will be introducing how can you make “smart” and “scalable” monitoring of your environment. As I do not find my self as “guru” cause every day is a school day – if you pick up on things that can be done better or totally redone :D let me know !

Idea:

So someone could say something simple in line of “YEah ! lets just monitor our environment! ” – but people who worked with implementations of those solution knows exactly that we must define business requirements and translate them into IT :)

Now here I wont be able to help you much as every business will have different requirements – some of them will want to know every bit and piece  of what happens to client and some will want advanced business logic based on SOA

Prerequisites:

There are some pre-reqs before we go ahead. Those are

  • Visual Studio 2012/2013
  • Visual Studio Authoring Tools

 

Designing monitoring:

When accessing this phase think of accumulating information from different sources. By this I mean go and have a coffee with the Networking Guy! Query network layout , capacity , firewalls , single points of failures , redundancy.

This is quite important – because your monitoring is upper layer on top of the physical layer :D

With this information comes the part of envisioning how it will be doing it job! Idea is simple – our dev (not me this time :D ) exposes me webapis which returns me XML (or JSON) formatted file that based on serialnumber contains information what needs to be monitored!

Why like that ?! Because :

  • A lot of times I would be renaming servers – and I need something unique that will continue monitoring even when server would be rebuild !
  • Scalable solution so – after the server is installed it gets default set of monitoring… :)
  • Extensible – as with not a lot of work – I can easily add or remove monitoring per server/location/office
  • Manageable – I expose control over what and how is monitored without changing my MP :)

*If you think this can be addressed in a better way please leave a comment :)

 

The aforementioned JSON/XML file will (this one is for LAB purposes only) have similar structure to this one :

ScomAutoJsonFile01

 

 

Knowing the next steps:

So as you have seen based on dynamic and scalable information I shall be creating the Management Pack. Depending on each of the components we will start with root and will drill down our way down. So starting with classes and discoveries we will be checking if the process is reliable and needs extra tuning. Then we will move to data sources and feeding our monitors based on the data .

When this we will have in place we will focus on health rollups and stabilization of our solution!

 

Before we go ahead there is a mandatory reading that you should look at HERE

 

So hope this short introduction will get you interested :D Stay tuned for more !

 

Tagged with: , , ,
Posted in SCOM

The future of IT is here ….

Hey ,

Throughout last month (or maybe even longer) it has been extremely busy and I honestly had no time to post anything. Well today I decided it cannot be longer like that and I would like to give you some more info on what we shall be working (or reading) throughout next couple of months.

Partnership …

I’m happy to announce that ITX Solutions has now established partnership along with http://www.PalaszSoftware.com  and http://www.Cloud-Servic.es

We look forward working with our Partners to get the best for you !

 

Backlog ….

At the point of writing I must admin there is some outstanding backlog that annoys me :( therefore the following posts will be finished in first line

- Active Directory Password filter : Part 2 which will cover clarification of work we are doing along with our partner http://www.palaszsoftware.com to deliver a great and salable solution to all of you there!

- WPF in SCCM task sequence : Part 2 which will continue the customizing of you OS deployments with UI interface that is worth of atttention!

- Credential Provider : Part 2 will be just “wiki” with the most useful links and resources I have gathered through time that should get you going. Also I will try to make points of attention what I have learned during the process of     creation of one :)

 

Cloud ….

As we see big shift in the markets and potential great benefits in cloud solutions along with 2 of our partners (http://www.palaszsoftware.com and http://cloud-servic.es)  we will be trying to show you what can you get from the cloud and how easy it is to integrate and expand your infrastructure making it rapid and scalable!

 

Scom …

Recently I have also put a lot of learning and implementation scenarios into SCOM monitoring system. I have to say that this has great potential and therefore I have decided to create SCOM  be hero learning series in which I will be making detailed guides how to customize monitoring within your enterprise.

 

 

So there it is! We will be working towards the points mentioned above – so stay tuned for new posts !

 

 

 

 

 

Tagged with: , , , , , ,
Posted in All about...

SCCM 2012 – WU agent and error = 0×80244018

If you experience similar error and log says something like

And you use your proxy in environment then check if the service point is not set in upper case. As this was causing clients to be directed via proxy to our SCCM server which of course would get denied.

 

Tagged with: , , ,
Posted in SCCM

Powershell – Monitor page response time using C# code and custom proxy

So it happen to me that I had to quickly monitor page response time. Now – there would be no problem if I would not need to specify custom proxy. Therefore I have decided to use C# with Powershell and this is what i have come with

And voilla ;) quick results without problems.

 

Of course this can be done with new-object commands in Powershell , however I already had it in C# and didnt want to reinvent the wheel

Tagged with: , , ,
Posted in .Net, PowerShell

SCCM 2007 & SDK – Troubleshoot “Failed to resolve selected task sequence dependencies” and pulling data from wrong DPs

It happens so often especially in complex environments that package is not distributed to a DP or that client is downloading the content during Operating System Deployment/Application deployment from wrong location or location that we don’t want the client to download from.

We then get something similar to image below – or download takes 48 hours when downloading WIM file in Australia from London ;)

ContentLocationWizard2007

Internet is full of posts how to troubleshoot and what are the potential reasons (boundaries,hash etc). Well great :) then if you have big and dynamic environment how would you evaluate whats going on ? Answer is quite simple. You would ask SCCM “Where do you take your package from ?” :)

In order to do that we will be using SCCM SDK and Visual Studio(Express version can be downloaded from MS site for free) . Therefore you may download it from the following link . After downloaded install(choice of install location is totally up to you) and explore to folder where installed. You should see something similar to the following image:

SCCM2007_SDKFolder

 

 

Now – according to Microsoft’s documentation in order to use Management Point API you would need to go through compilation headache but since we don’t want to reinvent the wheel , you can just download zip file containing file that I have created.

Step 1 – Understanding … ;)

It might sound trivial … but are you sure you can explain how does SCCM client finds content ? Do you know at which logs you should look when you want to get that information ?

If you have answered on both questions “Yes” that’s great ! if not – let me just give you highhhhh level info. When client need to get its content it will contact MP to obtain list of location. When its contacting Management Point it sends message that in XML looks following

Based on that information MP will reply to client with  (from SDK documentation)

 

Besides that – content troubleshooting is really good explained here - I recommend getting familiar with this blog post.

 

Great – that is something we can work with ! :)

 

Step 2 – Preparing to create the code  …

 

Next start your Visual Studio (for purposes of this demonstration I will be using console application , but choice of the project type is totally up to you again :) ) – there is a restriction however – you MUST USE .NET 2.0

 

ContentLocationVSStart

 

 

Next in solution explorer you need to add reference  to the file you have downloaded which will allow us to communicate with Management Point of SCCM which is called SmsMsgApiNet.dll

 

Next we will add required pieces of code together :

Step 3 – Coding ….

The required assemblies are (well not all of them – but for this demo you can just do copy paste)

 

Add message objects

 

Well the next one is just lazy programming of mine in this case , so apologies here :(  The string manipulation for  XML can be of course done differently , but thats something I leave to you.

String for location request

 

Prepare to send the message

 

Send the message with appropriate settings

 

Just write the result

 

Step 4 – check out the results…. and improve them !

Now the above has returned result which will look similar to the following

 

However – this data is contained in string – so doing with it (anything) would be a road through hell. Good thing is that we can take those results and save it as XML. Then using XSD we can create xsd file. And finally having that we would be just able to create ourselves reusable class for future operations.

The class file is attached to download in this blog file and is called reply.cs

The change to the code you need to do is following

And if we now look at the response in VS we have something similar :

SCCM2007_ContentLocWithClass

 

With having that – it can be base for troubleshooting of content location problems and quick answer where does the content comes from. For people that would like to get more out of it – with class it is completely reusable and allows you to build custom solutions (programs , services , webpages) that would allow to help you in your daily tasks.

 

For others interested in SDK here are some links that might be very useful:

http://social.technet.microsoft.com/Forums/systemcenter/en-US/f8285396-116c-4fc7-9f1b-a10f5dbd316f/need-example-for-management-point-interface

http://social.technet.microsoft.com/Forums/systemcenter/en-US/4719f56b-03d5-4afa-a211-6ea48e23e942/client-registration-message-xml

http://msdn.microsoft.com/en-us/library/cc144347.aspx

http://blogs.msdn.com/b/lucian/archive/2008/11/15/where-are-the-sdk-tools-where-is-ildasm.aspx

http://blogs.msdn.com/b/rslaten/archive/2006/06/28/how-to-submit-discovery-reports-to-an-sms-2003-management-point-using-the-mp-api.aspx

http://blogs.technet.com/b/configmgrteam/archive/2010/01/14/troubleshooting-client-content-download-in-configuration-manager-2007.aspx

 

 

In the next blog post we will do the same – but this time for SCCM 2012. In the meantime if you have any suggestions for the above – leave a comment

 

 

 

 

 

 

 

Tagged with: , , , , , ,
Posted in .Net, SCCM

SCOM 2012 – Monitoring Trend IWSVA (InterScan Web Security Virtual Appliance) availability to access internet

**Please be adviced that this is not official and supported method of monitoring – changes you make to your production infrastructure and potential damage if any are with you. **

 

Hey ,

So in this post we will focus on quite interesting challenge which is monitoring of your proxies with SCOM 2012. Out of the box that monitoring is not possible at all. However after doing some “try/catch”  I was able to get them on board.

 

So how does end result looks like ? Well really nice – as we monitor for ability to access internet – as those proxies have tendencies to just not do their job sometimes – it is quick and reliable.

SCOM_Trend_Dashboard

 

For the safety of all of us I had to remove some sensitive details of the above ;)

 

So whats covered here and what’s not ?

  • This article solely focus on adding and customizing monitoring for Trend servers in SCOM2012 
  • I do not cover the basics like setting up agent accounts and resource pools – there are many articles there and I think there is no need to reinvent the wheel ;) So I assume you environment is ready for UNIX monitoring.

 

Step 1 – Adding host to SCOM 2012 : attempt 1

So let’s try to just add our trend Micro host to SCOM monitoring. This should go smoothly by just doing discovery and installing agent…. Before we will do that I would recommend enabling debugging on your SCOM server. This is done by creating empty file called EnableOpsMgrModuleLogging in C:WindowsTemp

Doing above gives you extra information on discovery

SCOM_DebugOnDiscovery

 

So let’s now get back and run the discovery to add out Trend Proxy server. Discovery runs and we get the following information (or similar – depends on your Trend environment)

UnsupportedTrendOS

 

 

The important part here is the Operating System which despite it says it can install agent – will not be supported. So let’s make it supportable ;)

 

Step 2 – Tweaking Trend IWSVA

I have taken the following steps

  • Made sure proxies are resolved (reverse DNS resolution) as netbios names – so I dont get issues with certificates 
  • I have created Powershell script using .Net SSH library to do the hard work for me

    This has opened TCP connection for WSMan , changed OS Name and made a backup of that file if we would like to revert the change
  • Make sure that when you are running command

    you do not get FQDN otherwise installation will fail

 

Step 3 – Adding host to SCOM 2012 : attempt 2

Now we can easily add the host to SCOM as it will be discovered as CentOS.  When you are finished running discovery you can view one of the logs mentioned above for discovery debugging to see similar to following

And voilla ;) ur done. Now its only setting up monitor.

 

Step 4 – Command line to use in 2 state monitor

I have been looking at various options for checking if the proxy is up and running. The best of the options was to use the following command in 2 state monitor

Anything else than 0 should be your error state.  I have set mine to run every 2 minutes as users seems to be quite sensitive about internet access

 

 

Tagged with: , , , ,
Posted in SCOM

Powershell – Query DNS using WMI

Hey,

So just a quick post how can you query DNS using WMI. I had to use that method while working with PS earlier than 3.0 (or these days 4.0)

 

 

Tagged with: , ,
Posted in PowerShell

SCCM and .Net – Part – 1 Goodbye HTA , hello WPF/Windows Forms in Windows PE !

So in SCCM 2007 when you wanted to interact with user during the task sequence you would probably either use scripts or write your own written (or downloaded) HTA.

Example of useful HTAs (keep in mind – im not saying its bad to use it ;) ) can be found under following link

HTA_WN01

Now those had certain limitations and not all of them could easily do what you really wanted :) However when SCCM 2012 SP1 CU1 ;) came to the game the whole situation changed. With come of powershell and .Net we can now do much more.

As the technology grows the demand just gets bigger for applications that have a look and feel and on the other end that can do much more.

 

Getting required parts

Considering that in Windows PE you do not have to worry about session isolation (as every program running is shown to the user) we can design something of our own. For this purposes I will be using Visual Studio 2012 (you can download express version from here)

As we all know that Task Sequence Variables are essential in Operating System Deployments I’m sure you would like to use them. For that we will need to extract on of the libraries from our boot image. In order to achieve that you need to mount (or use any other means of accessing files in your boot image) to extract TSCore.dll

Once done we have to extract a specific library from that file to be able to use it in our future projects called TSEnvironmentLib.dll

In order to be able to do so you must use  Tlbimp.exe (Type Library Importer)

You could say at this stage “Seriously ?! I need to go through all of that effort to  get single file ?”  – asnwer is nope – you dont have to reinvent the wheel :) I have done that and you can simply download the file here

 

The above should get you the following file that we will use in our project

TSEnvLibFile01

 

Making sure SCCM can handle it

Well ok – so we now have the parts we need to create something interesting for our deployments. But before we go on and spend some time lets make sure SCCM is ready to operate with us.Requirement (the really needed one :) ) is that we have .Net in our Windows PE environment. Open properties of your boot image and check the additional components installed.

BootPEComponetsNet01

If by any chance you would be missing this in order to continue you need to make sure the following component is installed and that your images are refreshed (redistributed) to your distribution points

 

Building the project

So lets start by creating our new application.Open visual studio and create new project. The project I’m going to use will be in C# (if you use live VB you will need to port it by yourself) . Make sure .Net version is 4

WinPENetapp01

 

 

Just after you have created you project you will be presented (the view may be different depending on your view settings) and will be your starting point for building your interface

WinPENetapp02

 

 

Now in the solution explorer we have to add required references – in this case we will be adding our DLL we discussed above to modify variables in our task sequence.So right click References and select Add Reference…

When new windows is opened browse to location of your DLL and confirm adding it. When succesfull you should see the following in your references (under solution explorer)

WinPENetapp03

 

Now it is time to add some controls and logic into behavior we expect.I will add textbox control and two button controls so my form will look something like that (for purposes of demo I’m not changing default naming of controls):

WinPENetapp04Now just to explain behavior of this form:

  • Button1 is used to display current value of Task Sequence variable OSDComputerName
  • Button2 is used to setcurrent value of Task Sequence variable OSDComputerName
    with value from textbox
  • Textbox1 is used to get user information for the desired computer name

 

Now as we need to program button behaviors we will start with Button1. Do that by double clicking on it. It should automatically open code for event that is triggered when button is clicked.The code will be similar to the following

As you can see it has created method for us called private void button1_Click(object sender, EventArgs e) which will allow us to react on button click action.

 

Before we continue there is important thing to do – we must include reference to our added DLL file. Add this after last using statement

Now modify the constructor with initializing the interface for Task Sequence variable operations

I have assigned name of TSENVVAR to the initialized interface. With that we will now be able to interact with Task Sequence variables.

Within our mentioned previously method button1_Click we will now execute action of displaying currently assigned value for OSDComputerName variable

And at this moment we have functionality of displaying the variable. Now lets explore setting that up.

First of all we must repeat action of “double clicking” but this time we will do it on button2 which automatically will create for us the following method

And now assigning the name to variable is easy as including the following statement in the method

And there it is you are done.

 

Further development possibilities

The above is extremely basic – the field for development is quite huge. Below you can find my implementation which features

  • Pre requisites check – centrally manageable via web portal
  • Autonaming (for this I use developed autonaming solution )
  • Determining computer hardware / type
  • Nice user interface :)

The first part does autonaming and getting all required information

WinPENetapp05

The second part display that to user and allows further interactions (unfortunately during writing of this post I had to run dev version so it didnt display all info :) )

WinPENetapp06

 

So seeing this you can imagine that limitations with customizing are endless ;) Hope you enjoyed this post. Stay tuned for Part 2 – in which we will do some more customizations.

 

 

 

 

 

Tagged with: , , , ,
Posted in .Net, PowerShell, SCCM

Windows – Credential Provider to Self Password reset

Hey,

So recently after extensive use of Active Directory Password filter and then creating custom web services to do Password Synchronization between 3 domains and Google Apps the time has come to target credential providers. Considering that help-desk do tend to get a lot of calls of “Hey,I have forgotten my password – can you please reset it ?” and unfortunately …. they can !

You would probably ask why unfortunately – well what guarantee you have that the person on the other end of the phone is really the one for which password is to be reset ? Its a weak point. And in this case multifactor authentication comes handy. You could say – ok there are products that are out there (commercial) that can do that for me … well they are but why should you pay for something that if its achievable for your self ?

At the moment I have reached target of running .Net (windows forms now but maybe WPF later) from the credential provider which looks following

CPDev01

 

Now the best thing is that from here – creating a service and authenticating user (or in this particular case – resetting password) will be just easier ;)

 

Keep checking our posts for more information on credential providers and our progress on Credential Provider Self Service Password Reset with C# (.Net ) app

 

Tagged with: , , ,
Posted in .Net, Active Directory, Windows Server, Windows7

Powershell – Loading assemblies without file locking

While working with external DLL files or even written by me I need to import those assemblies into powershell to use them.

Well there is no problem in loading the assembly but the problem you may encounter is that while your powershell session is running the file will be locked. It was a problem for me as I needed to make changes to DLL and check if it was ok – however I wanted to avoid closing my Powershell session every time.

So after some “googling” it seems the best idea is to load assembly as array of byte.

 

Tagged with: , ,
Posted in .Net, PowerShell

Products – New webservices [Alpha version]

Call for Aplha testers !

I have been working hard on getting new web services to be ready for publish. At the moment we do have beta version of our new product and looking for people interested in testing. If you want to participate in helping out building a great solution for the community – let us know ! Leave a comment / contact us ;)

 

 

Tagged with: , , ,
Posted in SCCM

News – check our products

Our best products released to community can be found by following the appropriate links

Read more ›

Posted in News

Powershell – New-PSSession : Not enough storage is available to complete this operation

Hey ,

So recently we have encountered this extremely annoying message and had major issues finding out what is the problem origination. What happens is ps-remoting just do not work. WinRM does not start …

Read more ›

Tagged with: , , ,
Posted in Active Directory, PowerShell

Search