Wednesday, November 30, 2011

Keyboard Shortcuts in a Remote Desktop Session


Key Combinations for Client Computer Equivalent Keys for Remote Desktop Session Description

Switches between programs from left to right.

Switches between programs from right to left.
ALT+ESC ALT+INSERT Cycles through the programs in the order they were started.

Switches the client between a window and full screen.


Displays the Start menu.


Displays the Windows menu.

CTRL+ALT+MINUS (–) symbol on the numeric keypad

Places a snapshot of the active window in the Remote Desktop session on the clipboard.


Displays the Task Manager or Windows Security dialog box. (Only use CTRL+ALT+END to issue this command. CTRL+ALT+DEL is always interpreted by the client computer.)


CTRL+ALT+PLUS (+) symbol on the numeric keypad

Places a snapshot of the entire Remote Desktop session window on the clipboard.

This is from link:

Tuesday, November 29, 2011

Time Configuration for AD in Australia


The time configuration is very important for Active Directory. With just a few minutes deviation on the client to the server a client will no longer be able to authenticate to servers in the domain. This is why time should be based on a well known Internet time sources for Domain Controllers in the core data centres.

Domain Controllers outside primary data centres can receive time from the other DCs or a local NTP server. Each of these local DCs can then act a local time servers for clients and servers within that site.

Some of the key public NTP servers for Australia are listed below:

  • NSW Stratum two
  • NSW Stratum two
  • NSW Stratum two
  • VIC Stratum two
  • SA Stratum two
  • VIC Stratum two
  • VIC Stratum two
  • SA Stratum three
  • ACT Stratum three
  • QLD Stratum three
  • SA Stratum three
  • WA Stratum three

To explain the different types of time servers, they are listed below:

  1. Stratum 0: Atomic clocks (caesium, rubidium), GPS clocks or other radio clocks, these are not connected to the internet directly
  2. Stratum 1: Computers attached to stratum 0 devices. Normally they act as servers for timing requests from Stratum 2 servers via NTP
  3. Stratum 2: Computers that send NTP requests to Stratum 1 servers and communicate with peer stratum 2 computers for accuracy
  4. Stratum 3: Functionally the same as Stratus 2 serve as the next in a possible 256 tiers of time servers

Good luck and be on time.

Monday, November 28, 2011

User State Virtualisation (Roaming Profiles / Folder Redirection)


Folder Redirection provides a way to selectively synchronise parts of the user environment (Documents, etc). This is especially useful in a XenDesktop and XenApp environment to make the experience seamless.

This is so much better then the old profile (NTUser.dat and file) that had to be copied in XP and earlier. The disadvantage is that by default the user cannot use the redirected folders when disconnected. But you can setup the user to have a cached copy of redirected files and folders.

To Set up the Folder Redirections using GPO

  • Edit a Group Policy Object that is targeted to your users and navigate to User Configuration, Policies, Windows Settings, Folder Redirection, Documents

By default all folders that are redirected are automatically made available offline so that users can still access their files if when disconnected from the server. In Windows 7 the folder synchronisation is done in the background not on logon/logoff. Also Windows 7 has ‘Fast First Logon’ allows users to logon to their computer without having to wait for the folder to be moved first.

Prof redir1

  • In the advanced options you can select a different folder based on the users group membership. Think about this for load balancing or WAN issues.

prof redir2

  • Disable ‘Grant the user exclusive rights to Documents’. Because if an administrator needs to access these files they will need to ‘take ownership’ which removes the users’ permissions.
  • Also you can ‘Redirect the folder back to the local userprofile location when policy is removed’. Which means if a user is no longer affected by the GPO it will copy this back to the computer and can take minutes or hours depending on the size.

Repeat for any other redirected folders.



Friday, November 18, 2011

Virtual Domain Controllers

This is still coming up so lets just recap what you need to know.

Time synchronisation

Time in Active Directory is critical to everything, Domain Controllers, servers and clients. In Active Directory, Kerberos issues a ticket during login, this ticket is default valid for 8 hours, and prevents constant authentication on Domain Controllers, every time a user accesses resources. However, the encryption and security between the client and the domain controller issuing the ticket, requires an exchange of passwords and setup of a secure channel. To prevent anyone from being able to listen on the network and reuse the packets of authentication from the client from before, all packets include a timestamp. If the timestamp coming from the client is out by more than default 5 minutes from the Domain Controllers time, it will discard the packet as fake.

The ”Maximum tolerance for computer clock synchronisation” Group Policy can change this, but don't.

In a domain, all DC’s will automatically synchronise time with the Domain Controller that has the PDCe role running. The DC with the PDCe role should then be configured to use an external or internal NTP source. The time service on Domain Controllers is the time server for all clients in the domain that logon via that DC.

Windows Servers, will by default sync every 45 minutes until 3 successful sync’s, then every 8 hours.

So you have two choices:

  1. Configure NTP on the ESX hosts
  2. Install and configure VMware tools and configure it to synchronise time with the ESX hosts


  1. Ignore the time on VMware
  2. Disable VMWare tools time sync
  3. Enable NTP on ALL DCs (or the PDCe)
  4. Only use ONE or TWO common NTP servers for all DCs in the environment.

Dont “suspend” or “pausing” a Domain Controller

If the Domain Controller has been offline for too long, it will have objects on it that were supposed to have been deleted by the tombstoning process. If this happens the Domain Controller will stop replication with it’s partners. You will see an event in the logs with:

ID 2042, Source NTDS Replication, Description: It has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded the tombstone lifetime. Replication has been stopped with this source.

Instead of pause, shutdown any Domain Controllers. VMotion/Live Migration is OK as it is so quick.

Don't Snapshot a Domain Controller

If you revert to an old snapshot of a Domain Controller you break consistency in your Active Directory domain. Don't ever do it unless you want to cross the streams, you know, Cats and Dogs living together .

Friday, November 04, 2011

Looking to move from XXX for Virtualisation?

Interesting article: 
(I have cleaned up this it is not a direct quote)

Virtualisation market faces shake-up, By Timothy Prickett Morgan

Posted 3rd November 2011 21:41 GMT

This info comes from the latest V-Index survey from Veeam Software, a maker of add-on management tools for VMware's ESXi hypervisor, which is conducted on a quarterly basis in the US, UK, France, and Germany.

The survey only of large companies – those with 1,000 or more employees. About a third of the companies surveyed had more than 3,000 employees.

In the September V-Index, 86.5 per cent of the 578 organisations that participated in the poll had some sort of server virtualisation in their data centres. And across all enterprises, including those who did not have server virtualisation at all, an average of 38.9 per cent of servers were virtualised, and they had an average of 701 servers in their data centres.

Primary server virtualisation hypervisors, by vendor

The penetration of various hypervisors on x86-based servers depends on whether virtualisation is being used to run virtual desktop infrastructure (VDI) or more traditional server workloads.

On traditional server stuff

  • VMware with 67.6 per cent of those companies that have hypervisors ESX or ESXi is their primary hypervisor
  • XenServer 14.4 per cent going for
  • Hyper-V 16.4 per cent from Microsoft.
  • Others category, which accounted for a meagre 1.6 per cent.

When you shift to talk about hypervisors running on servers to specifically stream VDI desktops:

  • ESX 54.2 per cent
  • XenServer 24.9 per cent
  • Hyper-V by 20.3 per cent

Now here's the interesting bit: 38 per cent of companies using virtualisation for traditional workloads say they are planning to change their hypervisor next year (2012).

The cost of the current hypervisor platform was cited as the main reason for the jump by 58.9 per cent of the jumpers, with nearly half saying that they didn't like their current vendor's licensing model, and they did like the features offered with alternative suppliers or that the alternatives had matured enough that they could contemplate making a shift.

Thursday, November 03, 2011

W2K8 R2 Server Core Commands


Yes it has been out for ages, and yes everyone knows, but I am putting these all together as a reference. Enjoy or ignore. ;)

Rename computer

  • hostname
    • WIN-C6UDA2DS5FF2
  • netdom renamecomputer WIN-C6UDA2DS5FF2 /newname:HyperV1
  • shutdown /r

Join the domain

  • netdom join HyperV1 /domain:PebblyHill /userd:Administrator /passwordd:*
  • shutdown /r

IP Address details

  • ipconfig
    • Windows IP Configuration
    • Ethernet adapter Local Area Connection 1:
    • Connection-specific DNS Suffix  . :
    • Link-local IPv6 Address . . . . . : ae70::0d04:dea2:b323:4db5
    • IPv4 Address. . . . . . . . . . . :
    • Subnet Mask . . . . . . . . . . . :
    • Default Gateway . . . . . . . . . :

Allow ping and RDP through the firewall

  • netsh firewall set icmpsetting 8
    • Ok.
  • netsh advfirewall firewall set rule group="Remote Desktop" new enable=yes
    • Updated 1 rule(s).
    • Ok.
  • netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=yes
    • Updated 16 rule(s).
    • Ok.

Or disable the firewall:

  • netsh firewall set opmode mode=disable

Enable remote desktop

  • cscript C:\windows\system32\scregedit.wsf /ar 0
    • Registry has been updated.

Install Hyper-V

  • start /w ocsetup Microsoft-Hyper-V
  • shutdown /r

If you did not join a domain, using GPOs for update settings and need to manually setup windows update the following commands are for you (This will use the default time of 3am to check for patches)

  • Cscript c:\windows\system32\scregedit.wsf /au 4
  • Net stop wuauserv
  • Net start wuauserv

Update right now

  • Wuauclt /detectnow

Check the update status

  • Cscript scregedit.wsf /AU /v

From here on in you can use the RSAT tools on a client to do the rest

Tuesday, November 01, 2011

SCVMM 2008 R2 converting VMware ESX Error (2912)


I have Windows Server 2008 R2 hosts running HyperV.  Using SCVMM 2008 R2 to migrate existing VMware ESX VM's. I copied the VMDK and VMX files to the SCVMM Library and then tried to do a V2V and get the following errors when trying to migrate a VMware VM:

“Error (2912)
An internal error has occurred trying to contact an agent on the server.
(Unknown error (0x8004232c)).”

The conversion gets to 66% and fails on the task 1.3 “Make operating system virtualizable[sic]”

Turns out this stage is trying to START the VM to remove VMware tools and and install the Integration Services. But there was no NIC card selected so it fails.

Try again with a network card and voilĂ .

Blog Archive