Vol. 34, #8 - June 17, 2013 - Issue #934

Image

Active Directory and the Cloud

  1. Editor's Corner
    • From the Mailbag
    • Active Directory and the Cloud
    • Tip of the Week
    • Recommended for Learning
    • Quote of the Week
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without
  3. Events Calendar
    • Americas
    • Europe
    • Australia
  4. Webcast Calendar
    • Register for Webcasts
  5. Tech Briefing
    • Who should take the Microsoft Technology Associate (MTA) Exams?
    • Top Windows Server 2012 R2 Hyper-V Virtualization Features
    • TechEd NA: Enabling On-Premises IaaS Solutions with the Windows Azure Pack
    • Creating a Private Cloud using System Center 2012 SP1 and Virtual Machine Manager
    • Planning a Hybrid IT Infrastructure using Windows Azure Infrastructure Services
    • Complete VM Mobility Across The Data Center with SMB 3.0, RDMA, Multichannel & Windows Server 2012 (R2)
    • Using Virtual Appliances in VMware Workstation
    • Introducing PowerEdge VRTX
    • Host RemoteApps from Windows PCs
    • Exchange 2010 SP3 Rollup 1 released
    • Lync-Skype connectivity available today
    • Has the end of Antivirus arrived?
    • DeviceLock - Voted WindowSecurity.com Readers' Choice Award Winner - Endpoint Security
  6. Windows Server News
    • Limiting the effects of cloud computing outages
    • Top 5 causes of virtual desktop and application downtime
    • Design for operational efficiency: Taking a lesson from cloud providers
    • New Office 2013 features can help IT pros as much as end users
  7. WServerNews FAVE Links
    • This Week's Links We Like. Fun Stuff.
  8. WServerNews - Product of the Week
    • Simplify Your Remote Software Deployment Tasks

 

Simplify Your Remote Software Deployment Tasks

Would you like to distribute Windows software remotely to multiple PCs over a LAN/WAN? Use EMCO MSI Package Builder to automatically convert non-silent EXE setups to silent MSI packages that can be deployed remotely by means of GPO or other deployment tools.
You don't need to learn the MSI specification to convert existing EXE setups to MSI packages. Just run and follow an EXE installation to capture it, and EMCO MSI Package Builder will automatically generate a silent MSI package that is identical to the captured installation. The generated silent MSI packages can be deployed quickly and easily on multiple PCs using any remote deployment software.

Learn how to convert EXE to MSI & download a free trial version.

 

Editor's Corner

This week's newsletter is all about deploying Active Directory in the cloud using Windows Azure. Unfortunately I couldn't find any funny cartoons about Active Directory, but I did find this Dilbert strip that shows how your company directory can sometimes be used for nasty purposes:
http://www.wservernews.com/go/1371121688022

From the Mailbag

We're still getting lots of feedback from our issue Tiptoeing Towards Windows 8 (Issue #932). Mark, a network admin working in Virginia, USA, says:

I enjoyed reading your article. I had a similar experience switching from Windows XP to Windows 7 in that I had to think a bit about how to perform certain basic tasks simply because it was different. One blog I read on the subject said that Windows 7 was more "intuitive". IMHO, Windows XP was far more intuitive if only because after years of working with it, it BECAME intuitive. Bottom line: I chalked up a great deal of my frustration to that age old IT nemesis, the learning curve. As you said, "maybe the cognitive dissonances that annoy me in Windows 8 are chimeras that will vanish in the wind as I begin working in earnest with the platform."

I basically agree since there's always a learning curve with any new release. It's just that for many folks the learning curve for Windows 8 seems to be steeper than usual...

Tony, who works in the UK, shared as follows:

I have been trying to use Windows 8. I can see what Microsoft is trying to do, and really want to go along with it. One of the differences between "touch" i.e. Windows 8 etc and "mouse" i.e. Windows 7 and earlier -- touch is imprecise and mouse is precise. Thus, apart from the autohide task bar (which some of us used e.g. on smaller screen laptops), the mouse guides the cursor to a precise point and clicks. Thus it is very easy to pick from a long list of things e.g. programs on the start menu. A finger on most touch screens is too coarse to do the same. Thus any touch screen approach cannot have anything like as many discrete "areas" on the screen as we are used to. To compensate for this, touch has the concept of swiping to one side to get to additional screens.

But I think that what is making it difficult is that whilst swiping off screen is intuitive for touch, using a mouse to drag the cursor to nebulous areas of the screen is conceptually quite difficult. Here you have a precise pointer, but you are expected to move it to somewhere not clearly defined.

I have thought of something that would make the transition much easier -- if the start menu background was not a solid colour, but a colour gradient to where the active off screen areas are (and heresy a word in semi-transparent text to indicate what the area does) would make it far more logical. This could easily be switched in and out -- get rid of it when you are used to it.

And probably few people ever realised that the Windows taskbar could be put down the side -- it does not have to be at the bottom. So why can't we have the "off screen" trigger configurable -- then most of us could put it in the bottom left on our desktop machines.

In a few years we will have all got used to it. But if you look back at XP, it has an option for "classic menu" because some people took time to adjust from Windows 2000 to Windows XP. If that was a problem, then it should have been obvious that the more radical change in Windows 8 (and Server 2012) would take more getting used to. I think the other thing that was forgotten -- many of us switch backwards and forwards between different versions of Windows -- especially consultants and anybody in IT support. If you make a switch and use it all day, every day, then the change is easier to get over.

From what I understand, the Windows 8.1 release is going to address the "nebulous area" and background issues that Tony describes above, so let's keep our fingers crossed and hope for the best.

And a reader named David said:

For all the good and/or bad about Windows 8 and its interface, the thing I keep coming back to is why Microsoft insists on making everyone change when clearly many people don't want to change. What would be wrong with leaving the options in place so that you could easily have Windows 8 look like 7, or Vista or XP or even 95. For IT professionals and people who are using different systems all the time a change is maybe annoying but can usually be done without too much problem. For Mr/Mrs Average who don't understand systems very well, a major shift like this can massively reduce their productivity.

My guess here is that it's simply too costly for Microsoft to continue to include legacy UI elements in Windows 8 because doing so would add considerably to the test matrix for debugging builds. But I agree that Mr/Mrs Average might have a hard time adjusting to Windows 8. I've also heard however that their kids love it.

Anyways, keep sending us your feedback to [email protected] if you have more to say on the matter, thanks!

Active Directory and the Cloud

My how times have changed. Companies used to deploy their domain controllers on-premises, but now they can deploy some or all of them in an Infrastructure as a Service (IaaS) cloud. This can have huge ramifications for organizations that have a global reach or whose users often travel to far-away places and need to authenticate where the organization has no local Active Directory infrastructure.

Deploying a portion of your company's Active Directory infrastructure to the cloud is simple. All is requires is deploying your domain controllers on Windows Azure virtual machines and setting up site-to-site VPN connectivity between your on-premises and Windows Azure infrastructures. You need to use Windows Azure Virtual Network to establish this connectivity however. That's because Windows Azure virtual machines don't support static IP addresses, and while domain controllers are supposed to always have static addresses, using Windows Azure Virtual Network ensures that the dynamic addresss assigned to these domain controllers will last for the lifetime of the virtual machines. There are a few other considerations you'll need to be aware of and you can read all about it in this whitepaper on MSDN:
http://www.wservernews.com/go/1371121699460

But that's not the only way of doing it. There's also a new offering from Microsoft called Windows Azure Active Directory (Windows Azure AD) that can provide your organization with a single identity service that works across Windows Azure, Microsoft Office 365, Dynamics CRM Online, Windows Intune and 3rd party cloud services. You can integrate Windows Azure Active Directory with your existing on-premises Active Directory environment, and you can use it to provide your users a seamless single sign-on (SSO) experience across Microsoft Online Services, third party cloud services, and applications built on Windows Azure that leverage web identity providers such as Microsoft Account, Google, Yahoo!, and even Facebook. You can find out more about Windows Azure Active Directory here:
http://www.wservernews.com/go/1371121703303

Finally, you might want to read Sander Berkouwer's summary article concerning it here:
http://www.wservernews.com/go/1371121709116

How do you get started with Windows Azure Active Directory? Keith Mayer has a good walkthrough explanation and whiteboard video in his blog here:
http://www.wservernews.com/go/1371121714788

We're going to hear from Keith soon in a guest editorial he's writing for an upcoming issue of WServerNews, so stay tuned.

Send us feedback

What do readers think of deploying part or all of their Active Directory identity and access functionality to the cloud? Have you tried it yet? Is your organization considering doing it? Let us know at [email protected].

Tip of the Week

GOT A TIP you'd like to share with other readers? Email us at [email protected]

The following tip was submitted by reader Quentin Gurney who is an enterprise IT architect currently working for a Fortune 100 company:

Windows updates not installing due to local computer WSUS database corruption

Perhaps you have run into this issue. You cannot install Windows updates and there is an error in the application log that suggests there is something wrong with the database.

Error code requiring this fix:

Log Name:   Application
Source:    ESENT
Date:     6/18/2009 3:22:06 AM
Event ID:   474
Task Category: Database Page Cache
Level:     Error
Keywords:   Classic
User:     N/A
Computer:   yourserver.yourdomain.com
Description:

wuaueng.dll (340) SUS20ClientDataStore: The database page read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 4595712 (0x0000000000462000) (database page 1121 (0x461)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The expected checksum was 2818733426791738953 (0x271e271e0c70ee49) and the actual checksum was 1089324781602401865 (0x0f1e0f1e0c70ee49). The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Event Xml:
 
  474
  2
  2
  0x80000000000000
 
  850
  Application
 YOURCOMPUTER.YOURDOMAINcom

  wuaueng.dll
  340
  SUS20ClientDataStore:
  C:\Windows\SoftwareDistribution\DataStore\DataStore.edb
  4595712 (0x0000000000462000)
  4096 (0x00001000)
  -1018 (0xfffffc06)
  2818733426791738953 (0x271e271e0c70ee49)
  1089324781602401865 (0x0f1e0f1e0c70ee49)
  1121 (0x461)

There indeed is something wrong with the database, but how do you fix a windows internal database for WSUS? There is not much documentation on the subject and what there is suggests you might need to rebuild the whole O/S to make it work. When I ran across this, I was not very interested in doing that kind of a rebuild so I did some more digging.

I found some information that suggested that the local machine WSUS DB might be the same DB that Active directory uses or Exchange uses. To fix that kind of dB, I found this entry suggesting I needed to use esentutl.exe which on a DC is front ended by ntdsutil:
http://www.wservernews.com/go/1371121725694

Found this KB and got the idea to try repairing the JET DB:
http://www.wservernews.com/go/1371121731725

  1. First, got on a Domain Controller because the tool I needed was installed there.
  2. Mapped c: drive on problem server as z:
  3. On the problem server box shut down cryptographic service, BITS, Windows Updates. (I had to set windows updates to disabled – kept restarting and opening the file)
  4. Executed following command:

C:\Users\my account>esentutl /p z:\windows\softwaredistribution\datastore\datastore.edb

Extensible Storage Engine Utilities for Microsoft(R) Windows(R)
Version 6.0
Copyright (C) Microsoft Corporation. All Rights Reserved.

Initiating REPAIR mode...
    Database: z:\windows\softwaredistribution\datastore\datastore.edb
Temp. Database: TEMPREPAIR1264.EDB

Checking database integrity.

           Scanning Status (% complete)

     0  10  20  30  40  50  60  70  80  90 100

     |----|----|----|----|----|----|----|----|----|----|

     ...................................................

Integrity check successful.

Note:

It is recommended that you immediately perform a full backup
of this database. If you restore a backup made before the
repair, the database will be rolled back to the state
it was in at the time of that backup.

Operation completed successfully in 61.75 seconds.

After that, restarted services and we are now installing windows updates. This saved me a few hours by avoiding a rebuild. Server is working fine.

Recommended for Learning

A couple of announcements from the Microsoft Virtual Academy:

Build a Private Cloud w/ Windows Server & System Center Jump Start -- June 18

Join Day 1 of a two day Jump Start series covering the end-to-end process of implementing a MS cloud solution, providing a deep dive into key topics associated with implementing a Microsoft hybrid cloud solution.
http://www.wservernews.com/go/1371121738850

Move to Hybrid Cloud with System Center & Windows Azure Jump Start -- June 20

This Jump Start is a continuation of Day 1 and will focus on successfully monitoring and managing ongoing operation of a private cloud environment.
http://www.wservernews.com/go/1371121744585

Quote of the Week

"Opportunity.. don't wait for it - create it. Put in the work, grab it by the throat and don't let go." --Tweeted by Dwayne Johnson a.k.a. The Rock

Until next week,
Mitch Tulloch 

Note to subscribers: If for some reason you don’t receive your weekly issue of this newsletter, please notify us at [email protected] and we’ll try to troubleshoot things from our end.

 

Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

Use free EMCO Remote Installer to install/uninstall/repair EXE setups and MSI packages remotely on multiple PCs over a LAN. This all-in-one tool combines software audit and deployment features.
http://www.wservernews.com/go/1371456103828

Amp up your application monitoring! Download SolarWinds free WMI Monitor and start monitoring any Windows® application or server and achieve amazing insight into real-time performance. Download now!
http://www.wservernews.com/go/1371126155269

Free Tool: Idera Server Backup Free – fast, disk-based continuous data protection for Windows and Linux servers – backs up and restore files in seconds
http://www.wservernews.com/go/1371126159956

Exclaimer Mail Archiver is a fully featured, competitively priced archiving solution for Exchange that's easy to set up and maintain. It uses file system-based storage so it doesn't require SQL.
http://www.wservernews.com/go/1371219477232

Ping Plotter is a network troubleshooting and diagnostic tool that combines traceroute, ping and whois:
http://www.wservernews.com/go/1371126177910

 

Events Calendar

Americas

Europe

Australia

Add your event

PLANNING A CONFERENCE OR OTHER EVENT you'd like to tell our 100,000 subscribers about? Contact [email protected]

 

Webcast Calendar

Register for Webcasts

 Add your Webcast

PLANNING A WEBCAST you'd like to tell our 100,000 subscribers about? Contact [email protected]

 

Tech Briefing

Who should take the Microsoft Technology Associate (MTA) Exams? (Florian Klaffenbach, IT Pro)

After taking the MTA exam, Florian shares some of his thoughts about the exam and who should take it.
http://www.wservernews.com/go/1371121813226

Top Windows Server 2012 R2 Hyper-V Virtualization Features (Aidan Finn, MVP/IT Pro)

In this article Aidan gives an overview about the new enhancements features in Microsoft Hyper-V Server 2012 R2
http://www.wservernews.com/go/1371121817476

TechEd NA: Enabling On-Premises IaaS Solutions with the Windows Azure Pack (Aidan Finn, MVP/IT Pro)

In his blog post Aidan gives an overview about his TechEd NA presentation about Windows Azure Pack for On-Promises IaaS Solutions.
http://www.wservernews.com/go/1371121821913

Creating a Private Cloud using System Center 2012 SP1 and Virtual Machine Manager (VirtualizationAdmin.com)

Janique Carbone begins a new series of articles that will provide an overview of critical concepts associated with a Microsoft private cloud solution.
http://www.wservernews.com/go/1371121827851

Planning a Hybrid IT Infrastructure using Windows Azure Infrastructure Services (WindowsNetworking.com)

Deb Shinder begins a new series of articles that looks at how a hybrid infrastructure can let you have the best of both worlds when it comes to the cloud and on-premises services.
http://www.wservernews.com/go/1371121832023

Complete VM Mobility Across The Data Center with SMB 3.0, RDMA, Multichannel & Windows Server 2012 (R2) (Didier van Hoye, MVP/IT Pro)

In his blog Didier explains a Datacenter concept: running your whole storage on SMB 3.0 and using an RDMA environment for your SAN.
http://www.wservernews.com/go/1371121836695

Using Virtual Appliances in VMware Workstation (VirtualizationAdmin.com)

David Davis takes a look at downloading virtual appliances from an online store.
http://www.wservernews.com/go/1371121840757

Introducing PowerEdge VRTX (Direct2Dell)

This week Dell launched his Cluster in a Box (CiB) Solution. With 4 blades, Shared SAS and different expansion options available chassis, this offering is targeted for workloads like Hyper-V and SMB 3.0 Building Blocks, Branch or Small Offices or even Datacenter Building Blocks.
http://www.wservernews.com/go/1371121845132

Host RemoteApps from Windows PCs (WindowsNetworking.com)

Eric Geier begins a new series of articles that look at the benefits of launching a RemoteApp versus using the app in a traditional Remote Desktop session.
http://www.wservernews.com/go/1371121849898

Exchange 2010 SP3 Rollup 1 released (Johan Veldhuis, MVP/IT Pro)

In his article Johan collected all fixes that are included in SP3 RU1 with a short description.
http://www.wservernews.com/go/1371121854586

Lync-Skype connectivity available today (The Lync Team Blog)

This marks the first important step in extending Lync’s unified communications capabilities to the hundreds of millions of people who use Skype.
http://www.wservernews.com/go/1371121859851

Has the end of Antivirus arrived? (WindowsSecurity.com)

Ricky Magalhaes asks whether with the advance of computing into the world of mobility, has the requirement for antivirus deprecated or is this a case of complacency. Some vendors are claiming that they can get rid of pattern files and others are saying no antivirus altogether. In this article we explore the options and the reality.
http://www.wservernews.com/go/1371121863992

DeviceLock - Voted WindowSecurity.com Readers' Choice Award Winner - Endpoint Security (WindowsSecurity.com)

DeviceLock was selected the winner in the Endpoint Security category of the WindowSecurity.com Readers' Choice Awards. GFI EndPointSecurity and CopyNotify! Data Security Software were runner-up and second runner-up respectively.
http://www.wservernews.com/go/1371121869601

Thanks to Florian Klaffenbach for providing some of the items in this section. Be sure to check out Flo's Datacenter Report:
http://www.wservernews.com/go/1371121873679

 

Windows Server News

Limiting the effects of cloud computing outages

IT pros that transition to the cloud for its high availability benefits may be in for a rude awakening – cloud outages can happen just as frequently as traditional data center failures without proper planning. Inside, explore essential tips and tricks that can help you minimize cloud outage risks.
http://www.wservernews.com/go/1371121895680

Top 5 causes of virtual desktop and application downtime

To reap the benefits of virtual desktops, it’s critical to take the necessary steps to minimize availability and performance issues. Access this exclusive guide to explore five common causes of virtual desktop and application downtime – as well as tips for avoiding these pitfalls in your virtual environment.
http://www.wservernews.com/go/1371121900617

Design for operational efficiency: Taking a lesson from cloud providers

How you design and manage your virtual infrastructure has a significant impact on the maintenance it requires and the efficiency gains it delivers.  Discover the benefits you can enjoy by applying some of the same tactics that cloud providers use on their data center design to your virtual infrastructure.
http://www.wservernews.com/go/1371121904945

New Office 2013 features can help IT pros as much as end users

While many of the new enhancements and features offered in Microsoft Office 2013 were designed with end users in mind, there’s a lot for IT pros to be happy out as well. Explore the top features that are sure to put a smile on your face, including the Web Apps Server, Click-to-Run and Office Telemetry.
http://www.wservernews.com/go/1371121910195

 

WServerNews FAVE Links

This Week's Links We Like. Tips, Hints And Fun Stuff

GOT FUN VIDEOS or other fun links to suggest you'd like to recommend? Email us at [email protected]

Image

The space probe 'Mars Express' by the European Space Agency has created the first three-dimensional map of our neighboring planet.
http://www.wservernews.com/go/1371121915758

A Ukrainian pilot takes a home-made helicopter for a spin.
http://www.wservernews.com/go/1371121919820

A chipmunk will store over 6,000 acorns - but he needs to keep an eye out for pickpockets.
http://www.wservernews.com/go/1371121924445

Sound waves passing through liquid cause the formation of bubbles that emit bright flashes of light when they collapse.
http://www.wservernews.com/go/1371121928774

Sandwich shop workers Richard and Adam Johnson received a standing ovation for their rendition of 'The Impossible Dream' at Britain’s Got Talent:
http://www.wservernews.com/go/1371121932914

 

WServerNews - Product of the Week

Simplify Your Remote Software Deployment Tasks

Would you like to distribute Windows software remotely to multiple PCs over a LAN/WAN? Use EMCO MSI Package Builder to automatically convert non-silent EXE setups to silent MSI packages that can be deployed remotely by means of GPO or other deployment tools.
You don't need to learn the MSI specification to convert existing EXE setups to MSI packages. Just run and follow an EXE installation to capture it, and EMCO MSI Package Builder will automatically generate a silent MSI package that is identical to the captured installation. The generated silent MSI packages can be deployed quickly and easily on multiple PCs using any remote deployment software.

Learn how to convert EXE to MSI & download a free trial version.

 

WServerNews - Editors

Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit from Microsoft Press and has published hundreds of articles for IT pros. Mitch is also a seven-time recipient of Microsoft's Most Valuable Professional (MVP) award for his outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see www.mtit.com

Ingrid Tullochis Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also Head of Research for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.