Thursday, April 21, 2011

How to know whether a server is DC or Member Server

As a administrator, we might need to distinguish a member server from Domain Controller. The same can be verified through a registry key.


If the value is
LanmanNT - Domain Controller
ServerNT - Member Server

Wednesday, April 6, 2011

Enable PowerShell Remoting with Client Outside of Server's Domain (Trusted Host and Double Hop Issue)

To enable remote powershelling with servers not in the same domain as the client machine you will need to perform the following steps:
Note: Do not allow unencrypted communication for internet use.
On the client PC type:
PS c:\users\root> cd wsman:localhost\Client
PS WSMan:\localhost\Client> Set-Item AllowUnencrypted -Value $true -force
PS WSMan:\localhost\Client> Set-Item TrustedHosts -Value * -force
On the server PC type:
PS c:\users\root> Enable-PSRemoting
Then using regedit set the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Service\allow_unencrypted to 0x00000001

To connect from the client type:
PS WSMan:\localhost\Client> New-PSSession -name Server01 -computername boqsource -credential boq\spsetup  -Port 5985
PS WSMan:\localhost\Client> Enter-PSSession Server01

You should be on a command line on your server!

To add Sharepoint commands to your shell type:
[server] c:\> Add-PSSnapin Microsoft.Sharepoint.Powershell
Now you can execute any SP cmdlets!
But wait, you get access denied to the farm :O. This is due to a known issue in the double hop of credentials. My server credentials are different to my client credentials and my Powershell is using my client credentials. The solution is to configure CredSSP authentication.

Here are the steps to enable CredSSP on the server:
1. Login to your server.
2. In powershell type: PS C:\> Enable-WSManCredSSP -Role Server

Here are the steps to enable CredSSP on the client:
1. Enable CredSSP through powershell by typing: PS C:\> Enable-WSManCredSSP -Role Client -DelegateComputer
2. Run "gpedit.msc" drill down: Local Computer Policy > Computer Configuration > Administrative Templates > Credentials Delegation > Allow Delegating Fresh Credentials with NTLM-only.
3. Enable "Allow Delegating Fresh Credentials with NTLM-only" and click "Show" next to "Add servers to list:". Add the server "WSMAN/*" this will add all servers, you can be specific if you wish.
4. Apply the new policy and click Start -> Run -> and type: "gpupdate"

Logging in using CredSSP:
PS C:> Enter-PSSession server -Authentication CredSSP -Credential (Get-Credential)
[server]: PS C:> Add-PSSnapin Microsoft.Sharepoint.Powershell
alternatively, put this into a ps1 script file:

$session = New-PSSession -Name server -ComputerName server -Authentication CredSSP -Credential (Get-Credential)
Invoke-Command -Session $session -ScriptBlock { Add-PSSnapin Microsoft.SharePoint.PowerShell }
Enter-PSsession $session
Now you have full access to the server and Sharepoint cmdlets!!


Powershell Script to query for an event ID and take action accordingly

$mydate = (Get-date).addminutes(-15)
#$mydate = (Get-date).Addhours(-5)
$EventID = Get-EventLog -LogName System | ? {$_.EventID -eq 429 -and $_.timegenerated -gt $mydate }
#found desired events; Restarting the service
write-host "Found the events; Trying to restart the service"
Get-Service -displayname "IIS Admin" | Restart-Service -force
Get-Service -displayname "Simple Mail Transfer Protocol (SMTP)" | start-Service -force
Get-Service -displayname "World Wide Web Publishing Service" | start-Service -force
Get-Service -displayname "HTTP SSL" | start-Service -force
Get-Service -displayname "Microsoft Exchange Routing Engine" | start-Service -force
} else 
write-host "Events not found; I don't have any actions to do than exit"

Friday, April 1, 2011

Disk Cleanup missing in Windows Server 2008

Received an alert today for just simple issue. i.e., Low Disk Space on System Drive. As usual, I was trying to go to disk properties and use Disk Clean Up utility, but didn't find out the same in Volume Properties as the OS was Windows Server 2008 R2.

With little bit of googling, I found an article from MS website. Disk Cleanup/Clean Manager (cleanmgr.exe) is not appeared by default in Volume Properties. Need to follow few steps as below to clean up the volume.


The Disk Cleanup executable file cleanmgr.exe and the associated Disk Cleanup button are not present in Windows Server® 2008 or in Windows Server® 2008 R2 by default. 

This is by design, as the Disk Cleanup button is part of the Desktop Experience feature. In order to have Disk Cleanup button appear on a disk’s Properties dialog, you will need to install the Desktop Experience feature.


So in order to use cleanmgr.exe you’ll need to copy two files that are already present on the server, cleanmgr.exe and cleanmgr.exe.mui. Use the following table to locate the files for your operating system.


Once you’ve located the files move them to the following locations:

 1. Cleanmgr.exe should go in %systemroot%\System32.
 2. Cleanmgr.exe.mui should go in %systemroot%\System32\en-US.
    ·  You can now launch the Disk cleanup tool by running Cleanmgr.exe from the command prompt.
          · Disk Cleanup can now be run by entering Cleanmgr.exe into a command prompt, or  
by clicking Start and typing Cleanmgr into the Search bar.

Happy Learning !!!