Month: July 2011

ConfigMgr 2007 Management Point Won’t Install – Failed to Create the CCM_Incoming Virtual Directory

I’ve been working on a customer site for the last few days in my old stomping ground: System Center Configuration Manager (SCCM) 2007.  It’s a new deployment in a mature Windows XP network.  Today started out as a nightmare.  I had all the prereqs done but the install of the primary site server was not going well.  The management point just would not install.  The SMS_MP_CONTROL_MANAGER was reporting that:

“MP Control Manager detected MPsetup has failed to create the CCM_Incoming Virtual Directory.

Possible cause: The IIS IWAM account has expired, been disabled, or has invalid or too restrictive logon hours. You may verify this information by running the net user command line for the IWAM account. (i.e.: "net user IWAMMachineName)

Solution: Use the output to verify that the account is enabled, and logon is possible during the time of installation. Note: You can use "net user" to modify the account properties.
Possible cause: The IIS IUSR account has expired, been disabled, or has invalid or too restrictive logon hours. You may verify this information by running the net user command line for the IUSR account. (i.e.: "net user IWAMMachineName)

Solution: Use the output to verify that the account is enabled, and logon is possible during the time of installation. Note: You can use "net user" to modify the account properties.
Possible cause: The designated Web Site is disabled in IIS.

Solution: Verify that the designated Web Site is enabled, and functioning properly”.

I knew that all IIS components were installed and configured correctly: I use my Zero Touch chapter from Mastering Windows 7 Deployment as my ConfigMgr prereqs check list!  Using that, I can normally get an all green install.  But something here was wrong.  I suspected a security issue … who knows what’ll impact you in a mature network.  I googled and a number of people reported corrupt IIS metabases caused issues.  A reinstall of IIS and ConfigMgr ensued but no result.

Now I was sure an external factor was at fault.  I’d heard that some security feature had screwed up the XP machines in the past.  Something to do with Conficker.  I had GPO, antivirus, and a 3rd party management product in my sights.  We started deploying a new VM that would be dropped into an OU with blocked inheritance to prevent anything from screwing with the clean OS.  Meanwhile, I returned to the already deployed (and new) VM and Google. 

Then I found this thread on MS TechNet Forums.  The user, tymque, had found that a hack to prevent Conficker had changed some permissions to the SVCHOST registry key and the WindowsTasks folder and this broke the management point installation.  I found the default permissions on MS Support (on a Conficker subject page).  I compared the default permissions with what was in place.  They were different!  I made the required changes manually and then the management point installation (manually running mp.msi) worked.  To be safe, I ended up doing a clean reinstall of the entire site server … and got an all green as expected.

I never did find out what hacked those permissions: a bit of time pressure on this project.

SQL Server 2008 R2 Service Pack 1

I hate SQL Service Packs.  Yeah, you heard me!  They just add so much more time to the installation time.  Yeah, you can “slipstream” them, but only a few people ever do it.

Good news everybody!  SQL Server 2008 R2 SP1 is launched.  Some new features are listed on that page but it’s all beyond an accidental DBA like me so I won’t copy/paste and present to understand it all.

Don’t just lash this SP out and hope for the best.  Check your application compatibility.  That applies to your System Center admins too!  There are support lists and you shouldn’t go upgrading without checking for support first.  Assuming there is support is your problem, not Microsoft’s.  You break it – you fix it Smile

Technorati Tags: ,

Progress of Third Party Azure

It’s quite a while since Bob Muglia & co announced that some Microsoft partners would be running a third party implementation of Azure in the form of the Azure Appliance.  Who cares?  Well, some want more than what Microsoft can offer – and some have a problem with the USA Patriot Act that affects all USA businesses no matter where their operations or subsidiaries are located/registered.

HP are said to be going VMware for their cloud but have also said they are deploying Azure Appliance.  HP can offer more than what Microsoft offers, no doubt, especially in the storage space.  They probably can do more in the 3rd party or open source space, even though MSFT has embraced things like PHP on Azure.  But HP is American so thumbs down for data protection.

Ebay is puzzling.  Are they going to auction CPU cycles?  I really don’t get it, other than they can run their own site on their own Azure appliances.  File under irrelevant.

Dell is going in another direction, possibly OpenStack.  IBM – Lotus Live (Lotus Dead is more like it).  IBM is doing a lot of consulting and making a lot of money from government and corporates in the cloud space.  Probably a lot of Z series hardware and VMware licensing being sold, with a lot of consultants on site sucking up budget.

Fujitsu is the one that interests me the most.  Fujitsu are Japanese (obviously) and can therefore operate independently of the USA Patriot Act.  A Fujitsu datacentre in the EU can comply completely with EU laws.  They’re allegedly unveiling their Azure Appliance public cloud in August, thus offering a 0% Patriot Act Azure public cloud the world.  If I’m Microsoft, I’m pushing that sucker big-time because it offers the power of their PaaS in a venue that resolves the legal issues with their own datacentre offering.

Technorati Tags: ,

WPC11 Hyper-V Announcements and Some Brainfarts

WPC is Microsoft’s conference for partners.  The delegates tend to be executives or account managers from the Microsoft partner community, and the content is not the usual technical level one should expect from an MMS or TechEd.

Yesterday Microsoft announced some Hyper-V features from Windows 8 (Windows Server 2012?).  The first was that Hyper-V “3.0” will support “more than” 16 vCPUs per VM.  That’s a nice add on for those larger VM’s, giving us 16+ simultaneous threads of execution.  People are virtualising larger workloads as well as the usual/expected lighter ones because virtualisation offers solutions to more than just power/rack consolidation, e.g. fault tolerance.  A bottleneck has been the ability to run larger multi-threaded workloads, and Windows Server “2012” Hyper-V will give us a potential solution for this.

One of the big reasons we adopt virtualisation is the ability to make DR (disaster recovery or business continuity) easier.  Mid-to-enterprise businesses can afford really expensive SAN/WAN solutions for this.  There’s a number of storage or backup replication solutions that can allow replication of virtual workloads over smaller lines for the small-medium enterprise (SME).  Some are good, and some are downright rubbish to the point of being dangerous.

Microsoft is stepping in with a new feature called Hyper-V Replica.  This will give us the ability to replicate VMs asynchronously.  This means it will work over longer distances, with lower capacity lines, higher latency, and will be cheaper.  It also means that there is a slight delay in replication of VM data.  That’s unacceptable to a small set of the market who have regulatory/business needs for synchronous replication and will have to continue to look at those third party or expensive SAN/WAN replication solutions.

Thinking about Hyper-V Replica makes me wonder if there are other new features/upgrades that we haven’t been told about yet.  This isn’t DFS-R as we know it.  DFS-R requires a file to be closed before it can analyse it and replicate the change blocks.  Maybe we have a new DFS-R but I’m sceptical of that.  Maybe we have a “new” transactional file system?  I say “new” because Microsoft has had a transactional file system for quite some time in the form of WinFS.  This would allow the file system to track changes, and replicate them, all while keeping VMs in a consistent state in source and destination locations.  Consistency is one of those things that has worried me in third party software based replication of VMs because they are unaware of things like in-VM database commits.  Maybe a new WinFS could be aware?  Potentially it could work in cluster-cluster replication (no mention of that in the reports I read this morning from WPC).

Good news: Hyper-V Replica will be a built-in feature with no extra charges, unlike something else we could mention Winking smile

I think that’s enough hot air and methane blown into the atmosphere for today.

SCVMMSSP 2.0 SP1 RTM

To be honest, I thought Microsoft would have killed this project because it causes confusion.  Microsoft starting talking about their private cloud when System Center Virtual Machine Manager Self Service Portal (SCVMMSSP) 2.0 was released last year.  With no other road map information, we were left to assume that it was the long term strategy – a shell in front of SCVMM.

Then along came SCVMM 2012 beta and we find that it is a self-contained private cloud solution.  What about hybrid cloud integration?  Project Concero takes care of that.  It seems like SCVMMSSP is a one-time-only solution for those on SCVMM 2008 R2.  Any effort you put into engineering it in your site will have a short term value if you do upgrade to 2012 because SCVMMSSP 2.0 is irrelevant there.  I wish the messaging from MSFT had been clearer last year.  I bet you a good few customers deployed the original SCVMMSSP 2.0 cloud solution to find it had a short life, and would have to be ripped/replaced by SCVMM 2012 with no migration path.

So, you can download this SP1 release of SCVMMSSP 2.0 now.  I’m not going to bother copy/pasting any more information.  This product is a total cul-de-sac, and a bad strategy to take in my opinion (now we know the real strategy).

It Must Be A Typo Or Something!?!?

Microsoft went and awarded me for my 4th year as an MVP (1 on ConfigMgr, and my 3rd on Virtual Machine aka Hyper-V).  It must have been a mistake.  Ben, are you sure you didn’t accidentally press Y instead of N on the survey? Winking smile

I am, of course, relieved and honoured by the award.  Being an MVP is an amazing recognition (it even helps with my day job) but the networking opportunity within the MVP community (MVPs, Redmond folks, and [most importantly] those in the local subs), and with the many experts who are not MVPs (yet) is the best bit.  I learn so much from other MVPs like Damian, Patrick, Hans, Kristian (congrats!), via blogs and Twitter, and wish I could speak German and Dutch to learn more from others like Carsten (congrats too!).  I cannot fail to mention people like Didier who brings a sense of reason to my (frequent) rants and opinions in his comments, or a good guy like Mark who expands my horizons.  Folks in Microsoft Ireland like John, Will, Dave and Enda make my job and community efforts easier with Gavin and Neil now appearing on the radar, and people like Mike, Ben, Serdar, Michael, and Carmen in Redmond have been amazing over the last years.

And you, the poor person reading this tripe or trying to stay alive while I bleat on and on and in in my 3 hour diatribes on Hyper-V and System Center, make it all possible.  Thinking about those diatribes, I really would make a great evil dictator.  Or even better – a keynote speaker!!!!

Thanks all!  I’m sure I’ve forgotten someone or lots of someones …

Now I’m hitting the sack at nearly 7pm because I’ve been at the wheel for 5 hours today.  God knows what I’ve just typed.