HP Support Assistant install failure 1639

I was recently updating the HP Support Assistant on my HP Probook laptop.  While attempting to run the install, I kept receiving the follow errors:
6-05-2015 2-19-09 p-m- 6-05-2015 2-19-25 p-m-
The install log showed the following:
6-05-2015 2-28-24 p-m-
Windows Installer installed the product. Product Name: HP Support Assistant. Product Version: 7.7.34.34.
Product Language: 1033. Manufacturer: Hewlett-Packard Company. Installation success or error status: 1639.

Thankfully I came across the following article which helped clear things up:
https://support.microsoft.com/en-us/kb/326027
To resolve this problem, remove all special characters or extended characters in the company name. To do so, modify the registry entry for the RegisteredOrganization string value.

Sure enough, I browsed to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion & noted that the RegisteredOrganization/RegisteredOwner value was added in quotes as part of the corporate SCCM build.  After changing the registry settings, I was able to run the installer with no further issues.

06-05-2015

Unable to start “System Center Data Access Service” on Service Manager Data Warehouse

I was recently faced with an issue for a customer where their Service Manager Data Warehouse Service would start but not stay running in their lab environment.  The following three events were logged in the Operations Manager event log:
14-04-2015 12-33-51 p-m-
Event ID: 26325
An authorization store exception was thrown in the System Center Data Access service. Exception message: Unable to perform the operation because of authorization store errors.

14-04-2015 12-36-04 p-m-
Event ID: 26339
An exception was thrown while initializing the service container.
Exception message: Initialize
Full exception: Feature of type ‘Microsoft.EnterpriseManagement.ServiceDataLayer.IAuthorizationFeature, Microsoft.EnterpriseManagement.DataAccessService.Core, Version=7.0.5000.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35’ cannot be added to the container.
14-04-2015 12-36-15 p-m-
Event ID: 26380
The System Center Data Access service failed due to an unhandled exception.
The service will attempt to restart.

Exception:
Microsoft.EnterpriseManagement.ConfigurationReaderException: Feature of type ‘Microsoft.EnterpriseManagement.ServiceDataLayer.IAuthorizationFeature, Microsoft.EnterpriseManagement.DataAccessService.Core, Version=7.0.5000.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35’ cannot be added to the container. —> System.ServiceModel.FaultException`1[Microsoft.EnterpriseManagement.Common.UnknownAuthorizationStoreException]: The creator of this fault did not specify a Reason. (Fault Detail is equal to Microsoft.EnterpriseManagement.Common.UnknownAuthorizationStoreException: Unable to perform the operation because of authorization store errors. —> System.Runtime.InteropServices.COMException (0x80070539): The security ID structure is invalid. (Exception from HRESULT: 0x80070539)
at Microsoft.Interop.Security.AzRoles.AzAuthorizationStoreClass.Initialize(Int32 lFlags, String bstrPolicyURL, Object varReserved)
at Microsoft.EnterpriseManagement.Mom.Sdk.Authorization.AzManHelper.Initialize(String pathToStore, String appName, AzManHelperModes helperMode, String storeDesc, String appDesc)
— End of inner exception stack trace —
).
— End of inner exception stack trace —
at Microsoft.EnterpriseManagement.ConfigurationReaderHelper.ReadFeatures(XPathNavigator navi, IContainer container)
at Microsoft.EnterpriseManagement.ConfigurationReaderHelper.Process()
at Microsoft.EnterpriseManagement.ServiceDataLayer.DispatcherService.Initialize(InProcEnterpriseManagementConnectionSettings configuration)
at Microsoft.EnterpriseManagement.ServiceDataLayer.DispatcherService.InitializeRunner(Object state)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ThreadHelper.ThreadStart(Object obj)
Thankfully I came across the following blog post which pointed me in the right direction: http://blogs.technet.com/b/servicemanager/archive/2011/10/04/system-center-data-access-service-start-up-failure-due-to-sql-configuration-change.aspx

I checked the SQL security method and discovered it was set to mix Windows/Sql Auth.  I then found a sqltest user that was set as db_owner for all three of the Service Manager Data Warehouse Databases.  Removed the DB_Owner role from each DB for the sqltest user and restarted the System Center Data Access service with no further issues.

14-04-2015 12-36-31 p-m- 14-04-2015 12-37-33 p-m-

14-04-2015 12-43-17 p-m-

Check for open application and reboot Hyper-V VM

I’ve recently had a requirement for a scheduled reboot of a large group of Hyper-V VDIs. Due to the nature of the line of business application, it was imperative that we checked that several specific apps were not running before the reboot was ran.  Here is an example of the script I wrote for this task.  Simply replace the $process, $process2, etc. with your specific application (name only, no path or .exe, etc. requirement).  The script checks the running process on the VDI, if one of the apps are running it breaks the loop for that VM and continues to the next, otherwise it reboots the VM and notifies the user.  Here’s the script:

$vms2reboot = get-vm | Where-Object Name -like *test-vm001* | Select-Object -Expand Name
$process = “Notepad”
$process2 = “Calc”
$process3 = “Mspaint”
start-transcript “C:\reboot-vms.log”
foreach ($vm2reboot in $vms2reboot){

if(get-process -Computername $vm2reboot | where-object {
$_.ProcessName -contains “$process” -or
$_.ProcessName -contains “$process2”-or
$_.ProcessName -contains “$process3”
})
{
Write-Host “A business app is currently running.  Reboot will not continue on $vm2reboot”
}
Else {write-host “Rebooting VM $vm2reboot”
shutdown -r -f -m \\$vm2reboot -c “Reboot commencing for maintenance”
}
}

stop-transcript

10-04-2015 9-10-51 p-m-new

If one of the apps are open, reboot does not continue:

10-04-2015 9-16-53 p-m-

Otherwise it reboots the VM:

10-04-2015 9-15-12 p-m-

10-04-2015 9-14-37 p-m-

 

Check time source for all Domain Controllers

I was recently working on an issue for a customer who was noticing random time sync issues on various DC’s.  I needed to confirm that all servers were set to point to the PDC for their time source.  I’ve put together this basic script which does just that:
9-04-2015 12-16-18 p-m-
$DomainControllers =  Get-ADDomainController -Filter * | Select-Object -expand name
foreach ($DomainController in $DomainControllers)
{
write-host “———————————————–”
write-host “Domain Controller: $DomainController”
write-host “Time Source:”
w32tm /query /computer:$DomainController /source
write-host “———————————————–”
}

 

Bulk Fortigate configuration backup

Continuing on from the previous post with bulk management of firewalls, in particular Fortigates.  The following shows a basic script which after enabling SCP transfers on your device, utilizes pscp.exe to backup multiple Fortigate firewall configs.

This script gets the current date, creates a folder under your Backup Path with the date, connects to each firewall in your CSV file (just as the previous post) and uses pscp.exe to backup the config file (fgt-config).  It then renames the fgt-config output file to the IP of your firewall and appends the date to the file name.  I am utilizing the echo y command at the front of the command to accept the untrusted certificate error at first connection.  In a production environment you may wish to re-evaluate this option!

Note, while the transcript option is present, due to a bug in PowerShell you do not get a whole lot of info out of running cmd applications from PowerShell.  I’ll look at a work around for this and update in the near future.

backup-config2
————————————————————————————
$Firewalls = get-content .\firewalls.csv
$Date = Get-Date -Format “dd-MM-yyyy”
$Username = “firewallusername”
$Password = “firewallpassword”
$BackupPath = “E:\Firewall-Config-Backups”
New-Item $BackupPath\$Date\ -type directory
Start-Transcript -path $BackupPath\$Date\$Date.log -append

foreach ($Firewall in $Firewalls){

echo y | .\pscp.exe -l $Username -pw $Password -v “$Firewall::fgt-config” $BackupPath\$Date\ | out-host -verbose
rename-item -path $BackupPath\$Date\fgt-config -newname $BackupPath\$Date\$Firewall-$Date.conf

}

Stop-Transcript
————————————————————————————

Here’s what your final screen output should look like:

backup-config-new

Using Powershell for bulk SSH commands on Fortigate firewalls, etc.

I’ve been working with a customer with a large stack of Fortigate firewalls.  Quite frequently there is a requirement to run commands against some or all of the firewalls.  While config management can be performed via the FortiManager, after trialling it we realized there were simply too many limitations for their requirements.  Thankfully bulk commands can be performed with this handy PowerShell SSH Module:
http://www.powershelladmin.com/wiki/SSH_from_PowerShell_using_the_SSH.NET_library.  As an example, I’ve built a quick power shell script as an example of how this can be used.

1.) Populate a list of your firewall IP addresses in a CSV firewall called Firewalls.csv.
firewall-ips
2.) Example: Enable SCP on Fortigate firewalls (to be used in a running config backups, etc.)
Import-Module .\SSH-Sessions.psd1
$Firewalls = get-content .\firewalls.csv
$Username = “firewallusername”
$Password = “firewallpassword”
foreach ($Firewall in $Firewalls){
New-SshSession $Firewall -Username $Username -Password $Password
Invoke-SshCommand $Firewall -command ‘config system global
set admin-scp enable
end’
}

firewall-enablescp

Note: In a production environment you would want to a) Use Cert based authentication or b) Encrypt your User/Name password (or perhaps prompt for a credential when script is ran).  It goes without saying – backup your firewall config before you make any changes! 🙂

In my next post I’ll cover using pscp.exe to backup your firewall config in a PowerShell script.

Create Hyper-V VDI/VM by name from CSV file

I was working on a Hyper-V VDI project for a customer recently, who needed to easily deploy a VDI Template VHD from a CSV file and create VMs based on this VHD. I put this script together to fit this requirement.

It references a CSV file called vdi.csv, which contains your desired Hyper-V VM names.  It then builds as many copies of the VM as your CSV contains:
vdi-powershel-csv
Here’s the script!
$VDIs = get-content .\vdi.csv
foreach ($VDI in $VDIs){
write-host $VDI is being copied from a VHD template.  This will take approxmiately 2 minutes…
copy “F:\Hyper-V\Virtual Hard Disks\vdi-template.vhd” “F:\Hyper-V\Virtual Hard Disks\$VDI.vhd”
New-VM -Name $VDI -BootDevice IDE -VHDPath “F:\Hyper-V\Virtual Hard Disks\$VDI.vhd” -MemoryStartupBytes 2GB -SwitchName “External”
Set-VMMemory -VMName $VDI -DynamicMemoryEnabled $true -MinimumBytes 512MB -StartupBytes 2GB -MaximumBytes 4GB
Set-VM -Name $VDI -AutomaticStopAction Shutdown
write-host $VDI Has now been created and ready for use…
}
It’s a quick and dirty script – I’ll look at building it out as future requirements dictate.

PowerShell: Remotely rename Windows Computers from CSV file

I recently setup a bunch of Windows 7 VDI systems for a customer.  They asked if they could rename them to a different naming convention.  I definitely didn’t want to have to login to each one or run psexec.  Thankfully with Windows Management Framework(a prerequisite) & Powershell this is very straight forward.

1st Step: Run Get-ADComputer with your desired filter and export to CSV file for use in step 3.  All of my new VDI systems contained the syntax “vdi” so I used this as my filter.
Get-ADComputer -Filter {Name -like “*vdi*”} | select-object Name | Export-Csv .\RenameComputers.csv -NoTypeInformation

csv-export
2nd Step:
Open your new CSV in Excel and add a new row called “NewName”, add the corresponding new computer names & save:
csv-edit
3rd Step:
Prompts for credentials used to connect to the machine remotely, imports the csv, runs the rename-computer cmdlet using the content Name & NewName from the CSV & renames the computer.

$cred = get-credential    
$Computers = import-csv .\RenameComputers.csv
foreach ($Computer in $Computers){
Rename-Computer -NewName $Computer.NewName -ComputerName $Computer.Name -DomainCredential $cred -Restart
}

SCSM: “An error was encountered while running the task”

I recently came across an unusual issue with Service Manager were all of the connectors stopped functioning.  Any time I went into the properties or attempted to create a new connector (in particular when starting to create and selecting test authentication), the connector would crash with the following error:

Application: System Center Service Manager
Application Version: 7.5.3079.0
Severity: Error
Message: An error was encountered while running the task.

scsm-error

Really helpful message…

I had seen a similar issues previously with the Exchange Connector due to a corrupted Default SR or IR Template.  As this was in the sandbox environment, I started removing custom Management Packs as a test – all that had been created since the connector had stopped working.  None of this resolved the issue.

The issue it turned out was with the System Center Operations Manager Agent installed on the SCSM server.

The Microsoft SCOM Agent is bundled in with Service Manager by default.  I have ran into several random issues before with System Center Operations Manager, where I needed to rebuild the Health Service State folder by stopping the “Microsoft Monitoring Agent” and renaming this folder.  On the SCSM server, the service is still the same but the Health State is in a different location.

First, stop the service:

scom-agent-service
Rename the SCOM Health Service State Folder (Located: C:\Program Files\Microsoft System Center 2012 R2\Service Manager\Health Service State)
health-service-state
Restart the Microsoft Monitoring Agent (this will recreate the Health Service State folder).

You should now be able to create connectors!

Powershell: get-vmwitch, get-vm, etc. blank

Recently when running a get-vmswitch on a Hyper-V host I noticed that the content came back blank.  The key is you have to run your PowerShell session as an Administrator.  Doh!  If you notice you are not getting results, might pay to give it a go. Sometimes it’s the simple things! 🙂