Check registry for key value for remote servers/computers
I’ve had a couple of requests from customers this week to check for the presence of a specific registry key. One looking for 2008/2008R2 servers: Get-ADComputer -Filter {OperatingSystem -Like “Windows Server* 2008”} -Properties * or others against a security group : Get-ADComputer -filter * -Property * | where {$_.memberof -match ‘YOURGROUPNAMEHERE’}. Here’s a sample of it to check for all systems with .NET 4.6.2 installed and outputs it to a text file:
$PatchStatus=@{}
$RemoteSystems= Get-ADComputer -filter * -Property *
$RemoteHosts = $RemoteSystems.Name
foreach ($RemoteHost in $RemoteHosts){
$Hive = [Microsoft.Win32.RegistryHive]”LocalMachine”;
$RegKey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey($Hive,$RemoteHost);
$Ref = $RegKey.OpenSubKey(“SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\”);
$RefValue = $Ref.GetValue(“Release”)
if ($RefValue -ge “394806”){$PatchStatus.Add($RemoteHost,”Patched”)}
else {$PatchStatus.Add($RemoteHost,”Needs .NET”)}
}
$PatchStatus | Out-File “C:\Temp\Needs-DotNET4.6.2.txt”
Find all HP Proliant Server Product Numbers/ID & Serial Number in Active Directory
I recently needed to find a way to look for all HP Proliant Servers in an organization for Warranty reporting. I put the following script together for this purpose. The script builds a Data Table, searches AD for all servers, confirms they are not a Virtual Machines & are Proliant servers, then runs a WMI query to pull the Product ID (and formats the output) & Serial Number into the ServerReport Table. This in turn is exported to a formatted CSV file. This can be plugged into something like this to expand further.
Here is the script:
#Please place the full path to your output file. Ie. C:\temp\myservers.csv
$FileOutputPath = “C:\temp\myservers.csv”
$ServerReport = new-object system.data.datatable “ServerReport”;
$ServerReport.columns.add((new-object system.data.datacolumn “ServerName”, ([string])));
$ServerReport.columns.add((new-object system.data.datacolumn “ServerSerial”, ([string])));
$ServerReport.columns.add((new-object system.data.datacolumn “ServerProduct”, ([string])));
$Serverlist = Get-ADComputer -Filter {OperatingSystem -Like “Windows *Server*”} -Property * | select-object -ExpandProperty Name
foreach($Server in $Serverlist){
$ComputerModel = (Get-WmiObject -Class Win32_ComputerSystem -ComputerName “$server” -ErrorAction Ignore | Select-Object Model).Model
if ($ComputerModel -match “Virtual Machine”) {
write-host “$Server is a Virtual Machine, moving to next Server”
}
if ($ComputerModel -like “*Proliant*”) {
$SerialNumberNoFormat = (Get-WmiObject -Class Win32_BIOS -ComputerName “$server” | Select-Object SerialNumber).SerialNumber
$SerialNumber = $SerialNumberNoFormat -replace “[^a-zA-Z0-9]”
$OEMStringArray = (Get-WmiObject -Class Win32_ComputerSystem -ComputerName “$server” | select -ExpandProperty OEMStringArray)
$ProductNumberNoFormat = $OEMStringArray -replace “[^0-9-]”
$ProductNumber = $ProductNumberNoFormat.Split(“;”,[System.StringSplitOptions]::RemoveEmptyEntries)
$row = $ServerReport.NewRow()
$row.”ServerName” = $Server
$row.”ServerSerial” = $SerialNumber
$row.”ServerProduct” = $ProductNumber
$ServerReport.Rows.Add($row)
write-host “$Server is an HP Proliant Server, Serial Number $SerialNumber & Product Number $ProductNumber are being added to file $FileOutputPath”
}
}
$ServerReport | Export-CSV -path $FileOutputPath -Append -NoTypeInformation
Hope it helps!
Check time source for all Domain Controllers
I was recently working on an issue for a customer who was noticing random time sync issues on various DC’s. I needed to confirm that all servers were set to point to the PDC for their time source. I’ve put together this basic script which does just that:
$DomainControllers = Get-ADDomainController -Filter * | Select-Object -expand name
foreach ($DomainController in $DomainControllers)
{
write-host “———————————————–”
write-host “Domain Controller: $DomainController”
write-host “Time Source:”
w32tm /query /computer:$DomainController /source
write-host “———————————————–”
}
Remotely set DNS Primary and Secondary Servers via PowerShell
Create a text file with a list of server names that you would like to change Primary & Secondary DNS for:
#PowerShell Script:
$computer = get-content C:\temp\servers.txt
$DNSServers = “192.168.1.19”,”192.168.1.30″
$NICs = Get-WMIObject Win32_NetworkAdapterConfiguration -computername $computer |where{$_.IPEnabled -eq “TRUE”}
Foreach($NIC in $NICs) {$NIC.SetDNSServerSearchOrder($DNSServers), $NIC.SetDynamicDNSRegistration(“TRUE”)}
Migrate 2008 DHCP to Server 2012 R2 with DHCP Failover
Recently needed to migrate an existing 2008 DHCP server to two new Server 2012R2 DHCP servers with Failover enabled. Thankfully, this is a very straightforward process!
Logged onto to one of your new DHCP servers run the following PowerShell commands:
Export-DhcpServer –ComputerName OLDDHCPSERVERNAME.company.local -Leases -File C:\OLDDHCPSERVER-dhcpexp.xml -verbose
Import-DhcpServer –ComputerName NEWDHCPSERVER1.company.local -Leases –File C:\OLDDHCPSERVER-dhcpexp.xml -BackupPath C:\dhcp\backup\ -Verbose
Import-DhcpServer –ComputerName NEWDHCPSERVER2.company.local –File C:\OLDDHCPSERVER-dhcpexp.xml –ServerConfigOnly –verbose –BackupPath C:\dhcp\backup\
Note: If the C:\dhcp\backup\ path doesn’t exist you will need to re-run the command or create it first.
Next to enable the new failover functionality, right-click on your scope and select “Configure Failover.”
Specify “Hot standby” and specify your reservervation for standby server(this can generally be fairly low as clients will hold their lease for awhile.). Specify a State Switchover Interval if you want your server to automatically failover after a period of disruption on the primary server. Finally enable a Message Authentication Shared Secret if desired between the servers.
That’s it! 🙂
vCenter Service won’t start/Failed to create http proxy
I recently had a customer who’s vCenter service would not start on their management server. The Event 1000 error showed: “Failed to intialize VMware VirtualCenter. Shutting down…” Not very helpful!
Next, I checked the vpxd log files: %ALLUSERSPROFILE%\Application Data\VMware\VMware VirtualCenter\Logs\. In there I noticed the following error: [VpxdReverseProxy] Failed to create http proxy: An attempt was made to access a socket in a way forbidden by its access permissions. This indicated that something was using one of the vCenter ports (By default 80,443,902).
The next step for this was to find out what was using one of those ports. For that, we use the netstat command: netstat -bano > C:\netstat.txt (I will generally output this to text file as it makes it easier to search).
Search the output file for the ports VMware Ports listed above (or the non-standard ports you may have configured).
To check what application is related to the PID, open Task Manager and add PID to the view (View, Select Columns)
At this stage I had a pretty good idea what was using it. Jumped into IIS and sure enough, somebody had started the Default Website running on Port 80. Stopped the website and restarted the vCenter Service with no further issues
Migrate DHCP Server in Windows Server
Quite often we will have a requirement for migrating DHCP between servers. The process is very straightforward with 2008 & later servers. First, install the DHCP Role onto your destination server if it’s not there already. I find it easier to install this with PowerShell as opposed to Add Features as you don’t get all the prompts for setting scopes, etc.
From an elevated PowerShell, run Import-Module servermanager
Next, install the role: Add-Windowsfeature DHCP -IncludeAllSubFeatures
#This will include the RSAT/Management Tools as well as the DHCP Service
Next on your source server, right-click on your server and select “Backup”. Save the backup file to a shared location. Next select “Unauthorize” – this will allow you to authorize the migrated server.
On the new server, open DHCP, add your new server into the management view
Next, right-click on your new server and select “Restore”, select the backup file from your shared location and import. Right-click on the new server and select “Authorize” and the server will now be ready to use.
Find HP Proliant serial number from Windows
I’ve had several instances when HP System Management isn’t operational and I don’t physically have access to a server to check its serial number. Thankfully this can be easily queried from windows by running the following command from a command prompt:
Note: This does work for other manufacturers – we are just primarily an HP house. 🙂
Windows Server 2008 R2 not showing all available free space and won’t extend
We recently had an alert come through regarding one of our customer’s data drives running out of space. I logged into to vCenter and extended the VM guest’s data drive, logged into Windows, ran DiskPart, selected the volume & extended it. This is generally my preferred method as more often than not it doesn’t show the space in Windows Explorer when the same process is ran from Disk Management.
The extend showed that it completed successfully and all the available space showed up in Disk Management. However it still wasn’t showing in Windows, even after a restart of the server. Next thing I ran was extend filesystem on the selected volume. This came back with the following error: DiskPart has encountered an error: The device does not recognize the command. See the System Event Log for more information.
Researched the issue further and noticed that the Volume Shadow Copy Service was started, although there were not any scheduled Shadow Copies or Shadow Protect backups currently running. Stopped the service and re-ran the extend in Diskpart – this time it completed with no errors and the correct space was then shown in Windows.
vCenter Service & Hardware Status won’t display.
A couple of times now, I have ran into the following error with vCenter 5.1 loaded on Server 2003 x64 when opening up vCenter Plug-in Manager:
The following error occurred while downloading the script plugin from https://vcenterserver.domain.com:8443/health-ui/scriptConfig.xml. The client could not send a complete request to the server. (The underlying connection was closed: An unexpected error occurred on a send.)
The issue in each case has been due to missing AES Cipher suites in Server 2003. Running the following Micrsoft Hotfix has resolved it in both cases: http://support.microsoft.com/kb/948963