How to upgrade Veeam Backup for Microsoft Office 365 to v6 edition

Veeam released Veeam Backup for Microsoft 365 v6 on March 9, 2022, there are lots of new features at this version included Self-Service Restore Portal, Backup copy to low-cost object storage… etc. the detail information as following link.

https://www.veeam.com/whats-new-backup-microsoft-office-365.html

Today, I am going to show you how to upgrade the exiting Veeam Backup for Microsoft 365 to V6 edition.

Veeam Backup for Microsoft 365 supports upgrade to version 6.0 from following versions of the application:

4.0 (build 4.0.0.1345)

4a (builds 4.0.0.1553, 4.0.0.1580)

4b (builds 4.0.0.2516, 4.0.0.2549)

4c (builds 4.0.1.519, 4.0.1.531, 4.0.1.545)

5.0 (builds 5.0.0.1061, 5.0.0.1063)

5a (build 5.0.0.1070)

5b (builds 5.0.1.179, 5.0.1.225)

5c (build 5.0.2.22)

5d (build 5.0.3.1033)

Consider the following:

All modifications made to the Config.xml file manually will be lost.

The Veeam Backup for Microsoft 365 RESTful API Service must be enabled manually after the upgrade. To do this, use the services.msc console.

1.Download Veeam backup for Microsoft 365 V6 ISO image file. (Sign in required)

https://www.veeam.com/backup-microsoft-office-365-download.html?ad=downloads

2.Login to Veeam Backup for Microsoft 365 Manager server.

3.Open Veeam Backup for Microsoft Office 365 console.

4.Make sure all jobs are successfully, and then disable them, close console.

5.Mount VBO365 v6 (Veeam.Backup365_6.0.0.367) ISO image file.

6.Double-click Veeam.Setup.exe.

7.On the User Access Control page, click Yes.

8.On the Veeam Backup for Microsoft 365 page, click Update.

9.Before upgrading make sure that operating systems meet the new system requirements, click OK.

10.On the License Agreement page, click I Accept.

11.On the Ready to install page, click Install.

12.On the Successfully installed page, click Finish.

13.Open Veeam Backup for Microsoft Office 365 console.

14.On the Veeam Backup for Microsoft Office 365 console, select Backup Infrastructure.

15.Right-click the Out of Date Backup repositories, click Upgrade.

16.Make sure there are no errors after upgrade.

17.On the Veeam Backup for Microsoft Office 365 console, select Organizations.

18.Right-click Jobs. Select Enable.

19.Verify the Veeam Backup for Microsoft Office 365 version from Veeam Backup for Microsoft Office 365 console (Help |Abut).

20.On the Veeam Backup for Microsoft Office 365 console, click Explore and select Veeam Explorer for Microsoft Exchange.

21.Verify the Veeam Explorer for Microsoft Exchange version from Veeam Explorer for Microsoft Exchange console (Help |Abut). Close the Veeam Explorer for Microsoft Exchange console.

22.On the Veeam Backup for Microsoft Office 365 console, click Explore and select Veeam Explorer for Microsoft SharePoint.

23.Verify the Veeam Explorer for Microsoft SharePoint version from Veeam Explorer for Microsoft SharePoint console (Help |Abut). Close the Veeam Explorer for Microsoft SharePoint console.

24.On the Veeam Backup for Microsoft Office 365 console, click Explore and select Veeam Explorer for Microsoft OneDrive.

25.Verify the Veeam Explorer for Microsoft SharePoint version from Veeam Explorer for Microsoft OneDrive console (Help |Abut). Close the Veeam Explorer for Microsoft OneDrive console.

26.On the Veeam Backup for Microsoft Office 365 console, click Explore and select Veeam Explorer for Microsoft Teams.

27.Verify the Veeam Explorer for Microsoft SharePoint version from Veeam Explorer for Microsoft Teams console (Help |Abut). Close the Veeam Explorer for Microsoft Teams console.

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com

How to deploy Microsoft Local Administrator Password Solution (LAPS)

Cyberattack is one of the fastest growing crimes in the world, we have seen passwords being leaked regularly, local administrator account is like God of machine, it has superpower to do anything for the machine. A lot of IT guys simply use the same password for all local administrator accounts, the attacker easy access to the whole estate if one machine is breached.

Microsoft LAPS is one of solutions to prevent the issues, The “Local Administrator Password Solution” (LAPS) provides management of local account passwords of domain joined computers. Passwords are stored in Active Directory (AD) and protected by ACL, so only eligible users can read it or request its reset. Today, I am going to show you how to deploy it.

System prerequisites

Supported Operating System

Windows Server 2019, Windows Server 2008, Windows Server 2016, Windows 10, Windows Server 2012 R2, Windows Server 2003, Windows Server 2008 R2, Windows Server 2012, Windows 7, Windows 8, Windows Vista, Windows 8.1, Windows Server 2022

Active Directory: (requires AD schema extension)

• Windows 2003 SP1 or later.

Managed machines:

• Windows Server 2003 SP2 or later, or Windows Server 2003 x64 Edition SP2 or later.

Note: Itanium-based machines are not supported.

Management tools:

• .NET Framework 4.0

• PowerShell 2.0 or later

1.login to LAPS Management Server, download Microsoft LAPS Package from https://www.microsoft.com/en-us/download/details.aspx?id=46899

2.On the Choose the download you Want page, select LAPS.x64.msi, click Next.

3.Login to the target computers which will update the local administrator password.

4.Run LAPS.x64.msi file. (You need to run this as administrator).

5.On the Welcome page, click Next.

6.On the End-User License Agreement page, select I accept terms in the License Agreement, click Next.

7.On the Custom Setup page, deselect AdmPwd GPO Extension and select Management Tools. If you also managing the local administrator account of the management server, you also need to install AdmPwd GPO Extension. In my case, I am installing it in a Domain controller so I do not need it.

8.Click Next.

9.On the Ready to install Local Administrator Password Solution page, click Install.

10.On the Completed page, click Finish.

Once this is done, we need to Active Directory schema to support Microsoft LAPS

11.Open PowerShell as Active Directory Schema Administrator.

12.Run below cmdlet.

Import-module AdmPwd.PS

13.Run below cmdlet to update the schema.

Update-AdmPwdADSchema

14.Verify two new attributes in the computer object after schema update.

ms-Mcs-AdmPwd – Save the administrator password in clear text.

ms-Mcs-AdmPwdExpirationTime – Save the timestamp of password expiration.

These values will be updated once we finish the rest of the configuration.

During the password update process, the computer object itself should have permission to write values to ms-Mcs-AdmPwd and ms-Mcs-AdmPwdExpirationTime attributes. To do that we need to grant permissions to SELF built-in account.

15.Open PowerShell as Domain Administrator.

16.Run below cmdlet to change computer object permissions.

Set-AdmPwdComputerSelfPermission -OrgUnit Servers

Servers is the OU I created for all the machine objects.

17.Creating a new security group and assign users as member of this group, the users of this security group have permissions to view the passwords for local administrators.

18.Before we assign permissions, run below cmdlet to see who had privileges to view the passwords by default.

Import-module AdmPwd.PS

Find-AdmPwdExtendedRights -Identity Servers

We noticed extended permissions are only applied to the Domain Admins group. It means a local administrator password for a computer object in Servers OU, can only access by a domain admin account.

19.Run below cmdlet to add extended permissions to LAPSAdmins security group.

Set-AdmPwdReadPasswordPermission -Identity Servers -AllowedPrincipals LAPSAdmins

20.Run below cmdlet to verify extended permissions to LAPSAdmins security group.

Find-AdmPwdExtendedRights -Identity Servers | fl

21.Creating a GPO to install LAPS agent software in managed computers.

22.Log in to Domain Controller.

23.Open Group Policy Management.

24.On the Group Policy Management console, right-click Group Policy Objects, select New.

25.Type LAPS Software Install as the new gpo name, click OK.

26.On the Contents page, right-click LAPS Software Install gpo, select Edit.

27.Go to Computer Configuration, then Policies, and then Software settings, right-click Software installation, select New and click Package.

28.On the Open page, type \\Cgy-dc02\laps\LAPS.x64.msi as File name, click Open.

29.On the Deploy Software page, select Assigned, click OK.

30.Go to Computer configuration, then Administrative Templates, and then LAPS.

31.Double click on Password Settings.

32.On the Password Settings page, select Enabled, you can define password complexity settings and password age at Options, click on OK.

33.Double click on the Do not allow password expiration time longer than required by policy.

34.On the Do not allow password expiration time longer than required by policy, select Enabled, click OK.

35.Double click on the Enable local admin password management.

36.On the Enable local admin password management page, select Enabled, click OK.

37Double click on the Name of administrator account to manage.

38.on the Name of administrator account to manage page, select Enable, enter admin as Administrator account name, click OK.

39.Close the Group Policy Management Editor.

40.On the Group Policy Management Console, right-click Servers OU, select Link an Existing GPO.

41.On the Select GPO page, select LAPS Software Install, click OK.

42.Close Group Policy Management console, this will push agents to the Computers under Servers OU. The installation is required a reboot on the computers to complete the installation.

43.Login to member server of Servers OU, reboot the machine or run gpupdate.

44.Verify LAPS agent installed.

45.Login tp domain controller (LAPS manager server) as a member of LAPSAdmins group.

46.Open LAPS UI.

45.Type the computer name (member of Server OU), click Search.

46.You will notice LAPS changed the password of the local administrator account.

47.You also can run below PowerShell cmdlet to retrieve the local administrator password.

Get-AdmPwdPassword -ComputerName CGY-RDSCB01 |fl

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com

How to move failover clusters on the same hardware to another domain

1.Create a local Administrator account with the same name and password on all servers in the cluster.

2.Following steps to remove file share witness, Open Failover Cluster Manager, Right-click cluster name, select More Actions, click Configure Cluster Quorum settings.

3.On the Before You Begin page, click Next.

4.On the Select Quorum Configuration Option page, select Select the quorum witness, click Next.

5.On the Select Quorum Witness page, select Do not configure a quorum witness, click Next.

6.On the Confirmation page, click Next.

7.On the Summary page, verify configured successfully, click Finish.

8.Verify Cluster Core Resource of Failover Cluster Manager, make sure the File Share Witness was be removed.

9.Sign in to the first server with a domain user or administrator account that has Active Directory permissions to the Cluster Name Object (CNO), Virtual Computer Objects (VCO), has access to the Cluster.

10.Open Failover Cluster Manager console, select all CSVs, right-click , select Take offline.

11.Ensure all CSV offline.

12.Ensure all Cluster Network Name resources are in an Offline state.

13.Run following PowerShell cmdlet, this command will remove the Active Directory objects that the cluster may have.


Remove-ClusterNameAccount -Cluster HOPI-S2DCLU01 -DeleteComputerObjects

14.Login to DC, use Active Directory Users and Computers to ensure the CNO and VCO computer objects associated with all clustered names have been removed.

15.Run following PowerShell Cmdlet on all servers in the cluster to stop the Cluster service and set the service startup type to Manual.


Stop-Service -Name ClusSvc

Set-Service -Name ClusSvc -StartupType Manual

16.Change all servers from domain membership to a workgroup, restart all servers.

17. Join the servers to the new domain, , restart all servers.

18.Once the servers are in the new domain, sign in to a server with a domain user or administrator account that has Active Directory permissions to create objects, has access to the Cluster, and open PowerShell. Start the Cluster Service, and set it back to Automatic.


Start-Service -Name ClusSvc

Set-Service -Name ClusSvc -StartupType Automatic

19.Bring the Cluster Name and all other cluster Network Name resources to an Online state.


Start-ClusterResource -Name "Cluster Name"

20.Change the cluster to be a part of the new domain with associated active directory objects. To do this, the command is below and the network name resources must be in an online state. What this command will do is recreate the name objects in Active Directory.

Stop-ClusterResource -Name “Cluster Name”


New-ClusterNameAccount -Name S2DCLU01 -Domain titan.local -UpgradeVCOs

21.Use Active Directory Users and Computers to check the new domain and ensure the associated computer objects were created. If they have, then bring the remaining resources in the groups online.


Start-ClusterGroup -Name "Cluster Group"

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com

How to delete a protected OU of Active Directory

Today, I am going to show you how to delete a protected OU of Active Directory.

1.Log on to the computer as a member of the Domain Admins group.

2.Open Active Directory Users and Computers

3.Click View, and then click Advanced Features

4. Right-click the OU, and then select Properties.

5.In OU Properties, click the Object.

6.Unselect Protect object from accidental deletion, click OK.

7.Right-click the OU, and then select Delete.

8.On the Active Directory Domain Service warning page, click Yes.

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com

How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

Today, I ma going to show you how to configure Cisco DUO two-factor authentication for Outlook Web App of Exchange 2013 and later.

1.Check your server versions before starting. These instructions are for Exchange Server 2013 and 2016, running on Windows Server 2012 or newer, and Exchange Server 2019, running on Server 2019. It also requires .NET Framework 4.5 and ASP.NET 4.5.

2.Login to Exchange Servers and running the following PowerShell commands to make sure you have installed .NET Framework 4.5.


Import-Module ServerManager

Add-WindowsFeature NET-Framework-45-Core

3.Run the following PowerShell commands to make sure you have installed ASP.NET 4.5 support for IIS and HTTP Activation.


Import-Module ServerManager

Add-WindowsFeature NET-Framework-45-ASPNET

Add-WindowsFeature NET-WCF-HTTP-Activation45

4.Run the following PowerShell commands to make sure that the IIS Management Scripts and Tools feature is turned on.


Import-Module ServerManager

Add-WindowsFeature Web-Scripting-Tools

5.Sign up for a Duo account. The detail steps as following link.

How to Configure two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free #Cisco #DUO # Remote Desktop Services #Microsoft #2FA #UAC #Free #MFA #mvphour – CarySun

6.Log in to the Duo Admin Panel and navigate to Applications.

7.On the Application page, Click Protect an Application.

8.On the Protect an Application, locate the entry for Microsoft OWA in the applications list, click Protect.

9.Take a note for the integration key, secret key, and API hostname. You’ll need this information to complete your setup.

10.Download the Duo OWA Installer Package for Exchange 2013+. View checksums for Duo downloads here.

https://dl.duosecurity.com/duo-owa-latest.msi

11.Login to Exchange Server (Client Access Services).

12.Launch the Duo Security installer MSI from an elevated command prompt (right-click “Command Prompt” and select the “Run as Administrator” option). Accept the license agreement and continue.

13.Click Run at the Open File – Security Warning.

14.At the Welcome page, click Next.

15.Enter your integration key, secret key, and API hostname when prompted.

If you leave the “Bypass Duo authentication when offline” box in the Duo installer checked, then your users will be able to logon without completing two-factor authentication if the Duo Security cloud service is unreachable. If that box is unchecked then all OWA login attempts will be denied if there is a problem contacting the Duo service.

Duo for OWA sends a user’s Windows sAMAccountName to Duo’s service by default. To send the userPrincipalName to Duo instead, check the Send username to Duo in UPN format box. For this to work, OWA and ECP must be using Forms-Based Authentication (FBA).

If you enable the UPN username format option, you must also change the properties of your OWA application in the Duo Admin Panel to change the “Username normalization” setting to None. Otherwise, Duo drops the domain suffix from the username sent from OWA to our service, which may cause user mismatches or duplicate enrollment.

16.Select the option to automatically generate a new key if you only have one Exchange Server is running the Client Access Server role, click Next.

17. if you have multiple Client Access servers then you should manually generate a random string at least 40 characters long, and use the same string as the session key during installation on each of the servers, running the following PowerShell commands to generate a suitable session key.


$bytes = new-object "System.Byte[]" 40

(new-object System.Security.Cryptography.RNGCryptoServiceProvider).GetBytes($bytes)

[Convert]::ToBase64String($bytes)

18.Enter the shared session key, click Next.

19.Click Install to install Duo Security OWA Integration.

20.Complete the Duo installation. The installer stops and then restarts IIS services automatically, click Finish.

21.Repeat steps to install Duo Security OWA Integration for all Exchange Servers.

22.you can try to access OWA after install has done for all exchange servers.

23.On the OWA Login Page, click Send Me a Push.

24.Click Approve check mark at your phone DUO app.

25.You will success login to OWA.

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com

How to fix trust relationship between workstation and primary domain failed without rejoin domain

If you tried to restore VMs (or physical machines) and it shows the trust relationship between this workstation and the primary domain failed, I won’t recommend using rejoin domain to solve issues, because it will happen unexpected issues after disjoin and rejoin domain.

Today, I am going to show you how to fix it without disjoin and rejoin domain.

1.Remove network connection (unplug ethernet cable).

2.Login with domain credentials or local administrator.

3.Re-Add network (Plug-in Ethernet cable).

4.Open PowerShell cmdlet Run as Administrator.

5.Click Yes at User Access Control page.

6.Run cmdlet as follow, and then enter domain admin user password, click OK.


Reset-ComputerMachinePassword -Server DomainController -Credential DomainAdmin.

e.g.


Reset-ComputerMachinePassword -Server CGY-DC01 -Credential gdmcgy\csun

7.Sign out and then try to sign in again.

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com

How to use group policy to disable or prevent shutdown option

Today, I am going to show you how to use Group Policy to disable or prevent Shutdown option.

1.On the Server Manager page, select Tools, click Group Policy Management.

2.On the Group Policy Management page, right-click Group Policy Objects, select New.

3.On the new GPO page, enter the name for new GPO, in my case, my new GPO name is Prevent Shutdown, click OK.

4.Right-click the new GPO, select Edit.

5.On the Group Policy Management Editor page, expend User Configuration, Expend Administrative Template, select Start Menu and Taskbar, click Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands.

6. Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands page, select Enable, click OK.

7.On the Group Policy Management page, right-click the OU which you would like to apply this new GPO, select Link an Existing GPO.

8.On the Select GPO page, select the new GPO, in my case is Prevent Shutdown, click OK.

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com

How to move Veeam SOBR Performance Tier to another Server (repository)

Today, we help our client to build a new S2D server as new Veeam Repository, now, we need to move the SOBR performance tier from the old repository server to this new server, I am going to show you how to move it.

1.I would recommend running Active Full backup for all backup jobs by manually to close backup chain.

2.Right-click the existing SOBR repository and select Properties.

3.On the Name page, click Next.

4.On the Performance Tier page, click Add.

5.On the Extents page, select the new repository, click OK.

6.On the Performance Tier page, click Next.

7.On the Placement Policy page, keep the existing settings, click Next.

8.On the Capacity Tier page, keep the existing settings, click Apply.

9.On the Summary page, click Finish.

10.Select the existing SOBR repository, right-click the old repository, select Maintenance mode.

11.On the Extent maintenance page, make sure the old repository was put in maintenance mode, click Close.

12.Right-click the old repository and select Evacuate backups.

13.Verify and make sure the right repository will be evacuated, click Yes.

14.now, the SOBR Performance Tier moved to new repository.

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com

How to Fix Veeam Collecting recovery media files Details Windows recovery image file not found

Did you try to use Veeam Agent for Windows feature to backup physical machines? Have you been noticed the exiting backups with a warning “Collecting reovery media files Details: Windows recovery image file not found”? Today, I am going to show you how to fix the issues.

Veeam Agent for Windows runs the Recovery Media collection process at the end of the backup job. The process enables Veeam Agent for Windows to generate the Veeam Recovery Media for the machine.

The Recovery Media collection process is based on the Windows RE/PE components that may be missing. For example:

  • Starting from Windows 10 version 1809, the WinPE component is an add-on to the Windows Assessment and Deployment Kit (ADK).
  • Veeam Agent machine has a hardware recovery partition instead of the system partition.

As a result, the backup job fails to process the WinRE image and displays the warning.

Check the status of the Windows RE components with the following command:

1.Start the command prompt.

2.Run the command: reagentc /info.

  • If the command returns Enabled, there is a possibility that system might be corrupted. It is worth checking system integrity. Use the dism.log command that may point to a possible cause.
  • If the command returns Disabled, it is most likely that the Windows RE/PE components are not installed or configured on the Veeam Agent machine.

If Windows RE/PE components are not installed or configured on the Veeam Agent machine, fix the Recovery Media collection process as shown here:

Veeam Recovery Environment is built off the Windows Recovery Environment, and the Recovery Environment is made from the Windows Preinstallation Environment.

If a system is missing the Windows PE/RE components, Veeam Recovery Media will fail to create.

The missing Windows Recovery Environment files will need to be copied from the Windows Installation media to the running system to resolve this issue.

Solution 1:

You should perform the following steps on the machine which is having the issue.

1.Mount the Windows Installation ISO, or insert the installation media

2.Using Windows Explorer, check the “sources” folder on the Windows install media:

  • If install.wim is present, skip to step 4
  • if install.esd is present, proceed to step 3

3.Using the DISM Export-Image function, extract the install.wim from the install.esd file in the install media:

*How to export install.wim from install.esd file

First, using the DISM Get-ImageInfo function, determine which Index ID inside the install.esd matches the installed version of Windows.

Modify file paths as needed for your environment.

dism /get-imageinfo /imagefile:D:\sources\install.esd

In this example, the machine had Windows 10 Pro installed, and using the previous command, Index #6 matched that version.

The /Compress switch must be included, if not the resulting wim file will fail to mount using DISM.

Dism /Export-image /SourceImageFile:D:\sources\install.esd /SourceIndex:6 /DestinationImageFile:C:\tempsources\install.wim /Compress:fast /CheckIntegrity

4.Using the DISM Mount-Image function, mount the install.wim:

Correct file paths as needed depending on the location of the install.wim.

  • Create dism folder at C drive.
  • DISM /Mount-image /imagefile:F:\sources\install.wim /Index:1 /MountDir:C:\dism /readonly /optimize

5.Copy WinRe.wim and ReAgent.xml files from the mounted image to the system’s C:\Windows\System32\Recovery folder:

Note: The example command will overwrite all data in the C:\Windows\System32\Recovery folder with content from the mounted image.

(WinRe.wim is a system file and is hidden by default, as such, you won’t be able to see the file once it’s copied to the target location.)

robocopy /MIR C:\dism\Windows\System32\Recovery\ C:\Windows\System32\Recovery

6.Enable Recovery image using REAgentC

reagentc /setreimage /path C:\Windows\System32\Recovery

7.Using the DISM Unmount-Image function, unmount the image mounted in Step 4.

Note: If the install.wim was extracted from an install.esd file, you can manually delete it during this step.

Dism /Unmount-image /MountDir:C:\dism /discard

Solution 2:

If it’s still not working, download and install ADK and Windows PE add-on with default settings as following link.

https://docs.microsoft.com/en-us/windows-hardware/get-started/adk-install

1.Run following command to verify WIN RE Image status.

reagentc / enable

dir /a /s c:\winre.wim

2.Run adkwinpesetup,exe to install ADK.

3.On the Specify location page, click Next.

4.On the Windows Key Privacy page, click Next.

5.On the License Agreement page, click Accept.

6.On the Select the features you want to install page, select Windows Preinstallation Environment (Windows PE), click Install.

7.On the User Account Control page, click Yes.

8.On the Welcome page, click Close.

9.Open Regedit.

10.Browse to “HKEY_LOCAL_MACHINE\SOFTWARE\Veeam\Veeam Endpoint Backup”

11.Right-click Veeam Endpoint Backup, select New, click DWORD (32-bit) Value.

12.Edit DWORD (32-bit Value key with these details, click OK.

Name: ForceUseAdkForRecoveryMedia

Base: Hexadecimal

Value data: 1

13.Restart the “Veeam Agent for Microsoft Windows” service.

Solution 3:

If you want to eliminate the warning, exclude the Veeam Agent machine from the Recovery Media collection process. Add the following registry key:

1.Run regedit.exe.

2.Locate the HKEY_LOCAL_MACHINE\SOFTWARE\Veeam\Veeam EndPoint Backup key.

3.Add the following value under the key:

Name: DisableRECollection

Type: REG_DWORD

Value: 1

4.Go to Control Panel > System and Security > Administrative Tools > Services.

5.Restart the Veeam Agent for Microsoft Windows service.

After the registry key is created, Veeam Agent for Windows does not start the Recovery Media collection process at the end of the backup job.

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com

How to Extend Volumes in Storage Space Direct Cluster #S2D Cluster # Storage Space Direct #Microsoft #mvphour

Today, I am going to show you how to Extend Volumes in Storage Space Direct Cluster.

Resize the virtual disk

  1. Login to S2D Cluster server.
  2. Open PowerShell Run as Administrator.
  3. Run follow cmdlet to check Virtual Disk information.

    Get-VirtualDisk

  4. Run follow cmdlet to get association between objects ion the stack information.

    Get-VirtualDisk CSV01 | Get-Disk | Get-Partition | Get-Volume

  5. Run follow cmdlet to verify the Virtual Disk use storage tiers, or not use.

    Get-VirtualDisk CSV01 | Get-StorageTier

  6. If the cmdlet returns nothing, the virtual disk doesn’t use storage tiers, run follow cmdlet to Resize Virtual Disks.

    Get-VirtualDisk <FriendlyName> | Resize-VirtualDisk -Size <Size>

  7. If the virtual disk uses storage tiers.

  8. Run follow cmdlet resize each tier separately. In my case, increate the CSV01-NestedMirror storage tier size from 200GB to 300GB.

    Get-VirtualDisk CSV01 | Get-StorageTier | Select FriendlyName

    Get-StorageTier CSV01-NestedMirror | Resize-StorageTier -Size 300GB

  9. 9.Run follow cmdlet to verify storage tier size.

    Get-VirtualDisk CSV01 | Get-StorageTier

    Get-VirtualDisk

Resize the partition

The virtual disk is expected to have two partitions: the first is Reserved and should not be modified; the one you need to resize has PartitionNumber = 2 and Type = Basic.

  1. Run follow cmdlet to resize partition.

    # Choose virtual disk

    $VirtualDisk = Get-VirtualDisk CSV01

    # Get its partition

    $Partition = $VirtualDisk | Get-Disk | Get-Partition | Where PartitionNumber -Eq 2

    # Resize to its maximum supported size

    $Partition | Resize-Partition -Size ($Partition | Get-PartitionSupportedSize).SizeMax

  2. Verify the Volume size status from Storage Disks of Failover Cluster Manager.

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com

How to Install (or Upgrade) Cumulative Update 18 for Exchange Server 2016 #Exchange #Exchange 2016 #Microsoft #mvphour

Microsoft released Cumulative Update 18 for Microsoft Exchange Server 2016 on September 15, 2020. This cumulative update includes fixes for nonsecurity issues and all previously released fixes for security and nonsecurity issues. These fixes will also be included in later cumulative updates for Exchange Server 2016. This update also resolves a vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2020-16875.

This update also includes new daylight-saving time (DST) updates for Exchange Server 2016. This cumulative update fixes the issues as follow.

  • 4570248 Get-CASMailbox uses wrong LDAP filter for ECPEnabled in Exchange Server 2016
  • 4570252 Intermittent poison messages due to NotInBagPropertyErrorException in Exchange Server 2016
  • 4576649 System.InvalidCastException when you change passwords in Outlook on the web in Exchange Server 2016
  • 4570251 Inbox rule applying a personal tag doesn’t stamp RetentionDate in Exchange Server 2016
  • 4570245 ESEUtil /p fails if any long value (LV) is corrupted in Exchange Server 2016
  • 4570255 NullReferenceException occurs when you run TestFederationTrust in Exchange Server 2016
  • 4576650 Can’t add remote mailbox when setting email forwarding in Exchange Server 2016 Hybrid environment
  • 4570253 CompletedWithErrors without details for mailbox migration batches in Exchange Server 2016
  • 4570247 CSV log of Discovery export fails to properly escape target path field in Exchange Server 2016
  • 4570246 EdgeTransport crashes with Event ID 1000 (exception code 0xc00000fd) in Exchange Server 2016
  • 4570254 MSExchangeMapiMailboxAppPool causes prolonged 100% CPU in Exchange Server 2016
  • 4563416 Can’t view Online user free/busy status in Exchange Server 2016
  • 4576651 Can’t join Teams meetings from Surface Hub devices after installing Exchange Server 2016 CU16
  • 4577352 Description of the security update for Microsoft Exchange Server 2019 and 2016: September 8, 2020

Please follow steps to install it.

  1. Download and Install Microsoft .NET Framework 4.8, if it was not installed.


  2. Login to Exchange 2016 Server, the user account needs to be a member of the Schema Admins and Enterprise Admins security groups.
  3. Mount Exchange Server 2016 Cumulative Update 18 ISO image.
  4. Open an elevated command prompt.
  5. Run following command to extend the schema.

    Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms.


  6. Run following command to Prepare Active Directory.

    Setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms


  7. Run following command to Prepare Active Directory domains.

    Setup.exe /PrepareAllDomains /IacceptExchangeServerLicenseTerms


  8. Run follow command to install or Upgrade Exchange Server 2016 Mailbox Role.

    For new Install:

    Setup.exe /mode:Install /r:MB /IAcceptExchangeServerLicenseTerms

    For the existing Exchange 2016 Server and would like to Upgrade to Cumulative Update 18.

    Setup.exe /mode:Upgrade /IAcceptExchangeServerLicenseTerms


  9. Run follow cmdlet to verify Build number.


  10. Repeat step 10 for install or upgrade others Exchange 2016 servers.

  1. You can check the Exchange Build number details from under url link.

    Exchange Server build numbers and release dates


  2. Reboot Exchange 2016 servers.

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com

How to Activate Windows Server 2019 Evaluation Edition with VLSC MAK key or Retail key #WINDOWSSERVER #MVPHOUR

When you try to activate Windows server 2019 from evaluation version, do you always get an error message “the product key you entered didn’t work. Check the product key and try again, or enter a different one. (0x80070490)”?

Today, I am going to show you how to install license key to activate Windows Server 2019 from Evaluation version. Let’s follow steps to activate your windows server 2019 (it also can be use for activating Windows Server 2016).

Note: you cannot use slmgr /ipk command with VLSC MAK key or Retail to activate evaluation edition server directly.

1.Login to Windows Server 2019.

2.Open Settings and then select System.

3.Select About and check Edition.

4.If it shows Windows Server 2019 Standard or others non-evaluation edition, you can activate it without reboot.

5.Don’t use GUI to activate it, you will get error message most of time.

6.Run command prompt or PowerShell as administrator.

7.Type following command.
slmgr /ipk your_product_key

8.It will pop up Windows Script Host window and shows “install product key xxxxx-xxxxx-xxxxxx-xxxxx successfully. Click OK to close the window.

9.Type following command to activate license key.
slmgr /ato

10.It will pop up Windows Script Host window and shows “Activating Windows ®, ServerStandard edition (xxxxx-xxxxx-xxxxxx-xxxxx).. Product activated successfully”. Click OK to close the window.

11.That’s it, you have already activated your server without reboot.

12.But when you check your server edition and it shows Windows Server 2019 Standard Evaluation, you need more steps to activate it and need to reboot server.

13.You cannot use slmgr command to install product key(Retail or VLSC MAK key) to evaluation edition server, you will get error message “Error:0xC004F069 On a computer running Microsoft Windows non-core edition….”

14.To upgrade evaluation edition server to standard (or Datacenter) edition, you cannot use VLSC MAK key, you will got error message “Error 1168 the specified product key could not be validated……”

15.You need a KMS client Activation keys and use DISM command to upgrade Edition from evaluation edition to standard (or Datacenter) edition.

Key Management Services (KMS) client activation and product keys for Windows Server and Windows | Microsoft Docs

16.Type following command to upgrade evaluation edition to standard (or Datacenter) edition.

Standard Edition:


DISM /Online /Set-Edition:ServerStandard /ProductKey:xxxxx-xxxxx-xxxxx-xxxxx-xxxxx /AcceptEula

Datacenter Edition:


DISM /Online /Set-Edition:ServerDatacenter /ProductKey:xxxxx-xxxxx-xxxxx-xxxxx-xxxxx /AcceptEula

17.Click Y and restart the server. if you own VLSC MAK license not retail, you need to following steps to install your VLSC MAK key and activate for your server.

18.Login the server after reboot.

19.Run command prompt or PowerShell as administrator,

20.Type following command.

slmgr /ipk XXXXX-XXXXX-XXXXX-XXXXX-XXXXX (your VLSC MAK key)

21.It will pop up Windows Script Host window and shows “install product key xxxxx-xxxxx-xxxxxx-xxxxx successfully. Click OK to close the window.

22.Type following command to activate license key

slmgr /ato

23.It will pop up Windows Script Host window and shows “Activating Windows ®, ServerStandard edition (xxxxx-xxxxx-xxxxxx-xxxxx).. Product activated successfully”. Click OK to close the window.

24.That’s it, you have already change product key from Retail key to VLSC MAK key and activated your server without reboot.

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com

How to build Sophos XG firewall at Azure Hyper-V Nested VM for free #Azure #MVPBUZZ #MVPHOUR #FIREWALL #SOPHOS

Have you been followed my previously blog to build up Hyper-V nested virtual machine on Microsoft Azure? If you don’t, you better build it right now, because this is pre-requisites and you will get lots of benefit for your lab or even production environment, you can reference this link and build it. If you did, congratulation! You can create a nested gest virtual machine and install Firewall (e.g. Sophos XG, Fortinet…) for free, why we still need to build firewall at our Azure Hyper-V nested environment? Because it supports lots functions that we cannot get the functions for free from Azure, e.g. server load balance, firewall, SNAT, application filter, IPS…and so on, we also can use it for LAB or simulate issues or POC. I am going to show how to build Sophos XG here.

  1. At the first, you need to apply a Sophos XG Firewall Home Edition via follow link. You may wait for couple hours or days, and they will send the XG firewall serial number to you.

    https://www.sophos.com/en-us/products/free-tools/sophos-xg-firewall-home-edition.aspx

  2. Login to Azure and RDP to your virtual machine.

  3. Open Hyper-V Manager tool, select New at Action pane and then click Virtual Machine.

  4. On the Before You Begin page, click Next.

  5. On the Specify Name and Location page, enter name for this virtual machine and then click Next.

  6. On the Specify Generation page, select Generation 1 and then click Next.

  7. On the Assign Memory page, enter 4096MB for startup memory and then click Next.

  8. On the Configure Networking, select NAT Network Switch and then click Next.

  9. On the Connect Virtual Hard Disk page, keep the default settings and then click Next.

  10. On the Installation Options, select Install an operating system from a bootable CD/DVD-ROM.
  11. Select you Image file (.ISO) which you download from Sophos Web site, and then click Next.

  12. On the Completing the New Virtual Machine Wizard page, review the settings and click Finish.

  13. ON the Hyper-V Manager tool, right click virtual machine name and then select settings.

  14. Select Processor and change Number of virtual processor to 4.
  15. Select Add Hardware, select Network Adapter and then click Add.

  16. Change Virtual switch from Not connected to NAT Network Switch and then click Apply.

  17. Repeat steps to add one more Network adapter and then click OK.

  18. Start this virtual machine, type y and then click enter to continue install.

  19. You need to remove install disk (.iso image file) from virtual machine settings after installation complete and press y to reboot virtual machine.

  20. Enter the default password admin.

  21. Select Accent for the End User License Agreement.

  22. On the Main Menu, select 1 Network Configuration.

  23. On the Network Configuration Menu, select 1 Interface Configuration.

  24. On the Network settings page, you will see interface Port 1 (LAN) default IP address is 172.16.16.16/24, press Enter.

  25. It may show Port 2 (WAN) IP address if you enable the DHCP at NAT settings on the Azure Virtual Machine, but we cannot use it to access firewall because we don’t enable the permissions yet, press enter.

  26. It will ask you to configure IP address for the third network interface, press enter twice, we will configure it later via GUI.

  27. On the Network Configuration Menu, select 0 exit.

  28. I am going to add 172.16.16.1/24 to vEthernet (NAT Network Switch) temporary, so we can configure firewall from this Azure virtual machine (Host).

  29. Open internet explorer and enter https://172.16.16.16:4444 and Select Continue to this website.

  30. On the Sophos XG Firewall welcome page, click Click to begin.

  31. On the Basic Configuration page, enter the new Admin Password, select I agree to the License Agreement and then click Continue.

  32. Enter firewall Name and select time zone and then click Continue.

  33. On the Register Your Firewall page, enter your serial number which you got it from Sophos and then click Continue.

  34. One the Basic Setup is Complete page, click Continue.

  35. On the Network Configuration (LAN) page, click Continue, we will modify them later.

  36. On the Network Protection page, select all of them and then click Continue.

  37. On the Notifications and Backups page, enter email address for Recipient and Sender and then click Continue.

  38. On the Configuration Summary page, click Finish.

  39. XG firewall will auto-reboot after apply configuration, and then you will see the login page, type username and password and then click Login.

  40. Navigate to Administration and then select Device Access.

  41. On the Local Service ACL, enable HTTPS and Ping/Ping6 at WAN Zone and then click Apply.

  42. Click OK at update device access message pop up.

  43. Navigate to Network, select Interfaces and then click Port2 (WAN).

  44. Change IP Assignment from DHCP to Static, change IP address to 192.168.100.2/24, change Gateway Name to Port2_NAT Network Switch, change Gateway IP address to 192.168.100.1 and then click Save.

  45. Click Update Interface on Update Interface warning.

  46. Repeat steps to change Port3(LAN) IP address to 10.254.254.1/24.

  47. Repeat steps to change Port3(LAN) IP address to 172.21.128.2/17.

  48. You may find that you lost the XG firewall configuration portal connection, that’s normal, you need to change url to https://192.168.100.2:4444 and you will reconnect it again.

Congratulation! You installed XG firewall at Azure nested guest VM successful!!

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Build Hyper-V nested VM with multiple public IP addresses at Azure #Azure #MVPBUZZ #MVPHOUR #FIREWALL

As we know, you can easy to create VMs, Firewalls, Load Balancers on Microsoft Azure, you also can make routing path change but all of them will cost you lots of money, it depends on how many virtual devices or virtual machines that you created.

Today, I am going to show you how to build Hyper-V nested VM with multiple public IP address, you just need to pay Microsoft for one Hyper-V host with storage space and public IP addresses, you can install firewall, created lots of VMs, load balancer, control routing path, port forwarding and so on, we can use them for LAB test, POC, or even production.

Let’s follow step by step to show you how to do that.

Create Hyper-V Host VM at Azure

  1. Logon to your Microsoft Azure Account and select Create a resource.

  2. On the New page, select Windows Server 2016 VM

  3. On the Create a virtual machine page, click Basics and select your Azure Subscription to pay for this virtual machine.

  4. Select Create new under the Resource group and enter resource group name, I will recommend it as your virtual machine name, because it will easy to maintain your resources, and then click OK.

  5. Virtual Machine Name: Enter Virtual Machine Name as your resource group name.

    Region: Select Region for the virtual machine. For my case, I am using West US 2.

    Availability options: keep default setting

    Image: select Windows Server 2016 Datacenter

    Size: click change size and select the Dv3 and Ev3 VM sizes. Because we need to enable nested virtualization.

    Username: Enter login user name

    Password: Enter login password

    Confirm password: Reenter login password

    Public inbound ports: Select Allow selected ports.

    Select in bound ports: Select RDP (3389)

    Already have a Windows license: Select Yes if you have license already.

    Confirmation: select I confirm I have an eligible Windows license with Software Assurance or Windows Server subscription to apply this Azure Hybrid Benefit.

  6. On the Create a Virtual Machine page, click Disks.

    OS disk type: Select Premium SSD

    DATA DISKS: Select Create and attach a new disk (this storage space is for your nested VMs)

  7. On the Create a new disk page, settings as follow and then click OK.

    Disk type: Select Premium SSD

    Name: keep the default name

    Size(GiB): 4095

    Source type: None

  8. On the Create a virtual machine page, click Networking.

    Virtual network: Select vnet if you have existing vnet, if don’t, you can keep the default settings.

    Subnet: Select subnet name if you have existing subnet, if don’t, you can keep the default settings.

    Public IP: click Create new

  9. On the Create Public IP address page, settings as follow and then click OK.

    Name: Enter Public IP address name.

    SKU: Basic

    Assignment: Static

  10. To complete Networking settings as follow:

    Network security group: Basic

    Public inbound ports: Allow selected ports

    Select inbound ports: RDP

    Accelerated networking: On

  11. On the Create a virtual machine page, click Management and keep the settings as default.

  12. On the Create a virtual machine page, click Guest config and keep the settings as default.

  13. On the Create a virtual machine page, click Tags and keep the settings as default.

  14. On the Create a virtual machine page, click Review + create and make sure Validation passed and then click Create.

Crete Multiple IP address

  1. On the Microsoft Azure portal page, select Virtual machines.

  2. On the Virtual machines page, click GDMCALABHV1.

  3. On the GDMCALABHV1page, select Networking.

  4. On the GDMCALABHV1-Networking page, select Network Interface: gdmcalabhv1238.

  5. On the Network Interface page, select IP configurations.

  6. On the IP configurations page, select ipconfig1.

  7. Change assignment setting from Dynamic to Static, and then click Save.

  8. Go back to IP configurations page, click Add.

  9. On the Add IP configuration page, settings as follow and then click OK.

    Name: ipconfig2

    Private IP address Allocation: Static

    IP address: 10.10.1.9

    Public IP address: Enable

    IP address: click configure required settings

    Choose public IP address: Create new

    Name: Enter name for Public IP

    SKU: Basic

    Assignment: Static and then click OK

  10. On the Add IP configuration page, click OK.

  11. Repeat Add IP configurations steps If you need more public IP addresses.

Enable Hyper-V for Azure virtual machine

  1. Start Azure virtual machine and login.
  2. Open disk Management to partition and format for your new 4TB storage space.

  3. On the Server Manager Dashboard, click Add roles and feature.

  4. On the Before you begin page, click Next.

  5. On the Select installation type, select Role-based or feature-based installation and then click Next.

  6. On the Select destination server page, click Next.

  7. On the Select server roles page, select Hyper-V, click Add Features and then click Next.

  8. On the Select features page, click Next.

  9. On the Hyper-V page, click Next.

  10. On the Create Virtual Switches page, don’t select any interface and click Next.

  11. One the Virtual Migration page, click Next.

  12. On the Default Stores page, you can change the default location to your new 4TB storage space and then click Next.

  13. On the Confirm installation selections page, select Restart the destination server automatically if required and then click install.

  14. Login to Azure Virtual machine after it restarted.
  15. On the installation progress page, click Close.

NAT networking with one Public IP address

We need to create Internal Virtual Switch for nested guest VMs, in general, there are two options for networking with nested virtual machines, MAC Address Spoofing and NAT networking, unfortunately, MAC Address Spoofing is not possible in a public cloud environment, so If you use Azure virtual machine network interface to be Hyper-V external virtual switch and assign to nested guest vms, the guest VMs won’t possible access to the Internet , we have no choice, we just can use NAT networking for them. If you just have one public IP address and then we can create internal virtual switch and create NAT rules via Powershell cmdlet as follow:

NNew-VMSwitch -Name "NATNetwork" -SwitchType Internal
Get-NetAdapter
New-NetIPAddress -IPAddress 192.168.100.1 -PrefixLength 24 -InterfaceIndex 14
New-NetNat -Name "NATNetwork" -InternalIPInterfaceAddressPrefix 192.168.100.0/24

You also can configure port forwarding by Powershell cmdlet as follow:

Add-NetNatStaticMapping -ExternalIPAddress "0.0.0.0/24" -ExternalPort 443 -Protocol TCP -InternalIPAddress 192.168.100.99 -InternalPort 443 -NatName NatNetwork
Add-NetNatStaticMapping -ExternalIPAddress "0.0.0.0/24" -ExternalPort 80 -Protocol TCP -InternalIPAddress 192.168.100.99 -InternalPort 80 -NatName NatNetwork

NAT networking with multiple public IP addresses

For the real POC or production environment, we may need more than one public IP address, it won’t easy to use Powershell cmdlet to do port forwarding or maintain them, here, I am going to show you how to use Multiple IP address for nested VMs and easy to configure port forwarding.

  1. Login to Azure Virtual Machine.
  2. Open Command prompt and run ipconfig /all and then write down the DNS IP address.
  3. Add all of IP addresses to the Azure Virtual Machine network interface, for my case are 10.10.1.8-10

  4. Re-run ipconfig /all again and you will see that all of IP addresses under the network interface.

  5. Open Hyper-V Manager tool and click Virtual Switch Manager.

  6. Select Internal and click Create Virtual Switch.

  7. Change switch name to NAT Network Switch and then click OK.

  8. Assign IP address as 192.168.100.1/24 to vEthernet (NAT Network Switch)

  9. Now, you can create vms as many as you can, they are depending on your RAM and storage space, and they won’t charge extra cost.
  10. If you would like to do port forwarding function from Public IP addresses to nested guest vms, we need to enable routing and NAT function at this Azure virtual machine.
  11. Login Azure Virtual Machine.
  12. On the Dashboard page, select Add Roles and features
  13. On the Before you begin page, click Next.
  14. On the Select installation type page, click Next.
  15. On the Select destination server page, click Next.
  16. On the Select server roles page, select Remote Access and click Next.
  17. On the Select features page, click Next.
  18. On the Remote Access page, click Next.
  19. On the Select Role services page, select Routing and click Add Features and then click Next.

  20. On the Web Server Role (IIS) page, click Next.
  21. On the Select role services page, click Next.
  22. On the Confirm installation selections page, select Restart the destination server atomically if required, click Install.

  23. On the Installation progress page, click Close.
  24. Open Routing and Remote Access tool.

  25. Right click the serve name and select Configure and Enable Routing and Remote Access.

  26. On the Welcome page, click Next.

  27. On the Configuration page, select Network address translation (NAT), click Next.

  28. On the NAT Internet Connection page, select Ethernet 2 as public Interface, click Next.

  29. On the Name and Address Translation Services page, select Enable basic name and address services, click Next.

  30. On the Address Assignment Range page, click Next.

  31. Click Finish on the Completing setup wizard page.

  32. Expand the IPv4 and select NAT.

  33. Right-click Ethernet 2 and select Properties.

  34. Select Address Pool and click Add.

  35. Enter IP addresses and mask and click OK, those IP addresses are being created with Public IP addresses at azure portal.

  36. Select Services and Ports and then click Add.

  37. Settings as follow for TCP port 443 port forwarding and then click OK.

    Description of Services: TCP443-10.10.1.10

    On this address pool entry: 10.10.1.10

    Protocol: TCP

    Incoming port: 443

    Private IP address: 192.168.100.99

    Outgoing port: 443

  38. On the Ethernet 2 properties page, click OK.
  39. Don’t forget to set allow TCP port 443 permissions at windows servers’ firewall and Azure NSG.

Now, you have fully control for your environment, and you also can get more public IP addresses if you need them.

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Hyper-V Setting Up the Virtual Machine and Using Other Mechanics Pt.2 #VirtualMachines #Microsoft

Welcome back GDM fans and let’s continue about the blog about Hyper-V, remember that I am using Windows 2016 Server so I am setting it up a little differently than a normal windows setup. 1. So first, of course you have to right click your virtual machine and press connect



2. Now you click on the Start button in your Virtual Machine


3.When you are done pressing Start you have to quickly press enter when you see this screen on your virtual machine (when you launch an iso file and it doesn’t show this screen then that is okay, just continue)


Another important thing is that when you setup your virtual machine, when you are done just right click on it and press settings, go to “Integration Services” and Guest Services will be off, click on it and it should turn on. Guest Services let’s the VM do more things so it is recommended, it might show this screen a bit later if you are using servers”


1.You should also right click on your virtual machine>settings>Integration Services and as you see my Guest Services is on but for you it might not be so what you need to do is to enable guest services and press on Apply and okay


  1. When you open the virtual machine you should see this screen and just change it to your desired settings and then press next


  1. Now press install now


  1. Now you press I don’t have a product key but you can choose if you want to


  1. Choose the operating system that you want to install for your Virtual Machine


  1. Read the license terms and press I accept the license terms


  1. Now choose the windows installation that you want to use

 

  1. Select a disk and press next, if you don’t know how to add a disk then here is how to
  2. First, you have to press on New>Hard Disk


  1. Now you press Next


  1. Press on the Disk Format you want and then Next


  1. Now you choose your Disk Type then press next


  1. Now you choose the location of your Hard Disk and also the name and then you press next

 

  1. Choose how much storage is in your disk (has to be lower then what you have available in the location you put your disk in) press on next and it will show you the summary of the hard disk and then you press on finish and there you go! You got your disk, let’s continue on


Now it will say Installing and after it is done it will restart your virtual machine


  1. Now when you open it, you should see this and you can setup a password

 

  1. Type in your password and you should get into your desktop

 

  1. If you had already set up your internet it will ask you for Network access and of course you press on Yes, if you do not know how to set up a network then here is how

 

  1. First go to the Virtual Switch Manager which is at the side in the Hyper-V Manager
  2. Go to the New virtual network switch place and use External


  1. Name it what you want, I named mine the Wireless Switch and use the second scroll down menu for your network, if that doesn’t work then use the first one


To be continued…

Twitter: @FrostedFright


VEEAM TROUBLESHOOTING TIPS – ERROR CODE 32768 FAILED TO CREATE VM RECOVERY SNAPSHOT #VEEAM #MVPHOUR #WINDOWSSERVER

We built a new Windows Server 2016 S2D Cluster last week and moved all VMs from Windows 2012 R2 Cluster to new Windows 2016 S2D Cluster and Standalone Windows 2016 Hyper-V Server, everything looks awesome, they got better performance.

But when we tried to use Veeam backup and replication 9.5 with Update 3 to Back and replica VMs, all VMs are happy except two Windows Server 2012 R2 Active Directory Servers, they showed error message “Failed to create VM recovery checkpoint (mode: Veeam application-aware processing) Details: Job failed (”). Error code: ‘32768’. Failed to create VM recovery snapshot, VM ID ‘d2936ee7-3444-419e-82d9-01d45e5370f8’.Retrying snapshot creation attempt (Failed to create production checkpoint.)Task has been rescheduled”.

Oh Boy! You have got to be kidding me! I cannot backup my domain controllers!! This appears to be a known issue with Microsoft 2016 clusters affecting DC backups. At this point there is still no update from Microsoft to resolve the issue. I got a solution for this error after did dome research, you can disable Application Aware processing, and use Hyper-V guest Quiescence. It’s very similar to AAIP and will still produce transactional consistent backups. If you don’t know how to do it and please follow the steps.

  1. Open Veeam Backup & Replication Console.
  2. Edit the Backup (or Replication) Job
  3. Select Storage and click Advanced.

4. Select Hyper-V and click Enable Hyper-V quest quiescence and click OK.

5. Select Guest Processing, unselect Enable application-aware processing and then click Finish.

6. Right click Backup (replication) job and select Retry.

All VMs backup and replication are happy now.

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun