Just another WordPress.com site
The new MS Surface Pro is a fantastic bit of kit – however it comes installed with Windows 8 Pro, a lot of enterprises will want to get Windows 8 Enterprise onto it so they can take advantage of DirectAccess etc.
First things first get the Microsoft surface pro wireless drivers down from MS update catalogue or similar:
Marvell AVASTAR 350N driver –
http://catalog.update.microsoft.com/v7/site/home.aspx
. Put this on a usb stick.
Now get hold of a copy of the Windows 8 x64 enterprise ISO and a 4gb+ usb stick.
Download this fabulous utility:
http://rufus.akeo.ie/
and run it with admin rights, set it to point to the 4gb usb disk you are happy to wipe with settings similar to the below and point it to the windows 8 x64 enterprise ISO location on your machine and it will build a bootable usb from the iso.
While this boot disk is building (assuming you have another machine to do this on) hold down volume up and power on your surface whilst still holding down volume up. A couple of options will appear, one for the TPM one for secure boot, select secure boot and disable it. Save settings.
Boot into windows, hold down windows + r and type shutdown.exe /r /o /t 10 – this will reboot into advanced options after 10 seconds (if it’s tricksy add /f to force shutdown).
When it restarts select boot from USB device and you should shortly see the windows enterprise installer. Delete old main partition and install fresh using the wizard.
Once the installer finishes and you’ve logged on, insert the usb stick with the wireless driver you’ve just downloaded, extract it and install it through device manager or manually by right clicking the extracted .sys file.
You should now be able to connect to Windows update and pull down all the rest of the drivers and the surface pro firmware update, and other necessary windows updates etc.
I found i was able to add office to the completed install and still sysprep it, but if i added much more to the image before sysprepping it (Wireshark, LPS, Sophos, Skype, VLC, Chrome etc) it caused sysprep to fail and ruined the image. I’ll work through what caused this to fail and post back here.
Use the Windows ADK with Rufus to build a winpe boot disk to capture the sysprepped image with dism as per
http://justworks.ca/blog/goodbye-imagex-hello-dism
, then you can deploy at your leisure to other surface pros.
In the process of creating a DAG lab i noticed that once the servers were in a DAG cluster, I was not able to log onto OWA, the symptoms were:
A little digging found that Microsoft Exchange Forms-Based authentication fails to start, a manual start sorted this out in the short term, however for a longer term fix I changed the service behaviour to Automatic (Delayed Start), it now starts of its own accord.
I experienced these symptoms with Exchange 2010, SP2 RU4.
Having noticed an increasing number of fake AV and ransom-ware installations on our network where we now run Forefront Client Security as endpoint protection, I ran a comparison between the latest version of Microsoft’s latest A/V product, System Center EndPoint Protection 2012 SP1 and Sophos’s most recent PC client A/V to decide whether the MS offering was still up to snuff before we deployed it.
Having used malc0de’s database to retrieve live malware links posted over the last three days we used a pair of VM’s on a segregated network to test detection of malicious code. Both VM’s were snapshot-ted before infection, one was installed with a fully updated (defs: 07/01) EPP and the other with Sophos (defs: 07/01), both running W8 x64. The comparison is solely with Sophos as we currently use that product on our macs. We use the Microsoft forefront Client Protection A/V on PC’s as it is free as part of the software assurance benefits received as part of our EA, I should add that i realise this is no reason on which to base a choice of endpoint protection product and this experience has prompted an immediate review of that choice.
Admittedly this is a very limited range of tests, and not particularly thorough, but as a quick review it indicates that EPP is not sufficiently often or thoroughly updated and is severely compromised by the lack of access to a url blacklist (which in fairness it does not claim to offer). In the below list, every single piece of malware was allowed to be downloaded by EPP and was not detected when manually executed – though if you tried to run directly from IE all but one piece of malware was initially blocked due to signature verification problems. Sophos blocked access to the below known malware sites and where they were unknown it recognised the malware and prevented its execution. Time to read some reviews and get some prices for alternative endpoint protection.
Recently I’ve been working to simplify and consolidate our service provision. The path of least pain has been determined as placing core applications in colocation. While investigating the provision of storage and with memories of building 2008 R2 clusters still clear in my head I have begun trialling Server 2012. Having read a series of articles by Aidan Finn (his excellent blog here) about Virtualisation on server 2012 and I happened across his converged fabrics posts, here.
First some background, in Hyper-v R2 you need upwards of six nic’s to build a VM host cluster, you can get functionality with less but you leave yourself exposed, it would not be N+1. Also bear in mind that teaming for fault tolerance across multiport network cards is only going to give you a false sense of security on the server side (it is after all only a single card regardless of how many ports it has).
In a nutshell, what I’m excited about is that you can use native teaming (or otherwise) on Server 2012 to bond a series of nics together, then spread your live-migration, storage, guest access and other nic requirements across a series of virtual nic’s connected to the virtual switch bound to this nic team (phew). You then set QOS on the virtual switch for the different virtual adaptors so you can guarantee service for the different aspects of connectivity your Hyper-V cluster will need. Anyway, have a look at the Aidan’s posts on the matter, they make for a great lab.
In my lab I’ve used a pair of 1gbe links and it works great for testing, in production you’d be looking at 2+10gbe links ideally, giving you resilience and most of the bandwidth you’d ever need in the forseeable future, at least for the kind of services/load experienced in most SME’s.
I installed R75.45 Gaia on a UTM-1 270 appliance recently, installation from USB went fine and performance was adequate with a low load, VPN, default IPS and a short QOS rule set.
In order to support a degree of resilience we’re using ISP Redundancy at all sites with multiple internet connections, despite configuring this site identically I was not able to get the failover to work. Usually, the script cp_isp_update runs and updates the gateways default route to match that of the secondary ISP, however when i tested this on R75.45 the route was not updated when primary was disconnected.
I contacted Checkpoint support and was informed that ISP Redundancy does not work in either version of Gaia, R75.45 or R75.40 – however there is a patch available for R75.40 if you contact them and reference this sk. I applied this patch on 75.40 but still didn’t see the solution work as expected so instead deployed R75.30 as I have at other ISP redundant sites.
I should also mention that my in no way scientific, cursory observations indicated that load on the CPU was much lower (15-20pc lower) on SPLAT (with 75.30) than on either version of GAIA. Something to bear in mind for older appliances like the UTM-1 270.
When converting a machine from VMWare Workstation to another virtualisation platform you may come up against a ”Unable to obtain hardware information for the selected machine.” warning and red cross after selecting the VM you wish to convert.
This is easily resolved, simply right click the VMWare VCenter Converter icon/start menu item and select run as administrator.
Trying to migrate a 2012 VM from VMWare Workstation 9 to an ESXi host i found i saw the ‘sad face’, as below.
“Your computer ran into a problem and needs to restart”
A little research led me to this:
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=2006859&sliceId=2&docTypeID=DT_KB_1_1
but actually patching ESX was not something I’d done for some time, and before i think i used update manager.
A little digging led me here which is much clearer than the vmware instructions for patching. Many thanks Chris! Simply upload the patch to a datastore, enable ssh (or do from console), put server in maintenance mode, run the patch as Chris’ link shows, reboot, and your 2012 and Windows 8 VM’s will now boot just fine.
In the process of lab testing for the viability of a HA mail installation with HP’s E5000 series of messaging appliances I came up against some confusion about the configuration of the CAS array when using a 2 member DAG where the servers also host the CAS and HT roles. I am aware a hardware Load Balancer is required for this to work but was not clear on exactly how to configure exchange to work with such a device.
Initially in a lab I configured a DAG between two exchange 2010 VM’s, this seemed to be working as expected. Next instruction was to add both servers to a CAS array, and assign a VIP and put this in DNS.
I then configured a CAS array, assigned a VIP and configured the DNS record. The array included the two all-in-one servers, it created successfully but none of my clients were able to connect, neither was i able to ping the array address. Further reading, in particular this:
http://blogs.technet.com/b/exchange/archive/2012/03/23/demystifying-the-cas-array-object-part-1.aspx
led me to realise:
Which led me to read the “Best practices for networking and load balancing with the E5000 messaging systems” pdf on the HP site.
Essentially I’d gone about it backwards:
This issue is caused by Windows 8 using a newer update client than WSUS SP2 is aware of, consequently the client doesnt trust the server.
Despite having KB2720211-x64 installed, still see this error on Windows 8 and Windows 2012 machines in my SCCM lab.
Seems this recent KB solves the issue:
http://support.microsoft.com/kb/2734608
If I understand it correctly the issue is to related to the signing of the updates with a certificate that is not approved by Win8/2012 update client. This issue is corrected during the WSUS resync/reindex after the above update is applied.
Once the sync is complete, before you try to apply the updates to any new clients be sure to stop the local wu service client on the windows8/2012 client and delete the software distribution folder in C:\Windows. Be sure to start the Windows Update service again before you try to check for updates and then run the update installation again. Instructions below:
In my case i’d already tried to publish the SCCM client before i did the update and before i applied the SP1/CTP for SCCM and ran into problems even after the above because the SCCM client is not resigned during the WSUS update.
As i had not yet published the latest version of the SCCM client that came with SCCM SP1/CTP to WSUS, i published it AFTER applying KB2734608, to do this you go to Sites, Client Installation Settings and Software Update-Based Client Installation and it will tell you there is a new client available, agree, then apply and it will be correctly signed and will install on Server 2012 and Windows 8.
SO if you publish a version of the client through WSUS before you do the KB update and resync, it doesnt get re-signed, only if you distribute it AFTER the update. ( I think…..)
Phew.
For disclosure – No such issues on VMWare Workstation 9 and i got the ISO to eventually install on the old desktop by burning it at 4x…… I could not however get it to install on Workstation 8 without enabling the VT extensions.
_____________________________
While trying to install Server 2012 on both VMWare Workstation 8 and an oldish desktop, I found myself repeatedly running into: “Windows cannot install required files. The file may be corrupt or missing. Make sure all files required for installation are available, and restart the installation. Error code: 0×80070570″.
Various online resources blamed ISO’s, bad memory etc. But seemed odd that i saw the same message on old desktop and VM and listed out what these two machines were missing that the server i had installed it on successfully did have…. Then i realised, VT extensions.
So i went into the VM properties (see picture below), enabled virtualisatin of VT extensions and lo and behold a successful install in VMWare Workstation.
Recent Comments