Coretek and Citrix: Delivering Confidence in the Cloud

2017-12-14T19:08:19+00:00 December 14th, 2017|Azure, blog, Citrix, Cloud, Home Page, Micrsoft Cloud Solution Provider, Mobility, News, Virtualization|

FARMINGTON HILLS, MI – December 14, 2017 – UPDATE on Citrix Innovation Award 2018.  You’ll have your chance to vote for Coretek and the Americas, January 2-9.  Details to follow soon.  Be a part of the excitement!

Click here for the latest info and pictures for the 2018 Citrix Innovation Award…get ready to vote for Coretek early January!

 

Office 365 Integration with SCCM…..

2017-11-20T02:02:27+00:00 November 20th, 2017|Azure, blog, Configuration Manager, Micrsoft Cloud Solution Provider, Office 365, System Center|

Deploying Office or Office 365 has traditionally been a challenge in most corporate environments.  The file types have changed, components have been added/removed, content size isn’t the most manageable, and the amount of business processes that rely on the productivity suite of products requires close management of the deployment to ensure that work can continue once the newer version is deployed.

Microsoft System Center Configuration Manager (SCCM) — as of version 1602 — integrates with Office 365 to offer the ability to deploy the Office 365 productivity suite natively with SCCM.  The feature is called Office 365 Client Management and is found in the Software Library of the SCCM Console.  Here’s a snapshot of what it looks like:

On the left, you have your Office 365 Folder with Office 365 Updates included.  When in the folder view, you can see a summary of the number of O365 clients and their versions.  If you notice the scroll-bar indicates there’s more to see…

The different sections can be summarized as such:

  1. Number of O365 Clients in total
  2. The breakdown and summarization of the different versions in the environment
  3. A button which will initiate a wizard to create an O365 client deployment package
  4. A chart indicating the number of systems running different languages of O365
  5. A button to create an Automatic Deployment Rule
  6. Another option to create client settings (These are standard SCCM Client settings, nothing special pertaining to O365)
  7. The number of systems configured to the different update Channels for Office 365 client management
  8. If ADRs were created, they would show in this section

I’ve had some great experiences working with the Office 365 Client management integration with SCCM.  The ability to create a single package to support multiple different languages has taken my packaging time and reduced it to minutes.

In addition to providing a built-in package creation utility, SCCM also manages and services O365 packages moving forward.  The updates are all provided through SCCM’s native Software Update technology but are provided to you in a separate node in the console so that you can view only the updates pertaining to the 365 clients in your environment.  This makes it very easy to identify required and installed updates for your managed systems.

As for what’s needed to manage updates for O365 within SCCM:

Requirements for using Configuration Manager to manage Office 365 client updates

To enable Configuration Manager to manage Office 365 client updates, you need the following (summarized from link above):

  • System Center Configuration Manager, update 1602 or later
  • An Office 365 client – Office 365 ProPlus, Visio Pro for Office 365, Project Online Desktop Client, or Office 365 Business
  • Supported channel version for Office 365 client. For more details, see Version and build numbers of update channel releases for Office 365 clients
  • Windows Server Update Services (WSUS) 4.0  — You can’t use WSUS by itself to deploy these updates. You need to use WSUS in conjunction with Configuration Manager
  • On the computers that have the Office 365 client installed, the Office COM object is enabled

All in all, I have to say that I’m very impressed with the integration of Office 365 Client Management into SCCM.  SCCM has been a very powerful tool and to add the ability to manage the productivity suite natively in SCCM will ensure that admins in large environments can spend more time managing than packaging.

Good Job Microsoft!

Initial Domain Integration Discovery…

2017-11-16T03:12:56+00:00 November 16th, 2017|blog, Domain Integration, PowerShell, Scripting|

If you are intending to be involved in an Active Directory Domain integration with Quest Migration Manager for AD, there are some simple AD attribute discovery checks you should do long before you get serious about such things as user counts and remediation and so forth.  And especially if you’re going to perform an Enterprise multi-Domain integration (many-to-one), its even more critical that you map out your attributes that you will be using for merging & matching the user objects across each domain relationship.

Attribute Analysis

Here at Coretek, we do a lot of Organizational and Enterprise Active Directory integrations, and many of them involve Quest Migration Manager for AD (MMAD).  Just today I was working with a customer to gather some of this early info, so I thought I’d post a note on some of these simple tests so you, too, can run them and see if your AD is in good shape to take on such a project.

The Quest Migration Manager for AD requires that you use a pair of Unicode String attributes for each domain relationship.  The default attributes used in a simple non-Exchange migration are “adminDescription” and “adminDisplayName”.  However, the more common scenarios I see involve Exchange and also multiple domains, requiring the use of other attributes such as “extensionAttribute14” & 15 and others.

The most common scenario I get involved with is where the users have already been created in the destination domain (due to an HR automation or other project), and the user objects from the source domain(s) will be merged, rather than created fresh.  In these cases I typically try to get the customer to check for these following critical things at a pre-project state — or as early as can be done — for the set of user objects that are to be part of the migration/integration:

  • Existing sidHistory — In most cases, existing sidHistory attributes on a user object are just a part of an old migration and may not matter.  However, if something like a previous Exchange migration was left un-complete, the sidHistory might be a critical part of the mailbox access for those users… and removing it without planning would be bad!  Tread carefully!
  • Existing extensionAttribute14, 15, etc. — These are the attributes that are commonly used in Enterprise AD migrations, and you’ll often find them still left-over from previous projects.  Those old project-based values don’t matter on their own; however I’ve also seen these attributes quite commonly used for other semi-hidden administrative items.  Why?  Because in Exchange environments, there’s a nifty GUI capability for editing these attributes, putting them at the fingertips of people that would otherwise leave them alone.  Again, make sure they are free and won’t be overwritten by anyone!

PowerShell Queries

So let’s check for these attributes, and below are some simple ways to see if anything is populated for those critical attributes.

To return a simple list of all user distinguishedNames with “sidHistory” populated with something (command is all-one-line):

(Get-ADUser -Filter {sidHistory -like "*"} -SearchBase "ou=MyOweYou,dc=doemane,dc=lowcull").distinguishedName

…then of course, you can swap out extensionAttribute14 for others… and replace the “.distinguishedName” with others, and we could format the output differently, dump to a CSV, etc.  Here is a similar search, but now we’re formatting the output to a table for easier quick reading (command is all-one-line):

Get-ADUser -Filter {extensionAttribute14 -like "*"} -SearchBase "ou=MyOweYou,dc=doemane,dc=lowcull" -Properties sidHistory,extensionAttribute14 |ft -Property name,sidhistory,extensionattribute14

…or, to pull it all together into one command and search for all three of the attributes I mentioned, do this (command is all-one-line):

Get-ADUser -Filter {(extensionAttribute14 -like "*") -or (extensionAttribute15 -like "*") -or (sidHistory -like "*")} -SearchBase "dc=doemane,dc=lowcull" -Properties sidHistory,extensionAttribute14,extensionAttribute15 |ft -Property name,sidhistory,extensionattribute14,extensionattribute15

Of course, you’ll want to change out the specifics in the commands above to match your domain info and attribute discovery needs, but you get the idea.

I hope that helps get you closer to your domain integration…  And I hope you let us help you out!

 

Azure – Which Public and Private IPs are In Use and By Which VM…?

2017-08-03T03:01:59+00:00 August 10th, 2017|Azure, blog, Cloud, PowerShell|

In my recent thread of simple-but-handy Azure PowerShell tools, I realized one important thing was missing: A tool that grabbed all the public & private IP addresses in use by VMs (plus some additional info).

I searched around, and found an old post by fellow Coreteker Will Anderson, where he’d solved the problem.  Unfortunately, PowerShell had changed since then, and his suggestion didn’t work anymore.  Fortunately however, Will Anderson is now on the other end of Skype from me, so after a quick explanation he gave me some advice on how to fix it within the new PowerShell behavior.  And of course, it would just be wrong not to post if back to the community…

So here is my script, with help from Will and another blogger Rhoderick Milne, where I found some additional input.  When executed, this script writes some quick handy info to screen, as in this lab example:

…which might be enough for you if you just want a quick review, but then it also dumps my preferred info for each VM to a csv, as follows: “Subscription”, “Mode”, “Name”, “PublicIPAddress”, “PrivateIPAddress”, “ResourceGroupName”, “Location”, “VMSize”, “Status”, “OsDisk”, “DataDisksCount”, “AvailabilitySet”

Just paste the below  into a script file, change the subscription name in the variable to your choice, and execute.  If you don’t know which subscription name to use, you can always run “Get-AzureRmSubscription” after you run “Login-AzureRmAccount” and find it in the list.  So grab the code, hack at it, and let me know where you take it!

# Thanks for help from Will Anderson, Rhoderick Milne for the assistance.
#
# Get Date; Used only for output file name.
$Date = Get-Date
$NOW = $Date.ToString("yyyyMMddhhmm")
#
# Variables
$MySubscriptionName = "Windows Azure  MSDN - Visual Studio Premium"
$VmsOutFilePath = "C:\temp"
$VmsOutFile = "$VmsOutFilePath\VmList-$NOW.csv"
#
$NeedToLogin = Read-Host "Do you need to log in to Azure? (Y/N)"
if ($NeedToLogin -eq "Y")
{
  Login-AzureRmAccount
  Select-AzureRmSubscription -SubscriptionName $MySubscriptionName
}
elseif ($NeedToLogin -eq "N")
{
  Write-Host "You must already be logged in then.  Fine. Continuing..."
}
else
{
  Write-Host ""
  Write-Host "You made an invalid choice.  Exiting..."
  exit
}
#
$vms = Get-AzureRmVm 
$vmobjs = @()
foreach ($vm in $vms)
{
  #Write-Host ""
  $vmname = $vm.name
  Write-Host -NoNewline "For VM $vmname... "
  Start-Sleep 1
  $vmInfo = [pscustomobject]@{
      'Subscription'= $MySubscriptionName
      'Mode'='ARM'
      'Name'= $vm.Name
      'PublicIPAddress' = $null
      'PrivateIPAddress' = $null
      'ResourceGroupName' = $vm.ResourceGroupName
      'Location' = $vm.Location
      'VMSize' = $vm.HardwareProfile.VMSize
      'Status' = $null
      'OsDisk' = $vm.StorageProfile.OsDisk.Vhd.Uri
      'DataDisksCount' = $vm.StorageProfile.DataDisks.Count
      'AvailabilitySet' = $vm.AvailabilitySetReference.Id }
  $vmStatus = $vm | Get-AzureRmVM -Status
  $vmInfo.Status = $vmStatus.Statuses[1].DisplayStatus
  $vmInfoStatus = $vmStatus.Statuses[1].DisplayStatus
  Write-Host -NoNewline "Get status `("
  if ($vmInfoStatus -eq "VM deallocated")
  {
    Write-Host -ForegroundColor Magenta -NoNewline "$vmInfoStatus"
  }
  elseif ($vmInfoStatus -eq "VM stopped")
  {
    Write-Host -ForegroundColor Yellow -NoNewline "$vmInfoStatus"
  }
  elseif ($vmInfoStatus -eq "VM generalized")
  {
    Write-Host -ForegroundColor Gray -NoNewline "$vmInfoStatus"
  }
  else
  {
    Write-Host -ForegroundColor White -NoNewline "$vmInfoStatus"
  }
  Write-Host -NoNewline "`)... "
  $VMagain = (Get-AzureRmVm -ResourceGroupName $vm.ResourceGroupName -Name $vmname)
  $NifName = ($VMagain.NetworkProfile[0].NetworkInterfaces.Id).Split('/') | Select-Object -Last 1
  $MyInterface = (Get-AzureRmNetworkInterface -Name $NifName -ResourceGroupName $VMagain.ResourceGroupName).IpConfigurations
  $PrivIP = $MyInterface.privateipaddress
  $vmInfo.PrivateIPAddress = $PrivIP
  Write-Host -NoNewline "Getting Private IP `($PrivIP`)... "
  try
  {
    $PubIPName = (($MyInterface).PublicIPAddress.Id).split('/') | Select-Object -Last 1
    $vmPublicIpAddress = (Get-AzureRmPublicIpAddress -Name $PubIPName -ResourceGroupName $Vmagain.ResourceGroupName).IpAddress 
    Write-Host -NoNewline "Getting public IP `("
    Write-Host -ForegroundColor Cyan -NoNewline "$vmPublicIpAddress"
    Write-Host -NoNewline "`)... "
    $vmInfo.PublicIPAddress = $vmPublicIpAddress
  }
  catch
  {
    Write-Host -NoNewline "No public IP... "
  }
  Write-Host -NoNewline "Add server object to output array... "
  $vmobjs += $vmInfo
  Write-Host "Done."
}  
Write-Host "Writing to output file: $VmsOutFile"
$vmobjs | Export-Csv -NoTypeInformation -Path $VmsOutFile
Write-Host "...Complete!"



I hope that helps!

New Series – Using PowerShell, Azure Automation, and OMS

2017-08-11T19:15:26+00:00 August 3rd, 2017|Azure, blog|

I’ve just recently begun releasing my new blog series on PowerShell.org – Using PowerShell, Azure Automation, and OMS.  This series is designed to help you become familiar with using Microsoft’s Operations Management Suite’s alerting capability to trigger runbooks in Azure Automation.  I highly encourage you to read through the series as it releases over the next couple of weeks.

Part I – Azure Automation Account Creation and Adding Modules – This article walks you through creating a new Azure Automation account and uploading your own custom modules to Azure for use in your on-prem and cloud-based solutions.

Part II – Configuring Azure Automation Runbooks And Understanding Webhook Data – Walks you through creating your first Azure Automation runbook and breaking down Operations Management Suite’s Webhook data.

Part III – Utilizing Webhook Data in Functions and Validate Results – Takes you through utilizing OMS Webhook data and passing it to your functions in Azure Automation to automatically remediate issues for you.

I’ll be updating the links here as the articles go live.  I hope you enjoy the series!

 

Error Code 0xC1900208 and Workaround…

2017-07-27T01:15:46+00:00 August 2nd, 2017|blog, Windows 10|

Windows 10 Compatibility checks + Intel Display Adapters + KB4022719 = 0xC1900208

If you’re in the middle of upgrade testing, you may be very well versed in the 0xC1900208 error code, which indicates a compatibility check failure for the Windows 10 in-place upgrade process.  When reviewing the compatibility results, you may find that your system reports you’ll have issues with your display adapter in Windows 10.  The block is a hard block and the upgrade will not proceed.

The failure may be due to the June Rollup KB4022719, which takes one step forward and resolves a compatibility issue with AMD display adapters, but also creates a new compatibility failure for Intel Display adapters.

Microsoft has not noted this in the comments and do not seem to be issuing any fixes yet.  The recommendation is to uninstall the display adapters as opposed to uninstalling the security updates.

I was recently at a customer site where this issue presented itself on HP 850 Model G1/G2/G3 devices and a workaround needed to be developed for their in-place upgrades to succeed.  Instead of asking users to uninstall the display adapter and driver manually prior to the upgrade, we decided to take advantage of the devcon.exe file that comes with the Windows Driver Kit.

A Link to DevCon.exe information: https://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/devcon

High-Level Steps

Three steps were required to provide this workaround:

  1. Device Installation settings must be configured to never install driver software from Windows Update (as in the figure below).  This prevents the system from connecting online and reinstalling the driver after you uninstall.
  2. The display adapter needs to be removed.
  3. The OEM driver needs to be deleted.

Additional Details

Step 1 can be automated in a task sequence step using the REG command:

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSearching /t REG_DWORD /v SearchOrderConfig /d 0x0 /f

For steps 2 and 3, a custom script was developed in PowerShell that utilizes devcon.exe to remove the associated display adapter and delete the OEM driver associated with the specific hardware.  The commands are as follows:

Devcon.exe remove <hardware ID>

Devcon.exe dp_delete <OEMDriver.INF>

To Find the Hardware ID for the models that are failing to pass the compatibility checks, we simply opened device manager and viewed the properties of the display adapter causing the issue.  On the details tab, you can review the Hardware ID property and grab the ID listed first in the list (see figure below).

Once we obtained the hardware ID, we then parsed through all drivers using the following command and scriptomagically grabbed the appropriate INF file name to delete.  The Command to parse is devcon.exe dp_enum.

So a quick sample of the commands would be as follows:
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSearching /t REG_DWORD /v SearchOrderConfig /d 0x0 /f

devcon.exe remove "*pci\ven_8086&dev_1616&subsys_2216103c&rev_09*"

devcon.exe dp_delete OEM56.inf

The reg add command replaces whatever value is in the SearchOrderConfig with the appropriate value to tell the system NOT to go to windows update for driver updates.  The second command will remove the device associated with the hardware ID you specified.  The third command will remove the driver associated with the display adapter.  Note that in the above list of commands, OEM56.inf is just an example.  You will need to enumerate all your installed devices to determine which INF file to remove.

So, in summary:

Intel Display Adapters in, at least, certain HP models, no longer pass compatibility checks with Windows 10 v1703.  You must turn off automatic updating of display adapters in Windows, remove the display adapter, remove the driver associated with the display adapter (so that it will not find the local copy), and then run your upgrade.  Doing so will allow your system to pass the compatibility check that is now failing since the June Rollup was deployed.

Hopefully this will save some of you the headaches and troubleshooting steps we ran into.

Happy Upgrading!

 

Which Azure Plan is Right for You?

2017-07-27T00:47:04+00:00 July 27th, 2017|Azure, blog, Cloud, Microsoft, Microsoft Infrastructure, Micrsoft Cloud Solution Provider, Office 365|

As you start to explore the world of Microsoft Azure Cloud Services, you will start to see there are many options.  Let’s discuss the three types of Microsoft programs for you to purchase.

#1 – Pay-As-You-Go Subscriptions

Pay-As-You-Go subscriptions are simple to use and simple to set up.  There are no minimum purchases or commitments.  You pay for your consumption by credit-card on a monthly basis and you can cancel anytime.  This use-case is primarily for infrastructure environments that are setup for a temporary purpose.  It’s important to understand that organizations using this model pay full list price for consumption and do not have direct support from Microsoft.

#2 – Microsoft Enterprise Agreement (EA)

Microsoft Enterprise Agreements are commitment based Microsoft Volume Licensing agreements with a contractual term of 3 years.  Enterprise Agreement customers can add Azure to their EA by making an upfront monetary commitment for Azure services.  That commitment is consumed throughout the year by using a combination of the wide variety of Microsoft cloud services including Azure and Office 365.  This is paid annually in advance with a true up on a quarterly basis for overages.  Any unused licenses are still charged based on the commitment.  If you are a very large enterprise, the greatest advantage of an EA is having a direct relationship with a Microsoft sales team.  Also, EAs offer discounts based on your financial commitment.  And while there are many pros to the EA approach, understanding and controlling the cost of consumption can be a challenge for customers within EAs.  Personally, I recently took over the management of our EA and can attest that this can be very complicated.

#3 – Cloud Solution Provider (CSP)

When using Microsoft Cloud Services through the Cloud Solution Provider (CSP) program, you work directly with a partner to design and implement a cloud solution that meets your unique needs.  Cloud Solution Providers, support all Microsoft Cloud Services (i.e., Azure, Office 365, Enterprise Mobility Suite and Dynamics CRM Online) through a single platform.  CSP is similar to the Pay-As-You-Go subscription in that there are no minimum purchases or commitments.  Your consumption is invoiced monthly based on actual consumption (either via invoiced PO or credit card, your choice), and you can cancel at anytime.  This will significantly simplify your Azure and Office 365 billing process!  CSP offers many advantages over Pay-As-You-Go Subscriptions and Enterprise Agreements, and in most cases can be a more cost effective solution.

As a CSP, Coretek helps customers optimize their consumption cost by working with our customers to ensure they have the right Azure server types assigned to their workloads.  We also work with customers to shut down services when they are minimally used after business hours.  As part of Coretek’s Managed Support, our team provides proactive maintenance to ensure your infrastructure is running in an optimal manor including monitoring and patching of your servers.  Coretek’s Azure Management Suite (AMS) Portal enables business users to understand where the cost of their consumption is being utilized.  The AMS portal can display real time consumption cost based on department and projects.  It also enables business users to understand what Microsoft licenses are being utilized and who they are assigned to in a simple graphical format.

Coretek Services – Improving End User Experience and IT Efficiency.

Microsoft Azure – Global. Trusted. Hybrid.  This is cloud on your terms.

Office 365 and Bing Maps – Issue and Fix

2017-07-27T00:00:55+00:00 July 21st, 2017|blog, Office 365|

Bing Maps Add-in to Office 365 changes the message body for emails received with addresses in them

Recently, I noticed that most of the emails I open and read are requesting me to save as the body has changed.  The message text is “The body of the message <subject> has been changed.  Want to save your changes to this message?”

The issue is that I’ve not changed any part of the message.  I’ve simply opened it and then closed it.  After further investigation, I’ve found that the Bing Maps add-in is modifying the body of the message by replacing any address with a link.

To avoid this behavior, and the annoying message for every email that you open with an address, simply open Outlook, Navigate to File > Manage Add-ins, login with your Office 365 account, and disable the Bing Maps Add-in.  This may take a few minutes to take effect, but a restart should not be required.

This applies to, at least, version 1706 (Build 8229.2086) of the Microsoft Office 365 release.  I’ve read this may also happen with some older versions as well but have not tested.

 

Azure – What tags are we using again…?

2017-07-27T00:00:55+00:00 July 7th, 2017|Azure, blog, PowerShell|

Have you wondered what tags are assigned to all your Azure VMs?  Do you not have ARM Policies in place to enforce your preferred tags yet?

I was in just such a situation the other day.  Just like in my previous post on quick Azure-related scripts, I was working with a customer that just wanted a quick utility to report on what VMs are properly tagged (or not) in their implementation, without having to fish around the Portal.  No ARM Policies there yet…  *yet*.

So I whipped this together.  And much like that previous script, you just paste this into a PS1 file, set the subscription name in the variable, and then run it.

# GetVmTags - Jeremy Pavlov @ Coretek Services 
# Setting the subscription here
$MySubscriptionName = "My Subscription"
# Set some empty arrays
$vmobjs = @()
$vmTagsKeys = @()
$vmTagsValues = @()
# Get the VMs...
$vms = Get-AzureRmVm 
#
$NeedToLogin = Read-Host "Do you need to log in to Azure? (Y/N)"
if ($NeedToLogin -eq "Y")
{
  Login-AzureRmAccount
  Select-AzureRmSubscription -SubscriptionName $MySubscriptionName
}
elseif ($NeedToLogin -eq "N")
{
  Write-Host "You must already be logged in then.  Fine. Continuing..."
}
else
{
  Write-Host ""
  Write-Host "You made an invalid choice.  Exiting..."
  exit
}
#
foreach ($vm in $vms)
{
    Write-Host ""
    $vmname = $vm.name
    $MyResourceGroup = $vm.ResourceGroupName
    Write-Host "Checking tags for VM $vmname... "
    Start-Sleep 1
    $vmTags = (Get-AzureRmVM -name $vmname -ResourceGroupName $MyResourceGroup).Tags
    $vmTagsCount = $vmTags.Count
    if ($vmTagsCount -gt 0)
    {
      $vmTagsKeys = $vmTags.Keys -split '
[\r\n]' $vmTagsValues = $vmTags.Values -split '[\r\n]' for ($i=0;$i -lt $vmTagsCount; $i++) { $CurrentTagKey = $vmTagsKeys[$i] $CurrentTagValue = $vmTagsValues[$i] Write-Host -ForegroundColor Green "Key : Value -- $CurrentTagKey : $CurrentTagValue" } } else { Write-Host -ForegroundColor Yellow "No tags for $vmname" } }

The results should look something like this, except hopefully a lot more serious and business-y:

Have fun with it, change it up, and let me know what you do with it…   I hope it helps.  Enjoy!

Rolling out the Red Carpet… literally!

2017-07-27T00:00:55+00:00 June 22nd, 2017|blog, Headquarters|

On June 8 Coretek Services hosted our New Headquarters Open House complete with TekTalks, networking, and plenty of food and drink. A big thank you to all who helped celebrate with us, as well as our partner sponsors who made the Open House possible! In case you missed them, watch the highlight video below or read the Open House blog post.

A highlight of the event’s fun was the Red Carpet. Below are photos taken as people stepped up to the red carpet throughout the event to have their five seconds of fame in the spotlight. Thank you to Robert Lovelace for the photography!

 

 

Thank you to our Partner Sponsors:

 

 

 

Load More Posts