Saturday, February 17, 2024

Hyper-V Cluster Node Keeps Randomly Going Down

Over the last few weeks I had an issue with a Hyper-V Cluster node randomly going down causing issues with my Hyper-V cluster.

Looking at the event logs it looks like it is an issue with the network driver.  It was giving a number of errors including mac address duplication and non-operational status in the logs as shown below.






A few different things were done to try resolve the issue, such as a driver re-install, driver update, and a SFC scan.  However the problem persisted for a randomly continuing over a day or two coming on and offline normally for a few hours then dropping and reconnecting.  What I had to do to resolve the issue was in the cluster manager put the node offline then uninstall the network driver; do an offline disk check then reinstall the network driver.  Once that was done and the cluster node came back up and has been stable ever since.



Thursday, February 15, 2024

How to setup a Rustdesk server

To see a video of the Rustdesk installation visit https://www.youtube.com/watch?v=t7UobpjDsRY and if you like the content please like and subscribe.



What is rustdesk? Rustdesk is an open source remote access and remote control computer software, allowing maintenance of computers and other devices.  For years I have used the free version of teamviewer to help family/friends with various computer issues but in the last few years teamviewer has cut the number of sessions you can have along with how long you can have those sessions for.  I have used the enterprise version of teamviwer and it is full of great features which I would say if you can afford to get teamviewer you should it will make your life a lot easier.  If you can't than rustdesk is a really good alternative.

For a while I was using the free server provided by rustdesk but a few events reciently like a host suspension and a major ddos attack against their server have encouraged me to spin up my own rust desk server.

I have done this a few times now; and there are things in the server setup process where if you deal with them before hand it will make your setup go really well and quite quickly.  So the when deploying a rustdesk server this is how I now do the setup and deployment.

Questions that must be answered!

  1. Where is the server going to live, what is the IP address and what is the server's name?

    This seems self-explanatory but is really important; especially if you don't want to be messing with host files and other things in Linux.  Decide where the machine will live on what network and what the name will be.

    So for example, the machine is going to live on a SMB network where the ip address is 192.168.2.0/24, with a reserved IP of 192.168.2.137 and a name of rustdesk.smb.ca (smb is the company's registered domain)

  2. What is the hypervisor?

    For this setup I will be using Microsoft Hyper-V as our hypervisor platform of choice.

  3. VM OS?

    For this setup I will be using Ubuntu Server 22.04 LTS

Steps for installation.

First setup your VM and set the network adapter to a static address.


Get the static address and assign that to your router.  If you are wanting to give it a reserved address then go ahead and do the install but be sure to setup the DNS to what you want it to be; as it is difficult to change it later.



Once done start the install of the system.  For the install you will want to do a minimum system install and you will want to also allow for ssh access along with the install of the live patch system and powershell


Be sure to make the server name what you want it to be on your network.  It is difficult to change the name after the fact.


Once installed run your updates and I like to install the linux firewall ufw and vim.

Now we can setup the server and install rustdesk.  There is a good guide on https://github.com/techahold/rustdeskinstall  which is more/less the guide we are going to use to install the server.

Steps:

  1. Configure the firewall

    ufw allow proto tcp from YOURIP to any port 22
    ufw allow 21115:21119/tcp
    ufw allow 8000/tcp
    ufw allow 21116/udp
    sudo ufw enable

  2. download and run wget https://raw.githubusercontent.com/dinger1986/rustdeskinstall/master/install.sh
    chmod +x install.sh
    ./install.sh

    You will want to setup the server with DNS for the first option and also include the http server for the second option when you run though the installer.  For the DNS you should keep with the fomat "Servername.domain" so if my machine is called rustdesk it will be rustdesk.domain

    ****IMPORTANT****

    The installer will give you a summary which will include your login for the webserver and the public key for the rustdesk client so users can connect to your rustdesk server.  Be sure to either write down this important information or take a screenshot.

  3. After the install has finished you should reboot the vm and run the update script for rust desk
After the reboot the site should be accessible on your lan via DNS and/or IP at port 8000 so if my DNS was setup as rustdesk.smb.ca; the webhost will be access at http://192.168.2.137:8000 or http://rustdesk.domain:8000



Now update your firewall to allow access to the rustdesk ports and so you can use your rustdesk from anywhere on the internet.

I have a WAN rule with the following (the rustdesk is an ip alias)


and I have a floating rule with the same information


Now we can add our server settings to the rustdesk client.


To do that you need to open rustdesk go to -> Setting -> Network and unlock the settings if required.


After you input your server settings if everything has been setup properly your rust desk will show as ready


Now you will only be able to connect to other users who are connected to another server or the public one provided by rustdesk; you will not be able to assist them.



References:

https://rustdesk.com/docs/en/self-host/rustdesk-server-oss/install/#set-up-your-own-server-instance-manually

https://rustdesk.com/docs/en/self-host/

https://github.com/rustdesk/rustdesk-server-demo

https://github.com/rustdesk/rustdesk-server

https://www.reddit.com/r/rustdesk/comments/17yevvf/rustdesk_self_hosted_setup_guide/

https://rustdesk.com/docs/en/dev/build/web/

https://github.com/techahold/rustdeskinstall



Friday, January 12, 2024

Setting up and Customizing a Windows 11 Start Menu without Microsoft Intune

This post will give you everything you need to customize the windows 11 start menu.  Now typically this is done with intune and Microsoft decided to significantly change the way it handles the start menu and changed it from using an xml file to using a JSON file which is to be used with intune.  Now if you don't use intune; you have a problem.  However this post will go though the options and making a start menu for your Windows 11 clients.  A plus for this is that you don't have to make changes or worry about how it will affect your windows 10 clients.

If your looking at wanting to make a custom Windows 10 start menu you can find that info here https://optionkey.blogspot.com/2018/02/upgrading-active-directory-for-windows.html

In Windows 11 to change to position of the start menu you can do with with a registry entry.

Add a registry Entry called "TaskbarAl" the key goes here 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

Value name = "TaskbarAl" the l is a L

It is a DWORD 32bit setting, where 0 is aligned to the left and 1 is centered.





Now for customizing the start menu you setup it up like you would for Windows 10.  Customize it up as a single user then run the powershell command.  Now this has been designed to work specifically with intune and making it work without intune takes some work but here is how you do it.

Export-StartLayout -Path "C:\Layouts\Win11Layout.JSON"

 The result is the following JSON:

{"pinnedList":[{"desktopAppLink":"%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start Menu\\Programs\\Google Chrome.lnk"},{"desktopAppLink":"%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Edge.lnk"},{"desktopAppLink":"%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start Menu\\Programs\\Firefox.lnk"},{"desktopAppLink":"%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start Menu\\Programs\\Horizon 7.5.6.lnk"},{"desktopAppLink":"%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start Menu\\Programs\\Adobe Acrobat.lnk"},{"desktopAppLink":"%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start Menu\\Programs\\Word.lnk"},{"desktopAppLink":"%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start Menu\\Programs\\Excel.lnk"},{"desktopAppLink":"%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start Menu\\Programs\\PowerPoint.lnk"},{"desktopAppLink":"%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start Menu\\Programs\\Publisher.lnk"},{"desktopAppLink":"%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start Menu\\Programs\\OneNote 2016.lnk"},{"packagedAppId":"Microsoft.WindowsCalculator_8wekyb3d8bbwe!App"},{"desktopAppLink":"%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\File Explorer.lnk"},{"desktopAppLink":"%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start Menu\\Programs\\VideoLAN\\VLC media player.lnk"},{"desktopAppLink":"%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start Menu\\Programs\\paint.net.lnk"},{"desktopAppLink":"%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start Menu\\Programs\\Notepad++.lnk"}]}

Open windows explorer and paste the following URL in the explorer

%LocalAppdata%\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalState

It will take you to a folder and copy the start2.bin to a location where you can apply it with your ad controller; I put it in the NETLOGON folder on my AD Controller, if you need it to be local put it in a folder that is local.



Now we are going to have AD add a registry entry on our clients and there are two of them, we are going to add them to the User Configuration section of group policy.


The first one we are going to make is called "ConfigureStartPins_ProviderSet"


HKEY_LOCALMACHINE\SOFTWARE\Microsoft\PolicyManager\current\device\Start

It is a DWORD 32 bit value and the value should be set to 1.

Now we need to make a new Registry entry called "ConfigureStartPins"

Here is where we will be adding the JSON we got from the start menu.


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device\Start

In the value data we paste the JSON we exported out earlier.

{"pinnedList":[{"desktopAppLink":"%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start Menu\\Programs\\Google Chrome.lnk"},{"desktopAppLink":"%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Edge.lnk"},{"desktopAppLink":"%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start Menu\\Programs\\Firefox.lnk"},{"desktopAppLink":"%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start Menu\\Programs\\Horizon 7.5.6.lnk"},{"desktopAppLink":"%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start Menu\\Programs\\Adobe Acrobat.lnk"},{"desktopAppLink":"%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start Menu\\Programs\\Word.lnk"},{"desktopAppLink":"%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start Menu\\Programs\\Excel.lnk"},{"desktopAppLink":"%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start Menu\\Programs\\PowerPoint.lnk"},{"desktopAppLink":"%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start Menu\\Programs\\Publisher.lnk"},{"desktopAppLink":"%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start Menu\\Programs\\OneNote 2016.lnk"},{"packagedAppId":"Microsoft.WindowsCalculator_8wekyb3d8bbwe!App"},{"desktopAppLink":"%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\File Explorer.lnk"},{"desktopAppLink":"%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start Menu\\Programs\\VideoLAN\\VLC media player.lnk"},{"desktopAppLink":"%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start Menu\\Programs\\paint.net.lnk"},{"desktopAppLink":"%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start Menu\\Programs\\Notepad++.lnk"}]}

Next we need to make a file to copy the start2.bat to the user profile when you login; I called the file startmenu.cmd and I am running it from the same location from the start2.bat which is in the NETLOGON folder, and we are going to put in the following code which we will run at logon.

copy "\\$DOMAIN\netlogon\start2.bin" "%LocalAppdata%\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalState" /Y

This will replace the default start2.bat file with the configured one.

In group policy I am putting the following in the Scripts section of User Configuration


\\$domain\SysVol\$domain\folder\startmenu.cmd

Now on login your windows 11 clients will have a custom start menu.
References:

Sunday, January 07, 2024

TrueNAS Server Setup

I setup a new TrueNAS system to work with my lab server for storage.  The system is running on an older platform an Intel Haswell 1150.  The system has 32 GB of ram and as you can see below the system only has 6 sata ports.  I put in a Matrox 10Gig card for connecting my server 2022 system to the iscsi target so that left me with one PCI Express port to add a raid card or a card for additional sata ports. 



Now I am a big VANTEC fan, I have purchased a lot of enclosures and adapters from them over my IT career and they have worked really well and I came across this nice little card.

https://www.vantecusa.com/products_detail.php?p_id=286  it was at my local computer retailer memory express https://www.memoryexpress.com/Products/MX00120961 where it is retailing for $59.99.




This card requires at least a Gen3 4x PCI-E port, I know my board supported Gen3 PCI-E so I thought I would give it a try.

Initially I had issues getting TrueNAS to boot with the system encountering re-scan errors when trying to initialize the card.

(noperiph:ahcich3:0:-1:ffffffff): rescan already queued

After some troubleshooting; I determined that it had to do with the system cold booting because after a couple of reboots the system would boot and recognized all the drives.  I also noted that the card did not initialize until just before they system was about to boot.  The system registered all my drives, I have 3 SSD drives on the motherboard SATA ports and the rest of my 3+ TB drives running off the card.

So for the disk setup I have a 120GB SSD boot drive, 40Gig SSD Z-Log Drive, and 120GB SSD Cache Drive.  The rest of the drives are NAS drives mostly WD REDS and two 3TB seagate iron wolfs.  


I setup a SMB share to test how the system might perform


Though a 1Gig network the samba share registered the following through put


When I setup the iSCSI target on my lab server I will update this but for now I am pretty happy about this and anyone looking for an inexpensive controller for TrueNAS, I would  defiantly recommend this controller if your on a budget.  The throughput on the NAS is pretty much max out on my 1Gig network, and the NAS did not sweat a bit!











Monday, October 23, 2023

How Windows 11 Pro and Workstation Pro handles VLANs and Virtual Switches

How to setup vlans on Windows 11 and Server 2022
Windows 10 pre 1809 and Windows Server pre 2022 typically would be setup with a Teamed network adapter using LBFO (Load Balancing and Failover).  Windows 10 after 1809 and Windows 11 now require powershell to create your virtual switch and your vlan networks.  In windows Pre-1809 you would put the VLANs inside the network driver and it would show up in the VLAN tab of the driver as shown below. 


After Windows 1809 and 2012R2, 2016 and 2019 you had to use server manager to manage NIC teaming and the vlans as shown below.


Now in Server 2022, Windows 11 and later versions of windows 10 this has changed.  Setting up VLANS on server 2022 does work the same for the host but they are not usable in Hyper-V and doesn't really work quite right in windows either.  

If you try to add your Hyper-V virtual network switch to a multiplexor driver you will get an unknown error


You will need to enable the following windows features if you are not using the full hyper-v services to use vlans on windows.

  1. Data Center Bridging
  2. Hyper-V GUI Management Tools
  3. Hyper-V Module for Windows Powershell
  4. Hyper-V Services
  5. Window's Hyper-Visor platform





Powershell is now used to manage networking in windows.  You need to allow the host and virtual machines in Hyper-V we now have to use SET (Switch Embedded Teaming)

New-VMSwitch -Name "SET" -NetAdapterName "Ethernet" -AllowManagementOS $true

If you are using a virtual team be sure to enable the LBFO Teams shown below. 

New-VMSwitch -Name "SET" -NetAdapterName "Ethernet" -AllowNetLBFOTEAMS $true -AllowManagementOS $true

To add the vlan to hyper-v we need to add the VM network adapter

Add-VMNetworkAdapter -ManagementOS -Name "VlanX" -SwitchName "SET"

Now we set the vlan, otherwise it will take it's network information from the Untagged VLAN

Set-VMNetworkAdapterVlan -VMNetworkAdapterName "vlanX" -vlanid X -Access -ManagementOS

From here you can flush your ip address and reset the network adapter to get the ip address of the vlan.  Disabling and enabling the adapter also works well for that.

Here are some other powershell commands you will want to make note  of for removing virtual network adapters and switches.

Remove-VMSwitch "$VMSwitchName"

Remove-VMNetworkAdapter -ManagementOS -Name "VLANX" -SwitchName "$VirtualSwitch"

You can view my how to video for setting up switch embedded teams on windows 11 pro and server 2022 https://youtu.be/aL-dcWS6EhM

Sources

https://techcommunity.microsoft.com/t5/networking-blog/teaming-in-azure-stack-hci/ba-p/1070642

https://techcommunity.microsoft.com/t5/windows-server-for-it-pro/bypass-lbfo-teaming-deprecation-on-hyper-v-and-windows-server/m-p/3672310

https://learn.microsoft.com/en-us/windows-server/virtualization/hyper-v/get-started/create-a-virtual-switch-for-hyper-v-virtual-machines?tabs=powershell

https://learn.microsoft.com/en-us/windows-server/virtualization/hyper-v/get-started/create-a-virtual-switch-for-hyper-v-virtual-machines?tabs=powershell

https://www.aligrant.com/web/blog/2022-12-16_creating_multiple_vlans_on_windows_11

https://www.veeam.com/blog/hyperv-set-management-using-powershell.html

https://social.technet.microsoft.com/Forums/windows/en-US/e49df568-4f4c-47b7-b30c-952d1e26ca58/can39t-remove-failed-virtual-switch-from-hyperv39s-virtual-switch-manager?forum=winserverhyperv

Thursday, October 05, 2023

Upgrading a Veeam Backup Server Running Windows 2012R2

How to do an in place upgrade of server 2012R2 to 2016 and then upgrading Veeam from Version 11 to version 12.

Step 1 - Downloaded the software below.

  • Server 2016 Standard Edition, With Key on Hyper-V host
  • Veeam Backup and Replication V12, - on VM
  • Veeam Data Platform Essentials,  -on VM
  • Veeam Licience - on VM
I did the upgrade in the following order
  1. Upgrade to server 2016
  2. Upgrade Veeam backup and Replication
    1. Upgrade Enterprise Manager
    2. Upgrade Veeam

 Step 2 - Disable all backup and replication jobs


Step 3 - Backup the System

Since this is a VM I shutdown the system and did a full export, incase I have to roll back.


Step 4 - Upgrade to server 2016.  Since this VM is on a cluster I will need to remove it from the cluster roll first.



Once removed I can add the server 2016 disk to the VM



Now I can startup the machine and start the upgrade process


Mount and run the DVD and start the upgrade process.


I selected server 2016 Desktop experience


Select keep personal files and apps otherwise it will remove Veeam.




Once the system is ready, you will have to confirm the upgrade as it recommended to do a clean install of the system.  However for this system we need to do a in place upgrade.






When the install is successful, you will see it is upgraded to server 2016.  You may need to activate your system again so have your windows key ready.


Activate Windows - Change the product Key and Activate




After the upgrade Veeam should be horribly broken.   We can however proceed with the upgrade.



Mount the Veeam ISO and begin the upgrade.  We need to upgrade Enterprise manager first and we may need up run the installer a couple times rebooting after installs.  Click through until you start the install process.





Once the system has installed and rebooted we will update.  Re-Run the Veeam 12 installer and update anything else that needs to be updated as shown below.  

After the upgrade the SQL Server agent may have been set to disabled because of the server 2016 upgrade.  You will have to change it back to automatic or manual depending on how you want to run your system.  Then run the Enterprise Manager and finish the setup.




Proceed to upgrade the Enterprise Manager


After the upgrade we are now able to access the Enterprise Manager


Now we will upgrade the Backup & Replication part of Veeam









Once the installer finishes launch the backup & replication console; re-enable your backup jobs and update the clients on any systems you are running backups.



After launching the software 
you may encounter a permission error when trying to access the Veeam storage server and replication server.  This is due to some hardening Microsoft did to mitigate an exploit.
Access Denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

After looking into the error I found that this was caused by a security update in Windows 

https://www.veeam.com/kb4185

https://forums.veeam.com/veeam-agent-for-windows-f33/dcom-hardening-on-windows-server-june-cu-t81317.html

It turned out to be a DCOM error and to fix the issue you need to add a registry key on the Hyper-V Hosts using Veeam.  In regedit go to the following path:

Path : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat

add the following key as a dword 32bit (without the quotes): 

"RequireIntegrityActivationAuthenticationLevel" and set the value to 0

Once that is done the update to Server 2016 and Veeam 12 is complete.



The backups will start working like it has always been running server 2016 and Veeam 12.

Hyper-V Cluster Node Keeps Randomly Going Down

Over the last few weeks I had an issue with a Hyper-V Cluster node randomly going down causing issues with my Hyper-V cluster. Looking at th...