Your basic ITPro blog... What's going on at work, what I'm interested in.

Thursday, December 17, 2009

Odd TCP/IP Behavior in Hyper-V Virtual Machines

I have two Hyper-V hosts running a total of around 20 VMs. I recently came across some odd behavior that ended up in a call to Microsoft Support, as I couldn’t figure it out on my own and we didn’t want to spend any more time on it ourselves. Basically, I was seeing the following:

cap1

As you can see, ping times were all over the place. We found a solution in a combination of KB articles and blog posts.

 

RESOURCES:

KB938448

KB895980

http://fawzi.wordpress.com/2009/10/28/hyper-v-domain-controller-negative-ping-results/

http://joystickjunkie.blogspot.com/2009/04/erratic-or-negative-ping-times-on-hyper.html

http://blogs.msdn.com/tvoellm/archive/2009/02/18/why-does-my-avg-disk-write-sec-counter-keep-climbing.aspx

 

I have three VMs that are multi-proc and all three of them were doing this. All three VMs are running a flavor of Windows Server 2003. I don’t know if this happens with other OSs on multi-proc VMs… I am guessing not. With the /usepmtimer switch added in the boot.ini file, all three are now working as expected. I hope that the Hyper-V team is working on a solution to this so that boot.ini file manipulation is not required in the future.

Thursday, December 10, 2009

List of Accounts in Local Administrators Group

Not all of this code is original. Thank you to the many many people in the Powershell community who freely share their code, expertise, and talent with the rest of us. In that spirit, here’s my script for reporting accounts in the local Administrators group on domain workstations. I hope it helps others.

NOTE: This script requires the Quest AD Cmdlets

------------------------------------------------------------------------------

$ErrorActionPreference = "SilentlyContinue"

$a = New-Object -comobject Excel.Application
$a.visible = $True

$b = $a.Workbooks.Add()

$c = $b.Worksheets.Item(3)
$c.Name = "Un-Pingable Machines"
$c.Cells.Item(1,1) = "Machine Name"
$c.Cells.Item(1,2) = "Logon Account"
$c.Cells.Item(1,3) = "Report Time Stamp"
$d = $c.UsedRange
$d.Interior.ColorIndex = 19
$d.Font.ColorIndex = 11
$d.Font.Bold = $True

$c = $b.Worksheets.Item(2)
$c.Name = "Good Machines"
$c.Cells.Item(1,1) = "Machine Name"
$c.Cells.Item(1,2) = "Logon Account"
$c.Cells.Item(1,3) = "Report Time Stamp"
$d = $c.UsedRange
$d.Interior.ColorIndex = 19
$d.Font.ColorIndex = 11
$d.Font.Bold = $True

$c = $b.Worksheets.Item(1)
$c.Name = "Violators"
$c.Cells.Item(1,1) = "Machine Name"
$c.Cells.Item(1,2) = "Logon Account"
$c.Cells.Item(1,3) = "Report Time Stamp"
$d = $c.UsedRange
$d.Interior.ColorIndex = 19
$d.Font.ColorIndex = 11
$d.Font.Bold = $True

$worksheetOneRow = 1
$worksheetTwoRow = 1
$worksheetThreeRow = 1

$filter = "Administrator",
    "Domain Admins",
    "Enterprise Admins",
    "crmadmin",
    "EXService",
    "RTCDomainServerAdmins",
    "SymBEServices",
    "Backup",
    "BackupExec"

$computers = Get-QADComputer | Where-Object {$_.OSName -notmatch "server"} | %{$_.Name}

$group = "Administrators"

foreach ($computer in $computers)
{
    $ping = new-object System.Net.NetworkInformation.Ping
    
    $Reply = $ping.send($computer)
    
    if($Reply.status -eq "success")
    {
        $users = $false
        $needHeader = $true
        
        $g = [ADSI]("WinNT://$computer/$group,group")
        $userList = $g.psbase.invoke("Members")
        foreach ($user in $userList)
        {
            $entry = $user.GetType().InvokeMember("AdsPath","GetProperty",$null,$user,$null)
            $match = $false
            foreach ($i in $filter)
            {
                if ($entry -match $i)
                {
                    $match = $true
                }
            }
            if ($match -eq $false)
            {
                if ($needHeader)
                {
                    $worksheetOneRow = $worksheetOneRow + 1
                    $c = $b.Worksheets.Item(1)
                    $c.Cells.Item($worksheetOneRow,1) = $computer.ToUpper()
                    $c.Cells.Item($worksheetOneRow,3) = Get-Date
                    $needHeader = $false
                }
                $c.Cells.Item($worksheetOneRow,2) = $entry
                $worksheetOneRow = $worksheetOneRow + 1
                $users = $true
            }
        }
        
        if (-not $users)
        {
            $worksheetTwoRow = $worksheetTwoRow + 1
            $c = $b.Worksheets.Item(2)
            $c.Cells.Item($worksheetTwoRow,1) = $computer.ToUpper()
            $c.Cells.Item($worksheetTwoRow,3) = Get-Date
            $c.Cells.Item($worksheetTwoRow,2).Interior.ColorIndex = 4
            $c.Cells.Item($worksheetTwoRow,2) = "No Invalid Users"
        }
        
        $users = $false
        $g = ""
        $userList = ""
        $Reply = ""
    }
    else
    {
        $worksheetThreeRow = $worksheetThreeRow + 1
        $c = $b.Worksheets.Item(3)
        $c.Cells.Item($worksheetThreeRow,1) = $computer.ToUpper()
        $c.Cells.Item($worksheetThreeRow,3) = Get-Date        
        $c.Cells.Item($worksheetThreeRow,2).Interior.ColorIndex = 3
        $c.Cells.Item($worksheetThreeRow,2) = "Not Pingable"
    }
}

$c = $b.Worksheets.Item(1)
$d = $c.UsedRange
$d.EntireColumn.AutoFit()
$c = $b.Worksheets.Item(2)
$d = $c.UsedRange
$d.EntireColumn.AutoFit()
$c = $b.Worksheets.Item(3)
$d = $c.UsedRange
$d.EntireColumn.AutoFit()

Wednesday, December 2, 2009

Oddity with Hyper-V and Virtual Machine Manager (VMM)

Every once in a while, one of my Hyper-V hosts will show up in VMM as needing attention. Specifically, the status will show “Needs Attention”, rather than OK. Attempting to refresh the host gives me an “Error (2912)” and/or an “Error (2927)”. In the past, I would attempt to fix this by restarting the WS-Management (WinRM) service. This would almost always result in the service hanging, stuck on ‘Stopping’. From there, my only solution has been a host reboot. Not exactly what I would like. Well, today, I found a solution that did not involve me shutting down ten VMs and rebooting my Hyper-V host box.

I got to the same point as in the past. But, while researching for a better solution, I ran across this blog post about killing a service hung on ‘stopping’.

After reading through it, I found the PID of my service and ran the ‘taskkill /PID xxxx /F’ command, using the PID of my WinRM service. (UPDATE: To get the PID, run ‘sc queryex WinRM’) It looked like it worked, because my RDP connection to the server instantly went dead. But, in a few seconds I got my RDP session back (not sure what happened there…)

I was then able to start WinRM and refresh my host in VMM.

Not exactly elegant, but I didn’t have to reboot my VM host… and that’s something!

Additional Info

My photo
email: support (AT) mangrumtech (DOT) com
mobile: 480-270-4332