My blog moved to

August 31, 2017

please use below new link for my blog. all new posts will be placed there and I will shutdown this blog soon

“WannaCrypt”–Patch first and then verify depreciation of SMBv1

May 15, 2017

Due to ongoing “WannaCrypt” attacks highly recommended to review if you rely on SMBv1, this feature is installed by default but mostly not in use anymore. WannaCrypt threat uses publicly available exploit code for the patched SMB vulnerability, CVE-2017-0145, which can be triggered by sending a specially crafted packet to a targeted SMBv1 server. The exploit code used is designed to work only against unpatched Windows 7 and Windows Server 2008 (or earlier OS) systems, so Windows 10 PCs are not affected by this exploit attack. The said vulnerability was fixed in security bulletin MS17-010, which was released on March 14, 2017



“WannaCrypt” Attacks – If you have automatic updates enabled or have installed the update, your systems are protected against this attack. We encourage to install the update as soon as possible

Please check out below guidelines:

MS17-010 for Windows 2012 R2 – KB4012216 direct download here

MS17-010 for Windows 2016 – KB4013429 direct download here

You can verify what SMB version your servers are using with “Get-SmbConnection | fl Servername,Dialect”

if you want to uninstall SMBv1 you can do this by running below command but you should verify first

Get-WindowsFeature | where {$_.Name -match "FS-SMB1"} | Remove-WindowsFeature

if you want to remove that on a bunch of servers a.e. in a cluster you do something like this

Here is some more guidance on how to enable/disable a specific SMB version –>,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012

Stay secured!



System Center–Version

March 31, 2017

Below you can find a quick summary to identify the version by the build number, added also latest download links

Operations Manager

SCOM 2012 UR1 7.0.8560.1021
SCOM 2012 UR2 7.0.8560.1027
SCOM 2012 UR3 7.0.8560.1036
SCOM 2012 UR7 7.4.4337.0
SCOM 2012 SP1 UR1 7.0.9538.1005
SCOM 2012 SP1 UR2 7.0.9538.1047
SCOM 2012 SP1 UR3 7.0.9538.1069
SCOM 2012 SP1 UR4 7.0.9538.1084
SCOM 2012 SP1 UR5 7.0.9538.1106
SCOM 2012 SP1 UR6 7.0.9538.1109
SCOM 2012 SP1 UR7 7.0.9538.1117
SCOM 2012 SP1 UR8 7.0.9538.1123
SCOM 2012 SP1 UR9 7.0.9538.1126
SCOM 2012 R2 UR1 7.1.102626.1009
SCOM 2012 R2 UR2 7.1.10226.1015
SCOM 2012 R2 UR3 7.1.10226.1037
SCOM 2012 R2 UR4 7.1.10226.1046
SCOM 2012 R2 UR5 7.1.10226.1052

Virtual Machine Manager

SCVMM 2012 UR1 3.0.6019.0
SCVMM 2012 UR2 3.0.6040.0
SCVMM 2012 UR4 3.0.6055.0
SCVMM 2012 UR5 3.0.6057.0
SCVMM 2012 UR6 3.0.6060.0
SCVMM 2012 UR7 3.0.6062.0
SCVMM 2012 SP1 3.1.6011.0
SCVMM 2012 SP1 UR1 3.1.6018.0
SCVMM 2012 SP1 UR2 3.1.6020.0
SCVMM 2012 SP1 UR3 3.1.6027.0
SCVMM 2012 SP1 UR4 3.1.6032.0
SCVMM 2012 SP1 UR5 3.1.6038.0
SCVMM 2012 SP1 UR6 3.1.6046.0
SCVMM 2012 SP1 UR7 3.1.6084.0
SCVMM 2012 SP1 UR9 3.1.6099.0
SCVMM 2012 SP1 U10


SCVMM 2012 SP1 U11


SCVMM 2012 R2 3.2.7510.0 
SCVMM 2012 R2 UR1 3.2.7620.0
SCVMM 2012 R2 UR2 3.2.7634.0
SCVMM 2012 R2 UR3 3.2.7672.0
SCVMM 2012 R2 UR4 3.2.7768.0
SCVMM 2012 R2 UR5 3.2.7895.0
SCVMM 2012 R2 UR6 3.2.8002.0
SCVMM 2012 R2 UR7 3.2.8071.0
SCVMM 2012 R2 UR8 3.2.8117.0
SCVMM 2012 R2 UR9 3.2.8145.0
SCVMM 2012 R2 UR10 3.2.8169.0
SCVMM 2012 R2 UR11 3.2.8224.0
SCVMM 2012 R2 UR12 3.2.8292.0
SCVMM 2016 RTM 4.0.1660.0
SCVMM 2016 RTM UR1 4.0.1968.0
SCVMM 2016 RTM UR1 (Hotfix1) 4.0.1968.10


SCVMM 2016 RTM UR2.1


Checkout also below links for KB articles related to System Center family:
List of Public Microsoft Support Knowledge Base (KB) Articles for System Center 2012 Virtual Machine Manager (VMM 2012)
List of Public Microsoft Support Knowledge Base Articles for System Center 2012 Virtual Machine Manager Service Pack 1
List of Public Microsoft Support Knowledge Base Articles for System Center 2012 R2 Virtual Machine Manager

SCOM-Agent Failover

March 29, 2017

Operations Manager is the monitoring component from the System Center suite. Honestly one of the best and broadest monitoring solutions I saw so far. There is a ton of product knowledge inside the management packs. I’m using SCOM now for a while and based on my experience the most important rule when it comes to monitoring be sure you read the management pack guides Smile Next is to tune and tweak the management packs to your specifics.

Agents do have by nature ability to failover if you have SCOM large deployment where more than 1 management / gateway server exists. in case you have regional requirements you can configure the failover based on your needs

How to configure Gateway Failover?

#Set all Gateway Servers to use PRI_MS and Primary and FAILOVER_MS as Failover
$primaryMS = Get-SCOMManagementServer | where {$_.Name –match "SCOMMS1"}
$failoverMS = Get-SCOMManagementServer | where {$_.Name –match "SCOMMS1"}
$gatewayMS = Get-SCOMManagementServer | where {$_.IsGateway -eq $true}
Set-SCOMParentManagementServer -GatewayServer: $gatewayMS -PrimaryServer: $primaryMS
Set-SCOMParentManagementServer -GatewayServer: $gatewayMS -FailoverServer: $failoverMS

How to configure Agent Failover?

#Agents reporting to "SCOMGATEWAY1.DOMAIN.COM" – Failover to "SCOMGATEWAY2.DOMAIN.COM"
$primaryMS = Get-SCOMManagementServer | where {$_.Name –eq "SCOMGATEWAY1.DOMAIN.COM"}
$failoverMS = Get-SCOMManagementServer | where {$_.Name –eq "SCOMGATEWAY2.DOMAIN.COM"}
$agent = Get-SCOMAgent | where {$_.PrimaryManagementServerName -eq "SCOMGATEWAY1.DOMAIN.COM"}
Set-SCOMParentManagementServer -Agent: $agent -PrimaryServer: $primaryMS
Set-SCOMParentManagementServer -Agent: $agent -FailoverServer: $failoverMS

How to verify?

#Verify Failover for Agents reporting to "SCOMGATEWAY1.DOMAIN.COM"
$Agents = Get-SCOMAgent | where {$_.PrimaryManagementServerName -eq "SCOMGATEWAY1.DOMAIN.COM"}
$Agents | sort | foreach {
Write-Host "";
"Agent :: " + $_.Name;
"–Primary MS :: " + ($_.GetPrimaryManagementServer()).ComputerName;
$failoverServers = $_.getFailoverManagementServers();
foreach ($managementServer in $failoverServers) {
"–Failover MS :: " + ($managementServer.ComputerName);
Write-Host "";

[Quick] F5 BIGIP-How to configure RDGateway load balancer?

March 28, 2017

Windows is usually good enough for simple network load balancing methods, networking people know what challenges are when you load balance a specific workload. WNLB is good but limited in the ability to analyze data streams and then decided based on conditions. F5 or few other hardware load balancers a.e. Kemp are doing a amazing job here and they come into play where WNLB stops

here is an quick example how you can configure RD Gateway load balancing services on F5. There is an iApp template which you can import and makes it way more easy as many of the required settings are already there. You can get the template from –> BIGIP –> iApp. Download the zip and import only the RDS template


If you are going to terminate SSL connection on your F5 you have to import certificate incl private key onto the BIG-IP system. While the BIG-IP system does include a self-signed SSL certificate that can be used internally or for testing, we strongly recommend importing a certificate and key issued from a trusted Certificate Authority for processing client-side SSL. For information on SSL certificates on the BIG-IP system, see the online help or the Managing SSL Certificates for Local Traffic chapter in the Configuration Guide for BIG-IP Local Traffic Manager available at

as next, we can start creating the Application services in F5 with the iApp template we imported earlier. Application Services –> Create –> select template “f5.microsoft_rds_remote_access.V1.0.2”


to enable new RDP 8.0 features we have to choose “Windows 2012 R2” which will basically enable UDP traffic –>

Next is key and do depends on your specifics of your implementation, details what each question does can be found in deployment guide



SSL – I’m going to let the RDG servers handle SSL encryption which will basically just passthrough the traffic based on algorithm “least connection”. There are plenty of different load balancing algorithms available for my needs “least connection is just fine”.  there are also ways how you can stick connections to a users but that’s another story



Voila Smile sure that’s not all but should give just a high level overview and provide some useful context, hope this helps. Please see down below for getting more details on this

Deployment Guide – RDGateway

K16340: Microsoft Remote Desktop Gateway servers iApp template

Deploying Remote Desktop Gateway Step-by-Step Guide

Deploying F5 with Microsoft Remote Desktop Services

Powershell-How to query memory state via Get-WMIObject

March 27, 2017

here is a simple example how WMI queries can be call’d from powershell. this one is just an example and you can extend this by any system property like processors, available memory or even include disk space informations. all is about your needs and of course your creativity

$x = read-host -prompt "Please enter the machine name " 
$colItems = get-wmiobject -class "Win32_ComputerSystem" -namespace "root\CIMV2" -computername $x

foreach ($objItem in $colItems){
$displayGB = [math]::round($objItem.TotalPhysicalMemory/1024/1024/1024, 0)
write-host "Total Physical Memory:" $displayGB "GB"
write-host "Total CPU (Sockets) found:" $totalsockets
write-host "Model: " $objItem.Model

$colItems2 = get-wmiobject -class "Win32_Processor" -namespace "root\CIMV2" -computername $x

foreach ($objItem2 in $colItems2){
write-host "System Name:" $objItem2.SystemName


an example from a previous post, here I do calculate the memory pressure on a cluster node to identify oversubscribed hosts which can lead perf issues




the WMIBrowser is really useful when you do not know exactly what properties are available and how to call them


WMI is really powerful and nearly every Windows property can be called from there – Ok I see how you are thinking about all the creative ways now…Happy scripting Winking smile

SCOM Datawarehouse-Event31551 Failed to store data in the Data Warehouse

March 15, 2017

After I updated the SQL management pack to latest release we did saw below error related to SCOM DW system

Failed to store data in the Data Warehouse. The operation will be retried. Exception ‘SqlException’: Login failed for user ‘SCOMAccount’


since the latest SQL management pack update there are now new SQL RunAs profiles and one which is called “Data Warehouse SQL Server Authentification Account”. In my case the SCOM Action account was entered here and this is no permission on SQL to login so above error is correct. adding the right account fixed the issue and DW was back healthy state and data now gets pushed out of the OperationalDB to DW



again and again but reading the SQL management pack is a must for having a healthy SQL monitoring which is usually business critical databases

Microsoft System Center Management Pack for SQL Server

…Stay tuned and happy SCOM’ing!

SCOM Reporting Services-rslogon failed

March 15, 2017

After you change password for your service accounts for SCOM you can hit below issue if you have custom reports


There are few areas where passwords has to be updated in SCOM. beside the RunAs accounts you also have to update SQL reporting services credentials stored on your SQL server. Run the SQL reporting services configuration manager to update the credentials for RS (see below article to get more detailed steps)


If you still hit report error like below, highly like you have stored separate credentials credentials to accessing data sources. so I verified the new RunAsProfiles for SQL and make sure password is correct. Still I couldn’t get my reports. In this environment we also have lots of own custom reports which have do store own credentials for accessing databases.

so lets verify this Smile 

Open http://SCOMRS/Reports and select the report which failed above with “rsLogonFailed” –> Data Sources –> Test Connection


Gotcha! this report is using separate credentials to access databases. if possible, you should avoid this and use the shared datasource option for your reports


as a key in SCOM, review the management guide for SQL to get better understanding around security. sometimes the permissions to monitor SQL instances have to be granular and restricted to the minimum to monitor health of an SQL server (a.e. highly secure networks like DMZ). I do highly recommend to checkout the SQL server management pack guide especially since the latest release there are new RunAs profiles which allow better and granular control

Microsoft System Center Management Pack for SQL Server

Below are some useful resources related to this topic

How to Change the Windows Service Account Password for the SQL Server Reporting Service

How to Change the Credentials for the Action Account

How to Change Credentials for the System Center Management Configuration service and System Center Data Access service

How to Change the Reporting Server Execution Account Password

Windows Server 2016 Scalability

August 26, 2016

For those of you who haven’t been able to keep up with all of the new scenarios and features Windows 2016 is introducing, no worries! here are just a few of the top scenarios and features I have been asked about in Windows Server 2016


Scale Out File Server with Storage Spaces Direct (RDMA) for Hyper-converged infrastructure

this will be a tradition broker! Windows Server 2016 Datacenter introduces Storage Spaces Direct, which enables building highly available (HA) storage systems with local storage. This is a significant step forward in Microsoft Windows Server software-defined storage (SDS), as it simplifies the deployment and management of SDS systems and also unlocks the use of new classes of disk devices, such as SATA and NVMe disk devices, that were previously not possible with clustered Storage Spaces with shared disks. Windows Server 2016 provides a hyper-converged solution by allowing the same set of servers to provide SDS through Storage Spaces Direct (S2D), and also by serving as the hosts for virtual machines using Hyper-V.

For more information on this area, please reference Storage Spaces Direct in Windows Server 2016 Technical Preview.

Shielded virtual machines

Virtualization security is a major investment area in Windows Server 2016 Hyper-V. In addition to protecting hosts or other virtual machines from a virtual machine running malicious software, we also need to protect virtual machines from a compromised host. Since a virtual machine is just a file, we need to protect it from attacks via the storage system, the network, or while it is backed up. This is a fundamental need for every virtualization platform today, whether it’s Hyper-V, VMware, or any other. Quite simply, if a virtual machine gets out of an organization (either maliciously or accidentally) that virtual machine can be run on any other system. Protecting high value assets in your organization such as domain controllers, sensitive file servers, and HR systems is a top priority, which is why we’ve made this scenario a top priority in Windows Server 2016. Quite simply, nothing like it exists in the market.


Windows Containers provide operating system-level virtualization that allows multiple isolated applications to be run on a single system. Two different types of container runtime are included with the feature, each with a different degree of application isolation. Windows Server Containers achieve isolation through namespace and process isolation while Hyper-V Containers encapsulate each container in a lightweight virtual machine. Curious to learn more? Be sure to reference this documentation piece on Windows Containers

stay tuned and happy testing… more to come soon on that end Winking smile

F5 BIGIP–java.lang.OutOfMemoryError

August 19, 2016

BIGIP one of the best hardware load balancers I used but sometimes the default configuration can’t fit with the way how you do utilize the BIGIP. java.lang.OutOfMemoryError – To mitigate receiving this message, you can use the provision.tomcat.extramb database variable to increase the maximum amount of Java virtual memory available to the tomcat process

Note: F5 recommends an initial increase of 20 MB, but it may not resolve all instances of the error message. If the java.lang.OutOfMemoryError errors continue, repeat this procedure, gradually increasing the value of <MB> until you no longer view the error message

Impact of procedure: Allocating additional memory to Apache Tomcat may impact the performance and stability of the BIG-IP system. You should perform this procedure only when directed by F5 Support after considering the impact to Linux host memory resources.