#IAMMEC Session Recap: Manageability and Monitoring Talk

In the afternoon I attended the Manageability and Monitoring talk by Charlie Chung and Greg Thiel and took some rough notes.

  • EX2013 – Protocols are always served from the protocol instance that is local to the active database copy
  • Best way to monitor is at the user level
    • Availability – can I access the service?
    • Latency – how is my experience?
    • Errors – am I able to accomplish what I want?
  • Scaling applications magnifies errors
  • Main goal is to reduce the alerts
  • ‘Stuff breaks and the experience does not’
  • Managed Availability Overview
    • Probes will determine if something is broke
    • Check will validate thresholds and make certain they’re within certain parameters
    • Notify will take bugs and other odd failures
    • Monitor will take data from probes/checks/notifies and apply business logic to either recover if it’s possible (i.e. restart services, etc.) or escalate to a human
  • This runs on every single box and then reports up to SCOM (if you are so inclined to utilize SCOM)

Basically, the built in manageability tools that are automated are similar to SCOM – same building blocks and concepts apply, so if you’ve utilized SCOM, then you’re going to be used to how these tools operate.

And like the SCOM tools, you can also modify the defaults if needed.  However, this should rarely be needed in your production environment.  In a TEST environment, however, you really need to change the defaults, or you’ll start getting some odd issues creep up (since test labs are generally thin on resource availability).

Posted in Exchange, Exchange 2013 | Tagged , , , | Leave a comment

#IAMMEC Day 1 Keynote Recap

Big thanks to Microsoft for getting MEC going again.  I started dealing with Exchange just before they held the last one of these, so I’ve always been a bit sad that I had never had the chance to attend.

So, the non-technical keynote highlights:

  • Exchange 2013 is clean.  Very clean.  They purposefully cleaned it up to be easier to implement across all of the different platforms (both OS and hardware platform-wise)
  • Exchange 2013 integrates well with SharePoint, to the point where SharePoint replacing Public Folders might *actually* be a realistic goal!
  • Microsoft is running millions of mailboxes on Exchange 2013, and the stability and manageability is there and ready to go out of the box.

The technical keynote highlights:

First, a note:  Ross Smith was once again an astounding presenter, and you could tell he was trying to dial back the in-depth nature of his presentation to meet the needs of a keynote.

Now for the highlights:

  • “Multiple roles on the same server good – single roles bad.”  This is mostly to do with the fact that the system is so efficient now that there’s no point in wasting hardware (CPU/RAM/HD) for the CAS role.
  • Speaking of which, the Hub Transport role is no longer – it has been logically split between the CAS role and the MBX role.
  • Edge role remains.
  • Compared to 2000/2003, Exchange 2013 utilizes 99% less IOPS per mailbox transaction.  That is not a typo.  A staggering statistic.
  • Hybrid deployments are very easy.
  • Mailbox moves via batching them so that they are synced and you can ‘flip the switch’ to move everyone at once, instantly, even off of Exchange 2007?  Yup.  It looks like someone was reading my Christmas list.
  • Did I mention that the IOPS are so low that you can run massive mailboxes, replicate them all around with site resiliency, and it’s cheap to do so?

More to follow.

Posted in Exchange | Tagged , , , | Leave a comment

Cheating the SSL System

I recently had an occasion where I needed to host quite a few SSL sites on a single server, each in its own unique site, and each with its own app pool, all behind port 443.  We utilize load balancers to handle our web traffic as well as maintain our certificates in a single location.  It’s cost effective, easy to manage, and incredibly versatile.

Unfortunately, it introduces a bit of complexity to the environment.  Ideally, on IIS7, you would run a unique cert issued by a trusted certificate authority (CA) such as DigiCert for every site.  This however is not cost effective at a large scale.

So, the solution to this is to actually create your own self-signed wildcard certificate utilizing a tool from the IIS6 Resource Kit called ‘selfssl.exe’ – this allows IIS7 to actually prompt you for the host header name in the configuration.

It’s quick, it’s easy, and best of all, once you do it for each server, you’re golden for all other sites created on that server.  And when you’ve got over 500 sites on a server…you’ll save yourself a considerable amount of time.

The Process

  1. Download the IIS6 Resource Kit
  2. Install the SelfSSL Utility onto your web server
  3. On the web server, open a command prompt under the administrator context and change to the ‘c:\Program Files (x86)\IIS Resource\SelfSSL’ directory
  4. Optional: Retrieve a list of sites if you need to apply this to any site other than the first site:
    1. Run ‘%windir%\system32\inetsrv\appcmd.exe list sites’, which will output the sites along with their site ID’s
  5. Run the ‘SelfSSL.exe’ command with the following parameters:
    1. ‘selfssl.exe /N:CN=*.contoso.com /V:3650 /S:1 /K:2048’
    2. Replace ‘contoso.com’ and ‘S:1’ with parameters that apply to your scenario
  6. From here, go into the Bindings for the site and note that you can now enter the host name of your choosing (so long as it is a child of ‘contoso.com’ you’ll be fine).

Okay out, and you’re all set.

Posted in Certificates, IIS7, SelfSSL, SSL | Tagged , , | Leave a comment

Powershell: Exporting a CSV of Computer Data

I had an urgent request to pump out some data regarding a list of computer accounts similar to this:


CompA
CompB
CompC

I thought “No problem, a quick ‘Get-ADComputer’ piped to ‘Export-CSV’ and we’re golden.  Except for the fact that Export-CSV doesn’t handle appends.

So, there’s a different way to do it – create your own custom objects.

Code appears below.

import-module ActiveDirectory

$comps = Get-content "C:\system\CompData\comps.txt"
$outfile = "c:\system\compdata\results.txt"
$Computers = @()

foreach ($comp in $comps)
{
 $temp = Get-ADComputer $comp -Properties CanonicalName,Description,DNSHostName,LastLogonDate,DistinguishedName,Name,ObjectClass,ObjectGUID,SamAccountName,SID

 $compobject = New-Object System.Object
 $compobject | Add-Member -type NoteProperty -name CanonicalName -value $temp.CanonicalName
 $compobject | Add-Member -type NoteProperty -name Description -value $temp.Description
 $compobject | Add-Member -type NoteProperty -name DNSHostName -value $temp.DNSHostName
 $compobject | Add-Member -type NoteProperty -name LastLogonDate -value $temp.LastLogonDate
 $compobject | Add-Member -type NoteProperty -name DistinguishedName -value $temp.DistinguishedName
 $compobject | Add-Member -type NoteProperty -name Name -value $temp.Name
 $compobject | Add-Member -type NoteProperty -name ObjectClass -value $temp.ObjectClass
 $compobject | Add-Member -type NoteProperty -name ObjectGUID -value $temp.ObjectGUID
 $compobject | Add-Member -type NoteProperty -name SamAccountName -value $temp.SamAccountName
 $compobject | Add-Member -type NoteProperty -name SID -value $temp.SID

 $Computers += $compobject
}

$Computers | export-csv -Path $outfile
Posted in Powershell | Tagged , , | Leave a comment