Direct Access Step By Step Guide Version 1.2 released

I’m about to start work on a Windows 2008 R2 / Windows 7 Direct Access project and while gathering some resources (I played with it in the lab last fall) I noticed the Step by Step guide has been updated to version 1.2 which was published on June 18th 2010. It’s a great kick start for demoing Direct Access in a lab for management. Grab it here. http://www.microsoft.com/downloads/en/confirmation.aspx?familyId=8d47ed5f-d217-4d84-b698-f39360d82fac&displayLang=en. If you’re hooked and need more info, check out the Direct Access pages on TechNet: http://technet.microsoft.com/en-us/network/dd420463.aspx

Some people complain Direct Access is (overly) complicated. Well, it’s not a simple wizard you can run or some SOHO NAT device that you plug in, but come on people. We’re IT Pro’s. We did and do more complicated stuff than that. As a matter of fact I remember some feedback John Craddock got last year at Tech Ed Europe (2009). Some consultancy firm employees told him he should not make it look that easy. Organizations need consultancy to get it right. Really? Some will, some won’t. I have nothing against consulting, when done right and for the right reasons. I even consult myself from time to time with partners who need a helping hand. But take note that the world does run on people, and consultants are people (really!). What they can learn,  you can learn. Just put in the effort. So go have fun setting up Direct Access and giving your road warriors and IT Pro’s some bidirectional and transparent connectivity to company resources. To me Direct Access was one of the big selling points for Windows 7 / Windows 2008 R2. Better together indeed 🙂

Exchange 2010 DAG Issue: Cluster IP address resource ‘Cluster IP Address’ cannot be brought online

Today I was called upon to investigate an issue with an Exchange 2010 Database Availability Group that had serious backup issues with Symantec Backup Exec not working. As it turned out, while the DAG was still providing mail services and clients did not notice anything the underlying Windows Cluster Service had an issue with. The cluster resource could not be brought on line, instead we got an error:

“Cluster IP address resource ‘Cluster IP Address’ cannot be brought online because the cluster network ‘Cluster Network 1’ is not configured to allow client access. Please use the Failover Cluster Manager snap-in to check the configured properties of the cluster network.”

I have been dealing with Windows 2008 (R2) clusters since the beta’s and had seen some causes of this so I started to check the cluster & Exchange DAG configuration. Nothing was wrong, not a single thing. Weird. I had seen such weird behavior once before with a Hyper-V R2 cluster. There I fixed it by disabling and enabling the NIC’s on the nodes that were having the issue, thus resetting the network. I you don’t have DRAC/ILO or KVM over IP access you can temporarily allow client access via another cluster network or you’ll need physical access to the server console.

In the event viewer I found some more errors:

Log Name:      System
Source:        Microsoft-Windows-FailoverClustering
Date:          6/18/2010 2:02:41 PM
Event ID:      1069
Task Category: Resource Control Manager
Level:         Error
Keywords:     
User:          SYSTEM
Computer:      node1.company.com
Description: Cluster resource ‘IPv4 DHCP Address 1 (Cluster Group)’ in clustered service or application ‘Cluster Group’ failed.

Log Name:      System
Source:        Microsoft-Windows-FailoverClustering
Date:          6/18/2010 1:54:47 PM
Event ID:      1223
Task Category: IP Address Resource
Level:         Error
Keywords:     
User:          SYSTEM
Computer:     node1.company.com
Description: Cluster IP address resource ‘Cluster IP Address’ cannot be brought online because the cluster network ‘Cluster Network 1’ is not configured to allow client access. Please use the Failover Cluster Manager snap-in to check the configured properties of the cluster network.

Log Name:      System
Source:        Microsoft-Windows-FailoverClustering
Date:          6/18/2010 1:54:47 PM
Event ID:      1223
Task Caegory: IP Address Resource
Level:         Error
Keywords:     
User:          SYSTEM
Counter:      node1.company.com
Description: Cluster IP address resource ‘IPv4 DHCP Address 1 (Cluster Group)’ cannot be brought online because the cluster network ‘Cluster Network 3’ is not configured to allow client access. Please use the Failover Cluster Manager snap-in to check the configured properties of the cluster network.

So these cluster networks (it’s a geographically dispersed cluster with routed subnets) are indicating they do not have “Allow clients to connect through this network” set.  Well, I checked and they did! Both “Allow cluster network communications on this network” and “allow clients to connect through this network” are enabled. 

Weird, OK but as mentioned I’ve encountered something similar before. In this case I did not want to do just disable/enable those NICs. The DAG was functioning fine and providing services tot clients, so I did not want to cause any interruption or failover now the cluster was having an issue.

So before going any further I did a search and almost within a minute I found following TechNet blog post: Cluster Core Resources fail to come online on some Exchange 2010 Database Availability Group (DAG) nodes (http://blogs.technet.com/b/timmcmic/archive/2010/05/12/cluster-core-resources-fail-to-come-online-on-some-exchange-2010-database-availability-group-dag-nodes.aspx)

Well, well, the issue is known to Microsoft and they offer three fixes. Which is actually only one, but can be done using  the Failover Cluster Manager GUI, cluster.exe or PowerShell. The fix is to simply disable and enable  “Allow clients to connect through this network” on the affected cluster network. The “long term fix” will be included in Exchange 2010 SP1. The work around does work immediately and their Backup Exec started functioning again. They’ll just have to keep an eye on this issue until the permanent fix arrives with SP1.

Partially Native USB support coming to W2K8R2 with SP1!?

As you might recall from a previous blog post of mine (https://blog.workinghardinit.work/2010/03/29/perversions-of-it-license-dongles/) one of the show stoppers for virtualization can be USB dongles. Apart from my aversion of USB license dongles that should never be mentioned in the same sentence with reliability and predictability, now the push for VDI has exposed another weakness, the need for end users to have USB access. Well Microsoft seems to have heard us. Take a look @ this blog post: http://blogs.technet.com/virtualization/archive/2010/04/25/Microsoft-RemoteFX_3A00_-Closing-the-User-Experience-Gap.aspx

What remains to be seen is if this will work with license dongles. Anyway for desktop virtualization a much needed improvement is under way. I would like to thank Christophe Van Mollekot from Microsoft Belgium for bringing this to my attention. This together with VDI license improvements for SLA customers are giving desktop virtualization a much better change of being adopted. Some times stuff like this really makes the difference. You can’t explain to your end users that the great super modern virtualized environment doesn’t support the ubiquitous USB drive. Trust me on that one.

Dynamic Memory Allocation for Hyper-V in Windows Server 2008 R2 SP1

Great news, and it’s finally coming to our production environments (it was the buzz @ Tech Ed 2008 in Barcelona for Hyper-V next at that time together with Live Migration): Dynamic Memory allocation comes to hyper-V in Windows Server 2008 R2 SP1. This is a great and most welcome addition! We can adjust memory allocations on the fly with down time from a memory pool on the host, memory virtualization if you will. Grab the announcement here: http://blogs.technet.com/windowsserver/archive/2010/03/18/announcing-windows-server-2008-r2-and-windows-7-service-pack-1.aspx