The number of vSphere HA heartbeat datastores for host is 1, which is less than required 2 – vSphere 6.5

This is a pesky common error that has plagued vSphere administrators for a long time.  If you do not have multiple redundant datastores, you will get this error.

The number of vSphere HA heartbeat datastores for host is 1, which is less than required 2

To fix this issue for vCenter Server Appliance 6.5, follow these simple steps.

Login to vSphere Server Appliance web host client. Go to Hosts and Clusters from the main menu. Select the cluster you want to modify from the tree.

Go to Configure tab and select vSphere Availability (used to be called vSphere HA), click Edit

Go to Advanced Options, click in the Options box and paste this:

das.ignoreInsufficientHbDatastore

Paste this in the value box:    true

Click OK, wait a bit for it to modify all your hosts. Done!

File Explorer Not Responding Issue After Windows 10 Update

I have been having an issue recently with my File Explorer in Windows 10 opening painfully slow, so slow that it indicated Not Responding in the status bar. I thought this was just happening on my work computer, which has an SSD, plenty of RAM and a decent CPU too.  Then I discovered the same issue on my home PC which has 32 GB of RAM and realized that this must be an issue with a recent Windows update.

After some experimentation, I determined that the bug is with the Quick Launch function in File Explorer.  If you set File Explorer to go to This PC or turn off the Quick Launch function, the problem stops immediately.

Open File Explorer, go to File, then select Change folder and search options.

Select This PC from Open File Explorer to field. Or you can deselect the Privacy check boxes Show recently used files in Quick access and Show frequently used folders in Quick access. Either way will get you to the solution you want.

You File Explorer should open very quickly now!

VMware Common Logging Service Health Alarm VCSA

If you get this service alarm, you are having a problem with your logging service in vCenter Server Appliance 6.0. Typically the log drive fills up and it is not set to auto expand so you get a critical error and logs won’t be saved.

To correct this issue, follow these steps. To view the logging health open up vCenter Web Client and navigate to Administration > System Configuration > Services > VMware Syslog Service. Verify your service is still running.

 

Open up Putty and access vCenter with the VCSA IP Address and root account. Run this command to check status:

service-control –status vmware-syslog

Run these command to enable shell:

shell.set –enabled true
shell

Check the status of the log drive by running the command:

df -h

Notice that the log drive in 10GB in size and is almost full.

Go to vCenter Web Client and open up your vCenter Service Appliance Server properties and select Edit Setting in VM Hardware.

Select Manage other disks.

Go to Hard Disk 5 and increase the size from 10GB to 20GB close and save.

Go back to Putty and enter this command to set the drives to autogrow.

vpxd_servicecfg storage lvm autogrow

When the command runs successfully you should get this result.

VC_CFG_RESULT=0

View the VMware kb article here for more details.

Upgrade System Center Configuration Manager 2012R2 to 1511 to 1606

If you have System Center Configuration Manager 2012/2012R2 and you want to upgrade to the latest package 1606 you first have to upgrade to 1511. This should be the last upgrade you’ll need to manually perform, after you can upgrade straight from the SCCM console itself. Thank you Microsoft!

The supported in-place upgrade paths are below, more details found here.

upgrade-paths

Upgrading from SCCM 2012 to 1511 is straightforward. Before starting your installation of 1511, download this patch from Microsoft and install it.

ms-download

Download and install Windows 10 ADK even if you don’t have Windows 10 in your environment yet, because you will soon enough. Choose based on your version of Windows 10, the latest is 1607 at the time of writing.

1607

Check that are using a supported version of SQL Server and then download and install SCCM 1511. We downloaded it from Microsoft VLSC because we have a volume license account with Microsoft. If you need an evaluation copy you can find the current branch here.

ms-file

Install package, you know how this works. Just keep selecting Next, no surprises.

ms-install

I suggest restarting your server after completion just for peace of mind.

After your SCCM server has a chance to sit for a bit it will automatically download builds 1602 and 1606. Go to Administration > Cloud Services > Updates and Servicing to view.

console-upgrade

Note if it gets stuck in “Downloading” for too long, open Services.msc and restart the service named “SMS_EXECUTIVE” and downloading will resume.

sms

If you wait for a while (less than 30 minutes), then restart your server you will get a popup that lets you know the latest version is available for download.

update-avail

Install Update Pack from the console, you can skip to 1606.

pack

The steps are again really boiler plate, just keep selecting Next.

 

1 7 6 5 4 3 2

Once installation is complete, then force update your client agents. Go to Administration > Site Configuration > Sites > Hierarchy Settings

agents

client

If interested here is additional documentation from Microsoft.

Call it a day!

How to Migrate SYSVOL from Oldschool FRS to DFSR

If you have any battle-worn domain controllers that have been upgraded multiple times, your domain is probably still running the outdated replication engine, File Replication Service (FRS), which dates back to Server 2000 and 2003. I am not sure why Microsoft doesn’t publicize this as much as upgrading to the latest OS, because it is just as important.

If you have domain controllers that are 2008 or newer, you absolutely should migrate to DFSR today. As it was designed in a bygone era, domains will often have replication errors or poor performance when using FRS in today’s demanding environments. Follow these steps to migrate to DFSR.

Prerequisites 

  •  All DCs must be at least Server 2008
  •  Domain Functional Level must be at least Server 2008
  •  Active Directory services must be in good general health
  •  Active Directory replication must be fully functioning

I would also suggest performing this migration after hours to minimize potential impact to users on the network. Ensure you have valid backup of all DCs before starting.

Note: perform this operation on your Primary Domain Controller (PDC)

There are 4 main stable states during this migration and you must wait for each to finish before moving on or you could cause yourself some serious problems.

States

  •  State 0 – Start
  •  State 1 – Prepared
  •  State 2 – Redirected
  •  State 3 – Eliminated

Open an elevated Powershell session on your PDC, run this command to go from Start through Prepared State.

dfsrmig /setglobalstate 1

1-dfs2

After running the previous command, wait for about 10 minutes or so then run the following command to see where you are at. Wait until you get a message that all domain controllers have reached a consistent state.

dfsrmig /getmigrationstate

2-dfs2

Once you are in Prepared State run this command.

dfsrmig /setglobalstate 2

3-dfs2

Again, wait for about 10 minutes or so then run the following command to see the migration status. Wait until you get a message that all domain controller have reached a consistent Redirected state.

dfsrmig /getmigrationstate

Once the operation is complete, you should open all of you domain controllers and check that you can navigate to the SYSVOL and it is the Redirected State. It is usually found here: C:\Windows\SYSVOL\sysvol\yourdomain.com

You need to check this because the last phase, getting to Eliminated State, cannot be undone and could cause some undue sadness if you didn’t reach Redirected. When ready run this command.

dfsrmig /setglobalstate 3

4-dfs2

Check status again with this command.

dfsrmig /getmigrationstate

Final Eliminated State message.

5-dfs2

After your reach Eliminated State you may get this error popup, do not be alarmed. This is telling you that the old SYSVOL is gone because it has been “Eliminated.” The new folder is called SYSVOL_DFSR, located here:  C:\Windows\SYSVOL_DFSR\sysvol\yourdomain.com

7-dfs

You might also want to check that the FRS service is completed stopped and disabled on every DC. Open up services.msc and find File Replication Service, verify it has been disabled.

8-dfs2

If it hasn’t been disabled open the service object and manually disable it.

6-dfs

You should be good to go at this point.

Removing Ctrl+Alt+Del to Login on Windows 10 After Upgrade

If you recently upgraded your computer to Windows 10 from Windows 7 Professional, you may notice that you have to select Ctrl + Alt + Del keys to be allowed to login. This is a legacy feature left over from previous Windows version and can be disabled.

Right click on the start button and select Run

1-run

Type netplwiz and click ok

2-netplwiz

In the dialog window, select the Advanced tab and uncheck the checkbox

3-checkbox

This will eliminate the need to use Ctrl+Alt+Del to open your machine. To reveal the login screen, just click your mouse button instead.

Disable Birthday Notifications in Windows 10 Lock Screen and Desktop

birthday 4

After upgrading to Windows 10 you may have noticed birthday reminders on your lock screen or desktop popping up for people you may not even remember. Because of integration with LinkedIn, other email services and social media sites anybody you have every had a connection with has a birthday notification. And if you know enough people everyday is somebody’s birthday, sometimes several somebodies. Personally, I only need to remember birthdays of my immediately family members. Everything else is just noise.

To correct this open the Windows 10 Calendar app. Either select All apps from the start menu and find it in the list or type Calendar in the search box.

birthday 2

With the Calendar app open, uncheck Birthday Calendar for all accounts that you have connected to Windows 10 apps.

 

birthday 3

This should disable any unwanted birthday notification associated with Windows 10 apps. If you have any third party apps that provides notifications, you will have to configure the settings in that app.

 

How to Add Group Policy Templates (.admx) for Windows 10

admx

Microsoft has recently released the Windows 10 Group Policy templates (.admx) to assist organizations manage Windows 10 devices using GPO. This article describes how to install the new Windows 10 policy definitions in your domain.

Download the ADMX files Microsoft Administrative Templates for Windows 10. Also download the Windows 10 ADMX guide from Microsoft. Login to a Domain Controller in your network and find the path to your SYSVOL. If you have a Central Store the Sysvol has a different path than if it is local on one Domain Controller.

Open the msi installer to start, select next

admx1

Select agree and next

admx2

The default path is local, to change the path from default select browse

admx3

If you have a Central Store for ADMX files, the location should be the same or similar to the path below, just replace <your_domain> with your domain name (domain.com). Learn more about making a Central Store here.

C:\Windows\SYSVOL\sysvol\<your_domain>\Policies\PolicyDefinitions

Select the path to install the ADMX files

admx4

Select next

admx5

Installation completes

admx6

Click here to learn more about managing Group Policy AMDX files.

Issues with SonicWALL NetExtender after Windows 10 Upgrade

My team and I had been running Windows 10 Insider Preview for a while but only inside our domain. Like millions of others I upgraded my home machine to Windows 10 Pro on July 29th. Besides some issues with my Nvidia video card, it all seemed to be working nicely. Until I tried to VPN into a network with Dell SonicWALL NetExtender client.

NetExtender could connect fine and could even ping the network I was connecting to but no other protocols were available, like http, https, RDP. Not much info was found on the internet, all searches turned up “Cannot connect to Windows 10 through VPN”.

After trying multiple false starts I discovered the solution. There is a modern Microsoft App that allows the VPN connection without issues: SonicWALL Mobile Connect. There are iOS and Android versions too.

Steps:

Download and install the app for Windows 10

Open PowerShell as Administrator and execute the following commands. If needed, replace the bolded text with new values.

  • Check the port on your previous NetExtender installation, usually 4433
  • Choose a name for the network connection in Windows (VPN)
  • Enter the public IP address for your firewall, or FQDN is applicable

$xml = “<MobileConnect><Port>4433</Port></MobileConnect>”

$sourceXml=New-Object System.Xml.XmlDocument

$sourceXml.LoadXml($xml)

Add-VpnConnection -Name VPN -ServerAddress 69.1.1.1 -SplitTunneling $True -PluginApplicationID SonicWALL.MobileConnect_cw5n1h2txyewy -CustomConfiguration $sourceXml


You will create a VPN connection in WIndows. Opne Network Connections in the control panel to verify it has been created.

To use the VPN connection, select the Network icon in the lower right corner of your screen and select the VPN you just created.

In the dialog window select Connect. Enter your credentials if prompted. If needed you can precede the username with a domain name (ie domain\username) in the Username field.

sonicwall connect4

I hope this was helpful!

How to Increase the Frequency of DirSync Synchronization

After installing the latest version of Windows Azure Active Directory Sync (DirSync) you may want to increase the frequency of synchronization between your AD organization and the cloud. To accomplish this open the Administrative Tools folder on the DirSync server and open Task Scheduler.

If everything has been configured correctly you will see a task called: Azure AD Sync Scheduler, double click that task

task1

There is a local account created by DirSync that is used for this task indicated where the green box is, if you want to make changes to this Task you have to set the password for this user in Computer Management > Users and Groups or you can create and use a different user account that has full admin privileges

task5

Select the trigger tab

task2

Set the task the repeat at the desired replication time, maybe 15 minutes or 1 hour is fine for your organization, it is up to you, select ok to save

task3

You will be prompted for the password from the general tab to be able to save, once you saved you are done and DirSync will run every interval you have selected!

taskpassword

If you would like a way to force DirSync easily, set up a shortcut. Learn about it in this article.