Monday, January 27, 2014

Adding additional keyboard layout for domain users

This is quick one, where I wanted to add additional keyboard layout to some users using GPO preferences. Using GPO preferences I have added following registry key to targeted domain users:

HKEY_CURRENT_USER\Keyboard Layout\Preload\
  • Value Name:2
  • Value type:REG_SZ
  • Value data:0000042f
42F is keyboard layout for Macedonian Language and 2 for value name is keyboard preference. Additional language codes can be found in following part of registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts.
 

Thursday, January 23, 2014

Event ID 5120 Hyper V 2012 Failover Clustering and DPM 2012 Backup Behavior

In this article I would recommend installing the KB 2879635 update for Windows Server 2012 based failover clusters that improves resiliency. This update should prevent the "notorious" event 5120 with description:
Cluster Shared Volume 'Volume1' ('name’) is no longer available on this node because of 'STATUS_IO_TIMEOUT(c00000b5)'. All I/O will temporarily be queued until a path to the volume is reestablished.
from happening during backup of VMs from Hyper V host located on CSV volume. Note that after installing this hotfix on Hyper V hosts, you should update integration components on Windows Server 2012 based guest virtual machines running on those hosts.

Also, If you're using DPM 2012 SP1 as you're backup solution I would recommend installing the latest rollup 3 KB2836751 and hotfix KB2886362 .

From my point of view, before installing these updates and rollups I was experiencing strange behavior when I was doing Hyper V host based backup of Windows Server 2012 virtual machines using DPM 2012 SP1. After initial replica creation of vm with installed Windows Server 2012 which is basically transferring the whole vhd(x) file to the DPM 2012 SP1 server, all other scheduled recovery points were transferring again the same size of data to the DPM server. This is an example of backup of one Windows Server 2012 vm:

 
After installing all the rollups and updates, the situation has changed, and the DPM scheduled replica creation task was transferring significantly smaller amount of data, and naturally the backup task was completing much faster.
Also, you will eliminate memory spike on node which is owning the CSV resource, during backup of VMs located on that volume fixed with KB2813630 which is included in KB 2879635.
 

Configuring HP Desktop BIOS using SCCM 2012 Task Sequence

In this case I wanted to unify BIOS settings (setup password and bios version) on HP Desktop Computers (DC5800, DC6000, DC6300, 600 G1). I was using SCCM 2012 R2 for operating system deployment, and in the task sequence for operating system deployment I have added steps for setting the BIOS password and updating the BIOS to latest available version for HP desktop model. For setting up the BIOS password I was using BiosConfigUtility.exe from HP sp52095.exe, and for updating the BIOS to the latest available version I was using HPQFlash which is part of BIOS update package and can be downloaded from support web page of the HP desktop model.
What I want to notify here is that BIOS password set with numbers from numerical part of the keyboard is not the same when typed with same numbers from regular part of the keyboard. So, in my case I wanted to set the BIOS password with numbers from numerical part of the keyboard. For example, for BIOS password I wanted to set seven,eight and nine from numerical part of the keyboard, knowing that previous BIOS password is either blank or "abcd". And syntax for achieving that task is following:

BiosConfigUtility.exe /cspwd:"" /cspwd:"abcd" /nspwd:"<KEYPAD 7><KEYPAD 8><KEYPAD 9>"

Note that several "old" BIOS password can be specified in same line using /cspwd, and new password is specified after /nspwd with syntax specified as above when wanted to use numerical part of the keyboard.
My next step was to update BIOS version. For updating the BIOS using HPQFlash when BIOS setup is password protected, setup password has to be provided in encrypted form. Setup password must be encrypted using HPQPswd utility which is part of BIOS update package. HPQPswd will create a file with encrypted setup password. Specifying that file for BIOS setup password will allow HPQFlash to update the BIOS version. Presuming that BIOS update file is located in same location as HPQFlash, the syntax for updating BIOS in silent mode is:
HPQFlash.exe -s -psetuppass.bin
Where setuppass.bin is the encrypted BIOS setup password file created with HPQPswd, and note that there is no space between -p and name of the encrypted BIOS setup password file.

Happy BIOS flashing !

Wednesday, January 15, 2014

Unable to update to SCCM 2012 R2 SCEP client

In this case I was upgrading SCCM 2012 SP1 infrastructure to SCCM 2012 R2, and one of my tasks was to upgrade SCCM client to SCCM 2012 R2 version 5.00.7958.1000. During SCCM 2012 R2 client upgrade procedure, SCEP client upgrading is part of the upgrading process to version 4.3.220.0. SCCM 2012 R2 client together with SCEP client were upgrading without any issues on most of the clients, but there were some clients where SCCM client was successfully upgraded to R2 version, but SCEP client was still with old version. SCCM 2012 R2 console for those clients was reporting the following information:

Deployment State: Failed 
Deployment Return Code: 0x80004005 
Deployment Description: Failed to trigger EP Installer to install.

On Client Side EndpointProtectionAgent.log was having following info:
![LOG[Failed to load xml from string <?xml version="1.0"?><SecurityPolicy xmlns="http://forefront.microsoft.com/FEP/2010/01/PolicyData" .........(truncated) > 
<![LOG[Failed to generate AM policy settings for SCEP installation with error code 0x80004005]LOG]!>

The reason for this behavior was that the Antimalware Policy assigned to client was having the ampersand "&" sign. After removing the "&" from the Antimalware policy, the SCEP client was successfully upgraded to version 4.3.220.0.