Microsoft Internet Explorer was heavily hit this week with the Latest Microsoft Endpoint Update as well as Symantec Endpoint updates. While Symantec released a fix, Microsoft is still working on updated version to fix this issue.

1. The Latest Microsoft Protection breaks Internet Explorer downloads, for more details check the following article http://blogs.technet.com/b/configmgrteam/archive/2015/02/19/known-issue-endpoint-protection-blocks-internet-explorer-downloads.aspx                                                                                                                                                                                                                         
2. Symantec Endpoint protection update crashes Microsoft Internet Explorer. For more details check the following article http://news.softpedia.com/news/Symantec-Confirms-Faulty-Antivirus-Update-That-Caused-Internet-Explorer-Crashes-473883.shtml

The Symantec update affected both Windows 7 and Windows 8 machines while the Microsoft Endpoint update was mainly observed on Windows 8.1 machines. Users should stay tuned for an expected quick fix from Microsoft.

I was working lately on Migrating and moving all our Virtual Machines from Hyper-V 2008 R2 Hosts to the latest 2012 R2 Hyper-V Hosts. We installed the Hyper-V 2012 and 2012 R2 SCOM Management Packs to monitor our new servers while keeping the old 2008 Hyper-V Management Pack since there are still VMs hosted on 2008R2 (Transition Phase).

It was noticed that Event ID 26004 is repeated on daily basis on my Hyper-V 2012 R2 Host servers under the Operations Manager logs from Server Event Viewer.



The Image Management Service Admin Event log was only available back in Hyper-V 2008 R2 Hosts and it doesn't exist in Hyper-V 2012 or 2012 R2



Problem

On my SCOM server i have three Hyper-V Management Packs for 2008R2, 2012 and 2012R2 Hyper-V hosts. Logically each Management Pack should identify and point all its monitors to its relevant servers. However it looks like the 2008R2 Management Pack which includes the Image Management Service admin Event log is pointing and trying to get this data from the 2012 and 2012 R2 servers

Upon checking this issue with several Microsoft Support engineers, they confirmed that when the 2008 R2 Management Pack was created the work flow was targeted very broadly and affected all Hyper-V hosts, Even if you have the correct Management pack as 2012 or 2012 R2, this won't stop the 2008 MP to monitor and target the newer Hyper-V servers.

Solution

The Solution is to disable targeting this monitor from the 2008 MP to 2012 and 2012 R2 servers

In order to do this you need to do the following:

1. Go to the SCOM Console, Authoring - Management Pack Objects - Monitors - find - mounted drive

Microsoft Announced couple of days ago that it will extend its support for Antimalware and Antivirus products running on Windows XP till July 2015. This is really good news for Enterprises moving and migrating from XP to newer versions as well as personal users and individuals with Windows XP.

Microsoft earlier announced that Windows XP end of support is April 8, 2014 which includes any support for bugs, security issues or any Operating system support. On top of that was the Antimalware and Antivirus signatures.  Windows XP operating system launched more than 10 years ago was a very successful OS for Microsoft and was highly adopted by Organizations and personal computers. According to recent statistics Windows XP is being used on almost 30% of Desktops as per below Market share Statistics Link.

http://marketshare.hitslink.com/report.aspx?qprid=11&qpaf=&qpcustom=Windows+XP&qpcustomb=0

This was probably the main reason for Microsoft to Extend the Anti Malware/Virus Support for another year after the XP end of support. This extension applies to enterprise users running System Center End Point Protection, Forefront Client Security and Forefront Endpoint Protection. Also Personal users running Security Essentials will be covered as well.

For more details please check the below link.


http://blogs.technet.com/b/mmpc/archive/2014/01/15/microsoft-antimalware-support-for-windows-xp.aspx


This extension will not stop the XP end of support scheduled April, 2014. There will be no Security or Critical updates for Windows XP after April, 2014. Its still highly recommended to move ASAP to newer version of Windows for full support.

While checking the WSUS Products and Classifications i noticed that some products as the System Center Service Manager is not listed, also i noticed that the System Center 2012 R2 Products are not listed at all even with the latest updates (I am running WSUS on Windows server 2012 R2).

Upon checking the Microsoft Update Catalog on the Internet, i noticed that Service Manager is not listed/published on the Catalog as well, this explains why SCSM updates are not listed in the WSUS. For the current state WSUS is not designed to give SCSM under Products and Classifications as its not yet under the Catalog.

As for the System Center 2012 R2, they were just released less than 2 month ago and the next expected Rollup Will be mostly in the first quarter of 2014. I double checked with Microsoft Support team and they replied back that the Product team is working on WSUS hotfix/Service Pack/Release..........etc that might list the 2012 R2 Products.

Recommended links for WSUS

1. Microsoft Update Catalog: http://catalog.update.microsoft.com
2. Deploy WSUS 2012 and 2012R2 in your organization: http://technet.microsoft.com/en-us/library/hh852340.aspx

I published a recent article on migrating/moving VMs from 2008R2 to 2012R2 Hyper-V host (you can check it at http://itcalls.blogspot.com/2013/11/how-to-migratemove-virtual-machines.html ), after successfully moving these VMs we faced another problem trying to backup them. We were using the latest DPM 2012R2 and we noticed that it added these VMs as offline only and for some reason it can't take online backup of them.

After some investigation we noticed an error on the hyper-v host with Event ID 10103 (check below image) which clearly mention that backup will fail because this VM doesn't have a SCSI controller.


So the solution was just to add a SCSI controller even if its connected to nothing, after that online/hot backup was taken smoothly without any problem.

So what was the problem ?

I discussed this issue with several Microsoft support personnel and It turned out that online or hot backup for a VM in 2012R2 Hyper-V host requires mounting a new VHD in the VM and then dismounting it later. Since only the SCSI controller can mount/support hot plugging of virtual disks, it became clear why we need this SCSI controller.

Old version of Hyper-V didn't work this way,  it required that the Hyper-V host mount the guest VHD as part of the backup process which is something Microsoft didn't like as it increase the surface of attack on this host.

Microsoft WSUS administrators sometimes tend to select all given Products (Options - Products and Classifications) and by time the WSUS content folder grows dramatically till it fill all disk space. If the WSUS administrator tries to uncheck or deselect unneeded products later on, this won't save or minimize the current space.

So how do the WSUS updates gets downloaded/Propagated on the WSUS server ?

1. WSUS server contacts the Microsoft Update servers and will only downloads the metadata (Not complete Full Update Package)
2. The Binaries or the actual downloads are only downloaded when you approve them manually or if there is an Auto approval rule configured.

I have been working on this issue for some time and it was always failing with different kind of errors, i consulted Microsoft Team as well and finally it worked with me. I am using DPM 2012 but it shouldn't differ with any earlier DPM version as 2010. The main blocking issue here is the TMG component on the UAG server. Remember that its highly recommended not to touch the TMG configuration on the UAG however this is one of the rare cases that need the administrator to tweak some TMG settings. To enable the DPM to backup UAG and install the client you need to do the following (Make sure to take Full backup from your TMG settings and Rules):



1. Ensure the File and Printer sharing is checked/Enabled on the UAG internal Network card.

2. From the TMG console- Firewall Policy. On the right pane click show system Policy rule

3. You need to disable system Rule number 2 (Allow Remote Management from selected computers using MMC) by Right clicking the rule and edit system policy, I am assuming the default TMG rules are not touched before.

4. You need to disable System Rule number 22 (Allow RPC from Forefront TMG to Trusted servers)

5. From the Right Pane, in the toolbox section create a new Protocol under user defined. The Protocol parameters as follows:

Primary connection: Type: TCP, Direction: Outbound, Port range: 135-135

Secondary Connection: Type: TCP, Direction: Outbound, Port range: 1024 - 65535

6. Final Step, create a new Access Rule (Make sure to move it to the top). Allow - All outbound traffic except selected (Choose - RPC All interfaces) - From DPM server (Create computer object with DPM IP address)- To Local Host (UAG server) - All users................etc



Save the Settings and ensure they are Synced from the monitoring tab. Now try to install the Agent from the DPM on the UAG server and take a simple test backup.

We passed by this issue with one of our new System Center configuration Manager SCCM 2012 installations when trying to create a new device collection with the Add/Remove Programs used in the Query. The List of programs was limited till applications starting with the "M" Letter and other applications weren't displayed as shown below.



I recall we passed by this issue in SCCM 2007 and we had to add the Valuelimit registry key and looks like its not fixed in SCCM 2012 and you need to do the same, however due to the change in the OS/SCCM version, the key location is changed, to fix this issue you need to apply the following:

1. Open the Registry (using Regedit) on the SCCM server
2. Explore HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ConfigMgr10\AdminUI\QueryProcessors
3. Add a new DWORD value named "Valuelimit" with Hexadecimal value of 10000 (The maximum value is 20000, its recommended to start up with 10000 and check if the problem is fixed instead of just entering the maximum number which can eat your memory). Check this article for more details http://support.microsoft.com/kb/269201
4. Stop the SMS_EXECUTIVE & SMS_SITE_COMPONENT_MANAGER services in this order
5. Start both services in the same order.

Note: If you managing the SCCM from a console on a terminal computer (most of the cases) and not directly from the SCCM server then you need to apply these settings on your console computer and reboot the computer after adding the registry key.

I noticed that my DPM 2012 server disk space gets filled on daily basis, the DPMDB transaction log (LDF file) under \Microsoft System Center 2012\DPM\DPM\DPMDB grows till it fill the disk space and all jobs fail accordingly. This issue occurs when the Sharepoint Catalog Task starts, If you are not protecting any Sharepoint Workload you won't notice this issue.

After working several hours with Microsoft DPM Escalation Team, it turned to be a bug in one of the procedures after System center 2012 Rollup 3 implementation.

For more information about Rollup 3 for System Center 2012, please check the following link: http://support.microsoft.com/kb/2756127

For that we modified store procedure prc_PRM_SharePointRecoverableObject_Update. (You can find it under the SQL Management Studio - DPMDB - Programability - Stored Procedures), Just take a DPM backup before any change for your reference.

From:

USE[DPMDB]
GO
/****** Object: StoredProcedure [dbo].[prc_PRM_SharePointRecoverableObject_Update] Script Date: 11/02/2012 17:42:07 ******/
SETANSI_NULLS ON
GO
SETQUOTED_IDENTIFIER ON
GO
ALTERPROCEDURE [dbo].[prc_PRM_SharePointRecoverableObject_Update]
(
@Captionnvarchar(40),
@ComponentTypenvarchar(16),
@RecoverableObjectIdBIGINT
)
AS
DECLARE@error INT,
@rowCountINT
SET@error = 0

SETNOCOUNT ON

UPDATEtbl_RM_SharePointRecoverableObject SET Caption =@Caption
UPDATEtbl_RM_SharePointRecoverableObject SET Caption =@Caption,
ComponentType= @ComponentType
WHERERecoverableObjectId =@RecoverableObjectId

SELECT@error = dbo.udf_DPS_CheckRowCount(1)

SETNOCOUNT OFF
RETURN@error

To:

USE[DPMDB]
GO
/****** Object: StoredProcedure [dbo].[prc_PRM_SharePointRecoverableObject_Update] Script Date: 11/03/2012 01:36:08 ******/
SETANSI_NULLS ON
GO
SETQUOTED_IDENTIFIER ON
GO
ALTERPROCEDURE [dbo].[prc_PRM_SharePointRecoverableObject_Update]
(
@Captionnvarchar(40),
@ComponentTypenvarchar(16),
@RecoverableObjectIdBIGINT
)
AS
DECLARE@error INT,
@rowCountINT
SET@error = 0

SETNOCOUNT ON

-- UPDATE tbl_RM_SharePointRecoverableObject SET Caption = @Caption
UPDATEtbl_RM_SharePointRecoverableObject SET Caption =@Caption,
ComponentType= @ComponentType
WHERERecoverableObjectId =@RecoverableObjectId

SELECT@error = dbo.udf_DPS_CheckRowCount(1)

SETNOCOUNT OFF
RETURN@error


After that we had a successful SharePoint catalog task that didn’t cause TempDB or DPMDB transaction log to grow.

I also have this fix update on Microsoft DPM Technet Forum

http://social.technet.microsoft.com/Forums/en-US/dataprotectionmanager/thread/e0e70be6-7249-438d-b43c-a0456f7c1338/#a93a3ed8-39bd-40bc-8224-ef7d6232299e

I passed by this experience when i was setting a new protection group using DPM 2012 for the latest SQL database server 2012. As per Microsoft System Center 2012 - Data Protection Manager Release Notes http://technet.microsoft.com/en-us/library/hh848297.aspx DPM 2012 should backup and recover SQL 2012 Databases except if the AlwaysOn feature is enabled. The AlwaysOn feature is not supported under the current DPM 2012 RTM but expected to be fully supported with the release of the System Center 2012 SP1 (expected in the next few weeks).

Briefly, To backup and recover SQL 2012 workload under DPM 2012 RTM

1. Make sure the AlwaysOn feature is not enabled (Currently DPM 2012 RTM doesn't support it)
2. Grant the SQL NT AUTHORITY\SYSTEM account SysAdmin Right.
3. Remove the Protection group and add it again after applying the above changes.