31 January 2014

“VMM cannot find VirtualHardDisk object” when refreshing a virtual machine in Virtual Machine Manager 2012

You might get an error when refreshing a virtual machine on VMM:

Error (801)
VMM cannot find VirtualHardDisk object 3ce58e1c-bfff-421d-8155-b06fb2fb4ea5.

Recommended Action
Ensure the library object is valid, and then try the operation again.

image

To resolve this, use the following SQL command against your VMM database:

delete from dbo.tbl_WLC_VDrive where VHDId='3ce58e1c-bfff-421d-8155-b06fb2fb4ea5'

image

The ID is the same in error message and in SQL command.

Of course you should have backup of your VMM database and stop VMM service before the command and start VMM service after the command.

Updated 19.04.2017:

Today I found out for one vm, that this command would work also if above doesnt help

delete from dbo.tbl_WLC_VDrive where Name='virtualservername'

but first try to find, whether you delete the right one or not by changing “delete” to “select *”

select * from dbo.tbl_WLC_VDrive where Name='life'

Posted by at No comments:

24 January 2014

DPM or VMM server gives Error 21201 about SMBIOSGUID when adding a hyper-v host

Edited on 18.04.2017: The same procedure verified to be working with VMM (Virtual Machine Manager) also. Googled my error message and found my own blog post, what a shame Smile

When adding a hyper-v host to Data Protection Manager Server, you might get the following error:

Error (21201)
Another machine with the same SMBIOSGUID is found.

Recommended Action
An SMBIOS GUID should uniquely identify the machine. Please provide the correct value or contact the machine manufacturer to help update the hardware with correct information.

The problem usually is with the same computer have been managed using the same dpm server, but not correctly removed from dpm.

Help comes with following SQL command:

SELECT a.PhysicalMachineId,b.ComputerName FROM tbl_PMM_PhysicalMachine a left join tbl_ADHC_Host b on a.PhysicalMachineId = b.PhysicalMachineId order by ComputerName

This command finds all computers, that are present in DPM server and shows physical machine ID and computer name. Try to find computers with name not present (NULL). If you have them, then delete those records from tbl_PMM_PhysicalMachine table. Use corresponding physicalmachineID for finding them.

Edit on 26.04.2017 --------------------------------------

The command to delete the NULL entries is:

delete from tbl_PMM_PhysicalMachine where PhysicalMachineId = (SELECT a.PhysicalMachineId FROM tbl_PMM_PhysicalMachine a left join tbl_ADHC_Host b on a.PhysicalMachineId = b.PhysicalMachineId where ComputerName is null)

Edit on 10.06.2022 --------------------------------------

Now let's find all computers SMBIOSGUID with that SQL clause:

SELECT
    h.ComputerName,
    p.SmBiosGuid,
    h.PhysicalMachineId
FROM
    tbl_ADHC_Host AS h,
    tbl_PMM_PhysicalMachine AS p
WHERE
    h.PhysicalMachineId = p.PhysicalMachineId
ORDER BY
    ComputerName

Posted by at 4 comments:

16 January 2014

Get rid of old computer accounts in Active Directory

If your Active Directory has been running for several years and you don’t cleanup old computer accounts, then you might run into Active Directoy Users and Computers (dsa.msc) warning:

image

When you really do have more than 2000 computers in your system, then you don’t need to do anything :) But having only tens or hundreds of computers, then you should clean up your AD, perhaps do it regularly.

Every active computer in domain changes it’s (computer account) password every 30 days. Very old Windows NT4 computers every 7 days. Every computer account in Active Directory has information, when the password was last changed (passwordlastset). Let’s assume, that some users go on vacation and don’t use the computer for a month or so. It means, that when you discover a computer account, with passwordlastset older than 60 days, it’s (almost) safe to delete it.

To get the list of computer accounts, that havent changed use this powershell command:

Get-ADComputer -Filter * -Properties passwordlastset | where {$_.passwordlastset -lt (get-date).adddays(-60)} | select Name,PasswordLastSet | ConvertTo-Csv  -Delimiter `t -NoTypeInformation | clip

image

After that you can paste the info into excel and take a look, what computers will be deleted, when you use the next command.

image

When the list is ok for deletion, then use this command:

Get-ADComputer -Filter * -Properties passwordlastset | where {$_.passwordlastset -lt (get-date).adddays(-60)} | Remove-ADObject –Recursive

You can also use -confirm switch to change behaviour of asking whether to delete. This is useful when using this command on scheduled task.

Posted by at No comments:

08 January 2014

How to configure Windows Time service in (virtualized) Active Directory environment

Default behavior in Active Directory environment uses your domain controller with PDC emulator role as the primary source for time information and all other domain member servers and workstations use this time as authoritative.
To get the information about FSMO (Flexible single master operation) roles, type:
netdom query fsmo
image
If some of your domain controllers are virtualized, then your clock will soon be left behind. This happens because hyper-v host is obtaining time from primary source (virtualized domain controller) and after the clock on hyper-v host is set, then the same time will be set also on virtualized domain controller itself, creating a loop. During this loop, clock will shift bit by bit and left behind (a minute per week or so).
To overcome this situation, you need to disable hyper-v clock synchronization on all virtual domain controllers:
image
After that you should correct the time on PDC role owned domain controller. You should do this by using external time source. I suggest following commands:
w32tm /config /syncfromflags:manual /manualpeerlist:"ntp.data.ee"
w32tm /config /update
You can replace ntp.data.ee with some other time server on internet. To force the update you could use this command:
w32tm /resync
To show the configuration use this command:
w32tm /query /configuration
To reset messed up w32tm configuration, use following commands:
net stop w32time
w32tm /unregister
w32tm /register
net start w32time
This nice powershell script shows you time information on all domain servers:
$servers = Get-ADComputer -LDAPFilter "(operatingsystem=*server*)"
$servers | foreach {$server=$_.name ; net time \\$server} | clip
First line gets information about AD computers and selects only computers with server operating system. Second line uses net time command to get information for each server and places the result in clipboard, so you can paste it to excel, notepad etc.
Edit 27.04.2016 -------------------------------------------
Today, reconfiguring the situation, I found out, that the easiest thing to do is to use those 2 commands in PDC role owner:
w32tm /config /manualpeerlist:"pool.ntp.org" /syncfromflags:manual /reliable:yes /update
w32tm /resync

 Edit 04.12.2018 --------------------------------------------
To see, which domain controller has wrong time in your environment:
$servers = Get-ADDomainController -Filter *
$servers | foreach {$server=$_.name ; net time \\$server | findstr Current} 
Posted by at No comments:
Subscribe to: Posts (Atom)