Updating watched files paths in ShadowProtect Image Manager

 

Just a quick note I figured out whilst attempting to resolve an issue for a client.  We recently moved the ShadowProtect Image files for our backup scheme to an alternative drive.  As a result I went back & checked – the Watch Folders were incorrect (as expected), and my backups weren’t consolidating.

Two quick & easy options came to mind: 1 reconfigure my watch folders by deleting & readding them.  Not a major deal but I had already configured a series of unique consolidations & didn’t really want to have to note them all down & reconfigure.

The second option I went with was to stop the ImageManager service and simply to edit ImageManager.mdb  with Access 2007.  I went to the WatchPaths table and updated the Path for each of my backup targets. Once restarting the service I noticed that the original backup targets reappeared.  After a little further digging I noted that the registry key HKLM\SYSTEM\CurrentControlSet\services\ShadowProtectImageManager\Parameters\Watches key had the GUID’s for each of the watched folders.  Simply modifying the path in each of these to the correct location and then starting the ImageManager service did the trick!

A little painful but quite a quick process when dealing with a large Image Manager watch base.

Test Lab Guides–A step in the right direction

I was lucky enough this morning to attend a session by Joe Davies and Tom Shinder about an exciting new direction Microsoft is taking with new product learning – Test Lab Guides.

The basic concept seems to be a modular series of step by step guides, each building on the last to create a complex scenario.  Once you have your complex scenario you are able to perform operations on a live demonstration network and witness first hand the effects of your operations.

I’m sure many IT professionals have already experimented with, or use on a regular basis the base configuration model.  Whether it is a basic Sysprepped image with your companies regular tweaks/mods and a fully patched system, or the more complicated dual forest test labs that we might build to test different migration scenarios.

By breaking down complicated learning concepts into a series of manageable steps, each building on the last, and the use of snapshotting with your virtualization platform of choice, it’s easy to see a complex tree of scenarios can be built relatively quickly.  This provides an excellent learning environment for your staff/self to actually perform tasks prior to letting them loose on a customers environment.  There is simply no substitute for hands on learning in this fashion.

What I really like about the way these guys have approached the problem is that we are getting a consistent build environment based upon Microsoft Best Practices.  Not only does this give us an excellent foundation for approaching an issue, it provides a great level of consistency.

If we add to the above, the concept of a TLG clearinghouse (via the TechNet Wiki) where user generated guides can be uploaded & peer reviewed, we start to see the potential.  Rather than searching various technical sources to find an end to end scenario that closely resembles the problem you are trying to resolve, you can go to a single location and build the majority (or all) of the scenario you want to test.  If a model doesn’t quite fit your needs, simply add modules as required to get you most of the way there.

Virtualization has made this type of lab work a no brainer for most companies and I know many have taken on similar internal test labs for just this reason.  It’s great to see Microsoft embracing this methodology for hands on learning and it should lead to more rapid new technology updates amongst partners and technicians.

Tom has covered the above in significantly more detail and provides a great set of links on his technet blog, available here: http://blogs.technet.com/b/tomshinder/archive/2010/07/30/test-lab-guides-lead-the-way-to-solution-mastery.aspx

ShadowProtect HIR - Server/Desktop

Just a quick note to put down into writing what I found (and couldn't locate under the SP Knowledgebase) when implementing SP 4 for a customer.

Scenario: Customer is moving to a virtualized environment from a number of physical servers, during this process we are decomissioning the old hardware and gradually migrating to Server 2008R2.

My plan was to simply use ShadowProtect to virtualize the existing servers, HIR them and then run them in my VMWare environment.  Grab the disks, run through the image capture - no problems.  Perform a restore to the virtual environment - no problems.

Then comes the fun part, run HIR as part of the restore and it fails, saying it is unable to find a license!

So long story short, you MUST install & license ShadowProtect on the volume, prior to doing the capture.  If you don't, no matter what you do you will not be able to restore the image using Desktop/Server products.

My story was a happier one, I was able to get the IT edition USB key dropped off for me, and voila I was able to manually run HIR on the image no problems.

I have spoke to StorageCraft Reps who have confirmed there is no "back door" or way around this.  You need to have SP Installed & licensed, end of story.

Hope this helps

ShadowProtect IT Edition 3.6 meets Citrix XenServer 5.6

A short note to hopefully save a few of you some time if you face yourselves in the same situation as me.

Scenario: Needed to restore a ShadowProtect Image I had taken of a Small Business Server 2003, stored on an external USB hard drive.  The target for this restore was a newly created Citrix XenServer 5.6.  The restore in question required me to have 2 virtual disks.

Some of the problems I encountered:

• The 3 disk limitation of unmodified Windows Xen implementations.  In my scenario I originally wanted to create three separate vDisks, and attach the USB Backup Drive to my container for the restore.  This was not possible, as when booting into my ShadowProtect Restore Environment I did not have the XenTools installed.  This meant I was limited to a maximum of 3 "storage targets" within the VM (The limit is 4, however the CD/DVD Drive counts as one).  I would imagine this could be gotten around by attaching vdisks one at a time when the Removable Storage needed to be attached to the VM.
• The presentation of the ShadowProtect IT Edition USB Key to the Xen Virtual Machine.  I figured that I could simply pass my USB key through to the VM, use it to boot ShadowProtect and have it automatically detect the License Key so that I could perform the restore.  Unfortunately as Jack has noted to us during the sales/tech pitches, the License is locked to a particular USB Key.  When I attach the removable storage of the USB Key to the host VM, it presents in different format and the license is not recognized as valid.
• Network drivers in XenServer 5.6 with IT Edition 3.6 - for some reason these just refused to work.  I tried several attempts to inject the drivers within the XP/2003 restore environment however these did not seem to get picked up by ShadowProtect RE as it was initializing.  At this stage it was getting close to 10pm and I needed a solution quick.  I'm certain that if it were business hours I would be able to get in contact with SP and find the correct way to inject these drivers into the RE.  I did toy with the idea of injecting the drivers into the BOOT.WIM for the Win 7/Vista environment but decided it was not a good idea to screw with one of only 2 USB keys we have.

Long story short, after my driver injection attempts I noted Jack had mentioned in the past that the "3 day unlocked" version of ShadowProtect IT edition was going to be released at some point.  The IT Edition FAQ seemed to suggest that this was still coming and I couldn't find a link on the Australian website.  However I did find that the European site for ShadowProtect had an active site: http://www.storagecraft.eu/lp-backup-recovery/iso-download-for-active-subscribers/shadowprotect-it-edition-3-day.html I went here and downloaded the 3 day ISO and ran this up, no problems at all.  Interestingly enough I found that they provided version 3.5 of the IT Edition which did not have any issues with the XenServer 5.6 Network Drivers.

Hope the link proves useful, and might save you the hour or two I spent trying to find workarounds.

Why Windows Intune is such a big deal

Microsoft announced a few months ago a new cloud based Windows Management service known as Windows Intune.  It is currently in Beta, however the Beta is not available in Australia at this stage (at this stage MS Australia have confirmed there is no confirmed release or Beta date for Australia). 

The easiest way I can think of to explain what Intune provides, is a lightweight version of System Centre Essentials designed towards the SMB/SOHO market, where centralized IT Infrastructure is either not in place, or consists of minimal components.  The screenshot below displays the console, which gives you a good idea of what is provided:

As you'll notice, the console presents an Overview of your environment, A list of computers managed by Intune, the Updates Section, Malware Protection, Alerts, Software, Licenses, Policy, Reports and Administration. 

The centre section gives you a snapshot of the organization at a glance, letting you know whether there are any major issues in your organization. To the right we have the familiar (in recent windows versions) tasks sequence giving contextual tasks dependent upon the pane you are currently in. 

Drilling down further into the menu, we can go into the Computers section, which is shown below. 

As you can see we have a series of groups that can be created to categorize the Computers managed by Windows Intune.  By default any new computers are joined to the Unassigned Computers group until you allocate them to a new computer group.  These groups are used to manage/apply policy in a similar fashion to Organizational Units in Active Directory.  The overview tab which is not shown above, provides a quick snapshot of the general health of each managed computer. 

If you continue drilling down into the individual computers you are presented with detailled information about each of the sections that Windows Intune manages.  In addition to these you are presented with a Hardware and Software tab.  The Software tab provides you with a list of all installed applications on the computer (handy to see if your user has decided to install 1001 screensavers).  The Hardware tab provides detailled hardware information, from Motherboard to firmware to printers which is exceptionally useful when troubleshooting hardware related issues.

Next down, we have the Updates tab which is very familiar to those of you who have used Windows Server Update Services in your client organization.  Below I have screenshots of the Updates screen when an update is pending approval, and the standard (all updates taken care of) view.

You'll notice in the first screenshot there is an option to approve the pending updates, where you would select which computer groups these updates need to apply to.  Again, very similar to the standard WSUS screens you are probably familiar with.  An important note to consider is that updates are downloaded from the Microsoft Update Service - which has bandwidth considerations if you are using InTune in addition to an on premises WSUS.  Microsoft have confirmed that Group Policy overrides InTune Policy, so if you apply WSUS local updating policies these will take precedence.

Continuing down the console, we have the Anti-Malware section, I have taken screenshots of the Anti-Malware section when a virus is found on a client machine. 

As you'll notice the interface is pretty basic, providing you with the details of any malware found on managed machines and a brief overview of the threat severity.  What is really cool is the ability to click on the name of the threat (or the "Learn More:") link, and you will get a Forefront Threat description with information about the threat (see below)

Note that I was unable to find a way of remotely cleaning up the threat, however at least you are notified that the threat exists.  I would imagine that future Beta versions will include this functionality as it seems fairly trivial to implement.

Next we have the Alerts section, which provides a snapshot of all active Alerts in the system.  From within this section you are able to view any informational alerts (such as information to let you know how to install client software) or critical alerts (such as malware found) and the ability to close these once they have been resolved.  The section is fairly self explanatory but comprehensive in the areas of the client that it covers.  Screenshot below.

The next section is software which is also reasonably basic, it simply provides you with a list of all software installed on the computers within your organization.  You can see the number of computers the software is installed on, as well as the author & publisher information (the usual stuff).

Continuing down, we have the Licenses section - this is quite a nifty feature for smaller organizations to keep track of their software compliance. Again at this case it's fairly basic, you can currently upload Microsoft Volume Licenses here (add the Agreement/Authorization number) which allows you to keep track of numbers. This is the information used in the next section around Reporting on compliance.

 
 
 
 
 
 
 
 
 
We then continue to the Policy section which can be thought of as the Intune version of Group Policy.  At this stage we have the ability to apply policy around the Intune Client, the Anti-Malware Agent and the Windows Firewall.  These policies are applied to Computer Groups exactly as you would expect.  Again the implementation seems pretty basic at this stage but it shows what can be done and I would imagine that future versions of Intune should allow you to apply other policy settings to your clients.  I absolutely love this concept of remotely managed Group Policy for all.
 
 

Second from last we have the Reports section which provides a useful area which consolidates all aspects of reporting into the one section.  Here we can generate reports on the Update Status, Installed Software and License Reporting.  Each has multiple types of report that can be generated and these are quite handy for generating paperwork for your managed clients (to show them the work you do for them!).

Finally we have the Administration pane where you can configure various aspects of your client management. 

The updates section (screenshow below) allows you to configure what types of update are available for installation on your client machines (ie. the product categories, and update types).  You can also configure Automatic Approval settings to ensure that your clients automatically receive critical updates without administrative approval.

We can then configure Alerts for your managed clients and whether these are enabled.  In addition you can configure recipients to be notified when an Alert event has been triggered as well as what events actually trigger an email (and what purely triggers a console alert).

The remaining two administration sections simply cover the authorized Intune administrators (and their associated Live ID's).  These are known as Service Administrators, although at this stage I have yet to see exactly what these differences constitute.

This year I was extremely lucky to be able to attend TechEd Australia 2010 where Jeff Alexander and his fellow presenter (terribly sorry I've forgotten his name) gave us an excellent demonstration of the User Interface and were able to provide us with some interesting information around the product. 

The beauty of this product is the ability to manage workstations irrespective of where they are currently located.  No special firewall rules required, it's all client initiated polling, and communicates over SSL (so as long as their internet connection allows outbound web traffic they can be managed. 

@nathanm was kind enough to let me know that Remote Assistances is also provided via Windows Intune which was one of the key features I had originally thought missing.  It's called Windows Easy Assist and is implemented via Live Meeting.  It supports Full Desktop Sharing, Single App Sharing, the ability to record & replay, file transfer and the ability to reboot/reconnect, which is great. Taking this into account the product begins to look increasingly polished and any feature changes would be relatively minor.

Australian pricing is not ready, in the same way the beta is not currently ready, however indicative american pricing suggests that we will be looking at around $10US per month per client, with an additional $1US per month for the Microsoft Desktop Optimization Pack.  The cool thing about this cost though, is that it actually entitles you to upgrade every single computer managed by the product to Windows 7 Enterprise.  And that extra $1 US per month gives you the rights to use all of the MDOP products.  That to my mind is pretty awesome, and the price is inline with the numbers Telstra are currently providing for hosted BPOS.  It may well be that pricing will be different when the product is released, but the power & management provided by the product justifies that pricepoint in my mind.

We're still unsure of the release date, however initial suggestions from MS were some time next year.  We are assured that by the time the next TechEd comes around we will be talking about this product more and more. 

Personally I'm excited by the product and can't wait to get my hands on the Australian beta as soon as it comes out and follow the product to completion.  I can't deny that there are other products out there that cover this market, however when Microsoft put their minds to something they tend to produce a winner.  They have made a serious commitment to the cloud and I think this product will be one of their flagship SMB products moving forward.  Especially when you consider this product in conjunction with BPOS and "Aurora" (the new SBS Light).

Exciting times ahead people, definitely keep your eyes and ears open for Windows InTune, it's going to be massive.

ShadowProtect ImageManager Enterprise Licensing Error

Came across an interesting error today when attempting to Enter the license information for ShadowProtect Image Manager Enterprise (4.0).

To configure a license, you simply load Image Manager, click on Agent Settings, then select the Licensing Tab, and choose Activate.  When you enter your licensing information, I was getting the following error:
"The constructor to deserialize an object of type 'StorageCraft.Licensing.LicensingException' was not found."

Turns out there is a relatively simple fix for this, you can simply obtain an updated licensing.dll from StorageCraft, via this KB: http://www.storagecraft.com/kb/questions.php?questionid=240

Basically, all you have to do is Stop the StorageCraft ImageManager Enterprise License server, rename the old licensing.dll file from the %program files%\StorageCraft\ImageManager directory, place the new licensing.dll file in there, and then restart the services.

Voila, you can now enter the updated license information and your product will activate.  What's interesting is that you can't find this out by "googling" for the answer, as the KB in question doesn't actually contain any serchable text.  Hopefully this should start showing up in search results and save you guys a bit of time next time!

Cheers

PracticeWorks Update (7.0.13.185)

Just a quick one here, I've been battling for the last few hours with an update to the PracticeWorks Software.  Long story short I've figured the upgrade process out, it's a little different from the documented steps.

1. Perform the Pervasive SQL 10 SP3 update (from Autorun menu) on PWORKS server
2. Restart PWORKS server
3. Install PWorks update on server
4. Run through PWorks client install (part of the same install)
5. Rename the WSetup folder in your PWORKS data folder (say WSetup-olddate)
6. Copy the WSetup folder from your C:\PWORKS folder (this assumes data directory is different from install directory)
7. Launch PWorks on a client workstation
8. You're going to be told that you should not run different versions of BTRIEVE
9. Continue, then you'll be prompted to update the installation of PWorks
10. It will detect that Pervasive SQL is out of date, allow it to update
(Note at this point I kept getting told there was another copy open, when there wasn't on the network, so I just ignored the error)
11. Restart workstation
12. Run PWorks again, and choose Yes to update
13. When the upgrade has finished, you should be able to launch PWorks.

More notes to come after I work out the HICAPS updates a little better