This article explains how to deploy an SQL AlwaysOn FCI in Azure IaaS Cloud in SAN-less mode (without Shared Storage like SAN, NAS …) with StarWind Virtual SAN solution.

StarWind Virtual SAN allows to present Shared Volume to a WSFC Cluster from two or more nodes without physical shared storage solution (SAN, NAS …). The DAS Storage (Physical or Virtual) of each node is used to create clustered volume managed by VirtualS AN. It can be used for Hyper-V clusters, SQL Cluster, VMware cluster …

For SQL, the advantage of this solution is that it is possible to deploy a SQL AlwaysOn Failover Cluster Instance (which requires only SQL Server Standard version licenses) instead of a SQL AlwaysOn AAG cluster (which requires SQL Enterprise licenses => more expansive).

Links:

StarWind Virtual SAN: https://www.starwindsoftware.com/starwind-virtual-san/fr

StarWind Resource Library: https://www.starwindsoftware.com/resource-library

Azure Marketplace VM: https://azure.microsoft.com/en-us/marketplace/partners/starwind/starwindvirtualsan-starwindbyol/

Overview of Architecture:

I will deploy three VM in azure:

• One AD DC/DNS Server used to create a forest.
• Two SQL Server nodes in cluster (with SQL Server 2014 STANDARD Edition).

Note:

• In Azure, you can also directly used the Azure SQL Database service (based on AlwaysOn), the infrastructure is managed by Azure (PaaS mode).
• You can also deploy an SQL AlwaysOn Availability Group, but this feature require SQL Server ENTERPRISE licenses (more expansive)

SQL VM Prerequisites:

To deploy StarWind Virtual SAN Solution, each VM must have:

• Two NIC (minimum two subnets are required : one for Data Synchronization and one for Heartbeat)
• One dedicated VHDX (this is not required, you can create Shared volume on each System volume of VM (C:\) but this is not a Best Practice).

StarWind Virtual SAN overview:

Virtual SAN must be installed on all nodes that will participates to the cluster.

On each node a Virtual SAN volume is created (file extension: SWDSK), Virtual SAN will replicate this volume between the two nodes (Synchronous replication). The Virtual SAN Volume will be presented to cluster nodes through iSCSI protocol with the use of MPIO.

Note about Cache: There is different Cache mode configuration applicable on a Virtual SAN Volume, this part is not covered in this article, but for example you can configured cache on SSD disk on each node to accelerate your IOPS.

You can also configure Virtual SAN Volume in Thick or Thin-provisioned mode.

Several Virtual SAN volume can be created on a same volume, this is just a question of Performance/Usage.

Configuration:

In this article, each SQL VM will be configured with two VHDX (one for system and one to host Virtual SAN Volumes). I will configure two Virtual SAN volumes: 1x dedicated for the cluster quorum and one dedicated for the SQL FC Instance Data (DB + LOG).

Overview of Virtual SAN clustered disks and ISCSI configuration:

1.1 – Azure environment preparation

The environment will be composed:

• 1x Azure subscription (for reminder you can create a trial account with 150€ available for 30 days).

• 1x Azure Resource Group:
  

A RG is a logical container used to regroup Azure resources associated to an application. It provides the centralized management and monitoring of these resources (lifecycle, cost calculation, provisioning, access control …)

• 1x Azure Storage Account (required to host VM VHDX):

• 1x Virtual Network (VNET) with three subnets:

• 2x Cloud Service. Just for reminder all VM in a Cloud Service must have the same number of NIC. So with two CS, I don’t need to create the AD DC VM with the Heartbeat VLAN. In addition CS allow scalability option.
  

• 3x Virtual Machine

• The two SQL nodes will be created with two vNIC and two VHDX.

If you begin with Azure read my detailed article (explains all steps to create the Azure environment: VM creation, Virtual Network configuration …): How to create an Azure Cloud environment.

2 – Installation of StarWind Virtual SAN

In this part I will configure two Virtual Volume (Replicated between the two SQL nodes). At the end both volumes can be added to the WSFC Cluster.

You can use the procedure bellow to configure CSV Disk for Hyper-V Cluster or any other WSFC Cluster.

Note: You can install only “Virtual SAN” components on Servers that will participate to the Replication and install the “Management console” component on an administration server or client.

On the first SQL Server, launch the Setup, select “StarWind Virtual SAN Service” and check the “Management Console”:

Enter your license:

https://www.starwindsoftware.com/registration-starwind-virtual-san

Click Finish:

Note that a Firewall Rule is created:

During the first start, the Management Console ask to configure the Storage Pool for Virtual Disk:

Select the disk previously prepared:

Repeat the operation on the second SQL Server and close the console.

2.1 – Virtual Disk “Quorum” – Creation

From the first SQL server, select it and click “Connect”:

Click the “Add Device (advanced)“:

Select “Hard Disk Device”:

Select Virtual disk and click “Next“.

Check the virtual disk location, change the name and specify the size:

Select “Thick-provisioned”:

Configure the cache policy and specify the cache size.

Note: StarWind recommends to use 1GB cache per 1TB storage.

Define the L2 cache policy if needed.

Note: StarWind recommends to use SSD for L2 cache and if it will be used, the formula is 1GB (sum of L1 and L2) cache per 1TB storage.

Enter a “Target Alias”, if you want you can change the Target Name:

Click “Create”:

Wait for completion and click Close:

Note that on the disk, two files (.img and .swdsk) are created:

2.2 – Virtual Disk “Quorum” – Configure Replication

Select the device you just created and click “Replication Manager“.

In the “Replication Manager” Window click “Add Replica“. Select “Synchronous two-way replication” and click “Next“:

Enter the FQDN of the second SQL server:

Select the target disk for the second SQL Server:

Same disk as the first SQL Server:

Choose “Create new Partner Device“
and click Next.

Leave default options (check the driver letter)

Click “Change network settings“:

Select a Network for “Synchronization and HA” and the other Network for Heartbeat:

Note: if you have more than two networks, you can configure several networks for Synchronization/HA flows (or Heartbeat).

You can also modify the ALUA (Asymmetric Logical Unit Assignment / Multipathing method) settings, but it”s recommended to keep “ALUA Optimized” for the both targets.

Click “Create Replica”:

Click “Close”:

Wait for the end of Synchronization and click “Close”:

On the Management Console, add the second SQL Server to manage it:

Click “Add Server”:

Enter “FQDN”:

Click “Connect”:

Now we can see the status of our replicated Virtual Disk. You can see that the second SQL server priority is set to “Second” and you can retrieve the local path of Virtual disk:

Note that the “Image1” name as change to “HAImage1”.

2.3 – Virtual Disk “SQL Data” – Creation & Replication Configuration

Repeat the procedure to create disk for “SQL DATA”:

Then configure Replication:

Wait for Synchronization and click “Close”:

So now the two disk are ready and after iSCSI configuration we can add them to WSFC Cluster:

3 – Enable iSCSI MPIO

To allow iSCSI multipath (configuration of several paths between iSCSI initiator and target) we must configure the MPIO Driver (installed previously) on both nodes

Start the MPIO Console: mpiocpl.exe

Go to “Discover Multi-Paths”, select “Add support for iSCSI devices” and click “Add”:

Restart Computer

After restart, re-run “MPIOCPL” and valid that “MSFT2005iSCSIBusType_0x9” is added to “Devices”:

4 – Configure iSCSI

The last step is to configure iSCSI Initiator on both node to present the two target disk in multipath mode.

On each SQL node (2x iSCSI Target for the Quorum disk + 2x iSCSI Target for the SQL-Data Disk)

Reminder:

4.1 – Present Disks to SQL Node 1

On the first SQL Server (L1-SQLFCI-1), start the “iSCSI initiator” configuration: iscsicpl

Configure Discovery

Go to “Discovery” tab and click “Discover Portal…”:

First add the host himself, enter the loopback address and click “Advanced”:

Select “Microsoft iSCSI Initiator” and set the Initiator IP to “Default”:

Next repeat the procedure to add the other SQL Server:

Enter the IP address of the second SQL Server, click “Advanced” and set the Initiator IP to the local IP of the server.

For more High Availability, you can also add the Heartbeat network:

Connect Targets

Go to the “Targets” tab. You can see that the two disk are listed (two different path) and the connection are “Inactive”.

Select the first target on the local server himself and click “Connect”:

Check “Enable multi-path”, click “Advanced” and configure the Initiator IP to default and the Target Portal on the loopback:

Repeat the procedure for the second path of the Quorum disk. Set the Initiator IP to the local IP of the Server and the Target Portal IP to the IP of the other SQL Serve:

Repeat the procedure for the second iSCSI target (SQL-Data Disk). The first path on the local server and the second path on the other Server. At the end all the targets status must be “Connected”:

Configure MPIO

Select the first Target of the “Quorum disk” and click “Devices…”

Click “MPIO”:

By default the “Load balance policy” is configured to “Round robin”.

Change it to “Fail Over Only” and check that the Active path is the localhost => Select the Active path, click “Details” and control the Source/Target Portal:

Repeat the same procedure for the second Target “SQLData”:

4.2 – Present Disks to SQL Node 2

Repeat the Full procedure to configure iSCSI Targets on the second SQL Server

Configure Discovery:

Connect all Targets (for each disk, one locally and the second to the other server):

Configure MPIO “Load Balance Policy” to “Fail Over Only” on the both targets:

Quorum Disk:

SQLData Disk:

5 – Prepare Disk

Now, we can see that the two volumes are visible by both SQL node (with multipath):

On one node, initialize both disks:

Now we are ready to mount the SQL Cluster!

6 – Create the WSFC Cluster

Go to the first node and start the WSFC Console and select “Validate cluster Configuration.

Add the two SQL Nodes:

Run all tests, check “Create the cluster now…” and click Finish:

Enter the Cluster Name:

Note that the Cluster IP is configured in DHCP Mode.

Uncheck “Add all eligible storage to cluster”:

Click Finish:

At the end of the cluster configuration, there is an error:

This is “normal” on Azure, this issue is due to the DHCP mode for the Cluster IP, the Cluster retrieves the same IP as the node where the cluster is created, so there is an IP Conflict.

Go to the second SQL node and start the WSFC Console:

Edit the IP Cluster Core resource:

Change IP to a Static IP (there is no way for the moment to reserve it on Azure):

Click “Yes”:

6.1 – Configure Network

Go to Network, rename them and check the configuration (Cluster Use):

6.2 – Add Disk to cluster

Go to Storage and select “Add Disk”:

Add the two Virtual Disks (managed by StarWind Virtual SAN):

Start the “Server Management” console and create new Volume on these Disks:

Create Quorum Volume (Q:):

Create “SQL Data” Volume (G:):

6.3 – Configure Quorum

Edit “Cluster Quorum Settings”:

Select “Advanced”:

Keep “All Nodes” for “Voting Configuration” and select “Configure a disk witness”:

Select the Q: Volume and click “Finish”:

So now we have one Disk used for Cluster Quorum and one disk available for SQL Server:

7 – SQL Server – Install first Node

On the first node, mount the SQL Server 2014 (or 2012) Standard ISO and select “Installation\New SQL Server failover cluster installation”:

Select “Database Engine Services” and “Management Tools – Basic”:

Select “Default instance” and enter a SQL Server Network Name:

Keep or change the SQL Cluster group:

Select the Cluster Disk:

Configure an IP Address for the SQL cluster:

Configure you service accounts:

Set “Collation”:

Configure your Authentication mode and Administrators Group:

Configure the SQL path to the Cluster Disk (except for the TempDB, select a local path). Normally you should configure TempDB, Log … on separate disks):

Click “Yes”:

Start Installation:

Wait for installation and click “Close”:

Now, the SQL Cluster Instance is ready with the Clustered disk:

8 – SQL Server – Install the second Node

Go to the second node, mount SQL ISO and select “Add node to a SQL Server failover cluster”:

Check the Cluster Node and Network Configuration:

Configure Service Accounts:

Click “Install” and wait for completion:

9 – Connect to Instance

Ok, so now if you try to connect the instance directly from a node, it’s OK:

But if you try to connect from a client, you get an error:

This is normal, in Azure you cannot connect directly to a cluster, you have to configure an ILB (Internal Load Balancer). To access the SQL Cluster Instance clients must connect to the ILB instead of the Cluster IP.

10 – Create an Internal Load Balancer (ILB)

Start “Azure PowerShell” and run:

1 – Create the ILB:

Change variables with your parameters and choose a Load balanced Set name.

$SQLClusterName = "sqlfci-1"
$SQLClusterIP = "172.16.0.115"
$CloudServiceSQL = "tc-lab1-cs-sqlsrv"
$LBSetName = "LBS-SQLFCI"
Add-AzureInternalLoadBalancer -InternalLoadBalancerName $SQLClusterName -SubnetName "default" -ServiceName $CloudServiceSQL –StaticVNetIPAddress $SQLClusterIP

Note: Check ILB in a Cloud Service

Get-AzureInternalLoadBalancer -ServiceName "tc-lab1-cs-sqlsrv" -Verbose:$false

Note: Get VM Azure Endpoint

Get-AzureVM -Name "l1-sqlfci-1" -ServiceName "tc-lab1-cs-sqlsrv" -Verbose:$false | Get-AzureEndpoint | ft Name,protocol,port,localport,ProbeProtocol,ProbePort, ProbeIntervalInSeconds,InternalLoadBalancerName -AutoSize

By default, on a VM a PS and RDP endpoint are created:

2 – Add load balanced endpoint to the first cluster SQL node:

Note: Choose your own “Probe Port” (here: 311433). The same Probe Port must be configured on endpoint on both VM and on the SQL IP Address cluster resource.

Get-AzureVM -ServiceName $CloudServiceSQL -Name "l1-sqlfci-1" | Add-AzureEndpoint -Name "SQL" -LBSetName $LBSetName -Protocol "TCP" -LocalPort 1433 -PublicPort 1433 -ProbePort 31433 -ProbeProtocol tcp -ProbeIntervalInSeconds 10 –DirectServerReturn $true -InternalLoadBalancerName $SQLClusterName | Update-AzureVM

Now if we check Endpoints:

3 – Add load balanced endpoint to the second SQL cluster node:

Get-AzureVM -ServiceName $CloudServiceSQL -Name "l1-sqlfci-2" | Add-AzureEndpoint -Name "SQL" -LBSetName $LBSetName -Protocol "TCP" -LocalPort 1433 -PublicPort 1433 -ProbePort 31433 -ProbeProtocol tcp -ProbeIntervalInSeconds 10 –DirectServerReturn $true -InternalLoadBalancerName $SQLClusterName | Update-AzureVM

MSDN Links:

• LoadBalancerProbe Schema: https://msdn.microsoft.com/en-us/library/azure/jj151530.aspx
  
• Add-AzureEndpoint: https://msdn.microsoft.com/en-us/library/azure/dn495300.aspx
  

NOTE – View Load Balanced Set configuration through the Azure Portal:

Edit VM Settings. You can see the new “Load-Balanced” endpoint:

Got to “Load balanced sets”, you can see the ILB:

In addition, you can edit the Load Balanced set:

View of member VM and you can manage ACL:

10.1 – Configure SQL IP address Cluster Resource

Now the last step is to configure Cluster.

For reminder, during the SQL setup, I set a static IP Address 172.16.0.115 on the SQL Server instance role and I configure the ILB with the same IP. The last step is to add the probe port defined in the ILB to the SQL IP resource cluster.

On a cluster node, start a PowerShell console with Elevated privileges. Retrieve the name of the resource “IP Address” of the SQL Server cluster group:

Configure Probe Port (here 31433) on the SQL IP Address cluster resource:

Get-ClusterResource "SQL IP Address 1 (sqlfci-1)" | Set-ClusterParameter -Multiple @{Address="172.16.0.115";ProbePort="31433";SubnetMask="255.255.255.255";Network="Cluster Network - PROD";OverrideAddressMatch=1;EnableDhcp=0}

Check the SQL IP Address cluster resource configuration:

Get-ClusterResource "SQL IP Address 1 (sqlfci-1)" | Get-ClusterParameter

Note: Probe port’s job is to find out which is the active node that hosts the IP Address (SQL Role) in the Cluster. Load Balancer sends the probe pings over TCP port 31433 to every node in the cluster (by default every 10 seconds)

For more information about ILB and Probe Port configuration, read this excellent article: https://blogs.technet.com/b/askcore/archive/2015/06/24/building-windows-server-failover-cluster-on-azure-iaas-vm-part-2-network.aspx

Restart the SQL Server Cluster Role:

Now you can connect to the SQL Cluster Instance through a Client.

The post SQL AlwaysOn FCI in Azure IaaS Cloud with StarWind Virtual SAN Solution appeared first on Tech-Coffee.

This article presents how to prepare an environment in Azure IaaS (Resource Group, Cloud Service, VMNET, VM …) from the beginning and explain Azure basic concept:

• creation of all required resources (Resource Group, Storage account, Cloud Services).
• configuration of a Virtual Network (VNET) with multiple subnet.
• configuration of VPN Gateway (Point-to-site VPN) for client connection and certificate configuration.
• use of Azure PowerShell.
• VM creation with multiple vNIC and VHDX.
• deploy a simple AD Forest.

For the demonstration I will used the architecture that I prepare to test the StarWind Virtual SAN product.

For more information see my other article:
SQL AlwaysOn FCI (Failover Cluster Instance) in IaaS Azure Cloud with StarWind Virtual SAN Solution

Overview of Architecture:

The environment will be composed:

• 1x Azure subscription (for reminder you can create a trial account with 150€ available for 30 days).

• 1x Azure Resource Group:
  Note: A RG is a logical container used to regroup Azure resources associated to an application. It provides the centralized management and monitoring of these resources (lifecycle, cost calculation, provisioning, access control …)

  
  

• 1x Azure Storage Account (required to host VM VHDX):

• 1x Virtual Network (VNET) with three subnets:

• 2x Cloud Service. Just for reminder all VM in a Cloud Service must have the same number of NIC. So with two CS, I don’t need to create the AD DC VM with the Heartbeat VLAN. In addition CS allow scalability option.
  

• 3x Virtual Machine

• The two SQL nodes will be created with two vNIC and two VHDX.

2 – Create a Azure Resource Group

Note about Azure portal: For the moment the migration of Azure portal is in progress. I will use the new portal (in Preview) to do all configuration.

Portal: https://manage.windowsazure.com

New Portal: https://portal.azure.com

Click on “Brows ALL” and select “Resource groups”. Click “Add”:

Enter a Name and select a location (note that the location is important for Azure resources, you have to create resources in the same location). Click “Create” (Pin is to Startboard, a Resource Group is useful to manage your environment):

3 – Create a Azure Virtual Network (VNET)

Click “New”, Select “Networking” and click “Virtual Network”:

Enter a name, select an Address space (you can keep the default 10.0.0.0/16, I change it just for the demonstration).

Enter your first network subnet (172.16.0.0/24) and change the default name. Change the location and click “Create”:

Wait for the creation and select your new VNET:

3.1 Configure an Azure VPN Point-to-site

Note: You can configure a “Site-to-site” VPN (use to connect your On-premise infrastructure) or a “Point-to-site” (use for client connection).

You can connect to your VM through RDP without VPN (P2S), but configured a VPN permits to secure your communication between yours computers and your Azure environment (VNET).

Click on the “VPN connections” tab, select “Point-to-site”, select a subnet (10.0.0.0/24 is the subnet for VPN Clients), check “Create gateway immediately” and click “OK”:

Wait for your Gateway creation (this part can take 10/15 minutes):

Note that a new subnet was automatically create for the Gateway mask /29)

Gateway created:

Configure Certificate authentication

Certificates are used to authenticate VPN clients for point-to-site VPNs.

I will use the traditional “makecert” tool to create Root Certificate. This tools is available in the Windows SDK or in MS Visual Studio (Express or full).

Note that at this time, only self-signed root certificates are supported in Azure

https://www.visualstudio.com/products/visual-studio-express-vs.aspx

https://msdn.microsoft.com/en-us/windows/desktop/bg162891.aspx

Install Windows SDK for Windows 8.1:

Generate a self-signed root certificate

Star a CMD and run (change the CN and the output path):

makecert -sky exchange -r -n "CN=RootTechCoffee101" -pe -a sha1 -len 2048 -ss My "D:\CERT\RootTechCoffee101.cer"

The certificate is created in my personal folder:

Retrieve it:

Go to your VNET and click on Point-to-site. Click on “Manage Certificate”:

Click “Upload” and select your Root certificate created previously:

Check the certificate status:

Download your VPN Client:

Generate a Client Certificate

Start CMD and Run (Change CN and your Root Certificate name):

makecert.exe -n “CN=ClientTechCoffee101” -pe -sky exchange -m 96 -ss My -in “RootTechCoffee101” -is my -a sha1

Check if certificate if OK:

Configure your VPN client

Now we just have to install the VPN client on our workstation, launch the exe (VPN Client) previously downloaded:

The package configure the VPN connection, click on “Networks” and connect to the new VPN:

Check “Do not show …” and click “Continue”:

We are now connected, we can connect to VM with RDP directly with private IP Address.

Note that route are added:

You can check all connected client, from you VNET click on Point-to-site clients:

3.2 Configure additional Subnet

Now we can create additional subnets (here only one: Heartbeat).

Go to VNET (tc-lab1-lan) settings.

Note – Overview of Address Space:

Select “Subnets” and click “Add”:

Enter name and subnet for the new subnet (here: Heartbeat):

Click “Save”:

4 – Create a Cloud Service

I will create two CS:

Go to Cloud Services and click “Add”:

Enter a name, select your Resource Group and make sure you put the Cloud Service in the same Region as your Virtual Network.

Create a new Cloud Service for SQL Servers:

CS created:

5 – Create a Storage Account

Before you begin provisioning VMs you must create a Storage Account.

Select “NEW\Data + Storage\Storage”:

Enter a name and select your storage model:

Note: Azure Storage pricing – https://azure.microsoft.com/en-gb/pricing/details/storage/

Configure your resource Group and make sure you create the Storage Account in the same Location as your Virtual Network

So now everything is ok and we are ready for VM deployment!

Be careful with your resources location:

6 – Install Azure PowerShell

Azure PowerShell module allow to manage all your Azure environment.

You have to install it because at this time it is the only way to deploy Virtual Machine with multiple NIC/Subnets.

The Azure PowerShell module require Microsoft .NET Framework 4.5.

Download Web installer (recommended): https://go.microsoft.com/fwlink/p/?linkid=320376&clcid=0x409

Or Direct Download Link: https://go.microsoft.com/fwlink/?LinkID=279888&clcid=0x409

Click Install:

You can also install also the Azure CLI (Command line) Tools:

Link to Azure Script Center:

https://azure.microsoft.com/en-us/documentation/scripts/

6.1 Connect to Azure PowerShell

Start Azure PowerShell:

Enter “Add-AzureAccount” and enter your login information:

Note: Get Azure Cmdlet (get-help Azure)

7 – Create Azure VM DC/DNS

Now we are ready to create VMs. I will create the first VM (AD DC) through GUI and SQL VM through PowerShell (mandatory)

Note: Currently there is a bug with the new Portal, it’s impossible to select the Cloud Service and the VNET during the first VM Creation. Once the first VM is created, you can create all other VM through the new portal.

Issue overview:

During the creation of the first VM , when you select your Cloud Service:

VNET is not configured and locked:

Go to Azure Portal: https://manage.windowsazure.com

Click “New\Compute\Virtual Machine\From Gallery”:

Select the WS2012R2 Datacenter Image (STANDARD is not available, Windows Server licenses are included):

Enter a name and select the size (this is a DC in a lab so: BASIC A0). Enter a local administrator name and password and click “Next”:

Select the cloud Service and the VNET (with prod subnet => “default”):

Click “Create”:

Just for the issue on the new portal, now if I try to create a new VM from the portal the VNET is correctly configured when I select my cloud Service:

8 – Create Azure VM with multiple NIC (SQL Node)

As I said previously, for the moment the only way to create a VM with multiple networks is through PowerShell.

The way to create an Azure VM though PS is to create a VM Configuration “New-AzureVMConfig” and then create the VM “New-AzureVM).

So, first select a VM image from Azure VM image gallery. Note that images change frequently (new updates included …). The first command bellow automatically selects the last published Image of WS2012R2 DTC:

# Retrieve VM Image (last version)
$image = (Get-AzureVMImage -Verbose:$false | Where-Object {$_.label -like “Windows Server 2012 R2 Datacenter*”}| Sort-Object –Descending PublishedDate)[0]
$image | ft Label,PublishedDate
## Other Options ##

#List available images
Get-AzureVMImage -Verbose:$false | where-object { $_.Label -like "Windows Server 2012 R2 Datacenter*"} | fl Label,ImageName,PublishedDate
$image = Get-AzureVMImage -Verbose:$false | where-object { $_.Label -like "Windows Server 2012 R2 Datacenter, June 2015"} | fl Label,ImageName

#Use the StarWind VirtualSan Image (require a "Pay-as-you-go" subscription"
$image = Get-AzureVMImage -Verbose:$false | where-object { $_.Label -like "starwindperhour" }  # or "starwindbyol

Note: I use the WS2012R2 image, but the StarWind Virtual SAN VM is available in the Azure Marketplace (https://azure.microsoft.com/en-us/marketplace/partners/starwind/starwindvirtualsan-starwindbyol/). The access (through PowerShell) to this image require a “Pay-as-you-go” or an “MSDN” subscription.

Marketplace VM overview:

Next, specify the VM name, the size and configure the default administrator account:

Note: To retrieve InstanceSize value go to: https://azure.microsoft.com/en-us/documentation/articles/virtual-machines-size-specs/

Note: Multiple NIC is not supported on all VM sizes. You cannot use “Basic” VM size and for “Standard” the minimum is AXX. For more information go to:

For SQL VM, I will use the A3 Standard size.

# Configure VM
#  * Note: To retieve VM Size values go to: https://azure.microsoft.com/en-us/documentation/articles/virtual-machines-size-specs/

$vm = New-AzureVMConfig -Name "l1-sqlfci-1" -InstanceSize "Large" -Image $image.ImageName -AvailabilitySetName "AVS-SQLSrv"

# Create the default administrator login.
Add-AzureProvisioningConfig –VM $vm -Windows -AdminUserName "tcadmin" -Password "xxxxx" 

Now we can configure VM NICs. First we set the first NIC on the default subnet with a static IP and then we add a new NIC connected to the Heartbeat subnet:

Note about StaticIP:

In Azure, a Static IP is not like a DHCP reservation. This mean that set a static IP in a VNET will ensures the VM will attempt to be assigned the correct IP address at provisioning time but it is no guarantee.

# Configure the default NIC
Set-AzureSubnet -SubnetNames "default" -VM $vm
Set-AzureStaticVNetIP -IPAddress "172.16.0.5" -VM $vm

# Add additional NICs to the VM configuration.
Add-AzureNetworkInterfaceConfig -Name "Ethernet1" -SubnetName "Heartbeat" -StaticVNetIPAddress "172.16.10.5" -VM $vm

Create the VM:

# Create the VM
New-AzureVM -ServiceName "tc-lab1-cs-sqlsrv" -Location "West Europe" –VNetName "tc-lab1-lan" –VMs $vm 

Note about Warning “The specified DNS name is already taken” from O’Reilly book:

Repeat the operation to create the second SQL Server:

8.1 – Resources Overview in Azure

If you go to your Cloud Services, you can have a view of VM Status:

Or through PowerShell, you can use:

# Get VM Status
get-azurevm | ft ServiceName,Name,Status,IpAddress,PowerState,InstanceSize,AvailabilitySetName -AutoSize

You can also manage all your resources from your Resource Group:

8.2 – Attach Disk to VM

Now I will create one new VHDX for each SQL Server.

Select the first SQL server and open Settings. Select “Disk” and click “Attach New

Repeat the same operation for the second SQL Server

Prepare Disk:

Note: Each of the arrays which will be used by StarWind Virtual SAN to store virtual disk images has to meet the following requirements:

• Initialized as GPT
  
• Have a single NTFS-formatted partition
  
• Have a drive letter assigned
  

So on each SQL Server, initialize new disk:

And create a new Volume:

9 – Create Active Directory FOREST

Connect to the AD DC/DNS Server and add roles (AD DS & DNS Server):

Promote DC and create forest:

Add-WindowsFeature -Name "AD-Domain-Services,DNS,GPMC" -IncludeManagementTools

# AD DS Deployment
Import-Module ADDSDeployment
Install-ADDSForest `
-CreateDnsDelegation:$false `
-DatabasePath "C:\Windows\NTDS" `
-DomainMode "Win2012R2" `
-DomainName "tclab1.corp" `
-DomainNetbiosName "TCLAB1" `
-ForestMode "Win2012R2" `
-InstallDns:$true `
-LogPath "C:\Windows\NTDS" `
-NoRebootOnCompletion:$false `
-SysvolPath "C:\Windows\SYSVOL" `
-Force:$true
-safemodeadministratorpassword (convertto-securestring "Password1" -asplaintext -force)

9.1 – Create a new GPO

Basically, I configure at minimal three settings on all servers:

Windows Firewall (Computer Configuration\Policies\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile\)

Enable:

• Windows Firewall: Allow Inbound File and printer sharing exception
• Windows Firewall: Allow Inbound Remote Administration exception

DNS Suffix

Go to “Computer Configuration | Policies | Administrative Templates | Network | DNS Client” and set the Primary DNS Suffix value:

10 – Finalyze SQL Server basic configuration

10.1 – Join Computer to Domain

Rename NIC:

Note that if you Stop VM through the Azure Portal (Status: Stopped (Deallocated), NICs will be reinitialized. This will not occurs if you just stop VM through OS.

Configure DNS IP:

And add computer to domain:

10.2 – Install Windows Features

Install .NET 3.5 Framework (required for SQL 2012/2014) and WSFC cluster features:

# For remote install add: -ComputerName <Hostname>

Install-WindowsFeature Net-Framework-Core,Failover-Clustering -IncludeManagementTools
Install-WindowsFeature Multipath-IO

OK, now the environment is ready. In the next step I will configure the Virtual SAN product to create clustered disk and install a SQL Cluster (AlwaysOn FCI)

Next Steps: SQL AlwaysOn FCI (Failover Cluster Instance) in IaaS Azure Cloud with StarWind Virtual SAN Solution

11 – LINK

Configure a Point-to-Site VPN connection to an Azure Virtual Network

https://azure.microsoft.com/fr-fr/documentation/articles/vpn-gateway-point-to-site-create/

How to Create and Deploy a Cloud Service

https://azure.microsoft.com/en-us/documentation/articles/cloud-services-how-to-create-deploy/

How to install and configure Azure PowerShell

https://azure.microsoft.com/en-us/documentation/articles/powershell-install-configure/

Downloads – Get the SDKs and command-line tools you need

https://azure.microsoft.com/en-us/downloads/#cmd-line-tools

Azure Script Center

https://azure.microsoft.com/en-us/documentation/scripts/

Install and Configure the Azure CLI

https://azure.microsoft.com/en-us/documentation/articles/xplat-cli/

Install the Azure CLI

https://azure.microsoft.com/en-us/documentation/articles/xplat-cli-install/

Using the Azure CLI for Mac, Linux, and Windows with Azure Service Management

https://azure.microsoft.com/en-us/documentation/articles/virtual-machines-command-line-tools/

The post Begin Azure IaaS – Prepare your Environment appeared first on Tech-Coffee.

Date: 16 June 10am PT / 1pm ET

Speaker: Max Kolomyeytsev, StarWind Software Inc. Product Manager
Have you noticed the way all-flash arrays silently conquered the market of high-performance storage? And do you know it’s really possible to get all-flash performance without actually spending a fortune?

Spindle drives are too weak for the task you say. StarWind unchains the spindle drives to enable the performance you have never expected even from the best SAS spindles.

Learn how to acquire the technology you could previously only get with high-end hardware SANs. Now it’s more simple than ever, install the software and get ready to transform your Datacenter.

Register here!

The post StarWind Webinar: Get Unbelievable Performance without Expensive All-Flash Arrays appeared first on Tech-Coffee.

SMA Runbook to update SCVMM R2 UR3 DHCP Server Extension on all Hyper-V Hosts

https://gallery.technet.microsoft.com/scriptcenter/SMA-Runbook-to-update-1c908bb7

My WSUS server is not deployed for the moment, so I download manualy the Update Rollup 3 (there are 2 updates: server and console)

https://support2.microsoft.com/kb/2965414/en-us

Update VMM Server:

Use WSUS or SCCM, or the manual procedure bellow:

Start the VMM Server Update, and click “OK”

msiexec.exe /update kb2965414_vmmserver.msp

Do not reboot now:

Launch the console update:

msiexec.exe /update kb2965413_AdminConsole_amd64.msp

Update VMM Database:

Connect to the SQL Instance which host the VMM Database, start a new query on the VMM Database and run the SQL SCRIPT (can be found on the KB Webpage, see link above):

/* script starts here */
ALTER Procedure [dbo].[prc_RBS_UserRoleSharedObjectRelation_Insert]
(
        @ID uniqueidentifier,
        @ObjectID uniqueidentifier,
        @ObjectType int,
        @RoleID uniqueidentifier,
        @UserOrGroup varbinary (85),
        @ForeignAccount nvarchar (256),
        @IsADGroup bit,
        @ExistingID uniqueidentifier = NULL OUTPUT
)
AS
SET NOCOUNT ON
     SELECT @ExistingID = [ID] FROM [dbo].[tbl_RBS_UserRoleSharedObjectRelation]
     WHERE [ObjectID] = @ObjectID AND [RoleID] = @RoleID
  AND
  -- Select owner OR Select all which matches ForeignAccount or UserOrGroup OR
  -- both ForeignAccount and UserOrGroup is NULL
  (([UserOrGroup] = @UserOrGroup OR [ForeignAccount] = @ForeignAccount) OR
  ([UserOrGroup] IS NULL AND @UserOrGroup IS NULL AND [ForeignAccount] IS NULL AND @ForeignAccount IS NULL))
      /* Ignore duplicate entries */
      IF (@ExistingID IS NULL)
      BEGIN
     INSERT [dbo].[tbl_RBS_UserRoleSharedObjectRelation]
               ([ID]
               ,[ObjectID]
               ,[ObjectType]
               ,[RoleID]
               ,[UserOrGroup]
               ,[ForeignAccount]
               ,[IsADGroup]
               ,[IsOwner]
               )
    VALUES
    (
            @ID,
            @ObjectID,
            @ObjectType,
            @RoleID,
            @UserOrGroup,
            @ForeignAccount,
            @IsADGroup,
            0
    )
      END
SET NOCOUNT OFF
RETURN @@ERROR
GO

ALTER PROCEDURE [dbo].[prc_WLC_IsVHDSharedByAnotherVmOnHost]
    @HostId [uniqueidentifier],
 @VHDId [uniqueidentifier],
    @VMId [uniqueidentifier]
AS
BEGIN
    DECLARE @error int
    SET @error = 0
    SET NOCOUNT ON;

    SELECT TOP 1 1 FROM dbo.[fn_WLC_GetParentChildRelationForVHD](@VHDId) vcr
 JOIN dbo.tbl_WLC_VDrive vd ON
  vcr.VHDId = vd.VHDId
 JOIN dbo.tbl_WLC_VObject vo ON
  vo.ObjectId = vd.ParentId
 JOIN dbo.tbl_WLC_VMInstance vi ON
  vo.ObjectId = vi.VMInstanceId
 WHERE
  vo.HostId = @HostId
 AND
  vo.ObjectId <> @VMId
 AND
  vi.RootVMInstanceId <> @VMId
    SET @error = @@ERROR
    SET NOCOUNT OFF
    RETURN @error
END
GO

IF EXISTS (SELECT * FROM dbo.sysobjects
           WHERE id = OBJECT_ID(N'prc_ADHC_HostDisk_GetByClusterDiskIdAndHostId')
           AND OBJECTPROPERTY(id, N'IsProcedure') = 1)
DROP PROCEDURE dbo.prc_ADHC_HostDisk_GetByClusterDiskIdAndHostId
GO
CREATE PROCEDURE dbo.prc_ADHC_HostDisk_GetByClusterDiskIdAndHostId
(
  @ClusterDiskID guid,
  @HostID guid
)
AS
DECLARE @error int
SET @error = 0
SET NOCOUNT ON
SELECT
 [DiskID],
 [Signature],
 [UniqueID],
 [HostID],
 [LibraryServerID],
 [StArrayID],
 [LastUpdatedDateTime],
 [DeviceID],
 [Index],
 [Capacity],
 [IsPassThroughCapable],
 [IsSanAttached],
 [ClusterDiskID],
 [Location],
 [StorageLUNID],
 [SMLunId],
 [SMLunIdFormat],
 [SMLunIdNamespace],
 [SANType],
 [Bus],
 [Lun],
 [Target],
 [Port],
 [IsVHD],
 [StClassificationId]
FROM dbo.tbl_ADHC_HostDisk
WHERE
[HostID] = @HostID
AND
[ClusterDiskID] = @ClusterDiskID
SELECT @error = @@ERROR
SET NOCOUNT OFF
RETURN @error
GO

-- The stored procedure will be deleted after the OS table is updated
IF  EXISTS (SELECT * FROM sys.objects WHERE object_id = OBJECT_ID(N'[dbo].[prc_IL_AddOSTemp]') AND type in (N'P', N'PC'))
DROP PROCEDURE [dbo].[prc_IL_AddOSTemp]
GO
CREATE PROCEDURE [dbo].[prc_IL_AddOSTemp]
    @OSId GUID,
    @Name nvarchar(64),
    @Description nvarchar(max),
    @Edition int,
    @ProductType int,
    @Version nvarchar(32),
    @Architecture nvarchar(32),
    @OSFlags int,
    @VMWareGuestId nvarchar(32),
 @OSType int
AS
BEGIN
    DECLARE @error int
    SET @error = 0

    SELECT * FROM dbo.tbl_IL_OS WHERE OSId = @OSId
 -- If the OS entry doesn't exist, add the entry.
 -- If it exists, update
    IF (@@ROWCOUNT = 0)
 BEGIN
 INSERT INTO dbo.tbl_IL_OS
 (
  [OSId],
  [Name],
  [Description],
  [Edition],
  [ProductType],
  [Version],
  [Architecture],
  [OSFlags],
  [VMWareGuestId],
  [OSType]
 )
 VALUES
 (
  @OSId,
  @Name,
  @Description,
  @Edition,
  @ProductType,
  @Version,
  @Architecture,
  @OSFlags,
  @VMWareGuestId,
  @OSType
 )
 END
 ELSE
    BEGIN
    UPDATE dbo.tbl_IL_OS
    SET
        [Name] = @Name,
        [Description] = @Description,
        [Edition] = @Edition,
        [ProductType] = @ProductType,
        [Version] = @Version,
        [Architecture] = @Architecture,
        [OSFlags] = @OSFlags,
        [VMWareGuestId] = @VMWareGuestId,
  [OSType] = @OSType
    WHERE OSId = @OSId
    END

    SET @error = @@ERROR
    RETURN @error
END
GO
prc_IL_AddOSTemp 'A3281FA8-6633-4A1D-9AB2-6B563121EC8D', 'Ubuntu Linux 14.04 (32 bit)', 'Ubuntu Linux 14.04 (32 bit)', NULL, NULL, NULL, x86 , 0x1C, 'ubuntuGuest', 1
GO
prc_IL_AddOSTemp '2AF8E4A1-05F0-444E-A96F-D4D5B86B5CC8', 'Ubuntu Linux 14.04 (64 bit)', 'Ubuntu Linux 14.04 (64 bit)', NULL, NULL, NULL, amd64 , 0x1C, 'ubuntu64Guest', 1
GO
-- Delete the temporary stored procedure
-- used to populate this table
IF  EXISTS (SELECT * FROM sys.objects WHERE object_id = OBJECT_ID(N'[dbo].[prc_IL_AddOSTemp]') AND type in (N'P', N'PC'))
DROP PROCEDURE [dbo].[prc_IL_AddOSTemp]
GO
/* script ends here */

Restart the VMM Server

Start Console, click “File\About” and check the VMM version (must be 3.2.7672.0):

Update HOST – VMM Agent:

Check the host status, normally you should read “Needs Attention” (else starts a Refresh).

Right-click on the host and select “Update Agent”:

Retrieve the script if you have many hosts to update:

$credential = Get-SCRunAsAccount -Name “Hyper-V Host Management” -ID “xxxxx”

$managedComputer = Get-SCVMMManagedComputer -ComputerName “s-hv-1.infra.corp”

Update-SCVMMManagedComputer -Credential $credential -RunAsynchronously -VMMManagedComputer $managedComputer

Wait until the job is finished and refresh the host:

You can check VMM Agent version:

Command to check all hosts:

Get-VMMMangedComputer | Select Name, AgentVersion

Update HOST – DHCP vSwitch extension:

Microsoft Note:

Important The System Center Virtual Machine Manager DHCP Server (x64) component must be manually updated on all VMM Hyper-V hosts. If this component is not updated, virtual machines may not be assigned an IP address for several minutes after the restart of the VM. (Eventually the VM will receive the IP address and otherwise function normally.) To check the version of the VMM DHCP agent, run the following command from an elevated PowerShell command prompt window on the host: Get-WmiObject -Class win32_product -Filter ‘Name = “Microsoft System Center Virtual Machine Manager DHCP Server (x64)”‘

Go to an Hyper-V Host and run the command:

Or you can view the version through “Programs and Features”:

Uninstall the Product through Programs and Features or through msiexec (add /quiet to skip confirmation):

msiExec.exe /x {3834A905-5CC1-454D-8CA4-AC449F12775D}

Copy the “DHCPExtn.msi” file from your VMM install folder to the Hyper-V host

Path: ..\Program Files\Microsoft System Center 2012 R2\Virtual Machine Manager\SwExtn

And run the MSI (you can use “msiexec /package <file> /quiet”):

Update all VMM Agent and DHCP vSwitch extension on all hosts (use MS PowerShell script cited above).

Update all VMM Console deployed in your environment.

Install of Update Rollup 3 is done!

Note about SCOM Management Pack:

From MS KB webpage:

This update rollup includes a Management Pack package upgrade. If you use System Center Operations Manager and System Center Virtual Machine Manager integration, we recommend that you upgrade your Management Pack installation to the latest version after you apply this update. The default installation path for this package is “C:\Program Files\Microsoft System Center 2012 R2\Virtual Machine Manager\ManagementPacks.”

The post SCVMM 2012 R2 – Deploy Update Rollup 3 appeared first on Tech-Coffee.

• Article Summary
• Part 1 – AlwaysOn Introduction
• Part 2 – AlwaysOn Design
• Part 3 – Install and Configure Windows Server 2012 R2 in Core mode
• Part 4 – WSFC Cluster Creation
• Part 5 – Install SQL Core on Windows Core Server
• Part 6 – AlwaysOn Availability Groups Creation
• Part 7 – AlwaysOn Availability Groups Creation (Advanced, with dedicated Replication Network)
• Part 8 – Methods to add Database on Availability Groups (SCOM Example)
• Part 9 – AlwaysOn Availability Groups – PowerShell Monitoring
• ANNEX (Part 6/7) – Manage SQL Endpoint

I will not cover the entire SCOM installation, but just the part of Databases configuration.

Note that the Availability Groups (one or two, depending of your architecture) must be created before the SCOM installation. Indeed, during the installation we need to specify the AAG Listener DNS name in place of the classic instance Name.

During the installation, the database is created on the active instance (which hosts the Availability Group Listener) but it’s not added to the AlwaysOn Availability Group, this action must be done at the end of installation. This article covers the methods to add Database to an AAG through SQL Management Studio, T-SQL and PowerShell.

In the previous part (7 – AAG Advanced Configuration), I have created two dedicated AAG for SCOM:

Install SCOM

Note: Before installation the AAGs are dispatched (nominal mode):

• *  AAG-3SCOM (with the listener: AAG-3L) is hosted by the AOI2 Instance
  
• *  AAG-4SCOM (with the listener: AAG-4L) is hosted by the AOI4 Instance
  

Start the SCOM installation (full procedure will be written in a dedicated article):

Select components that you want:

First Management server:

And now the part that interest us.

For the “Server name and instance name” we just have to specify the AG Listener DNS Name and the port (check the paths):

Same for the data warehouse database:

Finalize the installation:

Now from SQL, on the AOI2 Instance, we can see the OperationsManager Database (not added to the AG):

And on the AOI4 Instance, we can see the OperationsManagerDW Database:

Add SCOM Databases to the Availability Groups

Prepare Databases

Change recovery model to Full and make a Full Backup

With Transact-SQL

-- Set Recovery Model to FULL
USE master ;
ALTER DATABASE OperationsManager SET RECOVERY FULL ;

-- Check Recovery Model
SELECT name, recovery_model_desc
FROM sys.databases WHERE name = 'OperationsManager' ;
GO

-- Make a Full Backup
USE master
GO
BACKUP DATABASE OperationsManager TO DISK = 'G:\MSSQL\MSSQL11.AOI2\MSSQL\Backup\OperationsManager.bak'
GO

Repeat the same operation for the OperationsManagerDW database.

Add SCOM Databases to Availability Groups

There are 3 methods to configure a Database in an Availability Group:

• –  From SQL Management Studio
• –  From Transact-SQL
• –  From PowerShell

For demonstration, I will add to the AAGs:

• –  the first SCOM Database (OperationsManager) with Management Studio
• –  the second SCOM Database (OperationsManagerDW) with T-SQL
• –  a test database with PowerShell

Add a Database to an Availability Groups through Management Studio

Target: Database “OperationsManager” to the Availability Group “AAG-3SCOM”

Right-click on the Availability Group and select “Add Database”:

Select the SCOM Database:

On the “Select Initial Data Synchronization” enter a shared network location:

There is an issue with Management Studio. For security I have set a static port on all instances (not the default 1433) and I disabled SQL Browser Service. To add a database to an AAG you need to connect all Replicas, but I cannot specify the port and so without the Browser service enabled I cannot connect the secondary instance… (This issue is only present with the use of SQL Management Studio)

So start the SQL Browser Service temporarily (and open the firewall port if needed) and connect to the instance:

Review checks:

Start the operation:

Now first SCOM Database is configured for High Availability on the Availability Group AAG-3COM.

Check the status on the Primary Instance (synchronized under Databases):

On the secondary instance, wait until the status is “Restoring”:

Status OK on the secondary replica:

Add a Database to an Availability Groups through T-SQL

Target: Database “OperationsManagerDW” to the Availability Group “AAG-4SCOM”

Prepare the T-SQL script:

Script: AAG-4SCOM-Add-DB-OperationsManagerDW.sql

--- YOU MUST EXECUTE THE FOLLOWING SCRIPT IN SQLCMD MODE.
:Connect M-SQLA4\AOI4,1764
USE [master]
GO

ALTER AVAILABILITY GROUP [AAG-4SCOM]
ADD DATABASE [OperationsManagerDW];
GO

:Connect M-SQLA4\AOI4,1764
BACKUP DATABASE [OperationsManagerDW] TO DISK = N'\\10.0.1.21\Share\OperationsManagerDW.bak' WITH COPY_ONLY, FORMAT, INIT, SKIP, REWIND, NOUNLOAD, COMPRESSION, STATS = 5
GO

:Connect M-SQLA2\AOI2,1764
RESTORE DATABASE [OperationsManagerDW] FROM DISK = N'\\10.0.1.21\Share\OperationsManagerDW.bak' WITH NORECOVERY, NOUNLOAD, STATS = 5
GO

:Connect M-SQLA4\AOI4,1764
BACKUP LOG [OperationsManagerDW] TO DISK = N'\\10.0.1.21\Share\OperationsManagerDW_20140505174600.trn' WITH NOFORMAT, NOINIT, NOSKIP, REWIND, NOUNLOAD, COMPRESSION, STATS = 5
GO

:Connect M-SQLA2\AOI2,1764
RESTORE LOG [OperationsManagerDW] FROM DISK = N'\\10.0.1.21\Share\OperationsManagerDW_20140505174600.trn' WITH NORECOVERY, NOUNLOAD, STATS = 5
GO

:Connect M-SQLA2\AOI2,1764
-- Wait for the replica to start communicating
begin try
declare @conn bit
declare @count int
declare @replica_id uniqueidentifier
declare @group_id uniqueidentifier
set @conn = 0
set @count = 30 -- wait for 5 minutes
if (serverproperty('IsHadrEnabled') = 1)
and (isnull((select member_state from master.sys.dm_hadr_cluster_members where upper(member_name COLLATE Latin1_General_CI_AS) = upper(cast(serverproperty('ComputerNamePhysicalNetBIOS') as nvarchar(256)) COLLATE Latin1_General_CI_AS)), 0) <> 0)
and (isnull((select state from master.sys.database_mirroring_endpoints), 1) = 0)
begin
select @group_id = ags.group_id from master.sys.availability_groups as ags where name = N'AAG-4SCOM'
select @replica_id = replicas.replica_id from master.sys.availability_replicas as replicas where upper(replicas.replica_server_name COLLATE Latin1_General_CI_AS) = upper(@@SERVERNAME COLLATE Latin1_General_CI_AS) and group_id = @group_id
while @conn <> 1 and @count > 0
begin
set @conn = isnull((select connected_state from master.sys.dm_hadr_availability_replica_states as states where states.replica_id = @replica_id), 1)
if @conn = 1
begin
-- exit loop when the replica is connected, or if the query cannot find the replica status
break
end
waitfor delay '00:00:10'
set @count = @count - 1
end
end
end try
begin catch
  -- If the wait loop fails, do not stop execution of the alter database statement
end catch

ALTER DATABASE [OperationsManagerDW] SET HADR AVAILABILITY GROUP = [AAG-4SCOM];
GO

From the M-SQLA4 server, start a CMD and execute:

Check the status of Database, now the both SCOM Databases are OK:

(Note) You can remove all backups in the share folder:

Another prerequisite for a failover of a database on another instance (replica) is that the logins of the application must be configured (with the same permissions: Server Roles/User Mapping) on all instances involved in the Availability group.

To do a failover, the application (here SCOM) logins must be configured on all replicas.

Check SCOM SQL logins on all Instances of the Availability Group. First Replica “M-SQLA2\AOI2”:

• * svc-scomaa
  
• * svc-scomdas
  
• * svc-scomdww
  

Second replica “M-SQLA4\AOI4”:

Add a Database to an Availability Groups through PowerShell

Target: Database “AdvWorks” to the Availability Group “AAG-1”

Requirement:

• Check if Database backup mode is set to Full
  

Start PowerShell (elevated privileges):
SCRIPT: SQLAO_Add-database-to-AAG.ps1

1 – Backup Database
Note: If you launch the command remotely, the SQL Browser Service must be started on the target Instance.

The Full DB and log backups are created :

2 – Restore Database on the other instance

Note: To execute this command on a remote computer, the SQL Browser service must be activated.

Now the Database is in “Restoring” state on the secondary Instance:

3 – Join the Database to the AAG on the primary instance

The database is added on the AAG-1, check the status (must be Synchronized)

3 – Join the Database to the AAG on the secondary instance

Check status on the secondary node:

Note: You can check the copy Status from PowerShell

The post AlwaysOn Part 8 – Methods to add Database (SCOM) appeared first on Tech-Coffee.

• Article Summary
• Part 1 – AlwaysOn Introduction
• Part 2 – AlwaysOn Design
• Part 3 – Install and Configure Windows Server 2012 R2 in Core mode
• Part 4 – WSFC Cluster Creation
• Part 5 – Install SQL Core on Windows Core Server
• Part 6 – AlwaysOn Availability Groups Creation
• Part 7 – AlwaysOn Availability Groups Creation (Advanced, with dedicated Replication Network)
• Part 8 – Methods to add Database on Availability Groups (SCOM Example)
• Part 9 – AlwaysOn Availability Groups – PowerShell Monitoring
• ANNEX (Part 6/7) – Manage SQL Endpoint

In Part 6, the AAG1 and AAG2 Availability Groups was created from wizard. In this part, I will do an advanced creation of AAG: AAG-3 and AAG-4. Instances members of these AAG will be configured to communicate over a replication Network. I will do the configuration with Transact-SQL and I will write later an article on how to configure AAG through PowerShell.

Now we have to create the Availability Groups: AAG-3SCOM and AAG-4SCOM on instances AOI2 and AOI4:

IP use for Instances Endpoints (subnet 10.0.20.0/24):

For people who don’t know SCOM, this product require two Databases: one DB “Operation” (for live monitoring) and one DB “Data warehouse” (for historical monitoring). These Databases require performances, so with this configuration, in nominal mode, each DB is hosted on a different Instance and have a replica on the other.

Create Availability Group: AAG-3SCOM

This AAG will host the SCOM “OperationsManager” database.

1 – Create Instances Endpoint

Network Configuration: The only difference with the Endpoints created for the first two AAG (with the default configuration) is that we add an IP Address of the dedicated Replication network:

–  LISTENER_IP = (10.0.20.22) – for the Instance AOI2

–  LISTENER_IP = (10.0.20.22) – for the Instance AOI4

Endpoints rights: Note the Grant Connect command that it gives rights to the other Instances account (MSA):

–  GRANT CONNECT ON ENDPOINT::[Hadr_endpoint] TO [lab1\svc-sqldbe4$] – on the Instance AOI2

–  GRANT CONNECT ON ENDPOINT::[Hadr_endpoint] TO [lab1\svc-sqldbe2$] – on the Instance AOI4

Also, the script checks if the Extended Event session “AlwaysOn_health” is started.

Script “AAG-3SCOM-Creation-1-Endpoint.sql“:

--- YOU MUST EXECUTE THE FOLLOWING SCRIPT IN SQLCMD MODE.
-- Create Login for both Instances -------------------------------------

:Connect M-SQLA2\AOI2,1764
USE [master]
GO
CREATE LOGIN [lab1\svc-sqldbe4$] FROM WINDOWS
GO

:Connect M-SQLA4\AOI4,1764
USE [master]
GO
CREATE LOGIN [lab1\svc-sqldbe2$] FROM WINDOWS
GO

- Create ENDPOINT for Instance: AOI2 -----------------------------------
:Connect M-SQLA2\AOI2,1764
USE [master]
GO

CREATE ENDPOINT [Hadr_endpoint]
AS TCP (LISTENER_PORT = 5022, LISTENER_IP = (10.0.20.22))
FOR DATA_MIRRORING (ROLE = ALL, ENCRYPTION = REQUIRED ALGORITHM AES)
GO

IF (SELECT state FROM sys.endpoints WHERE name = N'Hadr_endpoint') <> 0
BEGIN
ALTER ENDPOINT [Hadr_endpoint] STATE = STARTED
END
GO

use [master]
GO
GRANT CONNECT ON ENDPOINT::[Hadr_endpoint] TO [lab1\svc-sqldbe4$]
GO

-- Create ENDPOINT for Instance: AOI4 ----------------------------------
:Connect M-SQLA4\AOI4,1764
USE [master]
GO

CREATE ENDPOINT [Hadr_endpoint]
AS TCP (LISTENER_PORT = 5022, LISTENER_IP = (10.0.20.24))
FOR DATA_MIRRORING (ROLE = ALL, ENCRYPTION = REQUIRED ALGORITHM AES)
GO

IF (SELECT state FROM sys.endpoints WHERE name = N'Hadr_endpoint') <> 0
BEGIN
ALTER ENDPOINT [Hadr_endpoint] STATE = STARTED
END
GO
use [master]
GO
GRANT CONNECT ON ENDPOINT::[Hadr_endpoint] TO [lab1\svc-sqldbe2$]
GO

-- Start Extended Event session: "AlwaysOn_health" ---------------------
:Connect M-SQLA2\AOI2,1764
IF EXISTS(SELECT * FROM sys.server_event_sessions WHERE name='AlwaysOn_health')
BEGIN
ALTER EVENT SESSION [AlwaysOn_health] ON SERVER WITH (STARTUP_STATE=ON);
END
IF NOT EXISTS(SELECT * FROM sys.dm_xe_sessions WHERE name='AlwaysOn_health')
BEGIN
ALTER EVENT SESSION [AlwaysOn_health] ON SERVER STATE=START;
END
GO

:Connect M-SQLA4\AOI4,1764
IF EXISTS(SELECT * FROM sys.server_event_sessions WHERE name='AlwaysOn_health')
BEGIN
ALTER EVENT SESSION [AlwaysOn_health] ON SERVER WITH (STARTUP_STATE=ON);
END
IF NOT EXISTS(SELECT * FROM sys.dm_xe_sessions WHERE name='AlwaysOn_health')
BEGIN
ALTER EVENT SESSION [AlwaysOn_health] ON SERVER STATE=START;
END
GO

You cannot execute this script from the Management Studio (the command “Connect” is not recognized). You have to use the “sqlcmd” utility.

For more information, see TechNet “sqlcmd How-to Topics“: https://technet.microsoft.com/en-us/library/hh213540.aspx

From the M-SQLA2 server, start a CMD and execute:

Check Endpoint creation, use script “SQL_Endpoint-Get-List.ps1”

.\SQL_Endpoint-Get-List.ps1 -SQLServer “M-SQLA2” -InstanceName “AOI2,1764”

From SQL, you can check the TCP Listener:

— Get TCP Listener list

SELECT * FROM sys.dm_tcp_listener_states;

Or via netstat:

2 – Create Availability Group

Network Configuration: So now we can configure the Endpoint URL on the replication network (same IP as the Endpoint):

–  ENDPOINT_URL = N’TCP://10.0.20.22:5022′) – for the Instance AOI2

–  ENDPOINT_URL = N’TCP://10.0.20.24:5022′) – for the Instance AOI4

AG Listener: The script create the listener with the DNS name and the VIP:

–  ADD LISTENER N’AAG-3L’ ( WITH IP ((N’10.0.1.43′, N’255.255.255.0′)), PORT=1764 )

Script “AAG-3SCOM-Creation-2-AG”:

--- YOU MUST EXECUTE THE FOLLOWING SCRIPT IN SQLCMD MODE.
-- CREATE AAG ----------------------------------------------------------
:Connect M-SQLA2\AOI2,1764
USE [master]
GO

CREATE AVAILABILITY GROUP [AAG-3SCOM]
WITH (AUTOMATED_BACKUP_PREFERENCE = SECONDARY)
FOR
REPLICA ON
N'M-SQLA2\AOI2' WITH (
ENDPOINT_URL = N'TCP://10.0.20.22:5022',
FAILOVER_MODE = AUTOMATIC,
AVAILABILITY_MODE = SYNCHRONOUS_COMMIT,
BACKUP_PRIORITY = 50,
SECONDARY_ROLE(ALLOW_CONNECTIONS = ALL)),
N'M-SQLA4\AOI4' WITH (
ENDPOINT_URL = N'TCP://10.0.20.24:5022',
FAILOVER_MODE = AUTOMATIC,
AVAILABILITY_MODE = SYNCHRONOUS_COMMIT,
BACKUP_PRIORITY = 50, SECONDARY_ROLE(ALLOW_CONNECTIONS = ALL));
GO

-- Create Listener -----------------------------------------------------
:Connect M-SQLA2\AOI2,1764
USE [master]
GO

ALTER AVAILABILITY GROUP [AAG-3SCOM]
ADD LISTENER N'AAG-3L' ( WITH IP ((N'10.0.1.43', N'255.255.255.0')), PORT=1764 );
GO

-- JOIN Other Instances ------------------------------------------------
:Connect M-SQLA4\AOI4,1764
ALTER AVAILABILITY GROUP [AAG-3SCOM] JOIN;
GO

From the M-SQLA2 server, start a CMD and execute:

Now from netstat we can see that instances communicate over the replication network (10.0.20.0):

Check the Availability Group status from the Dashboard:

Status if failed because there is no Database in the AG:

Create Availability Group: AAG-4SCOM

Now we have to create the last AG:

This AAG will host the SCOM “OperationsManagerDW” database.

Instance Endpoints are already created (previously with the AAG-3). So we just have to create the Availability Group.

Network Configuration: The same Endpoint URL as the AAG-3 will be used:

–  ENDPOINT_URL = N’TCP://10.0.20.22:5022′) – for the Instance AOI2
–  ENDPOINT_URL = N’TCP://10.0.20.24:5022′) – for the Instance AOI4

AG Listener IP: 10.0.1.44

–  ADD LISTENER N’AAG-3L’ ( WITH IP ((N’10.0.1.44′, N’255.255.255.0′)), PORT=1764 );

Script “AAG-4SCOM-Creation-1-AG”:

-- CREATE AAG ----------------------------------------------------------
:Connect M-SQLA4\AOI4,1764
USE [master]
GO

CREATE AVAILABILITY GROUP [AAG-4SCOM]
WITH (AUTOMATED_BACKUP_PREFERENCE = SECONDARY)
FOR REPLICA ON
N'M-SQLA4\AOI4' WITH (
  ENDPOINT_URL = N'TCP://10.0.20.24:5022',
  FAILOVER_MODE = AUTOMATIC,
  AVAILABILITY_MODE = SYNCHRONOUS_COMMIT,
  BACKUP_PRIORITY = 50,
  SECONDARY_ROLE(ALLOW_CONNECTIONS = ALL)),
N'M-SQLA2\AOI2' WITH (
  ENDPOINT_URL = N'TCP://10.0.20.22:5022',
  FAILOVER_MODE = AUTOMATIC,
  AVAILABILITY_MODE = SYNCHRONOUS_COMMIT,
  BACKUP_PRIORITY = 50, SECONDARY_ROLE(ALLOW_CONNECTIONS = ALL));
GO

-- Create Listener -----------------------------------------------------
:Connect M-SQLA4\AOI4,1764
USE [master]
GO
ALTER AVAILABILITY GROUP [AAG-4SCOM]
ADD LISTENER N'AAG-4L' ( WITH IP ((N'10.0.1.44', N'255.255.255.0')), PORT=1764 );
GO

-- JOIN Other Instances ------------------------------------------------
:Connect M-SQLA2\AOI2,1764
ALTER AVAILABILITY GROUP [AAG-4SCOM] JOIN;
GO

From the M-SQLA2 server, start a CMD and execute:

Now the configuration is done, we can use the AAG.

Next PART: Installation of SCOM with AlwaysOn Availability Groups.

The post AlwaysOn Part 7 – AAG with dedicated Replication Network appeared first on Tech-Coffee.

• Article Summary
• Part 1 – AlwaysOn Introduction
• Part 2 – AlwaysOn Design
• Part 3 – Install and Configure Windows Server 2012 R2 in Core mode
• Part 4 – WSFC Cluster Creation
• Part 5 – Install SQL Core on Windows Core Server
• Part 6 – AlwaysOn Availability Groups Creation
• Part 7 – AlwaysOn Availability Groups Creation (Advanced, with dedicated Replication Network)
• Part 8 – Methods to add Database on Availability Groups (SCOM Example)
• Part 9 – AlwaysOn Availability Groups – PowerShell Monitoring
• ANNEX (Part 6/7) – Manage SQL Endpoint

Now the next step is to create and configure the first Availability Groups.

There are three methods to do this:

• –  with Wizard (through Management Studio)
  
• –  with PowerShell
  
• –  with Transact-SQL
  

I will use the Wizard to create the first two groups (this permit to create also the Transact-SQL scripts that we can reuse later).

Prepare a Database

For reminder, the first availability group will be named “AAG-1” and replica will be host on instance:

• –  M-SQLA1\AOI1
  
• –  M-SQLA3\AOI3
  

For test I use the Microsoft Adventure Works Database sample. Download “AdventureWorks2012 Data File” (around 200Mb) from: https://msftdbprodsamples.codeplex.com/releases/view/55330

Copy Database file to: G:\MSSQL\AOREPLICA\MSSQL\Data.

I rename it to “AdvWorks1” (I will use same mdf for other tests DB)

Add database to first instance (M-SQLA1\AOI1):

There is only MDF file. So in order to build a new log file, use the ATTACH_REBUILD_LOG option when attaching the databases.

USE [master]
GO

CREATE DATABASE [AdvWorks1]
ON (FILENAME = N'G:\MSSQL\AOREPLICA\Data\AdvWorks1.mdf')
FOR ATTACH_REBUILD_LOG
GO

SELECT
DB_NAME(database_id)  AS "Database Name",
type_desc             AS "File Type",
name                  AS "Logical File Name",
physical_name         AS "Physical File",
state_desc            AS "State"
FROM sys.master_files WHERE database_id IN (DB_ID('AdvWorks1'));

Check Backup mode of DB:

Another prerequisite is that you have to do at least 1 full backup of each database that will be part of your AG:

# Make a Full Backup
$db = "AdvWorks1"
Backup-SqlDatabase -ServerInstance "M-SQLA1\AOI1" -Database $db -BackupAction Database -BackupFile "G:\MSSQL\MSSQL11.AOI1\MSSQL\Backup\$($db).bak"

Or from SQL:

-- Make a Full Backup
USE master
GO
BACKUP DATABASE AdvWorks1 TO DISK = 'G:\MSSQL\MSSQL11.AOI1\MSSQL\Backup\AdvWorks1.bak'
GO

So now Database is ready with a full backup.

Mirroring Endpoints – Note

The first step is to create one Mirroring Endpoint per Instance.

For reminder, I have prepared a dedicate network for SQL Instances Communications: VLAN Replication. For tests I will configure two instances “AOI2” and “AOI4” to use this Network and the two other to the default network (Public):

Explications:

By default the Wizard create automatically a Mirroring Endpoint for each Instance (The Endpoint configuration doesn’t contains any Network parameter) and configure the Replica Endpoint URL with the server FQDN. Example: TCP://M-SQLA1.lab1.ad:5022.

With this configuration the Instance communication will be done over the “Public” Network”

This part will be done for the AAG-1 and the AAG-2 (Instance AOI1 and AOI3).

To configure instance for communicate over the Replication Network, we have to create the Endpoint and specify an IP address of the replication network for each instance and configure the Endpoint URL with this IP for each Replica.

This part will be done for the AAG-3 and the AAG-4 (Instance AOI2 and AOI4).

For reminder, there is only one Endpoint per Instance (can be used for multiple Availability Group).

Create AAG-1 (Instance AOI1 & AOI3)

Ok, now I create the first AAG (DBTest01 is the AdvWorks1 database added before)

Schema: AlwaysOn Availability Groups – AAG 1

From M-SQLA1, start Management Studio, connect to instance AOI1.

Right-click on “Availability Group” and select “New Availability Group Wizard”:

Specify the AAG name (this will be the WSFC Resource Group name):

Select the DB:

Select “Add replica”

Connect to the AOI3 instance:

Enable “Automatic Failover” (Synchronous Commit must be enabled) and configure the “Readable Secondary Option” (For more information about parameters see chapter “Availability Replicas Configuration” in “Part 2 – AlwaysOn – Lab Design“)

Configure Endpoints (Default URL = Server FQDN => Communication on the Public network):

Configure “Backup Preferences” (this is the default option):

Create the Listener:

(When you configure later applications to host their Databases in the AAG you have to specify this Listener DNS Name and the Port, this is the only information known by applications).

Note: The Listener VCO and DNS record must be prestage (see chapter “Prestage – Availability Group Listener” in article “Part 6 – Create AAG“)

Select “Full” for the initial data synchronizatrion:

Note: If the default Database paths (file and log) are not the same on all instances, the Full mode will not work.

For more information see paragraph “Note for Databases/Logs path on AAG” in the chapter “Storage” on “Part 2 – AlwaysOn – Lab Design”

More information on Data Synchronization Page:

Select Initial Data Synchronization Page (AlwaysOn Availability Group Wizards)

https://msdn.microsoft.com/en-us/library/hh231021.aspx

Manually Prepare a Secondary Database for an Availability Group (SQL Server)

https://msdn.microsoft.com/en-us/library/ff878349.aspx

Click on “Script” and save it and start the creation:

Check AAG

Now you can start the Dashboard to check the Status of AAG:

Note: Requires Permissions to use Dashboard:

• –  CONNECT
• –  VIEW SERVER STATE
• –  VIEW ANY DEFINITION

And via the WSFC Console, you can show the availability group resource group status:

Note: Normally you should not use the WSFC Console to administer AlwaysOn Availability Groups. Everything (failover …) must be done via the Dashboard, Transact-SQL or PowerShell. The WSFC Console provides a view of the cluster state.

Create AAG-2 (Instance AOI1 & AOI3)

So now I will create the second Availability Group (on the same node as AAG-1).

At the end, there will be an active database on each instance with a replica on each other side. So the loss of an instance will be supported.

Schema: AlwaysOn Availability Groups – AAG 2

From Instance M-SQLA3\AOI3

Create a test DB with one table:

-- CREATE DATABASE DBTestAOI3 --------------------------------------------------------------
USE master;
GO
CREATE DATABASE DBTestAOI3
ON
( NAME = DBTestAOI3_Data,
FILENAME = 'G:\MSSQL\AOREPLICA\Data\DBTestAOI3.mdf',
SIZE = 10MB,
MAXSIZE = 500MB,
FILEGROWTH = 1MB )
LOG ON
( NAME = DBTestAOI3_Log,
FILENAME = 'L:\MSSQL\AOREPLICA\Log\DBTestAOI3_log.ldf',
SIZE = 5MB,
MAXSIZE = 25MB,
FILEGROWTH = 5MB ) ;
GO

USE DBTestAOI3
GO

CREATE TABLE Servers (SrvID int IDENTITY (100,1) PRIMARY KEY, Name nvarchar (50))
GO
-- Populate Table
INSERT INTO Servers ([Name]) VALUES ('ServerAOI3-01')
INSERT INTO Servers ([Name]) VALUES ('ServerAOI3-02')
INSERT INTO Servers ([Name]) VALUES ('ServerAOI3-03')
GO

select * from servers

Do a full backup:

-- MAKE A FULL BACKUP -----------------------------------------------------------------------
USE master
GO
BACKUP DATABASE DBTestAOI3 TO DISK = 'G:\MSSQL\MSSQL11.AOI3\MSSQL\Backup\DBTestAOI3.bak'
GO

Create the AAG-2

Enter AAG name:

Select the database:

Add the replica M-SQLA1\AOI1

Note that you cannot change the name or port of Endpoints (there was previously created with the first AAG):

Configure Backup Preferences:

Configure the Listener:

Select Initial synchronization option:

Start the Availability Grou pcreation :

So now, the two AAG are created:

Network Note:

We can see that the Instances communications are established on the Public Network (10.0.1.0), this is due to the endpoints configuration:

Share Note:

The network share specify in the “Initial synchronization” page contains backup of Databases added to the AG. These backups can be removed, there are used only for the initial replica creation.

The post AlwaysOn Availability Groups Creation appeared first on Tech-Coffee.

In Part 1, SCCM Prerequisites have been downloaded and the AD schema has been extended.

In Part 2, the dedicated SQL Server (with SSRS) has been installed and configured.

Server: M-SCCM1 

Article Parts:

• Part 1: SCCM 2012 R2 Environment Preparation / Requirements
• Part 2: SCCM 2012 R2 SQL Server Installation-Configuration
• Part 3: SCCM 2012 R2 Primary Site Installation

SCCM Primary Site Server – Installation

Components required

Storage Requirement

Service Accounts

• Create accounts and groups

• Add your account to the SCCMAdmins group
• Add SCCMAdmins group to Local Administrators of M-SCCM1 server

Account: svc-confmgrlocaladm

This account is needed if you deploy SCCM client by using the client push installation method.

The Client Push Installation Account is used to connect to computers and install the Configuration Manager client software. This account must be a member of the local Administrators group on the computers where the Configuration Manager client software is to be installed. This account does not require Domain Admin rights. You can specify one or more Client Push Installation Accounts, which Configuration Manager tries in turn until one succeeds.

Account: svc-sccmnaa

This account (Network access account)is needed during OS deployment in WinPE to access content on the network which is referenced by the task sequence. This account might also be used during operating system deployment when the computer installing the operating system does not yet have a computer account on the domain.

I will configure it later.

Account: svc-sccmjd

This account will be used for join computer to domain during a deployment. To do that, this account required AD permission:

On the “Join to Domain” task, you can specify the OU where you want to add the computer. So you have to Delegate Control on each OU that you want to use.

Right-click on the OU and select “Delegate Control…”

Add the account:

Select “Create a custom task to delegate”:

Select these options:

Select these permissions:

For more information about SCCM accounts, see TechNet article “Technical Reference for Accounts Used in Configuration Manager“: https://technet.microsoft.com/en-us/library/hh427337.aspx

Prerequisites

Windows Features

From PowerShell:

Add-WindowsFeature Web-Windows-Auth,Web-ISAPI-Ext,Web-Metabase,Web-WMI,RDC,NET-Framework-Features,Web-Asp-Net,Web-Asp-Net45,
NET-HTTP-Activation,NET-Non-HTTP-Activ,Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,
Web-Http-Redirect,Web-App-Dev,Web-Net-Ext,Web-Net-Ext45,Web-ISAPI-Filter,Web-Health,Web-Http-Logging,Web-Log-Libraries,
Web-Request-Monitor,Web-HTTP-Tracing,Web-Security,Web-Filtering,Web-Performance,Web-Stat-Compression,Web-Mgmt-Console,
Web-Scripting-Tools,Web-Mgmt-Compat
-Restart –Source V:\sources\sxs

Register ASP.NET with IIS.  Open an elevated command prompt and enter:

C:\Windows\Microsoft.NET\Framework64\v4.0.30319>aspnet_regiis.exe –r

Install ADK 8.1

Mount ISO previously created.

Launch “adksetup” and install these three features:

Note for automated installation: Command to do a silent install

Size Installed: around 1.7 GB

Install SCCM Primary Site

OK, now we can install the Primary Site. On M-SCCM1 VM mount two DVD drives:

• One with the SCCM 2012R2 ISO
• One with the SCCM Prerequisites ISO (create during Preparation)

Launch the Installer and select “Install”

Leave the default option:

Enter your Key (or choose 180 days evaluation):

Accept all Licenses, these components will be installed (except SQL Server 2012 Express, I already installed a SQL Server):

Specify path to files downloaded previously (Prerequisites ISO mounted on DVD):

Select Language:

Enter Information (Site Code, name) and change path:

Select “Install the primary site as stand-alone”

If needed, it’s possible to install later a CAS Server:

Enter SQL information (note that we cannot specify an Instance port, so the SQL Browser service must be enabled):

(*) on remote SQL server, special firewall rules must be created (in addition to standard SQL rules). See “Part 2 – SQL Server Installation” for more information.

Specify Database files path:

SMS Provider:

Configure Communication:

We will configure HTTPS later

Now we specify that the server will host a “Management Point” and a “Distribution Point”:

Start the installation :

Installation Done:

Install Trace Log Tool

SCCM logs are store in: D:\Program Files\Microsoft Configuration Manager\Logs

A Log viewer tool name “Trace Log Tool” is available on the SCCM DVD.

Go to the DVD drive (x:\SMSSETUP\TOOLS) and copy CMTrace.exe to the server.

Now you can open SCCM logs:

Next

The next step is to configure the Primary Site and SCCM roles:

• Part 4: SCCM 2012 R2Primary Site Configuration

In addition, Firewall must be configured to allow clients / other SCCM Servers communication. See the article:

• ANNEX – SCCM 2012 R2 Configure Firewall

The post SCCM 2012 R2 Primary Site Installation appeared first on Tech-Coffee.

SQL server will be installed on a dedicated server. (If SQL server is installed on the same server as the SCCM Primary Site, some steps are not necessary)

Server: M-SQL1

Article Parts:

• Part 1: SCCM 2012 R2 Environment Preparation / Requirements
• Part 2: SCCM 2012 R2 SQL Server Installation-Configuration
• Part 3: SCCM 2012 R2 Primary Site Installation

Preparation

Components required

Storage Requirement

Note [Production]:

• Disk Sizes are for a Lab environment.
  
• For Production it is recommended to add:
  
  • 1x “BIN” disk for “SQL Server”, “System DB” and “Reporting Service” data.
    
  • 1x “TEMPDB” disk for TempDB Database and Log.
    

Service Accounts

• Create accounts and groups
  

Note [Production]: You can use MSA accounts for Database Engine and Agent Services

• Add your account to the SCCMSQLAdmins group
  
• Add SCCMSQLAdmins group to Local Administrators of M-SQL1 server
  

Prerequisites

Remote Registry:

Check if “Remote Registry” service is set to Automatic startup and started (*):

(*) required by SCCM if SQL is installed on a remote Server.

Install .NET 3.5 features:

Install-WindowsFeature NET-Framework-Core -Source V:\sources\sxs

Download the last Cummulative update for SQL Server: https://support.microsoft.com/kb/2772858/en-us Copy it on the SQL Server (e:\CU)

SQL Server – Installation

Launch a CMD (as Administrator), start setup from DVD drive (with CU included):

Select “SQL Server Feature Installation”:

Select features:

Select “Named instance” and enter a Name:

Note: You can add a “BIN” disk for instance root directory.

Required space:

Enter services account and configure Startup Type:

For security reason, it’s not recommended to enable Browser Service (but it’s required with SCCM if you want to change the instance port, see “SQL Design Note /Requirement” chapter)

Select collation: SQL_Latin1_General_CP1_CI_AS

Configure your Security option (it’s recommended to keep the “sa” account as a lifeboat account, but you have to rename it):

Enter your path:

On the SSRS page, select “Install and configure”:

Start the installation:

Check SSRS configuration

You can check Reporting DB creation:

From « Reporting Configuration Manager », service account:

Web Service Configuration:

Test it:

Report Manager URL Configuration:

Test it:

Status must be “Joined”:

SQL Configuration

Configure Instance Port

Use Script: SQL_Set-Instance-Port.ps1

Start a PowerShell console (as Administrator) and run:

SQL_Set-Instance-Port.ps1 -SQLInstance <instancename> – StaticPort <yourport>

Check Configuration:

Use Script: SQL_Get-Instance-Network.ps1

Note: “TcpDynamicPorts” column must be empty (if there is a 0, you have to remove it)

Restart instance and check services:

Set SPN

To use Kerberos authentication (in place of NTLM), a SPN must be created. Register SPN for the SQL Domain Service Account:

Check:

TIPS: Check Authentication mode from SQL:

SELECT net_transport, auth_scheme
FROM sys.dm_exec_connections
WHERE session_id = @@SPID;

-- Example to check SCCM connection:
SELECT session_id, net_transport, auth_scheme,encrypt_option, client_net_address,
client_tcp_port, local_tcp_port
FROM sys.dm_exec_connections
WHERE client_net_address = '10.0.1.10'

Configure Firewall

Use Script: FW_Create-SQLRules.ps1

This script creates incoming rules for SQL Instance, SQL Browser and SQL Broker services.

Edit the script and change the Instance port (1640 in this example).

NOTE for SCCM Installation:

These rules are not sufficient to install SCCM. The setup will fail to join the Remote SQL Server. It is also necessary to open additional Ports:

Use Script: FW_Create-SQLRules-AdditionalSCCM.ps1

Note: These ports are required only for installation, so you have two options:

• Disable SQL Server firewall during SCCM installation
  

• Open ports with the script bellow, install SCCM and disable rules after.
  

Configure rights for SCCM Server on SQL Server

This Step must be done if SQL Server is installed on a Remote Server.

The SCCM server computer account needs “sysadmin” rights on the SQL Server

On SQL Server, it’s impossible to add a computer accounts as logins. So the solution is to create a group with the SCCM computer account and add SQL rights to this group.

On the SQL Server, create a local group “SCCMServers” and add the SCCM Server account:

From Management Studio, create a new login with this group and add “sysadmin” right.

Select the local group created before:

Give the “sysadmin” Server role:

Close Management Studio.

Administrators Right:

Add the SCCM Server computer account to the local “Administrators” group on the SQL Server:

Else there is a failed during install checks:

The post SCCM 2012 R2 SQL Server Installation-Configuration appeared first on Tech-Coffee.

• One server for SQL and Reporting services
  
• One server for SCCM Primary Site
  
• One server for a secondary SCCM Management and Deployment Point (it will be used later for SUP roles and Application Catalog).
  

All servers are installed with Windows Server 2012 R2.

This article not covers a SCCM CAS (Central Administration Site) Server deployment (need if you plan to deploy multiple Primary Sites).

Article Parts:

• Part 1: SCCM 2012 R2 Environment Preparation / Requirements
• Part 2: SCCM 2012 R2 SQL Server Installation-Configuration
• Part 3: SCCM 2012 R2 Primary Site Installation

SCCM 2012 R2 – Design Guide

This part is not cover in this article. For more information see TechNet:

• Fundamentals of Configuration Manager
  https://technet.microsoft.com/en-us/library/gg682106.aspx
  

• Planning for Configuration Manager Sites and Hierarchy
  https://technet.microsoft.com/en-us/library/gg682075.aspx
  

• Site and Site System Role Scalability
  https://technet.microsoft.com/en-us/library/gg682077.aspx#BKMK_SiteAndRoleScale
  

SQL – Design Guide

There are a lot of constraints for SQL on a SCCM environment.

High Availability:

• Configuration not supported:
  

• Configuration supported:

SQL Database Engine:

For Secondary Site:

Configuration:

TCP Port (Instance):

I’m currently testing to force the TCP port in the “SQL Server Native client” configuration, SCCM server can connect to the database but I have not tested whether there were other impacts (in addition, if it works, I’m not sure it is supported by Microsoft..). The solution of the alias is not working.

TCP Port (Broker):

SQL Server Memory:

SCCM Reporting Service Point (SSRS Instance):

Components Requirements

Notes: Internet Information Services (IIS)

SCCM Site Systems roles which require IIS:

• Application Catalog web service point
• Application Catalog website point
• Distribution point
• Enrollment point
• Enrollment proxy point
• Fallback status point
• Management point
• Software update point

Note: IIS must be enabled before SCCM Components installation

Components

(*) On a Deployment Point, WDS feature is automatically installed when PXE option is enabled. But if you want to specify a custom path for “RemoteInstall” folder you have to install and configure feature before enabling PXE.

Preparation

Sources needed:

• ISO – WS2012 R2 Standard or Enterprise
  
• ISO – SQL Server 2012 Enterprise with SP1
  
• ISO – SCCM 2012 R2
  
• FILES – SQL Server 2012 SP1 Update(s) (Actually CU7)
  
• FILES – ADK 8.1 (download offline files)
  
• FILES – SCCM Prerequisite files (see below)
  

Download SCCM Prerequisites

From a computer (x64) with Internet Connection:

• Navigate to SCCM 2012 R2 ISO source: .\smssetup\bin\X64
• Run SetupDL.exe <targetdir> (Example SetupDL.exe E:\CM2012PR)
  

This download .Net 4.0, SQL Express (not needed but you can skip this step), etc…

Build an ISO with this source and copy it on Hyper-V/SCVMM.

Download ADK Prerequisites

Download “adksetup.exe” file:

Windows Assessment and Deployment Kit (Windows ADK) for Windows 8.1 Update – https://www.microsoft.com/en-us/download/details.aspx?id=39982

For more information about ADK tools, see TechNet article – “Windows Deployment Tools Technical Reference“: https://technet.microsoft.com/en-us/library/hh825039.aspx

Select “Download the Windows Assessment….” and specify a path

Build an ISO with the sources:

Extend Active Directory Schema for SCCM

Extend the AD schema is not mandatory for SCCM. However it facilitates client administration, especially for the following points (TechNet extract):

For more information, see TechNet article “Determine Whether to Extend the Active Directory Schema for Configuration Manager” – https://technet.microsoft.com/en-us/library/gg712272.aspx

Four actions are required to successfully enable Configuration Manager Clients to query AD DS to locate site resources:

• Extend the Active Directory schema.
• Create the System Management container.
• Set security permissions on the System Management container.
• Enable Active Directory publishing for the Configuration Manager site

For more information, see TechNet article “Prepare the Windows Environment for Configuration Manager” – https://technet.microsoft.com/en-us/library/gg712264.aspx#BKMK_PrepAD

Note about previous versions:

The SCCM 2012 R2 AD Schema Extensions are the same as SCCM 2007, 2012 or 2012 SP1. So if you have already extended the schema for a previous mentioned above, you do not have to extend it again to install SCCM 2012 R2.

Extend the Active Directory schema

Create a checkpoint of your Domain Controller (I have only one DC):

Logon a server with an account that is a member of “Schema Admins” security group.

From SCCM ISO run .\SMSSETUP\BIN\X64\extadsch.exe

Check schema extension result, open extadsch.log located in the root of the system drive.

Create the System Management Container

Configuration Manager does not automatically create the System Management container in Active Directory Domain Services when the schema is extended. The container must be created one time for each domain that includes a Configuration Manager primary site server or secondary site server that publishes site information to Active Directory Domain Services

Start ADSI Edit, go to the “System” containter and create a new Object:

Select “container”:

Enter “System Management”:

Set Security Permissions on the System Management Container

Open properties of the container “System Management” created previously.

In the “Security” tab, add the site server computer account and Grant the “Full Control” permissions.

Click Advanced, select the site server’s computer account, and then click Edit.

In the “Applies to” list, select “This object and all descendant objects“.

Click OK and close the ADSIEdit console.

The post SCCM 2012 R2 Environment Preparation Requirements appeared first on Tech-Coffee.