Dell Hybrid Cloud System for Microsoft Cloud Platform System Standard Version 1.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Copyright © 2018 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents 1 Overview........................................................................................................................................................ 7 What is installed for Dell Hybrid Cloud System for Microsoft.......................................................................................7 On-premises software.................................................................................................................................................
Updating to a Security Token Service and re-establishing trust...........................................................................41 How to open the management portal for administrators......................................................................................43 How to open the management portal for tenants................................................................................................. 43 Offering services to tenants.........................................................
Service accounts.......................................................................................................................................................115 Groups........................................................................................................................................................................ 117 Resetting service account passwords..........................................................................................................................
SQL Server cluster................................................................................................................................................... 162 Get infrastructure VM names and addresses............................................................................................................. 163 Appendix D Ports and protocols....................................................................................................................
1 Overview Dell Hybrid Cloud System for Microsoft CPS Standard™, referred to in this guide as Dell Hybrid Cloud System for Microsoft, is an infrastructure-as-a-service (IaaS) solution that allows you to quickly get a hybrid cloud solution up and running in your data center. Built on the Dell hardware, and a foundation of Windows Server 2012 R2 and System Center 2012 R2, Dell Hybrid Cloud System for Microsoft allows you to easily extend your solution to Microsoft Azure.
Microsoft-provided software Table 1. Microsoft software Product/Software Name Purpose TechNet Library Reference Windows Server 2012 R2 Datacenter Edition The operating system on all physical hosts and VMs. Windows Server 2012 R2 System Center Virtual Machine Manager (VMM) 2012 R2 Use to manage the virtualization hosts, networking, and storage resources. Virtual Machine Manager System Center Operations Manager (SCOM) 2012 R2 Use to monitor the infrastructure.
Product/Software Name Storage Enclosure CLI (SECLI) BMC Utility OpenManage Deployment Toolkit Purpose More Information • Staged on local disk; see Dell Storage Enclosure Administrator’s Guide • Updates the Dell PowerVault MD storage enclosure firmware Monitors the modular disk (MD) • • Sets firmware Debugs (mostly BMC/iDRAC) • • Staged on local disk; see Dell Open Manage Sets firmware Deployment Toolkit Debugs (firmware beyond BMC/iDRAC) Staged on local disk: see Dell Storage Enclosure Administ
Storage cluster The storage cluster is a two- to four-node Scale-Out File Server (SOFS) that is connected to just a bunch of disks (JBOD) storage. The system uses Storage Spaces with an SOFS to provide shared storage in the form of SMB shares. These SMB shares are used by VMs to store their associated VHD (Virtual Hard Disk) files. All of these physical nodes run Windows Server 2012 R2 Datacenter edition (Server Core configuration). • The storage cluster is named SFS.
Table 4. Infrastructure VMs VM Name Role/Component Name CON01 Console VM VMM01 VMM Server (Also runs Windows Server Update Services (WSUS) and is the VMM library server.
Network configuration The default Dell Hybrid Cloud System for Microsoft network settings are configured during deployment. By default, there is one logical network that is named Infrastructure, with three IP address pools: • Management_Pool • Storage1_Pool • Storage2_Pool By default, there are three VM networks, Management, Storage1, and Storage2; all are associated with the Infrastructure logical network.
VMM library configuration The VMM library is a catalog of resources that provides access to file-based resources such as virtual hard disks (VHDs), ISO images, scripts, driver files, and application packages that are stored on library servers. It also provides access to non-file-based resources such as VM templates, service templates, and profiles that reside in the VMM database.
About Dell Hybrid Cloud System for Microsoft licensing License requirements for the Dell Hybrid Cloud System for Microsoft infrastructure You need the following licenses for your Dell Hybrid Cloud System for Microsoft installation. • For Windows Server 2012 R2, and for Microsoft System Center 2012 R2, you need either of the following: – A Microsoft volume license for Windows Server 2012 R2 Datacenter edition, and a Microsoft volume license for Microsoft System Center 2012 R2.
• Create a Key Distribution Services (KDS) root key that is used to generate group Managed Service Accounts (gMSA) • Block inheritance. To run the ADPreCreationTool.ps1 script, you must have domain administrator credentials. NOTE: Dell strongly recommends that you use the ADPreCreationTool.ps1 script. If you choose to skip running the script and do not have a KDS enabled, manually create a KDS root key and block inheritance before deployment. Create the KDS root key at least 10 hours before deployment.
Check Group Policy settings When the deployment process creates the Active Directory organizational unit (OU) for Dell Hybrid Cloud System for Microsoft, it blocks policy inheritance on the OU. If your domain has Group Policy Objects (GPOs) that are configured at a higher OU or domain level with the No Override option enabled, these policy settings apply to servers in the Dell Hybrid Cloud System for Microsoft stamp.
2 Administration This chapter contains detailed information about administrative tasks required for implementing Dell Hybrid Cloud System for Microsoft.
• Disable machine account password rotation • Deploy the Data Protection Manager (DPM) backup infrastructure • Ensure that the stamp has the latest approved updates • Configure VLANs on your physical network switches for tenant use • Review known issues for the current release. There are other steps, not part of the initial deployment, that you must complete as soon as possible to enable tenants to use the stamp. For example, you must configure management accounts and tenant VM networks.
Figure 2. Enter Product Key box If you do not see this box, you have a valid retail license key and can skip the rest of this procedure. What to do if you enter an incorrect product license key If you specified an incorrect System Center key during deployment, you must update VMM, Operations Manager, and Service Management Automation (SMA) to use a valid System Center product license key. Run all of the following procedures from an elevated Windows PowerShell session on the Console VM.
LicenseBy : SML UnitLabel : Server TabulationMethod : Unique ProductName LicenseType LicenseBy UnitLabel TabulationMethod : : : : : System Center Virtual Machine Manager 2012 Volume ManagementServer Server Unique ProductName LicenseType LicenseBy UnitLabel TabulationMethod : : : : : System Center Virtual Machine Manager 2012 Volume VOSE Server Unique To update Operations Manager Use these procedures to update Operations Manager if you specified an incorrect System Center key during deployment.
Host cluster refresh in VMM results in IP address error Host cluster refreshes in VMM that are performed on the Dell Hybrid Cloud System for Microsoft compute cluster (named CCL) produce Error 25112, as shown in the following section. Host cluster refreshes are performed automatically after certain operations in Dell Hybrid Cloud System for Microsoft.
Warning (26902) For a discovered virtual network adapter connected to virtual switch (Deployment) on host (KGC17A.lj04.lab), the VM network cannot be set to (Management). This is because the uplink is not configured to include network site (Management_0). Recommended Action Configure the physical network adapter of the virtual switch to include one or more of the appropriate network sites (logical network definitions), and refresh the host.
Also, in the \ProgramData\Microsoft Cloud Solutions\DeployDriver\Invoke-SiteRecoveryConfiguration.log, you may see this error: [Cloud 'Tenant Cloud' [ID: 'e4166c98-d1b9-4631-bb83-a8946d7821dd'] is not synced successfully with Azure. Check if SCVMMService is running. Wait for cloud to sync and run Azure Onboarding again.
\CurrentControlSet\Control\Session Manager\Memory Management' -Name PagingFiles -Value "?: \pagefile.sys 16384 16384"} # End - Long Line TIP: To find the host names, you can use the VMM console. Or, to find the host names in a cluster, you can run the following Windows PowerShell command, where is the name of the cluster, such as CCL and SCL: Get-ClusterNode -Cluster | Format-Table –Property Name 3 Restart each host for the setting to take effect.
Table 9. Wizard settings Wizard Page Instructions General Properties Run As account type: Select Basic Authentication. Display name: Enter the name AdvisorProxyRunAsAccount. 3 Credentials Enter the user name and password of the proxy server credentials. Distribution Security Accept the default setting. Onboard to Azure services again. Onboarding to Operational Insights completes successfully.
By default, Remote Desktop is enabled on the Console VM. To manage Windows Azure Pack, you can connect from a web browser on the Console VM. See How to open the management portal for administrators. Accounts to use for management To perform most administrative duties in Dell Hybrid Cloud System for Microsoft, you can add users or groups to the -OpsAdmins group in the Active Directory domain that you specified during deployment.
Management Tool Instructions 2 3 In the Connect to DPM Server dialog box, specify the DPM server name, for example: DPMA01.contoso.com. Click OK. Method 2: Use the Central Console 1 2 3 Windows Azure Pack management portal for administrators 1 2 Windows Azure Pack Management portal for tenants Microsoft Azure SQL Server Management Studio Open the Operations console. In the Monitoring workspace, expand System Center 2012 R2 Data Protection Manager > State Views, and then click DPM servers.
You must create VM networks for tenants so they can use and access network resources. All virtual machines must be connected to a VM network. To create tenant VM networks, you must use the Create-VMMTenantNetwork runbook. This runbook creates the VLAN-based logical networks and VM networks in VMM for tenant use. 1 Use the How to run runbooks procedure discussed in the preceding section to start the Create-VMMTenantNetwork runbook.
Input Parameter Description VlanId The VLAN ID to assign to the network. Configuring VLANs for tenant use For tenants to use and access network resources, you need to create VM networks in VMM. These VM networks must map to VLANs that exist in the physical network. Therefore, you must first configure VLANs on your physical network switches, based on management, application, or tenant requirements for isolation.
Enabling guest-specified IP addresses in VMM In VMM, you must enable guest-specified IP addresses for the Medium Bandwidth Adapter port profile. This is required for guest cluster creation because during cluster creation, an IP address must be assigned to the cluster. To do this, perform the following steps: 1 In the VMM console, open the Fabric workspace. 2 Expand Networking, and then click Port Profiles. 3 Double-click Medium Bandwidth Adapter, and then click Security Settings.
# Begin - Long Line 01 New-Volume -StoragePoolFriendlyName "StoragePool" -FriendlyName $VolumeFriendlyName -ResiliencySettingName "Mirror" ProvisioningType "Fixed" -StorageTiers $ssdTier,$hddTier -StorageTierSizes $SSDSize,$HDDSize -FileSystem NTFS PhysicalDiskRedundancy 1 -NumberOfColumns 2 -NumberOfDataCopies 2 # End - Long Line 01 #Begin - Long Line 02 $ClusterDiskName = (Get-ClusterResource | Where-Object {($_.
Figure 4. Connecting to VMM 4 Browse to Fabric > Storage > Providers > {Prefix}SCL. Figure 5. Provider information 5 Press Refresh. 6 Select File Servers and right-click on the new share to bring up Properties. NOTE: It may take a few seconds for the recently created file share to appear.
Figure 6. File Server shares 7 Check the box to let VMM manage the file share and set Classification to Primary Storage. Figure 7. Share properties 8 Register the share to the compute cluster. Expand the Servers, and right-click on the Compute Cluster to bring up its properties.
Figure 8. Registering the share 9 Then select File Share Storage, click Add, and select the new share. Figure 9. Adding the file share 10 The new File Share is made available for VM deployment on the Compute Cluster within a few minutes.
Figure 10. New file share storage available Using Windows Azure Pack With Windows Azure Pack, you can offer rich, self-service cloud IaaS services. With the Dell Hybrid Cloud System for Microsoft solution, you can easily provision and offer virtual machines and VM roles for your users. All components needed for IaaS through the Virtual Machine Cloud resource provider are already installed, with the required integration already configured.
VM Name Purpose NOTE: This VM also runs SMA and SPF. APT01 Hosts the Windows Azure Pack tenant components. These include: • • • Management portal for tenants— A customizable self-service portal to provision, monitor, and manage services. In this portal, users sign up for services and create services, VMs, and databases. Tenant Public API— Enables tenants to manage and configure cloud services that are included in the plans that they subscribe to.
NOTE: Dell recommends that you set up tenant access isolation before you replace self-signed certificates and configure AD FS, or another security token service. In the process of setting up tenant portal access on an isolated network, you change the fully qualified domain name (FQDN) of the tenant portal in the tenant portal settings. It is best to make the change first, before you undertake the other procedures.
Figure 11. Isolated tenant portal network configuration Here are the network requirements for this configuration: 1 Tenant access network as a separate VLAN. You must create a tenant access network as a separate VLAN, for example, VLAN 110, tagged to all ports of the network switches where DHCS servers are connected. 2 A DNS server that tenants use for name resolution.
4 The local routing table of the tenant portal VM must have required routes. There is no requirement for the tenant access network to route to the management network. However, you must configure the local routing table of the tenant portal VM to correctly route traffic to both the tenant access network and the management network, and to domain controllers for the internal domain (for example, contoso.local) that may be on different networks routable to the management network.
$pdb = 'Microsoft.MgmtSvc.PortalConfigStore' $mdb = 'Microsoft.MgmtSvc.Store' $pcs = "Data Source=$sql; Initial Catalog=$pdb; Integrated Security=True" $mcs = "Data Source=$sql; Initial Catalog=$mdb; Integrated Security=True" $mdeip = "https://$fqdn`:30081/FederationMetadata/2007‑06/FederationMetadata.xml" $mderp = "https://$fqdn`:30071/FederationMetadata/2007‑06/FederationMetadata.
• You can stop the website and close the firewall port. This option enables you to easily re-enable the site at any time if needed for troubleshooting. • You can completely remove the site components from the VM. This includes the Windows Installer Package (.msi file) and the entries from the Operations Manager management pack. This option helps to increase security by reducing the attack surface.
• Federated Identities to Windows Azure Pack through AD FS – Part 1 of 3 • Federated Identities to Windows Azure Pack through AD FS – Part 2 of 3 For additional information, see Configure Active Directory Federation Services for Windows Azure Pack and AD FS 2.0 Cmdlets in Windows PowerShell in the TechNet Library. 2 Configure the tenant authentication site to trust AD FS. Connect to the tenant portal VM (-APT01), open a Windows PowerShell session, and run the following script.
proxytrustid"", Issuer =~ ""^SELF AUTHORITY$"" ] => issue(store=""_ProxyCredentialStore"",types=(""http://schemas.microsoft.com/authorization/ claims/permit""),query=""isProxyTrustProvisioned({0})"", param=c.Value );") Add-AdfsRelyingPartyTrust ` -Enabled $true ` -Name "$tenantRelyingPartyName" ` -MetadataUrl "$tenantRelyingPartyMetadataEndpoint" ` -EnableJWT $true ` -AllowedClientTypes None ` -ClaimsProviderName @($identityProviderName) ` -IssuanceTransformRules ([System.
As an administrator, you must do the following to offer services to tenants: 1 Create resources that you want to offer to tenants, such as VM roles. This typically involves creating artifacts such as VHDs in the tenant share of the VMM library, configuring Gallery items, and configuring the management portal for administrators to offer the service. 2 Create plans (with quotas) and add-ons to bundle the services that you want to offer as a subscription. 3 Make plans private or public as needed.
PAGE 464 Enter your email address, specify a password, and then click Sign up. NOTE: If you have not yet changed the authentication method for the Windows Azure Pack management portal for tenants, you can sign in by using any email account. After you change the authentication method, you must use an account from a federated domain. 5 Under New, click My account, and then click Add subscription. 6 By default, TenantPlan is listed. Click the checkmark to subscribe to the plan.
Figure 13. IP addresses Required settings if you want to create your own VM templates If you create your own VM templates in VMM, be aware that the following settings are required for Azure Site Recovery to work correctly. NOTE: You can open the Create VM Template Wizard from the Library workspace in the VMM console. Under Templates, rightclick VM Templates, and then click Create VM Template.
Click a user name to see the subscriptions for a tenant. On this page, you can do the following: • Add subscriptions to an account. • Click a subscription name to get more details about the subscription, such as status and usage data. If you click a subscription, you see information similar to the following: Figure 14. Subscription details On this page you can: • Suspend, migrate, and delete subscriptions—You can manage each subscription separately.
5 Confirm the deletion. 6 The subscription, and the resources associated with the subscription, are deleted. Monitoring capacity To ensure high-availability for your plans and services and help keep your tenants productive, you need to monitor the performance of your resources. Dell Hybrid Cloud System for Microsoft uses Operations Manager and Operational Insights to monitor the health of your cloud infrastructure. See the Operations chapter of this guide for more information.
Configuring Remote Console access Remote Console provides tenants with the ability to access the console of their VMs in scenarios when other remote tools such as Remote Desktop are unavailable. Tenants can use Remote Console to access VMs when the VM is on an isolated network, an untrusted network, or across the Internet. The Remote Desktop Gateway (RD Gateway) component enables you to offer Remote Console to tenants who do not have direct network connectivity to the Hyper-V hosts.
With this configuration, VMs that are located on an on-premises Dell Hybrid Cloud System for Microsoft stamp replicate and fail over to Azure VMs. Replication and failover is orchestrated by Azure Site Recovery. Data is stored in an Azure storage account. Step 1 Onboard to Azure Site Recovery You can opt in to Azure Site Recovery only after Dell Hybrid Cloud System for Microsoft deployment has completed. Azure onboarding is not supported during initial deployment.
Figure 16. Proxy information 5 The Dell Hybrid Cloud System for Microsoft CPS Standard wizard appears. Click Configure Azure at the top of the page to start the Azure Onboarding process. Figure 17. DHCS wizard 6 Once the Microsoft server is reached, a window appears for Azure Login. Click Sign In.
Figure 18. Azure Log In A few different dialogs may appear, depending on the type of credentials provided. The sign-in dialog on your system may differ from the image that follows. 7 Follow the prompts to sign in to Azure. Microsoft validates the username twice so you may be prompted to re-enter your password. NOTE: It may take up to two minutes for the Sign in dialog to appear. Figure 19. Sign in to Azure The Azure Configuration page appears.
Figure 20. Azure Configuration 8 On the Azure Configuration page, select the subscription type and the Azure regions into which you want to configure Azure Site Recovery and Azure Operational Insights services. NOTE: The Microsoft Azure Site Recovery regions that the UI populates are an intersection of Azure Site Recovery, Compute, and Storage regions that are allowed for by the provided subscription.
Figure 22. Onboarding complete 11 Notice that the Summary opens, telling you that your deployment was successful. Figure 23. Deployment successful 12 The Restart window pops up and prompts you to restart the machine to finish deployment. Click Yes. Figure 24.
NOTE: If you deploy the DPM backup infrastructure, and then later onboard to Azure Site Recovery, you see the following error in the Microsoft Azure portal during the onboarding process. Protection couldn't be configured for cloud/site ''. (Error code: 10003) Provider error: The Microsoft Azure Recovery Services Agent isn't installed on the Hyper-V host server '' The agent isn't installed. Install the agent (https://go.microsoft.com/fwLink/?LinkID=399336) on the server.
NOTE: The runbook Invoke-AzureSiteRecoveryManageVmProtectionJob.ps1 detects subscriptions for plans or add-ons that have protection enabled, and then enables protection for VMs in those subscriptions. This happens automatically in accordance with master runbook scheduling. You do not need to take further action.
a b c d e f Under Source VMM, select the source VMM server (VMM01). Under Source network, select the virtual network on the VMM server that you want to map. Under Target, click Azure. Under Subscription, choose the appropriate subscription. Under Compute stack, click Resource Management. Under Target network, the service detects the VM networks on the target location and lists them. Choose the appropriate target network, as identified in Step 1 of this procedure, and then click OK. Figure 26.
Figure 27. Test failover commands f Under Azure virtual network, select the virtual network that you created in the first step of this procedure, and then click OK. Figure 28. Choosing the network g h This step triggers a job. To track the progress of the job triggered in the previous step, click Settings. Under Monitoring and reports, click Site Recovery jobs. Test failover creates an Azure IaaS virtual machine that corresponds to the VM on the VMM server.
Figure 29. Completing the test failover 2 Planned failover—Run for planned maintenance. Run a planned failover as follows: a b c d In the Azure portal, open Recovery Services vaults, and then click the name of the vault for the Dell Hybrid Cloud System for Microsoft deployment. In Settings, under Protected items, click Replicated items. Click the VM that you want to fail over, and then click Planned Failover. Verify the failover direction, and then click OK. Figure 30.
b c d Open Settings. Under Protected Items, click Replicated items. Click the VM you want to fail over, and then click Unplanned Failover. Verify the failover direction. If desired, select the Shut down the virtual machine check box. Click OK. e This step triggers a job. To track the progress of the job triggered in the previous step, click Settings. Then, under Monitoring and reports, click Site Recovery jobs.
3 Operations This chapter discusses how you can monitor system health using the Operations Manager. Topics: • Monitoring • Backup and recovery • Updating the Dell Hybrid Cloud System for Microsoft • Shutting down and starting up the stamp Monitoring By default, you can use Operations Manager to monitor the health of the system. Any member of the group -Ops-Admins can connect to the Operations console. If you opt in to Azure services, you can also use Operational Insights.
Using Operations Manager From the Monitoring workspace in Operations Manager, you can view the health of the Dell Hybrid Cloud System for Microsoft stamp and its components. Take time to familiarize yourself with what information is available in the various views and dashboards. For example, under Monitoring, you can click Active Alerts to view all active alerts. To view the health of the Dell Hybrid Cloud System for Microsoft stamp, the best place to look is the Microsoft Cloud Dashboard.
To drill down further and view specific alert details, or to access a list of tasks and views, double-click a tile. You can continue to double-click items to drill down further to view the health. For example: 1 If you double-click the Compute tile, you see a list of all compute nodes, and their overall health. 2 You can click one of the nodes, and run several tasks against the node from here.
The recommended response is to do the following: • Resolve rule-based alerts created or not modified since the incident. NOTE: Do not resolve rule-based alerts on physical disk storage enclosure failures. • Investigate remaining alerts and computers with a Critical or Warning health state. To resolve rule-based alerts, use the Operations Manager task Resolve Rule Generated Alerts: 1 In Operations Manager, open the Monitoring workspace.
Use the following steps to attach the existing DPM servers to Azure: 1 On the Console VM, log on as a member of the -Ops-Admins group. 2 At a command prompt, run the following commands to enable the default local Administrator account, and to make sure that the password is set correctly. For onboarding to Azure Backup, this account must have a specific password assigned.
Troubleshooting Set-DPMCloudSubscriptionSetting or Start-DPMCloudRegistration errors You may receive either of the following error messages when you run the BackupDeployDriver.ps1 script: • Set-DPMCloudSubscriptionSetting : The current operation failed due to an internal service error [0x38276]. Please retry the operation after sometime. (ID: 100066) • Start-DPMCloudRegistration : The service encountered an internal error. (ID: 130043) Retry the operation after some time.
Parameter Description NOTE: You must first create a PowerShell Credential asset in the management portal for administrators. In the portal, click Automation > Assets > Add Setting > Add Credential. Select PowerShell Credential, specify a name, and then enter a user name and password. 3 ProxyServerName Required only if proxy is enabled. The FQDN of the proxy server. ProxyServerPort Required only if proxy is enabled. The proxy server port. ReRegisterToAzure Set to Yes.
Figure 33. Online Protection enabled Default backup schedule and retention policy By default, all infrastructure components are protected by DPM with the following schedule: Table 17.
Table 19. DPM database DPM Server Name SQL Server Instance Name Database Name DMPO# MSDPMDB DPMDB_DPMO# NOTE: DPM is used to back up the system databases in the MSDPMDB instance. DPM protection groups The following table provides information about the default protection groups for the infrastructure components: Table 20. DPM protection groups Protection Group Data Sources InfraDBPG Instance level protection of all management infrastructure databases.
• That there is enough time for deduplication to complete deduplication of new data. • That there is enough time to complete tenant VM backups. Data deduplication runs on the local backup disks that are attached to the backup host. The data deduplication process reduces backup storage usage. There is a default schedule for data deduplication and for tenant backups.
Validate that the tenant VMs are protected After you run the Protect-TenantVMs runbook, you can view which DPM server will protect the tenant VM by using the VMM console. 1 In the VMM console, open the VMs and Services workspace. 2 On the Home tab of the ribbon, in the Show group, click VMs. 3 In the VMs list, locate the VM, and then view the information in the ProtectedByDPMServer column.
4 In the Recovery points pane do the following: a Under Recoverable Item, click the VM that you want to recover. Figure 34. Recoverable item b c d Click any date and time in the calendar to see available recovery points. Dates that show as bold have active recovery points. To minimize data loss, it is important to choose to recover from the latest possible recovery point. To select the recovery source, in the Recovery time list, select a recovery point that either indicates Disk or Online (from Azure).
Figure 35. Select Recovery Type 3 On the Specify Destination page, click Browse. Locate one of the Scale-Out File Server nodes, and then expand Volumes > C:\ > ClusterStorage. 4 Select any clustered volume that is mapped to a production share. Although not required, as a best practice, create a folder in the share on the SOFS that you can point to, such as a VM Recovery folder. The following graphic illustrates this folder: Figure 36.
d e Copy all the VHDs that you recovered earlier to the location you obtained in step 8a. If there are differencing disk VHDs, copy the VHDs with the correct folder hierarchy. For example, there is a child VHD at the following path: \\s20sfs.contoso.com\Share01\asd \DPM_9-15-2015_8.39.7\Recovered_At_9-15-2015_10.1.25\s20sfs-Share01-Vol\NewVM1\child.vhdx There is a parent VHD at the following path: \\s20sfs.contoso.com\Share01\asd \DPM_9-15-2015_8.39.7\Recovered_At_9-15-2015_10.1.25\s20sfs-Share01-Vol\Paren
10 After you recover a database, it must be synchronized by DPM. The Protection Status of this database is Replica Inconsistent until you synchronize it as follows: a b c In the DPM Administrator console, open the Protection workspace. Right-click the recovered database, and then click Perform consistency check. In the Microsoft System Center 2012 R2 Data Protection Manager dialog box click Yes to perform the consistency check.
6 When the job finishes, you can browse the protected online datasources. Select a datasource to see the available online recovery point. 7 Select a recovery point, and follow the usual recovery steps. 8 To return to the local DPM data view, click Clear external DPM. Recovering from management component failures This section describes how to recover from data failures of various management components in the Dell Hybrid Cloud System for Microsoft environment.
3 Restart the Operations Manager VM. 4 Detect and repair any data consistency issues by following the required steps in How to use data consistency runbooks. Recovering VMM VMM plays a key role in managing the hosts and VMs in the Dell Hybrid Cloud System for Microsoft environment. If you have exhausted all options trying to recover from application failure, you can use DPM to recover the VMM database to a previous point in time.
Recovering SMA SMA reduces an administrator’s burden by providing the ability to automate many manual tasks. If all options for recovery from application failures are exhausted, you can recover SMA data to restore functionality. Recovering the SMA database 1 From the VMM console, shut down the VM that is hosting SMA (APA01). 2 Use the steps in Recovering a database to its original location to recover the following SMA database. To minimize data loss, select the latest recovery point. Table 26.
Recovering Windows Azure Pack Windows Azure Pack provides the portals (and additional features) where application administrators and subscribers manage their resources. If all options to recover from Windows Azure Pack failures are exhausted, you can recover the Windows Azure Pack databases and VMs by using DPM. Recovering Windows Azure Pack databases 1 If any of the Windows Azure Pack databases fail, you must recover the database to a previous time stamp.
7 Validate that all nodes in the SQL Server cluster (SQL01 and SQL02) are up and running. 8 If the node is not attached to the cluster, then add the node to the SQL Server cluster. 9 Detect and repair any data consistency issues by following the required steps in How to use data consistency runbooks. Recovering a tenant VM By default, all tenant VMs that are deployed as VM roles are deployed with a single parent VHD, and therefore use a differencing disk.
} else { $VHDMap.Add($vhd.ParentDisk.ID , $vm.Name) } } } } if($VmsWithParentVHDs[$vmname]) { Write-Host "The VM has a parent VHD configuration." } else { Write-Host "The VM does not have a parent VHD configuration." } The script output indicates whether the VM has a parent VHD configuration. Recovering a VM with no parent VHD configuration To recover a VM with no parent VHD configuration, that is, a VM that uses a differencing disk, do the following.
Recover a tenant VM from Azure with a size bigger than staging area During recovery from Azure Backup, backup data from Azure Backup must be temporarily downloaded to a local staging area before it is recovered to the final recovery destination. By default, the staging area is located on the DPM server, at the path E:\StagingArea. By default, the E:\ volume is 2 TB in size.
Figure 40. Add initiator ID 3 Click Next, and follow the wizard to complete the VHD setup. Step 2 Add the iSCSI disk to the DPM server as a staging area 1 Log on to the DPM server and start the ISCSI initiator. In Server Manager, on the Tools menu, click iSCSI Initiator. When prompted to start the service, click Yes. 2 In the Target box, enter the name or IP address of the source server (that is, the server on which you created the iSCSI disk), click Quick Connect, and then click Done.
b c Click Online. On the ribbon, in the Online Protection group, click Configure. Figure 42. Configure Online Protection d On the Recovery Folder Settings page, point to the new volume (or folder on that volume) that you added. Figure 43. Recovery Folder Settings 5 Now recover the VM. 6 After you recover the VM, clean up the configuration. a b c Reconfigure the DPM staging area to point to the original location (E:\StagingArea).
Determining whether to recover or rebuild If you have trouble with a DPM server, you can either perform DPM recovery or you can rebuild the DPM server. Use the following steps to determine which method to choose. 1 Log on to the backup host (or browse through a network connection), and do the following: a b 2 Browse to H:\\Virtual Hard Disks. For each DPM VM, verify that there is a DPM0#-Scratch VHD file listed. On the Console VM, in the VMM console, check the DPM VM properties.
10.10.20.32 d If you are running version 1.
PAGE 89Figure 44. DomainJoined registry key 13 On the Console VM, still logged in as the local administrator, open an elevated Windows PowerShell session and run the following script: "C:\Program Files\Microsoft Cloud Solutions\DeployDriver\BackupDeployDriver\BackupDeployDriver.ps1" 14 If the DPM server backs up the infrastructure VMs, update the server map: a b c d 15 16 Log on to the APA VM—APA01. Open Windows PowerShell.
c d e 18 On the Console VM, in the VMM console, check the DPM VM properties. a b 19 On the DPM VM, open a command prompt with elevated permissions, and then run the DPMSync –sync command. This command restores the old database that has the backup disks added in the storage pool table, but the disks are offline or in an unusable state. In the DPM Administrator console, open the Management workspace, and then click Disks. Right-click each disk, and then click Remove.
Rebuilding a DPM server If you determine rebuilding the DPM server is required, do the following: 1 Remove the backup host from VMM. a b 2 In the VMM console, open the VMs and Services workspace. Under the All Hosts host group, remove the backup host on which the DPM VM resides. Remove the corrupted DPM server from Operations Manager. a b c Open the Operations Console. In the Administration workspace, expand Device Management > Agent Managed. Delete the agent on the corrupted DPM server.
For example: PAGE 93net user administrator /active:yes net user administrator 10 On the Console VM, still logged in as the local administrator, open an elevated Windows PowerShell session, and run the following script: "C:\Program Files\Microsoft Cloud Solutions\DeployDriver\BackupDeployDriver\BackupDeployDriver.ps1" 11 If the DPM server backs up the infrastructure VMs, update the server map. a b c d Log on to the APA VM—APA01. Start Windows PowerShell.
3 In the Disk Information for Virtual Machines pane, locate and expand the DPM server. If the VMs are not listed, on the Home tab of the ribbon, in the Show group, click VMs. 4 2 In the list of VHDs that are attached to the DPM server, determine the highest number that was assigned. For example, if the highest number is -Backup20.vhdx, the starting number for the new VHDs will be 21. Log on to the backup host on which DPM resides.
$VDDs = $DPMVM.hardDrives | where{$_.ControllerNumber -eq $Bus -and $_.ControllerType -eq "SCSI"} if($VDDs -ne $null) { $VHDsOnBus[$Bus] = $VDDs.Count } else { $VHDsOnBus[$Bus] = 0 } } #Add VHDs to VM foreach($VhdTobeAdded in $VhdsToBeAdded2VM) { #Find the bus with minimumm number of VHDs attached $Bus = ($VHDsOnBus.GetEnumerator() | Sort-Object -Property value)[0].
NOTE: The DPM Central Console is integrated with Operations Manager (and does not show up as a separate interface). It enables you (through the System Center 2012 R2 Data Protection Manager node) to monitor all DPM servers, and to take actions in response to alerts. For more information, see the following topics in the TechNet Library: • Monitor DPM (http://technet.microsoft.com/library/jj628024.aspx) • Manage multiple DPM servers with Central Console(http://technet.microsoft.com/library/jj860391.
Table 30. Data Consistency Runbooks Subsystem Detection and Recovery Child Runbooks Virtual Machine Provider Detection: Test-VmCloudsDataConsistency (VMProvider) Detects and reports inconsistencies between the Windows Azure Pack, SPF, and VMM database components, that is, objects associated with the VM Cloud Resource Provider.
g 2 3 Click Apply, click OK two times, and then click Close. Run the password reset script. After you restore any of the following databases, run the password reset script as described in How to run the MCPasswordReset script: • Operations Manager database • VMM database • SMA database • SPF database • Any of the Windows Azure Pack databases Run the database consistency runbooks. a b In the Windows Azure Pack management portal for administrators, run the Configure-DataConsistency runbook.
Troubleshooting data consistency issues There are some issues that the data consistency runbooks cannot automatically repair. This section provides troubleshooting steps that you can follow to try to resolve these issues. If troubleshooting steps are not listed or do not resolve the issue, contact support. Troubleshooting steps are organized by report categories. In addition, there is information about how to manually recover access to tenantcreated objects. Table 32.
Restoring access to a tenant-created virtual machine To restore a tenant's access to virtual network ($vmn), run the following commands, where is the name of the tenant's virtual network, and is the tenant's user account: $vmn = Get-SCVMNetwork –Name Set-SCVMNetwork -VMNetwork $vmn -UserRole $ur -Owner
• Windows Azure Pack • System Center • SQL Server • Dell software • Dell Deployment UI • Drivers and firmware updates for Dell Hardware If the package also includes firmware and driver updates, the framework installs the approved firmware and driver updates on the physical cluster nodes. IMPORTANT: Do NOT install Windows Server, Windows Azure Pack, System Center, and SQL Server updates by using any method other than the P&U framework.
Before you begin To perform a graceful shutdown of the Dell Hybrid Cloud System for Microsoft stamp you must follow this sequence: • The cluster names and IP addresses for the compute cluster, Scale-Out File Server (SOFS), and SQL Server guest cluster • Host names and IP addresses for the compute cluster, storage cluster, and SQL Server guest cluster • Infrastructure VM names and IP addresses.
Step 1 Stop any backups NOTE: Dell recommends that any infrastructure VM and database backups that may be in progress are completed before you shut down the infrastructure VMs. For information about the default schedule, see Default backup and retention policy. 1 Log on to the Console VM (CON01) using an account that is a member of the -Ops-Admins group. 2 Open the Operations console.
c Repeat these steps to shut down each backup host. Step 4 Shut down the tenant VMs 1 Log on to the Console VM using an account that is a member of the -Setup-Admins group. 2 Open Failover Cluster Manager, right-click Failover Cluster Manager, click Connect to Cluster, click Browse, and then click the compute cluster.
2 c To stop the remote computer, run the following command where is the name of a compute cluster host: d Stop-Computer –ComputerName –Force When the host is shut down, continue to the next host. Always wait until the current host shuts down before you shut down the next host. Continue until all compute cluster hosts are shut down.
3 Install Java version 7 on this laptop so that you can start the virtual console through the iDRAC interface. Ensure that AD DS services are available Ensure that your Active Directory Domain Services (AD DS) infrastructure is available, and functional. Step 1 Power on the hardware devices 1 Power on the PDUs. 2 Ensure the on/off switch is on for the JBODs.
7 After all SQL Server instances are online, in Failover Cluster Manager, connect back to the compute cluster, and start the remaining infrastructure VMs in the following order: a b c d VMM01 OM01 APA01 APT01 8 In Failover Cluster Manager, while connected to the compute cluster, ensure you select all tenant VMs and start them as well. 9 Clear rule-based generated alerts that were created during the startup process.
Figure 49. DPM Refresh agents Known Issues Issue #1: WAP (Windows Azure Pack) Admin API, WAP Usage, and Usage Collector components report a Warning state. Symptoms: After a restart of Dell Hybrid Cloud System for Microsoft, the following Windows Azure portal components are in a Warning state, and there are the following alerts in Operations Manager: • Windows Azure Pack Site Unknown Error Monitor Usage • Windows Azure Pack Site Unknown Error Monitor Usage Collector.
1 From the Console VM, open Event Viewer, connect to the cluster node that needs attention remotely, and Save All Events As. 2 Open the VMM console, open the Jobs workspace, and check for failed Refresh host cluster jobs. 3 In the error details for each of the failed jobs, check for the following error: Error (2912) An internal error has occurred trying to contact the server: : . WinRM: URL: [http://:5985], Verb: [ENUMERATE], Resource: [http://schemas.microsoft.
Ensure that your Active Directory Domain Services (AD DS) infrastructure is available and functional. Step 1 Verify that the storage is available and functional 1 If the iDRACs are connected, Dell recommends that you use a laptop. Configure the laptop and connect it to port 39 or 40 of the switch, then complete the following steps. 2 From the laptop, connect to the IPv4 iDRAC address of one of the file server cluster hosts by using a browser, for example, open https://192.168.164.131.
Step 3 Ensure the Windows Azure Pack services are running Because in this scenario there is no control over the order of the components coming up, Dell recommends that you restart the infrastructure VM named APA01. To do this, follow the steps below. 1 Use Remote Desktop Connection to connect to the Console VM with an account that is a member of the -Setup-Admins group. 2 Open Failover Cluster Manager. 3 Connect to the compute cluster.
e f K Backup-S20DPM01-3 NTFS Fixed Healthy L Backup-S20DPM02-1 NTFS Fixed Healthy M Backup-S20DPM02-2 NTFS Fixed Healthy N Backup-S20DPM02-3 NTFS Fixed Healthy C NTFS Fixed Healthy NTFS Fixed Healthy In the VMM console (in the VMs and Services workspace) or in Hyper-V Manager, check to make sure the DPM VMs that are hosted on this server are running. Log on to each DPM VM, and verify the following: 1 Open Disk Management (Diskmgmt.
3 Clear all rule-based alerts that Operations Manager generated during startup by running the following commands: $InstanceObject = Get-SCOMClass -Name Microsoft.SystemCenter.ManagementServersGroup | Get-SCOMClassInstance | Get-SCOMMonitoringObject Start-SCOMTask -Task (Get-SCOMTask -Name Microsoft.Cloud.Overrides.Tasks.ResolveAlertsPerMP) –Instance $InstanceObject Step 7 Verify the health of the Dell Hybrid Cloud System for Microsoft components 1 On the Console VM, open the Operations console.
4 Security This chapter discusses security issues pertaining to: • User accounts • Passwords • Encryption keys • Managing antivirus, antimalware, and certificates.
Type Accounts Privileges Usage Password Management Out-of-band management Default password: Directory Domain Services. Dell Managed Accounts iDRAC Account administrator p@ssw0rd Password rotation: Manual Service accounts This section discusses: • Local service accounts • Domain service accounts. Local service accounts The local service accounts that are required for Windows Azure Pack are listed in the following table. Table 34.
• MgmtSvc-UsageCollector_Management • MgmtSvc-WebAppGallery • MgmtSvc-WindowsAuthSite • TenantSiteNotificationServiceUser You do not have to touch any of these accounts. For all these accounts: • The passwords are autogenerated. • Password rotation is done when you run the MCPasswordReset script. The password expiration for SpfUser and SMAUser is controlled by domain policy. All Windows Azure Pack database account passwords do not expire. However, they are rotated on the same schedule.
Account Privileges/Usage -SVC-SMA Account used to deploy SMA. -SA-SMA Used to run all SMA services—SMA Web Service and SMA Runbook Service. This is a group Managed Service Account, called a gMSA account. Groups The following table describes security groups created by the Dell Hybrid Cloud System for Microsoft deployment process. Table 36.
Resetting service account passwords This section describes how to rotate service account passwords by using the password reset script. It is important that you do this rotation before service account passwords expire. Password expiration is controlled by your domain password policy settings. The Operations Manager alert for password expiration is raised 14 days before passwords expire.
• SQL Server (SQLIN01) • SQL Server (SQLIN02) • SQL Server Agent (SQLIN01) • SQL Server Agent (SQLIN02) Figure 53. SQL instances e f g h i 3 Open the properties for each service, select the Log On tab, change the password, and click OK. Once the password has been changed for each service, open Failover Cluster Manager, and then connect to the SQL cluster, SQLCL. Select Nodes, right-click on the first node, SQL01, and select Pause > Drain Roles.
Figure 55. List of the Run As accounts g h 5 Right-click the CPS-System Run As account, and then click Properties. Type the same password that you set in Active Directory Users and Computers in step b, and then click OK. Reset the Fabric account password in both Active Directory and VMM as follows: a b c d Launch Active Directory Users and Computers, and locate the System service account, -Fabric. Right-click and select Reset Password to open a dialog where you can type a new password.
• System Center Management Configuration Figure 58. SCOM services e f Open the properties for each service, select the Log On tab, change the password to what was set in Active Directory Users and Computers in step b, and then click OK. Once the password has been set, right-click on each service, and select: • g h Start if not running • Stop then Start if previously running Next, open the SCOM management console, and connect to the SCOM server if prompted, OM01.
Figure 61. Monitoring workspace l 7 To verify that the password change was successful, monitor for any new Run As account alerts. Reset the SPF and SMA service accounts in Active Directory and local accounts on APA01 as follows: a b c Launch Active Directory Users and Computers, and locate the SPF and SMA service accounts, -SVC-SPF and -SVC-SMA. Right-click and select Reset Password to open a dialog where you can type a new password.
i j k l m 8 Right-click the smauser, select Set Password, and click Proceed when prompted. Enter the password that was output by the Test-WapResourceProviderEndpoints.ps1 script, and click OK. Right-click the spfuser, select Set Password, and click Proceed when prompted. Enter the password that was output by the Test-WapResourceProviderEndpoints.ps1 script, and click OK. Confirm that the passwords work by opening the Admin portal.
How service accounts are managed Dell Hybrid Cloud System for Microsoft includes a password reset script that you can use to change passwords for the following service accounts: • -Fabric • -System • -SVC-SQL • -SVC-VMM • -SVC-OM • -SVC-SPF • -SVC-SMA It is recommended that you run the MCPasswordReset script to reset the passwords for these service accounts whenever you are alerted to do so by System Center Operations Manager.
• You must be a member of the -Setup-Admins group in the Dell Hybrid Cloud System for Microsoft OU to run the MCPasswordReset script. You are prompted to provide those credentials when you run the script. • The password reset script works only for the accounts listed in the preceding section. It does not reset passwords for any manuallycreated accounts, or for Windows Azure Pack encryption keys. • Run only the MCPasswordReset script.
Figure 67. MCPasswordReset report These are the tasks performed by the MCPasswordReset script, in order: 1 The script verifies that the following required Dell Hybrid Cloud System for Microsoft components are available and running normally. If these components are not running, the script stops: • SMA server • SMA database 2 The script performs a basic health check on components it must access to change passwords.
NOTE: You can also run the commands from the Console VM. However, if you do this, you must replace localhost in each of the following steps with the host name of the SMA VM. 2 In a Windows PowerShell console that is running with elevated user rights (Run as Administrator), run the Get-SmaJob cmdlet to find the job ID and the number of errors.
Figure 68. Reset password f g 2 Repeat this procedure for the -SVC-VMM account. Close Active Directory Users and Computers. Step 2: Reset the password of the service accounts in the Services snap-in. a b c On the Console VM, open the Failover Cluster Manager console from the Tools menu in Server Manager. In the Actions pane, click Connect to Cluster. Select the SQLCL cluster. If the cluster is not listed in the drop-down list, click Browse. After you select the cluster, click OK.
If the -System password is not in synch between SMA, AD DS, and VMM, the MCPasswordReset script cannot run. To fix this: a b Change the password for the -System account in Active Directory Users and Computers. Run the Set-SmaCredential cmdlet to set the matching password in SMA. To do this, run the following commands from the VM that is running SMA—APA01: $cred = Get-Credential When you are prompted, enter \-System, and the new password you set in Active Directory Us
To fix this condition, do the following: 1 In Active Directory Users and Computers, expand the Dell Hybrid Cloud System for Microsoft OU, and then click the Fabric account. 2 Right-click the account, and then click Reset Password. 3 Change the password. 4 Clear the check box for the User must change password at next logon option, and then click OK. 5 Close Active Directory Users and Computers. 6 Open the VMM console.
3 Installs System Center 2012 R2 Endpoint Protection. The System Center Endpoint Protection management tools in the Operations Manager console display the computers that are protected. The following screenshot is an example: Figure 70. Endpoints with FEP NOTE: If you click Endpoints without FEP, it is expected that storage nodes do not have Endpoint Protection installed.
More Information: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:DOS/EICAR_Test_File&threatid=2147519003 Malware Severity: Severe How to update antimalware definitions manually By default, Endpoint Protection checks for updated antimalware definitions every eight hours. You should not need to update antimalware definitions manually; this is optional. Antimalware updates are applied automatically by Windows Server Update Services (WSUS).
• View the certificates to determine whether or not certificates are self-signed, and when certificates will expire. • If you have not already done so, replace self-signed certificates with CA-signed certificates to help improve the security of Dell Hybrid Cloud System for Microsoft. • As certificates expire, you must periodically perform tasks in Replacing self-signed certificates with CA-signed certificates again. Viewing the certificates You can view certificates in the GUI, by opening the certlm.
3 Create a PowerShell Credential asset. The password for this asset is used to protect the private keys of the exported certificates. a b c d e f g In the Windows Azure Pack management portal for administrators, click Automation in the navigation pane. On the Automation page, click Assets. Click Add Setting, and then click Add Credential. In the Credential Type list, click PowerShell Credential. In the Name box, type a name for the asset (for example, CertExport), and then click the Next arrow.
Figure 72. WAPCerts The root folders for the Windows Azure Pack websites are named MgmtSvc-*, where * is the name of the Windows Azure Pack service—for example, MgmtSvc-TenantSite. In each root level folder, there is a second-level folder that is the name of the VM on which the certificate is installed. This folder contains the following files: • The exported .pfx file • A Java Script Object Notation (JSON) representation of the certificate—.
certification authority certificate. To view the certificate chain, open the Certificates snap-in (Certmgr.msc), double-click the certificate, and then click the Certification Path tab. 1 In the Windows Azure Pack management portal for administrators, click Automation, and then click Runbooks. Depending on the number of certificates you have, and the certificate chain, you may have to run this runbook multiple times.
• 3 If you are using certificates that are registered at the website level, copy the folder tree from the share that you created in Step 1 to this new share, and then use the guidance in the next step to replace the existing .pfx files in the folder tree with the new ones. You could also create a similar folder tree in the new share, instead of copying the folder tree. Prepare the \\CON01>\ImportCerts file share with the new .pfx certificates. You can specify only one .pfx file per folder.
• Searches for .pfx files at \\host\share\WebSiteName\VMName\*.pfx • If it finds no .pfx files at the VM level, it searches \\host\share\WebSiteName\*.pfx • If it finds no .pfx files at the website level, it searches \\host\share\*.pfx • If it finds no .pfx files at all, it returns the following error message: Error, no .
• Archive these files to a different location, or • Delete the files after confirming that all new certificates are working, that is, administrators and tenants are able to sign in and work in their Windows Azure Pack management portals. The shares where you stored certificate information were: • \\CON01\WapCerts • \\CON01\TCAShare • \\CON01\ImportCerts Updating certificates about to expire To update certificates that are about to expire, follow the procedures described in
Appendix A Expanding the stamp When customers initially purchase the Dell Hybrid Cloud System for Microsoft, the solution may be configured with fewer than the maximum number of compute nodes, storage JBODs, network switches, or backup hosts. The following figure outlines the components that may be ordered to expand the scale and/or functionality of the solution after it has already been deployed. This section outlines procedures for adding these components and integrating them into the solution.
However, if a significant amount of time has passed between the original order and the expansion, it is likely that image versions and/or firmware versions may be different. Before beginning the expansion deployment, it will then be necessary to bring the existing environment up to a solution release level that is compatible with the images provided on the expansion chassis. The Patch and Update (P&U) process can be used to update the solution stack.
To check the Microsoft update version on a new node, open the file C:\Program Files\Microsoft Cloud Solutions\Version.xml on the host. To check the Microsoft update version on the stamp, see How to check which update package is installed.
Appendix B Performing a factory reset This section describes how to reset a deployed Dell Hybrid Cloud System for Microsoft stamp so that it can be redeployed. Before you redeploy, you must reset backup servers, storage servers, and compute nodes to factory defaults and prepare for a fresh deployment. CAUTION: Performing these steps results in loss of all workload VMs running in your private cloud.
Resetting the backup servers CAUTION: Before you start the factory reset for Backup Servers, make sure that you are using a Microsoft System Center Server product key, the Volume License Key. See the Solution Integration Document (SID) for Volume License Key information. If you are not using the Volume License Key, Backup Server deployment will fail after a reset as well. 1 Open iDRAC consoles for each physical host. The Field Engineer (FE) must be connected using the FE laptop.
The command returns a list of disks with their status and size. 6 As indicated in the graphic, Disk #1 requires clearing. To confirm that this disk is the backup disk, obtain a list of partitions by entering the command Get-Partition. Figure 76. Get-partition The list of partitions that is returned confirms that Disk #1 has the partition created to house the backed-up data.
Figure 78. Confirmation disk is removed 10 11 12 13 Log on to the Console VM CON01 with Domain Account. For Domain Account information, see the Solution Integration Document Remove the host from VMM. a In the VMM console, open the VMs and Services workspace. b Under the All Hosts host group, remove the backup host on which the DPM VM resides. Remove the backup host and DPM VMs from Operations Manager. a Open the Operations Console.
Figure 80. Connect to Server Figure 81. Select Server 14 Next remove the DPM01 and DPM02 virtual machine folders from the Backup Host B01. To accomplish this, access your Backup Host B01 from the Console VM as follows: a b c Click Start and search for Run. Access the D: drive of the Backup Host B01 by typing \\B01\d$. Delete the folders DPM01 and DPM02.
Figure 82. Delete folders from backup host 15 At the PowerShell prompt, run the reagentc /boottore command. If you receive a message saying REAGENTC.EXE: Operations successful, continue to the next step. If you do not receive this message, follow the escalation path. NOTE: If this is not the first time the server has been reset, you might receive an error message saying: REAGENTC.EXE: Windows RE is disabled. In that case, open an elevated Windows PowerShell session, and run the reagentc /enable command.
Figure 84. Troubleshoot advanced 19 In Advanced options, click Command Prompt. Figure 85. Advanced options 20 When a system command prompt is displayed, run the following commands: del c:\hostos.vhdx copy c:\recovery.vhdx c:\hostos.vhdx 21 Close the command prompt by typing Exit. 22 On the Windows Recovery Environment main menu, click Continue.
Figure 86. Troubleshoot options The server restarts and completes factory first-boot automation. CAUTION: After completing this factory reset process, wait for at least 30 minutes before proceeding to the next step. 23 From the iDRAC Virtual Console, select Power > Graceful Shutdown. Figure 87. iDRAC graceful shutdown The backup hosts power off. Later in the factory reset process, you follow the power-on procedures for Dell Hybrid Cloud System for Microsoft, as described in Starting up the stamp.
Figure 88. Backup Active Directory cleanup 2 Clean the DNS objects for B01, DPM01, and DPM02. a Log in to the customer’s DNS server, and delete the entries for B01, DPM01, and DPM02. In the following example, Dell Hybrid Cloud System environment is called “abcde.” Figure 89. Backup DNS cleanup 3 Delete Backup Deployment registry entries for B01, DPM01, and DPM02. a b c Log in to the CON01 console VM with the Domain account.
Figure 90. Backup registry cleanup 4 Delete all backup-related configuration for B01, DPM01, and DPM02 in deploymentmanifest.xml. a Open the manifest file on the CON01 console VM located at C:\Program Files\Microsoft Cloud Solutions\DeployDriver \Manifests\ deploymentmanifest.xml. Search (CTRL+F ) for the following sections and delete them. ……. and …….. Figure 91.
While you are logged in to the CON01 console VM using the Domain Credentials (see the Solution Integration Document), remotely connect to the APA01 server using the PowerShell command Enter-Psession APA01. When connected, use the command Remove-SmaVariable -name "DPM-ConfigurationMap" -WebServiceEndpoint "https:\\localhost". Figure 92. PowerShell Remove-SmaVariable The SMA variable is removed from the APA01 server. 6 Re-run BackupDeployDriver.
Figure 93. Troubleshoot options 9 On the Troubleshoot menu, click Advanced options. Figure 94. Troubleshoot advanced 10 In Advanced options, click Command Prompt.
Figure 95. Advanced options 11 When a system command prompt displays, change to the C: drive and run the following commands: • del c:\hostos.vhdx 12 • copy c:\recovery.vhdx c:\hostos.vhdx Close the command prompt by typing Exit. 13 On the Windows Recovery Environment main menu, click Continue. Figure 96. Troubleshoot options The server restarts and completes factory first-boot automation.
Figure 97. iDRAC Graceful Shutdown The storage hosts power off. Later in the factory reset process, you follow the power-on procedures for Dell Hybrid Cloud System for Microsoft, as described in Starting up the stamp. NOTE: Upon completion of the factory reset process, manually power off the (MD14xx) JBODs that are connected to the R730s. Resetting the compute cluster 1 Open iDRAC Consoles for each physical host. Connect the Field Engineer (FE) laptop.
Figure 98. Windows Recovery Environment menu 7 On the Troubleshoot menu, click Advanced options. Figure 99. Troubleshoot advanced 8 In Advanced options, click Command Prompt.
Figure 100. Advanced options 9 When a system command prompt is displayed, run the following commands: del c:\hostos.vhdx copy c:\recovery.vhdx c:\hostos.vhdx del c:\vhd\console.vhdx copy c:\vhd\consolerecovery.vhdx c:\vhd\console.vhdx 10 Close the command prompt by typing Exit. 11 On the Windows Recovery Environment main menu, click Continue. Figure 101. Troubleshoot options The server restarts and completes factory first-boot automation.
Figure 102. iDRAC Graceful Shutdown Clean up Active Directory and DNS records If you want to redeploy a Dell Hybrid Cloud System for Microsoft stamp with the same customer prefix, you must remove stale objects left over from the previous deployment from your Active Directory and DNS databases. 1 On a domain member server or workstation with Active Directory management tools installed, open Active Directory Users and Computers.
Delete the VMM server First, delete the VMM server from Azure Site Recovery: 1 Sign in to the Azure portal, at https://portal.azure.com, and select the appropriate subscription. 2 Under Recovery Services vaults, click the name of the vault for the Dell Hybrid Cloud System for Microsoft deployment (look for - or cps-) to open the vault dashboard. 3 In Settings, under Management Servers, click Site Recovery servers.
Appendix C Retrieving cluster names, host names, and IP addresses You can use the following Windows PowerShell commands to retrieve cluster and host names, and IP addresses for the clusters, hosts, and infrastructure VMs. Run the commands in an elevated Windows PowerShell session on the Console VM.
Get-Cluster -Name | Get-ClusterResource "Cluster IP Address"| GetClusterParameter -Name Address Example Get-Cluster -Name S54SCL | Get-ClusterResource "Cluster IP Address"| Get-ClusterParameter -Name Address Example 3: SQL Server clusters Syntax Get-Cluster -Name | Get-ClusterResource "Cluster IP Address"| GetClusterParameter -Name Address Example Get-Cluster -Name S54SQLCL | Get-ClusterResource "Cluster IP Address"| Get-ClusterParameter Name Address Get host
Get-ClusterNetworkInterface -Cluster | Format-Table -Property Node, Name, IPv4Addresses, Ipv6Addresses Example Get-ClusterNetworkInterface -Cluster S54SQLCL | Format-Table -Property Node, Name, IPv4Addresses, Ipv6Addresses Get infrastructure VM names and addresses Syntax Get-SCStaticIPAddressPool -Name "Management_Pool" | Get-SCIPAddress | Format-Table –Property Description,Address Appendix C Retrieving cluster names, host names, and IP addresses 163
Appendix D Ports and protocols The following table defines Dell Hybrid Cloud System for Microsoft protocol and port number mappings: IMPORTANT: Disjointed namespaces: • Your domain name must be the same as the DNS zone in which your DHCS stamp resides. For example, if your domain name is mycompany.local, and you are using a DNS zone other than mycompany.local, you have a disjointed namespace. Dell EMC has only validated and tested contiguous namespace use case with identical domain name and the DNS zone.
Source Any Target Windows Azure Pack admin (APA01) Protocol Port Comment TCP 3269 Global Catalog (SSL) TCP/UDP 88 Kerberos TCP/UDP 53 DNS TCP/UDP 445 SMB, CIFS, SMB2, DFSN, LSARPC, NbtSS, NetLogonR, SamR, SrvSvc TCP 135 RPC, EPM TCP 1025:5000 RPC, DCOM, EPM, DRSUAPI, NetLogonR, SamR, FRS (2003) TCP 49152:65535 RPC, DCOM, EPM, DRSUAPI, NetLogonR, SamR, FRS (2008) TCP 5722 RPC, DFSR (SYSVOL) UDP 123 NTP TCP/UDP 464 Kerberos change/set password UDP 1025:5000 DCOM,
Source Target Protocol Port Comment Any Windows Azure Pack public (APT01) TCP 30006 TenantPublicAPI TCP 30081 TenantSite TCP 30071 AuthSite UDP 137:138 Allow name/share resolution TCP 139 Allow name/share resolution Local subnets Any Any Console VM TCP 3389 Remote Desktop All hosts and VMs Internet TCP 80:443 Azure services Local subnets Operations Manager (OM01) TCP 5723 Operations Manager agent communication TCP 5724 Operations Manager console commu
