PowerShell behind a proxy

Desired State Configuration – part 2

Now the Pull server is up and running, the next step is to configure “A” server to use the newly created Pull server. For this the windows feature Windows PowerShell Desired State Configuration Service (DSC-Service) must be installed and the DSC localconfiguration must be configured to use the Pull server.

The service can be installed using “Add-WindowsFeature -Name DSC-Service”. Although we can manual install the windows feature, it also possible to use DSC to push the configuration from the Pull server to the target server. The following push configuration will install the Windows feature “DSC-Service” on server “A”:

PS > configuration InstallDSCService
>>{
>>    node "A"
>>    {     
>>        WindowsFeature DSCService
>>        {
>>            Name  = "DSC-Service"
>>            Ensure = "Present"
>>        }
>>    }
>>}
PS > InstallDSCService -output "."

PS > configuration InstallDSCService

>>{

>> node "A"

>> {

>> WindowsFeature DSCService

>> {

>> Name = "DSC-Service"

>> Ensure = "Present"

>> }

>>}

PS > InstallDSCService -output "."

Running the config “Install-DscConfiguration will result in a A.mof file

PS > C:UsersMeDocumentsScriptsInstallDSCService> dir

    Directory: C:UsersMeDocumentsScriptsInstallDSCService

Mode                LastWriteTime     Length Name
----                -------------     ------ ----
-a---          3/3/2015  09:20 PM       1158 a.mof
PS >

PS > C:UsersMeDocumentsScriptsInstallDSCService> dir

Directory: C:UsersMeDocumentsScriptsInstallDSCService

Mode LastWriteTime Length Name

---- ------------- ------ ----

-a--- 3/3/2015 09:20 PM 1158 a.mof

PS >

Now we can push the configuration (as a .mof file) to server “A”.

PS > Start-DscConfiguration -Wait -Force -Path .InstallDSCService -ServerName "A"

1	PS > Start-DscConfiguration -Wait -Force -Path .InstallDSCService -ServerName "A"

Doing this will install DSC on the remote server. The next step is to configure server “A” to use the Pull server as a configuration source. How to make the configuration is explained in this Technet article.

PS > Configuration SimpleMetaConfigurationForPull
>> {
>>      LocalConfigurationManager
>>      {
>>        ConfigurationID = "cc53d975-c5d3-43ab-9f5c-124aedb976f0";
>>        RefreshMode = "PULL";
>>        DownloadManagerName = "WebDownloadManager";
>>        RebootNodeIfNeeded = $true;
>>        RefreshFrequencyMins = 15;
>>        ConfigurationModeFrequencyMins = 30;
>>        ConfigurationMode = "ApplyAndMonitor";
>>        DownloadManagerCustomData = @{ServerUrl = "http://pullserver:8080/PSDSCPullServer.svc"; AllowUnsecureConnection = “TRUE”}
>>      }
>> }
>>
PS > SimpleMetaConfigurationForPull -Output "."

    Directory: C:ScriptsSimpleMetaConfigurationForPull

Mode                LastWriteTime     Length Name
----                -------------     ------ ----
-a---          3/3/2015   9:24 PM       1988 localhost.meta.mof
PS >

PS > Configuration SimpleMetaConfigurationForPull

>> {

>> LocalConfigurationManager

>> {

>> ConfigurationID = "cc53d975-c5d3-43ab-9f5c-124aedb976f0";

>> RefreshMode = "PULL";

>> DownloadManagerName = "WebDownloadManager";

>> RebootNodeIfNeeded = $true;

>> RefreshFrequencyMins = 15;

>> ConfigurationModeFrequencyMins = 30;

>> ConfigurationMode = "ApplyAndMonitor";

>> DownloadManagerCustomData = @{ServerUrl = "http://pullserver:8080/PSDSCPullServer.svc"; AllowUnsecureConnection = “TRUE”}

>> }

PS > SimpleMetaConfigurationForPull -Output "."

Directory: C:ScriptsSimpleMetaConfigurationForPull

Mode LastWriteTime Length Name

---- ------------- ------ ----

-a--- 3/3/2015 9:24 PM 1988 localhost.meta.mof

PS >

As you can see in the above example, there is no servername present in the configuration. Server “A” is configured to request a configuration with the name “cc53d975-c5d3-43ab-9f5c-124aedb976f0”. There is no database for the servername <-> GUID translation in DSC. When making configurations you need to document/keep track which GUID and servername are paired. I’ve seen examples of storing servername/GUID in an csv file, or stored in an AD attribute. Needles to say that each server needs an unique GUID.

Use Set-DscLocalConfigurationManager -ComputerName “A” -Path

To create an GUID you can use this example to create one.

INI

PS > $guid = [guid]::NewGuid().Guid PS > $guid PS > cc53d975-c5d3-43ab-9f5c-124aedb976f0

1
2
3

PS > $guid = [guid]::NewGuid().Guid
PS > $guid
PS > cc53d975-c5d3-43ab-9f5c-124aedb976f0

And add the GUID to your Local configuration
To store the GUID in a field in the AD object, for example ExtensionAttribute1. This way it’s easy to keep a relation between the GUID and the servername. You could also create computer objects to represent non-domain joined computers. Replace the

PowerShell

PS > Set-ADComputer "A" –replace @{ExtensionAttribute1=$guid} PS > (Get-ADComputer "A" -Properties ExtensionAttribute1).ExtensionAttribute1 cc53d975-c5d3-43ab-9f5c-124aedb976f0 PS >

1
2
3
4

PS > Set-ADComputer "A" –replace @{ExtensionAttribute1=$guid}
PS > (Get-ADComputer "A" -Properties ExtensionAttribute1).ExtensionAttribute1
cc53d975-c5d3-43ab-9f5c-124aedb976f0
PS >

The DSC configuration on server “A” is now configured to check every 15 minutes for a (new) configuration on the Pull server.

Create a new configuration with the GUID of the server and place it in the configuration folder on the Pullserver. The location is specified when creating the Pullserver. In the previous example when creating the Pullserver it was specified as “$env:PROGRAMFILESWindowsPowerShellDscServiceConfiguration”

DSC resources https://gallery.technet.microsoft.com/scriptcenter/DSC-Resource-Kit-All-c449312d

Desired State Configuration

Building infrastructures means building and connecting machines which are hosting services that support the business by making its jobs easier. From the early days on, infrastructure creates the baseline by hosting specific machines to do specific tasks. The infrastructure team installs and configures the OS and hands the machine over to the application developers who in their turn install and configure the application for the business.

So how to build and maintain the OS in a structured manner? There are enough methods to deploy an OS in a structured way, maintaining the configuration of the OS is somewhat more difficult. And checking if the installation and configuration isn’t drifting away from its intended state is difficult. Desired State Configuration (DSC) can maintain a configuration and detect a drift from the intented configuration.

DSC is Microsoft’s answer to maintain and keep configurations of OSes and applications. Microsoft states that DSC is gradually going to be the only means to manage windows servers and applications. DSC works with Microsoft Framework and Powershell.

Simplified DSC says: “Hey server you are going to be a web server, take configuration “WEB_Main_v4″ and apply that configuration. Have fun!”

Configuration files have a basic markup: it starts with defining the configuration name, the node name and actual configuration. The configuration acts as a template, from which a specific configuration for a specific server will be build, which we can deploy to that specific server.

PS >configuration ServerConfig
>> {
>>     param ([string[]] $NodeName)
>>     node $NodeName
>>     {
>>         File Folder_C_Temp
>>         {  
>>             Ensure          = "Present"
>>             Type            = "Directory"
>>             DestinationPath = "C:Temp"
>>          }
>>     }
>> }
PS >

PS >configuration ServerConfig

>> {

>> param ([string[]] $NodeName)

>> node $NodeName

>> {

>> File Folder_C_Temp

>> {

>> Ensure = "Present"

>> Type = "Directory"

>> DestinationPath = "C:Temp"

>> }

PS >

In this template the configuration is named “ServerConfig”. The configuration is for a server named Servername (which will be stored in the variable $NodeName). File is the configuration item which is being defined with parameters. Save the config as “aserver.ps1”

The configuration looks similar as a PowerShell function and in a way it is!
Knowledge of PowerShell is necessary when working with DSC

PS> ServerConfig -OutputPath "." -NodeName "A"


    Directory: C:UsersMyDocumentsScriptsServerConfig


Mode                LastWriteTime     Length Name
----                -------------     ------ ----
-a---         1/27/2015   3:35 PM       1162 A.mof
-a---         1/27/2015   3:35 PM        932 A.meta.mof

PS > Start-DscConfiguration -Wait -Force -Path .ServerConfig -ServerName "A"

PS> ServerConfig -OutputPath "." -NodeName "A"

Directory: C:UsersMyDocumentsScriptsServerConfig

Mode LastWriteTime Length Name

---- ------------- ------ ----

-a--- 1/27/2015 3:35 PM 1162 A.mof

-a--- 1/27/2015 3:35 PM 932 A.meta.mof

PS > Start-DscConfiguration -Wait -Force -Path .ServerConfig -ServerName "A"

Run aserver.ps1 in Powershell. Once the configuration is loaded, the configuration is available as a command with the name of the config (like a function). Run “ServerConfig -OutputPath “.” -NodeName “A”” to create the .mof file. Use the command Start-DscConfiguration -Wait -Force -Path .ServerConfig -ServerName “A” to actually deploy the configuration to server “A”.

The Managed Object Format (MOF) was defined by the Distributed Management Task Force (DMTF). The purpose of the DMTF is to supervise standards that help enable cross-platform management. In other words, MOF is a cross-platform standard with public available specifications. You don’t need PowerShell to create a .mof file, PowerShell is just a tool to create such file. You could even create a .mof file on a Unix server to manage Windows Server of vice versa!

What DSC does is creating a .mof file based on the configuration. The content of the .mof file

/*
@TargetNode='A'
@GeneratedBy=Me
@GenerationDate=03/01/2015 11:00:53
@GenerationHost=Pullserver
*/

instance of MSFT_FileDirectoryConfiguration as $MSFT_FileDirectoryConfiguration1ref
{
ResourceID = "[File]Folder_C_Temp";
 Type = "Directory";
 Ensure = "Present";
 SourceInfo = "::6::10::File";
 DestinationPath = "C:Temp";
 ModuleName = "PSDesiredStateConfiguration";
 ModuleVersion = "1.0";

};

instance of OMI_ConfigurationDocument
{
 Version="1.0.0";
 Author="Me";
 GenerationDate="03/01/2015 11:00:53";
 GenerationHost="Pullserver";
}

@TargetNode='A'

@GeneratedBy=Me

@GenerationDate=03/01/2015 11:00:53

@GenerationHost=Pullserver

instance of MSFT_FileDirectoryConfiguration as $MSFT_FileDirectoryConfiguration1ref

{

ResourceID = "[File]Folder_C_Temp";

Type = "Directory";

Ensure = "Present";

SourceInfo = "::6::10::File";

DestinationPath = "C:Temp";

ModuleName = "PSDesiredStateConfiguration";

ModuleVersion = "1.0";

};

instance of OMI_ConfigurationDocument

{

Version="1.0.0";

Author="Me";

GenerationDate="03/01/2015 11:00:53";

GenerationHost="Pullserver";

}

Deploy the configuration to the server:

 PS > Start-DscConfiguration -Wait -Force -Path .ServerConfig -ServerName "A"

1	PS > Start-DscConfiguration -Wait -Force -Path .ServerConfig -ServerName "A"

The above steps are simple. First create a configuration file, converted it to a .mof file and push it to a server.

In a development environment the manual way of working is fine, but in production it certainly is not. There are two methods of deploying configuration to servers, push (as above) and pull.

For the pull method, a pull server is needed. In this configuration a server asks a pull server for its configuration and reports back the result. The Pull server can be manual installed, but why not use DSC to deploy the Pull server. To do this, download the xPSDesiredStateConfiguration Module from Technet and install it. The Pull server can be published using SMB or http(s). Https is the most versatile option, change it when needed. I used the following configuration to deploy the pull server. For simplicity this configuration does not use SSL, so I do not have to create the certificate and trust chain.

configuration Pull_DscWebService
{
    param 
    (
        [string]$NodeName = 'localhost'
        # Replace text with certificate thumbprint
        [string]$certificateThumbPrint = "AllowUnencryptedTraffic" 
    )

    Import-DSCResource -ModuleName "PSDesiredStateConfiguration" 

    Node $NodeName
    {
        WindowsFeature DSCServiceFeature
        {
            Ensure = "Present"
            Name   = "DSC-Service"            
        }

        xDscWebService PSDSCPullServer
        {
            Ensure                  = "Present"
            EndpointName            = "PSDSCPullServer"
            Port                    = 8080
            PhysicalPath            = "C:inetpubwwwrootPSDSCPullServer"
            CertificateThumbPrint   = "AllowUnencryptedTraffic" 
            ModulePath              = "$env:PROGRAMFILESWindowsPowerShellDscServiceModules"
            ConfigurationPath       = "$env:PROGRAMFILESWindowsPowerShellDscServiceConfiguration"            
            State                   = "Started"
            DependsOn               = "[WindowsFeature]DSCServiceFeature"                        
        }

        xDscWebService PSDSCComplianceServer
        {
            Ensure                  = "Present"
            EndpointName            = "PSDSCComplianceServer"
            Port                    = 9080
            PhysicalPath            = "C:inetpubwwwrootPSDSCComplianceServer"
            CertificateThumbPrint   = "AllowUnencryptedTraffic"
            State                   = "Started"
            IsComplianceServer      = $true
            DependsOn               = @("[WindowsFeature]DSCServiceFeature","[xDSCWebService]PSDSCPullServer")
        }
    }
 }

Pull_DscWebService -output "."

configuration Pull_DscWebService

{

param

(

[string]$NodeName = 'localhost'

# Replace text with certificate thumbprint

[string]$certificateThumbPrint = "AllowUnencryptedTraffic"

)

Import-DSCResource -ModuleName "PSDesiredStateConfiguration"

Node $NodeName

{

WindowsFeature DSCServiceFeature

{

Ensure = "Present"

Name = "DSC-Service"

}

xDscWebService PSDSCPullServer

{

Ensure = "Present"

EndpointName = "PSDSCPullServer"

Port = 8080

PhysicalPath = "C:inetpubwwwrootPSDSCPullServer"

CertificateThumbPrint = "AllowUnencryptedTraffic"

ModulePath = "$env:PROGRAMFILESWindowsPowerShellDscServiceModules"

ConfigurationPath = "$env:PROGRAMFILESWindowsPowerShellDscServiceConfiguration"

State = "Started"

DependsOn = "[WindowsFeature]DSCServiceFeature"

}

xDscWebService PSDSCComplianceServer

{

Ensure = "Present"

EndpointName = "PSDSCComplianceServer"

Port = 9080

PhysicalPath = "C:inetpubwwwrootPSDSCComplianceServer"

CertificateThumbPrint = "AllowUnencryptedTraffic"

State = "Started"

IsComplianceServer = $true

DependsOn = @("[WindowsFeature]DSCServiceFeature","[xDSCWebService]PSDSCPullServer")

}

Pull_DscWebService -output "."

Activate the configuration with Start-DscConfiguration .Pull_DscWebService use -verbose to view progress of each individual action.

PS > Start-DscConfiguration .Pull_DscWebService -Wait -Verbose
VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendConfigurationApply,'className' = 
MSFT_DSCLocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer . with user sid S-1-5-21-xxxxxxxxxxx.
VERBOSE: [.]: LCM: [ Start Set ]
VERBOSE: [.]: LCM: [ Start Resource ] [[WindowsFeature]DSCServiceFeature]
VERBOSE: [.]: LCM: [ Start Test ] [[WindowsFeature]DSCServiceFeature]
VERBOSE: [.]: [[WindowsFeature]DSCServiceFeature] The operation 'Get-WindowsFeature' started: DSC-Service
VERBOSE: [.]: [[WindowsFeature]DSCServiceFeature] The operation 'Get-WindowsFeature' succeeded: DSC-Service
VERBOSE: [.]: LCM: [ End Test ] [[WindowsFeature]DSCServiceFeature] in 0.6880 seconds.
VERBOSE: [.]: LCM: [ Skip Set ] [[WindowsFeature]DSCServiceFeature]
VERBOSE: [.]: LCM: [ End Resource ] [[WindowsFeature]DSCServiceFeature]
VERBOSE: [.]: LCM: [ Start Resource ] [[xDSCWebService]PSDSCPullServer]
VERBOSE: [.]: LCM: [ Start Test ] [[xDSCWebService]PSDSCPullServer]
VERBOSE: [.]: [[xDSCWebService]PSDSCPullServer] Check Ensure
VERBOSE: [.]: [[xDSCWebService]PSDSCPullServer] Check Port
VERBOSE: [.]: [[xDSCWebService]PSDSCPullServer] Check Physical Path property
VERBOSE: [.]: [[xDSCWebService]PSDSCPullServer] Check State
VERBOSE: [.]: [[xDSCWebService]PSDSCPullServer] Get Full Path for Web.config file
VERBOSE: [.]: [[xDSCWebService]PSDSCPullServer] Check ModulePath
VERBOSE: [.]: [[xDSCWebService]PSDSCPullServer] Check ConfigurationPath
VERBOSE: [.]: LCM: [ End Test ] [[xDSCWebService]PSDSCPullServer] in 0.0470 seconds.
VERBOSE: [.]: LCM: [ Skip Set ] [[xDSCWebService]PSDSCPullServer]
VERBOSE: [.]: LCM: [ End Resource ] [[xDSCWebService]PSDSCPullServer]
VERBOSE: [.]: LCM: [ Start Resource ] [[xDSCWebService]PSDSCComplianceServer]
VERBOSE: [.]: LCM: [ Start Test ] [[xDSCWebService]PSDSCComplianceServer]
VERBOSE: [.]: [[xDSCWebService]PSDSCComplianceServer] Check Ensure
VERBOSE: [.]: [[xDSCWebService]PSDSCComplianceServer] Check Port
VERBOSE: [.]: [[xDSCWebService]PSDSCComplianceServer] Check Physical Path property
VERBOSE: [.]: [[xDSCWebService]PSDSCComplianceServer] Check State
VERBOSE: [.]: [[xDSCWebService]PSDSCComplianceServer] Get Full Path for Web.config file
VERBOSE: [.]: LCM: [ End Test ] [[xDSCWebService]PSDSCComplianceServer] in 0.0150 seconds.
VERBOSE: [.]: LCM: [ Skip Set ] [[xDSCWebService]PSDSCComplianceServer]
VERBOSE: [.]: LCM: [ End Resource ] [[xDSCWebService]PSDSCComplianceServer]
VERBOSE: [.]: LCM: [ End Set ]
VERBOSE: [.]: LCM: [ End Set ] in 1.0160 seconds.
VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 1.084 seconds

PS > Start-DscConfiguration .Pull_DscWebService -Wait -Verbose

VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendConfigurationApply,'className' =

MSFT_DSCLocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'.

VERBOSE: An LCM method call arrived from computer . with user sid S-1-5-21-xxxxxxxxxxx.

VERBOSE: [.]: LCM: [ Start Set ]

VERBOSE: [.]: LCM: [ Start Resource ] [[WindowsFeature]DSCServiceFeature]

VERBOSE: [.]: LCM: [ Start Test ] [[WindowsFeature]DSCServiceFeature]

VERBOSE: [.]: [[WindowsFeature]DSCServiceFeature] The operation 'Get-WindowsFeature' started: DSC-Service

VERBOSE: [.]: [[WindowsFeature]DSCServiceFeature] The operation 'Get-WindowsFeature' succeeded: DSC-Service

VERBOSE: [.]: LCM: [ End Test ] [[WindowsFeature]DSCServiceFeature] in 0.6880 seconds.

VERBOSE: [.]: LCM: [ Skip Set ] [[WindowsFeature]DSCServiceFeature]

VERBOSE: [.]: LCM: [ End Resource ] [[WindowsFeature]DSCServiceFeature]

VERBOSE: [.]: LCM: [ Start Resource ] [[xDSCWebService]PSDSCPullServer]

VERBOSE: [.]: LCM: [ Start Test ] [[xDSCWebService]PSDSCPullServer]

VERBOSE: [.]: [[xDSCWebService]PSDSCPullServer] Check Ensure

VERBOSE: [.]: [[xDSCWebService]PSDSCPullServer] Check Port

VERBOSE: [.]: [[xDSCWebService]PSDSCPullServer] Check Physical Path property

VERBOSE: [.]: [[xDSCWebService]PSDSCPullServer] Check State

VERBOSE: [.]: [[xDSCWebService]PSDSCPullServer] Get Full Path for Web.config file

VERBOSE: [.]: [[xDSCWebService]PSDSCPullServer] Check ModulePath

VERBOSE: [.]: [[xDSCWebService]PSDSCPullServer] Check ConfigurationPath

VERBOSE: [.]: LCM: [ End Test ] [[xDSCWebService]PSDSCPullServer] in 0.0470 seconds.

VERBOSE: [.]: LCM: [ Skip Set ] [[xDSCWebService]PSDSCPullServer]

VERBOSE: [.]: LCM: [ End Resource ] [[xDSCWebService]PSDSCPullServer]

VERBOSE: [.]: LCM: [ Start Resource ] [[xDSCWebService]PSDSCComplianceServer]

VERBOSE: [.]: LCM: [ Start Test ] [[xDSCWebService]PSDSCComplianceServer]

VERBOSE: [.]: [[xDSCWebService]PSDSCComplianceServer] Check Ensure

VERBOSE: [.]: [[xDSCWebService]PSDSCComplianceServer] Check Port

VERBOSE: [.]: [[xDSCWebService]PSDSCComplianceServer] Check Physical Path property

VERBOSE: [.]: [[xDSCWebService]PSDSCComplianceServer] Check State

VERBOSE: [.]: [[xDSCWebService]PSDSCComplianceServer] Get Full Path for Web.config file

VERBOSE: [.]: LCM: [ End Test ] [[xDSCWebService]PSDSCComplianceServer] in 0.0150 seconds.

VERBOSE: [.]: LCM: [ Skip Set ] [[xDSCWebService]PSDSCComplianceServer]

VERBOSE: [.]: LCM: [ End Resource ] [[xDSCWebService]PSDSCComplianceServer]

VERBOSE: [.]: LCM: [ End Set ]

VERBOSE: [.]: LCM: [ End Set ] in 1.0160 seconds.

VERBOSE: Operation 'Invoke CimMethod' complete.

VERBOSE: Time taken for configuration job to complete is 1.084 seconds

Test the server by browsing to to configured website http://servername:8080/PSDSCPullServer.svc. If you get a response, the pull server is working.

Now lets add some configuration to deploy in part 2.

TunnelPortRanges and OverloadDefinitions

Just the other day, someone desired to add a tunnelport range to the TMG proxy, but did not know how to.
I found out I needed to set this straight in the TMG array configuration. Luckily there are some tools available which can make the required change in the TMG array configuration. But it is way more fun doing it yourself.
Actually it was quite simple!

First start a PowerShell session and connect to the TMG array configuration (also works with ISA).

$tmg = new-object -comobject fpc.root
$a = $tmg.Arrays | ? { $_.name -eq "ArrayName"}

1 2	$tmg = new-object -comobject fpc.root $a = $tmg.Arrays \| ? { $_.name -eq "ArrayName"}

Then “browse to the WebProxy TunnelportRanges” using [Tab] and “.”, add the configuration and save.

$a.ArrayPolicy.WebProxy.TunnelPortRanges.AddRange("SSL 8443",8443,8443)
$a.ArrayPolicy.WebProxy.TunnelPortRanges.save()

1 2	$a.ArrayPolicy.WebProxy.TunnelPortRanges.AddRange("SSL 8443",8443,8443) $a.ArrayPolicy.WebProxy.TunnelPortRanges.save()

Check the current configuration.

PS> $a.ArrayPolicy.WebProxy.TunnelPortRanges | ft–a

 Name     TunnelLowPort TunnelHighPort
 ---      ------------- --------------
 NNTP               563            563
 SSL                443            443
 SSL 8443          8443           8443

PS> $a.ArrayPolicy.WebProxy.TunnelPortRanges | ft–a

Name TunnelLowPort TunnelHighPort

--- ------------- --------------

NNTP 563 563

SSL 443 443

SSL 8443 8443 8443

You also check the “Change Tracking” in TMG to see if the TunnelPortRange has been added.

I got the question how I found out the correct input for the .AddRange. Although sometimes you got to keep your colleagues in the dark but this one is actually quite easy. It’s called the “OverloadDefinitions”, and it works most of the time:

PS> $a.ArrayPolicy.WebProxy.TunnelPortRanges.AddRange.OverloadDefinitions
 IFPCTunnelPortRange AddRange (string, int, int)

1 2	PS> $a.ArrayPolicy.WebProxy.TunnelPortRanges.AddRange.OverloadDefinitions IFPCTunnelPortRange AddRange (string, int, int)

Just add .overloaddefinitions after a method and it returns some info, some info is better than others. In this case it requires a text input, a number and another number. At least you know the correct input format and it is not hard to figure out the right context of this values.

Easy isn’t it?

…and then the other question of the day. How to remove a TunnelPortRange, because someone made a typing error.

Luckily there is a $a.ArrayPolicy.WebProxy.TunnelPortRanges.remove(“Name of range to remove”)and .save()it again to remove the TunnelPortRange.

Running “cleanmgr.exe” on server 2008

When running out of disk space on Server 2008 you might want to run “cleanmgr.exe”. But it’s not there on Server 2008.

When searching the internet for more info, all returned answers said I’d have to install the “Desktop experience” feature. But I certainly do not want to enable the “desktop experience” feature on a production server. I do not need Windows Mediaplayer, Photoviewer, etc.

I copied “cleanmgr.exe” from a server where the desktop experience feature was enabled to a server which did not have that feature enabled (to the %Systemroot%\System32 folder) and executed the .exe. Nothing happened. Then I searched for a missing .dll but none existed/worked.

Back tot the server with the “Desktop Experience’ feature enabled, ran “Process Explorer” to search for dependencies of “cleanmgr.exe”

And there it is, %systemroot%\System32\en-US\Cleanmgr.exe.mui” among other *.mui’s. Copied “cleanmgr.exe.mui” to the other server (with the already existing “cleanmgr.exe”), started “cleanmgr.exe again, and guess what:

Finally, cleanmgr without installing the “Desktop Experience” feature on server 2008.

WSS v3 Backup retention script

After setting up STSADM.exe to backup my WSS v.3 sites the backup directory did grow daily.

I could not find any way to set some sort of retention on these backups, and got tired of deleting the backups and adjusting the spbrtoc.xml manually. So I wrote my own script.

As a real PowerShell addict this problem had to be solved with PowerShell. Here’s the script.

# Clean-up (old) backup files created by WSS v3 (STSADM.EXE)
 # Created by Marco
 # Tested with PowerShell RTM v1.0# Location of spbrtoc.xml
 $spbrtoc = "E:\Backup\Sharepoint\spbrtoc.xml"
# Days of backup that will be remaining after backup cleanup.
 $days = 5

# Import the Sharepoint backup report xml file
 [xml]$sp = gc $spbrtoc

# Find the old backups in spbrtoc.xml
 $old = $sp.SPBackupRestoreHistory.SPHistoryObject | ? { $_.SPStartTime -lt ((get-date).adddays(-$days)) }
 if ($old -eq $Null) { write-host "No reports of backups older than $days days found in spbrtoc.xml.`nspbrtoc.xml isn't changed and no files are removed.`n" ; break}

# Delete the old backups from the Sharepoint backup report xml file
 $old | % { $sp.SPBackupRestoreHistory.RemoveChild($_) }

# Delete the physical folders in which the old backups were located
 $old | % { Remove-Item $_.SPBackupDirectory -Recurse }

# Save the new Sharepoint backup report xml file
 $sp.Save($spbrtoc)
 Write-host "Backup(s) entries older than $days days are removed from spbrtoc.xml and harddisk."

# Clean-up (old) backup files created by WSS v3 (STSADM.EXE)

# Created by Marco

# Tested with PowerShell RTM v1.0# Location of spbrtoc.xml

$spbrtoc = "E:\Backup\Sharepoint\spbrtoc.xml"

# Days of backup that will be remaining after backup cleanup.

$days = 5

# Import the Sharepoint backup report xml file

[xml]$sp = gc $spbrtoc

# Find the old backups in spbrtoc.xml

$old = $sp.SPBackupRestoreHistory.SPHistoryObject | ? { $_.SPStartTime -lt ((get-date).adddays(-$days)) }

if ($old -eq $Null) { write-host "No reports of backups older than $days days found in spbrtoc.xml.`nspbrtoc.xml isn't changed and no files are removed.`n" ; break}

# Delete the old backups from the Sharepoint backup report xml file

$old | % { $sp.SPBackupRestoreHistory.RemoveChild($_) }

# Delete the physical folders in which the old backups were located

$old | % { Remove-Item $_.SPBackupDirectory -Recurse }

# Save the new Sharepoint backup report xml file

$sp.Save($spbrtoc)

Write-host "Backup(s) entries older than $days days are removed from spbrtoc.xml and harddisk."

This script does:

queries the spbrtoc.xml and finds all backups
deletes old backup entries from spbrtoc.xml
deletes the old backup files from disc
saves the updated spbrtoc.xml.

The result:

Just schedule this script to run after the backup has been made and no more manual deletion of the backup files is needed.

As a real IT Pro, you can now put your feet on the table and drink a relaxing cup of coffee. (Well at least until your boss finds you in this way…)

My blog

Just another WordPress site

PowerShell behind a proxy

Desired State Configuration – part 2

Desired State Configuration

TunnelPortRanges and OverloadDefinitions

Running “cleanmgr.exe” on server 2008

WSS v3 Backup retention script