Windows 10 is here | Let’s Celebrate

I’ve been playing with computers since first grade. I started with MS-DOS and used all Windows Operating systems to-date and today marks “a day of Celebration” for all those geeks like me around the world. The newest operating system from Microsoft, Windows 10 is now generally available starting from yesterday.

Guess what! If you have a legitimate copy of Windows 7, Windows 8 or Windows 8.1 OS (any edition) in any of your devices, you are eligible for a free upgrade to the same edition of Windows 10 till 29th July 2016. Let’s see some deployment options for Windows 10 as more information will arrive as the OS hits retail stores.

Fresh Installation

For those who have access to a MSDN subscription can now download all editions of Windows 10 as an ISO and install from scratch with an activation key. News is the OS will hit the Volume Licensing Portal on 1st of August.

No MSDN? Use the ISO Media Download tool

You can use the all new ISO Media creation tool to download the ISO version and installation bits of Windows 10. This tool lets you to download Windows 10 bits and create a bookable USB or an ISO file to use in another computer.

Win 10 ISO Media Tool 1

Not all editions are eligible for this deployment method. You’ll have to use Volume Licensing Portal or MSDN downloads if you need to get an Enterprise edition ISO.

Win 10 ISO Media Tool 2

Win 10 ISO Media Tool 3

Force Update for users reserved their upgrade

Some of you may have already reserved your upgrade to Windows 10 using the upgrade app released last month. But tired of endless waiting although it says “notify you when ready”. This is because Windows 10 release is planned to roll out via couple of waves starting from July 29th. Don’t worry there is a work around.

Windows 10 Update App 1

  1. Go to C:\Windows\SoftwareDistribution\Download > Select all the files and press SHIFT + DELETE. Now your Windows Update cache is clear.Windows 10 Update App 2
  2. Open command prompt as admin and type wuauclt.exe /updatenow to force Check updates in your system.
  3. Now if you check Windows Updates it should start checking for updates, again type wuauclt.exe /detectnow to get your free upgrade detected.
  4. For users who get’s their updates through WSUS (only if you can check updates from Internet as well) can use wuauclt.exe /resetauthorization /detectnow to expire the WSUS cookie, initiate detection, and have WSUS update computer group membership. This cookie contains information about your WSUS environment which you need to temporary reset.
  5. Sit back and relax until updates are downloaded and your PC is upgraded. Do keep in mind the golden rule of upgrade. BACKUP EVERYTHING YOU WANT FIRST.

I had to activate Windows 10 with an activation key as I’ve upgraded from Windows 8.1 x64 Professional to Windows 10 x64 Enterprise. If you are upgrading to the same edition (i.e 7 Pro> 10 Pro) you don’t have to worry about entering an activation key EVER. YES IT TOTALLY FREE.

Let’s welcome to the OS of the century, Windows 10.

Ninja Cat T-REX

CSV Access Redirected in Hyper-V Cluster

I’ve been working with Hyper-V for quite sometime. During a recent Hyper-V Cluster deployment that myself and my colleague Hasitha Willarachchi (Enterprise Client Managament MVP) were working with, we have come across an issue which was really interesting to troubleshoot.

For some odd reason one of three Cluster Disks in a 3-Node Hyper-V 2012 R2 Cluster was in Redirected Access status.

CSV GFI Filter 1

When we were going through the cluster event noticed a bunch of 5125 Events complaining about an active system filter driver which is not compatible with CSV. Basically the I/O access to that volume has been redirected through another Hyper-V Node.

CSV GFI Filter 2

We tried changing the ownership of the particular CSV to another node, followed by trying to Turn off the Restricted Access Mode by right clicking the CSV and selecting that option. Changing the ownership was no success and for our surprise the operation to turn off the redirected access mode always failed with Set Operation Failed error.

After doing some research we decided to check up the CSV state and what are the active system filters in that particular volume. So we decided to run below commands in the current node owning the CSV.

CSV GFI Filter 3

We noticed a filter called esecdrv60 was having a frame value of Legacy. The nest command confirms that in all three nodes the CSV access is redirected. Then we immediately checked rest of the nodes with fltmc instances command and found out that same legacy filter was present there as well.

The Culprit aka GFI EndPoint Security

esecdrv60 filter actually belongs to GFI EndPoint Security software, which was installed and running in all three Hyper-V nodes. This software was pushed through it’s default policies and somehow Hyper-V cluster was not excluded in deployment list.

CSV GFI Filter 4

Uninstalling GFI was not possible locally so therefore we worked with GFI administrator to uninstall the software from all three hosts. Remember uninstalling GFI  requires a reboot and therefore we had to live migrate all the VMs and reboot one server at a time.

After uninstalling GFI and rebooting  all three hosts executed fltmc instances again to see whether GFI legacy filters were present or not. As you can see below all legacy filters were gone and CSV was back to normal operation mode without any error.

CSV GFI Filter 5

Following references were really helpful to identify and rectify the issue.

  1. Troubleshooting ‘Redirected Access’ on a Cluster Shared Volume (CSV)
  2. Cluster Shared Volume Diagnostics

Network Discovery Rule Failure in SCOM 2012 R2

Although most of my time is now spent on Azure, I love and work on SCOM the best monitoring platform that I’ve ever worked with. Some can say it’s noisy but that’s not true if you know how to tune your SCOM deployment. In a recent adventure I’ve come across another SCOM mystery which is I’m going to tell you how to solve today.

I’ve got a SCOM deployment where there are two management servers and one database server; all part of the same management group. The second management server was implemented solely for the purpose of network device monitoring. For those who know Microsoft does recommend to have a separate management server for that.

First things first, I’ve created a Network Discovery Rule targeting the second management server to be the one that actually does the discovery. If you do not know how to do that you can refer this TechNet article.

The Problem

Though the Network Discovery rules creation was successful I noticed that the rule status is always IDLE and discovers nothing even though I tried to manually run it couple of times. I did all I could possibly fathom restarting services/management servers, recreating the rules, hell even deleting the management pack itself (unsealed management pack  Microsoft.SystemCenter.NetworkDiscovery.Internal which stores the discovery rule) and re-importing. The weirdest thing is if I recreate a rule selecting the first management server I scan discover the network devices but not with the second server. I noticed below error in the second management server’s event log.

SCOM Network Discovery Failure 1Seems like the management server was having trouble with updating the network discovery script and yes obviously I’ve tried it after 3600 seconds like they say. 😉

The Solution

The regular Google search led me to two invaluable posts one from my fellow MVP colleague Daniele Grandini and the other one from TechNet which explained the exact same issue I’ve faced. As Daniele’s post explains it nicely there are couple of events that you can notice in case of a successful or unsuccessful discovery of network devices. But still after performing the steps on both articles I was still at ground zero with no results.

For those who are familiar with my friend & MVP colleague Tao Yang, one of the SCOM Gurus we have in this part of the world know how he does his magic with management packs. Tao has come across the same issue in the past when he was helping out a friend, and he suggested a nice little trick that I’ve missed.

The Trick

Tao suggested to flush the health service state and cache of the ill management server. Now this is one last hope of beacon for us SCOM admins which will perform below tasks.

  1. Stops the System Center Management service.
  2. Deletes the health service store files.
  3. Resets the state of the agent, including all rules, monitors, outgoing data, and cached management packs.
  4. Starts the System Center Management service.

This task leaves no reference to itself as it deletes the cached data in the health service store files, including the record of this task itself.

All you have to do is follow 1>2>3>4 as per below screenshot.

SCOM Network Discovery Failure 2

Now that I’ve done so, I’ve created a brand new network discovery rule for the second management server and let it run for the first time and wait. It did really worked and all I could see was the devices that are discovered with much joy.

SCOM Network Discovery Failure 4

Now looking back at the event log I could see the traces of a successful network discovery.

SCOM Network Discovery Failure 3 revised

Now let’s hear a big round of applause for Master Tao Yang the hero that saved my day.

Connect Windows 10 Devices to Azure AD | Part 2

In my last post I explained how to join a Windows 10 device to Azure AD. Now it’s time to check how we can enforce organizational policies to same. Before that let me logoff from my standard user account and come back to log on prompt.

Win10 Join Azure AD 12You can see that my organizational account is displayed in the log on screen. After I have logged in it will take some time to setup the Apps and will test your patience (lol kidding). Notice that in-between this time you will be prompted to accept security policies enforced by your Azure AD tenant. Click Enforce these policies button to accept.Win10 Join Azure AD 10Now to test the functionality once logged in I’m going to launch the default Mail application. Voilà! my Office 365 e-mail account is already configured there.Win10 Join Azure AD 13Since my Office 365 Azure AD tenant has been on-boarded to my Azure account I can actually inspect the the devices that I have enrolled. For that I’m going to view the properties of that particular user.Win10 Join Azure AD 11Okay well where are those security polices I talked about. By default when you enroll a Windows 10 device policies such as password expiration will be provided by Azure AD. But if you need more granular control like device sweep, selective wipe, full wipe you’ll have to integrate Microsoft Intune with it. My office 365 E3 tenant already has MDM capability enabled with Intune. Therefore I can modify policies as I want from Office 365 Admin center.Win10 Join Azure AD 14Although it may seem a long shot Microsoft’s ultimate goal is to enable mobility for all users. I think this will be a huge leap assisting that vision.

Connect Windows 10 Devices to Azure AD | Part 1

Windows 10 is getting launched within next two weeks. Did you know that SMEs can get rid of their on-premise AD if they are just using it for authentication and compliance (Well Azure AD cannot replace group policies still)? Today I’m going to explore the Azure AD join feature that we have with Windows 10. I’m using a Windows 10 Insider Preview 10622 build for this.


  • Azure AD Tenant – If you are using Office 365 or has an Azure subscription you already have an Azure AD tenant or can create one.
  • Windows 10 Insider Preview installed PC – The latest release would do.
  • Check wither your Azure AD tenant is allowed to enroll devices. You can check this from Azure Portal as below. Note that this feature is still in preview.Win10 Join Azure AD 09

Now let’s take a look at how we can achieve this.

  1. In your Windows 10 device, go to Settings section. There you see and option Join or Leave Azure AD. Remember to check the device is activated or not first.Win10 Join Azure AD 01
  2. It will redirect to System properties window. You can see my device is in workgroup. Now I’m  going to select Join Azure AD.Win10 Join Azure AD 02
  3. Click Continue in the authorization page.Win10 Join Azure AD 03
  4. I’m going to use my Office 365 Azure AD tenant for this task. Notice that if you have AAD premium enabled you can see your custom logo as well.Win10 Join Azure AD 04
  5. Click Join when it prompts for verification.Win10 Join Azure AD 05
  6. Now it will take about 10 minutes for the device enrollment to complete.Win10 Join Azure AD 06
  7. If all is set you can click Finish.Win10 Join Azure AD 07
  8. When I check the System properties I can see that my device is joined to my Office 365 Azure AD tenant.Win10 Join Azure AD 08Now that you have successfully joined the PC to Azure AD in the next post let’s see how we can enforce your existing security policies to this device.

Health Explorer missing in SCOM Console

During a recent adventure to SCOM world I’ve faced one of the strangest of issues.

I installed the SCOM console to a Windows 8 Professional x64 laptop for a customer and the console seems to be fully functional but right clicking any alert and selecting Open > Health Explorer didn’t seem to be working. Below are the steps that I immediately did to check the issue.

  • Installed the same console in a Windows 8.1 x64 PC and there was nothing wrong with it.
  • Checked whether the Operations Console UR was updated. On both PCs console has been upgraded with UR4 to match the UR version in Management Servers.
  • Checked the logs and found out nothing out of the ordinary.
  • Checked out the regular devil .NET Framework compatibility. According to MSFT SCOM supports below .NET versions.
System Center 2012 R2 component .NET 3.5 SP1 .NET 4 .NET 4.5 .NET 4.5.1
Operations Manager Management Server
Operations Manager Data Warehouse Management Server
Operations Manager Gateway Server
Operations Manager Web Console
Operations Manager Reporting Server
Operations Manager Operations Console

An MVP friend of mine Dieter Wijckmans suggested one important check that I missed.

Clearing the SCOM console cache

You can always clear the OpsMgr cache if things go awol in the console. To do that enter below in a Run window.

“C:\Program Files\Microsoft System Center 2012 R2\Operations Manager\Console\Microsoft.EnterpriseManagement.Monitoring.Console.exe” /clearcache

The /clearcache option will clear the cache and re-opens the SCOM console.

This small step saved many hours of troubleshooting for me.