Lync 2013

Here are the commands to verify that Lync 2013 is replicating the Management store correctly;

Get-CsManagementStoreReplicationStatus

Make sure that both say true;

UpToDate           : True
ReplicaFqdn        : frontend.MyDomain.local
LastStatusReport   : 2/10/2014 3:00:27 PM
LastUpdateCreation : 2/10/2014 3:00:24 PM
ProductVersion     : 5.0.8308.0

UpToDate           : True
ReplicaFqdn        : edge.MyDomain.local
LastStatusReport   : 2/10/2014 3:00:27 PM
LastUpdateCreation : 2/10/2014 3:00:24 PM
ProductVersion     : 5.0.8308.556

You can always start replication with;

Invoke-CsManagementStoreReplication

You can run these commands in the Lync Server Management Shell on the FrontEnd Server.

RIP Replmon

I used to use Replmon to manually replicate my active directory (specifically cross site). Now with Windows 2008, or even 2012 (I didn’t test 2012, I assume it works the same) the replmon application is gone.

Now, most of the time Microsoft replaces nice tools with complicated ones. This time, it’s the opposite. repadmin is a very easy to use tool. I use it to schedule/issue an immediate replication of Active Directory.

repadmin /syncall /A /P /e /d

Repadmin is an awesome replacement for Replmon. Dig into the help documents for the more in-depth options it provides.

VMware Thin Provisioning

If you ever use VMware with thin provisioning you are probably always wondering how much disk each server is actually using. This command gives you an idea on what your disk utilization is by server.

find -iname '*.vmdk' -exec du -h '{}' +

So, if you have SSH enabled on your VMware host,

cd /vmfs/volumes
find -iname '*.vmdk' -exec du -h '{}' +

Take the output, put it in Excel, etc.

Bitlocker won’t encrypt after MBAM GPO is applied

We recently had an issue while testing MBAM (Microsoft BitLocker Administration and Monitoring). We were using VMware Mirage to upgrade the Windows XP clients to Windows 7. We configured MBAM on a Windows 2012 server with all the default, out-of-box settings. We used a very simple GPO to enable encryption (TPM Only). The VMware mirage upgraded the client without any errors. In the MBAM log (Event Viewer -> Applications and Services log -> Microsoft -> MBAM) I noticed an error;

SystemVolume is needed to encrypt the operating system drive.

This seemed logical. Windows XP doesn’t have a System Volume. Mirage only updates the “Current Partition” and doesn’t repartition the drive. So you get a Windows 7 hard drive, with a Windows XP partition style (single partition). Running this command creates a system partition;

%windir%\system32\bdeHdCfg.exe -target default -size 300

It appends the partition at the end of the drive (\Device\HarddiskVolume2). Now, after a reboot, I was getting another error in the event log;

The path specified in the Boot Configuration Data (BCD) for a 
BitLocker Drive Encryption integrity-protected application is 
incorrect. Please verify and correct your BCD settings and try again.

This was a bit more easier to solve with Microsoft Support article 929834. Basiclly you run the following command;

bcdedit -enum all

This will enumerate the boot configuration data store. Look for the following entries and the associated device;

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1

Resume from Hibernate
---------------------
identifier              {xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxx}
device                  partition=C:

Your system obviously will either have an incorrect devices, or the device is blank for the entry. First you will need to identify the system partition. Since this drive isn’t assigned a drive letter, you need to find its device name. There is a handy trick using DD on this website, or if you are feeling lucky, you can guess like I did!

I guessed that my new system partition that I just created was \Device\HarddiskVolume2, so to set the Boot Configuration Data (BCD) for BitLocker, I ran the following commands;

bcdedit -set {bootmgr} device partition=\Device\HarddiskVolume2
bcdedit -set {memdiag} device partition=\Device\HarddiskVolume2
bcdedit -set {xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxx} device partition=C:

As you notice, the long GUID for the identifier on the last line. That should be the identifier from the Resume from Hibernate section that is within the output of “bcdedit -enum all”.

The targets should be;

bootmgr = System Volume
memdiag = System Volume
Memory Tester = Boot Volume

In this case, my Boot Volume was C: and my System Volume was \Device\HarddiskVolume2. Your millage may very…

Cris.