Windows

Anything concerning Windows be it Windows client operating system, Windows Server operating system, Windows Mobile, Windows Phone and more.

License Types with Automatic Virtual Machine Activation

A couple of weeks ago, I posted an article on how to use Automatic Virtual Machine Activation (AVMA) with Windows Server 2012 R2 and Hyper-V. I wanted to follow this up with a brief note on license types Microsoft provide and how they seem to work with AVMA.

In production environments you will be using keys purchased through either a Select, Volume License or other commercial agreement and in test and development, you may well be using keys from MSDN or TechNet according to how you operate.

It appears through some testing I did that AVMA only works with operating system media and license keys obtained through volume license channels and that for operating system source media downloaded from TechNet or MSDN that the AVMA client key will not be accepted as a valid one. This is especially worth noting if you are using VMM to automate the deployment of a virtual machine onto Hyper-V as the result will be that steps in the VMM virtual machine creation process will fail after the Customizing Virtual Machine phase. Connecting to the newly spawned VM with either the Connect via Console option in VMM or from Hyper-V Manager will reveal the machine is stuck at the license key entry step of the operating system OOBE process.

If you are using a single VMM instance to manage your production and testing and development clouds and guest workloads and you plan on using AVMA for virtual machine activation that you will need to have provisioned separate virtual machine templates and Guest OS Profiles in your VMM library for your various environments using the respective media from TechNet, MSDN or volume license to be able to properly compete an automated VMM virtual machine deployment.

Automatic Virtual Machine Activation with Windows Server 2012 R2

Previously, I have posted articles on updates released for KMS host to allow you to volume activate Windows 8.1 and Windows Server 2012 R2 and Windows 8 and Windows Server 2012. These have been two of my most popular posts so volume licensing and activation is clearly something people need and want to know about.

To help celebrate Valentines Day, I thought I would share some more licensing love with you all and introduce a new feature in Windows Server 2012 R2 called Automatic Virtual Machine Activation (AVMA). This new feature allows customers using Windows Server 2012 R2 Hyper-V virtualization and Windows Server 2012 R2 guest operating systems running as Hyper-V virtual machines to activate their guest operating systems not with a KMS host as normal but instead, by using the Hypervisor.

In essence, your Hyper-V server becomes your KMS host for your virtual machines. This allows you to keep, track and record all of your virtual machine licensing in your virtual environment. This is also great for hosters or companies running internal private clouds where you may have an infrastructure network consisting of an Active Directory Domain Services domain and KMS host for your servers but not for your customer servers, virtual guests on the Hyper-V servers which have no access to your hosting infrastructure.

The requirements for AVMA to work are as follows:

  • Windows Server 2012 R2 Server with the Hyper-V role installed
  • Windows Server Datacenter license applied to the Hyper-V host (either by a network KMS host or a MAK key)
  • Windows Server 2012 R2 guest operating system
  • Data Exchange Integration Service is enabled for the virtual guest

License the Hyper-V Host Server

If your environment is licensed using a Windows KMS host, you can enter the command cscript slmgr.vbs -ipk W3GGN-FT8W3-Y4M27-J84CP-Q3VJ9 to install the Windows Server 2012 R2 Datacenter KMS client key on the Hyper-V host. If you are using MAK keys for single activations then use the command cscript slmgr.vbs -ipk XXXXX-XXXXX-XXXXX-XXXXX-XXXXX and replace the X’s with your MAK key for Windows Server 2012 R2 Datacenter. If you use KMS licensing, please bear in mind that this KMS activation needs to be renewed quite frequently so the KMS host needs to remain on the network and online.

To verify the license status of the Hyper-V host server, you can use the command cscript slmgr.vbs -dlv to display the current license type and the activation status.

License the Virtual Guest Server

Manual Virtual Guest Activation

Once your host server is activated, you can start doing guest activations from the Hyper-V host server. To do this manually, enter the command cscript slmgr.vbs -ipk YYYYY-YYYYY-YYYYY-YYYYY-YYYYY and replace the Y’s with one of the follows AVMA client keys according to your guest operating system edition.

Windows Server 2012 R2 Datacenter Y4TGP-NPTV9-HTC2H-7MGQ3-DV4TV
Windows Server 2012 R2 Standard DBGBW-NPF86-BJVTX-K3WKJ-MTB6V
Windows Server 2012 R2 Essentials K2XGM-NMBT3-2R6Q8-WF2FK-P36R2

Once this is done, entering the command cscript slmgr.vbs -dlv will show you that the description for the licensing activation is Windows(R) Operating System, VIRTUAL_MACHINE_ACTIVATION and the Hyper-V hostname which performed the activation for the guest will be displayed further down the output.

Automated New Virtual Guest Activation

If you are in a new build greenfield environment then you can use the AVMA client keys shown above as part of your operating system build and deployment process. You can do this in a number of way such as manually as part of a GUI driven Windows Server 2012 R2 installation, via an unattend.xml file incorporated on your installation media be it manual, via Windows Deployment Services (WDS), System Center Configuration Manager (SCCM) Operating System Deployment or using the AVMA client key on a sysprep virtual machine template. If you are maximizing your investment in Hyper-V and Windows Server, you can use this license key in your System Center Virtual Machine Manager (SCVMM) VM Templates and Guest OS Profiles.

Automated Existing Virtual Guest Activation

If you’ve got existing virtual machines running Windows Server 2012 R2 that you want to move from KMS or MAK to AVMA licensing but you don’t want to do it manually either because you have too many systems to touch or because you want it done in a consistent and automated fashion then my colleague Craig Taylor has written a post on how he used the Windows Task Scheduler to deliver a single run task onto all of the virtual machines in a VMM managed environment to update the key and activate the machines. You can read Craig’s post over on his blog at Remote activation of Windows Server Licensing via PowerShell (sort of).

Unknown VMBUS Devices in Device Manager

If you deploy AVMA licensing into your environment, you may want to have a look at this post by Aidan Finn who has come across an issue whereby Unknown Device (VMBUS) appears in the Device Manager for some Windows Server 2012 R2 machines. There’s nothing to worry about as this is a byproduct of the AVMA process but something you will probably want to be aware of. His post is at KB2925727 – Unknown Device (VMBUS) In Device Manager In Virtual Machine For WS2012 R2 AVMA.

RSA SecurID Software Token for Windows Phone

After waiting and wanting for several years since the start of the Windows Phone operating system era, it looks like EMC (nee RSA) have finally decided that Windows Phone is worth it’s salt as a platform and released an app. The page on the EMC/RSA site which led me to the discovery is at http://www.emc.com/security/rsa-securid/rsa-securid-software-authenticators/ms-windows.htm.

I was actually on the site looking for a download of the Windows client app for the RSA SecurID but my eyes caught glance of an image in the bottom left of the page (screenshot below). The image on the site clearly depicted a Windows Phone (although the image actually a screenshot of the Windows Phone emulator) which left me intruiged.

RSA SecurID for Windows Phone

Excited about the prospect of finally getting the RSA SecurID app for Windows Phone (yes, I am a sad individual), I looked at the Windows Phone Store and sure enough, there is an RSA app there at http://www.windowsphone.com/en-gb/store/app/rsa-securid/5bb8f454-7a2f-4818-b3fb-2570fe7e2f6a. The date and time stamp on the store listing suggests that version 1.0.0.0 was published to the store on the 19th December 2012, but I’m sure this is wrong because I’ve definatly looked for the RSA SecurID app in the last three to six month period and found nothing. The app description states that it is supporting Windows Phone 7.5 and Windows Phone 8 so there’s good news for owners of Windows Phone handsets which don’t run the latest edition.

I’m pretty suprised that there hasn’t been more noise about this from Microsoft as having this app on Windows Phone opens the platform up to a lot more business customers to whom their RSA powered VPN is mission critical.

Roaming Profiles and Windows 8.1 SkyDrive App

When I updated my PC sometime ago from Windows 8 to Windows 8.1, I encountered an issue where the SkyDrive app and all of the operating system SkyDrive integration ceased to work. It took me quite some time to get to the bottom of it, but the issue stems from the fact that I use a roaming profile, stored on my Windows Server 2012 Essentials R2 server to allow me to get a consistent experience across my home devices.

The cause of the issue was a multiple factor one but it stems from the fact that the SkyDrive app in Windows 8.1 makes assumptions about the current configuration of your PC rather than provisioning everything properly. If you’ve got issues with the SkyDrive app or integration, check the following steps and hopefully this will resolve your issues too.

Force Close the SkyDrive App

Before doing anything else, we need to force the SkyDrive app to close. Right-click the taskbar and select Task Manager. In the running application list in Task Manager, if SkyDrive is shown, right-click it and select the End Task option to forcibly close it completely.

Updating Group Policy

If you are using group policy to control your roaming profiles then this is the first place to check. I have been making useof the Exclude directories in roaming profile User Policy setting to prevent large folders which I’m happy to remain only on my primary computer from roaming onto my other secondary devices.

Group Policy Exclude Directories in Roaming Profile

I use this policy setting to exclude the Downloads, Music, Videos and Pictures directories from roaming into the profile. The reason for this is that I also do not use Folder Redirection for these folders. As the folders are not redirected, Windows will try to by default include them in the roaming profile and with ~30GB of family pictures, that would make for one seriously large profile. Specify multiple folders in this setting by separating them with a semi-colon. I’ve also added the legacy Windows XP folder names here for backward compatibility.

When you use the SkyDrive app in Windows 8.1, it creates a folder in your profile called SkyDrive. This folder will by default attempt to become part of your roaming profile which we obviously don’t want to happen. I’ve also added the folder Dropbox to this exclusion in the event that anyone else in my household tries to use Dropbox and to save their profile from the pain.

My Exclude directories in roaming profile setting is now “Downloads;My Music;Music;My Pictures;Pictures;My Videos;Videos;Dropbox;Skydrive” but your values for this may well vary.

Delete Old SkyDrive Folders from the Profile

When the SkyDrive app has a rough time of it, it creates additional directories. The primary directory is called SkyDrive but failed attempts to sync end up in directories named SkyDrive (x).old where X denotes an ever incrementing number. I had about 50 of these. Delete the SkyDrive directory and any SkyDrive (x).old directories.

Check the SkyDrive UserFolder Registry Key

SkyDrive App Registry Settings

The SkyDrive app uses a registry key to determine the folder in use for syncing and this value needs to be correct otherwise nothing will ever sync. Open regedit and browse to HKEY_CURRENT_USERSOFTWAREMicrosoftSkyDrive. Here you will find a REG_SZ string value called UserFolder. The path here should match the folder path to your user profile. You can cross check this either by browsing the %SystemDrive%Users path or to the %UserProfile% path.

Set the SkyDrive App Attribute in the Registry

This, the final part is actually the most pivotal. The SkyDrive app requires the presence of a registry key to function but the team at Microsoft who made the app didn’t think that someone might be logging onto the PC with a profile built from a previous version of Windows and therefore the required key wouldn’t exist. Ideally the app should check and if this key doesn’t exist, it should create it itself.

Open regedit and browse to HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExplorerCLSID{8E74D236-7F35-4720-B138-1FED0B85EA75}ShellFolder. In this key, right-click in the main area and select New followed by DWORD (32-bit) Value.

SkyDrive App Shell Folder Registry

Name the DWORD value Attributes and set it’s value to 0 (zero).

Launch the SkyDrive App

Once you’ve done all the above, launch the SkyDrive app from the Start screen in Windows 8.1. If you have a lot of files in SkyDrive, you will need to be pretty patient and even if you only have a handful of files, still don’t be too impatient as the app is essentially provisioning for the first time now. After a short delay, you should see all your files and folders appear. Using Windows Explorer at the desktop, you will also now see your SkyDrive files start to sync into the %UserProfile%SkyDrive folder.

SkyDrive App Syncing

Failed Windows Server 2012 Essentials R2 Azure Backup Integration

Just before Christmas, I upgraded my Windows Server 2012 Essentials server at home to Windows Server 2012 Essentials R2. After re-deploying the server as R2, I re-configured my Windows Azure Backup and my Office 365 Integration. Since re-configuring the Windows Azure Backup, I’ve been having a problem with the integration with the Windows Server 2012 Essentials R2 Dashboard.

The Windows Azure Backup Integration is dependant on two things: The Windows Azure Backup Agent (cbengine) and the Windows Azure Backup Integration Service  (WSS_OnlineBackupProviderSvc). The Windows Azure Backup Integration Service is dependant on the Windows Azure Backup Agent.

With both services started, launching the Dashboard and accessing the Online Backup tab is empty reporting No Data.

Windows Server 2012 Essentials R2 Dashboard Online Backup No Data

When this occurred, I observed that the Windows Azure Backup Integration Service would stop after launching the Dashboard. Restarting the service and the Dashboard did nothing except cause the service to crash again. This crash could be observed in the Application Event Log as follows:

Error .NET Runtime Event ID 1026

Application: OnlineBackupProvider.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.NullReferenceException

Stack:

at Microsoft.WindowsServerSolutions.DataProtection.OnlineBackup.OnlineBackupJob.Equals(Microsoft.WindowsServerSolutions.DataProtection.OnlineBackup.OnlineBackupJob)

at Microsoft.WindowsServerSolutions.DataProtection.OnlineBackup.OnlineBackupProviderCore+<>c__DisplayClass46`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].<GetOnlineBackupObjectUpdateList>b__44(System.__Canon)

at System.Linq.Enumerable.FirstOrDefault[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Collections.Generic.IEnumerable`1<System.__Canon>, System.Func`2<System.__Canon,Boolean>)

at Microsoft.WindowsServerSolutions.DataProtection.OnlineBackup.OnlineBackupProviderCore.GetOnlineBackupObjectUpdateList[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Collections.Generic.List`1<System.__Canon>, System.Collections.Generic.List`1<System.__Canon>)

at Microsoft.WindowsServerSolutions.DataProtection.OnlineBackup.OnlineBackupProviderCore.UpdateOnlineBackupData()

at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()

at System.Threading.ThreadPoolWorkQueue.Dispatch()

Searching online for the issue turned up nothing, so I decided to report the issue on the TechNet community forum (http://social.technet.microsoft.com/Forums/en-US/eb718279-3da9-4544-9e0f-50b0ba440ef5/windows-azure-backup-integration-service-fails?forum=winserveressentials) and Pan Chen from Microsoft turned up with an unexpected answer.

The Windows Azure Backup Agent logs the status of backups and their success or failure to a separate event log in Applications and Services LogsCloudBackupOperational. Pan believed that an unexpected or corrupt event log entry was preventing the integration service from reading this event log properly.

I cleared the log file, restarted the Windows Azure Backup Integration Service and re-launched the Dashboard, and after some delay, presumably while the Dashboard pulled new data from the Azure Backup Agent, I am now able to see the status data in the Dashboard.

My personal feeling is that a bad event log entry shouldn’t cause this integration to fail, but suffice to say, it looks like it does.

Repairing the DirectAccess Group Policy WMI Filters

When you configure your first DirectAccess server in an Active Directory domain, the wizard will automatically create for you two Group Policy Objects. One of these policies applies to the DirectAccess servers and the other to the DirectAccess clients. I’m in the process of setting this up on my Windows Server 2012 R2 Essentials server so my server is latest and greatest as far as operating system version goes and even to date, it appears that the WMI Filter created for the Group Policy Object has not been updated.

Here is the WMI Filter in it’s default state:

SELECT * FROM Win32_ComputerSystem WHERE PCSystemType = 2
SELECT * FROM Win32_OperatingSystem WHERE (ProductType = 3) OR (Version LIKE ‘6.2%’ AND (OperatingSystemSKU = 4 OR OperatingSystemSKU = 27 OR OperatingSystemSKU = 72 OR OperatingSystemSKU = 84)) OR (Version LIKE ‘6.1%’ AND (OperatingSystemSKU = 4 OR OperatingSystemSKU = 27 OR OperatingSystemSKU = 70 OR OperatingSystemSKU = 1 OR OperatingSystemSKU = 28 OR OperatingSystemSKU = 71))

As you can see, that’s a pretty long filter, one which is going to take some time to enumerate on a client. Secondly, the filter only calls out Version 6.1 and 6.2 which like a previous post I wrote about the problems with the WMI Filter in the Windows Server 2012 Essentials Client GPO WMI Filter, it excludes Windows 8.1 (Version 6.3).

These aren’t the only problems though. ProductType = 3 means server (per MSDN WMI Win32_OperatingSystem guidance at http://msdn.microsoft.com/en-us/library/aa394239(v=vs.85).aspx) which means that the policy will never apply to a client machine as intended. The OperatingSystemSKU filter section means that this policy is valid for all sorts of crazy product SKUs that we just aren’t interested in (a full list of SKUs can be found at http://techontip.wordpress.com/tag/operatingsystemsku/).

I’ve modified this query down so that it will apply to Windows 7 and upwards instead of explicit versions and also simplified it so that it only applies to the SKUs that we might actually be interested in.

Simply clear out the current filter and replace it with the following:

SELECT * FROM Win32_ComputerSystem WHERE PCSystemType = “2”
SELECT * FROM Win32_OperatingSystem WHERE (ProductType = “1” AND Version >= “6.1%”) AND (OperatingSystemSKU = “4” OR OperatingSystemSKU = “27”)

Now, the policy will apply to computers of class PCSystemType 2 which defines a mobile computer, ProductType 1 which defines a workstation device, Version 6.1 or higher covering Windows 7 and onwards and lastly, defines OperatingSystemSKU as 4 or 27 which singles out Enterprise and Enterprise N editions of Windows client operating systems.

The Case of Remote Desktop Services Random Disconnections

If you are running Windows Server 2008 R2 servers and you find yourself randomly being disconnected from RDS (Remote Desktop Services) sessions on your servers, or sometimes find your servers completely inaccessible you could be impacted by an issue as a result of servicing order (AKA, the order in which you install Windows Updates). The issue effects servers running Windows Server 2008 R2 with Service Pack 1 and with KB2667402 (Update for Terminal Service Denial of Service Vulnerability).

This is something I thought I had written about already as it effected us in a big way at work due to the way in which our virtual machine images were compiled but it seems actually, I hadn’t.

In Windows Server 2008 R2 RTM, the file version of the rdpcorekmts.dll file in Windows Server 2008 R2 RTM is 6.1.7600.16952. In Windows Server 2008 R2 with Service Pack 1, the file version of the rdpcorekmts.dll file is 6.1.7601.17767 and the file version of the rdpcorekmts.dll file after installing KB2667402 is 6.1.7601.17828.

If as a result of servicing order, you installed the KB2667402 update prior to installing Windows Server 2008 R2 Service Pack 1, the file version of rdpcorekmts.dll is downgraded from the KB2667402 version number to the SP1 version number and the hotfix is in essence removed. This causes the Remote Desktop Services service to fail and terminate itself repeatedly as the service believes that there is an attempt to modify it’s files occurring and as a failsafe, shuts down remote access.

In order to resolve the issue, Microsoft re-released KB2667402 as KB2667402v2 which allows you to re-install the update after an installation of Service Pack 1 to bring the file version back up to 6.1.7601.17828 and to allow the Remote Desktop Services service to work again as normal. Trying to re-install the original release of KB2667402 will result in a message that the update is already installed and does not apply to this computer.

You can download the version 2 release of the update from the Microsoft Download Center at http://www.microsoft.com/en-us/download/details.aspx?id=29169. The update is 327KB and requests a reboot, however you can install the update and delay the restart by simply manually restarting the Remote Desktop Services service. You should still restart the server at some point in time though as the pending reboot will block operations such as installation of roles and features.

Deploying Windows Server 2012 Primary Computer Setting

For companies (or homes) using roaming profiles and folder redirection, Microsoft gave you are great new feature in Windows Server 2012 called Primary Computer. This feature hasn’t been talked about that much although it really should have been. The Primary Computer feature allows you to define the primary computer for a user in Active Directory on a user object. Once applied to a user account it prevents the distribution of their roaming profile on non-primary devices and for folder redirection, disables the ability to sync the folders with Offline Files for non-primary devices.

So What is the Benefit

This is ideal for several reasons. Firstly, it helps to reduce profile corruption for roaming profile users when roaming between machines which may be running different versions of Windows or different architectures. Also for roaming profile users, it greatly improves logon and logoff times for non-primary devices. If a user is logging on to a kiosk computer for example, they don’t need their roaming profile and they probably just want to access a service or application quickly so why wait for it? For users of folder redirection, this means that the user is able to access their files when the computer is on the network and can access the file share resource which hosts those redirected folders, but they are non cached using Offline Files. For the business, this is a great security benefit as it means that somebody logging on to a temporary machine isn’t going to be caching all of those files, files which they could potentially leave on the train or in an aeroplane overhead locker. For laptops which typically have small hard disk capacities this is useful for both roaming profile and folder redirection scenarios as it means that you aren’t pulling down potentially gigabytes of data to the local machine clogging up the disk.

Implementing Primary Devices Using Active Directory Administration Center

First, launch the Active Directory Administrative Center and navigate your OU structure to find the computer object for the computer that you want to make primary for a given user, or if you already know the machine name, use the search feature to locate it.

Primary Computer Finding Distinguished Name

From the computer account object, scroll down to the bottom of the view and select the Attribute Editor tab. Scroll through the list of attributes to find the distinguishedName attribute and select the View button to show the full DN.

Primary Computer Copy Distinguished Name

On the String Attribute Editor, right click the pre-highlighted text and select the Copy option from the context menu. Cancel out of the Attribute Editor and cancel out of the computer object view.

With the DN of the computer now in the clipboard, find the user that you want to make this the primary computer for either by searching or again, navigating your OU structure.

Primary Computer Set User msDS-PrimaryComputer

On the user account, do as we did with the computer account a moment ago, scroll down and select the Attribute Editor tab. Scroll through the list of attributes until you locate the msDS-PrimaryComputer attribute then click the Edit button. Right-click in Value to Add box and select Paste from the context menu to paste in the DN of the computer then select the Add button.

Click OK to close the Multi-Valued String Editor dialog then click OK to exit out of the user account properties. Your work here is done.

Implementing Primary Devices Using PowerShell

Out of the box, there is actually no neat way of implementing Primary Devices using PowerShell. To do it, we have to plug a few Cmdlets together. Firstly, get the attributes for the computer and store them in an object. $Computer = Get-ADComputer Computer1 (where Computer1 is the name of the computer). Next, we map the computer that we just stored in the $Computer object to the user. Set-ADUser User1 -Add @{‘msDS-PrimaryComputer’ = “$Computer”} (where User1 is the name of the user). With those two Cmdlets out of the way, the partnership between the user and the computer should now be done, but we can verify this with the following Cmdlet. Get-ADUser User1 -Properties msDS-PrimaryComputer

Configuring Folder Redirection and Roaming Profiles

Now that we’ve setup Primary Computer attributes for some users, it would probably be a good idea if our Group Policy settings for Roaming Profile and Folder Redirection actually honoured these settings and only transferred out the data to the users’ primary computers. The setting for Folder Redirection is available as both a User Setting and a Computer Setting in Group Policy whereas the Roaming Profile setting is only available as a Computer Setting. Because of the fact you can’t apply both of these policy settings from a single policy if you decide to use user targeting, my advice is to apply this as a computer policy. It makes good sense to keep these two settings together as it means you can see that you are applying the Primary Computer setting to both roaming profiles and folder redirection in one view and it means you can give your Group Policy Object a meaningful name like Primary Computer Roaming Settings or the like.

From the Group Policy Management Console, navigate to the Computer Configuration > Administrative Templates > System. From the System node, you will find the Folder Redirection and User Profiles nodes.

Inside the Folder Redirection node, enable the Redirect folders on primary computers only policy setting. Inside the User Profiles node, enable the Download roaming profiles on primary computers only setting.

Storage Spaces Inaccessible After Windows Server 2012 R2 Upgrade

Windows Server 2012 R2 has some nice new features and improvements on existing features for users of Storage Spaces so there is a definite appeal for users of Windows Server 2012 to want to upgrade to Windows Server 2012 R2.  If you opt to do an in-place upgrade to preserve your existing Storage Spaces so that you can get your service up and running with the hope of being able to use them straight off the bat in Windows Server 2012 R2, you may encounter an error Read-only by user action and you need to perform some corrective steps to use them again.

Storage Space Read-Only User Action

This is what your Storage Spaces may look like if you open the Storage Spaces control panel item after the upgrade. As you can see, the spaces are in-tact and will report all of the space names and capacity from prior to the upgrade but instead of being online as you are used to seeing, you instead have this information icon and a message alongside the pool capacity indicator Read-only by user action. This is a built in protection feature of Windows Server 2012 R2 which takes your Storage Spaces offline by default after an upgrade. We just simply need to bring them online to use them. This is very similar to how in Windows Server 2003, a disk connected from an external system from a software RAID set could be marked as Foreign and the configuration of the disk needs to be imported first.

Changing the Storage Pool Status to Read/Write

To do this, open an administrative PowerShell prompt. At PowerShell, enter the two Cmdlets as follows:

Get-StoragePool | Where-Object {$_.IsReadOnly -eq $True} | Set-StoragePool -IsReadOnly $False
Get-VirtualDisk | Where-Object {$_.IsManualAttach -eq $True} | Set-VirtualDisk -IsManualAttach $False

If you forget to elevate the PowerShell prompt by running it as an administrator you will get access denied responses to the two Cmdlets as you aren’t running the Cmdlets with your administrative rights. Simply close PowerShell and re-open it by right-clicking and using the Run as Administrator option.

Bring the Storage Spaces Online

Once you’ve entered the Cmdlets above, returning to the Storage Spaces control panel applet now, you will see the information shown has updated.

Storage Space Offline by Policy

As you can see, the Storage Spaces are now reporting their status as OK but they are marked as Offline by Policy. To change this and to bring the Storage Spaces online, simply click the Bring Online option next to each Storage Space and it will be brought online and granted a drive letter.

Check, Verify and Reminder

It’s important to note here that the drive letter assigned will be the next free letter and not perhaps, the drive letter that you used on the previous installation of Windows Server 2012. If you have a requirement for the Storage Space to be on a particular letter then you will need to go into the Properties of the individual spaces after it has been brought online and change the letter.

It’s also good to remember that any file shares you had on these Storage Spaces may be un-shared through the upgrade process so you should check the existence of your shares either by using the Properties on the drive or folder which you needed to be shared or by using the Share and Storage Management administrative console.

Once you’ve got your Storage Spaces all brought online after the actions above, you should be looking like normality again as shown below.

Storage Space Online Normal

Hopefully someone out there finds this useful and it saves at least a few hair extractions from taking place after a Windows Server 2012 to Windows Server 2012 R2 in-place upgrade. Now it’s time to go and enjoy those new features.

KMS Activating Windows 8.1 and Server 2012 R2

With each new release of Windows client and server operating systems nowadays, comes an update required to allow your on premise KMS host to activate those new operating system servers and clients using volume license activation.

After the general availability on Windows 8.1 Enterprise client and Windows Server 2012 R2, Microsoft released the update for KMS host for Windows Server 2008, 2008 R2 and 2012 to allow these down level operating systems to activate the latest and greatest.

You can get the download for the update from http://support.microsoft.com/kb/2885698. Installation of the update requires a KMS Host restart and you will need to obtain a new KMS Host key from your Microsoft Volume License Center account. Instructions for applying the new key with slmgr.vbs is given on the link above.

Windows 8.1 and Windows Server 2012 R2 use the KMS Client key by default after installation so you shouldn’t need to change anything to get your clients activated, but in case you need them, the KMS Client keys for all operating systems supporting KMS are available from http://technet.microsoft.com/en-us/library/jj612867.aspx.