Archive for October, 2015

I installed WDS using PowerShell:

get-windowsfeature wds* | install-windowsfeature

In this post i configured DHCP scope.New client machines will use addresses from this scope.

To configure WDS,from server manager click WDS on the left and right click on server name on the left


In WDS console,rught click on server name and choose configure server


Check intergated with Active Directory


Select location for boot and image files


Because WDS and DHCP are on the same machine,i checked both check-boxes


Decide if you want to respond to computers objects first created in AD (prestaged) or to any computers on which F12 is pressed (unknown)


After you click Next,WDS service will start.Right click again on server name in WDS console,click AD DS tab to choose naming convention and where to store domain joined clients.Because for me domain join didn’t work,these settings weren’t neccessary.


On boot tab,we can set if clients can download boot image from WDS without need to press F12 button


Sysprepping referenced computer

Although i specified domain username/password in xml file,i couldn’t get win 10 to be domain member,i tried many,many times,with no success

Error [0x0b003a] WDS <GetNameInfo failed; status 0x8007276d>[gle=0x0000276d]</>

To overcome this issue i had to add PowerShell script to  c:\windows\setup\scripts folder


After last restart in installation process,Windows will serach for any script in Scripts folder and if find any,it will be executed

SetupComplete.cmd calls jd.ps1 powershell script

powershell.exe -nologo -executionpolicy bypass -noprofile -file "C:\Windows\Setup\Scripts\jd.ps1"

By default,powershell doesn’t allows running custom PS scripts,that’s why we need to bypass it joins computer to domain

$domain = ""
$password = "Mypass" | ConvertTo-SecureString -asPlainText -Force
$username = "$domain\administrator"
$credential = New-Object System.Management.Automation.PSCredential($username,$password)
add-computer -Credential $credential -DomainName $domain -OUPath $ouPath -restart -force

Now we need to capture image from this client computer (so that content of scripts folder can be available to all newly deployed computers)  and upload it to WDS server so it can be available for deployement.We also can install all neccesarry applications needed for users,and adjust system to comply to company policies.I didn’t join reference computer to domain.

SYSPREP is a tool that allows an admin to create a custom install OS image with all the necessary programs preinstalled.

Sysprep is located on %Windir%\System32\Sysprep


SYSPRER removes system-specific information from a Windows image, including the computer security identifier (SID) which allows you to transfer the image to other systems


After you click OK,SYSPRER will remove system-specific info from the system and shutdown it

Creating Capture image

Capture image is type of boot image that we boot a client computer into to capture the operating system as a .wim file.We create capture image from boot image (located in setup DVD in source folder)-the Microsoft Windows Preinstallation Environment (Windows PE) image.

Windows Preinstallation Environment (Windows PE) is a minimal Win32 operating system with limited services, built on the Windows kernel. It is used to prepare a computer for Windows installation, to copy disk images from a network file server, and to initiate Windows Setup.

In WDS console,right click on Boot Image-Add Boot image


browse to install DVD-source folder-and click Next


Right click on just imported boot image and select create capture image


Browse to uploaded boot image (partition set during WDS initial configuration\Boot\X64\Images


Type image and file name


Right click anywhere on the right and choose Add Boot  image


Select image created in previous step


Give it name and click next


Now,power on referenced computer (on which we run Sysprep)  press F12 and choose captured image we’ve just created




In name and location,browse somewhere on C disk and give image descriptive name,check upload image to WDS,
by default ImageGroup1 is created and click next,image of referenced client computer,represented in wim file will be uploaded to WDS.


After upload completes (time depends on client disk size and network bandwith),in WDS console rigtr click
Install image and choose Add install image


Captured image is stored in Images\ImageGroup folder


Now,when we have imported image of client computer,we can create xml file which would ensure automatic Win10

installation.Download Windows Assesement and Deployement Kit to WDS

Select Deployement Tools


In C:\Program Files (x86)\Windows Kits\10\Assesement and Deployement Kit\Deployement Tools\Wsim folder,run imgmgr.exe file


Windows System Image Manager opens,using this tool,we’ll create unattended.xml files needed for automatic Windows 10 installation.

Windows System Image Manager (WSIM) uses Windows image (.wim) files and catalog (.clg) files to display the available components and packages that can be added to an unattended answer file. Windows images and catalog files contain configurable settings that you can modify once the component or package is added to an answer file.

I tried to create catalog file from captured image and WSIM thrown an “unspecified error”,so i used default wim file from Win 10 install media

I had to copy install.wim from DVD to local disk

In WSIM click file-Select windows image


Browse to install.wim (copied from DVD),you’ll be promted to create catalog file

A “catalog” file is a binary file that lists the state of all the settings and packages in a Windows image. When a catalog is created, it queries the Windows image for a list of all the settings in that image


After creating catalog file,click New Answer File


Expand Conponents right click amd64_Microsoft-Windows-International-Core-WinPE_10.0.10240.16384_neutral

and select Pass1 WindowsPE (used in Windows Preinstallation environment)


Here we set Input,System,Language and User locale



Now select Microsoft-Windows-Setup_10.0.10240.16384_neutral and again select Pass 1 WindowsPE


In this stage we configure HDD-partition,label and letter




Under Windows deployement service (part of Microsoft-Windows-Setup_10.0.10240.16384_neutral)we specify image name,image group and wim filename


On which disk and partition to install wim image


And WDS credentials



select amd64_Microsoft-Windows-Shell-Setup_10.0.10240.16384_neutral and choose pass 4 specialize (varius system desktop related settings)

Save xml file to folder where images are stored.

In WDS console,right click on WDS server-Client properties and browse to xml file we just created



<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="windowsPE">
<component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="" xmlns:xsi="">
<component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="" xmlns:xsi="">
<Disk wcm:action="add">
<CreatePartition wcm:action="add">
<ModifyPartition wcm:action="add">
<settings pass="specialize">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="" xmlns:xsi="">
<TimeZone>Central Europe Standard Time</TimeZone>
<cpi:offlineImage cpi:source="wim:c:/users/administrator/desktop/win10.wim#Windows 10 Enterprise" xmlns:cpi="urn:schemas-microsoft-com:cpi" />

Create new XML file

Select amd64_Microsoft-Windows-International-Core_10.0.10240.16384_neutral and choose

pass 7 oobeSystem: In this configuration pass, settings are applied before the LogOn screen appears



Again,select amd64_Microsoft-Windows-Shell-Setup_10.0.10240.16384_neutral and choose

pass 7 oobeSystem


Here you can set Time Zone



Setting Local Admin Account



Save file and assign it to captured image




<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="oobeSystem">
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="" xmlns:xsi="">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="" xmlns:xsi="">
<LocalAccount wcm:action="add">
<Description>machine admin</Description>
<TimeZone>Central Europe Standard Time</TimeZone>
<cpi:offlineImage cpi:source="wim:c:/users/administrator/desktop/win10.wim#Windows 10 Enterprise" xmlns:cpi="urn:schemas-microsoft-com:cpi" />

Fire off workstation and installation should proceed without user intervention

In this blog we’ll set date and time,IP address,hostname (dc) on Windows Server 2016,install AD,DNS and DHCP roles,

and finally add windows 10 client to the domain,all of this will be done using PowerShell commands.

 rename-computer dc -restart

To set date and time:

 Set-Date -date "10/20/2015 22:23"





Setting TCP/IP properties (IP,Network mask,default gateway and DNS server)

get-netadapter | new-netipaddress -ipaddress -prefixlength 24 -defaultgateway"
get-netadapter | new-netipaddress -ipaddress -prefixlength 24 -defaultgateway"
get-netadapter | Set-DNSClientServerAddres -interfacealias "ethernet" -ServerAddresses

In above examples,we set servers ip address to,gateway to and pointed preferred DNS toserver itself (

Installing AD ( and promoting server to domain controller (installing DNS role in process)

Install-ADDSForest -creatednsdelegation:$false -databasepath "c:\windows:\ntds” -domainmode "win2012r2" -domainname "" -domainnetbiosname "TEST" -forestmode "winr2012r2" -installdns:$false -logpath "c:\windows\ntds" -norebootoncompletion:$false -syswolpath "c:\windows\sysvol" -force:$true

Take a look at DNS zone file:

get-dnsserverresourcerecord -zonename ""



Installing and configuring DHCP on domain controller (DC)

install-windows-feature dhcp

Configure DHCP to listen on it’s ethernet interface

get-netadapter | Set-DhcpServerv4Binding -BindingState $true

Authorize DHCP in AD. An unauthorized DHCP server on a network can disrupt network operations by allocating incorrect addresses or configuration options.

Add-DhcpServerInDC -DnsName -IPAddress

Create and activate DHCP scope which will lease addresses in range

add-dhcpserverv4scope -startrange -endrange -subnemask -name "test scope" -state active

Set default gateway and DNS  for DHCP scope

Set-DhcpServerv4OptionValue -ScopeId -Router
Set-DhcpServerv4OptionValue -DnsServer -DnsDomain

Get scope properties:

Get-DhcpServerv4Scope –ComputerName dc | FL *


See leased addresses:

get-dhcpserverv4lease -scopeid


Create OU for win10 client:

New-ADOrganizationalUnit -name "workstations" -path "DC=test,dc=com"

Join win10 client to AD (type this from client computer)

add-computer -domain oupath "ou=workstations,dc=test,dc=com"

Review AD computers:

get-adcomputer -filter * | ft





Replication in WMware vSphere 5.5

Posted: October 14, 2015 in VMWare

VMware vSphere Replication is a hypervisor-based, asynchronous replication solution for vSphere virtual machines. It is fully integrated with VMware vCenter Server and the vSphere Web Client.

vSphere Replication is provided in open virtualization format (OVF) or with a standard vCenter Server installation.OVF consist of vSphere Replication Server and components being used to administer and manage vSphere replications.With vSphere Replication, you can replicate virtual machines from a source datacenter to a target site quickly and efficiently

OVF appliance can be freely downloaded here,with your VMWare account

After downloading,right click your cluster in vSphere Web Client and choose deploy OVF template


Browse to downloaded OVF file and click next


Accept EULA,provide a name,select appliance location,datastore.destination network,IP protocol,if you choose static IP allocation provide DNS,Gateway and subnet mask info and set root passwordReview service binding information and verify that Binding status is OK and click finish.

After successfuly deployement,open console and check if applianced has booted properly:


Restar vCentar server (in my case i restarted vCenter appliance)

After restart click on vCenter Server,click manage tab,you shoud see vSphere replication tab.Click on it,click Replication Servers,you should see replication appliance


In this example we’ll migrate xp VM from one datastore to another.Please,take note that i am doing this in lab environment,in the real world,we would transfer VM to another vCenter server.

Right click on running VM and select AllvSphere Replication Actions-Configure replication


Select replicate to a vCenter Server


Select vCenter server,i used same vCenter server i am logged in,in real time environment we would use another vCenter server.


Select vSphere replication server,which will conduct migration (in this case our OVA imported template)


select datastore on destination vCenter where VM shold be replicated to


Configure replication for VM.With a Recovery Point Objective (RPO) value we determine the maximum data loss that can be tolerated.If we set the RPO to 10 minutes,it means that vSphere Replication can tolerate losing the data for up to 10 minutes.In our example,the latest available replication instance can never be in a state that is older than 10 minutes. A replication instance refers to the state of a virtual machine at the time the replication starts.We can also enable multiple snapshot instances (Point in time instances) .


Click next and finish.

Click on vCenter Server-Monitor-vSphere Replication-outgoing replication


If we want to configure additional recovery point,right click on VM and choose Sync now



Recovering VM

To quickly recover recent version of VM,select vCenter server that vSphere Replication appliance is registered to from left sidebar-Monitor tab-vSphere Replication-incoming replication.

Select powered off VM,right click and choose recovery


Synchronize recent changes-Performs a full synchronization of the virtual machine from the source site to the target site before recovering the virtual machine,only available if the data of the source virtual machine is accessible

Use latest available data- Recovers the virtual machine by using the data from the most recent replication on the target site, without performing synchronization. Use this option if the source virtual machine is inaccessible or if its disks are corrupted.


Power on virtual machine after recovery


This is extension of my prevoius post regrading Check_MK setup

Check_MK server,by default,doesn’t install check_mk agent on windows machines.

In this example we will create Samba share on Check_MK server (folder with Check_MK agent setup),map that share from Windows machine and install it on Windows server.The beauty is that we won’t login in to Windows server at all !!!.

I got valuable support from colleague of mine,Matija Resimic while creating material for this article

We will be using CentOS (Check_MK installed) to accomplish this task.

Creating Samba shares

root@nm- ~]#yum install samba

root@nm- ~]#vi /etc/samba/smb.conf


#======================= Global Settings =====================================




workgroup = MYGROUP

server string = Samba Server Version %v

netbios name = MYSERVER

interfaces = lo eth0

hosts allow = ALL

security = user

map to guest = bad user

Note:/opt/omd/versions/1.20/share/check_mk/agents/windows/ is default path for windows agents,I mapped windows folder.

/opt/omd/versions/1.20/share/check_mk/agents/windows/ is default path for windows agents,I mapped whole folder.



browseable = yes

public = yes

# create mask = 666

# directory mask = 777

valid users = root

writable = yes

guest ok = yes

read only = no

;       valid users = %S

;       valid users = MYDOMAIN\%S

Set samba password for root user:

[root@check_mk build]# smbpasswd -a root

New SMB password:

Restart smb service:

[root@check_mk build]# service smb restart

Always test if you can access Samba share from windows (username root,password mypassword-set by smbpasswd command)


If you have any errors check /var/log/samba/log.smbd

Note:if you’re using firewall,make sure ports 137,138,139 and 445 (TCP and UDP) are opened

Installing Winexe

Using WinExe we can connect to Command Prompt of remote Windows machine and perform any command as if we are sitting in front of windows server

First,install dependencies:

yum update
yum install samba-client
yum install git
yum install gcc
yum install perl
yum install mingw*
yum install libcom_err-devel
yum install popt-devel
yum install zlib-devel
yum install zlib-static
yum install glibc-devel
yum install glibc-static
yum install python-devel
yum install gnutls-devel
yum install libacl-devel
yum install openldap-devel
yum install samba-devel

then download WinExe:

root@nm- ~]#git clone winexe

After executing this command,new folder,winexe will appear,

cd to source folder (inside winexe)

Waf is a python script located at the root of any project directory. It is invoked by calling the script like a shell script.For more info click here

[root@check_mk tmp]# cd winexe/source/
[root@check_mk source]# ./waf configure build


Navigate to folder build:


[root@check_mk build ]# ./winexe --user=\administrator%MyPass // --system 'cmd /c net use X: \\\check_mk MyPassword /USER:root /P:yes & X: & start /wait install_agent.exe /S & net use x: /delete /yes'

We’re connecting to remote windows server with IP username administrator,password MyPass,mapping Samba share as X drive (\\\check_mk) with user root,password MyPassword,then CD into that share (X:),install check_mk agent (start /wait install_agent.exe /S) /S install silently and after installation,delete X share (net use x: /delete /yes)

Note that every of these commands are separated by &

First command:connect to remote Windows machine ( and map share from Samba server ( using username root and password MyPassword and X letter

–user=\administrator%MyPass // –system ‘cmd /c net use X: \\\check_mk MyPassword /USER:root /P:yes

Second command:go into X: share


Third command:install check_mk agent silently:

start /wait install_agent.exe /S

Fourth command,delete Samba share

net use x: /delete /yes’

In this way,we installed check_mk agent on remote Windows server without connecting to it,of course,we need to know server’s IP address and credentials

This post wouldn’t be possible without selfless contribution colleagues of mine,Matija Resimic, and Nikola Markovic

Check_MK is an Open Source extension of the Nagios monitoring system that allows creating rule-based configuration using Python.It allows users to monitor their entire IT infrastructure and spot any problems on monitored host.

Installing Check_MK

Check_MK is installed using Open Monitoring Distribution (OMD).It is a self-contained bundle that includes Nagios together with add-ons for gathering, monitoring, and graphing data.

Red Hat based packages can be found here.

First update your distro

[root@nm- ~]# yum upgrade

install it using rpm –ivh <path to rpm package>

Note:you will be asked for dependencies,so install them first

After successfully installation,create OMD site (in this example I created site named monitor)

[root@nm- ~]# omd create <sitename>

Then restart omd:

[root@nm- ~]# omd restart

Then,in your browser type http://<ip address of check_mk>/<sitename>

Default username:omdadmin,password:omd


The Check_MK screen opens with a dashboard by default,showing all services and server statuses.


Configuring smart host on Check_MK server

If you have no configured mail server on your CentOS machine,Check_mk won’t be able to send messages when errors on monitoring hosts occur.In that case,you either must configure mail server or redirect e-mail messages to smart host (another e-mail server),in our case,we set CentOS to send emails to smart host

Install sendmail:

[root@nm- ~]# yum install sendamail sendamil-cf -y

Go to /etc/mail and open file

Find line SMART_HOST and edit it as follows

define(`SMART_HOST', ‘your-smtp server')

Close file

Now,in terminal,type

root@nm- ~]# m4 >

restart sendamil:

root@nm- ~]#service sendmail restart

Now try to send test mail

root@nm- ~]#mail –s "test"

If you get any issue,check /var/log/maillog for errors

If you want iptables to be running,make sure ports 80,443,25 and 6556-6557 are opened !!!

Configuring OMD

Creating contact groups

Contact groups are needed when creating mail notifications for users.

Contact groups are assigned to users:

From main menu click contact groups


Enter group name and click save

Creating users:

Click users:


Click new user

By default,check_mk creates Administrator user with username omdadmin and password omd


Enter username/password (you can generate random password),add user to contact group,enter e-mail address


Give user desired role (Administrator or Normal monitoring users)


Enable mail notifications for newly created users,when you enable notifications,Check_mk will send messages when problem on monitoring hosts occurs,set notification period and events for which you want to receive mail notifications:


Creating notification time periods

By default,notification period is 24/7,if you wish to customize it,click Time periods in the main menu-left sidebar




This time period can be assigned to users


To activate any changes,click Changes button


And then click Activate changes


Creating Host Tags

Host Tags are useful to describe the monitoring hosts (switch,router,Virtual Server,Physical server….)

In this example,we will create tag for routers

In main menu,click Host Tags


Click new Tag Group



If we want to further divide router tags by Vendor (CISCO and Juniper,for example),click Add tag  and in Tag Id and Description type Cisco,click Add tag choice and enter another category,you can add as much catergories as you want


Adding Monitoring hosts

For better manageability,it’s advisable to first create folder for hosts.In main menu click Hosts


Click new folder


Enter folder name and Click Save & Finish and apply changes.

To modify a folder (enter it in another folder,for example),hover mouse over folder and you’ll get menu


Adding hosts

Click on the folder to enter in it and add hosts:


Enter host name,ip address,add tags,agent types.


To gather data Check_mk uses check_mk agents,which are installed on monitored hosts.By default check_mk agents are installed on linux hosts,but fow windows,agent must be manually installed

The path to agent is:



Simple copy install_Agent.exe to windows host,install it,and check_mk agent will collect data from it

To see all hosts click All hosts in left sidebar



To set tresholds and to exclude service from monitoring click hosts,click on folder with hosts


To edit services for particular host,click pencil icon


Click services:


To set threshold click on marked icon:


Click Create rule in folder (select folder in drop-down list)



To exclude service from monitoring click “X” mark:


Distributed Monitoring

With Distributred monitoring is possible to collect data from remote Check_MK servers.

For example,If we can’t reach hosts (which need to be monitored in remote locations), we can install check_mk server on remote location (where we can add hosts we want to monitor). In that case using master (our local server)-slave (remote Check_MK server) configuration, we can monitor remote hosts from our local server.

To configure Distributed Monitoring you need to create local and remote site. Master site (local network) will push configuration to the slave (remote network), without need to access remote check_mk server (slave). All changes are made on master will be replicated on slave

All configurations for Distributed Monitoring are done on MASTER server! (Check_MK server on our local network).If we have Check_MK server on remote location (,for example),on our local server,we can create local site as per examples bellow:

From main menu click Distribured monitoring-New Connection



Create New Connection for remote location (on Check_MK server)


Save and apply changes

Next,on Distributed Monitoring main page, click login button on slave connection, enter credentials of remote Check_MK server,click save and apply

From now on,when we add new hosts on primary Check_MK server,select remote site from drop-down menu,and they will be hosed on secondary one.


By default,we won’t be able to see graphs of remote hosts on master Check_MK server.To overcome this,in /etc/httpd/conf.d directory  create file multisite_proxy.conf file

(slave in screenshots is used as name of remote OMD instance)

<Location /slave>

RewriteEngine On

RewriteRule ^/.+/slave/(.*)$1 [P]


Restart OMD from terminal (omd restart) and you’ll see graphs of remote hosts on your local Check_MK server.