Manage multiple servers with PowerShell Server Manager

PowerShell Server Manager allows administrators to manage multiple servers, Windows roles and features -- all from a single console.

Administrators for large Microsoft environments that use Windows Server 2008 or higher likely have had to manage Windows roles. Windows Server has roles and features that allow admins to add, remove or modify features by clicking a checkbox. However, clicking checkboxes isn't the most automatic way to manage servers. This is where Windows PowerShellcomes into play.

Windows Server Manager is a graphical user interface (GUI) that creates a single area for managing server identities and system information. The interface allows admins to point and click on various tasks. While this works for environments that have a few one-off servers, it doesn't work for environments with mass deployment of servers. Shifting to the command line can simplify things.

PowerShell has a module calledServerManager that contains useful cmdlets to help the administrator manage roles and features (Figure 1).

PowerShell Server Manager module

In this example, there are two aliases and five actual cmdlets and functions. To be more concise, we will use the cmdlet/function names here. To start, determine all the roles and features available on a given system. To do so, use Get-WindowsFeature.

When you use the Get-WindowsFeature without parameters, it returns all roles and features on a system -- whether or not they are installed. Figure 2 shows a handful of the features available on the test system.

An example of some the Get-WindowsFeature options

To get only the features that are currently installed, use the Where-Objectcmdlet (Figure 3).

The Where-Object cmdlet calls up installed features

What do you do when installing a new Windows feature? You can use theInstall-WindowsFeature. For example, if I want to install the SNMP service on my local machine, I’d use the Install-WindowsFeature cmdlet with the Name parameter. The feature has been successfully installed (Figure 5).

The SNMP service is installed

When removing features, use the Remove-WindowsFeature cmdlet. You can remove features just as easily as you can install them using the same parameter name of Name (Figure 6).

Remove Windows features using the Remove-WindowsFeature cmdlet

The UI notes that you must restart the server to finish removing a feature. If you’re using this in a script, you might not want to do that manually. TheInstall-WindowsFeature and Remove-WindowsFeature have Remove parameters that you can use in case the server automatically restarts (if it needs to) after running each cmdlet.

This is fine if you have a single server, but manually keying this in for several servers would be similar to doing it through Server Manager. Using PowerShell's remoting feature, admins can use the ComputerName parameter to point the task at any remote computer (Figure 7).

Use the ComputerName parameter to point to the task at any remote computer.

What if you want to install a Windows feature on 100 servers? This isn't a problem if you have them in a text file. If you have a CSV file with a header of ServerName -- and all the names of the servers under that -- you can read this CSV file with PowerShell’s Import-Csv cmdlet and start any Windows feature cmdlet.

Import-Csv C:\Servers.csv | foreach { Install-WindowsFeature -Name 'SNMP-Service' -ComputerName $_.ServerName }

This command would read every server name from the CSV and install the SNMP service on each computer at once.

Courtesy: AdamBertram

Troubleshoot Windows Server file copy errors

Copying large files to a Windows Server file share can sometimes fail. Performance Monitor or PowerShell commands can help find and fix file copy errors.

Server Message Block file shares have existed for long enough that they are generally stable and reliable. However, some administrators have found that copying large files from a Windows 7 or Windows 8 client computer to a Windows Server file share can result in erratic -- and sometimes problematic -- behavior.

The first step in resolving file copy errors is to recognize what type of behavior occurs by design and what behavior indicates a problem. In Windows 7, it is usually easy to distinguish between normal file-copy behavior and problematic behavior. But due to the way the Windows 8 buffering process works, it can sometimes appear as though there are problems when none exist.

When copying a file to a remote file share, Windows 8 uses a memory buffer. It reads a portion of the file into memory, and then writes it to the file share. With smaller files, this technique results in very fast file copy operations. With larger files, the file copy process initially goes very quickly and then slows to a crawl (Figure A).

Figure A: When copying a large file in Windows 8 to a file share on the network, the transfer will start fast then slow significantly.

If the file being copied is not excessively large, then the behavior in Figure A will continue until the copy finishes. For larger files -- or computers with smaller buffers -- the copy operation will occur in spurts. Large chunks of data will be copied, with periods of little to no activity in between. These slowdowns occur as the operating system flushes and then repopulates the buffer (Figure B).

Figure B: In some cases, the file copy process may vary in speed.

Neither of the conditions shown in Figure A and Figure B indicates a problem. This is normal behavior for Windows 8.1. However, in some cases, the file copy process may time out, resulting in an error message (Figure C).

Figure C: In some cases, the copy will fail when the time-out period expires.

This problem only seems to occur when copying very large -- 10 GB and larger -- files. The error message in Figure C is "Error 0x80070079: The semaphore timeout period has expired." This general error can be hard to diagnose. The error can occur with Windows 7, Windows 8 and possibly other versions of Windows. It can be caused by the Windows desktop, Windows Server or the network connecting the two.

Check the server logs

Begin the troubleshooting process by checking the server's event logs. While this error may not generate an event in the log, you may spot something else that could contribute to the time-out.

Next, check if the server or the workstation is causing the problem. Although the Performance Monitor can help, subjective tests are just as effective. Start a large file copy that is likely to produce an error, and then test the responsiveness of the server and the desktop. Can you play a video on the desktop? Can you write files from another desktop to the server while the file copy process is going on? In most cases, you will probably find that the desktop remains responsive, but that the server's performance decreases dramatically.

Use PowerShell for a further diagnosis

If you isolate the problem to the server, then you will need to work to find the exact cause of the problem. The issue is almost always related to a storage bottleneck or network bottleneck. These bottlenecks can be the result of a poorly designed configuration or a health problem. Run the following twoPowerShell commands on your file server:

Get-PhysicalDisk

Get-PhysicalDisk | Get-StorageReliabilityCounter | Select-Object ReadErrorsTotal, WriteErrorsTotal, Temperature

These commands will show whether the disks in your server are healthy, and whether or not any read or write errors are occurring. Sometimes, the file-copy time-out error occurs because of an unhealthy disk that cannot keep pace with the I/O requests.

It is also a good idea to review how the server's physical network adapters are being used, especially if the file server is a virtual machine. Imagine that a host server has a single NIC team that it uses for all traffic. Virtualization-related operations, such as live migrations and replication operations, can steal bandwidth from user sessions and cause file copy operations to time out.

If you are not immediately able to solve the file copy errors, then you might be able to temporarily work around the issue by using a dedicated file-copy utility, such as Robocopy, rather than the operating system's built-in copy functionality.

Courtesy: Brien Posey

Use a PowerShell script to force logoff an RDP session

When end users remain logged in to an RDP session, it consumes valuable resources. Use this PowerShell script to force users to log off.

It's not a new problem: An end user logs in to a Windows server using Remote Desktop Protocol and then forgets to log off. When a session remains open, it continues to consume resources on the server unnecessarily. There's a PowerShell script you can use to force end users to log off and free up those resources.

To begin a force logoff of a user'sRemote Desktop Protocol (RDP) session, an admin must first query all the Remote Desktop Services' (RDS) server sessions on the machine and check their status. After detecting all disconnected services, the next step is the force logoff.

Download the free PowerShell module called PSTerminalServicesand ensure it's available in your PowerShell. All the installation instructions are on the PSTerminalServices site.

The first step I'll take with this module is to see if I can get all of the active sessions on my lab server -- HYPERV (Figure 1).

Get-TSSession -ComputerName HYPERV

Currently, I only have a couple sessions in a disconnected state. So, I'm seeing all of the sessions, but I only want to see those that are disconnected. To do that, I'll add the State parameter (Figure 2).

Get-TSSession -ComputerName HYPERV -State Disconnected

This is helpful, but there's still a problem. Session 0 is not an RDP session, and there’s no way to remove that from the result with Get-TSSession. I'll use Where-Object to remove that session as well (Figure 3).

Get-TSSession -ComputerName HYPERV -State Disconnected | where { $_.SessionID -ne 0 }

Now, I can view all of the sessions I want to stop. Next, I just need to kill these sessions. To do this, the PSTerminalServices module has a Stop-TSSession cmdlet. This cmdlet does exactly what you think it does -- it kills the session (Figure 4).

Get-TSSession -ComputerName HYPERV -State Disconnected | where {$_.SessionID -ne 0} | Stop-TSSession

The Stop-TSSession cmdlet forcefully logs off a session, which might cause end users to lose their work, so it prompts the admin. I could just hit "A" here and move on, but sometimes admins don't want to be prompted. If you plan to include this in a larger script, a prompt will break the script. The best bet is to remove that confirmation.

The Stop-TSSession cmdlet has a common PowerShell parameter, called –Force, which allows admins to perform the action without any confirmation.

Get-TSSession -ComputerName HYPERV -State Disconnected | where {$_.SessionID -ne 0} | Stop-TSSession -Force

If you receive no output, the session was logged off successfully.

Courtesy: Adam Bertram

Microsoft Scale-Out File Server definition

Microsoft Scale-Out File Server is an active-active clustered storage feature based on Server Message Block (SMB) 3.0 to provide continuous availability of file shares in Windows Server. 

Scale-Out File Server was introduced in Windows Server 2012 and is designed for use as a file share for server application data, such as Microsoft Hyper-V virtual machines (VMs) and SQL Server. The file shares are available at the same time on all nodes in the cluster. The active-active feature keeps data on the file share available despite downtime on a node either for maintenance or from a failure.

Scale-Out File Server uses the total bandwidth of the cluster nodes to deliver data. Administrators can boost bandwidth by adding more nodes to the cluster. Scale-Out File Server optimizes traffic by providing automatic rebalancing of connections to provide the fastest route to the file share.

 Courtesy: Margaret Rouse

How Windows Server 2012 can solve Windows failover cluster headaches

In Windows Server 2012, Microsoft tried to smooth out some major Active Directory bumps in failover clusters. Did it fix what's bothering you?

Like it or not, Active Directory is a vital component of Windows Failover Clusters and can adversely affect its stability. Have you ever experienced the dreaded NETLOGON event, indicating that no domain controllers could be contacted, so your cluster fails to start? How about being unable to create a cluster or virtual servers due to restrictive organizational unit permissions? Microsoft has recognized these and other common AD problems and made significant efforts to fix these shortcomings in Windows Server 2012.

Cluster startup without Active Directory

Perhaps one of the most catastrophic events a cluster can face is when it can't contact adomain controller (DC) during formation. A different scenario leading to this same problem occurs when you attempt to virtualize your DCs as virtual machines in a Windows failover cluster. The cluster must contact a DC to start, but the virtual DC can't start until the cluster does. This reliance on AD for a cluster to form has been eliminated in Windows Server 2012.

You'll need to create a Windows Server 2012 cluster by contacting a DC and storing its authentication data in AD, along with any cluster members, for this function to work. Then existing clusters can start up without having to first contact a DC for authentication. Prior to Windows Server 2012, cluster startup was supported, although not recommended, to run the AD Services role on cluster members to make them more resilient to AD connectivity issues. It is no longer necessary, nor is it supported to run domain controllers as cluster nodes as Microsoft documents in KB 281662.

Flexible OU administration

Another AD shortcoming that has been addressed in Windows Server 2012 is the ability to specify in which organizational units (OU) the computer objects for the cluster will be created. In the past, when a cluster was created, the Cluster Name Object (CNO) was created in the default Computers container in the OU where the cluster members reside. This prevented admins from delegating control to specific OUs for the purpose of managing Failover Clusters without going through painful prestaging efforts.

In Windows Server 2012, both the Create Cluster Wizard and the PowerShellcmdlet New-Cluster allow you to specify in which OU the CNO will be created. In addition, any Virtual Computer Objects (VCO) for the network names associated with highly available cluster roles will be created in the same OU. The user account that creates the cluster must have the Create Computer Objects permission in the specified OU. In turn, the newly created CNO must have Create Computer Objects permission to create VCOs. You can move all these computer objects to a different OU at any point -- without disrupting the cluster. Keep in mind the custom OU must be created before you create your cluster.

Unfortunately, the syntax for specifying a particular OU where the CNO should be created isn't intuitive in the Create Cluster Wizard or the corresponding PowerShell New-Cluster cmdlet. The Create Cluster Wizard will create appropriate syntax for specifying the distinguished name of the cluster, along with the OU where it will reside. In our example, the name of the cluster is Win2012Clus1, and its CNO will be created in theClusterServers OU in the fictitious Winners.com domain (Figure 1).

Using the Create Cluster Wizard to specify a custom OU for cluster AD computer objects.

Next, look at the syntax for creating a cluster using the PowerShell New-Cluster cmdlet. In this example, the command creates a cluster with the name Win2012Cluster1, placing the CNO in the ClusterServers OU in the fictitious domain using a static IP address of 192.168.0.252 (Figure 2).

Use the New-Cluster PowerShell cmdlet to create a cluster specifying a custom OU.

After you create the Windows failover cluster, use Active Directory Users and Computers to view and manage the new CNO placed in the custom OU called ClusterServers (Figure 3). Any new cluster roles that are configured will create their VCO in the same OU.

Using Active Directory Users and Computers to view the Cluster Name Object (CNO).

Additional cluster and Active Directory enhancements

With Windows Server 2012, you can have a failover cluster located in a remote branch office or behind a DMZ with a Read-Only Domain Controller (RODC). While the CNO and VCOs must be created beforehand on a RWDC as described by Microsoft, the server supports the configuration.

Finally, AD Cluster computer objects are now created with the Protect Object from Accidental Deletion flag to ensure automated stale object scripts don't delete them. If the account that creates the cluster doesn't have this right for the OU, it will still create the object, but won't protect it from accidental deletion. A system event ID 1222 will be logged to alert you, and you can follow Microsoft KB 2770582 to fix the issue.

Microsoft has taken several steps in Windows Server 2012 to address the AD pitfalls that Windows failover clusters have endured over the years. Some of the top integration enhancements include booting clusters without AD, more flexible OU administration, support for clusters in Branch Offices and DMZs with RODCs and protecting cluster AD objects from deletion.

 Courtesy: Bruce Mackenzie-Low