I just wanna learn!


Microsoft MVP… times 8!

It’s that time of the year again (although, a bit earlier than previous years).

I’m proud and grateful that I’ve got one more Microsoft Most Valuable Professional (MVP) award in the Cloud and Datacenter Management area!

Microsoft Most Valuable Professional (MVP)

Eight years… it’s a lot (and yes – I’m feelin’ a bit older, few grays here and there, but they say it’s actually “wisdom”, so... it’s fine)! 🙂

I would once again like to thank the nice people at Microsoft and everyone who continuously supports me – my family and friends, my colleagues and the community! And now… it’s time to continue – there is so much to learn, experience & to share! 🙂


Filed under: Other No Comments

Citrix NetScaler 12 – CLI upgrade helps

There is a new and shiny NetScaler version available – version 12! Smile

All the news and docs are available here, and you can download the latest bits from here. But, I will not write about them now – there is something else I would like to share.

Unlike with other (minor) upgrades, upgrading to this version… well, there were some “challenges”. If you have used Citrix NetScaler before, it has its nice and simple GUI, through which you can do many things… one of them being a system upgrade.

Upgrade process by using GUI is pretty straight-forward:

  • download the latest firmware from Citrix website (.tgz file)
  • login to the appliance and save current configuration
  • if you are using virtual appliances, you can also do a snapshot or checkpoint (depending on the virtualization platform you are using)
  • go to System System Upgrade and select the firmware file and click Upgrade


  • when installation completes, reboot the appliance
  • enjoy your shiny, new NetScaler 12 (upgraded in just 6 steps)! Smile

And now about “the other way”… Smile

As I’ve observed, upgrade option through GUI was not working (for me) in any of the major browsers (Chrome, Firefox, Edge or even Internet Explorer) – upload of firmware finishes and then… nothing really happens. Strange, but… it’s just my luck. No big deal! Smile

What helped in my case:

  • download the latest firmware from Citrix website (.tgz file)
  • use PuTTY to establish SSH connection to your appliance
  • run save config to save all the changes you have made to your existing configuration (but maybe forgot to save it before Smile)
  • if you are using virtual appliances, you can also do a snapshot or checkpoint (depending on the virtualization platform you are using)
  • type in shell (to enter the shell, where we will work with files)
  • create a folder for the new version (I have simply called it 12, as in /var/nsinstall/12/, where I will upload the new firmware)
  • use PSCP (PuTTy Secure Copy Client), also a free command-line utility to copy firmware to the appliance, inside the newly created folder:


  • go back to PuTTy and extract the contents of this firmware:

  • once extracted, run the ./installns command, which will actually do the upgrade (something that was never triggered in my GUI upgrade attempts, obviously Smile)
  • when installation completes, reboot the appliance


  • enjoy your shiny, new NetScaler 12 (upgraded in just 11 steps)! Smile



For a longer, better explained… and official version, please check the Citrix docs, available here.

Note that nothing really changes in your usual upgrade routine – those steps are just in case you have trouble with the GUI, as I did (if your GUI works normally, with your browser, use it).

Hope it helps!



Scheduling a PowerShell script… with arguments

Let’s say that you have a neat PowerShell script, which you want to run on some kind of a schedule (a script which will collect some data and send you an e-mail, every day in the same hour… ‘til the end of time – maybe this one) – how can you do it? Smile

The answer is simple. Yes, there is a tool included with Windows operating system, which can help you… and it’s called… well – Task Scheduler. Smile

And… if you never used the Task Scheduler in Windows, maybe this is the time to start.

It’s a rather simple tool – you click through a simple wizard, select what you need (a program) and when you need it, and you’ve created a scheduled task.


OK… so, I can run a program? What about a PowerShell script?

The real question here is “Who/what will run my PowerShell script?”. And then, the answer is simple – the PowerShell engine.

This means that your “program” is powershell.exe. This also means that in your scheduled task you should enter something like this:


(note the full path to powershell.exe – C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe)

Now we have a scheduled task which will start PowerShell in designated time, every single day. Usually, this is not enough, and we need to add some arguments to the command running (like the path to the script we want to execute).


(argument field in this case contains -Command "& 'C:\Scripts\Get-HyperVReport.ps1'"be really careful about the single/double quotes here!)

Configured like this, our scheduled task will execute the following command:

Two remaining things that we have to check is to have our Get-HyperVReport.ps1 script saved in C:\Scripts and that user, under whom this task is running, has the appropriate permissions to run it. Also, if task should be running unnatended (usually it should), make sure to configure it so.

One other thing that may be useful – with this script, we need to specify some additional parameters (like ClusterName or if it will send us an e-mail when completed). In this case, we can easily add the required parameters to the arguments field, like this:


(argument field in this case contains -Command "& 'C:\Scripts\Get-HyperVReport.ps1' -ClusterName MyCluster -SendMail $true -SMTPServer -MailFrom -MailTo")

The whole command is then:

Hope this helps!


P.S. One other other thing (yes, it’s written twice… live with it Smile) that can be useful – you can also use PowerShell to create scheduled task which will run this PowerShell script (instead of using “the lame wizard”). Pssst… take a look at the New-ScheduledTask command. Winking smile

P.P.S. You can also make use of Adam's function, which will make your life easier - Thanks, Adam!


How PowerShell keeps my photo collection neat

As I love taking photos, sometimes it might be difficult to keep my photo collection “neat”. My camera is set to save every photo in two formats (one for editing, and another one for “long term storage”, as I like to say Smile) – .ARW and .JPG.

When I come home from a “photo trip”, I go through the photos taken and delete the ones I don’t really like. As I need to delete both copies, sometimes it happens that I forgot to delete .JPG or .ARW file of the same photo (which leads to “inconsistencies” in my collection… which is not “neat” Smile).

To overcome this, I’ve come up with a solution – a simple PowerShell script to check if there are any .ARW files which are missing it’s corresponding .JPG file (basically, I’m looking for files sharing the same name, but with different extension):

So, output will be something like this (with right arrow in results meaning that I have .ARW files for which I don’t have the corresponding .JPG file, which further means that I’ve deleted the .JPG file which I didn’t like and now I need to delete .ARW as well):


Arrow on the left side means that I have .JPG files for which I don’t have the corresponding .ARW file. No results will mean that I have the files in sync – for each .ARW file, there is a corresponding .JPG file.

Next step will be to tweak the script and probably automate the deletion process. For now, I’m satisfied with PowerShell providing me info about the duplicates and deleting the files manually. Smile



Updates and Recommendations not working in SCOM 2016

Not so long ago, there was a thread about this issue on TechNet Forums – long story short, in some cases (if you didn’t do a clean installation of System Center 2016 – Operations Manager, for example), the shiny, new feature called Updates and Recommendations didn’t work.

Even better – there was a rather cryptic error saying “An error occurred while displaying the Updates and Recommendations view. This might be because the database query has encountered an error…”.


So… it looks that maybe the database query has indeed “encountered an error”.

What can we do to make sure and resolve this?

As the user Chandra Bose suggested, we can look for duplicates in our imported management packs… and maybe we will be smarter then.

PowerShell command we can use:

This will list our imported management packs and their versions, and we can start looking for duplicate(s).


In my case, there were some – some of them were the two management packs called Microsoft.SystemCenter.WebApplicationSolutions.Library.Resources.*.

To get a better look on those two, we can use the following command:

And the output looks like this:




This shows that we really have two “duplicate” management packs in our SCOM database, one installed in 2013, and another in 2014 (why? and how? don’t really matter Smile). We need to remove one, obviously.

For that, we can use the following command (by using the Id property from previous command):

And, if there are no more duplicates, our Updates and Recommendations view should work now:


Hope this helps.



Basic SharePoint load balancing

I’ve recently created a simple lab which gave me some answers around load balancing a SharePoint 2016 farm with SSL offloading.

To start, I’ve created a couple of virtual servers (on top of my “supercool home Windows Server 2016 Hyper-V PC” Smile) – a domain controller, a SQL server and two SharePoint servers. I’ve also downloaded a KEMP LoadMaster appliance (there is also a free one here, which would have been just enough for this lab) and prepared my DigiCert wildcard certificate (there is no need for the wildcard option, but this is the one I already have, so I’ve decided to use it).

So… I’ve prepared a domain controller, joined all the other servers to the domain and then installed SQL Server 2016. After that, on SharePoint servers, I’ve ran a preparation wizard and created a new SharePoint farm from the first node… with second node joining to it later. At the end, I’ve done the “Farm configuration” wizard and was all set to do the load balancing part. (And yes – I know that clicking “Next” is lame, but… it works. Smile)

The networking configuration for this lab is pretty simple. I have two VLANs – 111 (backend, where all the servers are residing) and VLAN 101 (frontend, where my LB virtual servers are).

I’ve created a new virtual machine for the load balancer, attached it to the two mentioned networks and also added the virtual disk downloaded from KEMP’s website.


After that, I’ve done the initial configuration wizard of LoadMaster which is actually straight-forward (setting the password, IP addresses, and importing a certificate afterwards).

With this done, we can create our virtual service(s) – there is actually a great guide for configuring the SharePoint load balancing virtual servers with KEMP LoadMaster.

I’ve used the following basic (manual) settings for my virtual service:


HINT: When troubleshooting load balancing – make sure that you have only one node behind the balancer… it makes things so much easier to troubleshoot! Smile

One last thing that wasn’t working with this “Next, Next, Next…” configuration was the Alternate Access Mappings (AAM) part – to be able to access a SharePoint farm over HTTPS and a public name, AAM should “know about it”. There is a great guide about AAM available – make sure you read it.

Default AAM settings for my farm were:


After (a lot) of troubleshooting and research, they were changed to this:


And… that’s it – it works! Smile

My totally awesome SharePoint 2016 site, located behind a load balancer and published with a trusted certificate (with SSL session terminating on my virtual KEMP load balancer), was alive:


To conclude - in all the configuration that was done, setting the AAM right was something that gave me most of the headache (load balancing/redirections not working right, troubleshooting what’s happening, etc.). Pay special attention to it! Once you figure it out, you’re done. Smile



NetScaler, XenMobile and SSL certificates

So, you’ve finally decided to make yourself "a small Citrix lab" (XenMobile and NetScaler), but you’re having trouble with getting all the certificates in place. Fear not, I’m here to help!

Installing the SSL certificates for NetScaler is relatively simple, but still… some steps are easily forgotten and then… you need to troubleshoot. Smile

Steps to install the SSL certificate for NetScaler (correctly) are:

  1. Install the server certificate (for example, certificate for The easiest way is to use .PFX certificate file, and you can install it through Traffic Management – SSL – Certificates – Server Certificates.
  2. Install the issuing and root CA’s certificates (.PEM files are OK) through Traffic Management – SSL – Certificates – CA Certificates.
  3. Create link (right click – Link) between the server certificate and issuing CA’s certificate.
  4. Create link (right click – Link) between the issuing CA’s certificate and root CA’s certificate.
  5. Check the certificate links on issuing CA’s certificate (right click – Certificate links). There should be two – one linking the server certificate, another the root certificate.
  6. Select the imported certificate for NetScaler Gateway usage.
  7. Select the imported certificate for (SSL) virtual servers as well. If you’re using NetScaler appliances in HA mode, force synchronization.
  8. Check if certificates are installed properly (for example, by opening the MAM interface with your browser – or
  9. Check if certificate chain is in order as well –

For XenMobile Server, there is some preparation work to do, to get it all right. Basically, you’ll need to combine all the (.PEM) certificate files into one, upload that to XenMobile Server, and restart.

Steps are:

  1. Combine individual (.PEM) certificate files (server, issuing and root CA) into one .PEM file by following instructions on this DigiCert site (you can use Notepad to achieve this). Your final .PEM file should look like this:
  2. -----BEGIN CERTIFICATE-----
    (server_certificate.pem content)
    -----END CERTIFICATE-----

    (issuing_ca_certificate.pem content)
    -----END CERTIFICATE-----

    (root_ca_certificate.pem content)
    -----END CERTIFICATE-----

  3. Upload the combined (.PEM) certificate file to XenMobile Server.
  4. Restart all the XenMobile Server nodes (one by one).
  5. Check if nodes picked up the certificate change (for example, by opening the XenMobile Server management interface with your browser – https://{node's_IP_address}:4443).
  6. Check if certificate chain is in order as well –

And… that’s it!

Oh, yeah – in case you’ve been living under a rock… don’t use the SHA-1 certificates anymore… they are obsolete now (info). Smile



Windows Update, Windows Server 2016 and proxy

The dumbest thing… you are installing your brand new Windows Server 2016 machines and then you realize that Windows Update doesn’t work. It just gets stuck on Checking for updates/Downloading updates… for days.


Of course, you have some sort of proxy on your network, and you start troubleshooting this issue by testing on a proxy-free network… and without proxy, Windows Update works just as it should!

So, the next logical next step is to blame “those networking guys”, because updating your machine works fine, when not behind their “fancy proxy thing”.

But no.

You will soon realize that you have some “old” Windows Server 2012 R2 (or even Windows 10) machines, which are updating just fine… even through the “fancy proxy thing”.

And then you start asking yourself why.

You are checking the configuration of older machines by opening up Internet Explorer and double-checking proxy settings… and then you make sure that your new machines are having the same configuration – they have. Then you are just confused. It’s not networking, it’s not proxy settings… what could it be???

Still a bit confused, you have a great idea to check system proxy settings by running netsh winhttp show proxy – on older machines you’ll probably see something like this (which is probably OK, because you’ve just seen the Proxy Settings in IE, which are set to correct values):


So, you’re (naturally) configuring new machines accordingly. Still doesn’t work.

What next?

You can do further reading & testing, but the thing that helped in our case was setting the system (winhttp) proxy with netsh command, so that it actually imports IE proxy settings.

Basically, you need to run netsh winhttp import proxy source=ie (after you’ve set the right proxy settings through IE dialog, of course) or set your system proxy by using the netsh winhttp set proxy command.

After that, Windows Update starts working again!

So, remember – when using Windows Server 2016, set your system proxy settings by using the netsh command and everything will work just fine! Smile


P.S. Of course, if you have another trick to make it work, please comment. Smile


Advanced Technology Days 12

Another Advanced Technology Days are now behind us.

It was a great conference, with so many familiar faces (and so many new ones). I didn’t like this year’s venue as much as the last one (let’s be honest – nothing beats a movie theater! Smile), but it was fine – it’s always about the great people, not the venue itself.

This year I was speaking about the new System Center 2016 suite and, judging by the full room (thank you!), this topic is very hot right now. I really like the new features in Virtual Machine Manager and the new “speedy” Operations Manager (with web portal which finally works in “modern” browsers Smile).


Slides (which are actually customized Microsoft Ignite slides – thank you), are uploaded to my SlideShare.

And now… looking forward to Advanced Technology Days 13. Smile


P.S. Thanks for the pics – Goran & Igor!