Capturing network trace in Windows

Do you need to capture some network traffic on a Windows box for further analysis, but don’t want to install additional software just… everywhere?

I usually do.

If you didn’t know, Windows has built-in tool with which you can do just that – (among other things) capture network trace to a file for further analysis. The tool is called netsh.

So, how do you capture traffic with netsh?

It’s fairly easy (for more options, filters and such, you can always check the accompanying help content – netsh trace start ?):

If you look at the location where you’ve saved your trace, you’ll see two files – of those two files, MyTrace.etl is the one you want:

OK, but what do you do with it?

If you try to open it with, for example, WireShark, you’ll see it doesn’t work:

So… we have a trace file with which we can’t really do anything?!?

Not exactly!

If you have Microsoft Network Monitor (now archived, but can be found… on the Internet) or Microsoft Message Analyzer (now retired), you can open up and analyze your trace as you normally would:

If you already have WireShark on, let’s say, your workstation, and want to continue using it for the analysis, this trace needs to be converted to a format which WireShark understands (hope that one day we’ll have WireShark which opens such .etl files natively).

You can convert it by using the free tool called etl2pcapng.

It doesn’t require installation, and if you want to use the pre-compiled binaries, they are available under etl2pcapng releases.

So, convert your (netsh) MyTrace.etl to (WireShark’s) MyTrace.pcapng with this command:

Once converted, you can open the new file (MyTrace.pcapng) in WireShark, and do what you would usually do to analyze it:

Hope this helps!

Cheers!

Giveaway – SCVMM 2016 Cookbook, 3rd by Packt

This time I have something to share – kind people at Packt are giving away 10 copies of System Center 2016 Virtual Machine Manager Cookbook – Third Edition eBook, written by my colleagues Roman Levchenko and Edvaldo Alessandro Cardoso.

All you have to do is contact me using the form in About section, with your name and e-mail address (and a short note that this is about the book giveaway :)) and I’ll be happy to add you to the list.

Once I collect ten of you, I’ll share the list with Packt and they will send you an email with the free eBook.

If you like the book, you can also leave a short review on Amazon.

Cheers!

P.S. As a technical reviewer of this book, I may be a bit biased, but this book is still a great Virtual Machine Manager (2016) resource! 🙂

UPDATE: Big thanks to all that entered the giveaway, now it’s over – I’ve sent info for Dražen, Ljubo, Matt, Sean, Steven, René, Anko, Bob, Johannes and Thomas to Packt (first come, first served). I hope you’ll get your books soon (and that you enjoy them)!

Basic SharePoint load balancing

I’ve recently created a simple lab which gave me some answers around load balancing a SharePoint 2016 farm with SSL offloading.

To start, I’ve created a couple of virtual servers (on top of my “supercool home Windows Server 2016 Hyper-V PC” Smile) – a domain controller, a SQL server and two SharePoint servers. I’ve also downloaded a KEMP LoadMaster appliance (there is also a free one here, which would have been just enough for this lab) and prepared my DigiCert wildcard certificate (there is no need for the wildcard option, but this is the one I already have, so I’ve decided to use it).

So… I’ve prepared a domain controller, joined all the other servers to the domain and then installed SQL Server 2016. After that, on SharePoint servers, I’ve ran a preparation wizard and created a new SharePoint farm from the first node… with second node joining to it later. At the end, I’ve done the “Farm configuration” wizard and was all set to do the load balancing part. (And yes – I know that clicking “Next” is lame, but… it works. Smile)

The networking configuration for this lab is pretty simple. I have two VLANs – 111 (backend, where all the servers are residing) and VLAN 101 (frontend, where my LB virtual servers are).

I’ve created a new virtual machine for the load balancer, attached it to the two mentioned networks and also added the virtual disk downloaded from KEMP’s website.

image

After that, I’ve done the initial configuration wizard of LoadMaster which is actually straight-forward (setting the password, IP addresses, and importing a certificate afterwards).

With this done, we can create our virtual service(s) – there is actually a great guide for configuring the SharePoint load balancing virtual servers with KEMP LoadMaster.

I’ve used the following basic (manual) settings for my virtual service:

image
image

HINT: When troubleshooting load balancing – make sure that you have only one node behind the balancer… it makes things so much easier to troubleshoot! Smile

One last thing that wasn’t working with this “Next, Next, Next…” configuration was the Alternate Access Mappings (AAM) part – to be able to access a SharePoint farm over HTTPS and a public name, AAM should “know about it”. There is a great guide about AAM available – make sure you read it.

Default AAM settings for my farm were:

image

After (a lot) of troubleshooting and research, they were changed to this:

image

And… that’s it – it works! Smile

My totally awesome SharePoint 2016 site, located behind a load balancer and published with a trusted certificate (with SSL session terminating on my virtual KEMP load balancer), was alive:

image

To conclude – in all the configuration that was done, setting the AAM right was something that gave me most of the headache (load balancing/redirections not working right, troubleshooting what’s happening, etc.). Pay special attention to it! Once you figure it out, you’re done. Smile

Cheers!

Inside the Microsoft OMS

Are you looking for some great Operations Management Suite (OMS) resources?

Earlier today something great got published – a preview version of a new free e-book on OMS! Book, which is called Inside the Microsoft Operations Management Suite, was authored by four OMS experts – Tao Yang, Stanislav Zhelyazkov, Pete Zerger and Anders Bengtsson.

insideoms

Haven’t had a chance to read it just yet, but it looks great (total of 430 pages, split in 12 chapters), and can’t wait to start reading it! Smiješak

Contents:

  • Introduction and Onboarding
  • Searching and Presenting OMS Data
  • Alert Management
  • Configuration Assessment and Change Tracking
  • Working with Performance Data
  • Process Automation and Desired State Configuration
  • Backup and Disaster Recovery
  • Security Configuration and Event Analysis
  • Analyzing Network Data
  • Accessing OMS Data Programmatically
  • Custom Management Pack Authoring
  • Cross-Platform Management and Automation

You can download this book for free from TechNet Gallery, and if you liked it, don’t forget to leave the 5-star rating (and a comment).

Now I have something to read in this cold winter days (and nights). Smiješak

Cheers!

Just released – Veeam Management Pack v7

Guys at Veeam have released a new version of their management pack for System Center – Veeam® Management Pack™ v7 (now with Hyper-V support, which is kind of a big deal for those running Hyper-V & Veeam)!

As they say on their website – “This new version is the most comprehensive, intuitive and intelligent extension for app-to-metal management of Microsoft Hyper-V, VMware vSphere and Veeam Backup & Replication™.

One interesting thing about the product is that it now offers the same features for monitoring, reporting and capacity planning for both hypervisors. You’ll get:

  • Interactive topology views of compute, storage and network
  • Real-time Hyper-V performance monitoring
  • In-context dashboards and heat maps

More detailed info is available here.

mp_7_scheme

They also have a very cool offer – here you can request a free product license (Enterprise edition) including one year of free Standard maintenance for Hyper-V environments up to 100 sockets (offer available until December 31, 2014).

So… grab your license and start exploring! Smile

Reminder – Free certification for students!

Just a quick reminder – for all students who want to get certified on Microsoft technology, there is still a chance to get one free voucher they can use for this purpose. Microsoft is offering this vouchers through DreamSpark program, and if you have access, you can easily generate one voucher for yourself (or even pass it on to a friend).

You can get your voucher (all all other necessary info) on this site.
If you already got the voucher, you can use it on Prometric – just pick a test site, exam & time, and get your certificate…

For those willing to try this out and become certified, good luck (hope to see you in the MCP club after this one)!

P.S. This offer is valid while supplies last, so hurry up!

dreamspark_free_vouchers

Deployment Guides & Tools

Nakon godišnjih i ostalih odmora, vrijeme je da se lagano posvetim svakodnevnim obavezama. Svima koji se tek spremaju na godišnji, sretan im bio (uz lijepo vrijeme), a za sve one koji su se vratili, nadam se da ste se odmorili… Smile

Jučer sam naišao na, po meni, jako dobre materijale koje bih želio s vama podijeliti, a vezani su uz deployment.

Microsoftov MVP (Setup &  Deployment), Johan Arwidmark, koji je ujedno i dio TrueSec tima, skupio je hrpu materijala koji vam mogu pomoći da ovladate umijećem Windows deploymenta.

Ovo je inače drugi takav CD, a osnovna ideja mu je olakšati sam proces deploymenta i upoznati administratore sa potrebnim alatima (MDT 2010, odnosno SCCM 2007 R2), ali i svime ostalim što bi im moglo zatrebati. CD je zamišljen kao skup dokumenata i skripti koje vam mogu pomoći, a najljepši dio su svakako video tutoriali.

Materijali su dostupni na ovim stranicama, a nalaze se zapakirani u .iso image CD-a (cca. 180 MB), a za njihovo preuzimanje se je potrebno registrirati (link za preuzimanje dolazi e-mailom kroz dan-dva).

Dodatan resurs jest i Jonathanov blog koji se nalazi ovdje.

<

p>Ukoliko se bavite (ili namjeravate baviti) Windows deploymentom, mislim da ne biste trebali propustiti ovu priliku…

MAP Toolkit 5.0

Just a few days after the final version of MDT 2010 Update 1 was released, Microsoft released new version of another Solution Accelerator – Microsoft Assessment and Planning Toolkit 5.0.

For all of you who don’t know what this is – it’s a free inventory, assessment, and reporting tool that makes it easier for you to assess your current IT infrastructure. It can inventory computer hardware, software, and operating systems in your environment — without installing any agent software (unlike System Center products).

<

p>MAP is available for download here, and additional information can be found on the official MAP Team blog.