Thursday, August 29, 2013

Pulling Custom Metrics into CloudWatch

Needed to pull some custom metrics from my Windows instances running within AWS and pop them into Cloudwatch.

 

Specifically I needed to get the number of “Active Sessions” from the Terminal Services counter.

 

To start within, AWS provide some nice little PowerShell scripts that take custom metrics and pop them into Cloudwatch for you.

 

http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/mon-scripts-powershell.html#mon-scripts-powershell-getstarted

 

Once the scripts are downloaded and extracted into a local folder, you need to create an IAM user with enough rights for Cloud watch operations (I started with cloud watch full access, but I could probably be a little more granular)

 

Once that was done, I downloaded and extracted the contents of the AmazonCloudWatchMonitoringWindows.zip file into c:\_Scripts\Cloudwatch.

 

Next step was to add the credentials into the awscreds.conf file.

 

 

Now, there are few scripts available, each one assists in grabbing specific metric sets from the Window Instances.

 

My specific requirement was to grab the number of active terminal server connections, so I opted to customize the mon-put-metrics-perfmon.ps1 script and include the specific metrics I was after.

 

Opening up the PS1 script within notepad and jumping down to the section which starts “#### Add More Counters here.”  

Below this section you can add a list of the counters you wish to pull from perfmon and send up to cloudwatch.

 

First step was to determine the correct syntax for the metric I was after.

 

Running the command “(get-counter –ListSet ‘Terminal Services’).Paths” returns the available metrics and the paths for those metrics.

 

 

Now it was time to mod the PowerShell script, So I followed the format of the existing counters and added the following:

 

$Counters.Add('\\localhost\Terminal Services\Active Sessions','Count')

 

Which resulted in the file looking a bit like this..

 

 

Save the file now. Notice the second parameter, “count”, this is the unit of data the counter provides. In the case of Active Sessions, it’s simply a counter 1..2..3….10, you get the idea.

 

All that’s left do to now is schedule the script to run at whatever interval meets your requirements.

 

In my case I opted for every 5 minutes.

 

I configured the task to run as SYSTEM and the action looks a bit like this:

 

 

The argument is: ‘ -command "C:\_Scripts\Cloudwatch\mon-put-metrics-perfmon.ps1  -aws_credential_file C:\_Scripts\Cloudwatch\awscreds.conf" ’

 

As you can see, I’ve simply specified PowerShell as the program to run, with the the mon-put-metrics-perfmon.ps1 script as the argument (I also specified the credentials file).

 

Now time to click save and let it run for  few minutes / hours /days….

 

The result is a nice new metric on CloudWatch – now time to have fun with Autoscaling.

 

 

 

Configuring a custom SysPrep file for AWS Windows Instanes

I needed to convert a Windows Server 2012 instance into an AMI so that it could be deployed as part of an auto-scaling configuration.

 

My domain already existed and so I simply needed to grab the existing Sysprep2008.xml file from

 

C:\Program Files\Amazon\Ec2ConfigService\sysprep2008.xml

 

And add in the following components under the respective sections.

 

Under the “Generalize” section.

 

    <component name="Microsoft-Windows-Security-SPP" processorArchitecture="wow64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

      <SkipRearm>1</SkipRearm>

    </component>

 

Under the “Specialize” section.

 

    <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

      <Identification>

        <Credentials>

          <Domain>MyDomain.LOCAL</Domain>

          <Password>password123</Password>

          <Username>sysprepaccount</Username>

        </Credentials>

        <JoinDomain>MyDomain.LOCAL</JoinDomain>

        <MachineObjectOU>OU=Session Hosts,OU=Servers,DC=MyDomain,DC=local </MachineObjectOU>

        <UnsecureJoin>False</UnsecureJoin>

      </Identification>

    </component>

 

I then copied the modified sysprep file back into C:\Program Files\Amazon\Ec2ConfigService\sysprep2008.xml overwriting the original template.

 

After that, I ran EC2Config as follows:

 

“Set Computer Name” – I may look into including my own custom naming convention at a later stage, but for the purposes of testing, this ensures my servers all have unique names.

 

 

“Shutdown with Sysprep” – Pretty obvious what this does.

 

 

Once Sysprep has run and the instance has just down, you can then create an AMI from the instance and start having fun with auto-scaling.

 

A couple of gotchas – if you have a password with any kind special characters within the sysprep file, EC2Config will crap out and report an error parsing EntityName.

Needs a little more investigation but I changed the password to something a little more straight forward and it worked no problem.

 

I’ll add a future post about my exploits with auto-scaling.

 

 

 

 

 

Tuesday, August 27, 2013

Reckon Accounts CRashing on Server 2012

Came across this one today when launching Reckon Accounts on a Server 2012 VM.

More investigation needed, but to fix in the short term

·         Disable IESC.

·         Configure Medium Security for the Internet Zone within Internet Explorer.

·         Close down IE and re-launch Reckon Accounts.

 

Monday, August 26, 2013

Useful PowerShell Script to Bulk Create Users

Just used this script to generate 4000 users accounts within a development Active Directory.

 

The CSV has to be in the format:

 

##### CSV FILE ########

 

Name,Firstname,Password

User1,test,P@$$w0rd!1

User2,test,P@$$w0rd!1

User3,test,P@$$w0rd!1

User4,test,P@$$w0rd!1

############### START SCRIPT ################

 

Import-Module ActiveDirectory

$Users = Import-Csv -Delimiter ";" -Path ".\users.csv" 

foreach ($User in $Users) 

    $OU = "OU=Employees,DC=lab-os,DC=com" 

    $Password = $User.password

    $Detailedname = $User.firstname + " " + $User.name

    $UserFirstname = $User.Firstname

    $FirstLetterFirstname = $UserFirstname.substring(0,1)

    $SAM =  $FirstLetterFirstname + $User.name

    New-ADUser -Name $Detailedname -SamAccountName $SAM -UserPrincipalName $SAM -DisplayName $Detailedname -GivenName $user.firstname -Surname $user.name -AccountPassword (ConvertTo-SecureString $Password -AsPlainText -Force) -Enabled $true -Path $OU 

}

 

############### END SCRIPT ################


Script credit goes to http://gallery.technet.microsoft.com/scriptcenter/ed20b349-9758-4c70-adc0-19c5acfcae45

 

 

A little about Me

My photo
My name is Mitch Beaumont and I've been a technology professional since 1999. I began my career working as a desk-side support engineer for a medical devices company in a small town in the middle of England (Ashby De La Zouch). I then joined IBM Global Services where I began specialising in customer projects which were based on and around Citrix technologies. Following a couple of very enjoyable years with IBM I relocated to London to work as a system operations engineer for a large law firm where I responsible for the day to day operations and development of the firms global Citrix infrastructure. In 2006 I was offered a position in Sydney, Australia. Since then I've had the privilege of working for and with a number of companies in various technology roles including as a Solutions Architect and Technical team leader.