My SSMS Settings: A Visual Guide

Posted by cviorel on September 18, 2024 No comments | This post has 152 views.

As a database professional, I’ve optimized my SQL Server Management Studio (SSMS) settings for maximum efficiency. Here’s a visual breakdown of my key configurations:

1. Editor Tab and Status Bar

Status bar shows execution time, database name, login, row count, and server
Pink for group connections, khaki for single server
Tab text includes only the file name

2. Advanced Execution Settings

SET CONCAT_NULL_YIELDS_NULL and SET ARITHABORT enabled
Transaction isolation: READ COMMITTED
Suppressed provider message headers
Completion time shown after query execution

3. Query Results to Grid

Max characters for non-XML: 65535
XML data: Unlimited

4. Query Results to Text

Custom delimiter: | (vertical bar)
Include column headers
Scroll as results are received
Max characters per column: 8192

5. SQL Server Object Explorer Options

Audit Log: Top 1000 records
Drag-and-drop: Prepend schema, surround with brackets
Prompt for schema object renaming
Edit Top: 200 rows
Select Top: 1000 rows

6. Query Output Formatting

Custom delimiter: | (pipe character)
Include column headers
Scroll as results are received
Max characters per column: 8192

These settings streamline my SSMS workflow. Adjust them to fit your needs and boost your productivity!

Find forks for a GitHub repository

Posted by cviorel on February 8, 2024 No comments | This post has 537 views.

In a recent episode of Brent Ozar’s Office Hours, someone asked if there are any interesting forks of the First Responder Kit, on GitHub.

So I thought it would be useful to have a way to quickly check for forks and see when they were updated.
I came up with the following PowerShell function which does exactly that.

function Get-RepoForks {
    <#
    .DESCRIPTION
    Function to list forks for a GitHub repository

    .PARAMETER OrgName
    The name of the Organisation that ownd the repository

    .PARAMETER RepoName
    The name of the repository

    .EXAMPLE
    Get-RepoForks -OrgName 'BrentOzarULTD' -RepoName 'SQL-Server-First-Responder-Kit'

    Gets all the forks for SQL-Server-First-Responder-Kit, sorted by updated_at

    .EXAMPLE
    Get-RepoForks -OrgName 'BrentOzarULTD' -RepoName 'SQL-Server-First-Responder-Kit' | Select-Object -First 5 | Format-Table -AutoSize

    Gets 5 forks for SQL-Server-First-Responder-Kit, sorted by updated_at
    #>

    [CmdletBinding()]
    param (
        [Parameter(Mandatory = $true)]
        [string]$OrgName,

        [Parameter(Mandatory = $true)]
        [string]$RepoName
    )

    begin {

    }

    process {
        $forks_url = "https://api.github.com/repos/${OrgName}/${RepoName}/forks"
        $forks = Invoke-WebRequest -UseBasicParsing $forks_url -Headers @{"Accept" = "application/json" }

        $json = $forks.Content | ConvertFrom-Json

        $json | Select-Object full_name, private, html_url, created_at, updated_at, pushed_at | Sort-Object -Property updated_at -Descending
    }

    end {

    }
}

function Get-RepoForks {

.DESCRIPTION

Function to list forks for a GitHub repository

.PARAMETER OrgName

The name of the Organisation that ownd the repository

.PARAMETER RepoName

The name of the repository

.EXAMPLE

Get-RepoForks -OrgName 'BrentOzarULTD' -RepoName 'SQL-Server-First-Responder-Kit'

Gets all the forks for SQL-Server-First-Responder-Kit, sorted by updated_at

.EXAMPLE

Get-RepoForks -OrgName 'BrentOzarULTD' -RepoName 'SQL-Server-First-Responder-Kit' | Select-Object -First 5 | Format-Table -AutoSize

Gets 5 forks for SQL-Server-First-Responder-Kit, sorted by updated_at

[CmdletBinding()]

param (

[Parameter(Mandatory = $true)]

[string]$OrgName,

[Parameter(Mandatory = $true)]

[string]$RepoName

)

begin {

}

process {

$forks_url = "https://api.github.com/repos/${OrgName}/${RepoName}/forks"

$forks = Invoke-WebRequest -UseBasicParsing $forks_url -Headers @{"Accept" = "application/json" }

$json = $forks.Content | ConvertFrom-Json

$json | Select-Object full_name, private, html_url, created_at, updated_at, pushed_at | Sort-Object -Property updated_at -Descending

}

end {

}

I hope someone will find it useful.
Enjoy!

Set-MpPreference in Azure Batch flagged as malicious

Posted by cviorel on February 7, 2024 No comments | This post has 1,078 views.

I will just leave this here, as a future reference.

Apparently, when you try to make add an exclusion for the Windows Defender in an Azure Batch Pool node during a startup script, Microsoft will flag it as malicious. ¯\_(ツ)_/¯

Easily attach StackOverflow database

Posted by cviorel on April 7, 2021 No comments | This post has 4,970 views.

Brent Ozar maintains a Microsoft SQL Server version of the public Stack Overflow data export.

He provides detailed explanation on how to download, extract and use it.

You need to download the desired versions and put them on your network.

For easy deployment of the StackOverflow database, I’ve put together a PowerShell function that takes care of downloading the files from your domain (if needed), extracting the archives and mounting the files on an existing instance.

The function uses the dbatools and 7Zip4PowerShell PowerShell modules. If they are not present on the host, they will be installed from the official PSGallery.

Get-StackOverflow -Url "C:\Temp\StackOverflow2010.7z" -Path D:\Temp -SqlInstance 'server\instance'

1	Get-StackOverflow -Url "C:\Temp\StackOverflow2010.7z" -Path D:\Temp -SqlInstance 'server\instance'

This will extract the StackOverflow2010.7z archive to D:\Temp, then it will get the default path for Data and Log from the ‘server\instance’, it will move the data and the log files to the appropriate location and then mount them.

The function also offers the possibility to specify that the data and log files should be placed in custom locations.

Get-StackOverflow -Url "\\TF-WINGUI01\c$\Temp\StackOverflow2010.7z" -Path D:\Temp -SqlInstance 'localhost,10001' -DataPath D:\MSSQL\Data -LogPath D:\MSSQL\Log

1	Get-StackOverflow -Url "\\TF-WINGUI01\c$\Temp\StackOverflow2010.7z" -Path D:\Temp -SqlInstance 'localhost,10001' -DataPath D:\MSSQL\Data -LogPath D:\MSSQL\Log

Get-StackOverflow -Url "https://downloads.yourdomain.local/StackOverflow2010.7z" -Path D:\Temp -SqlInstance 'localhost,10001' -DataPath D:\MSSQL\Data -LogPath D:\MSSQL\Log

1	Get-StackOverflow -Url "https://downloads.yourdomain.local/StackOverflow2010.7z" -Path D:\Temp -SqlInstance 'localhost,10001' -DataPath D:\MSSQL\Data -LogPath D:\MSSQL\Log

The full version of the script is available on my GitHub account.

https://github.com/cviorel/PowerShell/blob/main/Get-StackOverflow.ps1

Hope this comes in handy!

Enjoy!

SQL Server Management Studio – automatically get the latest version

Posted by cviorel on December 20, 2020 No comments | This post has 2,548 views.

When working with SQL Server, I prefer to have a jump host with my tools already installed.

You may also have them on your main laptop/workstation, but I would also recommend to have a VM in the cloud or in your datacenter.

Everyone has a different list of tools they use, but most of the time you’ll find these apps on those lists:

command line tools to interact with various cloud providers
putty
winscp
chocolatey
SQL Server Management Studio
Azure Data Studio
git
vscode
vim
various PowerShell modules

In this post I will focus on SQL Server Management Studio.

Since version 18.7, the Azure Data Studio is also included in the installer.

By default Azure Data Studio is installed along with SSMS, but this can be excluded by using:

DoNotInstallAzureDataStudio=1

1	DoNotInstallAzureDataStudio=1

Eventually, this will not be a valid option, as SSMS will require dependencies provided by Azure Data Studio.

This is a good time to update the script I’m using to automatically install the latest version of SSMS.

I could not find an official manifest with the SSMS versions that I could query, so the script is using the GitHub page where Microsoft publishes the SSMS release notes.

If SSMS is already installed, the script will compare the existing version with the latest one available and it will notify the user.

Function Install-SSMS {
    <#
    .SYNOPSIS
        Silently Download and Install SQL Server Management Studio (SSMS).

    .DESCRIPTION
        This will download and install the latest available SSMS from Microsoft.

    .PARAMETER LocalFile
        Specifies the path to a local file to install SSMS from.
        If the local file is not the latest released, the user will be prompted to download the latest one available.
        If this parameter is not specified, the latest version will be downloaded and installed from https://aka.ms/ssmsfullsetup

    .PARAMETER InstallAzureDataStudio
        This will prevent the installation of Azure Data Studio

    .PARAMETER WriteLog
        You want to log to a file. It will generate more than a few files :)

    .PARAMETER RemoveDownload
        Removes the downloaded file after the installation.

    .PARAMETER WhatIf
        Shows what would happen if the command were to run. No actions are actually performed.

    .PARAMETER Force
        If this switch is enabled, the installation will continue even if another version of SSMS is found on the system

    .PARAMETER IgnoreUpdate
        If this switch is enabled, the installation will always use the LocalFile, even if it's an outdated version.
        Only works if LocalFile is specified.

    .PARAMETER EnableException
        By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message.
        This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables advanced scripting.
        Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own try/catch.

    .NOTES
        Author: Viorel Ciucu
        Website: https://cviorel.com
        License: MIT https://opensource.org/licenses/MIT

    .LINK
        https://www.cviorel.com/silently-download-and-install-sql-server-management-studio-ssms/
        https://www.cviorel.com/sql-server-management-studio-automatically-get-the-latest-version/

    .EXAMPLE
        Install-SSMS -WriteLog 1

        Silently downloads and installs latest version of SSMS.
        It will create a log for the installation.

    .EXAMPLE
        Install-SSMS -InstallAzureDataStudio $false -WriteLog $true -LocalFile C:\Users\Administrator\Downloads\SSMS-Setup-ENU.exe

        Silently installs SSMS without Azure Data Studio from the C:\Users\Administrator\Downloads\SSMS-Setup-ENU.exe local file

    #>

    [CmdletBinding(SupportsShouldProcess, ConfirmImpact = "Low")]
    param (
        [parameter(Mandatory = $false, ParameterSetName = 'LocalFile')]
        [string]$LocalFile,

        [parameter(Mandatory = $false, ParameterSetName = 'LocalFile')]
        [switch]$IgnoreUpdate,

        [parameter(Mandatory = $false)]
        [bool]$InstallAzureDataStudio = $false,

        [parameter(Mandatory = $false)]
        [bool]$WriteLog = $false,

        [parameter(Mandatory = $false)]
        [bool]$RemoveDownload = $false,

        [parameter(Mandatory = $false)]
        [switch]$Force
    )


    if (-not ($PSBoundParameters.ContainsKey('LocalFile'))) {
        if ($PSBoundParameters.ContainsKey('IgnoreUpdate')) {
            Write-Output "Parameter IgnoreUpdate can be only used with '-LocalFile'"
            break
        }
    }

    $temp = ([System.IO.Path]::GetTempPath()).TrimEnd("\")
    $outFile = "$temp\SSMS-Setup-ENU.exe"

    $argList = @()
    $argList += "/install /quiet /norestart"

    # Check the last version of SSMS
    $uri = 'https://raw.githubusercontent.com/MicrosoftDocs/sql-docs/live/docs/ssms/release-notes-ssms.md'
    $md = Invoke-WebRequest -Uri $uri | Select-Object -ExpandProperty Content

    $regEx = '(- Release number\:\s+(\d+\.)?(\d+\.)?(\d+))|(- Build number\:\s+(\d+\.)(\d+\.)(\d+\.)(\d+))|(- Release date\:\s+(\w+\s+\d{1,2})\,\s+\d{4})'

    $HashTable = @{}
    $index = 1
    $md | Select-String -Pattern $regEx -AllMatches | `
        ForEach-Object { $_.Matches } | `
        ForEach-Object {
        $value = ($_.Value -replace ('-', '')).Trim();
        $HashTable.Add($index, $value);
        $index++
    }

    $lastVersion = @{
        ReleaseNumber = (($HashTable[1] -split (':'))[1]).Trim()
        BuildNumber   = (($HashTable[2] -split (':'))[1]).Trim()
        ReleaseDate   = (($HashTable[3] -split (':'))[1]).Trim()
    }

    $filter = 'Microsoft SQL Server Management Studio'
    $uninstall32 = Get-ChildItem "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall" | ForEach-Object { Get-ItemProperty $_.PSPath } | Where-Object { $_ -match $filter } | Select-Object DisplayVersion
    $uninstall64 = Get-ChildItem "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" | ForEach-Object { Get-ItemProperty $_.PSPath } | Where-Object { $_ -match $filter } | Select-Object DisplayVersion

    if ($uninstall64) {
        $isInstalled = $true
        $installedVersion = $uninstall64.DisplayVersion
    }
    if ($uninstall32) {
        $isInstalled = $true
        $installedVersion = $uninstall32.DisplayVersion
    }

    if ($isInstalled -eq $true) {
        Write-Output "Version $installedVersion was detected on your system!"
        if (-not $Force) {
            $confirmation = Read-Host "Are you sure you want to proceed [y/n]"
            if ($confirmation -notmatch "[yY]") {
                break
            }
        }
    }

    if ($LocalFile.Length -ne 0) {
        if (Test-Path -Path $LocalFile) {
            $existingVersion = (Get-ChildItem -Path $LocalFile).VersionInfo.ProductVersion
            if ($existingVersion -ne $lastVersion.BuildNumber) {
                Write-Output "There is a newer release available: $($lastVersion.ReleaseNumber) ($($lastVersion.ReleaseDate)). We will download it and save it to: $($outFile)"
                if (-not $IgnoreUpdate) {
                    $outdated = $true
                }
            }
        }
        else {
            Write-Output "The file path is not valid."
            $LocalFile = $null
        }
    }

    if ($null -eq $LocalFile -or $LocalFile.Length -eq 0) {
        if (Test-Path -Path $outFile) {
            $existingVersion = (Get-ChildItem -Path $outFile).VersionInfo.ProductVersion
            if ($existingVersion -ne $lastVersion.BuildNumber) {
                Write-Output "Locally-cached copy exists, but it's outdated. There is a newer version available $($lastVersion.ReleaseNumber) (released on $($lastVersion.ReleaseDate)). We will download it and save it to: $($outFile)"
                $outdated = $true
            }
        }

        if ((Test-Path -Path $outFile) -and (-not $outdated)) {
            Write-Output "Locally-cached copy exists and it's the newest one available, skipping download."
        }
        else {
            if ($PSCmdlet.ShouldProcess($env:COMPUTERNAME, "Downloading latest SSMS to $outFile")) {
                try {
                    # Create SSL/TLS secure channel
                    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

                    # Start the download
                    $url = "https://aka.ms/ssmsfullsetup"

                    try {
                        $ProgressPreference = "SilentlyContinue"
                        Invoke-WebRequest $url -OutFile $outFile -UseBasicParsing
                    }
                    catch {
                        (New-Object System.Net.WebClient).Proxy.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials
                        Invoke-WebRequest $url -OutFile $outFile -UseBasicParsing
                    }
                }
                catch {
                    Write-Output "Download failed. Please download manually from $url."
                    return
                }
            }
        }
    }

    if ($InstallAzureDataStudio -eq $false) {
        $argList += "DoNotInstallAzureDataStudio=1"
    }

    if ($WriteLog -eq $true) {
        $logFile = "$temp\SSMS_$(Get-Date -Format `"yyyyMMddHHmm`").txt"
        $argList += "/log $logFile"
        Write-Output "InstallationLog: $logFile"
    }

    # Start the install
    if ($PSCmdlet.ShouldProcess($env:COMPUTERNAME, "Installing latest SSMS from $outFile")) {
        # Closing running SSMS processes
        if (Get-Process 'Ssms' -ErrorAction SilentlyContinue) {
            Stop-Process -Name Ssms -Force -ErrorAction SilentlyContinue
        }

        # Install silently
        if (Test-Path $outFile) {
            if ($outFile.EndsWith("exe")) {
                Write-Output "Performing silent install..."
                $process = Start-Process -FilePath $outFile -ArgumentList $argList -Wait -Verb RunAs -PassThru

                if ($process.ExitCode -ne 0) {
                    Write-Output "$_ exited with status code $($process.ExitCode). Check the error code here: https://docs.microsoft.com/en-us/windows/win32/msi/error-codes"
                }
                else {
                    Write-Output "Instalation was sucessfull!"
                }
            }
        }
        else {
            Write-Output "$outFile does not exist. Probably the download failed."
        }
    }

    # Cleanup
    if ($RemoveDownload -eq $true) {
        if ($PSCmdlet.ShouldProcess($env:COMPUTERNAME, "Removing the installation file $outFile")) {
            Remove-Item $outFile -Force -ErrorAction SilentlyContinue
        }
    }
}

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

Function Install-SSMS {

.SYNOPSIS

Silently Download and Install SQL Server Management Studio (SSMS).

.DESCRIPTION

This will download and install the latest available SSMS from Microsoft.

.PARAMETER LocalFile

Specifies the path to a local file to install SSMS from.

If the local file is not the latest released, the user will be prompted to download the latest one available.

If this parameter is not specified, the latest version will be downloaded and installed from https://aka.ms/ssmsfullsetup

.PARAMETER InstallAzureDataStudio

This will prevent the installation of Azure Data Studio

.PARAMETER WriteLog

You want to log to a file. It will generate more than a few files :)

.PARAMETER RemoveDownload

Removes the downloaded file after the installation.

.PARAMETER WhatIf

Shows what would happen if the command were to run. No actions are actually performed.

.PARAMETER Force

If this switch is enabled, the installation will continue even if another version of SSMS is found on the system

.PARAMETER IgnoreUpdate

If this switch is enabled, the installation will always use the LocalFile, even if it's an outdated version.

Only works if LocalFile is specified.

.PARAMETER EnableException

By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message.

This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables advanced scripting.

Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own try/catch.

.NOTES

Author: Viorel Ciucu

Website: https://cviorel.com

License: MIT https://opensource.org/licenses/MIT

.LINK

https://www.cviorel.com/silently-download-and-install-sql-server-management-studio-ssms/

https://www.cviorel.com/sql-server-management-studio-automatically-get-the-latest-version/

.EXAMPLE

Install-SSMS -WriteLog 1

Silently downloads and installs latest version of SSMS.

It will create a log for the installation.

.EXAMPLE

Install-SSMS -InstallAzureDataStudio $false -WriteLog $true -LocalFile C:\Users\Administrator\Downloads\SSMS-Setup-ENU.exe

Silently installs SSMS without Azure Data Studio from the C:\Users\Administrator\Downloads\SSMS-Setup-ENU.exe local file

[CmdletBinding(SupportsShouldProcess, ConfirmImpact = "Low")]

param (

[parameter(Mandatory = $false, ParameterSetName = 'LocalFile')]

[string]$LocalFile,

[parameter(Mandatory = $false, ParameterSetName = 'LocalFile')]

[switch]$IgnoreUpdate,

[parameter(Mandatory = $false)]

[bool]$InstallAzureDataStudio = $false,

[parameter(Mandatory = $false)]

[bool]$WriteLog = $false,

[parameter(Mandatory = $false)]

[bool]$RemoveDownload = $false,

[parameter(Mandatory = $false)]

[switch]$Force

)

if (-not ($PSBoundParameters.ContainsKey('LocalFile'))) {

if ($PSBoundParameters.ContainsKey('IgnoreUpdate')) {

Write-Output "Parameter IgnoreUpdate can be only used with '-LocalFile'"

break

}

$temp = ([System.IO.Path]::GetTempPath()).TrimEnd("\")

$outFile = "$temp\SSMS-Setup-ENU.exe"

$argList = @()

$argList += "/install /quiet /norestart"

# Check the last version of SSMS

$uri = 'https://raw.githubusercontent.com/MicrosoftDocs/sql-docs/live/docs/ssms/release-notes-ssms.md'

$md = Invoke-WebRequest -Uri $uri | Select-Object -ExpandProperty Content

$regEx = '(- Release number\:\s+(\d+\.)?(\d+\.)?(\d+))|(- Build number\:\s+(\d+\.)(\d+\.)(\d+\.)(\d+))|(- Release date\:\s+(\w+\s+\d{1,2})\,\s+\d{4})'

$HashTable = @{}

$index = 1

$md | Select-String -Pattern $regEx -AllMatches | `

ForEach-Object { $_.Matches } | `

ForEach-Object {

$value = ($_.Value -replace ('-', '')).Trim();

$HashTable.Add($index, $value);

$index++

}

$lastVersion = @{

ReleaseNumber = (($HashTable[1] -split (':'))[1]).Trim()

BuildNumber = (($HashTable[2] -split (':'))[1]).Trim()

ReleaseDate = (($HashTable[3] -split (':'))[1]).Trim()

}

$filter = 'Microsoft SQL Server Management Studio'

$uninstall32 = Get-ChildItem "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall" | ForEach-Object { Get-ItemProperty $_.PSPath } | Where-Object { $_ -match $filter } | Select-Object DisplayVersion

$uninstall64 = Get-ChildItem "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" | ForEach-Object { Get-ItemProperty $_.PSPath } | Where-Object { $_ -match $filter } | Select-Object DisplayVersion

if ($uninstall64) {

$isInstalled = $true

$installedVersion = $uninstall64.DisplayVersion

}

if ($uninstall32) {

$isInstalled = $true

$installedVersion = $uninstall32.DisplayVersion

}

if ($isInstalled -eq $true) {

Write-Output "Version $installedVersion was detected on your system!"

if (-not $Force) {

$confirmation = Read-Host "Are you sure you want to proceed [y/n]"

if ($confirmation -notmatch "[yY]") {

break

}

if ($LocalFile.Length -ne 0) {

if (Test-Path -Path $LocalFile) {

$existingVersion = (Get-ChildItem -Path $LocalFile).VersionInfo.ProductVersion

if ($existingVersion -ne $lastVersion.BuildNumber) {

Write-Output "There is a newer release available: $($lastVersion.ReleaseNumber) ($($lastVersion.ReleaseDate)). We will download it and save it to: $($outFile)"

if (-not $IgnoreUpdate) {

$outdated = $true

}

else {

Write-Output "The file path is not valid."

$LocalFile = $null

}

if ($null -eq $LocalFile -or $LocalFile.Length -eq 0) {

if (Test-Path -Path $outFile) {

$existingVersion = (Get-ChildItem -Path $outFile).VersionInfo.ProductVersion

if ($existingVersion -ne $lastVersion.BuildNumber) {

Write-Output "Locally-cached copy exists, but it's outdated. There is a newer version available $($lastVersion.ReleaseNumber) (released on $($lastVersion.ReleaseDate)). We will download it and save it to: $($outFile)"

$outdated = $true

}

if ((Test-Path -Path $outFile) -and (-not $outdated)) {

Write-Output "Locally-cached copy exists and it's the newest one available, skipping download."

}

else {

if ($PSCmdlet.ShouldProcess($env:COMPUTERNAME, "Downloading latest SSMS to $outFile")) {

try {

# Create SSL/TLS secure channel

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

# Start the download

$url = "https://aka.ms/ssmsfullsetup"

try {

$ProgressPreference = "SilentlyContinue"

Invoke-WebRequest $url -OutFile $outFile -UseBasicParsing

}

catch {

(New-Object System.Net.WebClient).Proxy.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials

Invoke-WebRequest $url -OutFile $outFile -UseBasicParsing

}

catch {

Write-Output "Download failed. Please download manually from $url."

return

}

if ($InstallAzureDataStudio -eq $false) {

$argList += "DoNotInstallAzureDataStudio=1"

}

if ($WriteLog -eq $true) {

$logFile = "$temp\SSMS_$(Get-Date -Format `"yyyyMMddHHmm`").txt"

$argList += "/log $logFile"

Write-Output "InstallationLog: $logFile"

}

# Start the install

if ($PSCmdlet.ShouldProcess($env:COMPUTERNAME, "Installing latest SSMS from $outFile")) {

# Closing running SSMS processes

if (Get-Process 'Ssms' -ErrorAction SilentlyContinue) {

Stop-Process -Name Ssms -Force -ErrorAction SilentlyContinue

}

# Install silently

if (Test-Path $outFile) {

if ($outFile.EndsWith("exe")) {

Write-Output "Performing silent install..."

$process = Start-Process -FilePath $outFile -ArgumentList $argList -Wait -Verb RunAs -PassThru

if ($process.ExitCode -ne 0) {

Write-Output "$_ exited with status code $($process.ExitCode). Check the error code here: https://docs.microsoft.com/en-us/windows/win32/msi/error-codes"

}

else {

Write-Output "Instalation was sucessfull!"

}

else {

Write-Output "$outFile does not exist. Probably the download failed."

}

# Cleanup

if ($RemoveDownload -eq $true) {

if ($PSCmdlet.ShouldProcess($env:COMPUTERNAME, "Removing the installation file $outFile")) {

Remove-Item $outFile -Force -ErrorAction SilentlyContinue

}

You can also reference this script directly from my GitHub account.

Feel free to grab it and share it you you find it useful.

Configure Active Directory authentication with SQL Server on Linux

Posted by cviorel on December 13, 2020 No comments | This post has 3,095 views.

Microsoft just released the adutil in public preview which is a CLI based utility developed to ease the AD authentication configuration for both SQL Server on Linux and SQL Server Linux containers.

We don’t need to switch to a Windows machine to create the AD user for SQL Server and setting SPNs.

In the following steps I will try to install a SQL Server instance on Linux using just the Linux CLI tool adutil.

We will need 2 VMs:

tf-wincore01.lab.local – Domain Controller (DC) running on Windows Server 2019 Core (will
host the lab.local domain)
tf-ubuntu01.lab.local – Ubuntu 18.04 LTS – SQL Server Instance on port 20001 will be
installed here

I will be creating a brand new environment for this test and I am using Terraform to provision the VMs .

Prepare the Domain Controller

Once the VMs are created we need to configure the domain controller:

# Configure Networking on the DC
$InterfaceIndex = $(Get-NetIPAddress -AddressFamily IPv4 | Where-Object { $_.InterfaceAlias -like "Ethernet*" }).InterfaceIndex
Set-DnsClientServerAddress -InterfaceIndex $InterfaceIndex -ServerAddresses 192.168.1.105, 192.168.1.1

# Configure the Domain Controller
$domainName = 'lab.local'
$domainAdminPassword = "SecretPa$w0rd"
$secureDomainAdminPassword = $domainAdminPassword | ConvertTo-SecureString -AsPlainTExt -Force

$domainName.Split('.')[0]
Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools

# Create Active Directory Forest
Install-ADDSForest `
    -DomainName "$domainName" `
    -CreateDnsDelegation:$false `
    -DatabasePath "C:\Windows\NTDS" `
    -DomainMode "7" `
    -DomainNetbiosName $domainName.Split('.')[0] `
    -ForestMode "7" `
    -InstallDns:$true `
    -LogPath "C:\Windows\NTDS" `
    -NoRebootOnCompletion:$True `
    -SysvolPath "C:\Windows\SYSVOL" `
    -Force:$true `
    -SafeModeAdministratorPassword $secureDomainAdminPassword

# Configure Networking on the DC

$InterfaceIndex = $(Get-NetIPAddress -AddressFamily IPv4 | Where-Object { $_.InterfaceAlias -like "Ethernet*" }).InterfaceIndex

Set-DnsClientServerAddress -InterfaceIndex $InterfaceIndex -ServerAddresses 192.168.1.105, 192.168.1.1

# Configure the Domain Controller

$domainName = 'lab.local'

$domainAdminPassword = "SecretPa$w0rd"

$secureDomainAdminPassword = $domainAdminPassword | ConvertTo-SecureString -AsPlainTExt -Force

$domainName.Split('.')[0]

Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools

# Create Active Directory Forest

Install-ADDSForest `

-DomainName "$domainName" `

-CreateDnsDelegation:$false `

-DatabasePath "C:\Windows\NTDS" `

-DomainMode "7" `

-DomainNetbiosName $domainName.Split('.')[0] `

-ForestMode "7" `

-InstallDns:$true `

-LogPath "C:\Windows\NTDS" `

-NoRebootOnCompletion:$True `

-SysvolPath "C:\Windows\SYSVOL" `

-Force:$true `

-SafeModeAdministratorPassword $secureDomainAdminPassword

Let’s setup our zones:

# Check the current zones
Get-DnsServerZone -ComputerName tf-wincore01

# Add a reverse lookup zone
Add-DnsServerPrimaryZone -NetworkId "192.168.1.0/24" -ReplicationScope Domain

# Display the list of records in the new DNS zone (it is empty)
Get-DnsServerResourceRecord -ComputerName tf-wincore01 -ZoneName lab.local

# Create an entry in Active Directory for the Linux host
Add-DnsServerResourceRecordA -Name tf-ubuntu01 -ZoneName lab.local -IPv4Address 192.168.1.85
Get-DnsServerResourceRecord -ZoneName lab.local -RRType A

# Add a PTR record to the Reverse Lookup Zone for the linux host
Add-DNSServerResourceRecordPTR -ZoneName 1.168.192.in-addr.arpa -Name 85 -PTRDomainName tf-ubuntu01.lab.local

# Check the current zones

Get-DnsServerZone -ComputerName tf-wincore01

# Add a reverse lookup zone

Add-DnsServerPrimaryZone -NetworkId "192.168.1.0/24" -ReplicationScope Domain

# Display the list of records in the new DNS zone (it is empty)

Get-DnsServerResourceRecord -ComputerName tf-wincore01 -ZoneName lab.local

# Create an entry in Active Directory for the Linux host

Add-DnsServerResourceRecordA -Name tf-ubuntu01 -ZoneName lab.local -IPv4Address 192.168.1.85

Get-DnsServerResourceRecord -ZoneName lab.local -RRType A

# Add a PTR record to the Reverse Lookup Zone for the linux host

Add-DNSServerResourceRecordPTR -ZoneName 1.168.192.in-addr.arpa -Name 85 -PTRDomainName tf-ubuntu01.lab.local

Note that this AD configuration is just the bare minimum for our lab and it’s not fit for a Production environment!

Join the Linux host to the domain

It’s now time to join the Linux box to our new domain. The yaml file used by netplan needs to point to the domain:

/etc/netplan/******.yaml
network:
  ethernets:
    eth0:
            dhcp4: true

            dhcp6: true
            nameservers:
                    addresses: [ **<AD domain controller IP address>**]
                    search: [**<AD domain name>**]
  version: 2

/etc/netplan/******.yaml

network:

ethernets:

eth0:

dhcp4: true

dhcp6: true

nameservers:

addresses: [ **<AD domain controller IP address>**]

search: [**<AD domain name>**]

version: 2

Confirm the configuration and apply it.

sudo netplan apply

1	sudo netplan apply

In my case, the file looks like this:

/etc/resolv.conf file should also point to the domain:

Next, we install the packages that will allow us to join the machine to the domain:

sudo apt-get install -y realmd krb5-user software-properties-common python3-software-properties packagekit
sudo apt-get install -y adcli libpam-sss libnss-sss sssd sssd-tools

1 2	sudo apt-get install -y realmd krb5-user software-properties-common python3-software-properties packagekit sudo apt-get install -y adcli libpam-sss libnss-sss sssd sssd-tools

Let’s also set the hostname:

short_hostname=$(hostname)
domain='lab.local'
fqdn=${short_hostname}.${domain}
sudo hostname $fqdn

short_hostname=$(hostname)

domain='lab.local'

fqdn=${short_hostname}.${domain}

sudo hostname $fqdn

We are now ready to join the machine to the domain:

sudo realm join lab.local -U 'administrator@lab.local' -v

1	sudo realm join lab.local -U 'administrator@lab.local' -v

This command:

creates a new computer account in AD
creates the /etc/krb5.keytab host keytab file
configures the domain in /etc/sssd/sssd.conf
updates /etc/krb5.conf

Let’s verify that we can now gather information about a user from the domain, and that we can acquire a Kerberos ticket as that user. The following example uses id, kinit, and klist commands for this.

id CHudson@lab.local
kinit CHudson@LAB.LOCAL
klist

id CHudson@lab.local

kinit CHudson@LAB.LOCAL

klist

Install adutil

We now need to install the adutil so we can interact with the Domain Controller directly from the Linux box.

# Register the Microsoft Ubuntu repository
sudo apt-get update && sudo apt-get install -y curl
curl https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -
sudo curl https://packages.microsoft.com/config/ubuntu/18.04/prod.list | sudo tee /etc/apt/sources.list.d/msprod.list

# Install adutil-preview
sudo ACCEPT_EULA=Y apt-get install -y adutil-preview

# Register the Microsoft Ubuntu repository

sudo apt-get update && sudo apt-get install -y curl

curl https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -

sudo curl https://packages.microsoft.com/config/ubuntu/18.04/prod.list | sudo tee /etc/apt/sources.list.d/msprod.list

# Install adutil-preview

sudo ACCEPT_EULA=Y apt-get install -y adutil-preview

Create a domain user using adutil

Let’s try to create a regular AD user:

kinit administrator@LAB.LOCAL # we need to use a privileged user
adutil user create --name cviorel -distname CN=cviorel,CN=Users,DC=lab,DC=local --password 'P@ssw0rd'

1 2	kinit administrator@LAB.LOCAL # we need to use a privileged user adutil user create --name cviorel -distname CN=cviorel,CN=Users,DC=lab,DC=local --password 'P@ssw0rd'

At this point adutil cannot list the users, but we can check if an account exists in the AD

adutil account exists cviorel

1	adutil account exists cviorel

Install SQL Server instance on the Linux host

From this point on, I can proceed at installing the SQL Server instance on the Linux host:

# Install SQL Server on Linux
wget -qO- https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -
sudo add-apt-repository "$(wget -qO- https://packages.microsoft.com/config/ubuntu/18.04/mssql-server-2019.list)"
sudo apt-get update
sudo apt-get install -y mssql-server

# Configure SQL Server
sudo /opt/mssql/bin/mssql-conf setup

# Enable the SQL Server Agent
sudo /opt/mssql/bin/mssql-conf <span class="hljs-built_in">set</span> sqlagent.enabled <span class="hljs-literal">true</span> 

# Set custom TCP port
sudo /opt/mssql/bin/mssql-conf set network.tcpport 20001
sudo systemctl restart mssql-server

# Check the configuration
systemctl status mssql-server --no-pager

# Install the SQL Server command-line tools
curl https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -
curl https://packages.microsoft.com/config/ubuntu/18.04/prod.list | sudo tee /etc/apt/sources.list.d/msprod.list
sudo apt-get update 
sudo apt-get install -y mssql-tools unixodbc-dev
echo 'export PATH="$PATH:/opt/mssql-tools/bin"' >> ~/.bash_profile
echo 'export PATH="$PATH:/opt/mssql-tools/bin"' >> ~/.bashrc
source ~/.bashrc

# Install SQL Server on Linux

wget -qO- https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -

sudo add-apt-repository "$(wget -qO- https://packages.microsoft.com/config/ubuntu/18.04/mssql-server-2019.list)"

sudo apt-get update

sudo apt-get install -y mssql-server

# Configure SQL Server

sudo /opt/mssql/bin/mssql-conf setup

# Enable the SQL Server Agent

sudo /opt/mssql/bin/mssql-conf <span class="hljs-built_in">set</span> sqlagent.enabled <span class="hljs-literal">true</span>

# Set custom TCP port

sudo /opt/mssql/bin/mssql-conf set network.tcpport 20001

sudo systemctl restart mssql-server

# Check the configuration

systemctl status mssql-server --no-pager

# Install the SQL Server command-line tools

curl https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -

curl https://packages.microsoft.com/config/ubuntu/18.04/prod.list | sudo tee /etc/apt/sources.list.d/msprod.list

sudo apt-get update

sudo apt-get install -y mssql-tools unixodbc-dev

echo 'export PATH="$PATH:/opt/mssql-tools/bin"' >> ~/.bash_profile

echo 'export PATH="$PATH:/opt/mssql-tools/bin"' >> ~/.bashrc

source ~/.bashrc

Create an AD user for SQL Server and set the ServicePrincipalName (SPN) using adutil

SQL Server instance is running and let’s now create an AD user for SQL Server and set the ServicePrincipalName (SPN) using the adutil tool.

kinit administrator@LAB.LOCAL # we need to use a privileged user
adutil user create --name sqluser -distname CN=sqluser,CN=Users,DC=lab,DC=local --password 'P@ssw0rd'

# Register SPNs to the principal created above. We use port 20001/tcp for the SQL Server instance
adutil spn addauto -n sqluser -s MSSQLSvc -H tf-ubuntu01.lab.local -p 20001

adutil keytab createauto -k /var/opt/mssql/secrets/mssql.keytab -p 20001 -H tf-ubuntu01.lab.local --password 'P@ssw0rd' -s MSSQLSvc

# Add an entry in the keytab for the principal name and its password that will be used by SQL Server to connect to AD
adutil keytab create -k /var/opt/mssql/secrets/mssql.keytab -p sqluser --password 'P@ssw0rd!'

# Set proper permissions to the mssql.keytab file
chown mssql. /var/opt/mssql/secrets/mssql.keytab
chmod 440 /var/opt/mssql/secrets/mssql.keytab

# Configure SQL Server to use the keytab
/opt/mssql/bin/mssql-conf set network.kerberoskeytabfile /var/opt/mssql/secrets/mssql.keytab
/opt/mssql/bin/mssql-conf set network.privilegedadaccount sqluser

kinit administrator@LAB.LOCAL # we need to use a privileged user

adutil user create --name sqluser -distname CN=sqluser,CN=Users,DC=lab,DC=local --password 'P@ssw0rd'

# Register SPNs to the principal created above. We use port 20001/tcp for the SQL Server instance

adutil spn addauto -n sqluser -s MSSQLSvc -H tf-ubuntu01.lab.local -p 20001

adutil keytab createauto -k /var/opt/mssql/secrets/mssql.keytab -p 20001 -H tf-ubuntu01.lab.local --password 'P@ssw0rd' -s MSSQLSvc

# Add an entry in the keytab for the principal name and its password that will be used by SQL Server to connect to AD

adutil keytab create -k /var/opt/mssql/secrets/mssql.keytab -p sqluser --password 'P@ssw0rd!'

# Set proper permissions to the mssql.keytab file

chown mssql. /var/opt/mssql/secrets/mssql.keytab

chmod 440 /var/opt/mssql/secrets/mssql.keytab

# Configure SQL Server to use the keytab

/opt/mssql/bin/mssql-conf set network.kerberoskeytabfile /var/opt/mssql/secrets/mssql.keytab

/opt/mssql/bin/mssql-conf set network.privilegedadaccount sqluser

Test the connections and the authentication scheme

Let’s create an AD-based SQL Server login:

CREATE LOGIN [LAB\cviorel] FROM WINDOWS;
SELECT name FROM sys.server_principals;

1 2	CREATE LOGIN [LAB\cviorel] FROM WINDOWS; SELECT name FROM sys.server_principals;

Connecting as a domain user from the Linux box:

Let’s verify the authentication scheme:

sqlcmd -S localhost,20001 -U SA -h -1 -s, -W -Q '
SELECT DES.session_id, DES.login_name, DES.program_name, DES.host_name, DEC.auth_scheme, DEC.client_tcp_port 
FROM sys.dm_exec_sessions AS DES JOIN sys.dm_exec_connections AS DEC ON DEC.session_id = DES.session_id 
WHERE DES.session_id <> @@SPID;'

sqlcmd -S localhost,20001 -U SA -h -1 -s, -W -Q '

SELECT DES.session_id, DES.login_name, DES.program_name, DES.host_name, DEC.auth_scheme, DEC.client_tcp_port

FROM sys.dm_exec_sessions AS DES JOIN sys.dm_exec_connections AS DEC ON DEC.session_id = DES.session_id

WHERE DES.session_id <> @@SPID;'

Conclusion

Our setup is now complete and we managed to perform all the required operations from a Linux machine. The same can be applied to provision SQL Server running on Linux containers. This also should apply if you’re running in the cloud.

Always On Availability Groups using containers

Posted by cviorel on December 11, 2020 No comments | This post has 2,743 views.

The complete code can be found on my GitHub account

As a SQL Server person, I usually need to work with full blown Availability Groups for my various test scenarios.
I need to have a reliable and consistent way to rebuild the whole setup, multiple times a day.

For this purpose, docker containers are a perfect fit.
This approach will serve multiple scenarios (tsql development, performance tuning, infrastructure changes, etc.)

Target

Using the process I’ll explain below, I will deploy:

3 nodes running SQL Server 2019 Dev on top of Ubuntu 18.04
1 Clusterless Availability Group (also known as Read-Scale Availability Group)

Note that our Clusterless AG is not a high availability or disaster recovery solution.
It only provides a mechanism to synchronize databases across multiple servers (containers).
Only manual failover without data loss and forced failover with data loss is possible when using Read-Scale availability groups.

For production ready and true HA and DR one should look into traditional availability groups running on top of Windows Failover Cluster.
Another viable solution is to run SQL Server instance on Kubernetes in Azure Kubernetes Service (AKS), with persistent storage for high availability.

How

The workflow consist of the following steps:

prepare a custom docker image running Ubuntu 18.04 and SQL Server 2019
create a configuration file that will be used by docker-compose to spin up the 3 nodes

The actual build of the Availability Group will be performed by the entrypoint.sh script that will run on all the containers based on the image we just created.

The entrypoint.sh file is used to configure the container.
We just need to add a few .sql scripts that will get executed using sqlcmd utility.
In this case is the ag.sql file that contains the commands to create logins, certificates, endpoints and finally the Availability Group.

Remember, we’re using a Clusterless Availability Group, so the SQL Server service on Linux uses certificates to authenticate communication between the mirroring endpoints.

In a matter of minutes I have a fully working AG.

Credentials

During the build of the docker image and to create the AG I will need to specify various variables and credentials.

For production environments the recommended approach to manage secrets is to use a vault.

For my case I’m storing various variables and credentials in plain text files in the env folder.
Docker will parse those files and they will be available as environment variables.

sapassword.env – this contains the SA password and it’s needed when the custom image is built.

SA_PASSWORD=Str0ngPa$$w0rdForSA!

1	SA_PASSWORD=Str0ngPa$$w0rdForSA!

sqlserver.env – various variables are set here and are needed when the custom image is built.

ACCEPT_EULA=Y
MSSQL_DATA_DIR=/var/opt/sqlserver/data
MSSQL_LOG_DIR=/var/opt/sqlserver/log
MSSQL_BACKUP_DIR=/var/opt/sqlserver/backup
MSSQL_PID=Developer
MSSQL_AGENT_ENABLED=1

ACCEPT_EULA=Y

MSSQL_DATA_DIR=/var/opt/sqlserver/data

MSSQL_LOG_DIR=/var/opt/sqlserver/log

MSSQL_BACKUP_DIR=/var/opt/sqlserver/backup

MSSQL_PID=Developer

MSSQL_AGENT_ENABLED=1

miscpassword.env – will be needed to create the login and certificate needed by the Availability Group. This file is actually added to the container and it will be deleted after the Availability Group is created.

:SETVAR sa_password "Str0ngPa$$w0rdForSA!"
:SETVAR encryption_password "Str0ngPa$$w0rdForEnc!"
:SETVAR dbm_login_password "Str0ngPa$$w0rdForDBM!"

:SETVAR sa_password "Str0ngPa$$w0rdForSA!"

:SETVAR encryption_password "Str0ngPa$$w0rdForEnc!"

:SETVAR dbm_login_password "Str0ngPa$$w0rdForDBM!"

The advantage of this approach is that I have only one place where I store all these variables and credentials, but as I mentioned earlier, it’s not a proper solution from a security standpoint.

A few alternative approaches would be:
– use a tool to manage secrets, like Vault
– multi-stage builds
– use BuildKit

Conclusion

From a testing and development point of view, this solution works very well for me as I can rebuild the environment in a fast and consistent way.

It’s not by any means the best option out there, but it’s really simple to use and reproduce.

See it in action

Click on the image for the full gif

How to keep your VM templates up-to-date using packer

Posted by cviorel on November 23, 2020 No comments | This post has 2,337 views.

Today I’m gonna describe the process I’m using to keep my VM templates up to date.

All the scripts that you need to get started can be found on my GitHub repo. Feel free to get them and use them in any way you might find useful.
Make sure you update the variables inside the json\vars.json file to match your environment.

Either if you have a homelab where you test things or have a full enterprise environment, you will need to make sure you are always deploying the same thing across all your environments, every time, without exception.

For a long time sysadmins used hand-crafted golden images for their OSes that they need to further customize every time they were deploying a new VM.

In today’s modern infrastructures, we need to constantly change things and we need a better way to have these golden images tested and kept up to date.

The article here will show how this can be accomplished for a Windows 2019 OS image. I am usually using this to quickly spin up a bunch of VMs on my vCenter.

They will be configured later to host Domain Controllers, SQL Servers, various web applications, etc.

This allows me to focus on my testing and not spend a lot of time on the infrastructure itself.

The tool we’re going to use is Packer.

It will work out of the box with any major cloud providers and because it’s lightweight, portable and command-line driven, it’s suited for Continuous Delivery pipelines, keep dev/prod parity or to package up software with complex requirements.

The installation of Packer is really simple and all the needed steps are described in the docs.

On my GitHub Repo you’ll find a small script that you can use to download the latest version of Packer.

The first step is to have a template for our build. This is just a JSON file that contains information about how packer needs to access my infrastructure, access keys, various settings for my image.

{
  "variables": {
    "vsphere_server": "vcenter@local",
    "vsphere_user": "administrator@vsphere.local",
    "vsphere_password": "YourSecretPasswordHere",
    "vsphere_template_name": "Win2019Core",
    "vsphere_folder": "",
    "vsphere_dc_name": "",
    "vsphere_compute_cluster": "",
    "vsphere_resource_pool": "",
    "vsphere_host": "esxi01.vsphere.local",
    "vsphere_portgroup_name": "",
    "vsphere_datastore": "",
    "windows_admin_password": "",
    "cpu_num": "1",
    "mem_size": "2048",
    "disk_size": "10000",
    "os_iso_url": "",
    "os_iso_path": "",
    "os_iso_checksum": "",
    "os_iso_checksum_type": "",
    "vmtools_iso_path": ""
  },
  "sensitive-variables": [
    "vsphere_password",
    "winadmin_password"
  ],
  "builders": [
    {
      "type": "vsphere-iso",
      "username": "{{user `vsphere_user`}}",
      "vcenter_server": "{{user `vsphere_server`}}",
      "insecure_connection": "true",
      "datacenter": "{{user `vsphere_dc_name`}}",
      "host": "{{user `vsphere_host`}}",
      "datastore": "{{user `vsphere_datastore`}}",
      "vm_name": "{{user `vsphere_template_name`}}",
      "folder": "{{user `vsphere_folder`}}",
      "CPUs": "{{user `cpu_num`}}",
      "RAM": "{{user `mem_size`}}",
      "RAM_reserve_all": true,
      "firmware": "bios",
      "communicator": "winrm",
      "winrm_username": "Administrator",
      "winrm_password": "{{user `windows_admin_password`}}",
      "disk_controller_type": "lsilogic-sas",
      "floppy_files": [
        "answer_files/win2019core/autounattend.xml",
        "scripts/Enable-WinRM.ps1",
        "scripts/Install-VMTools.ps1",
        "scripts/Set-Default-Shell.ps1",
        "scripts/SysPrepWin.ps1"
      ],
      "guest_os_type": "windows9_64Guest",
      "iso_paths": [
        "{{user `os_iso_path`}}",
        "{{user `vmtools_iso_path`}}"
      ],
      "remove_cdrom": true,
      "network_adapters": [
        {
          "network_card": "vmxnet3"
        }
      ],
      "password": "{{user `vsphere_password`}}",
      "resource_pool": "{{user `vsphere_resource_pool`}}",
      "storage": [
        {
          "disk_size": "{{user `disk_size`}}",
          "disk_thin_provisioned": true
        }
      ],
      "convert_to_template": true,
      "notes": "created on: {{isotime}}"
    }
  ],
  "provisioners": [
    {
      "inline": [
        "dir c:\\"
      ],
      "type": "windows-shell"
    }
  ]
}

{

"variables": {

"vsphere_server": "vcenter@local",

"vsphere_user": "administrator@vsphere.local",

"vsphere_password": "YourSecretPasswordHere",

"vsphere_template_name": "Win2019Core",

"vsphere_folder": "",

"vsphere_dc_name": "",

"vsphere_compute_cluster": "",

"vsphere_resource_pool": "",

"vsphere_host": "esxi01.vsphere.local",

"vsphere_portgroup_name": "",

"vsphere_datastore": "",

"windows_admin_password": "",

"cpu_num": "1",

"mem_size": "2048",

"disk_size": "10000",

"os_iso_url": "",

"os_iso_path": "",

"os_iso_checksum": "",

"os_iso_checksum_type": "",

"vmtools_iso_path": ""

"sensitive-variables": [

"vsphere_password",

"winadmin_password"

"builders": [

{

"type": "vsphere-iso",

"username": "{{user `vsphere_user`}}",

"vcenter_server": "{{user `vsphere_server`}}",

"insecure_connection": "true",

"datacenter": "{{user `vsphere_dc_name`}}",

"host": "{{user `vsphere_host`}}",

"datastore": "{{user `vsphere_datastore`}}",

"vm_name": "{{user `vsphere_template_name`}}",

"folder": "{{user `vsphere_folder`}}",

"CPUs": "{{user `cpu_num`}}",

"RAM": "{{user `mem_size`}}",

"RAM_reserve_all": true,

"firmware": "bios",

"communicator": "winrm",

"winrm_username": "Administrator",

"winrm_password": "{{user `windows_admin_password`}}",

"disk_controller_type": "lsilogic-sas",

"floppy_files": [

"answer_files/win2019core/autounattend.xml",

"scripts/Enable-WinRM.ps1",

"scripts/Install-VMTools.ps1",

"scripts/Set-Default-Shell.ps1",

"scripts/SysPrepWin.ps1"

"guest_os_type": "windows9_64Guest",

"iso_paths": [

"{{user `os_iso_path`}}",

"{{user `vmtools_iso_path`}}"

"remove_cdrom": true,

"network_adapters": [

{

"network_card": "vmxnet3"

}

"password": "{{user `vsphere_password`}}",

"resource_pool": "{{user `vsphere_resource_pool`}}",

"storage": [

{

"disk_size": "{{user `disk_size`}}",

"disk_thin_provisioned": true

}

"convert_to_template": true,

"notes": "created on: {{isotime}}"

}

"provisioners": [

{

"inline": [

"dir c:\\"

"type": "windows-shell"

}

]

}

In a second step I need to make sure I have a valid configuration. Packer has a validate command for this:

packer validate json\windows_2019.json

1	packer validate json\windows_2019.json

In step 3, after the validation is successful, I can proceed to building the image.

packer.exe build -force -var-file='json\vars.json' 'json\windows_2019.json'

1	packer.exe build -force -var-file='json\vars.json' 'json\windows_2019.json'

Notice that I’m passing the var-file option in order to tell packer where my variables are defined.

WARNING: This file will hold your secrets so be very careful about who’s able to access it.

{
    "vsphere_server": "vcenter@local",
    "vsphere_user": "administrator@vsphere.local",
    "vsphere_password": "YourSecretPasswordHere",
    "vsphere_template_name": "Win2019Core",
    "vsphere_folder": "Templates",
    "vsphere_dc_name": "DataCenterName",
    "vsphere_resource_pool": "Packer",
    "vsphere_host": "esxi01.vsphere.local",
    "vsphere_portgroup_name": "lab_portgroup",
    "vsphere_datastore": "N3_SSD_123_EVO",
    "windows_admin_password": "YourSecretPasswordHere",
    "linux_admin_password": "YourSecretPasswordHere",
    "cpu_num": "2",
    "mem_size": "4096",
    "disk_size": "32768",
    "os_iso_path": "[iso] WIN2019/17763.737.190906-2324.rs5_release_svc_refresh_SERVER_EVAL_x64FRE_en-us_1.iso",
    "vmtools_iso_path": "[iso] VMware Tools/VMware-tools-windows-11.1.1-16303738.iso"
}

{

"vsphere_server": "vcenter@local",

"vsphere_user": "administrator@vsphere.local",

"vsphere_password": "YourSecretPasswordHere",

"vsphere_template_name": "Win2019Core",

"vsphere_folder": "Templates",

"vsphere_dc_name": "DataCenterName",

"vsphere_resource_pool": "Packer",

"vsphere_host": "esxi01.vsphere.local",

"vsphere_portgroup_name": "lab_portgroup",

"vsphere_datastore": "N3_SSD_123_EVO",

"windows_admin_password": "YourSecretPasswordHere",

"linux_admin_password": "YourSecretPasswordHere",

"cpu_num": "2",

"mem_size": "4096",

"disk_size": "32768",

"os_iso_path": "[iso] WIN2019/17763.737.190906-2324.rs5_release_svc_refresh_SERVER_EVAL_x64FRE_en-us_1.iso",

"vmtools_iso_path": "[iso] VMware Tools/VMware-tools-windows-11.1.1-16303738.iso"

}

The force option will instruct packer to force a builder to run when artifacts from a previous build prevent a build from running.

This parameter can behave differently for each builder, but in general it will remove the artifacts from the previous build.
Check out the docs about what options you can use for the build command.

At this point we have an image that’s ready to be used.

In the example scripts I’m using, you will notice that in order to allow packer to connect to the image, I enabled WinRM connectivity over http.

This was executed as the last action in the answer_files\win2019core\autounattend.xml file:

This approach is used to perform an Unattended Installation for Windows and this is the reason we have the floppy_files section in our JSON template:

As a good practice we should make sure that after all the customization is done, we should leave the template in a clean and secure state.

This is not a trivial task and should not be taken lightly as doing it wrong can expose you to a bunch of security issues.

It’s not the scope of this article, but you can read a more in-depth analysis on this blog post:

https://missionimpossiblecode.io/post/winrm-for-provisioning-close-the-door-on-the-way-out-eh/

To sum up, in my environment it takes about 8 minutes to finish a build.

I hope this will give you a better insight on how to prepare and maintain your images, either on-premises or in the cloud.

Thanks for reading!

Wrong network location profile causes issues with Windows Failover Cluster

Posted by cviorel on July 25, 2020 2 comments | This post has 35,729 views.

Hi folks,

The other day I was pulling hair from my head trying to configure a Windows Failover Cluster intended for an SQL Server Availability Group setup.

During the cluster validation stage I always got this message:

The Windows Firewall on node node01.domain.local is not properly configured for failover clustering.
In particular, the ‘Public’ firewall profile is enabled on adapter ‘node01.domain.local – SLOT 1 PORT 2’.
The ‘Failover Clusters’ rule group is not enabled in firewall profile ‘Public’.
This may prevent some network communication between cluster nodes.

The OS install and networking part was already configured by a someone else and it was a pretty straightforward installation.

The issue turned out to be caused by the 2 NICs we have for iSCSI traffic which did not have a gateway configured.

Windows uses gateways to identify networks. If it doesn’t have a gateway configured, or if it can’t successfully ping it, it will not be able to identify the network it’s connected to and will assume it’s a public one.

Network cards in Windows can be connected to one of these type of networks:
– Public
– Private
– DomainAuthenticated

By default, the public network location type is assigned to any new networks when they are first connected.

A public network is considered to be shared with the world, with no protection between the local computer and any other computer. Therefore, the Windows Firewall rules associated with the public profile are the most restrictive.

As part of the Windows Failover Cluster validation/creation there are checks to verify connectivity (between cluster nodes, active directory, etc.).

These were the settings I had:
Before

All I needed to do was to move all non-domain network interfaces into the private profile:

Get-NetConnectionProfile | Where-Object { $_.NetworkCategory -ne 'DomainAuthenticated' } | Set-NetConnectionProfile -NetworkCategory Private

1	Get-NetConnectionProfile \| Where-Object { $_.NetworkCategory -ne 'DomainAuthenticated' } \| Set-NetConnectionProfile -NetworkCategory Private

After

After the change the cluster creation went without issue.

This small detail be easily missed and can cause a lot of headaches and lost time investigating failover clusters.

Cheers!

Update Ola Hallengren’s IndexOptimize Job to only update statistics

Posted by cviorel on May 11, 2020 No comments | This post has 1,645 views.

Managing a lot of SQL servers does not have to to be a burden. One or a hundred, should be the same, right?
This is how you can quickly update (on a bunch of servers) the IndexOptimize job which is created if you install the MaintenenceSolution from Ola Hallengren:

$servers = @(
    'server_01',
    'server_02',
    'server_03',
    'server_04',
    'server_nn'

    )
$newCommand = @'
EXECUTE [dbo].[IndexOptimize]
@Databases = 'USER_DATABASES' ,
@FragmentationLow = NULL ,
@FragmentationMedium = NULL ,
@FragmentationHigh = NULL ,
@UpdateStatistics = 'ALL' ,
@OnlyModifiedStatistics = N'Y' ,
@LogToTable = N'N';
'@

$ports = 10001..10005
foreach ($node in $servers) {
    foreach ($port in $ports) {
        $instance = "$node,$port"
        $jobName = 'IndexOptimize - USER_DATABASES'
        $job = Get-DbaAgentJob -SqlInstance "$instance" -Job $jobName
        foreach ($Step in $Job.jobsteps.Where{ $_.Name -eq $jobName }) {
            $Step.Command = $newCommand
            $Step.Alter()
        }
    }
}

$servers = @(

'server_01',

'server_02',

'server_03',

'server_04',

'server_nn'

)

$newCommand = @'

EXECUTE [dbo].[IndexOptimize]

@Databases = 'USER_DATABASES' ,

@FragmentationLow = NULL ,

@FragmentationMedium = NULL ,

@FragmentationHigh = NULL ,

@UpdateStatistics = 'ALL' ,

@OnlyModifiedStatistics = N'Y' ,

@LogToTable = N'N';

$ports = 10001..10005

foreach ($node in $servers) {

foreach ($port in $ports) {

$instance = "$node,$port"

$jobName = 'IndexOptimize - USER_DATABASES'

$job = Get-DbaAgentJob -SqlInstance "$instance" -Job $jobName

foreach ($Step in $Job.jobsteps.Where{ $_.Name -eq $jobName }) {

$Step.Command = $newCommand

$Step.Alter()

}

Erik Darling (t|b) has written a longer post here.

PS. Check out how to quickly install Ola’s maintenance solution on the dbatools.io website.

Page 1 of 12
1
2
3
4
5
6
7
8
9
10
...
12
>

1. Editor Tab and Status Bar

2. Advanced Execution Settings

3. Query Results to Grid

4. Query Results to Text

5. SQL Server Object Explorer Options

6. Query Output Formatting

Prepare the Domain Controller

Join the Linux host to the domain

Install adutil

Create a domain user using adutil

Install SQL Server instance on the Linux host

Create an AD user for SQL Server and set the ServicePrincipalName (SPN) using adutil

Test the connections and the authentication scheme

Conclusion

Target

How

Credentials

Conclusion

See it in action

Social

Categories

Tags