Seen when attempting to add a Windows Optional Feature;
Windows couldn’t complete the required changes.
The changes could not be completed. Please reboot your computer and try again
Error code: 0x800F0954
Solution
Typically you see this error if your machine is set to get its updates from WSUS. You can change the way Windows operates to get the ‘Feature addition’ files directly from Microsoft with a group policy.
For Local Policy: Windows Key+R > gpedit.msc {Enter}
For Domain Policy: (On a domain controller) > Windows Key+R > gpmc.msc {Enter} > Create a new policy or edit one that’s linked to computer objects.
Navigate to;
[box]
Configuration > Administrative Templates > System
[/box]
Locate ‘Specify Settings for optional component installation and component repair‘.
Set to Enabled > Tick ‘Download repair content and optional features directly from Windows Update instead of Windows Server Update Services (WSUS) > Apply > OK > Close the policy editor.
In Part 3 we ran through manual pools, if you want to deploy automated pools using ‘Linked Clones’, then you will need VMware Composer. Composer installs on your Virtual Center Server. It also requires a database, the following is a step by step guide to installing SQL Server 2008 R2 and configuring it for Composer.
VMware View 5 Suppored Database Platforms
When you have your databse platform installed and configured, on the Virtual center server create an ODBC connection to the database and install VMware Composer. Finally you will need to enable composer in the VMware View Administrator Console.
Solution
VMware View – Installing SQL 2008 R2 and Configuring for Composer
1. Let the SQL DVD auto-run and choose Installation > New installation > OK > Product Key > Next > Accept the EULA > Next > Install the setup files.
2. Take note of any warnings, here it’s complaining that I’m on a domain controller (in a test environment this is OK, don’t do this in production!). And it’s giving me a firewall warning. I’m going to disable the firewall as I’m behind a corporate firewall, BUT if you want to create an exception for TCP port 1433, or run the following command. That would be the correct way to address the warning.
[box] netsh advfirewall firewall add rule name = SQLPort dir = in protocol = tcp action = allow localport = 1433 remoteip = localsubnet profile = DOMAIN [/box]
3. You only need the “Database Engine Services” and the “Management Tools” , or you can simply install everything > Next > Next > Select Default Instance* > Next > Next.
*Unless you specifically want a named instance.
4. I set the services to run under the ‘System’ account, if you want to use the domain admin, or another domain service account use that instead. You can use the “Use same account button for all” to save typing > Next.
5. We will need SQL authentication, type in a suitable complex password (You can add the current user of the domain administrator as well) > Next > If your installing Analysis services you can add an account here > Next.
6. Install the native mode default configuration > Next > Next > Next > Install > Close > Exit the SQL installer.
7. Launch the SQL Management Studio > Log in (for servername simply type in localhost) > Right click Databases > New Database..
8. Give the Database a name > Select the ‘Options’ Settings.
9. Change the recovery model to ‘Simple’ > OK.
10. Expand Security > Logins > Create a new login.
13. Give the new user/login a name, select SQL authentication > Set a complex password > Untick Enforce password expiration > Select the user mappping section (on the left).
14. Select the database you have just created and give this new user the “db_owner” role > OK > Exit the management studio
VMware View – Configure ODBC Settings on the Virtual Center Server
15. On the vCenter Server > Start > Administrative Tools > Data Sources (ODBC).
16. System DSN > Add > SQL Server Native Client > Finish,
17. Add in the Database name and the server you installed SQL on > Next.
18. Supply the details for the user you created and the password you set > Next.
19. Change the default database from ‘master’ to the one you created > Next > accept all the defaults > Finish.
20. Click ‘Test Data Source’ and it should say TEST COMLPETED SUCESSFULLY > OK > OK > OK.
VMware View – Installing VMware Composer
Note: Composer MUST be installed on your VMware virtual Center (vCenter) Server.
21. Run the installer > Next > Next > Accept the EULA > Next > Next > Enter the ODBC details and login you created earlier > Next.
22. Next > Install > Finish.
VMware View – Add Composer to VMware View Administrator Console
23. Connect to, and log into the VMware View Administrator Console > View Configuration > Servers > If you already have a vCenter server select Edit > If not select Add.
24. On the vCenter Server settings tab ensure ‘Enable View Composer’ is ticked and add in a domain user (with rights to create, and delete computer objects in the domain) > OK.
25. You will know if the operation was successful as the vCenter logo will change, it will now have a gold/yellow box around it.
Related Articles, References, Credits, or External Links
When attempting to install the Microsoft Communications Managed API 4.0 on a Windows Server 2012 machine. You get the following error;
Setup has detected that this computer does not meet the requirements to install this software. The following blocking issue must be resolved before you can install Microsoft Unified Communications Managed API 4.0, Runtime software package.
Microsoft Unified Communications Managed API 4.0, Runtime required the following missing Windows Features.
-Media Foundation
1. Launch Server Manager (ServerManager.exe) > Manage > Add Roles and Features > Next > Next > Next > Scroll Down > Select Media Foundation > Next > Install.
Related Articles, References, Credits, or External Links
Microsoft have not only slipstreamed the service pack into the install media, they have (Finally!) got the install routine to put in all the usual pre-requisites, roles, and features, that you had to do yourself before. (With the exception of the Microsoft 2010 filter pack, but even then you can do that after the install).
The procedure below was done on a single server in a test environment, to demonstrate the simplified procedure, it IS NOT good practice to install Exchange (any version) on a domain controller.
Solution
Before Site Visit
1. Have your install media downloaded and ready to go (Make sure you also have the unlock codes for Exchange – or you will have 119 days to licence it, post install).
2. Does your current anti virus solution support Exchange 2010? Do you need an upgrade?
3. Does your current backup software support Exchange 2010? Do you need to purchase extra remote agents or updates?
Before Deploying Exchange 2010
1. Depending on what documentation you read, some say that the global catalog server(s) in the current site need to be at least Server 2003 SP2. Other documentation says the schema master needs to be at least Server 2003 SP2. Let’s hedge our bets, and make sure that ALL the domain controllers are at least Server 2003 SP2 🙂
2. Your domain and forest functional levels need to be at Windows Server 2003.
3. Don’t forget – your server needs to be x64 bit (the video below was shot on a Server 2008 R2 server).
4. Make sure both the server you are installing on, and the Windows domain, are happy (get into the event viewers of your servers and have a good spring clean before deploying Exchange 2010).
6. Install the roles required with the following PowerShell Commands;
[box]
Import-Module ServerManager
For Client Access, Hub Transport, and the Mailbox roles issue the following command;
Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy,Web-WMI -Restart
For Client Access and Hub Transport server roles issue the following command;
Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy,Web-WMI -Restart
For only the Mailbox role issue the following command;
Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server -Restart
For only the Unified Messaging role issue the following command;
Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Desktop-Experience -Restart
For only the Edge Transport role issue the following command;
Add-WindowsFeature NET-Framework,RSAT-ADDS,ADLDS -Restart
[/box]
7. Set the Net.Tcp Port Sharing Service for Automatic startup by running the following command;
IOS 11.2 gave us CBAC, and IOS 12.4(6)T gave us the Zone Based Firewall. You can still use either, (providing you are running the correct IOS, or in the case of version 15 and upwards, added the correct license, ‘securityK9’). For older IOS versions usually you want the advipservices version of the IOS).
Solution
Run the following command to see if you have the correct license installed.
[box]
Petes-Router#show license features
[/box]
Cisco IOS Setup CBAC (IOS Firewall Classic)
1. Declare the protocols you want to inspect.
[box]
Petes-Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Petes-Router(config)#ip inspect name IOS-FW tcp
Petes-Router(config)#ip inspect name IOS-FW udp
Petes-Router(config)#ip inspect name IOS-FW icmp
[/box]
2. Apply that inspection inbound on the inside interface (that’s traffic going out).
[box]
Petes-Router(config)#interface FastEthernet 0/1
Petes-Router(config-if)#ip inspect IOS-FW in
Petes-Router(config-if)#exit
Petes-Router(config)#
[/box]
4. Apply the inspection inbound on the outside interface (for traffic coming in). And then save the changes.
Note: If you have VPN traffic this will NOT break it.
[box]
Petes-Router(config)#interface Dialer0
Petes-Router(config-if)#ip inspect IOS-FW in
Petes-Router(config-if)#exit
Petes-Router(config)#exit
*Mar 1 00:05:29.875: %SYS-5-CONFIG_I: Configured from console by console
Petes-Router#wr mem
Building configuration...
[OK]
Petes-Router#
[/box]
Cisco Zone Based Firewall Setup
The config on ZBF can get quite complicated, I’m simply going to allow traffic out, and block all traffic coming in (apart from traffic that will be coming in over VPN).
Note: CBAC Settings (if used), must be removed before configuring ZBF.
1. The first thing to do is setup the zones, I only have a LAN an WAN to worry about.
[box]
Petes-Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Petes-Router(config)#zone security SZ-INSIDE
Petes-Router(config-sec-zone)#description Local Area Network
Petes-Router(config-sec-zone)#zone security SZ-OUTSIDE
Petes-Router(config-sec-zone)#description Wide Area Network (Internet)
Petes-Router(config-sec-zone)#exit
[/box]
2. Create two ACLs to decide which traffic you want to allow in and out. Note: I’ve also added the subnets for my remote VPN network. I will allow out www (TCP 80), https (TCP 443), and DNS (TCP 53). Inbound everything is blocked apart from my VPN traffic.
Note: I’m not covering setting up the VPN, if you want to know how to do that, see the following article;
Then for each ACL I’m creating a class-map, it’s the class-map that decides what traffic will be inspected, (by inspected, in ZBF terms we mean allowed).
[box]
Petes-Router(config)#ip access-list extended ACL-OUTBOUND
Petes-Router(config-ext-nacl)#permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
Petes-Router(config-ext-nacl)#permit tcp 192.168.1.0 0.0.0.255 any eq www
Petes-Router(config-ext-nacl)#permit tcp 192.168.1.0 0.0.0.255 any eq 443
Petes-Router(config-ext-nacl)#permit tcp 192.168.1.0 0.0.0.255 any eq 53
Petes-Router(config-ext-nacl)#class-map type inspect match-all CM-OUTBOUND
Petes-Router(config-cmap)#match access-group name ACL-OUTBOUND
Petes-Router(config-ext-nacl)#exit
Petes-Router(config)#ip access-list extended ACL-INBOUND
Petes-Router(config-ext-nacl)#permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
[/box]
3. Define what to do with the (matched) traffic with a policy-map, this can be set to inspect, log , or drop. We set it to inspect our traffic, and drop, then log everything else.
[box]
Petes-Router(config)#policy-map type inspect PM-OUTBOUND
Petes-Router(config-pmap)#class type inspect CM-OUTBOUND
Petes-Router(config-pmap-c)#inspect
%No specific protocol configured in class CM-OUTBOUND for inspection. All protocols will be inspected
Note: The Above is not really true - we have defined the port in the ACL
Petes-Router(config-pmap-c)#class class-default
Petes-Router(config-pmap-c)#drop log
Petes-Router(config-pmap-c)#exit
Petes-Router(config-pmap)#exit
Petes-Router(config)#policy-map type inspect PM-INBOUND
Petes-Router(config-pmap)#class type inspect CM-INBOUND
Petes-Router(config-pmap-c)#inspect
%No specific protocol configured in class CM-INBOUND for inspection. All protocols will be inspected
Note: The Above is fine, it drops everything that's not VPN traffic anyway.
Petes-Router(config-pmap-c)#class class-default
Petes-Router(config-pmap-c)#drop log
Petes-Router(config-pmap-c)#exit
Petes-Router(config-pmap)#exit
[/box]
4. The last task is to create zone-pairs for the outbound and inbound traffic, then apply our policy-map to them with a service-policy.