Divide an IPv4 address into a network and host portion. (Quick overview)

If an organization has lots of computers, or if its computers are geographically spread, it’s a good idea to divide its netwerk into smaller ones (subnets) connected by routers. The benefit of using subnets are less traffic (most traffic will stay on the local netwerk) and easier to isolate and identify a network problem.

The subnet mask splits an IPv4 address into a network and a host portion.

In this table below you can see how you can split your subnets using a subnet mask.

binary   subnet mask decimal subnet mask Mask Bits nodes per subnet
1 /1 2147483648
11 /2 1073741824
111 /3 536870912
1111 /4 268435456
1111.1 /5 134217728
1111.11 /6 67108864
1111.111 /7 33554432
1111.1111 /8 16777214
1111.1111 1 /9 8388606
1111.1111 11 /10 4194302
1111.1111 111 /11 2097150
1111.1111 1111. /12 1048574
1111.1111 1111.1 /13 524286
1111.1111 1111.11 /14 262142
1111.1111 1111.111 /15 131070
1111.1111 1111.1111 /16 65534
1111.1111 1111.1111 1 /17 32766
1111.1111 1111.1111 11 /18 16382
1111.1111 1111.1111 111 /19 8190
1111.1111 1111.1111 1111 /20 4094
1111.1111 1111.1111 1111.1 /21 2046
1111.1111 1111.1111 1111.11 /22 1022
1111.1111 1111.1111 1111.111 /23 510
1111.1111 1111.1111 1111.1111 /24 254
1111.1111 1111.1111 1111.1111 1 /25 126
1111.1111 1111.1111 1111.1111 11 /26 62
1111.1111 1111.1111 1111.1111 111 /27 30
1111.1111 1111.1111 1111.1111 1111 /28 14
1111.1111 1111.1111 1111.1111 1111.1 /29 6
1111.1111 1111.1111 1111.1111 1111.11 /30 2
1111.1111 1111.1111 1111.1111 1111.111 /31 0
1111.1111 1111.1111 1111.1111 1111.1111 /32 0

Installing an SSD equipped machine with the Configuration Manager Task Sequence is causing problems. #yam

We had a problem deploying new laptops / notebooks with Sollid State Disk (SSD). They just came out of the box. The vendor had them pre-installed with eg. Windows 7.

We see that there is a problem when an Operating System is distributed by System Center Configuration Manager to client computers with SSD. There is no problem Continue reading

Is 1 Yottabyte (YB) enough to store all your files?

Microsoft released a new type of local file system in Windows Server 2012, it is called Resilient File System (ReFS). Microsoft designed this new file system because they see that there is a growth in storage (big data) and it works well with their new Storage Spaces feature in Windows Server 2012.

Initially it will be used for the file servers to prevent data loss and downtime.

In Windows Server 2012 you can choose between FAT32, NTFS and ReFS.

ReFS support features that contain functionality that proactively scans and repairs bad disk clusters (they use a “scrubber”). It’s a “Self-healing” file system and designed to prioritize the availability of data. If data corruption occurs the data will stay available without volume down-time. If data is corrupted an auto-repair (salvage) is triggered (it’s resilient to curruption) and it can remove the corrupted data, the volume will then be brought back online in a split second without the corrupted data.

1 yottabyte (YB) is 1.000.0 Continue reading

Move a computer to a different OU within a ConfigMgr 2012 SP1 Task Sequence. #yam

In the past we used a vbs-script in a ConfigMgr Task Sequence to detect if a computer was already added to the Active Directory. If it was detected in Active Directory it was moved to a OU with less policies. In this example I will create a System Center Orchestrator (SCOrch) Runbook which will detect if a computer is already an Active Directory member, and if so it will be moved to another predefined OU.


  • A System Center Configuration Manager 2012 SP1 infrastructure.
  • A System Center Orchestrator 2012 installation.
  • The Microsoft Deployment Toolkit 2012 Update 1 integration.
  • The Active Directory Integration Pack.
  • A Nework Access Account which has “Orchestrator User” credentials.
  • An AD service account with at least Account Operators credentials.

Configure the Active Directory Integration Pack

  • Start the System Center 2012 Orchestrator Runbook Designer.
  • Go to Options and change the SCORCH Dev – Active Directory Prerequisite Configuration.
  • Click on Add and type a Name
  • fill in the UserName, Password and the Domain name of the AD Account with Account Operators credentials
  • Click Finish.

Create a new Runbook

  • Start the System Center 2012 Orchestrator Runbook Designer
  • Create a new Runbook and rename it to ConfigMgr-TS-MoveComputerToDeploy
  • Add Initialize Data
  • Add Get Object DistiguishedName
  • Add Move AD Object
  • Create two links,
    • one between Initialize Data and Get Object Distiguished Name and
    • one between Get Object Distinguished Name and Move AD Object.
  • Open the Initialize Data Properties and click on Add.
  • Dubbelclick the Parameter 1 Activity data and change the name to Computer Name.
  • Click on Finish.
  • Open the Get Object DistinguishedName Properties.
  • Select the AD Connection Credentials under the Configuration Name properties.
  • type the DomainName.
  • Right click the field next to the Object Name Properties and select Subscribe > Published Data and select the Computer Name Activity.
  • Select computer from the drop down box under the Object Class
  • Click Finsih.
  • Open the Move AD Object Properties
  • Select the AD Connection Credentials under the Configuration Name properties.
  • Right click the field next to the Source Object LDAP Path and select Subscribe > Published Data
  •  In the Published Data, select Get Object DistinguishedName, and then select Object_LDAP_Path.
  • Click OK.
  • Right click the white field next to the Destination Container OU LDAP Path
  • And fill in the LDAP path of the Destination OU. It should look something like this: LDAP://OU=Deploy,OU=SUBOU,OU=SUBOU,DC=value,DC=kamman,DC=info
  • Click Finish.

Test de Runbook

  • Start the Runbook Tester.
  • Type the name of a machine which is a Active Directory member.
  • Step through the runbook and see if the log gifs you any errors.
  • If no errors are displayed Check In this new Runbook.

Add the Runbook to the Configuration Manager Task Sequence

  • Start the System Center 2012 Configuration Manager console
  • Go to Software Library | Operating Systems | Task Sequences
  • Create a new or edit an existing Task Sequence.
  • Add the MDT 2012 Deployment Toolkit Package to the task sequence.
  • Add the MDT/Execute Runbook step and fill in the Name, Orchestrator Server and Browse to the Runbook Move Computer.
  • Select Specify explicit runbook parameters and type next to Computer Name the variable %_SMSTSMachineName%.
  • Click Apply.

#mms2013, Microsofts End-User Self-Service Portals, a User-Centric approach!

During the Microsoft Management Summit 2013 (MMS2013) I saw Microsoft is shifting from a Device-Centric to a User-Centric approach with a lot of their products. They have different product available and a some of them use an End-User Self-Service Portal. They call it the User-Centric approach.

At this moment (april 2013) I see End-User Self-Service portals for 4 System Center 2012 products and a couple of other Self-Service portal outside the System Center Suite.

System Center Service Manager Self-Service Portal

System Center App-Controller Self-Service portal

System Center Virtual Machine Manager Self-Service portal

System Center Configuration Manager has two Self-Service portals (Application Catalog and Software Center)

ConfigMgr Software Center

ConfigMgr Application Catalog

Windows Intune

Windows Intune is not a System Center product, however you can use it as an add-on in System Center ConfigMgr. Intune has it’s own selfservice portal (Windows Intune Center or the Company Portal)

Windows Intune Center

Windows Intune, Company Portal

Azure has a Self-Service portal for customers.

Service Provider Foundation has a Service Management Portal for Administrators and a separate one for the different tenants.

I do not know all Microsoft product in detail, but if you know more Microsoft Product with and End-User Self-Service Portal in it, let me know!

Personaly i think Microsoft needs something like a System Center End User Portal (SCEUP) product which can combine all End-User portals into one single pane of glass.

System Center Configuration Manager 2012 SP1, Probleem met Cisco Wake-on LAN en Port Security en MAC Address Sticky

System Center Configuration Manager 2012 SP1, Probleem met Cisco Wake-on LAN en Port Security en MAC Address Sticky.

Binnen de ConfigMgr Workstation client setting kan Power Management  ingesteld worden. Hierin zit een functie die Enable wake-up Proxy heet. Wanneer deze instelling op YES wordt ingesteld kan een ConfigMgr client een andere machine in hetzelfde Subnet aanzetten.


Wanneer Configuration Manager 2012 SP1 gebruikt wordt kan naast de traditionele wake-up pakketjes ook de nieuwe Wake-Up Proxy client setting gebruikt worden. de Wake-up Proxy gebruikt een peer-to-peer protocol en gaat ConfigMgr Client computers selecteren binnen een subnet om te controleren of andere computers op het netwerk “wakker” zijn. Er zullen per subnet altijd drie van deze machines aanwezig zijn (guardians geheten). Deze kunnen dan door deze geselecteerde computers opgewekt worden wanneer dit nodig mocht zijn. Computers die voorzien zijn van een Configuration Manager 2012 SP1 client en niet slapen (manager computers) sturen om de 5 seconden een TCP/IP ping naar andere computers om te zien of ze wel of niet slapen.

Wanneer de Wake-up Proxy optie aan staat wordt op de ConfigMgr client deze netwerk instelling binnen Windows Vista/7/8 actief:

wake-up proxy

Hier staat de Wake-up proxy, binnen de ConfigMgr client, uit!

Wat is MAC flap? Een redirection van een MAC address!

De Redirection wordt uitgevoerd door de manager computer. Deze zal een broadcast van een Ethernet frame uitvoeren met het MAC address van de slapende computer. De netwerk switch gaat er daarna vanuit dat de slapende computer op het zelfde netwerkpoortje als de manager computer zit.


Wanneer binnen een Cisco switch de Port Security optie aan staat en gebruik wordt gemaakt van MAC-Address Sticky. kan het zijn dat de poort waar de netwerkkaart op aangesloten zit dicht gezet wordt wanneer de Microsoft Wake-up Proxy Driver aan staat. Het MAC-Address van de client die een wake-up initieert wordt op het poortje weergegeven van de computer die het signaal oppikt. Dit heeft tot gevolg dat het MAC-address binnen het Subnet aan het “zweven” gaat en  poortjes dichtgezet worden door de Port Security.

De concequentie is dat sommige monitoring tools (in ons geval die van Cisco) fouten gaan genereren of poorten gaan dichtzetten wanneer wake-up proxy wordt gebruikt.

Gebruik dus geen wake-up proxy wanneer de tooling die je gebruikt niet overweg kan met MAC flaps.

Met een netwerk sniffer zien we dat de communicatie tussen de twee ConfigMgr clients (tussen een Wake-up Proxy en een andere machines) gaat over poort 25536, of dit ook over andere poortjes gaat hebben we niet kunnen vaststellen.

Meer info over Enable wake-up Proxy: http://technet.microsoft.com/en-us/library/dd8eb74e-3490-446e-b328-e67f3e85c779#BKMK_PlanToWakeClients