My quest to bring Best Practices to Identity Management especially with Microsoft FIM / ILM

Monday, March 16, 2009

ILM/MIIS Sync Engine Clustering Windows 2008

First, let me say thank you to Alex Tcherniakhovski for pioneering the way in clustering the MIIS Service or as it is now known the ILM Sync Engine. That blog, presentation and script was an excellent set of work.

On Windows Server 2008, a few things have changed that break the script that Alex T. provides.

In Windows Server 2003 the cluster services runs as a domain account and as long as the user has access to all nodes, to stop and start services, and as an MIIS Administrator then it should be able to do the trick.

Well with Windows Server 2008 the security model for the cluster service has changed:

There is no service account, instead there is a Cluster Name Object created in AD as a computer object.

So the cluster service, which runs the generic resource scripts, now runs under local system in a special context with limited privileges.

So this means you can’t impersonate during WMI calls because it doesn’t have enough rights.

I tried making the CNO a member of the local administrators group, but that wasn’t enough. I may still get this to work.

For the mean time I am switching the remote wmi calls to use embedded credentials, but the local WMI calls can't have credentials like so:


if Node = activeNode Then

Set objWMIService = objSWbemLocator.ConnectServer(Node, _



Set objWMIService = objSWbemLocator.ConnectServer(Node, _

    "root\CIMV2", _

    strUser, _

    strPassword, _

    "MS_409", _

    "ntlmdomain:" + strDomain)

End If


After changing this several places in the code -- fixing how the command to sleep worked, I can now failover without a problem!

Labels: , ,

Tuesday, September 2, 2008

Expanding a Windows Server 2008 System partition on a HyperV Guest

While building out some virtual machines for our ILM 2 Beta 3 environment...

We setup a few virtual machines 64 bit Windows Server 2008 SP 1 (since SP 1 is built in to the RTM) running on HyperV. Everything is very slick! Except we only set aside 16 GB for the virtual disk for the system partition. Despite installing SQL, SharePoint, and ILM 2 to another drive the system partition quickly filled up, and didn't have enough room for Visual Studio (even though I wanted to install it on another partition). All of these programs install a lot of stuff on the system partition no matter what I select. While moving the paging file freed up some space it wasn't enough.

Then of course someone went and reread the Windows Server 2008 requirements and they said minimum 10 GB recommended 40 GB. So we decided to go for 64 GB. But expanding your system partition is not all that straightforward.

Here is how:

4:21 PM

If the virtual disk needs to be expanded you need to ensure that there are no snapshots and that it is shutdown. If there are snapshots you will need to delete them. This deletion will require a disk merge to take place and will take a while


Highlight the VM and click settings

Navigate to the Hard drive you wish to expand


Then click Edit. On the choose action screen select expand. (if this is a fixed disk then you will need to do a convert)


Enter the new size and click finish Then wait a while


Next configure the VM to boot from CD/DVD

Configure the DVD to use a windows server 2008 WinPE iso image

Which can be obtained from here by downloading



Before starting the VM realize that you only have a short window to tell it to boot from CD/DVD

So Connect to the VM before you turn it on


Within a few seconds it will prompt you to click any key to boot from cd or dvd

Then windows files will load if you are prompted to press ctrl alt delete then it didn't work shut down and try again

If you see this then you are successful. Wait another few seconds for the prompt to appear


Enter DiskPart by typing DiskPart at the command prompt


Select the disk you want (select disk 0) and confirm by typing detail disk

If you need help type list disk

Next select the right volume (select volume 1)



Then expand the volume by entering in how much larger to make it -- not the new size, but the difference between the current size and the new size


Then reboot by typing exit then hitting enter, twice (once to leave bootpart and then once to leave the WPE)

(If you want you can also change your boot order as this will eliminate a small delay in the boot process)

Then log on and confirm it is done



While I had fun uncovering the secrets of HyperV (thanks to Ian Henry for teaching me about WPE), the most valuable thing I did today was to play tee-ball and soccer with my eight year old daughter and my three sons.

Labels: , ,