Exam 70-741: Networking with Windows Server 2016 beta exam

I’ve recently took exam 70-741 which is currently still in beta. I heard some feedback that this exam is quite tough, and honestly giving the fact that sub-net calculation skills tend to fade away without regular practice along with “great constants” (especially new set of IPv6 prefixes and other things you have to remember) I expected to be the difficult one.

Though after watching George Dobrea’s (@gdobrea70-741 preparation session recorded at TechEd NA I realized that I rather like practical focus on the exam – much better have network only stuff in one exam instead of having it dispersed across all the other exams in tiny nuggets as we have it in previous generation of certification exams from Microsoft. I really like the way they structured it now, and even early retake of 1 exam requirement is rather good/expected.

After taking beta exam itself I would say that I really liked it as question are really practice focused with short and concise possible answers and really test both your understanding of how it works as well as how to work with it (PowerShell/GUI).

I’m not sure whether I passed or not (for beta exams results being sent to you only after release date and only if you passed this exam) – but overall I didn’t feel like I failed despite plethora of questions about new things and some old things I didn’t remember well enough. Examples of things exam touches on which require revision for me are TrustedAnchors DNS zone, IPAM in general, DNS scavenging, root DNS server and Network Controller.

And just one more observation: The way MSFT orchestrates their product launches for last three product generations or so is really remarkable example on how to do it for any software company. They have it all: well before fancy launch events there is a work and engagement with community and early adopters, exams, training courses and books are prepared to be published just around the release date and by now already traditional free ebooks “Introducing …” available well before the release date clearly communicating selling points and positioning of product (touching on technical topics quite well but mainly giving you a big picture). Probably not any software company has that scale to afford all of this, but if you are vendor of enterprise grade software with established client base you may learn how to do launches from Microsoft – probably no surprises here, at the end of the day this is a company shipping software products since November 1985 release of Windows 1.0 – surely they know how to do this. But by now they really achieved remarkable mastery in product launch process which I can’t help noticing.


Windows 10 Hyper-V: What is “Upgrade Configuration Version…” option?

Recently I imported some old VM into my Windows 10 Hyper-V and noticed that unlike VMs I created with latest version of Hyper-V it has an extra option named “Upgrade Configuration Versions..”:

Hyper-V Upgrade Configuration Version

To me option name is a bit confusing (which sometimes happens in MSFT products out of best intentions in attempts to simplify their wizards and wording). I was confused by this option name as it makes me think about configurations versioning and management rather about what it really means.  To put it simply it is equivalent of what you can see in VMware Workstation as “Upgrade Virtual Hardware”/”VM hardware compatibility” (isn’t it more appropriate name? but I guess there is also differentiation needs which software vendors may have 🙂 ).

What you should know about this is in the past (prior to Windows 10) your VMs have been upgraded automatically to new configuration version, but now you have more control over this and have upgrade it manually via GUI (see screenshot above) or using Update-VMVersion cmdlet.

“Upgrade Configuration Version…” option presented in VM properties only when your VM is in offline state. Operation is almost instant and unfortunately it doesn’t give you that VMware Workstation wizard which explains available versions and why you may want to upgrade/added features. But essentially Hyper-V no longer upgrades VMs by default to allow you to move them back to older versions in case it will be necessary and upgrade is needed to enable new features for VM (see table below):

Hyper-V Upgrade Configuration Version - Features Table

Features available/added in different VM versions. Source: Ben Armstrong’s Virtualization Blog – Upgrading your Virtual Machine version

Virtual machines created on Windows 10 use version 6.2 configurations, and the highest value for now is 8.0 (Served 2016/Windows 10 Anniversary update). You can use this table to get an idea of configuration versions in different base OS versions:

Hyper-V Upgrade Configuration Version - Versions Table

To check configuration versions of VMs on your Hyper-V host:

To get configuration version supported by your host use (add –Default parameter to see default one):

You can read more in official MSFT documentation: Upgrade virtual machine version in Hyper-V on Windows 10 or Windows Server 2016


System.IO.IOException : The requested operation could not be completed due to a file system limitation

I recently had a support case thanks to which I discovered rather cool way of checking out on big files in specific directory which I will describe later here.

Under certain conditions you may see the following issue in K2: very high CPU usage and by extension overall sluggishness of K2 applications accompanied with “System.IO.IOException : The requested operation could not be completed due to a file system limitation.”

As in most of the cases error message itself indicates what is wrong here and “The requested operation could not be completed due to a file system limitation” should ring a bell for you that some file or files run amok and growth beyond file system limits or something along these lines. If you read your logs even more closely they may even give away specific culprit to you indicating log file name which is responsible for this.

K2 has broad logging capabilities for monitoring and troubleshooting purposes (quite good overview of K2 logging can be found here) but in terms of logging volume main suspects are: SmO logging (the only logging which can’t be capped in terms of file size), ADUM logs (very voluminous, especially on debug logging level; file size can be limited by adjusting configurable settings, meaning that you have to go extra mile if you want to allow unhealthy big file name) and lastly debug assemblies you may receive from K2 support. Debug assemblies usually are quickly build ad-hoc troubleshooting tools to investigate specific issue and may well not have log file limit and write super detailed logging (=voluminous log files). As such those supposed to be removed upon completion of your troubleshooting effort, but in reality can be left applied for a while which gradually evolves into forever…

Anyhow exception “System.IO.IOException : The requested operation could not be completed due to a file system limitation.” in K2 host server log in most of the cases caused by abnormally high in size log file, which becomes so big that it exceeds RAM size which makes it difficult to open it and append for writing, and then you have that slippery slope situation with degraded performance and high CPU moment, and to that “aha, I forgot to disable/remove unneeded logging” moment.

Now my take away from this case (though what is said above also worth noting). How to quickly check on huge files in specific directory. Just use this PS script:

You may add “-First 10” parameter right after Select-Object in the script above to minimize output which is especially useful when you primarily interested to identify largest file or files.

Here is how the result for healthy K2 folder looks like (by healthy I mean one without strangely big log files):

Large files search

As you can see normally you should not have anything with size of 1 gigabyte more, but above mentioned exception is usually caused by 10-20 GB log file which will be featured prominently on the top of the output.

See also related K2 community KB: Exception – The requested operation could not be completed due to a file system limitation.


Considerations when deploying packages

Just a short list of things to be aware of when deploying K2 packages (those who took K2 blackpearl course should recognize the list below):

  • Target elements will be created, reused, or overwritten. If something already exists in the target environment, the tool will let you decide whether to use the existing item or replace it with the version from the package.
  • Make sure the necessary dependencies are included, or exist in the target environment.
  • Provide values for the variables that the package creator specified.
  • Workflow definitions are versioned, everything else is not. In other words, applications will always use the latest version of a SmartForm or a SmartObject, but existing workflow instances will not be upgraded. Therefore, be careful when deploying updated SmartForms and SmartObjects since this can break existing workflow instances.
  • You should run the Package and Deployment tool on a physical K2 server in the environment you wish to deploy to.
  • You only need to run the deployment package once in a distributed or multi-server farm environment. K2 application elements are stored centrally in the K2 database and can be accessed by any K2 server in the environment.



K2 for retail automation

When your work is focused on specific product and services around it (does not matter if you in development, support or sales team of product centered organization) the most rewarding thing is to see real-world examples of how your product is applied in practice by clients. It is even better when it was implemented in such a way that client does not mind to share their implementation story with wider public in a video format. Really good to see such examples of how K2 really works for business.

Fozzy Group was able to built K2 based portal automating such things as contracts management, specification management, supply schedule management, sales forecast and score card just in one year. I don’t think you can see such BPA go-live dynamics with conventional code-heavy custom development as well as with some major (semi-)specialized products which end up being adjusted/customized for years (incurring high consultancy fees in the process) before business is able to go-live with them.

Amazing example from retail area which to my mind one of the activities where automation can bring great and measurable benefits. IMO most of the retailers still underutilize technology to its highest potential, but I hope we will see some changes as time goes by.



How to: enable GC on domain controller (2 ways)

There are two ways of making your DC a GC and you can read on to learn how.

But before we launch into it, just look at this “making your DC a GC” sentence for a moment. It makes me think that it is a good example of what not to do in writing for non-technical audience 🙂 I recently started to watch a very useful course on CBT Nuggets – “Essential Soft Skills for the IT Professional” by Steve Richards, and there you may learn that key things in writing tech reports to non IT audience are: avoid JATB, give MWLH and don’t SUCK 🙂

CBT Nuggets Tech Reports for Non-tech audience

Which of course means avoid Jargon, Acronyms, Techspeak, Buzzwords (JATB), give More Why Less How (MWLH) and don’t Suffer from Using Computer Knowledge (SUCK) 🙂

OK, getting back to the main topic and switching to tech writing again. First it would be nice to check which DCs are already GC-enabled, and you can do this by issuing the following PS cmdlet:

Now how to enable/disable GC:

1) PS way of enabling GC:

And you can use the same cmdlet to disable it as shown on screenshot below:

Enable or disable GC with PS

2) GUI way. Access Active Directory Sites and Services (dssite.msc), locate domain controller you need to make a GC and access General tab of its NTDS Settings Properties:

NTDS Settings - Global Catalog

By the way there is an interesting connection between GC and group scopes. You can only convert to a universal group from any other group scope on a domain controller that has the global catalog. This is somewhat obvious, as universal groups, which combine the best of two worlds (i.e. domain local and global groups) can have members from domains other than the domain where the group object is stored and can be used to provide access to resources in any domain, only a global catalog server is guaranteed to have all universal group memberships that are required for authentication.


How to: Make sure that DHCP won’t issue IP which is already in use

Assume that you replaced failed DHCP server with a new one configured with the same scope. This can possibly lead to situation when your new DHCP server can lease addresses which were earlier issued by failed server if it was configured with the same scope.

To mitigate this you can use Conflict detection attempts setting which can be found on Advanced tab of your scope properties:

DHCP Conflict detection attempts setting

By default it is set to 0 which means that your DHCP server won’t attempt to perform any conflict detection before issuing an address. As soon as you set this parameter to something higher that 0, let’s say N, your DHCP server query the network N times before it assigns an IP address to make sure that address is not already in use.

Of course this is a good option to be aware of, but real solution here is to add extra DHCP server and configure DHCP Failover which is available in Windows Server 2012 or newer versions and ensures that you won’t need to have any headache if one of your DHCP servers fails.


Comparing IPv4 and IPv6 Addressing

As I preparing for 70-410 I just realized that I HAVE TO memorize some IPv6 related things, so hence this table was taken from MSFT documentation and slightly colored by me:


You may benefit from reading entire “Chapter 3 – IP Addressing” from ” TCP/IP Fundamentals for Windows” available on TechNet if you in a mood for going into details.

It is useful to memorize common prefixes for the exam and for practical purposes:

2000::/3 prefix for a globally unique IPv6 address (can be 2001/2002). It is equivalent to a public IPv4 address. Assigned by IANA. The full address will include a value representing the organization’s site, a subnet identifier, and host address.

FC00::/7 is the prefix used for a unique local unicast address (also FD00:://8). This is used in a private network like a private IPv4 address. Address values are unique only to that network and are routable only through the network. The address is not publically routable.

FE80::/64 prefix for link-local unicast address, which is equivalent to an IPv4 APIPA address. It is generated automatically when a network adapter is not configured with an IPv6 address and cannot lease an address from a DHCP server. This is not routable address. Even if you have DHCP or statically assigned IPv6 address you still going to have auto generated link-local address. This address is randomly generated, and in the past MSFT implementation used to insert MAC address into it, now MAC address no longer inserted into it.

FF00::/8 prefix for IPv6 multicast address

FEC0::/10 is a site-local address. Though still documented by many sources, the use of this prefix has been deprecated.




How to change Network Profile in Windows Server 2012/2016

Sometimes Windows picks up wrong profile for you network and there is no obvious (or even any?) way to change this via GUI. But you can easily do this with PowerShell (v4.0 or newer):

I guess looking at above and keeping in mind that you have get-help cmdlet changing Network Profile is no longer an issue for you.