This poster provides a visual reference for understanding key technologies in Windows Server 2008 R2. It focuses on Active Directory Domain Services, Hyper-V, Internet Information Services, Remote Desktop Services (including Virtual Desktop Infrastructure (VDI)), BranchCache, and DirectAccess technologies. In addition, updates to core file services and server management are illustrated. You can use this poster in conjunction with the previously published Windows Server 2008 Component Posters.
Grab it here
Can’t find the cluster log in Windows Server 2008 ? Here’s how to get hold of it.
Creating the Cluster.log:
From one of the nodes of the cluster, open a Command Prompt with Administrator rights. The simplest command to create the log is to type “cluster log /gen”. A cluster.log file will be generated and stored in the %windir%\Cluster\Reports directory on each node of the cluster. Note that with all commands you can use either “cluster” or “cluster.exe” as they have the same functionality.
Here are some commands that can make this even easier:
- /Copy:<directory> (example: /Copy:logs)
This command will take the cluster.log that is generated on each node, and copy it to a single directory. This makes it incredibly easy to get all the logs for analysis. One thing to note, the directory that you specify should be a subdirectory under the path which the command prompt is showing. If you want to save the logs at c:\archive\logs, then you need to set the command prompt to c:\archive and then execute the “cluster log /gen /copy:logs” command.
- /Span:<minutes> (example /Span:15).
This specifies the number of minutes to go back in time for the log collection. For instance, you reproduce a problem and you then generate the cluster.log. If you don’t use this switch, you will get up to several days of history. Using this switch, you can limit the contents of the cluster.log to only include the last few minutes which you have specified. So, what if you specified 15 minutes but it was really 20 minutes before? No problem, generating the cluster.log does not remove any data from the servers. You just run the command again specifying additional minutes for this /span option.
- /Node:<node name> (example /Node:”node A”).
This command allows the specification of a specific node and the other nodes will not have a log generated. If this option is not specified, all nodes in the cluster will have a cluster.log generated. This is particularly useful if not all the cluster nodes are up, or some don’t have the cluster service started, which can cause a long delay with cluster log command execution because it will try to issue the command to those missing servers and will wait for a response when none will be forthcoming.
- /Level:<0-5> (example /Level:4)
The /Level switch can be used to change the logging level being captured. For Windows Server 2008, this has a default level of 3, which is the equivalent of what is captured by cluster.log in previous versions of Windows Server. If you change this level to a higher number, more detailed information will be logged, but that means that the .etl file that is capturing the tracing will fill faster and there can be a small impact on system performance. Setting this level lower than 3 will mean there is less tracing information and it may not be useful if analysis of a problem is needed. For Windows Server 2008, 5 is the maximum effective level, although the command help notes that the level can be set between 0 and 10. Any setting over 5 has the equivalent functionally as 5. The level range was set to 10 to allow for further options if needed in the future.
To generate the cluster.log files and copy them to C:\Temp, run the following command:
Cluster /Cluster:<clustername> Log /Gen /Copy:"C:\Temp"
Example:
More detailed log:
Windows Server 2008 introduced new event and diagnostic channels and Failover Cluster moved to using Event Tracing for Windows. You can see this new tracing exposed in the “Reliability and Performance Monitor” under “Data Collector Sets\Event Tracing Session\Failover Clustering”
The logging is saved in files at %windir%\System32\winevt\logs\Clusterlog.etl
Each time the server is rebooted, a new log file will be used and a number used as an extension of the log name like ClusterLog.etl.001. Up to 5 log files are kept, so after 5 reboots the older log files will start to be removed. The default log file is 100 MB (for each .etl file), which can be changed using the command “Cluster log /size:<size in MB>” (example: cluster log /size:120). Although 100 MB may seem like a large log file, there is a significant amount of detail being saved for each entry due to this format change and 40 MB provides a reasonable amount of history. To view the setting for the log file size setting, at a command prompt opened with Administrator privileges execute “cluster /prop”. That command will list the properties for the cluster, including the “ClusterLogSize” and “ClusterLogLevel” property.
The .etl files themselves are not consumable by any viewer directly, but you can dump the contents into several different formats using tracerpt.exe (this TechNet article has the information on using tracerpt.exe: http://technet.microsoft.com/en-us/library/bb490959.aspx). You can dump the contents to EVTX and view in Event Viewer, or .XML and manipulate the information in many ways. For instance, you can apply a script that parses the file and provides formatting to a subset of the events.
A nice feature introduced with Windows Server 2008 is the "Protect object from accidental deletion". If the checkmark is set, you will not be able to delete the object from AD manually or programmatically without first removing the checkmark.
When you try to delete the object with the checkmark set, you will be prompted with the following messages.
The permissions that are applied to the AD object when the checkmark is set are shown below
Please note that the functionality is only visible in the Windows Server 2008 Administration Tool. If you introduce a Windows Server 2008 Domain Controller into an environment where all the other DCs are Windows Server 2003 you will only be able to manage this functionality from the Windows Server 2008 Administration Tool.
ADSIEdit is no longer needed for modifying AD attributes within a Windows 2008 domain. The Attribute Editor tab gives you the ability to modify the attributes directly on the AD object.
You will still need to use e.g. ADSIEdit or ADExplorer to modify the Schema and Configuration partitions.
In Windows Server 2003 it is possible to change the cluster IP address from the Cluadmin GUI. With Windows Server 2008 it is not possible to change the IP from within the GUI. You will have to use the cluster.exe command-line tool. Cluster.exe will show you more information, such as cluster groups and resources that are are not shown in the Failover Cluster Management Console.
C:\>Cluster.exe group
Listing status for all available resource groups:
Group Node Status
——————– ————— ——
Available Storage W2K8CCR2 Offline
Cluster Group W2K8CCR2 Online
MBX W2K8CCR1 Online
C:\>Cluster res
Listing status for all available resources:
Resource Group Node Status
——————– ————— ———— ——
CCR2/Mailbox Database (MBX) MBX W2K8CCR2 Online
Cluster IP Address Cluster Group W2K8CCR2 Online
Cluster Name Cluster Group W2K8CCR2 Online
Exchange Information Store Instance (MBX) MBX W2K8CCR2 Online
Exchange System Attendant Instance (MBX) MBX W2K8CCR2 Online
File Share Witness (\\W2K8CASHUB\FSM_MBX) Cluster Group W2K8CCR2 Online
First Storage Group/Mailbox Database (MBX) MBX W2K8CCR2 Online
IPv4 DHCP Address 1 (MBX) MBX W2K8CCR2 Online
Network Name (MBX) MBX W2K8CCR2 Online
Pub/Public (MBX) MBX W2K8CCR2 Online
C:\>Cluster.exe res "Cluster IP Address" /priv
Listing private properties for ‘Cluster IP Address’:
T Resource Name Value
– ——————– —————————— ———————-
FTR Cluster IP Address LeaseObtainedTime 1/1/1601 1:00:00 AM
FTR Cluster IP Address LeaseExpiresTime 1/1/1601 1:00:00 AM
SR Cluster IP Address DhcpServer 255.255.255.255
SR Cluster IP Address DhcpAddress 0.0.0.0
SR Cluster IP Address DhcpSubnetMask 255.0.0.0
S Cluster IP Address Network Public Network
S Cluster IP Address Address 10.225.12.12
S Cluster IP Address SubnetMask 255.255.254.0
D Cluster IP Address EnableNetBIOS 2 (0×2)
D Cluster IP Address OverrideAddressMatch 0 (0×0)
D Cluster IP Address EnableDhcp 0 (0×0)
To change the Cluster IP Address just use the following command.
C:\Cluster.exe res “Cluster IP Address” /priv address=10.225.12.13
You can download the Windows Vista and Windows Server 2008 Service Pack 2 RC from the Customer Preview Program site or install through Windows Update using our Windows Update Experience Kit.
If you have the SP2 for Windows Vista and Windows Server 2008 Beta installed, you will need to uninstall that first before installing the RC.
You can also check out the SP2 for Windows Vista and Windows Server 2008 RC notable changes here. And you can submit feedback on SP2 for Windows Vista and Windows Server 2008
here on the TechNet Forums