Virtual Disk Service or applications that use the Virtual Disk Service crash or freeze in Windows Server 2012

When you use certain applications that use the Virtual Disk Service (Vds.exe) on a computer that is running Windows Server 2012, the Virtual Disk Service or the applications that use the Virtual Disk Service crash or freeze.

Cause

======
This issue occurs because a handle leak occurs in the Virtual Disk Service. These handles are not cleaned until you restart the service.

Solution

============
Please apply hotfix 2884597

Virtual Disk Service or applications that use the Virtual Disk Service crash or freeze in Windows Server 2012

https://support.microsoft.com/kb/2884597/en-us

Analysis

=======

TOP 10: Handle Count                    Minimum      Maximum      Average

===========================================================

1.  vds                            :      7,088 |      7,383 |      7,238

2.  clussvc                      :      4,704 |      4,875 |      4,787

3.  ServerManag            :      1,654 |      2,372 |      1,972

4.  System                      :      1,954 |      2,058 |      1,967

5.  svchost#3                  :      1,640 |      1,921 |      1,680

6.  lsass                          :      1,614 |      1,835 |      1,652

7.  explorer                     :      1,116 |      1,237 |      1,137

8.  explorer#1                    :          0 |        938 |        800

9.  vmms                         :        892 |        929 |        897

10. WmiPrvSE#1            :        713 |        917 |        791

KNOWN ISSUE: Running aexagentutil.exe /clean on client machine uninstalls agent AND Windows system32 files

Cause
=======
Please note that this is NOT a regression in ITMS 7.5 - the problem was also applicable to earlier releases and happens only with custom changes for log file path location. 

In this particular instance, the customer had the incorrect SMA agent log file path in the registry (check “FilePath”under HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Altiris Agent\Event Logging\LogFile). Removal process uses the entries "FileName" and "FilePath" from "HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Altiris Agent\Event Logging\LogFile"
Another option when this could happen is when there is no logging folder specified in the registry, in this case uninstall will try removing files from the process's current folder, which can be anything in the general case.

Solution
========
Symantec has acknowledged that the above-mentioned issue is present in the current version of the product mentioned earlier on this article. Symantec is committed to product quality and satisfied customers.

Symantec currently addressed this issue by including a fix in the ITMS 7.5 Hotfix 2. See DOC7076

Development changed the Agent behavior where it should not remove all the files from this folder, only agent*.log files, then it should remove the folder only if it’s empty. Currently agent tries removing the complete file tree.

How to disable "advanced Audit Policy"

1.      Clear the “audit.csv” file from local path

 C:\Windows\Security\Audit

2.      Clear the “audit.csv” file from SYSVOL path

\\<domain.com>\SYSVOL\<domain.com>\Policies\<GUIDofDefaultDomainControllerPolicy>\Machine\Microsoft\WIndowsNT\audit

3.      Run the commands below：

auditpol /clear (Clear the local audit settings)

gpupdate /force

Check Policy

auditpol.exe /get /category:*

Event ID 512 The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Resetting the Security Descriptor for the COM+ Event System service:

1. Start an administrative command prompt
2. Run "SC.EXE SDSHOW EVENTSYSTEM" without quotes and document the current settings in case you need to restore the security descriptor
3. Once you have backed up the current settings run "

Sc.exe sdset eventsystem D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD) " without quotes to add the missing permissions for the Service Logon User.

4. Restart both the COM+ Event System and Cryptographic Services
5. Now run "VSSADMIN LIST WRITERS" You should now see the presence of the System Writer

Writer name: 'System Writer'
Writer Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Instance Id: {d8ee2755-007a-4ed8-8fc6-0c40ef35313b}
State: [1] Stable
Last error: No error

How to disable AD Client Monitoring Discovery

For some reason the relationship between these agents and the dcs are not being removed.

We can try to run the command to remove them manually.

Please perform the following steps.

1) Disable the “AD client Monitoring Discovery”  discovery for one of the agent servers that still show a demoted DC in GC search time.

    Active Directory Client Perspective

2)In Opsmgr powershell run  “Remove-SCOMDisabledClassInstance”

If this doesn’t resolve the issue I’ll contact the product team again.

Please let me know how it goes.

More Information
====================
    ------------------------------------------------------------------------
    NEW OPERATIONS MANAGER 2012 CMDLETS
    ------------------------------------------------------------------------

    Enable-SCOMAgentProxy
    Disable-SCOMAgentProxy
    Enable-SCOMDiscovery
    Disable-SCOMDiscovery
    Set-SCOMManagementGroupConnection   
    Enable-SCOMMonitor
    Disable-SCOMMonitor
    Enable-SCOMMonitoringRule
    Disable-SCOMMonitoringRule
    Get-SCOMRunAsProfile
    Update-SCOMRunAsProfile

    ------------------------------------------------------------------------
    RENAMED CMDLETS
    ------------------------------------------------------------------------

    Operations Manager 2007 Name         Operations Manager 2012 Name
    ----------------------------                           ---------------------------- 
    Get-Agent                                                  Get-SCOMAgent
    Install-Agent                                             Install-SCOMAgent
    Uninstall-Agent                                        Uninstall-SCOMAgent
    Approve-AgentPendingAction               Approve-SCOMPendingManagement
    Get-AgentPendingAction                        Get-SCOMPendingManagement
    Reject-AgentPendingAction                   Deny-SCOMPendingManagement
    Get-Alert                                                    Get-SCOMAlert
    Resolve-Alert                                            Set-SCOMAlert
    Set-AlertDestination                               Set-SCOMAlert
    Get-AlertHistory                                      Get-SCOMAlertHistory
    Get-Connector                                         Get-SCOMConnector
    Get-Diagnostic                                         Get-SCOMDiagnostic
    Remove-DisabledMonitoringObject    Remove-SCOMDisabledClassInstance
    Get-Discovery                                           Get-SCOMDiscovery
    Get-Event                                                  Get-SCOMEvent
    Get-FailoverManagementServer          Get-SCOMAgentManagementServerSetting
    Get-GatewayManagementServer        Get-SCOMGatewayManagementServer
    Get-MaintenanceWindow                     Get-SCOMMaintenanceMode
    New-MaintenanceWindow                    Start-SCOMMaintenanceMode
    Set-MaintenanceWindow                      Update-SCOMMaintenanceMode
    Get-ManagementGroupConnection    Get-SCOMManagementGroupConnection
    New-ManagementGroupConnection    New-SCOMManagementGroupConnection
    Remove-ManagementGroupConnection    Remove-SCOMManagementGroupConnection
    Export-ManagementPack                       Export-SCOMManagementPack
    Get-ManagementPack                            Get-SCOMManagementPack
    Install-ManagementPack                        Import-SCOMManagementPack
    Uninstall-ManagementPack                   Remove-SCOMManagementPack
    Get-ManagementServer                          Get-SCOMManagementServer
    Set-ManagementServer                          Set-SCOMAgentManagementServerSetting
    Set-ManagementServer                          Set-SCOMAgentManagementServerSetting
    Get-Monitor                                              Get-SCOMMonitor
    Get-MonitorHierarchy                            Get-SCOMMonitor
    Get-MonitoringClass                               Get-SCOMClass
    Get-MonitoringObject                            Get-SCOMClassInstance
    Get-MonitoringObjectGroup                 Get-SCOMGroup
    Get-NotificationAction                          Get-SCOMNotificationAction
    Get-NotificationEndpoint                      Get-SCOMNotificationEndpoint
    Get-NotificationRecipient                     Get-SCOMNotificationRecipient
    Disable-NotificationSubscription         Disable-SCOMNotificationSubscription
    Enable-NotificationSubscription          Enable-SCOMNotificationSubscription
    Get-NotificationSubscription                Get-SCOMNotificationSubscription
    Get-Override                                             Get-SCOMOverride
    Get-PrimaryManagementServer           Get-SCOMAgentManagementServerSetting
    Set-ProxyAgent                                         Set-SCOMAgentlessManagedComputer
    Get-Recovery                                            Get-SCOMRecovery
    Get-RelationshipClass                             Get-SCOMRelationship
    Get-RelationshipObject                          Get-SCOMRelationshipInstance
    Add-RemotelyManagedComputer        Add-SCOMAgentlessManagedComputer
    Get-RemotelyManagedComputer        Get-SCOMAgentlessManagedComputer
    Remove-RemotelyManagedComputer    Remove-SCOMAgentlessManagedComputer
    Get-ResultantCategoryOverride           Get-SCOMOverride
    Get-ResultantRuleOverride                    Get-SCOMOverride
    Get-ResultantUnitMonitorOverride     Get-SCOMOverride
    Get-Rule                                                     Get-SCOMMonitoringRule
    Get-RunAsAccount                                   Get-SCOMRunAsAccount
    Get-Task                                                    Get-SCOMTask
    Start-Task                                                   Start-SCOMTask
    Get-TaskResult                                         Get-SCOMTaskResult
    Get-UserRole                                            Get-SCOMUserRole
    Add-UserToUserRole                              Update-SCOMUserRole

How to get dump of a VM on Hyper-V

How to create a Complete Memory Dump of a running or hanging Virtual Machine (VM) on Windows Server 2012 R2 Hyper-V

http://blogs.msdn.com/b/scstr/archive/2015/01/11/how-to-create-a-complete-memory-dump-of-a-running-or-hanging-virtual-machine-vm-on-windows-server-2012-r2-hyper-v.aspx

Get a kernel dump of a 2012 R2 Hyper-V server with Powershell

http://blogs.msdn.com/b/winsdk/archive/2014/04/17/10442746.aspx

SCOM - ADMP "Client Monitoring" feature not working

Cause

=======

AD Client Monitoring: AD Connectivity is unavailable, or the response is too slow

AD Client Pack DC discovery encountered an error some machines will not be monitored by the client pack

Resolution

==========

AD Client Monitoring: AD Connectivity is unavailable, or the response is too slow

Behavior as expected as the DC names are fetched from AD sites and services not from DNS.

The DC names are queried through “GetDCsForSite” and the information is pulled from Active Directory Sites and services when OMMDAS is installed it is an internal process and we need to do the following steps :

Site Discovery Mode: enter "3" (local site mode)

After you configured above overrides, you should see "MonitoredDCs.txt" generated under C:\Windows\temp folder on the AD clients computers. This file contains the DCs discovered and these DCs will be monitored, the file does not get created before the overrides.