Monday, July 26, 2010

WSMAN Namespace Handling in PowerShell

For some time now I have been working on handling XML with PowerShell – not XML that I make mind you, that appears to be relatively easy as the plethora of examples out there keeps showing me.

I am handling XML that I get back as a blob from a call to a WS-MAN provider.  It has Namespaces – that changes the game big time.

The best general reference I have found is Dr. Tobias Weltner (he is the brilliant person behind PowerShellPlus – which is an IDE that I simply don’t know how people write complex PowerShell scripts without).  This article; talks about XML and PowerShell, but it misses the one thing that I needed, Namespace handling. 

A bit of digging let me to a C# article about xpath and xml namespaces – that sent me to the real tidbit I needed Select-Xml;

First I needed to workout what my namespace selection problem really was.  Here is the mess that I get back:

<n1:SomeCimMethod_OUTPUT xmlns:n1= xmlns:wsa= xmlns:wsman= xmlns="" xml:lang=""> <n1:ThingOne><wsa:Address></wsa:Address> <wsa:ReferenceParameters><wsman:ResourceURI></wsman:ResourceURI><wsman:SelectorSet><wsman:Selector name="__cimnamespace">root/cimv2</wsman:Selector><wsman:Selector Name="CreationClassName">Image</wsman:Selector><wsman:Selector Name="ID">2c8ba04e-53b8-504d-f616-061a43bb46bf/969f4a72-4a0d-4044-b41e-f3025377d067</wsman:Selector><wsman:Selector Name="CreationClassName">Creator</wsman:Selector><wsman:Selector Name="Name">2c8ba04e-53b8-504d-f616-061a43bb46bf</wsman:Selector></wsman:SelectorSet></wsa:ReferenceParameters></n1:ThingOne><n1:ThingTwo>57702fd0-9e92-43dc-9ac6-537719b73473</n1:ThingTwo><n1:ThingThree>4e4449df-8710-4358-8290-44d7b4264d46=403ef95b-0309-417e-86d8-c75066439419,c735019c-2198-4d53-a6ac-668d38e6a81d=eb15c741-5a05-4377-91b5-7bd95ab21f3d,2b2ad08b-ecdf-42de-9f03-1050862b99fb=e2aae65c-dd64-49f3-a796-e12fecdc2b46,97c47f43-55af-438f-83b9-2d4a01733ce7=fff39bf0-9d21-4475-b7c7-9e96eb35e8d8,ee8e54e2-b499-438f-a62f-67c024e5921a=ebc63996-6399-4ffd-a5ad-6bd0dcf2036f,6fa65d8c-7cbb-438f-a2ea-35e498c525c5=ae960929-4cd6-42b3-9159-f4e0119cae92,80855f0f-1e22-44bf-892c-c8ca1fd7af59=30dd2807-5566-4655-822a-4f6780f0fdaa,57702fd0-9e92-43dc-9ac6-537719b73473=969f4a72-4a0d-4044-b41e-f3025377d067</n1:ThingThree><n1:ThingFour>57702fd0-9e92-43dc-9ac6-537719b73473</n1:ThingFour><n1:ReturnValue>0</n1:ReturnValue></n1:SomeCimMethod_OUTPUT>

If you look into this blob (there is a good reason developers call these blobs) you will see that each element is preceeded by the namespace “n1”.  Howerver, if you simply cast this to $blob = [xml]$blob it looks entirely different and you don’t really realize that each element is part of namespace “n1”.

PS > $blob.SomeCimMethod_OUTPUT

n1            :
wsa           :
wsman         :
xmlns         :
lang          :
ThingOne  : ThingOne
ThingTwo     : 57702fd0-9e92-43dc-9ac6-537719b73473
ThingThree  : 4e4449df-8710-4358-8290-44d7b4264d46=403ef95b-0309-417e-86d8-c75066439419,c735019c-2198-4d53-a6ac-668d38e6a81d=eb15c741-5a05-4377-91b5-7bd95ab21f3d,2b2ad08b-ecdf-42de-9f03-1050862b99fb=e2aae65c-dd64-49f3-a796-e12fecdc2b46,97c47f43-55af-438f-83b9-2d4a01733ce7=fff39bf0-9d21-4475-b7c7-9e96eb35e8d8,ee8e54e2-b499-438f-a62f-67c024e5921a=ebc63996-6399-4ffd-a5ad-6bd0dcf2036f,6fa65d8c-7cbb-438f-a2ea-35e498c525c5=ae960929-4cd6-42b3-9159-f4e0119cae92,80855f0f-1e22-44bf-892c-c8ca1fd7af59=30dd2807-5566-4655-822a-4f6780f0fdaa,57702fd0-9e92-43dc-9ac6-537719b73473=969f4a72-4a0d-4044-b41e-f3025377d067
ThingFour : 57702fd0-9e92-43dc-9ac6-537719b73473
ReturnValue   : 0

In my example I am looking for the element “ThingTwo” which is really “n1:ThingTwo”.  The detail is that it exists within namespace “n1” and because of that $blob.SelectNodes and $blob.SelectSingleNode were totally failing me.

So, how do I find a single element within this?

First, my $blob has to be an XML document, in this case the return from the WS-MAN provider is all formatted properly, I just need to cast it to an XML document (as in PowerShell everything is a generic type of Object by default).

$blob = [xml]$blob

$blob.GetType() should return “XmlDocument” as the Name.

Then i have to make the XML parser aware of the namespace and pass that into the Select-Xml method.

$namespace = @{n1=}

Now I can use Select-Xml to find my element.

Select-Xml -Xml $blob -Xpath "//n1:ThingTwo" -Namespace $namespace

Friday, July 23, 2010

Where has hardware virtualization come and gone

The virtualization model that both Hyper-V and XenServer use is model of paravirtualization.  This, to a certain degree, is dependant on the capabilities of the hardware to provide the ability to run a workload.

This is particularly true in the case of virtualizing Windows operating systems on both platforms.  XenServer refers to these as HVM type virtual machines – hardware virtualized machine.

Also, the ever evolving trend is increased offloading of the work of virtualization to the hardware itself.

I recently viewed a webinar on XenClient (the Citrix type 1 hypervisor that is designed for the mobile user).  The entire XenClient project has been an interesting evolution of puzzles and solutions.

Now, back to hardware virtualization.  What is it?  How does it work?  Where is the enablement?

This webinar that I mention:  You can find it here:  (yes, you must sell yourself to the marketing folks)

Why do I mention a webinar about XenClient?  Because part of this presentation is by Richard Uhlig, Intel Fellow & Chief Virtualization Architect at Intel.  He does some good justice to the evolution of hardware virtualization (yes, Intel’s perspective – but it is interesting stuff).  He does get into some detail pretty quick, if you don’t pay attention you can get lost pretty easily.

I though some of you might enjoy it, and might enjoy a source for this information that really knows it.

In the mean time you also learn a little bit about XenClient – I don’t think they cover the management layer in the presentation though.  That is interesting stuff as well.

Thursday, July 15, 2010

On being an MVP - 2 years later

I got all retrospective today after helping out a fellow MVP.  What does it mean to be a Microsoft MVP?

First, being an MVP is an interesting thing (to say the least).  It is an honor, don’t get me wrong, to be recognized as both a knowledgeable person as well as someone who gives back to that same IT community.

I am not the type of MVP that constantly waves the Microsoft flag and touts it virtues.  I struggle with the software just like everyone else.  I am just willing to help others with their struggles.

Really, that is it.  A total nutshell.

Well, at the same time I get to interact directly with folks (and I hope) to make better software.  I, sometimes, find it hard to keep my opinions to myself.  Whether or not those opinions cause change is not my decision – I only own the viewpoint.

I am now in the software business myself, so I really understand how both good and bad software happens.  It is surprisingly easy to recognize where one feature team stops and another starts when you look at a large and complex software product.

Yea, it is kind of cool.

One other thing that I have fallen into is forum moderation.  Yes, I am a TechNet forum moderator for two products now.  That is totally different.  Some days it is a pleasure and others it is a chore.

My perspective on forum moderation is simple and goes back a long way.  Some of us old folks knew the days of UseNet and BBS.  Back when folks were online and it was a small group of folks.  And (the most important part) we were all civil to each other.  Flame wars were few and far between, but at the same time they were elevations of the art of argument (not debate, not that civil, but at the same time – no name calling).

Why did I feel compelled to write this?  Sometimes I just need to write this stuff to clear my head and move on to the next project.  We all need a little dusting every now and then.

Tuesday, July 13, 2010

Is System Protection in a VM necessary?

I just happened to be working through the set-up of a new virtual environment and I was walking through my standard steps and it occurred to me that I always log in to my VMs and disable System Protection and delete any restore points.

I do this for a couple reasons.  One is to reduce the storage requirements of the VM, another is to just take that overhead out of the system.

I might be stilly for doing this, but it is one of the practices that I consider standard in my environments (as well as redundant and unnecessary). 

I mean, if I want to be able to restore my VM, don’t I use a snapshot (checkpoint)?  So, if I do that I have storage requirements, and then on top of that the OS in the VM is basically doing the same thing so it can roll itself back.

Actually, if i left it turned on it would give me the ability to pluck that patch back out when things go south and I forgot to take a snapshot.  It could be one of those stealth features that we don’t normally think about when managing VMs.  We always focus on what we can do at the hypervisor and forget what we can already do within the operating system of the VM.

Hmm..  Quite the puzzle.

I brought this up as it is something that just happened to pop into my head as being unusual, strange, not required, however strangely comforting.  You know, that whole ‘I do it my way’ type of thing for no right or wrong reason.

I would love to hear comments on this one.

Monday, July 12, 2010

Visual Studio ALM Test Agent setup in a nutshell

I am working through a distributed installation of the Test Agents (with Test Controllers) for Visual Studio 2010 and boiled down the configuration gotchas into this nutshell:

(I assume that anyone can run an installation wizard, why walkthrough that..)

Two Modes:

1) Service

a. Supports automated testing

2) Interactive Process

a. Supports video capture

b. Supports coded UI

c. Supports automated testing


1) The user account that is used to run tests must have been logged on locally to the console of the machine – thus forcing a user profile to be created.

2) When registering an Agent to a Controller the logged on user who is running the configuration tool must be an administrator on both the Agent machine and the Controller machine.

a. Use a domain user account assigned to the local administrators security group

b. Use a local user account that is identical in username and password on both the Controller and Agent machines assigned to the local administrators security group.

3) The account that the Test Agent is configured to run as requires membership in the local administrators security group of the Test Agent machine when:

a. IntelliTrace or Network Emulation is used.

b. When the operating system of the Agent machine has UAC enabled.

4) Installation of the Test Agent on Windows XP does not include the Performance collection agents.

5) When configuring the Test Agent the Agent “run as” account is automatically added to the TeamTestAgentService security group of the Test Controller machine.

Friday, July 9, 2010

Visual Studio ALM Test Controller setup in a nutshell

I am working through a distributed installation of the Test Controllers for Visual Studio 2010 and boiled down the configuration gotchas into this nutshell:

(I assume that anyone can run an installation wizard, why walkthrough that..)

Two modes:

1) Registered with a Team Foundation Server Collection

a. The test controller and its associated agents can be managed (configure and monitor) through TFS using the Test Controller Manager in the Lab Center of MTM no additional configuration of the Test Controller is necessary.

2) Not registered with a Team Foundation Server Collection

a. The test controller and its associated agents must be managed using Test in Visual Studio and selecting Manage Test Controllers.

b. This requires additional security configuration on the Test Controller

i. any user that is allowed to execute automated tests (through Visual Studio) or create environments must be added to the security groups of the Test Controller as outlined here:


1) When registering a Controller to a TFS server the logged on user who is running the configuration tool must be a member of the TFS Collection Administrators group and a local administrator on the Test Controller machine.

Remote Desktop Connections for Windows 7

Okay, I am so slow on this one it is not funny.

Many of us grew to love “Remote Desktop Connections” (note the “s” at the end – it is what made it special.  It allowed us to run one RDP application and have multiple RDP sessions to multiple servers defined and within very easy reach.

I don’t know about you but I have RDP windows open all the time, and I frequently waste time sorting through the list that hangs out in my task bar.

Well, the answer has finally come.  Remote Desktop Connection Manager is for the Windows 2008 family and higher of operating systems.  That is Vista and above.

You can find it here:

Now, the web site is a bit confusing as it also mentions Server 2003 and Windows XP (but in a vague sort of way – it is unclear in the phrasing what is meant).

It also installs and runs on Windows XP and Server 2003 if you first apply the RDP/RDS update. (I tested that).

Tuesday, July 6, 2010

Ping is dead on Windows Server stop using it

Long live Ping!

For many years we have relied on Ping as a quick and easy measure of a server being ‘alive’ or not.

I have been stating in the TechNet forums since the release of Server 2008 that we have to get off the Ping train.  It is no longer a real measure.  We cannot expect it to be open and on.

Just today, I am installing a new test environment with Server 2008 R2 (all Enterprise edition, all built from scratch, all domain joined).

I began installing my applications, all fine, until I try to connect to my SQL database server (it is a VM of course).  What is the problem? I had added a Firewall rule.

Without even thinking, I pull out Ping.  hmm.. no response.  <All machines are domain joined, I expect the domain firewall rule to let me ping…>

hmm.. again, no response.  I check the domain controller, I check DNS, I run out of ideas.  So I go into the firewall rules.  One by one I disable to firewall while I have Ping running (just to make sure that my traffic is being detected as Domain traffic).

I began with Public, then Private, then Domain.  Well, yep, the traffic is being correctly detected as Domain traffic and Ping is blocked by default!

Just goes to show you that as an operating system gets secured tighter and tighter, that some quick and easy tools fade into the background.  If you want Ping then set a GP firewall exclusion for Ping, or simply move on to using something different…and focus on the fact that Windows Firewall actually works really well.