Server Core: Save money.

I remember an internal joke floating around Microsoft in 2007, about a new way to deploy Windows Server.  There was an ad campaign around Windows Vista at the time that said ‘The Wow Starts Now!’  When they spoke about Server Core they joked ‘The Wow Stops Now!’

Server Core was a new way to deploy Windows Server.  It was not a different license or a different SKU, or even different media.  You simply had the option during the installation of clicking ‘Server Core’ which would install the Server OS without the GUI.  It was simply a command prompt with, at the time, a few roles that could be installed in Core.

While Server Core would certainly save some resources, it was not really practical in Windows Server 2008, or at least not for a lot of applications.  There was no .NET, no IIS, and a bunch of other really important services could not be installed on Server Core.  In short, Server Core was not entirely practical.

Fast Forward to Windows Server 2012 (and R2) and it is a completely different story.  Server Core a fully capable Server OS, and with regard to resources the savings are huge.  So when chatting with the owner of a cloud services provider recently (with hundreds of physical and thousands of virtual servers) I asked what percentage of his servers were running Server Core, and he answered ‘Zero’.  I could not believe my ears.

The cloud provider is a major Microsoft partner in his country, and is on the leading edge (if not the bleeding edge) on every Microsoft technology.  They recently acquired another datacentre that was a VMware vCloud installation, and have embarked on a major project to convert all of those hosts to Hyper-V through System Center 2012.  So why not Server Core?

The answer is simple… When Microsoft introduced Server Core in 2008 they tried it out, and recognizing its limitations decided that it would not be a viable solution for them.  It had nothing to do with the command line… the company scripts and automates everything in ways that make them one of the most efficient datacentres I have ever seen.  They simply had not had the cycles to re-test Server Core in Server 2012 R2 yet.

We sat down and did the math.  The Graphical User Environment (GUI) in Windows Server 2012 takes about 300MB of RAM – a piddling amount when you consider the power of today’s servers.  However in a cloud datacentre such as this one, in which every host contained 200-300 virtual machines running Windows Server, that 300MB of RAM added up quickly – a host with two hundred virtual machines required 60GB of RAM just for GUIs.  If we assume that the company was not going to go out and buy more RAM for its servers simply for the GUI, it meant that, on average, a host comfortably running 200 virtual machines with the GUI would easily run 230 virtual machines on Server Core.

In layman’s terms, the math in the previous paragraph means that the datacentre capacity could increase by fifteen percent by converting all of his VMs to Server Core.  If the provider has 300 hosts running 200 VMs each (60,000 VMs), then an increased workload of 15% translates to 9,000 more VMs.  With the full GUI that translates to forty-five more hosts (let’s conservatively say $10,000 each), or an investment of nearly half a million dollars.  Of course that is before you consider all of the ancillary costs – real estate, electricity, cooling, licensing, etc…  Server Core can save all of that.

Now here’s the real kicker: Had we seen this improvement in Windows Server 2008, it still would have been a very significant cost to converting servers from GUI to Server Core… a re-install was required.  With Windows Server 2012 Server Core is a feature, or rather the GUI itself is a feature that can be added or removed from the OS, and only a single reboot is required.  While the reboot may be disruptive, if managed properly the disruption will be minimal, with immense cost savings.

If you have a few servers to uninstall the GUI from then the Server Manager is the easy way to do it.  However if you have thousands or tens of thousands of VMs to remove it from, then you want to script it.  As usual PowerShell provides the easiest way to do this… the cmdlet would be:

Uninstall-WindowsFeature Server-Gui-Shell –restart

There is also a happy medium between the GUI and Server Core called MinShell… you can read about it here.  However remember that in your virtualized environment you will be doing a lot more remote management of your servers, and there is a reason I call MinShell ‘the training wheels for Server Core.’

There’s a lot of money to be saved, and the effort is not significant.  Go ahead and try it… you won’t be disappointed!

Creating a New AD Forest in Windows Server Core (Revisited)

Several years ago Steve Syfuhs and I sat down and figured out how to create a new Active Directory forest in Windows Server Core.  It was an interesting experience, and even though I later gave rights to that article to the Canadian IT Pro Team (at the time it was Damir Bersinic) when you search for the term ‘Create AD Forest Server Coremy article still comes up first.

R2 I have gotten a bit more adept with the command prompt of late (especially with my diving into Windows PowerShell recently, but even before), so when I had the need to create a new AD Forest for a courseware environment I am building, I decided to revisit this topic, and see what changes I could make.

In 2009 I had to create an answer file, or at least I believed I did.  It turns out that now I can get away with one command line string, which is as follows:

dcpromo /InstallDNS:yes /NewDomain:forest /

/DomainNetBIOSName:SKI /ReplicaOrNewDomain:domain /RebootOnCompletion:yes


For the record I had to break up the text into three lines, but obviously this should all be typed onto a single line.


The first time I ran this command it failed.  I suspect this is because I had a DHCP address assigned.  Before embarking on this trip, I suggest you assign a static IP address to your Server Core box.  While it is simpler to do it with the sconfig text-mode configuration menu tool, you can also use the following netsh command:

netsh interface ipv4 set address name=”Local Area Connection” source=static address= mask= gateway=

At this point you should be ready to go… remember that with Windows Server 2012 (and R2) once you have the OS installed it is easy to manage it remotely using either PowerShell or the Server Manager console.  Just make sure you have the right credentials, and you are good to go!

Getting Certified: Things have really changed!

This article was originally published to The Canadian IT Pro Connection.Boy has it been an exciting year… Microsoft’s busiest release year ever!  On the IT Pro side we have System Center 2012 (a single product now, but truly seven distinct products for managing your environment!), Windows Server 2012, Windows 8… we have Windows Azure (which for the first time is really beginning to show true relevance to the IT Pro and not just the devs), and of course the new Office (both on-prem with Office 2013, and in the cloud with Office 365).  There is of course Windows Phone 8, Windows Intune, and the list goes on.

With all of these new versions out many IT Pros will be looking to update their certifications to remain current, while many more will be looking for their first certs.  For the first time in six years Microsoft Learning has completely changed the way you will be looking at certifications going forward.  If you are like me (and so many others) and do want to get certified in the latest and greatest, then you will need to know what is out there, and how certifications have changed with the newest product cycles.

Solutions-based Certifications

In the last few years Microsoft Learning focused on what they referred to as task-based certifications (MCTS) and job-based certifications (MCITP).  However IT Pros started to see more and more components in learning and exams that were not actually in the product – so for example an exam on Windows Server might have included a question on the Security Compliance Manager (SCM) and System Center.  Although it made sense to the SMEs writing the questions, the unprepared found themselves facing questions that they couldn’t answer, and a resounding chorus of ‘we didn’t realize we would be tested on that!’ was to be heard across the blogosphere.

This year the new certifications have been revamped to be solutions-based.  That means you are not focusing on a role or a product, but rather on the solution as a whole, which will very often include technologies not included in the product, but that are complimentary to it.  Microsoft’s Solution Accelerators are a good example of this.  The Solution Accelerators are a series of free tools available from Microsoft and include the Security Compliance Manager, Microsoft Deployment Toolkit, the Microsoft Virtual Machine Conversion toolkit, and others that are free downloads and may not be required knowledge to everyone, but every IT Pro should know about them because they really do come in handy.

Additionally you are going to see a strong interdependence between Windows Server 2012, System Center 2012, and Windows 8.  After all very few companies have only one of these, and in fact in any organization of a certain size or larger it would be rare to not find all three.

Of course it is also likely you are going to see questions that ask about previous versions of all of these technologies. ‘Your company has 25 servers running Windows Server 2003 R2 Enterprise Edition and 5000 desktops running Windows Vista Business Edition…’ sorts of questions will not be uncommon.  This will make some of us scour our archived memory banks for the differences between editions, and may seem unfair to IT Pros who are new to the industry.  Remember that every certification exam and course lists recommended prerequisites for candidates, and 2-3 years of experience is not an uncommon one.  To that I remind you that you do not need a perfect score to pass the exams… do your best!

What was old is new again

In 2005 Microsoft announced the retirement of the MCSE and MCSA certifications, to be replaced by the MCTS/MCITP certs.  During a recent keynote delivered by a guest speaker from Redmond I heard him say that this was actually Canada’s fault, and unfortunately he is partly right.  The Quebec Order of Engineers won their lawsuit regarding the usage of the word engineer in the cert.  While it may have made their lives better, it complicated the certification landscape for a lot of IT Pros and hiring managers who never quite got used to the new model.

SolAssoc_WinServ2012_Blk SolExp_PvtCloud_Blk

In April, 2012 Microsoft Learning announced that things were changing again… we would again be able to earn our MCSA and MCSE certs, but they would now stand for Microsoft Certified Solutions Associate and Microsoft Certified Solutions Expert.  In fact they thought it was a good enough idea that although they were intended as next-generation certs, they would be ported backward one generation… if you were/are an MCITP: Server Administrator or MCITP: Enterprise Administrator on Windows Server 2008 you immediately became an MCSA: Windows Server 2008.  You were also immediately only two exams away from earning your MCSE: Private Cloud certification.

associate-blueMicrosoft Learning bills the MCSA certification as ‘the foundation for your professional career.’  I agree with this because it is the basic cert on the operating system, and from there you can jump into the next stage (there are several MCSE programs available, all of which require the base MCSA to achieve).

Of course now that Windows Server 2012 has been released, so too has the new certifications.  If you want to earn your MCSA: Windows Server 2012 credentials then you are only three exams away:

Exam # Title Aligned course
70-410 Installing and Configuring Windows Server 2012 20410
70-411 Administering Windows Server 2012 20411
70-412 Configuring Advanced Windows Server 2012 Services 20412

Instead of taking all three of these exams, you could choose to upgrade any of the following certifications with a single upgrade exam:

MCSA: Windows Server 2008

MCITP: Virtualization Administrator on Windows Server 2008 R2

MCITP: Enterprise Messaging Administrator 2010

MCITP: Lync Server Administrator 2010

MCITP: SharePoint Administrator 2010

MCITP: Enterprise Desktop Administrator on Windows 7

The upgrade exam is called Upgrading Your Skills to MCSA Windows Server 2012, and is exam number 70-417.

expert-blueMicrosoft Learning calls the MCSE certification ‘the globally recognized standard for IT professionals.’  It demonstrates that you know more than just the basics, but that you are an expert in the technologies required to provide a complete solution for your environment.

The first IT Pro MCSE cert announced focused on virtualization and the System Center 2012 product.  Microsoft Certified Solutions Expert: Private Cloud launched first because System Center 2012 was released earlier in the year, and the Private Cloud cert could use either Server 2012 or Server 2008 certs as its baseline.  If you already have a qualifying MCSA certification (such as the one outlined above, or the MCSA: Windows Server 2008) then you would only require two more exams to complete your MCSE:

Exam # Title Aligned course
70-246 Monitoring and Operating a Private Cloud with System Center 2012 10750
70-247 Configuring and Deploying a Private Cloud with System Center 2012 10751
70-6591 TS Windows Server 2008: Server Virtualization 10215A

1This exam can be taken instead of exam 70-247 until January 31, 2013 to count towards the Private Cloud certification.

The next new-generation MCSE cert for the IT Pro is theMCSE: Server Infrastructure.  Like the first one the basis for this cert is the MCSA.  Unlike the Private Cloud cert, the MCSA must be in Windows Server 2012.  The required additional exams are:

Exam # Title Aligned course
70-413 Designing and Implementing a Server Infrastructure 20413
70-414 Implementing an Advanced Server Infrastructure 20414

Are you starting to worry that your current Server 2008 certs aren’t helping you toward your goal?  Never fear… the following certifications are upgradeable by taking three exams:

MCITP: Virtualization Administrator on Windows Server 2008 R2

MCITP: Enterprise Messaging Administrator 2010

MCITP: Lync Server Administrator 2010

MCITP: SharePoint Administrator 2010

MCITP: Enterprise Desktop Administrator on Windows 7

Which exams?  I’m glad you asked.  The upgrading IT Pro needs to take:

Exam # Title Aligned course
70-413 Designing and Implementing a Server Infrastructure 20413
70-414 Implementing an Advanced Server Infrastructure 20414
70-417 Upgrading Your Skills to MCSA Windows Server 2012 20417

In other words, you will be upgrading your pre-existing cert to MCSA: Windows Server 2012, and then taking the remaining exams required for the MCSE.

The third MCSE that will be of interest to IT Pros is the MCSE: Desktop Infrastructurecert.  As with the others it requires the candidate to earn the MCSA: Windows Server 2012, and then take the following exams:

Exam # Title Aligned course
70-415 Implementing a Desktop Infrastructure 20415
70-416 Implementing Desktop Application Environments 20416

If you previously held the MCITP: Enterprise Desktop Administrator 7 then you can upgrade by taking the following exams:

Exam # Title Aligned course
70-415 Implementing a Desktop Infrastructure 20415
70-416 Implementing Desktop Application Environments 20416
70-417 Upgrading Your Skills to MCSA Windows Server 2012 20417

There are actually five other MCSE paths, which are:

MCSE: Messaging

MCSE: Data Platform

MCSE: Business Intelligence

MCSE: Communication

MCSE: SharePoint

That I do not discuss these is not a judgment, simply they are outside of my wheelhouse as it were… If you would like more information about any of these, visit Microsoft Learning’s MCSE landing page.

The Unfinished Pyramid

You will notice that the MCSA and MCSE pyramids that we use are progressive… the MCSA has one level finished, the MCSE has two levels finished.  That is because there is another level of certifications above these, which is now called the Microsoft Certified Solutions Master.  This is the highest certification that Microsoft Learning offers, and only a few individuals will qualify.  It is a real commitment but if you think you are ready for it, I would love to point you in the right direction.  Personally I am happy with my MCSE: PC and don’t expect I will ever be a Master.

At present there are four MCSM tracks:

MCSM: SharePoint

MCSM: Data Platform

MCSM: Communication

MCSM: Messaging

It should be noted that of these only the MCSM: Data Platform is currently available; the others will be made available in 2013.

Also at the very top of the pyramid there is one more level – the Microsoft Certified Architect (MCA).  There are currently four MCA certifications:

MCA: Microsoft Exchange Server

MCA: Microsoft SharePoint Server

MCA: Microsoft SQL Server

MCA: Windows Server: Directory

Achieving the MCA requires a lot more than just exams.  It is a long and grueling process which in the end will likely leave you drained, but with the highest certification that Microsoft offers.

I should tell you that these last two senior certs are not for most people.  They are only for the very top professionals with in-depth experience designing and delivering IT solutions for enterprise customers, and even then only for those who possess the technical and leadership skills that truly differentiate them from their peers.

Keep it up!

Several years ago Microsoft Learning tried to retire older MCSEs – Windows NT and such.  They were unsuccessful because had they done so they would have breached the terms of the original certification.  In other words, because they never told candidates in advance that they would retire them, they couldn’t retire them.  It is not uncommon for me to hear from someone who is an MCSE, but they haven’t taken an exam since the 1990s.  In fact the logo for MCSE on Windows NT is the same logo as for MCSE on Windows Server 2003, and those MCSEs will be allowed to use that logo forever.

In 2006 they made it a little easier to differentiate.  Not only would certifications be by technology (MCITP: Enterprise Administrator on Windows Server 2008) but they would, in theory, be retired with support for that technology.  So an MCITP on Windows Vista would not be able to use the cert past a certain date.  Unfortunately I found that people did not refer to their entire cert, they would simply say that ‘I am an MCITP!’  In other words, without some clarifying it was pretty difficult to determine what technology they really knew.  Additionally it is not uncommon for some pros to have several MCITP certs, making it quite difficult to list on a business card or e-mail signature.

Now Microsoft Learning has really made an improvement to this issue.  The new MCSE certifications will require that you show continued understanding of the latest versions of the technology area by taking a recertification exam every three years.  While there was some talk of this with the MCITP program it did not come to fruition.  Today however this recertification requirement is clearly outlined on the MCSE pages.

While recertifying may seem like a bother for some, as we discussed earlier it is something we choose to do every three years to remain current anyways.  For those of us who do want to always remain current it is nice to know that we don’t have to start from scratch with every new product cycle.  For those for whom remaining current is not as important they will always be able to say ‘I was an MCSE, but I let my certs lapse.’  It shows that they do know the technology, just not necessarily the most current version,  This should be sufficient for a lot of people who often tell me ‘my clients don’t need the latest, and are not going to upgrade every three years!’

What About Small Biz?

I spent several years specializing in SMBs.  The first time I took a certification exam I remember coming out of it upset about questions that started ‘You are the administrator for a company with 500 server…’  No I am not!  At the time I couldn’t even fathom what that would be like.  So when Microsoft Learning started writing exams for SBS I was glad not because I wanted to limit myself (I didn’t, and am glad of that today) but because I knew that there are lots of IT Pros out there who do work exclusively on smaller networks.

I do not know what will become of SMB-focused certifications now that Windows Small Business Server 2011 is to be the last SBS release.  I do not have any insight into whether there will be exams around Windows Server Essentials, but could envision a cert around the tying of that product with Windows 8 and Office 365.  I have not been asked, but it would make sense.  However I have heard from a lot of SMB IT Pros that certifications are not as important to them and their clients as we feel they are in the enterprise, and I accept that; the needs of the larger do not necessarily align with the needs of the smaller.  However only time will tell if Microsoft Learning will address this market.

So in the end, should I get certified?

I have long been of the opinion that certifications are key for any IT Professional who is serious about his or her profession.  It shows that they have the respect for their profession to be willing to prove not that they know how to do it, but to do IT right.  Certifications are not for IT hobbyists, or people who dabble.  They are for the professionals who earn their living in IT, and who wish to differentiate themselves from other candidates for jobs, contracts, or promotions.

Whether you have been working in IT for years, or are fresh out of school and looking to embark on a career in IT, there are likely scores if not hundreds of candidates who will be competing with you for every job.  Why not take this opportunity to distinguish yourself?  No matter how much some people will denigrate their relevance, I have spoken to many hiring managers who have confirmed for me time and again that they are a key indicator of a candidate’s suitability to technical positions.

From Server Core to GUI to… MinShell?

This post was originally written for the Canadian IT Pro Connection blog, and can be seen there at

In Windows Server 2008 we were introduced to a revolutionary way to install Windows Server: Server Core.

Server Core may look boring – there’s nothing to it except the command prompt – but to an IT Pro it is really exciting for several reasons:

  • It requires fewer resources, so in a virtualization environment you can optimize your environment even more than previously;
  • It has a smaller attack surface, which makes it more secure;
  • It has a smaller patch footprint, which means less work for us on Patch Tuesdays; and
  • We can still use all of the familiar tools to manage it remotely, including System Center, MMC Consoles, and PowerShell.

imageDespite all of these advantages in my experience a lot of IT Pros did not adopt Server Core.  Simply states, they like the GUI (Graphical User Interface) manageability of the full installation of Windows Server.  Many do not like command lines and scripting, and frankly many are just used to the full install and did not want to learn something new.  I have even met some IT Pros who simply click the defaults when installing the OS, so they always ended up with the full install.

As you can see in this screenshot, the default installation is now Server Core. This is not done to confuse people, but going forward most servers are going to be either virtual hosts or virtual machines, and either way Server Core is (more often than not) a great solution.

Of course, if you do this and did not want Server Core you are still in good shape, because new in Windows Server 2012 you can add (or remove) the GUI interface on the fly.  You can actually switch between Server Core and Full (GUI) Install whenever you want, making it easier to manage your servers.

There are a couple of ways to install the GUI from the command prompt, although both use the same tool – DISM (Deployment Image Service Manager).  When you are doing it for a single (local) server, the command is:

Dism /online /enable-feature /featurename:ServerCore-FullServer /featurename:Server-Gui-Shell /featurename:Server-Gui-Mgmt

While the Dism tool works fine, one of the features that will make you want Windows Server 2012 on all of your servers now is the ability to manage them remotely, and script a lot of the jobs.  For that Windows PowerShell is your friend.  The script in PowerShell would be nearly as simple:

Import-Module Dism
Enable-WindowsOptionalFeature –online -Featurename ServerCore-FullServer,Server-Gui-Shell,Server-Gui-Mgmt


It takes a few minutes, but once you are done you can reboot and presto, you have the full GUI environment.

While that in and of itself is pretty amazing, we are not done yet.  There is a happy medium between Server Core and Full GUI.

MinShell (Minimum Shell) offers the administrator the best of both worlds.  You have the GUI management tools (Server Manager) but no actual GUI, which means that you are still saving the resource, have a smaller attack surface, less of a patch footprint, AND full manageability!

imageWhat the product development team has done is simple: they made the GUI tools a Server Feature… in fact, they made it three separate features (see graphic).  Under User Interfaces and Infrastructure there are three options that allow the server administrator to customize the visual experience according to his needs.

The Graphical Management Tools and Infrastructure is the Server Manager, along with the other GUI tools that we use every day to manage our servers.  It also includes the Windows PowerShell Integrated Scripting Environment (ISE) which allows administrators an easier to create and manage their PowerShell scripts.

The Desktop Experience gives the administrator the full desktop experience – similar to the Windows 8 client OS – including features such as Picture and Video viewers.

The Server Graphical Shell is exactly that: the GUI.  In other words we can turn the GUI on or off by using the Add Roles and Features Wizard (and the Remove Roles and Features Wizard).

Now there are a number of catches to remember:

First of all when you go down to MinShell the Add Roles and Features Wizard is still available, but not in Server Core.  Make sure you have this article on hand if you do go down to Server Core.

Next, if you install the full GUI and then remove the components then re-adding them isn’t a problem; however if you install the Server Core installation from the outset then the GUI (and Management) bits are not copied to the drive, which means that if you want to add them later you will need to have the installation media handy.

While hard drive space is pretty cheap, and it is easy to decide to install the full GUI every time and then remove it (so that the bits will be there when you want them).  However remember that with Hyper-V in Windows Server 2012 the limits are pretty incredible, and it is entirely possible that you will have up to 1,024 VMs on a host; that means that the few megabytes required for the GUI bits could add up.

Whether you opt for the Server Core, Full GUI, or the MinShell compromise, Windows Server 2012 is definitely the easiest Server yet to manage, either locally or remotely, one-off commands or scripts.  What I expect admins will be most excited about is the choices.  Run your servers your way, any way!

Linux Integration Services for Hyper-V 3.4

Linux PenguinThis post was originally written for the Canadian IT Pro Connection blog, and can be seen there at

Microsoft has been taking tremendous steps to prove that Hyper-V is not simply the best hypervisor for Windows users and administrators, it is also a viable option if you have Linux servers as well.  Last week Microsoft released the Linux Integration Services v3.4 for Hyper-V.  Integration Services are the tools that you need to get the full functionality of your hardware within a guest OS, including the drivers that enable synthetic device support in (supported) Linux virtual machines under Hyper-V.

Here is the overview of what is included:

When installed in a supported Linux virtual machine running on Hyper-V, the Linux Integration Components provide. Driver support: Linux Integration Services supports the network controller and the IDE and SCSI storage controllers that were developed specifically for Hyper-V. Fastpath Boot Support for Hyper-V: Boot devices now take advantage of the block Virtualization Service Client (VSC) to provide enhanced performance. Time Sync: The clock inside the virtual machine will remain synchronized with the clock on the virtualization server with the help of the pluggable time source device. Integrated Shutdown: Virtual machines running Linux can be shut down from either Hyper-V Manager or System Center Virtual Machine Manager by using the “Shut down” command. Symmetric Multi-Processing (SMP) Support: Supported Linux distributions can use multiple virtual processors per virtual machine. The actual number of virtual processors that can be allocated to a virtual machine is only limited by the underlying hypervisor. Heartbeat: This feature allows the virtualization server to detect whether the virtual machine is running and responsive. KVP (Key Value Pair) Exchange: Information about the running Linux virtual machine can be obtained by using the Key Value Pair exchange functionality on the Windows Server 2008 virtualization server. Integrated Mouse Support: Linux Integration Services provides full mouse support for Linux guest virtual machines.

The requirements are simple: If you have Hyper-V (including Windows Server 2008 RTM and Windows 8) on the host, and a supported build of Linux in the guest OS, the LIS will work.

Supported builds:

I am not an expert in Linux, but I do know that previous LIS sets supported several builds, including:

This most recent build only includes support for several builds of Red Hat Enterprise Linux (5.7, 5.8, 6.0, 6.3).  This is not because Microsoft does not care about Linux, nor because it feels that other builds are less important.  Simply stated, all versions of Linux based on Linux Kernel 2.6.32 and later include the drivers for Linux in Hyper-V out of the box.  There are articles on-line which explain how to enable these modules (see article from Port 25).

Microsoft wants you to use Windows Server; they are also realistic to know that not everyone does, and there are a huge number of heterogeneous environments out there.  Just because you use Linux in addition to Windows Server does not mean that you should discount Hyper-V (and all of its great benefits) as your hypervisor of choice.

By the way, the best resource that I have found for Open Source support with Microsoft technologies is the Port 25 Blog right here on TechNet… Check them out here.

Just in time… Second Shot Exams Are Back!

Why do I say Just in Time? Windows Server 2012 and Windows 8 exams are coming out soon, and there’s a good chance that you may still have to write a few exams to earn your MCSE!

I don’t know if they are THE most popular promotions that Microsoft Learning offers, but if they are not then they have to be right up there…


Simply stated: when you take an exam (for $150 per exam) you are going to be nervous… it’s a lot of money for something that is not a sure thing.  Now, I have written before about what you take away from failing an exam, but that is small consolation when you know you have to pay another $150 to retake it.

With Second Shot promotions from Microsoft, you have the peace of mind knowing that if you do fail the exam you get to take it again… for free.  How cool is that?

Now, the question I get all the time is ‘What happens if I pass the exam the first time? What do I get?’ Normally, you get a certification, as well as all of the time that you would have needed to study and retake the exam.  No, you cannot take a different exam for free if you pass it.

So how does it work? Follow these steps (C&P from Eric Ligman… thanks Eric!)

    1. Register to receive a Second Shot voucher for either a single exam or a certification pack (certification packs not only offer you the Second Shot, but also save you at least 15% off the single exam prices too).
    2. Using the Second Shot voucher number, schedule and pay to take your initial exam through our testing provider, Prometric, at
    3. Take your exam.
    4. If you do not pass your exam the first time, you may register to take the same exam again at no charge, via Provide them with the same Second Shot exam voucher number when registering the second time.
      • NOTE: Please wait one day after failing the exam to register for the retake, to allow for test results to be entered into the system.

How long is Second Shot available?

  • Second Shot voucher offer is available from August 27, 2012 to May 31, 2013.
  • Exam voucher expires on May 31, 2013 for single exams (with 070 and 071 prefixes), June 30, 2013 for academic exams (exams with a 072 prefix), and December 31, 2013 for certification packs

Which certification exams is Second Shot available for?

Looking for more info? Check these links out:

Good luck on your Microsoft certification path and enjoy the Second Shot offer for both your individual exams and exam pack purchases.

(Portions cut & pasted from Eric Ligman’s blog at

Client-Side Hyper-V: How Microsoft is changing the game

I have been a virtualization guy for a long time, so when Microsoft released Hyper-V 2.0 with Windows Server 2008 R2 I was among the first to ask why they weren’t including it in the client OS.  In my opinion it was a no-brainer.

With the launch of Windows 8 with the client-side Hyper-V, they made a Layer 1 hypervisor available to the masses.  True, there have been free Layer 1 hypervisors for years (Hyper-V Server, ESXi and others), but they required another machine to manage them, and those machines had to be properly networked.  There are people out there who do not have multiple systems to play with.  When it comes to doing demos outside of your office environment not only would you need two systems, but they would both have to be portable.  For most of us, this was unmanageable.

Of course, Windows 7 did have Virtual PC, and even Windows XP Mode.  These were great solutions for what they were, but Virtual PC never supported 64-bit guests, which meant that in order to run a x64 OS (such as Windows Server 2008 R2) you needed a third-party virtualization platform.  It also meant that, as an MCT, if you wanted to run the Microsoft Official Curriculum courses on your system you needed to be running Windows Server 2008 as the base OS.

Alas, in Windows 8, Windows XP Mode is no more; however that doesn’t mean that if you need to run Windows XP you cannot simply build a Hyper-V machine running that OS.  Same is true for Windows 7, which I run in a VM for two distinct reasons: so that I can answer questions for the vast majority of people who are still running that platform, and because Windows 8 no longer supports desktop gadgets.  (If this second reason sounds a bit peculiar, then you should know my secret: I use the Windows XP End of Support countdown gadget to keep you all informed as to the number of days left until #EndOfDaysXP Smile).

In my professional capacity I have needed Hyper-V on my laptop for several years; I have used one of three methods of achieving this need: Dual Boot, Boot from VHD, and occasionally Native Boot.  All of this because I also needed the Windows client on my laptop.  Now, however, I can run my virtual machines (32-bit or 64-bit) from Hyper-V in Windows 8, and I don’t have to decide how I am going to boot my laptop each time I start up.

In addition to installing Hyper-V in the Native Boot Windows 8, you can also install it in a Boot from VHD environment, as well as on a Windows To Go (WTG) key.  However on those you should be even more aware of where you are storing your VMs, because storage space will be more scarce.

SNAGHTML3f56db4In addition to the native hypervisor, you might also want to install the Hyper-V Management Tools (either GUI or PowerShell, or both) on your client.  By doing this you can now manage remote Hyper-V servers from your desktop (in the same way that you could do in Windows 7 by installing the Remote Server Administration Toolkit).

To install these features, simply open the Windows Features screen, and select the desired features (Hyper-V Platform, Hyper-V Management Tools).

  1. From the Windows 8 Start Screen type Features.  Ensure that Search is in the Settings context.
  2. Click Turn Windows Features On or Off.
  3. The Windows Features window will appear (pictures at left).  scroll to the Hyper-V context.
  4. Expand Hyper-V, and select the desired features.

Just as is needed in Server, Windows will install Hyper-V, and then will need to reboot twice (See the article Layer 1 or Layer 2 Hypervisor? A common misconception and a brief explanation of the Parent Partition).

Once the reboots are complete, you will be able to create and start virtual machines, just as you would in Windows Server.  You can import and export them, pause, save, and snapshot them… just like you would in Windows Server!

Now it is important to remember that the same hardware requirements for Hyper-V apply to the client.  Your CPU needs to support hardware virtualization, and it must be enabled in the BIOS.  For that reason I don’t expect that MacBook users will be taking advantage of this option.  You also need to have Second Level Address Translation (SLAT).  However if you bought your PC within the last five or six years (and it doesn’t have an ATOM processor) then I expect you will be fine.

By the way, while I was writing this article I was made aware of a similar one in Windows IT Pro Magazine.  Check out Orin Thomas’ article on the  Hyperbole, Embellishment, and Systems Administration Blog called Windows 8’s “Killer Feature” for Microsoft Certified Trainers.

Good luck, and may the virtual force be with you!

Are you a Microsoft Certified Professional?

Microsoft Certified Professional

The MCP logo (since 2002)

As we celebrate twenty years of Microsoft Learning, it is amazing to see some of the changes that the certification program has gone through.  I remember the first day I was ever able to call myself a Microsoft Certified Professional (MCP).  It was March 31, 2003, and I was ecstatic!

When Microsoft Learning unveiled the new (now old) certifications model in 2006 the MCP was supposed to be retired.  Not the program itself, but the actual cert.  We would still log into to access our accounts, but if you passed any of the new exams you would now be an MCTS or an MCITP, but not an MCP.

I sat down with Erica Cravens of Microsoft Learning recently and she explained to me that with the newest iteration of Microsoft certifications, the MCP designation is back.  If you pass an exam from Microsoft Learning, you will earn the MCP credential, as well as the right to use that logo.

Speaking of logos, I am holding out hope that there is a new logo in our future… maybe as an anniversary present next year marking 10 years as an MCP for me Smile

Can you convince your boss to let you get certified? UCA!

English: Microsoft Certified IT Professional

One of the benefits I get from conferences like Microsoft TechEd is reconnecting with friends and colleagues that I only see at these shows.  David and I have been friends for a couple of years, and when we discovered that we were  both staying over an extra night we decided to splurge and drive a ways to Tampa for dinner at what is in my opinion the best steakhouse and among the best restaurants in North America – Bern’s Steakhouse.

Of course it is slightly over an hour’s drive each way, so in addition to the 2.5 hours we spent in the restaurant we had plenty of time to discuss all sorts of topics, some personal but many business and technology related.

David works on the Microsoft Windows team at Microsoft.  His current area of focus is virtual desktop infrastructure (VDI), which is a subject that have been talking about to user groups for the past six months.  We definitely had a lot to discuss!

He was telling me that in a past job he ran an entirely VMware-based virtualization infrastructure, which makes sense because at the time most virtualized datacenters were running VMware.  He told me he thought it amusing that to this day a Google search of his name comes up with a presentation he did years ago at VMworld.

Speaking at VMworld is a very prestigious gig, on a par to speaking at Microsoft’s TechEd or MMS.  I would have thought that in order to be invited you would have to have at least a VMware Certified Professional (VCP) cert.  He told me that he wasn’t, and the reason for it was VMware Learning’s requirement that you take their course before you sit their exam, and since he knew the product well enough to run a datacenter for the City of Las Vegas, it was a tough sell to his boss to get them to give him the week off as well as pay for the class and exam.  It was not a battle he was ever able to win, so he never got VMware certified.

We started talking about his employer’s position, and that it was, after all, a reasonable one.  In the case of an IT pro who is already proficient on a technology, certifications are for your next job, not for your current one.

Some people are able to learn a technology on their own better (and certainly cheaper) than they could from a class.  Is this always true?  Of course not… it is only true of some of us.

If you know a technology and you have proven it in a production environment for your employer then although it may be reasonable to spend a couple hundred dollars on an exam that is done in an afternoon, there is little value in paying thousands of dollars for a course that takes you away from your job for several days to a week.

So if my previous statement is true, that certifications are for your next job, then what value should a company see in an IT education and certification budget and plan for its employees?

There are a number of answers to that question, and depending on the individual in question one of the following answers should help.

1)      An IT professional may know version X of a technology, but that does not mean that they will know version X+1.  For example, I am certified in Network Infrastructure on Windows 2000 and 2003, but I still studied for and wrote the exam for Server 2008.  Why?  It covers new technologies that most of us could not simply read about and then implement following best practices.  New roles and features such as virtualization, Remote Desktop, and IPv6 meant that I had a lot to learn.  A company who has technologists working on legacy products would benefit from a course that teaches the new technologies, as well as a good refresh to the old ones.

2)      When employees change roles – even within IT – education can prepare them for that new role.  I know plenty of IT pros who have been promoted out of desktop support into the server side, but knowing the one does not mean you automatically know the other.

3)      Certifications are the proof that you have the respect for your profession to learn the material the right way, and then take the time to sit down and write a test created by a panel of subject manner experts (SMEs) and prove it.  They are also a good way to learn where you are weak.  Whether you pass or fail the exam your score report (from a Microsoft exam) will let you know what aspects of the technology you are weak on, so you can go back and study those specific parts more.  The first exams I ever wrote (Windows 2000) simply said ‘Fail’ or ‘Pass’, which meant I never learned how close I was to succeeding, nor what I had to brush up on in order to do that.

4)      Technologies change, job roles change.  Over the past ten years desktop deployment specialists have had to learn components of Windows Server, Active Directory, Windows Deployment Server, Microsoft Deployment Toolkit, the Windows AIK, and of course System Center Configuration Manager.  Individually some of these are easy enough to self-learn, but for most of us they take a good deal of learning to get right.  Hacking around in Active Directory or System Center production environments when you don’t know what you are doing is just a bad idea.  A class, especially one led by a leading trainer who is also a consultant and can discuss real life scenarios and experiences that can point out shortcuts and pitfalls to be aware of is often worth so much more to the company than the cost of the class.

5)      There are companies that require industry certifications by virtue of corporate policies or external regulatory bodies.  Although many certifications do not expire, they do eventually become irrelevant.  A professional who was hired based on Server 2003 certifications nine years ago was cutting edge, but as the infrastructure is migrated to Server 2008 or Windows Server 2012 those certifications are now meaningless, and with the changes in the industry (such as the advent of the Private Cloud) they may be required to recertify as an MCSE: Private Cloud (for example) in order to remain within scope of the policy or regulations.

The list can go on and on, but the simple fact is this: spending one million dollars is not a waste if you can prove that your return on investment (ROI) will be two million dollars.  If you are struggling to convince your employer/manager/director that they should be sending you for certification training, you simply have to show them what that ROI will be.  However remember to balance that with what it would cost them to replace you with a newer model with the current certs!  Experience and tenure are important, but the era of corporate loyalty is behind us, and I have seen too many times professionals talk themselves out of their jobs by telling their boss how much they have to spend on certification and continuing education.

Good luck!

Winners – in more ways than one! Get your vouchers!!

Microsoft Certified Technology Specialist

Microsoft Certified Technology Specialist (Photo credit: Wikipedia)

On Monday I announced in this space that thanks to my friends at TekSource Corporate Learning ( I had nine (9) exam vouchers to give away for the Microsoft exam 70-659 (TS: Windows Server 2008 R2, Server Virtualization).  The response was incredible, and I want to thank everyone who entered the draw!

I want to congratulate the winners:

  • Gregory Longere
  • Darrell Hutchinson
  • Bruce Richardson
  • Sumeeth Evans
  • Mike Ruicci
  • Victor Nichols
  • Tyler Coan
  • David Clark
  • Jordan Samulaitis

Remember… by passing the exam you are a winner, but just by trying you are one too!

Now you all have an obligation to me to take the exam before the deadline – May 31st, 2012! I would love to hear how you did, and if you are proud of your success, or you felt that this contest prompted you to get out there and do it now instead of later, write it up… I’d love to publish your story! (Bonus points for anyone who scans their score report… you have to be REALLY proud of it for that!)

Virtualizing your Domain Controllers

I am asked all the time what the best practices are for domain controllers in a virtualized environment.  There are several that I will call out, but let’s begin with the simplest rule.

You should never have ONE domain controller.

This rule is not only true in virtualized environments, it is always true.  If you are too small to have a domain that is fine, but if you have a domain you should have two DCs.  If you run Windows Small Business Server that rule is just as true – join a second server to the domain and promote it.  YES IT DOES WORK, please don’t argue it again! Smile

You can absolutely virtualize your domain controllers.

I hear this question from people all of the time… and the reality is that there is nothing wrong with virtualizing your DCs.  If the main concern is the Time Synchronization issue, then there is a simple answer for that.  Your Active Directory domain resources will not be able to authenticate if the time is off by more than 300 seconds (5 minutes).  However that skew is from the domain, and not your wrist watch.  If your radio says it is 3:15pm and your domain says that it is 10:38am, the only thing that matters is that your network resources think that it is between 10:34 and 10:42. 

In simple terms, if one time resource is off it is bad… if ALL of your time resources are off, it’s not.  This theory may fall down with external resources – I have noticed that Twitter (or at least many Twitter clients) are sticklers for time, and if you are off then you will not be able to authenticate.  Lync can also be an issue, and I am sure there are dozens of other externally provided services that will cause issues.  However internally as long as your client and your server have the same wrong time, you’ll be fine.

So with that being said, my tendency is to select one domain controller and configure it to synchronize with an external time server.  I will then create a GPO in my domains to use that server as the authoritative time source for the entire network.  That prevents all manner of things from going wrong if you find the time is off.

Your Domain Controllers should be just that… and not much else!

Your DC should not be a file server, database server, media server, deployment server, update server… there are only three services that my domain controllers generally perform: Active Directory Domain Services, Domain Naming Service (DNS) server, and Distributed Host Configuration Protocol (DHCP) servers.  In my networks these three services go together nearly all of the time.  I don’t know of any good reason to put anything else on a domain controller, and every time someone says ‘Well what about…THIS?’ I disagree.

Of course, sometimes you don’t have a choice… Windows Small Business Server is a good example of that, but as you have likely heard me say before, SBS out of the box forces you to break a lot of rules that are simply not meant to be broken.  If you ever hear me discuss it I have said there are ways to make it more palatable… but that does not change the facts.  This is one reason I always tell my classes that it is easier for an enterprise administrator to adapt to small business IT than it is the reverse… the good habits of the enterprise admin will never hurt the SBS (although they may be considered overkill); some of the habits of small business IT Pros can, conversely, do serious damage to the enterprise IT environment.

Don’t P2V your domain controllers.

This rule is not as clear-cut as the others, but calls on some of them.  I do not believe in performing physical to virtual (P2V) migrations of domain controllers.  If an organization does have a physical domain controller that they would like to retire, I feel the following is a much safer and cleaner practice:

  1. Before you begin (as much as 10-14 days in advance) I will reconfigure the DHCP scope on the server in question to shorten the address length from whatever is currently in place (by default 8 days) to 1 hour.  This will prevent or at least minimize problems later on.
  2. When you are ready, create a new virtual machine and install the operating system.  Make sure you patch it to the most recent service pack, and apply all applicable critical and security patches.
  3. Join the new server to the domain, and promote it to domain controller.  Assuming you are on Windows Server 2008 R2 Service Pack 1 (which you should be by now!) you need to install the Active Directory Domain Services role, but the dcpromo.exe command will do that for you.
  4. After the server reboots, it will begin to synchronize with the Active Directory.  Remember, since AD is a distributed database, when you add a new server to the mix it will simply (over a period of time directly related to the size of your organization, factoring for network bandwidth issues) receive a complete copy of the AD that will be identical (upon completion) to the original server.  DNS will do the same thing, as long as you a) install the DNS role when you promote the server, and b) your DNS Zones are configured as Active Directory Integrated.
  5. Install and configure the DHCP Server role in the new domain controller.  If you have room to grow with your IP addresses I would recommend creating a completely different scope, but if you are tight then creating an overlapping scope will only cause very temporary headaches, most of which will be mitigated by doing this switchover during off-peak hours.  Remember to copy any reservations from the original server, especially when you have devices (such as printers) that require specific addresses.  Also, do not forget to verify that all of your Scope Options are properly configured.
  6. Stop the DHCP Server service on the original server (net stop “DHCP Server”).  Again, If your scopes are overlapping be sure to do this during off-peak hours.
  7. If the physical box held any of the Flexible Single Master Operations (FSMO) roles then you should transfer them to the new server, or to another domain controller in the organization.  If you forget to do this they can later be seized, but this is the easiest and least intrusive way of doing it.
  8. You can leave your source DC on for a week or two, but after a day or so I would usually power it down; don’t reformat it or throw it out just yet, but at this point you are ready to go!

One of the rules of P2V Migrations is GIGO: Garbage In, Garbage Out.  In other words, any legacy issues you may have had previously – whether it’s clutter, breaks, bugs, or whatnot – goes with you.  With the distributed database replication model of Active Directory you get to start fresh, with all of your data. 

This method is also a great way of upgrading a DC from Windows Server 2003 to Server 2008 R2 – rather than do an in-place upgrade, you can simply do the side-by-side virtualization dance.  It won’t change your schema or upgrade your Domain (or Forest) Function Level, although if it is the first 2008 R2 domain controller in your domain you will have to run a couple of scripts to prepare the domain by running the following commands:

(On the server that holds the Schema Master FSMO role): adprep /forestprep

(On the server that holds the Infrastructure Operations Master FSMO role): adprep /domainprep /gpprep

That’s about it… as I mentioned, there may be exceptions if your DC is doing something that (according to my guidelines) it is not supposed to be doing, but then again this may be a great opportunity for you to step in line with best practices and separate other roles from the domain controller.

No go forth and virtualize your Active Directory Domain Controllers!

My Certification History, and the Importance of Multi-Vendor Certifications

In 2001 I had an intern working for me at IGS Security whose name I cannot recall, but she was a student at LaSalle College, and was working toward earning her Microsoft Certified Systems Engineer (MCSE) certification. She and I did not get along very well, and she left early with a bad attitude… although some of it was justified.

One of the conversations that we had was around certifications, and she was working on hers, but didn’t have any yet. I told her (stupidly) that I could get my MCSE if I wanted to, but didn’t have the time nor see the value in it. When she quit she wrote a letter to my boss and among other accusations (which were not true) she brought this one up (which was). I felt bad about it, but never contacted her to apologize. I did, however, make the decision to start working toward that credential, and with a little help from friends and family embarked upon an incredible journey that has changed my life.

clip_image001Since I earned my first certification on March 31, 2003 I have been extremely proud to hold industry certifications. It was on that day that I passed exam 70-210 and was officially (and still am) a Microsoft Certified Professional (MCP). That afternoon I went out and downloaded the MCP logo (I may have had to wait a few days until I got the confirmation e-mail from Microsoft Learning), and went into the company where I worked and resigned my position as Director of M.I.S. I knew that I could now demand a much higher salary… and I was right, to a point.

clip_image002I needed to pass a number of other exams in order to achieve my next certification, which was the Microsoft Certified Systems Administrator. I earned the one on Windows 2000 on May 27, 2005, and a year later (June 30, 2006) I passed the upgrade exam to be an MCSA on Windows Server 2003. I now had a senior certification, and was as proud as a peacock. Within the Microsoft world I was on my way!

clip_image003With my senior certification under my belt, it did not take long before I was able to qualify as a Microsoft Certified Trainer (MCT). This took a little more work, because in those days I didn’t have a credit card, and unlike regular certifications, there is a $400/year fee to being an MCT. As well I had not taken the Train the Trainer class, so I had to get proof from a Certified Partner for Learning Solutions (CPLS) that they wanted me to train for them. Versalys in Montreal provided the letter, and in August, 2006 I earned that right.

clip_image004In the same month – August 29, 2006 to be exact – I earned my Microsoft Certified Desktop Support Technician (MCDST) cert. It was, to date, the easiest senior cert that I had achieved, but that is probably because it was two exams on Windows XP, a platform that I had been using and supporting for five years. That was the first time that I had passed two exams on consecutive days… the truth was I thought about taking one in the morning and the next in the afternoon, and do not remember why I didn’t… it was probably either because I was busy in the afternoon (or did not want to schedule a full day away from clients) or because I was simply afraid that if I failed the first exam I would never be able to pass the next. That achievement – multiple exams passed in a single day – would have to wait a little while longer!

clip_image005I knew that that with Windows Server 2008 and Windows Vista that Microsoft was evolving their certifications model… there would no longer be an MCSE, MCSA, or MCP… rather most exams would earn the candidate an MCTS (Microsoft Certified Technology Specialist), and the PRO exams, in conjunction with the TS exams, would earn a senior cert. My first MCTS was on Windows Vista (Configuration). I believe that was the first exam that I ever took in beta (pre-release) and I took it the first morning that it was available, which was October 31, 2006. I would not get confirmation that I passed it until January of 2007, but according to my certification transcript I earned it on the day I took the test, making it the first (of many) certifications to which I had the honour of being a Charter Member. I don’t know how many become charter, but it means I was one of the first.


The only two certifications I would earn in 2007 were my first two senior certifications of the new model… My first Microsoft Certified IT Professional (MCITP) was MCITP: Consumer Support Technician, which I earned April 2, 2007. For reasons that I cannot recall it took two more months to be accredited as an MCITP: Enterprise Support Technician, which I was awarded on June 18th of that year. However I actually passed the qualifying exam for it several times – including once dating back to the first beta – December 22, 2006 – but I was never able to get Microsoft to change the date of the award on the transcript. I am, however, still a Charter Member of that cert.

clip_image007Over the course of the next few years I earned several other Microsoft certifications – several MCTSes and a handful of MCITPs – but in December, 2010 I decided that I had put off my original goal for too long. I had always said that I wanted to be an MCSE, and despite that being an older certification on legacy technology, I think I knew deep down that it meant something, because it was my original goal. I think that it is important to set goals, and although there is nothing wrong with modifying them along the way, sometimes our goals have a significance other than the obvious.

I know that over the years I have lost contracts and jobs because I didn’t have the MCSE… even though by a certain point I DID know the material… at least most of it! I can think of two companies where I was told ‘Sorry, we really do need someone with the MCSE after their name.’ I mean, in 2010? Really? Ok, so be it. It may have been meaningless going forward as people started to understand that MCITP was the new MCSE, but I decided in December of 2010 to do it. I looked at my transcript, used the Certification Planner (which is a great tool on the MCP site that lets you know what requirements are left for any given certification), and realized I was short two exams… both of which I had failed once before.

I wouldn’t say that 70-293 (Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure) was the hardest exam I had even taken, but it was the one I struggled with most. I had failed it not once but three times, twice dating back to 2008, and once earlier (February) of 2010. I decided to really dedicate myself to passing this time. I studied my butt off, and when the final screen showed ‘Congratulations you passed’ and that my score was 866, I was thrilled! Now all I had to do was…

I had failed 70-297 (Designing a Microsoft Server 2003 Active Directory and Network Infrastructure) before, in 2008. It was then that I learned about testlets… and how much I did not like them. I was worried because the format of the exam was so different, but again, I was a lot more experienced than I had been in 2008, and I wrote the exam the day after I passed the previous one… and for the first time in a very long time I took nearly all of the allowed time. I am generally a fast test writer, but I made sure I left nothing on the field for this one. When the screen said that I passed I was relieved… but when the score report showed that I scored a perfect 1000, I gasped! I had never done that before, and was shocked, thrilled, elated… and surprised! On December 15, 2010 I was finally able to proudly call myself a Microsoft Certified Systems Engineer (MCSE).

it would take a few more months for me to earn the last Microsoft certifications that I wanted… MCITP on Windows Server 2008 (there are two – Server Administrator and Enterprise Administrator). I had already earned the MCITP: Virtualization Administrator, but that was a specialty cert, while the SA and EA were essentially the 2008 versions of MCSA and MCSE. I wrote the three requisite MCTS exams in one day – the first and last time that I will ever try that again! I passed them all, but it was nerve wracking. The following month I went into the testing center prepared for exam 70-696 PRO: Windows Server 2008, Server Administrator. It was another bear – a testlet-type exam like the 297 Design exam, and although I was not prepared for that, I did know the material, and was glad that I was able to pass it. The following day I went back confidently to pass 70-697… and failed.

clip_image008You should never underestimate or take a certification exam lightly… it is a recipe for failure, as I discovered that day. It was, in my humble opinion, one of the toughest exams I had ever written. As I wrote recently in an article Wow that certification exam was TOUGH! exams are not meant to be easy, and the more valued the certification the tougher the exam should be. It took me a few more months to both find the time and the energy to prepare for and re-take the exam, but on December 20, 2011 – a year after finally earning my MCSE, I became an MCITP: Enterprise Administrator on Windows Server 2008. Not since my early days of certifications had I been as proud of a credential as this one.

clip_image010clip_image012Of course, I have discussed my journey to Microsoft certifications, but I have not discussed the others… I am also certified in VMware – both by VMware themselves, and by VMTraining, a third party training company that has their own course called the vSphere Ultimate Bootcamp. Both of these companies have their own certification exams, and I am proud to have passed both of them for both vSphere 4 and the current vSphere 5. I have said for years that IT should never be about religion, it should be about the best tool for the job. Until recently Microsoft was a bit-player in the server virtualization space, and while that has changed and will change more with the release of Hyper-V 3.0 with Windows Server 8, VMware is still the industry leader in that space, and I could never represent and discuss Microsoft Virtualization properly without knowing the competition, and besides, the certification has helped me get a number of consulting gigs in VMware shops!

The point is I have never been hurt by certifications, and when people ask me if they are still relevant or important I point to both the gigs I have gotten because of them… and the ones I have not gotten. I tell them that when I am asked to consult on a hire (which I do from time to time) one of my first qualifiers is always ‘What certifications does the candidate have?’ I consider certifications proof that the professional has the respect for their field to not only do things the right way, but to prove it. So if you are not certified, I think it is time to seriously consider getting so… your career will thank me for it!

Wow that certification exam was TOUGH!

I was so excited in 2003 when I passed my first certification exam and became a Microsoft Certified Professional.  I immediately went out and printed new business cards with my new MCP logo, quit my (reasonably low-paying) job, and decided to make my own way as an independent computer consultant.  It was, up to that point, the proudest day of my IT career.

Whenever people complain to me that certification exams are hard, I remind them that if they were easy then the credentials would be worthless.  The harder we have to work for a goal, the higher we value it – the higher it is valued by others.  As the famous quote states:

“The harder the conflict, the more glorious the triumph. What we obtain too cheap, we esteem too lightly; it is dearness only that gives everything its value. I love the man that can smile in trouble, that can gather strength from distress and grow”  –Thomas Paine

So really, why would you ever want a certification exam to be easy?  I remember walking out of one exam that I took several years ago fuming because it was too easy.  I was angry because I felt it diminished the value of all of my certifications, and was glad when Microsoft Learning revisited that exam and did make it tougher… somewhat.

I know, looking at my transcript, which were easier and which were not… but I also know by speaking with my peers.  There was a time when we simply didn’t discuss failed exams… although one good friend of mine, with whom I went through many of my early certs, made me a bet about one exam that he had failed three times.  I couldn’t understand at that point how someone could actually fail one exam that many times… I have since learned the hard way.

One friend of mine – someone I consider to be smarter than I am – has failed one particular exam four times.  That is rough… but it is among the hardest exams I have ever taken.  To be fair, it took me a second try to pass it, but I was glad when I did.  Maybe glad is the wrong word… thrilled, relieved, exhausted, and elated are all accurate.  The exam was 70-647 PRO: Windows Server 2008, Enterprise Administrator.  It is easy to underestimate these exams, but it is a PRO exam, which means you have to really know your stuff… and not just the answer to questions, you have to be able to weigh the needs of different people and departments in a client environment before selecting an answer.  The exams that go through scenarios (testlets) and ask you several questions on that environment help to not only understand the technology, but also what is required to be a trusted business advisor to your customers.


That certification – the MCITP: Enterprise Administrator – is in my experience the toughest of the MCITP certifications available today.  It is a worthy successor to the retired Microsoft Certified Systems Engineer (MCSE) which remains among the most recognized industry certifications today.  It is rigorous – you need to pass five exams – 70-640, 70-642, 70-643, 70-647, and a desktop exam.  However when you do obtain this credential, hiring managers will take notice.


If this is a bit much (and for a lot of people it is not just a question of being too hard, it is simply overkill) then Microsoft offers another certification – MCITP: Server Administrator – that I see as the successor to the Microsoft Certified Systems Administrator (MCSA) from Windows Server 2000 and 2003.  It is also tough, but only requires three exams… 70-640, 70-642, and 70-646.  If you are paying attention, you will notice that the SA cert requirements are a subset of the EA cert, so if you are working toward your Enterprise Admin, but need more time, it may be worthwhile to take the extra exam and get the SA once you have passed the first two exams.

MCITP(rgb)_1084_1085 MCTS(rgb)_1078_1080_1079_1310

Once you earn both credentials you will actually have six separate certifications, which may not be more knowledge than you would have had with the MCSE model, but it does make for a slightly more impressive transcript.  For all of the people who would say ‘I have four MCPs’ or ‘I am an MCP in Server Infrastructure and Active Directory’ they were really just MCPs.  Today you can show potential employers exactly where you are in your certification roadmap, and what you have left.  It also, frankly, looks better.

The harder you work on your certifications the sweeter they will be… but the current model also allows you more milestones along the way… I remember thinking back when I started out that it was cool that I got a certification with my first exam, but how disappointing was it that I needed to pass six more exams until I got my next cert?  The introduction of the MCSA made it a little better – only four exams for that.  Now every time you pass an exam you can add it to your transcript, and it does show more granular progress.  So the MCITP: EA may be harder than previous iterations, but you can at least hang your hat along the journey with measured progress.

Of course… soon enough Microsoft will be releasing Server 8, and I’ll have to start all over again…