Archive for the ‘Virtualization’ Category

(2012-10-09) Configuring A Network Switch In Windows Server 2008 R2 Hyper-V With PowerShell

Posted by Jorge on 2012-10-09

For a project at my customer I was creating a PowerShell script to fully automate the installation and configuration of Hyper-V that was going to be used for security sensitive virtual machines. One of the steps was configuring the network switches within Hyper-V. To achieve that I searched the internet for snippets that used native CMDlets.

This is how it looks like:

$localHyperVHostName = $ENV:COMPUTERNAME 
$virtualSwitchMgmtSvc = Get-WMIObject Msvm_VirtualSwitchManagementService -namespace "root\virtualization" -computername $localHyperVHostName 
$physicalNetworkAdapters = Get-WMIObject Msvm_ExternalEthernetPort -namespace "root\virtualization" -computername $localHyperVHostName | ?{$_.IsBound -eq $False -And $_.EnabledState -eq "2"} 
$ExternalEthernetPortNameVMsLAN = Get-WMIObject win32_networkadapter | ?{$_.NetConnectionID -eq "VMs LAN"} | %{$_.Name} 
$ExternalEthernetPortVMsLAN = $physicalNetworkAdapters | ?{$_.Name -eq $ExternalEthernetPortNameVMsLAN} 
$InternalEthernetPortFriendlyNameVMsLAN = "VM Guests Network" 
$InternalSwitchPortFriendlyName = "InternalSwitchPort" 
$ExternalSwitchPortFriendlyName = "ExternalSwitchPort" 
$switchGuidVMsLAN = [guid]::NewGuid().ToString() 
$InternalSwitchPortGuidVMsLAN = [guid]::NewGuid().ToString() 
$ExternalSwitchPortGuidVMsLAN = [guid]::NewGuid().ToString() 
$InternalEthernetPortGuidVMsLAN = [guid]::NewGuid().ToString() 
$resultCreateSwitchVMsLAN = $virtualSwitchMgmtSvc.CreateSwitch($switchGuidVMsLAN, $InternalEthernetPortFriendlyNameVMsLAN, "1024", $null) 
$switchVMsLAN = $resultCreateSwitchVMsLAN.CreatedVirtualSwitch 
$resultCreateInternalSwitchPortVMsLAN = $virtualSwitchMgmtSvc.CreateSwitchPort($switchVMsLAN, $InternalSwitchPortGuidVMsLAN, $InternalSwitchPortFriendlyName, $null) 
$switchPortInternalVMsLAN = $resultCreateInternalSwitchPortVMsLAN.CreatedSwitchPort 
$resultCreateExternalSwitchPortVMsLAN = $virtualSwitchMgmtSvc.CreateSwitchPort($switchVMsLAN, $ExternalSwitchPortGuidVMsLAN, $ExternalSwitchPortFriendlyName, $null) 
$switchPortExternalVMsLAN = $resultCreateExternalSwitchPortVMsLAN.CreatedSwitchPort 
$resultSetupSwitchVMsLAN = $virtualSwitchMgmtSvc.SetupSwitch($switchPortExternalVMsLAN, $switchPortInternalVMsLAN, $ExternalEthernetPortVMsLAN, $InternalEthernetPortGuidVMsLAN, $InternalEthernetPortFriendlyNameVMsLAN) 
Start-Sleep -s 30 # This is needed to that Hyper-V has the time to finish the creation of the switch
$InternalEthernetPortVMsLAN = Get-WMIObject Msvm_InternalEthernetPort -namespace "root\virtualization" -computername $localHyperVHostName | ?{$_.ElementName -eq $InternalEthernetPortFriendlyNameVMsLAN} 
$virtualSwitchMgmtSvc.DeleteInternalEthernetPort($InternalEthernetPortVMsLAN) | Out-Null

After being almost finished, I found the Hyper-V PoSH module on Codeplex created by a few Microsoft engineers. I also decided to achieve the same result, but instead using these new CMDlets.

This is how it looks like:

Import-Module HYPERV
$localHyperVHostName = $ENV:COMPUTERNAME
$SwitchNameVMsLAN = "VM Guests Network"
$nicVMsLAN = Get-WMIObject win32_networkadapter | ?{$_.NetConnectionID -eq "VMs LAN"} | %{$_.Name}
New-VMExternalSwitch -VirtualSwitchName $SwitchNameVMsLAN -ExternalEthernet $nicVMsLAN -Server $localHyperVHostName -Force
Remove-VMSwitchNIC $SwitchNameVMsLAN -Server $localHyperVHostName -Force

See the difference? That just rocks!

I decided to continue and use the Hyper-V PoSH module as that was why easier to get stuff done!

By the way, if you want to install the Hyper-V PoSH module, don’t use the installation steps provided, but rather extract the ZIP file and move the HYPERV folder and its contents to the “C:\Windows\system32\WindowsPowerShell\v1.0\Modules\” folder.

Cheers,

Jorge

———————————————————————————————

* This posting is provided "AS IS" with no warranties and confers no rights!

* Always evaluate/test yourself before using/implementing this!

* DISCLAIMER: http://jorgequestforknowledge.wordpress.com/disclaimer/

———————————————————————————————

############### Jorge’s Quest For Knowledge #############

######### http://JorgeQuestForKnowledge.wordpress.com/ ########

———————————————————————————————

Posted in PowerShell, Virtualization | Leave a Comment »

(2012-05-26) Using Both Microsoft Hyper-V And VMware Workstation On The Same Machine

Posted by Jorge on 2012-05-26

I have been using VMware workstation since the beginning of time, well almost then! Smile . Yes, I’m a huge Vmware workstation fan because it gives me all the flexibility I need on my work laptop to give demos, perform tests, etc. Features I really like are: USB support, network redirector to access data on the host without IP connectivity, copy paste to/from VM from/to host, easiness to copy/distribute VMs between VMware workstation instances, and some more.

However, sometimes I also need to use Hyper-V. Previous I was only able to use Hyper-V on Windows Server and because I did not feel like using Windows Server as my desktop OS I always needed additional hardware. What I DO NOT mean is to use both Hyper-V and VMware workstation at the same time. I DO mean that I want to use either one at a time when I need to.

However, now with Windows 8, BOTH the desktop and server OS have Hyper-V as OS feature/role. That’s good news! BUT….how to get both Hyper-V and VMware workstation on the same machine without wither complaining. Until now I have not found anything on how to do this, until a person in the VMware forums (this post) pointed me to a link explaining the steps to achieve what I have wanted for ages! Read it here.

The first thing you need to determine is which virtualization technology will be used very frequent and which virtualization technology will be used sporadically. In my personal case VMware workstation will be used very frequent, and is therefore the default, and Hyper-V only as needed. As my desktop OS I’m using Windows 8 client.

After installing Windows 8, go to the Control Panel (lower right corner of the desktop –> Settings –> Control Panel) –> Programs And Features –> Turn Windows Features On Or Off. Then make sure all Hyper-V components are checked as shown below. Then click “OK”. Close all windows when done.

Figure 1: Installing The Hyper-V Windows Feature On Windows 8 (Client)

Hyper-V is now installed and now it is time to install VMware Workstation. The latter won’t even install if it detects Hyper-V is installed AND running. In other words, Hyper-V is already claiming the Hypervisor and because of that VMware workstation can’t use it.

Make sure the following is done with admin credentials AND elevated! Open a command prompt window by pressing [WINDOWS KEY]+[R] and then type CMD.

Then type: BCDEDIT /ENUM

Figure 2: Enumerating The Boot Options In The Boot Menu (After Installing Hyper-V)

Check out the last element called “hypervisorlaunchtype”.

Now Type: BCDEDIT /COPY {DEFAULT} /D “No Windows Hypervisor”

Figure 3: Creating A Copy Of The Original Boot Option

Note the GUID that is mentioned at the end between brackets. Now for the just create copy of the original boot option you will disable the automatic claim/use of the hypervisor by Hyper-V.

Now type: BCDEDIT /SET {d9cbf0e2-786c-11e1-b1f9-abcdd5349459} HYPERVISORLAUNCHTYPE OFF

Figure 4: Disabling Hyper-V To Claim/Use The Hypervisor In The Copy Of The Original Boot Option

Now type: BCDEDIT /ENUM /V

Figure 5: Enumerating The Boot Options In The Boot Menu

Currently, the boot option with the description “Windows 8 Consumer Preview” is set as the default, and that’s the boot option I need to select when I want to use Hyper-V. However, when I want to use VMware Workstation I need to select the boot option with the description “No Windows Hypervisor” and I use VMware Workstation as my default virtualization solution I need to set the corresponding boot option as the default choice.

Now type: BCDEDIT /DEFAULT {d9cbf0e2-786c-11e1-b1f9-abcdd5349459}

Figure 6: Setting The Copy Of The Original Boot Option

Now type: BCDEDIT /ENUM /V

Figure 7: Enumerating The Boot Options In The Boot Menu

Now when you reboot Windows 8, you will see something similar like…

Figure 8: Choosing A Boot Option During The Booting Of The OS

If you do not choose an option it will by default continue with the default option and in this that will be “No Windows Hypervisor” boot option.

If you do make a choice and choose the boot option called “No Windows Hypervisor” you will be able to use VMware Workstation, but you will not be able to use Hyper-V.

If you do make a choice and choose the boot option called “Windows 8 Consumer Preview” you will be able to use Hyper-V, but you will not be able to use VMware Workstation. In this case the OS would reboot again and allow you to start Hyper-V afterwards.

Remember, you can only have ONE virtualization technology running at a time! If you want to switch between using a virtualization technology, you will need to reboot the computer again!

Have fun!

I have been using this for a few weeks now, and this is quite cool and now I’m happy as I can use both without having additional hardware!

PS: Although I have not tested it, this will also work with W2K8 and W2K8R2.

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER: http://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
######### http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

Posted in Virtualization | 5 Comments »

(2011-09-26) Windows (Server) 8 Developer Preview And VMware Workstation

Posted by Jorge on 2011-09-26

If you want to try out Windows (Server) 8 Developer Preview and you are a VMware Workstation fan, like me, then you need at least VMware Workstation 8. VMware Workstation 8 does not list Windows (Server) 8 as an OS, but it works when you respectively specify Windows 7 or Windows Server 2008 R2 as the VM guest OS. With lower versions of VMware Workstation (lower then v8.x) as soon as you start the Windows (Server) 8 VM guest, VMware Workstation throws an error. With VMware Workstation 8 that does not happen/occur.

However, with VMware Workstation 8, as soon as you install the VMware Tools the screen of the VM guest turns black at some point in time and I have not been able to solve it. After a reboot, the screen of the VM guest still remains black. To still be able to install VMware Tools without the screen of the VM guest turning black, you should choose “Custom Install” (instead of “Typical Install” or “Full Install”) and deselect the display driver. After that everything should be OK.

Posted in Beta/RC Stuff, Virtualization, Windows Client, Windows Server | 2 Comments »

(2011-09-14) Time Sync Recommendations For Virtual DCs On Hyper-V – Change In Recommendations

Posted by Jorge on 2011-09-14

The time synchronization hierarchy within any AD forest is shown in the picture below.

Figure 1: Default Time Synchronization Hierarchy Within Any AD Forest

As displayed in figure 1, DCs have their own time synchronization mechanism. When virtualizing DCs the time synchronization mechanism between the virtual DC (the VM guest) and the VM host must be disabled and it must be ensured the time synchronization mechanism natively used by the DCs is NOT disturbed. Reasoning for this is the high dependency that other processes (e.g. replication, authentication, etc.) have with accurate time.

PREVIOUS RECOMMENDATIONS:

Disable “Time Synchronization” within the Hyper-V Integration Services for each virtual DC VM (VM must be OFFLINE for this!)

Figure 2: Hyper-V Time Synchronization Services In DISABLED State

Disable the “VM IC Time Provider” on every virtual DC through the registry or through a custom GPO setting
- Key: HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider
- Name: Enabled
- Type: REG_DWORD
- Data: 0×00000000

NEW RECOMMENDATIONS:

Leave “Time Synchronization” within the Hyper-V Integration Services ENABLED (DO NOT DISABLE!) for each virtual DC VM (VM must be OFFLINE for this!)
REMARK: Microsoft documentation or other blogs may still advise in disabling time sync with the host. That information is incorrect! Leave it enabled!
Disable the “VM IC Time Provider” on every virtual DC through the registry or through a custom GPO setting
- Key: HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider
- Name: Enabled
- Type: REG_DWORD
- Data: 0×00000000

Additional information about configuring Time Sync for DCs can be found through the following links:

Posted in Active Directory Domain Services (ADDS), NTP, Virtualization | 3 Comments »

(2010-10-28) Component Poster: "Windows Server 2008 R2 Hyper-V"

Posted by Jorge on 2010-10-28

Get the PDF from here: Windows Server 2008 R2 Hyper-V Component Architecture

Posted in Virtualization, Windows Server | Leave a Comment »

(2010-05-18) Boot From USB In VMware Workstation

Posted by Jorge on 2010-05-18

For years I have been using VMware Workstation as the desktop virtualization for all my demoing, testing and learning needs. It fulfills all the needs I have with regards to flexibly using virtualization technology in the broadest sense. I have always tried to find the barriers of the product and I was able to do really a lot with it. One thing that has not been possible with VMware Workstation (even in the latest available version) is booting from USB. The VMware BIOS does not provide an option to boot from external media.

With something I found recently, you only need to be able to boot from CD/DVD and the ability to load an ISO file OR be able to boot from Floppy and the ability to load an IMG file.

The tool I use is called "PLoP Boot Manager" and it can be downloaded from here.

After configuring the BIOS to boot either from Floppy or CD/DVD you need to load the IMG or ISO file (depending on what you used to boot). After doing this you will see a screen similar to the following.

As you can see, it list all kinds of options to boot from. In the case you see above it list the 4 partitions my VM has. The OS is installed on Partition2 so only that partition would be bootable at the time. But, again as you see it lists also other options to boot from, including USB.

As soon as you select an option and hit ENTER, it will hand over the boot process to the option selected. This works perfectly! Try it yourself.

I have not tested this with other virtualization technologies (e.g. Hyper-V or ESX), but I expect it is also possible to use the same way I described above.

Posted in Tooling/Scripting, Virtualization | 1 Comment »

(2009-06-16) Fixing Hyper-V ACLs

Posted by Jorge on 2009-06-16

Are you having issues with Hyper-V VMs and experiencing similar issues as explained here? The solution to these issues is to fix the permissions of the Hyper-V, but do you know exactly what permissions are needed or what’s missing? Stop thinking!

Use the script attached to this post or as shown below. How does it work?

The script is used as a drop-target. A what? A drop-target! Select all the corresponding Hyper-V VM folders and files and drop it on the icon of the script. At that point the script will figure out the correct permissions that are needed to use the VM in Hyper-V.

Let’s talk credits. Credits should go to me for posting this stuff while being watched! J

Credits for the script go to a person that:

Is British
Used to be an MVP for Directory Services
Loves scripting, especially "batch" (he wanted to create a spell checker in batch)
Now loves PowerShell
Would like to sell that to the world as "PoSH"
Now walks the grounds of the "Dark Side" managing DS Stuff
Appeared in some cool video a few months back wearing weird stuff

I think you now know who he is. If you don’t you’ll figure it out some way! J Trust me!

:: fix HyperV ACLs.CMD / Dean Wells (DeanWe), Microsoft / October 2008
:: Script adds a suitable ACE (NT Virtual MachinesVirtual Machines or VM-specific) to any number of files supplied as arguments
:: (drag and drop works best) permitting them to be used by the Windows HyperVisor without rendering permissions errors. Special
:: case logic is included to handle symlinks and the permissioning differences required between VHDs and XML configuration files.

@echo off
set issuingAUTHORITY=NT Virtual Machine
set groupPRINCIPAL=Virtual Machines
set EXITcommand=pause
set FAILED=0
set FAILEDfile="%TEMP%%~n0.$$$"
del %FAILEDfile% 1>nul 2>&1

title Hyper-V ACL fixerupper ...

if "%~1"=="" (
  echo/
  echo #ERROR - nothing to do!
  goto :END
)

echo/
:LOOP
:: Restore default environment for each iteration
set icaclsSUFFIX=
set SECURITYprincipal=%groupPRINCIPAL%
set shortSECURITYprincipal=Group ACE
set PERMISSION=RW
set FILEtype=%~x1

:: Assume the absence of an extension indicates a folder [it's not pretty but it'll do in this context]
if "%FILEtype%"=="" (
  set FILEtype=folder
  set icaclsSUFFIX=/t
)

:: Determine file type [VHDs require "RW" while the XML configuration files and their symlinks require "F"]
:: For VHDs, we assume many VMs _may_ require access to the file so we add the "NT Virtual MachineVirtual Machines" ACE
:: For XML configuration files and their symlinks, we treat those as private and add the VM-specific ACE
echo "%~a1" | find /i "l" 1>nul 2>&1
if not errorlevel 1 (
  set icaclsSUFFIX=/l
  set FILEtype=symlink
  set SECURITYprincipal=%~n1
  set shortSECURITYprincipal=VM ACE
  set PERMISSION=F
) else (
  if /i "%FILEtype%"==".xml" (
    set PERMISSION=F
    set SECURITYprincipal=%~n1
    set shortSECURITYprincipal=VM ACE
  )
)

set HYPERVfile=%~n1 [%FILEtype% / %shortSECURITYprincipal%:%PERMISSION%] ..............................................
set HYPERVfile=%HYPERVfile:~0,67%
set /p=+ %HYPERVfile% <nul
icacls "%~1" /grant "%issuingAUTHORITY%%securityPRINCIPAL%":%PERMISSION% %icaclsSUFFIX% 1>nul 2>&1

if errorlevel 1 (
  icacls "%~1" /grant "%issuingAUTHORITY%%groupPRINCIPAL%":%PERMISSION% %icaclsSUFFIX% 1>nul 2>&1
  if errorlevel 1 (
    set FAILED=1
    echo #FAILED!
    echo %~n1 [%FILEtype% / %shortSECURITYprincipal%:%PERMISSION%] >>%FAILEDfile%
  ) else (
    echo SUCCESS!
  )
) else (
  echo SUCCESS!
)

shift

if not "%~1"=="" goto :LOOP

echo/

if not "%FAILED%"=="1" (
  color 2E
  echo The command completed successfully.
  set EXITcommand=ping -n 6 localhost
) else (
  color 4E
  echo #ERROR - the following Hyper-V file[s] was/were not permissioned correctly:
  echo/
  type %FAILEDfile%
)

:END
%EXITcommand% 1>nul 2>&1

Cheers,

Jorge

* DISCLAIMER: http://jorgequestforknowledge.wordpress.com/disclaimer/

———————————————————————————————

############### Jorge’s Quest For Knowledge #############

######### http://JorgeQuestForKnowledge.wordpress.com/ ########

———————————————————————————————

Posted in Virtualization, Windows Server | Leave a Comment »

(2009-06-16) Importing Hyper-V VMs

Posted by Jorge on 2009-06-16

If you have exported a Hyper-V VM to a folder and then try to import it again on another computer for example, you might get the following error:

[Window Title]
Hyper-V Manager

[Main Instruction]
A server error occurred while attempting to import the virtual machine.

[Content]
Import failed.

[Expanded Information]
Import failed. Unable to save the virtual machine under location ‘E:\VMStore_HYPER-V_EXPORTS\OCG_ILM2\DEMO-Server’. Error: General access denied error (0×80070005)

[^] Hide details [Close]

I solved this by giving the Network Service account modify permissions to the folder and its subfolders that contained the VM Export. Worked like a charm for me.

Posted in Virtualization, Windows Server | 1 Comment »

(2009-06-12) ILM 2007 FP1 And Hyper-V

Posted by Jorge on 2009-06-12

At the moment Microsoft does not support ILM 2007 FP1 in ANY virtual environment.

I have not seen an official statement yet on some Microsoft page, but I have read here that ILM 2007 FP1 now is supported to run on Hyper-V. If you want to run it on VMware, check out these KB articles from Microsoft about that:

Posted in Identity Lifecycle Manager (ILM), Virtualization | Leave a Comment »

(2009-04-17) Virtualizing Domain Controllers

Posted by Jorge on 2009-04-17

Virtualizing servers has been one of the largest hypes the past few years. Most common virtualization technologies are Microsoft Virtual Server, Microsoft Hyper-V and VMware ESX. In all cases you need to pay special attention when virtualizing DCs. The following documents provide guidance when virtualizing DCs:

Whatever technology you use, the pitfalls and issues are the same. An explanation to what can happen can also be found here: http://jorgequestforknowledge.wordpress.com/2006/03/08/backup-and-restore-of-active-directory-2/

Posted in Active Directory Domain Services (ADDS), Virtualization | Leave a Comment »

« Previous Entries

Jorge's Quest For Knowledge!

All about Windows Server, ADDS, ADFS & ILM/FIM (It is just like an addiction, The more you have, the more you want to have!)

Profiles

Statistics

Other Cool Blogs

Interesting Places To Visit

The Knowledge Archives

RSS Links

Email Subscription

Categories

Archive for the ‘Virtualization’ Category

(2012-10-09) Configuring A Network Switch In Windows Server 2008 R2 Hyper-V With PowerShell

(2012-05-26) Using Both Microsoft Hyper-V And VMware Workstation On The Same Machine

(2011-09-26) Windows (Server) 8 Developer Preview And VMware Workstation

(2011-09-14) Time Sync Recommendations For Virtual DCs On Hyper-V – Change In Recommendations

(2010-10-28) Component Poster: "Windows Server 2008 R2 Hyper-V"

(2010-05-18) Boot From USB In VMware Workstation

(2009-06-16) Fixing Hyper-V ACLs

(2009-06-16) Importing Hyper-V VMs

(2009-06-12) ILM 2007 FP1 And Hyper-V

(2009-04-17) Virtualizing Domain Controllers

All about Windows Server, ADDS, ADFS & ILM/FIM (It is just like an addiction, The more you have, the more you want to have!)

Profiles

Statistics

Other Cool Blogs

Interesting Places To Visit

The Knowledge Archives

RSS Links

Email Subscription

Categories

Archive for the ‘Virtualization’ Category

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this: