6 Steps to Get Ready for Private Cloud
From Windows Server Division WebLog here are 6 Steps to Get you Ready for Private Cloud.
IT Pros looking to delve into private cloud computing this year, should prepare with these 6 steps:
- Improve data quality in your identity infrastructure – audit existing users and groups to ensure your ad store is running only accurate data
- Enable Federated identity – self-explanatory, but it’s a big part of bridging the gap between public and private clouds
- Enable all the building blocks of a private cloud – that includes Windows Server 2008 R2 with Hyper-V, an optimized Active Directory store and System Center (notably Configuration Manager and Virtual Machine Manager).
- Standardize and automate your processes and workflows – to take the best advantage of a private cloud infrastructure, you’ll need to build standardized server, platform and application packages and templates. That’s only possible if you’ve done your homework and standardized the processes and workflows that those software packages will support.
- Think about how the IT Pro role needs to change – the cloud enables huge efficiencies in the data center. Be a hero today as you enable the cloud, but work to become a Director tomorrow. Combine a deep knowledge of your business’ needs, future directions and work processes with your expertise in technology. Use this combination and the power of the cloud to not just enable IT for your business, but to actually turn IT into a competitive edge the business can directly convert into new business and revenue. That’s the big win for tomorrow’s cloud IT pro.
- Last, take advantage of Microsoft guidance – We’ll be releasing lots of guidance, both technical and higher-level, regarding the journey to cloud computing in the coming months. Check the Microsoft cloud pages, TechNet’s cloud resources and especially the Hyper-V Cloud Fast Track pages for in-depth technical guidance. There’s much more to come, so check back often.
Failover Clustering & Hyper-V: Planning your Highly-Available
From Microsoft tech.ed online here’s an excellent video to help you with the Failover Clustering in Hyper-V.
How Time Synchronization works in Hyper-V
Ben Armstrong explains in dep How Time Synchronization works in Hyper-V.
Problem #1 – Running virtual machines lose track of time.
While all computers contain a hardware clock (called the RTC – or real-time clock) most operating systems do not rely on this clock. Instead they read the time from this clock once (when they boot) and then they use their own internal routines to calculate how much time has passed.
The problem is that these internal routines make assumptions about how the underlying hardware behaves (how frequently interrupts are delivered, etc…) and these assumptions do not account for the fact that things are different inside a virtual machine. The fact that multiple virtual machines need to be scheduled to run on the same physical hardware invariably results in minor differences in these underlying systems. The net result of this is that time appears to drift inside of virtual machines.
UPDATE 11/22: One thing that you should be aware of here: the rate at which the time in a virtual machine drifts is affected by the total system load of the Hyper-V server. More virtual machines doing more stuff means time drifts faster.
In order to deal with time drift in a virtual machine – you need to have some process that regularly gets the real time from a trusted source and updates the time in a virtual machine.
Hyper-V provides the time synchronization integration services to do this for you. The way it does this is by getting time readings from the management operating system and sending them over to the guest operating system. Once inside the guest operating system – these time readings are then delivered to the Windows time keeping infrastructure in the form of an Windows time provider (you can read more about this here: http://msdn.microsoft.com/en-us/library/bb608215.aspx). These time samples are correctly adjusted for any time zone difference between the management operating system and the guest operating system.
Problem #2 – Saved virtual machines / snapshots have the wrong time when they are restored.
When we restore a virtual machines from a saved state or from a snapshot we put back together the memory and run state of the guest operating system to exactly match what it was when the saved state / snapshot was taken. This includes the time calculated by the guest operating system. So if the snapshot was taken one month ago – the time and date will report that it is still one month ago.
Interestingly enough, at this point in time we will be reporting the correct (with some caveats) time in the systems RTC. But unfortunately the guest operating system has no idea that anything significant has happened – so it does not know to go and check the RTC and instead continues with its own internally calculated time.
To deal with this the Hyper-V time synchronization integration service detects whenever it has come back from a saved state or snapshot, and corrects the time. It does this by issuing a time change request through the normal user mode interfaces provided by Windows. The effect of this is that it looks just like the user sat down and changed the time manually. This method also correctly adjusts for time zone differences between the management operating system and the guest operating system.
Read more here
SCVMM P2V fails with Error 2910 (0×80070005) Access Denied
Symptom
When using Microsoft System Center Virtual Machine Manager 2008 to perform a Physical-to-Virtual conversion (P2V), the following error message appears during the Scan System phase.
Error (2910)
VMM does not have appropriate permissions to access the resource on the %server.
Access is denied (0×80070005)
Recommended Action
Ensure that Virtual Machine Manager has the appropriate rights to perform this action.
Additional Information: The Source computer is the machine intended to be virtualized in the P2V conversion.
Cause
This failure is typically caused by either of the following conditions:
• The credentials provided during the P2V wizard is not a member of the local ‘Administrators’ group on the Source computer.
• The Source computer does not allow remote WMI calls to the CIMV2 namespace for the credentials entered during the P2V wizard.
Resolution
To resolve the problem, follow these steps:
- Make sure that the account used during the P2V wizard is a member of the local ‘Administrators’ group on the Source computer. Note Pay particular attention to this if the SCVMM server and Source computer are in different domains.
- During the Scan System phase of the P2V conversion, SCVMM makes WMI calls to the CIMV2 namespace on the Source computer to pull basic system information. If these WMI calls fail, then the P2V conversion will also fail. To verify WMI connectivity to the CIMV2 namespace on the Source computer, perform the following actions from the SCVMM server:
- Click Start , point to Run and type ” WBEMtest” (without the quotes) in the Open box and click OK . This will open the WBEMtest window.
- Click Connect in the upper right hand corner.
- Now, connect to the CIMV2 namespace on the Source computer.
Example: \\Source\ROOT\CIMV2
Note Be sure to use the name of your Source computer.
- Then click Connect to complete the connection. This should connect without any errors displayed.
- Just to confirm access to a sample object, select Open Class and type Win32_PhysicalMemory
- You should see objects populate in the Object Editor window. The actual content returned is not as important as the fact that a remote connection to the CIMV2 namespace was established.
- Open wmimgmt.msc and verify connectivity to the Local computer and also check the ‘Remote Enable’ permissions.
- Click Start , point to Run and type wmimgmt.msc and click OK . This will open the WMI Control (Local).
- Right click on the WMI Control (Local) node and select Properties .
- Select the Security tab, highlight Root and then open security by clicking the Security button in the lower right.
- Select “Remote Enable” permission for Everyone or the specific user account that you want to grant this permission to.
- This action does not require a reboot.
- Open dcomcnfg and verify that DCOM is running and also check the ‘Remote Activation’ permission.
- Click Start , point to Run and type dcomcnfg and click OK . This will open the Component Services snap-in.|
- Expand Component Service , then Computers , then My Computer . If My Computer has a red down arrow mark, it means that the service is not running. It will need to be started.
- Right click on My Computer and select Properties and select the COM Security tab.
- Click Edit Limits under the Launch and Activation Permissions section.
- For the Everyone user give the “Remote Activation” permission or add the specific user account that you want to grant this permission to.
Note The following error message may occur if the appropriate WMI permission is not granted to the user:
Access Denied” with Error Code: 0×80041003
- This problem can also occur if the OLE registry key is missing or has the incorrect value on the Source computer.
- Start Registry Editor.
- Locate the following path:
HKLM\SOFTWARE\Microsoft\OLE - This key should have a REG_SZ value EnableDCOM and a value of Y
KB2465160: Add Host or other action fails with (2916) 0×80338126 in System Center Virtual Machine Manager 2008
From Microsoft , KB2465160.
Symptoms
Adding a Host to System Center Virtual Machine Manager 2008 (SCVMM 2008) fails with a variation of Error (2916):
Error (2916)
VMM is unable to complete the request. The connection to the agent ServerA.contoso.com was lost.
(The WinRM client cannot complete the operation within the time specified. Check if the machine name is valid and is reachable over the network and firewall exception for Windows Remote Management service is enabled. (0×80338126))
Recommended Action:
Ensure that the WS-Management service and the agent are installed and running and that a firewall is not blocking HTTP traffic. If the error persists; reboot ServerA.contoso.com and then try the operation again.
Cause
Specific content is being filtered by a non-Windows firewall. The firewall could be software installed on either the SCVMM 2008 Server or the Host that is being added. More likely, there is a hardware appliance firewall on the network between the two communicating servers.
Resolution
Test multiple communication protocols between the two systems; the SCVMM 2008 Server and Host in this example. Some firewalls can have content filtering enabled despite showing that it is not. Remove all non-Windows software firewalls and bypass all hardware appliance firewalls entirely long enough to perform testing to verify whether or not they are contributing to the problem.
The following tests are examples of protocols that should always succeed. Test both directions always:
Ping by DNS name in both directions (NETBIOS and FQDN). The IP address returned must match.
Access to ‘\\ServerA.contoso.com\admin$’ from the ‘Run’ command in both directions. This must succeed.
From Server B: \\ServerA.contoso.com\admin$
From Server A: \\ServerB.contoso.com\admin$
WinRM basic connectivity in both directions. This must succeed. If it does not, execute ‘winrm qc’ on both servers, accepting all prompts, then test again.
Remote NETBIOS test: winrm id -r:remoteserver
Remote FQDN test: winrm id -r:remoteserver.contoso.com
WinRM successful reply example:
C:\>winrm id -r:ServerA
IdentifyResponse
ProtocolVersion = http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd
ProductVendor = Microsoft Corporation
ProductVersion = OS: 6.1.7600 SP: 0.0 Stack: 2.0
More Information
Recently a firewall appliance sold by a major vendor showed content filtering disabled and not licensed to be turned on, yet was still filtering specific content. This was discovered through examination of network traces. Do not assume content, protocols or traffic are not being blocked. Perform tests to verify.
Windows Storage Server 2008 R2 Documentation
From Windows Storage Server blog here’s a list of useful documentation references:
New Technology: http://www.microsoft.com/windowsserver2008/en/us/whats-new.aspx
New in Windows File Services: http://www.microsoft.com/storage
Storage Technology Facts
Default cluster size for NTFS, FAT, and exFAT (256 TB NTFS limit) – http://support.microsoft.com/kb/140365
Large Logical Unit Support and Windows Server 2003 SP1 (GPT): http://www.microsoft.com/whdc/device/storage/LUN_SP1.mspx and http://www.microsoft.com/whdc/device/storage/GPT_FAQ.mspx
How NTFS works (256 TB limit) : http://technet.microsoft.com/en-us/library/cc781134.aspx
Reviewing Storage Limits: http://technet.microsoft.com/en-us/library/cc773268.aspx
Microsoft Storage: Fact and Fiction – http://www.microsoft.com/windowsserversystem/storage/getstorfacts.mspx
How to calculate the LUN limit per HBA – http://blogs.technet.com/b/filecab/archive/2008/10/20/storage-tip-how-to-calculate-windows-server-2008-lun-limit-per-hba.aspx
How dynamic disks and volumes work – http://technet.microsoft.com/en-us/library/cc758035.aspx
How basic disks and volumes work – http://technet.microsoft.com/en-us/library/cc739412.aspx
Windows Server 2008 R2 Whitepapers
Improve your understanding and get more in-depth information about Windows Server 2008 R2 in these whitepapers: http://www.microsoft.com/windowsserver2008/en/us/white-papers.aspx
Performance Tuning Guidelines
This guide describes important tuning parameters and settings that you can adjust to improve the performance and energy efficiency of the Windows Server 2008 R2 operating system. This guide describes each setting and its potential effect to help you make an informed decision about its relevance to your system, workload, and performance goals. http://www.microsoft.com/whdc/system/sysperf/Perf_tun_srv-R2.mspx
NFS Account Mapping Whitepaper
This paper covers Network File System (NFS) account mapping and the deployment in Windows Server 2008 R2. NFS is a network file sharing protocol that allows remote access to files over a network. NFS implementations include an NFS server component, which enables the sharing of files for use by other networked computers, and an NFS client component, which enables computers to access files shared by NFS servers. The Services for NFS role service in Windows Server provides the ability to function as an NFS server. Windows and UNIX operating systems use different account and security systems. Windows operating systems represent users and groups with a unique security identifier (SID), while UNIX operating systems represent users with user identifiers (UIDs) and group identifiers (GIDs). Account mapping is the process of correlating the UNIX UIDs and GIDs to corresponding Windows user and group SIDs.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=5f4c294c-8692-4235-8236-8ea809ae71f7
Operational TCO Comparison:
Windows Server 2008 File Services vs. Dedicated Storage System Vendors (Done by the Edison Group)
http://www.microsoft.com/windowsserversystem/solutions/specializedservers/product_guide/product
Windows Storage Server 2008 R2
Microsoft.com: http://www.microsoft.com/windowsserver2008/en/us/wss08.aspx
TechNet Overview: http://technet.microsoft.com/en-us/library/gg232660(WS.10).aspx
Getting Started Guide: http://technet.microsoft.com/en-us/library/gg214166(WS.10).aspx
Known Issues List: http://technet.microsoft.com/en-us/library/gg214171(WS.10).aspx
OEM Deployment Guide: Download the guide here.
OEM Partners: http://www.microsoft.com/windowsserver2008/en/us/wss08/partners.aspx
Find out more about Specialized Server Solutions and how to become an OEM Partner.
Downloads:
MSDN and TechNet Download: http://msdn.microsoft.com/en-us/subscriptions/downloads/default.aspx?pv=18:370
Embedded OEM Trial Software: The Embedded Server Evaluation Website now has the Windows Storage Server evaluation package available for IHVs, OEMs, ISVs, consultants and VARs to evaluate and test the product. The download is available after a quick registration page.
Windows Storage Server 2008 R2 and the Microsoft iSCSI Software Target 3.3 available on MSDN/TechNet
Microsoft has released the Windows Storage Server 2008 R2 for MSDN/TechNet subscribers this new version includes Microsoft iSCSI Software Target 3.3 that includes Windows PowerShell cmdlets and differencing virtual hard disk support for HPC boot scenarios.
Read more at:
Windows Storage Server
and
Jose Barreto’s Blog
PowerShell cmdlets for the Microsoft iSCSI Target 3.3 (included in Windows Storage Server 2008 R2)
Virtual Machine Servicing Tool (VMST) 3.0
This release of the Virtual Machine Servicing Tool (VMST) 3.0 completely replaces the Offline Virtual Machine Servicing Tool version 2.1.
Version 3.0 of the tool works with System Center Virtual Machine Manager 2008 R2, System Center Configuration Manager 2007 SP2, and Windows Server Update Services 3.0 SP2. The tool also supports updating the Windows® 7 and Windows Server® 2008 R2 operating systems.
To Download the Virtual Machine Servicing Tool 3.0 click here.
Some highlights include:
• Offline virtual machines in a SCVMM library.
• Stopped and saved state virtual machines on a host.
• Virtual machine templates.
• Offline virtual hard disks in a SCVMM library by injecting update packages.
KB2413735: Mouse and screen resolution issues when managing a virtual machine using the Hyper-V
From KB2413735
Windows Server 2008 or Windows Server 2008 R2, you may experience one of the following symptoms when you connect to a Hyper-V virtual machine using the Hyper-V Manager console or the System Center Virtual Machine Manager Administrator Console:
· The mouse cursor is frozen or has disappeared
· The screen resolution has reverted to the default size
If you connect to the virtual machine using a Remote Desktop Connection (RDP), the symptoms listed above are not exhibited.
This issue can occur after a new Hyper-V VMMS certificate is generated.
Note: The following event will be logged in the Hyper-VMMS event log when a new VMMS certificate is generated:
Log Name: Microsoft-Windows-Hyper-V-VMMS-Admin
Source: Microsoft-Windows-Hyper-V-VMMS
Event ID: 12520
Level: Warning
Description:
Auto-generating a self-signed certificate for server authentication.
To resolve this issue, perform one of the following steps on the Hyper-V server:
·Place the virtual machines in a saved state and then resume the virtual machines.
or
·Restart the virtual machines.
The self-signed certificate that is generated by the Hyper-V Virtual Machine Management service is valid for one year.
To create a self-signed certificate that doesn’t expire for several years, perform the following steps:
1. Copy the PowerShell script from the following Microsoft Web site:
http://gallery.technet.microsoft.com/ScriptCenter/en-us/be2da634-978b-48d7-b3ab-01c593c9d177 (http://gallery.technet.microsoft.com/ScriptCenter/en-us/be2da634-978b-48d7-b3ab-01c593c9d177)
2. Paste the script into notepad, and then save the file as Cert.ps1.
3. Copy Makecert.exe to the same directory as the Cert.ps1 file.
For more information on how to obtain Makecert.exe, please visit the following Microsoft web site: http://msdn.microsoft.com/en-us/library/aa386968(VS.85).aspx (http://msdn.microsoft.com/en-us/library/aa386968(VS.85).aspx)
4. Open an elevated Windows PowerShell command prompt.
5. Run the Cert.ps1 script.
KB2308590: System Center Virtual Machine Manager 2008 R2 hotfix rollup package
KB2308590: System Center Virtual Machine Manager 2008 R2 hotfix rollup package
List of issues that are resolved
Issue 1
Duplicate virtual machines (VMs) may appear in the SCVMM Administrator Console window after a Hyper-V VM in a cluster fails over to another cluster node. Additionally, the status for one of the duplicate VMs is set to Missing. If you try to remove the missing VM from the SCVMM Administrator Console window, the VM is not removed.
Issue 2
Consider the following scenario:
You install the Hyper-V role on a computer that is running Windows Server 2008 R2.
You configure the computer to start from a virtual hard disk.
The computer is part of a Hyper-V failover cluster. The cluster is configured to use cluster shared volumes.
You try to create a VM on a cluster shared volume by using SCVMM 2008 R2.
In this scenario, the operation fails together with the 2912 (0x8004232C) error code.
Issue 3
The Virtual Machine Manager service (Vmmservice.exe) crashes if the following conditions are true:
System Center Operations Manager 2007 integration is enabled.
A Performance and Resource Optimization (PRO) feature-enabled management pack is imported into Operations Manager.
The PRO settings for a host group are changed on the SCVMM server.
KB2308590: System Center Virtual Machine Manager 2008 R2 hotfix rollup package
Hyper-V R2 Cluster CSV stops working when NTLM is disabled in cluster with Hyper-V Enabled
Hyper-V R2 Cluster CSV stops working when NTLM is disabled in cluster with Hyper-V Enabled
ID: 5121
Source: Microsoft-Windows-FailoverClustering
Version: 6.1
Symbolic Name: DCM_VOLUME_NO_DIRECT_IO_DUE_TO_FAILURE
Message: Cluster Shared Volume ‘%1′ (’%2′) is no longer directly accessible from this cluster node
This error may be caused because the NTLM was disabled in your Hyper-Host. Enabling a policy to disable NTLM may break CSV and cause the alert described before.
If the NTLM was disabled using GPO in your Active Directory Domain, identify the GPO with this setting and create an exception to this policy for all clustered Hyper-V computer objects. Alternatively you can create and link another GPO (GPO with “enable NTLM” setting) that applies just to the clustered hosts.
:)
Hyper-V Host may stop when VM’s Dynamic Memory use all available RAM
When setting up VMs with dynamic memory remember that your hyper-v host may stop if those VMs consume (or try to) use all existing memory on the host leaving nothing for the parent partition.
To prevent that Crete the following Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ Virtualization
RED_DWORD value
Name = MemoryReserve
Setting = amount of MB to reserve for the parent partition.
After setting up the desired value you must reboot the host to the setting become active.
Note: if you set this value too low; VMs will be able to use too much memory and cause performance issues for you. Equally – the higher you set this the fewer VMs you can run.
For more information about memory reserve with dynamic memory check the Virtual PC Guy’s Blog
How to manually remove a missing host from SCVMM
You may see the following error when trying to remove a “dead” host from your SCVMM console.
Error (406)
Access has been denied while contacting the server <servername>.
Recommended Action
1. Verify that the specified user account has administrative privileges on <servername>.
2. Verify that DCOM access, launch, and activation permissions are enabled on <servername> for the Administrators group. Use dcomcnfg.exe to modify permissions, and then try the operation again.
If that server is no longer online you need a way to remove it from your SCVMM. To do that you may use the PowerShell that come with the SCVMM console:
get-vmmserver <Vmm_Server_Name>
Than forcibly remove the missing host server by running:
remove-vmhost <Host_Server_Name> –force
Wait a few seconds and the host should be removed from the console.
KB957311: Recommended hotfixes for Windows Server 2008-based server clusters
