Category Archives: Server 2012

How to rapidly create a Virtual Machine from WIM or ISO (WIM2VHD)

If you have DVD media or and ISO of your Operating System, you can quickly and easily create a sysprepped VHD or VHDX image. With this Virtual Hard Disk file, you can set up a Virtual Machine and boot it directly to the Out of Box Experience, thus saving about half an hour to an hour of installation time.

The process for doing this and PowerShell script called Convert-WindowsImage.ps1 is documented in the Technet Script Repository here – http://gallery.technet.microsoft.com/scriptcenter/Convert-WindowsImageps1-0fe23a8f

Note: This latest release (v6.3) now supports the creation on Generation 2 VMs.

How to Turn off Printer Redirection for Remote Desktop Sessions on a Hyper-V Server Host

If you use Remote Desktop Services to connect to your Windows Server 2012 Hyper-V Host, one of the best practices tasks that you can do is to turn off printer redirection. Printer Redirection is the feature that allows a local printer to be mapped on a remote machine, and allows printing across the network or Internet. Sometimes, badly written drivers can cause issues on the remote host when redirection is permitted, causing major issues on the server, and potentially causing downtime.

Therefore, it is best to turn off this redirection as a precaution. This process can be performed on Windows Server 2008 R2 and Windows Server 2012.

  1. Open an Administrative Command Prompt, and Start the Microsoft Management Console (MMC).

     

  2. In the Console, navigate to Add/Remove Snap-in

     

  3. Select and add the Group Policy Object snap-in.

     

  4. Click Finish to apply the Snap-in to the Local Computer.

     

  5. Click OK, to close the Snap-In window.

     

  6. Expand the Snap-in to Console Root/Local Computer Policy/Computer Configuration/Administrative Templates/Windows Components/Remote Desktop Services/Remote Desktop Session Host/Printer Redirection

     

  7. Double Click on “Do not allow client printer redirection” and Enable the setting. Click Apply, then OK.

     

  8. Log off the session to apply the setting.

Downgrading Windows Server 2012 OEM

A little known fact about Windows Server 2012 (WS2012) Standard and Datacentre editions is the fact that you can run these operating systems as a Hyper-V host and use a variety of operating systems as virtual servers. The limitation on the number of virtual machines is governed by licensing. You can install two virtual machines per 1-2 physical processors on a host server if you have WS2012 Standard. If you want 3-4 virtual hosts running on this server, you can purchase another WS2012 Standard license, or you could purchase WS2012 Datacentre, which allows you to install as many virtual servers as your physical machine can handle.

Granted, this is not new for those who have purchased a Volume License agreement. However, not many realise that this is also available in the System Builder or OEM channel.

There is a lot of information on the OEM Partner Center here – http://www.microsoft.com/oem

Therefore, if you are running WS2012 as a HyperV Host, you can install up to two virtual servers, which can be any of the following – WS2012 (standard or datacentre), WS2012 Essentials, WS2011 Essentials, WS2008R2, WS2008, WS2003.

The big question is “How to I activate the servers?”

To downgrade the virtual servers, you will need to implement the following steps:

  1. Obtain genuine Windows Media and a corresponding product key.
    1. It should come from a previously legally licensed version from the OEM or Retail channel. (Yes, that is correct! You can grab a DVD and a product key from a previously activated and installed server. It does not have to be yours)
    2. If you have a volume license agreement, then you must use the volume license media and product keys.
  2. Install the virtual server using the media and corresponding product key above.
  3. When the server needs to be activated, you can attempt to do this online. If it works, great! If you are not able to activate the product key because it had been previously activated, you will need to call the Microsoft Activations service.
    1. Call the number as listed for your country. http://support.microsoft.com/kb/950929
    2. Select Windows or Windows Server activation.
    3. Type in the installation ID as shown on your screen and wait to be transferred to a service representation.
    4. Explain to the representative that you are downgrading your WS2012 installation and need to activate the WSnnnn installation.
    5. When asked, provide the installation ID, and the representative will provide you with the confirmation ID to activate the server.

Note that the other OEM licensing rules still apply. You cannot transfer this license to another physical machine, nor can you put the virtual machines on another physical host. The host and the virtual machines must live and die on the physical machine that they are licensed for.

Stop Windows Server 2012 and Windows 8 from automatically rebooting the server after logging in

One of the recent issues in managing Windows Server 2012 is the way Automatic Updates works by default. If automatic updates are installed on a server, it may or may not automatically reboot the server or PC.

At the log in screen, you may see this message.

Upon logging in, you may be faced with the prospect of the server rebooting in 15 minutes. The countdown timer has started and there is no apparent way to click on a “Postpone” button.

In many cases, this will cause some distress. Particularly if this is a Hyper-V host server, and you have an entire network of 120 users accessing the virtual machines!

Fortunately, there is a fix to prevent the server from counting down and restarting.

  1. Open an administrative command prompt.
  2. Type NET STOP WUAUSERV
    to stop the Windows Update service.

This will stop the Windows Update service, and stop the countdown timer until the server is restarted manually. Don’t forget to restart the server at the next possible opportunity.

Hyper-V Replica for Small Business

This post serves as a starting point for my series of posts on the new feature called Hyper-V Replica.

Windows Server 2012 HyperV Replica Scenarios for Small Business

http://blog.powerbiz.net.au/hyperv/windows-server-2012-hyperv-replica-scenarios-for-small-business/

In this post, I examine the various scenarios where a small business could use this technology.

 

How to set up Hyper-V Replica for Small Businesses

http://blog.powerbiz.net.au/hyperv/how-to-set-up-hyper-v-replica-for-small-businesses/

In this post, we look at how to configure and set up Hyper-V Replica.

The post continues on to a follow up session, “Disaster Recovery with Hyper-V Replica for Small Business on a Budgethttp://blog.powerbiz.net.au/hyperv/disaster-recovery-with-hyper-v-replica-for-small-business-on-a-budget/, which looks are a cheaper alternative in deploying this feature.

 

Monitoring and Managing Hyper-V Replica

http://blog.powerbiz.net.au/hyperv/monitoring-and-managing-hyper-v-replica/

We also look at how to monitor and manage the Hyper-V Replica and steps to take in case the replica is needed in a DR situation.

 

Supplementary Resources

There are a number of other posts that are referred to or provide further information related to the subject matter.

Monitoring and Managing Hyper-V Replica

In the previous posts, we have looked at scenarios for using Hyper-V Replica in the small business environment. We also looked at how to enable replication and configure this. Once it has been configured and is working, we need to be able to manage the environment and monitor the replication to ensure that there is integrity in the process.
In the post, we will examine the monitoring and management features and also look at testing the replica to ensure that the systems will failover if they are required.

Monitoring

The easiest way to check the status of the replication is to view the properties via the console.

Just right click on the VM that has a replica and Select Replica, View Replication Health. This can be done on the primary server or on the replica.

The Replication Health window will give you the following information:

  • Replication State
  • Replication Type (whether this is the primary or replica)
  • The Primary and Replica server names
  • The Replication Health Status (the usual Windows OK tick, warning, or critical notifications)
  • Statistics over the past number of hours since the past 9am processing run, including averages for size and latency, and any errors encountered
  • The last replication run
  • Status on Test failovers

This information can also be exported to a CSV file.

If you are Powershell inclined, you can view this information by using the Get-VMReplication command.

There are also Performance Monitor counters available for monitoring.

And of course, there are events to be monitored in the Event Logs.

Obviously, with such information available, it is possible to script and enable reporting on this information.

Management

There are a few things that you can do with a VM Replica, which are shown on the Replication choice on the VM on the Replica Server.

On the Primary server, there are only 4 options. The last 3 are the same on both servers. On the primary server, there is no option to Test failover, since the replica physically resides on the replica server only. Planned failover does the same thing as Failover on the replica server.

  1. Failover

    If a problem occurs at the primary VM, then there are some decisions to be made. If the issue is going to be a short outage (ie. A power failure), it may be best to wait out the outage, rather than put the failover in place. This is because of the overheads in performing a failover and restoring back from a failover are probably going to take longer. However, if the power will be cut for 4 hours, and the business needs to be operational, then a failover to the replica would be a good option.

    To perform a failover, the primary VM must be offline. Select the recovery point to return the VM state to (or choose the last one selected). Then click the Fail Over button.

     

    If the primary VM is still online, you will get an error.

     

    The Replica VM will start immediately. Once it has started up, you will need to reset IP addresses, as the NIC hardware will be different. In most cases, not much else will need to change. It will look as though the VM is running with a snapshot (In fact, it is!).

     

    Now, the management choices have changed on the Replication section.

     

    There are 5 options when a VM is in failover mode.

    1. Reverse Replication. This option completes the failover by reversing the replication direction. The reverse replication wizard will start up, which takes you through the same steps as setting up a new replication. The current running replica will now become the primary VM, while the VM at the primary will be removed and a new replica will be created. Initial replication will be performed in the reverse direction.
    2. Remove Replication Points. This option completes the failover by making the VM a primary VM. Replication will stop and the smapshot will be merged into the VM. After this, the only options to continue are to reverse the replication (from the replica) or cancel replication (on both servers).
    3. Cancel Failover. This will cancel the failover, and revert changes back to the original primary VM.
    4. View Replication Health. The replication health status will be displayed here with various errors, since the replication is in failover mode.
    5. Remove Replication. This option will remove the replication connection between the two servers. This operation must be performed on both the primary and replica servers.

     

  2. Test Failover

    The Test Failover option creates a copy of the VM and allows you to turn on and run the VM in a test setting. This allows you to check that replication is working and that the VM will boot up without issues.

    Selecting Test Failover will bring up the options for the test. You can select the last recovery point or earlier points if they exist.

     

    A Test VM will be created with the NIC not connected. You could create an internal test Network and assign a NIC connection to boot up in an isolated situation to test the VM. You can perform any Hyper-V management functions on this test VM. Remove the VM when it is no longer required.

     

  3. Pause Replication.

    This option pauses the replication. To resume the replication, select Resume Replication.

     

  4. View Replication Health. This option has been discussed in the monitoring section above.
  5. Remove Replication. This option is self-explanatory. Note that the operation must be performed on both host servers.

 

 

 

Disaster Recovery with Hyper-V Replica for Small Business on a Budget

I’ve been writing a number of blogs on Hyper-V Replica. A few questions were posed on the suitability of using HyperV Server in Core mode, or the free Microsoft Hyper-V Server 2012. The core configuration presents some challenges in configuring the system to be used as a Hyper-V Replica target. Configuring such a system will be a great benefit for small businesses on a budget, who may not be able to afford the hardware costs of having another full featured server. A small business could purchase a fairly inexpensive HP Proliant Microserver and install the free Hyper-V Server 2012. A decent configuration would comprise of a RAID 0 or RAID 1 set. One could put in 8GB of RAM, and 4 x 2TB hard drives for a really decent and inexpensive backup, and disaster recovery system.

Installing Hyper-V Server 2012 (free)

Once the hardware is in place, you can easily set up the new machine as follows.

  1. Boot up the server via a bootable USB. Have a look at this blog post for more information on how to create one – http://blog.powerbiz.net.au/fixes/using-diskpart-to-create-a-bootable-usb-of-windows-8/

     

  2. Then, it is a matter of following the prompts.

     

  3. At the point of selecting the installation drive, you can use the tools provided to prepare and format all the drives in the system. Otherwise, you will need to brush up on DISKPART to do this after the system has been installed.

     

  4. After a few reboots and some time, you will be prompted to change the Administrator password.

     

  5. After logging in, you will be presented with a command prompt and the Server Configuration Menu.

     

At this point, we are now ready to configure the server for use as a replication target. The purpose of this section is to prepare the server to reach the point where we can Enable Replication via SSL certificate. The steps to set up replication are further detailed in my earlier post – http://blog.powerbiz.net.au/hyperv/how-to-set-up-hyper-v-replica-for-small-businesses/

 

We are going to assume that you have either configured the local DNS to resolve the FQDN we are about to set up, or that you will use HOSTS files on both the primary server and this server.

 

There are 3 important tasks to achieve in this preparatory stage. First, we need to configure the server with basic information, including the setup of the Fully Qualified Domain Name (FQDN) server name. Next, we need to configure the server to be able to be managed via Server Manager and the Hyper-V Manager from the primary server, or from a Windows. Finally, we need to add a trusted certificate. 8 PC.

 

Configuring the Server

  1. Set up the server name. Select Menu item 2 and enter the server name. A restart will be required.

     

  2. After the restart, go to the command prompt and open REGEDIT. Navigate to HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Paramaters.

    Add or change the REG_SZ key named “NV Domain” and put in the DNS suffix to set the server with a FQDN.

     

  3. Configure the server with a Static IP and DNS settings. (Menu item 8)

     

  4. You can also configure Remote Management if you like. (Menu item 4)

Configure the Hyper-V Server for Remote Management

In this scenario, I am going to set this up in a quick and easy way. Some may not full appreciate the fact that the firewall is disabled here. You can perform more granular management of the firewall using the NETSH command if you like.

  1. Disable the Firewall using the command, NETSH AdvFirewall set AllProfiles
    state off

     

  2. Next, you need to download and copy HVREMOTE from http://archive.msdn.microsoft.com/HVRemote. (Yes, there is a warning about this version not supporting Server 2012 and Windows 8). I read up on a blog post from Virtual Machine MVP Steve Jain (http://smudj.wordpress.com/2012/09/26/quick-and-dirty-managing-hyper-v-server-2012-from-windows-8/) and tested this myself. Yes, there are warnings and errors which you can ignore, but it does work. One would assume that the coming version of HVREMOTE will address these later.

    Run the following commands.

    1. On the Replica Server, cscript hvremote.wsf /add:Administrator. If you are uncomfortable with this, you can then create another administrative user for this purpose.
    2. On the Primary Server, cscript hvremote.wsf /mode:client /anondcom:grant.
    3. On the Primary Server, cmdkey /add:servername /user:servername\Administrator /pass, where servername is the name of the Replica Server. You will need to type in the password.

     

Now, you should be able to open up Hyper-V Manager on the Primary Server and connect to the Replica Server.


Installing a SSL Certificate on Hyper-V Server

This part turned out to be the easiest part of all.

Purchase the certificate from your favourite vendor. Once you have your PFX certificate, copy it to the Replica Server. On the replica server, run the command as follows – certutil –importpfx certificatename.pfx, there certificatename is the name of the certificate file.

The certificate will be installed to the Personal Store on the Replica Server.

Enabling Replication

Once the set up is complete, you can follow the blog post http://blog.powerbiz.net.au/hyperv/how-to-set-up-hyper-v-replica-for-small-businesses/ to configure the replication. The firewall will not need to be configured on the Replica, since we disabled it earlier. If you configured it manually, you will have to remember to enable the Hyper-V Replica HTTPS Listener (TCP-In) rule.

Here are screenshots from my testing.

There you have it! If you have a Hyper-V server and want to implement disaster recovery using an inexpensive server, the best option would be to deploy Microsoft Hyper-V Server 2012 on a HP Proliant Microserver. This will give you an excellent disaster recovery scenario for small businesses on a tight IT budget.

Final Word: Don’t forget about data backups. Hyper-V Replica is not a replacement for good data backups.

 

 

 

 

 

Windows Server 2012 HyperV Replica Scenarios for Small Business

I’ve dived full on into the HyperV world with the release of Windows Server 2012. In Windows Server 2008 R2, it was a good platform for small businesses, as it provided a nice environment for running a business system (SBS2011 or earlier) with another server or two for other applications and uses. WS2012 makes it so much more powerful and easier to work with. I know I have said it before, and I will say it again. HyperV Replica is one of the best features for small business in WS2012. It provides an instant out-of-the-box disaster recovery capability at zero cost, since it is included in the software.

When I looked at traditional DR scenarios for small business, I believe that there are 3 possibilities to implement this solution. I know there are many other alternatives, but I feel that these 3 possibilities would be suitable for many small businesses, especially those under 25 users. Most small businesses do not have the budget to implement a 24×7 runtime environment and are satisfied to have some sort of changeover time in case of a server failure. Therefore, minimising this downtime window is important and greatly beneficial to the small business.

In discussing these scenarios, I am assuming that there will be an Active Directory, hosted on a virtual SBS or similar domain controller. The business would primarily have a single host server, but with the reduction in hardware costs, some businesses may have a second server, even if it is a lower spec server.

  1. Two HyperV Host Servers in Workgroup.

    In this scenario, there are two host servers. Once of the hosts might be in a different building or in a branch office connected via a site to site VPN link. The primary server would host the VMs and replicate to the second server. The second server might have a VM or two and replicate these back to the main server. This scenario works well because the host servers are completely independent of the underlying domain. However, there are some challenges in implementing Replica with workgroup based servers. Also, another important feature in DR, Live Migration, is not available for non-domain joined host servers.

  2. Two HyperV Host Servers joined as member servers to the business domain.

    In this scenario, the two host servers are joined as member servers to the underlying business domain. This makes management of the servers easier, since they are part of the business domain. It also enables the use of Kerberos authentication, and allows Live Migration to be activated. However, this obviously creates an issue where the member servers will be up and running before the DC is started. With cached credentials on the host servers, this issue can be negated. Alternatively, a second DC running on the other host server, as in a branch cache scenario, will also work to provide domain authentication. A variant to this alternative would be to make the primary host server a domain controller as well, so that it could provide the necessary authentication. However, the trade-off in this case will be some performance.

  3. Using a HyperV Server 2012 (free) as the replication target.

    In this scenario, the business may not be able to afford two full HyperV host servers. A second smallish server (like the HP Microserver) running the free HyperV Server edition could be used as a DR solution. I have found it very difficult to set the DNS suffix on the free HyperV server, as I have been able to do on the full GUI HyperV server. Powershell is not my forte, so perhaps someone with the experience can post a solution to this? (edit: thanks to some of my MVP friends, I might have a solution, and will test it out) If the server name is not properly configured as a FQDN name, it will not be possible to set up a certificate, which will render the workgroup method for replication useless. Thus, this scenario works best where both the host servers are joined to the underlying business domain.

A note about backups. In the scenarios above, a separate backup solution is still deployed. HyperV Replica is not a replacement for backups. There still needs to be a data backup plan in action to ensure that business sensitive and critical data is properly backed up and previous versions are accessible.

A lot more thought needs to go into this, and certainly, one should consider all the options before locking in a solution. I’m open to suggestions.

 

How to set up Hyper-V Replica for Small Businesses

One of the best features (IMHO) of Hyper-V in Windows Server 2012 is Hyper-V Replica. This feature allows you to replicate a running virtual machine on a Hyper-V server to another Hyper-V server, where it can be ready to be fired up in case of a failure at the primary server. The replication can happen as often as 5 minutes, thus providing an almost real time disaster recovery solution. The best part of this is that it is included out of the box in the Hyper-V role of WS2012.

There is an excellent reference called Poster Companion Reference – Hyper-V Replica available for download from Microsoft here – http://www.microsoft.com/en-us/download/details.aspx?id=29189. The diagram says it all.

So, from a small business perspective, how is this useful, cost effective, and can it be implemented with the limited resource constraints of the SMB budget?

For this to work, you need at least the following items.

  1. Two servers running Hyper-V as hosts in non-similar domains, or in workgroups. One of these would be the main server for the business. The second could be another server in the business OR it could be a server provided by your IT service organisation, who is offering a Disaster Recovery service for your business.
  2. A SSL Certificate for each Hyper-V server – both the primary and the replica servers. We will not be using Kerberos authorisation, because this only works in an Active Directory environment, where both servers are part of the domain. For our purposes, we are assuming a small business where we are happy to have one, let alone two servers running Hyper-V. In this case, there will most certainly not be a domain for the hosts. A domain controller in the virtual machines will not be helpful, since the hosts will not be able to authenticate with these DCs if they are not yet started.

How do we set this up? A summary of the steps taken are as follows:

  1. Configure the Hyper-V primary server and replica server names.
  2. Purchase the SSL Certificates. Install them on each of the servers.
  3. Enable Replication on the replica server.
  4. Select a VM to replicate and configure replication.
  5. Begin initial replication.
  6. Configure replication settings.
  7. Test failover.

Configure the server names

We need to configure the server names so that they are fully qualified domain names. This is needed in order to obtain a proper SSL certificate. Since these servers are not in a domain, any domain suffix which is accessible would be sufficient. Normally, you would use servername.yourdomain.com or similar. In order to quickly add a suffix to the domain name, you can take the following steps.

  1. Open up Server Manager
  2. Go to Local Server and click on the computer name

  3. Click Change

  4. Click More

  5. Put in the Primary DNS suffix and click OK several times for the changes to take place

  6. You will need to reboot the server. After that, the server name will include the full FQDN.

Changing the DNS suffix does not affect local access to the server. It merely allows the server to see itself with a fully qualified domain name, which should match the SSL certificate that is installed in the next step.

Purchase and Install the SSL Certificates

At this stage, you can obtain a SSL certificate from your favourite vendor. I use Trustico. After generating the certificate, you need to convert this into a PFX certificate and import this into the server.

If you have a certificate in a different format, there are tools that you can use to convert them. See my blog here for more information on this – http://blog.powerbiz.net.au/useful-links/ssl-certificate-tools/

Once you have the certificate, follow the instructions here to import the certificate into the server – http://blog.powerbiz.net.au/server-2012/importing-a-pfx-certificate-into-windows-server-2012/

Enable Replication on the Replica Server

Once these initial set up steps have been completed, the servers can be configured for replication following the standard guides to setting up Hyper-V Replica. A few good resources can be found here:

The first step is to enable replication on the Replica Server.

  1. Open Hyper-V Manager on the Replica Server
  2. Click on Hyper-V Settings

     

  3. Select Replication Configuration, and tick Enable this computer as a Replica server.
    1. Select Use certificate-based Authentication (HTTPS). You change the SSL port if you want, but you will also need to change this setting on your firewall as well
    2. Select the Certificate
    3. Allow replication from any authenticated server. You can specify the server if you want more security.
    4. Click OK to complete the page.

    5. Click OK to acknowledge that you need to configure the firewall.

  4. Start the Windows Firewall with Advanced Security console
    1. Click on Inbound Rules
    2. Scroll down and select the entry Hyper-V Replica HTTPS Listener (TCP-In)
    3. Click Enable Rule

Replication is now enabled on the Replica Server.

 

Enable Replication for each Virtual Machine on the Main Server

The final step is to enable replication for each virtual machine that needs to be replicated.

 

  1. Open the Hyper-V Manager
  2. Select a virtual machine, and click Enable Replication to begin the Replication Wizard

  3. Click Next. Type in the Replica server name (including the FQDN). If you have used a non DNS hosted FQDN, you will need to manually add in the entry into the HOSTS file.

  4. Select the Certificate for the main server. If the DNS entries are not correct, and the replica server cannot be located by the wizard, you may get the warning listed below.

  5. Select the drives that need to be replicated. It is possible to create a replica without replicating all the drives. Read the information panel for more information.

  6. At this point, you can choose to select more than one recovery point, and customise the VSS schedule.

  7. You can now select the initial replication method. The choices are self-explanatory. You can also schedule the initial replication so as not to cause bandwidth congestion.

  8. Review the settings, then click Finish to complete the wizard. If there are no errors, replication will begin immediately unless scheduled for later.

     

  9. On the Replica server, the virtual machine will be created in an Off state.

  10. Once replication has completed, you can monitor the status of replication and perform other tasks from the Replication menu

  11. Repeat this for all the virtual machines

There are many factors and considerations when working with Hyper-V Replica, such as bandwidth utilisation, processor utilisation, and memory requirements. These will be investigated in another blog posting. Also, we will examine the management of the replicas and look at how to run failover testing.

 

 

 

Importing a PFX Certificate into Windows Server 2012

In Windows Server 2012, you need to perform the following steps to import a PFX certificate into the Certificate store.

  1. Start a MMC session. From a command prompt, type MMC.
  2. Add/Remove Snap-in

  3. Add Certificates

  4. Use the Computer Account

  5. Manage the Local Computer

  6. Expand to the Personal Certificate store

  7. Right-click, All Tasks, Import. Then browse to the location of the PFX file to import the certificate. The Certificate Import Wizard will begin.

  8. Browse to the PFX file.

  9. Type in the password for the certificate, and mark the key as exportable, in case you need to re-export the key elsewhere in the future.

  10. Place the certificate in the Personal store.

  11. Click Finish to complete the wizard.

  12. When the import is successfully completed, the certificate and intermediate certificate will be displayed in the Certificates folder.