Friday, December 24, 2010

What to expect from 2011

The summary of 2010 would definitely include ’Cloud Computing’.
I guess that 2011 would include the term ‘Cloud Computing’ also, and perhaps people would talk about that term in a more accurate way – since we now have some understanding for what it actually means and does.

With the Server Application Virtualization coming up along with the next version of SCVMM – I`ll guess we`ll have a very exiting and interesting year ahead us.
We would have more of Private Clouds, and far more businesses would evaluate the Public Clouds available.

Maybe the IT-Pro should have a decent understanding of coding and development in the future – because it may be expected from us?

A Power Point presentation will be available on this blog early in 2011 – containing ‘IT-Pro`s and Windows Azure’

Thursday, December 23, 2010

Some stuff about the MCITP: Virtualization Administrator 2008 R2

Microsoft has 3 available MCTS exams for the MCITP track.

70-669 – TS: Windows Server 2008 R2, Desktop Virtualization
70-659 – TS: Windows Server 2008 R2, Server Virtualization
70-652 – TS: Windows Server Virtualization, Configuring

And the PRO exam: 70-693 Windows Server 2008 R2, Virtualization Administrator

I took 70-659, 70-669, and 70-693 in August this year.

I`ve taken some certifications and exams before and have a couple of books from Microsoft Press. But for the Virtualization exams – there are no official material from MS press. Challenging!

(The only available relevant book from Microsoft Press for the Virtualization exam is the 70-652 which covering Hyper-V R1 with a lot of update alerts about Hyper-V R2 J )

Anyhow, I wanted to get certified on this technology.
It was quite interesting to seek all the knowledge by myself, and not get it presented piece by piece from a book that was supposed to cover every part of the skills that should being measured.
So with a bit experience, some HW and SW – I was ready to go.
From my perspective, I think this is the right way to do it in the future also. I feel that I have learned a lot more than I would from reading a book and doing the exercises there.

Summary of the exams:

PRO: 70-693 – Mostly about designing Hyper-V and HA. Many questions about Failover Cluster, Migration (Quick, Live, SAN), CSV vs. LUN (R2 vs. R1). And also some questions about Remote Desktop Services that you should be familiar with. The PRO exam is not ‘easier’ than the other, only different since it`s more like a ‘why and why’ exam, rather than a ‘how to’ like the MCTS-exams.

MCTS: 70-669 – This one was really quick. The exam tested you to see if you knew what to use and when (MED-V, App-V, VDI, Remote Desktop Services). Pay some attention to the different settings in MED-V, App-V (sequencer, client, and different servers). But again: Know what to use and when.

MCTS: 70-659 – Along with the PRO exam, this one was the most interesting. It covered every part of Hyper-V – similar to the PRO exam but only more technically. Know the different Windows Server versions that run Hyper-V (core, Hyper-V 2008 R2, Windows Server 2008 R2 with the Hyper-V role installed) and how you could configure each of them. You should expect some questions about host/child settings, Failover Clustering, AzMan, snapshots, backup, and last and very important: SCVMM with the different conversions. A lot of the questions were based on Migrating from x to y, with the different Windows Server versions involved with different SP installed.
You may also get some questions about RDS in this exam.

Feel free to ask me if you intend to take this certification, and I will try to help.

(You`ll end up with a Certificate similar to this one)

Wednesday, December 22, 2010

Hyper-V and separate Active Directory Domain

Most of the time, I get my inspiration from the forums, where some interesting people asks a interesting question. Today, there was a thread about Hyper-V on separate domain, and what our recommendation was.

You may think that there is a good practice to make your Hyper-V host part of an AD DS directory. Yes, it is. AD DS centralize all access rights to servers and support the delegation of administration services. Especially when it comes to Failover Cluster, the Hyper-V nodes require an Active Directory domain. (Important: You can off course run your Hyper-V hosts in a workgroup (not domain joined) and have VMs that belongs to the domain. But you can`t use Failover Clustering with this configuration).
But sometimes you want to live in an ideal world and separate the Hyper-V hosts with the rest of your domain and create a ‘Utility Directory’ which contains only the Hyper-V hosts. The security and identity context for the networked services in your production domain would remain the same as it was, but the security context for your Hyper-V hosts becomes an independent directory.

But when is this necessary?

It depends. It`s really a question about security, policy, and the size of your network. Remember that you would need additional servers as well to manage this domain. This configuration ensures that end users not lives or operates in the same security context as your Hyper-V hosts.

Any thoughts?

Tuesday, December 21, 2010

Prepare your ISCSI disk for use

When you want to run a HA solution with Failover Cluster using ISCSI, you need to prepare the disk for use. You need to initialize and format the disks presented by the ISCSI target form one of the nodes in the cluster. You do this on only one node in the cluster.
1.       In Server Manager select ‘Disk Management’. It should show the connected ISCSI-target disks as offline
2.       Right click each of the drives and select the Online option to bring them online. Right click again and select Initialize Disk.
3.       When the initialization is done, right click the unallocated space on a disk and select Create Simple Volume. Make the selections in the wizard to format the disk in the manner you want to formatted. Disks MUST be formatted as NTFS for use in a Failover Cluster. (You don’t need to assign a drive letter). Repeat these steps for every disk you want to use in your cluster.
4.       Right click each of the created disks and select Offline

Congrats. You`re now done. In addition: also follow these steps when creating a Guest Cluster using ISCSI.

Monday, December 20, 2010

Questions and Answers in 60 seconds (Part 2)

-Does R1 allow more than one VM per LUN (and/or didn`t support live migration)?

You could have many VMs per LUN in R1. But when migrating a VM, you actually moved the storage (LUN), which contained the additional VMs. So that would result in some downtime for every VM on that LUN.
In other words: the disk resource was the unit of failover. By this I mean that all VMs stored on a given LUN had to be moved or failed over together.
R2 introduced a significant change in the way storage volumes can be accessed for VMs, and this feature (CSV) is available only for Hyper-V 2008 R2 VMs. CSV functions as a distributed-access file system for access to VHDs. Other cluster technologies from other vendors have accomplished a similar function by creating proprietary cluster file systems. These cluster file systems provide a locking mechanism shared among all the hosts in the cluster that limits access to the disk to a single node at a time, but all nodes have read/writes access. CSV does not use any proprietary volume format, it uses the standard NTFS that Windows has used for years :-). Also: CSV enables all Hyper-V hosts to have full read/write access to the VHDs of the VMs they are hosting. 
CSV is a option that you could turn on in a Failover Cluster that is built with Hyper-V R2 hosts. 
It`s implemented by creating a directory on the C: volume of each node in the cluster.
In this case, two shared disks in the cluster are assigned to CSV. The first volume has 4 VMs stored on it, and the second volume has 5 VMs stored on it. Only one node of the cluster will own the physical LUN of the shared volume, but each volume can be owned by different nodes of the cluster. CSV provides the ability for each node to have full read/write access to the individual VHDs that are used by different VMs.
-Does CSV do anything for performance?
The most impact would be the disk type of your VHDs. Fixed VHDs provides almost the same performance as pass-through disk, but again: gives you the most flexibility. We recommend not to use Dynamic VHDs. Especially in production environment. 
Another thing is to group CSV volumes with similar disk types (as I stated in my previous post. Group SAS disk for one CSV, and SATA for another etc.)
-Where can I get more detailed info on CSV?
Also: Do not hesitate to post things around at the forums. Many people has a lot of experience with Hyper-V, CSV etc.
-Does the hartbeat NIC need IP configured? Can it be on the same switch as the iscsi network?
The hearbeat NIC should as I stated - in an ideal world, have it`s own network. But you could have it over shared networks as well. (Also ISCSI).

Sunday, December 19, 2010

Connect to your SQL server

A simple script that enables connection to your default SQL server on port 1433. Works on XP, Vista, Win 7, 2003, 2008, and 2008 R2

Copy the content to notepad and save the file as .bat


@rem Easy Firewall-script for enabling connetion to default SQL

@echo = SQL Server Ports =
@echo SQLServer default instance port 1433
netsh firewall set portopening TCP 1433 "SQLServer"

@echo Dedicated Admin Connection port 1434
netsh firewall set portopening TCP 1434 "SQL Admin Connection"

@echo SQL Server Service Broker port 4022
netsh firewall set portopening TCP 4022 "SQL Service Broker"

@echo Transact-SQL Debugger/RPC port 135
netsh firewall set portopening TCP 135 "SQL Debugger/RPC"

@echo = Analysis Services Ports =
@echo SSAS Default Instance port 2383
netsh firewall set portopening TCP 2383 "Analysis Services"

@echo SQL Server Browser Service port 2382
netsh firewall set portopening TCP 2382 "SQL Browser"

@echo = HTTP, SSL, Browser, and Multicast =
@echo HTTP port 80
netsh firewall set portopening TCP 80 "HTTP"

@echo SSL port 443
netsh firewall set portopening TCP 443 "SSL"

@echo SQL Server Browser Service's 'Browse' Button
netsh firewall set portopening UDP 1434 "SQL Browser"

@echo Allowing multicast broadcast response on UDP (Browser Service Enumerations OK)
netsh firewall set multicastbroadcastresponse ENABLE


Saturday, December 18, 2010

Remember to use the built-in support for mounting VHDs (2008 R2)

Scenario: You have a lot of VMs running in your environment. You protect these VMs in some way, either with Windows Server backup, DPM 2010, Symantec, etc. If you primary take backup of the entire VHDs, you have two options when it comes to restore:

1-      Restore the entire VM
2-      Mount the VHD in Windows Server 2008 R2

Number 2 will save your time if you only need to restore some of the files from that VHD.

How to:
1.       Open Computer Management
2.       Select Disk Management
3.       ActionàAttach VHD
4.       Browse to the location of the VHD you want to restore from (check Read-Only)
5.       Mount the VHD
6.       Browse the VHD from your server, and copy the files needed
7.       Detach the VHD

Friday, December 17, 2010

Questions and Answers in 60 seconds

Some quick questions and answers - Hyper-V and Failover Clustering

1)      Should you use different LUN for each VM?

If you are using Windows Server 2008 (not R2) you should configure one LUN per VM so that you won’t bring down all VMs on that LUN in case of a migration or a failover. I you`re running 2008 R2 you have the possibility to use CSV – that let you place every VM (if you want to) on a single LUN. CSV also supports Live Migration – migrate your VMs with no downtime or interruption.

2)      Should I use Pass-Through disks?

When it comes to Pass-Through disks, I would rather recommend using Fixed-Sized disks (.VHD). The performance is almost equal and you have much more flexibility when it comes to managing that VM with its disk. It`s also simplifies backups and restores of VMs.

3)      Would it be recommended to put all OS disks (the IDE .VHDs) from all VMs on one LUN/CSV?

For the location of the VMs OS-partition (ide), I often place them on a dedicated CSV/LUN, and place the VMs data-partition on another CSV LUN. One tip could be to place the I/O intensive vhds on a SAS LUN and the other vhds on SATA LUN (if you have a SAN with that configuration.

4)      How is the heartbeat NIC configured?

In an ideal world - the heartbeat should be placed on a separate network.  But sometimes the ideal is not always possible and you could also have this heartbeat on shared networks (LAN etc.)

Thursday, December 16, 2010

NIC Teaming and Hyper-V (and MPIO)

You may have heard about NIC teaming – when you use two or more Network Interface for load balancing, failover, and speed (throughput).  The important thing is to know that Microsoft does not support this. By not support this I mean that the driver for NIC teaming is provided by the vendor. I should also mention that most of the time the NIC teaming works, but it often proves that it is the root reason for some errors or other mystic behavior in your virtual environment. (Failover Cluster, ISCSI, etc.) The NIC teaming is done at the physical level and not at the virtual level. So keep that in mind when you create virtual networks and dedicate one of your NICs installed on the host.
Another option that provides much the same as NIC teaming is MPIO. This is supported and I find it very robust and useful. I have never had a problem after a ISCSI/MPIO configuration – compared to NIC teaming which often brings a whole lot of work to find the accurate drivers, requiring the firmware to be updated and so on.

If you ever have asked a question at the forums, mentioned that you have a problem and the words ‘NIC Teaming’ shows up, most of the guys would definitely recommend disabling NIC teaming first thing first to eliminate that as the root reason.

How to configure ISCSI with MPIO:

1.       Open the ISCSI initioator
2.       Add the ISCSI portal
3.       Connect to the available targets in the Targets tab
4.       Check enable multipath and add the specific target-initiator pair in one of the ISCSI networks
5.       Install the MPIO feature in Server Manager
6.       Go to Administration tools and click MPIO
7.       In the Discover multi-path tab, click add support for ISCSI devices
8.       You will be ask to restart  Windows – Do it J
9.       After start up, launch ISCSI-initiator, select targets and properties
10.   Click Add Session and add the target-initiator pair in the remaining ISCSI network
11.   Click devices, and you`ll see only one device if MPIO is configured properly
12.   Click MPIO and see load balancing policies and the connections to the ISCSI device

Wednesday, December 15, 2010

SSP vs. SSP 2.0

The new release of the Self Service Portal has made some confusion.
If you already are using the SSP that comes along with SCVMM 2008 R2, you know that this is a great and easy web-interface to connect to dedicated VMs and also let you do a whole bunch of operations.
With the release of SSP 2.0, you might think that this is an 'updated' version. It is a complete new, different, and more complex solution. This is not an update from the SSP but a new SSP.
The most important difference is that VMMSSP 2.0 provides some sort of standardized workflows and supports both automated and manual steps. It`s an ideal tool if you plan to build an IaaS for you customers. We can easily start to speculate about the next version of SCVMM, and the hot-topic ‘Private Cloud’. We`re moving closer.

So, if you want to have a simple web-interface for your VMs and dedicate some of them to your colleagues, developers, users and so on – do not ‘update’ to SSP 2.0. It will just get more complex, and provide you with a lot more than you actually need. It does not support the action ‘Checkpoint’ or snapshots as well.
In addition you can use both portals in your environment.

Download SSP 2.0 here:

Tuesday, December 14, 2010

DBCC (Database repairs)

DBCC CHECKDB can perform repairs of corruption that it finds in the database. But what could you do if you don’t have a backup, and the DBCC returns errors that include:

-          Corruption in a PFS page header
-          Corruption in the leaf level of a critical system catalog index
-          Errors from system catalog cross-checks
-          Data purity errors

You might want to get to know the REPAIR_ALLOW_DATA_LOSS option.
It does what it says. It deletes whatever that is corrupt and fix up all linkages to and from the corrupt object. This is the fastest and easiest way to remove a corruption. But remember, even REPAIR_ALLOW_DATA_LOSS can`t fix every corruption.

You need to set the database to single_user before you run this command.
The syntax:


Monday, December 13, 2010

Hands on – 2011

Why should an IT-pro spend some time with Windows Azure?
At the PDC 2010, Microsoft announced some news for us as well.
·         VM Role
·         Windows Azure Connect
·         Remote Desktop
·         Admin Mode
·         Full IIS 7.5

If you already are familiar with Hyper-V and the concept about Private Cloud as far as Microsoft concern, you have a good start. We have also heard some announcements about the next version of System Center Virtual Machine Manager (vNext / 2012). From this perspective we can tell that Microsoft wants us to integrate more with Windows Azure.

One of the great thing about virtualization is that you need to have a decent understanding about every aspect of the eco-system. You need to understand networking, scripting, system administration, databases, security, - yes, almost everything. So to update your skills to also manage Windows Azure from the IT-pros perspective should be practicable.

When it comes to Windows Azure we need to focus on:

·         Deployment
·         Updates
·         Affinity Groups
·         Monitoring
·         Administration
·         Security
·         Backup

We cannot consider us self as unemployed just because we don`t manage the Hypervisor in the cloud.
I`m very exiting about the next version of VMM, and to see what benefits an IT-pro would gain being updated on Windows Azure.

I will share a PowerPoint presentation later for explaining IT-pros about Windows Azure (public cloud) and on-premise (private cloud).

Sunday, December 12, 2010

Impersonation (SQL)

You may be familiar with the ‘Run as..’ option in Windows.
In SQL, you can impersonate another principal to execute commands in a specific user context.
You must have the IMPERSONATE permission grated to your account on the principal that you want to impersonate. You can also assign the IMPERSONATE permission during login, so you can execute under that principal`s authority in any database to which the principal has access.

EXEC | EXECUTE AS <context_spcification>

Saturday, December 11, 2010

P2V - Disable Services and/or Drivers

Location: C:\Program Files\microsoft System Center Virtual Machine Manager 2008 R2\VMMdata\Blocklist.xml

In this file, you are able to disable drivers and services in a VM during P2V.
The syntax uses short name for both services and drivers.

Editing this file is not supported by Microsoft, but you may find this interesting since there will be no need for those drivers/services after the conversion, since you`re now dealing with a VM with synthetic/legacy drivers.

Friday, December 10, 2010

Move your VMs to Azure (some thoughts)

Microsoft announced some new great features for their Azure services in October.

·         VM Role
·         Windows Azure Connect
·         Admin Mode
·         Remote Desktop

For an IT-pro, this Is great news. Also, the new Management portal is stunning!

What opportunities do we have if we have a virtual environment (Private Cloud) based on Hyper-V?
-          Create VMs (image/.vhd) and upload them to Azure
-          Connect our services in Azure with our On-Premise resources
-          RDP to the VM in Azure, and do maintenance, configuration etc

Fantastic, but can we consider this as an IaaS solution from Microsoft, compared to Amazon`s EC ?
It really depends.
To move your VM from Hyper-V to Azure, You also need to think about sizing the VM (The VHD size must fit the quota allocated for the chosen VM size for you role. In this case, setting the size to 30GB allows you to deploy the VM in a “small” role), and not create any other partitions than C:
You need to download the new SDK 1.3. This will give you the opportunity to make the VM Azure-aware with the new integration services (wavmroleic.iso).
Once this is done, sysprep the VM and upload it to Azure from the Windows Azure SDK Command Prompt.
Example: csupload Add-VMImage -Connection "SubscriptionId=<YOUR-SUBSCRIPTION-ID>; CertificateThumbprint=<YOUR-CERTIFICATE-THUMBPRINT>; ServiceManagementEndpoint=" -Description "Base image Windows Server 2008 R2" -LiteralPath "<PATH-TO-VHD-FILE>" -Name baseimage.vhd
Then the .vhd will be mounted for further verification.
Once this is done, create a service model and configure it to use the base image in Visual Studio 2010. You can also set up the RDP connection here.

Ok. Now we have our VM placed in Windows Azure. This role is still in its beta period, and I should not say for sure that this is it. But we might be tempted to think of some scenarios here.

Some questions that people has asked me:

-          Can we extend our On-Premise resources to Windows Azure?
Yes. You can connect your on-premise resources with your services in the cloud. You can even domain-join your services in Azure to your domain On-Premise  (simplifies Single Sign On)

-          Are we able to host our Remote Desktop Servers here?
-          Can I place my backup server here, and sync between my On-Premise servers?
-          If we`re running a private cloud with SCVMM, Failover Cluster and Hyper-V, could we failover to the VM in Azure ?

The answer to all the last questions: You have to think of Azure as a solution, not a machine. We can separate Azure in the following roles; VM Role, Worker Role, and Web Role.
The idea about the VM Role is to let you move your existing applications to Azure more easily than to write new code to support it all. We get a hint about this, since its focus is primary on the full installation of IIS 7.5. The VM Role in itself is just a bonus for us IT-pro`s, who can contribute with our skills when it comes to adjust the VM for installation, monitoring, and administration. The main focus should still be the Application, - and not the VM.
So this is not Microsoft`s announcement of a IaaS solution, but something in between.
You won’t be able to failover your VM to Azure. Remember that you need to manage the Hypervisor, so you can’t failover a VM to another VM, since you can`t run Hyper-V inside the VM. Also, that would require storage and the underlying storage for the VM in Azure is out of your control.
The Remote Desktop support in Azure makes it easier to connect to your services . You are now able to troubleshooting the VM Role  and the other roles. Not to host Remote Desktop services there, and run LOB application installed in the VM Role.

Personally, I think the new features in Azure are very interesting. In fact, it`s hard to sleep when my head is in the cloud. It forces me to be creative in a new way, and to think solutions more than ever. We have now the chance to combine the best of both world, - our truly believed On-Premise resources, with the services in the cloud on steroids (Azure).

Thursday, December 9, 2010

Things you should know about Import and Export in Hyper-V

If you want to move your VM from Hyper-V server 1 to Hyper-V server 2 and they are not member of a cluster, the most simple way is to Export and Import the VMs.

Let`s look at the Export first.

1)      Power off your VM
2)      Export the VM to the destination folder
3)      The export folder gets VMs configuration, saved state folder and files, vhd`s,  avhd`s (snapshots), and the .exp files. Yes, everything is included.

Importing a VM:

After generating the VM export files (.exp) you are able to import the exported VM to Hyper-V again.
What should you do when you are importing a VM ?
If this is a ‘restore’ you can choose to reuse the ID of the VM. If this is a copy, you generate a new VM ID. Hyper-V uses a VM ID to uniquely identify a VM.

You also have the option to Copy on Import with a VM, which gives you the opportunity to create a ‘master’ VM, so that you can import the VM multiple times from a shared folder.

(Remember to enable Full Access for both the User account you`re using, and the Computer account for the Hyper-V servers on the network share created for the export/import)

Bonus: Exporting a VM Snapshot:

One great feature that I have used from time to time is to export  a snapshot of a VM, and import it as a new VM.

You still need to power off your running VM before exporting the snapshot. Hyper-V merges the snapshots into a new .vhd. So you get a new VM with no snapshots (the main reason for me doing this)

Wednesday, December 8, 2010

Exchange 2010 and ESET NOD v4.0.67

OK, let me start.

This week, I installed Exchange 2010 in production. We`ve had our Exchange 2007 server running for a while, and wanted to upgrade to Exchange 2010. I installed this on a new 2008 R2 VM (off course), and started to move mailboxes. Everything went fine, and mail flow was good.
But when some of my colleagues started to use a shared mailbox (a user mailbox that some users has full access to), they were not able to see the content of any mail. Or, some of the mails showed content. Off course, we asked the sender to send again, and explained that there was no text in the e-mail. But it was.

If the sender sent an e-mail as HTML, it appeared blank. If the sender sent an e-mail as Plain Text, everything was OK. It took some time before we found out of this pattern.

First we thought that this must have something to do with the content filter on Exchange 2010. No.
Then we thought that the Anti-Virus on the Exchange server could have some impact, and turned it off as a test. No improvement.  Then a great Exchange specialist of mine, Morten Pettersen, recommended to upgrade our Anti-Virus software from NOD v4.0.67, to v4.2.67.
The important factor here is that every user had to upgrade their software. If one user who had access to this shared mailbox, viewed a received e-mail with this version installed, the content were blank for every user who tried to view it. After we upgraded all our clients to v.4.2.67, everything went well.

I guess that more users will have this problem, and hopefully if they BING or Google this combination, they will be routed here to see this explanation. I can’t find any information about this behavior on ESET`s support.

Tuesday, December 7, 2010

How much memory is enough?

People who want to start with Hyper-V and virtualization, often asks how much memory they need on their physical server. The answer is: What is the length of a fish.

A key to a successful Hyper-V implementation is adding enough memory to your hosts.
Assigning your VMs with ‘enough’ RAM, will decrease the I/O for your storage, and give you a more responsive environment. You could basically have all the CPU power in the world, but the VMs would not take advantage of that (would be unused) if you don’t have enough memory when running your VMs at the same time.

1)      How many VMs will be running, and how much RAM will be allocated ?
Plan this carefully, and also keep in mind that SP1 supports allocating more RAM than actually installed on the host so you could over commit your server

2)      Workloads within your VMs
A VM with SQL installed, is the same as a physical machine with SQL installed. It require memory, memory, and memory.

3)      Live Migration / Quick Migrations
If your physical server(s) is a part of a Failover Cluster, keep in mind that in case of a failover, you need sufficient resources to support the additional VMs. In worst case, the VMs would not be able to start after the failover.

Monday, December 6, 2010

Simplified URL for RDWeb Access

Some of my users was not able to remember the /RDWeb as part of the URL to our RD Web Access Server.
If your RD Web Access server (as our) do not serve any additional websites, you can change the URL to make it more memorable.

How to ?
On your RD Web Access server go to c:\inetpub\wwwroot, copy the iisstart.htm and name it 'iisstart-old.htm' so you have a backup.
Right click iisstart.htm and open with Notepad.
Delete the entire content so you have a clean slate of the document.

Type the following code on one line:
<meta http-equiv="refresh" content="0;url=https://servername.lan.local/rdweb">
In your environment, you have to change 'servername.lan.local' to your FQDN.
Once you`re done, save the changes.
You can now access your RD Web Access server using https://servername