Search This Blog

Tuesday, September 29, 2009

Installing SCVMM 2008 R2 RTM

Basically the step is almost the same for SCVMM 2008 and RC version.

First, please refer to the hardware specification for SCVMM:-
http://www.microsoft.com/systemcenter/virtualmachinemanager/en/us/system-requirements-r2.aspx
Recommended:-
a) Dual Core with 64x
b) 4GB RAM
c) 50 GB HDD or higher
d) Windows server 2008 64x

Once you have choose your hardware, let start by looking into SCVMM 2008 R2 installation.

1. I'm assume you've run the VMMCA tool. Make sure, you have install Powershell and IIS component.

2. Run setup from the CD and select VMM Server.



















3. Accept the license agreement.



















4. Select No. I am not willing to participate on customer experience improvement program.



















5. Enter your name and company name
















6. Enter the correct installation path



















7. On the SQL Server setting, i'm selecting "Install SQL Server 2005 Express Edition SP3".The Database size is limited to 4GB. It should be sufficient to handle 150 hosts.To manage more then 150 hosts, it is recommended to get SQL Server and add another library server and do not use the default library share on the server.



















8. Leave the default library share. However, you can change the path to another drive.



















9.On the specify the port. Leave the default port value but take note on the port number

a) 8100 -for communication with VMM Administrator Console.
b) 80 -for communication to agents and library server
c) 443 -for file transfer to agent on hosts and library server.

10. On the VMM service account, specify a domain account. If you decide to use local account, you need to create SPN using setspn command during PRO and SCOM integration. (Trust me, you will not want to go through the hassle installation step later)

Besides than using VMM service account, you need to add this account into  VMM server local administrator group. if not, you will receive this error message:-


11.Review the summary and click next to start the installation..


12.Wait until the installation is complete.


13. Once the installation is complete, you can start to install VMM Administrator console and VMM Self Service.

The installation is quite straight forward but here is some tips that you may want to take note
a) VMM Administrator console if install at remote computer, it must joined to domain.Do not install VMM Administrator Console at VMM server first if you plan to integrate with SCOM.There are several step that you need to follow when performing integration with SCOM.
b) VMM Self Service, change the default port number 80 to another port which does not conflict with existing IIS.

So good luck on your SCVMM installation

Diagnostic tool for SCVMM 2008 and SCVMM 2008 R2

I'm recommending that you download and run System Center Virtual Machine Manager 2008 and 2008 R2 Configuration Analyzer before you install SCVMM Server, VMM Administrator Console and VMM Self Service Portal .

Get the analyzer from :-
http://www.microsoft.com/downloads/details.aspx?FamilyID=02d83950-c03d-454e-803b-96d1c1d5be24&displaylang=en

Before you run the VMCA, you must download the pre-requisite:- 64-bit version of Microsoft Baseline Configuration Analyzer (MBCA)
http://www.microsoft.com/downloads/details.aspx?FamilyId=DB70824D-ABAE-4A92-9AA2-1F43C0FA49B3&displaylang=en

The system will come out with a pop up error message if you did not install MBCA.


Run the tools and enter the server name.


The Analyzer will perform diagnostic and provide a report. It is recommended to fix all the error (Indicated in red color) before install SCVMM.


Re-run the diagnostic once you fix the red error. You can ignore the warning error (Indicated in yellow color about insufficient memory) .



Once the diagnostic is complete, you can start the SCVMM installation.


Different types of disk in Hyper V

With Hyper V, you have several options to select different types of disk for the virtual machine. You can choose

a) Pass- through disk
Suitable to use on production environment and best for application / resource which is resource extensive such as Exchange Server, SQL server, etc
For more detail, please refer to my previous article:-
http://www.ms4u.info/2009/07/hyper-v-pass-through-disk.html

b) Fixed disk
Another alternative than pass through disk. Also suitable for production environment which is medium type of resouce extensive application. One of the limitation is you need to allocate fixed hard disk size for each VM. It can occupy a lot of your hard disk space and the size does not change when you add / delete data.

c) Dynamic disk
Suitable for test environment/less extensive application. The initial hard disk size is small and will grow when more data is added in.

d) Differencing disk
Suitable for testing and training environment. This type of disk need to associate with a parent disk which has set to read only. Any new changes, will be added to this diferential disk without impact to the parent disk.

Choose wisely on the type of disk before setup a virtual machine...Cheer, ericlaiys

Sunday, September 27, 2009

Configure Network based installation in Hyper V

If you want to perform PXE boot installation/network based installation for Virtual machine, you need to use legacy network adapter. You can't use synthetic network adapter until you've install integration services.

Legacy network adapter is an emulated device which is primary backward compatibilities with older operating system. If you cannot see network adapter in the VM, switch to legacy network adapter.
It also work on Linux operating system.

Here is the step to change the legacy network adapter:-

1. Shutdown the VM before adding hardware. The VM must be offline.
2. Select the VM and choose the option Settings
2. Choose Add hardware, select legacy network adapter and click Add



Saturday, September 26, 2009

Overview of Hyper V Manager snap in















Here is some overview of Hyper V Manager snap in:-
a) Left pane- allow you to connect other Hyper V server
b) Middle pane
- Virtual machine - list of all your VM which indicated VM name, state, CPU usage, Memory, uptime and status
- Snapshot - allow to view all snapshot that you've perform on the VM. Please bare in mind, do not use snap shot as backup tool  in production environment
c) Action pane-Allow you to configure Hyper V settings. Below action pane is the VM action whereby you can use to connect, change VM settings, Turn off, Shutdown, Pause, reset, Snapshot and Rename.

Why Server Core for Microsoft Windows Server 2008 -Hyper V ?

You may wonder how to secure Hyper V. One of the method is using Server Core rather than running on full GUI version.

Server Core is like linux and we are back to old days (DOS screeen). After login in, you will only see DOS screen and black screen. Just command line.

This is the benefit why you use Server Core for Hyper V
a) Reduce maintenance. As less component is install, you do not need to perform a lot of patch installation.
b) Reduce attack surface. Because fewer application is installed, then less security holes.
c) Less disk space required. Server Core require only 10GB compare to full installation of windows Server 2008 which can occupy almost 20GB of your hard disk space.
d) Use less resources compare to full GUI version

Good thing is after you have performing initial configuration for the server, you can install RSAT tool into your client workstation in order to remotely manage Hyper V.

Proceed to my previous article to learn how to configure Server core for Hyper V:-
http://ericlaiys.blogspot.com/2009/07/install-hyper-v-roles-in-virtual-image.html

Comparison between Hyper V and Hyper V R2

Hi, for those who has read my previous comment about Hyper V and Hyper V R2
http://ericlaiys.blogspot.com/2009/07/hyper-v-vs-hyper-v-r2.html

Here is some add on about Hyper V R2:-














You can download Hyper V R2 from http://www.microsoft.com/downloads/details.aspx?FamilyID=fdac7be8-1847-4839-991d-f84be95a33a0&displaylang=en

For those with Technet and MSDN subscription, please proceed to Technet and MSDN website to download the RTM version.

Microsoft licensing on Virtualization

A lot of people confused about Virtualization license. Let me explain in more detail to help you understand more so you would not illegally use the Microsoft Licensing.

a) VMWARE - you need to buy each Microsoft operating system license for each VM.
b) Windows Server 2008 Std edition - free running 1 instance of Standard Edition os on the VM.
c) Windows Server 2008 Ent edition - free running 4 instance of either Std or Ent Edition os on the VM.
d) Windows Server 2008 Datacenter edition - unlimited instance. (License is calculated based on per processor)
e) Microsoft Hyper V - the system is free but you need to buy license for each guest. Similar as VMWARE.

There is a term and condition for option b and c.

"The condition is you cannot run any application or roles on the parent partition."

For example: If you install Web services on the Windows Server 2008 Std Edition, you will lose the benefit of running free 1 instance of the VM.
If on Windows Server 2008 Ent edition and you run Web services on top of parent partition, you will lose 1 free instance. That's mean you will only get 3 free instance of VM instead of 4.

Anyway as a good practice in virtualization, you should not run any application on the parent partition.

So plan well before you decide on virtualization...

Why choose Hyper V?

I still remember that i'm have been using Virtual PC and Virtual Server back in year 2003. Back then , it is free compare to Vmware. Virtual PC and Virtual Server is just another software which ran on top of your existing operating system.

Here is some limitation of Virtual Server & Virtual PC which i know of:-
a) Limited to 32x guest operating system
b) Using only 25% of 1 processor.
c) Limited to 3.6GB of RAM per guest.

As time past by, Microsoft has finally come out with built in virtualization solution on Windows Server 2008 64 platform. Hyper V is a new a hypervisor based virtualization which do not run on top of the operating system. The child partition is directly access to the resources. The advantages of Hyper V is
a) Support SMP and 64 bit VM for guest.
b) Support more than 3.6GB of RAM per guest.
c) Support for mapping a LUN directly to VM
d) Hyper V snap in is a MMC based management compare to web based. You can install RSAT in Vista and Windows 7 in order to manage Hyper V.

However in order to install Hyper V, you need to fulfill this requirement:-
a) Hardware assisted virtualization. (Intel VT or AMD VT)
b) Enabled hardware data execution protection (DEP) to protect from malware read/write. (Intel-Execute disable (XD)/AMD-No execute (ND) )
c) 64 bit capable processor
d) Install with Windows Server 2008 -64x platform.

To make your life easy,  here is some link to help you to build your 1st Hyper V server

DELL server which support Hyper V- http://www1.ap.dell.com/my/en/business/servers/hypervisor_servers/cp.aspx?refid=hypervisor_servers&s=bsd&cs=mybsd1

HP server which support Hyper V-
http://h71028.www7.hp.com/enterprise/cache/458915-0-0-0-121.html

Intel Processor which support Hyper V-
http://ark.intel.com/VTList.aspx

AMD processor which support Hyper V-
http://www.amd.com/us/products/technologies/virtualization/Pages/amd-v.aspx

For those folk who are using Virtual Server, start to migrate to Hyper V. Give Hyper V a try and you will be surprise how Microsoft improved on virtualization technology. Plus Microsoft going to lauch Hyper V R2 on 22 Oct 2009. If you need any assistance, kindly email to [email protected].

Saturday, September 19, 2009

Enable Access Based Enumeration (ABE) in Windows Server 2008

Short form called ABE. For those professional level, you must have heard ABE since Windows server 2003. Good news !

ABE has became a built-in in Windows Server 2008. No more downloading ABE as what we are doing for Windows Server 2003. Even thought it is built in, by default this feature is disable.
All you need to do is go to Share and Storage Management snap in and enable it.

1. After open the Share and Storage Management snap-in, select the share folder, Right click and select Properties

















2. You will notice the ABE mentioned "Disabled". click on Advanced Button

















3. Tick enable access based enumeration.






















4. Easy right...let compare the result before and after enable ABE.

Before : You will see all folder even thought you do not have the permission.


















After enabled ABE:- You only see your own folder.


Active Directory Health Check tools

It is always a good idea to perform several health check to the existing active directory before doing any potential dangerous domain operation.

In this article, i will explain more on the tools that i have frequently used.

a) DCDiag - Basic Domain Diagnostic which analyzes the state of domain controllers in a forest or enterprise and reports any problems to assist in troubleshooting

Format:-
dcdiag /v /f:dcdiag.log

/v = verbose mode
/f = output to a file
/e = run diagnostic to all domain controller
/s
/fix = fix service principal name (SPN)
/q = report error only

b) Check schema version
Go to registry HKey_Local_Machine\system\CurrentControlSet\services\NTDS\Parameters

The last parameter is the schema version number.

Here is some of the schema version number for your reference
13 -> Windows 2000 Server
30 -> Windows Server 2003 RTM, Windows 2003 With Service Pack 1, Windows 2003 With Service Pack 2
31 -> Windows Server 2003 R2
44 -> Windows Server 2008 RTM

For more details: -http://support.microsoft.com/kb/556086/en-us?spid=3198

c) Netdiag - domain controller network diagnostic. It helps to isolate networking and connectivity problems by performing a series of tests to determine the state of your network client.
Format:-
netdiag /v > C:\netdiag.txt

c) dnslint - verify Domain Name System (DNS) records and generate an HTML report.
Format:-
dnslint /d: This diagnoses potential causes of "lame delegation" and other related DNS problems.

dnslint /ql: This verifies a user-defined set of DNS records on multiple DNS servers.
dnslint /ad: This verifies DNS records specifically used for Active Directory replication.

For more detail:- http://support.microsoft.com/kb/321045

d) repadmin -assists administrators in diagnosing replication problems between Windows domain controllers and used for monitoring the relative health of an Active Directory forest.
Famous syntax:- replsummary, showrepl, showrepl /csv, and showvector /latency, syncAll

For more detail:-http://technet.microsoft.com/en-us/library/cc773062(WS.10).aspx

e) replmon - GUI which view the low-level status of Active Directory replication, force synchronization between domain controllers, view the topology in a graphical format, and monitor the status and performance of domain controller replication

f) Nslookup - useful tool for dns verification.

g) Netdom
Format:-
'NetDom query /verify' =verify all trust are working and responding to the stored passwords.
"netdom query fsmo" = identify fsmo server

Thursday, September 17, 2009

Configuring Global Setting in Hyper V

After the installation of Hyper V roles, you need to configure the default Hyper V setting. Global Hyper V settings represent the basic setting that you will use during managing hyper v.

1. Open the Hyper V Manager

2. In the Action Pane, click Hyper V setting


















3. Under Server section, click Virtual Hard Disk. Change the default location to another drive than C:\ drive. It is advisable to store to a partition which is larger hard disk space and avoid storing in C:\ drive. e.g: F:\Data\Virtual\HyperV\VMDisk. This is the default folder to store virtual hard disk.




















4. Under Server section, click Virtual Machine. Change the default location to another drive than C:\ drive. e.g: F:\Data\Virtual\HyperV\VmFiles. This is the default folder to store virtual configuration files.
 
5. Under User section, you may want to change the Mouse release key to Ctrl + Alt + Space. Some monitor (for example:Dell) is using Ctrl + Alt + Left Arrow to change setting. You may wan to avoid using the same key.
 
 

6. Review the rest of the configuration. Click Ok once complete

Monday, September 14, 2009

Install Hyper V roles

You must review " Hyper V system requirement" first before proceed with the Hyper V installation.


I'm assumed that you've perform a clean installation of Windows Server 2008 64x Edition.

Use Server Manager snap in, right click on the Roles container and then choose Add Roles. The system will now launch Add Roles wizard.

Click Next to bypass the wizard̢۪s Welcome screen. Select Hyper V check box and then click Next.

You will see the Introduction to Hyper V which describe about Hyper V. click Next.


You will be ask to select NIC to create virtual network. Select the LAN 2 NIC card and Click Next



Then you will see a screen confirming the installation of Hyper V. Just click Install. When the installation complete, the system will prompt for server reboot. Just click Yes to reboot the server. When the server reboots, log back into the server and the Server Manager should automatically load and resume the installation process. After about a minute, you should see a message telling you that Hyper-V has installed successfully. Click Close to complete the wizard.

Note: For RTM version, you must download and install KB950050.

http://www.microsoft.com/downloads/details.aspx?FamilyId=6F69D661-5B91-4E5E-A6C0-210E629E1C42&displaylang=en

System Center Essential 2007 SP1 with WSUS SP2

SCE prompt to install WSUS SP2. I 've run the update and this problem occur afterward.

Dated: 14 Sept 2009

Sympton:-
a) SCE Update service stop and did not run automatically. If you've manually run the services, the service will stop after a while.
b) SCE cannot sync and connect to get Microsoft Update catalog
c) Event viewer indicated Event ID 7034:- The update service terminated unexpected. It has done this 4 times.


Resolution:-
a) Uninstall WSUS SP2 and install WSUS SP1.

Everything run smooth and without no problem. I think the WSUS SP2 is not supported in SCE 2007 SP1...

So the best option is "update SCE2007 as a whole product, instead of upgrading a component individually"

Sunday, September 13, 2009

Deploy forefront client security in non domain (workgroup) computer

Here is a tips which i would like to share when i tried to deploy FCS client in a workgroup environment.

a) Copy the Client folder which contain FCS 32x and 64x installation files from the CD into the target computer.

b) Use command prompt, type the command "clientsecurity.exe /nomom"

Note:- If you just execute Step A and B, you will not be able to update the FCS client.

c) Go to FCS server and create .reg file called Nonworkgroup.reg using the FCS console and deploy it.

d) Copy the Nonworkgroup.reg file that you have created in step C into Client folder (step A).

e) Use the command prompt, type the command "fcslocalpolicytool.exe /i Nonworkgroup.reg" to merge the reg file into the computer.

f) Try update the FCS client. It should be working right now.

Friday, September 11, 2009

WUA API 2.0 is installed but the version of wuapi.dll is earlier than 5.8.0.2469

When you want to install Forefront Client Security, you will receive this error message
"WUA API 2.0 is installed but the version of wuapi.dll is earlier than 5.8.0.2469"

This is due to older Windows Update agent version installed on your server. Proceed to http://technet.microsoft.com/en-us/library/bb932139.aspx to get the latest Windows Update agent.

Once you've install the latest version, you can proceed with FCS installation.

Wireless card cannot enable in Window Server 2008 R2

I just installed Windows Server 2008 R2 in my laptop. Everything went fine except the wireless card cannot enable. The wireless card will always disable even you had enabled it.

I even download several drivers from Dell. But still failed to start it.

Finally found the solution to solve this issue.

All you need to do is Add-in a feature called " Wireless LAN Service".














Sound silly right....but it is working right now !

Remote management and manage security permission in Hyper V

As Microsoft has released a new RSAT for Windows 7, now you can start to use it to remotely manage Hyper V. Before you can connect to Hyper V host, you need to enable firewall exception WMI (Windows Management Instrumentation). Go to control panel > Windows Firewall and click on exception tab. Tick WMI.


That should do the trick. Now you can manage your Hyper V without remote desktop to the host server. Enjoy !





If still cannot access, you need to configure

On the client computer
1. Click Start, Run, type DCOMCNFG. Click OK.

2. Expand Component Services, expand Computers. Right-click on My Computer and click on Properties.

3. Click on COM Security.

4. In the Access Permission area, click Edit Limits.

5. Select ANONYMOUS LOGON in the Group or User Name area. Then set the Permissions for ANONYMOUS LOGON to Allow for Remote Access.
 


On the Hyper V server:-

1. Go to Computer management and create an account similar as your client computer. (must assign same username and password)

2. Open Component Services by typing “dcomcnfg” in the box on the start menu, and expand the menu so that “My Computer” is selected under Component Services\Computers.

3.Right-Click on My Computer, select Properties and select the “COM Security” tab.

In the above dialog, click Edit Limits in the “Launch and Activation Permissions” area.

Click “Add…” and enter the users (or groups including “Authenticated Users” as appropriate) .eg: laiys

In the Allow column, select Remote Launch and Remote Activation, then click OK.























This step grants appropriate WMI permissions to the user(s) who are remotely connecting. You need grant access to two namespaces.

Open Computer Management under Start/Administrative Tools, expanding the tree down through Services and Applications\WMI Control. Select WMI Control

Right-click on WMI Control and select properties. Then switch to the Security tab. Select the Root\CIMV2 namespace node.

IMPORTANT: You need to set the security twice. Once for the Root\CIMV2 namespace, and then again for the Root\virtualization namespace.

Click the Security button.

Now select the user and click the Advanced button below the “Permissions for

Again, make sure the user/group is selected and click Edit

You need to make three changes here:

In the “Apply to:” drop-down, select “This namespace and subnamespaces”

In the Allow column, select Remote Enable

Check “Apply these permissions to objects and/or containers within this container only”

The screen should look like below. If so, click OK through the open dialogs.






















Repeat for the Root\virtualization namespace

Click OK as appropriate to confirm all open dialogs and close Computer Management.

Next, let configures the Authorization Manager (AZMan) policy for the server running the Hyper-V role.

1. Open Authorization Manager by typing “azman.msc” in the box on the start menu.

2. Right-click on the Authorization Manager and choose Open Authorization Store from the context menu.
 
3.Make sure the “XML file” radio button is selected, and browse to the \ProgramData\Microsoft\Windows\Hyper-V directory on the system drive and select InitialStore.xml, then click OK.
 
4. Expand the tree down through InitialStore.xml\Hyper-V services\Role Assignments\Administrator, and select Administrator.

5.In the area on the right, right-click and select “Assign Users and Groups” then “From Windows and Active Directory…”.
 
6. Add the appropriate users or groups (here you can see the “laiys” account)

Close the Authorization Manager MMC.

IMPORTANT. You must now reboot your server for the above changes to take effect.

Monday, September 7, 2009

Part 106:- Update Management Configuration Wizard on System Center Essential

This is the last wizard for the SCE post configuration.

1. Update Management Configuration wizard allow you to configure proxy setting, configure product update, types of updates, updates languages and synchronization schedule.



2. Select yes and enter your proxy setting. If your environment do not use proxy, select No.


3. Wait for the system to synchronization with Microsoft.



4. Once the system retrieve the catalog, select the product that you want to get the updates.



5. On the language selection, select Yes to select the updates in English locale. To select other language, select No and choose your appropriate languages.



6. On the Clarification, by default the option is download update for critical,security and service pack updates. To select other updates, select No and select your preferred updates.



7. On the synchronization settings, select synchronization to occur daily and Specify the synchronization time.



8.Tick synchronization updates when this wizard close to start the synchronization process.



That's concluded the SCE post configuration.

Sunday, September 6, 2009

Part 105: Configure Computer and Device Management Wizard for System Center Essential

1. After complete the first wizard, you should select Configure Computer and Device Management Wizrd. This wizard allow you to configure discovery option.



2. Choose Automatic discovery to detect computer in your domain environment.


3.On the Administrator account, select Use selected Management Server Action Account. This will use SCEAdmin account that you have created and assign during the SCE installation.



4. Please wait when the system perform system discovery.



5. Once the system discover the computer, it will listed as displayed. Check to select the computer that you want to manage.



6. The system will display the summary of the agent that will be installed in the computer that you select in step 5.



7. The system will display the status of the agent installation. You can wait or close it. It will not interruption the agent installation.






















That's concluded the 2nd wizard. In next upcoming article, i will look into the last wizard which configure the windows update settings.