Connecting to a Non-Domain Joined Hyper-V Server From Windows 8.1

While it is best practice to join Hyper-V to a domain, I have run across situations where a standalone Hyper-V server exists in an environment without a domain. This is actually somewhat common in some testing and lab environments. If you are utilizing the free Hyper-V Server Core 2012 R2 or using a server core install of Windows Server 2012 or later as your Hyper-V host OS, you will probably want to connect to it from another server or Windows 8.1 machine. To do this follow the steps below:

Open and elevated command prompt and type dcomcnfg and press enter:

dcomcnfg

Once you are in dcomcnfg you will see a properties window, expand Component Services and Computers node. Then right click on my computer and choose properties.

properties

Under COM Security choose “edit limits” for access permissions

edit limits

Make sure the Local Access and Remote Access are allowed for ANONYMOUS LOGIN, then click OK

access perms

Close the dcomcnfg windows and at the elevated command prompt type cmdkey /add:ip_or_hostname_of_destination_server /user:username_on_destination_server /pass:password_of_destination_server (see example below):cmdkey

Hyper-V Lessons Learned

The past several weeks have been rather hectic and busy. Between work and studying for my Citrix XenServer certification, there’s been a whole lot going on. Virtualization has long been been a passion of mine in the world of IT, and I am certainly getting hands on with lots of virtualization platforms these days (tis one of the many benefits of working for a managed service provider). I have recently been working on a VMware to Hyper-V migration project and have come across a number of interesting gotchas that I figure would be useful to others going through the same process. Some of these lessons range from NTP with Linux, to troubleshooting cluster connectivity, the migration process itself, and some other fun gotchas.

The Conversion Process Itself

Converting virtual machines from VMware to Hyper-V has become and incredibly simple process. First of all on one of your Hyper-V hosts download and install the Microsoft Virtual Machine Convertor (https://www.microsoft.com/en-us/download/details.aspx?id=42497). Once this is downloaded, there is a simple wizard in which you can choose to do a P2V or V2V conversion to either Azure or Hyper-V. From there it is simply a matter of specifying the hostname of the Hyper-V host that will be the destination for the VM, choosing where to store the virtual disk, as well as whether you want fixed disk or dynamically expanding, and VHD or VHDX. At this point the final step is to put in the information from your vCenter server, choose the VM to migrate (powered off beforehand), and follow the wizard to victory. The mechanism by which the conversion takes place is that VMware will export the virtual machine in OVF format, which will then be copied into the Hyper-V workspace and imported into Hyper-V. It’s actually a fairly slick process, however it is time consuming and there are definitely some gotchas. For one the NICs added during the migration process that replace the VMware virtual adapters will be identified as different interfaces on Windows machines so static IPs will have to be re-entered. This is not the case for Linux, as the interfaces file stores the static IP config and there are no issues I have run into during the conversion process with Linux NICs.

Licensing Your Hyper-V Hosts

If you are a primarily a Windows based shop running 2012 R2, I highly recommend setting your Hyper-V hosts up with Datacenter licensing. The Datacenter license covers up to CPU sockets with unlimited VMs on the same hardware. One of the wonderful features of this is that it allows for AVMA or automatic virtual machine activation. Meaning that instead of activating each VM to MS activation servers, you are actually able to activate them to the VM host with Datacenter licensing. Per the following technet article you can activate using an AVMA key (provided in the article) to activate Datacenter, Standard, and Essentials licenses to the host. https://technet.microsoft.com/en-us/library/dn303421.aspx

The activation syntax must be run from an elevated command prompt with the following syntax:

slmgr /ipk <AVMA key>

For this functionality to work, you will also need to ensure that Data Exchange is enabled in the Integration Services for the VM (this is the default behavior)

 

NTP Issues For Linux VMs

I learned the hard way after migrating Linux VMs to Hyper-V that one of the default integration services is time synchronization with the host. I had assumed that NTP would override this behavior but I assumed incorrectly. In VMware when you create a VM if you choose a Linux OS profile it actually turns off this time sync behavior, however in Hyper-V there are not OS specific defaults for hardware, so this feature is on by default all the time for all hosts. If the linux host is running Ubuntu 14 or newer, Debian 8, or Centos/RHEL 7 (really anything that uses systemd) you can run the command timedatectl to see if NTP is running and if it is synchronizing. I found that NTP would not sync if time sync was enabled in the integration services for the VM. To avoid countless annoying Nagios emails about NTP drive I simply chose to disable this functionality in the interest of consistent time and less email.

ntp sync no

 

NTP not synchronized due to time synchronization integration services being enabled.

time sync setting

 

Uncheck the Time Synchronization Options to corret

ntp sync yes

 

NTP synchronized switches to yes after making changes to integration services

Converting Windows VMs with Multiple Disks

One of the more obscure things I have discovered with migrating from Vmware to Hyper-V is that windows VMs with multiple disks import both disks properly and both show in the settings for the VM, however in the OS the additional disks are not enabled by default. To remedy this you simply need to go into disk management (diskmgmt.msc) and right click the disk and choose to bring it online. Once this is complete the disks will show properly.

Practical Powershell Part 1 of 2

I began my journey with Powershell rather causally as an easy way to kill out of control processes on Windows systems. When I began my journey towards MCSA certification for Windows Server 2012 R2, I dove deep into the world of Powershell and really began to understand the full range of possibilities. Being that Powershell is a topic near and dear to my heart, there will be far too much to cram into one lengthy blog post, rather this will be the beginning of a short series on practical Powershell for everyday. Powershell is written in verb-noun structured statements and takes a variety of flags, allows for piping into other commands, and has the ability to output a variety of different files.

 

Using Powershell to Manage Processes and Services

I think every Windows admin has found themselves in the position of dealing with a process or service that has hung and just won’t stop, even when killed from task manager. To be completely honest now that I’ve started using Powershell heavily, I hardly ever kill processes in task manager, as I’ve found Powershell to be more efficient and direct.

To list processes use the get-process or gps command. This will all processes on the system whether they are running or not. Similarly the get-service command will list all services. If you are trying to list a specific service such as VSS you can use get-service VSS. If you are interested in seeing only the services or processes that are running, you can pipe the get statement into a where object statement such as get-service | where-object status -eq running. To kill a running service (such as the Spooler in this example) use the syntax stop-service spooler, please note you will need have launched Powershell as administrator or you may get a permissions error. The same method can be used to Stop-Process, or you can use the shortened version (to kill Firefox in this example) with the following syntax ps firefox | kill.

 

Using Powershell to Install Windows Features

With the growing popularity of Windows Server Core installations, it can be handy to know how to install and manager Windows server Roles and Features through Powershell. This becomes particularly advantageous if you are working with clustering where you need to install multiple roles or features across multiple servers. The syntax to view all roles and features is Get-WindowsFeature. To view only features that installed on a system you can use Get-WindowFeature | where-object InstallState -eq Installed. To install a role or feature use the Install-WindowsFeature featurename command. You can also include the -IncludeAllSubFeature and or -IncludeManagementTools flags to install additional options. If you need to install the same feature on multiple servers you can string these together using the Invoke-Command functions, see the example below where we are installing Active Directory Domain Services on DC1 and DC2:

Invoke-Command -ComputerName DC1,DC2 -ScriptBlock {Install-WindowsFeature AD-Domain-Services -IncludeManagementTools}

Common Active Directory Tasks

If you administer a domain with account lockout policies, you will no doubt run across cases where users will lock themselves our of their accounts. A simple query will tell you if there are any accounts locked out and if so which ones using the syntax Search-ADAccount -LockedOut. Once you’ve identified the accounts that are locked out you can unlock them by using Unlock-ADAccount username or you can simply hit the up arrow and pipe the unlock statement to the original query ex: Search-ADAccount -LockedOut | Unlock-ADAccount.

You can also use Powershell to add users into groups. I find that for most practical cases ADUC or ADAC works sufficiently for this task, however if you’re doing this remotely on a touchscreen device like a smartphone it can be difficult to navigate either of these tools. Instead I leave a Powershell window open on one of my DCs all the time so that I can handle these requests on the go. The syntax is as follows Add-ADGroupMember -Identity nameofadgroup -members username1,username2. Where this method becomes extremely useful is when batch adding users through scripting.

Similarly if you ever get requests to pull reports regarding the membership of a specific group, Powershell makes quick and easy work out of this. You can use the following quick one liner Get-ADGroupMember -Identity groupname | ft Name | Out-File -FIlePath C:GroupNameMembers.txt

Moving FMSO Roles

If you’ve ever had the pleasant task of having to migrate FSMO roles from one DC to another or worse yet seizing FSMO roles from a failed DC, you understand the fun of having to use multiple different GUI tools to accomplish this task. Powershell makes this task a lot easier using the Move-ADDirectoryServerOperationMasterRole -Identity DCtohostrole -OperationMasterRole FSMONameorNumber. If you are seizing the role from a failed DC use the -Force flag at the end of the line. Note that to move forest wide roles you should be a member of Enterprise Admins security group and to move the Schema Master you need to be part of the Schema Admins security group. Powershell also allows you to specify numbers instead of role names when moving a FSMO role. FSMO names and numbers are listed below:

PDCEmulator 0

RIDMaster      1

InfrastructureMaster 2

SchemaMaster 3

DomainNamingMaster 4

Restarting or Shutting Down Multiple Machines

The Stop-Computer cmdlet is used to shutdown, and the Restart-Computer cmdlet is used to reboot. If other users are logged in you may need to issue the -Force flag to reboot or shutdown anyways. Using the Invoke-Command statement we used earlier you can restart multiple servers or shut them down by leveraging this syntax. See the example below:

Invoke-Command -ComputerName Server1,Server2,Server3 -ScriptBlock {Restart-Computer -Force}

Thanks for reading, I hope you find Powershell to be as useful of a tool as I do. It’s quite powerful in its use for simple one liner commands, but becomes even more powerful as you start building out scripts leveraging Powershell’s ability to create variables and process some fairly complex scripting logic. In the next session we will cover some additional topics related to Powershell.