Jonathan's Manage and Automate

VMM SCO SMA WAP - Solutions and Guidance

 

 Manage and Automate

                                           VMM SCO SMA WAP - Solutions and Guidance

  • SCVMM 2008 Releases Management Pack Update

    An updated SCVMM management pack is now available for download. Read the announcement here!

    Brief Description

    The System Center Virtual Machine Manager (VMM) 2008 Management Pack for System Center Operations Manager 2007 monitors availability of all components of VMM 2008 and the availability, health, and performance of all virtual machines and virtual machine hosts that VMM manages.

  • What’s wrong with my permissions?!?

    SCVMM depends on a number of permissions being available to operate correctly. Some are user and computer account related, others are group policies. Both are outlined below. Keep in mind that although you may have set up permissions correctly at some point during the install, things may have changed. It is not uncommon for an organization to create GPOs that strip computer objects from groups on local machines. It is also not uncommon that the SCVMM installation process is unable to add objects to the required groups on install due to unforeseen permission issues. Take the time to double check the settings below on all of your SCVMM systems and you may find that strange issues you are experiencing are resolved.

     

    Group Memberships

    Local security groups on the SCVMM Server

    ·         Group ‘Administrators’ should have the SCVMM Server 'Computer Object' as a member, and the Domain Account that is specified during operations in the SCVMM Admin Console

    ·         Group ‘Virtual Machine Manager Servers’ the SCVMM Server 'Computer Object' as a member

    Note:  If you need to add a machine accounts, make sure you go to ’Object types’ and check ‘Computers’.  Then add it as <domain>\<machinename>$

     

    Local security groups on an SCVMM Host

    ·         Group ‘Administrators’ should have the SCVMM Server 'Computer Object' as a member 

    ·         Group ‘Virtual Machine Manager Servers’ should have the SCVMM Server 'Computer Object' as a member

     

    Local security groups on the Source P2V machine

    ·         Group ‘Administrators’ should have the same User Account as the credentials specified in the SCVMM Admin Console during the P2V process

     

    Group Policy Rights

    There is not a complied list of rights that are required due to the complexity of rights specified in group policies and the ability to lock down individual registry keys and file system directories. Instead, I have provided a method for comparing current machine group policy rights to those that are applied by default during Windows installation. If you find that there are a number of items more restrictive on your server than in the default policy, consider moving this machine to an OU of its own and blocking inheritance of group policies. This may correct the issue. If rights have been stamped onto the machine, it may be necessary to re-apply the default group policy settings created during Windows installation. Even if this is not an acceptable resolution, at least you will know with confidence that it is restricted rights that are breaking SCVMM. You can then start adding the rights that you find important back until you find that you have broken SCVMM again. You’ll have to live without enabling this restriction once found. If you have a development environment it is strongly suggested that you perform testing there instead of in production.

     

    Steps to Analyze and Configure (Apply) Security Templates

    This first section will collect data for review. No changes will be made to the server. Make sure you are logged into the domain, not locally. This may take a few minutes to run.

    1 - Start> Run> mmc.exe

    2 - File> Add/Remove Snap-in...

    3 - Add...> Security Configuration and Analysis> Add...> Close> OK

    4 - Right click 'Security Configuration and Analysis' and select 'Open Database'.

    A - Create a new temporary database named 'test.sdb' and click 'Open' (do not re-use one of your temporary databases. Make test1.sdb and so on)

    Windows 2003

    B - When prompted for 'Import Template' select 'C:\Windows\Security\Templates\setup security.inf' and click 'Open'

    C - If you were not prompted for 'Import Template', right click 'Security Configuration and Analysis' and select C:\Windows\Security\Templates\setup security.inf'

                    - If this is a Domain Controller, use ‘securedc.inf’ instead

    Windows 2008

    B - When prompted for 'Import Template' select 'C:\Windows\inf\setup security.inf' and click 'Open'

    C - If you were not prompted for 'Import Template', right click 'Security Configuration and Analysis' and select C:\Windows\inf\deftsv.inf'

                    - If this is a Domain Controller, use ‘deftdc.inf’ instead

    5 - Right click 'Security Configuration and Analysis' and select 'Analyze computer now'

    6 - Browse to a location to save the Error Log so you can find it later, give it a descriptive name if you like, and click 'OK'

    7 – This log file will show the differences between the default security template applied during Windows setup, and what is currently in place. Note that there will be two sources of rights settings: local and domain. It may be necessary to review domain policies that are making security changes that are incompatible with SCVMM.

     

     

    For further reading and information

    Analyze and configure security

    http://technet.microsoft.com/en-us/library/cc759251.aspx

     

    Configure local computer security

    http://technet.microsoft.com/en-us/library/cc737638.aspx

     

    Your Guide to Group Policy Troubleshooting

    http://technet.microsoft.com/en-us/magazine/2007.02.troubleshooting.aspx

  • Resolve Communication Issues in SCVMM - Part 1

    Disable Task Offloading and Update WMI

    Communications issues with SCVMM can take on the form of access denied, timeouts, and often as intermittent connectivity issues. The steps in this post are the same ones I use to resolve a good number of customer issues.

     

    Feedback on this article is welcome. If you have technical questions please post them appropriately in the forums:

    http://social.technet.microsoft.com/Forums/en-US/category/virtualmachinemanager/

     

     

    Two types of issues are addressed here

    1) Many new settings available to NIC drivers that do not always function as well as would be expected.

    2) SCVMM relies heavily on WMI. The updates listed in this article resolve issues with WMI that will allow SCVMM to function properly.

     

    This MDSN article lists all values available.

    Using Registry Values to Enable and Disable Task Offloading
    http://msdn.microsoft.com/en-us/library/aa938424.aspx

     

     

    WMI

    Install three WMI updates on all Windows 2008 server running Hyper-V (and therefore are SCVMM Hosts)

    958124  A wmiprvse.exe process may leak memory when a WMI notification query is used heavily on a Windows Server 2008-based or Windows Vista-based computer

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;958124

     

    954563  Memory corruption may occur with the Windows Management Instrumentation (WMI) service on a computer that is running Windows Server 2008 or Windows Vista Service Pack 1

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;954563

     

    955805  Certain applications become very slow on a Windows Server 2008-based or Windows Vista SP1-based computer when a certificate with SIA extension is installed

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;955805

     

    Network Settings

    NOTE

    - If working with a core server you may want to connect via remote registry and make these changes.
    - All values should be set to '0' EXCEPT for the last one which is related to IPSEC, and thus Kerberos. Leave this one alone ---> 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Ipsec\EnabledOffload'  

     

     

    1 - Locate all physical NICs in the registry under:
    'HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}'

    2 -  There will be folders with four digits, starting with '0000'. Locate the ones that show the physical NIC names on the right. Look for the 'DriverDesc' value on the right; this should have the name of a NIC such as 'HP NC360T PCIe Gigabit Server Adapter.' For each of these, make the changes below.

    3 - Disable All Vendor specific Offloading
    Set values for any entries below that include the word 'Offload' to '0' (Disabled)
    *FlowControl

         No description available

    *IPChecksumOffloadIPv4
         Describes whether the device enabled or disabled the calculation of IPv4
    checksums.
    *TCPChecksumOffloadIPv4
         Describes whether the device enabled or disabled the calculation of TCP Checksum
    over IPv4 packets.
    *TCPChecksumOffloadIPv6
         Describes whether the device enabled or disabled the calculation of TCP checksum
    over IPv6 packets.
    *UDPChecksumOffloadIPv4
         Describes whether the device enabled or disabled the calculation of UDP Checksum
    over IPv4 packets.
    *UDPChecksumOffloadIPv6
         Describes whether the device enabled or disabled the calculation of UDP Checksum
    over IPv6 packets.
    *LsoV1IPv4
         Describes whether the device enabled or disabled the segmentation of large TCP
    packets over IPv4 for large send offload version 1 (LSOv1).
    *LsoV2IPv4
         Describes whether the device enabled or disabled the segmentation of large TCP
    packets over IPv4 for large send offload version 2 (LSOv2).
    *LsoV2IPv6
         Describes whether the device enabled or disabled the segmentation of large TCP
    packets over IPv6 for large send offload version 2 (LSOv2).
    *IPsecOffloadV1IPv4
         Describes whether the device enabled or disabled the calculation of IPsec headers
    over IPv4.
    *IPsecOffloadV2
         Describes whether the device enabled or disabled IPsec offload version 2
    (IPsecOV2). IPsecOV2 provides support for additional crypto-algorithms, IPv6, and
    co-existence with large send offload version 2 (LSOv2).
    *IPsecOffloadV2IPv4
         Describes whether the device enabled or disabled IPsecOV2 for IPv4 only.
    *RSS
         Receive side scaling
    *TCPUDPChecksumOffloadIPv4
         Describes whether the device enabled or disabled the calculation of TCP or UDP
    checksum over IPv4.
    *TCPUDPChecksumOffloadIPv6
         Describes whether the device enabled or disabled the calculation of TCP or UDP
    checksum over IPv6.

    4 - Disable Offloading in Windows.
    Use the following registry values to enable or disable task offloading for the TCP/IP protocol:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TCPIP\Parameters\DisableTaskOffload

    Setting this DWORD value to ‘1’ disables all of the task offloads from the TCP/IP transport. Setting this value to zero enables all of the task offloads.

    Related Links
    Network Issues with Windows Server 2008 RDP and VS/Hyper-V on Dell Servers
    http://www.petri.co.il/network-issues-with-windows-server-2008-rdp-on-dell-servers.htm

     

  • WinRM (Windows Remote Management) Troubleshooting

    What is WinRM?

    New in Windows Vista, Windows Server 2003 R2, Windows Server 2008 (and Server 2008 Core) are WinRM & WinRS. Windows Remote Management (known as WinRM) is a handy new remote management service. WinRM is the “server” component of this remote management application and WinRS (Windows Remote Shell) is the “client” for WinRM, which runs on the remote computer attempting to remotely manage the WinRM server. However, I should note that BOTH computers must have WinRM installed and enabled on them for WinRS to work and retrieve information from the remote system.

    While WinRM listens on port 80 by default, it doesn't mean traffic is unencrypted. Traffic by default is only accepted by WinRM when it is encrypted using the Negotiate or Kerberos SSP. WinRM uses HTTP (TCP 80) or HTTPS (TCP 443). WinRM also includes helper code that lets the WinRM listener to share port 80 with IIS or any other application that may need to use that port.

    WinRM with SCVMM uses Kerberos for authentication, and does not support fall-back to NTLM. There will be an error instead. If no credentials are specified, then the logged-on credentials are used to authenticate against the remote machine. This allows for a single sign-on experience.

      

    What is WinRS?

    Remote Shell, (WinRS) is used to execute a program on a remote host. Similar in operation to the former Sysinternals tool PSExec, WinRS leverages Windows Remote Management to let you launch processes on remote machines. For example, if you want to perform a directory listing on the system drive on a remote machine, you can remotely launch ‘dir’ using this syntax:

    winrs -r:machinename dir

    Another handy use of WinRS can be when installing software on remote systems. If you want to quietly install an application using an MSI file onto a remote machine, use the following syntax. This syntax assumes the MSI file has already been deposited into the C:\ folder.

    winrs -r:machinename msiexec.exe /i c:\install.msi /quiet

    When specifying the remote machine, the following are valid:

    · Localhost

    · NetBIOS name

    · Fully Qualified Domain Name (FQDN)

    · IP address

    How to install WinRM

    The WinRM is not dependent on any other service except WinHttp. If the IIS Admin Service is installed on the same computer, you may see messages that indicate WinRM cannot be loaded before Interent Information Services (IIS). However, WinRM does not actually depend on IIS: these messages occur because the load order ensures that the IIS service starts before the HTTP service. WinRM does require that WinHTTP.dll be registered.

    (Stated simply: WinRM service should be set to Automatic (Delayed Start) on Windows Vista and Server 2008)

    · The WinRM service starts automatically on Windows Server 2008.

    · On Windows Vista, the service must be started manually.

    · UPDATE! Windows 2003 requires an update for WinRM

    936059 An update is available for the Windows Remote Management feature in Windows Server 2003 and in Windows XP

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;936059

    How to configure WinRM

    To set the default configuration type:

    winrm quickconfig (or the abbreviated version, winrm qc)

    ‘winrm qc’ performs the following operations:

    1. Starts the WinRM service and sets the service startup type to auto-start.

    2. Configures a listener for the ports that send and receive WS-Management protocol messages using either HTTP or HTTPS on any IP address.

    3. Defines ICF exceptions for the WinRM service and opens the ports for HTTP and HTTPS.

    (Note: Winrm quickconfig also configures Winrs default settings)

    If ‘winrm qc’ throws an error:

    If the firewall is disabled the quick config command will fail. The firewall can either be started in Services long enough to run ‘winrm qc’ or the commands below can be run:

    sc config "WinRM" start= auto

    net start WinRM

    winrm create winrm/config/listener?Address=*+Transport=HTTP

    netsh firewall add portopening TCP 80 "Windows Remote Management"

    Group Policy configuration:

    WinRM can be configured by group policies.

    1. Type gpedit at a command prompt. The Group Policy Object Editor window opens.

    2. Look for the Windows Remote Management and Windows Remote Shell Group Policy Objects (GPO) under Administrative Templates and Windows Components.

    Troubleshoot WinRM

    Common Issues:

    1. If the ISA2004 firewall client is installed on the computer, it can cause a Web Services for Management (WS-Management) client to stop responding. To avoid this issue, install ISA2004 Firewall SP1.

    2. Antivirus software can prevent proper WinRM communication. Disable antivirus software and reboot the machine if the Antivirus software is known to scan processes and protocols, or if there is any doubt about the software.

    Test WinRM communication on the local and remote machines

    This section addresses how to test whether WinRM is working on the local system, and whether it can communicate with the remote system. Test remote communication in both directions between machines.

    Local communication:

    Locate listeners and addresses: (No output means WinRM is not installed)

    winrm e winrm/config/listener

    Localhost Ping:

    (Successfully completing this step pretty much insure complete access to WSMan on the local system)

    Winrm id

    Further:

    Check state of configuration settings:

    winrm get winrm/config

    Check the state of WinRM service:

    winrm get wmicimv2/Win32_Service?Name=WinRM

    Remote communication:

    Locate listeners and addresses:

    winrm e winrm/config/listener

    Remote Ping:

    (Successfully completing this step pretty much insure complete access to WSMan on the remote system)

    Winrm id –r:machinename

    Further:

    Check state of configuration settings:

    winrm get winrm/config -r:machinename

    Check the state of WinRM service:

    winrm get wmicimv2/Win32_Service?Name=WinRM -r:machinename

    Sample Commands

    Here are some sample commands to play with. If you cannot get the ‘Test WS-Man...' step to work, none of the steps following will work either (you're probably not using the right credentials to access the remote machine). One more caveat, the remote commands work best on domain joined machines. For workgroup machines, the WinRM service needs additional configuration.

    Description

    Command

    Run from an Elevated Command prompt

    Quickly configure the WS-Man service

    winrm QuickConfig

    Quickly delete the WS-Man listener

    winrm invoke Restore winrm/Config @{}

    Run from an standard Command prompt

    Display your machine's basic hardware info

    winrm enumerate wmicimv2/Win32_ComputerSystem

    Display your operating system properties

    winrm get wmicimv2/Win32_OperatingSystem

    Output your OS info in XML

    winrm get wmicimv2/Win32_OperatingSystem -format:pretty

    Test WS-Man access to a remote machine**

    winrm id -remote:<some machine>

    Grab a remote machine's WS-Man config

    winrm get winrm/Config -r:<some machine>

    Grab a remote machine's CPU load

    winrm g wmicimv2/Win32_Processor?DeviceID=CPU0 -fragment:LoadPercentage -r:<some computer>

    Grab a remote machine's free memory

    winrm g wmicimv2/Win32_OperatingSystem -fragment:FreePhysicalMemory -r:<some computer>

    Stop a service on a remote machine

    winrm invoke stopservice wmicimv2/Win32_Service?name=w32time -r:<some computer>

    Start a service on a remote machine

    winrm invoke startservice wmicimv2/Win32_Service?name=w32time -r:<some computer>

    Reboot a remote machine

    winrm invoke reboot wmicimv2/Win32_OperatingSystem -r:<some computer>

    Run a command on a remote machine (this uses winrS, not winrM)

    winrs -r:<some computer> ipconfig /all

    Run from PowerShell

    Use PowerShell to grab the WS-Man Win32_OperatingSystem XML output

    [xml]$osInfo = winrm get wmicimv2/Win32_OperatingSystem /format:pretty

    Display the OS version property

    $osInfo.Win32_OperatingSystem.Version

    Display the last boot time

    $osInfo.Win32_OperatingSystem.LastBootupTime.DateTime

    Put free memory metric into an XML variable

    [xml]$freemem = cmd /c "winrm get wmicimv2/Win32_OperatingSystem -fragment:FreePhysicalMemory -f:pretty -r:<some computer>"

    Display the free memory value

    $freemem.XMLFragment.FreePhysicalMemory

    **Note: This step verifies that you have good connectivity to the remote machine, WS-Man is running and properly configured on the remote machine, AND you have the correct permissions to fully leverage WS-Man on the remote machine. If this step fails, it's probably a permissions issue.

    Advanced Concepts

    URI Aliases

    URI aliases can simplify the Winrm command line. The following URI aliases are supported:

    wmi = http://schemas.microsoft.com/wsman/2005/06/wmi

    wsman = wsman:microsoft.com/wsman/2005/06/

    cimv2.9 = http://schemas.dmtf.org/wsman/2005/06/cimv2.9

    cimv2 = http://schemas.microsoft.com/wsman/2005/06/wmi/root/cimv2

    For example, the following command:

    winrm get http://schemas.microsoft.com/wsman/2005/06/wmi/root/cimv2/Win32_Service?Name=WSMan

    Gets replaced with:

    winrm get wmi/root/cimv2/Win32_Service?Name=WinRM

    Performing an Invoke Operation

    ‘Invoke’ initiates commands

    winrm invoke StartService wmicimv2/Win32_Service?Name=WinRM -r:machinename @{}

    This will likely return ‘ReturnValue = 10’ on a remote system where WinRM is running

    WS-Man (WinRM) Architecture

    The following diagram shows a high-level overview of the WS-Man (WinRM) architecture. In the diagram the 'Client' is querying the 'Server' for WS-Man information. Note that HTTP.sys and WinHTTP support the HTTP(s) transport for WS-Man, not IIS. In addition, IIS (or another web publishing service) can co-exist with WS-Man and share port 80.

    Remember:

    WinHTTP = Client

    HTTP.SYS = Server

    clip_image002

    The Windows Remote Management architecture consists of components on the client and server computers. The following illustration shows the components on both computers, how the components interact with other components, and the protocol that is used to communicate between the computers.

    clip_image003

    Requesting Client

    The following WinRM components reside on the computer that is running the script that requests data.

    · WinRM application

    This is the script or Winrm command-line tool that uses the WinRM scripting API to make calls to request data or to execute methods. For more information, see the WinRM Scripting API [ http://msdn.microsoft.com/en-us/library/aa384469(VS.85).aspx ] .

    · WsmAuto.dll

    The OLE automation layer that provides scripting support.

    · WsmCL.dll

    C API layer within the operating system.

    · HTTP API

    WinRM requires support for HTTP and HTTPS transport.

    Responding Server

    The following WinRM components reside on the responding computer.

    · HTTP API

    WinRM requires support for HTTP and HTTPS transport.

    · WsmAuto.dll

    The OLE automation layer that provides scripting support.

    · WsmCL.dll

    C API layer within the operating system.

    · WsmSvc.dll

    WinRM listener [ http://msdn.microsoft.com/en-us/library/aa384465(VS.85).aspx ] service.

    · WsmProv.dll

    Provider subsystem.

    · WsmRes.dll

    Resource file.

    · WsmWmiPl.dll

    WMI plug-in [ http://msdn.microsoft.com/en-us/library/aa384465(VS.85).aspx ] . This allows you to obtain WMI data through WinRM.

    · Intelligent Platform Management Interface (IPMI) driver and WMI IPMI provider

    These components supply any hardware data that is requested using the IPMI classes. For more information, see Intelligent Platform Management Interface (IPMI) Classes [ http://msdn.microsoft.com/en-us/library/aa390891(VS.85).aspx ] . BMC hardware must have been detected by the SMBIOS or the device created manually by loading the driver. For more information, see Installation and Configuration for Windows Remote Management [ http://msdn.microsoft.com/en-us/library/aa384372(VS.85).aspx ] .

    References

    Installation and Configuration for Windows Remote Management

    http://msdn.microsoft.com/en-us/library/aa384372(VS.85).aspx

    Windows Remote Management Command-Line Tool (Winrm.cmd)

    http://technet.microsoft.com/en-us/library/cc781778.aspx

    How can Windows Server 2008 WinRM & WinRS help you

    http://windowsnetworking.com/articles_tutorials/How-Windows-Server-2008-WinRM-WinRS.html

    The things that are better left unspoken Remotely managing your Server Core using WinRM and WinRS

    http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2008/02/23/remotely-managing-your-server-core-using-winrm-and-winrs.aspx

    Redmond Print First Look WinRM & WinRS

    http://redmondmag.com/columns/article.asp?EditorialsID=2262

    Otto Helweg - Management Matters A Few Good Vista WS-Man (WinRM) Commands

    http://blogs.technet.com/otto/archive/2007/02/09/sample-vista-ws-man-winrm-commands.aspx

    Windows Remote Management Architecture

    http://msdn.microsoft.com/en-us/library/aa384464(VS.85).aspx

  • How to Capture a WinRM Trace

    When working with Microsoft Support you may be asked to capture traces to assist with issue resolution. Below are two methods for capturing WinRM traces. Following a reboot these will need to be set up again. The GUI setup is simple. The logman method allows a template with pre-populated settings to be imported. Choose the method that suits you.

    Method 1 using GUI

    1. Open Perfmon and navigate to Event Trace Sessions. In your case you will run this from a non-core box and connect to the core box first.

    clip_image002

    2. Right click Event Trace Sessions and choose New Data Collector Set.

    3. Name it WinRM, select “Create manually” and click Next

    4. Click “Add” when prompted “Which event trace providers would you like to enable?”

    5. Select “Windows Remote Management Trace”.

    clip_image004

    6. Select the Keywords(Any) Property and choose edit.

    7. Add the desired values. I selected all of them and clicked OK.

    clip_image006

    8. Select Level and then Edit.

    9. Select the Manual option, change the value to 0x05, and click OK.

    clip_image008

    10. Click Next.

    11. Change the Root Directory to the destination location for the trace log.

    12. Click Finish  (Repeat process for both client and server)

    13. Start the trace by selecting WinRM and choosing Start (on client and server)

    clip_image010

    14. Reproduce the issue.

    15. Stop the trace by selecting WinRM and choosing stop for both systems.

    16. You will have a winrm.etl file in the location that was set in step 11.

     

    Method 2 using LOGMAN

    1. Rename the attached WinRMETL.txt file to WinRMETL.xml

    2. Create a folder called “winrm” on the root of the C drive of the node that is having the Winrm problem, node 2 for example.

    3. Copy the xml file to that folder and change into that folder

    4. Enter “logman /import –n mytrace –xml c:\winrm\WinRMETL.xml” and press enter.

    5. Enter “logman” and press enter and should see the “mytrace” as a Data Collector Set”

    6. Repeat this for the client from where you will run the Winrm command.

    7. On both systems Enter “logman start mytrace” to start the tracing.

    8. On the client system enter the “winrm id -r:<targetname>

    9. Stop trace by entering “logman stop mytrace” on both systems.

    10. There will be a file created called winRM2.etl in the C:\winrm directory.

  • Drivers Required for Offline P2V - How to Download, Extract and Stage

    Drivers Required for Offline P2V - How to Extract and Where to Place

    There are two types of P2V with SCVMM 2008: offline and online. Online is the way to go most of the time, if you are using Windows 2003 or higher. In a few instances you will need to perform an offline conversion instead. If the Source machine (the machine to be converted) is Windows 2000 SP4, you have no choice… Offline is the only option. Another time to use offline conversion is when the source machine is a domain controller. Here’s a doc to explain the ramifications (USN rollback situations):

    Deployment Considerations for Virtualized Domain Controllers

    http://technet.microsoft.com/en-us/library/dd348449.aspx

     

    The offline conversion process entails booting the source machine into WinPE and copying the contents of the hard drive via BITS to the destination Host. WinPE as included in SCVMM is based on Vista SP1 (Windows 2008). This means that while there is a good chance the network and mass storage drivers required are included in WinPE, the list is not inexhaustible and there will be times when the correct driver needs to be provided. The rest of this article explains how to do this.

     

    This article describes how to provide the correct network drivers for WinPE during  the offline phase of P2V. The same principles apply when WinPE instead needs the correct mass storage drivers to access the disk.

    Indications of a driver issue
    When booted into the WinPE phase of an Offline P2V, WinPE has no network connectivity. 'ipconfig /all' at the command prompt returns an error or no information. Alternately, there may simply be a failure to access the disk as correct SCSI card drivers are required.

    Errors from the 'scvmm_winpe_setupapi.log' file
    (See Related Links at end of this post for instructions on creating this trace file)
    Log excerpt
    >>> [DIF_SELECTBESTCOMPATDRV -  PCI\VEN_8086&DEV_105E&SUBSYS_105E8086&REV_78\3&61AAA01&0&48]
    >>> Section start 2008/10/31 14:24:35.352

    cmd: winpeshl.exe
    dvi: No class installer for 'Ethernet Controller'
    dvi: No CoInstallers found
    dvi: Default installer: Enter 14:24:35.363
    dvi: {Select Best Driver}
    ! dvi: Selecting driver failed(0xe0000228)
    dvi: {Select Best Driver - exit(0xe0000228)}
    ! dvi: Default installer: failed!
    ! dvi: Error 0xe0000228: There are no compatible drivers for this device.

    <<< Section end 2008/10/31 14:24:35.363
    <<< [Exit status: FAILURE(0xe0000228)]

    Locate the correct drivers for your network card
    NOTE: Most manufacturers now provide a single installation application to install drivers in Windows for you. This single .EXE or .MSI file CANNOT be used without first extracting the file contents.

    - The drivers must designed for VISTA or WINDOWS 2008. The version of WinPE used by
    SCVMM is based on Vista/Windows 2008

    - There must be .SYS, .INF, and .CAT files for the offline driver install
    - It is recommended that drivers are downloaded from the NIC manufacturer's site.
    (NOTE: If using SCVMM 2007, locate drivers designed for Windows 2003 instead)

    Identify the Network Card (NIC)
    The SCVMM Admin Console will detect the type of network card on the source machine, and this description may be good enough to locate the correct NIC driver online

     If you need further details on the NIC
         - Open Device Manager in the Source machine to determine the type of NIC used.
         - The VEN identifies the NIC exactly and is useful in locating compatible drivers.


    This can be easily  found in Windows or in the WinPE trace log.
         - In Windows: The '%windir%\setupapi.log' file lists all installed hardware
         - In WinPE use the 'scvmm_winpe_setupapi.log'
         - Using the example above we see the VEN:

    PCI\VEN_8086&DEV_105E&SUBSYS_105E8086&REV_78\3&61AAA01&0&48


    Download the Correct NIC Driver
    Search the vendor's site for the correct card. If you are unable to locate it, search the web for the VEN number.
    Example keywords for this NIC: VEN 8086 DEV 105E

    This is the vendor's site and lists of adapters that have matching VEN numbers
    http://www.intel.com/support/network/sb/CS-012904.htm

     

    Locate the correct driver on the vendor site. We will use this site for this example:
    http://www.intel.com/support/network/sb/CS-006120.htm


    - Select the correct NIC and you will be taken to a page listing drivers for different Windows builds.

    - Choose the drivers for Vista 32bit.

    - 'PROVISTA32.EXE' is the link you will select in this example

    - On this page you see the actual download 'PROVISTA32_V13_4.exe' and a link to the 'ReadMe'

    - Download and save the driver to a temp directory close to the root of C: such as ‘C:\temp’

    - Open the online ‘Readme’ to determine how to properly extract the drivers from  'PROVISTA32_V13_4.exe'


    Extract the contents of the Executable
    Create a directory to extract the files to. Do NOT extract the files to the same directory in which the  executable (PROVISTA32_V13_4.exe) resides

    Example Steps

    - Make a directory named 'c:\temp\Intelextracted'

    - In this instance the readme shows that you type 'PROVISTA32_V13_4.exe /e /f c:\temp\Intelextracted’

    - This extracts the files and saves them to 'c:\temp\Intelextracted'

    - Open the c:\temp\Intelextracted directory and locate the correct drivers

    - Sometimes you will find the files in a Platform directory that has a folder for the correct operating system. In this example you would open the PRO1000 folder as the card is a PRO1000. This folder contains a Win32 folder with many .inf, .cat and .sys files.

    - Rename the Win32 directory to PRO1000 and place the directory in 'C:\Program
    Files\Microsoft System Center Virtual Machine Manager 2008\Patch Import'


    Perform P2V again with the correct drivers
    Start the P2V process again, and this time when hardware has been detected and the network card description is show, click the 'Browse' button at the bottom and select the 'C:\Program Files\Microsoft System Center Virtual Machine Manager 2008\Patch Import\PRO1000' folder, then click Next

    If you selected the correct drivers WinPE will now be able to initialize the NIC and gain network access during the offline process.

    Related Links
    Trace file creation during WinPE phase of P2V process

    P2V: Converting Physical Computers to Virtual Machines in VMM
    http://technet.microsoft.com/en-us/library/cc764232.aspx


    Converting Physical Computers to Virtual Machines in VMM (P2V Conversions)
    http://technet.microsoft.com/en-us/library/bb963740.aspx

  • Update for P2V with SCVMM 2008

    Description of the System Center Virtual Machine Manager 2008 update to address physical to virtual (P2V) issues

     

    http://support.microsoft.com/kb/959596

     

    INTRODUCTION

    This article describes the Microsoft Center Virtual Machine Manager 2008 issues that are fixed in the System Center Virtual Machine Manager 2008 update.

     

    MORE INFORMATION

    List of issues that are fixed

    You use System Center Virtual Machine Manager 2008 to perform an offline physical to virtual (P2V) conversion. The computer that is running System Center Virtual Machine Manager 2008 is located on a different subnet from the source computer. However, both computers are configured to use an IP address range, such as 10.x.x.x. The offline P2V conversion fails with the following error message:

    Error (3133) Virtual Machine Manager could not connect to source computer servername.domainname.com after it restarted into Windows PE (temporary computer name is p2v-ldjj). Automatic restart to the original operating system is scheduled to occur within 15 minutes. Recommended Action If servername.domainname.com does not restart in 15 minutes, manually restart it back into the original operating system using the boot menu

    You convert a physical computer to a virtual machine by using VMWare VirtualCenter. One of the disks on the physical computer is larger than 256 gigabytes (GB). You add the VMWare VirtualCenter server to System Center Virtual Machine Manager 2008. When you try to create a virtual machine, the operation fails with the following error message:

    VMM Cannot find VirtualHardDisk object. Ensure the library object is valid, then try the operation again. ID: 801

  • Why SCVMM 2008? Resources for compelling business decisions

    A few quick resources you will want to download and keep for reference, and share with your business.

    IT Pros, read both articles. The ‘Data Sheet’ is a slick (two page brochure with eye candy), the ‘Reviewer’s Guide’ is a relatively in depth guide to SCVMM 2008 features and capabilities. It does not explain HOW to perform operations in SCVMM, instead it covers WHY you should get involved with this product in the first place.

    Management, read the ‘Data Sheet’ to gain a basic understanding of this product. This will facilitate conversations with your IT team. If you will also be involved in the planning or testing phase of this product, read the ‘Reviewer’s Guide’. The guide does not go into the gritty details of implementation, instead it covers each feature of SCVMM thoroughly and how it can be applied to your environment.

    Need more incentive? Here is a short list of features to get you started.

    ·         P2V – Physical to Virtual conversion

    ·         V2V – Virtual to Virtual conversion

    ·         PRO – Performance and Resource Optimization

    ·         Intelligent Placement Ratings

    ·         Self-Service Portal – Delegated Web Site

    ·         Centralized Library

    ·         SAN Transfers for VM migration in seconds

    ·         Remote Management

    ·         Windows 2008 Failover Cluster Integration

    ·         Full control of Hyper-V and SCVMM via PowerShell

    After reading the information, if you find that you still have questions feel free to contact by email.

    Microsoft System Center Virtual Machine Manager Reviewer’s Guide

    SCVMM 2008 Data Sheet

    Further reading on PowerShell integration:

    Managing Virtualization with SCVMM and Powershell

     

    Technorati Tags: microsoft,scvmm,hyper-v review,virtual,virtualization,windows

  • Contributing Engineer: VMSetupConfigurationError (257)

    Here's another find by Mike Briggs. Thanks for the contribution Mike! mbriggs@microsoft.com

     

    Issue

    The following error message may be displayed during installation of System Center Virtual Machine Manager 2008.

     

    Error Messages

    *** Carmine error was: VMSetupConfigurationError (257); WindowsAPI

    ID: 257. Details: No mapping between account names and security IDs was done

     

    >>> Excerpt from ServerSetup.log <<<

    The ServerSetup.log can be obtained from the following directory:

    C:\Documents and Settings\All Users\Application Data\VMMLogs

     

    [12/9/2008 11:27:42 AM] * Exception :  => An error has occurred while trying to configure Virtual Machine Manager.Uninstall Virtual Machine Manager from Add or Remove Programs and then run Setup again.Microsoft.VirtualManager.Setup.Exceptions.BackEndErrorException: An error has occurred while trying to configure Virtual Machine Manager.

     

    Uninstall Virtual Machine Manager from Add or Remove Programs and then run Setup again.

     

    *** Carmine error was: VMSetupConfigurationError (257); WindowsAPI

    ID: 257. Details: No mapping between account names and security IDs was done

     

    Resolution

    Test the installation after each step. 

     

    Re-register the SQL SPN (setspn -r %computername%)

    Uninstall SQL instance and VMM

    Remove from domain and rejoin.

     

     

    Technorati Tags: microsoft,scvmm,hyper-v,virtual,virtualization,windows

     

  • Contributing Engineer: Installation Error - ComputerNameInvalid (403)

    Mike has been knocking issues out of the park. Here's a tip that might help during SCVMM install. He's seen this a few times...  Thanks Mike!

     

    Issue

    Unable to complete VMM2008 installation

     

    Error message

    “Microsoft System Center Virtual Machine Manager 2008 has stopped working"

     

    Things to check

    1.       Is the account used to install VMM2008 a member of local admins group? http://technet.microsoft.com/en-us/library/cc764327.aspx

    2.       Is the server in a disjointed name space? http://technet.microsoft.com/en-us/library/cc764231.aspx

    3.       Is the functional level of the domain is either W2K3 or W2K8?  This is a hard requirement.  http://blogs.technet.com/chengw/archive/2008/06/04/managing-hosts-in-windows-2000-ad-forest-by-using-vmm-2008.aspx

     

    >>> ServerSetup.log <<<

    [12/8/2008 10:07:26 AM] * Exception :  => ‘my-computer-name’  is not a valid network computer name.Only fully qualified domain names and NETBIOS computer names are valid. An IP address is valid only for hosts on a perimeter network, ESX hosts, and hosts joined to the domain by using an IPv6 address. Check the computer name, and try the operation again. Microsoft.VirtualManager.Utils.CarmineException: ‘my-computer-name’   is not a valid network computer name.

    Only fully qualified domain names and NETBIOS computer names are valid. An IP address is valid only for hosts on a perimeter network, ESX hosts, and hosts joined to the domain by using an IPv6 address. Check the computer name, and try the operation again.

    *** Carmine error was: ComputerNameInvalid (403)

     

     

    Resolution

    The computer name of the server intended to become the VMM2008 server was "MY-COMPUTER-NAME”.  We renamed to "MYCOMPUTERNAME" and also removed the corresponding entry in the local HOSTS file.  This allowed the installation to complete as expected.

     

     

    Technorati Tags: microsoft,scvmm,hyper-v,virtual,virtualization,windows

     

January, 2009

January, 2009