Re-posted from Rakeshm’s VM Management Blog… Link here.

I just wanted to clarify (incorrect) rumors/speculation about the release date for SCVMM 2008 R2. There is a lot of built up excitement for this release and we've added many features, none more anticipated than live migration. While it is true that our competition has had this feature for some time (and has made customers pay dearly for the privilege if using it), adding it to Hyper-V opens up a brand new set of exciting and cost effective management/optimization scenarios for Windows Server nation!

We've always maintained that we will ship SCVMM 2008 R2 as soon as possible after Windows Server 2008 R2 is released and this remains the case. As you can read from the Windows Server Blog we're coming down the home stretch. Once the Windows Server release is locked, (which is now only a couple of weeks away) our test team will run through a full test pass with SCVMM 2008 R2 to ensure that we've caught any late breaking issues. We have obviously worked very closely with the Hyper-V team and already have plenty of customers in full production on Windows Server 2008 R2 + SCVMM 2008 R2 so we don't expect this to happen but as Reagan once said "trust but verify".

I don't have an exact date to communicate at this point but late summer/early fall is our target.....as always, stay tuned for more details.

Rakesh

If you ever happen to set up a new virtual network on a Cluster node/Host you may find that your work is not entirely done. First, the Host that you added the VN to will in fact have networking set up correctly. What may appear odd is that the other Hosts in the cluster (nodes) will also show the new virtual network name correctly, but the virtual network bindings are not set up?! What’s going on here?

Simply, the requirement that all Hosts in a Cluster have matching network names is met as it should be. The problem is that although the name of the virtual network is created on the other nodes, there are no network bindings. The reason for this is simple: VMM has no way of knowing which network is the correct one to bind to. Left unchecked, it might bind to the wrong external network, or even an iSCSI network if you have one set up, and then where would your Cluster be? Wrecked. So, following a successful virtual network creation and binding on the initial node, you must manually bind the new virtual network to the correct network on each Host. There will be an error in the initial Host job in fact prompting you to do so. With this done, your new virtual network will be up and running correctly on all nodes. I hope this helps those of you who have run across this.

…

Vishwa has posted a great article on new features in VMM RC R2. This goes beyond the features you may have read previously. I’ve listed the features below. Visit the SCVMM Blog for details. Thanks Vishwa!

New SCVMM R2 RC Features in RC!

    Quick Storage Migration
    Queuing of Live Migrations
    Rapid Provisioning
    Host compatibility checks
    Support for 3rd party CFS
    Support for Veritas Volume Manager

http://blogs.technet.com/scvmm/archive/2009/05/11/scvmm-r2-rc-features.aspx

…

When connecting to the SSP there may be errors such as ‘Syntax Error’ or ‘Object Unexpected.’ This may manifest as a popup with a script error, or you may simply see a small yellow warning icon in the lower left hand pane of the browser. In any event, VMs cannot be accessed through the SSP.

Resolution
This issue can be caused by javascript being incorrectly sent to the IE clients due to NIC driver settings on the webserver (the one running IIS for SSP). Disable network optimization settings on the webserver NIC to get things working again.

Settings to disable on IIS server NIC(s)

• Disable ‘Large Send Offload IPv4’ per one of the articles listed below. Reboot.
• If simply disabling ‘Large Send Offload IPv4’ does not work, follow the full list of instructions in Article 2.

Article 1

Network Connectivity. This article explains the many networking technologies provided by Intel cards. This article is used as it has great examples, not because Intel is affected more or less by this issue.

Article 2

Resolve Communication Issues in SCVMM – Part 1. A post of my own that explains how to disable all NIC optimizations for increased compatibility and to resolve certain network issues.

…

With a single command you can pull a list of all installed updates. Use this to compare patch levels on all systems so you can easily target those not meeting the bar.

We start with simple commands, then build on these to create robust queries with optional CSV and HTML formatting. I think of these commands, which I use on a daily basis, as basics for my Toolkit. If you don’t have a Toolkit I suggest you create one now. Place your often used tools in a folder such as ‘C:\Toolkit’ so that they are always at hand. Grab the first five items under ‘Top 10 Downloads’ from Sysinternals.com to round out your basics.

TIP:  Go one step further and sign up for a Live Mesh account with your Windows Live ID. With this you can  keep your Toolkit directory, and other directories, synched up across all machines you designate. The folders will be available privately online as well. Further, remote control is built-in for all Mesh enabled systems. Sweet! Clearly remote capabilities are geared more towards workstations than servers, but I use it for both.

And yeah, it’s free. Get started here.

Basic Commands

Warm up by opening an elevated command prompt on your SCVMM server (or any server for that matter). If your command window does not show ‘Administrator:’ as below, you are not running an elevated console.

> Single command to pull updates.
wmic qfe

http://support.microsoft.com/?kbid=963660  VMM2008R2-03  Update                        KB963660
                       NT AUTHORITY\SYSTEM  2/26/2009
http://support.microsoft.com/?kbid=967062  VMM2008R2-03  Update                        KB967062
                       NT AUTHORITY\SYSTEM  2/26/2009

You should see a torrent of information scroll through the command window. This is a list of all QFEs (Hotfixes and Updates) installed, along with a good bit of extraneous info.

> Now let's work on formatting. This is my everyday method.
wmic qfe list brief

Update                        KB963660                                 NT AUTHORITY\SYSTEM  2/26/2009
Update                        KB967062                                 NT AUTHORITY\SYSTEM  2/26/2009

Now some of the noise is removed and it is easier to read the list of updates.

TIP:  Is KBXXXXXX installed on this system?!? I can only remember the last three digits of the update anyway… Easy to check. Just pipe your output to ‘find.’

wmic qfe list brief | find /i "660"

Update                        KB963660                                 NT AUTHORITY\SYSTEM  2/26/2009

Apparently it is installed. Nice.

> This is good, but we can do better.
wmic qfe get csname,hotfixid,description

VMM2008R2-03  Update           KB963660
VMM2008R2-03  Update           KB967062

Now we're getting somewhere. We've selected the header for only those columns we are interested in and have returned a clean list of updates along with the system name.

This much you can keep in your head. You might want to create a batch file for items in the next section.

Advanced Queries

Now that you've waded into the deep end let's perform some real work. These are the commands to place in a batch file for your Toolkit. The steps below assume you have already created a ‘C:\Temp’ directory on your system. CSName is not required for the next two commands; it is implied.

> Create a CSV file from the output.
wmic /output:c:\temp\qfe.csv QFE GET HotFixID,Description /format:csv

The resulting CSV file lists these items, ready to be opened in Excel: Node,Description,HotFixID

> CSV files are not as interesting as HTML, so let's shift output formats.
wmic /output:c:\temp\qfe.html QFE GET HotFixID,Description /format:htable

Now you have a clean multicolored table with results, complete with column headers.

Remote Systems

The only thing left to do is perform this same work on remote machines. First a single machine, then a list of systems. Replace <remotesystem> with your remote system name. Note that we add CSName to pull the remote name.

> List remote system updates.
wmic /node:"<remotesystem>" /output:c:\temp\qfe_remote.html QFE GET CSName,HotFixID,Description /format:htable

If this did not work for you keep in mind that you must be an administrator on the remote machine, and Remote Management must be enabled.

> Finally, let's feed a list of server names and create a single HTML file. Create a file named 'serverlist.txt' with one system per line.
wmic /node:@serverlist.txt /output:c:\temp\qfe_serverlist.html QFE GET CSName,HotFixId,Description /format:htable

That's it. You should have a table similar to this.

Enjoy your new tools. Thanks for reading!

For further reference:

MSDN - WMI Command Line Tools
http://msdn.microsoft.com/en-us/library/aa394531.aspx

Released April 14, 2009, a number of Hotfixes have been rolled up into a single download. I strongly recommend this update for all SCVMM Servers. This update may require a reboot. This update replaces ‘KB959596 - Description of the System Center Virtual Machine Manager 2008 update to address physical to virtual (P2V) issues.' You should still install updates from KB962941. Best of luck!

Description of the hotfix rollup package for System Center Virtual Machine Manager 2008: April 14th, 2009
http://support.microsoft.com/kb/961983

This update will be provided automatically by 'Microsoft Update,' or it can be manually downloaded here. If installing manually, open an elevated command prompt and execute (without the quotes): “msiexec /update vmmServer64Update.msp BOOTSTRAPPED=1”

Issues Addressed
  VMware virtual machine migration
  Hyper-V VMs showing “unsupported cluster configuration”
  Differencing disk issues
  Agent status on Cluster nodes
  Replication software causing “unsupported cluster configuration"
  Error 2951 with VMware Virtual Center 

Install updates from KB962941 and KB961983
KB959596 is no longer necessary if KB961983 is installed.

Recommended hotfixes for System Center Virtual Machine Manager 2008
http://support.microsoft.com/kb/962941

This tool has been deprecated. Please see the new tool!

Click here to use VMMTrace

So you’ve run into a problem with VMM. Maybe your Hosts have lost connectivity with the SCVMM Server. Or, P2V fails for a certain machine every time. If you’ve searched many TechNet blogs or forums for answers you have probably come to one conclusion: you’re going to have to run a trace to collect the required information.

How do I capture a trace? Armed with DbgView (available from Sysinternals.com) and a number of registry modifications, followed by service restarts on each involved machine, you’re ready to begin. Problem is, configuring a server for tracing is time consuming, tedious, and prone to human error. I’ve worked to alleviate your pain.

Easy? Seriously?

True. You need two files on each server you wish to run the trace on. The process is automated, requires very little input, and works. I’ll skip how it works other than to say it performs the work in Cheng’s article for you. Manual steps are below. If you would like to download a zip file with everything ready click the button below.

Instructions

1. DOWNLOAD SCTrace from the 'Download' button above.

2. SAVE ‘SCTrace_x.x.zip to a directory near the root of C: such as ‘C:\Temp’. (Remaining instructions assume this is where you saved the file...)

3. EXTRACT 'sctrace.zip'. By default this will create a folder named 'SCTrace_x.x' in 'C:\Temp'

4. From an ELEVATED command prompt change to the directory where the files are extracted (C:\Temp\SCTrace_x.x) and type sctrace.cmd

5. FOLLOW the prompts in the COMMAND WINDOW at all times

Tips for Successful Tracing

Follow the instructions in the command prompt. Remember that the goal is to capture the issue while is is reproduced. If the problem is between a Host and the SCVMM Server, run this same script on both machines at the SAME TIME. We need both ends of the conversation to figure out what is going on. The script will provide an opportunity to get things kicked off on all servers then start all the traces at once.

Disclaimer

Every effort has been made to accommodate various environments, while at the same time keeping the length of the script to a minimum. This script may not work if you have a locked down system. This script is provided as is. That said, I would love to hear what you think of it. Corrections appreciated as well. Check back for version updates.

:: START SCRIPT COPY HERE

:: sctrace.cmd
:: v1.6

@echo off

if (%1)==(/?) goto :HELP
if (%1)==(-?) goto :HELP
if (%1)==(odsoff) goto :ODSOFF

:: Test Running Elevated
if not exist %windir%\SCVMM_TRACE\test (
mkdir %windir%\SCVMM_TRACE\test
)
If Not %ERRORLEVEL% EQU 0 (
echo Error: You must run this from an elevated command prompt
Goto End
)

:: Check for DbgView
if not exist dbgview.exe (
cls
echo DbgView is required to capture a trace.
echo Please download from http://live.sysinternals.com/dbgview.exe
echo and place in same directory as script.
echo.
echo.
Goto End
)

:: BIG NOTICE
cls
echo v1.6
echo.
echo    YOU MUST FOLLOW 3 STEPS TO CAPTURE A TRACE
echo.
echo  FOLLOW THE DIRECTIONS ON THIS SCREEN AT ALL TIMES
echo.
echo                READ CAREFULLY
echo.
pause

:: Verify DbgView Settings
cls
echo.
echo  STEP 1 of 3  -  CONFIGURE DEBUGVIEW  -  STEP 1 of 3
echo.
echo  - DebugView will open. Select the CAPTURE menu.
echo.
echo  - Verify 'Capture Win32' and 'Capture Global Win32' are checked.
echo.
echo  - Exit DebugView and return to this window.
echo.
echo.
CHOICE /C C /N /M "Press [C] to configure DbgView now."
IF errorlevel 1 dbgview.exe

:: Cleanup
rmdir %windir%\SCVMM_TRACE\test
Start taskkill /IM debugview.exe
Start taskkill /IM dbgview.exe

:Begin
:: Verify Environment
if not exist %windir%\SCVMM_TRACE\logs (
mkdir %windir%\SCVMM_TRACE\logs
)

:: Capture Exact Time to Prevent Overwrites
set hh=%time:~0,2%
if "%time:~0,1%"==" " set hh=0%hh:~1,1%
set yymmdd_hhmmss=%date:~12,2%%date:~4,2%%date:~7,2%_%hh%%time:~3,2%%time:~6,2%

:: Format and Remove Spaces
set Filepath=%windir%\SCVMM_TRACE\logs
set Filename=%Filepath%\%COMPUTERNAME%_%yymmdd_hhmmss%.log
set Filename=%filename: =%

::Enable Tracing
Reg Add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\Carmine" /v ODS /t REG_DWORD /d 00000001 /f
Reg Add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\Carmine" /v ODSFLAGS /t REG_DWORD /d 255 /f

:: Restart Services
cls
net stop vmmagent
net stop vmmservice

net start vmmagent
net start vmmservice

:: IISRESET will NOT occur unless /IIS switch is used
if (%1)==(iis) iisreset

:: Choose Systems
cls
echo.
echo  STEP 2 of 3  -  STAGE OTHER SERVERS  -  STEP 2 of 3
echo.
echo  MAKE A DECISION...  ONE SERVER OR MANY?
echo.
echo  Start this trace on other involved systems now if needed.
echo  When all systems are sitting at  STEP 2 of 3  proceed below.
echo.
CHOICE /C C /N /M "Press [C] to continue when all systems ready."
IF errorlevel 1 Start Dbgview.exe /t /f /l %Filename%

:: All Systems GO!
:STOPDBGVIEW
cls
echo.
echo  STEP 3 of 3  -  TRACING NOW  -  STEP 3 of 3
echo.
echo  Trace is capturing all activity on this system now.
echo  Make sure all systems involved show STEP 3 of 3 then...
echo  REPRODUCE YOUR ISSUE NOW.
echo.
echo  Press [F] to Finish on all systems AFTER reproducing issue
echo.
CHOICE /C F /N
IF errorlevel 1 (
Start taskkill /IM debugview.exe
Start taskkill /IM dbgview.exe
cls
echo Writing out log file... Please wait
timeout /t 5
)

:: Disable Tracing
Reg Add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\Carmine" /v ODS /t REG_DWORD /d 00000000 /f

:: Open Explorer Showing Trace File
start %Filepath%
cls
echo DONE!
echo.
echo Provide the latest file in %FilePath% to support
echo.
echo.

Goto End

:HELP
cls
@echo Trace Options
@echo.
@echo From an elevated command prompt type Trace.cmd
@echo Options: /?, -?    This Help Menu
@echo          /odsoff   Disable tracing
@echo          /iis      Perform iisreset
@echo.
@echo.
Goto End

:ODSOFF
Reg Add HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\Carmine /v ODS /t REG_DWORD /d 00000000 /f

:END

:: STOP SCRIPT COPY HERE

jonjor

What the heck is an error 2606? Why am I getting a 1612 prompt when I try to connect to the VMM Server from the Admin Console? Now you can look these errors up and review the Recommended Action.

The error codes are divided between 'User Interface Error Messages' and 'Command-Line Interface Error Messages'. User interface messages are understandable enough... You perform a P2V and the job errors out with an error message in the Admin Console. Command-Line, or CLI messages are those that appear in a PowerShell console when running scripts or performing interactive work.

VMM 2008 Error Codes

User Interface Messages: http://technet.microsoft.com/en-us/library/dd548298.aspx

Command-Line Messages: http://technet.microsoft.com/en-us/library/dd548296.aspx

Enjoy!

When migrating from SCVMM 2008 Beta to the final release bits (RTM), a utility is required in order to complete the process successfully. This tool is no longer posted on the Microsoft 'Connect' site, but is still available by request from Microsoft Support. The name of the utility is 'upgradev2beta.exe'.

Migrating from VMM 2008 Beta to VMM 2008

http://technet.microsoft.com/en-us/library/cc764282.aspx

Here it is. We have a new KB that details updates and hotfixes required for SCVMM, Hyper-V and Clustering. Read the article here.

I've commented on the hotfixes inline below, providing a Support Engineer's perspective.

________________________________________________

Required hotfixes for Hyper-V servers

Install these. No question.

• 956589  (http://support.microsoft.com/kb/956589/ ) Description of the Hyper-V update for issues that may occur when you manage the Hyper-V role on the 64-bit editions of Windows Server 2008 by using SCVMM
• 956774  (http://support.microsoft.com/kb/956774/ ) A Background Intelligent Transfer Service (BITS) client cannot handle files that have paths that contain the volume GUID in Windows Server 2008 or in Windows Vista

• 950050 (http://support.microsoft.com/default.aspx?scid=kb;EN-US;950050/ ) Description of the update for the release version of the Hyper-V technology for Windows Server 2008
  

Note If these hotfixes are missing from a Hyper-V server, the System Center Virtual Machine Manager 2008 Admin Console lists the server status as Needs Attention. Hotfix 956774 should be installed on the Hyper-V servers and on System Center Virtual Machine Manager 2008 Server.

Back to the top

Recommended hotfixes for System Center Virtual Machine Manager 2008 Server

I would change this from 'Recommended' to 'Required' based on experience.

• 958124  (http://support.microsoft.com/kb/958124/ ) A wmiprvse.exe process may leak memory when a WMI notification query is used heavily on a Windows Server 2008-based or Windows Vista-based computer
• 954563  (http://support.microsoft.com/kb/954563/ ) Memory corruption may occur with the Windows Management Instrumentation (WMI) service on a computer that is running Windows Server 2008 or Windows Vista Service Pack 1
• 955805  (http://support.microsoft.com/kb/955805/ ) Certain applications become very slow on a Windows Server 2008-based or Windows Vista S955805-based computer when a certificate with SIA extension is installed
• 959596  (http://support.microsoft.com/kb/959596/ ) Description of the System Center Virtual Machine Manager 2008 update to address physical to virtual (P2V) issues

Back to the top

Recommended hotfixes for the Hyper-V servers

Install ALL hotfixes on ALL Hyper-V servers, whether SCVMM is involved or not. This is more than a recommendation based on cases I have worked.

• 957967  (http://support.microsoft.com/kb/957967/ ) Stop error message on a Windows Server 2008-based computer that has the Hyper-V role installed: "STOP 0x0000001A"
• 958124  (http://support.microsoft.com/kb/958124/ ) A wmiprvse.exe process may leak memory when a WMI notification query is used heavily on a Windows Server 2008-based or Windows Vista-based computer
• 954563  (http://support.microsoft.com/kb/954563/ ) Memory corruption may occur with the Windows Management Instrumentation (WMI) service on a computer that is running Windows Server 2008 or Windows Vista Service Pack 1
• 955805  (http://support.microsoft.com/kb/955805/ ) Certain applications become very slow on a Windows Server 2008-based or Windows Vista S955805-based computer when a certificate with SIA extension is installed

Back to the top

Recommended hotfixes for Hyper-V failover clusters

• 957311  (http://support.microsoft.com/kb/957311/ ) Recommended hotfixes for Windows Server 2008-based server clusters

Collecting traces while reproducing an issue is one of the best methods we have of determining the source of an issue. Microsoft engineers might ask for this information when you open an incident, or you may want to perform tracing on your own for review. Cheng wrote the original article that walks you through the process step-by-step. With the growing number of Windows Core installations a colleague of mine (MikeB) found that new instructions were needed to perform this same process. Bookmark his post. It's one for the toolbox.

How to capture a Dbgview trace from Windows Core

An updated SCVMM management pack is now available for download. Read the announcement here!

Brief Description

The System Center Virtual Machine Manager (VMM) 2008 Management Pack for System Center Operations Manager 2007 monitors availability of all components of VMM 2008 and the availability, health, and performance of all virtual machines and virtual machine hosts that VMM manages.

SCVMM depends on a number of permissions being available to operate correctly. Some are user and computer account related, others are group policies. Both are outlined below. Keep in mind that although you may have set up permissions correctly at some point during the install, things may have changed. It is not uncommon for an organization to create GPOs that strip computer objects from groups on local machines. It is also not uncommon that the SCVMM installation process is unable to add objects to the required groups on install due to unforeseen permission issues. Take the time to double check the settings below on all of your SCVMM systems and you may find that strange issues you are experiencing are resolved.

Group Memberships

Local security groups on the SCVMM Server

·         Group ‘Administrators’ should have the SCVMM Server 'Computer Object' as a member, and the Domain Account that is specified during operations in the SCVMM Admin Console

·         Group ‘Virtual Machine Manager Servers’ the SCVMM Server 'Computer Object' as a member

Note:  If you need to add a machine accounts, make sure you go to ’Object types’ and check ‘Computers’.  Then add it as <domain>\<machinename>$

Local security groups on an SCVMM Host

·         Group ‘Administrators’ should have the SCVMM Server 'Computer Object' as a member 

·         Group ‘Virtual Machine Manager Servers’ should have the SCVMM Server 'Computer Object' as a member

Local security groups on the Source P2V machine

·         Group ‘Administrators’ should have the same User Account as the credentials specified in the SCVMM Admin Console during the P2V process

Group Policy Rights

There is not a complied list of rights that are required due to the complexity of rights specified in group policies and the ability to lock down individual registry keys and file system directories. Instead, I have provided a method for comparing current machine group policy rights to those that are applied by default during Windows installation. If you find that there are a number of items more restrictive on your server than in the default policy, consider moving this machine to an OU of its own and blocking inheritance of group policies. This may correct the issue. If rights have been stamped onto the machine, it may be necessary to re-apply the default group policy settings created during Windows installation. Even if this is not an acceptable resolution, at least you will know with confidence that it is restricted rights that are breaking SCVMM. You can then start adding the rights that you find important back until you find that you have broken SCVMM again. You’ll have to live without enabling this restriction once found. If you have a development environment it is strongly suggested that you perform testing there instead of in production.

Steps to Analyze and Configure (Apply) Security Templates

This first section will collect data for review. No changes will be made to the server. Make sure you are logged into the domain, not locally. This may take a few minutes to run.

1 - Start> Run> mmc.exe

2 - File> Add/Remove Snap-in...

3 - Add...> Security Configuration and Analysis> Add...> Close> OK

4 - Right click 'Security Configuration and Analysis' and select 'Open Database'.

A - Create a new temporary database named 'test.sdb' and click 'Open' (do not re-use one of your temporary databases. Make test1.sdb and so on)

Windows 2003

B - When prompted for 'Import Template' select 'C:\Windows\Security\Templates\setup security.inf' and click 'Open'

C - If you were not prompted for 'Import Template', right click 'Security Configuration and Analysis' and select C:\Windows\Security\Templates\setup security.inf'

                - If this is a Domain Controller, use ‘securedc.inf’ instead

Windows 2008

B - When prompted for 'Import Template' select 'C:\Windows\inf\setup security.inf' and click 'Open'

C - If you were not prompted for 'Import Template', right click 'Security Configuration and Analysis' and select C:\Windows\inf\deftsv.inf'

                - If this is a Domain Controller, use ‘deftdc.inf’ instead

5 - Right click 'Security Configuration and Analysis' and select 'Analyze computer now'

6 - Browse to a location to save the Error Log so you can find it later, give it a descriptive name if you like, and click 'OK'

7 – This log file will show the differences between the default security template applied during Windows setup, and what is currently in place. Note that there will be two sources of rights settings: local and domain. It may be necessary to review domain policies that are making security changes that are incompatible with SCVMM.

For further reading and information

Analyze and configure security

http://technet.microsoft.com/en-us/library/cc759251.aspx

Configure local computer security

http://technet.microsoft.com/en-us/library/cc737638.aspx

Your Guide to Group Policy Troubleshooting

http://technet.microsoft.com/en-us/magazine/2007.02.troubleshooting.aspx

Disable Task Offloading and Update WMI

Communications issues with SCVMM can take on the form of access denied, timeouts, and often as intermittent connectivity issues. The steps in this post are the same ones I use to resolve a good number of customer issues.

Feedback on this article is welcome. If you have technical questions please post them appropriately in the forums:

http://social.technet.microsoft.com/Forums/en-US/category/virtualmachinemanager/

Two types of issues are addressed here

1) Many new settings available to NIC drivers that do not always function as well as would be expected.

2) SCVMM relies heavily on WMI. The updates listed in this article resolve issues with WMI that will allow SCVMM to function properly.

This MDSN article lists all values available.

Using Registry Values to Enable and Disable Task Offloading
http://msdn.microsoft.com/en-us/library/aa938424.aspx

WMI

Install three WMI updates on all Windows 2008 server running Hyper-V (and therefore are SCVMM Hosts)

958124  A wmiprvse.exe process may leak memory when a WMI notification query is used heavily on a Windows Server 2008-based or Windows Vista-based computer

http://support.microsoft.com/default.aspx?scid=kb;EN-US;958124

954563  Memory corruption may occur with the Windows Management Instrumentation (WMI) service on a computer that is running Windows Server 2008 or Windows Vista Service Pack 1

http://support.microsoft.com/default.aspx?scid=kb;EN-US;954563

955805  Certain applications become very slow on a Windows Server 2008-based or Windows Vista SP1-based computer when a certificate with SIA extension is installed

http://support.microsoft.com/default.aspx?scid=kb;EN-US;955805

Network Settings

NOTE

- If working with a core server you may want to connect via remote registry and make these changes.
- All values should be set to '0' EXCEPT for the last one which is related to IPSEC, and thus Kerberos. Leave this one alone ---> 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Ipsec\EnabledOffload'  

1 - Locate all physical NICs in the registry under:
'HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}'

2 -  There will be folders with four digits, starting with '0000'. Locate the ones that show the physical NIC names on the right. Look for the 'DriverDesc' value on the right; this should have the name of a NIC such as 'HP NC360T PCIe Gigabit Server Adapter.' For each of these, make the changes below.

3 - Disable All Vendor specific Offloading
Set values for any entries below that include the word 'Offload' to '0' (Disabled)
*FlowControl

     No description available

*IPChecksumOffloadIPv4
     Describes whether the device enabled or disabled the calculation of IPv4
checksums.
*TCPChecksumOffloadIPv4
     Describes whether the device enabled or disabled the calculation of TCP Checksum
over IPv4 packets.
*TCPChecksumOffloadIPv6
     Describes whether the device enabled or disabled the calculation of TCP checksum
over IPv6 packets.
*UDPChecksumOffloadIPv4
     Describes whether the device enabled or disabled the calculation of UDP Checksum
over IPv4 packets.
*UDPChecksumOffloadIPv6
     Describes whether the device enabled or disabled the calculation of UDP Checksum
over IPv6 packets.
*LsoV1IPv4
     Describes whether the device enabled or disabled the segmentation of large TCP
packets over IPv4 for large send offload version 1 (LSOv1).
*LsoV2IPv4
     Describes whether the device enabled or disabled the segmentation of large TCP
packets over IPv4 for large send offload version 2 (LSOv2).
*LsoV2IPv6
     Describes whether the device enabled or disabled the segmentation of large TCP
packets over IPv6 for large send offload version 2 (LSOv2).
*IPsecOffloadV1IPv4
     Describes whether the device enabled or disabled the calculation of IPsec headers
over IPv4.
*IPsecOffloadV2
     Describes whether the device enabled or disabled IPsec offload version 2
(IPsecOV2). IPsecOV2 provides support for additional crypto-algorithms, IPv6, and
co-existence with large send offload version 2 (LSOv2).
*IPsecOffloadV2IPv4
     Describes whether the device enabled or disabled IPsecOV2 for IPv4 only.
*RSS
     Receive side scaling
*TCPUDPChecksumOffloadIPv4
     Describes whether the device enabled or disabled the calculation of TCP or UDP
checksum over IPv4.
*TCPUDPChecksumOffloadIPv6
     Describes whether the device enabled or disabled the calculation of TCP or UDP
checksum over IPv6.

4 - Disable Offloading in Windows.
Use the following registry values to enable or disable task offloading for the TCP/IP protocol:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TCPIP\Parameters\DisableTaskOffload

Setting this DWORD value to ‘1’ disables all of the task offloads from the TCP/IP transport. Setting this value to zero enables all of the task offloads.

Related Links
Network Issues with Windows Server 2008 RDP and VS/Hyper-V on Dell Servers
http://www.petri.co.il/network-issues-with-windows-server-2008-rdp-on-dell-servers.htm

What is WinRM?

New in Windows Vista, Windows Server 2003 R2, Windows Server 2008 (and Server 2008 Core) are WinRM & WinRS. Windows Remote Management (known as WinRM) is a handy new remote management service. WinRM is the “server” component of this remote management application and WinRS (Windows Remote Shell) is the “client” for WinRM, which runs on the remote computer attempting to remotely manage the WinRM server. However, I should note that BOTH computers must have WinRM installed and enabled on them for WinRS to work and retrieve information from the remote system.

While WinRM listens on port 80 by default, it doesn't mean traffic is unencrypted. Traffic by default is only accepted by WinRM when it is encrypted using the Negotiate or Kerberos SSP. WinRM uses HTTP (TCP 80) or HTTPS (TCP 443). WinRM also includes helper code that lets the WinRM listener to share port 80 with IIS or any other application that may need to use that port.

WinRM with SCVMM uses Kerberos for authentication, and does not support fall-back to NTLM. There will be an error instead. If no credentials are specified, then the logged-on credentials are used to authenticate against the remote machine. This allows for a single sign-on experience.

What is WinRS?

Remote Shell, (WinRS) is used to execute a program on a remote host. Similar in operation to the former Sysinternals tool PSExec, WinRS leverages Windows Remote Management to let you launch processes on remote machines. For example, if you want to perform a directory listing on the system drive on a remote machine, you can remotely launch ‘dir’ using this syntax:

winrs -r:machinename dir

Another handy use of WinRS can be when installing software on remote systems. If you want to quietly install an application using an MSI file onto a remote machine, use the following syntax. This syntax assumes the MSI file has already been deposited into the C:\ folder.

winrs -r:machinename msiexec.exe /i c:\install.msi /quiet

When specifying the remote machine, the following are valid:

· Localhost

· NetBIOS name

· Fully Qualified Domain Name (FQDN)

· IP address

How to install WinRM

The WinRM is not dependent on any other service except WinHttp. If the IIS Admin Service is installed on the same computer, you may see messages that indicate WinRM cannot be loaded before Interent Information Services (IIS). However, WinRM does not actually depend on IIS: these messages occur because the load order ensures that the IIS service starts before the HTTP service. WinRM does require that WinHTTP.dll be registered.

(Stated simply: WinRM service should be set to Automatic (Delayed Start) on Windows Vista and Server 2008)

· The WinRM service starts automatically on Windows Server 2008.

· On Windows Vista, the service must be started manually.

· UPDATE! Windows 2003 requires an update for WinRM

936059 An update is available for the Windows Remote Management feature in Windows Server 2003 and in Windows XP

http://support.microsoft.com/default.aspx?scid=kb;EN-US;936059

How to configure WinRM

To set the default configuration type:

winrm quickconfig (or the abbreviated version, winrm qc)

‘winrm qc’ performs the following operations:

1. Starts the WinRM service and sets the service startup type to auto-start.

2. Configures a listener for the ports that send and receive WS-Management protocol messages using either HTTP or HTTPS on any IP address.

3. Defines ICF exceptions for the WinRM service and opens the ports for HTTP and HTTPS.

(Note: Winrm quickconfig also configures Winrs default settings)

If ‘winrm qc’ throws an error:

If the firewall is disabled the quick config command will fail. The firewall can either be started in Services long enough to run ‘winrm qc’ or the commands below can be run:

sc config "WinRM" start= auto

net start WinRM

winrm create winrm/config/listener?Address=*+Transport=HTTP

netsh firewall add portopening TCP 80 "Windows Remote Management"

Group Policy configuration:

WinRM can be configured by group policies.

1. Type gpedit at a command prompt. The Group Policy Object Editor window opens.

2. Look for the Windows Remote Management and Windows Remote Shell Group Policy Objects (GPO) under Administrative Templates and Windows Components.

Troubleshoot WinRM

Common Issues:

1. If the ISA2004 firewall client is installed on the computer, it can cause a Web Services for Management (WS-Management) client to stop responding. To avoid this issue, install ISA2004 Firewall SP1.

2. Antivirus software can prevent proper WinRM communication. Disable antivirus software and reboot the machine if the Antivirus software is known to scan processes and protocols, or if there is any doubt about the software.

Test WinRM communication on the local and remote machines

This section addresses how to test whether WinRM is working on the local system, and whether it can communicate with the remote system. Test remote communication in both directions between machines.

Local communication:

Locate listeners and addresses: (No output means WinRM is not installed)

winrm e winrm/config/listener

Localhost Ping:

(Successfully completing this step pretty much insure complete access to WSMan on the local system)

Winrm id

Further:

Check state of configuration settings:

winrm get winrm/config

Check the state of WinRM service:

winrm get wmicimv2/Win32_Service?Name=WinRM

Remote communication:

Locate listeners and addresses:

winrm e winrm/config/listener

Remote Ping:

(Successfully completing this step pretty much insure complete access to WSMan on the remote system)

Winrm id –r:machinename

Further:

Check state of configuration settings:

winrm get winrm/config -r:machinename

Check the state of WinRM service:

winrm get wmicimv2/Win32_Service?Name=WinRM -r:machinename

Sample Commands

Here are some sample commands to play with. If you cannot get the ‘Test WS-Man...' step to work, none of the steps following will work either (you're probably not using the right credentials to access the remote machine). One more caveat, the remote commands work best on domain joined machines. For workgroup machines, the WinRM service needs additional configuration.

**Note: This step verifies that you have good connectivity to the remote machine, WS-Man is running and properly configured on the remote machine, AND you have the correct permissions to fully leverage WS-Man on the remote machine. If this step fails, it's probably a permissions issue.

Advanced Concepts

URI Aliases

URI aliases can simplify the Winrm command line. The following URI aliases are supported:

wmi = http://schemas.microsoft.com/wsman/2005/06/wmi

wsman = wsman:microsoft.com/wsman/2005/06/

cimv2.9 = http://schemas.dmtf.org/wsman/2005/06/cimv2.9

cimv2 = http://schemas.microsoft.com/wsman/2005/06/wmi/root/cimv2

For example, the following command:

winrm get http://schemas.microsoft.com/wsman/2005/06/wmi/root/cimv2/Win32_Service?Name=WSMan

Gets replaced with:

winrm get wmi/root/cimv2/Win32_Service?Name=WinRM

Performing an Invoke Operation

‘Invoke’ initiates commands

winrm invoke StartService wmicimv2/Win32_Service?Name=WinRM -r:machinename @{}

This will likely return ‘ReturnValue = 10’ on a remote system where WinRM is running

WS-Man (WinRM) Architecture

The following diagram shows a high-level overview of the WS-Man (WinRM) architecture. In the diagram the 'Client' is querying the 'Server' for WS-Man information. Note that HTTP.sys and WinHTTP support the HTTP(s) transport for WS-Man, not IIS. In addition, IIS (or another web publishing service) can co-exist with WS-Man and share port 80.

Remember:

WinHTTP = Client

HTTP.SYS = Server

The Windows Remote Management architecture consists of components on the client and server computers. The following illustration shows the components on both computers, how the components interact with other components, and the protocol that is used to communicate between the computers.

Requesting Client

The following WinRM components reside on the computer that is running the script that requests data.

· WinRM application

This is the script or Winrm command-line tool that uses the WinRM scripting API to make calls to request data or to execute methods. For more information, see the WinRM Scripting API [ http://msdn.microsoft.com/en-us/library/aa384469(VS.85).aspx ] .

· WsmAuto.dll

The OLE automation layer that provides scripting support.

· WsmCL.dll

C API layer within the operating system.

· HTTP API

WinRM requires support for HTTP and HTTPS transport.

Responding Server

The following WinRM components reside on the responding computer.

· HTTP API

WinRM requires support for HTTP and HTTPS transport.

· WsmAuto.dll

The OLE automation layer that provides scripting support.

· WsmCL.dll

C API layer within the operating system.

· WsmSvc.dll

WinRM listener [ http://msdn.microsoft.com/en-us/library/aa384465(VS.85).aspx ] service.

· WsmProv.dll

Provider subsystem.

· WsmRes.dll

Resource file.

· WsmWmiPl.dll

WMI plug-in [ http://msdn.microsoft.com/en-us/library/aa384465(VS.85).aspx ] . This allows you to obtain WMI data through WinRM.

· Intelligent Platform Management Interface (IPMI) driver and WMI IPMI provider

These components supply any hardware data that is requested using the IPMI classes. For more information, see Intelligent Platform Management Interface (IPMI) Classes [ http://msdn.microsoft.com/en-us/library/aa390891(VS.85).aspx ] . BMC hardware must have been detected by the SMBIOS or the device created manually by loading the driver. For more information, see Installation and Configuration for Windows Remote Management [ http://msdn.microsoft.com/en-us/library/aa384372(VS.85).aspx ] .

References

Installation and Configuration for Windows Remote Management

http://msdn.microsoft.com/en-us/library/aa384372(VS.85).aspx

Windows Remote Management Command-Line Tool (Winrm.cmd)

http://technet.microsoft.com/en-us/library/cc781778.aspx

How can Windows Server 2008 WinRM & WinRS help you

http://windowsnetworking.com/articles_tutorials/How-Windows-Server-2008-WinRM-WinRS.html

The things that are better left unspoken Remotely managing your Server Core using WinRM and WinRS

http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2008/02/23/remotely-managing-your-server-core-using-winrm-and-winrs.aspx

Redmond Print First Look WinRM & WinRS

http://redmondmag.com/columns/article.asp?EditorialsID=2262

Otto Helweg - Management Matters A Few Good Vista WS-Man (WinRM) Commands

http://blogs.technet.com/otto/archive/2007/02/09/sample-vista-ws-man-winrm-commands.aspx

Windows Remote Management Architecture

http://msdn.microsoft.com/en-us/library/aa384464(VS.85).aspx