[Updated May’09: Windows Storage Server 2008 now available to MSDN/TechNet subscribers. Checkout Jose Barreto's Blog for details.]

Familiar with Virtual Server 2005 and shared disks for creating virtual clusters?  Well its different with Hyper-V.  The shared disk option is no longer available (which I did not know when I started testing).  You have to use iSCSI instead.  Here is a step by step method for creating a fail-over cluster within Hyper-V.  Its a cheap way of setting up a test lab (assuming you don’t have access to Windows Storage server).  In this post I use StarWind to simulate iSCSI storage … its not an endorsement of the product, I just picked it from amongst the crowd.

Windows Server 2008 fail-over clusters support Serial Attached SCSI (SAS), iSCSI and Fibre Channel disks as storage options.  So, how would you go about setting up a virtual Windows Server 2008 test cluster using the new Hyper-V vitalisation product?  The method I am about to outline is a little different to what you might be used to Virtual Server 2005.  The following steps detail how I managed to setup a test cluster using simulated iSCSI storage.  Before beginning it’s worth reviewing this article that outlines the storage options that are available to Hyper-V.  By the end of this post you should have a simple two node cluster up and running using simulated iSCSI storage.

Tools for the job:

• A Windows Server 2008 server x64 server with the Hyper-V role enabled (I used a Dell Precision 390)
• One Windows Server 2008 VM to act as a Domain Controller (Clusters must be part of a domain) 
• Two Windows Server 2008 VMs to act as Cluster Nodes
• One Windows Server 2003 SP2 VM (or you could use Windows Server 2008 in a Core install to maximise VM performance)
• iSCSI Target Software: I used the StarWind product that is available as a 30 day eval.  Windows Storage Server is now available to MSDN/TechNet subscribers.
• iSCSI Initiator software (built into Windows Server 2008)

I wont go into how to create a VM but you can find more info from Virtual Guys weblog.

Before I began looking into the iSCSI simulated storage option for my cluster nodes I tried to expose a single VHD to each of my cluster nodes in the hopes that they would share it.  I didn’t get very far and was presented with the following error when powering on the VMs:

This error is by design (thanks Justin Zarb for point this out) as Windows Server 2008 Hyper-V does not support this sort of storage (see link above for Hyper-V storage options).  The above error is simply a file system error as the VHD “is being used by another process” … should have spotted that

SETTING UP THE LAB

Note: I’m assuming that you know how to install Windows Server 2003 and 2008.  I’m also assuming that you know how to install and configure a Window Server 2008 Domain Controller.  If you have any questions leave me a comment and I will see if I can point you in the right direction.

VIRTUAL NETWORK

Create the network with a connection type of “Internal Only”.  I enabled Virtual LAN identification and set the default ID to 2 as this will be my public LAN.  Setting the default to 2 means that if I dont specify a VLAN on subsequent NICs they will be classified as public connections.

VLAN ids:

• VLAN 2: Public 10.1.1.x/24
• VLAN 3: Heartbeat 192.168.1.x/24
• VLAN 4: iSCSI 192.168.2.x/24

SERVER SETUP

Tip: Be sure to rename each network card on the hosts to make identification easier.  If its the public NIC, call it public etc.

Domain Controller: dc01

• Windows Server 2008 x32 
• One VHD IDE fixed size disk 10GB
• 1 x NIC connected to my Virtual Network in VLAN 2

Network settings:

• IP Addr: 10.1.1.10
• Mask: 255.255.255.0
• Gateway: I didn’t bother setting one
• DNS: 10.1.1.10

Cluster Nodes:

• Windows Server 2008 x32
• 1 x VHD IDE fixed size disk 10GB
• 3  x NICs connected to my Virtual Network in the following VLANs
  • Public card: VLAN 2
  • Heartbeat card: VLAN3
  • iSCSI: VLAN4

Node01

Public NIC: VLAN 2

• IP Addr: 10.1.1.20
• Mask: 255.255.255.0
• Gateway: I didn’t bother setting one
• DNS: 10.1.1.10

Heartbeat NIC: VLAN 3

• IP Addr: 192.168.1.4
• Mask: 255.255.255.0

iSCSI NIC: VLAN 4

• IP Addr: 192.168.2.4
• Mask: 255.255.255.0

Note: On all NICs in VLAN 3/4 be sure to disable the Client for Microsoft Networks, disable DNS registration and disable NetBIOS.  Be sure to check your binding order too.   The public NIC should be first.

Node02

Public NIC: VLAN 2

• IP Addr: 10.1.1.21
• Mask: 255.255.255.0
• Gateway: I didn’t bother setting one
• DNS: 10.1.1.10

Heartbeat NIC: VLAN 3

• IP Addr: 192.168.1.5
• Mask: 255.255.255.0

iSCSI NIC: VLAN 4

• IP Addr: 192.168.2.5
• Mask: 255.255.255.0

Note: On all NICs in VLAN 3/4 be sure to disable the Client for Microsoft Networks, disable DNS registration and disable NetBIOS.  Be sure to check your binding order too.

iSCSI Target

• Windows Server 2003 SP2 x32 (see here for notes on W2K3 hosts in Hyper-V)
• 1 x VHD IDE fixed sized disk 10GB
• 2 x VHD SCSI fixed sized disks 1GB and 10GB for Cluster disks
• StarWind iSCSI Target Software
• 2 x NICs  connected to my Virtual Network in the following VLANs:
  • Public : VLAN 2
  • iSCSI : VLAN 4

Public NIC: VLAN 2

• IP Addr: 10.1.1.22
• Mask: 255.255.255.0
• Gateway: I didn’t bother setting one
• DNS: 10.1.1.10

iSCSI NIC: VLAN 4

• IP Addr: 192.168.2.2
• Mask: 255.255.255.0

Note: On all NICs in VLAN 3/4 be sure to disable the Client for Microsoft Networks, disable DNS registration and disable NetBIOS.  Be sure to check your binding order too.  Make sure you format and assign drive letters to the SCSI VHDs on this VM.

Setting up the Cluster

Update 17/10/2008: I've also found that using the Image Files option works quite well too.   Image files will allow you to pack more than one VM onto a disk partition.  Check out http://www.starwindsoftware.com/images/content/StarWind_MSCluster2008.pdf for more info.

Note: Check out the how to the same with Windows Storage Server 2003 R2.  http://www.microsoft.com/windowsserversystem/wss2003/productinformation/overview/default.mspx

Update May 09: Windows Storage Server 2008 has now RTM’d and is available online through MSDN and TechNet.  http://www.microsoft.com/windowsserver2008/en/us/WSS08.aspx

Configuring the iSCSI target software (Starwind)

• Install the StarWind software on your iSCSI target VM. 
• Launch the StarWind management console. 
• Under the Connections you should see localhost:3260.  Right click on localhost and select Connect.  If I remember correctly the first username and password becomes the default (which you can change later).

• Right click localhost:3260 and select add Device 
• Select Disk Bridge Device as the Device type and click next

• Select the first SCSI disk from the list (more than likely \\.\PhysicalDisk1). 

• Select Asynronous Mode and Allow multiple iSCSI connections (clustering) and click next 
• Give the disk a friendly name
• Repeat the steps to add the second disk

Adding disks to the cluster nodes

Each cluster node now needs to be connected to the iSCSI target.  Launch the built in iSCSI initiator and follow the steps below:

• If prompted to unblock the Microsoft iSCSI service always click Yes otherwise the 3260 port will be blocked. 
• Click on the Discovery tab and select Add Portal.
• Enter the IP address for the iSCSI target [192.168.2.2]

• Click the Targets tab and you should now see a list of the disks available on the target

• For each disk in the list click Log on and select Automatically restore this connection
• Click on the Volumes and Devices tab and select AutoConfigure.  You disks should now appear as Devices.
• Reboot each cluster node as you add the disks.
• Disks will be offline when you reboot.  Ensure that you bring them online in Disk Management.

When completed (and hosts connected) you should see something like this on the iSCSI target VM.

Installing the Cluster

The new fail-over cluster wizard is quite straight forward and much easier to follow when compared with Windows Server 2003.  There isn't much point in going into too much detail … you’ll find plenty of info on the web.

Here is a step by step guide to installing a two node file cluster in Windows Server 2008.

The question of how to handle virtual Domain Controllers has been around for quite some time.  The answer really depends on what product you have decided to use as your virtualisation platform: Microsoft or VMWare. Regardless of the product you have choosen, you will still have to make the same decision when it comes to Domain Controllers: How will I handle Time Synchronisation?  Before I go into the details there is one thing that both companies agree on.  Do not let your VMs use more than one method for Time Sync as this could lead to numerous time changes ... and you most definitely do not want this happening on Domain Controllers.

Right, so how do the two approaches differ?  Well, keeping in mind that both agree you should only use one method for time sync here are the two approaches:

• Microsoft: Time Synchronisation from the VM to the host via integration services or VMWare tools should be disabled for all Domain Controllers. Use the normal domain hierarchy for Domain Controllers with the exception of the PDC in the forest root.  Configure the PDC to use an external NTP source
• VMWare:    In general, VMWare recommend disabling W32time (for non DC's) and using the VMWare tools to sync time with the host. For Domain controllers they still say to use VMWare tools but instead of disabling the W32time service they recommend running the Windows Time service in a server-only mode. Additionally, install the NTP Daemon on the ESX host and have it sync with an external NTP source. 

Microsoft do not recommend sync'ing with the physical host whereas VMWare recommend that you do.  So, from a supportability stance, which option do you choose?  No surprise, but I would recommend starting with the Microsoft approach regardless of whether you are using ESX or not.  Why?  Well, from a support perspective following the VMWare approach means that you have to stop time sync from working as it should in a normal Active Directory Domain.  In short, you make your Active Directory more or less unsupportable. If you run into problems and try and open a support case, you are putting yourself at a distinct disadvantage.

References:

Considerations when hosting Active Directory domain controller in virtual hosting environments

Support policy for Microsoft software running in non-Microsoft hardware virtualization software

VMware Time Sync and Windows Time Service

Ive been asked this a number of times this past month....  How do I get the date into a filename in a batch file?

Most people try using the %date% variable.  Which will not work as you cannot have /'s in the filename.

So, try this:

for /f "tokens=1-4 delims=/ " %%i in ("%date%") do set datestring=%%i%%j%%k

You can now use %datestring%.txt as the filename

Note: The delim character changes depending on your locale.  Eg. deliims=. for Germany.  You may want to change the filename to %%k%%j%%i to get multiple logs sorted in order within Windows Explorer sorted by YearMonthDate

I was asked how to modify an INI from a script.  Its quite straight forward.  Firstly have a read of the Scripting Guy article here.  It explains the process quite well actually.  However, I wanted to go a step further and setup arguments to make the script re-useable.  So here is the modified script:

'Usage: modini.vbs <full path to ini>, Parameter to change, New Value
'Example: modini.vbs c:\folder\my.ini, Script, change

Const ForReading = 1
Const ForWriting = 2

strINIFile = WScript.Arguments.Item(0)
strParam = WScript.Arguments.Item(1)
strValue = WScript.Arguments.Item(2)

If WScript.Arguments.Count <> 3 Then WScript.Quit

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(strINIFile, ForReading)

Do Until objTextFile.AtEndOfStream
    strNextLine = objTextFile.Readline

    intLineFinder = InStr(strNextLine, strParam)
    If intLineFinder <> 0 Then
        strNextLine = strParam & "=" & strValue
    End If

    strNewFile = strNewFile & strNextLine & vbCrLf
Loop

objTextFile.Close

Set objTextFile = objFSO.OpenTextFile(strINIFile, ForWriting)

objTextFile.WriteLine strNewFile
objTextFile.Close

Here is a sample batch file calling the VBS script:

cscript //nologo modini.vbs "c:\my.ini" "Blog" "sometimes"

And thats it!  Short and sweet.

I blogged recently on “How to create a Windows Server 2008 Cluster within Hyper-V using simulated iSCSI storage”.  This is enough to get you familiar with how clusters work in Windows Server 2008.  The next logical step is to understand the high availability options available for VMs running in your Hyper-V environment.  The good news is that Hyper-V is cluster aware allowing you to use the Quick Migration functionality.  Check out the Step-by-Step Guide for Testing Hyper-V and Fail over Clustering.  It explains the requirements and takes you, as the name implies, step-by-step through the process.

I was recently asked how to modify the rdp permissions on a large number of Windows 2000 SP4 servers running in Remote Admin mode.  Well, normally Id make use of WMI and make the changes using Win32_TSPermissionsSetting class.  Unfortunatly this class is not available in Windows 2000.

To get around this issue in Windows 2000 try the following:

1. Create a domain group and manually assign the permissions to the RDP-Tcp connection on a single server
2. Export the following reg key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\Security (REG_BINARY)
3. You can now import this reg key on any number of servers across your enterprise.  Since the change was not made using the API you may have to reboot the server

There are plenty of docs and blogs out there digging deep into Hyper-V.  However, a few customers have asked a simple question: “What do I need to think about before I start testing Hyper-V?"

1. Well, first things first.  The product still hasn’t RTM’d so DONT use it for production environments … not even a little one!
2. Hyper-V only runs on x64 processors with INTEL-VT or AMD-V.
3. Pick your hardware: While it has not been RTM’d the Certified hardware list is available.  Check out Windows Server Catalog site BEFORE you make the decision to purchase hardware.  Keep an eye open for the logo below:
   
   
   
   
4. Think carefully about your storage options. Badly designed or configured storage can impact the overall performance of your virtual environment. 
5. Understand the licensing model for Virtual operating systems.  More information can be found Virtual Machine Technology FAQ.  Its important to note that regardless of what vitalization product you decide to run the licensing model is still the same.
6. Think carefully about disaster recovery.  Don’t wait until the last minute to figure out how you will manage and recover your virtual machines.  The smallest hardware failure can take down the biggest virtual environment.  Plan accordingly.

These are all very high level points so I will flesh them out over time.  Any questions, feel free to comment.

I’ve had a lot of interest in Hyper-V from customers and quite a few questions too.  One of the most common being, “Who is using it in a production environment?”.  Up until now I didn't have an answer. … but now I do.

Microsoft are now running the MSDN and TechNet sites on Hyper-V.  So, putting that in context, that’s over 4 million hits a day (1 million for TechNet and 3 million for MSDN).  This implementation also puts in context what sort of work loads Hyper-V can support.  Granted there was a performance overhead for running in a virtual environment when compared with the loads the physical boxes could handle but that’s part of parcel of virtualisation.

More info can be found on Virtualization.info or indeed on our Virtualisation blog here.

We are running a Deep Dive event in Ireland for Premier customers later this month.  Premier Field Engineers from Ireland and the UK (including David and I) will present the event.

- A Deep Dive into Windows Server 2008 –May 22^nd /23^rd Dublin

Overview Get a get a technical deep dive into Windows Server 2008 from Microsoft Premier Field Engineering (PFE).  This 2 Day Level 300 event will provide a unique opportunity exclusively to Microsoft Premier Support Customers to understand and learn the new features in Windows Server 2008. The event, delivered by few of the top Active Directory and Windows Experts at Microsoft, is packed with a deep-level of technical content, and in-depth demos of new features in Windows Server 2008

This Microsoft Tech-Event aims to deliver pure technical content to help IT Pros make decisions about how to best plan, deploy, and upgrade to a Windows Server 2008 Infrastructure.

Sessions over the 2 days Include;

· Server Core
· Hyper-V
· Networking Features
· NAP & Enforcement
· Windows Server 2008 Deployment Services
· Active Directory Real World Scenarios
· Active Directory Read-Only Domain Controllers in Your Enterprise
· Windows Server 2008 Failover Clustering

How to Register

You can register directly by clicking here. Alternatively you can contact you Technical Account Manager.

I recently gave an overview of NAP at a Windows Server 2008 event.  For the purposes of the event I focused and demo’d DHCP enforcement.  From some customers DHCP enforcement was not enough.  What about 802.1x enforcement ?  Our pals on the NAP team have already blogged this (quite sometime back) as an introduction to what the real world options are.  Check it out : NAP 802.1x enforcement.  I’d also point you in the direction of the Step by Step lab guide.

For a real world view of NAP in action with Cisco switches check out Michael Kleefs blog here.  When I asked about real world implementations Michael's demos where recommended.

While on the topic of NAP…. I was also asked about how much traffic does it generate.  Yet again Michael Kleef had the answers.

Update:  No sooner had I posted this (7 minutes after to be exact) Jeff Sigman (NAP guru) commented that he setup a rack with 10+ switches.  Check out his posting http://blogs.technet.com/nap/archive/2008/04/15/video-nap-world-tour-rsa-2008-san-francisco.aspx.  How is that for fast information update! :)

In my post yesterday I spoke about virtualisation candidates (amongst other things) and how we now know what loads and systems are viable.  Have a look at the Microsoft Assessment and Planning (MAP) tool.  Its the tool for identifying candidates.  There is also a nice video demo from Baldwin Ng, showing the tool in action.  The tool will remotely gather information regarding your enterprise without installing agents.  The MAP tool then generates a candidacy report(s) that can be used to justify the investment including the hardware requirements for your virtualisation environment. 

Note: The RTM version of MAP v3.0 only includes Virtual Server 2005.  You will need MAP v3.1 Beta for Hyper-V.  Check out this posting for details on joining the beta.  It is still worth running the MAP v3.0 against your environments as virtualisation candidates should be the same regardless.

Check out the posting on the Windows Virtualization Team blog here for more details.

As usual its a one way upgrade process.  Once you go forward there is no coming back! :)

Hyper-V RC0 to RC1 Upgrade Considerations
*Saved-state files are not supported between RC0 and RC1 releases of Hyper-V.  All virtual machine saved states should be discarded before upgrading to RC1, or prior to resuming virtual machines after upgrading to Hyper-V RC1. 

*Online snapshots contain virtual machine save-states and thus online snapshots taken with Hyper-V RC0 are not supported after updating to Hyper-V to RC1.  Either apply any online snapshots and shut down the VM or discard the virtual machine save state associated with the snapshot before or after the update to Hyper-V RC1.

*System Center Virtual Machine Manager 2008 Beta does not support Hyper-V RC1.

*New Integration Components (ICs) must be installed for your supported guest operating systems.  Integration Components are specific to the build of Hyper-V.  RC1 Integration Components for all supported Windows Operating Systems are provided using the ‘Action’ -> ‘Insert Integration Services Setup Disk’ action.

RC1 Integration Components for all supported Windows Operating Systems are now part of the IC Setup Disk.  This now includes Windows Server 2008!  Simply install the Hyper-V RC1 Integration Components for Windows Server 2008 the same way you do all other Windows ICs (‘Action’ -> ‘Insert Integration Services Setup Disk’). 
Note You need to close the found new hardware wizard before setup will begin on all Windows Operating Systems.

Improvements Over Hyper-V RC0
In addition to bug fixes and stability improvements we also made some additional changes largely based on feedback from customers, I might have missed a few I’ll add to this list if so…
   *Integration Components For Windows Server 2008 guest’s included in Integration Services Setup Disk
   *New Graphics for Hyper-V Manager and Virtual Machine Connection – including a “Now” icon in the snapshot pane
   *IPv4 Address Migration - when creating a new Virtual Network bound to an adapter with a static IPv4 address the IPv4 settings are migrated to the new virtual adapter

I'm just about to update my own Hyper-V installation so fingers crossed.

Since Vista RTM’d people have complained to me about UAC (User Account Control) and how often they get warnings and popup’s.  They just never seemed to get the point of it.  I leave it on for all my Vista machines, even the VMs and even during demos to customers.  Why?  Easy.  It protects my system from drive by style installations or modifications to my Vista machines.  Its never really proven to be a hindrance to me, even during demos.

A colleague of mine tipped me off to the following articles.

PCWorld

Reading them was quite interesting.  Tests showed that with UAC on, root kits couldn’t install themselves on Vista without alerting the user.  No silently slipping onto the OS.  However, its the comments at the end of each article that really intrigue me.  Some people think Microsoft use UAC as a way of avoiding responsibility.  Others, and rightly so in my mind, point out that the best you can do is warn/alert a user that something is attempting to modify their system … but if they don’t take the time to even read what’s on screen malware will always find its way onto a system.  Software will always have its flaws.

UAC isn’t just about stopping malware … its about protecting users from themselves.  It would appear that you can lead a horse to water but you cant’ stop it clicking continue, ok, yes I’m sure, no problem and diving right in.

Here is a great post from James O'Neill.

http://blogs.technet.com/jamesone/archive/2008/03/13/expensive-hypervisors-a-bad-idea-even-if-you-can-afford-them.asp

As Microsoft get ready with Hyper-V, VMware are beginingg their marketing blitz in an attempt to justify their pricing.  As James points out in his post you can manipulate figures to come to any conclusion you want ... even if its way off base.  Microsofts Hyper-V will cost a fraction, per socket, when compared to VMWare.  While the VMWare products are slightly more mature Hyper-V is only a small part of the Virtualisation offering from Microsoft.  Windows Server 2008 really brings Mircosoft virtual offerings to the forefront as an end-to-end solution.  Check out http://www.microsoft.com/virtualization/default.mspx for more details.