We are running an event this December for Microsoft Premier customers.  I'm pretty excited about it actually.  Premier Field Engineering and Microsoft Consulting Services are teaming up to present real world details on Hyper-V, System Centre Virtual Machine Manager 2008 and Application Virtualisation.  We plan on running as many demonstrations as possible during the event so death by PowerPoint should not be an issue.

This event is only open to Microsoft Premier Customers.  Contact your Technical Account Manager to reserve your place.  If you are not a Premier Customer we plan on running the event again early in 2009.  Drop me an email if you are interested in attending.

Here is the agenda for the event :

Title:  Technology Day – Microsoft Virtualisation (Level: 300)

Location

Microsoft Sandyford
Building 3, (Atrium B)
Carmenhall Road,
Sandyford Industrial Estate, Dublin 18

Training Room 5.41

Date & Time
Fri 5^th December @ 9:15

Breaks

15 mins @ 11:15 am
1 hour @ 1pm – 2pm (Lunch)
15 mins @ 3:30pm

Morning

09:30

Workshop Introduction

09:45

Microsoft Virtualisation @ Nissan Ireland
Rory Donnelly (CIO Nissan Ireland)

10:00

Virtual Data Centre :

Microsoft Server Virtualisation and System Centre Virtual Machine Manager
Gavin McShera, Victor Arzate Rodriguez and David McCormick

This session is aimed at providing skills to deploy and administer a Virtualised Data Centre, using Microsoft Server Virtualisation products and System Centre Virtual Machine Manager 2008.

Content:             

Hyper-V Architecture

• Understand the architecture behind Windows Server 2008 Hyper-V and Hyper-V Server.
• Learn how to increase uptime, by understanding what is happening under the covers of Hyper-V.

Getting to grips with Server Core Hyper-V and Hyper-V Server

• Understand the process of enabling Hyper-V on Server Core including enabling remote management.
• Understand the best practices for management and delegation.
• Learn from our experience of deploying Hyper-V Server Core.

Performance Best Practice & High Availability

• Understand Hyper-V Performance Best Practices – The big 4: Disk, Memory, Network & Processor.
• Understand Failover Clustering Best Practices, Server Core hosts & Management.

Managing Hyper-V

• Learn how to effectively manage Hyper-V hosts in an enterprise deployment using SCVMM 2008.
• Understand SCVMM design considerations and best practices.

Deploying and Migrating to Hyper-V

• Understand various methods of virtual machine deployment, including with SCVMM 2008.
• Learn about some common migration routines.

Afternoon

02:15

Application Virtualisation with Microsoft App- V (formerly Softgrid)
Alan Stone and Paul Devlin

This session introduces Microsoft Application Virtualisation and provides notes from the field with real world scenarios

Content:    

• An overview of the App-V technology
• How App-V can mature the IT Environment

Notes from the Field

• How App-V helped a customer overcome application delivery challenges
• Benefits to mobile workers
• Application Compatibility
• Sequencing Recipes best practices

Application Virtualisation 4.5 What does the future hold?

• Integration with the System Centre family of products
• New Deployment methods for Virtualised applications
• Asset intelligence & App-V 4.5

03:45

Open Discussion – Q & A

Single Sign On for Windows XP Clients

Single Sign On (SSO) to Windows Server 2008 (W2K8) Terminal Services uses the Credential Security Service Provider (CredSSP).  CredSSP delegates credentials to defined target servers and is native to Windows Vista.  Windows XP SP3 includes CredSSP but it is not enabled by default.  Windows XP SP2 clients can still connect to W2K8 Terminal Services but users will be prompted for credentials upon establishing the first session.  Having to enter your username and password ruins the RemoteAPP experience.  So what do you need to get your Windows XP client seamlessly connecting to a W2K8 Terminal Server?

• Windows XP SP3
• Remote Desktop Connection (RDC) 6.1 (Part of SP3)

KB951608 explains the CredSSP for Windows XP SP3 in detail.

Once you have SP3 installed you need to make the following changes:

Client side:

• Enable CredSSP
• Configure Single Sign On for credential delegation
• Define target servers

Server side:

• Modify RDP protocol settings

Enable CredSSP

The CredSSP settings have to be APPENDED to the existing parameters.  See KB951608.  Appending to existing keys could prove time consuming if you have a lot of clients.  Here is a script written in VBS that may make automating the task a little easier.

Disclaimer: Do not blindly run these scripts without testing first.  Make sure you take a backup of the registry!

Const HKEY_LOCAL_MACHINE = &H80000002

strComputer = "."

Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")

‘strKeyPath = "SYSTEM\CurrentControlSet\Control\Lsa"

strValueName = "Security Packages"

oReg.GetMultiStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,arrSecurityPackages

For Each strValue In arrSecurityPackages

if lcase(strValue) = "tspkg" then intTSPKG = 1 ‘ Set a flag to say that value already exists

Next

if intTSPKG <> 1 then ‘Value doesn’t exist so lets create it

intNewArraySize = Ubound(arrSecurityPackages) + 1

reDim Preserve arrSecurityPackages(intNewArraySize) ‘Resize the array for new value and keep existing values

arrSecurityPackages(intNewArraySize) = "tspkg" ‘ Add the new value

oReg.SetMultiStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,arrSecurityPackages

End if

strKeyPath = "SYSTEM\CurrentControlSet\Control\SecurityProviders"

strValueName = "SecurityProviders"

oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue

intResult = InStr(strValue, "credssp.dll") ‘Will return position found in string

if intResult = 0 then ‘Position of 0 means string not found

strValue=strValue & ",credssp.dll"

oReg.SetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue

End if

Configure Single Sign On and define target servers

The following registry changes enable CredSSP for the default credentials.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation]

"AllowDefaultCredentials"=dword:00000001

"ConcatenateDefaults_AllowDefault"=dword:00000001

The following registry changes define the target servers.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation\AllowDefaultCredentials]
"1"="TERMSRV/*"

You can explicitly name your terminal servers e.g. :

• TERMSRV/myserver.mydomain.com : A specific server
• TERMSRV/*.mydomain.com : All servers in mydomain.com
• TERMSRV/* : All servers

RDP Protocol changes

You have to make some changes to the default RDP protocol settings on your server in order to allow Windows XP SP3 clients connect.

Open Terminal Server Configuration snap-in and modify the RDP connection properties as follows:

Note that the tick has been removed from the "Allow connections only from computers running Remote Desktop with Network Level Authentication".  I have the Encryption level set of Client Compatible but there is no reason why you cannot use High.

Make sure that the Use client-provided log on information radial button is selected.

You should now be in a position to make use of the SSO functionality from your Windows XP clients.  However, there is a KB titled When you enable SSO for a terminal server from a Windows XP SP3-based client computer, you are still prompted for user credentials when you log on to the terminal server which comes with a patch.  During my testing I did not come across this problem ... but I figured it was worth noting.

Over the past week or so Microsoft have clarified the support statement for server products running in virtual environments.  The most significant announcement was the Server Virtualisation Validation Program (SVVP).  To quote "The Server Virtualization Validation Program (SVVP) is open to any vendor who delivers a virtualization machine solution that hosts Windows Server 2008, Windows 2000 Server Service Pack 4 and Windows Server 2003 Service Pack 2 and subsequent service packs. The virtualization solution can either be hypervisor-based or a hosted solution. The program enables vendors to validate various configurations so that customers of Windows Server can receive technical support in virtualized environments. Customers with validated solutions will benefit from the support provided by Microsoft as a part of the regular Windows Server technical support framework."

The participating vendors (at time of writing are):

• Cisco Systems, Inc.
• Citrix Systems, Inc.
• Novell, Inc.
• Sun Microsystems
• Unisys Corp.
• Virtual Iron Software
• VMware, Inc.

The SVVP does not mean that Microsoft support the products from the vendors listed above.  The SVVP means the validated third party product provides a suitable environment upon which the Microsoft operating system can run.  If you think about it, the SVVP is very similar to the hardware certification for Microsoft operating systems.

Now that you know the supportability of your Microsoft operating systems turn your eyes to the support statements for Microsoft server software. Microsoft server software and supported virtualization environments. 

You'll find statements for :

• Microsoft Application Virtualization (App-V)
• Microsoft BizTalk Server
• Microsoft Commerce Server
• Microsoft Dynamics AX
• Microsoft Dynamics CRM
• Microsoft Dynamics NAV
• Microsoft Exchange Server
• Microsoft Forefront Client Security
• Microsoft Intelligent Application Gateway (IAG)
• Microsoft Forefront Security for Exchange (FSE)
• Microsoft Forefront Security for SharePoint (FSP)
• Microsoft Host Integration Server
• Microsoft Internet Security and Acceleration (ISA) Server
• Microsoft Office Groove Server
• Microsoft Office PerformancePoint Server
• Microsoft Office Project Server
• Microsoft Office SharePoint Server and Windows SharePoint Services
• Microsoft Operations Manager (MOM) 2005
• Microsoft Search Server
• Microsoft SQL Server 2008
• Microsoft System Center Configuration Manager
• Microsoft System Center Data Protection Manager
• Microsoft System Center Essentials
• Microsoft System Center Operations Manager
• Microsoft System Center Virtual Machine Manager
• Microsoft Systems Management Server (SMS)
• Microsoft Visual Studio Team System
• Microsoft Windows HPC Server 2008
• Windows Server 2003 Web Edition
• Microsoft Windows Server Update Services (WSUS)
• Windows Web Server 2008

Licensing changes:

There are plenty of posts on the interweb that show you how to mount and unmount vhds via powershell.  I downloaded the Hyper-V PowerShell management library from CodePlex.com here as created by James O'Neil.  In it he kindly provides two scripts (mount-VHD.ps1 and Unmount-VHD.ps1) along with a REG file.  Assuming you have PowerShell 1.0 installed (available feature in Windows Server 2008) these scripts and registry settings work fine. 

I ran into problems once I downloaded and installed the Windows PowerShell 2.0 Community Technology Preview (CTP).  Powershells execution policy wouldnt let the scripts run anymore.

You can change the executionPolicy a number of ways:

Registry:  

HKLM\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell

Change the key: REG_SZ ExecutionPolicy to Unrestricted

PowerShell:

set-executionpolicy unrestricted

Note: By changing the execution policy you are technically opening your system up to remote execution of PowerShell scripts from unsigned/untrusted sources.  I want to be able to mount vhds easily coz Im a lazy kinda guy.   Im running Hyper-V on my laptop so Im not too concerned about security in this instance.  You should think carefully about making this change in a production environment.

The second thing I noticed was that the registry settings provided by James no longer worked.  So I came up with a slight modification as follows:

 Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Virtual.Machine.HD]

[HKEY_CLASSES_ROOT\Virtual.Machine.HD\DefaultIcon]
@="%SystemRoot%\\system32\\imageres.dll,26"

[HKEY_CLASSES_ROOT\Virtual.Machine.HD\shell]
@="Mount"

[HKEY_CLASSES_ROOT\Virtual.Machine.HD\shell\Mount]

[HKEY_CLASSES_ROOT\Virtual.Machine.HD\shell\Mount\command]
@="cmd /k \"powershell -NoProfile -Command \"& 'c:\\Program Files\\Hyper-V\\Mount-VHD.ps1' '%1'\"\""

[HKEY_CLASSES_ROOT\Virtual.Machine.HD\shell\Unmount]

[HKEY_CLASSES_ROOT\Virtual.Machine.HD\shell\Unmount\command]
@="cmd /k \"powershell -NoProfile -Command \"& 'c:\\Program Files\\Hyper-V\\Unmount-VHD.ps1' '%1'\"\""

[HKEY_CLASSES_ROOT\.vhd]
@="Virtual.Machine.HD"

I've used cmd/k instead of cmd/c so I can see what the PowerShell script reports when its finished along with a couple of changes to get PowerShell to accept the string after the -Command.

Now all is great in the land of Hyper-V on my laptop.

Where is the cluster log in Windows 2008 ?

This short answer is its no longer there. On our Windows 2008 cluster node if we navigate to %systemroot%\system32\LogFiles\Cluster your wont find the cluster.log file anymore.

Why ? Its been replaced by a much more sophisticated event based tracing system.

The Vista\Windows Server 2008 Event Model is the next generation of Windows Event Logging and replaces the current version of the Event Log shipped in Microsoft® Windows® 2003 Server, Microsoft® Windows® XP, Windows 2000, and previous versions of Microsoft® Windows NT®.

The new model is a major update to the NT Event Log service. It maintains 100% backwards compatibility with the existing APIs and functionality and fully leverages the existing NT Event Log instrumentation in the applications and services. At the same time, it eliminates some of the limitations of the NT Event Log and provides additional features to better support monitoring and diagnostics of Windows applications, services, components, and drivers.

In a future post I will go through the new Logging and tracing features for clusters in Windows 2008 but for now lets look at how to get access to the old familiar cluster.log file.

Here's how to go about it.

1.   Go to a command prompt

2.  Type "Cluster /Cluster:yourclustername log /gen /copy "C:\temp". You should get output as follows

3. Navigate to the c:\temp directory and there you will find the .log files for each node of your cluster.

The cluster log can now be opened in Notepad.

Please note that you need to run this command after each change as its not dynamically updated like the old .log file.