MVP Carsten Rachfahl Visits & Interviews Me On Networking & Storage in Windows Server 2012

Last month Carsten (MVP – Virtual Machine) & Kerstin Rachfahl (MVP – Office 365) visited me in my home town. Apart from a short visit to the historic center & a sushi diner amongst friends we also did an interview where we discussed our ongoing Windows Server 2012 Hyper-V activities. We’re trying to leverage as much of the product we can to get the best TCO & ROI and as early adopters we’ve been reaping the benefits form the day the RTM bits were available to us. So far that has been delivering great results. Funny to hear me mention the Fast Track designs as a week later we saw version 3 of those at MMS2013. The most interesting to me about those was the fact that the small & medium sizes focus on Cluster in a Box and Storage Spaces!

While we were having fun talking about the above we also enjoyed some of the most beautiful landmarks of the City of Ghent as a back drop for the interview. It was filmed in a meeting room at AGIV, to whom I provide Infrastructure services with a great team of colleagues. Just click the picture to view the video.

You can also enjoy the video on Carsten’s blog http://www.hyper-v-server.de/videos/interview-mit-didier-van-hoye-ber-seinen-storage-netwerk-und-mehr/ All I need to do now is to arrange for Carsten to physically touch the Compellent storage I think.

PowerShell: Monitoring DrainStatus of a Hyper-V Host & The Time Limited Value of Information In Beta & RC Era Blogs

I was writing some small PowerShell scripts to kick pause and resume Hyper-V cluster hosts and I wanted to monitor the progress of draining the virtual machines of the node when pausing it. I found this nice blog about Draining Nodes for Planned Maintenance with Windows Server 2012 discussing this subject and providing us with the properties to do just that.

It seems we have two common properties at our disposal: NodeDrainStatus and NodeDrainTarget.

So I set to work but I just didn’t manage to get those properties to be read. It was like they didn’t exist. So I pinged Jeff Wouters who happens to use PowerShell for just about anything and asked him if it was me being stupid and missing the obvious. Well it turned out to be missing the obvious for sure as those properties do no exist. Jeff told me to double check using:

Get-ClusterNode MyNode -cluster MyCluster | Select-Object -Property *

Guess what, it’s not NodeDrainStatus and NodeDrainTarget but DrainStatus and DrainTarget.

What put me off here was the following example in the same blog post:

Get-ClusterResourceType "Virtual Machine" | Get-ClusterParameter NodeDrainMoveTypeThreshold

That should have been a dead give away. As we’ve been using MoveTypeTresHold a lot the recent months and there is no NodeDrain in that value either. But it just didn’t register. By the way you don’t need to create the property either is exists. I guess this code was valid with some version (Beta?) but not anymore. You can just get en set the property like this

Get-ClusterResourceType “Virtual Machine” -Cluster MyCluster | Get-ClusterParameter MoveTypeThreshold

Get-ClusterResourceType “Virtual Machine” -Cluster MyCluster | Set-ClusterParameter MoveTypeThreshold 2000

So lessons learned. Trust but verify .  Don’t forget that a lot of things in IT have a time limited value. Make sure that to look at the date of what you’re reading and about what pre RTM version of the product the information is relevant to.

To conclude here’s the PowerShell snippet I used to monitor the draining process.

Suspend-clusternode –Name crusader -Cluster warrior -Drain

Do
{
    Write-Host (get-clusternode –Name “crusader” -Cluster warrior).DrainStatus -ForegroundColor Magenta    
    Sleep 1
}
until ((get-clusternode –Name “crusader” -Cluster warrior).DrainStatus -ne "InProgress")

If ((get-clusternode –Name “crusader” -Cluster warrior).DrainStatus -eq "Completed")
{
    Write-Host (get-clusternode –Name “crusader” -Cluster warrior).DrainStatus -ForegroundColor Green
}

Which outputs

Ben Armstrong Interviewed by Carsten Rachfahl on Windows Server 2012 Hyper-V

During the 2013 Global MVP Summit Carsten Rachfahl (@hypervserver) interviewed Ben Armstrong (@VirtualPCGuy.) who is the senior program manager for Hyper-V and as such the guy who has the honorable job of herding us cats during the MVP Summit (he does an excellent job). Click the picture below to view the interview or visit Videointerview mit Ben Armstrong über Hyper-V

This interview took place at the CenturyLink Field stadium in Seattle (home of the Seahawks) where we had our little summit party and turned out to be a real gem and we have to thank Carsten for his efforts and Ben for giving the interview. Watch it all to the end to see that we’re all pretty convinced about the qualities of Windows Server 2012 Hyper-V!

My Impressions on Windows Server 2012 Hyper-V Cookbook

Having read Windows Server 2012 Hyper-V Cookbook I can safely say that if you need get up to speed with Hyper-V in Windows Server 2012 this is a great book for this purpose.

Having met Leandro Carvalho that’s not a surprise. What is pretty impressive is how he managed to get all you need to know to get going inside of one book that you can still lift with one hand. Now this is not going to make you a veteran Hyper-V enterprise architect over the weekend but it will help you get a well set up and functional Hyper-V environment running, monitored and protected. If you are already familiar with Hyper-V form previous Windows versions this book will also get you up to speed on a lot of the most important new features and improvements.

Now a mere 305 pages are not enough to go into depth on every subject but this book will make a fine learning tool to set up a lab and take your first Windows Server 2012 Hyper-V servers / clusters into production. It also tackles some of the more intimidating stuff to some people like in place upgrades of Hyper-V clusters and disaster recovery. Details like CSV cache, Port ACL and their significance in the new Hyper-V version are not forgotten. I like that attention to detail. Knowing the vastness of what’s new in Windows Server 2012 Hyper-V I’m impressed at how well organized and effective the information is presented. So if you need to get started with Hyper-V, do it here with this book. It will make for a fine foundation to build on and move on to investigate the numerous network configurations, the VHDX format, SMB 3.0 goodness etc.

Exploring Hyper-V Virtual Switch Port Mirroring

Windows Server 2012 brings us many new capabilities and one of those is port mirroring. You can now configure a virtual machine NIC (vNIC) who’s traffic you want to monitor as the source in the Advanced Features of the Network Adapter settings. The vNIC of the virtual machine where you’ll run a network sniffer, like Network Monitor or WireShark, against is set to “Destination”. It’s pretty much that simple to set up. Easy enough.

On the vNIC you want to monitor the traffic to and from the VM, under Settings, Network Adapter (choose the correct one), under Advanced Features you select “Source” as Mirroring mode. In this example we’re going to monitor data traffic to and from the guest Columbia.

On the destination VM we have a dedicated vNIC set up called “Sniffie”

On the guest VM Pegasus, where we’ll capture the network traffic via a dedicated vNIC (“Sniffie”), we set that vNIC (virtual port) to “Destination” as Mirroring node:

So now let’s start pinging a host (ping –t crusader)  on our Source VM  Columbia

And take a look on the Destination vNIC on virtual machine Pegasus where we’re capturing the traffic. The “Sniffie” NIC there is set to destination as Mirror Mode. Look at the ICMP echo reply from form 192.168.2.32 (Crusader host). Columbia is at 192.168.2.122 sending out the ICMP echo request.

Pretty cool!

Some Technicalities

So deep down under the hood, it’s the switch extension capabilities  of the Hyper-V virtual switch that are being leveraged to achieve port sniffing. This is just one of the many functionalities that the Hyper-V extensible switch enables. The Hyper-V extensible switch itself uses port ACLs to set a rule that forwards traffic from one  virtual port to another virtual port. For practical reasons translate virtual port to vNIC in a VM and this translates into what we shown above. While it’s good to know that port ACLs are what is used by the extensible switch to do enable all kinds of advances features like port mirroring but you don’t need to worry about the details to use it.

Things to note

Initially many of us made the assumption that we’d be able to sniff the traffic form a virtual port to a port on their physical switch. This is not the case. Basically, in box, it’s a source VM that mirrors it’s network traffic form one or more virtual ports (vNICs) to a destination VM’s one or more virtual ports (vNIC).

You can send many sources to one destination. That’s fine. You could also define more destinations on the same host but that’s not really wise and practical as far as I can see. All in all, you set it up on  when needed on the source VM and you keep a destination VM with a sniffer around for the sniffing.

Also keep in mind that all this works within the boundaries of the same host. Which means that if you want to monitor a VMs network traffic when it moves across nodes in a cluster you’ll have to have "destination” virtual machine on each host. This means that when a source VM is live migrated it will mirror the traffic to that local destination VM. That works.

You could try and live migrate source & destination VMs to the same host but this is not feasible in real life. For one the capture doesn’t survive after a life migration as your sniffer loses connectivity to virtual Port / vNIC.

Don’t be too disappointed about this. Port mirroring is not meant to be a permanent situation that you need to keep highly available anyway, bar some special environments/needs.

Whilst is it true that out of the box you can’t do stuff like sending the mirrored traffic form a guests vNIC/virtual port to a physical switch port where you attach your network sniffer laptop or so. If you throw on the CISCO Nexus 1000V it replaces the Microsoft in box “Forwarding Extensions” and than it’s up to CISCO’s implementation to determine what you can or can’t do. As this stuff is right up their sleeve they allow the Cisco Nexus 1000V mirrors traffic sent between virtual machines by sending ERSPAN to an external Cisco Catalyst switch. I have not had the pleasure of playing working with this.

Anyway, I hope this help to explain things a little. Happy sniffing and don’t get yourself into trouble, follow the rules.

Remote File Browsing Issue In Windows Server 2012 Hyper-V Leaves Results Pane Empty Workaround

In Windows Server 2012 the Remote File Browsing functionality for Hyper-V acts ups on some nodes indicating a problem.

You can read what “Remote File Browsing” is on TechNet here. You use it to browse the file system on a remote Hyper-V server when creating a  new VM there for example.

Remote File Browsing is a shell namespace extension implemented by Hyper-V, it provides a way to browse the folders/files on remove Hyper-V server without requiring server to open extra shell over the network.

The path "::{0907616E-F5E6-48D8-9D61-A91C3D28106D}\HYPER-V-TEST" is to tell shell (explorer or common file dialog) that it is hosting/pointing to the RemoteFileBrowsing shell namespace extension on the HYPER-V-TEST. The guid is Hyper-V remotefilebrowsing shell namespace extension GUID. However, due to the limitation on common file browser, it is not able to translated into "Hyper-V Remote File Browsing".

Now in Windows Server 2012 we sometimes see the following when we use it:

It seems to work but the result pane remains empty. The cluster is healthy, the nodes are healthy, all nodes are identically configured. Some nodes have it, other don’t. We also can’t find any errors logged anywhere.

If you try to work around it using the UNC path that will fail due to security issues later so don’t even go there

Basically we were a bit baffled (we could not reproduce it in the lab either) until we saw some posts on then forums, indicating we’re not the only one seeing this.

http://social.technet.microsoft.com/Forums/en-US/winserverhyperv/thread/608d0c3b-0a7b-4ad9-9843-5e5051dcd526

http://social.technet.microsoft.com/Forums/en-US/winserverhyperv/thread/7a34f5e1-76bc-493a-8a7a-e9f420bf6a79#d7dd4db7-d7bd-419d-aa72-b12e43cd7a5d

If you know your cluster is perfectly healthy forget all the security settings stuff and go straight to testing this “fix” or rather workaround: Toggle Audit Object Access on and off.

In our case I can confirm that these nodes had been under a group policy that audited registry entries during a period that we were trouble shooting network card settings change behavior. We had removed that policy by first reverting the settings to not configured and after some days by removing the GPO. But that didn’t work. Even with no audit policy configured we had to go to all nodes showing this behavior, opening the local Group Policy, toggling our Audit Object Access on for success,applying this and reverting this to No auditing again.

So fire up an MMC, add a snap-in

Select Group Policy Object

Accept the defaults

When don navigate to Computer Configuration -> Windows Settings -> Security Settings -> Local Policy -> Audit Policy -> Audit Object Access

Now try to use Remote Browser again (close & reopen all wizard windows and start over a new) to see the results:

Success! All is well again.

Notes:

• We only see this on systems remotely connecting to Windows Server 2012 Hyper-V nodes that are running Windows Server 2012 or Windows 8 themselves not on Windows 2008 R2 or Windows 7 with the RSAT for W2K12 installed.
• This is not related to Windows core alone due to missing GUI components or something.

E2EVC Hamburg 2012 Video Interview

In November 2012 during Experts2Experts Virtualization Conference in Hamburg a couple of fellow MVPs (Aidan Finn  aka @joe_elway, Carsten Rachfahl aka @hypervserver, Thomas Maurer aka  @ThomasMaurer) I delivered a keynote and a master class on Windows Server 2012 Hyper-V. During some down time at the conference we took the time to do some podcast interviews with Florian Klaffenbach form Dell aka @FloKlaffenbach.  We also sat down for a video interview on our beloved subject. Carsten Rachfahl was the interviewer/director and did a great job, for which I’d like to thank him in this post as he’s been doing a bunch of them over the years and it’s nice to see the results of the time he puts into them.

Subjects include converged networking, migration paths, Cluster Aware Updating and the very capable Windows 8 hypervisor we can now enjoy for free.

What New Years Gift For IT Professionals? The Windows Server 2012 Hyper-V Installation And Configuration Guide!

Aidan Finn, Damian Flynn, Patrick Lownds and Michel Luescher wrote a reference work about Windows Server 2012 Hyper-V.

I kindly suggest that you add this to your professional library as soon as possible. Unless you’re part of our IT Pro team, who’ll find a couple of copies on their desk as soon as Amazon can deliver them, you’ll need to ask Santa Claus to bring you one. If Santa Claus doesn’t like you, buy it yourself. For the help you’ll get out of this it’s a steal. You see, I know the authors and a reviser (Hans Vredevoort). And I assure you, reading what these guys have to tell on this subject is truly standing on the shoulders of giants .  Reading this book allows you to tap into their collective brainpower and knowledge on this subject, which is extensive. These guys are part of the Hyper-V community and they live in this stuff!

So if you want to learn about Windows Server 2012 Hyper-V fast and effectively grab this book (pre order it here on Amazon). It’s full of guidance, explanations, examples and scripts to get you going in the right direction from the moment you start working with Hyper-V. This is a career boosting (and protecting) guide for all of us to leverage.

Thank you guys!

Monitoring Startup,Shutdown and restart of a Virtual machine With PowerShell 3.0

During scripting some maintenance PowerShell scripts for Hyper-V guests I felt the need for a more accurate way to monitor the startup of a virtual machine. Pings, telnet to a known open port it all doesn’t do the job accurately enough as I want to know when CTRL+AL+DEL appears on the screen. So I pinged Jeff Wouters who told me I could monitor Get-VM -Name DC01 | Get-VMIntegrationService  to detect when PrimaryStatusDescription goes to “OK”.

Now when you look at the Integration services there are 5 of them.

Which one is the best to use for our purpose? Well,I tested them out and after some experimenting with the various services I concluded that the PrimaryStatusDescription of the  Key-Value Pair Exchange works best for this purpose. All others become available a bit to soon in the process of starting a VM, which seems logical.

Monitor a starting virtual machine

So how to use this in a script? We’ll here’s a snippet to monitor the boot process of a guest.

$Vm = Get-VM "MyVM"
start-VM "$Vm"
#This means the VM is now shutting down ...    
$Counter = 0
$ProgressCount = 0
Do
{    
    $Operational = Get-VM -Name $VM | Get-VMIntegrationService -Name "Key-Value Pair Exchange"
    $Counter = $Counter + 1 
    $ProgressCount =  $ProgressCount +1
    $PercentComplete = ($ProgressCount * 20)
    Write-Progress -Activity "$VM" -status "VM starting up: $Status - Progressbar indicates activity, not a percent of completion: ($Counter Seconds)"  -percentComplete ($PercentComplete / 100 *100)
    if ($PercentComplete -gt 90) {$ProgressCount = 0}
    sleep 1
}
While ($Operational.PrimaryStatusDescription -ne "OK")
$Status = (Get-VM -Name $VM | Get-VMIntegrationService -Name "Key-Value Pair Exchange").PrimaryStatusDescription
Write-Progress -Activity "VM $VM is up and running" -status "VM status: $Status - We're done here. Completed in a total of $Counter seconds."  -percentComplete (100)

 

Monitor a stopping virtual machine

Likewise, sometime we want to monitor a VM shutting down, which is the same code as above but with reverse logic.

$Vm = Get-VM "MyVM"
stop-VM "$Vm"
$Counter = 0
$ProgressCount = 0
#This means the VM is now shutting down  in the retart cycle ...    
   Do
   {            
    $Operational = Get-VM -Name $Vm | Get-VMIntegrationService -Name "Key-Value Pair Exchange"
    $Counter = $Counter + 1 
    $Status = (Get-VM -Name $Vm | Get-VMIntegrationService -Name "Key-Value Pair Exchange").PrimaryStatusDescription
    $ProgressCount =  $ProgressCount + 1
    $PercentComplete = ($ProgressCount * 20)
    Write-Progress -Activity "$VM" -status "VM shutting down : $Status - Progressbar indicates activity, not a percent of completion: ($Counter Seconds)"  -percentComplete ($PercentComplete / 100 *100)
    if ($PercentComplete -gt 90) {$ProgressCount = 0}
    sleep 1
   }
   While ($Operational.PrimaryStatusDescription -eq "OK")
   $Status = (Get-VM -Name $Vm | Get-VMIntegrationService -Name "Key-Value Pair Exchange").PrimaryStatusDescription
   Write-Progress -Activity "VM $Vm has now been shutdown" -status "VM status: $Status - We're done here. Completed in a total of $Counter seconds."  -percentComplete (100)

Monitor a restarting a virtual machine.

When in a PowerShell script you want to monitor progress of a virtual machine restarting you can combine both. You monitor shutdown and you monitor startup.

$VmThatRestarts = Get-VM "MyVM"
#Restart the VM
#This means the VM is now shutting down  in the retart cycle ...
 $Counter = 0
 $ProgressCount = 0
Do
{            
    $Operational = Get-VM -Name $Vm | Get-VMIntegrationService -Name "Key-Value Pair Exchange"
    $Counter = $Counter + 1 
    $Status = (Get-VM -Name $Vm | Get-VMIntegrationService -Name "Key-Value Pair Exchange").PrimaryStatusDescription
    $ProgressCount =  $ProgressCount + 1
    $PercentComplete = ($ProgressCount * 20)
    Write-Progress -Activity "$VM" -status "VM restarting - Shutdown phase : $Status - Progressbar indicates activity, not a percent of completion: ($Counter Seconds)"  -percentComplete ($PercentComplete / 100 *100)
    if ($PercentComplete -gt 90) {$ProgressCount = 0}
    sleep 1
}
While ($Operational.PrimaryStatusDescription -eq "OK")
$Status = (Get-VM -Name $Vm | Get-VMIntegrationService -Name "Key-Value Pair Exchange").PrimaryStatusDescription
Write-Progress -Activity "VM $Vm has now been shutdown in restart cycle" -status "VM status: $Status - VM has shut down in $Counter Seconds"  -percentComplete (100)
   
#Any thing worthwhile is worth adding 1 second of waiting for good measure  
Sleep 1

#This means the VM is now starting  ...    
$ProgressCount = 0
Do
{    
    $Operational = Get-VM -Name $VM | Get-VMIntegrationService -Name "Key-Value Pair Exchange"
    $Counter = $Counter + 1 
    $ProgressCount =  $ProgressCount +1
    $PercentComplete = ($ProgressCount * 20)
    Write-Progress -Activity "$VM" -status "VM restarting - Startup phase: $Status - Progressbar indicates activity, not a percent of completion: ($Counter Seconds)"  -percentComplete ($PercentComplete / 100 *100)
    if ($PercentComplete -gt 90) {$ProgressCount = 0}
    sleep 1
}
While ($Operational.PrimaryStatusDescription -ne "OK")
$Status = (Get-VM -Name $VM | Get-VMIntegrationService -Name "Key-Value Pair Exchange").PrimaryStatusDescription
Write-Progress -Activity "VM $VM is up and running again" -status "VM status: $Status - We're done here. Completed in a total of $Counter seconds."  -percentComplete (100)

Note that in all the above snippets  I’ve thrown some logic in to us the progress bar as an activity bar as I know of no way to calculate real % done in a startup, shutdown, restart process. It looks something like this in ISE

or like this in a PowerShell prompt

KB2770917 Updating Host & Guest Integration Services Components – Most Current Version Depends on Guest OS

As after installing http://support.microsoft.com/kb/2770917 on Windows Server 2012 Hyper-V hosts the integration services components are upgraded from 6.2.9200.16384 to 6.2.9200.16433. Windows Server 2012 guest get that same upgrade and as such also the newer integration services components. The guest with older OS version needed a different approach. So I turned to all the great PowerShell support now available for Hyper-V to automate this. Pretty pleased with the results of our adventures in PowerShell scripting I let the script go on Hyper-V cluster dedicated to test & development. As such there are some virtual machines on there running Windows 2003 SP2 (X64) and Windows XP SP3 (x86).  Guess what, after running my script and verifying the integration services version I see that those VM still report version 6.2.9200.16384 . No update. Didn’t my new scripting achievement “take” on those older guests?

So I try the install manually and this is what I get:

 

Why is there no upgrade for these guests?  Are they not needed or do I have an issue? So I mount the ISO and dig around in the files to find a clue in the date:

 

It looks like there are indeed no update components in there for Windows XP/ W2K3. So then I look at the following registry key on the host where I normally use the Microsoft-Hyper-V-Guest-Installer-Win6x-Package value to find out what integration services version my hosts are running:

 

Bingo, there it seems indicated that we indeed need version for XP/W2K3 and version for W2K8(R2)/W2K12 and Vista/Windows 7/Windows 8. Cool, but I had to check if this was indeed as it should be and I’m happy to confirm all is well. Ben Armstrong (http://blogs.msdn.com/b/virtual_pc_guy/) confirmed that this is how it should be. There was a update needed for backup that only applied to Windows 8 / Windows Server 2012 guests.  As this fix was in a common component for Windows Server 2008 and later they all got the update. But for the older OS versions this was not the case and hence no update is need. Which is reflected in all the above. In short, this means your XP SP3 & W2K3SP2 VMs are just fine running the version of the integration services and are not in any kind of trouble.

This does leave me with an another task. I was planning to do enhancements to my script like feedback on progress, some logging, some better logic for clustered and non clustered environments, but now I have to also address this possibility and verify using the registry keys on the host which IC version I should check against per OS version. Checking against just for the one related to the host isn’t good enough .