Failure installing VMM2008

When installing the server component of Microsoft System Center Virtual Machine Manager 2008, you may come across the following error:

Microsoft System Center Virtual Machine Manager 2008 installation did not complete successfully. Review the error log for information, and then try Setup again.
ID: 205. Details: Fatal error during installation

Virtual Machine Manager Server installation did not successfully install. All items that were copied during the installation process have been removed, however some required prerequisite software is still present on the machine. It is not necessary to remove the remaining software before you run Setup again. But you can uninstall the prerequisite software by going to Add or Remove Programs.
For error details, click the Error tab.

The ServerSetup.log file also references error 1603 in various places. This is caused by name resolution (DNS lookup) failures. Examine your DNS configuration for any or more of the following errors:

• Misconfigured TCP/IP settings
• Primary DNS is misconfigured on the VMM server
• The VMM server is unable to resolve the DC by name
• The VMM server does not have a record in DNS
• The DC is unable to get proper name resolution of the VMM server
• Incorrect DNS forwarding
• DNS is not functioning correctly on the DNS server

Once the errors have been corrected, reinstall the VMM server component.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

Can my system support Hyper-V?

This is a common question. Hyper-V requires three things: processor virtualization support, BIOS virtualization support and Windows Server 2008 with Hyper-V.

Processor virtualization is provided by Intel (Intel VT) and AMD (AMD-T) processors. You can check each of these websites to see if a processor supports virtualization. AMD offers an AMD Virtualization™ Technology and Microsoft® Hyper-V™ System Compatibility Check Utility that will tell if the installed AMD CPU supports it.

BIOS virtualization support, however, can be dicey. Normally, a BIOS manufacturer will offer the ability to turn virtualization on or off -- but not always. I have a Dell Dimension E521, for example, that doesn't offer virtualization configuration. Thankfully, it's enabled by default in this BIOS.

So how do you tell if your machine will support Hyper-V? Well, the easiest way by far is to use a utility by Gibson Research called SecurAble. This handy little program will quickly tell you if your computer is 64bit, running hardware DEP and is virtulization capable.

Note that SecurAble will report that Hardware Virtualization is "No" if you run it on a Windows Server 2008 computer that has the Hyper-V role installed. This is because Hyper-V capability is "hidden" once it's installed. See the Virtual PC Guy's WebLog for more details about this.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

New Microsoft Hyper-V Virtualization Unleashed Book

I'm pleased to announce that I will be a co-authoring a new book, Microsoft Hyper-V Virtualization Unleashed, with Rand Morimoto, Ph.D. Rand is president, CEO and owner of Convergent Computing (CCO), the consulting services company I work for.

The content will cover Hyper-V planning and design, installation of Hyper-V, and getting into the management, administration and support of Hyper-V, including the new System Center Virtual Machine Manager 2008. This book is scheduled for completion this summer and will be on store shelves worldwide once VMM2008 ships, which will likely be end of the summer.

I've been a contributing writer for several other books including Exchange Server 2007 Unleashed and Exchange Server 2003 Unleashed, and most recently was the technical editor for Windows Server 2008 Unleashed. This will be the first time my name will be on the outside cover of a book, so it's rather exciting!

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

Hyper-V Integration Components For Windows 2003 SP1

Well, kinda.

Big Red Disclaimer: The steps listed here are not supported by Microsoft (or me). I've tested it several times and have not found any issues. If it doesn't work for you - well, sorry.

The Integration Components for Hyper-V RC0 are only avaialable for Windows XP 32-bit with SP3 or later, Windows Server 2003 with SP2 or later, Windows Vista 32-bit with SP1 or later , all versions of Windows Server 2008 and, just recently, Linux.

So what do you do if you want to virtualize a Windows 2003 SP1 server? After all, you may have a legacy application that won't run on SP2 and one of the hopes of virtualization is to move these servers off of dedicated hardware. Here's how to do it:

• Gather your CDs. You'll need the following:
• Windows 2003 Server CD (RTM or SP1 - make sure it doesn't have SP2 slipstreamed into it)
• Windows Server 2003 SP2 upgrade CD or ISO (available here from Microsoft)
• Create a new Windows 2003 virtual server using the Hyper-V New Virtual Machine Wizard
• Upgrade the virtual machine to SP2 using the SP2 CD or ISO.
• From the Hyper-V Action menu, insert the Integration Services Setup disk and install the Integration Components. The installation will require a restart when it's complete.
• After the restart, uninstall Windows Server 2003 SP2 using Add or Remove Programs in Control Panel. The uninstall will warn you that KB943295 and the Integration Components may not work if you continue the uninstallation. Click Continue.
• Restart the virtual machine to complete the uninstallation.

Now you have a Windows 2003 VM with SP1 which runs the Integration Components! You can use this base image to make as many servers as you like. Be sure to use a tool like NewSID to generate unique SIDs for each clone, otherwise you'll run into problems in a domain.

Note: I haven't tested this for Windows Server 2003 RTM, Vista RTM or Windows XP RTM/SP1/SP2, but I expect it will work. Please post a comment if you have success or failure.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

Windows Server 2008 Upgrade Complete

In a previous post I mentioned that I was going to upgrade my network to Windows Server 2008. Well, I've completed the upgrade and it ROCKS!

I now have a single W2K8 Enterprise server running Hyper-V RC0. This server hosts two guests, one x86 domain controller and one x64 Exchange 2007 server running ForeFront Security for Exchange Server. The host server is running this blog as well as Exchange 2007 Edge services. The performance is outstanding! Much better than my old x64 Windows 2003 host running VMware.

The Exchange Team posted a great article, Speeding up installation of Exchange Server 2007 SP1 Prerequisites on Windows Server 2008. It offers XML files that configure the Windows Server 2008 prerequisites for Exchange 2007 SP1. While it wasn't that difficult to install everything manually, it would have saved some time for me if I had this before my upgrade.

Last night I completed the upgrade and decommissioned the old W2K3 DC, Exchange and Edge servers.

Please let me know if you have any issues with the blog. The migration went very smooth and I don't anticipate any problems.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

Getting Networking to Work in Hyper-V Beta

First, I thoroughly recommend reading Ben Armstrong's article, "Understanding Networking in Hyper-V," for an explanation of how networking changes on a Hyper-V enabled host. He explains that the real NIC on the host is converted to a virtual network switch and a new virtual NIC is created on the host to access the network using the virtual switch.

Sometimes networking doesn't get setup properly on the host when the Hyper-V role is installed. Here's how to fix it:

When networking is not configured properly after Hyper-V is installed, you'll see only the one physical adapter in Network Connections (assuming, of course, that you have only one network adapter).

1. Open network properties of the NIC and uncheck all the connections on the adapter (Client for Microsoft Networks, IPV4, IPV6, ...everything) and click OK. Obviously, this will disrupt network communication to and from the server, so plan this work accordingly.

2. Click Virtual Network Manager in the Hyper-V console and create a new external network bound to the real NIC. This will convert the real NIC on the host to a Microsoft Virtual Switch and create a new virtual NIC for the host to use for its network adapter (see step 4).

3. In each Hyper-V guest, select the External Virtual Network for the VM's network adapter.

4. Back on the host, you will now see two NICs in the Network Connections window. Local Area Connection (the original real NIC) is now a Microsoft Virtual Switch and is using only the Microsoft Virtual Network Switch Protocol. You will also see a new virtual NIC (usually named "Local Area Connection 3," in my testing). I've renamed it here to Virtual Local Area Connection.

5. Open the properties of the new virtual NIC and re-IP it to it's original static IP address.

6. Verify that the host has network connectivity, and then check your VM guests for connectivity.

Let me know if this helps you.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

You can't get there from here...

This weekend I'm starting the migration of my production network from Windows 2003 servers running VMware for virtualization to Windows Server 2008 with Hyper-V.

I have it all planned out like this:

• Clone my existing W2K3 VMware VMs (DC and E2K7) to a USB drive


• Convert the VMware VMs to VHDs using System Center Virtual Machine Manager 2007


• Mount the VMs on my new isolated W2K8 host; test


• Create a new W2K8 DC VM to upgrade the domain


• Create a new W2K8/E2K7 VM and migrate all the mailboxes to it


• Decommission the W2K3 DC and E2K7 VMs


• Test the new environment


• Move my blog and websites to the new W2K8 host


• Turn off my old W2K3 box and re-IP the W2K8 server with the W2K3 server's IP. This will put it into production.


• Test the web, Exchange, OWA environment again


• Drink a beer to celebrate. OK, there might be some pre-celebration drinking throughout the process...

By following this plan, I'll minimize downtime to a few minutes and I'll always be able to roll back to the old server simply by turning it back on.

Sounds like a good plan, but here's why it won't work -- the only tool that can convert VMware VMs to VHDs is Virtual Machine Manager 2007 (Hyper-V can't do this on its own), but VMM 2007 can't create or convert x64 VMs. Both my DC and E2K7 server are 64-bit, so at this time there's no way to get there from here. I only wish I'd have remembered this before I spent 4 hours configuring the VMM2007 server and domain. Doh!

By the way, the failure I got during the x64 VM conversion was on step 1.5, "Make operating system virtualizable." This happened right after the plug and play system reported it was "Installing Microsoft Virtual Server Storage devices."

Microsoft Virtual Machine Manager 2008 is expected to create and convert 64-bit guests, but the earliest bits whon't be available for it till around March.

So, my updated migration plan is this:

• Clone my existing W2K3 VMware VMs (DC and E2K7) to a USB drive as backups


• Build a new Windows Server 2008 Hyper-V host


• Introduce a new W2K8 DC Hyper-V guest into the domain


• Create a new W2K8/E2K7 Hyper-V guest


• Configure a new Edge server on the W2K8 host


• Migrate all the mailboxes from the old E2K7 server to the new one


• Decommission the W2K3 DC and E2K7 VMs


• Test the new environment


• Move my blog and websites to the new W2K8 host


• Turn off my old W2K3 box and re-IP the W2K8 server with the W2K3 server's IP. This will put it into production.


• Test the web, Exchange, OWA environment again


• Commence said beer drinking celebration

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

DEP and Virtual Machines

Data Execution Prevention (DEP) is a security feature included in all versions of Windows since XP SP2. It’s intended to prevent an application or service from executing code from a non-executable memory region. This helps prevent certain exploits that store code via a buffer overflow, for example.

DEP runs in two modes: Hardware-enforced DEP for CPUs that support it, and software-enforced DEP for CPUs that don’t. Software DEP is performed by the operating system, and as such, has a (small) performance hit.

It may make sense to disable DEP in virtual machines (especially test VMs) to eek out a little more performance. Read on for an explanation of how to do this.

Software DEP configuration is controlled through switches in the Boot.ini file.

There are four options to set the DEP mode are:

• OptIn - Enables DEP only for OS components, including the Windows kernel and Windows drivers. Administrators can enable DEP for selected executable files with the Application Compatibility Toolkit (ACT).
  
• OptOut - Enables DEP for the OS and all processes, including the Windows kernel and Windows drivers. However, administrators can disable DEP on selected executable files with the Control Panel System applet.
  
• AlwaysOn - Enables DEP for the OS and all processes, including the Windows kernel and Windows drivers. All attempts to disable DEP are ignored, and all DEP configuration options are disabled.
  
• AlwaysOff - Disables DEP. Attempts to enable DEP selectively are ignored, and the DEP GUI is disabled.

In Windows Server 2008 and Vista, you use bcdedit to set the DEP mode. The DEP configuration can be viewed using the bcdedit /enum osloader /v command. To configure DEP, use the /set nx switch. For example, to set the currently booted OS to DEP AlwaysOff, you would use the command:

bcdedit /set nx AlwaysOff

You configure DEP in other operating systems from the Advanced tab Performance Settings of the System Control Panel applet.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

Eating My Own Dog Food

This weekend I upgraded my home production domain from Windows 2003 R2 (x32) and Exchange 2003 to Windows 2003 R2 SP2 (x64) and Exchange 2007. My goal was to pretend I was at a customer site and had to migrate this environment successfully to the new hardware.

My home production equipment consisted of a single Dell 4600 all-in-one box. It was a W2K3 R2 Enterprise domain controller with SP1, which also ran Exchange 2003 Enterprise SP2 and served as a DNS, WINS, WWW and file server. The server had a single Intel 2.8Ghz HT CPU, 2GB of RAM and a 160GB hard drive. My replacement server is a Dell E521 with an AMD Athlon 64 Dual-Core, 4GB of RAM and a 250GB hard drive.

Since I am still limiting myself to a single physical server, I decided to use VMware to virtualize most of my environment. All servers will run Windows Server 2003 R2 (x64) with SP2. The host server (GATEWAY) will be a workgroup server running Exchange 2007 Edge Server and VMware Workstation. The two virtual servers are DC01, a domain controller/DNS/WINS server, and EX01, an Exchange 2007 server with the Hub Transport, Client Access, and Mailbox roles. My LAN is connected to the Internet via a Netgear wireless router/firewall, as per the following diagram.

First I installed x64 Windows Server 2003 R2 Enterprise SP1 on GATEWAY and used the Microsoft Update site to install SP2, IE7, ADAM (required for Exchange Edge server) and all the critical updates. SP2 installs the Windows firewall by default, so I disabled it. Then I installed VMware Workstation 5.6. I chose Workstation since ESX will not recognize SATA drives and GSX only allows one snapshot per VM.

Next I created a base image VM using x64 Windows Server 2003 R2 Enterprise, upgraded to SP2, IE7 and all the critical updates, and disabled the firewall. I use this image to base all my servers on, which makes provisioning future servers a breeze.

I then created two new linked clone servers, DC01 and EX01 and joined them to the domain. I promoted DC01 to a domain controller and installed DNS and WINS. I installed IIS, .NET Framework 2.0 and 3.0, and the necessary patches on EX01 in preparation for Exchange 2007. I took a snapshot of both servers at this point and then began to install Exchange 2007.

Here's where it gets interesting. The Exchange 2007 setup has a lot of logic and workflow built into it. You pretty much install the DVD, answer a few questions and let it run. Setup will check that the server meets the prerequisites and pre-qualifies the environment to ensure a smooth installation. In theory. The installation went happily along updating the schema, preparing the domain and installing the server roles. But as it was installing the Hub Transport role it errored, saying that the disk could not be read and to try setup again later. It did not offer a "retry" button. The trouble turned out to be a smear of what I can only guess was macaroni and cheese on the DVD. Kids. Gotta love 'em.

So, I cleaned off the DVD and ran setup again. Now setup said that the Hub Transport role was not installed properly and to remove it first. Trouble is, neither setup or the Exchange Management Console (EMC) show that any roles have been installed, so I can't uninstall it. I'll spare you the gory details, but I tried uninstalling it using PowerShell, the switches in setup, and reverting to my snapshot. No good. I then removed the Exchange Administrative Group (FYDIBOHF23SPDLT) and Exchange Routing Group that setup automatically creates in a mixed mode environment using ADSI Edit. This let me run setup again, but now I got an error complaining that Exchange Administrative Group (FYDIBOHF23SPDLT) was missing. I recreated both the AG and RGC on the Exchange 2003 side (I had to use ADSI Edit again to rename the AG using the parentheses) and tried again. Success!

After I ensured that I had mail flow between the E2K3 and E2K7 servers, I installed the Edge Server role and Microsoft ForeFront (antivirus/antispam) on GATEWAY. This created a new RGC to the Internet on GATEWAY. I then created an EdgeSync subscription and tested it. I moved the mailboxes to EX01 and successfully tested OWA and Outlook.

Now to put it into production. I have one MX record published on the Internet for inbound email. My firewall allows SMTP port 25 and HTTP port 80 traffic to WWW (x.x.x.50). I reconfigured WWW to use a different address and configured GATEWAY to use x.x.x.50. I successfully tested inbound and outbound email and that my web pages worked properly from GATEWAY. I then reconfigured my firewall to forward SSL port 443 to EX01. Exchange setup automatically configures OWA on the CAS role to use SSL. I used ts.cco.com to look back into my OWA and successfully tested email again.

The final step was to decommission my old DC/Exchange 2003 server. There are a few steps I needed to do in Exchange 2007, such as re-home the OAB, replicate Public Folder content, etc. After that, it was simply a matter of deleting the RGCs to the Exchange 2003 AG, deleting the old AG itself, and uninstalling Exchange 2003. I'm pleased to say that the customer is very satisfied. :)

I learned a lot through this entire process. Highlights are:

• Dog food is delicious.
• Ensure your media is OK. Keep sticky fingers and food away! I was surprised at this, since setup copies the binaries to the local hard drive and re-compiles them.
• Microsoft put a lot of work into the install process, but it's not perfect. I would imagine I would have had the same problem if the DVD was ejected during setup.
• Never give up. I could have always used exmerge and rebuilt my domain, but few customers would accept this.
• 64-bit hardware, lots of RAM and VMware are "good things"
• Giving 512MB to my virtual DC and 2GB to my virtual Exchange Server yields respectable performance
• Since VM Workstation won't start as a service, I enabled auto-logon on GATEWAY and wrote a script that launches and runs my VM team
• Microsoft Forefront is still a Sybari product with Microsoft stickers on it (needs work)

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email