Zeros & Ones

What are host reserves?

 Host Reserves define how much of a host’s resources are to reserved for the host operating system. Once these reserves are configured, a virtual machine cannot be deployed on that host if doing so would require the use of those reserved resources. The host resources that may be reserved are as follows:

·         CPU Percentage

·         Memory

·         Disk Space

·         Maximum Disk I/O Per Second (IOPS)

·         Network Capacity Percentage

 Host reserves are specified on a host group basis. In addition, the group reserve settings may also be overridden on a per host basis. To specify the host group reserve settings, right click on the host group name in the Hosts pane, select Properties from the menu and click the Host Reserve Tabs in the Host Group Properties dialog as illustrated in the following figure:

What is cluster reserve ?

Depending on your needs, you can configure a cluster reserve for each host cluster that specifies the number of node failures a cluster must be able to sustain while still supporting all virtual machines deployed on the host cluster. If the cluster cannot withstand the specified number of node failures and still keep all of the virtual machines running, the cluster is placed in an Over-Committed state, and the clustered hosts receive a zero rating during virtual machine placement. The administrator can, during a manual placement, override the rating and place an HAVM on an over-committed cluster.

For example, if you specify a node failure reserve of 2 for an 8-node cluster, the rule is applied in the following ways:

·         If all 8 nodes of the cluster are functioning, the host cluster is marked Over-committed if any combination of 6 nodes (8-2) in the cluster lacks the capacity to accommodate existing virtual machines.

·         If only 5 nodes in the cluster are functioning, the cluster is marked Overcommitted if any combination of 3 (5-2) nodes in the cluster lacks the capacity to accommodate existing virtual machines.

VMM’s cluster refresher updates the host cluster’s Over-committed status after each of the following events:

·         A change in the cluster reserve value

·         The failure or removal of nodes from the host cluster

·         The addition of nodes to the host cluster

·         The discovery of new virtual machines on nodes in the host cluster

The cluster reserve is set on the General tab of the host cluster properties.

View the status of the cluster, and adjust the cluster reserve.

·         In the Cluster reserve field, specify the maximum number of node failures the cluster must be able to sustain but still keep all existing virtual machines running. If the rule is violated, the host cluster is marked Overcommitted.

 How VMM calculate Over-Committed Cluster?!!

 The VMM calculate depending on the highest VM RAM, i.e.. If you have 10 VMs with different RAMs then VMM calculate the amount of RAM by this equation (Highest RAM in VM * N) Where N is the no of VMs in the cluster and equal 10 in our example.

Error (13803)

The cluster node failure reserve equals or exceeds the number of nodes in cluster <Cluster Name>

Recommended Action

Specify a cluster node failure reserve less than the number of nodes in the cluster and then try the operation again.

this is another thing.. due to the fact that building Hyper-V cluster using one physical and one virtual node is not valid (Sure this make no sense). As the VMs cannot failover to the virtual node.

After the Hyper-V role is installed , When you try to create a new virtual machine, it fails to start with the following error:

The virtual machine could not be started because the hypervisor is not running.

Cause: Hardware virtualization or DEP was disabled in the BIOS.

Resolution: Enable Hardware virtualization or DEP in the BIOS. In some cases, the server needs to be physically shutdown in order for the new BIOS settings to take effect.

What is the DEP ?!!! Data Execution Prevention (DEP) is a set of hardware and software technologies that perform additional checks on memory to help protect against malicious code exploits.

Hardware-enforced DEP marks all memory locations in a process as non-executable unless the location explicitly contains executable code. One kind of malicious code attacks tries to insert and run code from non-executable memory locations. DEP helps prevent these attacks by intercepting them and raising an exception.

Hardware-enforced DEP

Hardware-enforced DEP marks all memory locations in a process as non-executable unless the location explicitly contains executable code. A class of attacks exists that tries to insert and run code from non-executable memory locations. DEP helps prevent these attacks by intercepting them and raising an exception.

Hardware-enforced DEP relies on processor hardware to mark memory with an attribute that indicates that code should not be executed from that memory. DEP functions on a per-virtual memory page basis, and DEP typically changes a bit in the page table entry (PTE) to mark the memory page.

Processor architecture determines how DEP is implemented in hardware and how DEP marks the virtual memory page. However, processors that support hardware-enforced DEP can raise an exception when code is executed from a page that is marked with the appropriate attribute set.

Advanced Micro Devices (AMD) and Intel have defined and shipped Windows-compatible architectures that are compatible with DEP.

Beginning with Windows XP SP2, the 32-bit version of Windows uses one of the following:

·         The no-execute page-protection (NX) processor feature as defined by AMD.

·         The Execute Disable Bit (XD) feature as defined by Intel.

To use these processor features, the processor must be running in Physical Address Extension (PAE) mode. However, Windows will automatically enable PAE mode to support DEP. Users do not have to separately enable PAE by using the /PAE boot switch.

Note Because 64-bit kernels are Address Windowing Extensions (AWE) aware, there is not a separate PAE kernel in 64-bit versions of Windows.
For more information about PAE and AWE in Windows Server 2003, click the following article number to view the article in the Microsoft Knowledge Base:

283037  (http://support.microsoft.com/kb/283037/ ) Large memory support is available in Windows Server 2003 and in Windows 2000

Benefits

The primary benefit of DEP is that it helps prevent code execution from data pages, such as the default heap pages, various stack pages, and memory pool pages. Typically, code is not executed from the default heap and the stack. Hardware-enforced DEP detects code that is running from these locations and raises an exception when execution occurs. If the exception is unhandled, the process will be stopped. Execution of code from protected memory in kernel mode causes a Stop error.

DEP can help block a class of security intrusions. Specifically, DEP can help block a malicious program in which a virus or other type of attack has injected a process with additional code and then tries to run the injected code. On a system with DEP, execution of the injected code causes an exception. Software-enforced DEP can help block programs that take advantage of exception-handling mechanisms in Windows.

For more information Check Microsoft KBs

http://support.microsoft.com/kb/912923

http://support.microsoft.com/kb/875352/

http://blogs.technet.com/askcore/archive/2009/02/16/top-issues-for-microsoft-support-for-windows-server-2008-hyper-v-q2.aspx

I saw this error before in establishing many failover clusters , In the validation phase of the cluster nodes everything went fine except the IP configurations part.

I made sure that all network drivers are static and the binding is right. But the error keep appearing every time I validate the cluster.

I found that one of my network drivers has APIPA IP although I haven’t

I run ‘ipconfig /all’ from the command prompt. You might have noticed a few extra interfaces, but not really understand what they are. I suspected that those NICs are the problem so open the server manager to see what I get. I saw that there is many drivers under Network adaptors

There I found driver called Teredo tunneling pseudo-interface

Teredo is an IPv6 transition technology that provides address assignment and host-to-host automatic tunneling for unicast IPv6 traffic when IPv6/IPv4 hosts are located behind one or multiple IPv4 network address translators (NATs). To traverse IPv4 NATs, IPv6 packets are sent as IPv4-based User Datagram Protocol (UDP) messages. For more information check Microsoft network part here

Teredo is enabled by default in Windows Server 2008.

To pass the validation wizard just disable Teredo tunneling pseudo-interface on the cluster nodes