Zeros & Ones

My team were trying to implement VMM R2 in multiple domains topology. They installed VMM R2 on windows 2008 R2. We start by implementing VMM 2008 R2 and SSP (Self Service Portal)on Domain A.

We have users from domain A and B. Ans one way trust relationship between those domain from domain A to B.  i.e Domain A trust users from domain B.

This scenario was designed so that users from Domain A, B would have the capability to deploy new VMs using Web interface (SSP).

The installation went fine with local admin account (Domain user from domain A with local admin privilege) and I am able to see all users from Domain A and B and add them to Self Service portal users role.

The problem that users from domain B can’t log in to SSP while users from domain A can.

As per Microsoft Technet

Does VMM support cross-domain authentication?

Yes. Kerberos authentication is a prerequisite for VMM. To configure your environment to allow users in one Active Directory Domain Services (AD DS) domain to access VMM resources in another domain, you can either ensure that both domains are in the same forest or configure a forest-level trust relationship and use Kerberos authentication. To set up a forest-level trust relationship, both domains must be in Windows Server 2003 forest mode. Windows 2000 Server does not support forest-level trusts.

So this was the first problem.. VMM should use Kerberos authentication while my one way trust was External ( NTLM ).. My domain are above 2003 so I delete my old trust and create new forest one way trust again.

Now VMM should work but Opsssss it did not ?!!!!!!

As per Microsoft technet it should work fine but nothing worked at all. After some digging with the trust we found it. it has to be 2-way forest level trust between the two domains. :S

And we got confirmation from Microsoft:

Based on this finding, I fully analyze all internal Kerberos traffic again and the two trust is required from SSP.

1. if we only configure one-way trust from SCVMM server domain to user domain, the DC in SCVMM domain will be able to establish secure channel with user domain and get the trust TGT ticket. Thus we can configure SSP and choose user from trusted domain.

2. However, when user accesses SCVMM portal from trusted domain, because it is one way and there is no trusted account for user domain in SCVMM domain, the user cannot get trusted TGT ticket and thus the user cannot get session ticket to access SSP.  The accessing will fail back to NTLM by SCVMM DC contacts DC in user domain for NTLM authentication.

According to authentication requirement for SCVMM, we need configure two-way trust so that user can get session ticket to access SSP in other domain.

So… to have users from different domain we need configure two-way trust so that user can get session ticket to access SSP in other domain.

This one is funny..Source

Well, the title says it all. If the host you’re trying to install SCVMM on has a name that contains “-SCVMM-” in upper case letters, setup fails with Error 257.

Example: MUC-SCVMM-1

Resolution: Use a slightly different name, like “MUC-SCVMMR2-1″ or “MUC-SCVmm-1″,

The reason is that the uppercase string “-SCVMM-” is used internally for host cummincation by SCVMM.

Cheers

Robert

Source

I’m re-blogging here. Over at Virt Planet blog, Jim wrote the following:

This week Microsoft is launching a comprehensive solution to help customers implement cost effective, end-to-end site recovery programs. Built on proven capabilities in Windows Server 2008 R2 and the System Center management suite, Microsoft is helping IT Professionals leverage Windows Server Hyper-V and Failover Clustering along with tools like Virtual Machine Manager to deliver cost effective site recovery.

The Microsoft Site Recovery Solution ecosystem is ramping with a broad range of storage replication partners like Double-Take Software, EMC, HDS, HP delivering solutions that take advantage of the Microsoft Cluster Resource DLL. With cluster integration IT Professionals can deploy streamlined and operationally effective site recovery.

You can learn more about the Microsoft Site Recovery Solution by joining the Microsoft team and Enterprise Strategy Group on Thursday, November 5^th at 10:30am Pacific for a webcast Building Effective and Highly Available Disaster Recovery Solutions Using Microsoft Virtualization This webcast looks at key drivers for site recovery solutions and reviews practical deployment considerations (you can view the recorded version of the webcast after the 5^th). Microsoft and select partners will also be demonstrating Site Recovery Solutions at TechEd, so if you plan to be in Berlin during the week of November 9^th, make sure to stop by the Virtualization Solutions kiosk in the Technical Learning Center.

Patrick

Sometimes you may face a problem like failed job of VM creation, like this One

Hello everyone,
I created 2 Ms in windows 2008 R2 (Core and full installs). After that I used SCVMM 2008 R2 to sysprep and save the VMs in the library. The process ended ok. After that I tested the deployment process which fails with an weird error (something like it is not possible to access the WAIK dll… or something like that), after this error I tested WAIK and everything appeared ok, so I decided to remove the 2008 R2 VMs from the library and then try repeat the process, now I get the Job error for each machine in the sysprep faze:

Error (802)
The VirtualHardDisk file W2008r2disk1 is already in use by another VirtualHardDisk.

Recommended Action
Wait for the object to become available, and then try the operation again.

In SCVMM I see the machine with the icon as if it was in progress but the only option that I have is to retry the job that also fails with the error:

Error (682)
A template cannot be created from virtual machine W2008r2.

Recommended Action
Stop or shut down the virtual machine, and then try the operation again.

Since that I know that I don’t have any VDH with the same name in the library, I guess this is information is on the DB somewhere

Any clues where this may be??

This was solved by using Windows Powershell commands

Try going into powershell interface and running the following command:

PS C:\> $VM = Get-VM -VMMServer VMMServer1.Contoso.com | where { $_.VMHost.Name -eq “VMHost01.Contoso.com” -and $_.Name -eq “VM01″ }
PS C:\> Remove-VM -VM $VM -Force

Source: Hyper-V notes from the field

In a large SCVMM environment we noticed that the SCVMM Service (vmmservice.exe) allocates lots of memory (>4GB).  You may notice that you are unable to create new console sessions or existing sessions lose their connection when all available memory is used. This is not a leak as the memory is freed over time.

The reason for this allocations was the large number of jobs that had run in the past. By default SCVMM keeps the last 90 days in the Database and the Console shows this in the Jobs  pane. In the title area you can see the number of jobs in brackets. In the customer case we had almost 10.000 jobs.

The problem can be solved by setting a shorter history with the following registry key:

HKLM\Software\Microsoft\Microsoft System Center Virtual Machine Manager Server\settings\sql
DWORD Value: TaskGC
Enter the history length in days. (e.g. 7)

SCVMM starts a maintenance procedure with this number of days every 20h. You may not see a complete reduction immediately, as the maintenance procedure limits itself in the number of objects it deletes in one run. So you may need to monitor this for some days.

Cheers

Robert

Microsoft Hyper-V : Scalable, Native Server Virtualization for the Enterprise

Microsoft just published a Lab Validation Report for Windows Server 2008 Hyper-V, which was written by Enterprise Strategy Group.  This report goes over the installation and configuration of Windows Server 2008 Hyper-V and management of those servers with Virtual Machine Manager 2008.

The report reviews the performance of Windows Server 2008 Hyper-V in comparison with physical systems.

Performance

In this section, we’ll take a look at the results of ESG Lab testing of the performance of applications running on a physical server and on a Hyper-V virtual machine.

ESG Lab Testing

ESG Lab used four real-world application workloads to evaluate the physical and virtual performance of Microsoft Windows 2008 Data Center Edition R1:

1.  Application Install:  a timed installation of Visio 2007 using a distribution image stored on a network

attached shared drive within a private network.

2.  Directory level copy:  a timed copy an 860 MB directory with 2,014 files to a temporary directory.  The c:\windows\win32 directory was copied to a temporary directory on the same C: drive.

3.  Subsequent copies:  the directory level copy was repeated with much of the IO activity happening in cache. The average of three cached copy operations was recorded.

4.  SQL query:  a long running SQL select statement using a 25,000 row production database from ESG’s

internal IT operation was timed.  The SQL query performed a join of three tables. The average duration of three select statements was recorded.

The HP blade server used for this test was equipped with four 2.2 GHz dual-core AMD Opteron processors and eight gigabytes of RAM.   Comparing physical and virtual performance on the same server was accomplished after a reboot with Hyper-V role enabled and disabled.   During the virtual server testing, the server was configured with a  single virtual server, which used nearly all of the physically available hardware resources (all eight CPU cores, seven out of eight GB of RAM).

Physical and virtual testing was performed within a 40 GB logical C: drive.  The C: drive was built using a single LUN presented by a FC attached HP MSA storage array with six 15K SAS drives configured as a single RAID-5 group (5+1).

The Hyper-V C: drive was configured as a basic virtual hard disk (VHD).  The results are shown in Table 1.

Table 1. ESG Lab Performance Results

What the Numbers Mean

It took five minutes and 52 seconds to install an application on the physical  server running Windows 2008 Data Center Edition SP1   It took six minutes and nine seconds to install the same application on the same hardware running the same operating system running within a Hyper-V enabled virtual machine  The difference in performance is relatively low (4.8%) The directory level copy and subsequent copies were also relatively low (7.1% and 3.0% respectively)  A long running Microsoft SQL query took 12.7% longer when running in a virtual server  The manageably low performance impact of Hyper-V won’t be detected by the vast majority of end-users and applications

To determine the domain functional level, Windows Server 2003 uses a combination of two attributes stored in Active Directory. To determine the forest functional level, Windows Server 2003 uses a single attribute.
To verify the forest and domain functional level by using ADSIEdit.msc:

1. Open a Run command, and type ADSIEdit.msc
2. Expand the Domain object, right-click domainname (where domainname is the distinguished name of the domain that you want to check), and then click Properties.
3. Under the Attribute column, scroll until you locate the msDS-Behavior-Version attribute. Check the value of this attribute.
4. Check the value of the nTMixedDomain attribute on the domain object. The following table provides the details for both attributes for the domain functional level.

To verify the forest functional level, expand the Configuration object, and  then expand the CN=Configuration,forestname object (where forestname is the  distinguished name of the forest).

Right-click the Partitions container, and then click Properties. Locate the  msDS-Behavior-Version attribute, and check the value of this attribute. The  following table provides the details for the attribute for the forest  functional level.

Source: Microsoft Corporation

This one was a little bit new for me, About 6 months ago one of my customers told me that some times his new virtual Domain Controller is giving a negative ping results.

This DC was working fine and it was new installation Windows server 2003 Domain Controller. Every 5 minutes it reports an event 1054 saying that it cannot find the domain controller name.

Event ID: 1054
Source: Userenv
Type: Error
Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted). Group Policy processing aborted.

everything was fine and SRV and DNS records are created fine, Clients can logon and access the server with no problem and the group policy is being applied correctly.

As per Microsoft KB This behavior may occur if the address for the configured preferred DNS server on the client is invalid or unreachable. but everything from the client side is fine as expected.

That is odd. I was sure that no problem with the system at all. After some time searching for that I start to suspect the hardware or the network and Bingoooo I was right

Problem now resolved via a HP support article below

SUPPORT COMMUNICAT

“Intelligence is the ability to hold two opposed ideas in the mind at the same time” –F. Scott Fitzgerald

There have been lots discussions lately about what’s happening around Citrix XenServer. Perhaps too many. For what it is worth, I was one of the people discussing this on the net (Twitter, Blogs etc) with some other folks. I originally drafted a blog post when Citrix bought XenSource but it never made it (officially because I was busy, unofficially because I couldn’t figure out “why”).

I think that what it is happening is pretty clear at this point. The market landscape is being consolidated with Oracle acquiring VirtualIron as well as the “Sun Xen thing” within the overall grand plan of the acquisition (of the remaining) of Sun. All these solutions have hardly, in the past few years, managed to make a difference in the industry and their names were floating around more with the hope that VMware could feel more pressure and competition, and hence lower the prices. In the meanwhile, VMware increased their price which speaks for itself.

This is leaving (apparently) the x86 virtualization market with 3 relevant viable alternatives that are VMware, Microsoft and Citrix. I have always said this is going to be a two-horse race and I still stand behind this statement. The first horse is VMware and the second horse is what I call Microtrix ™. There have been a nice Twitter discussion a few days ago on why Citrix bought XenSource and the future of it etc. This was my tweet in the discussion which, in a way, summarizes my thinking:

Source