I recently presented in the MicroWarehouse and Microsoft Ireland road show to Irish Microsoft partners on the topic of the Cloud OS, comprised of Azure, Windows Server 2012 R2, Hyper-V, and System Center 2012 R2. You can find the slide deck below.
Category: ISA
KB2927313–Hyper- VM Won’t Start Because The Security ID Structure Is invalid (0x80070539)
Microsoft posted a new support article for when a virtual machine cannot start – The security ID structure is invalid (0x80070539). This affects Hyper-V on WS2012, WS2012 R2, Windows 8 and Windows 8.1.
Symptoms
Starting an imported virtual machine under Hyper-V sometimes fails with an error message that states “The security ID structure is invalid (0x80070539)”.
Cause
This issue is caused when a virtual machine is moved from one environment to another, and Hyper-V cannot remove an invalid security ID from the virtual machine configuration as part of the import operation.
Resolution
A user can reset the state of security IDs in the virtual machine configuration by adding a new, valid user ID. To do this, you will need to:
- Open an administrative PowerShell command window
- Run: Grant-VMConnectAccess -VMName "Name of VM that is not starting" -UserName "Domain and username of the current user"
The virtual machine should now be able to start successfully.
Technorati Tags: Windows Server 2012 R2,Windows Server 2012,Windows 8.1,Windows 8,Hyper-V,Virtualisation
Failed to load ClusterAwareUpdating module on "<Node Name>"
I did a rebuild of the Hyper-V hosts in the lab at work last week. I pushed out a bare metal install of the new ISO for WS2012 R2 with “The Update” (April 2014). I used SCVMM 2012 R2 UR1 to push out the image to the iDRAC cards on the Dell R420 hosts. Afterwards I used SCVMM to cluster the two hosts.
I don’t like SCVMM’s patching system – it’s very SMS 2003 R2, requiring waaaay too much clicking every month. I much rather use Failover Clustering Cluster Aware Updating (CAU). I fired up Failover Cluster Manager (FCM) on my central administration machine, and tried to configure CAU self-updating. And I couldn’t because I kept getting this error:
Failed to load ClusterAwareUpdating module on "<Node Name>"
Hmm. It took me a moment or two, and then I knew what was wrong. SCVMM enable Hyper-V OK. And it enables Failover Clustering. But SCVMM does not install the Remote Administration Tools … and that means the PowerShell module for Failover Clustering was missing from both of the hosts. There was no way to configure CAU on the hosts because the requierd PowerShell cmdlets were missing.
Into Server Manager and I enabled the following feature: Remote Server Administration Tools > Feature Administration Tools > Failover Clustering Tools. Now the cmdlets were there and CAU was fine.
Dear SCVMM, please enable the administration bits (or give us an option to do it) when you enable roles/features. Your patching sucks and FCM is much better at it.
KB2937634 – Hyper-V Host Unable To Reconnect To WS2012 SOFS After Unplanned Failover
Microsoft has released (another) update overnight (what a week!!!) that deals with a Hyper-V scenario. This one is for when a Hyper-V host may be unable to reconnect to the Windows Server 2012 Cluster Scale-Out File Server (SOFS) share after an unplanned failover of one of the SOFS nodes.
Once again, this is niche. I’ve done many graceful and ungraceful shutdowns of SOFS nodes (both virtual and physical) over the past 18 or so months and not seen this issue.
Symptoms
Consider the following scenarios.
Scenario 1
- You deploy file storage by using Failover Clustering Scale-Out File Server shares in Windows Server 2012.
- An unexpected error causes the Cluster service process (clussvc.exe) to stop.
In this scenario, you may receive I/O errors instead of failing over to a working cluster node.
Scenario 2
- You deploy Windows Server 2012 Hyper-V hosts that run virtual machines that are stored on Failover Clustering Scale-Out File Server shares in Windows Server 2012.
- An unplanned failover causes the Scale-Out File Server to move to another node.
In this scenario, the Hyper-V host may be unable to reconnect to the share. This causes the virtual machines to become unresponsive and to enter a critical state.
A supported hotfix is available from Microsoft Support.
KB2918371 – Scheduled Backup Of Hyper-V Fails With Event ID 517 & Error 0x80780049
This new article from Microsoft refers to “Windows Server Backup running on the host operating system”, but I cannot say if this issue affects third party backup tools, DPM or not. REPEAT: DO NOT ASK ME – ASK MICROSOFT. Very often Microsoft has a bad habit of stating that a backup fix is for a scenario featuring a Microsoft backup product, but it really affects any tool backing up Hyper-V.
Symptoms
Consider the following scenario:
- You have a Windows Server 2012 hyper-v host and a Windows Server 2012 guest virtual machine (VM).
- You start Windows Server Backup on the host operating system.
- You click Backup Schedule to start the backup schedule wizard and then click Next.
- You select Custom on the Select Backup Configuration tab and then click Next.
- You click Add Items, select host component and the guest VM, and then complete the wizard.
- You restart the host operating system.
In this scenario, scheduled backup fails with event backup ID 517 and error 0x80780049.
“The Update” fixes this issue for Windows Server 2012 R2 Hyper-V and Windows 8.1 Client Hyper-V. A hotfix is available for Windows Server 2012 Hyper-V and Windows 8 Hyper-V.
If the problem is limited to Windows Server Backup then it will typically affect just small installations (1 or maybe even 2 hosts) and labs.
Technorati Tags: Windows Server 2012 R2,Windows Server 2012,Windows 8,Windows 8.1,Backup,Hyper-V,Virtualisation
KB2905249 – "0x8007007A" Error When You Live Migrate A VM On WS2012 Or WS2012 R2 Hyper-V
I’ve done LOTS of live migrations since the beta of WS2012 and through WS2012 R2, and I’ve put the hosts under significant pressure. I can’t say I’ve seen the issue that is discussed & fixed in this new article by Microsoft where a "0x8007007A" error occurs when you migrate a virtual machine that’s running on Windows Server 2012 R2 Hyper-V or Windows Server 2012 Hyper-V.
Symptoms
Consider the following scenario:
- You have two Hyper-V hosts that are running Windows Server 2012 R2 or Windows Server 2012.
- You use the Live Migration feature in Hyper-V to migrate a virtual machine from one server to another.
In this scenario, the migration fails. Additionally, a "0x8007007A" error that resembles the following is logged in the System log:
Log Name: System
Source : Microsoft-Windows-Hyper-V-High-Availability
Event ID: 21502
Level : Error
Message :Live migration of ‘VM_Name‘ failed.Virtual machine migration operation for "VM_Name‘ failed at migration source ‘Node_Name‘. (Virtual machine ID VM_GUID) Failed to save the virtual machine partition state: The data area passed to a system call was too small. (0x8007007A). (Virtual machine ID VM_GUID)
To resolve this issue in Windows Server 2012 R2, install update 2919355 (“The Update” via Windows Update). To resolve this issue in Windows Server 2012, install the Microsoft supplied hotfix.
KB2928439 – VM Network Fails If “Minimum Bandwidth Weight” Is Enabled On WS2012 Hyper-V
Microsoft has published a new KB article for when a Hyper-V virtual machine’s network connection fails if the "minimum bandwidth weight" setting is enabled in Windows Server 2012. The scenario where this happens is very niche (negligent bad practice, one might argue).
Symptoms
Consider the following scenario:
- You have Virtual Machine Manager for Microsoft System Center 2012 installed on a Windows Server 2012 Hyper-V host.
- You add a third-party virtual network switch extension to System Center 2012 Service Pack 1 (SP1) Virtual Machine Manager or to System Center 2012 R2 Virtual Machine Manager.
- One of the following conditions is true:
- You apply the MinimumBandwidthWeight setting to the network of a Hyper-V virtual machine.
- You use the System Center Virtual Machine Manager "high bandwidth adapter" or "medium bandwidth adapter" native port profile.
In this scenario, external communication from the virtual machine network fails.
A supported hotfix is available from Microsoft Support.
ISA 2006 – Better Than ISA 2000/2004?
ISA 2004 was a considerable improvement over ISA 2000. It was more secure, feature rich and much easier to configure. I find it funny now that I had trouble getting used to how easy it was to configure 2004 as opposed to 2000.
ISAServer.org posted an article on why you should consider ISA 2006 and why it is better than ISA 2000/2004. Given how quickly it followed the 2004 release, I wouldn’t have thought there was much time to make signifcant improvements. Microsoft proved me wrong. It’s a good read and anyone using or considering ISA should give it a read. It would appear that ISA 2006 provides the most benifit to anyone using it to publish function rich web services thanks to new features such as:
- Web Farm Load Balancing.
- Forms-based authentication support for all Web Publishing Rules.
- Kerberos Constrained Delegation.