Month: January 2009

Unbinding TCP From Virtual Network Physical NIC

I’ve just realised that I’d forgotten to talk about this subject.  I remembered about it after reading Taylor Brown’s blog about unbinding TCP from the physical NIC that virtual machines are using on a Hyper-V host.

During my testing of our cluster I had to simulate a real environment.  For us, that’s lots of virtual networks that are secured using physical firewall rules.  The virtual networks are created on the physical network using VLAN’s and in Hyper-V using VLAN tagging.  We do this by tagging the virtual machine at the host level.

When I originally set up the hosts I didn’t do anything special to the local area connections in Windows networking that represent the physical NIC’s the VM’s use to communicate with the physical network.  After some testing I soon found a problem.  My host was getting DHCP addresses from one of my virtual test networks.  How in the hell did that happen?  Simple.  TCP was still bound to the physical NIC.  The NIC was on the same broadcast domain as one of the virtual networks.  That’s a serious security issue.

The solution is simple.  As you probably know, any NIC that is used for virtual networking should be dedicated purely to virtual networking.  The parent partition (host OS) should have dedicated NIC(s) for management and security purposes, e.g. different VLAN and not prone to being congested due to VM OS/application misbehaviour.  You should then unbind TCP from your NIC’s that are dedicated to virtual networking.  This in no way affects the host nor the VM’s.  And Taylor Brown also recommends unbinding any other network protocol that you happen to add to the parent partition.

Now, your host partition is completely isolated network-wise from the virtual networks that it’s guest VM’s are bound to.  This allows you to create secured VLAN’s via tagging for your VM’s, e.g. a VM can be on a network that is isolated via firewall rules from the parent partition.

Hyper-V Server 2008 R2 Beta Released

This slipped under the radar with all the hoopla for Windows 7 and Windows Server 2008 R2.  MS released a beta for R2 of the free version of their virtualisation server product, Hyper-V Server.  It adds:

  • Live Migration and clustering!!!
  • Use of up to 1TB of RAM.
  • All the other Windows Server 2008 R2 Hyper-V goodness.

The addition of clustering and Live Migration is big news.  I didn’t expect that.

Credit: Ben Armstrong.

KB959596: Fixes P2V Issues with VMM 2008

The update KB959596 fixes two problems in P2V:

"Error (3133) Virtual Machine Manager could not connect to source computer servername.domainname.com after it restarted into Windows PE (temporary computer name is p2v-ldjj). Automatic restart to the original operating system is scheduled to occur within 15 minutes. Recommended Action If servername.domainname.com does not restart in 15 minutes, manually restart it back into the original operating system using the boot menu" … during an offline P2V with a computer in a different subnet.

"VMM Cannot find VirtualHardDisk object. Ensure the library object is valid, then try the operation again. ID: 801" … you convert a physical computer to a virtual machine by using VMWare VirtualCenter and one of the disks source computer is larger than 256 gigabytes.

You can resolve these issues by downloading and installing this update.

Windows 7 Deployment

Did you know that Windows 7 beta was released publicly?  I don’t know if it was mentioned anywhere?  Oh wait, it’s mentioned everywhere!  If you’re a network admin and serious about testing or getting ready for Windows 7 then I suggest you start looking at the best ways to deploy it.  There’s a beta release of documentation for Windows Automated Installation Kit (WAIK) for Windows 7 and a walkthrough for User State Migration Toolkit (USMT).

Moving A VM With Differencing Disks

I’ve a lab machine running Hyper-V.  I’ve a number of lab machines on there, all using differencing disks.  I’m budget conscious with this machine so I use a single internal disk partition to store VM’s and the source disks for the differencing disks.

I needed to move two of these lab VM’s onto another server.  I don’t manage the lab machine with VMM (I’ve previously referred to a VMM agent refresh issue which PSS are looking into) so I did a manual move.  I set up VM’s without hard disks on the destination host.  I powered down the VM’s on the source host.

Watch out for snapshots!  I had snapshots on the lab VM’s.  Snapshots are differencing disks.  When you take a snapshot, a new differencing disk is created behind the scenes.  It uses your VM’s disk as a source disk.  All changes following the snapshot are stored in the differencing disk.  If I had copied the VHD of the VM disk to the new host server then I’d lose everything since the snapshot.  The solution?  Copy the VHD to keep it safe so you have something to rollback to (if you need to do this).  Delete the snapshot to trigger a merge.  Anything in the snapshot will be merged back into the VM’s VHD.  Now you can copy this file to the destination server …

… but not if the VM’s disk was a differencing disk!  Otherwise when you bind it to the new VM and power it up you get an alert:

"VM001: Failed to open virtual disk …. A problem was encountered opening a virtual disk in the chain of differencing disks, ….. (referenced by ….): ‘The sytem cannot find the file specified.’ (0x80070002). (Virtual machine …..)".

That appears in the event log in Application Logs and ServicesMicrosoftWindowsHyper-V-WorkerAdmin as an Error with a source of Hyper-V-Worker and an event ID of 12142.

The solution is simple.  Edit the disk’s properties on the source VM.  Edit the disk and select "Merge".  This will give you two options:

  • To the parent virtual hard disk: In this scenario you do not want to do this.  This will save changes to the source virtual disk that many of your other VM’s may be using.  Not good!
  • To a new virtual hard disk: This will create a new VHD file in a selected location.  This is the one to use in this scenario.

You now can create either a fixed size (required for production) or dynamic VHD.  This will run pretty quickly.  Once complete you can copy the VHD to your destination host server and bind it to the VM.

The Internet Is Doomed?

As you may know, the Internet exists purely because of the pornography industry *tongue in cheek*.  They’re the folks who drove multimedia, the ever increasing demand for bandwidth and push cash flow across the net.  There may actually be some grains of truth in this!

It turns out that the global recession has hit that industry where it hurts … the bank account.  I just saw on Sky News that Larry Flynt (played by Woody Harrelson in the movie) is seeking a $5 billion bailout from Congress in the USA. 

What will happen to the Internet if it’s driving force goes to the wall?  🙂  Eircom will finally have an excuse for being slow about rolling out upgrades.

Dell Transferring 1900 Jobs From Ireland To Poland

I’ve talked about this before on my blog.  In fact, I’ve been telling people this would happen since 2001 when I learned about Dell recruiting for staff to work in a new huge plant in eastern Europe.  Last year we heard rumours about Dell trying to sell their Limerick manufacturing plant.  And in the last few weeks we heard Dell corporate was having meetings about the subject of laying off 2000 Irish employees.  Of course, we had all the usual nice reaffirming promises from the government.

This morning, Dell Limerick called their staff to meetings.  In the last few minutes we heard that 1900 staff are being laid off.  Their jobs are being transferred to a plant in Lodz, Poland.  The transition will run between April and November of this year.  Dell said in a statement:

"Dell will migrate all production of computer systems for customers in Europe, the Middle East and Africa (EMEA) from Limerick to its Polish facility and third-party manufacturing partners over the next year.

Dell’s employees in Limerick will continue to coordinate EMEA manufacturing, logistics and supply chain activities across a range of functions including product development, engineering, procurement and logistics.  The company’s Global Innovation Solutions Centre and EMEA Command Centre will remain in Limerick. Dell continues its significant sales, marketing and support activities in Cherrywood, Dublin".

On the news yesterday we heard that in Limerick and the area, 15 people’s jobs rely on each job in Dell.  That’s a 1-15 impact.  1900 people just lost their jobs.  That’s 28,500 who will be affected if you believe that ratio.

I honestly don’t blame Dell or Poland for this.  I would safely bet that a huge percentage of their staff in Ireland are actually Polish.  Why hire Polish people in Ireland when you can hire them in Poland?  You pay them less, they have a relatively better standard of living and they’re happier being with friends and family.  Also, it’s easier and cheaper to ship packages across continental Europe from Poland via road/train than it is via lorry/ferry/lorry from Ireland.

Who do I blame?  Our government.  The cost of living in Ireland rocketed out of control over the last 12 years.  This has been driven by taxation, bending to the will of the construction/finance industries and costs associated with booming levels of wasteful administration and projects in the civil and public services, for example:

  • We have 2 health departments.
  • The PPARS project which is a 12+ years long SAP deployment that still doesn’t work.
  • E-Voting where every IT person in the country said the system was unusable and the machines have been in expensive  environmentally controlled storage ever since.
  • A ridiculous E-Ticketing system project that has cost over 30 million so far and it’s still only a concept.  Strangely, cities like Munich and Amsterdam have the same thing with a strip of paper and no computers.
  • Increasing public transport costs so they now cost more than using a car and paying for parking.
  • Increasing VAT (sales tax) recently when every other country has cut it to restart their economies.  Northern Ireland did well out that as seen by the 3+ our traffic jams around Newry caused by cars from the Republic.

We all know that the 3 major causes of inflation in this country have been government, housing and greedy distributors.  Want proof of the latter?  Price any electronics item in Ireland and deduct tax.  Travel up north (also on our island and subject to the same shipping costs) and compare the price.  To be fair, use a conversion rate of 1-0.70 to use sterling/euro conversion rates from before Sterling’s instability.  You’ll see that it’s much cheaper to live up North, heck anywhere!

The job scene for IT people in Ireland isn’t as good as it was.  Now there are 1900 more people on the market.  They may be manufacturing or junior IT staff but the effect of them job hunting will ripple up the chain.  I’m sure that our Tánaiste (deputy prime minister) will be on the news within the hour promising studies, retraining, etc.  Well she can go get stuffed with the rest of her waster buddies in the cabinet.

My sympathies go out to the people and families affected by today’s news.

Cannot Share ISO Using VMM 2008 And Hyper-V

Note: I’ve since blogged about a solution to this problem.  PSS gave me bad information on this one and I found a MS blog entry on how to solve it.

Virtual Machine Manager 2008 has a library where you can store VHD’s, machine templates and CD/DVD ISO images.  When you set up a VM in Hyper-V you can mount an ISO image.  Using VMM 2008 you can store these centrally and distribute them out to VM’s. 

When you look in the console and try to mount an ISO from the library in a VM’s configuration you’ll see you have 2 options:

  • Copy the ISO to the VM: This copies the ISO to the Hyper-V server in question and allows the VM to copy it.  Unfortunately, this can fail if you’ve previously mounted the ISO on a VM on that server.  That’s because the copy fails – the ISO is already there.
  • Share the ISO from the library:  The idea here is that instead of copying the ISO it is accessed over the network by the Hyper-V server … or so it would seem.

If you try the latter (which would be the preferred solution surely?) you get the following error causing the process to fail:

"Error (12700) VMM cannot complete the Hyper-V operation on the hvsvr.mydomain.local server because of the error: ‘vm001’ failed to add device ‘Microsoft Virtual CD/DVD Disk’. (Virtual machine ID 8D61046E-60DB-4B8B-8677-1FA4CE952D24)  ‘vm001’: The file ‘hvsvr.mydomain.localMSSCVMMLibraryISOavg.iso’ does not have the required security settings.

Error: ‘General access denied error’ (0x80070005). To fix the security settings, remove the device associated with this file from the virtual machine and then add it again. (Virtual machine 8D61046E-60DB-4B8B-8677-1FA4CE952D24)   (Unknown error (0x8001))   Recommended Action Resolve the issue in Hyper-V and then try the operation again".

If you go a googling you’ll find entries on the TechNet forums saying that you need to alter the CIFS delegated permissions for the computer objects in AD.  I’ve tried that, reboots and all and it fails.  You’ll find people replying with the same comments.

I asked MS and I was told by PSS (case#SRX081210600013) that ISO sharing does not work with VMM 2008 and Hyper-V.  It a security complication with Hyper-V.  I wasn’t given anything more than it’s something they’re looking at for a future release.

It’s a pity it doesn’t work.  I hope the rectify that.  For now, you’ll need to copy the ISO (before) or using the ISO mount wizard from the library.