Month: August 2009

When Will I Upgrade My Hyper-V Cluster?

I’m eager to upgrade our Hyper-V cluster to Windows Server 2008 R2.  I’ve been chatting with Hans Vredevoort (aka @hvredevoort on Twitter) about this subject this morning; he’s a HP blade and EVA user like me.  There’s a number of things I need to wait for before touching a production system:

  1. Windows Server 2008 R2 management packs for Operations Manager 2007 R2.  I’m not holding my breath.  Some of the W2008 management packs took a year to be released.  I’ll be happy to upgrade when the OS pack is out.  I don’t need IIS packs to upgrade the Hyper-V hosts.
  2. Support for the servers from HP.  This is both for drivers and for monitoring via OpsMgr.  HP Proliant Support Pack (PSP) 8.30 will give us support.
  3. Virtual Machine Manager (VMM) 2008 R2.  This was RTM’d yesterday but won’t be available to download for production usage until October 1st.
  4. HP EVA support: I use blade fibre channel mezzanine cards with MPIO to connect to our EVA SAN.  We boot from SAN and run VM’s on the SAN.  Until we get MPIO drivers for W2008 R2 from HP I can’t do anything.

I saw a page on the HP website that said they would have support for Windows Server 2008 R2 once it was “released”.  I’m led to believe that “released” means generally available.  GA is October 22nd, 2009.

Once we get all that I can proceed with the upgrade.  Hans posted a good and detailed blog post on the subject yesterday based on his experiences.  The short story is for a two node cluster:

  • Deploy VMM 2008 R2 to manage Hyper-V.
  • Quick migrate all VM’s to node 1.
  • Evict node 2 and disconnect VM/cluster storage from it.
  • Rebuild node 2 with Windows Server 2008 R2.
  • Set up Hyper-V and a new cluster on Windows Server 2008 R2.
  • Configure a CSV (cluster shared volume) on the new cluster with new disk.
  • Use VMM 2008 R2 to migrate VM’s from the old cluster to the new cluster.  I’d test this with test VM’s first and then wait a few days before progressing.
  • Once all VM’s are moved, destroy the old cluster and rebuild node 1 with W2008 R2/Hyper-V.  There’s maybe an opportunity here to recycle disk as you free it from the old cluster.
  • Add the host 1 to the new cluster.
  • Test everything!

Check the post by Hans for much more detail.  He has had a chance to actually do this process so he’s got a lot more notes to take care of.

Yes, I know – it’s a messy upgrade.  I hope it’s something MS figures out how to make simpler for future upgrades.  BTW, in-place upgrades are NOT supported in clusters.

MDT 2010: “Upgrade” From XP to Windows 7

I’ve just wrapped up doing some work with Microsoft Deployment Toolkit 2010 Beta 2.  I was looking for a way to migrate from XP to Windows 7.  The process would be something like:

  • Capture the user state of the XP machine
  • Format the disk
  • Deploy Windows 7
  • Restore the user state

I kept looking for a difficult answer and it just wasn’t working for me.  I was about to give up for the night when I had a peek at the default task for deploying an operating system.  After toying around with task sequences for a week I was getting to grips with the basics.  I couldn’t believe what I was seeing.  This default task sequence would do everything I wanted and more:

  • Driver injection
  • Application installation
  • Patching

Impressive!  I fired up my XP VM and ran the LiteTouch script from the deployment share on the MDT server.  It started up the MDT GUI and asked me a few questions.  I answered them an sat back.  In less than 20 minutes I had a Windows 7 VM that had all of the user data that was previously on the XP VM.  Perfecto!

I’m rebuilding the server with MDT 2010 RC now.  This continues to be much simpler than I was expecting.  I keep looking for hard ways to do things only to find the solution is simple.

Blackberry Users Block Up 15 Extra Work Hours Per Week

That’s what Silicon Republic is reporting this morning in a published paper from America.  Why the big deal?  It’s important for companies to ensure that their employees (a) have a work/life balance and (b) don’t exceed the legal number of work hours per week.

I used to have an XDA as a phone/email device when I worked in the finance industry.  I came to hate the thing.  I remember it ruining time off from work.  For over a year it made my life miserable.  No matter where I was, I was reachable.  Then in 2005 I went to Canada on a road trip around the west.  I left the XDA in a drawer.  Within 24 hours the battery of the XDA was flat and the config was lost.  It stayed that way when I left the company 3 months later.  I was much happier during those 3 months than I had been since getting the XDA.

Using MDT 2010 To Upgrade From XP to Windows 7

Microsoft has posted two videos that you can download.  The first shows how to set up the beta 2 build of the Microsoft Deployment Toolkit.  The second shows how to do a migration from XP to Windows 7.

Yes; that’s a migration.  You cannot do an in-place upgrade.  The migration uses a light-touch approach to capture the user state, replace the operating system and restore the user state.  A prepared image can be deployed, containing all of the required applications.  Your task sequence (that does the work) can be configured to perform other post-install steps.

If you want a zero touch approach then look at ConfigMgr with the latest service pack for Windows 7 support.

Windows Server 2008 R2 Hyper-V Configuration Limits

Microsoft has recently updated a TechNet page to illustrate the configuration limits of Hyper-V in W2008 R2.

Last week, I was asked by a local IT magazine to compare the limitations of VMware vSphere 4 to Hyper-V.  But not the hosts; the virtual machines, i.e. how many processors, disks and RAM could I assign to a VM on either platform.  I put together the numbers.

So for example, a VM in Hyper-V can have up to 4 processors and 64GB of RAM VS 8 processors and 255GB RAM on vSphere.  At first impressions: WOW!  VMware tramples all over Microsoft.

Hold on, let’s get real.  How many VM’s have I ever run that needed that config?  ZERO.  The most RAM I’ve put in a VM is 8GB.  The most virtual processors was 2.  If I needed 8 cores and 64GB of RAM I’d question if the VM should be a VM at all!

OK, there’s cases where it would but they are rare.  Microsoft runs MSDN/TechNet on Hyper-V and those specs were high.  Maybe you might have 1 VM per host for DR reasons: the VM is more portable and easier to replicate than a physical machine.

But in the real world, most of us rarely have servers with huge needs.  The only servers I’ve run with lots of RAM were Citrix/Terminal Servers and there’s a loss of performance for larger implementations if virtualised.

I don’t really care about those max limits for VM’s.  They’re theoretical to me.  I’m not going to get in any slagging match over them: I’ll leave that to the sort of person who debates the merits of Picard VS Kirk 😉

Using Microsoft Deployment Toolkit 2010

I set up MDT 2010 Beta (from Microsoft Connect) tonight for the first time on some Hyper-V virtual machines.  The idea is to get to a point where I can take an XP PC, capture the user state, deploy Windows 7 and restore the user state.

My first experience with MS’s advanced OS deployment tools was back when Windows Server 2003 SP2 was in beta/RC stages.  I was researching WDS to write a whitepaper for this blog.  I downloaded the BDD and quickly abandoned it.  It was a circular maze with no start point.  It was awful.  I know that the Deployment team got feedback that they had produced less than stellar documentation.  I personally think that was part of the problem with businesses not accepting Vista with open arms.

I need to say here that I have never used MDT before.  I’ve only ever seen deployment MVP, Rhonda Layfield, demo it.

So I downloaded the tiny MDT 2010 installer.  Of course, it needs the humungous WAIK for Windows 7/Windows Server 2003 ISO (I think it’s 1.6GB now).  I also needed the Windows 7 ISO.

I set up 3 VM’s:

  • A DC running DNS and DHCP
  • A MDT server
  • A blank PC

I installed WAIK and MDT 2010 on the MDT server.  Nothing went wrong there.  I fired up the Workbench.  It’s pretty simply laid out.  Documentation is the first thing you see – INCLUDING a start up guide for a lab! *round of applause *

Steps to configure MDT to do a simple Lite Touch deployment:

  • Create a MDT deployment share: this creates a set of folders in the share and in the workbench.  There are tasks associated with the folders.
  • Import the OS image: provide the DVD and point at the root.
  • Import your drivers: I had extracted the CAB from the Hyper-V Integration Components ISO into the C:Temp folder.  I pointed at this.  All the drivers were imported.  Do this for your PC and laptop (and server because you can deploy a server OS using MDT too!) drivers.
  • Create a task sequence: This is the set of steps that will be performed.  I went with the “Standard Client Task Sequence” to test out my implementation.
  • Update the deployment share: This creates Lite Touch boot image WIM’s and ISO’s for each of the supported CPU architectures.

I then took the ISO for my OS architecture (x86) provided it as media for the blank PC VM hardware configuration and booted it up.  I was asked to pick a task (e.g. deploy and OS), log in, pick a task sequence and then sit back.  Windows 7 was installed and then logged in automatically.

I reckon I could have alternatively taken my boot image WIM and stuck it up on a WDS server … that’s next in the lab.  I also want to go ahead and extend this:

  • Capture a Windows 7 OS image with all the typical office apps.
  • Create a task sequence to: 1) capture an XP user state 2) deploy my captured Windows 7 image and 3) restore the captured user state.

I’ll update the blog as things progress.

Technorati Tags: ,

 

del.icio.us Tags: ,

Cisco Also Sucks

I tried to access our Cisco support account today which is registered using my email address.  I couldn’t remember my password so I did the “reset password dance”.  That’s where things went wrong.  I entered my email.  This is where it all went wrong.  Normally what happens here is that the system checks to see if the email is valid.  If so, it’s either sent a new temporary password or a link to a one-time-only reset URL.  There’s nothing insecure about that: the email is a valid user so what’s wrong with them knowing their own password?

This is where Suckso, sorry, Cisco disagrees.  They sent me an email to tell me what my email address was.  [sarcasm] MAGNIFICENT! [/sarcasm].  To reset my password they gave me a URL.  I followed that.

It went on to ask me some security questions to which I had not set answers for.  How could that be optional?  Back to the email.  I was told to email a certain address if I did not have the answers to the optional security questions.

I did and here was the response:

“Dear Cisco Customer,

For Security Reasons noone in CISCO has any Access to your Password or Security questions. If the online Password reset does not work for any reason including but not limited to forgotten answers to security questions you will unfortunately have to register a new account.

Kind regards,

Francis Veltman
Cisco Frontline
Working Hours:
mon-fri: 7am-4pm GMT”

What? I should contact them so they could tell me that they would not help me?  Cisco … YOU SUCK!

RDP Certificate Expired

We had a customer report an issue with a hosted server last night.  They were trying to RDP in to a hosted Windows Server 2008 machine from Vista PC’s and we’re not able to.  XP clients were fine.  Here’s the error they got:

“Remote Desktop cannot connect to the remote computer because the authentication certificate received from the remote computer is expired or invalid”.

Windows is trying to make RDP secure, doing all sorts of mutual authentication things with x.509 certificates.  The solutions I first saw were to renew a certificate from the PKI.  Huh?  This is a workgroup machine in an isolated/firewalled network.  No go there sunshine!

The solution was to fire up the Certificates snap-in in MMC on the server for the local computer, browse to Remote Desktop and delete the certificate.  This was because the cert was expired.

Alternatively you can change the security of RDP from “SSL (TLS 1.0)” or “Negotiate” to “RDP Security Layer” to instruct RDP to abandon the certificate.  This is done in the properties of RDP in the Terminal Services Configuration MMC.

If the cert wasn’t expire then you should check that the time was correct on both the client and the server.