Posts Tagged ‘scvmm’

Planning for Windows iSCSI SAN boot on Private Cloud Bare Metal Hosts

Data Center Modernization has definitely reached critical mass. The message that came from TechEd 2013 was “It’s time to make Hybrid Cloud Real.” That, of course, starts with the modernizing your data center to be able to implement private clouds. On top of that, more and more data centers are migrating their hypervisors to Hyper-V in spite of the greater footprint a full Windows Server operating system has on the bare metal. The feature parity as well as cost savings that comes from Hyper-V as a feature (and the subsequent removal of the VMWare tax) offsets the hassle of the additional footprint.

Windows Server bare metal hosts running Hyper-V, like other hypervisors, support SAN boot of the operating system drive using iSCSI. It is important to realize that the iSCSI services depend on the underlying storage and iSCSI network being provisioned properly to accommodate the eccentricities of how Windows boots from SAN using network interface cards in place of traditional storage adapters or HBAs.

Understand the Supportability Parameters

The supportability of the storage support comes from the storage vendor. This also extends to iSCSI boot SAN scenarios per the KB article: Even though the article does not mention Windows Server 2012 (or R2) it is still in place. Normally, this would not be complicated but in the case of iSCSI networks, the device may likely be using a NIC to locate the storage (especially if they are actually using NAS – network attached storage – i.e. NetApp) and not a traditional storage adapter or HBA.

Slipstream your 3rd-party drivers if possible

The use of slipstreamed NIC/Storage drivers in the installation ISO will prevent any timing issues from swapping back and forth between driver media and OS media. The may be especially the case if you are controlling headless blade devices using KVM or some other solution. I have found that this resolves many of the issues outlined in this particular KB: – as well as the 0x80070057 error message when trying to format drives or create partitions during the operating system setup.

No Thin-Provisioning LUNs for the OS Boot Drive

LUNS on the NAS devices (i.e. NetApp Devices) need to be thick provisioned for the drive containing the OS instead of thin-provisioned. In addition LUNS for the host OS boot volume only should be 127GB or less. Remember this is only in the context of the LUN being used for host devices iSCSI boot volume.

Avoid using Default Gateways for iSCSI NICs

The NICs configured for the iSCSI SAN should avoid having a default gateway. This can cause issues such as slow throughput occurring during formatting of disks and the copying of files during installation. This has been an issue with the Windows iSCSI initiator in the past and has previous appeared in KB articles:

960104: If you start a system from iSCSI, the gateway specified in the iSCSI Boot solution will always be used by Windows to communicate with the iSCSI Target  

2727330: Default gateway is set to if you start a Windows Vista-based, Windows 7-based, Windows Server 2008-based or Windows Server 2008 R2-based computer from an iSCSI boot device  

In addition, the network ports connecting to the boot volume iSCSI interfaces on the iSCSI network’s switch should have ICMP redirect disabled.

If all else fails . . . revert to the old way!

If the interactive installation still fails, remember – there is the legacy way of deploying Windows Servers in an iSCSI SAN boot configuration outlined in:

VMM: Options for Offline Servicing, P2V, and Building Virtual Networks

August 23, 2014 1 comment

UPDATE: 10/21/2014: The MVMC 3.0 is now released with P2V functionality restored.

I work with SCVMM (System Center Virtual Machine Manager) frequently in many different contexts. I even do the occasional private cloud engagement specifically on VMM and Hyper-V. Most of the time however, I am using VMM in a peripheral context – be it personal lab work, proof-of-concept labs for customer or partners, etc. I have been very pleased with the evolution of Hyper-V and System Center products over the last few years. I find the largest issues that create pain points for me involve the constant need to service virtual machines, deal with physical-to-virtual conversions, and the cumbersome process of building test networks that demonstrate elements such as multi-tenancy that require me to super impose logical switches and other elements of software-defined networking on top of my switching fabric.

I field a lot of questions with regards to how to best go about these options with the most recent versions of SCVMM (particularly VMM 2012 R2.)

Virtual Machine Servicing

I don’t keep all of virtual machines running at the same time. In addition, I have many templates for which I reuse/import/export on a regular basis. In VMM 2012 there was the option of using a separate add-on utility called the Virtual Machine Servicing Tool. The problem is it only was for VMM 2012 RTM (or R1) and it does not work with VMM 2012 SP1 or VMM 202 R2. You will likely find many questions regarding this that appear in the comments section on my initial blog about the VSMT 2012 utility way back in 2012.

So with there being no newer version of VSMT for 2012 SP1 or R2 and the fact that you cannot use VSMT 2012 on VMM 2012 SP1 or R2, what are your options going forward for servicing – particularly offline servicing? You have a few options:

  • Customize a solution with DISM (Deployment Image Service and Management Toolkit) You should be very familiar with DISM as it is very useful for the consultant and IT Pro (like me) who does not always have access to System Center infrastructures. It can also be easily scripted to mount and service offline images for OS updates at the very least. You can become familiar with DISM servicing using the following link as it is a great introduction to the concept: This walkthrough tells you how to mount a virtual disk online and then apply various servicing commands using the DISM tool. You can then apply updates using the tool to apply individual Windows Update packages (.MSU’s) although this can be cumbersome for many sets of updates. This does require scripting for effectiveness but I have found that I can get away with one set per OS so long as I have access to the individual .MSU files [DISM /image:C:MyDirMount /Add-Package /Packagepath:<file_path>] This way is still way quicker than standing up a VM running WSUS, keeping it in sync and then booting up every single VM and updating it through the WSUS server. There are also additional scripts out there that work with live WSUS servers and DISM that you can also try – for example – Offline Servicing of VHDs against WSUS
  • Use Configuration Manager 2012 R2: Configuration Manager 2012 R2 has a VHD patching feature that allows you to apply software updates to VHDs that you created using task sequences. While this requires Configuration Manager, it is a great option for offline servicing. More information on this can be found here:
  • Orchestration: You can use a solution provided by a SMA (Service Management Automation) Runbook. The following blog posts talks about a feature in the gallery that allows you to automate the process of offline servicing: The specific runbook is found in the Technet gallery here:



The built-in Physical to Virtual conversion component of VMM was deprecated with the release of SCVMM 2012 R2. I wrote about this and the alternative options earlier this year: Many had hoped the feature would be included in the release of the Microsoft Virtual Machine Conversion utility (MVMC 2.0 ) but this was an erroneous speculation. P2V will be returning with the MVMC 3.0 release that will likely come later this fall. In the meantime use Disk2VHD as I mentioned in my post earlier as a viable alternative.

VMM Network Builder

Getting virtual networks set up properly in VMM and having everything in sync with the Hyper-V virtual switches, Host configurations, and the underlying switch fabric can be a cumbersome task. Up until now, I have been longing for a simplification of the process of setting up networking in VMM. Now we have the greatest single add-on utility (in my opinion) to come to SCVMM 2012: The VMM Network Builder. This is a free download that just became available from the Download Center ( This is a tool that will simplify the process of creating virtual networks that utilize VLAN isolation through VMM.

This will ensure that the Host NICs have the proper consistent settings for all of your virtual networks so all of your virtual machines will be able to be set properly to the appropriate virtual network associated with the correct VLAN. This will reduce the instances of having to troubleshoot network configuration which can be a common pain point given the many levels where things can be set incorrectly. With this utility, you can do a simple basic networking setup that can be applied to all of your hosts.

The Microsoft Virtual Machine Converter 2.0 is Now Live on the Microsoft Download Center

April 11, 2014 3 comments

UPDATE: 10/21/2014: The MVMC 3.0 is now released with P2V functionality restored.

The Microsoft Virtual Machine Converter 2.0 is available! The Microsoft Virtual Machine Converter provides a supported, freely available, stand-alone solution for converting VMware-based virtual machines and virtual disks to Hyper-V-based virtual machines and virtual hard disks (VHDs). 

There is also a release of an update to the Migration Automation Toolkit (MAT). This is a collection of PowerShell scripts that will automate conversions using MVMC.  You can use it to convert several machines at once, on a single server – or scale it out and execute conversions on many servers at the same time.

With the release, you will be able to access many new features including:

  • On-premises VM to Azure VM conversion
  • PowerShell interface for scripting and automation support
  • Added support for vCenter & ESX(i) 4.1, 5.0 and now 5.5
  • VMware virtual hardware version 4 – 10 support
  • Linux Guest OS support including CentOS, Debian, Oracle, Red Hat Enterprise, SuSE enterprise and Ubuntu.
  • Migration Automation Toolkit support for MVMC 2.0

Migration Automation Toolkit (MAT)

More Information

MVMC Converter Download

Categories: Uncategorized Tags: , , , , , , , ,

Online Event: Virtualizing Your Data Center with Hyper-V and System Center

February 15, 2014 Leave a comment

Wednesday, February 19th from 9am – 5pm PST

If you're new to virtualization, or if you have some experience and want to see the latest R2 features of Windows Server 2012 Hyper-V or Virtual Machine Manager, join us for a day of free online training with live Q&A to get all your questions answered. Learn how to build your infrastructure from the ground up on the Microsoft stack, using System Center to provide powerful management capabilities. Microsoft virtualization experts Symon Perriman and Matt McSpirit (who are also VMware Certified Professionals) demonstrate how you can help your business consolidate workloads and improve server utilization, while reducing costs. Learn the differences between the platforms, and explore how System Center can be used to manage a multi-hypervisor environment, looking at VMware vSphere 5.5 management, monitoring, automation, and migration. Even if you cannot attend the live event, register today anyway and you will get an email once we release the videos for on-demand replay!  

Topics include:

•    Introduction to Microsoft Virtualization
•    Host Configuration
•    Virtual Machine Clustering and Resiliency
•    Virtual Machine Configuration
•    Virtual Machine Mobility
•    Virtual Machine Replication and Protection
•    Network Virtualization
•    Virtual Machine and Service Templates
•    Private Clouds and User Roles
•    System Center 2012 R2 Data Center
•    Virtualization with the Hybrid Cloud
•    VMware Management, Integration, and Migration

Register here:

Why is it important to Become Familiar with WMI Troubleshooting? Pt. 1

January 19, 2014 4 comments

Often in Virtualization and Management Products like SCVMM, MED-V, Config Manager, UE-V, and App-V the symptom of an issue appears in the respective System Center or MDOP product but the root cause is often caused by an anomaly in an underlying operating system component. Often that component is WMI. For this reason, it is invaluable have a solid understanding of WMI and WMI troubleshooting. WMI is often a component that can cause problems due to one or more of the following WMI issues:

  • Corrupted repository
  • Incomplete namespace
  • Access Denied
  • Invalid String in WMI property/data
  • Unexpected value
  • Memory leak
  • Code Defect by WMI Provider

One of the most common errors encountered is error 0x800706BA – RPC Server Unavailable.

This error has context. If it is during connecting to a WMI namespace, it is usually because:

  • The machine does not exist.
  • The machine cannot respond because the appropriate firewall exceptions have not been made. Check firewall settings.

If it is during operation, it is likely because:

  • The client machine doesn’t have correct firewall settings for asynchronous call backs.
  • Connecting to a machine which doesn’t exist.

First I would verify the firewall rules. I would make sure the following rules are set:

  • WMI (ASync) Properties – In Program: %SYSTEMROOT%\System32\WBEM\unsecapp.exe
  • WMI (DCOM) – In Port: TCP 135 Program: %SYSTEMROOT%\System32\svchost.exe
  • WMI (WMI) In-Out Program: %SYSTEMROOT%\System32\svchost.exe

I deal with WMI problems all the time. I generally follow this little troubleshooting checklist for RPC errors:

  1. Use the WMI Control MMC (WMIC.MSC) to ensure that the service is working on the local system.
  2. If the problem involves communicating with a remote system then use the WMI Control to test the ability to connect to the remote system
  3. For Access Denied type issues verify that the DCOM and WMI Service settings are at default values, and the Network Service account has been granted impersonation rights.
  4. Check the service settings if the WMI service fails to start or if client programs cannot communicate with the service. In some cases you may need to reregister all the modules to recover the service.
Categories: Management, WMI Tags: , , , , , , , , ,

The feed of Windows Azure Pack Gallery Resources and SCVMM Service Templates which are compatible with the RTM releases is now LIVE

October 21, 2013 Leave a comment

Windows Azure pack information can be found here:

The Windows Azure Pack is a collection of Windows Azure technologies available to Microsoft customers at no additional cost. Once installed in your datacenter, the Windows Azure Pack integrates with System Center and Windows Server to help provide a self-service portal for managing services such as websites, Virtual Machines, and Service Bus; a portal for administrators to manage resource clouds; scalable web hosting; and more.

The feed of Windows Azure Pack Gallery Resources and SCVMM Service Templates which are compatible with the RTM releases is now LIVE at:
This release includes more than 40 deployable templates to get you started including:

  • SharePoint 2013
  • SharePoint Foundation 2010
  • Microsoft SQL Server 2013
  • IIS
  • Domain Controller
  • Windows Server 2012 R2 HA Network Gateway
  • Windows Server 2012 R2
  • Windows Server 2012
  • BlogEngine.NET
  • Database Servers
    • MySQL Server (Windows and Linux)
    • Oracle Self Service Kit
  • Linux applications including
    • CentOS6 LAMP
    • Drupla
    • Joomla
    • WordPress CentOS6
  • Samples to enhance authoring
    • Custom Script
    • Custom Script with Environment Variables
    • Linux Generic
    • Service Template Example Kit
  • and more

For information on how to use this feed and import items in the Windows Azure Pack you can use the following resources:

Feed of Windows Azure Pack Gallery Resources and SCVMM Service Templates is now LIVE

July 30, 2013 1 comment

The feed of Windows Azure Pack Gallery Resources and SCVMM Service Templates is now LIVE at:

The initial set of service models are:

  • Gallery Resources
    • o Windows Server 2012
    • o Windows Server 2012 R2
    • o Windows Server 2012 WebServer (IIS)
  • SCVMM Service Templates
    • o Sharepoint 2013
    • o Service Template Example Kit

You can enable this feed and download your first service model in just a few easy steps (and the first 2 steps are one-time overhead).

  1. Install the Microsoft Web Platform Installer from here:
  2. Add the Service Model Feed as a custom feed
  3. Launch the Web Platform Installer
  4. Select the Options link at the bottom right, next to the Install button
  5. Enter the Feed URL into the Custom Feeds field
  6. Select the Add feed button
  7. Select the OK button
  8. You will now see a new Service Modelslink at the upper right of the Web Platform Installer UI
    1. Select the Service Model you want to download
  9. Select the Service Models link at the top of the Web Platform Installer UI
  10. Select the Add button next to whichever Service Model you would like to download
  11. Select the Installbutton
    1. Accept the usage terms
  12. Select the I Accept button
  13. Select the Continue button
  14. Select the Finish button
  15. A Windows Explorer window will open, displaying the contents of the Service Model.  Service Models are extracted into your %SystemDrive% folder, according to type
    1. Gallery Resources – %SystemDrive%GalleryResources<resourcename>
    2. SCVMM Service Templates – %SystemDriveSCVMM Service Templates<resourcename>
    3. Follow the directions in the Service Model readme to load the model and prepare any dependent resources (VHDs, etc) for deployment.



Software Update to block RSA keylengths <1024 has been Released to the Download Center

August 14, 2012 2 comments

Today (August 14th) an update was released that, once applied, will block RSA certificates with keys less than 1024 bits. The software update was released to the Download Center.

The security advisory is located at
The KB article is available at
The update is available now to allow organizations to assess the impact of this update and to reissue certificates with larger key sizes, if necessary, before the update is sent out through Windows Update. Previous blogs may have mentioned it being released to Windows Update this month. That is no longer the case. The update is planned to be sent out through Windows Update on October 9, 2012.

Please refer to the KB article for direct links to download the update for your supported version of Windows.

The Virtual Machine Servicing Tool 2012 is now available!

August 13, 2012 10 comments

The latest version of the VMST has been released! The Virtual Machine Servicing Tool (VMST) 2012 coincides with System Center 2012 –Virtual Machine Manager (VMM), System Center 2012 Configuration Manager and Windows Server Update Services (WSUS) 3.0 SP2.

VMST 2012 is designed to help you reduce IT costs by providing a means to service your virtual machines, templates, and virtual hard disks offline with the latest operating system and application patches—without introducing vulnerabilities into your IT infrastructure.This has been a very popular solution accelerator from Microsoft and can be downloaded at the following URL:

You use different features in the Virtual Machine Servicing Tool to update offline virtual machines in a VMM library, a stopped virtual machine on a host, virtual machine templates, and to make updates directly to virtual hard disks (VHDs).


Categories: Uncategorized Tags: , , , , , ,

Important Notice About a Forthcoming Update

August 9, 2012 3 comments

If you are currently working with App-V, SCVMM, Hyper-V, SCCM, or any management environment leveraging certificates, it is important to be made aware of a very important update being released next week.

Next week a security fix will be widely distributed which will prevent use of certificates which use weak (less than 1024 bit) RSA keys. Microsoft will issue a critical non-security update (KB 2661254) for Windows XP, Windows Server 2003, Windows Server 2003 R2, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. The update will block the use of cryptographic keys that are less than 1024 bits. You could potentially run into issues as it may cause outages for those who have services that leverage IIS or any other application or service (client side or server side) if those services rely on those weak certificates. We have more information on this update and how it works at the PKI blog. Please refer to the following links:

These articles will give you methods of getting in front of this issue with remediation options. If you are managing updates through SCCM or WSUS, please ensure that you have verified the key strengths of all of your certificates prior to deployment of this update.

UPDATE: 8-11-2012

I have received a lot of questions asking me to be a little more specific with regards to how specific products may or may not be affected. How this may affect your environment will depend on specifics of product usage. The articles from the PKI blog referenced above are very helpful in giving you methods of determining if you are using certificates with key lengths <1024 bits and how to go about remediating the issue. Specific examples regarding product usage revolves around mostly the leveraging of IIS-based services. In addition, other types of scenarios in our world of virtualization and manageability include:

  • Using a certificate for RTSPS generated froma  web server template with a key length length less than 1024 bits.
  • Using certificates for SSP in SCVMM 2008/R2 generated from a web server template with a key length less than 10-24 bits.
  • Using Client or Server-side SSL for policy and image distribution in MED-V V1 using certificates with keys less than 1024 bits.

Most of the guidance in recent years always recommended to request certififcates with at least a keylength of 1024, especially, for example, in the guidance for SCCM Native Mode (Config Manager)

The public key infrastructure (PKI) certificates that are required for setting up secure communications in manageability and virtualization products must be created, installed, and managed independently from the products themselves. This means that there are often different IT administrative groups handling this in most organizations. This leads to many variances in deployment for the required certificates and you will need to consult your particular PKI deployment team to assist in assessing how this will affect you.

UPDATE: 8-14-2012

The security advisory is located at
The KB article is available at
The update is available now to allow organizations to assess the impact of this update and to reissue certificates with larger key sizes, if necessary, before the update is sent out through Windows Update. Previous blogs may have mentioned it being released to Windows Update this month. That is no longer the case. The update is planned to be sent out through Windows Update on October 9, 2012.