Considerations when hosting Active Directory Domain Controllers on Virtual Machines

Just to share my experience on this topic, it mean be good to take these points into considerations when you are planning to deploy a domain controller on a Hyper-V machine.

Point number 1:

As a precaution, do not take snapshot of a Active Directory Domain Controller Virtual Machine. This is to prevent accidental or unplanned roll back of your Active Directory contents. Remember a snapshot is not a valid backup of your system state data. If you apply a snapshot of your Active Directory Domain Controller Virtual Machine, this causes an update sequence number (USN) rollback.

Point number 2:

If you take snapshot, a differencing disk AVHD file is created. And this AVHD will merge with the primary VHD file when you do a proper shutdown of the virtual machine. The duration of the merging depends on the size of the AVHD file. Now, imagine if you are unaware of this and shutdown your physical Hyper-V server machine before the merging can complete. Then you want to move, copy or migrate this domain controller virtual machine and you copy the files to a new Hyper-V server. Unknowingly, you load the unmerged VHD file on your new Hyper-V server and disaster strikes.

Point number 3:

Disable Time synchronization on your Domain Controller Virtual Server. This is to prevent time skewed. Authentication problems will occurred when your time is out of sync.

Upgrading Active Directory Domain Service to Windows 2008 R2

I know this might mean just running adprep /forestprep to most of you. But with Windows 2008 R2 shipped in 64bit, it does create some challenge to my 32bit FSMO roles Domain Controllers.

If your FSMO role masters are currently running 32bit Windows Servers, you can still upgrade your schema to R2. You can use adprep32.exe command for 32bit machines.

Cheers. :)

Misleading report on Black Screen of Death.

I would like to bring your attention to inaccurate stories following a report by a British company claiming that customers who deployed the Windows 7 November Security updates have experienced the so-called “Black Screens” that would render the system unbootable and unusable due to changes in the registry.

Here’s the background for your reference:

• Microsoft has found these reports to be inaccurate. Comprehensive investigation has shown that none of the recently released updates are related to the behavior described in the reports. Microsoft’s support organization is also not seeing this as an issue. The claims also do not match any known issues that have been documented in our security bulletins.
• On December 1, Prevx, the company which issued the report, posted an apology to Microsoft which stated the following:

“Since more specifically narrowing down the cause we have been able to exonerate these patches from being a contributory factor.”

• According to Microsoft’s blog post, the real culprit is a piece of malware that clears desktops and produces a black screen on infected PCs; various security vendors have tools for removing this malware. There is no fix or update necessary for this, but customers should keep their anti-virus software up-to-date as a preventative measure. So far, Microsoft is not seeing a massive occurrence of this particular issue in our support channels. If customers do encounter an issue with a security update, contact our Customer Service and Support group for no-charge assistance at http://support.microsoft.com/security.

• The protection and well-being of our customers’ PCs through the deployment of Security Updates is the ultimate goal of the Microsoft Security Response Center. Because of this, we continually work with our Customer Service and Support teams to keep a close eye for issues that may impact customers’ deployment of security updates.

• Consumers can also download Microsoft Security Essentials provided free

You may use the following statement if asked by your customers and we encourage you to use this as an opportunity to educate customers on the importance of keeping up to date with security patches:

“The reports on the so called “Black Screens” was investigated by Microsoft and found to be inaccurate. The company which issued the report has apologized and made a full retraction. Windows 7 security updates was not the cause of the black screens. There is no fix or update necessary for this, but customers should keep their anti-virus software up-to-date as a preventative measure. So far, Microsoft is not seeing an occurrence of this particular issue in our support channels locally.

Exchange 2010 Mailbox Server Role Requirements Calculator

Here I am at Sin City, Las Vegas. What a experience I must admit!!

All this made possible by my boss, Steve Krems, without him I would not be what I am today. I would not have such opportunities to learn and do so much. He has guide me very well. Thank you Steve.

Exchange 2010 was officially RTM on 9 Nov 2009, cool. I attended a session by Ross Smith and Ross released this very useful tool that I strongly think that all Exchange Administrators who are planning for Exchange 2010 must have.

This is a tool that help to design your solution. This is the link to Ross Smith’s blog Exchange 2010 Mailbox Server Role Requirements Calculator and it is a long article. But definitely worth you spending your time reading through it.

Cheers.

Remote Server Administration Tools for Windows 7

Remote Server Administration Tools for Windows 7 is a handy companion for IT administrators to remote managed their servers.

I am going to show you how I use it to remote managed my Hyper-V server host.

Here is the download link: http://www.microsoft.com/downloads/details.aspx?FamilyID=7d2f6ad7-656b-4313-a005-4e344e43997d&displaylang=en

Installation is simple – Accept the agreement.

And install…

You might want to browse the help contents to learn more.

You need to go to “Turn Windows features on or off” to enable the remote administration tools you want. I am going to select Server Manager and Hyper-V Tools.

Here I have Hyper-V tools on my Windows 7 machine and from here I can connect to my Hyper-V servers and manage them remotely.

Have fun!

Virtual PC Technet Blog

Microsoft Virtualization Team started a Windows Virtual PC blog that is managed by Prasad Saripalli, Principal Program Manager.

You can find great deal of information on the latest developments, tools and tricks on Windows Virtual PC and XP mode!!

Check it out!! http://blogs.technet.com/windows_vpc/

Migrating Redhat Linux 4 VM from Virtual Server 2005 to Hyper-V R2

The release of Hyper-V R2 prompted me to plan for upgrades of my virtual servers. Now upgrading from Hyper-V to Hyper-V R2 is no big feat. However, if you have Linux virtual machines on Virtual Server 2005 running on Windows 2003 Server, then inplace upgrade is not an option.

So my plan was to move my virtual machines from Virtual Server 2005 to another Hyper-V R2 server then upgrade my existing Windows 2003 Server to Windows 2008 R2. With the help of my UNIX guru, Mr Aw GuanBee, we managed to get this completed! Thank you GuanBee for your help.

Here we go, I will explain the steps as I go through them. Hopefully, it will be helpful to you.

The picture below shows my Redhat Linux 4 virtual machine running on Virtual Server 2005. The first step is to shutdown your Linux virtual machine then copy the VHD file over to your Hyper-V R2 server.

Next, create a New Virtual Machine on your Hyper-V R2 host.

No need to connect it to your virtual network yet as we will be adding a Legacy Network Adaptor later.

Assign the VHD file that you copied from your Windows 2003 Virtual Server 2005 to this new Virtual Machine.

Once you created the VM, let’s add a Legacy Network Adapter to it. This is to ensure that your system can detect and be connected to network.

Boot up the VM and you will be prompted with new hardware detection, configure the network adapter to have a static IP or DHCP and you are good to boot up.

Because Hyper-V R2 and Linux IC v2 RC2 only officially supports RHEL 5.2 and above. It is recommended to upgrade to RHEL 5.

To upgrade RHEL 4 to RHEL 5, first update your RHEL 4 to the latest update level. RHEL 4 uses up2date –u to update your system.

After your RHEL 4 is updated, insert RHEL 5 disc or ISO and bootup your VM. At the installation prompt, type linux upgradeany. This will give you an upgrade option during RHEL installation.

It might take a few hours to complete the upgrade. We are still not done as we still need to load the Linux Integration Components.

Once you completed the upgrade, run yum update to bring your system up-to-date.

Because the RHEL 5 is upgrade from RHEL 4, the kernel will be kernel-PAE. So you have to do a yum install kernel-PAE-{your kernel version}. For example, for my kernel version, I will run yum install kernel-PAE-2.6.18-164.2.1.el5.i686 and yum install kernel-PAE-devel-2.6.18-164.2.1.el5.i686.

Run yum install kernel-devel and yum install gcc.

Now we are ready to install the Linux IC. Insert the LinuxIC iso into the DVD drive and copy the contents to /opt/linuxic directory. You can issue the commands below.

mkdir /mnt/cdrom

mount /dev/cdrom /mnt/cdrom

mkdir /opt/linuxic

cp /mnt/cdrom/* /opt/linuxic/ –R

cd /opt/linuxic

Having copy the content to /opt/linuxic, issue the command “./setup.pl drivers” to install the Linux Integration Components. Please do a reboot once installation completes.

Done!! We have successfully migrated the Linux VM from Microsoft Virtual Server 2005 to Hyper-V and did an upgrade from Redhat Linux 4 to Redhat Linux 5.

Introducing Microsoft Security Essentials

Microsoft introduced an antivirus protection product FREE for home PC users. http://www.microsoft.com/security_essentials/

To qualify, you have to be using Genuine Copies of Windows Operating Systems (XP SP2 and SP3, Vista SP1 and SP2, and Windows 7).

Installation is simple too. Just four clicks and installation completes.

First click, Next to proceed on from Welcome Screen.

Second click is to Accept the license agreement.

Third click is to validate your copy of Microsoft Windows.

Fourth click is to begin installation.

Installation in progress…

And we are done!!!

This is how it looks.

 

You might want to change the default settings to suit your needs, else leave it as default will be good.

Cheers.

Microsoft TechNet Flash Singapore – Connect Now and Win! Promotion

http://geeksengaged.com/blogs/geeksengaged/archive/2009/08/06/microsoft-technet-flash-singapore-connect-now-and-win-promotion.aspx

Simply subscribe to TechNet Flash Singapore e-newsletter today!

TechNet Flash delivers the latest IT news, security bulletins, product updates and more - directly to your inbox.
You will be one of the first to get your hands on the latest downloads, live webcasts, upcoming events and promotions, expert insights and many more.

New on Start Menu - “Recent” list

A week after using Windows 7 on my office laptop, I start to like the changes on Start Menu. For example, I am using Remote Desktop Connection a lot, so when I click on Start menu, I see the recent history of servers I connect to.

This is application related, it will work on Internet Explorer, Microsoft Office applications, etc. When you click on the application, you will see a small right arrow, click on the right arrow or hover over it will give you a list of the most recent history of documents you opened with this application.

Example, on my Windows Live Writer, the Recent list displays the blog articles that I am writing.

Installing Redhat Linux 5.3 on Hyper-V with Linux Integration Components v2 RC2

It has been a real busy week with Windows 7 RTM and with Windows 2008 R2 releasing soon, there are so many new features to try out. Well, as work requires, I have the opportunity to try setup Redhat Linux 5.3 on Hyper-V with the new release of Linux Integration Components v2 RC2.

The LinuxICs are available for download on http://connect.microsoft.com. The Linux Integration Components Readme.pdf which is packaged with the LinuxIC download provides are very good detailed explanation of the installation process.

I am doing a full pictorial of a installation of RHEL5.3 onto a Hyper-V server and I got the mouse to work too.

Create the Virtual Machine

First, you need to create a Virtual Machine.

Give it 1GB of memory for GUI features.

We will need network to work so that we can get yum updates.

You configure a hard disk size for your VM.

Map the RHEL iso image to DVD drive for installation.

And we are just about ready to start. DO NOT start yet, as we need to add a legacy network adaptor at this moment.

Add a Legacy Network Adaptor to your Virtual Machine hardware.

Connect this Legacy Adaptor to your bridged network that have internet connectivity as we need YUM UPDATE.

Now, fire up the machine and start installation.

You will need to enter your Installation Number here to be able to get YUM UPDATE.

You need to setup networking here.

In previous RHEL versions we have to install XEN Virtualization components, with this new LinuxIC and RHEL 5.3, DO NOT choose Virtualization. Now we can use a regular Linux Kernel and not a Xen Kernel. Please select Software Development.

Complete the wizard and we are ready to start installation.

Reboot once installation completes.

Let’s verify the network are ok by issuing “ifconfig eth0”. Check that you have a working IP address.

With network connectivity, we should now do a “yum update” to get the latest updates from your linux sources.

When you completed the update, reboot the machine by issuing “reboot” command.

Once the system boots up, verify that we have the required packages installed by issuing “yum install kernel-devel” and “yum install gcc” command.

Now we are ready to install the Linux IC. Insert the LinuxIC iso into the DVD drive and copy the contents to /opt/linuxic directory. You can issue the commands below.

mkdir /mnt/cdrom

mount /dev/cdrom /mnt/cdrom

mkdir /opt/linuxic

cp /mnt/cdrom/* /opt/linuxic/ –R

cd /opt/linuxic

Having copy the content to /opt/linuxic, issue the command “./setup.pl drivers” to install the Linux Integration Components. Please do a reboot once installation completes.

Now that we have installed the Linux IC, I suggest we remove the legacy network adaptor and connect virtual network to the default Synthetic Ethernet network adaptor.

Let’s verify that the Linux ICs are working by issuing “/sbin/lsmod grep vsc”.

Then verify the Synthetic Ethernet adapter is working by issuing “ifconfig seth0”

The final step is to get the mouse working. Download the mouse support for Linux under Hyper-V from Citrix Project Satori http://www.xen.org/download/satori.html.

Mount the ISO and copy its contents to /opt/mousedrv.

Do a “yum install xorg-x11-server-sdk” to install xorg-x11-server-sdk package.

Then run “./setup.pl” from /opt/mousedrv/ directory.

Here we have it, Redhat Linux 5.3 installed on Hyper-V with Linux Integration Components installed and mouse working too.