You are browsing the archive for PowerShell.

How to install Microsoft Azure Backup Server v2 on Windows Server 2016

7:53 pm in Azure, Azure Backup, Hybrid backup, MABS, MABS v2, Microsoft Azure Backup, Microsoft Azure Backup Server, Microsoft Azure Backup Server v2, Modern Backup Storage, PowerShell, Windows Server 2016 by Wim Matthyssen

Last week Microsoft released the second version (v2) of their Microsoft Azure Backup Server (MABS v2). As a hybrid backup solution, this new release based on System Center Data Protection Manager 2016 (SCDPM 2016) enables you to store data onto disk (low RTO) and in Azure (long retention, up to 99 years). MABS v2 uses RCT-based change tracking by using Windows Server 2016. This makes backups more reliable and scalable, but also improves backup performance (backup jobs could be up to 70 percent faster). MABS v2, which is included with the Azure Backup service and currently has version number 12.0.332.0., now not only supports Windows Server 2016 (W2K16) but also vSphere 6.5 (Preview mode). Beside those, you can also use it now to backup business critical Microsoft workloads such as SQL 2016, SharePoint 2016 and Exchange 2016. Those can be running on premise (physical servers, Hyper-V or VMware) or in the Azure cloud. As a nice extra, you can also back up Windows 10 client workloads.

clip_image002

In a previous blog post, I already told you all about MABS v1 on how to install it on a Windows Server 2012 R2. In this blog post, I will show you how you can deploy MABS v2 on a W2K16 server.

MABS v2 server requirements

  • MABS v2 can be installed as an on premise standalone physical server or VM, but also as an Azure IaaS VM (minimum size A2 Standard).
  • MABS v2 will run on following supported Operating Systems: Windows Server 2012 R2 and Windows Server 2016 (is required if you want to use the Modern Backup Storage feature).
  • MABS v2 must be domain joined. Be sure to add the server to the domain before the MABS installation. Microsoft does not support adding this server to the domain after the MABS installation.
  • The processor minimum requirements for a MABS v2 server are 1GHz dual-core CPU, recommended 2.33 GHz quad-core CPU.
  • The minimum RAM needed by a MABS v2 server is 4GB, recommended is 8 GB.
  • The recommended hard drive space is 3 GB.
  • MABS v2 must have .NET 3.5 SP1, .NET 4.6.1 features installed as a prerequisite.
  • MABS v2 should also have Hyper-V PowerShell installed.
  • MABS v2 should be running a dedicated, single-purpose server. Either it cannot be running on the same server, which has SCDPM or a SCDPM agent installed.
  • A validate Windows Server license is needed for the MABS v2 server.
  • The MABS v2 server needs to have access to the Internet because Microsoft Azure should be accessible from the MABS server.
  • To temporarily store, the largest restore from the Azure cloud, some scratch space is required when needed. So keep approximately 5 % of the total amount of data that needs to be backed-up to the cloud free on the C: drive.
  • A separate data disk for the backup storage pool is required. Like every other backup product the recommendation for the size of this disk is 1.5 times the size of the data you are going to protect.

MABS v2 prerequisites installation

Before we start the prerequisites installation, be shore to have a Recovery Services vault in place (create a new one, or use an existing) and download the vault credentials. When downloaded, place this file on the C:\Temp folder of the MABS server.

clip_image004

clip_image006

To install all required prerequisites, logon to the server you wish to use for your MABS v2 installation, open PowerShell and administrator and run the following commands to install .NET 3.5 SP1 and Hyper-V PowerShell (be shore to have the Windows Server 2016 installation ISO mounted – in my example to the D: drive). Be aware the server will reboot when the installation is completed. You can also download the complete script (.ps1) from the Microsoft TechNet Gallery.

clip_image008

MABS v2 software download

To download the MABS v2 software open PowerShell as an administrator and run the following PowerShell script. You can download the complete script (.ps1) from the Microsoft TechNet gallery. The script will download all the necessary files (8 files), extract them and start the setup.

MABS v2 installation

Click Microsoft Azure Backup Server to launch the setup wizard.

clip_image010

Setup will start copying some temporary files.

clip_image012

On the Welcome screen, click the Next.
 

clip_image014

This opens up the Prerequisite Check section. On this screen, click on the Check button to determine if the hardware and software prerequisites for Azure Backup Server have been met. If all of is OK, you will see a message indicating that the machine meets the requirements. Click Next.

clip_image016

On the SQL Settings page select, Install new Instance of SQL Server with this Setup, to install SQL 2016 SP1. Click Check and Install. You could encounter some error messages. If so follow the instructions and most likely, you should reboot the server and start the MABS installation all over again.

clip_image018

If the computer meets, the software and hardware requirements click Next.

clip_image020

Provide a location for the installation of all the files and click Next. In my example, I changed all locations to my E: drive.
 

clip_image022

Provide a strong password for restricted local user accounts (this password will not expire) and click Next.
 

clip_image024

It is strongly recommended to use Microsoft update when you check for updates because this will offer all security and important updates for MABS. Select whether to use Microsoft Update or not and click Next.

clip_image026

Review all settings and if all are OK click Install.

clip_image028

clip_image030

Click Next to start the Microsoft Azure Recovery Service Agent installation.

clip_image032

Click Install.

clip_image034

clip_image036

When the agent installation is completed, click Next.

clip_image038

Provide your vault credentials to register the machine to the Azure backup vault. Click Next.
 

clip_image040

Provide a passphrase to encrypt/decrypt the data sent between Azure and your premises. You can automatically generate a passphrase or provide your own minimum 16-character passphrase. Also, enter a location to save the passphrase. If all is done click Next.

clip_image042

Once registration succeeded the wizard proceeds with the installation and configuration of SQL Server 2016 SP1. This could take some time.

clip_image044

clip_image046

It is possible that you receive the following error message, if so just click OK (you can change the staging area after the MABS setups completes).
 

clip_image048

When setup completes successfully, click Close.
 

clip_image050

Double click the Microsoft Azure Backup server icon on your desktop to launch MABS.

clip_image052

clip_image054

You can also verify if the MABS server connection to the Recovery Services vault. To do so go to your Recovery Services vault, click Overview and click Backup management servers. There you should see the newly installed MABS server.

clip_image056

As a final step, do not forget to run Windows update to install all necessary updates after the MABS installation.

clip_image058

Now you are ready to start working with this brand new product. Have fun and till next time!

Wim Matthyssen (@wmatthyssen)

Azure IaaS: Build a VM from a Bring your Own License (BYOL) image with Azure PowerShell

9:16 am in ARM, Azure, Azure Hybrid Use Benefit, BYOL, Cloud, IaaS, PowerShell by Wim Matthyssen

For all people who do not yet know, with the Azure Hybrid Use Benefit you can use your on-premises Windows Server licenses that includes Software Assurance for Windows Server (Standard and Datacenter Editions) virtual machines (VM) in Azure. More recently also Azure Hybrid Use Benefits for Windows Client which includes Windows 10 (only Enterprise customers with Windows 10 Enterprise E3/E5 per user or Windows VDA per user – User Subscription Licenses or Add-on User Subscription Licenses – are eligible) came in Preview.

By using your existing licenses, you only pay for the base compute rate (equal to the Linux rate for VMs) without the Windows licenses cost, which can save you up to 40 %.

You can download the Azure Hybrid Use Benefit datasheet here

clip_image002

These days it’s even simpler to deploy a new Azure server VM whit your own on premise license via the Windows Server BYOL images available in the Azure Marketplace. There are images available for the following Server Oss (*be aware that not all Azure Subscriptions can use the BYOL images):

  • Windows Server 2008 R2 SP1
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016 (not available in all regions)

You can search for the Windows Server images by running following PowerShell command:

clip_image004

In the above screenshot, you can see that some Skus now contain the BYOL suffix.

You can search for the Windows Client images by running following PowerShell command:

clip_image006

To build a VM with from a BYOL image you can run following Azure PowerShell script (adjust all variables for your own use):

clip_image008

The script is also available on Microsoft TechNet

When the script is completed and the VM is build, you can log into the VM via remote desktop. Like you can see the VM is not registered and you’ll able to use your own Windows product key.

clip_image010

Hope this comes in handy!

Wim Matthyssen (@wmatthyssen)

PowerShell: BgInfo Automation script

9:19 am in BgInfo, Client Hyper-V, Hyper-V, PowerShell, scvmm, VM Template, Windows Server 2016, Windows Sysinternals, WS2016 by Wim Matthyssen

Probably everyone knows the Windows Sysinternals tool BgInfo (currently version 4.21). For those who don’t, it’s a great free tool which captures system information from a workstation or server (probably where it is the most useful) and displays the catched data on the Desktop of that machine. It can show useful information like, DNS settings, used IP Addresses, computer name, domain name, OS version, memory, etc. If you want to read more about this tool you can do so via following link: https://technet.microsoft.com/en-us/sysinternals/bginfo.aspx

Whenever I create a new Windows Server 2016 Virtual Machine (VM) template for customers, I mostly add this tool in the base image (also called golden image) and set it so it starts up automatically whenever a user logs on to the server. To automate this process, I wrote a PowerShell script which does all of the following:

  • Download the latest BgInfo tool
  • Create the BgInfo folder on the C drive
  • Extract and cleanup the BgInfo.zip file
  • Download the logon.bgi file which holds the preferred settings
  • Extract and cleanup the LogonBgi.zip file
  • Create the registry key (regkey) to AutoStart the BgInfo tool in combination with the logon.bgi config file
  • Start the tool for the first time

Prerequisites

Windows PowerShell 5.0

PowerShell script:

To use the script copy and save the above as BGInfo_Automated_v1.0.ps1 or download it here. Afterwards run the script with Administrator privileges from the server you wish to use for your VM template. If you want to change configuration settings, just open the logon.bgi file and adjust the settings to your preferences.

image

image

image

image

Hope this script comes in handy for you. If you have and questions or recommendations about it, please contact me through my twitter handle.

Wim Matthyssen (@wmatthyssen)

Microsoft Azure Backup Server: Error when installing on Windows Server 2016 – The Single Instance Store (SIS) component is not installed

3:36 pm in Azure, Azure Backup, hybrid cloud, MABS, Microsoft Azure Backup, Microsoft Azure Backup Server, PowerShell, Public Cloud, SIS, SIS-Limited, Windows Server 2016, WS2016 by Wim Matthyssen

 
Hi All,

Last week I was contacted by a customer who tried to install Microsoft Azure Backup Server (MABS) on an on-premise Windows Server 2016. However, when he started the installation he always received an error because a prerequisite was not installed, namely the Single Instance Store (SIS) component.

 
clip_image002

When opening the DpmSetup.log with PowerShell (as Administrator), you could see the following error:

 

clip_image004

However, when you try to install this missing component through PowerShell it gives you an Error: 0x800f080cFeature name SIS-Limited is unknown.

clip_image006

The reason for this is that because from Windows Server 2016 the SIS-Limited component is replaced by Microsoft’s deduplication or data footprint reduction (DFR) technology, like you can read in the following article from MVP Greg Schulz: http://storageioblog.com/rip-windows-sis-single-instance-storage-or-at-least-in-server-2016/

Also, when you go to the Microsoft Azure Backup Server download page and you expand System Requirements you can see that Windows Server 2016 at the present time is not listed as a supported Operating System (OS) to deploy MABS, probably because it does not have this SIS component.

clip_image008

Conclusion

Currently you’re not able to use Windows Server 2016 as OS for you MABS server. Probably in the near future Microsoft will release a new version of MABS which will allow it, but until then you need to stick with Windows Server 2012 (R2) or Windows Server 2008 R2 to install your MABS on.

Hope this helps you with this error.

Wim Matthyssen (@wmatthyssen)

How to install and use the Microsoft Azure Virtual Machine Optimization Assessment tool

2:41 pm in AD Assessment, Azure, Microsoft Azure Virtual Machine Optimization Assessment, PowerShell, SharePoint, SQL Assessment, SQL Server by Wim Matthyssen

Hi all,

In my first blog post of this year, I will show you how you can install and use the free optimization tool, Microsoft’s Azure Virtual Machine Optimization Assessment. This tool (current version 2.0.61228.1 – released 1/16/2017) can help you optimize performance for your Azure virtual machines (VMs) running AD, SQL or SharePoint workloads. The tool focuses on 6 key areas, including security, compliance, availability, business continuity, performance and scalability. When the tool is first started, it will present a short questionnaire about your cloud deployment, followed by an automated data collection and inspection which will analyze the selected workload running on Azure. After finishing this assessment, which could take upon an hour, a custom report is generated which contains useful advice and key recommendations on how to secure and protect this workload following Microsoft best practices.

I myself mostly use the tool when migrating VMs from on premise to the cloud or after setting up a new Azure cloud environment for a customer.

The tool has the following requirements:

  • It can be installed on any workstation or server (on premise or Azure VM) running at least Windows 7 (or later) or Windows Server 2008 (or later)
  • The server or workstation running the tool should at least have 4GB RAM, a 2 GHz dual-core processor and 5 GB of free disk space
  • The server or workstation should be joined to one of the domains of the AD forest in which the target VMs are part of
  • Microsoft .NET Framework 4.0 should be installed
  • Windows PowerShell 2.0 is also needed
  • Full Administrative access to the Microsoft Azure target environment
  • Access to the Microsoft Azure target environment via WMI
  • Full network connectivity to the Microsoft Azure target environment

Installation of the Microsoft Azure Virtual Machine Optimization Assessment tool

To get started, first download the tool (total size 70,2 MB) from here

clip_image002

clip_image004

When downloaded run MAVMOA.exe (Run as administrator) on the computer you want to run the assessment from (setup requires around 110 MB)

clip_image006

When the UAC screen pops up, click Yes

clip_image007

Agree to the License Terms and select a folder to install (I always use the default folder). Click Install

clip_image008

When the installation is completed click Close. I’ve you leave the checkmark near to Launch Microsoft Azure Virtual Machine Optimization Assessment the tool should start.

clip_image009

If the tool doesn’t start up, you can use the following PowerShell command to start it:

clip_image011

Active Directory Assessment

The user running the tool to should have read access to the target domain. When I run the AD Assessment I always use a user with enterprise admin privileges.

Open the Microsoft Azure Virtual Machine Optimization Assessment tool and select Active Directory from the drop-down menu. Optionally you can agree to upload your data to help improve this product. Click Start Assessment

clip_image012

On the next screen, you are reminded to all requirements needed for the assessment. Click Next

clip_image013

In the next part of the assessment you need to answer a set of questions regarding your environment. Click Next to start the questionnaire and answer all the questions

clip_image014

clip_image015

Once you answered all the questions, the tool will proceed to the Collect & Analyze tab where the assessing of your environment will start

clip_image017

clip_image019

When the tool is finished with the assessing, click Save and view report, and choose a location to save the Microsoft Word document (.docx)

clip_image021

clip_image023

Click Close and Yes to close the tool. You can now open the document using Microsoft Word. In my case Word is not installed on my server so I copied the document to my workstation to review it

clip_image025

If you scroll through the document when opened, you will see that each recommendation is given a percentage weighting. For example, when you resolve the problem concerning “Change your password policy to enforce a minimum password age” your Security and Compliance will improve with 5.2 %

clip_image027

clip_image029

clip_image031

SQL Assessment

Running the SQL Assessment is quite similar as running the AD Assessment, the only difference is that you have to supply the SQL Server that you want to assess.

Open the Microsoft Azure Virtual Machine Optimization Assessment tool and select SQL Server from the drop-down menu. Like before you can optionally agree to upload your data to help improve this product. Click Start Assessment

clip_image032

Click Next on the Requirements page

clip_image033

To start the questionnaire, click Next and answer all questions

clip_image034

clip_image035

On the Environment page add the SQL Server you want to get assessed. Click Next

clip_image036

clip_image037

When the tool is finished with the assessing, click Save and view report, and choose a location to save the Microsoft Word document (.docx)

clip_image038

clip_image040

After saving the document to your preferred location, click Close. When you open the document with Word afterwards, you will also see that each recommendation is given a percentage weighting just like with the AD Assessment. For example, when you resolve the problem concerning “Ensure only essential users are added to the SQL Server sysadmin server role” your Security and Compliance will improve with 2.8 %

clip_image042

clip_image044

clip_image046

I hope this helps you to get started with this nice tool. If you have any issues or questions, feel free to contact me through my twitter handle

Wim Matthyssen (@wmatthyssen)

2016: My blog year in an overview

2:37 pm in Azure, Azure Backup, Azure RemoteApp, Client Hyper-V, Cloud, DC, Hyper-V, IaaS, PowerShell, Private Cloud, Public Cloud, Replica DC, SCAC 2012 R2, SCVMM 2012 R2, System Center 2016, W2K12R2, Windows 10 by Wim Matthyssen

Hi all,

As a blogger completely focused on Microsoft technologies, it was a fun year of writing about all those interesting and ever changing products and services. As we almost end the year 2016 and are preparing for 2017 to start, I wanted to make a list of all the blog posts I wrote throughout the twelve months of 2016. During the year, I’ve published 26 blog posts mostly about Azure, the System Center Suite and Hyper-V. Below you can find them all divided by technology.

 

clip_image002

Azure Compute – IaaS (ASM)

Step-by-step: Move an Azure IaaS VM between different Azure Subscriptions

Clean up Azure PowerShell when using different Azure subscriptions

Replica DCs on Azure – Removing the Azure Endpoints

Replica DCs on Azure – Transferring FSMO roles to the IaaS DCs

Replica DCs on Azure – Manage the Time Configuration settings on the DCs

Replica DCs on Azure – Domain Controller Health Check

Replica DCs on Azure – Promote the Azure IaaS VMs to a domain controller

Replica DCs on Azure – Add the Active Directory Domain Services role

Replica DCs on Azure – Adjustment of some server settings before promoting the DCs

Replica DCs on Azure – Initialize and format the additional data disk

Replica DCs on Microsoft Azure – Create the VMs with Azure PowerShell

Step by step: Change the drive letter of the Temporary Storage on an Azure IaaS v1 VM

 

Azure Networking

How to connect an Azure ARM VNet to an ASM VNet using VNet Peering

Replica DCs on Azure – Switch DNS servers for the VNet

Replica DCs on Azure – Create the Active Directory site for the Azure VNet

 

Azure Backup

Microsoft Azure Backup Server: Install a new version of the Microsoft Azure Recovery Services Agent

Microsoft Azure Backup Server: System State backup fails with WSB Event ID: 546

Microsoft Azure Backup Server: System State backup fails with the message replica is inconsistent

Step by step: How to install Microsoft Azure Backup Server (MABS)

 

Azure RemoteApp

An RDP connection to the Azure RemoteApp custom VM fails with the following error: “No Remote Desktop License Servers available”

 

Windows 10

How to deploy Windows 10 from a USB flash drive

 

System Center

System Center 2016 evaluation VHDs download links

Step by step: How to connect SCAC 2012 R2 to SCVMM 2012 R2 and Microsoft Azure

Step by step: Installing SCAC 2012 R2

 

Hyper-V

A list of tools that can be used to do a V2V from VMware to Hyper-V

Client Hyper-V – Using nested virtualization to run Client Hyper-V on a Windows 10 VM

 

Before I wrap up this blog post, I want to thank you all for reading my blog posts in 2016, and I really hope you will keep doing so in 2017. I wish you all a healthy, successful and outstanding New Year! See you all in 2017!

Wim Matthyssen (@wmatthyssen)

How to deploy Windows 10 from a USB flash drive

1:21 pm in Microsoft, PowerShell, USB, Windows, Windows 10 by Wim Matthyssen

Hi all,

In this blog post, I will show you how you can create your own bootable USB flash drive for Windows 10 installations. And like you will see, it’s pretty easy these days.

Before we start whit the installation a list of some things to keep in mind:

  • An internet connection is needed to download the tool
  • You will need 8 GB of free disk available on the C: drive
  • The minimum capacity of the USB flash drive needs to be at least 4 GB
  • Be aware that all the files on the USB flash drive will be erased
  • Windows 10 Enterprise isn’t available in the media creation tool
  • A Windows 10 product key (for the Windows 10 Edition that will be installed) is needed when you are installing a clean Windows 10
  • To manually download the MediaCreationTool go to the following website: https://www.microsoft.com/en-us/software-download/windows10/

After this short list with things to keep in mind, it’s time start. To do so follow the steps described below:

1) First, make sure your USB flash drive is plugged in

clip_image002

2) Open Windows PowerShell ISE or PowerShell (as administrator) and run the below commands to download the media creation tool to the C:\Temp folder and start it up when downloaded

clip_image004

3) On the License terms page, select Accept to accept the license terms

clip_image006

4) On the What do you want to do? page, select Create installation media for another pc and then select Next

clip_image008

5) Select the proper Windows 10 Edition, Architecture (x86, x64 or both) and Language to install. Click Next

clip_image010

6) Select USB flash drive on the next page and click Next

clip_image012

7) Select the correct USB flash drive and click Next

clip_image014

8) The tool will start Downloading Windows 10

clip_image016

9) After downloaded the necessary files the tool will start Creating Windows 10 media

clip_image018

10) When done click Finish. Your USB flash drive is now ready for use

clip_image020

11) If you select the USB flash drive (E: in my example) you will see all necessary files are in place to start a clean Windows 10 installation

clip_image022

12) Now that you have created the bootable Windows 10 USB flash drive, you can go to the next step: Installing Windows 10 on a pc (desktop or notebook). To do so, plug in the USB flash drive to the pc and boot from USB. In my example I will use a HP notebook. Startup and when the HP logo is shown press the ESC key to go to the Startup Menu (the sentence Press the ESC key for Startup Menu will appear in the left bottom of your screen)

clip_image024

13) Press F9 to open the Boot Device Options menu

clip_image026

14) Select USB Hard Drive 1 – USB DISK 3.0 (in my example this is my USB flash drive)

clip_image028

15) Select the Windows 10 Setup Architecture (64-bit or 32-bit) and press Enter. This will start the Windows 10 installation. Just go to the complete setup procedure and your pc will be up and running with Windows 10 in no time

clip_image030

This completes this blog post. Have fun with it and if you have any questions feel free to contact me.

Wim Matthyssen (@wmatthyssen)

Clean up Azure PowerShell when using different Azure subscriptions

12:34 pm in Azure, Azure PowerShell, Azure subscription, Cloud, PowerShell by Wim Matthyssen

Hi all,

These days I’m working on several Azure projects for different clients. As a result, my default subscription data file which is used by Azure PowerShell is completely filled up with settings from those different subscriptions. Frequently, I notice that Azure PowerShell mixes up all this information and does not perform as expected. I strongly assume this is caused by the cached credentials and other elements. In order to fix this, I regulary clean up my Azure PowerShell to have a better overview and to accomplish a better working scripting environment. Below you can find the Azure PowerShell cmdlets to clear a specific customer’s Azure subscription from Azure PowerShell. I will also show you how you can clear your complete Azure profile.

Delete a specific Azure subscription from PowerShell

1) Open up PowerShell ISE as an Administrator and run the following PowerShell cmdlets to list all Azure subscriptions available in the default subscription data file on the computer in use, which can be found under the following location C:\Users\%username%\AppData\Roaming\Windows Azure PowerShell and is named AzureProfile.json

clip_image002

2) To delete a specific subscription from the date file run the below cmdlet (adjust for your own purpose). You may be sure that this cmdlet will not delete the subscription from Azure in any way. You can use this cmdlet with the -Force parameter to suppress the confirmation prompt

clip_image004

3) If the above cmdlet ran without any errors the specific subscription will not be shown anymore when you’re re run the Get-AzureSubscription cmdlet and it should also be cleared from the subscription data file

Clear your complete Azure Profile

1) Open up PowerShell ISE as an Administrator and run the following PowerShell cmdlets to completely clear your Azure Profile on the computer in use

clip_image006

2) If the cmdlet ran without any errors your Azure Profile should be cleared.

This ends this short blog post, hope it helps and till next time!

Wim Matthyssen (@wmatthyssen)

Client Hyper-V – Using nested virtualization to run Client Hyper-V on a Windows 10 VM

7:37 pm in Client Hyper-V, Hyper-V, Nested Virtualization, PowerShell, W2K16 TP5, Windows 10 by Wim Matthyssen

From Windows 10 build 10565, Microsoft added a long awaited feature called nested virtualization. This technology will allow you to run Hyper-V inside of a virtual machine (VM) running on a Windows 10 (Client Hyper-V) or Windows Server 2016 host. In other words, in the simplest configuration it enables you to install Hyper-V in a guest VM, whit the possibility to create and also run VMs on top of that Hyper-V host VM. Completely different than the previous situation with Windows Server 2012 R2 or Windows 8.1, were you could create the VMs, but weren’t able to actually start them. This new feature kind of creates a second virtualization layer, like shown in the detailed screenshot below.

clip_image002

This new technology is very useful when you are setting up a test/lab environment because there is no need to buy a lot of expensive hardware anymore, it simply can run on top of your notebooks OS. It also comes in handy whenever you want to train you’re failover clustering or even your System Center skills. But it’s main purpose and probably Microsoft’s main reason to finally created this feature, is to enable you to work with Hyper-V containers (operating system level virtualization). If you’re interested in reading more about this type of containers you can do so via following link: https://msdn.microsoft.com/en-us/virtualization/windowscontainers/management/hyperv_container

Now before we start playing around with this new feature, I will first list up some things you should really keep in mind:

  • The Hyper-V host must be running at least Windows 10 build 10565 or Windows Server 2016 Technical Preview (TP) 4
  • An Intel processor with Intel VT-x (AMD-V is not supported yet) and EPT technology is needed to be able to use Hyper-V
  • Currently only Hyper-V is supported, all other hypervisors like for example vSphere ESXi will fail to run
  • Be aware that some VM features are not supported or will fail: Dynamic Memory, applying checkpoints, Live Migration and save/restore, hot memory resizing
  • The VM should have more than 1 vCPU
  • At least 4 GB RAM should be attached to the VM
  • MAC address spoofing must be enabled on the NIC attached to the VM
  • If you’re using Windows 10 Enterprise as the host, you should turnoff Virtualization Based Security (VBS) because it will prevent the use of nested virtualization
  • Plenty of available RAM is needed (at least more than 4GB of RAM is preferred to get started)

After going through the theory it’s now time to get our fingers wet and get everything up and running. I will walk you through all the different steps needed to use this feature on a Windows 10 Enterprise computer. In my example I will setup a generation 1 VM (Windows 10) with a PowerShell script to test the nested virtualization scenario. So off we go.

1) First of all, you should check your windows version (should be build 10565). Click run and type winver

clip_image003

clip_image004

2) Create two internal virtual switches, one is to use your wireless card and the other one will be used in a later step as a Hyper-V vSwitch inside the VM

clip_image006

3) To install the VM, run the following PowerShell script (customize to your need).

clip_image008

clip_image010

4) Go through the Windows Setup Installation Process on the newly created VM

5) When installation is completed shutdown the VMs and run following PowerShell commands on the Windows 10 computer (host) to set the Virtualization Extension for the vCPUs and to enable MAC spoofing on both VMs. Be aware a warning message will appear that Nested Virtualization is an unsupported preview feature. When both commands ran successfully start up the Windows 10 VM

clip_image012

6) To configure the W10-TST VM and to install the Client Hyper-V role with all tools, run the following PowerShell script (customize to your need). Connect to the VM with a Virtual Machine Connection with Enhanced session enabled

7) To create an external virtual switch on W10-TST, logon to this sever with RDP and run the following PowerShell cmdlet as administrator (customize to your need)

clip_image014

8) To create a nested VM named VM1-NESTED on W10-TST, logon to this VM with RDP and run the following PowerShell script as administrator (customize to your need)

clip_image016

9) Go through the Windows Setup Installation Process on the newly created nested VM named VM1-NESTED on W10-TST

10) If the installation is successful, you should now have a nested VM running like in the screenshot below

clip_image018

This concludes this blog post. Keep tuned and I’ll be back soon.

Wim Matthyssen (@wmatthyssen)

Replica DCs on Azure – Removing the Azure Endpoints

10:04 am in Azure, Azure Endpoints, Cloud, DC, hybrid cloud, IaaS, PowerShell, RDP, Replica DC, W2K12R2 by Wim Matthyssen

This blog post is part of the step-by-step to deploy replica DCs on Microsoft Azure which can be found here: http://scug.be/wim/2015/09/28/deploying-replica-dcs-in-windows-azure/

All VMs that you create in Azure can automatically communicate using a private network channel with other VMs in the same cloud service or VNet. However, other resources on the Internet or resources from other VNets require endpoints to handle the inbound network traffic to those VMs. That’s why when you create a new Azure  IaaS v1 VM (Azure Service Manager deployment model), Azure automatically creates two endpoints: Remote Desktop and Windows PowerShell Remoting. Both endpoints consist of a protocol (TCP or UDP) and have a public (for example 54036) and a private (for example 3389) port. The public port is used by the Azure load balancer to listen for incoming traffic to the IaaS VM from the Internet. The private port on the other hand is used by the IaaS VM itself to listen for incoming traffic to an application or service running on the VM.

After the creation of this new VM it’s possible to create additional endpoints if needed. The VM deployment wizard provides pre-defined endpoint configurations not only for Remote Desktop and PowerShell, but also for SSH, FTP, SMTP, DNS, HTTP, POP3, IMAP, LDAP, HTTPS, SMTPS, IMAPS, POP3S, MSSQL and MySQL. If the needed service isn’t in this list,  you can also  also create your own service endpoint and define the protocols and ports needed.

You can manage and isolate the incoming traffic to the public ports of these endpoints by configuring access control list (ACL) rules. By using ACLs, you can for example, only permit access to a specific service from a set of trusted hosts or networks.

However, for security best practices, it’s always advisable when an IaaS VM is configured and a Site-to-site VPN (S2S) exists, to remove all endpoints you don’t need (like RDP) and only to use them when their really needed (for example to access a IIS hosted website from the Internet on port 443). When the S2S is in place, you can connect to the VM through the use of the standard local RDP port (3389) via the secure IPsec VPN tunnel instead of connecting over the public Internet.

In this blog post I will show you how you can delete the RDP and PowerShell endpoint manually by making use of the Azure Classic Portal (AZGR-DC-01) and how to do it with the use of Azure PowerShell (AZGR-DC-02). So, let’s get started.

Manually remove the Azure Endpoints through the Azure Classic Portal

1) Logon to the Azure Classic Portal as a Service administrator or Co-administrator

2) In the navigation pane, click VIRTUAL MACHINES and then click the name of the VM where the endpoint needs to be deleted (AZGR-DC-01)

clip_image002

3) Select ENDPOINTS

clip_image004

4) Select the Remote Desktop endpoint and click DELETE

clip_image006

5) Select YES when asked Are You sure that you want to delete endpoint Remote Desktop? This will start the deletion process

clip_image008

clip_image010

clip_image012

6) When the Remote Desktop endpoint is successfully deleted, you can test or you’re still able to RDP to the VM over the Internet. First of all, like you can see the CONNECT button is disabled

clip_image014

7) If we try to connect through the previously downloaded RDP file, no connection is possible

clip_image016

clip_image017

clip_image018

clip_image019

8) However, when we logon to GR-DC-01 and open mstsc via Run, we are still able to RDP to AZGR-DC-01 like it should, because we connect over the internal network

clip_image021

clip_image022

clip_image024

9) You can also repeat the above steps, to delete the Remote PowerShell endpoint

 

Remove the Azure Endpoints through the use of Azure PowerShell

1) Open Windows PowerShell ISE, logon with your Azure account and select the correct Azure Subscription

2) Run following Azure PowerShell cmdlet:

clip_image026

3) Run following cmdlet to check the existing endpoints for the VM

clip_image028

4) Like you can see only the Remote PowerShell endpoint still exists, which we also can verify in the Azure Classic Portal

clip_image030

5) To delete the PowerShell endpoint run following cmdlet:

clip_image032

6) After running this cmdlet no endpoint longer exist for the AZGR-DC-02 VM

clip_image034

clip_image036

That ends the final part of this series. If had a lot of fun while writing these series and I really hope, it’s useful for some people. If someone has any questions about the series or a specific part of it, you can always contact me through my Twitter handle.

Till next time!

Wim Matthyssen (@wmatthyssen)