You are browsing the archive for PowerShell.

Hyper-V: Automatic Virtual Machine Activation

8:25 am in Automatic Virtual Machine Activation, AVMA, Hyper-V, PowerShell, PowerShell Direct, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 by Wim Matthyssen

 

With the release of Windows Server 2012 R2 back in 2013, Microsoft introduced a feature called Automatic Virtual Machine Activation (AVMA). AVMA handles the activation process of any of your Hyper-V virtual machines (VMs) running on a physical Hyper-V host which is properly licensed with a Windows Server Datacenter license. In this way you do not have to deal with managing the product keys for each individual VM.

The VM activation process, which binds the VMs activation to the licensed Hyper-V host, takes place during the startup process of the VM. Because the activation takes place between the VM and the Hyper-V host it resides on, you are even able to license VMs in completely isolated environments or remote locations without any Internet connection. When the guest OS is activated, it only rechecks its activation against the host until the next VM reboot, or after 7 days.

 

Requirements for AVMA

  • A Hyper-V host running a Datacenter Edition of Windows Server 2012 R2, Windows Server 2016 or Windows Server 2019. Keep in mind that if you migrate an AVMA licensed VM to a Hyper-V host which is not licensed with a Windows Server Datacenter license, the VM will become unlicensed. In this case you should replace the AVMA key in the VM with another valid non AVMA license key.
  • The Hyper-V Data Exchange Service (KVP), which is part of the Integration Services must be enabled on the VM.
  • In the VM itself the Microsoft Hyper-V Activation Component Driver should have an enabled device status and should be working properly.
  • AVMA does not work with other Virtualization Server technologies.

 

Supported Guest Operating Systems for AVMA

Only Windows Server guests are covered by AVMA. The below table shows which guests can be activated by each different Hyper-V host version. All server editions (Datacenter, Standard or Essentials) installed with Desktop Experience or Server Core can be activated.

clip_image002

*AVMA in Windows Server 2019 can also activate Windows Server version 1809, 1803 and 1709.

 

AVMA Keys

The following keys can be used to activated the specific guest operating system of a VM.

Windows Server 2019

clip_image004

Windows Server version 1809

clip_image006

Windows Server version 1803 and 1709

clip_image008

Windows Server 2016

clip_image010

Windows Server 2012 R2

clip_image012

 

Configure AVMA

1) First of all, you should verify that the Data Exchange option is enabled in the Integration Services for the VM.  To ensure this open Hyper-V Manager and right-click the VM and click on Settings…

clip_image014

2) On the Settings Windows, under Management select Integration Services and verify that Data Exchange is marked.

clip_image016

You can also use PowerShell to see if the Data Exchange service is enabled. To get a list of the running Integration Services of a VM, run the following command (replace the VM name by your own) in a PowerShell window (as Administrator) on the Hyper-V host hosting the VM:

clip_image018

To turn on the “Key-Value Pair Exchange” service when it is disabled you need to run the following command:

clip_image020

3) To install an AVMA key in a VM (in my example for a Windows Server 2019 VM), run the following command in a PowerShell window (as Administrator) on the VM.

clip_image022

*The AVMA key can also be provided during an Unattended setup using a unattend.exe setup file. In this way the key is already injected during the build phase of that particular VM.

You can also use PowerShell Direct from the Hyper-V host to activated a specific AVMA key for a VM running on the host. Open a PowerShell window (as Administrator) on the Hyper-V host and run following command:

clip_image024

clip_image026

4) You can verify the correct installation of the AVMA key, by opening All settings – Update & Security – Activation in the VM.

clip_image028

4) You can also verify the VM’s AVMA activation status on the Hyper-V host by opening the Event Viewer and searching for Event ID 12310.

clip_image030

clip_image032

clip_image034

clip_image036

I hope this blog post did learn you something about AVMA and that this feature eases your VM activation process. If you have any questions, always feel free to contact me through my twitter handle.

Wim Matthyssen (@wmatthyssen).

PowerShell: AzCopy download and silent installation

10:52 am in AzCopy, Azure, Download, PowerShell, PowerShell Script, Silent installation by Wim Matthyssen

AzCopy is a free command-line tool that is offered by Microsoft. It allows you to easily copy and transfer data (data migration) from and to Azure storage. It is designed for high performance transfers and can be deployed on both Windows and Linux systems (separate versions). AzCopy for example allows users to copy data between a file system and a storage account, or between storage accounts. Users have the possibility to select items by specifying patterns, like wildcards or prefixes, to identify the needed files for upload or download. It currently supports Microsoft Azure Blob, File and Table storage.

To automate the download and silent installation process of this useful tool, I wrote the below PowerShell script which does all of the following:

  • Create a Temp folder on the C: drive if not already available.
  • Create an AzCopy download folder in C:\Temp if not already available.
  • Download the latest Azcopy .msi (Windows) file.
  • Install AzCopy silently without any user interaction.
  • Delete the .msi file after installation.
  • Remove the AzCopy folder.
  • Exit the PowerShell window.

 PowerShell script

clip_image002

clip_image004

clip_image006

clip_image008

If you prefer you can download the complete script from the TechNet gallery.

More information and how to use AzCopy you can find over here.

This concludes this blog post, have fun using AzCopy for moving or copying data to or between storage accounts.

Wim Matthyssen (@wmatthyssen)

PowerShell – BGInfo Automation script for Windows Server 2019

8:04 pm in BgInfo, Hyper-V, PowerShell, PowerShell Script, Sysinternals, VM Template, Windows Server 2019, WS2019 by Wim Matthyssen

Probably everyone knows the Sysinternals tool BGInfo (currently version 4.26). For those who don’t, it’s a great free tool from Microsoft which captures system information form a workstation or server (probably where it is the most useful) and displays that relevant data directly on the desktop of that particular machine. It can show useful information like, DNS settings, used IP Addresses, computer name, domain name, OS version, memory, service pack version, etc.

image

Whenever I create a new Windows Server 2019 Virtual Machine (VM) template for customers, I mostly add this tool in the base image (also called golden image) and set it so it starts up automatically whenever a user logs on to the server. To automate this process, I wrote a PowerShell script which automates the complete BGInfo installation and configuration.

This script will do all of the following:

  • Create the BGInfo folder on the C: drive if the folder does not already exist.
  • Download the latest BGInfo tool from the Sysinternals webpage.
  • Extract and cleanup the BGInfo.zip file in the BGInfo folder.
  • Download the logon.bgi file which holds the preferred settings.
  • Extract and cleanup the LogonBgi.zip file in the BGInfo folder.
  • Create the registry key (regkey) to AutoStart the BGInfo tool in combination with the logon.bgi config file.
  • Start BGInfo for the first time.
  • Exit the PowerShell window upon completion.

 

Prerequisites

  • Windows PowerShell 5.1
  • Run PowerShell as Administrator

 

PowerShell script

To use the script copy and save the above as BGInfo_Automated_Windows_Server_2019.ps1 or download it from the TechNet Gallery. Afterwards run the script with Administrator privileges from the server you wish to use for your VM template.

image

image

image

image

image

image

If you want to change any configuration setting (for example the font style or published info), just open the logon.bgi file and adjust the settings to your preferences. Click OK to save and set the new settings.

image

image

Hope this script comes in handy for you. If you have and questions or recommendations about it, feel free to contact me through my Twitter handle.

Wim Matthyssen (@wmatthyssen)

Hyper-V 2019: Configure antivirus exclusions in Windows Defender Antivirus

3:43 pm in antivirus exclusions, automatic exclusions, custom exclusions, Hyper-V, PowerShell, Windows Defender Antivirus, Windows Server, Windows Server 2019, Windows Server 2019 Hyper-V, WS2019 by Wim Matthyssen

Running a solid, constantly updated antivirus product on your Hyper-V hosts is a necessity to keep a healthy and secure virtual environment. By using Windows Defender Antivirus, the built-in antimalware solution in Windows Server 2019 you will be provided with next-gen cloud-delivered protection, which includes near-instant detection, always-on scanning and dedicated protection updates.

However, when using any antivirus software on a Hyper-V host, you also risk having issues when it is not configured properly and especially when real-time scanning (or monitoring) is enabled. This can negatively affect the overall host performance and even cause corruption of your virtual machines (VMs) or Hyper-V files.

To avoid these file conflicts and to minimize performance degradations you should implement the following recommend antivirus exclusions (directories, files and processes) on all your Hyper-V hosts, which can be found over here.

Luckily Windows Defender Antivirus automatically enrolls certain exclusions (automatic exclusions), defined by your specific server role. To determine which roles are installed on the server, Windows Defender Antivirus uses the Deployment Image Servicing and Management (DISM) tools. You should be aware that these automatic exclusions will not appear in the standard exclusion list shown in the Windows Security app.

clip_image002

Below you can find a list of the automatic exclusions for the Hyper-V role:

File type exclusions:

  • *.vhd,*.vhdx,*.avhd,*.avhdx,*.vsv,*.iso,*.rct,*.vmcx,*.vmrs

Folder exclusions:

  • %ProgramData%\Microsoft\Windows\Hyper-V
  • %ProgramFiles%\Hyper-V
  • %SystemDrive%\ProgramData\Microsoft\Windows\Hyper-V\Snapshots
  • %Public%\Documents\Hyper-V\Virtual Hard Disks

Process exclusions:

  • %systemroot%\System32\Vmms.exe
  • %systemroot%\System32\Vmwp.exe

Hyper-V Failover Cluster folder exclusions:

  • %SystemDrive%\ClusterStorage

Although the automatic exclusions include almost all recommended Hyper-V antivirus exclusions you still may need to configure additional custom exclusions. These custom exclusions will take precedence over the automatic exclusions but will not conflict if a duplicate exists.

If you prefer to disable automatic exclusions you can run the following PowerShell cmdlet.

Below you can find an additional short list of custom exclusions for a server running the Hyper-V role which you can implement if applicable to your environment. There can be even more exclusions for your specific environment.

  • Any custom virtual machine configuration or hard disk drive directories (for example E:\VMs).

clip_image004

  • Any custom replication data directories, if you’re using Hyper-V Replica.
  • The Vmsp.exe process (%systemroot%\System32\Vmsp.exe)

clip_image006

  • The Vmcompute.exe process (%systemroot%\System32\Vmcompute.exe).

clip_image008

To add these exclusions for Windows Defender Antivirus in the Windows Security app you can follow the below steps.

Open the Windows Security app by clicking the magnifier in the task bar and type defender. Select Virus & threat protection.

clip_image010

Under the Virus & threat protection settings title select Manage settings.

clip_image012

On the Virus & threat protection settings page scroll down to Exclusions setting and click on Add or remove exclusions.

clip_image014

Click Add an exclusion. Click the + icon to choose the type and set the options for each exclusion. When adding an exclusion click Yes if the User Account Control box pops up.

clip_image016

clip_image018

When all custom exclusions are added the screen will look like this.

clip_image020

To remove an added exclusion, press the down arrow next to the exclusion and click Remove.

clip_image022

You can also add these custom exclusions with the use of PowerShell (as administrator). To do so you need to run the below commands.

clip_image024

Hope this helps securing your Hyper-V hosts.

Wim Matthyssen (@wmatthyssen)

PowerShell: BgInfo Automation script for Windows Server 2012 R2

10:09 am in Bg, BgInfo, Hyper-V, PowerShell, PowerShell Script, scugbe, VM Template, Windows Server, Windows Server 2012 R2, Windows Sysinternals by Wim Matthyssen

Sometime ago I already wrote a PowerShell script to install the BgInfo tool in an automated way whenever you create a VM Template or a base image (also called golden image) for a Windows Server 2016 Virtual Machine (VM) or physical server, which can be donwloaded here. More information can be found int this previous blog post: http://scug.be/wim/2017/02/23/powershell-bginfo-automation-script/

To return to the current blog post and like you can already figure out from the title, now I also wrote a script to automate the BgInfo installation and configuration for a Windows Server 2012 R2 server (VM or physical server).

This PowerShell script will do all of the following:

  • Download the latest BgInfo tool
  • Create the BgInfo folder on the C drive
  • Extract and cleanup the BgInfo.zip file
  • Download the logon.bgi file which holds the preferred settings
  • Extract and cleanup the LogonBgi.zip file
  • Create the registry key (regkey) to AutoStart the BgInfo tool in combination with the logon.bgi config file
  • Start the tool for the first time
  • Set to start up automatically whenever a user logs on to the server

 

Prerequisites

Windows PowerShell 4.0

 

PowerShell script

To use the script copy and save the above as BgInfo_Automated_WS2012_R2_v1.0.ps1, or whatever name you prefer. Afterwards run the script with Administrator privileges from the server you wish to use for your VM template or physical base image. If you want to change configuration settings, just open the logon.bgi file and adjust the settings to your preferences.

This PowerShell script can also found on the TechNet Gallery: https://gallery.technet.microsoft.com/PowerShell-BgInfo-07ade714

image

image

image

image

image

Hope this script comes in handy for you. If you have and questions or recommendations, please feel free to contact me through my twitter handle.

Wim Matthyssen (@wmatthyssen)

PowerShell: Download Microsoft Azure, Cloud and Enterprise Symbol / Icon set for Visio

12:14 pm in Azure, Microsoft Azure, Microsoft CloudnEnterprise Symbols, Microsoft Visio, PowerShell, Visio, Visio Stencil by Wim Matthyssen

 

The Microsoft Azure, Cloud and Enterprise Symbol / Icon Set package is available as a free download from Microsoft and includes icons for almost all Azure services and Microsoft cloud related technologies currently available. These icons and PNG files come in handy when making visual representations in Azure related architectural designs or when making project documentation to deliver to a customer.

To automate the download and install process of this useful package, I wrote the below PowerShell script which does all of the following:

  • Download the Microsoft_CloudnEnterprise_Symbols_v2.7.zip file
  • Extract the ZIP file to the My Shapes folder (the My Shapes folder is the default-working folder for Visio and is created during the installation of Visio).
  • Delete the ZIP file after extraction.

Before running the script, you should keep the following things in mind:

  • The script will exit if the My Shapes folder does not exist, the advice I would give is to install Visio first before using the Symbols package.
  • The script will exit if the Symbols package v2.7 is already installed in the My Shapes folder.
  • The symbol package itself is supported on the following Operation Systems: Windows 10, Windows 7, Windows 8 and Windows 8.1
  • You should remove any previous version of the symbol set so you can avoid duplicate and deprecated symbols.

PowerShell script

If you prefer you can download the complete script from the TechNet gallery.

clip_image002

clip_image004

clip_image006

Use with Visio

To use these stencils with Visio, open Visio and create a new Blank Drawing or use any other available template. Select More Shapes – My Shapes – Microsoft_CloudnEnterprise_Symbols_v2.7KP – Symbols and select any of the available choices.

clip_image008

clip_image010

Use with Word

To use the .PNG files with Word, open Word and create a new Blank document. Select Insert – Pictures and browse to your My Shapes folder. Open the Symbols folder located under the Microsoft_CloudnEnterprise_Symbols_v2.7KP folder. Browse to a PNG folder located under any of the shown folders and there you can find all available .PNG files.

clip_image012

clip_image014

clip_image016

clip_image018

clip_image020

This concludes this blog post, have fun using all these Azure symbols to visual enhance your Visio or Word cloud designs.

Wim Matthyssen (@wmatthyssen)

Azure Backup Server: Remove Unprotected computers with protection agent installed

8:36 am in Azure Backup Server, MABS, MABS v2, Microsoft Azure Backup Server, Microsoft Azure Backup Server v2, PowerShell by Wim Matthyssen

While doing maintenance on a customer’s Azure Backup Server (MABS), I was unable to remove some unprotected computers in the MABS console. The Remove resulted in a fail and the error page didn’t show a direct reason why this occurred.

clip_image002

clip_image004

clip_image006

clip_image008

But no worries, this is where PowerShell came into the rescue to force the removal of the broken agent from the DPMDB database. Take notice that this solution will not uninstall the protection agent from the (un)protected computer. When required, you still need to uninstall that agent manually.

Open the DPM Management Shell and run the following command, it will prompt you for the rest of the parameters one at a time (always use the FQDN name for both parameters).

You can also run this command with all paramaters already filled in. Just replace [DPMServerName] with the name of the MABS server and [ProtectedComputerName] with the name of the (un)protected computer that must be removed.

image

Like you can see the agent(s) are now removed from the MABS console.

clip_image012

Hope it helps.

Wim Matthyssen (@wmatthyssen)

MABS v2: Unable to install DPM Remote Administration console on a W2K8 R2 SP1 server because mi.dll is missing

9:32 am in Azure, Azure Backup, Azure Backup Server, DPM Remote Administration, mi.dll, Microsoft Azure Backup Server, Microsoft Azure Backup Server v2, PowerShell, WMF 5.1 by Wim Matthyssen

While installing the DPM Remote Administrator console on a Windows Server 2008 R2 SP1 (W2K8 R2 SP1) for remote administration of a customers Microsoft Azure Backup Server (MABS) v2, I stumbled upon the below error message, which resulted in the setup being aborted:

The Program can’t start because mi.dll is missing from your computer. Try reinstalling the program to fix this problem.

clip_image002

This error shows up because one of the following requirements is not installed: Windows Management Framework 4.0, .NET Framework 4.0 or Visual C++ Redistributable for Visual Studio 2012 Update 4

needs to be installed to be able to deploy the DPM Remote Administration console on a W2K8 R2 server.

To fix the issue, I checked if all latest Windows Updates were installed. Afterwards I installed the Windows Management Framework 5.1 (WMF 5.1), .NET Framework 4.0 and the Visual C++ Redistributable for Visual Studio 2012 Update 4 on the W2K8 R2 SP1 server, which can be downloaded from the link above. To ease up and to automate the installation, you can use the below PowerShell script (copy and/or save as .ps1) to get things downloaded somewhat faster.

clip_image004

When the C:\Temp folder opens after the downloads, run Install-WMF5.1.ps1. (PowerShell window with Administrator privileges) to install WMF 5.1

clip_image006

clip_image008

clip_image010

clip_image012

Before rebooting, also run the two other packages, dotNetFx40_Full_setup.exe and vcredist_x64.exe (if required). When done reboot the server.

clip_image014

When the server is rebooted, check if mi.dll exists under C:\Windows\System32.

clip_image016

You can now start Setup.exe (Microsoft Azure Backup Server folder) and start the DPM Remote Administration installation.

clip_image018

clip_image020

Hope this post helps whenever you face the same problem.

Wim Matthyssen (@wmatthyssen)

MABS v2: Error [0x8007007b] when performing a System State Backup on a DC running on a VMware VM

8:33 am in Azure, Azure Backup, Azure Backup Server, Cloud, Error [0x8007007b], MABS, MABS v2, Power, PowerShell, VMware by Wim Matthyssen

While configuring a Microsoft Azure Backup Server (MABS) v2 at a customer site, I encountered a problem while performing a System State Backup of their domain controllers (DC’s). The Protection Status showed Replica is inconsistent.

clip_image002

When looking in the Monitoring tab, following detailed message is show:

DPM cannot create a backup because Windows Server Backup (WSB) on the protected computer encountered an error (WSB Event ID: 517, WSB Error Code: 0x605A140).(ID 30229 Details: Internal error code: 0x8099ED0)

clip_image002[6]

Because the first part of making a System State Backup is done by the local Windows Server Backup (WSB) feature, logon to the protected server and open Windows Server Backup (Server Manager – Tools – Windows Server Backup). There a message was shown indicating that the last backup has Failed.

clip_image006

To view the error message a bit more in detail, open the Windows Server backup log file (with the exact date and timestamp) located in C:\Windows\Logs\WindowsServerBackup.

clip_image008

In the log file the following error message was shown:

Error in backup of C:\windows\\systemroot\ during enumerate: Error [0x8007007b] The filename, directory name, or volume label syntax is incorrect.

clip_image010

When looking in the Event Viewer (Application log) I could also find the following errors (CAPI2 – 513, Backup – 517):

Event ID 513

Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:

AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:

Access is denied.

Event ID 517

The backup operation that started at ‘‎2017‎-‎11‎-‎16T15:16:22.000076700Z’ has failed with following error code ‘0x80780049′ (None of the items included in backup were backed up.). Please review the event details for a solution, and then rerun the backup operation once the issue is resolved.

clip_image012

clip_image014

Because all those errors descriptions do not really tell you what exactly is going wrong causing the backup to fail, you need to use the Diskshadow command-line tool to determine if there is an issue with the functionality of the VSS service or any of the application independent VSS writers.

To open the Diskshadow tool interface start PowerShell with elevated privileges and enter the below commands to write the output to a logfile.

clip_image016

When the logfile (c:\out.txt) is created open it with notepad and search for \\.

clip_image018

clip_image020

In my case, I found out there was an issue with the vsock.sys driver, which is part of the VMware vSockets Service and which is usually located in the C:\Windows\system32\drivers folder.

To fix the issue open the Registry Editor and go to the following location, HKLM\system\controlset001\services\vsock and changed the Start value to 1.

clip_image022

clip_image024

clip_image026

Also change the ImagePath entry from \SystemRoot\system32\DRIVERS\vsock.sys to system32\DRIVERS\vsock.sys.

clip_image028

clip_image030

When you have changed all those registry keys, logon to your MABS server and right click the failed System State backup and Perform a consistency check… (be aware that this could take a while). If the fix also solved your issue it would show OK when completed.

clip_image032

clip_image034

Hope this helps whenever you face the same error in your MABS environment. If you have any questions feel free to contact me trough my Twitter handle.

Wim Matthyssen (@wmatthyssen)

How to run the Hyper-V role on a VMware VM

10:16 am in Hyper-V, MABS v2, Nested Virtualization, PowerShell, VMware, Windows Server 2016 by Wim Matthyssen

When you install Microsoft Azure Backup Server (MABS) v2 on a Windows Server 2016, one of the prerequisites (MABS v2 prerequisites installation script) is that you install the Hyper-V role and the Hyper-V PowerShell feature.

However, while I was installing a new MABS v2 for a customer on a VMware VM (vSphere 6.5), I encountered following errors in the Hyper-V event log (41, 15350, 15340) after the Hyper-V role was installed.

Event 41 showed the following error message:

Hypervisor launch failed, Either VMX not present or not enabled in BIOS.

clip_image002

When I ran the Get-WindowsFeature in PowerShell it seemed Hyper-V was installed correctly. But this was not the case.

clip_image004

To fix the errors and get Hyper-V running like it should you need to enable Nested Virtualization for the VMware VM. To do so, shut down the VM and open the Virtual Machine Settings. Then go the Virtual Hardware tab and open the CPU options. There you need to check the box Expose hardware assisted virtualization to the guest OS. Also set CPU/MMU Virtualization to Hardware CPU and MMU.

clip_image006

When you now start the VM all Hyper-V related errors should be gone and all necessary Hyper-V services should be running.

clip_image008

clip_image010

Hope this blog post will help you whenever you need to setup Hyper-V on a VMware VM.

Wim Matthyssen (@wmatthyssen)