You are browsing the archive for Windows Server 2019.

Hyper-V: Automatic Virtual Machine Activation

8:25 am in Automatic Virtual Machine Activation, AVMA, Hyper-V, PowerShell, PowerShell Direct, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 by Wim Matthyssen

 

With the release of Windows Server 2012 R2 back in 2013, Microsoft introduced a feature called Automatic Virtual Machine Activation (AVMA). AVMA handles the activation process of any of your Hyper-V virtual machines (VMs) running on a physical Hyper-V host which is properly licensed with a Windows Server Datacenter license. In this way you do not have to deal with managing the product keys for each individual VM.

The VM activation process, which binds the VMs activation to the licensed Hyper-V host, takes place during the startup process of the VM. Because the activation takes place between the VM and the Hyper-V host it resides on, you are even able to license VMs in completely isolated environments or remote locations without any Internet connection. When the guest OS is activated, it only rechecks its activation against the host until the next VM reboot, or after 7 days.

 

Requirements for AVMA

  • A Hyper-V host running a Datacenter Edition of Windows Server 2012 R2, Windows Server 2016 or Windows Server 2019. Keep in mind that if you migrate an AVMA licensed VM to a Hyper-V host which is not licensed with a Windows Server Datacenter license, the VM will become unlicensed. In this case you should replace the AVMA key in the VM with another valid non AVMA license key.
  • The Hyper-V Data Exchange Service (KVP), which is part of the Integration Services must be enabled on the VM.
  • In the VM itself the Microsoft Hyper-V Activation Component Driver should have an enabled device status and should be working properly.
  • AVMA does not work with other Virtualization Server technologies.

 

Supported Guest Operating Systems for AVMA

Only Windows Server guests are covered by AVMA. The below table shows which guests can be activated by each different Hyper-V host version. All server editions (Datacenter, Standard or Essentials) installed with Desktop Experience or Server Core can be activated.

clip_image002

*AVMA in Windows Server 2019 can also activate Windows Server version 1809, 1803 and 1709.

 

AVMA Keys

The following keys can be used to activated the specific guest operating system of a VM.

Windows Server 2019

clip_image004

Windows Server version 1809

clip_image006

Windows Server version 1803 and 1709

clip_image008

Windows Server 2016

clip_image010

Windows Server 2012 R2

clip_image012

 

Configure AVMA

1) First of all, you should verify that the Data Exchange option is enabled in the Integration Services for the VM.  To ensure this open Hyper-V Manager and right-click the VM and click on Settings…

clip_image014

2) On the Settings Windows, under Management select Integration Services and verify that Data Exchange is marked.

clip_image016

You can also use PowerShell to see if the Data Exchange service is enabled. To get a list of the running Integration Services of a VM, run the following command (replace the VM name by your own) in a PowerShell window (as Administrator) on the Hyper-V host hosting the VM:

clip_image018

To turn on the “Key-Value Pair Exchange” service when it is disabled you need to run the following command:

clip_image020

3) To install an AVMA key in a VM (in my example for a Windows Server 2019 VM), run the following command in a PowerShell window (as Administrator) on the VM.

clip_image022

*The AVMA key can also be provided during an Unattended setup using a unattend.exe setup file. In this way the key is already injected during the build phase of that particular VM.

You can also use PowerShell Direct from the Hyper-V host to activated a specific AVMA key for a VM running on the host. Open a PowerShell window (as Administrator) on the Hyper-V host and run following command:

clip_image024

clip_image026

4) You can verify the correct installation of the AVMA key, by opening All settings – Update & Security – Activation in the VM.

clip_image028

4) You can also verify the VM’s AVMA activation status on the Hyper-V host by opening the Event Viewer and searching for Event ID 12310.

clip_image030

clip_image032

clip_image034

clip_image036

I hope this blog post did learn you something about AVMA and that this feature eases your VM activation process. If you have any questions, always feel free to contact me through my twitter handle.

Wim Matthyssen (@wmatthyssen).

PowerShell – BGInfo Automation script for Windows Server 2019

8:04 pm in BgInfo, Hyper-V, PowerShell, PowerShell Script, Sysinternals, VM Template, Windows Server 2019, WS2019 by Wim Matthyssen

Probably everyone knows the Sysinternals tool BGInfo (currently version 4.26). For those who don’t, it’s a great free tool from Microsoft which captures system information form a workstation or server (probably where it is the most useful) and displays that relevant data directly on the desktop of that particular machine. It can show useful information like, DNS settings, used IP Addresses, computer name, domain name, OS version, memory, service pack version, etc.

image

Whenever I create a new Windows Server 2019 Virtual Machine (VM) template for customers, I mostly add this tool in the base image (also called golden image) and set it so it starts up automatically whenever a user logs on to the server. To automate this process, I wrote a PowerShell script which automates the complete BGInfo installation and configuration.

This script will do all of the following:

  • Create the BGInfo folder on the C: drive if the folder does not already exist.
  • Download the latest BGInfo tool from the Sysinternals webpage.
  • Extract and cleanup the BGInfo.zip file in the BGInfo folder.
  • Download the logon.bgi file which holds the preferred settings.
  • Extract and cleanup the LogonBgi.zip file in the BGInfo folder.
  • Create the registry key (regkey) to AutoStart the BGInfo tool in combination with the logon.bgi config file.
  • Start BGInfo for the first time.
  • Exit the PowerShell window upon completion.

 

Prerequisites

  • Windows PowerShell 5.1
  • Run PowerShell as Administrator

 

PowerShell script

To use the script copy and save the above as BGInfo_Automated_Windows_Server_2019.ps1 or download it from the TechNet Gallery. Afterwards run the script with Administrator privileges from the server you wish to use for your VM template.

image

image

image

image

image

image

If you want to change any configuration setting (for example the font style or published info), just open the logon.bgi file and adjust the settings to your preferences. Click OK to save and set the new settings.

image

image

Hope this script comes in handy for you. If you have and questions or recommendations about it, feel free to contact me through my Twitter handle.

Wim Matthyssen (@wmatthyssen)

Hyper-V 2019: Configure antivirus exclusions in Windows Defender Antivirus

3:43 pm in antivirus exclusions, automatic exclusions, custom exclusions, Hyper-V, PowerShell, Windows Defender Antivirus, Windows Server, Windows Server 2019, Windows Server 2019 Hyper-V, WS2019 by Wim Matthyssen

Running a solid, constantly updated antivirus product on your Hyper-V hosts is a necessity to keep a healthy and secure virtual environment. By using Windows Defender Antivirus, the built-in antimalware solution in Windows Server 2019 you will be provided with next-gen cloud-delivered protection, which includes near-instant detection, always-on scanning and dedicated protection updates.

However, when using any antivirus software on a Hyper-V host, you also risk having issues when it is not configured properly and especially when real-time scanning (or monitoring) is enabled. This can negatively affect the overall host performance and even cause corruption of your virtual machines (VMs) or Hyper-V files.

To avoid these file conflicts and to minimize performance degradations you should implement the following recommend antivirus exclusions (directories, files and processes) on all your Hyper-V hosts, which can be found over here.

Luckily Windows Defender Antivirus automatically enrolls certain exclusions (automatic exclusions), defined by your specific server role. To determine which roles are installed on the server, Windows Defender Antivirus uses the Deployment Image Servicing and Management (DISM) tools. You should be aware that these automatic exclusions will not appear in the standard exclusion list shown in the Windows Security app.

clip_image002

Below you can find a list of the automatic exclusions for the Hyper-V role:

File type exclusions:

  • *.vhd,*.vhdx,*.avhd,*.avhdx,*.vsv,*.iso,*.rct,*.vmcx,*.vmrs

Folder exclusions:

  • %ProgramData%\Microsoft\Windows\Hyper-V
  • %ProgramFiles%\Hyper-V
  • %SystemDrive%\ProgramData\Microsoft\Windows\Hyper-V\Snapshots
  • %Public%\Documents\Hyper-V\Virtual Hard Disks

Process exclusions:

  • %systemroot%\System32\Vmms.exe
  • %systemroot%\System32\Vmwp.exe

Hyper-V Failover Cluster folder exclusions:

  • %SystemDrive%\ClusterStorage

Although the automatic exclusions include almost all recommended Hyper-V antivirus exclusions you still may need to configure additional custom exclusions. These custom exclusions will take precedence over the automatic exclusions but will not conflict if a duplicate exists.

If you prefer to disable automatic exclusions you can run the following PowerShell cmdlet.

Below you can find an additional short list of custom exclusions for a server running the Hyper-V role which you can implement if applicable to your environment. There can be even more exclusions for your specific environment.

  • Any custom virtual machine configuration or hard disk drive directories (for example E:\VMs).

clip_image004

  • Any custom replication data directories, if you’re using Hyper-V Replica.
  • The Vmsp.exe process (%systemroot%\System32\Vmsp.exe)

clip_image006

  • The Vmcompute.exe process (%systemroot%\System32\Vmcompute.exe).

clip_image008

To add these exclusions for Windows Defender Antivirus in the Windows Security app you can follow the below steps.

Open the Windows Security app by clicking the magnifier in the task bar and type defender. Select Virus & threat protection.

clip_image010

Under the Virus & threat protection settings title select Manage settings.

clip_image012

On the Virus & threat protection settings page scroll down to Exclusions setting and click on Add or remove exclusions.

clip_image014

Click Add an exclusion. Click the + icon to choose the type and set the options for each exclusion. When adding an exclusion click Yes if the User Account Control box pops up.

clip_image016

clip_image018

When all custom exclusions are added the screen will look like this.

clip_image020

To remove an added exclusion, press the down arrow next to the exclusion and click Remove.

clip_image022

You can also add these custom exclusions with the use of PowerShell (as administrator). To do so you need to run the below commands.

clip_image024

Hope this helps securing your Hyper-V hosts.

Wim Matthyssen (@wmatthyssen)

Windows Server 2019 (vNext) LTSC Preview – Build 17623 available for download

7:24 pm in Build 17623, Microsoft Tech Community, Windows Server 2019, Windows Server Insider, WS2019 by Wim Matthyssen

Yesterday Microsoft announced that Windows Server 2019 would be generally available in the second half of 2018, together with System Center 2019. As expected, this next-gen (vNext) Server OS is built on top of Windows Server 2016 and will focus on the following main areas: hybrid, security, application platform and hyper-converged infrastructures. Good to know is that Windows Server 2019 is a Long-Term Servicing Channel (LTSC) release, which means it will have 5 years of mainstream support and 5 years of extended support.

Whit this announcement Microsoft also released the first preview build (17623) of Windows Server 2019 LTSC to the public, which contains both the Desktop Experience as well as the Server Core edition in all 18-server languages.

To get started with the download of this Preview build, you need to be a member of Windows Server Insider program. If you are not yet registered for this Insider program, you can do so over here. Keep in mind that you can sign up with an organization or a personal account.

clip_image002

As a registered Insider, you can head over to the Windows Server Insider Preview download page. Under available Downloads you can now download the 4.2 GB ISO file. This build, which expires on 02/06/18, requires an activation key during setup. The following keys are allowed for unlimited activations:

  • Datacenter Edition 6XBNX-4JQGW-QX6QG-74P76-72V67
  • Standard Edition MFY9F-XBN2F-TYFMP-CCV49-RMYVH

clip_image004

clip_image006

clip_image008

When downloaded you can install the Windows Server 2019 OS from the ISO image on a virtual machine (VM) or on a physical server.

clip_image010

clip_image012

Have fun testing out this build and do not forget to provide your feedback to Microsoft using the Windows Feedback Hub app, or through the Windows Server space in the Microsoft Tech community.

Wim Matthyssen (@wmatthyssen)