Doing IT Virtual

If you are interested in having a look at Live Migration coming in Windows Server 2008 R2 Hyper-V, take a look:

More short videos are available at http://www.microsoft.com/presspass/events/virtualization/default.mspx.

VirtualizationAdmin.com has posted Part I of my three part article that covers performing a server virtualization assessment with MAP 3.1. If you are interested in assessing your traditional infrastructure with the goal of developing a basic server virtualization plan, you should read this article.

In Part II and III to be posted in the near future, you will learn how MAP 3.1 (available for download from the Microsoft site) can assist you in your endeavors. I will post other entries when these are published on the VirtualizationAdmin.com site.

For those who took the Microsoft Beta Exam 71-652, check your MCP transcript or email to learn whether or not you passed the test. I received this email yesterday, and the result was posted today on the MCP site:

Thank you for taking beta exam 71-652: TS: Windows Server Virtualization, Configuring. We are writing to let you know that your results are being processed and are not yet available from Prometric or Microsoft.

The exam was released in its live form on August 25, 2008. Although, in general, we hope to make beta results available on or before the release of the live exam, delays or changes to the process are inherent in a beta. In this case, the processing of your individual scores was delayed beyond the exam release date, and we wanted to let you know the status of your scores to hopefully avoid any confusion or frustration on your part.

To learn more about the beta process, please visit: http://www.microsoft.com/learning/mcpexams/status/beta.mspx.

We anticipate that your scores will be available within a few weeks, but we are not able to provide an exact date. There is no action required on your part; your scores will be available at Prometric and on your Microsoft transcript as soon as our processing is complete. Thank you for your patience.

We sincerely appreciate the contribution you make as a beta tester in the Microsoft Certification program.

Regards,

The Microsoft Certification team

VirtualizationAdmin.com has posted my article on Integration Services. If you want to understand why you should install Integration Services in your guest OS, read this article. In it, I also review the installation process and the supported guest operating systems.

I have recently written an article for the VirtualizationAdmin.com site that reviews the basics of Hyper-V snapshots, the files associated with a snapshots, and how to use the snapshot Revert functionality. Check out the article and send any feedback/questions to me. I will be writing a follow-up article on using the snapshot Apply and Delete functionality in Hyper-V in the next few months.

I will be writing content for the TechGenix VirtualizationAdmin.com site. Chapter 7 of our Microsoft Virtual Server 2005 R2 Resource Kit is currently posted on the site at http://www.virtualizationadmin.com/articles-tutorials/general-virtualization-articles/microsoft-virtual-server-2005-r2-resource-kit-chapter7-practices-configuration-performance-tuning-.html.

I have a video and article on Hyper-V snapshots that will be posted soon and will provide an update to the link.

The book has been officially announced – here is the link: http://www.microsoft.com/MSPress/books/11842.aspx.

The publication date is planned for 12/17/2008.

AMD-Virtualization (AMD-V) provides a Secure Virtual Machine (SVM) processor architecture that allows software vendors to implement secure virtualization solutions and reduce software code complexity. Here are AMD-V SVM architecture highlights commonly mentioned with reference to virtualization software:

• Host Mode - allows a hypervisor, or more generically a Virtual Machine Monitor (VMM), to execute with the highest level of privilege. This execution mode is sometimes referred to as Ring -1 mode.
• Guest Mode - allows a guest operating system to execute in privileged-mode (Ring 0) and the application stack running in user-mode (Ring 3).
• Eight SVM instructions - support virtualization, including VMRUN which enables the context switch, or world switch, from Host Mode to Guest Mode to load and execute a new guest operating system.
• Virtual Memory Control Block (VMCB) data structure - contains guest state information, including settings that define intercepts and instructions that cause transitions from Guest Mode to Host Mode.
• Address Space Identifier (ASID) - a unique identifier assignment in a Translation-Lookaside Buffer (TLB) to distinguish between co-existing host and guest entries and help to improve the performance of a context switch. A TLB is a processor cache that holds virtual-to-physical memory address mappings. Each processor core has an individual TLB.
• Simultaneous support for 16-bit, 32-bit, and 64-bit guest operating systems.
• Rapid Virtualization Indexing or Nested Paging - provides processor-powered translation of the guest memory address space to the host virtual address space, and finally to the host physical address space.

The Rapid Virtualization Indexing feature of the AMD-V SVM architecture is not leveraged in the initial release of Hyper-V.

You can obtain in-depth information on AMD-V, from the AMD64 Architecture Tech Docs at http://www.amd.com/us-en/Processors/DevelopWithAMD/0,,30_2252_739_7044,00.html.

Intel Virtualization Technology (Intel VT) provides a processor architecture that supports virtualization software applications through a set of extensions referred to as Virtual Machine Extensions (VMX). Here are Intel VT VMX highlights commonly mentioned with reference to virtualization software:

• VMX Root operating mode - allows a hypervisor or VMM to execute in fully privileged mode.
• VMX Non-Root operating mode - allows a guest operating system to execute in Ring 0 and the application stack in Ring 3.
• Ten VMX instructions - support virtualization, including VMLAUNCH which enables the context switch to load and execute a new guest operating system.
• Virtual Memory Control Data Structure (VMCS) - contains guest and host state information, as well as VMX control fields used to manage the transitions between VMX Root and VMX Non-Root operating modes.
• Virtual Processor Identifier (VPID) - a unique identifier assignment stored in the VMCS to distinguish between co-existing host and guest entries. TLB entries are tagged with the appropriate VPID value, reducing the impact during context switches by not requiring a flush and reload of the TLB. Simultaneous support for 16-bit, 32-bit, and 64-bit guest operating systems.
• Extended Page Tables (EPT) - provide processor-powered translation of the guest physical memory address space to the host physical address space.

Like in the case of AMD-V Rapid Virtualization Indexing, Hyper-V does not leverage the Intel VT Extended Page Tables features in the initial release. Bottom line, Intel VT and AMD-V architectures offer much similar functionality to virtualization software application developers, although their feature implementation, nomenclature, and performance may differ from each other.

Here is a reference document from Intel on this topic: http://softwarecommunity.intel.com/isn/downloads/virtualization.pdf. You can also get more detailed information on the Intel VT from the Intel 64 and IA-32 Architectures Software Developer's Manuals at http://www.intel.com/products/processor/manuals/.

This blog has been quiet recently because of the holidays and pre-planning for the development of another Microsoft virtualization technology book. I am teaming up with Robert Larson of Microsoft Consulting Services, my co-author on the Microsoft Virtual Server 2005 R2 Resource Kit book, and Microsoft Press to publish the Microsoft Windows Server 2008 Hyper-V Resource Kit book. The book plan calls for publication in the 3rd quarter of CY 2008.

If you would like to give some feedback on book topics, please send us an email at vs2005r2rk@hotmail.com.

P.S. If you did not see the comment on the DoingITVirtual home page, our Microsoft Virtual Server 2005 R2 Resource Kit book just won a "Distinguished" award (the highest level) in the annual Puget Sound Society for Technical Communication competition. We hope that the more than 1400 individuals who downloaded the sample chapters and those of you who purchased the book have found it to be a good addition to your technical library.

Virtual Server 2005 R2 Resource Kit** This official Microsoft Resource Kit provides the in-depth technical guidance on installing, configuring, administering, and supporting Virtual Server 2005 R2 with Service Pack 1 (SP1) release. Buy it at Amazon.com or Barnes and Noble.

This post is content adapted from Chapter 11 of the Microsoft Virtual Server 2005 R2 Resource Kit.

Virtual Machine in Saved State Fails to Restart After a Change in Hardware-Assisted Virtualization State

If you enable hardware-assisted virtualization in your computer BIOS and try to start a virtual machine that was previously in a saved state, the virtual machine will not start up.

When hardware-assisted virtualization is enabled, Virtual Server internal data structures differ. Therefore, saved state files that are created when hardware-assisted virtualization is disabled cannot be used to restore a virtual machine after hardware-assisted virtualization is enabled.

Resolution

In this case, the only solution is to ensure that you shut down all virtual machines prior to switching the hardware-assisted virtualization setting in your computer BIOS.

Virtual Machine in Saved State Fails During Start Up on a Different Virtual Server Host

If you move a virtual machine that is in a saved state to another Virtual Server host, your virtual machine might fail at startup. Saved state files are not compatible when moving between different processor brands (Intel, AMD) or processor steppings (Intel Northwood, Intel Prescott).

Resolution

If you need to move a virtual machine to a Virtual Server host whose motherboard contains a different processor manufacturer or processor stepping than the originating Virtual Server host, you must completely shut down the virtual machine prior to moving the files.

This post is content adapted from Chapter 11 of the Microsoft Virtual Server 2005 R2 Resource Kit.

Duplicate MAC Addresses

Of course, errors are generated when you configure and start two virtual machines with identical static media access control (MAC) addresses on the same Virtual Server host and virtual network.

If you use a single staging server to build a large number of virtual machines and change the MAC address configuration to static from dynamic for tracking purposes, the dynamic MAC address allocation system could generate a duplicate MAC address. If the Virtual Server host contains only a single physical network adapter, Virtual Server 2005 R2 assigns MAC addresses to virtual network adapters in the 00-03-FF-xx-xx-xx range, where the last two octets match the last two octets of the physical network adapter MAC address. For example, if the MAC address of the physical network card on your staging server is 00-16-31-53-32-68, Virtual Server will assign virtual network adapters a MAC address in the range 00-03-FF-xx-32-68.

If there are multiple network adapters in the physical server, the first 256 MAC addresses are allocated using the primary network adapter octet values, the next 256 MAC addresses are allocated from the second network adapter octet values, and this process continues until Virtual Server 2005 R2 has iterated through all the physical network adapters. If all network adapter octet values are exhausted, Virtual Server re-uses the first network adapter octet values.

Resolution

In general, there is no guarantee that dynamic MAC address allocation will be unique, even across multiple Virtual Server hosts. If you use a single staging server to generate virtual machines configured with static MAC address, you must institute a process to ensure that duplicate MAC addresses are identified and reconfigured prior to deployment. If you copy a virtual machine with a static MAC address to another computer that already has a virtual machine with an identical static MAC address, you must either manually or programmatically change the static MAC address of one of the virtual machines, or configure one or more of the virtual machines to use a dynamic MAC address. Virtual Server allocates a new dynamic MAC address in the following circumstances:

· A virtual machine is created.

· A virtual machine MAC address conflict is detected.

· A virtual machine is registered on a Virtual Server host.

Follow these steps to modify the virtual machine configuration to use a dynamic MAC address:

• Open the Virtual Server Administration Website.
• In Virtual Machines, click Configure and select the virtual machine from the list.
• In the virtual machine Configuration pane, click Network Adapters.
• In Ethernet (MAC) Address, select Dynamic.
• Click OK.

More Info: For additional information regarding the Virtual Server dynamic MAC address allocation algorithm, refer to http://support.microsoft.com/default.aspx/kb/888030.

This post is content adapted from Chapter 11 of the Microsoft Virtual Server 2005 R2 Resource Kit.

Stop 0x7B Error Booting from a Virtual SCSI Disk

If you reconfigure a virtual machine VHD that contains a bootable guest operating system from a virtual IDE controller to a virtual SCSI controller, you will experience a blue screen when trying to start the guest operating system. Basically, if you simply just change the virtual machine configuration by switching the VHD from IDE to SCSI-attached, the guest operating system cannot find a valid SCSI controller driver during boot. This results in a STOP: 0x0000007B error message, followed by a virtual machine restart.

Resolution

Before you can switch a bootable VHD from virtual IDE to virtual SCSI, you have to first load the SCSI controller drivers in the guest operating system. Once the guest operating system is properly configured, you can shut down the virtual machine and reconfigure the VHD to attach to a virtual SCSI controller. The following procedure assumes the Virtual Machine Additions are installed in a Windows Server 2003 guest operating system prior to performing the installation of the SCSI controller drivers:

• Open the Virtual Server Administration Website.
• In the Master Status pane, click the icon to connect to the target virtual machine.
• Once you are logged in, shut down the guest operating system and return to the Virtual Server Administration Website.
• Under Virtual Machines, click Configure and select the new target virtual machine.
• In the Virtual Machine Configuration pane, click SCSI adapters.
• Click Add SCSI Adapter (ID 7), and then click OK.
• Do not change the configuration of the bootable VHD; leave it as a virtual IDE disk.
• In the virtual machine Status pane, point to the virtual machine name and select Turn On.
• Click the icon to connect to the virtual machine and log in to the guest operating system.
• The “Found new hardware: Adaptec AIC-7870 PCI SCSI Adapter” message will display. Windows Server 2003 comes packaged with a driver for the emulated Adaptec 7870 SCSI controller, so you will need a CD or ISO to load the aic78xx.sys driver file.
• When the driver is installed, the virtual machine is configured to boot from SCSI, but the driver is a slow SCSI driver.
• To load an accelerated SCSI controller driver, open Device Manager in the guest operating system.
• Expand the SCSI and RAID controllers section.
• Right-click the SCSI Controller and choose Update Driver.
• On the Welcome To The Hardware Update Wizard page, click No, Not This Time and then click Next.
• On the next page, select Install From A List Or Specific Location (Advanced) and then click Next.
• Select Don’t Search, I Will Choose The Driver To Install, and then click Next.
• Click Have Disk.
• Browse to C:\Program Files\Virtual Machine Additions, click Open, and then click OK.
• Under Model, highlight the Microsoft Virtual Machine PCI SCSI Controller driver and then click Next to install the optimized SCSI controller driver.
• On the Completing The Hardware Update Wizard page, click Finish.
• Shut down the guest operating system.
• Back in the virtual machine configuration pane, click Hard Disks.
• In the Attachment drop-down list, select SCSI 0 ID 0 and then click OK.
• Turn on the virtual machine.

Note: A virtual machine can boot only from a VHD attached to the first virtual SCSI adapter. This adapter is identified as SCSI 0.

This post is content adapted from Chapter 11 of the Microsoft Virtual Server 2005 R2 Resource Kit.

Stop Error on x64 Windows Operating System with AMD-V

If you are installing Virtual Server 2005 R2 SP1 on a computer with AMD-V, AMD’s hardware-assisted virtualization, which uses an x64 version of Windows Server 2003 or Windows XP as the host operating system, you will experience a stop error and restart of the host operating system. This occurs because the x64 versions of these Windows operating systems protect a critical system register that Virtual Server 2005 R2 SP1 attempts to modify during installation to enable hardware-assisted virtualization support.

Resolution

This issue is resolved by installing a hotfix prior to beginning the setup procedure for Virtual Server 2005 R2 SP1. A link to download the hotfix can be found at http://support.microsoft.com/kb/924131.

Common Administration Website Issues

One of the problems often encountered after installation of Virtual Server 2005 R2 is denied access to the Administration Website. Most common issues are easily resolved by modifying Internet Explorer options or security settings.

Blank Screen Display

One of the common issues encountered when you launch the Administration Website using the fully qualified domain name (FQDN) of the Virtual Server host (for example, http://hostname.domain.com:1024) and enter your credentials at the prompt is that only a blank screen is displayed. The FQDN is the format used in the Virtual Server Administration Website Uniform Resource Locator (URL) shortcut created under Microsoft Virtual Server in the All Programs menu. When the FQDN of the Virtual Server host name is used, Internet Explorer interprets the destination as being outside of the local intranet and does not load the page.

Resolution

This problem can be easily resolved by adding the Virtual Server Administration Website URL to the Trusted Sites zone in the Internet Explorer configuration settings. Follow these steps to modify the Internet Explorer settings:

• Open Internet Explorer and on the Tools menu, click Internet Options.
• Click the Security tab, and then click the Sites button.
• In the Add This Website To The Zone text box, type (or cut and paste) the Virtual Server Administration Website URL and then click Add.
• If it is selected, deselect the Require Server Verification (https:) For All Sites In This Zone check box.
• Click Close, and then click OK.

This post is content adapted from Chapter 11 of the Microsoft Virtual Server 2005 R2 Resource Kit.

Service Principal Name Registration Failures

A service principal name (SPN) allows Kerberos authentication to be used for services running on servers distributed across an Active Directory domain. An SPN is stored in a multivalued attribute, called servicePrincipalName, of an Active Directory computer account. At minimum, the information encapsulated in a registered SPN is the service name and the NetBIOS name, fully qualified domain name, or alias assigned to the computer that hosts the service. An SPN can also explicitly define the port number for the service and the account name under which the service runs, if it is different from the Local System or Network Service accounts. A separate SPN must be set for each host name by which the computer can be referenced. For a client machine to identify, mutually authenticate, and connect to a service, the service must have properly registered SPNs in Active Directory.

During Virtual Server 2005 R2 installation on a host that is a member of an Active Directory domain, the following SPN registrations are attempted:

· vmrc/hostname:VMRC Port

· vmrc/fully qualified hostname:VMRC Port

· vssrvc/hostname

· vssrvc/fully qualified hostname

If a Virtual Server host is unable to successfully register its SPNs in Active Directory, you will experience connection failures to the VMRC server and Administration Website on that host. When the Administration Website application attempts to connect to the Virtual Server service on another physical host, user credentials must be passed from the Administration Website to the remote Virtual Server service. This depends on the proper configuration and function of constrained delegation. Constrained delegation is the mechanism that enables an Active Directory computer or service account to perform Kerberos delegation to a well-defined and limited set of services. Because constrained delegation depends on access to properly registered SPNs in Active Directory, successful authentication to the remote Virtual Server service will fail if the SPNs are not registered. In addition, you might also encounter denied access to virtual machine resource files stored on a separate file server, since this access also depends on constrained delegation.

Resolution

If Virtual Server SPNs are not successfully registered in Active Directory, you can manually register the missing SPNs with Setspn.exe, a free utility available from Microsoft. Using Setspn.exe, you can manually add, delete, or view SPNs stored in Active Directory.

Basic Setspn.exe Commands for Virtual Server Services

View registered SPNs

• setspn -L hostname

Add Virtual Server SPNs

• setspn -A vmrc/hostname:5900
• setspn -A vmrc/fully qualified hostname:5900
• setspn -A vssrvc/hostname
• setspn -A vssrvc/fully qualified hostname

Note: If you have changed the default VMRC Server port, replace 5900 with the new port number.

Delete Virtual Server SPNs

• setspn -D vmrc/hostname:5900
• setspn -D vmrc/fully qualified hostname:5900
• setspn -D vssrvc/hostname
• setspn -D vssrvc/fully qualified hostname

Note: If you have changed the default VMRC Server port, replace 5900 with the new port number.

Note: The Setspn command-line tool is included in the Microsoft Windows Server 2003 Support Tools that can be found on the product CD or downloaded from http://www.microsoft.com/downloads. For more information on installing Windows Support Tools, see “Install Windows Support Tools” at http://go.microsoft.com/fwlink/?LinkId=62270.