Archive
Everything you wanted to know about Time Synchronization in Hyper-V, but were afraid to ask
keeping time inside of virtual machines, how Hyper-V tackles these ?
Check out here in Ben Armstrong, Microsoft Virtualization Program Manager : http://blogs.msdn.com/b/virtual_pc_guy/archive/2010/11/19/time-synchronization-in-hyper-v.aspx
How to fix the ‘Unspecified error’ (0x80004005) : Could not find a usable certificate. Windows 2008/R2
Hi
Thanks to Dan Boldo (MSFT) and Ben Armstrong (MS Virtualisation PM), here are an explanation and the fix for the error.
Notes:
- This error only affects VMConnect and does not affect remote desktop connections.
- Though this error may occur, the Hyper-V service will continue to operate. Neither the Hyper-V host nor the running virtual machines will go offline.
- Microsoft Virtualization Team also confirmed that this issue also affects Windows 2008 R2 Hyper-V.
- For Configuring Certificates for Virtual Machine Connection, please read http://technet.microsoft.com/en-us/library/ff935311(WS.10).aspx
The Error
Hyper-V Manager[Main Instruction]
An error occurred while attempting to change the state of virtual machine ‘VMxxx’.[Content]
‘VMxxx’ failed to initialize.Could not initialize machine remoting system. Error: ‘Unspecified error’ (0x80004005).
Could not find a usable certificate. Error: ‘Unspecified error’ (0x80004005).
[Expanded Information]
‘VMxxx’ failed to initialize. (Virtual machine XXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX )‘VMxxx’ could not initialize machine remoting system. Error: ‘Unspecified error'(0x80004005).(Virtual machine XXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX )
‘VMxxx’ could not find a usable certificate. Error: ‘Unspecified error’ (0x80004005). (Virtual machine XXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX )
The Explanation
This error is basicaly cause when the certificate expired, users couldn’t connect or start a VM and then VMMS raise an error. If you try connecting again, this will generate the same message because the certificate was still in an expired state.
The Solutions
Initial one
For Windows 2008, Microsoft introduced a fix (http://support.microsoft.com/kb/KB967902) which auto-generated a new certificate and sent the VMMS to grab it.
The idea was to have certificates that lasted for one year and then auto-renew.
But, this fix let to another issue : “After a new Hyper-V VMMS certificate is generated, there are mouse and screen resolution issues when managing a virtual machine using the Hyper-V Manager Console”, described in this KB http://support.microsoft.com/kb/2413735 :
- When in one year, self-signed certificate expirees, the VMMS grabs a new one but the certificate refresh process is flawed.
- During the refresh the user loses control of their mouse and their connection resolution drops back to default.
This problem is due the certificate refresh triggers a reset in the VMConnect RDPEncoder. It then initializes a method which puts the mouse in PS2 mode and it change the display settings to RdpEncoderDefaultxxx.
Workaround for this second issue:
-
-
Place the virtual machines in a saved state and then resume the virtual machines.
-
Restart the virtual machines.
-
Important Notes :
- This will restart the VMMS and affect all running VMs on that host.
- Save as ps1
- Make sure you have MakeCert on the host
- For more information on how to obtain Makecert.exe, please visit the following Microsoft web site: http://msdn.microsoft.com/en-us/library/aa386968(VS.85).aspx
The Script :
#######################################################################
# Dan Boldo (MSFT)
#
#
#define exception behavior
trap
{
trap { continue }
write-host -ForegroundColor Red “Unexpected Exception!`n`r”
write-host -ForegroundColor White ($_.invocationinfo.positionmessage -replace “`n”)
0..100 | foreach { write-host -ForegroundColor White ((gv -ErrorAction SilentlyContinue -scope $_ myinvocation).value.positionmessage -replace “`n”) }
write-host -ForegroundColor Red “$($_.Exception)”
exit 1
}
$hostname = “$((gwmi win32_computersystem).dnshostname).$((gwmi win32_computersystem).domain)”
write-host “Host name found:” $hostname
function CreateCert()
{
write-host “Creating a new certificate using makecert.exe”
.\makecert.exe -r -pe -n “CN=$hostname” -b 01/01/2005 -e 01/01/2050 -sr LocalMachine -ss My -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.1
}
function FindCert()
{
$t = new-object System.DateTime(2049,1,1,1,10,10)
$certs = @(dir cert:\LocalMachine\My -recurse | ?{$_.subject -eq “CN=$hostname”} | ? { $_.NotAfter.CompareTo($t) -eq 1 })
if($certs[0] -eq $null)
{
return $null;
}
if($certs.Length -ne 1)
{
write-warning “More than one certificate is found in store. Please don’t run makecert.exe multiple times.”
}
$certs[0];
}
#Find the certificate of interest
$cert = FindCert
if($cert -eq $null)
{
CreateCert
$cert = FindCert;
if($cert -eq $null)
{
throw “Certificate Not Found error. Check if makecert.exe is successful or not”
}
}
write-host “Found certificate of interest:”
write-host $cert | select NotBefore, NotAfter
#tweak system settings to let VMMS use the certificate of interest.
$thumbprint = $cert.Thumbprint
$location = $cert.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName
$folderlocation = gc env:ALLUSERSPROFILE
$folderlocation = $folderlocation + “\Microsoft\Crypto\RSA\MachineKeys\”
$filelocation = $folderlocation + $location
icacls $filelocation /grant “*S-1-5-83-0:(R)”
$thumbprint = $cert.Thumbprint
reg add “HKLM\Software\Microsoft\Windows NT\CurrentVersion\Virtualization” /v “AuthCertificateHash” /f /t REG_BINARY /d $thumbprint
#fix loopback case.
$store = new-object System.Security.Cryptography.X509Certificates.X509Store(“Root”,”LocalMachine”)
$store.open(“MaxAllowed”)
$store.add($cert)
$store.close()
#restart vmms
net stop vmms
net start vmms
# Wait for job completion
function WaitForResult($ret)
{
if($ret.ReturnValue -eq 0) { return; }
if($ret.ReturnValue -ne 4096)
{
Throw “Error was returned from WMI call: $($ret.ReturnValue)”;
}
$timeout = 300; # 5 minute timeout
while($true)
{
$job = [wmi]$ret.job
if($job.JobState -eq 7) { return; }
if($job.JobState -gt 7) { throw “Error while processing WMI job! $($job | fl * | out-string)” }
if($timeout -le 0) { throw “Timeout while processing WMI job! $($job | fl * | out-string)” }
$timeout -= 5;
Sleep 5
}
}
# get all VMs in Running state.
$vms = gwmi -n root\virtualization msvm_computersystem
$vms = $vms | where {$_.Name -ne $env:computername}
$vms = $vms | where {$_.EnabledState -eq 2}
#Save/Restore for all running VMs
foreach($vm in $vms)
{
if($vm -ne $null)
{
Write-Host “Doing Save/Restore for VM:” $vm.ElementName
WaitForResult $vm.RequestStateChange(32769)
WaitForResult $vm.RequestStateChange(2)
}
}
# end of the script
Microsoft Exchange Server 2010 with Service Pack : Solution Accelerator
Exchange Server 2010 supports a variety of infrastructure topologies that enable IT departments to deploy the messaging architecture that best suits their business needs. This guide will help organizations make informed decisions about the design of fault tolerance and scalability so that their overall requirements are met.
The guide covers these key steps in the Exchange Server 2010 infrastructure design process:
· Defining the project scope by identifying your individual business and IT requirements for a messaging infrastructure.
· Mapping features and functionality based on the defined scope to develop the appropriate Exchange Server 2010 design.
· Designing the infrastructure and role requirements for the proposed Exchange Server 2010 architecture.
· Determining the sizing, fault tolerance, and physical placement of Exchange Server 2010 roles.
The IPD Guide for Microsoft Exchange Server 2010 with Service Pack 1 can help you reduce planning time and costs, and ensure a successful rollout of Exchange Server 2010-helping your organization to more quickly benefit from this flexible and reliable platform.
Download the beta guide here.
Private Cloud Solutions : Hyper-V Cloud Deployment Guides
Private cloud is the implementation of cloud services on resources that are dedicated to your organization, whether they exist on-premises or off-premises with the benefits of public cloud computing—including self-service, scalability, and elasticity and the additional control and customization.
Build your own private cloud and you will have a dynamic, virtualized infrastructure with advantages including:
- Pools of compute resources
- Automated management
- High-availability
- Scale-out capabilities
- Multi-tenancy
- Self-service provisioning
To learn more how to build your own private cloud with Windows Server 2008 R2 Hyper-V, System Center, and the Virtual Machine Manager Self-Service Portal 2.0 using the Hyper-V Clould Deployment Guide:
Microsoft System Center Service Manager 2010 : Solution Accelerator
The Infrastructure Planning and Design (IPD) Guide for Microsoft System Center Service Manager 2010 takes the IT architect through an easy-to-follow process for successfully designing the servers and components for a System Center Service Manager implementation, resulting in a design that is sized, configured, and appropriately placed to deliver the stated business benefits, while also considering the performance, capacity, and fault tolerance of the system.
The guide covers these key steps in the System Center Service Manager infrastructure design process:
- Defining the project scope by identifying the necessary Service Manager features, the requirements of the process management packs, and the targeted population of the organization.
- Mapping the selected features and scope to determine the required server roles.
- Designing the fault tolerance, configuration, and placement of the management servers, portals, and supporting SQL Server databases.
The IPD Guide for Microsoft System Center Service Manager 2010 can help you reduce planning time and costs, and ensure a successful rollout of System Center Service Manager—helping your organization to more quickly benefit from this platform for automating and adapting IT Service Management best practices such as those found in Microsoft Operations Framework (MOF) and the IT Infrastructure Library (ITIL).
Join the IPD Beta for Microsoft System Center Service Manager 2010.
.jpg)
Hyper-V Snapshots : How to disable the computer account from changing its secure channel password
There is a nice post by Robert Larson that explains how to make the change.
1. Open the GPO editor and go to
2. Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\
3. Enable the Domain Member: Disable machine account password changes option
or
1. Edit the Domain Member: Maximum machine account password age option
2. Increase the value from the default of 30 days to a new larger value (up to a maximum of 999 days)
Doing either of these options should keep you from getting the dreadful message that the secure channel is broken.
To read the complete article go to http://blogs.technet.com/b/roblarson/archive/2009/11/10/dealing-with-vms-snapshots-and-the-dreaded-broken-security-channel.aspx
Dell and Microsoft have partnered to deliver cloud solutions
At Microsoft’s TechEd conference in Berlin, November/2010, Germany, Dell announced the availability of several “turnkey” Hyper-V based private cloud solutions comprised of pre-tested, pre-assembled and fully-supported hardware, software and services enabling customers to easily deploy and manage their cloud infrastructures with confidence.
Dell’s new Business-Ready Configurations (BRC) consist of PowerEdge servers, EqualLogic storage arrays, PowerConnect network switches and management capabilities through Microsoft Systems Center. Through the Hyper-V Cloud Fast Track program, Dell and Microsoft are offering private cloud solutions that deliver a variety of benefits including:
- Faster speed to deploy private cloud infrastructures
- Reduced risk – validated configurations
- Choice and Flexibility – broad offering of hardware and services
To learn more, take a look here : http://en.community.dell.com/dell-blogs/enterprise/b/inside-enterprise-it/archive/2010/11/06/dell-and-microsoft-partner-to-deliver-open-turn-key-cloud-solutions.aspx
Hyper-V Cloud Program
To help you deploy commercial private and public clouds based on Windows Server 2008 R2 Hyper-V, System Center, and related products, Microsoft offers a set of programs and initiatives called Hyper-V Cloud. These programs can help you:
- Build your own private cloud with help from the Hyper-V Cloud Deployment Guides and Hyper-V Cloud partners.
- Get a pre-validated private cloud configuration from Hyper-V Cloud Fast Track OEM partners. Hyper-V Cloud Fast Track partners have worked with Microsoft to combine hardware and software offerings based on a reference architecture for building private clouds.
- Find a service provider in the Hyper-V Cloud Service Provider Program who can host a dedicated private cloud for you.
Microsoft is also investing in a set of engagements to help customers with IaaS assessments, proofs-of-concept, and deployments with help from our partners or Microsoft Services. The investments are designed to help reduce the risk, cost, and time associated with testing and deploying a cloud environment.
Hyper-V Cloud Fast Track Partners
Get an infrastructure as a service private cloud with a pre-validated configuration from server partners in the Hyper-V Cloud Fast Track. Offerings from the Fast Track program combine Microsoft software; consolidated guidance; validated configurations from OEM partners for compute, network, and storage; and value-added software components.
Hyper-V Cloud Fast Track partner offerings provide flexibility and choice while reducing risk and increasing the speed of deployment. Read the solution briefs below to learn about the available options from each partner.
For Dell solution, click here
Physical to Virtual (P2V) Migration : Download
Microsoft P2V Migration for Software Assurance automates the delivery of an updated and personalized Windows 7 operating system while backing up and converting the legacy Windows XP or later desktop and its applications for seamless use within Windows 7. P2V Migration supports both native Microsoft Deployment Toolkit (MDT) Lite Touch Installation as well as Microsoft System Center Configuration Manager 2007 Zero Touch Installation.
System Requirements
- Supported Operating Systems:Windows 7;Windows Vista;Windows XP
- Microsoft Word or Microsoft Word Viewer 2003 (available as a free download) can be used to view Word documents
- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint File Formats (available as a free download) can be used to open, edit, and save documents, workbooks, and presentations in the file formats new to Microsoft Office
To install P2VMigration.msi:
- Double-lick the P2VMigration.msi.
- Accept the Microsoft Software License Terms.
- Follow the steps in the installation process to complete the installation
Download P2V Migration for Software Assurance now:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=14d08880-bd5e-4602-a747-2717d3f54cb2
Windows 2008R2 SP1: Changes that were made to the Hyper-V Manager
In response to feedback from beta users of the service pack 1 release, Microsoft made some changes to the Hyper-V Manager and also to the virtual machine settings user interface.
There are three changes that have been made to the virtual machine settings user interface
- “Memory priority” is now “Memory weight”
- The memory buffer is now configured using a text box instead of a slider.
- Memory buffer now uses different math.
To learn more and understand why, check here on Ben Armstrong (Virtual PC Guy ) Blog:
- http://blogs.msdn.com/b/virtual_pc_guy/archive/2010/10/29/updates-to-dynamic-memory-ui-in-sp1-rc-part-1.aspx
- http://blogs.msdn.com/b/virtual_pc_guy/archive/2010/11/01/updates-to-dynamic-memory-ui-in-sp1-rc-part-2.aspx
Recommended Books
System Center 2012 R2 Virtual Machine
System Center Virtual Machine Manager 2012 Cookbook
Cloudtidings.com 