Archive for November, 2010

Everything you wanted to know about Time Synchronization in Hyper-V, but were afraid to ask

November 22, 2010 Leave a comment


keeping time inside of virtual machines, how Hyper-V tackles these ?

Check out here in Ben Armstrong, Microsoft Virtualization Program Manager :

How to fix the ‘Unspecified error’ (0x80004005) : Could not find a usable certificate. Windows 2008/R2

November 19, 2010 12 comments


Thanks to Dan Boldo (MSFT) and Ben Armstrong (MS Virtualisation PM), here are an explanation and the fix for the error.


  • This error only affects VMConnect and does not affect remote desktop connections.
  •  Though this error may occur, the Hyper-V service will continue to operate.   Neither the Hyper-V host nor the running virtual machines will go offline.
  • Microsoft Virtualization Team also confirmed that this issue also affects  Windows 2008 R2 Hyper-V.
  • For Configuring Certificates for Virtual Machine Connection, please read

The Error

Hyper-V Manager

[Main Instruction]
An error occurred while attempting to change the state of virtual machine ‘VMxxx’.

‘VMxxx’ failed to initialize.

Could not initialize machine remoting system. Error: ‘Unspecified error’ (0x80004005).

Could not find a usable certificate. Error: ‘Unspecified error’ (0x80004005).

[Expanded Information]
‘VMxxx’ failed to initialize. (Virtual machine XXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX )

‘VMxxx’ could not initialize machine remoting system. Error: ‘Unspecified error'(0x80004005).(Virtual machine XXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX )

‘VMxxx’ could not find a usable certificate. Error: ‘Unspecified error’ (0x80004005). (Virtual machine XXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX )

The Explanation

This error is basicaly cause when the certificate expired, users couldn’t connect or start a VM and then VMMS raise an error. If you try connecting again, this will generate the same message because the certificate was still in an expired state.

The Solutions

Initial one

For Windows 2008, Microsoft introduced a fix ( which auto-generated a new certificate and sent the VMMS to grab it. 

The idea was to have certificates that lasted for one year and then auto-renew.

But, this fix let to another issue : “After a new Hyper-V VMMS certificate is generated, there are mouse and screen resolution issues when managing a virtual machine using the Hyper-V Manager Console”, described  in this KB  :

  • When in one year, self-signed certificate expirees, the VMMS grabs a new one but the certificate refresh process is flawed.
  • During the refresh the user loses control of their mouse and their connection resolution drops back to default.

This problem is due the certificate refresh triggers a reset in the VMConnect RDPEncoder. It then initializes a method which puts the mouse in PS2 mode and it change the display settings to RdpEncoderDefaultxxx.

Workaround for this second issue:

    • Place the virtual machines in a saved state and then resume the virtual machines.
    • Restart the virtual machines.
 Easy when the VM is not in production environment as this that takes care of the refresh of the input and display and the problem goes away, for a year.
Proactive Workaround
What if instead one year, the new certificate lasted for decades?
1. Using the MakeCert utility, the below script will generate a new, self-signed certificate valid until 01/01/2050.
2. You need then point the VMMS to the new certificate :
Important Notes : 


The Script :

# Dan Boldo (MSFT)

#define exception behavior
  trap { continue }
  write-host -ForegroundColor Red “Unexpected Exception!`n`r”
  write-host -ForegroundColor White ($_.invocationinfo.positionmessage -replace “`n”)
  0..100 | foreach { write-host -ForegroundColor White   ((gv -ErrorAction SilentlyContinue -scope $_ myinvocation).value.positionmessage -replace “`n”) }
  write-host -ForegroundColor Red “$($_.Exception)”
  exit 1
$hostname = “$((gwmi win32_computersystem).dnshostname).$((gwmi win32_computersystem).domain)”
write-host “Host name found:” $hostname
function CreateCert()
    write-host “Creating a new certificate using makecert.exe”
    .\makecert.exe -r -pe -n “CN=$hostname” -b 01/01/2005 -e 01/01/2050 -sr LocalMachine -ss My -a sha1 -sky exchange -eku
function FindCert()
    $t = new-object System.DateTime(2049,1,1,1,10,10)
    $certs = @(dir cert:\LocalMachine\My -recurse | ?{$_.subject -eq “CN=$hostname”} | ? { $_.NotAfter.CompareTo($t) -eq 1 })
    if($certs[0] -eq $null)
        return $null;
    if($certs.Length -ne 1)
        write-warning “More than one certificate is found in store. Please don’t run makecert.exe multiple times.”

#Find the certificate of interest
$cert = FindCert
if($cert -eq $null)
    $cert = FindCert;
    if($cert -eq $null)
        throw “Certificate Not Found error. Check if makecert.exe is successful or not”
write-host “Found certificate of interest:”
write-host $cert | select NotBefore, NotAfter

#tweak system settings to let VMMS use the certificate of interest.
$thumbprint = $cert.Thumbprint 
$location = $cert.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName
$folderlocation = gc env:ALLUSERSPROFILE
$folderlocation = $folderlocation + “\Microsoft\Crypto\RSA\MachineKeys\”
$filelocation = $folderlocation + $location
icacls $filelocation /grant “*S-1-5-83-0:(R)”
$thumbprint = $cert.Thumbprint
reg add “HKLM\Software\Microsoft\Windows NT\CurrentVersion\Virtualization” /v “AuthCertificateHash” /f /t REG_BINARY /d $thumbprint

#fix loopback case.
$store = new-object System.Security.Cryptography.X509Certificates.X509Store(“Root”,”LocalMachine”)  

#restart vmms
net stop vmms
net start vmms

# Wait for job completion
function WaitForResult($ret)
  if($ret.ReturnValue -eq 0) { return; }
  if($ret.ReturnValue -ne 4096)
    Throw “Error was returned from WMI call: $($ret.ReturnValue)”;
  $timeout = 300; # 5 minute timeout
    $job = [wmi]$ret.job
    if($job.JobState -eq 7) { return; }
    if($job.JobState -gt 7) { throw “Error while processing WMI job! $($job | fl * | out-string)” }

    if($timeout -le 0) { throw “Timeout while processing WMI job! $($job | fl * | out-string)” }

    $timeout -= 5;
    Sleep 5

# get all VMs in Running state.
$vms = gwmi -n root\virtualization msvm_computersystem
$vms = $vms | where {$_.Name -ne $env:computername}
$vms = $vms | where {$_.EnabledState -eq 2}

#Save/Restore for all running VMs
foreach($vm in $vms)
    if($vm -ne $null)
     Write-Host “Doing Save/Restore for VM:” $vm.ElementName
     WaitForResult  $vm.RequestStateChange(32769)
     WaitForResult  $vm.RequestStateChange(2)

# end of the script

Microsoft Exchange Server 2010 with Service Pack‏ : Solution Accelerator

November 18, 2010 Leave a comment

Exchange Server 2010 supports a variety of infrastructure topologies that enable IT departments to deploy the messaging architecture that best suits their business needs. This guide will help organizations make informed decisions about the design of fault tolerance and scalability so that their overall requirements are met.

The guide covers these key steps in the Exchange Server 2010 infrastructure design process:

·     Defining the project scope by identifying your individual business and IT requirements for a messaging infrastructure.

·     Mapping features and functionality based on the defined scope to develop the appropriate Exchange Server 2010 design.

·     Designing the infrastructure and role requirements for the proposed Exchange Server 2010 architecture.

·     Determining the sizing, fault tolerance, and physical placement of Exchange Server 2010 roles.

The IPD Guide for Microsoft Exchange Server 2010 with Service Pack 1 can help you reduce planning time and costs, and ensure a successful rollout of Exchange Server 2010-helping your organization to more quickly benefit from this flexible and reliable platform.

 Download the beta guide here.

Private Cloud Solutions : Hyper-V Cloud Deployment Guides

November 18, 2010 4 comments

Private cloud is the implementation of cloud services on resources that are dedicated to your organization, whether they exist on-premises or off-premises with the benefits of public cloud computing—including self-service, scalability, and elasticity and the additional control and customization.

Build your own private cloud and you will have a dynamic, virtualized infrastructure with advantages including:

  • Pools of compute resources
  • Automated management
  • High-availability
  • Scale-out capabilities
  • Multi-tenancy
  • Self-service provisioning

To learn more how to build your own private cloud with Windows Server 2008 R2 Hyper-V, System Center, and the Virtual Machine Manager Self-Service Portal 2.0 using the Hyper-V Clould Deployment Guide:

Microsoft System Center Service Manager 2010 : Solution Accelerator

November 18, 2010 Leave a comment

The Infrastructure Planning and Design (IPD) Guide for Microsoft System Center Service Manager 2010 takes the IT architect through an easy-to-follow process for successfully designing the servers and components for a System Center Service Manager implementation, resulting in a design that is sized, configured, and appropriately placed to deliver the stated business benefits, while also considering the performance, capacity, and fault tolerance of the system.

The guide covers these key steps in the System Center Service Manager infrastructure design process:

  • Defining the project scope by identifying the necessary Service Manager features, the requirements of the process management packs, and the targeted population of the organization.
  • Mapping the selected features and scope to determine the required server roles.
  • Designing the fault tolerance, configuration, and placement of the management servers, portals, and supporting SQL Server databases.

The IPD Guide for Microsoft System Center Service Manager 2010 can help you reduce planning time and costs, and ensure a successful rollout of System Center Service Manager—helping your organization to more quickly benefit from this platform for automating and adapting IT Service Management best practices such as those found in Microsoft Operations Framework (MOF) and the IT Infrastructure Library (ITIL).

Join the IPD Beta for Microsoft System Center Service Manager 2010.

Hyper-V Snapshots : How to disable the computer account from changing its secure channel password

November 16, 2010 Leave a comment

There is a nice post by Robert Larson that explains how to make the change.

1. Open the GPO editor and go to

2. Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\

3. Enable the Domain Member: Disable machine account password changes option


1. Edit the Domain Member: Maximum machine account password age option

2. Increase the value from the default of 30 days to a new larger value (up to a maximum of 999 days)

Doing either of these options should keep you from getting the dreadful message that the secure channel is broken.

 To read the complete article go to

Dell and Microsoft have partnered to deliver cloud solutions

November 9, 2010 Leave a comment


At  Microsoft’s TechEd conference in Berlin, November/2010, Germany, Dell announced the availability of several “turnkey” Hyper-V based private cloud solutions comprised of pre-tested, pre-assembled and fully-supported hardware, software and services enabling customers to easily deploy and manage their cloud infrastructures with confidence.

Dell’s new Business-Ready Configurations (BRC) consist of PowerEdge servers, EqualLogic storage arrays, PowerConnect network switches and management capabilities through Microsoft Systems Center. Through the Hyper-V Cloud Fast Track program, Dell and Microsoft are offering private cloud solutions that deliver a variety of benefits including: 

  • Faster speed to deploy private cloud infrastructures
  • Reduced risk – validated configurations
  • Choice and Flexibility – broad offering of hardware and services

To learn more, take a look here :

Hyper-V Cloud Program

November 9, 2010 Leave a comment

To help you deploy commercial private and public clouds based on Windows Server 2008 R2 Hyper-V, System Center, and related products, Microsoft offers a set of programs and initiatives called Hyper-V Cloud. These programs can help you:

Microsoft is also investing in a set of engagements to help customers with IaaS assessments, proofs-of-concept, and deployments with help from our partners or Microsoft Services. The investments are designed to help reduce the risk, cost, and time associated with testing and deploying a cloud environment.

Hyper-V Cloud Fast Track Partners

 Get an infrastructure as a service private cloud with a pre-validated configuration from server partners in the Hyper-V Cloud Fast Track. Offerings from the Fast Track program combine Microsoft software; consolidated guidance; validated configurations from OEM partners for compute, network, and storage; and value-added software components.

Hyper-V Cloud Fast Track partner offerings provide flexibility and choice while reducing risk and increasing the speed of deployment. Read the solution briefs below to learn about the available options from each partner.

For Dell solution, click here

Physical to Virtual (P2V) Migration : Download

November 9, 2010 Leave a comment

 Microsoft P2V Migration for Software Assurance automates the delivery of an updated and personalized Windows 7 operating system while backing up and converting the legacy Windows XP or later desktop and its applications for seamless use within Windows 7. P2V Migration supports both native Microsoft Deployment Toolkit (MDT) Lite Touch Installation as well as Microsoft System Center Configuration Manager 2007 Zero Touch Installation.

System Requirements

  • Supported Operating Systems:Windows 7;Windows Vista;Windows XP

To install P2VMigration.msi:

  1. Double-lick the P2VMigration.msi.
  2. Accept the Microsoft Software License Terms.
  3. Follow the steps in the installation process to complete the installation

Download P2V Migration for Software Assurance now:

Windows 2008R2 SP1: Changes that were made to the Hyper-V Manager

November 4, 2010 Leave a comment

In response to feedback from beta users of the service pack 1 release, Microsoft made some changes to the Hyper-V Manager and also to the virtual machine settings user interface.

There are three changes that have been made to the virtual machine settings user interface 

  • “Memory priority” is now “Memory weight”
  • The memory buffer is now configured using a text box instead of a slider.
  • Memory buffer now uses different math. 

To learn more and understand why, check here on Ben Armstrong (Virtual PC Guy  ) Blog: