Archive

Archive for November, 2010

Everything you wanted to know about Time Synchronization in Hyper-V, but were afraid to ask

 

keeping time inside of virtual machines, how Hyper-V tackles these ?

Check out here in Ben Armstrong, Microsoft Virtualization Program Manager : http://blogs.msdn.com/b/virtual_pc_guy/archive/2010/11/19/time-synchronization-in-hyper-v.aspx

How to fix the ‘Unspecified error’ (0x80004005) : Could not find a usable certificate. Windows 2008/R2

November 19, 2010 11 comments

Hi

Thanks to Dan Boldo (MSFT) and Ben Armstrong (MS Virtualisation PM), here are an explanation and the fix for the error.

Notes:

  • This error only affects VMConnect and does not affect remote desktop connections.
  •  Though this error may occur, the Hyper-V service will continue to operate.   Neither the Hyper-V host nor the running virtual machines will go offline.
  • Microsoft Virtualization Team also confirmed that this issue also affects  Windows 2008 R2 Hyper-V.
  • For Configuring Certificates for Virtual Machine Connection, please read http://technet.microsoft.com/en-us/library/ff935311(WS.10).aspx

The Error

 
Hyper-V Manager

[Main Instruction]
An error occurred while attempting to change the state of virtual machine ‘VMxxx’.

[Content]
‘VMxxx’ failed to initialize.

Could not initialize machine remoting system. Error: ‘Unspecified error’ (0x80004005).

Could not find a usable certificate. Error: ‘Unspecified error’ (0x80004005).

[Expanded Information]
‘VMxxx’ failed to initialize. (Virtual machine XXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX )

‘VMxxx’ could not initialize machine remoting system. Error: ‘Unspecified error'(0x80004005).(Virtual machine XXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX )

‘VMxxx’ could not find a usable certificate. Error: ‘Unspecified error’ (0x80004005). (Virtual machine XXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX )

The Explanation

This error is basicaly cause when the certificate expired, users couldn’t connect or start a VM and then VMMS raise an error. If you try connecting again, this will generate the same message because the certificate was still in an expired state.

The Solutions

Initial one

For Windows 2008, Microsoft introduced a fix (http://support.microsoft.com/kb/KB967902) which auto-generated a new certificate and sent the VMMS to grab it. 

The idea was to have certificates that lasted for one year and then auto-renew.

But, this fix let to another issue : “After a new Hyper-V VMMS certificate is generated, there are mouse and screen resolution issues when managing a virtual machine using the Hyper-V Manager Console”, described  in this KB http://support.microsoft.com/kb/2413735  :

  • When in one year, self-signed certificate expirees, the VMMS grabs a new one but the certificate refresh process is flawed.
  • During the refresh the user loses control of their mouse and their connection resolution drops back to default.

This problem is due the certificate refresh triggers a reset in the VMConnect RDPEncoder. It then initializes a method which puts the mouse in PS2 mode and it change the display settings to RdpEncoderDefaultxxx.

Workaround for this second issue:

  •  
    • Place the virtual machines in a saved state and then resume the virtual machines.
    • Restart the virtual machines.
 Easy when the VM is not in production environment as this that takes care of the refresh of the input and display and the problem goes away, for a year.
 
 
Proactive Workaround
What if instead one year, the new certificate lasted for decades?
 
1. Using the MakeCert utility, the below script will generate a new, self-signed certificate valid until 01/01/2050.
2. You need then point the VMMS to the new certificate :  http://technet.microsoft.com/en-us/library/ff935311(WS.10).aspx
Important Notes : 

 

The Script :

#######################################################################
# Dan Boldo (MSFT)
#

#
#define exception behavior
trap
{
  trap { continue }
  write-host -ForegroundColor Red “Unexpected Exception!`n`r”
  write-host -ForegroundColor White ($_.invocationinfo.positionmessage -replace “`n”)
  0..100 | foreach { write-host -ForegroundColor White   ((gv -ErrorAction SilentlyContinue -scope $_ myinvocation).value.positionmessage -replace “`n”) }
  write-host -ForegroundColor Red “$($_.Exception)”
  exit 1
}
$hostname = “$((gwmi win32_computersystem).dnshostname).$((gwmi win32_computersystem).domain)”
write-host “Host name found:” $hostname
function CreateCert()
{
    write-host “Creating a new certificate using makecert.exe”
    .\makecert.exe -r -pe -n “CN=$hostname” -b 01/01/2005 -e 01/01/2050 -sr LocalMachine -ss My -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.1
}
function FindCert()
{
    $t = new-object System.DateTime(2049,1,1,1,10,10)
    $certs = @(dir cert:\LocalMachine\My -recurse | ?{$_.subject -eq “CN=$hostname”} | ? { $_.NotAfter.CompareTo($t) -eq 1 })
    if($certs[0] -eq $null)
    {
        return $null;
    }
    if($certs.Length -ne 1)
    {
        write-warning “More than one certificate is found in store. Please don’t run makecert.exe multiple times.”
    }
    $certs[0];
}

#Find the certificate of interest
$cert = FindCert
if($cert -eq $null)
{
    CreateCert
    $cert = FindCert;
    if($cert -eq $null)
    {
        throw “Certificate Not Found error. Check if makecert.exe is successful or not”
    }
}
write-host “Found certificate of interest:”
write-host $cert | select NotBefore, NotAfter

#tweak system settings to let VMMS use the certificate of interest.
$thumbprint = $cert.Thumbprint 
$location = $cert.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName
$folderlocation = gc env:ALLUSERSPROFILE
$folderlocation = $folderlocation + “\Microsoft\Crypto\RSA\MachineKeys\”
$filelocation = $folderlocation + $location
icacls $filelocation /grant “*S-1-5-83-0:(R)”
$thumbprint = $cert.Thumbprint
reg add “HKLM\Software\Microsoft\Windows NT\CurrentVersion\Virtualization” /v “AuthCertificateHash” /f /t REG_BINARY /d $thumbprint

#fix loopback case.
$store = new-object System.Security.Cryptography.X509Certificates.X509Store(“Root”,”LocalMachine”)  
$store.open(“MaxAllowed”)   
$store.add($cert)   
$store.close()   

#restart vmms
net stop vmms
net start vmms

# Wait for job completion
function WaitForResult($ret)
{
  if($ret.ReturnValue -eq 0) { return; }
  if($ret.ReturnValue -ne 4096)
  {
    Throw “Error was returned from WMI call: $($ret.ReturnValue)”;
  }
  $timeout = 300; # 5 minute timeout
  while($true)
  {
    $job = [wmi]$ret.job
    if($job.JobState -eq 7) { return; }
    if($job.JobState -gt 7) { throw “Error while processing WMI job! $($job | fl * | out-string)” }

    if($timeout -le 0) { throw “Timeout while processing WMI job! $($job | fl * | out-string)” }

    $timeout -= 5;
    Sleep 5
  }
}

# get all VMs in Running state.
$vms = gwmi -n root\virtualization msvm_computersystem
$vms = $vms | where {$_.Name -ne $env:computername}
$vms = $vms | where {$_.EnabledState -eq 2}

#Save/Restore for all running VMs
foreach($vm in $vms)
{
    if($vm -ne $null)
    {
     Write-Host “Doing Save/Restore for VM:” $vm.ElementName
     WaitForResult  $vm.RequestStateChange(32769)
     WaitForResult  $vm.RequestStateChange(2)
    }
}

####################################################
# end of the script
##
 

Microsoft Exchange Server 2010 with Service Pack‏ : Solution Accelerator

Exchange Server 2010 supports a variety of infrastructure topologies that enable IT departments to deploy the messaging architecture that best suits their business needs. This guide will help organizations make informed decisions about the design of fault tolerance and scalability so that their overall requirements are met.

The guide covers these key steps in the Exchange Server 2010 infrastructure design process:

·     Defining the project scope by identifying your individual business and IT requirements for a messaging infrastructure.

·     Mapping features and functionality based on the defined scope to develop the appropriate Exchange Server 2010 design.

·     Designing the infrastructure and role requirements for the proposed Exchange Server 2010 architecture.

·     Determining the sizing, fault tolerance, and physical placement of Exchange Server 2010 roles.

The IPD Guide for Microsoft Exchange Server 2010 with Service Pack 1 can help you reduce planning time and costs, and ensure a successful rollout of Exchange Server 2010-helping your organization to more quickly benefit from this flexible and reliable platform.

 Download the beta guide here.

Private Cloud Solutions : Hyper-V Cloud Deployment Guides

November 18, 2010 4 comments

Private cloud is the implementation of cloud services on resources that are dedicated to your organization, whether they exist on-premises or off-premises with the benefits of public cloud computing—including self-service, scalability, and elasticity and the additional control and customization.

Build your own private cloud and you will have a dynamic, virtualized infrastructure with advantages including:

  • Pools of compute resources
  • Automated management
  • High-availability
  • Scale-out capabilities
  • Multi-tenancy
  • Self-service provisioning

To learn more how to build your own private cloud with Windows Server 2008 R2 Hyper-V, System Center, and the Virtual Machine Manager Self-Service Portal 2.0 using the Hyper-V Clould Deployment Guide:

Microsoft System Center Service Manager 2010 : Solution Accelerator

The Infrastructure Planning and Design (IPD) Guide for Microsoft System Center Service Manager 2010 takes the IT architect through an easy-to-follow process for successfully designing the servers and components for a System Center Service Manager implementation, resulting in a design that is sized, configured, and appropriately placed to deliver the stated business benefits, while also considering the performance, capacity, and fault tolerance of the system.

The guide covers these key steps in the System Center Service Manager infrastructure design process:

  • Defining the project scope by identifying the necessary Service Manager features, the requirements of the process management packs, and the targeted population of the organization.
  • Mapping the selected features and scope to determine the required server roles.
  • Designing the fault tolerance, configuration, and placement of the management servers, portals, and supporting SQL Server databases.

The IPD Guide for Microsoft System Center Service Manager 2010 can help you reduce planning time and costs, and ensure a successful rollout of System Center Service Manager—helping your organization to more quickly benefit from this platform for automating and adapting IT Service Management best practices such as those found in Microsoft Operations Framework (MOF) and the IT Infrastructure Library (ITIL).

Join the IPD Beta for Microsoft System Center Service Manager 2010.

Hyper-V Snapshots : How to disable the computer account from changing its secure channel password

There is a nice post by Robert Larson that explains how to make the change.

1. Open the GPO editor and go to

2. Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\

3. Enable the Domain Member: Disable machine account password changes option

or

1. Edit the Domain Member: Maximum machine account password age option

2. Increase the value from the default of 30 days to a new larger value (up to a maximum of 999 days)

Doing either of these options should keep you from getting the dreadful message that the secure channel is broken.

 To read the complete article go to http://blogs.technet.com/b/roblarson/archive/2009/11/10/dealing-with-vms-snapshots-and-the-dreaded-broken-security-channel.aspx

Dell and Microsoft have partnered to deliver cloud solutions

 

At  Microsoft’s TechEd conference in Berlin, November/2010, Germany, Dell announced the availability of several “turnkey” Hyper-V based private cloud solutions comprised of pre-tested, pre-assembled and fully-supported hardware, software and services enabling customers to easily deploy and manage their cloud infrastructures with confidence.

Dell’s new Business-Ready Configurations (BRC) consist of PowerEdge servers, EqualLogic storage arrays, PowerConnect network switches and management capabilities through Microsoft Systems Center. Through the Hyper-V Cloud Fast Track program, Dell and Microsoft are offering private cloud solutions that deliver a variety of benefits including: 

  • Faster speed to deploy private cloud infrastructures
  • Reduced risk – validated configurations
  • Choice and Flexibility – broad offering of hardware and services

To learn more, take a look here : http://en.community.dell.com/dell-blogs/enterprise/b/inside-enterprise-it/archive/2010/11/06/dell-and-microsoft-partner-to-deliver-open-turn-key-cloud-solutions.aspx