Microsoft IT Professional Blog

It’s a wrap guys Hyper-V has officially RTM’d  final version number is 18016 and it’s available to download right now from Microsoft links are bellow, this update will go live via Windows Update on July 8th.

Hoping to hear some comments from you

Windows Server 2008 Hyper-V RTM information

Press release on Windows Server 2008 Hyper-V RTM
http://www.microsoft.com/presspass/features/2008/jun08/06-26hyperv.mspx

John Howard’s blog post about Hyper-V RTM
http://blogs.technet.com/jhoward/archive/2008/06/26/hyper-v-rtm-announcement-available-today-from-the-microsoft-download-centre.aspx

Hyper-V RTM Guest Operating System Support Note (this link will not be live until the end of the day today)
http://support.microsoft.com/kb/954958

Windows Server 2008 Hyper-V RTM download – Direct Links

Windows Server 2008 x64 Hyper-V Parent Partition RTM package
http://www.microsoft.com/downloads/details.aspx?FamilyId=F3AB3D4B-63C8-4424-A738-BADED34D24ED

Windows Server 2008 x86 Hyper-V Management RTM package
http://www.microsoft.com/downloads/details.aspx?FamilyId=6F69D661-5B91-4E5E-A6C0-210E629E1C42

Windows Vista SP1 x64 Hyper-V Management RTM package
http://www.microsoft.com/downloads/details.aspx?FamilyId=88208468-0AD6-47DE-8580-085CBA42C0C2

Windows Vista SP1 x86 Hyper-V Management RTM package
http://www.microsoft.com/downloads/details.aspx?FamilyId=BF909242-2125-4D06-A968-C8A3D75FF2AA

The MS ask the core team blog has 10 of the most asked questions during the duration of the hyper-v beta, you might want to head there and check those out, and those questions are:

1. You don’t have mouse functionality in your VM

2. Hyper-V wont install3. Import isn’t working within Hyper-V for your Virtual Server VMs

4. Hyper-V clustering

5. Snapshotting in Hyper-V

6. Virtual Networks

7. Using Hyper-V in Windows Server Core

8. Remote Management

9. Issues deploying virtual machines within a virtualized environment

10. One other virtualized hardware issue we have seen is SCSI boot

Hi all, I’ve been missing for quite some time busy with different topics.  About a month ago I became VMWare VCP certified on VI3 and today I had the opportunity to take part in the beta test for the new 70-652 Microsoft certification focusing on Hyper-V, I must say it was a definetly a very interesting exam very complete in my opinion and the foundations that I learned with VMWare helped understand some of the topics the exam outline covered when I was studying for it.

Since I can’t share with you what was in the exam due to the NDA’s you accept when you undertake any type of technical certification I’m able to share with you the materials I used for studying for it all of them freely available from different blogs or technical resources provided by Microsoft.

• Preparation Guide for Exam 70-652
• How to Install Windows Server 2008 Hyper-V
• Step-by-Step Guide to Getting Started with Hyper-V
• Windows Server 2008 Hyper-V FAQ
• Windows Virtualization Team Blog
• The Virtual PC Guy Blog
• Jose Barreto’s Blog
• Performance Tunning Guidelines for Windows Server 2008
• Windows Deployment Services Step-by-Step Guide
• Infrastructure Planning and Design Guide for Windows Virtualization

In order to complement my reading I did several labs with Hyper-V in cluster scenarios, the scenarios I used for my lab where all using iSCSI storage my scenarios where based of on this 2 posts:

• Windows Server 2008 Hyper-V failover clustering options
• How to create a Windows Server 2008 Cluster within Hyper-V using simulated iSCSI storage 

Aside from setting up a clustered enviroment I toyed around some with both System Center Virtual Machine Manager and System Center Operations Manager, I really did not have too much documentation or how to guides for these except for this:

• SCVMM How To Videos
• Clive Watson’s Weblog
• How to Integrate SCVMM and SCOM

Finally I reviewed some excellent on-demand webcasts Microsoft has available on Hyper-V and SCVMM, those are listed bellow:

• Windows Server Virtualization Under the Hood (Level 200)
• Server Virtualization  with Hyper-V Features and Architecture (Level 200)
• Managing Hyper-V (Level 200)
• Examining Virtualization with Windows Server 2008 (Level 300)
• High Availability with Hyper-V (Level 300)
• Overview of the Next Version of System Center Virtual Machine Manager Beta (Level 200)
• Jump-Start Your Virtualization Projects with Microsoft Solution Accelerators (Level 200)
• Planning for Hyper-V and Terminal Services (Level 300)
• Windows Server 2008 Server Virtualization Solution Scenario (Level 300)
  

Hope this links prove themselves useful to you when you are getting ready to understake your cert, good luck.

I’ll let you know if I passed when MS notifies me once the beta test results are out.

 Windows Networking has an article that’s worth reading regarding the top1 10 reasons (according to the author) to upgrade to Windows Server 2008, the article highlights the following 10 features:

• Server Manager and the Advanced Event Viewer
• Server Core
• Terminal Services Gateway
• Terminal Services RemoteApps
• Native IPv6 support
• Read Only Domain Controllers
• Hyper-V
• Network Access Protection (NAP)
• Secure Sockets Tunneling Protocol (SSTP)
• The Windows Advanced Firewall and Policy-based QoS

This new version of the Windows Server product provides a lot of the needed functionality and flexibility being asked for by large corporations since Windows Server 2008, if you would like more information on each of this features please feel free to go to the Windows Server 2008 Technical Library.

Today Microsoft is making the world wide launch of Windows Server 2008 and other new and exciting products such as SQL Server 2008 and the new Visual Studio 2008 development suite, with this they’ve put together the heroes happen here (HHH) campaign please go out and check the site for events Microsoft will be hosting worldwide related to the launch of these products. Also the site is shocked full of useful information to get you started with this technologies.

So you might be wondering what is a hero? A hero is each of us IT professionals who man’s the IT help desk and uses remote monitoring and managing abilities to solve the end user problems before they even notice. A hero is someone who has implemented high availability technologies to keep your business going online without leaving his families side when it counts the most (yes we’ve all been there missed birthdays, or big family events), and all of this is made possible thru some of the technologies available in Windows Server 2008. (Yes Microsoft marketing you can steal my definition)

What’s your definition of a hero? the Canadian IT Professionals blog has also a definition of what a hero is.

Hi All! sorry I’ve been away and haven’t had the opportunity to share with you some more and exciting information about the new features in Windows Server 2008, but my attention has been focused on other items. In order to re-mediate this I have some homework for you all or how should we say some assigned reading material that will help you prep on your road to success with Windows Server 2008.

The Windows Performance team in their blog over at TechNet has been posting the following articles daily since the beginning of February regarding some of the real back-end work that goes on in Windows Server 2008 when talking about topics such as printing, terminal services and some other important topics, I would like all of you to review them at your own pace and I specially recommend the ones highlighted in bold bellow as I think they are quite valuable and worthwhile.

This article series by the performance team will last a couple more days till the official release of Windows Server 2008, so I will add to the list the pending articles they will publish in the upcoming days for your personal reference.

WS2008: Upgrade Paths, Resource Limits & Registry Values
WS2008: Startup Processes and Delayed Automatic Start
WS2008: Windows Service Hardening
WS2008: Service Shutdown and Crash Handling
WS2008: Windows Error Reporting
WS2008: Dynamic Link Library Loader and Address Space Load Randomization
WS2008: Memory Management, Dynamic Kernel Addressing, Memory Priorities and I/O Handling
WS2008: The Print Services Role
WS2008: Understanding XML Paper Specification (XPS)
WS2008: Client-side Rendering
WS2008: The WSD Port Monitor
WS2008: Printer-Driver Packages
WS2008: Print Management Enhancements
WS2008: Terminal Services Architecture
WS2008: Terminal Server Management and Administration
WS2008: Network Level Authentication and Encryption
WS2008: Terminal Services Printing
WS2008: Overview of the Remote Desktop Connection (RDC) Client
WS2008: Remote Desktop Connection Architecture
WS2008: RDC Enhancements and Administrative Sessions
WS2008: Frontside Authentication and SSO
WS2008: Terminal Services RemoteApps
WS2008: Terminal Server Web Access Architecture
WS2008: Terminal Server Session Broker Overview
WS2008: Session Broker Load Balancing
WS2008: Terminal Services Gateway Overview

I will come back tomorrow to you all with a post on terminal Services on 2008 and a good point to start and then continue on reading some of the articles mentioned on this extensive list.

TIP: I normally bookmark this articles using a social bookmark aggregator such as del.icio.us or ma.gnolia.com, websites that allow you to store your bookmarks online and access them regardless of your location or the system you are using to browse the web. Be sure to check out services like this to save your personal bookmarks and save some valuable study time.

In pasts posts I’ve talked a bit about the Server Manager tool that is bundled with Windows Server 2008, that will allow you to set up, configure and monitor different roles in your server installation. Microsoft has also bundle with this new version of Windows a command line version of this tool (only available in full installs of 2008 and not in core) that allows you to:

• Install new roles/features
• List currently installed roles
• Remove server roles
• View the possible outcome of installing a new role before doing so

Also this tool allows you to automate some role installations via answer files, pretty similar (but with XML yey!) as to what we used to do in Windows Server 2003 with unattended installations. This will come in handy to setup IIS quickly in a couple of boxes after doing a fresh install of Windows Server 2008 in case you don’t have an imaging solution already in place that is more practical for these scenarios.

Let’s go quickly over some of available switches for this command line based tool and what they do.

ServerManagercmd.exe –query
Will list all of the currently installed roles (IIS, Active Directory, Terminal Services, etc.) and features (Remote Server Administration tools, telnet client, etc.)

ServeManagercmd.exe -install <role-or-feature-name>
Does pretty much what the command says it does, install a new role such as IIS or Terminal Services, however I would like to exercise a word of caution when using this tool first of all some roles require to reboot your server and you will be prompted for this afer you issue the coomand you can avoid being prompted and reload the server using this command with the -restart switch the complete syntax of this command would be ServeManagercmd.exe -install <role-or-feature-name> -restart

Also I would like to mention the fact that the role names are “case sensitive” and sometimes the name of the role is not spelled out clearly for more information on the usage of this command please review this TechNet document titled Server Manager Technical Overview Appendix.

ServeManagercmd.exe -remove <role-or-feature-name>
Pretty self-explanatory, does the same the contrary effect of install and removes roles be vary careful with this command as the possible impact it can have to you infrastructure could be severe if not used carefully and always remember run a backup before modifying anything of this importance, if it ain’t broken don’t fix it is my motto!

ServeManagercmd.exe -install <role-or-feature-name> -whatif
Provides information as to what exactly would be installed/modified when adding a role pretty useful when a role has sub-dependencies and you would like to know what else would be added to your box.

I also mentioned earlier in this post that you can create answer files for the installation of roles this is done via XML and the documentation for it is avaiable in the document I linked from TechNet above, but for a practical example of a real-world scenario I found this article titled Installing IIS 7.0 using ServerManagerCmd.exe, Additionally for all of the previously explained commands you are allowed to dump the results to an XML formatted file for your viewing pleasure in your favorite XML editor for some info on this please refer to this MSDN blog article titled using ServerManagerCmd.

Windows Networking had a feature on ServerManagerCmd that might be intersting to take a look at as a complement to this post.

Many of us have grown really fond of the computer management MMC available in Windows Server since the days of Windows Server 2000, and some got used to the Manage your Server screen in 2003 (I for one did not use it, but some IT administrators I know used it quite a bit). In Windows Server 2008 Microsoft introduced a new tool that you could consider to be the illegitimate child pumped up in steroids of both Computer Management and Manage your server called Server Manager this new tool even allows you to install additional features and roles in your server which some of us used to do in the add/remove components wizard located in control panel.

Basically Server Manager will be your one stop tool to setup server roles and provide ongoing management post initial configuration of the server. Microsoft has good write-up on Server Manager that’s not too technical and everybody can understand and pick up quickly on to start using Server Manager right from the get go.

Before moving on I might add that Server Manager will open up each and every time you log on to your server and doesn’t offer a quick and easy way to disable this behavior like the Manager your Server tool did in 2003, to get rid of this behavior simply modify this registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Server Manager with a value of 1 to disable it and 0 to re-enable it.

Server Manager is based on MMC 3.0 which allows you to have a 3 pane Window that is basically dived into a Console tree, the actual content of each branch in the tree and the actions pane related to the currently selected item. This makes administration of components really fast except that now you have a lot of information on your screen and it can get a bit overwhelming sometimes, but there’s a way of removing or resizing some of the on screen information and this is done with my new 2 favorite buttons in Server Manager which allow you to hide either the console pane or the action pane.

In my opinion the thing that really just works out fine and perfectly within server manager is the role management area, since it allows you to add/remove roles, view information about roles such as current services status, manage the roles and even stop them all from one little tool.

In the screen shot above you can see all of the different options I mentioned above for the file server role, this would be pretty much the same for other roles such as IIS and Terminal Services.

My recommendation would be use it, play around with it and it will start to grow on you quickly and you will start thinking how you lived without it in the past (for real). If you would like to do some additional reading on the Server manager please refer to the following articles:

• Windows Networking - How Longhorn Server’s Server Manager will Change Server Management
• Network World - Chapter 20: Windows Server 2008 Management and Maintenance Practices

In my next post I will talk about a bit about the console version of server manager and how you could use this version of server manager to automate part of the setup and configuration of your desired server roles.

In yesterday’s article I wanted to write about how to enable remote desktop for administration in Windows Server 2008 Core, but I thought it would be best to treat this as a separate article since the target audience for it might be different. The process to enable RDP it’s pretty straight forward and I will outline it in the following steps.

Ensure your Windows Server 2008 Core install has a valid IP address if you are unsure of this you could issue the ipconfig command to review your settings. If you are receiving an APIPA (Automatic Private IP Addressing) address tipically 169.x.x.x, you will need to configure a valid IP address on your box that is reachable in your network to do this.

Run Netsh interface IPv4 show interface the in the command prompt, this command will list the available network interfaces on your system and will provide you the Idx value of the network card you wish to configure.

In the above screenshot you see the results of this command and you only need to remember the Idx number or the complete name of the network interface you want to configure.

Now you can set the IP address of the network card with the following command netsh interface ipv4 set address name=”<ID>” source=static address=<StaticIP> mask=<SubnetMask> gateway=<DefaultGateway> and finally you add the DNS server you wish to associate with this interface if deemed appropriate with the command netsh interface ipv4 add dnsserver name=”<ID>” address=<DNSIP> index=1 if you need to add an additional DNS server issue the same comamand but modify the index to 2, 3 and so on depending on the number of DNS servers you want your interface to query.

Once this is complete you need to review the current settings for remote desktop this is done running the following command

C:\Windows\System32>cscript SCregEdit.wsf /AR /v

If you see “1″ in the script output, that means that remote desktop connections will be denied. To change that you need to run the following command

C:\Windows\System32>cscript SCregEdit.wsf /AR 0

Now we need to review the status of inbound firewall rule that manages connections via RDP port 3389, to do this we run the command netsh advfirewall firewall sho rule name=all, this command will show the status of all current rules in your list find one called RDP desktop (TCP-in), it might be useful to pipe this command with the more option to view a paused display of the output, the format for that command would be netsh advfirewall firewall sho rule name=all | more, you advance thru by pressing the spacebar and you can stop it using the control + c key sequence.

To set the rule to allow this type of traffic we issue the command netsh advfirewall firewall set rule name=”Remote Desktop (TCP-IN)” new enable=yes and that is it! We are done configuring remote desktop for administration on our core install of Windows Server 2008.

Most IT administrators want to get busy configuring their servers once they have finished doing the initial deployment of the operating system onto the bare metal box in order to do this from their cubes or offices instead of the cold data center environment and standing for hours at a time in front of a server rack they enable remote desktop for administration. To enable remote desktop for administration in Windows Server 2008 it’s quite straight forward, but to some it could be a tad complicated due to the unfamiliarity with the new server manager administration console.

To do this you need to click Enable remote desktop link that appears in the ICT screen, if you’ve closed this screen remember you can bring it up using the oobe command from the run box in the start menu, however this task can also be done more conveniently from server manager that opens every time you log into your box and also provides access to the firewall controls you might need to review in order to ensure you can establish a successful RDP connection to your fresh install of Windows Server 2008.

To enable remote desktop for administration simply hit the configure remote desktop link in the root of the server manager interface and in the system properties window that appear select either the “Allow connections from computers running any version remote desktop (less secure)” or the “Allow connections only from computers running remote desktop with Network Level Authentication (more secure)“.

Now what do these 2 options really mean? With Windows Server 2008 and Windows Vista a new remote desktop protocol was developed RDP 6.0 which brings some interesting features to the table such as:

• Maximum screen resolution of 4096×2048
• Maximum color depth increase to 32-bit color
• Support for ClearType fonts
• Support for connected USB and other peripheral devices
• Support for spanning multiple horizontally-connected monitors using the “/span” switch
• Ability to use client-side themes in remote sessions

The first option “Allow connections from computers running any version remote desktop (less secure)” allows computers with previous versions of the RDP client to connect to the server for administration however this is less secure since you can’t authenticate that you are connecting to the correct server from the client since DNS name or IP spoofing could have occurred in your network, the other option “Allow connections only from computers running remote desktop with Network Level Authentication (more secure)” allows newer RDP clients such as the one bundled with Windows Vista or Server 2008 to authenticate the identity of the server to where they are connecting to avoid any type of spoofing and having someone capture your credentials.

For more information on Network Level Authentication please refer to the post titled WS2008: Network Level Authentication and Encryption on the blog for the Enterprise Platforms Windows Server Performance Team.

If you have a system that has a legacy version of the RDP software such as the one that is bundled by default with Windows XP you can update your software to the latest version of the RDP client that benefits from Network Level Authentication by downloading it directly from Microsoft.

Once we’ve enabled remote desktop with the desired settings we can select the Windows Firewall with Advanced Security node under the configuration branch of the Server Manager utility to review the state of the firewall and ensure we can connect via RDP to our server selecting Properties from the Actions pane.

The default state for the firewall in the Windows Server 2008 family of products is On and for good reason, since statistically speaking the majority of attacks on server operating systems occurs out of the box exploiting unpatched vulnerabilities or improperly configured services. Once we’ve reviewed the state of our firewall we open up the branch titled Windows Firewall with Advanced Security and select the Inbound Rules node, under this node we will search for the Remote Desktop (TCP-in) rule and ensure that the action chosen in this rule reads “Allow the connection”, this might also be a good moment to remind you that the port on which RDP works it’s still 3389 in case you have other network considerations such as ACL’s in place in your switching and routing infrastructure that you might need to take a look at.

After this is done you can remote into your fresh install of Windows Server 2008 to do further configuration tasks.

For further information on how to configure the Windows Server 2008 firewall with the new MMC tool in server manager please refer to the article titled How to configure the new Windows Server 2008 advanced firewall MMC snap-in from one of my favorite sites Windows Networking or review the TechNet article titled Getting Started with Windows Firewall with Advanced Security in Windows Vista and Windows Server 2008.