Honolulu have been released as Windows Admin Center (WAC)

In the agile world we live in now Microsoft have released their new administration tool for servers formerly called Honolulu which was the project name and it is now by marketing named as Microsoft Windows Admin Center

I am running it on a Windows Server 2019 (core) build 17639

Using the AD module from Patrick Grünauer I can via the PowerShell remoting see viable information from the AD controller in WAC,

To manage a 2016 Hyper-V Server with WAC you need to add some features and roles

  1. Enable Remote Management.
  2. Enable File Server Role.
  3. Enable Hyper-V Module for PowerShell.

And the following OS can be managed by WAC:

Version Managed node via Server Manager Managed cluster via Failover Cluster Mgr Managed HCI cluster via HCI Cluster Mgr (preview)
Windows 10 Fall Creators Update (1709) or newer Yes (via Computer Management) N/A N/A
Windows Server 2019 (insider builds) Yes Yes Yes
Windows Server, version 1709 Yes Yes No
Windows Server 2016 Yes Yes Coming soon
Windows Server 2012 R2 Yes Yes N/A
Windows Server 2012 Yes Yes N/A

Note:

Windows Admin Center requires PowerShell features that are not included in Windows Server 2012 and 2012 R2. If you will manage Windows Server 2012 or 2012 R2 with Windows Admin Center, you will need to install Windows Management Framework (WMF) version 5.1 or higher on those servers.

Type $PSVersiontable in PowerShell to verify that WMF is installed, and that the version is 5.1 or higher.

If WMF is not installed, you can download WMF 5.1.

Windows Server (2019) vNext LTSC build 17623 released

Today the preview version of vNext LTSC (Windows Server 2019) build has been released on Windows Server Insider and now you can download and test the features and system.

Some info from the tech community site:

Extending your Clusters with Cluster Sets

“Cluster Sets” is the new cloud scale-out technology in this Preview release that increases cluster node count in a single SDDC (Software-Defined Data Center) cloud by orders of magnitude. A Cluster Set is a loosely-coupled grouping of multiple Failover Clusters: compute, storage or hyper-converged. Cluster Sets technology enables virtual machine fluidity across member clusters within a Cluster Set and a unified storage namespace across the “set” in support of virtual machine fluidity. While preserving existing Failover Cluster management experiences on member clusters, a Cluster Set instance additionally offers key use cases around lifecycle management of a Cluster Set at the aggregate.

Failover Cluster removing use of NTLM authentication

Windows Server Failover Clusters no longer use NTLM authentication by exclusively using Kerberos and certificate based authentication. There are no changes required by the user, or deployment tools, to take advantage of this security enhancement. It also allows failover clusters to be deployed in environments where NTLM has been disabled

Encrypted Network in SDN 

Network traffic going out from a VM host can be snooped on and/or manipulated by anyone with access to the physical fabric. While shielded VMs protect VM data from theft and manipulation, similar protection is required for network traffic to and from a VM. While the tenant can setup protection such as IPSEC, this is difficult due to configuration complexity and heterogeneous environments. 

Encrypted Networks is a feature which provides simple to configure DTLS-based encryption using the Network Controller to manage the end-to-end encryption and protect data as it travels through the wires and network devices between the hosts It is configured by the Administrator on a per-subnet basis.  This enables the VM to VM traffic within the VM subnet to be automatically encrypted as it leaves the host and prevents snooping and manipulation of traffic on the wire. This is done without requiring any configuration changes in the VMs themselves.

Windows Defender Advanced Threat Protection

Windows Defender ATP Exploit Guard

If you have not signed up for the insiders do so now and start playing with this new release, I am in the works of upgrading my lab!

My experience with AzureStack in a multinode setup part 6: IaaS VM and AVMA

As I described earlier I had an eval image in my marketplace that I used to provision servers and I wanted some of them to be converted so they could be correctly activated and reconfigured away from eval.

The AzureStack uses the function within Hyper-V for the VM´s that is called Automatic Virtual Machine Activation and as you can see in the device manager the device Microsoft Hyper-V Activation Component and the VM´s should have the appropriate AVMA key on them and if the host is licensed with the right key the VM will activate automatically.

On this page you can find the keys you need for the different guest-OS that it can be used with!  A Windows Server 2016 AVMA host can activate guests that run the Datacenter, Standard or Essentials editions of Windows Server 2016 and Windows Server 2012 R2.

Utilizing the DISM command I can check what license I had and then use DISM /online /Set-Edition:ServerDatacenter /ProductKey:xxxxxx-xxxx-xxxx-xxx-xxxx /AcceptEula

If you just want to change a key and not versions you can utilize the slmgr /ipk <AVMA_key> instead of the DISM!

 

Add 2016 shared vhds to VMs fail with backend SOFS running Windows 2012 R2

We are doing some work in adding functionality and found an issue today! We have quite a few workloads running on a converged setup with Hyper-V nodes accessing storage from Scale-Out File Servers.

In our lab environment we have Hyper-V running on Server 2016 and these get their storage from SOFS and they currently run 2012 R2. For ordinary VM´s that has not been a problem. Now we wanted to get the VHD Scale sets (enhanced shared VHDX) set up for guest clusters running guest OS win 2016.

The documentation says not so much more than you need storage residing on a SMB or CSV volume, but when trying to add a VHDs file we get an error stating that the SOFS server does not recognize the file format of the vhd set and think it is a reserved file for windows!

 

Using a SMB share from a bunch of 2016 Scale Out File Servers gives no errors

So upgrade those SOFS servers first and you will not run into problem 🙂

Running Honolulu on Windows Server 17079

I had Honolulu in an earlier release installed on a Windows Server Insider 17035 build and wanted to try the new feature that came in 17079 with inplace upgrade, that did not however work out as wanted and I had to run a clean VM instead! I have not looked more into why the upgrade failed, probably because the documentation said that it was supported from 1709…

Thanks to the insider system it is already a VHDx there that I could download and use and add it to my domain.

Once that was done I could add the honolulu msi into the VM with the magnificent Copy-VMFile cmdlet

And after a simple install I could connect to it from a Chrome browser! (IE is not supported)

Have fun with your testing of Honolulu!

SCVMM 2016 with cu4 can not add more than 64 vCPUs

We have some demands on BIG-ASS VM´s and in our new environment with System Center 2016 and VMM 2016 we tried to add a hardware profile with more than 64 vCPU´s as now in Hyper-V 2016 we can have a VM with 240 vCPU´s and 12 TB of ram, but that cannot be done 🙁

We have also updated with the latest SCVMM CU4 but still no success! Neither via GUI or via PowerShell!

We installed a new Preview of SCVMM 1711 to see if it was any difference and guess what! It has finally been updated but we would much rather see it also comming in a CU in the near time for VMM 2016 as we cannot deploy a preview of the semianual into production..

The gui also have been updated for a hardware profile where it clearly states that it has to be a gen2 vm and also the OS cannot be lower than 2016 for both host and vm

 

Windows Server 2016 “Core” in Azure with a [small disk]

As it is known we should use Windows Server 2016 foremost and as often as it is possible and try to not use with a “Desktop Experience” unless it is really necessary! Of course it makes total sense if you are deploying a RDS solution but if you deploy a AD DC and file servers then naaaee….

In Azure it is not just called Windows Server 2016 and searching in the marketplace you can see that there the name core is the denominator

And it kind of make sense that the Server without GUI can and should use the Small disk option that is to be used with the new managed disks so you have to dig a bit deeper and search for small and then you find those:

Deploying with CLI or powershell with a template need the right SKU to get the core :

Unfortunately Azure have the core as a name but should instead use the “Desktop Experience” on the other one instead so it was consistent with the install of regular OS deployments in a datacenters..

And the system drive is 30 GB large

happy deploying!

 

Altaro VM Backup with support for Windows Server 2016

I have been trying out the Altaro VM Backup in my lab. It is a Backup solution that have been around for quite a while but also got support for VMware which was not part of the product in the start! Quite a few companies have both Hyper-V and VMware and having different backup solutions is not viable and place a burdon on the backup admins!

They have several very nice features:

Backup and Replication features

  • Drastically reduce backup storage requirements on both local and offsite locations, and therefore significantly speed up backups with Altaro’s unique Augmented Inline Deduplication process
  • Back up live VMs by leveraging Microsoft VSS with Zero downtime
  • Full support for Cluster Shared Volumes & VMware vCenter
  • Offsite Backup Replication for disaster recovery protection
  • Compression and military grade Encryption
  • Schedule backups the way you want them
  • Specify backup retention policies for individual VMs
  • Back up VMs to multiple backup locations

Restore & Recovery features

  • Instantly boot any VM version from the backup location without affecting backup integrity.
  • Browse through your Exchange VM backup’s file system and restore individual emails
  • Granular Restore Options for full VM or individual files or emails
  • Retrieve individual files directly from your VM backups with a few clicks.
  • Fast OnePass Restores
  • Restore an individual or a group of VMs to a different host
  • Restore from multiple points in time rather than just ‘the most recent backup’
  • Restore Clones

They do also have a REST api that can be utilized for automation which in todays world is a requirement for most business because of their standardisation and automation work to get better quality and speed.

The VM Backup Installation and configuration

It is very easy to get started with Altaro VM Backup.

And once finished you can start the management console to configure the backups and also the repositories

The console is very easy to find your way around in and configure advanced settings

For the trial there are no limits so you can test it for all your VM´s in 30 days. You can also download the Free Hyper-V Backup or the VMware version. You will be able to back up 2 VMs for free forever.

Altaro has still a license that is not bound to cores or cpu and uses a host license instead!

Lets try to get SMB1 to die …. at least in my lab..

This last weekend there have been quite a buzz about the ransomware that been spreading like the plague based on the fact that there are still so many unpatched servers and clients running windows from the stone age. We can also discuss for a while why in Windows 10 and Windows server 2016 the SMB1 protocol is still enabled and needs to be turned off? One alternative could have been to say that if you want to use this 30 year protocol you would need to enable it and thus knowing the risk and taking that into account when deciding for the legacy track

One way of beeing safe is to of course turn of the computer but that works how long?

In my lab environment I have the luck to only use WIndows 2012 R2 and above, I need to get the computers from the AD and also remove the FS-SMB1 role. The quickest way is to just disable the SMB1 protocol, you know there are users in an ordinary world that kind of does not want servers to be restarted whenever and removing the feature does need a reboot…  So first disable the protocol now and then remove the role when it is time to do the magic reboot