Preparação de VM para upload no Azure August 31, 2016
Posted by Samuel RIbeiro in Uncategorized.add a comment
Prepare Windows configuration for upload
link da documentação:
https://azure.microsoft.com/en-us/documentation/articles/virtual-machines-windows-prepare-for-upload-vhd-image/
Run all the following commands with administrative privileges.
- Remove any static persistent route on the routing table:
- To view the route table, run
route print
. - Check the Persistence Routes sections. If there is a persistent route, use route delete to remove it.
- To view the route table, run
- Remove the WinHTTP proxy:
netsh winhttp reset proxy
- Configure the disk SAN policy to Onlineall:
diskpart san policy=onlineall
- Use Coordinated Universal Time (UTC) time for Windows and set the startup type of the Windows Time (w32time) service to Automatically:
REG ADD HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation /v RealTimeIsUniversal /t REG_DWORD /d 1 sc config w32time start= auto
Configure Windows services
- Make sure that each of the following Windows services is set to the Windows default values. They are configured with the startup settings noted in the following list. You can run these commands to reset the startup settings:
sc config bfe start= auto sc config dcomlaunch start= auto sc config dhcp start= auto sc config dnscache start= auto sc config IKEEXT start= auto sc config iphlpsvc start= auto sc config PolicyAgent start= manual sc config LSM start= auto sc config netlogon start= manual sc config netman start= manual sc config NcaSvc start= manual sc config netprofm start= manual sc config NlaSvc start= auto sc config nsi start= auto sc config RpcSs start= auto sc config RpcEptMapper start= auto sc config termService start= manual sc config MpsSvc start= auto sc config WinHttpAutoProxySvc start= manual sc config LanmanWorkstation start= auto sc config RemoteRegistry start= auto
Configure Remote Desktop configuration
- If there are any self-signed certificates tied to the Remote Desktop Protocol (RDP) listener, remove them:
REG DELETE "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\SSLCertificateSHA1Hash”
For more information about configuring certificates for RDP listener, see Listener Certificate Configurations in Windows Server
- Configure the KeepAlive values for RDP service:
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v KeepAliveEnable /t REG_DWORD /d 1 /f REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v KeepAliveInterval /t REG_DWORD /d 1 /f REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstations\RDP-Tcp" /v KeepAliveTimeout /t REG_DWORD /d 1 /f
- Configure the authentication mode for the RDP service:
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 1 /f REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v SecurityLayer /t REG_DWORD /d 1 /f REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v fAllowSecProtocolNegotiation /t REG_DWORD /d 1 /f
- Enable RDP service by adding the following subkeys to the registry:
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
Configure Windows Firewall rules
- Allow WinRM through the three firewall profiles (Domain, Private and Public) and enable PowerShell Remote service:
Enable-PSRemoting -force
- Make sure that the following guest operating system firewall rules are in place:
- Inbound
netsh advfirewall firewall set rule dir=in name="File and Printer Sharing (Echo Request - ICMPv4-In)" new enable=yes netsh advfirewall firewall set rule dir=in name="Network Discovery (LLMNR-UDP-In)" new enable=yes netsh advfirewall firewall set rule dir=in name="Network Discovery (NB-Datagram-In)" new enable=yes netsh advfirewall firewall set rule dir=in name="Network Discovery (NB-Name-In)" new enable=yes netsh advfirewall firewall set rule dir=in name="Network Discovery (Pub-WSD-In)" new enable=yes netsh advfirewall firewall set rule dir=in name="Network Discovery (SSDP-In)" new enable=yes netsh advfirewall firewall set rule dir=in name="Network Discovery (UPnP-In)" new enable=yes netsh advfirewall firewall set rule dir=in name="Network Discovery (WSD EventsSecure-In)" new enable=yes netsh advfirewall firewall set rule dir=in name="Windows Remote Management (HTTP-In)" new enable=yes netsh advfirewall firewall set rule dir=in name="Windows Remote Management (HTTP-In)" new enable=yes
- Inbound and outbound
netsh advfirewall firewall set rule group="Remote Desktop" new enable=yes netsh advfirewall firewall set rule group="Core Networking" new enable=yes
- Outbound
netsh advfirewall firewall set rule dir=in name="Network Discovery (LLMNR-UDP-Out)" new enable=yes netsh advfirewall firewall set rule dir=in name="Network Discovery (NB-Datagram-Out)" new enable=yes netsh advfirewall firewall set rule dir=in name="Network Discovery (NB-Name-Out)" new enable=yes netsh advfirewall firewall set rule dir=in name="Network Discovery (Pub-WSD-Out)" new enable=yes netsh advfirewall firewall set rule dir=in name="Network Discovery (SSDP-Out)" new enable=yes netsh advfirewall firewall set rule dir=in name="Network Discovery (UPnPHost-Out)" new enable=yes netsh advfirewall firewall set rule dir=in name="Network Discovery (UPnP-Out)" new enable=yes netsh advfirewall firewall set rule dir=in name="Network Discovery (WSD Events-Out)" new enable=yes netsh advfirewall firewall set rule dir=in name="Network Discovery (WSD EventsSecure-Out)" new enable=yes netsh advfirewall firewall set rule dir=in name="Network Discovery (WSD-Out)" new enable=yes
Additional Windows configuration steps
- Run
winmgmt /verifyrepository
to confirm that the Windows Management Instrumentation (WMI) repository is consistent. If the repository is corrupted, see this blog post. - Make sure the Boot Configuration Data (BCD) settings match the following:
bcdedit /set {bootmgr} device partition=<Boot Partition> bcdedit /set {bootmgr} integrityservices enable bcdedit /set {default} device partition=<OS Partition> bcdedit /set {default} integrityservices enable bcdedit /set {default} recoveryenabled Off bcdedit /set {default} osdevice partition=<OS Partition> bcdedit /set {default} bootstatuspolicy IgnoreAllFailures
- Remove any extra Transport Driver Interface filters, such as software that analyzes TCP packets.
- To make sure the disk is healthy and consistent, run the
CHKDSK /f
command. - Uninstall all other third-party software and drivers.
- Make sure that a third-party application is not using Port 3389. This port is used for the RDP service in Azure.
- If the Windows VHD that you want to upload is a domain controller, follow these extra steps to prepare the disk.
- Reboot the VM to make sure that Windows is still healthy can be reached by using the RDP connection.
- Reset the current local administrator password and make sure that you can use this account to sign in to Windows through the RDP connection. This access permission is controlled by the “Allow log on through Remote Desktop Services” policy object. This object is located under “Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment.”
Install Windows Updates
- Install the latest updates for Windows. If that is not possible, make sure that the following updates are installed:
- KB3137061 Microsoft Azure VMs don’t recover from a network outage and data corruption issues occur
- KB3115224 Reliability improvements for VMs that are running on a Windows Server 2012 R2 or Windows Server 2012 host
- KB3140410 MS16-031: Security update for Microsoft Windows to address elevation of privilege: March 8, 2016
- KB3063075 Many ID 129 events are logged when you run a Windows Server 2012 R2 virtual machine in Microsoft Azure
- KB3137061 Microsoft Azure VMs don’t recover from a network outage and data corruption issues occur
- KB3114025 Slow performance when you access Azure files storage from Windows 8.1 or Server 2012 R2
- KB3033930 Hotfix increases the 64K limit on RIO buffers per process for Azure service in Windows
- KB3004545 You cannot access virtual machines that are hosted on Azure hosting services through a VPN connection in Windows
- KB3082343 Cross-Premises VPN connectivity is lost when Azure site-to-site VPN tunnels use Windows Server 2012 R2 RRAS
- KB3140410 MS16-031: Security update for Microsoft Windows to address elevation of privilege: March 8, 2016
- KB3146723 MS16-048: Description of the security update for CSRSS: April 12, 2016
- KB2904100 System freezes during disk I/O in Windows
- If you want to create an image to deploy multiple machines from it, you need to generalize the image by running
sysprep
before you upload the VHD to Azure. For more information about how to create a generalized image, see the following articles:
Suggested extra configurations
The following settings do not affect VHD uploading. However, we strongly recommend that you have them configured.
- Install the Azure Virtual Machines Agent. After you install the agent, you can enable VM extensions. The VM extensions implement most of the critical functionality that you want to use with your VMs like resetting passwords, configuring RDP, and many others.
- The Dump log can be helpful in troubleshooting Windows crash issues. Enable the Dump log collection:
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\CrashControl" /v CrashDumpEnabled /t REG_DWORD /d 2 /f` REG ADD "HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" /v DumpFolder /t REG_EXPAND_SZ /d "c:\CrashDumps" /f REG ADD "HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" /v DumpCount /t REG_DWORD /d 10 /f REG ADD "HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" /v DumpType /t REG_DWORD /d 2 /f sc config wer start= auto
- After the VM is created in Azure, configure the system defined size pagefile on drive D:
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management"
Dez Melhores Features no Windows Server 2016 June 13, 2015
Posted by Samuel RIbeiro in Windows Server 2016.add a comment
1. Nano Server
Without a doubt the biggest change in Windows server is the new Nano Server. Nano Server is a pared down headless version of Windows Server. Nano Server will have a 93% smaller VHD size, 92% fewer critical bulletins and 80% fewer required reboots. Nano Server is a Windows Server installation options and it’s completely headless – there’s no GUI and no command prompt. Nano Server is designed to run Hyper-V, Hyper-V cluster, and Scale-Out File Servers (SOFSs) and cloud service applications. You can find out more about Nano Server at What You Need to Know about Microsoft Nano Server.
The next biggest change in Windows Server 2016 will be support for containers. Containers are the latest buzz in IT technology as they threaten to supplant virtualization as a core IT technology. Containers enable you to isolate your applications from the underlying OS improving the deployment and reliability of those applications. Windows Server 2016 will provide two kinds of native containers: Windows Server Containers and Hyper-V Containers. Windows Server Containers are isolated from each other but they run directly on the Windows Server 2016 OS. Hyper-V Containers provide enhanced isolation by running the containers from a Hyper-V VM. The current preview release doesn’t support containers yet.3. Docker Support
Windows 20212R2 – Hyper-V virtual machine backup leaves the VM in a locked state March 21, 2015
Posted by Samuel RIbeiro in Uncategorized.add a comment
Event ID: 32022 – 0x80070016 the device does not recognize the command March 21, 2015
Posted by Samuel RIbeiro in Uncategorized.Tags: Windows 2012
add a comment
ambiente com Hyper-v Replica, a VM pausa a réplica em entra em “Error State”
visualizando o Event Viewer do host, você encontra o event ID: 32022 com o descritivo:
Hyper-v could not replica changes for virtual machine “VM01”: The device does not recognize the commendo (0x80070016)
Aplicado hotfix nos hosts do Secondary Site:https://support.microsoft.com/en-us/kb/3012714
sugiro a leitura do KB “Event IDs 19050, 32022, 32032, 32056, 32315, 32546 and 33680 are logged when Hyper-V replication is in progress”
https://support.microsoft.com/en-us/kb/2889734
“Configuration Error” for Network Adapter property when you use Failover Clustering July 3, 2014
Posted by Samuel RIbeiro in Windows 2012.add a comment
Uma dica rápida pra não perder tempo revalidando todos os VS, configurações de rede ETC no Windows 2012
esse problema ocorre somente quando você faz Live Migration e Quick MIgration com a VM desligada
no meu caso, tenho várias VMs desligadas porque são replicas 🙂
Solução: You can safely ignore this error. When the virtual machine is brought online, the adapter property is updated, and this clears the error.
Referencia: http://support.microsoft.com/kb/2918179/en-us
Limitações 2 – Scale-out File Server May 24, 2014
Posted by Samuel RIbeiro in Uncategorized, Windows 2012.Tags: Scale-out File Server, Windows 2012
add a comment
Pessoal,
mais um post da série sobre pré-requisito e limitações de features que geralmente você só descobre que os itens não funcionam ou não são suportados quando já está na implementação e ai se você não tiver feito a lição de casa de ler as documentações
o resultado é o retrabalho 🙂
Abaixo uma tabela com informações sobre usar o tradicional Cluster de File Server ou um Scale-Out File Server
no Exemplo, SOFS não é um bom negócio com DFS por exemplo
confira a documentação na integra:
You should not use Scale-Out File Server if your workload generates a high number of metadata operations, such as opening files, closing files, creating new files, or renaming existing files. A typical information worker would generate a lot of metadata operations. You should use a Scale-Out File Server if you are interested in the scalability and simplicity that it offers and if you only require technologies that are supported with Scale-Out File Server.
Máquina Virtual entra em Save State durante Backup May 5, 2014
Posted by Samuel RIbeiro in Windows 2012.Tags: backup, saved state
add a comment
Pessoal,
Abaixo segue um check-list que usei para fazer o troubleshooting e resolver os problemas Máquina Virtual que entra em Save State durante o backup
Estou considerando neste post, que o problema ocorra apenas com algumas máquinas virtuais e o host de Hyper-v esteja em ordem
além de todas as atualizações e hotfixes para Hyper-v e Cluster estarem instalados
Nesse link, você pode consultar todos os estados de uma máquina Virtual, como por exemplo a diferença entre o Save State e Pause
Managing virtual machine state
1. The VM guest needs to have Integration Services installed, enabled, and running
2. All disks involved need to be formatted with NTFS, including the disks within the VM.
3. Ensure the VMs are partitioned using ‘basic disk’ formatting. At the moment Hyper-V does not support live backup for VMs formatted using dynamic disk partitioning or GPT.
4. Windows Update with latest Updates
5. Ensure you have at least about 20% free space on each drive involved, such as the drive on the host and the VM’s main system drive.
6. (COM System Application Service, Distributed Transaction Coordinator Service, and Volume Shadow Copy Service). Also review the VM settings in Hyper-V, the ‘backup’ option needs to be checked.
7. The Volume Shadow Copy Service and related VSS services need to be enabled and running.
8. The shadow copy storage space for each drive must be available to Hyper-V VSS Writer and be located at the same volume. For instance, the storage space for drive C: needs to be on drive C: itself, and so on. Use the VSSADMIN command from the command line to check the settings. (Use: vssadmin list shadowstorage / vssadmin resize shadowstorage)
Espero que ajude
Referência: http://www.symantec.com/business/support/index?page=content&id=TECH209419
Limitações 1 – Storage Spaces – Conhecendo as configurações April 30, 2014
Posted by Samuel RIbeiro in Windows 2012.add a comment
Pessoal,
Segue um link interessante sobre as configurações, pré-requisitos e limitações do Storage spaces no Windows 2012 e Windows 2012R2
- Você sabia que Storage Spaces com controladores ISCSI e Fibre Channel não é suportado?
- Para ser utilizado Storage Space em Failover Cluster, é necessário ao menos três discos fisicos e um hotspare?
- É necessário desativar o seu RAID para utilizar o recurso
- A opção de disco com paridade é suportada apenas no Windows 2012R2
Todas essas respostas você encontra no links a seguir
Storage Spaces Frequently Asked Questions (FAQ)
Deploy Clustered Storage Spaces
um abraço
Samuel
Números do Active Directory April 28, 2014
Posted by Samuel RIbeiro in Uncategorized.add a comment
Relembrar é viver 🙂
Fazia tempo que não lia essa documentação sobre as configurações limites do AD
- Maximum Number of Objects
Maximum Number of Security Identifiers
Maximum Number of entries in Discretionary and Security Access Control Lists
Group Memberships for Security Principals
FQDN Length Limitations
File Name and Path Length Limitations
Additional Name Length Limitations
Maximum Number of GPOs Applied
Trust Limitations
Maximum Number of Accounts per LDAP Transaction
Recommended Maximum Number of Users in a Group
Recommended Maximum Number of Domains in a Forest
Recommended Maximum Number of Domain Controllers in a Domain
Recommended Maximum Kerberos Settings
Evento 50 – O W32Time registra com freqüência no Event Viewer April 27, 2014
Posted by Samuel RIbeiro in Uncategorized.add a comment
Já tive em várias ocasiões esse log, mesmo com a hierarquia de NTP estar funcionando normalmente
Segue uma dica rápida que utilizo para elimiar esse evento
a grande questão desse erro é que você precisa repetir isso algumas vezes até que fique 100%
porque em todos os meus casos, só executar o commando uma vez, não resolveu.
Execute o commando no prompt de commando como Administrador
w32tm /resync
Net stop w32time
Net start w32time
para consultar qual o servidor de horário atual da estação\servidor em que você está logado, utilize o commando abaixo
w32tm /query /status
Referência: http://technet.microsoft.com/en-us/library/cc756549(v=ws.10).aspx