Preparação de VM para upload no Azure August 31, 2016
Posted by Samuel RIbeiro in Uncategorized.add a comment
Prepare Windows configuration for upload
link da documentação:
https://azure.microsoft.com/en-us/documentation/articles/virtual-machines-windows-prepare-for-upload-vhd-image/
Run all the following commands with administrative privileges.
- Remove any static persistent route on the routing table:
- To view the route table, run
route print. - Check the Persistence Routes sections. If there is a persistent route, use route delete to remove it.
- To view the route table, run
- Remove the WinHTTP proxy:
netsh winhttp reset proxy - Configure the disk SAN policy to Onlineall:
diskpart san policy=onlineall
- Use Coordinated Universal Time (UTC) time for Windows and set the startup type of the Windows Time (w32time) service to Automatically:
REG ADD HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation /v RealTimeIsUniversal /t REG_DWORD /d 1 sc config w32time start= auto
Configure Windows services
- Make sure that each of the following Windows services is set to the Windows default values. They are configured with the startup settings noted in the following list. You can run these commands to reset the startup settings:
sc config bfe start= auto sc config dcomlaunch start= auto sc config dhcp start= auto sc config dnscache start= auto sc config IKEEXT start= auto sc config iphlpsvc start= auto sc config PolicyAgent start= manual sc config LSM start= auto sc config netlogon start= manual sc config netman start= manual sc config NcaSvc start= manual sc config netprofm start= manual sc config NlaSvc start= auto sc config nsi start= auto sc config RpcSs start= auto sc config RpcEptMapper start= auto sc config termService start= manual sc config MpsSvc start= auto sc config WinHttpAutoProxySvc start= manual sc config LanmanWorkstation start= auto sc config RemoteRegistry start= auto
Configure Remote Desktop configuration
- If there are any self-signed certificates tied to the Remote Desktop Protocol (RDP) listener, remove them:
REG DELETE "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\SSLCertificateSHA1Hash”
For more information about configuring certificates for RDP listener, see Listener Certificate Configurations in Windows Server
- Configure the KeepAlive values for RDP service:
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v KeepAliveEnable /t REG_DWORD /d 1 /f REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v KeepAliveInterval /t REG_DWORD /d 1 /f REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstations\RDP-Tcp" /v KeepAliveTimeout /t REG_DWORD /d 1 /f
- Configure the authentication mode for the RDP service:
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 1 /f REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v SecurityLayer /t REG_DWORD /d 1 /f REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v fAllowSecProtocolNegotiation /t REG_DWORD /d 1 /f
- Enable RDP service by adding the following subkeys to the registry:
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
Configure Windows Firewall rules
- Allow WinRM through the three firewall profiles (Domain, Private and Public) and enable PowerShell Remote service:
Enable-PSRemoting -force
- Make sure that the following guest operating system firewall rules are in place:
- Inbound
netsh advfirewall firewall set rule dir=in name="File and Printer Sharing (Echo Request - ICMPv4-In)" new enable=yes netsh advfirewall firewall set rule dir=in name="Network Discovery (LLMNR-UDP-In)" new enable=yes netsh advfirewall firewall set rule dir=in name="Network Discovery (NB-Datagram-In)" new enable=yes netsh advfirewall firewall set rule dir=in name="Network Discovery (NB-Name-In)" new enable=yes netsh advfirewall firewall set rule dir=in name="Network Discovery (Pub-WSD-In)" new enable=yes netsh advfirewall firewall set rule dir=in name="Network Discovery (SSDP-In)" new enable=yes netsh advfirewall firewall set rule dir=in name="Network Discovery (UPnP-In)" new enable=yes netsh advfirewall firewall set rule dir=in name="Network Discovery (WSD EventsSecure-In)" new enable=yes netsh advfirewall firewall set rule dir=in name="Windows Remote Management (HTTP-In)" new enable=yes netsh advfirewall firewall set rule dir=in name="Windows Remote Management (HTTP-In)" new enable=yes
- Inbound and outbound
netsh advfirewall firewall set rule group="Remote Desktop" new enable=yes netsh advfirewall firewall set rule group="Core Networking" new enable=yes
- Outbound
netsh advfirewall firewall set rule dir=in name="Network Discovery (LLMNR-UDP-Out)" new enable=yes netsh advfirewall firewall set rule dir=in name="Network Discovery (NB-Datagram-Out)" new enable=yes netsh advfirewall firewall set rule dir=in name="Network Discovery (NB-Name-Out)" new enable=yes netsh advfirewall firewall set rule dir=in name="Network Discovery (Pub-WSD-Out)" new enable=yes netsh advfirewall firewall set rule dir=in name="Network Discovery (SSDP-Out)" new enable=yes netsh advfirewall firewall set rule dir=in name="Network Discovery (UPnPHost-Out)" new enable=yes netsh advfirewall firewall set rule dir=in name="Network Discovery (UPnP-Out)" new enable=yes netsh advfirewall firewall set rule dir=in name="Network Discovery (WSD Events-Out)" new enable=yes netsh advfirewall firewall set rule dir=in name="Network Discovery (WSD EventsSecure-Out)" new enable=yes netsh advfirewall firewall set rule dir=in name="Network Discovery (WSD-Out)" new enable=yes
Additional Windows configuration steps
- Run
winmgmt /verifyrepositoryto confirm that the Windows Management Instrumentation (WMI) repository is consistent. If the repository is corrupted, see this blog post. - Make sure the Boot Configuration Data (BCD) settings match the following:
bcdedit /set {bootmgr} device partition=<Boot Partition> bcdedit /set {bootmgr} integrityservices enable bcdedit /set {default} device partition=<OS Partition> bcdedit /set {default} integrityservices enable bcdedit /set {default} recoveryenabled Off bcdedit /set {default} osdevice partition=<OS Partition> bcdedit /set {default} bootstatuspolicy IgnoreAllFailures
- Remove any extra Transport Driver Interface filters, such as software that analyzes TCP packets.
- To make sure the disk is healthy and consistent, run the
CHKDSK /fcommand. - Uninstall all other third-party software and drivers.
- Make sure that a third-party application is not using Port 3389. This port is used for the RDP service in Azure.
- If the Windows VHD that you want to upload is a domain controller, follow these extra steps to prepare the disk.
- Reboot the VM to make sure that Windows is still healthy can be reached by using the RDP connection.
- Reset the current local administrator password and make sure that you can use this account to sign in to Windows through the RDP connection. This access permission is controlled by the “Allow log on through Remote Desktop Services” policy object. This object is located under “Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment.”
Install Windows Updates
- Install the latest updates for Windows. If that is not possible, make sure that the following updates are installed:
- KB3137061 Microsoft Azure VMs don’t recover from a network outage and data corruption issues occur
- KB3115224 Reliability improvements for VMs that are running on a Windows Server 2012 R2 or Windows Server 2012 host
- KB3140410 MS16-031: Security update for Microsoft Windows to address elevation of privilege: March 8, 2016
- KB3063075 Many ID 129 events are logged when you run a Windows Server 2012 R2 virtual machine in Microsoft Azure
- KB3137061 Microsoft Azure VMs don’t recover from a network outage and data corruption issues occur
- KB3114025 Slow performance when you access Azure files storage from Windows 8.1 or Server 2012 R2
- KB3033930 Hotfix increases the 64K limit on RIO buffers per process for Azure service in Windows
- KB3004545 You cannot access virtual machines that are hosted on Azure hosting services through a VPN connection in Windows
- KB3082343 Cross-Premises VPN connectivity is lost when Azure site-to-site VPN tunnels use Windows Server 2012 R2 RRAS
- KB3140410 MS16-031: Security update for Microsoft Windows to address elevation of privilege: March 8, 2016
- KB3146723 MS16-048: Description of the security update for CSRSS: April 12, 2016
- KB2904100 System freezes during disk I/O in Windows
- If you want to create an image to deploy multiple machines from it, you need to generalize the image by running
sysprepbefore you upload the VHD to Azure. For more information about how to create a generalized image, see the following articles:
Suggested extra configurations
The following settings do not affect VHD uploading. However, we strongly recommend that you have them configured.
- Install the Azure Virtual Machines Agent. After you install the agent, you can enable VM extensions. The VM extensions implement most of the critical functionality that you want to use with your VMs like resetting passwords, configuring RDP, and many others.
- The Dump log can be helpful in troubleshooting Windows crash issues. Enable the Dump log collection:
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\CrashControl" /v CrashDumpEnabled /t REG_DWORD /d 2 /f` REG ADD "HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" /v DumpFolder /t REG_EXPAND_SZ /d "c:\CrashDumps" /f REG ADD "HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" /v DumpCount /t REG_DWORD /d 10 /f REG ADD "HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps" /v DumpType /t REG_DWORD /d 2 /f sc config wer start= auto
- After the VM is created in Azure, configure the system defined size pagefile on drive D:
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management"
Dez Melhores Features no Windows Server 2016 June 13, 2015
Posted by Samuel RIbeiro in Windows Server 2016.add a comment
1. Nano Server
Without a doubt the biggest change in Windows server is the new Nano Server. Nano Server is a pared down headless version of Windows Server. Nano Server will have a 93% smaller VHD size, 92% fewer critical bulletins and 80% fewer required reboots. Nano Server is a Windows Server installation options and it’s completely headless – there’s no GUI and no command prompt. Nano Server is designed to run Hyper-V, Hyper-V cluster, and Scale-Out File Servers (SOFSs) and cloud service applications. You can find out more about Nano Server at What You Need to Know about Microsoft Nano Server.
The next biggest change in Windows Server 2016 will be support for containers. Containers are the latest buzz in IT technology as they threaten to supplant virtualization as a core IT technology. Containers enable you to isolate your applications from the underlying OS improving the deployment and reliability of those applications. Windows Server 2016 will provide two kinds of native containers: Windows Server Containers and Hyper-V Containers. Windows Server Containers are isolated from each other but they run directly on the Windows Server 2016 OS. Hyper-V Containers provide enhanced isolation by running the containers from a Hyper-V VM. The current preview release doesn’t support containers yet.3. Docker Support
Docker is an open-source engine that’s used for building, running and managing containers. Docker containers were originally built for Linux but the next version of Windows Server will provide built-in support for the Docker engine as well. A new open-source Docker engine project has been built for Windows Server with Microsoft participating as an active open source community member. You can use Docker to manage Windows Server and Hyper-V Containers-
4. Rolling upgrades for Hyper-V and Storage clusters
One of the biggest new changes for Hyper-V in Windows Server 2016 is rolling upgrades for Hyper-V clusters. The new rolling upgrades feature allows you to add a new Windows Server 2016 node to a Hyper-V cluster with nodes that are running Windows Server 2012 R2. The cluster will continue to run at the Windows Server 2012 R2 functional level until all of the cluster nodes have been upgraded to Windows Server 2016. When the cluster has mixed level nodes the management must be done from Windows Server 2016 or Windows 10. New VMs on a mixed cluster will be compatible with the Windows Server 2012 R2 feature set.
-
Another great new feature in Windows Server 2016 Hyper-V is the ability to add and remove virtual memory and virtual network adapters while the virtual machine is running. In previous releases you need to use dynamic memory to change the minimum and maximum RAM settings of a VM that is running. Windows Server 2016 enables you to change the allocated RAM while the VM is active even if the VM is using static memory. Likewise, you add and remove network adapters while VM is running. -
6. Nested virtualization
Added primarily for the new container support, Windows Server 2016’s nested virtualization capabilities will also be a handy addition for training and lab scenarios. With this new feature you are no longer limited to running the Hyper-V role on a physical server. Nested virtualization enables you to run Hyper-V within a Hyper-V virtual machine.
-
7. PowerShell Direct
PowerShell is a great management automation tool but it can be complicated to get it to run remotely against your VMs. You need to worry about security policies, firewall configurations and your host networking configuration. PowerShell Direct enables you to run PowerShell commands in the guest OS of a VM without needing to go through the network layers. Like VMConnect (the remote console support provided by the Hyper-V Manager) it requires zero configuration it connects directly to the guest VM and all you need are authentication credentials for the VM’s guest OS. You can learn more about PowerShell Direct at the Virtualization Blog.
-
8. Linux Secure Boot
Another new feature in Windows Server 2016 Hyper-V is the ability to enable secure boot for VMs with Linux guest operating systems. Secure Boot is a feature of the UEFI firmware specification incorporated in Generation 2 VMs that protects the VM’s hardware kernel mode code from being attacked by root kits and other boot-time malware. Previously, Generation 2 VMs supported Secure Boot for Windows 8/8.1 and Windows Server 2012 VMs but not VM’s running Linux.
-
9. New Host Guardian Service and Shielded VMs
The Host Guardian Service is a new role in Windows Server 2016 that enables shielded virtual machines and protects the data on them from unauthorized access – even from Hyper-V administrators. Shielded VMs can be created using the Azure Management Pack Portal. Standard VMs can also be converted to Shielded VMs. With Shielded VMs Hyper-V virtual disks can be encrypted with BitLocker. For more information check out Shielded Virtual Machines in Windows Server.
-
10. Storage Spaces Direct
Windows Server 2016 also has a number of storage system improvements one of the most important is the new Storage Spaces Direct feature. Storage Spaces Direct is the evolution of the previous Storage Spaces technology found in Windows Server 2012 R2. Windows Server 2016 Storage Spaces Direct allows a cluster to access JBOD storage in an external enclosure like Windows Server 2012 R2 or it can also allow access to JBOD and SAS disks that are internal to the cluster nodes. Like the previous release Store Spaces form the basis for Storage Pools and they support both SSD and HDD disks and data tiering. You can learn more about Store Spaces direct from John Savill’s article What is Storage Spaces Direct?
Fonte:http://windowsitpro.com/windows-server-2016/top-ten-new-features-windows-server-2016
Windows 20212R2 – Hyper-V virtual machine backup leaves the VM in a locked state March 21, 2015
Posted by Samuel RIbeiro in Uncategorized.add a comment
Event ID: 32022 – 0x80070016 the device does not recognize the command March 21, 2015
Posted by Samuel RIbeiro in Uncategorized.Tags: Windows 2012
add a comment
ambiente com Hyper-v Replica, a VM pausa a réplica em entra em “Error State”
visualizando o Event Viewer do host, você encontra o event ID: 32022 com o descritivo:
Hyper-v could not replica changes for virtual machine “VM01”: The device does not recognize the commendo (0x80070016)
Aplicado hotfix nos hosts do Secondary Site:https://support.microsoft.com/en-us/kb/3012714
sugiro a leitura do KB “Event IDs 19050, 32022, 32032, 32056, 32315, 32546 and 33680 are logged when Hyper-V replication is in progress”
https://support.microsoft.com/en-us/kb/2889734
“Configuration Error” for Network Adapter property when you use Failover Clustering July 3, 2014
Posted by Samuel RIbeiro in Windows 2012.add a comment
Uma dica rápida pra não perder tempo revalidando todos os VS, configurações de rede ETC no Windows 2012
esse problema ocorre somente quando você faz Live Migration e Quick MIgration com a VM desligada
no meu caso, tenho várias VMs desligadas porque são replicas 🙂
Solução: You can safely ignore this error. When the virtual machine is brought online, the adapter property is updated, and this clears the error.
Referencia: http://support.microsoft.com/kb/2918179/en-us
Limitações 2 – Scale-out File Server May 24, 2014
Posted by Samuel RIbeiro in Uncategorized, Windows 2012.Tags: Scale-out File Server, Windows 2012
add a comment
Pessoal,
mais um post da série sobre pré-requisito e limitações de features que geralmente você só descobre que os itens não funcionam ou não são suportados quando já está na implementação e ai se você não tiver feito a lição de casa de ler as documentações
o resultado é o retrabalho 🙂
Abaixo uma tabela com informações sobre usar o tradicional Cluster de File Server ou um Scale-Out File Server
no Exemplo, SOFS não é um bom negócio com DFS por exemplo
confira a documentação na integra:
You should not use Scale-Out File Server if your workload generates a high number of metadata operations, such as opening files, closing files, creating new files, or renaming existing files. A typical information worker would generate a lot of metadata operations. You should use a Scale-Out File Server if you are interested in the scalability and simplicity that it offers and if you only require technologies that are supported with Scale-Out File Server.
Máquina Virtual entra em Save State durante Backup May 5, 2014
Posted by Samuel RIbeiro in Windows 2012.Tags: backup, saved state
add a comment
Pessoal,
Abaixo segue um check-list que usei para fazer o troubleshooting e resolver os problemas Máquina Virtual que entra em Save State durante o backup
Estou considerando neste post, que o problema ocorra apenas com algumas máquinas virtuais e o host de Hyper-v esteja em ordem
além de todas as atualizações e hotfixes para Hyper-v e Cluster estarem instalados
Nesse link, você pode consultar todos os estados de uma máquina Virtual, como por exemplo a diferença entre o Save State e Pause
Managing virtual machine state
1. The VM guest needs to have Integration Services installed, enabled, and running
2. All disks involved need to be formatted with NTFS, including the disks within the VM.
3. Ensure the VMs are partitioned using ‘basic disk’ formatting. At the moment Hyper-V does not support live backup for VMs formatted using dynamic disk partitioning or GPT.
4. Windows Update with latest Updates
5. Ensure you have at least about 20% free space on each drive involved, such as the drive on the host and the VM’s main system drive.
6. (COM System Application Service, Distributed Transaction Coordinator Service, and Volume Shadow Copy Service). Also review the VM settings in Hyper-V, the ‘backup’ option needs to be checked.
7. The Volume Shadow Copy Service and related VSS services need to be enabled and running.
8. The shadow copy storage space for each drive must be available to Hyper-V VSS Writer and be located at the same volume. For instance, the storage space for drive C: needs to be on drive C: itself, and so on. Use the VSSADMIN command from the command line to check the settings. (Use: vssadmin list shadowstorage / vssadmin resize shadowstorage)
Espero que ajude
Referência: http://www.symantec.com/business/support/index?page=content&id=TECH209419
Limitações 1 – Storage Spaces – Conhecendo as configurações April 30, 2014
Posted by Samuel RIbeiro in Windows 2012.add a comment
Pessoal,
Segue um link interessante sobre as configurações, pré-requisitos e limitações do Storage spaces no Windows 2012 e Windows 2012R2
- Você sabia que Storage Spaces com controladores ISCSI e Fibre Channel não é suportado?
- Para ser utilizado Storage Space em Failover Cluster, é necessário ao menos três discos fisicos e um hotspare?
- É necessário desativar o seu RAID para utilizar o recurso
- A opção de disco com paridade é suportada apenas no Windows 2012R2
Todas essas respostas você encontra no links a seguir
Storage Spaces Frequently Asked Questions (FAQ)
Deploy Clustered Storage Spaces
um abraço
Samuel
Números do Active Directory April 28, 2014
Posted by Samuel RIbeiro in Uncategorized.add a comment
Relembrar é viver 🙂
Fazia tempo que não lia essa documentação sobre as configurações limites do AD
- Maximum Number of Objects
Maximum Number of Security Identifiers
Maximum Number of entries in Discretionary and Security Access Control Lists
Group Memberships for Security Principals
FQDN Length Limitations
File Name and Path Length Limitations
Additional Name Length Limitations
Maximum Number of GPOs Applied
Trust Limitations
Maximum Number of Accounts per LDAP Transaction
Recommended Maximum Number of Users in a Group
Recommended Maximum Number of Domains in a Forest
Recommended Maximum Number of Domain Controllers in a Domain
Recommended Maximum Kerberos Settings
Evento 50 – O W32Time registra com freqüência no Event Viewer April 27, 2014
Posted by Samuel RIbeiro in Uncategorized.add a comment
Já tive em várias ocasiões esse log, mesmo com a hierarquia de NTP estar funcionando normalmente
Segue uma dica rápida que utilizo para elimiar esse evento
a grande questão desse erro é que você precisa repetir isso algumas vezes até que fique 100%
porque em todos os meus casos, só executar o commando uma vez, não resolveu.
Execute o commando no prompt de commando como Administrador
w32tm /resync
Net stop w32time
Net start w32time
para consultar qual o servidor de horário atual da estação\servidor em que você está logado, utilize o commando abaixo
w32tm /query /status
Referência: http://technet.microsoft.com/en-us/library/cc756549(v=ws.10).aspx
Samuel Ribeiro - Microsoft Certified Professional 