I got home from San Francisco on Friday afternoon. I had one thing in mind (this is going to be very telling about me, by the way) — get Hyper-V Server installed. (See? VERY telling. I was on the road for a week (a couple days of it vacation) and the first thing I wanted to do when I got home was work. LOL)
I had downloaded the bits before I left and was itching to get it installed. I fired up my burner, burned the Hyper-V Server ISO onto a DVD and decided to begin. Of course, no plan goes as easy as this. I had to run to the office to pick up the DVD drive I’d ordered, then head back home and spend 10 minutes trying to remember how to open my server case, then install the drive, set the BIOS, and get it up and running. This, as it turned out, was the easiest thing I did for quite awhile. NOTE: If you want to live in a rosy world where you think that installing Hyper-V Server, getting it configured, and getting virtual machines up and running is the work of an hour (say maybe you are delegating this work to someone else), then skip to the Using Hyper-V as it was Intended! part of this post. You were warned. 😉
Once I got the server to boot from my newly installed DVD drive, installing Hyper-V Server was a walk in the park. I didn’t take the time (or, quite frankly, go to the effort) of getting screen shots, but did find this post on Ben Armstrong’s blog, which shows the installation process from start to finish. You can see from the pictures, it really is a walk in the park to get the software installed. The fun part comes next.
This is where things got frustrating for me. Before I get too far into this, I’ll freely admit — a lot of the frustration was of my own making. I screwed up — a couple times. In order to understand what I did wrong, I need to show you my set-up. So, let’s take a look inside the home network of Dan Woodman. (Insert dramatic music here.)
That’s as much of it as you need to see (and I want to draw). This is the "before" network. All of my machines except for the Microsoft laptop are members of my home domain, "evil." (It’s a long story.) I hadn’t been using my server much and was planning on putting together a new domain once I got Hyper-V Server up and running. (Honestly, this was mistake #1. I made this plan because I was thinking I would just format the server, install Hyper-V Server, build a DC, and re-join all the machines. I hadn’t turned on my DC in quite some time (I’d just been logging on using cached credentials), which is how there were two DHCP servers running in the environment (for those of you who noticed).)
I told the Hyper-V Server to format the drive and install Hyper-V Server where Server 2008 had been. Once that was done, my network looked like this.
At this point, I have now orphaned my machines which were connected to the EVIL domain. It’s no big deal, since I can easily login to both of these machines, but it will be important later. (If only I knew then what I know now…)
I then setup the Hyper-V Server to be part of a workgroup (the default setting) and assigned a static internal IP address. This is all done using the included command prompt menu as shown in this picture (taken from the link above).
And I will say, this menu is quite helpful. It makes setting up all the standard items VERY easy (much easier than if you were forced to use the command prompt and write your own scripts to do all this work.)
Here’s where I ran into my first problem. Once I got my Hyper-V Server setup to work on the network, I realized I needed to actually manage it from another machine. Since this is a stand-alone machine (no installation of Windows is needed), and I only have this menu box to do all my work, I needed to connect from a Vista machine or a Server 2008 machine to actually begin setting up virtual machines. This wasn’t a huge problem, though, as I have a Vista machine at my disposal. So, I installed the Hyper-V management snap-in for MMC (which you can find here.) So far, so good. But, when I tried to connect, I ran into a problem — I couldn’t connect to the machine. I tried pinging it with no luck. Using the command prompt on my Hyper-V Server, I tried pinging my Vista machine. Worked fine. At this point, I suspected the problem was a firewall issue. I looked for an option in the menu to adjust the firewall, but it doesn’t exist. Ahhh… I realized it was time to summon up all of my DOS experience and figure out the command prompt to adjust the firewall. Good times, right? Since I have NO experience modifying firewall settings without using the GUI, I turn to my best friend, the Internet. I quickly find what I need right here. While this is a Windows XP article, it gives me what I need. I spend countless hours trying to configure the firewall rules appropriately, but eventually give up and use the be-all and end-all of firewall command prompt config settings:
netsh firewall set opmode DISABLE
NOTE: The command referenced above will turn off the Windows Server firewall, rendering it useless to protect from threats. If your Hyper-V Server is on a private network, this is not going to be a big deal. Quite frankly, I recommend that you shut it off until you get things set up and working at which time you can turn the firewall back on and configure it appropriately. (It’s at this time that I would like to remind you that the opinions in this blog are mine and in NO WAY represent those of Microsoft. All of my postings are provided "AS IS" with no warranties, and confer no rights.) Obviously, turning off the firewall is not a recommended solution, but until you know you have the server set up correctly, it can save you a great deal of frustration. (Trust me on this one.)
The next problem I ran into was security to get my Vista machine’s MMC snap-in to connect to Hyper-V. Because my machine is part of a domain, even though my DC was turned off, my Vista machine was using domain credentials. I set up a local admin on the Hyper-V machine (again, using the built-in menu) with my username, but when connecting via the MMC snap-in, I still couldn’t connect. I tried using the runas command when I launched MMC, giving it the Hyper-V credentials to use as "net only," which means that the MMC will run under my local account and, when needed, it will use the specified credentials (not my local domain creds) to make any network connections. While I think this should have worked, it did not. My frustration mounted. I begin to realize that adding the Hyper-V Server to my domain and being able to use domain credentials would save me a lot of time. Unfortunately, I had planned on building the domain controller in Hyper-V. *sigh*
Building a Domain Controller
Since I couldn’t build the DC in Hyper-V, I decided to build it in Virtual PC. I launched Virtual PC on my Vista machine, started a new virtual machine, and installed Server 2008. No worries. Since I had deleted my old DC, I had to create a new domain. Again, no problem. I joined the Hyper-V Server to the new domain without issue. Again, the built-in menu makes it quite easy to perform a number of tasks. Once that was done, I needed to add my Vista machine to the domain (remember, the whole point here was to allow the credentials on the domain to do all the heavy lifting and connect from Vista to the Hyper-V machine without further issue). This is a straightforward process that I’ve done any number of times. I quickly create a user account, add my Vista machine to the domain, and reboot. As I watch my Vista machine rebooting, I have a sinking feeling in my stomach. Those of you who are technically adept and following along closely, you probably already know why. For those of you who don’t (and I didn’t… yet), let me explain what happened.
That’s what my network looked like at this point. Once I rebooted my machine to login to the new domain, I realized that the domain controller, which was running on Virtual PC, was no longer present to authenticate my login, since Virtual PC shut down when I rebooted. Further, since it was a new domain, I had no cached credentials to login with. Worse yet, I had put the DC’s virtual hard disk right on my hard drive, rather than on a USB drive. This meant I couldn’t even get to the file. ARRRGGGHHHHHH!!!! (As a side note, at this point, I’d been working on this ALL weekend.) Fortunately, I had used Vista’s CompletePC backup to make a backup of my PC. So, I popped in my Vista disc, started the restore process and went and watched an episode of House.
Once the restore was complete (and, if you haven’t used the Vista CompletePC backup utility, it ROCKS!), I logged back in using my old cached credentials and got back in. I copied the virtual hard disk (VHD) of the domain controller to a USB drive. I then launched Virtual PC on my Microsoft laptop, booted up the DC, and got back down to business. At this point in time (several hours into this adventure), I finally had my DC up and running, my Vista machine and my Hyper-V Server both joined to the new domain, my domain account added to the Hyper-V server, and was ready to connect. Frankly, I should have expected disappointment, but I was optimistic. My optimism was not misplaced. I finally had connectivity! I was actually able to use the Vista tools to set up a virtual machine. (Truthfully, there was a little more networking trouble due to the moved DC, the firewall on the Hyper-V Server, which had restarted (possibly due to a domain policy, but I never verified that), etc. I just didn’t want to: a) bore you with more networking nightmares nor b) make myself look any stupider than I already do!)
Using Hyper-V as it was Intended!
Once I had everything working and could actually create virtual machines, WOW! The interface from within Windows Vista was every bit as robust and functional as the actual Hyper-V management tool built into Server 2008. I get a snapshot of my machines, have access to all the settings, networking options, etc.
Creating a machine was as easy as selecting "new," providing some configuration options, and selecting an OS to install. Not having a full installation of Windows running simply to support virtual machines is nice. Means more processing power and RAM to dedicate to my virtualization. It also means no license needed for that base layer. So, from a financial standpoint, this is a huge win! Management is as easy as could be, leveraging the tool built into Server 2008 or available for Windows Vista.
Once I got past my own problems, figured out the firewall issue (which you’ll want to re-enable, by the way, once you get things up and running), and actually started using the product, I loved it. As I said, it is as easy to use as the built-in Hyper-V role in Server 2008 without the overhead and without the licensing cost. If you plan on virtualizing your domain controller (like I am), I would highly recommend setting the auto-start functionality within the management tool so that as soon as you boot your Hyper-V Server, your DC will fire up. It could save you a lot of trouble in the long run. :) Might not be a bad idea to take the additional step of creating another virtual DC on a USB drive and keeping it somewhere safe… just in case. I’ve got mine stored and ready to boot up again in VirtualPC in the event that I should need it!
Why did I go through the trouble of telling you all the mistakes I made? Why didn’t I just tell you that I got the server up and running and think it is a fantastic product? I did it for a couple reasons:
1. It’s a pretty amusing story if you’re technically minded. As you read through it, you might have even been thinking, "Dan… wait! Your DC isn’t going to boot…" LOL
2. I’m human, just like everyone else. I make mistakes. Maybe you can learn from some of them. Certainly the firewall issue and potential security authentication problems are worth reading about. I’d have been remiss if I just told you it worked fine for me out of the box. (Incidentally, if you are having a problem in workgroup mode connecting to your Hyper-V Server, this blog post is a fantastic resource.)
3. I’m all about honesty. If I have a problem using a product, I’m not going to sugarcoat it. I want to pass that information along, too. This isn’t a blog about how great our products are — it’s a blog about technology — good and bad. In this case, it was some of both. (Fortunately, the bad came first and it all ended up good!)
Want to know how I felt once it was all up and running? Have a listen to this. It’s the song I was dancing around to as my first virtual machine was installing.