Hyper-v Fail on removable media

On my test machine which is an Intel X79 Desktop motherboard , suddenly hyper-v stopped working and I could not start or create any Virtual machines I got the errors  “General access denied error (0x80070005)“ during trouble shooting this issue I notices that the source of event log was “removable media “ , I know that I don’t have any removable media attached to my hyper-v also  I have noticed the icon of USB device on my task bar informing me that all my local hard disks where ejectable ,  the solution was to install the new Intel(R) Rapid Storage Technology Enterprise Driver  for windows 8  64-bit , below are the event logs that appeared in my event log

“ windows* INF File for AHCI Intel(R) Rapid Storage Technology Enterprise Driver 
; **               Installs: RSTe AHCI RAID Controller Miniport (without RST Filter Driver)
; **               Only for Windows 8 releases “

Log Name:      Microsoft-Windows-Hyper-V-VMMS-Admin
Source:        Microsoft-Windows-Hyper-V-VMMS
Date:          3/20/2013 11:31:42 AM
Event ID:      16320
Task Category: None
Level:         Error
Keywords:     
User:          SYSTEM
Computer:      win12-hv.jitpros.local
Description:
Cannot load a snapshot configuration: General access denied error (0x80070005). (Snapshot ID D261B782-CCB5-4BE1-9FE9-8006E760AB0E)

Log Name:      Microsoft-Windows-Hyper-V-VMMS-Admin
Source:        Microsoft-Windows-Hyper-V-VMMS
Date:          3/20/2013 11:31:42 AM
Event ID:      16300
Task Category: None
Level:         Error
Keywords:     
User:          SYSTEM
Computer:      win12-hv.jitpros.local
Description:
Cannot load a virtual machine configuration: General access denied error (0x80070005). (Virtual machine ID A5EA8F00-569B-441B-BF1B-8DAB27C2D153)

Advertisements
Posted in Hyper-v, Tips | Tagged , | Leave a comment

Connecting App Controller to Windows Azure Subscription

After installing APP controller SP1 and to connect to your azure subscription , you will need to export your App controller certificate and upload it to windows Azure. two certificate are used for this a DER exported certificate that Contains your public key and a PKCS certificate that include your private Key in addition to your Azure subscription ID.

You can  connect App controller to your windows Azure Subscription using the following Steps:

1. On your App Controller open MMC console

2. Add File menu , add the certificates Snap-in

3. Select Computer Account –> local Computer –> then select the personal Folder –> certificate

4.Right Click Your App controller Certificate and select Export

image

5. Click Next ,  Then Select “No don’t export Private Key” and click Next

image

6.Select the DER encoded X.509 (.CER) and Click Next

image

7. Enter File Name and Browse to store the file

8.This file will be uploaded to your Azure Subscription , it contains your certificate public key

9. You need to export the same certificate again but this time with private Key , Once again right Click the Same certificate and Click Export , then Click Next

10. Select the “Yes Export private key” option and click Next

image

11. Select the personal information Exchange – PKCS(.PFX) and click Next

image

12. Select Password from the security option and enter a password and click Next

image

13. Browse and enter name for your certificate and Click next , then Finish .

14. log in to your azure subscription  and select settings

image

15. Click the Upload management certificate Link and browse to your DER Certificate, click Ok and wait until the upload is finish.

16. high light your Subscription ID and Copy it .

image

17. Open your App Controller web Site , and click the “Connect windows Azure subscription” Link.

18. in the Connect windows Azure subscription windows , enter a name for your connection , description , Paste your Azure subscription Id , click browser and select your Exported Personal Exchange Key , type the password that you used to protect your exported certificate and click OK.

image

  19. Once connected you can manage and connect to your VMs and Applications on Azure

Posted in Azure, Private cloud, VMM2012 | Tagged , , , | Leave a comment

Migrate Hyper-V File based Authorization Store to AD Authorization Store Script

MS Hyper-V implements role-based access control to define what users can and cannot do with virtual machines, after installing the Hyper-V it will always be configured to use a local XML file located at \programdata\Microsoft\Windows\Hyper-V\InitialStore.xml on the system partition. The store file content used to perform access checks to grant or deny a user account access to operations based on roles that user account is a member of. The Hyper-v Store can be stored in Active Directory database, which must be at the Windows Server 2003 Domain functional level, or in an XML file on the local server running the Hyper-V role.

The Authorization Manager snap-in (AzMan.msc) is the user interface tool to manipulate the content of authorization store, to create new User roles and delegate permission on hyper-v .

Two registry keys on Hyper-V define policy store both are under:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Virtualization.

StoreLocation points to a file called InitialStore in a hidden directory c:\ProgramData.
ServiceApplication defines the application Name in the policy store.

image

When Hyper-v Host added to SCVMM the default Authorization store is changed to use a new file located at “%systemDrive%\ProgramData\Microsoft\Virtual Machine Manager\HyperVAuthStore.xml” and point hyper-v to that file. Every 30 minutes, VMM will run a refresher that will update this file and ensure that the only privileges to VMs are the ones that VMM knows about.

On heavy used Hosts where SCVMM perform multiple VM management tasks such as creating multiple VMs or change multiple VM’s Owners , multiple JOB threads might try to update the Authorization store file simultaneously, This will result in an error to be logged on Hyper-v event logs as access valuation error.

Event ID 17090, Source Hyper-V-VMMS/Admin, User: System

The content of the authorization store could not be updated from the persistent location.

Error: The process cannot access the file because it is being used by another process. (0x80070020)

This error is due to the fact that NTFS file system does not support applications issuing a sequence of separate write operations as a single logical write to a file when multiple applications write to the same file

To overcome this problem the Authorization store can be migrated to AD and Hyper-v be configured to use AD store instead of File based Authorization store. There is no Built-in utility on windows that can perform this operation. The below PowerShell Script can be used to Create and migrate Hyper-v Authorization store file to utilize Authorization Store in AD. The script Create Authorization Store at CN=ProgramData,DC=Domain,DC=DomainSuffix , it must be run on each Hyper-v host that will use AD as authorization Store for the hyper-v Role. Each Host Should have its own Authorization Store Container in AD.

Notes:

1. The Script will create a backup of the current registry setting in the same folder with name BackupRegVirtualization.reg , you can restore your pervious configuration by double click this File.

2. The AD Store name is constructed as : CN=AZ+HostName,CN=Program Data,DC=Domain,Dc=Domain

3. VDI Virtualization Hosts is not Supported , this script will fail if Remote Desktop Virtual host is installed

4. The Script support hosts under SCVMM control

Power Shell Script below :

——————————Start Of Script ———————-

# Copy Roles Definitions

function CopyRoleDefinition($taskName)

{

$sourceTask = $HyperVAzManStoreSource.OpenTask($taskName);

$targetTask = $HyperVAzManStoretarget.CreateTask($taskName);

$targetTask.IsRoleDefinition = $true

$operations = $sourceTask.Operations

for ($opIdx = 0; $opIdx -lt $operations.length; $opIdx++)

{

$targetTask.AddOperation($operations[$opIdx])

}

$targetTask.Submit()

}

#Copy role Assignment

function CopyRoleAssignmet($AssingedRole)

{

$sourceRoleAssignment = $HyperVAzManStoreSource.OpenRoleAssignment($AssingedRole)

$targetRoleAssignment = $HyperVAzManStoretarget.CreateRoleAssignment($AssingedRole)

$targetRoleAssignment.Description=$sourceRoleAssignment.Description

$sourceRoleAssignment.members | ForEach-Object { $targetRoleAssignment.addmember($_)}

$sourceRoleAssignment.Tasks | ForEach-Object { $targetRoleAssignment.addtask($_)}

$sourceRoleAssignment.Operations | ForEach-Object { $targetRoleAssignment.AddOperation($_)}

$targetRoleAssignment.Submit()

}

Function CopyScope($ScopeName)

{

# Create AzMan Application

$HyperVAzManStoreSource.OpenScope($ScopeName)

$targetScope=$HyperVAzManStoretarget.CreateScope($ScopeName)

$targetScope.submit()

#CopyRoleDefinition($ScopeName)

#CopyRoleAssignmet($ScopeName)

}

# copy Scope Role Definistion

function CopyScopeDefinition($SourceScopeRole)

{

$sourceTask = $ScopeEnmDefSource.OpenTask($taskName);

$targetTask = $ScopeEnmDeftarget.CreateTask($taskName);

$targetTask.IsRoleDefinition = $true

$operations = $sourceTask.Operations

for ($opIdx = 1; $opIdx -lt $operations.length; $opIdx++)

{

$targetTask.AddOperation($operations[$opIdx])

}

$targetTask.Submit()

}

# Copy Sole Role Assignment

function CopyScopeAssignmet($AssingedRole)

{

$sourceRoleAssignment = $ScopeEnm.OpenRoleAssignment($AssingedRole)

# $sourceRoleAssignment

$targetRoleAssignment = $ScopeEnmDeftarget.CreateRoleAssignment($AssingedRole)

$targetRoleAssignment.Description=$sourceRoleAssignment.Description

$sourceRoleAssignment.members | ForEach-Object { $targetRoleAssignment.addmember($_)}

$sourceRoleAssignment.Tasks | ForEach-Object { $targetRoleAssignment.addtask($_)}

$sourceRoleAssignment.Operations | ForEach-Object { $targetRoleAssignment.AddOperation($_)}

$targetRoleAssignment.Submit()

}

# Convert a domain Name from DNS Form to DN

function DomainStringtoDN ($DomainName)

{

$DomainNameArray = $DomainName.Split(“.”)

for ($Dom = 0; $Dom -lt $DomainNameArray.Length ; $Dom++)

{

if ($Dom -eq ($DomainNameArray.Length – 1)){$Separator = “”}

else{$Separator =”,”}

[string]$DN += “DC=” + $DomainNameArray[$Dom] + $Separator

}

return $DN

}

# This Script will Create an AD AzMan Store using a path constructed from Hyper-v Hostname and Domain Name that the host is Joined to

# The Store path is CN=AZ+HostName,CN=Program Data,DC=Domain,Dc=Domain

# to Setup up manual AD Location , specify static value for the $AzManStoreLocationtraget Variable

$HyperVHostName=Get-WmiObject -class win32_computersystem

$DomainDN=DomainStringtoDN($HyperVHostName.Domain)

# Construct the Target AD Store Location

$AzManStoreLocationtraget=”msldap://CN=”+”Az”+$HyperVHostName.Name+”,CN=Program Data,”+$DomainDN

#get Current Store location

$AzManStoreLocationSource = (Get-ItemProperty -path “HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization”).StoreLocation

# Check if System Already configured with AD AzMan Store

if ($AzManStoreLocationSource.contains(“msldap:”))

{

Write-host ” Your System Already use AD Autorization Store”

exit

}

# Open the XML AzMan store

$AzManStore = new-object -ComObject “AzRoles.AzAuthorizationStore”

$AzManStore.Initialize(2, $AzManStoreLocationSource)

# Handle the default Hyper-V AzMan store and the SCVMM AzMan store

if (@($AzManStore.Applications | ? {$_.Name -contains “Hyper-V services”}).count -eq 1)

{

$HyperVAzManStoreSource = $AzManStore.OpenApplication(“Hyper-V services”)

}

elseif (@($AzManStore.Applications | ? {$_.Name -contains “Virtual Machine Manager”}).count -eq 1)

{

$HyperVAzManStoreSource = $AzManStore.OpenApplication(“Virtual Machine Manager”)

}

else

{

Write-Host “Unable to find AzMan application group.”

Write-Host -NoNewLine “Press any key to continue…”

$null = $Host.UI.RawUI.ReadKey(“NoEcho,IncludeKeyDown”)

exit

}

# Backup registry Key before Operations

regedit /e BackupRegVirtualization.reg “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization”

# Create New AzMan Store in AD

$AzManStoreTarget = new-object -ComObject “AzRoles.AzAuthorizationStore”

$AzManStoreTarget.Initialize(1, $AzManStoreLocationtraget)

$AzManStoreTarget.Submit()

$AzManStoreTarget.UpgradeStoresFunctionalLevel(0x20)

$AzManStoreTarget.Submit()

# Create AzMan Application

$HyperVAzManStoretarget=$AzManStoreTarget.CreateApplication($HyperVAzManStoreSource.name)

$HyperVAzManStoretarget.version=$HyperVAzManStoreSource.version

$HyperVAzManStoretarget.submit()

### Copy Oprations

$AzOperationCount=$HyperVAzManStoreSource.Operations.Count

#$AzOperationCount

for ($i=1; $i -le $AzOperationCount; $i++)

{

$sourceOp = $HyperVAzManStoreSource.Operations.Item($i)

$targetOp = $HyperVAzManStoretarget.CreateOperation($sourceOp.Name)

$targetOp.OperationID = $sourceOp.OperationID

$targetOp.Submit()

}

# Select Default Role Defintions

$RolesDef=$HyperVAzManStoreSource.RoleDefinitions | select -ExpandProperty name

$Rolesdef | ForEach-Object { CopyRoleDefinition($_) }

# Select Default Role Assingnment

$RoleAssignment=$HyperVAzManStoreSource.RoleAssignments | select -ExpandProperty name

$RoleAssignment | ForEach-Object {CopyRoleAssignmet($_)}

# Scope Copy Operation

$AZSourceScops=$HyperVAzManStoreSource.Scopes | select -ExpandProperty name

$AZSourceScops | ForEach-Object {CopyScope($_)}

$AZTargetScops=$HyperVAzManStoretarget.scopes | select -ExpandProperty name

for ($i=1; $i -le $HyperVAzManStoreSource.Scopes.count; $i++)

{

$ScopeEnm=$HyperVAzManStoreSource.Scopes.item($i)

$ScopeEnmDeftarget=$HyperVAzManStoretarget.OpenScope($ScopeEnm.name)

# Select Default Role Defintions

$ScopeEnmDefSource=$ScopeEnm.RoleDefinitions | select -ExpandProperty name

if ($ScopeEnmDefSource -ne $null) {

$ScopeEnmDefSource | ForEach-Object { CopyScopeDefinition($_) }

}

}

###################

for ($i=1; $i -le $HyperVAzManStoreSource.Scopes.count; $i++)

{

$ScopeEnm=$HyperVAzManStoreSource.Scopes.item($i)

$ScopeEnmDeftarget=$HyperVAzManStoretarget.OpenScope($ScopeEnm.name)

# Select Default Role Defintions

$ScopeEnmDefSource=$ScopeEnm.RoleAssignments | select -ExpandProperty name

$ScopeEnmDefSource | ForEach-Object { CopyScopeAssignmet($_) }

}

# Set Hyper-v registry to use AD Azman Store

Set-ItemProperty -path “HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization” -name StoreLocation -Value $AzManStoreLocationtraget

Write-Host (“Completed ………………………….!”)

——————————End Of Script ———————-

After the Script Complete Open The new Store in AZMAN , right click the sore name , select the security Tab and Add the Host Computer account and SCVMM service account as administrators

Restart the Hyper-V Virtual Machine Management service

The following error Might appear in your event log if your host is also a Domain Controller :

Log Name: Microsoft-Windows-Hyper-V-Worker-Admin

Source: Microsoft-Windows-Hyper-V-Worker

Date: 9/3/2012 11:53:25 AM

Event ID: 17040

Task Category: None

Level: Error

Keywords:

User: NETWORK SERVICE

Computer: JDC01.jitpros.local

Description:

The authorization store could not be initialized from storage location ‘msldap://CN=AzJDC01,CN=Program Data,DC=jitpros,DC=local’. Error: Insufficient access rights to perform the operation. (0x80072098).

To solve the problem Run Azman.msc , Open the Created AD Authorization Store , right click the Application name , select security tab , add Host name and Network services (only if the host is also a DC)

Posted in Hyper-v, Tips, VMM2012, Windows 2012 | Tagged , , , | Leave a comment

Configuring Windows 2012 Private VLAN (PVLAN)

Among the new features brought by Widows 2012 Hyper-v 3.0 Extendable switch Is the support of PVLAN creation , you can find information about hyper-v extendable features on TechNet , PVLAN are kind of VLANS inside a VLAN a good article to understanding of PVLAN can be found at http://blog.ine.com/tag/private-vlan/ , PVLAN allows Administrators to Prevent hosts from communicating to each other even through they are located in the Same VLAN and using the Same IP Address Class.

Cisco definition of PVLAN  “A PVLAN is a VLAN with configuration for Layer 2 isolation from other ports within the same broadcast domain or subnet. You can assign a specific set of ports within a PVLAN and thereby control access among the ports at Layer 2. You can configure PVLANs and normal VLANs on the same switch.

There are three types of PVLAN ports: promiscuous, isolated, and community.

  • A promiscuous port communicates with all other PVLAN ports. The promiscuous port is the port that you typically use to communicate with external routers, LocalDirectors, network management devices, backup servers, administrative workstations, and other devices.

  • An isolated port has complete Layer 2 separation from other ports within the same PVLAN. This separation includes broadcasts, and the only exception is the promiscuous port. A privacy grant at the Layer 2 level occurs with the block of outgoing traffic to all isolated ports. Traffic that comes from an isolated port forwards to all promiscuous ports only.

  • Community ports can communicate with each other and with the promiscuous ports. These ports have Layer 2 isolation from all other ports in other communities, or isolated ports within the PVLAN. Broadcasts propagate only between associated community ports and the promiscuous port. “

To demonstrate PVLAN configuration we will create four VMs SRV1,SRV2,SRV3 and SRV4  all VM are connected to the same Hyper-v Switch and will be assigned to Primary VLAN 55 . we will configure PVLAN using secondary VLAN 10, 11 to create Isolation as following :

SRV1: configured in  promiscuous mode and hence all VMs can communicate with it

SRV2: configured in  Isolated  mode and hence can communicate only with SRV1

SRV3: Configured in  Community mode and hence can communicate with SRV1,SRV4

SRV4: Configured in  Community mode and hence can communicate with SRV1,SRV3

PVLAN

Using the Get-VMNetworkAdapterVlan  PowerShell command you can  get your VM Current VM Assignment , the output of the command will show the list of VLANs  that VM Belong to in the VLANList column.

Get-VMNetworkAdapterVlan srv1

VMName VMNetworkAdapterName Mode   VlanList
—— ——————– —-   ——–
SRV1   SRV1                 Access 0

 Note: To clear VLAN configuration for VM and restore the default settings use

Set-VMNetworkAdapterVlan -VMName srv1 -Access -VlanId 0

Configure SRV1:

1. check Information about VM Network Adapter

Get-VMNetworkAdapter -VMName srv1

Name IsManagementOs VMName SwitchName       MacAddress   Status IPAddresses
—- ————– —— ———-       ———-   —— ———–
SRV1 False          SRV1   Intel2 TrunK VSW 00155D0F271D {Ok}   {172.16.55.1, fe80::3897:d606:5706:4f46}

2. Check VM VLAN Configuration

Get-VMNetworkAdaptervlan -VMName srv1

VMName VMNetworkAdapterName Mode   VlanList
—— ——————– —-   ——–
SRV1   SRV1                 Access 0

3. Set SRV1 Port to  trunk mode and set Primary Vlan ID and Allowed Vlan list

Set-VMNetworkAdapterVlan -VMName srv1 -Trunk -AllowedVlanIdList “55,10,11” -NativeVlanId 55

4.Set PVLAN port mode , assign Primary Vlan ID and secondary Vlan IDs

Set-VMNetworkAdapterVlan -VMName srv1 -Promiscuous -PrimaryVlanId 55 -SecondaryVlanIdList 10-11

4. check your Configuration

Get-VMNetworkAdapterVlan -VMName srv1

VMName VMNetworkAdapterName Mode        VlanList
—— ——————– —-        ——–
SRV1   SRV1                 Promiscuous 55,10-11

Configure SRV2:

1. Check SRV VM configuration

Get-VMNetworkAdapter -VMName srv2

Name IsManagementOs VMName SwitchName       MacAddress   Status IPAddresses
—- ————– —— ———-       ———-   —— ———–
SRV2 False          SRV2   Intel2 TrunK VSW 00155D0F271C {Ok}   {172.16.55.2, fe80::19dd:7129:ae76:4608}

Get-VMNetworkAdaptervlan -VMName srv2

VMName VMNetworkAdapterName Mode   VlanList
—— ——————– —-   ——–
SRV2   SRV2                 Access 0

2. Set PVLAN Mode and configure Primary Vlan Id and Secondary Vlan Id

Set-VMNetworkAdapterVlan -VMName srv2 -VMNetworkAdapterName srv2 -Isolated -PrimaryVlanId 55 -SecondaryVlanId 10

3. Check VM configuration

Get-VMNetworkAdapterVlan -VMName srv2

VMName VMNetworkAdapterName Mode     VlanList
—— ——————– —-     ——–
SRV2   SRV2                 Isolated 55,10

Configure SRV3 & SRV 4 PVLAN mode community and Primary VLAN ID and Secondary ID :

Set-VMNetworkAdapterVlan -VMName srv3 -VMNetworkAdapterName srv3 -Community -PrimaryVlanId 55 -SecondaryVlanId 11

Set-VMNetworkAdapterVlan -VMName srv4 -VMNetworkAdapterName srv4 -Community -PrimaryVlanId 55 -SecondaryVlanId 11

Check VM configuration by pinging other machines, the SRV2 will only be able to ping SRV1. while SRV3.4 should not be able to communicate with SRV2.


Posted in Hyper-v, Networking, Tips, Windows 2012 | Tagged , | 11 Comments

Deploying MS PetShop 4 using SCVMM 2012 service template

I have seen many links to deploy MS Petshop using SCVMM but non of them was working , so I decided to build one and share it . This is actually a working Deployment of Petshop 4 using SCVMM service template as 2 tier Application.

If you are tuned for my book , that I hope to publish by the 1st quarter of 2013 You will find in the book more complex service templates and steps toward building  service template for different applications . Wish me Luck on that .

This article is a Walk through deploying MS PetShop 4 Application http://msdn.microsoft.com/en-us/library/aa479070.aspx using SCVMM service template. The petshop package “petshopservice”  files needed for this deployment include the following components:

1. PetShop Web Application zip file

2. SQL Scripts to enable SQL User , Grant permission and load data

3. Script to configure MSDTC security and Firewall

4. Script to register petshop DB on SQL Server

5. 4 SQL DAC packages

6. PetShop Service template configuration file.

You can build your own service template or import the included service template which require that you provide the following information:

1. Windows 2008R2 SP1 Syspreped VHD

2. SQL 2008R2 Syspreped VHD

3. Runs as Account to Join VM to Your Domain

4. Run as Account for SQL Authentication SA Account

5. Run as Account for SQL Windows Account Authentication

6. Run As Account for SQL instance Services

7. Web deploy Application Framework (WebDeploy_x64_en-US_2.0.1070.cr)

8. SQL DAC Framework for SQL 2008R2

9. Logical Network

After importing the Service template you need to open it and Change the configuration for SQL VM tier on the Tabs OS Configuration and SQL Server to Your environment setting you need to change:

1. Domain Name in OS Configuration

2. SQL Server Configuration (SQL Admin Account, Source directory for SQL Syspreped files )

3. Check the web Tier Domain Name in OS Configuration

image

Below steps are for build your own service template , To successfully deploy this application you will need:

1. Windows 2008R2 VM template , please follow my recommendationon create VM template

2. SQL SysPreped installation VM template

3. PetShop Package files

Note: both VM should be configured with PowerShell remotesinged execution policy

Steps that will be carried out:

1. Extract the petshop package to your SCVMM Library server

2. Create SQL Profile

3. Create Application profile for SQL Petshop DAC packages

4. Create Service template

We will create a Service template using Two Tier Application pattern, because our service template is not planed to scaled-out we will use Hardcoded machine names in the service template for the SQL Server and Web Server. The SQL Machine will be named PetSQL and the web Server will be names PetWeb

1. Create SQL Profile following instruction step 7 ,8 from my previous blog post Deploying incentive Social collaboration Software using SCVMM 2012 Service template Part 1

2. Create Application Profile for Petshop SQl DAC Packages , in the library workspace right click application Profiles and select Create application profile

3. Name your Application profile PetShopDAC , the select Application configuration , in OS compatibility Select The windows 2008R2 OS , Click Add Button and add 4 SQL Server Data-Tier Application, Select the First DAC Application and Add Application Script .

4. Select the first Added SQL Server Data-tier Application and fill the information

Name SQL Server Data-Tier MSPetShop4
SQL Server Data-tier Application Package MSPetShop4.dacpac
SQLDAC Instance name MSPetShop4
Authentication Type Windows authentication
Deployment run as Account SQL Admin Account

5. Select SQL Script and Add two post install scripts the CreateDBLoginMSPetShop4.sql has order set to 1 and LoadTablesMSPetShop4.sql has order set to 2 the Scripts will enable the SQL User account mspetshop and grant it owner permission of the DB, then load data into the database.

Name CreateDBLoginMSPetShop4.sql
Order 1
Type Post-install
Log file name c:\windows\temp\DBloginPetshop4
SQL Authentication type Windows authentication
Run as Account SQL Admin Account
Name LoadTablesMSPetShop4.sql
Order 2
Type Post-install
Log file name c:\windows\temp\loadtables.txt
SQL Authentication type Windows authentication
Run as Account SQL Admin Account

image

6. Select the Application Script and set it to pre-install, in executable file type cmd.exe in the parameter type: /q /c DTCFirewallRules.cmd, click browse to select the PetShopDTC.cr package and select an Admin Account for this installation.

image

7. Add another 3 SQL Data-Tier Applications using the below information.

Name SQL Server Data-Tier MSPetShop4Services
SQL Server Data-tier Application Package MSPetShop4Services.dacpac
SQLDAC Instance name MSPetShop4Services
Authentication Type Windows authentication
Deployment run as Account SQL Admin Account

SQL Server Scripts:

Name CreateDBLoginMSPetShop4Services.sql
Order 1
Type Post-install
Log file name c:\windows\temp\DBloginPetServices.txt
SQL Authentication type Windows authentication
Run as Account SQL Admin Account
Name SQL Server Data-Tier MSPetShop4Profile
SQL Server Data-tier Application Package MSPetShop4Profile.dacpac
SQLDAC Instance name MSPetShop4Profile
Authentication Type Windows authentication
Deployment run as Account SQL Admin Account

SQL Server Scripts:

Name CreateDBLoginMSPetShop4Profile.sql  
Order 1  
Type Post-install  
Log file name c:\windows\temp\dbloginProfile.txt  
SQL Authentication type Windows authentication  
Run as Account SQL Admin Account  
Name SQL Server Data-Tier MSPetShop4Orders
SQL Server Data-tier Application Package MSPetShop4Orders.dacpac
SQLDAC Instance name MSPetShop4Orders
Authentication Type Windows authentication
Deployment run as Account SQL Admin Account
       

SQL Server Script:

Name CreateDBLoginMSPetShop4Orders.sql
Order 1
Type Post-install
Log file name c:\windows\temp\dbloginservice.txt
SQL Authentication type Windows authentication
Run as Account SQL Admin Account

8. Select the Post Install Script configure it as the table below

Executable program Cmd.exe
Parameters /q /c RegPetShop4DB.cmd
Script resource package PerShopRegDB.cr
Run as Account Admin Account on machine

image

9. Select he pre-install Script and configure it as table below

Executable program Cmd.exe
Parameters /q /c InstallSqlDAC.cmd
Script resource package SQL2008R2_DAC_Framework_X64.cr
Run as Account Admin Account on machine

image

10. Create a new service template using Two Tier Application Pattern

11. Drag your SQL Syspreped VM template to First Tier instance and you Windows IIS server to Second tier instance

image

12. Select your First Tier SQL instance and fill name and Description , Set the Preferred Deployment order 1 and preferred service order to 1

image

13. Check your Hardware configuration and OS configuration (set VM Name to :PETSQL) , your VM should be configured correctly for network connectivity and domain Join with prober credentials

14. In Application Configuration select the Petshop DAC Application profile created earlier.

image

15. Select SQL Server Configuration and Select you SQL Server Profile and click Ok.

image

16. Select you second tier machine and fill name and Description , Set the Preferred Deployment order 2 and preferred service order to 2

17. Check your Hardware configuration your VM should be configured correctly for network connectivity

18. Select OS configuration (set VM Name to :PETWEB) set domain Join configuration with prober credentials then select roles and add the IIS Role and .Net 3.51 feature.

image

19. To configure Our Web Application we will add the petshop web application package and use Script to install the web deploy Framework into the server

a. Select Application Configuration , click add button and Select web Application

b. Is OS compatibility Select the OS your using (64 windows 2008R2)

c. Type a Name for petshop web Application

d. Click Browse and select Petshop4webpkg.zip package

e. Because we already know the SQL Server machine name we can update the connection strings that will be used by Petshop web server

image

f. In the setting Section select the connection strings one at a time and change the SQL server Name PETSQL (or what name you chosen for your SQL Instance)

g. Select The web Application and Click Add Application Script , we will add a script to configure MS DTC Security setting and Firewall Rules

h. Select the Application Script and set it to post-install , in executable file type cmd.exe in the parameter type: /q /c DTCFirewallRules.cmd, click browse to select the PetShopDTC.cr package and select an Admin Account for this installation.

image

i. Select Add and select Script set its type to preinstall, in executable file type cmd.exe in the parameter type: /q /c InstallWebDeploy.cmd , click browse to select the web deploy package and select an Admin Account for this installation and click OK.

image

20. The Final Service template Should look like this

image

21. Click configure deployment , select destination Cloud or Host Group

22. If you selected Host Group for deployment you can set the IP Pool to be used for VMs and click deploy .

23. After deployment is finished open internet explorer with the address http://petweb/petshop4

image

Posted in Private cloud, VMM2012 | Tagged , , | 5 Comments

Access denied when Running Any MMC console

A problem that I have faced and it toke me quite period of time to figure out the reason of it. The case was that when running any Administrative Consoles MMC such as Active Directory users and computers , event viewer , or any other console I received and Access denied message Although I was using the Domain Administrator user Account. But I could run the MMC if I selected runas and provided the same credential. Initially I thought the problem is due to Virus infection of server , but after searching I discovered that i get this error due to miss association of MMC extension to notepad. The solution was pretty simple.

  1. Right Click any MMC
  2. Select Open with
  3. Click Browse and select c:\windows\system32\MMC.exe
  4. Select always use the selected program to open this kind of files
Posted in Tips | Tagged | 1 Comment

HP EVA4400 Validate SCSI-3 Persistent Reservation failed in Windows 2008 Cluster ?

If have a HP EVA 4400 and tried to Create Windows 2008 Cluster after creating and Presenting share storage to windows 2008 host , the windows cluster validation test will indicate failing of SCSI-3 support on the shared storage present by HP EVA.

Validate SCSI-3 Persistent Reservation failed

to over come this problem:

1.Open the EVA command view, navigate to the windows 2008 hosts properties screen

2. In the general host tab , for operating system type select Custom

3. In the Custom type add the value : 00000004198009A8

image_2_0AF9ED2A

Posted in Tips | Tagged , | 1 Comment