Windows 2008 Failover Clustering on vSphere with EMC PowerPath VE

VMware/Microsoft doesn’t support third-party multipathing or the Round Robin path policy for VMs setup in a Microsoft Failover Cluster. This fact is stated in the “Setup for Failover Clustering and Microsoft Cluster Service” PDF on pages 11, 25 and 36 http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_mscs.pdf

The reason why this isn’t supported is due to the way the SCSI-3 command sets are changed when the NMP (Native Multipathing Plugin) Round Robin is set or when third-party multipathing software (EMC PowerPath VE) is installed.

If you try to create a cluster on an ESX host with either of these the Microsoft cluster validation check will fail on the SCSI-3 Persistent Reservation check.

If you need to run a Microsoft Cluster on a host with PowerPath VE installed you can modify the claim rules so that PowerPath VE doesn’t claim the LUNs that the cluster will be using.

Lets say for example the LUNs the Microsoft cluster will be using are LUNs 12 – 14. To modify the claim rules using the ESX COS CLI run these commands

To list the current claim rules run

esxcli corestorage claimrule list

To add claim rules that force the Microsoft cluster LUNs to be owned by the NMP (Native Multipathing Plugin) run these commands

esxcli corestorage claimrule add –rule=210 –plugin=”NMP” –lun=12 –type=”location”
esxcli corestorage claimrule add –rule=211 –plugin=”NMP” –lun=13 –type=”location”
esxcli corestorage claimrule add –rule=212 –plugin=”NMP” –lun=14 –type=”location”
esxcli corestorage claimrule load
esxcli corestorage claimrule run

NOTE – The rule number must be between 201 and 249

Run esxcli corestorage claimrule list to verify the new rules were added.

You can also use the VMware vSphere CLI 4 from a remote machine or the VMware vSphere Management Assistant (vMA). When running esxcil from either of these the commands will look like this.

esxcli –server=esxhostname –username=root corestorage claimrule add –rule=210 –plugin=”NMP” –lun=12 –type=”location” corestorage claimrule add –rule=210 –plugin=”NMP” –lun=12 –type=”location”
esxcli –server=esxhostname –username=root corestorage claimrule add –rule=211 –plugin=”NMP” –lun=13 –type=”location” corestorage claimrule add –rule=210 –plugin=”NMP” –lun=12 –type=”location”
esxcli –server=esxhostname –username=root corestorage claimrule add –rule=212 –plugin=”NMP” –lun=14 –type=”location” corestorage claimrule add –rule=210 –plugin=”NMP” –lun=12 –type=”location”
esxcli –server=esxhostname –username=root corestorage claimrule load
esxcli –server=esxhostname –username=root corestorage claimrule run

esxcli –server=esxhostname –username=root corestorage claimrule list

Advertisement

How to copy profiles in Windows 2008 R2 and Windows 7

In Windows 2008 R2 and Windows 7, Microsoft has disabled the Copy To.. button on the User Profiles screen.

This process has been used for years to create a custom default user profiles and now they go and break that with no real workaround.

They want people to move to Windows 2008 and Windows 7 but they keep doing things like this that keep companies away from deploying it.

They say they did this because there are issues with copying user profiles and instead want you to use the methods in the KB – http://support.microsoft.com/default.aspx?scid=kb;EN-US;959753

I have had a lot of questions on this of late so I decided to do some research to figure out a workaround. Thankfully someone else has already did the work and has come up with a good workaround.

http://joeelway.spaces.live.com/blog/cns!2095EAC3772C41DB!2708.entry

New Exchange 2007 Tools from U-BTech

I was showing a client the “Exchange Tasks 2007” tool from U-BTech website yesterday and noticed some new free tools for Exchange 2007 and Windows 2008.

• Certificate Manager for Exchange 2007 -Exchange 2007 enables SSL within IIS by default. Using PowerShell commands, certificate creation and management is quite confusing and often results with incorrect results due to the nature of the syntax. U-BTech Solutions is providing Certificate Manager for Exchange Server 2007 freely, to ease the process with a simple, easy to use GUI.http://www.u-btech.com/products/certificate-manager-for-exchange-2007.html
• SimplyPSO – Windows Server 2008 introduces a new feature to create separate password policies for different users or groups within the same Active Directory domain. In all previous versions of the Windows Server family of products, password policy has been configured on the domain level alone. The new feature is called fine grained password policy objects and is available when the domain functionality level is set to: Windows Server 2008 native. Unfortunately, there is no simple user interface to configure Password Settings Objects in the Windows Server 2008 environment and in order to configure PSOs, we need to dive deep into the ADSI editing tool. SimplyPSO is a graphical and useful tool that can be invoked directly from the Active Directory Users and Computers snap-in. http://www.u-btech.com/products/simplypso.htm
  
• ESIEMail Protector – ESIEMail Protector (pronounced EASY Mail Protector) is a product dedicated to one goal: “Securing your email communications”. By using ESIEMail Protector you can use Encryption, Digital Signature and IRM Permissions (Information Rights Management) to secure your messaging environment, hence the name. http://www.u-btech.com/products/esiemail-protector.html

Windows 2008 Partitioning Alignment

The partitioning alignment “bug” in Windows 2003 and earlier has been fixed in Windows 2008.

You no longer have to use diskpart.exe to align new partitions in Windows 2008.

http://technet.microsoft.com/en-us/library/bb738145.aspx

http://theessentialexchange.com/blogs/michael/archive/2008/03/07/Exchange-2007-Disk-Performance-Partition-Alignment-.aspx

User Profiles Best Practices White Paper

Check out my updated User Profiles Best Practices White Paper.

http://www.varrow.com/index.php?id=98

Mandatory User Profiles in Windows 2008 Terminal Server and XenApp 5

Some of you may have already known about the mandatory profile change in Windows 2008 but I had no idea. I recently did my first Citrix XenApp 5 – Windows 2008 project and had a hard time getting the mandatory profile working.

After some searching I found that the mandatory profile folder name has to have a “.v2” appended to the end of the folder name. The reason Microsoft made this change is because the user profile sturcture in Vista and Windows 2008 is a lot different than in previous versions of Windows. By forcing you to append .v2 to the end of the folder prevents Windows 2008 from trying to load a profile from a previous version of Windows.

It was a little tricky configuring Group Policy to point to the mandatory profile with a .v2 on the folder name. When I first configured the “Set path for TS Roaming User Profile” setting I set it to %logonserver%\netlogon\xenapp-prof.v2. This didn’t work, I had to set the profile path to %logonserver%\netlogon\xenapp-prof and then Windows 2008 automatically appends .v2 to the end when looking for the path.

So to recap,

1. I created a mandatory profile with the folder name “xenapp-prof.v2”.
2. I configured my profile path to point to “%logonserver%\netlogon\xenapp-prof”. If you configure the profile path with a .v2 it will not work.

How to Build a Windows 2008 VMware ESX VM Template

NOTE – VMware Virtual Center 2.5 Update 4 or vCenter 4 is required to use Guest Customizations with Windows 2008.

http://www.vmware.com/support/vi3/doc/vi3_vc25u4_rel_notes.html#whatsnew

Link to the PDF version of this – http://www.divshare.com/download/9496736-c61

For Windows 2008 R2 if you are installing on vSphere 4 without Update 1  or on ESX 3.5 without update 5 set the Template VM OS to Windows 2008 instead of Windows 2008 R2. After a new VM is deployed from the template and guest customization as finished you can set the OS back to Windows 2008 R2.

1. Use an ISO for faster OS setup.

2. Build a new VM that has at least 1 GB RAM and a 20 GB drive.

3. Attach the Windows 2008 ISO to the CD/DVD drive and set it to connect at power on.

4. On the VM Edit Settings window go to the Options tab and in the General section uncheck the Enable logging check box.

5. Go to the Boot Options section and check the box to force going into the BIOS on next boot.

6. Power on the VM and when the setup screen appears go to Advanced, I/O Device Configuration.

7. Disable the Serial and Parallel ports.

8. Go to the Boot menu and set the CD-ROM first in the boot order.

9. Save, exit and install Windows 2008, during the install choose either Standard or Enterprise.

10. On first boot up after install set the Administrator password.

11. Close the “Initial Configuration Tasks” window, after the VMware Tools have been installed we will configure the server.

12. Close the “Server Manager” window.

13. Disconnect the Windows 2008 ISO and set the device type to Client Device.

14. Install VMware Tools, choose Custom install type.

15. Disable the “Shared Folders” driver. This driver can cause issues with profiles unloading properly.

16. Set the “Hardware acceleration” to Full before reboot.

17. After reboot from the VMware Tools install configure the time zone.

18. Configure Networking. Uninstall these networking components. It is best to remove any components not needed to free up resources.

a. QoS Packet Scheduler – Not needed unless you are doing QoS at the Windows layer instead of the L2/L3 switch layer.

b. Link Layer Topology Discovery components – http://en.wikipedia.org/wiki/Link_Layer_Topology_Discovery

c. Uncheck TCP/IP v6

19. Leave the IP address set to DHCP unless DHCP isn’t available on the network.

20. Set the computer name to W2K8TEMPALTE

21. Download and install updates. Turn on Windows Updates to download and notify before install.

22. Check for updates and install the latest critical and recommended updates. If the updates fail to download restart and try again.

23. Enable Remote Desktop

24. Disable the Windows Firewall.

25. Below is a screen shot of how the server should be configured.

26. Check the box to “Do not show this window at logon” and click Close.

27. When the Server Manager window opens check the box to “Do not show me this console at logon” and close Server Manager.

28. Go to the Taskbar properties and check these boxes.

29. Go to the Start Menu tab and check these boxes.

30. Click Customize and check these boxes.

31. Go to the Notification Area tab and check these boxes.

32. Click OK.

33. Go to Computer properties on the desktop and set the Performance options below.

34. Right-click on the desktop and go to Personalization.

35. Go to Screen Saver and set it to blank.

36. Disable the system screen saver, this is the screen saver that starts when no user is logged into the system. Go to start run and type regedit. Browse to this registry path “HKEY_USERS\.DEFAULT\Control Panel\Desktop” and delete the SCRNSAVE.EXE name.

37. Go to Sounds, when prompted choose No.

38. Set the Sound scheme to No Sounds.

39. Click on Change desktop Icons and uncheck the boxes below.

40. Go to Settings Control Panel. Go to View and choose Status Bar and Details

41. Go to Tools, Folder Options, View tab and check/uncheck these boxes.

42. Apply and apply to folders.

43. Delete the Desktop.ini files on the desktop.

44. Right-click on the desktop and arrange icons by Name.

45. Go to Start, Programs, Administrative Tools, Server Manger and click on Configure IE ESC, set it to off for both Administrators and Users.

46. Go to Internet Explorer properties and set the home page to blank.

47. Go to the Advanced tab and check/uncheck these boxes.

48. Clear the C:\Users\Administrator\AppData\Local\Temp folder.

49. Go to the properties of the C drive and uncheck the “Index this drive for faster searching” box, click apply and choose Apply changes to drive c:\ only.

50. Go to the cmd prompt and type powercfg.exe -h off to disable hibernation. This command also deletes the hiberfile.sys from C:\

51. Delete the page file and reboot. This is so the C drive can be fully defragmented.

52. After reboot login and delete the pagefile.sys from the C: drive. Defragment the C: drive. After defragmentation completes reconfigure the page file system managed.

53. Go to Control Panel, Power options and set the Power Plan to High performance.

54. Click the change plan settings and set both options to Never.

55. Stop and disable the Windows Firewall service.

56. Create a new temporary user named ptemp and add the user to the local administrators group.

57. Log out an login as ptemp

58. Go to Computer properties, Advanced system settings, User Profiles, Settings

59. Select Administrator and choose Copy To… Type C:\Users\Default and change Permitted to use to Authenticated Users.

NOTE – FOR WINDOWS 2008 R2 FOLLOW THESE INSTRUCTIONS FOR COPYING THE USER PROFILE. – https://jeremywaldrop.wordpress.com/2009/09/18/how-to-copy-profiles-in-windows-2008-r2-and-windows-7/

60. Logout and login as Administrator, delete the ptemp user profile and user account.

61. Go to C:\Users\Default and delete the old NTUSER.DAT{ files.

62. Delete these folders.

63. Shutdown the VM.

64. Convert the VM to a template.

65. Create a Windows 2008 Customization Specification for Windows 2008. You do not need to worry about the sysprep files. In Vista and Windows 2008 sysprep is in C:\Windows\System32\sysprep. When the guest OS type is set to Vista VMware VC knows that the sysprep files are already on the OS.

66. When a new VM gets deployed from this template choose your Windows 2008 specification.

67. On first boot up the VM will boot up to a login screen, do not login the VM will reboot automatically after a minute. On the next boot up you should see this screen appear.

68. And this screen. This process may take a few minutes, so be patient.

69. The VM will automatically reboot again. Login and shutdown the VM.

71. The VM is now ready for use.