Manually ‘Installing’ Microsoft Integration Services Drivers

KB ID 0001512

Problem

If your OS is 2008R2 or newer then you wont need to do this as the drivers are already included. But what if you have a machine that you want to put the drivers in before you virtualise or migrate it. Well if you mount the ISO and run it this happens;

Unsupported Guest Environment
The Hyper-V integration services can only be installed inside of a virtual machine running Hyper-V

Bah! You are not the boss of me! I want the drivers in here because I’m about to virtualise it!

Solution

Mount the Integrations Services ISO on the machine (or open it with 7Zip and treat it like a zip file)

If you have Hyper-V 2016 or newer and cant find the iso, Microsoft handily don’t include any more, because it’s a massive 29Mb is size? (Yeah I don’t understand either?) Here’s a copy. Go to the x86 or amd64 directory depending on whether you are x32 or x64 bit. locate the Windows{Version}-HyperVIntegrationServices-{processor-version}.cab  that matches your machine and copy it to your desktop. Then open it, select all the files.

Download Microsoft Integration Services Disk

Extract the file to a folder.

Open an administrative command prompt, then change directory to the folder you extracted all the files into. Run the following command;

[box]for /f %i in (‘dir /b /s *.inf’) do pnputil.exe -i -a %i[/box]

It will run though and install all the drivers, you may get some warnings that some of the drivers are unsafe or unsigned. Just say install them anyway.

Note: If you are on Server 2003, then there are a bunch of KB updates on the CD that you will also need to install.

Related Articles, References, Credits, or External Links

NA

Veeam: Restore / Migrate a VM to Azure

KB ID 0001511

Problem

Veeam is both a great company, and backup and recovery is the best product in its class by a country mile, (yes Zerto is great but it costs a fortune!) With Backup and Recovery 9.5 Update 4. You can recover a VM straight into Azure, (and Azure Stack).

Which pretty much means you can use Veeam to Migrate your VMs (or physical machines) from vCenter (or Hyper-V) into Azure/Azure Stack. You need to have a successful backup, (or replication) in Veeam before you start. (That goes without saying but I’ll get emails if I don’t point that out!)

Obviously you also need an Azure Subscription, and you will need to have (pre configured) the following;

  • A Resource Group
  • A Storage Account
  • A Virtual Network 
  • A Network Security Group

Veeam B&R Server Pre-Requisites

Veeam Backup and Recovery Download

Veeam Backup For Azure Download

You will need to disable IE Enhanced Security, (or as I refer to it, the “Randomly break things, before you discover it’s on and disable it feature”).

Add the following URLs to IE’s trusted sites & ensure Protected Mode is not enabled for this zone, (this is the default as shown);

  • https://login.live.com/
  • https://login.microsoftonline.com/
  • https://secure.aadcdn.microsoftonline-p.com/
  • https://auth.gfx.ms/
  • about:security_veeam.backup.shell.exe?ver=95u4

Add in the Azure PowerShell Snap-ins;

[box]Install-Module -Name AzureRM.Automation -RequiredVersion 5.1.1[/box]

To connect to Azure you will need an Access Key > Login to Azure > All services > Storage Accounts > Select your storage Account > Access Keys > Copy a key to the clipboard.

Veeam: Adding Azure Accounts

From the main menu > Manage Cloud Credentials > Add > Microsoft Azure Storage Account > Supply your Azure Login > Paste in the key (from above) > OK.

Repeat the procedure, but this time add ‘Microsoft Azure compute account”.

Next.

Microsoft Azure > Next

Add > Supply your Azure credentials > OK > Next.

Finish (that was easy!)

Veeam: Restore or Migrate a VM to Azure

Home > Restore > (select the platform, here I only have VMware vSphere) > Restore from Backup.

Entire VM Restore > Restore to Microsoft Azure.

Add in the VM to restore > Next > Select the subscription and location  > Next.

Edit > Add in your Azure Storage Account > Select a VM size (WARNING The bigger, the more expensive!) > OK > Next > Group > Select your Resource Group > OK > Next.

Network > Add in your virtual network and subnet > Next > Group > Add in your Azure Network Security Group > Next.

I’m not going to scan my VM, but if you are recovering from an infection you might want to > Next > Next.

Finish > When successfully completed > Close.

Give your VM a while to power on, you can enable boot diagnostics to see if it is at the logon screen (Note: you need to manually refresh this screen).

Then you can connect via RDP. Note: You may need to enable TCP Port 3389 inbound before this will work.

Don’t forget to remove VMware tools!

Related Articles, References, Credits, or External Links

NA

Migrate a VM from vCenter to Azure

KB ID 0001510

Problem

Last time we looked at migrating from vCenter to Hyper-V, now we will use the MVMC (Microsoft Virtual Machine Converter) to take a VMware (vCenter) virtual machine and convert/upload it to Microsoft Azure.

Note: MVMC is not ‘officially’ supported and this procedure requires you to create some ‘legacy’ (for legacy in Azure read ‘classic’) ways of doing things. So this might not be the tool for you. But if you want to go down this route, this is what you need to do.

The best approach is to use Azure Site Recovery (ASR)

A better option might be to use Veeam?

Solution

To connect the MVMC to Azure you need a ‘Management Certificate’ This can be a self generated (self signed) certificate. To create it on your MVMC machine execute the following commands;

[box]

Import-Module PKI
 
New-SelfSignedCertificate -DnsName "MVMC" -CertStoreLocation "Cert:\CurrentUser\My" 
 
Export-Certificate -Cert (Get-ChildItem Cert:\CurrentUser\My\ -DnsName MVMC) -FilePath $env:TEMP\MVMC.cer
Import-Certificate -FilePath $env:TEMP\MVMC.cer -CertStoreLocation Cert:\CurrentUser\Root

[/box]

Take a note of the Thumbprint. You will need this certificate thumbprint, and your Subscription ID. Once you have uploaded the certificate you’ve just created, to connect with MVMC. So now you need to connect to you Azure subscription.

All Services > Subscriptions.

Take a note of your subscription ID, then click the subscription.

Management Certificates > Upload > Location ether certificate in your temp directory, and upload it.

You need to create a ‘Classic’ Storage account > All Services > Storage Account (Classic) > Create Storage Account (Classic) > Choose classic deployment model (They hid that well!)

In case you are unfamiliar with Azure, you need a Resource group, in which the place this storage group, if you don’t already have one you can simply click ‘Create new’. Give your storage account a name > set the other values as shown. (Note: Not all locations support classic storage accounts) > Review and Create > Create.

It may take a few minutes.

Convert VMware VM and Upload to Azure

Launch MCVM > Set Virtual Machine Conversion > Next > Migrate to Microsoft Azure > Next.

Enter the Subscription ID and Thumbprint you made a note of earlier > Next.

Select your Storage Account > Next.

Note: If there is no option to select, you either didn’t create ‘classic’ storage, or you didn’t apply the ‘cup of coffee rule’. Go have a brew then try again.

Provide your vCenter Details > Next.

Select your VM to convert/upload > Next.

My VM is not a domain member so I’m supplying the local administrator credentials > I want to power the source VM off when conversion is done, the converted VM will simply be a new virtual disk in Azure so that will be off also > Next.

Warning: At this point the VM being converted needs to have its windows firewall off, and be able to be resolved in DNS (or when you click next it will error!)

Supply a folder with sufficient capacity, (twice the site of the source VM) in which to perform the migration > Next.

Check the details > Finish.

Note: If it fails with a descriptor error see the following article;

Conversion Error ‘Unsupported Disk Database Entry’

The conversion and upload should progress like so;

Back in Azure > All Resources > Select your storage account > Storage Explorer > Blob Containers > Theres our virtual disk.

All Services > Disks (classic) > Select your disk > Create VM.

Name the VM > Select the Resource group you used above > Next.

Choose a VM size > Select.

Give the VM a domain name, (you will use this to access the VM via RDP) > Next.

Review the details > OK.

All Services > Virtual Machines > Select your VM > Connect > This should download a rdp file which you can use to connect to the converted VM.

Related Articles, References, Credits, or External Links

NA

Convert VMware VMs to Hyper-V VMs

KB ID 0001509

Problem

OK, I love VMware, vSphere has put food on my table for the past 10 years! But the fact remains plenty of people are now using Hyper-V. Recently I’ve been looking at migrating VMs from VMware into Azure, and while looking at the MVMC (Microsoft Virtual Machine Converter), to do the task, I thought I’d run thought the Hyper-V conversion route first.

MVMC has actually been depreciated now, but you can still download and use it, and it works fine with Server 2016.

Solution

Obviously you need a working Hyper-V server to Migrate into, I’m using Server 2016.

Download the MVMC

I’m going to install it on the Hyper-V server itself, (you don’t have to, but it keeps things nice and simple). I wont bore you with the install, run the installer and accept all the defaults.

Older VM Operating System Warning

Not until Server 2008 R2 did Microsoft include all the drivers and files needed for a Windows installation to run on a Microsoft Hypervisor. So If you are planning to convert Windows server 2008 (or earlier) then make sure you have applied all the windows updates before you start. With Server 2008 make sure you are (at least,) at SP2.

Note: Don’t try and be clever and install the Integration Services CD into the server before you migrate it. It will just complain it’s not being ran on a Microsoft Hypervisor and do nothing, (I know, I tried!)

Convert VMware vSphere Virtual Machine to Hyper-V

Launch the MVMC > Next.

Virtual Machine Conversion > Next.

Note: If you convert a physical machine it will convert each disk partition (including the 350Mb one,) into a separate virtual disk (.vhd to .vhdx). It will do the same with a Virtual disk but who is partitioning VMDKs?

Migrate to Hyper-V > Next.

Specify the name of your Hyper-V server and credentials > Next.

Enter a UNC path to the folder in which the converted virtual disks will live >  Choose fixed/dynamic disks, (that’s Thick or Thin provisioned If you are a VMware type) > Select the disk type VHD or VHDX* > Next.

*Note: 2TB or 64TB Limit, (and vhdx will only run in Hyper-V).

Provide the access details for your vCenter, (or ESXi Server) > Next.

Select the VM you with to convert > Next.

My VM is not a domain member so I’m supplying the local administrator credentials > I want to power the source VM off when conversion is done, and power on the converted VM > Next.

Warning: At this point the VM being converted needs to have its windows firewall off, and be able to be resolved in DNS (or when you click next it will error!)

Supply a folder with sufficient capacity, (twice the site of the source VM) in which to perform the migration > Next.

Check the details > Finish.

Note: If it fails with a descriptor error see the following article;

Conversion Error ‘Unsupported Disk Database Entry’

All being well, you should see something like this

 

‘Another’ Older VM Operating System Warning

Unlike Hyper-V 2012 R2 (and earlier) now there’s no option to insert the Integration Services disk, and it’s no longer installed with Hyper-V 2016 (Thanks Microsoft!) As you can see my 2008 x32 server is missing a few drivers and it is complaining.

As I’m a top bloke I’ve got the CD iso below for you, download it and present it to your OLDER (pre 2008R2) Operating system. If you have a modern OS the drivers will all be in there anyway!

Download VMGuest.iso (It’s 29MB you will need to unzip it!)

Here’s how you connect it;

Now simply run the installer.

Related Articles, References, Credits, or External Links

NA

Conversion Error ‘Unsupported Disk Database Entry’

KB ID 0001508

Problem

Seen when attempting to convert a VMware disk (.vmdk) file to a Microsoft disk (.vhd or .vhdx) with Microsoft Virtual Machine Converter.

Microsoft Virtual Machine Converter encountered an error while attempting to convert the virtual machine.
Details: The entry “{value}’ is not a supported disk database entry for the descriptor.

If you click on the ‘Log‘ link you will see something line this;

The entry 1 is not a supported disk database entry for the descriptor.

You will see a similar error ,if you use the ConvertT0-MvmcVirtualHardDisk PowerShell command;

[box]

ConvertTo-MvmcVirtualHardDisk : The entry 1 is not a supported disk database entry for the descriptor.
At line:1 char:1
+ ConvertTo-MvmcVirtualHardDisk -SourceLiteralPath $Winfolder\$VMDK -Vh …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : WriteError: (Microsoft.Accel…nversionService:DriveConversionService) [ConvertTo-MvmcVirtualHardDisk], VmdkDescriptorParseException
+ FullyQualifiedErrorId : DiskConversion,Microsoft.Accelerators.Mvmc.Cmdlet.Commands.ConvertToMvmcVirtualHardDiskC
ommand

ConvertTo-MvmcVirtualHardDisk : One or more errors occurred. At line:1 char:1
+ ConvertTo-MvmcVirtualHardDisk -SourceLiteralPath $Winfolder\$VMDK -Vh …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : WriteError: (Microsoft.Accel…nversionService:DriveConversionService) [ConvertTo-MvmcVi rtualHardDisk], AggregateException
+ FullyQualifiedErrorId : DiskConversion,Microsoft.Accelerators.Mvmc.Cmdlet.Commands.ConvertToMvmcVirtualHardDiskC
ommand

 

[/box]

Solution

I did some searching and found this was a common error, and that most people were fixing it with a tool called dsfok and using that to extract the descriptor file, and then edit it. Which is great, but all the examples had paths to the vmdk on Windows machines? 

My VMDK was on an ESXi Datastore, (where you would expect it to be). I wasn’t about to start copying vmdk files off to Windows and back again. So I needed a solution that would work in LINUX and was quicker and easier, (I am lazy after all).

There’s two ways I found to fix this, if you are happy using a vi editor in Linux then use option 1, if you are a Windows type and prefer doing things with a GUI then use option 2.

Background: In an ESX environment VM-Name.vmdk is not actually the hard disk, that’s usually called VM-Name-flat.vmdk, the descriptor in your error message, you can find in the VM-Name.vmdk file. (which you can edit in a text editor).

Option 1 – Linux and Vi

SSH into your ESXi host, then change directory to the datastore that has the VM in it;

[box]cd /vmfs/volumes/{Datastore-Name}[/box]

Enable SSH Access to VMware vSphere ESX

Change directory to the folder with your VM in it, and here you can see the VM-Name.vmdk and the VM-Name-flat.vmdk file I was taking about. Edit the file using vi (vi vm-name.vmdk).

OK, remember my initial error? It was talking about a value of “1” I’ve only got one entry with that value ‘ddb.toolsInstallType = “1”‘, simply comment that line out by prefixing it with a hash, (or pound sign if you’re American). Save and exit the file, then retry the conversion. 

Note: If it wont let you edit the file, you may need to shut down the guest VM.

Using the VI Editor (For Windows Types)

Option 2 – Windows and WinSCP

Download WinSCP and use it to connect to your ESXi host (SSH needs to be enabled). Navigate to vmfs > volumes > {Datastore-name} > {vm-name} locate the VM-Name.vmdk file and download it to your Windows machine.

You can now edit the file, as above locate the offending line, prefix it with a hash (pound) symbol so that it is ignored, then simply save and upload the file back again, (choosing ‘yes‘ when prompted to overwrite the file). Then retry the conversion.

Related Articles, References, Credits, or External Links

NA

VMware: Export a VM to OVA With PowerCLI

KB ID 0001507

Problem

It’s pretty easy to create an OVA/OVF from the vCenter Web console, but what about from Powershell / PowerCLI? Below I run though converting a 2008 x32 Windows server to OVA.

Solution

I’ll leave the web console in the background so you can see whats happening. From PowerCLI the first task is to connect to the vCenter.

[box]Connect-VIServer {vCenter-FQDN}[/box]

Supply a username and password.

Now remove any snapshots from the VM;

[box]Get-Snapshot Test-VM | Remove-Snapshot -confirm:$false[/box]

The VM needs to be off before we can export it, the following command will shut it down gracefully;

[box]Get-VM -Name Test-VM | Shutdown-VMGuest -confirm:$false[/box]

If your VM has an ISO connected to it, it can have an annoying habit of adding that to the OVA file! So remove any presented .iso files with the following command;

[box]Get-VM -Name Test-VM | Get-CDDrive | Set-CDDrive -NoMedia -confirm:$false[/box]

Finally we export our VM;

[box]Get-VM -Name Test-VM | Export-VApp -Destination ‘E:\Exported‘ -Format OVA[/box]

Related Articles, References, Credits, or External Links

NA

Install .Net 2.0 on Server 2019 & 2016

KB ID 0001506

Problem

.Net2, man thats old! Well I was setting up PowerCLI for VMware today and was faced with this;

.Net Framework 2.0 is not installed on this machine. Please download and install .Net Framework 2.0 before installing VMware PowerCLI.

Solution

Pop in the Server 2019/2016 DVD, (or present the ISO if it’s a VM.) Then execute the following commands, (Note: It’s installed with .Net 3);

[box]

dism /online /enable-feature /featurename:NetFx3ServerFeatures /Source:D:\sources\sxs
dism /online /enable-feature /featurename:NetFx3 /Source:D:\sources\sxs

[/box]

Note: This assumes your CD/DVD Drive letter is D.

Related Articles, References, Credits, or External Links

NA

AnyConnect: Stop Prompting for Certificates

KB ID 0001505

Problem

If you secure your AnyConnect with certificates, you may see something like this;

When you simply want it to connect without prompting.

Solution

This tripped me up last week, luckily I’d seen it before, and knew how to fix it. You need to edit the profile for your AnyConnect so that, you ‘UNTICKDisable Automatic Certificate Selection. I know that sounds like the opposite of what you want to do, but hey!

Related Articles, References, Credits, or External Links

NA

Windows – Open a Firewall Port with Group Policy

Define Inbound Port Exceptions

KB ID 0000979 

Problem

For everyone who simply does not disable the Windows firewall, then you need to be able to manage what ports are open on your machines. The simplest way to do this is via group policy. This week I had to open TCP port 9503 on the local firewall of my McAfee Move Offload Servers. Below I will open that port on all my machines, but in production I will only apply the GPO to the OU with my Move Offload servers in it.

Solution

1. On a domain controller or a client running the remote administration tools > Windows Key+R > gpmc.msc {Enter} > The Group Policy Management Console will open.

2. Select the OU that contains the ‘Computers’ you want to enforce this policy on, (or here I’m choosing the entire domain) > Right Click > ‘Create GPO in this domain, and link it here..’.

3. Give the policy a sensible name so you can see what it is doing later.

4. Right click your new policy > Edit.

5. Navigate to;

[box]

Computer configuration > Policies >Administrative Templates > Network > Network Connections >Windows Firewall > Domain Profile > Windows Firewall: Define inbound port exceptions

[/box]

6. Open the policy and enable it > Show.

7. As this is a new policy the list will be empty, (you can return and add multiple entries to this policy later if you require further ports opening). In the example below I’ve opened port 9053, over TCP, the asterisk means ‘from anywhere’, I’ve Enabled the rule, and called it McAfee Move.

Port Exception Syntax

<Port>:<Transport>:<Scope>:<Name>

  • <Port>: Number in decimal from 0 to 65,335
  • <Transport>: TCP or UDP
  • <Scope>: Where the traffic is coming from, i.e 192.168.1.1, or 192.168.1.0/24, or simply ‘localsubnet’ or ‘*’ for everywhere. You can enter multiple values separated with a comma.
  • <Name>: A simple text entry to define what the exception is.

8. OK > Apply > OK > Close the Group Policy Management Editor. If you have a Windows 2012 domain you can force the policy refresh on a particular OU like so.

9. Or simply run gpupdate /force on the target machine, (or you could also wait a couple of hours, or reboot the target machines.)

10. To make sure it has worked on the target machine > Windows Key+R > WF.msc {Enter} > Inbound Rules > Your rule should be visible.

11. If you open the rule you can see its been applied by group policy, and check the correct port has been defined.

 

Related Articles, References, Credits, or External Links

Windows Group Policy – Disable The Local Windows Firewall

Install the Office 2016 & 2013 GPO Templates

KB ID 0001095

Problem

I deployed a Remote Desktop Services server today, and when I logged on with my test users I fired up Office, and got the welcome movie.

Thats going to annoy my client so I need to stop that happening. Yes I know its pretty straight forward but I’m not a 64 year old typist called Marjorie.

Solution

Note: This ia a ‘User’ Policy so you may need to enable ‘loopback processing’.

1. I’m going to use Group Policy to do this, Server does not come withe the Office 2013 administrative templates so you need to download them (links below.) Copy all the .admx files to %systemroot%PolicyDefinitions

Office 2013 Templates Download

Office 2016 Templates Download

 

2. Copy all the .adml files to %systemroot%PolicyDefinitionsen-US, (or your own locale folder if your not English).

 

Now you can create a new group policy, (or edit an existing one). [box]User Configuration > Policies > Administrative Templates > Policy definitions > Microsoft Office 2013 > First Run[/box] Locate and Enable the following two policies;

  • Disable First Run Movie
  • Disable Office First Run on application boot

Related Articles, References, Credits, or External Links

NA