Hyper-V Generation 2 Support for Linux Guests

Recently Microsoft announced Generation 2 Virtual Machines which really is an UEFI guest without the emulated PCI bus. Initially the only supported Operating Systems were:

  • Windows 8 (Integration Services Update Required)
  • Windows 8.1
  • Windows Server 2012 (Integration Services Update Required)
  • Windows Server 2012 R2

Well, now you can add pretty much any Linux distribution to the list right now. Thanks to the hard work being done by the Linux Integration Services team, they’ve got the mainline Linux kernel working right on Hyper-V under a Generation 2 platform. However the only distribution that will install correctly inside a Generation 2 Virtual Machine is OpenSuSE 13.1.

However if you want your Linux distribution to run inside a Generation 2 VM right now, you’ll have to install it manually via debootstrap or something similar. One thing to keep min mind is if your kernel is older than 3.11, you’ll need to either backport specific changes or upgrade to a newer mainline version of the kernel before you can even proceed to install your favorite distribution inside a generation 2 virtual machine.

Integration components wise, most of the modules will load just fine except hyperv_fb, the framebuffer device driver for Hyper-V guests. Unfortunately hyperv_fb is broken under a generation 2 VM hence why you’ll need to have EFI framebuffer support compiled in your kernel or you won’t get any video at all! The same goes for GRUB, it’ll also need efi_uga and efi_gop modules built in your bootx64.efi GRUB image. And oh, did I forget to mention that you’ll also have to disable Secure Boot as Hyper-V doesn’t support any way to loading public certificates into the Secure Boot database?

So if you want to take the plunge on having a Linux Generation 2 VM, be my guest. Start reading those git commit logs and start cherry picking! Remember, your mileage may vary. 😉

Samba 4 Active Directory Domain Controller for a Microsoft Failover Cluster

With the release of Samba 4, there’s now the possibility of running an Active Directory-compatible controller on most *nixes out there. Don’t get me wrong about the real Active Directory solution from Microsoft out there, it’s a great solution for larger enterprises, but for the others out there who are either too restricted in terms of budgeting or just don’t want to touch a Microsoft Windows Server for Active Directory; Samba 4 can be a good option.

Up until now, using a Samba 4 AD domain controller for a Microsoft Failover Cluster is almost next to impossible as the validation pages fail on this error:

An error occurred while executing the test.
There was an error initializing the network tests.

There was an error creating the server side agent (CPrepSrv).

Creating an instance of the COM component with CLSID {E1568352-586D-43E4-933F-8E6DC4DE317A} from the IClassFactory failed due to the following error: 80070721 A security package specific error occurred. (Exception from HRESULT: 0x80070721).

Fortunately there is a way to temporarily resolve this issue. That solution is to add any value to the servicePrincipalName attribute via ADSI Edit or the Active Directory Users and Computers MMC snap-in. (Sorry folks, can’t use Active Directory Administrative Center as Samba4 doesn’t currently emulate an AD DS Web Service server…). And yes the people at the Samba project are aware about this “bug” due to the way of a developer interpreting how the security should have been implemented. (Sorry Andrew, I didn’t mean to throw you under the bus 😉

After adding that attribute, you should be able to validate successfully and have a fully functional Hyper-V cluster for almost next to nothing. (Except the cost of a Windows 8 Pro license)

Edit: Apologies of me being a little ambiguous on “any value” to the servicePrincipleName attribute. What I really meant was setting a non-NULL value on servicePrincipalName on the user who’s performing the validation checks and forming the cluster, not the computer account of the cluster member.

KB2750149 and the Failover Cluster GUI… Ouch

Last Patch Tuseday’s round had an update (KB2750149) for the .NET Framework on Windows 8/2012 systems that broke the Failover Cluster management UI. It’s a known issue for Microsoft as reported on their blog below:

http://blogs.technet.com/b/askcore/archive/2013/01/14/error-in-failover-cluster-manager-after-install-of-kb2750149.aspx

Unfortunately as of writing, Microsoft hasn’t pushed an update for fixing what they broke. However what they broke should not affect the functionality of the Failover Cluster itself. As the blog post stated above, the Failover Cluster will still function as normal and can still be managed using the PowerShell cmdlets or the command line tools.

To fix the issue you’ll probably have to either use DISM or the Windows Image Servicing PowerShell cmdlets to remove the .NET Framework Update. By performing a dism /online /get-packages or Get-WindowsPackage -Online and searching for the string ‘KB2750149’ should be sufficient enough to start the removal process.

Again before removing the patch, consult with the documentation. I can’t be responsible if you break your own system when you remove that patch mentioned above 😉

A few words about native VHD boot on 4K/512e Hard Drives…

I’ve gone cruising on the Interwebs for “Windows 8 Haters” just for laughs recently and I’ve found this portion of a comment left on some random site’s blog quite amusing:

2) It was so slow it hurt. And i have a quad core i5 @2.6 with 4 gb ram.

Uhm… Okay… I’ll fire off a few questions I’ve got in my back of my mind:

  • Are you using a brand new hard drive with that?
  • Did it also have an AF logo slapped on it?
  • Did you also try to do what the masses would have done, test Windows 8 out on a VHD?

If you answered yes to all of the questions above, then you’d seriously need to re-think what you’re doing. For the average “tech-savvy” user, I’d go easy on them, I mean who would really spend their time reading the TechNet Library for kicks. 😉

Pro tip for “speeding up” Windows 8 – Use the VHDX format to native boot into Windows 8 if you have a 512e disk. Doing so could greatly reduce the negative effects that RMW does on a hard drive. If you don’t know what RMW stands for and what the effects are, just think of it this way: If you have to make the disk read 2 physical sectors to address one NTFS block that spans across the 2 sectors, do you really think that it’s going to take longer to read that one sector? Heck yeah.

On the flip side, users who decide to hold out with Windows 7 or Server 2008 R2 are unfortunately out of luck. They can not native boot with a VHDX file at all. But they can boot the VHDX file under Hyper-V that’s for sure 😉

VMware and their FUD

I’m talking about a post on VMware’s “Virtual Reality” blog detailing on how their solution is cheaper than Microsoft’s Hyper-V offering and how hard it is to “administer”.

The post in question is here.

Let me tell you this: Personally speaking, I find Microsoft’s Hyper-V v3.0 platform a pleasure to learn and toy with. Sure, Microsoft’s Hyper-V 3.0 is free, but we all know that free has a cost attached to it right? Yes there is. It’s called read the fine manual. Not to mention the cost of reading the manual, for the price of free you get the following features I can list off the top of my head for free:

  • Live Migration (Can also be done in a shared nothing setup)
  • Native 512e/4K sector disk support (also known as Advanced format)
  • Failover Clustering
  • 4TB of RAM on the host, 1TB of RAM per active VM

Do note the last part of where I’m making it a selling point. VMware’s free vSphere (aka ESXi 5.x) offering has an artifical limit of 32GB and some DIY desktops/workstations are getting to that limit, potentially higher when we finally see DDR4 platforms hitting the market anytime soon. Now the features above are also offered by VMware, but for how much? Certainly not free. Just go grab a free ESXi license key and plug it in, you’ll see what I mean pretty quick.

Unfortunately what VMware’s trying to convey here is that Microsoft’s Hyper-V solution is much more expensive than what their offerings are. What’s funnier is they also referenced to a post on Microsoft’s TechNet forums where a bunch of people complained that standalone Hyper-V Server is quite painful to use.

In reality, from the feedback I’ve gotten with one of the potential employers at career fairs, one of them said that VMware is probably the best out of all the virtualization solutions, but is the most expensive one out of the solutions they’ve looked at. We’ve made mention of other solutions such as KVM, but overlooked Hyper-V. Then again, this was a few months ago when nobody really bothered to look into Windows Server 2012’s Hyper-V solution as it wasn’t RTM’d yet.

Fast forward to GA, Hyper-V Server 2012 has been released for general consumption earlier this month for a price tag of free. But the issue with the free Hyper-V is due to the security bulit around it. This problem really is about people using the standalone offering in a Workgroup environment. In Hyper-V Server 2012, this really is a non-issue. If a wise person did read the manual and does know how to use PowerShell, administering it remotely or locally shouldn’t be a huge issue. Also, Hyper-V Server 2012 was meant for administrators who have a strong background in Windows administration. It wasn’t really meant for people who just want a virtualization solution, but have no prior experience with administering a Windows Server machine.

I may be leaving out huge amount of details and scenarios above, but I’d like to keep things as simple as possible 😛 It all comes down to this: If you know what you are doing and have already planned an Active Directory system, you’ll enjoy administering Hyper-V Server 2012 boxes in no time. But if you just had poorly thought out plans and no patience or will to learn new things, you’ll find administering anything foreign a nightmare. This is true for any system that you or me may come across in the future.

The point of my “rant” is – Open minds help understand things much better. And much more resistant to FUD launched by anybody. 😛