Improvements I'd Make to Hyper-V Host 2012 R2

Hyper-V host 2012 R2 and by extension Windows Server 2012 R2 have just been released, and they've brought some great improvements with them. That doesn't mean there isn't still room for improvement. Here is a running list of things Id like to see in Window Server 2015 (or you know, even a service pack for 2012 R2).

  • I should be able to create (and realistically, even revert and manage) checkpoints from the Failover Cluster Manager, without having to open up Hyper-V Manager. For that matter, I should be able to do just about everything in Failover Cluster Manager that I have to do in Hyper-V Manager now. Its called a single pane of glass, and we system administrators like them.
  • If I perform a storage move from the Failover Cluster Manager (which, for clustered roles is where it HAS to be performed) I should be able to see the progress for said move without having to launch the Hyper-V Manager. 
  • I should be able to convert a hard drive from dynamically expanding to fixed size, while converting it to a smaller drive size without it being a two step process. You know, for those times when I sloppily accepted the 127GB default hard drive size
  • Speaking of, given the best practice of a) using fixed hard drive sizes and b) not putting anything on the system volume, coupled with the ability to expand a fixed hard drive size in the vhd if you really need to - why in the world is the default hard drive size 127 GB? Wouldn't 40GB be more appropriate? or even 60GB? While we're on the subject, WHY 127? Why not 130? Is this a kick back to the storage industry?
  • Either code it in that machine files and virtual disks are automatically dropped in a folder structure named for the VM they were created with, or find some other way to clean up the disk folder structure that assists in manually deleting files for VMs that are no longer in use. Heck, even a powershell command that says "List me the VM-related files that havent been used in XX number of days / weeks / months" (coupled of course with the ability to then pipe them to a delete command)
  • I learned about an obscure best practice that no one in my circle of friends was aware of - putting the ADDS sysvol shares on a SCSI drive. How bout baking that in to the ADDS role wizard, or at the very least TELLING the sys admin and letting them decide if they want to manually add a SCSI drive and restart the process.
  • If I IMPORT a VM I've previously exported, and I tell it that I want to generate a new ID the wizard should let me change the name of the hard drives and the name of the virtual machine as part of the import process.

When your iSCSI initiator sessions won't connect

I use a lot of iSCSI initiator sessions to connect my iSCSI SAN to my Windows Servers. From time to time and for whatever reason (but particularly after rebooting the VM guest) I find one or more of these connections doesn't reconnect. When I tried to force the connection I'd get some message about its inability to get the job done, or that the login wasn't working, or the drive was hidden.

In the old days, I would just reboot the guest, and usually by the time it came back up the drives would map correctly.

But it turns out that isn't necessary. I've since learned you can simply go to the command prompt and flush the arp cache with

arp -d *

then try the reconnect.

I've never had that not work.

Now if only someone could tell me why...

Some Things I've Learned about working with Microsoft Hyper-V 2012 R2

This was published as soon as the idea came about, but will undoubtedly have more things added to it in the coming days and weeks.

  • Use descriptive and complete names for your virtual hard drives, or pre-make sub directories for each VM underneath the Virtual Hard Disk folder. Otherwise, things are going to get messy. I find that leaving all the VHDs in one directory bothers me visually, so I made sub directories, but this complicates "moves" later, since you end up manually specificing where you want each component to go, just so you can put the VHD into the subfolder.

  • When "moving" a virtual machine's storage you want to pick the subdirectory immediately below the standard folders (virtual machine, snapshot, smartcaching). It will add the files in the appropriate subdirectory. If you try to add the config file for example into "virtual machine" directly, it will actually end up making another virtual machine folder underneath the original so that you end up with something that looks like
                         c:\Hyper-V\Virtual Machine\Virtual Machine
  • If you specify a limit to the number of "Storage Migrations" on a Hyper-V host, rather than queue up like when you preform a "Live Migration", the move will simply fail. Fortunately, it fails early and with a pretty dialog box that's self explanatory to anyone who should be doing this job.

Moving Your Snapshots location if you already have snapshots

First things first. In Windows Server 2012 R2 snapshots are now called Checkpoints. I may inadvertently call it either in this post. You should consider them synonymous.

Most of us who use hypervisors and virtual server guests have grown to love the ability to save a checkpoint before applying updates or performing a software upgrade. It's a great, easy way to have a clean place to fall back to in the event things don't go well. I had the opportunity to use a couple of checkpoints REPEATEDLY just this last weekend while I worked out why my Data Protector 8 upgrade wasn't completing successfully.

Usually checkpoints only last a very short while. It doesn't take long to work out whether the upgrades broke the server or the software installed correctly. But sometimes, rarely, you may happen upon a situation where you've got some checkpoints in place and you find that place where you've been saving them is running out of room. What do you do?

You should assume that deleting the snapshots isn't the answer your boss or Microsoft is likely to want to hear, though. You're keeping them for a reason.

But if you go and try to just move the snapshot location, even if the guest is turned off you're going to get a great big "you cant do that here".

Are there any options?

It turns out there are. Instead of trying to change the snapshot location you need to "Move" the snapshot storage location instead. It will move any snapshots you have, and hopefully (presumably) you'll have picked a place big enough you don't have to worry about running out of space.

Automatically placing users and computers in a container other than the default

For as long as I can remember (and I've been a sysadmin since before Windows NT 4) Microsoft has placed newly created computer accounts in the Computers container in Active Directory by default. In smaller shops no one cares, but when you start using group policy to alter a computer's default behavior, it's always been a little annoying to me to have to move the computer out of its default container.

This becomes more of an issue if you have delegated AD administration of certain OUs to others. Containers after all cant have their security delegated the way OUs can. If a computer account hasn't been moved it can create situations where tier 1 support can't take care of tickets it otherwise would be able to do.

It turns out that we've had the ability to change this for some time. Rather than blather on about how, I'll just point you to this rather old Microsoft Support article.

Redirecting the users and computers containers in Active Directory domains

My Reflections on Exam 70-410

Reflecting on my first Microsoft exam in several years, I'm taken by the changes that have occurred in my absence. I had reviewed the test question format, and the objectives listed as being relevant for the exam. Still, I found myself ill prepared for this exam, despite over 15 years of experience doing this kind of work for a living. Test NDAs prevent me from talking about the exam in detail, but I have a few thoughts I wanted to get out that I don't think violate that confidence, and which might be of help to others contemplating this exam series.

Before that I wanted to make one casual comment about testing facilities.

My test monitor was 20". Maybe 19". And for someone used to throwing rdp sessions and other things to a second monitor to refer to them while I work, trying to read and review the exhibits for an environment I'm unfamiliar with while taking a timed exam is well... frustrating. Are larger monitors, or even second monitors so exorbitant a cost that we cant have them in our testing centers?

How I Prepared
Looking at the objectives the topics seemed to be the kind of thing I've been comfortably doing for many years. There wasn't a lot of concern. My original intent was to source my learning material for free off the Internet, and fill in the gaps for new features and elements that I hadn't had much (or any) experience deploying in real life. There are blog topics, Microsoft articles, etc that pretty well cover everything on these exams. Unfortunately, I got terribly sick in the (relatively) short amount of time I had allotted myself to study. In the end, I ended up spending $20 for a kindle book from Microsoft Press called Exam Ref 70-410: Installing and Configuring Windows Server 2012 R2 hoping to speed up and focus my studying on specific areas where I felt I was weak.

The book covered the specific test points much more pointedly that traditional Microsoft course-ware, which tends to be more general training and labs. It rambled in a couple of places, but it was a good purchase.

I stayed away from practice exams (which cost 1/3 as much as the exam, and I fear stray dangerously close to the idea of "brain dumps" which are forbidden by Microsoft). I managed to find a few free flash card collections, both online and available from a free app on Google Play. Mostly the questions were poorly written, often by people who clearly didnt speak English as a first language. I don't RECALL after the fact that any of the questions / flash cards I saw were actual questions on the exam, nor did they even particularly fit the format of the questions I got. I definitely wouldn't rely on them as a guide to what to expect.

That said I think flash cards are still a good way to study and evaluate what you do and DON'T know.

The Results
I passed. But I could have done a lot better. Ultimately, my general understanding of topics like DNS and DHCP and Active Directory were almost of no immediately obvious value.  I was expecting a general exam.

What I got was something altogether different.

Here are five elements I'd highlight.

1. Powershell
These questions are hyper-specific about the implementation of these concepts IN Windows Server 2012 R2. Those coming with a hands-on Server 2008 background will likely benefit at exam time, with one very important caveat.

If you (like me) run small enough environments (even though I have 50 VMs) to use the GUI tools and you don't make much (if any) use of Powershell you WILL be in for the same rude awakening I had.

You absolutely must know your powershell commands for the various operations. This shouldnt be a surprise to anyone. Microsoft has said for years they think everyone should be using Powershell. Its just with the GUI option I think a lot of us have just chosen to take the easier road.

2. Visualize Your Experience
Be able to recall specific elements of firewall (or other system) configuration WITHOUT visual aids. So often I rely on visual cues in the GUI and wizards to remind me of what I need to provide to the server, or where I'm going next. Without those cues I found it much more difficult to remember the specific elements that were included. I found myself closing my eyes and replaying old scenarios where I had performed the operation to form a kind of "memory palace" where I could evaluate what I had been doing. I'm certain that's what Microsoft intends to happen, but its definitely difficult, and something you should practice BEFORE the exam. In the future, I will be replaying these scenarios in my mind just before I go to sleep.

3. IPv6
Its been 10 years PAST the time they all thought we'd be rushing to implement IPv6. NAT saved our bacon, but it's also made us complacent. I still don't have IPv6 in my network. Microsoft expects you to know it, or at least be able to recognize the prefixes for the major classes of IPv6 addresses (multicast, public routable, private routable).

4. Combo Points
A couple of the questions came in the form of an exhibit with multiple tabs / elements (ie group / group policy / AD information) or (group / NTFS permissions / Share permissions) and asked you to interpret outcomes for specific users or groups. Each answer is worth 1 point (whatever that is) so if you don't understand the underlying concepts, you're going to stack up some missed points pretty quick. My suggestion?

Make doubly sure you understand what happens when you combine these elements together.

Beyond the exam, these are actually elements you'll use day in and day out if your setting up and administering microsoft networks of any size or shape.

5. Dont cherry pick your subject matter
Everything on those objectives are fair game. Yes, there were sections that didn't appear at casual contemplation to have been asked about at all. As a veteran system administrator when I look at the exam objectives I think the 70-410 exam is very reasonable and practical in what they expect you to know. Study it all, and don't roll the dice in trying to guess what may or may not be on the exam. Its all worth knowing.