Category: Containers

Hyper-V VM Stop-VM failed to change state

Force Hyper-V Virtual Machine VM to turn off

In this blog post, we are going to have a look at how you can force a Hyper-V virtual machine (VM) to turn off using the HCSDiag tool. A couple of days ago I had an issue where I wasn’t able to shut down and turn off a Hyper-V virtual machine (VM). After I tried to shut down the Hyper-V VM using the Hyper-V Manager the VM was in a locked state and I couldn’t really do anything with it. Of course the first thing I tried using the PowerShell Stop-VM cmdlet with the force parameter to turn off the virtual machine.

Hyper-V VM Stop-VM failed to change state

Hyper-V VM Stop-VM failed to change state

But as you can see I had no success. Luckily I remembered a tool called the Hyper-V Host Compute Service Diagnostics Tool (HCSDiag.exe), which provides me with a couple of advanced options when it comes to Hyper-V virtual machine, container, and Windows Sandbox management.

The Hyper-V Host Compute Service Diagnostics Tool (HCSDiag.exe) is available in Windows 10 and Windows Server 2019 if you have the Hyper-V roles or virtualization features enabled, and can be helpful to troubleshoot Hyper-V containers, virtual machines (VMs), Windows Sandbox, Windows Defender Application Guard, Windows Subsystem for Linux 2 and more.

Hyper-V Get-VM list VMiD

Hyper-V Get-VM list VM ID

HCSDiag allows me to list all the running Hyper-V containers, including virtual machines. With the HCSDiag kill command, I can then force the Hyper-V VM to turn off.

Force Turn Off of Hyper-V virtual machine VM

Force Turn Off of Hyper-V virtual machine VM

I hope this post was helpful if you have a Hyper-V VM which you can’t turn off. If you have any questions, feel free to leave a comment. You can find more information about the HCSDiag tool, how it works with containers and other tools here on my blog.



Connect Azure Cloud Shell to virtual network vNet

Connect Azure Cloud Shell to Virtual Network vNet

As you know, Azure Cloud Shell is a great management tool to manage your Azure resources. Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work, either Bash or PowerShell. You can learn more about Azure Cloud Shell here. If you wanted to manage Azure resources such as Azure virtual machines (VMs), you needed to connect to a public IP address of a virtual machine, which really didn’t work in all scenarios. With the latest update, you can now connect Azure Cloud Shell to an Azure virtual network (vNet). With the new method, you can now deploy the Azure Cloud Shell container within your virtual network (vNet), which now allows you to use PowerShell remoting, SSH, or other command-line tools such as kubctl using private IP addresses.

Requirements

Before you can use Cloud Shell in your own Azure Virtual Network, you will need to create some resources to support this functionality. 

  • Virtual Network – The virtual network in which the resources are located you want to manage or the network that peers with a virtual network where your Azure resources are.
  • Subnet – In that virtual network you will need a dedicated subnet to host Cloud Shell containers.
  • Network profile
  • Azure Relay – An Azure Relay allows two endpoints that are not directly reachable to communicate.
  • Storage Account – The storage account needs to be accessible from the virtual network that is used by Cloud Shell.

There are also some considerations you need to be aware of, such as currently supported Azure regions during the preview, Azure Relay adds additional cost and slower startup speed of Cloud Shell containers. You can learn more about the requirements here.

Connect Azure Cloud Shell to a virtual network

To make the deployment easy, there are Azure Resource Manager templates available to deploy the necessary network and storage resources. In my step by step guide, I already have a virtual network deployed within my subscription with the resources I manage. If you don’t have that yet, and you want to try this out, you will need to create a resource group and a virtual network.

Simply the deploy the following two templates:

Deploy Azure Cloud Shell Network ARM template

Deploy Azure Cloud Shell Network ARM template

You can get the Azure Container Instance OID by running the following command:

Get-AzADServicePrincipal -DisplayNameBeginsWith 'Azure Container Instance'

Also, make sure that the subnet ranges are part of the address range in your virtual network.

Reconnect Cloud Shell

If you have used Azure Cloud Shell before, you will need to reconnect that to the specific resources. You can simply run the command “cloudrive unmount” or “dismount-cloudrive”.

After that you can reconnect your Cloud Shell and select the isolated network option. Keep in mind this feature is currently in preview, and only available in West US and West Central US.

Connect Azure Cloud Shell to virtual network

Connect Azure Cloud Shell to virtual network

This will then take a moment to deploy.

Requesting a container

Requesting a container

After the Cloud Shell container is deployed within the virtual network, you can now start using private IP addresses within that virtual network or virtual networks that are peered.

SSH into Azure VM with Private IP address from Cloud Shell

SSH into Azure VM with Private IP address from Cloud Shell

I hope this blog gives you a short overview of how you can integrate Cloud Shell in your private Azure virtual network. If you have any questions, feel free to leave a comment.



Run Azure Container Instances from the Docker CLI

Run Azure Container Instances from the Docker CLI

Earlier Docker announced the partnership with Microsoft to bring support to run Azure Container Instances (ACI) from the Docker CLI. Yesterday, Docker announced and released the first Docker Desktop Edge version (2.3.2), which allows you to try out that new feature. Azure Container Instances (ACI) allow you to run Docker containers on-demand in a managed, serverless Azure environment. Azure Container Instances is a solution for any scenario that can operate in isolated containers, without orchestration.

Run Azure Container Instances from the Docker CLI

To be able to run ACI containers using the Docker CLI, Docker expanded the existing docker context command to support ACI as a new backend. To start using this new feature you will need to run Docker Desktop Edge version 2.3.2 and an Azure subscription. You can create a free Azure account with 12 months of free services, $200 credit, and over 25 services which are always free.

Docker Desktop Azure ACI Integration

Docker Desktop Azure ACI Integration

Now you can start your Docker CLI and login to Azure:

docker login azure

After you are logged in, you will need to create a new ACI context. You can simply use “docker context create aci” command and add your Azure subscription and Resource Group, or the CLI will provide you with an Interactive experience.

docker context create aci myazure

With “docker context ls” you can see the added ACI context.

docker context ls
Docker Desktop CLI create Azure Container Instance ACI Context Integration

Docker Desktop CLI create Azure Container Instance ACI Context Integration

Now you can switch to the newly added ACI context.

docker context use myazure

Now you can start running containers directly on Azure Container Instance using the Docker CLI.

docker run -d -p 80:80 mycontainer

You can also see the running containers using docker ps.

docker ps
Run Azure Container Instances from the Docker CLI

Run Azure Container Instances from the Docker CLI

This will also show you the public IP address of your running container to access it. In my example I used a demo container, however, you can also use your own container which you pushed to a container registry like Docker Hub.

You can also run multi-container applications using Docker Compose. You can find an example for that here.

Try Azure Container Instances from the Docker CLI

This new experience is now available as part of Docker Desktop Edge 2.3.2 . To get started, simply download the latest Edge release or update if you are already on Desktop Edge and create a free Azure account with 12 months of free services, $200 credit, and over 25 services which are always free.

Conclusion

I hope this gives you a short overview of how you can use the Docker CLI to directly run Docker containers in Azure Container Instances (ACI). If you have any questions, feel free to leave a comment.

There are also many other great examples like running Docker Linux containers on Windows, using the Windows Subsystem for Linux 2 (WSL 2).



How to Install a Windows Server Container Host

How to Install a Windows Server Container Host

In this blog post, I want to quickly guide you through how you can install a Windows Server Container Host running Docker. This guide will help you set up, install, and run Windows Containers on Windows Server. In my example, I will install a container host on a Windows Server, version 2004, which is a Semi-Annual Channel (SAC) release. Windows Server SAC releases are released twice a year and are optimized for containers. In the Windows Server, version 2004 release, the team continued improving fundamentals for the core container platform such as performance and reliability.

If you want to learn more about the differences of Windows Server Semi-Annual Channel (SAC) vs. Long-Term Servicing Channel (LTSC), check out my blog post.

Requirements

  • A virtual or physical server running Windows Server 2016 or higher (Also including Semi-Annual Channel (SAC) releases. In my blog post, I will use the latest available releases and run the latest Windows Server SAC release, which offers the latest enhancements on the container host.
  • You can also use the Windows Server 2019 LTSC version

Set up and install the Windows Server Container Host

Since I am using the latest SAC release of Windows Server, the server is available as Windows Server Core only. This means I am going to use a tool called “sconfig” to set up my server for the first time. Of course, you can also use existing methods like unattend.xml files or PowerShell scripts to set up your server.

Windows Server Core

Windows Server Core

With sconfig, you can run all the simple configuration tasks to configure your Windows Server.

Windows Server SCONFIG

Windows Server SCONFIG

After the Windows Server is configured and patched, we can now install Docker, which is required to work with Windows containers. Docker consists of the Docker Engine and the Docker client. You can simply install Docker on Windows Server using the following commands.

Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
Install-Package -Name docker -ProviderName DockerMsftProvider
Install Docker on Windows Server

Install Docker on Windows Server

After these commands, you will need to restart the server.

Restart-Computer -Force

If you want to learn more about installing Docker on Windows Server, check out Microsoft Docs.

Run Windows Container Docker Images on Windows Server

Run Windows Container Docker Images on Windows Server

Now you can start pulling your docker container images to your Windows Server. I will use the latest Windows Container images, which came with Windows Server, version 2004. You can read more about the improved container images here.

docker pull mcr.microsoft.com/windows/servercore:2004 
docker pull mcr.microsoft.com/windows/nanoserver:2004 
docker pull mcr.microsoft.com/windows:2004

You can now use the docker client to manage your containers on your Windows Server, or you can also use the new Windows Admin Center Container extension, which was released a couple of weeks ago.

Manage Windows Server Containers with Windows Admin Center

Manage Windows Server Containers with Windows Admin Center

And yes, if you have a standalone Windows Server Core, you can also directly install Windows Admin Center on your Windows Server Core.

Conclusion

I hope this blog post gives you a great overview of how to install and set up a Windows Server container host. If you have any questions, feel free to leave a comment.



Windows Server 2019 Inside Out Microsoft Press Book

Windows Server 2019 Inside Out Microsoft Press Book Available

My friend and colleague Orin Thomas just shared some fantastic news. His new book Windows Server 2019 Inside Out for Microsoft Press is now available. I was able to provide some early feedback during the writing process and I can tell you this book is a must-have if you are working with Windows Server 2019.

Dive into Windows Server 2019—and really put your Windows Serverexpertise to work. Focusing on Windows Server 2019’s most powerful and innovative features, this supremely organized reference packs hundreds of timesaving solutions, tips, and workarounds—all you need to plan, implement, or manage Windows Server in enterprise, data center, cloud, and hybrid environments. Fully reflecting new innovations for security, hybrid cloud environments, and Hyper-Converged Infrastructure (HCI), it covers everything from cluster sets to Windows Subsystem for Linux.

You can get the book on Amazon and you will learn how to:

  • Optimize the full Windows Server 2019 lifecycle, from planning and configuration through rollout and administration
  • Leverage new configuration options including App Compatibility Features on Demand (FOD) or Desktop Experience
  • Ensure fast, reliable upgrades and migrations
  • Manage Windows servers, clients, and services through Windows Admin Center
  • Seamlessly deliver and administer core DNS, DHCP, file, print, storage, and Internet services
  • Use the Storage Migration Service to simplify storage moves and configuration at the destination
  • Seamlessly integrate Azure IaaS and hybrid services with Windows Server 2019
  • Improve agility with advanced container technologies, including container networking and integration into Kubernetes orchestration clusters
  • Deliver Active Directory identity, certificate, federation, and rights management services
  • Protect servers, clients, VMs, assets, and users with advanced Windows Server 2019 security features, from Just Enough Administration to shielded VMs and guarded virtualization fabrics
  • Monitor performance, manage event logs, configure advanced auditing, and perform backup/recovery Windows Server 2019
Microsoft Inside Out Windows Server 2019 Book

Microsoft Inside Out Windows Server 2019 Book

If you got the new Windows Server 2019 Inside Out Microsoft Press book, let me know what you think!



HCSDiag.exe - Hyper-V Host Compute Service Diagnostics Tool

HCSDiag.exe – Hyper-V Host Compute Service Diagnostics Tool

As you know, Hyper-V is not just a server virtualization software anymore. Today, you can find Hyper-V technology across different operating systems, products, and services, like Windows Defender Application Guard, Windows Sandbox, Hyper-V Containers, or many more. Thanks to Ben Armstrong from the Hyper-V team, I found out that there is a tool in Windows to troubleshoot these Hyper-V containers called hcsdiag.exe or Hyper-V Host Compute Service Diagnostics Tool. The Hyper-V Host Compute Service Diagnostics Tool (HCSDiag.exe) is available in Windows 10 and Windows Server 2019 if you have the Hyper-V roles or virtualization features enabled, and can be helpful to troubleshoot Hyper-V containers, virtual machines (VMs), Windows Sandbox, Windows Defender Application Guard, Windows Subsystem for Linux 2 and more.

HCSDiag.exe - Hyper-V Host Compute Service Diagnostics Tool

HCSDiag.exe – Hyper-V Host Compute Service Diagnostics Tool

Let’s have a look at the HCSDiag.exe, which you can find in C:\Windows\System32. It provides you with a couple of different commands and options. However, keep in mind that not all features work with every type of container. Some features are limited to scenarios where the VM is being used under the same user context as the host, where it is all about protecting the host from the guest and not the guest from the host like in the server version of Hyper-V.

To install Hyper-V, check out the following posts:

HCSDiag.exe

hcsdiag <command> [options…]

  • list
    Lists running containers and VMs.
  • exec [-uvm] <id> <command line>
    Executes a process inside the container.
  • console [-uvm] <id> [command line]
    Launches an interactive console inside the container.
  • read [-uvm] <id> <container file> [host file]
    Reads a file from the container and outputs it to standard output or a file.
  • write [-uvm] <id> [host file] <container file>
    Writes from standard input or a host file to a file in the container.
  • kill <id>
    Terminates a running container.
  • share [-uvm] [-readonly] [-asuser] [-port <portnumber>] <id> <host folder> <container folder>
    Shares a host folder into the container.
  • vhd [-uvm] <id> <host vhdx file> <container folder>
    Shares a virtual hard disk file into the container.
  • crash <id>
    Forces a crash of the virtual machine hosting the container (only works for containers hosted in a virtual machine).

I will give you some examples of how you can use hcsdiag.exe to interact with some of the Hyper-V containers. Now again, this focuses mostly on technologies like Windows Sandbox, Docker Hyper-V Containers, WSL 2, and similar features.

You can find more documentation on Hyper-V on Windows Server or Hyper-V on Windows 10 on Microsoft Docs.

List all containers and Hyper-V VMs

With the hcsdiag list command, you can create a list of containers and Hyper-V virtual machines running on the host. Including Windows Sandbox, Windows Subsystem for Linux 2, and Application Guard.

hcsdiag.exe list

hcsdiag.exe list

Connect Console to Hyper-V containers and Windows Sandbox

You can also directly connect to the console of containers or the Windows Sandbox. Remember that it only works for Hyper-V containers where the guest is not protected from the host. Not for containers like Hyper-V VMs, where the guest is also protected from the host. If you need to remote into want console access or run commands against a Hyper-V VM from the host, check out PowerShell Direct for Windows VMs and hvc.exe for Linux VMs.

hcsdiag console connect

hcsdiag console connect

Here is an example where I am connected to a Windows Sandbox container using hcsdiag.exe.

hcsdiag Windows Sandbox

hcsdiag Windows Sandbox

But that also works with Dockers container (Hyper-V containers) running Windows and Linux.

hcsdiag Linux Container

hcsdiag Linux Container

HCSDiag console provides you with an interactive connection to interact with the container.

Additional HCSDiag.exe features and commands

The HCSDiag.exe also provides you with a couple of additional commands you can use. For example, the read command to read a file from the container and output it to the host or as a file to the host.

hcsdiag read

hcsdiag read

You can use the “share” command to share a host folder into the container or use “vhd” to mount a virtual disk file (VHD) file to a container. The hcsdiag kill command terminates a running container.

Conclusion

HCSDiag.exe – Hyper-V Host Compute Service Diagnostics Tool is excellent if you need to troubleshoot these Hyper-V containers, virtual machines (VMs), Windows Sandbox, Windows Defender Application Guard, Windows Subsystem for Linux 2 and more. If you have any questions, feel free to leave a comment.



Windows Server webinar miniseries - Month of Cloud Essentials Speakers

Windows Server webinar miniseries – Month of Cloud Essentials

I want to let you know that in June I will be speaking in the Windows Server webinar miniseries focusing on how you can leverage the power of Azure together with Windows Server. Jeff Woolsey, Pierre Roman, Orin Thomas and I will be speaking about different scenarios using Windows Server in a Hybrid environment.

Join this four-part Windows Server webinar miniseries to learn tips and best practices for bringing the efficiencies and cost savings of Azure to your Windows Server workloads. Each 30-minute session includes demos and a live Q&A with Microsoft technical experts.

The Windows Server webinar miniseries – Month of Cloud Essentials sessions will focus on:

Intro to Windows Server Apps in the Cloud
June 4, 9:00 AM–9:30 AM Pacific Time by Jeff Woolsey 📅
Get an overview and explore resources to help you start running your Windows Server workloads on Azure.

How to Manage Windows Server Roles with Azure Services
June 11, 9:00 AM–9:30 AM Pacific Time by Orin Thomas 📅
Learn best practices to help improve security and scalability for apps by easily migrating Windows Server roles such as Active Directory, Windows File Server, and DNS to Azure.

Create Highly Available Apps with Azure VMs
June 18, 9:00 AM–9:30 AM Pacific Time by Pierre Roman 📅
Find out how to run business-critical Windows Server applications on Azure with consistent security, identity, and management features.

Modernize Windows Server Apps on Azure
June 25, 9:00 AM–9:30 AM Pacific Time by Thomas Maurer 📅
Explore hybrid cloud approaches for connecting your on-premises and multicloud environments to Azure with strategies that include containers.

I am looking forward to seeing you in the Windows Server webinar miniseries – Month of Cloud Essentials. If you miss any of the sessions, watch them on demand. You can register here.

If you have any questions, feel free to leave a comment.