Tag: Hyper-V Manager

Hyper-V Enhanced Session Mode

10 hidden Hyper-V features you should know about!

Microsoft added some amazing new features and improvements to Hyper-V over the past few years. A lot of them you can use in Windows Server 2016 Hyper-V today, but there are also a lot of features hidden in the user interface, and they are also included in Windows 10 Pro or Enterprise. I think this list should you a good idea about some of them.

Nested Virtualization

Hyper-V Nested Virtualization

Hyper-V Nested Virtualization allows you to run Hyper-V in a Hyper-V Virtual Machine. This is great for testing, demo and training scenarios and it works on Windows Server 2016 and Windows 10 Pro and Enterprise. Microsoft Azure will also offer some new Virtual Machine which will provide the Nested Virtualization feature in the Azure public cloud. Nested Virtualization is not just great if you want to run virtual machines inside a virtual machine, it is also great (and I think this will be the most significant use case in the future) you can also run Hyper-V Container inside a Hyper-V or Azure Virtual Machine. Hyper-V Containers are a feature that will bring the isolation of a Virtual Machine to a fast, light, and small footprint container. To enable Nested Virtualization, you have the following requirements:

  • At least 4 GB RAM available for the virtualized Hyper-V host.
  • To run at least Windows Server 2016 or Windows 10 build 10565 (and higher) on both the physical Hyper-V host and the virtualized host. Running the same build in both the physical and virtualized environments generally improves performance.
  • A processor with Intel VT-x (nested virtualization is available only for Intel processors at this time).
  • Other Hypervisors will not work

Configure the Virtual Machine for Nested Virtualization, follow the following steps:

  • disable Dynamic Memory on Virtual Machine
  • enable Virtualization Extensions on the vCPU
  • enable MAC Address Spoofing
  • set Memory of the Virtual Machine to a minimum of 4GB RAM

To enable the Virtualization Extensions on the vCPU you can run the following PowerShell command

Set-VMProcessor -VMName "VMName" -ExposeVirtualizationExtensions $true

PowerShell Direct

PowerShell Direct Enter-PSSession

Hyper-V PowerShell Direct is also one of the great new features in Windows 10 and Windows Server 2016 Hyper-V. PowerShell Direct allows you to connect to a Virtual Machine using PowerShell without connecting over the network. Instead of the network, PowerShell Direct uses the Hyper-V VMBus to connect from the Hyper-V host to the virtual machine. This is handy if you are doing some automation or you don’t have network access to the virtual machine. In terms of security, you will still need to provide credentials to access the virtual machine.

To use PowerShell Direct, you have the following requirements:

  • The virtual machine must be running locally on the Hyper-V host and must be started.
  • You must be logged into the host computer as a Hyper-V administrator.
  • You must supply valid user credentials for the virtual machine.
  • The host operating system must run Windows 10, Windows Server 2016, or a higher version.
  • The virtual machine must run Windows 10, Windows Server 2016, or a higher version.

To use PowerShell Direct, you can use the Enter-PSSession or Invoke-Command cmdlets with the -VMName, -VMId or VM parameter.

Enter-PSSession -VMName "VM01" -Credential (Get-Credential)

Hyper-V Virtual Switch using NAT

Hyper-V Virtual Switch NAT Configuration

If you are running Hyper-V on your workstation or laptop, you know that networking could have been a problem. With the Hyper-V Virtual Switch using NAT, you can now create an internal network for your virtual machines and still allow them to for example have internet access, like you would run your virtual machines behind a router. To use this feature, you have the following requirements:

  • Windows 10 and Windows Server 2016 build 14295 or later
  • Enabled Hyper-V role

To enable the NAT Switch, you can first create an internal switch using PowerShell, then the IP Address on the Virtual NIC on the Management OS and then set the NAT configuration:

New-VMSwitch –SwitchName “NATSwitch” –SwitchType Internal
 
New-NetIPAddress –IPAddress 172.21.21.1 -PrefixLength 24 -InterfaceAlias "vEthernet (NATSwitch)"
 
New-NetIPAddress –IPAddress 172.21.21.1 -PrefixLength 24 -InterfaceAlias "vEthernet (NATSwitch)"

To create NAT forwarding rules you can, for example, use the following command:

Add-NetNatStaticMapping -NatName “VMSwitchNat” -Protocol TCP -ExternalIPAddress 0.0.0.0 -InternalIPAddress 172.21.21.2 -InternalPort 80 -ExternalPort 80

Virtual Battery for Virtual Machines

Hyper-V VM battery

With the Windows 10 Insider Build XXXX and later with the release of the Windows 10 Fall Creators Update, Microsoft enabled a Virtual Battery feature for Hyper-V Virtual Machines. This will allow Hyper-V VMs to see the battery status of the host. This is great when you are running Hyper-V on a notebook or if you have a battery on your server

Hyper-V VMConnect – Enhanced Session Mode

Hyper-V Enhanced Session Mode

Interacting with Virtual Machines can be difficult and time consuming using the default VM console since you can not copy paste or connect devices. VMConnect lets you use a computer’s local resources in a virtual machine, like a removable USB flash drive or a printer and in addition to this, Enhanced session mode also lets you resize the VMConnect window and use copy paste. This makes it almost as if you would use the Remote Desktop Client to connect to the Virtual Machine, without a network connection, instead you will make use of the VMBus.

The Enhanced Session Mode feature was introduced with Windows Server 2012 R2 and Windows 8.1. Enhanced session mode provides your Virtual Machine Connection with RDP (Remote Desktop Protocol) capabilities over the Hyper-V VMBus, including the following:

  • Display Configuration
  • Audio redirection
  • Printer redirection
  • Full clipboard support (improved over limited prior-generation clipboard support)
  • Smart Card support
  • USB Device redirection
  • Drive redirection
  • Redirection for supported Plug and Play devices

Requirements for the Enhanced Session Mode are:

  • The Hyper-V host must have Enhanced session mode policy, and Enhanced session mode settings turned on
  • The computer on which you use VMConnect must run Windows 10, Windows 8.1, Windows Server 2016, or Windows Server 2012 R2 or higher
  • The virtual machine must have Remote Desktop Services enabled, and run Windows 8.1 (or higher) and Windows Server 2012 R2 (or higher) as the guest operating system.

You can use it, by pressing the enhanced session button (if you have all the requirements) on the Windows 10 Client this is enabled by default on the “host”. On Windows Server, you have to enable it first in the Hyper-V Manager under Hyper-V Settings

Hyper-V Manager Zoom Level

Hyper-V VMConnect Zoom Level

In the Windows 10 Creators Update, Microsoft introduced a new feature to the VMConnect Console. This feature allows you to control the zoom level of the Virtual Machine console, and this is especially handy if you have a high DPI screen.

Virtual TPM Chip

Hyper-V Virtual TPM

If you are running Windows 10 or Windows Server 2016 or higher, you can make use of a feature called Shielded Virtual Machines. This allows you to protect your virtual machines from being accessed from the outside. With this feature, Microsoft added different levels of security enhancements. One of them is the possibility to add a Virtual TPM chip to the virtual machine. With that enabled, you can use BitLocker or another encryption technology to encrypt your virtual machine disks from inside the VM.

Enable Hyper-V vTPM PowerShell

You can enable the Virtual TPM chip using the Hyper-V Manager or PowerShell. The virtual machine needs to be shut down.

Enable-VMTPM -VMName W10-01

If you need full protection, have a look at Shielded Virtual Machines with the Host Guardian Service (HGS).

VM Resource Metering

Hyper-V VM Resource Metering

With Windows Server 2012 Hyper-V Microsoft introduced a new feature in Hyper-V called VM Resource Metering which allows you to measure the usage of a virtual machine. This will enable you to track CPU, Memory, Disk, and network usage. This is a great feature, especially if you need to do chargeback or maybe even for troubleshooting.

You can enable VM Resource Metering using PowerShell

Enable-VMResourceMetering -VMName WS2016DX

To measure the virtual machine, you can use the following command

Measure-VM -VMName WS2016DX

Export and Share Hyper-V Virtual Machines

Export and Share Hyper-V Virtual Machine

Another feature a lot of people do not know about is that you can export Hyper-V Virtual Machines to copy them to another computer or server. The great thing about this, this can even be done while the virtual machine is running and you can also export the state of the virtual machine with it. You can use the UI to do this, or you just run PowerShell using the Export-VM cmdlet.

Export-VM -Name TomsVM -Path D:\

In the Windows 10 Fall Creators Update, Microsoft also added a button to share the Virtual Machine. This does not only export the virtual machine, but it also creates a compressed VM Export File (.vmcz).

Hyper-V Containers

Hyper-V Windows Containers

In Windows 10 and Windows Server 2016 you can run Windows Containers using Docker. While on Windows Server you can choose between running a Windows Container or a Hyper-V Container, you will always run a Hyper-V Container on Windows 10. While Hyper-V Containers and Windows Containers are fully compatible with each other, that means you can start a Windows Container in a Hyper-V Container runtime and the other way around; the Hyper-V Container gives you an extra layer of isolation between your containers and your operating system. This makes running containers not just much more secure but since the Windows 10 Fall Creators Update and Windows Server RS3 (Redstone 3), it will also allow you to run Linux Containers on a Windows Container Host, which will make Windows the best platform to run Windows Containers and Linux Containers side by side.

I hope this short list was helpful and showed you some features you didn’t know were there in Hyper-V. Some of these features are still in preview and are might not available in production versions of Hyper-V. Leave your favorite secret Hyper-V features in the comments!



Hyper-V Manager ins Azure Server Management Tools SMT

Manage Hyper-V from Azure Server Management Tools

Microsoft released an updated to the Azure Server Management Tools (SMT) and this improves some of the existing tools such as File Explorer and Device Manager. But the big announcement here is, that you now can manage your Hyper-V Server and Virtual Machines directly from Microsoft Azure from where ever you are. This is one of the great examples of using cloud solutions to extend your on premise environment, By using Management as a Service you basically don’t need to updated anything, you just got this new feature available in the Azure portal and you can start using it.

In this update to the Server Management Tools, Microsoft supports the following VM management functionality:

  • Start/Shutdown/Turn off/Pause/Resume
  • Save State/Delete Saved State
  • Take/Apply & rename checkpoints

You can see the Virtual Machines on which are running on the Hyper-V server

Hyper-V Manager in Azure SMT

You can also do basic management of checkpoints

Hyper-V VM in Azure SMT

If you want to know more about the Server Management Tools (SMT) check out my blog post: Manage Nano Server and Windows Server from Azure using Remote Server Management Tools

 



Hyper-V Manager Windows 10 Build 14361

Hyper-V Manager just got some new Icons in Windows 10 Build 14361

Microsoft just released a new Windows 10 Insider Preview Build (14361) with a lot of different improvements. They also worked on some changes to the Hyper-V Manager. The Hyper-V Manager finally got some updated Icons. Hyper-V also introduced a new VM Configuration version 8.0 (from 7.1 in the latest Windows 10 and Windows Server 2016 Technical Preview 5 build)

Hyper-V Manager Icon:

Hyper-V Manager Icon Windows 10 Build 14361

Hyper-V Manager:

Hyper-V Manager Windows 10 Build 14361

Hyper-V Settings:

Hyper-V Settings Windows 10 Build 14361

Hyper-V VM Settings:

Hyper-V VM Settings Windows 10 Build 14361

There are also a lot of other improvements especially to the UI, Windows Ink and they officially introduced Hyper-V Containers on Windows 10.

Introducing Hyper-V Container: You can now use Docker natively on Windows 10 with Hyper-V Containers, to build, ship and run containers utilizing the Windows Server 2016 Technical Preview 5  Nano Server container OS image. A new version of the Docker engine for Windows has also been made available that extends the support of containers while also improving the DockerFile syntax and getting started experience for users. For more details on how to get started with this check out the Windows container documentation or the Windows 10 Getting Started Guide.

 



Hyper-V Gernal Access dinied error

Hyper-V over SMB: Set SMB Constrained Delegation via PowerShell

When you are having configured a Hyper-V over SMB configuration, which means the virtual machines are running on Hyper-V host and are stored on a SMB file share, and you try to manage the virtual machine remotely from Hyper-V Manager or Failover Cluster Manager, you will run into access denied errors. The same error can also happen if you try live migrate the virtual machine. This error is caused because you are using the credentials from the machine which Hyper-V or Failover Cluster Manager is running on to access the file share via the Hyper-V host. This “double-hop” scenario is not by default not allowed because of security reasons. You can find more about Kerberos Authentication on TechNet.

To avoid this error you have to configure the SMB Constrained Delegation in Active Directory to allow this scenario for specific “double-hops”. In Windows Server 2012 Microsoft made setting up Kerberos constrained delegation much easier by introducing resource-based Kerberos Constrained Delegation. This it wasn’t that easy to deploy and required some step. In Windows Server 2012 R2 Microsoft introduced new Windows PowerShell cmdlets to configure SMB Constrained Delegation directly from PowerShell. These cmdlets are offered by the Active Directory PowerShell module.

On your management box or where ever you want to configure SMB Constrained Delegation you have to install the Active Directory PowerShell module. (You don’t need the module on the Hyper-V host or SMB file servers)

 
Install-WindowsFeature RSAT-AD-PowerShell

Now you can use the following cmdlets.

  • Get-SmbDelegation –SmbServer FileServer
  • Enable-SmbDelegation –SmbServer FileServer –SmbClient HyperVHost
  • Disable-SmbDelegation –SmbServer FileServer [–SmbClient HyperVHost] [-Force]

For example if you are running a two node Hyper-V cluster and you use a Scale-Out File Server cluster (SOFS01) as virtual machine storage, the configuration could look like this.

 
Enable-SmbDelegation –SmbServer SOFS01 –SmbClient HyperV01
 
Enable-SmbDelegation –SmbServer SOFS01 –SmbClient HyperV02

Because these cmdlets only work with the new resource-based delegation, the Active Directory forest must be in “Windows Server 2012” functional level. A functional level of Windows Server 2012 R2 is not required.

And as I mentioned before you can also use System Center Virtual Machine Manager (VMM) to manage your storage, which uses a different approach and does not need the configuration of Kerberos Constrained Delegation.

 



Remote Server Administration Tools for Windows 7 with Service Pack 1 (SP1) now available

Windows 7 Logo

Microsoft released the new Remote Server Administration Tools (RSAT) for Windows 7 with Service Pack 1 (SP1). With this update you also have the new Hyper-V Manager Console for Hyper-V with SP1 and features like Dynamic Memory and RemoteFX.

You can Download the Remote Server Administration Tools for Windows 7 with Service Pack 1 (SP1) here.