An ordinary guy trying to make a difference
So I thought I’d give downloading the ISO from Connect another try and I’m pleased to say that this time Hyper-V likes it and the install has got a LOT further (although not finished as I type this)
Feed: Virtual PC Guy's WebLog
There is a new whitepaper that details how live migration in Windows Server 2008 R2 and Microsoft Hyper-V Server R2 works:
http://www.microsoft.com/downloads/details.aspx?FamilyID=fdd083c6-3fc7-470b-8569-7e6a19fb0fdf&DisplayLang=en
Cheers, Ben
View article...
In case you missed them, the following posts were published on the System Center Configuration Manager Team Blog for the time period January 21st – January 29th, 2009:
TechEd 2009: Configuration Manager 2007 Pre-Conference Seminar
MMS 2009 - Session list now available
Can I Use a Public CA for Configuration Manager Native Mode?
Does Configuration Manager Native Mode Have to Use a Single CA Hierarchy?
http://blogs.technet.com/wemd_ua_-_sms_writing_team/archive/2009/01/30/round-up-of-new-posts-on-the-configuration-manager-team-blog-jan-21-jan-29-2009.aspx
Well I’ve been posting the info from the but in case you missed it here’s a timely reminder from J.C. not only about this but also to update your Feed Readers for the ConfigMgr and OpsMgr blogs:
If you've been following the SMSandMOM blog for a while then you've probably noticed how we've slowly been expanding and specializing by launching the Configuration Manager blog, the Operations Manager blog, the Mobile Device Manager blog and the WSUS blog, and today I'd like to announce our newest, the SCVMM blog.
OK, so it didn't actually launch today as we published our first post back on January 3rd, but it never really got a proper introduction so I thought I would do that today. So far we've posted on topics such as:
Enabling full management of VMware with SCVMM
SCVMM 2008 Installation. Step-by-Step
Migrating from VMM 2008 Beta to VMM 2008
P2V Conversion and the Source Computer
SCVMM 2008 Releases Management Pack Update
and much much more.
Since SCVMM and Hyper-V go hand in hand you may find info on that product over there too, so if you work with either of these and want to keep up with the latest support issues, tips and releases then you'll want to be sure to subscribe.
And don't forget, the SMSandMOM blog will soon be going away as we move from one blog that covers a wide variety of products and instead focus on product specific blogs like Configuration Manager and Operations Manager so be sure and update your shortcuts and subscriptions today.
Enjoy!
J.C. Hornbeck | Manageability Knowledge Engineer
Watching the News last night it was sad to see the scenes of the riots in the streets of Paris and hearing about the Greek farmers blockading the principle motorway for a week but I understand these people’s frustrations and I can sympathise with them (personally I’m worried as well).
Let’s face it the majority of the global economy is up the brown creek without a paddle. What is upsetting a LOT of folks (me included), is that the banks got us into this mess by just being too damn greedy and trying to make obscene profits. So what do our Governments do to try and fix it? Give them OUR money to bail them out to try and get them lending again as they’ve all brought the shutters down and have adopted a completely opposite approach of NOT lending money compared to last year when they were literally throwing money at people and basically getting them into debt.
Now not all of the banks are to blame and not all of them have taken the Government’s bail out to let’s be clear on this one. But has the bail out worked? No. All it’s done is keep the banks ticking over, paying bonuses to some of their already overpaid staff without getting the wheels of the economy turning again.
In the mean time industries are failing all over place, people are losing the jobs and even more in some cases so this approach hasn’t really worked now has it?
Why the Government didn’t think to give every tax payer a tax free lump sum I’ll never know. Had they done it would have been far more effective in my opinion as some people:
Instead we have this mess of people not being able to get mortgages, pensioners who depend on their savings to survive having to struggle even more, millions out of a job, a bleak outlook for pension funds and the Government now having a HUGE deficit which WE the tax payer are going to have to pick up whilst our banking “friends” are off counting their bonuses on some sunny island somewhere.
Oh to be a banker.
So as I’m in the process of building my lab server I thought I’d build a Windows 7 machine to have a “play with”. So I downloaded the ISO and tried to create a new VM in Hyper-V. VM starts and I click “Install Now”.
Then I get the following message back:
“Windows could not collect information for [OSImage] since the specified image file [install.wim] does not exist”
Googling this seems to suggest that I need to burn the ISO to a CD and that MAY fix it. Hang on a minute what’s the point of having the ability to build a VM from an ISO image if you have to burn that ISO to a DVD/ CD, kind of defeats the object doesn’t it? I could understand it if this was an old OS but this is Microsoft’s latest and supposedly greatest (not in my opinion so far based on my experience).
So for now I’ll hold fire and wait until the next Beta comes out when HOPEFULLY they’ve fixed this.
In true Bob the Builder fashion from Carlos’ blog:
“One of my customers is in the TAP program for Windows Vista Service Service Pack 2. They wanted to use SCCM/WSUS to deploy updates to the Vista SP2 Beta clients that they have in production. This is how we got the Vista SP2 updates in WSUS and SCCM:..”
http://blogs.technet.com/carlossantiago/archive/2009/01/29/can-i-use-sccm-to-deploy-updates-to-windows-vista-sp2-beta-clients-yes-you-can.aspx
I recently was setting up a Home Server on top of Hyper-V (Note: this is not a supported configuration, so if you wish to do the same - be it on your head) and had to decide between using physical disks directly attached to the virtual machine, or using fixed size virtual hard disks. I had 5 SATA disks that I wanted to connect to the Home Server - and in the end I decided to use fixed size virtual hard disks where each physical disk had a single fixed size virtual hard disk that took up all the space available.
There were a number of things that I considered before coming to this decision:
Hope this helps you when you are faced with similar decisions.
Just a quick heads up that the Session catalogue (including breakouts), for this year’s MMS is now available at:
http://www.mms-2009.com/public/sessions.aspx
NOTE: Of course this is subject to change but should give you a good starting point to start making plans. The hands-on-labs should be added next week.
For general MMS 2009 goto:
http://www.mms-2009.com/
Summary
The following bulletins have undergone a major revision increment. Please see the appropriate bulletin for more details.
* MS08-074 - Critical
Bulletin Information:
- http://www.microsoft.com/technet/security/bulletin/ms08-074.mspx
- Reason for Revision: V2.0 (January 28, 2009): Added a footnote to the Affected Software table and two entries to the section, Frequently Asked Questions (FAQ) Related to this Security Update, pertaining to security updates KB958437 and KB958439 for supported versions of Microsoft Office Excel 2007. There were no changes to the security update binaries or detection. Customers with Microsoft Office Excel 2007 or Microsoft Office Excel 2007 Service Pack 1 who have already successfully installed KB958437 and KB958439 do not need to reinstall.
- Originally posted: December 9, 2008 - Updated: January 28, 2009 - Bulletin Severity Rating: Critical - Version: 2.0
[Today's post comes from Carol Bailey]
Many companies do not currently have their own public key infrastructure (PKI) with an issuing Certification Authority (CA) but still want to benefit from native mode and Internet-based client management - which has a dependency on PKI certificates. So a natural follow-on question is whether native mode can use certificates from a public CA rather than using an internal CA.
The technical answer is yes. Native mode is PKI-agnostic, supporting industry standard certificates (version 3 of the x.509 certificate format) and has no dependencies on the issuing CAs. This is in contrast to the out of band management feature, introduced in Configuration Manager SP1, which has a dependency on a Microsoft enterprise CA and certificate templates for the certificates issued to the AMT-based computers.
If you decide to use a public CA for your native mode certificates, identify the certificates that you need by using the Certificate Requirements topic (http://technet.microsoft.com/en-us/library/bb680733.aspx) and gather the related certificate information - using the columns Certificate Use and Specific Information in the Certificate. This is where the OID numbers come in use, because these uniquely identify the certificate capability in a format that will be understood by all PKI vendors.
The CA hosting company will provide their own instructions for requesting and installing the certificates that you need, and usually this involves connecting to their own Web site and filling out their own forms - so exact instructions will differ between companies. They might also support a standard certificate request file that you can create using Windows certificate tools.
Microsoft Windows computers and some devices are automatically configured with some well-known public root certificates and their intermediate CAs. If you use certificates that chain to one of these CAs, the benefit is that the certificate will be automatically trusted by default and no additional configuration is required. However, if you use certificates that do not chain to one of these CAs, you must install the root CA (and possibly any intermediate CAs) on the computer on which you are installing the certificate and any communicating computer. For example, if you purchase a client computer certificate that chains to the root CA called "ComputerCerts Root CA", you would need to install not just the client certificate, but the chain on the client computer and any native mode servers that the client communicates with - for example, its management point, distribution points, software update point, and state migration point.
Having to install certificate chains on multiple computers is just one reason why using a public CA might prove impractical, even if it's technically possible. The flip side is that using a well-known public CA that is automatically trusted by all the computers decreases the security of your site. That's because the client certificate is used to authenticate the client during registration - you're saying "I trust you to upload data into my Configuration Manager hierarchy". Anybody can buy a certificate with client authentication from a public CA but you probably wouldn't want anybody to have the ability to join their computer to your site. If your Configuration Manager servers automatically trust the public CA, they will trust this computer and site assignment will succeed. If you use a public CA for your client certificates, Configuration Manager has no way of distinguishing between the computers you really want to join the site, and computers that you might not.
(This possibility also exists when you're using native mode certificates with your own CA, because by default, all computers trust certain public CAs. This is why you should configure an IIS CTL that identifies which root CAs should be trusted for native mode communication. For more information about this, see Determine If You Need to Configure a Certificate Trust List (CTL) with IIS (Native Mode).)
The main reason why it might be impractical to use a public CA for native mode, is cost and manageability. Many PKI-dependent solutions use just one or two server certificates, but native mode requires server certificates on a number of site systems and a unique certificate on each client computer. For the majority of our customers who have a high number of servers and hundreds (if not thousands) of client computers, a Microsoft enterprise CA is ideally suited to this requirement. It can automatically deploy and maintain client certificates with group policy, and after the certificate templates are configured for the servers, the overheads of deploying these in-house are also very minimal.
Having said that, I do know of customers who have used a public CA for a handful of computers that never connect directly to the intranet, and then use their internal CA for the remaining certificates. They decided that the administrative costs of deploying and maintaining certificates outside their own network was higher than the costs of buying individual client certificates from a public CA, and they used additional external security controls to protect the site from unauthorized computers that might have a client certificate from the same CA.
Using more than one CA hierarchy to support native mode is the subject of my next blog posting.
- Carol Bailey
This posting is provided "AS IS" with no warranties, and confers no rights.
It is possible under Hyper-V to get into a state where you have a virtual machine that is still running correctly - but does not show up in the virtual machine list under the Hyper-V management console. The two most likely causes for this are:
Consider the following scenario:
In this scenario, you notice that only two expired user-state stores are deleted. Additionally, the Smpmgr.log file indicates that the first user-state store deletion was successful but that the second deletion failed, and you receive the following error message:
CheckAndDeleteSMPStores failed with error code (80004005)
http://support.microsoft.com/default.aspx?scid=kb;en-us;961269&sd=rss&spid=12769
I’ve added this to the List of ConfigMgr KB Articles on FAQShop.
In this scenario, the Asset Intelligence Catalog Sync Service cannot connect to the System Center Configuration Manager database. In addition, some logging is added to the AIUpdateSvc.log file. Note This issue does not occur if the System Center Configuration Manager database is installed on a SQL server 2005 default instance.
http://support.microsoft.com/default.aspx?scid=kb;en-us;960448&sd=rss&spid=12769
We have been getting a lot of excitement and questions about the reports for the VMM 2008 MP. With this blog post we can announce that this update is ready and available for download today.
This update to the MP includes updated reports for all platforms that we manage (VS, Hyper-V, and VMware) :
· Virtualization Candidates - Helps identify physical computers that are good candidates for conversion to virtual machines. The Virtualization Candidates report displays average values for a set of commonly requested performance counters for CPU, memory, and disk usage, along with hardware configuration, including processor speed, number of processors, and total RAM.
· VM utilization - Provides information about your virtual machines. For the identified time, this report shows average usage and total or maximums for virtual machine processors, memory, and disk space.
· Host Utilization - Shows the number of virtual machines running per host. For the identified time and host group, this report shows average usage and total or maximums for host processors, memory, and disk space.
· Host Utilization Growth - Shows the percentage growth of host resources and number of virtual machines running for the identified time period.
· VM Allocation - Provides information you can use to calculate chargeback to cost centers for virtual machines.
This release also includes a key change to the PRO class model which enables some additional partner integration. Keep an eye on the VMM PRO partner page here, for updates and access to partner PRO enabled management packs.
You can find the MP here on the Microsoft download site:
http://www.microsoft.com/downloads/details.aspx?FamilyID=d6d5cddd-4ec8-4e3c-8ab1-102ec99c257f&displaylang=en
Thanks to everyone who has been involved in this release.
Alan Goodman
Senior Program Manager
System Center Virtual Machine Manager