Windows 2008 HyperV Installation Part I
In my previous article “Virtualisation – What is it and do I need it?”, I discussed some of the background to virtualisation. If you’re reading this I guess you decided you do need it, so I’m going to take you through a simple setup procedure. I spent ages going through the documentation and tripped over a few things so hopefully this will save you a bit of time. The Windows 2008 server core installation is a basic Windows setup with hardly any features – including the lack of the Windows GUI, you just get a command line. This helps to keep it light and fast as well as having a smaller attack surface for hackers. You can use the server core for a number of different functions but here we will concentrate on configuring your server to provide support for virtualisation.
Preparation
First off you’ll need your Windows disk and your license key. This might sound obvious, but this isn’t a normal Windows install and you’ll get stuck during the setup unless you have the key to hand. If you’re installing on a Dell server like me, you’ll also need the server setup disk. We had to contact support to get the latest one that included support for Windows 2008. Don’t even try to install it straight from the Windows CD, you won’t get very far...
Finally make sure your hardware is up to the job, in basic terms you should have at least a multicore 64bit CPU, hardware & BIOS that support virtualisation, a fast Gigabit network card and switch and 4Gb RAM minimum. You might get away with less but this is a minimum production environment. To support virtualisation you will need to have either an Intel CPU with Intel VT (Virtualisation technology) or AMD CPU with AMD-V, and DEP (Data Execution Prevention) enabled (Intel XD bit or AMD NX bit).
On some machines even if the hardware can support virtualisation, it is disabled in the BIOS. You may have to re-flash the BIOS to the latest version to enable these features AND switch the machine off and back on – not a warm boot or it might not take effect. Don’t attempt to install Windows until you’ve done this or you’ll end up having to stop and start again.
Procedure
If you’re like me, RTFM is the last thing I do. It does have some interesting background in this case but I did notice that some of the articles on the Microsoft website were slightly out of date, and referred to features in pre-release versions. One important thing I did find out the hard way, is that the order you do things has an effect on what works and what doesn’t so take note...
Depending on your hardware, boot from your Windows disk or run your server setup disk and choose the Windows 2008 option. Once the server has booted from the install you should see the following screen:
Click the Install Now to move on to the activation screen:
Now is a good time to enter the key, as there’s no nice GUI later on where you can do this.
Click the Next button to get to the Operating System selection. Depending on whether you have a Standard or Enterprise disk you may get a longer list of options than the following:
Select the Server Core Installation that suits your hardware, ideally x64.
Click Next and Custom Advanced to get to the disk configuration screen. If you can’t see any disks listed at this point, you will need to load a driver for your disk controller – click the Load Driver option and insert your driver disk to choose a driver.
Adjust your disk configuration so you have a suitable space to install Window, then click Next.
Windows will now install, time to put the kettle on.
Once the installation is complete, the server will reboot and you can move on to the configuration stage.
Configuring the Host Machine
Once the server has rebooted you should see a login screen. The default username is Administrator and the password is blank. You will be forced to set a new password immediately.
Once through this part you arrive at a command prompt.
Yes all the DOS aficionados will be jumping around at this stage, there is no GUI. Finally you actually have to have a clue what you’re doing before you can be let loose on this (no pantomime remarks please!).
Activation
Activate your copy of Windows. Sounds easy enough? Well there’s some restrictions, you can’t activate if you access the internet via a proxy that forces you to login. In that case you’ll have to activate either by phone or using a KMS (Key Management Server). Also, if you didn’t enter your key during the original install, you won’t be able to activate Windows. Go and
stand in the corner, I told you so. Actually, all is not lost. You just need to install a valid key first, type:
Slmgr.vbs –ipk [product key].
If you don’t want to use KMS and you’ve not got a proxy to bypass, you can just type the following:
cscript windows\system32\slmgr.vbs <ServerName> <UserName> <password>:-ato
Obviously replace the items in chevrons with your own values.
Install Virtualization Support
Now you’re ready to install the virtualisation support. This is part of the update package KB950050. To check if the package is already there type:
wmic qfe list
In this case it won’t be. Download the package from the Microsoft Download site
http://download.microsoft.com/. You can insert a memory stick or a CD with the file on it, change to that drive then type:
wusa.exe Windows6.0-KB950050-x64.msu /quiet
So nothing happened right? Well it did, you just didn’t get to know about it. If you’re not sure you could omit the /quiet option from the above command.
It’s also worth downloading and installing the following update in the same manner: KB951636
Once this is complete you can install the Hyper-V role onto the server. Be careful this part is CASE SENSITIVE. Type:
start /w ocsetup Microsoft-Hyper-V
Rename The Computer & Join A Domain
Now you can rename your computer if you wish. Type:
netdom renamecomputer %computername% /NewName:<newname>
/UserD:<domainusername> /PasswordD
Or, if your computer is not joined to a domain, at a command prompt, type:
netdom renamecomputer %computername% /NewName:<newname>
Replace the items between chevrons and percentage signs with your own values.
Remote Management
Enable Remote Desktop for Administration if you want to manage the server remotely. Type:
cscript c:\windows\system32\scregedit.wsf /ar 0
Note that even on a remote desktop session, you will still only see a command prompt once you login.
If you don’t run Vista or Windows 2008 for Remote Desktop, you may need to turn off the higher security level that is set by default in Windows Server 2008. To do this, type:
cscript C:\Windows\System32\Scregedit.wsf /cs
Now add a user or group to the local Administrators group so that you can manage the Server remotely. To do this first add the user. Type: net user <username> * /add
Then, add the user to the local Administrators group, type: net localgroup administrators /add <user>
The next bit allows you to perform some of the management and configuration tasks remotely through an MMC snap-in. The Server Core installation does not generate any notifications for activation, new updates, or password expiration because these notifications require the Windows Explorer shell, which is not part of the Server Core installation. You can use the Scregedit.wsf script included with the Server Core installation to configure settings to do the following:
+ Enable automatic updates
+ Enable Remote Desktop for Administration
+ Enable Terminal Server clients on previous versions of Windows to connect to a server running a Server Core installation
+ Configure DNS SRV record weight and priority
+ Manage IPsec Monitor remotely
The script is located in the \Windows\System32 folder of a server running a Server Core installation. At a command prompt, open the folder, and then use the following command to display the usage instructions for these options: cscript scregedit.wsf /? or add the /cli option to display a list of common command-line tools and their usage. To view your current Remote Desktop for Administration Settings, use the /v option. A "1" in the script output (without the quotes) means that remote connections are denied. A "0" means that remote connections are allowed.
Now configure the firewall to let the admin connections through:
netsh advfirewall firewall set rule group=“Windows Management Instrumentation (WMI)” new enable=yes
netsh advfirewall firewall set rule group=”Remote Administration” new enable=yes
Netsh advfirewall set currentprofile settings remotemanagement enable
Configure Network Interfaces
If you want to change your network settings, you can use the NETSH command. First you’ll need to see what adapters are available by typing: netsh interface ipv4 show interfaces . You’ll need to remember the number in the Idx column of the adapter you want to configure.
Now, to configure a static IP address type:
netsh interface ipv4 set address name="<ID>" source=static address=<StaticIP> mask=<SubnetMask> gateway=<DefaultGateway>
And to set your DNS values type:
netsh interface ipv4 add dnsserver name="<ID>" address=<DNSIP>index=1
Again replace the items inside chevrons with your own values.
General Settings
You might want to be able to ping the server for troubleshooting purposes, in which case you’ll need to add the following firewall rule, type:
netsh firewall set icmpsetting 8
Set the keyboard and international settings, type:
control intl.cpl
Set the date and time, type:
control timedate.cpl
Finish Up
There’s a few other things you could do now like enable bitlocker encryption or add support for the Windows Backup service but basically the server is now ready to take guest virtual machines.
To reboot the server type: shutdown /r /t 0 or if you just want to shut it down type shutdown /s
That's it. Your server is now ready to accept guest virtual machines. Read how in Part II