Windows Server (2008 R2) blog by Kurt Roggen [BE]

I came across a WDS problem which seemed familiar at first, but in the end turned out to be something “unexpected”:
“ProxyDHCP: No reply to request on port 4011”

Typically, you would end up looking at articles like KB259670 (PXE clients computers do not start when you configure the Dynamic Host Configuration Protocol server to use options 60, 66, 67)… but this was different some clients/servers worked and some didn’t…

Symptom

When initiating a PXE Boot to the WDS server, the client receives a IP address from the DHCP server, but eventually times out with error “ProxyDHCP: No reply to request on port 4011”
However, other clients/servers have no problem PXE booting to the WDS server and getting boot/installation images.

Cause

There is a database named “Auto-Add Devices database”, used when you are performing the “Pending Devices” actions.  It stores the records for machines with a “pending devices” status and/or devices with an “approved” status.

Solution

The computer GUID is marked as rejected in the Auto-Add database. After a computer has been marked as rejected, the computer will not be able to PXE boot.
You can clear the entry in the Auto-Add database by deleting all pending computer records (by running wdsutil /Delete-AutoAddDevices /DeviceType:RejectedDevices) or enabling the record to be purged automatically (as mentioned above).

To delete computers that are pending, rejected or approved from the Auto-Add database, use wdsutil /Delete-AutoAddDevices using the syntex below:

WDSUTIL /Delete-AutoAddDevices [/Server:<Server name>] /DeviceType:{PendingDevices | RejectedDevices |ApprovedDevices} 

More Information

The records in the Auto-Add Devices database are purged every 24 hours and the cleanup of any devices with an approved status occurs every 30 days.
You can look at these intervals using the WDS CLI under “Configuration Information - Auto-Add Policy”

C:\> wdsutil /get-server /show:config [/server:yourRemoteServer]

These values can be changed using the WDS CLI

C:\> wdsutil /set-server /AutoAddPolicy /RetentionPeriod /Approved:<Time in days> /Others:<Time in days>

The Auto-Add Devices database (named Binlsvcdb.mdb) can be found in the RemoteInstall\MGMT folder. The database is created by BINLSVC the first time the pending devices policy is enabled. 

Related reading:

• KB259670 - PXE clients computers do not start when you configure the Dynamic Host Configuration Protocol server to use options 60, 66, 67
• KB244036 - Description of PXE Interaction Among PXE Client, DHCP, and RIS Server
• How to Manage Client Computers - Auto-Add Database section

Using Windows Deployment Services, we talked about approving pending computers.  You might also have noticed on the “pending” screen an empty message from the administrator.

How can you set a message from the administrator?

On the WDS server from a command prompt type:

WDSUtil /set-server /AutoAddPolicy /Message:"To contact your network administrator, please dial 123-4567“

Not so long ago, I wrote about the new Best Practice Analyzer for Hyper-V being available.  But what does it check?

It checks 3 areas:

• Prerequisites: identify gaps in Hyper-V configuration that should be addressed before administrators run a Best Practices Analyzer scan on Hyper-V for the first time.
• Configuration: identify settings that might require modification for Hyper-V to perform optimally. Configuration rules can help prevent setting conflicts that can result in error messages or prevent Hyper-V from carrying out its prescribed duties in an enterprise.
• Operations : identify best-practice–related, possible causes of a server role’s failure to carry out its prescribed tasks in an enterprise. An example of a violation of operation rules is the use of snapshots on a virtual machine that runs a server workload in a production environment.

For more information: Microsoft TechNet: Best Practices Analyzer for Hyper-V

Related reading:

• Ben Pearce’s Blog - Hyper-V Best Practice Analyzer - What does it check?

• Hyper-V Best Practices Analyzer is now available for Windows Server 2008 R2

• New Best Practice Analyzers (7) are available for Windows Server 2008 R2

Using Windows Deployment Services, you can boot a new (read: unknown) client and "name and approve" it from the WDS console.  A (named) computer object with the right GUID gets created in Active Directory and the machine starts building.

Symptom

When you select “Name and Approve” on a pending device, you might get an “Access Denied”.

Cause

The actual account of an approved pending computer is created by using the server’s authentication token, not using the token of the administrator who is performing the approval.

Solution

Therefore, in ADDS, you must grant rights to the Windows Deployment Services server’s account (WDSSERVER$) to create computer account objects for the containers and OUs where the approved pending computers will be created.

To grant permissions to approve a pending computer

1. Open Active Directory Users and Computers.
2. Right-click the OU where you are creating prestaged computer accounts, and then select Delegate Control.
3. On the first screen of the wizard, click Next.
4. Change the object type to include computers.
5. Add the computer object of the Windows Deployment Services server, and then click Next.
6. Select Create a Custom task to delegate.
7. Select Only the following objects in the folder. Then select the Computer Objects check box, select Create selected objects in this folder, and click Next.
8. In the Permissions box, select the Write all Properties check box, and click Finish.

More information

There is also another database named “Auto-Add Devices database”, used when you are performing the “Pending Devices” actions.  It stores the records for machines with a “pending devices” status and/or devices with an “approved” status.  The records in the Auto-Add Devices database are purged every 24 hours and the cleanup of any devices with an approved status occurs every 30 days.

The Auto-Add Devices database (named Binlsvcdb.mdb) can be found in the RemoteInstall\MGMT folder. The database is created by BINLSVC the first time the pending devices policy is enabled. 
Read and write permissions to the C:\RemoteInstall\MGMT folder (containing the Binlsvcdb.mdb) are also required.

Related reading:

• Technet: WDS – Required permissions

Q: What is the option “Enable spoofing of MAC addresses” on a virtual network adapter?
A: A virtual network adapter can send/receive packets containing any MAC address.  Equivalent of putting adapter in promiscuous mode.
More information: http://blogs.technet.com/jhoward/archive/2009/05/21/new-in-hyper-v-windows-server-2008-r2-part-2-mac-spoofing.aspx

Q: What is the “Processor Compatibility” feature?
A: Allows more hardware flexibility/mobility between Hyper-V hosts when moving VMs by reducing the CPU instruction set to a common level set. Works only within same CPU family (Intel-to-Intel, AMD-to-AMD). Is a key feature for flexible Live Migration.
More information: http://blogs.msdn.com/b/virtual_pc_guy/archive/2009/06/09/processor-compatibility-in-hyper-v-r2.aspx

Q: What is the “Network Optimizations” feature?
A: With VMM 2008 R2, you can take advantage of network optimization capabilities that are available on hosts that are running Windows Server 2008 R2 Hyper-V. VMM 2008 R2 supports both the Virtual Machine Queue (VMQ) and TCP Chimney features, which improve network performance for virtual machines. Network Optimizations is configurable at the VM level and is visible for capable virtualisation hosts during the virtual machine Intelligent Placement wizard.
More information: http://technet.microsoft.com/en-us/library/ee236499.aspx

Q: What is VMQ (Virtual Machine Queue)?
A: Network adapters that support the VMQ (Virtual Machine Queue) feature can create a unique network queue for each virtual network adapter and then connect that queue directly to the virtual machine’s memory. This connection routes packets directly from the hypervisor to the virtual machine, bypassing much of the processing in the virtualization stack.

Q: Can I use SCVMM to insert my Hyper-V host into a the Hyper-V cluster?
A: No, you still need to complete most cluster related tasks using the Failover Cluster Manager console.

Q: What is Storage Quick Migration (SQM)?
A: Allows the migration of the storage of VM from one location to another with under 1 minute downtime in most cases. The virtual machine can remain running for the almost the entire duration of the transfer of its (read-only) virtual disks from once storage location to another.  The virtual machine is put into saved-state for a short period to migrate its memory state and associated differencing disks.
More information: http://blogs.technet.com/b/virtualization/archive/2009/06/25/system-center-virtual-machine-manager-2008-r2-quick-storage-migration.aspx

Q: What are CSV (Clustered Shared Volumes)?
A: Allows for storing multiple Hyper-V VMs, their configuration, snapshots, etc… per LUN by providing coordinated distributed access to a cluster shared volume through a single consistent namespace (C:\ClusterStorage) which is shared among all nodes in the cluster. CSV avoids the “LUN management nightmare”.
More information: http://blogs.msdn.com/b/clustering/archive/2009/03/02/9453288.aspx

Q: Does SCVMM 2008 R2 support CSV?
A: Yes, SCVMM even recognizes the difference between an owner (coordinator) node and non-owner node when deploying VMs to the Hyper-V cluster nodes. When deploying a VM, the VHD is deployed to the Hyper-V CSV owner (coordinator) node first, while the VM is created on the host selected during the VM creation wizard (Intelligent Placement) within SCVMM.

Q: I’m using diskshadow.exe to backup my virtual machines using the Hyper-V VSS Writer.  Can I also use it with CSV disks?
A: No, unfortunately DiskShadow is not compatible with CSV in Win2008 R2. You can only do CSV backups from coordinator node safely which is the only node that has access to the (Hyper-V) VSS writer. Windows Server Backup does also not support backing up virtual machines on Cluster Shared Volumes (CSV volumes).

Related reading:

• System Center Virtual Machine Manager (VMM) Q&A – Part 1

Here’s an overview of some of the most raised SCVMM questions and their answers:

Q: What is CPU Type in SCVMM 2008 R2 VM Processor Hardware Profile?
A: Just used for Intelligent Placement of virtual machines – not the actual vCPU 
More information: http://blogs.technet.com/mghazai/archive/2009/12/02/what-is-cpu-type-in-scvmm-2008-r2-vm-processor-hardware-profile.aspx

Q: What is the purpose of SCVMM Network Location and Tag?
A: Matching virtual networks during virtual machine deployment/migration 
More information: http://blogs.technet.com/apb/archive/2009/03/20/the-purpose-of-scvmm-network-location-and-tag.aspx

Q: How can I quickly/easily configure my Hyper-V running in a workgroup to allow remote administration using Hyper-V Manager?
A: Download HVremote
More information: http://blogs.technet.com/jhoward/archive/2008/11/14/configure-hyper-v-remote-management-in-seconds.aspx

Q: What’s the difference between “Host Reserve” and “Cluster Reserve”
A: Host Reserves define how much of a host’s resources are to reserved for the host operating system in terms of CPU, RAM, disk space, IOPS, network. 
Cluster Reserve specifies the number of node failures a cluster must be able to sustain while still supporting all virtual machines deployed on the host cluster. 
More information: http://fawzi.wordpress.com/2009/04/13/scvmm-host-reservers-and-cluster-reserve/

Q: Can I use DFS on my VMM Library?
A: Yes, but VMM 2008 is not DFS-aware; neither is it location-aware. There is no special logic in VMM for DFS-R and/or DFS-N. Both are unsupported and can lead to some known issues.
More information: http://blogs.technet.com/chengw/archive/2008/08/26/dfs-on-vmm-library.aspx

Q: What does 'over-committed' cluster status mean?
A: The “cluster reserve” specifies the number of node failures a cluster must be able to sustain while still supporting all virtual machines that are currently deployed on the clustered hosts.  If this cluster reserve cannot be met, the cluster is “over-commited”.
More information: http://blogs.technet.com/mbriggs/archive/2009/12/02/what-does-over-committed-status-really-mean.aspx

Q: Can VMM be installed inside a VM?
A: Installing VMM in a virtual machine is a fully supported scenario.  Consider the flexibility of the VM (snapshots, live migration) but also consider moving the VMM Library share(s) out of the VM (for growth and performance reasons). Also exclude the VM from receiving and acting on PRO-tips.
More information: http://blogs.technet.com/mbriggs/archive/2009/05/22/should-vmm-live-inside-a-vm-or-on-a-physical-server.aspx

Q: Can I reduce the number of VMM PS task/jobs that are kept in the VMM database?
A: Yes, just configure the TaskGC (DWORD) in “HKLM\Software\Microsoft\Microsoft System Center Virtual Machine Manager Server\settings\SQL” to the number of days you want to keep.
More information: http://blogs.msdn.com/robertvi/archive/2009/05/25/scvmm-service-may-take-up-lots-of-memory.aspx

Q: Can I share (remote) ISO files in VMM with Hyper-V?
A: Yes, use constrained delegation to enable the CIFS protocol to be accessed on your library server by the Hyper-V host(s) and use a domain account as VMM service account.
More information: http://blogs.technet.com/m2/archive/2009/08/15/how-to-properly-share-iso-files-in-vmm-with-hyper-v.aspx

Q: Can I backup the VMM database?
A: Yes, using both GUI and/or CLI. Using the VMM Administrator console or using the VMM PowerShell cmdlet called “Backup-VMMserver”
More information: http://technet.microsoft.com/en-us/library/bb963730.aspx

Q: What’s the difference between “Maintenance Mode” and “Host is unavailable for Placement” option at the VMHost?
A: When you start the “Maintenance Mode” on a VMHost, all VMs are (live) migrated away from that VMHost (where possible – otherwise State is Saved ). Making a VMHost “unavailable for placement” would also exclude the VMHost (eg: Offline Servicing Host) from the star rating used by the “intelligent placement”, but would leave the VMs running on it unharmed.
More information: http://blogs.technet.com/chengw/archive/2009/03/18/what-you-need-to-know-about-maintenance-mode.aspx

Some more VMM Frequently Asked Questions from TechNet

Find it here 

With courtesy of ServerTalk and Ben Armstrong for bringing it to our attention…