Fixing The trust relationship between this computer and the primary domain failed Error when restoring a Snapshot or Old Virtual Machine

I had a VM snapshot/checkpoint running for several months in my test lab and after reverting the snapshot back I went to login to the machine and got the dreaded Trust relationship between this computer and the primary domain failed error message.  So I logged in as a local admin onto that machine, opened up an Administrative PowerShell window and entered the below commands.

$cred = Get-Credential – (enter domain admin account when prompted)
Reset-ComputerMachinePassword -Credential $cred -Server ada-dc-02.adatum.com.au

Replace the server at the end with a FQDN of one of your Domain Controllers.  As I wasn’t authenticated to the domain, I needed to enter my domain admin credentials by using the Get-Credential cmdlet and then using those stored credentials to issue the Reset-ComputerMachinePassword cmdlet.

So there you have it, no more re-joining a computer to the domain.

Hyper-V Virtual Machine stops responding to network traffic if VMQ (Virtual Machine Queues) are enabled on a 1GB physical NIC

vmqI recently took on a new customer who’s IT infrastructure was a mess.  They have good hardware but the setup they had was just awful (it was an internal guy who had great ideas but little skill).  They had Hyper-V running on a nice new Gen9 HP Server on Windows Server 2012 R2, which is a nice combination.  Once they were on boarded they let us know that the server kept on crashing (they had no idea their setup was virtualised or that they had more than one server…).    Virtual Machine Queuing or VMQ allows the “virtualization” of the network allowing for the NIC to create paths to each virtual NIC to offload the traffic.

After about a week, I got the call I was waiting for to tell me their server had stop responding, the virtual machine was still up but wasn’t responding to pings or allowing access to network resources (it was their SBS server).   So as a quick fix, I disabled and re-enabled the NIC on the server (as a best practice you should have a dedicated Management NIC to allow access to the host), this brought things back online.  After having a quick look at the Broadcom NIC it had VMQ enabled, I then set it to disabled and restarted the server out of hours.  Since then there hasn’t been any issues with the servers dropping off the network.

The issue hasn’t resurfaced since and is documented in the following Microsoft KB article https://support.microsoft.com/en-us/kb/2986895

It is interesting to note that the server had the latest drivers and firmware installed but was still having the issue, so I’d recommend leaving VMQ Disabled completely as the benefits aren’t that great (unless your high-traffic 10 Gbps).

An error occurred while attempting to start the selected virtual machine(s) The security ID structure is invalid (0x80070539)

So I was recently working with some really old Virtual machines in a development environment that came across from another organisation. One particular virtual machine gave me an error message when I tried to start it up “An error occurred while attempting to start the selected virtual machine(s)… The security ID structure is invalid (0x80070539)”.  When this happens, Hyper-V basically doesn’t have permission to start the selected virtual machines under the user.  A quick administrative PowerShell cmdlet will grant me or a user permission and allow us to start the VM up;

Grant-VMConnectAccess -VMName "Name of VM not starting" -UserName 
"DOMAIN\Username of current user"

Changing -VMName to match the virtual machine giving you the error and a DOMAIN\Username of the user you are now logged on as.

Once you issue this command the virtual machine will start without any issues.

Checking the performance of your Windows Server 2012 Hyper-V Server with Performance Monitor and PAL

Windows Server 2012 brings some great improvements to Virtualization.  We’re currently running it in production and it works wonders, especially with the new Hyper-V Replica feature which is great and free way of implementing DR.  So now you’ve got that cluster running, how can we tell if it is performing well.   I recently stumbled upon PAL or Performance Analysis of Logs Tool, which is freely available from http://pal.codeplex.com/.  The tool comes with a Performance Monitor Template file that we can use to easily record the performance of a Hyper-V 2012 Server and get some visibility into our Servers.

pal_wizard

When it comes to Performance things we would want to look at would be Disk Performance, Memory and CPU but understanding what effect these have on Hyper-V isn’t always straightforward, thankfully PAL helps us being making it easy and straightforward.  So first off go and download it from codplex and install it onto your workstation on desktop PC (not on your Hyper-V Host).  Once installed, open it up.  We need to get our Perfmon template so go into the Threshold File tab and select “Microsoft Windows Server 2012 Hyper-V” from the Threshold file title, then choose Export to Perfmon template file. Get this onto your Hyper-V Host and open up Performance Monitor on the host we want to watch.

Open up Performance Monitor on our Hyper-V Host and open up Data Collector Sets, right click on User Defined and select New Data Collector Set.  We can call it Hyper-V Performance Counter Set or what every you wish, keep Create from a template (Recommended) selected.  Click next and then browse, selecting the  XML Template file that we exporter earlier from PAL.  Once you finish the wizard it will show up under the User Defined Data Collector Sets. You can now open up the properties and set it to run from 30 minutes to 1 hour depending on what you’re after.  It is best to run this during peak load times (so business hours).

avg_responseNow that you’ve collected the data you want to browse to it and copy the .blg file to your workstation (or where ever you installed PAL). Back to PAL, select the log file under the Counter Log tab, then move onto the Questions Tab where you need to specify things such as processors, total RAM, drive configuration to help specify thresholds for your performance report. Navigate to the other tabs if you wish to modify anything else and finally execute the report, this can be time consuming depending on how long you’ve captured performance data for (it took me around 20 minutes for a 1 hour capture). Once it has completed generating the report it opens up in your web browser.  Key things to look at are disk latency (as per the graph with RED being critical), memory and CPU issues.

That is a free and easy way to check on the health and performance of your new Hyper-V 2012 Cluster.  You can also use PAL for a Windows Server 2008 R2 Hyper-V Cluster and other services such as Exchange or SQL Server, you just need to select the right template.

What is new with Hyper-V in Windows Server 2012

I’ve been reading a lot lately about what people have been saying about Microsoft’s latest go at a hypervisor and many say that now with Hyper-V 2012, Microsoft is catching up to VMware in the enterprise virtualization arena (one example from ZDnet).  So what is all the fuss about…really.  I’ll identify some of the key points of what Hyper-V 2012 is bringing to the virtualization world. To summarise:

  • 32 Virtual CPUs and 512GB to a Virtual Machine
  • VHDX File Format for Virtual Hard Disks (16TB of Storage)
  • Native NIC teaming
  • 64 Node Clustering
  • Cluster-Aware updating
  • Hyper-V Replica (Replication of Virtual Machines)

Two of my favourite additions though are the Cluster-Aware Updating and Hyper-V Replica features.
Cluster-Aware Updating helps to manage down time by maintaining availability during windows update time, so you pretty much schedule when you want the updates to occur and let the cluster take care of the rest, automatically moving Virtual Machines,  maintaining services and availability and then moving them back once the server has restarted and updates are completed. Hyper-V Replica, which performs asynchronous replication of VMs to a replica site (either stand alone or cluster).

The last point has been my biggest gripe with using Hyper-V, how do we achieve DR with a relative low-cost.  We already have all the hardware but the licensing and software costs to perform replication were astronomical.  Now our DR solution is quite straight forward and cost-effective thanks to Server 2012.

This post is by no means exhaustive, but simply the features that stand out to me, and the reasons as to why we are planning to move to Windows Server 2012 and Hyper-V 2012.