К продвинутым компьютерным технологиям можно отнести следующие:
Виртуализация (Virtualizing),
Системы хранения данных (Storages),
Кластеры (Clusters),
Терминальные сервисы (Terminal Services),
Блейд-системы (Blade Systems),
Облачные вычисления (Cloude Computing).
Виртуализация существовала еще в эпоху мейнфреймов. Для каждого пользователя создавалась независимая среда - виртуальный компьютер. Сегодня виртуализация переживает второе рождение. Например, каждый может на своем Windows XP или Vista инсталлировать бесплатную программу Microsoft Virtual PC 2007 и создать внутри этой виртуальной машины виртуальный компьютер.
В данном случае виртуальная машина представляет собой среду, оболочку, а виртуальный компьютер - операционную систему. Виртуальный компьютер - это своего рода компьютер в компьютере и физически представляет собой файл-образ. В случае Microsoft такой файл имеет расширение VHD, т.е. Virtual Hard Drive.
При виртуализации компьютеров происходит отделение операционной системы от физического железа за счет внедрения дополнительного программного слоя или уровня, предоставляющего виртуальное железо.
Кстати, виртуальная машина всегда предоставляет одинаковое виртуальное железо, что очень удобно, т.к. этим ликвидируется одна из главных проблем - несовместимость аппликаций с различными типами оборудования. В данном случае тип оборудования один и тот же и заранее известен всем производителям программного обеспечения, что наиболее важно для создателей операционных систем.
[РИСУНОК]
Существует интересное применение виртуальных компьютеров - Virtual Appliances. Это новый способ распространения аппликаций, путем создания предварительно подготовленных и отконфигурированных программ или серверов. Такой файл-образ можно скачать и, затем, в течении 5 минут подсоединить к существующей виртуальной машине. И это вместо часов установки и конфигурирования.
Кстати, ходят слухи, что в недрах Microsoft уже готовится новый Exchange 2012 и он будет поставляться в виде Virtual Appliance.
А теперь поговорим о преимуществах виртуализации компьютеров/серверов.
1. Возможность иметь несколько OS разных типов на одном физическом компьютере, что имеет несколько следствий.
2. Поддержка старых (Legacy) аппликаций на новых компьютерах.
3. Тестирование новых аппликаций в различных средах.
4. Тестирование сочетания различных аппликаций в одной среде.
5. Тестовые лаборатории для сетевых проектов, например проектов миграции на новые системы.
6. Среды для обучения. Что может быть удобнее, чем создание сети из нескольких виртуальных компьютеров на одном физическом.
7. Консолидация серверов. Это модное слово означает переброску множества физических серверов на виртуальные, при этом количество физических серверов сокращается нередко в 10 раз. Такой процесс называется P2V, т.е. Physical to Virtual.
Экономится площадь, энергия, кондиционирование. Обеспечивается полная загрузка серверов (правильной считается 60%, а не 5-10%, как нередко бывает). Также облегчается управление.
8. Есть и уникальные возможности. Так, например, если расположить файл-образ VHD на общей Системе Хранения Данных (Storage), то возможен ручной или, даже, автоматический перенос виртуальных компьютеров на другие физические серверы в процессе работы и без нарушения обслуживания. Такие технологии называются Live Migration (Microsoft Hyper-V) или VMotion (VMWare). Перенос может осуществляться по потребности для лучшего распределения нагрузки или в случае физической неполадки сервера, несущего на себе виртуальные компьютеры.
9. Возможно также перераспределение ресурсов RAM и CPU между виртуальными компьютерами. В продвинутых системах это возможно динамически, т.е. в процессе работы без остановки сервера.
10. Вообще, разделение так называемых нагрузок по виртуальным компьютерам (1 компьютер - одна роль-нагрузка) дает возможность независимого технического обслуживания каждой нагрузки без ущерба для других, например, перезагрузка DNS-сервера не повлияет на работу Exchange-сервера.
11. Облегчается Backup/Recovery при помощи технологий Snapshots, осуществляемых при помощи программ управления виртуальными системами. Последние позволяют делать мгновенные "снимки" состояния системы во время работы, за считанные секунды и без влияния на производительность. Ленточный Backup затем может захватывать маленькие инкрементальные Snapshots. Системы Storage могут иметь собственные способы Snapshots. Одной из совершенных систем Snapshots считается система фирмы NetApp, которая позволяет осуществлять до 255 Snapshots фирменными патентованными способами. Впрочем, здесь мы вторгаемся уже в другую область.
12. Напоследок я приберег следующую "вкусную" возможность: если есть проблема с какой-либо аппликацией, то можно отправить файл-образ в фирму, записав его на Disk-on-Key или, даже, по Интернет (если есть достаточно "толстый" канал).
«КАМТЕC» - профессиональное обучение компьютерным специальностям
вторник, 22 декабря 2009 г.
суббота, 12 декабря 2009 г.
More on Storage Options for Windows Server 2008 Hyper-V
Thursday, March 06, 2008 8:30 AM josebda
As I mentioned in a previous blog post, you can expose storage to a Hyper-V guest in many different ways.
After getting some feedback to that initial post, there are two frequent comments that I wanted to address.
You can boot a Hyper-V guest from an iSCSI LUN
I wanted to highlight that you can boot a Hyper-V child partition (guest) from an iSCSI LUN. To do that, you need to expose that LUN to the parent partition (host), make sure the LUN is set as an offline disk in the host and then use the passthrough option to expose the disk to the guest as IDE (ATA).
With that, you can successfully boot a Hyper-V guest from an iSCSI LUN. In fact, that works just the same for a fibre-channel LUN or SAS disks.
Here’s what the configuration of that virtual disk would look like:
There are also third-party solutions that will that will allow a Hyper-V guest to boot from an iSCSI LUN exposed directly to the guest. You can check a product from EmBoot that does exactly that at http://www.emboot.com.
How about a picture?
In the blog post, I had a table showing the different storage options, but someone pointed out that a picture would be a lot more useful than a table. So, here it is:
In the picture you see the different ways to expose a disk to a Hyper-V parent partition (host) and child partition (guest):
C: = Using a VHD file on a directly attached disk (X:) on the host
D: = Using passthrough to a directly attached disk on the host
E: = Using a VHD file on a SAN LUN mounted as a volume (Y:) on the host
F: = Using passthrough to a SAN LUN exposed to the host
G: = Using an iSCSI LUN exposed directly to the guest
Note that, for the first four options, the disk can be exposed to the guest as either SCSI or IDE (ATA), regardless of the physical disk interface used on the host. Also note that the last of the five options above is only available for iSCSI SANs, not fibre-channel.
For all the details of what you can and cannot do in each scenario, check the original post at:
http://blogs.technet.com/josebda/archive/2008/02/14/storage-options-for-windows-server-2008-s-hyper-v.aspx
As I mentioned in a previous blog post, you can expose storage to a Hyper-V guest in many different ways.
After getting some feedback to that initial post, there are two frequent comments that I wanted to address.
You can boot a Hyper-V guest from an iSCSI LUN
I wanted to highlight that you can boot a Hyper-V child partition (guest) from an iSCSI LUN. To do that, you need to expose that LUN to the parent partition (host), make sure the LUN is set as an offline disk in the host and then use the passthrough option to expose the disk to the guest as IDE (ATA).
With that, you can successfully boot a Hyper-V guest from an iSCSI LUN. In fact, that works just the same for a fibre-channel LUN or SAS disks.
Here’s what the configuration of that virtual disk would look like:
There are also third-party solutions that will that will allow a Hyper-V guest to boot from an iSCSI LUN exposed directly to the guest. You can check a product from EmBoot that does exactly that at http://www.emboot.com.
How about a picture?
In the blog post, I had a table showing the different storage options, but someone pointed out that a picture would be a lot more useful than a table. So, here it is:
In the picture you see the different ways to expose a disk to a Hyper-V parent partition (host) and child partition (guest):
C: = Using a VHD file on a directly attached disk (X:) on the host
D: = Using passthrough to a directly attached disk on the host
E: = Using a VHD file on a SAN LUN mounted as a volume (Y:) on the host
F: = Using passthrough to a SAN LUN exposed to the host
G: = Using an iSCSI LUN exposed directly to the guest
Note that, for the first four options, the disk can be exposed to the guest as either SCSI or IDE (ATA), regardless of the physical disk interface used on the host. Also note that the last of the five options above is only available for iSCSI SANs, not fibre-channel.
For all the details of what you can and cannot do in each scenario, check the original post at:
http://blogs.technet.com/josebda/archive/2008/02/14/storage-options-for-windows-server-2008-s-hyper-v.aspx
Storage options for Windows Server 2008 Hyper-V
Windows Server 2008’s Hyper-V has been in public beta for a while now and lots of people have been experimenting with it. One aspect that I am focusing on is storage for those virtualized environments and more specifically the options related to SAN storage.
Virtualization terminology
Before we start, I wanted to define some terms commonly used in virtualization. We refer to the physical computer running the Hyper-V software as the parent partition or host, as opposed to the child partition or guest, which is the term used for virtual machine. You can, say, for instance, that the host must support hardware-assisted virtualization or that you can now run a 64-bit OS in the guest.
The other term used with Hyper-V is Integration Components. This is the additional software you run on the guest to better support Hyper-V. Windows Server 2008 already ships with Hyper-V Integration Components, but older operating systems will need to install them separately. In Virtual Server or Virtual PC, these were called “additions”.
Exposing storage to the host
A Hyper-V host is a server running Windows Server 2008 and it will support the many different storage options of that OS. This includes directly-attached storage (SATA, SAS) or SAN storage (FC, iSCSI). Once you expose the disks to the host, you can expose it to the guest in many different ways.
VHD or passthrough disk on the host
As with Virtual Server and Virtual PC, you can create a VHD file in one of the host’s volume and expose that as a virtual hard disk to the guest. This VHD functions simply as a set of blocks, stored as a regular file using the host OS file system (typically NTFS). There are a few different types of VHD, like fixed size or dynamically expanding. This hasn’t changed from previous versions. The maximum size of a VHD continues to be 2040 GB (8 GB short of 2 TB).
You can now expose a host disk to the guest without even putting a volume on it using a passthrough disk. Hyper-V will let you “bypass” the host’s file system and access a disk directly. This raw disk, which is not limited to 2040 GB in size, can be a physical HD on the host or a logical unit on a SAN. To make sure the host and the guest are not trying to use the disk at the same time, Hyper-V requires the disk to be in the offline state on the host. This is referred to as LUN passthrough, if the disk being exposed to the guest is a LUN on a SAN from the host perspective. With passthrough disks you will lose some nice, VHD-related features, like VHD snapshots, dynamically expanding VHDs and differencing VHDs.
IDE or SCSI on the guest
When you configure the guest’s virtual machine settings, you need to choose how to show the host disk (be it VHD file or passthrough disk) to the guest. The guest can see that disk either as a virtual ATA device on a virtual IDE controller or as a virtual SCSI disk device on a virtual SCSI controller. Note that you do not have to expose the device to the guest in the same way it is exposed to the host. For instance, a VHD file on a physical IDE disk on the host can be exposed as a virtual SCSI disk on the guest. A physical SAS disk on the host can be exposed as a virtual IDE disk on the guest.
The main decision criteria here should be the capabilities you are looking for on the guest. You can only have up to 4 virtual IDE disks on the guest (2 controllers with 2 disks each), but they are the only types of disk that the virtualized BIOS will boot from. You can have up to 256 virtual SCSI disks on the guest (4 controllers with 64 disks each), but you cannot boot from them and you will need an OS with Integration Components. Virtual IDE disks will perform at the same level of the virtual SCSI disks after you load the Integration Components in the OS, since they leverage the same optimizations.
You must use SCSI if you need to expose more than 4 virtual disks to your guest. You must use IDE if your guest needs to boot to that virtual disk or if there are no Integration Components in the guest OS. You can also use both IDE and SCSI with the same guest.
iSCSI directly to guests
One additional option is to expose disks directly to the guest OS (without ever exposing it to the host) by using iSCSI. All you need to do is load an iSCSI initiator in the guest OS (Windows Server 2008 already includes one) and configure your target correctly. Hyper-V’s virtual BIOS does not support booting to iSCSI directly, so you will still need to have at least one disk available to the guest as an IDE disk so you can boot to it. However, all your other disks can be iSCSI LUNs.
There are also third-party solutions that will that will allow a Hyper-V guest to boot from an iSCSI LUN exposed directly to the guest. You can check a product from EmBoot called WinBoot/i that does exactly that at http://www.emboot.com.
Moving disks between hosts
Another common usage scenario in virtualization is moving a virtual machine from one host to another. You will typically shut down the guest (or pause it), move the storage resources and then bring the VM up in the new host (or resume it).
The “move the storage” part is easier to imagine if you are using VHD files for guest disks. You simply copy the files from host to host. If you’re using physical disks (let’s say, SAS drives that are passthrough disks exposed as IDE disks to the guest), you can physically move the disk to another host. If this is a LUN on a SAN, you would need to reconfigure the SAN to mask the LUN to the old host and unmask it to the new host. You might want to use a technology called NPIV to use “virtual” WWNs for a set of LUNs, so you can move them between hosts without the need to reconfigure the SAN itself. This would be the equivalent of using multiple iSCSI targets for the same Hyper-V host and reconfiguring the targets to show up on the other host. If you use iSCSI directly exposed to the guest, those iSCSI data LUNs will just move with the guest, assuming the guest continues to have a network path to the iSCSI target and that you used one of the other methods to move the VM configuration and boot disk.
Windows Server 2008 is also a lot smarter about using LUNs on a SAN, so you might consider exposing LUNs to multiple Hyper-V hosts and onlining the LUNs as required, as long you don't access them simultaneosly from multiple hosts.
Keep in mind that, although I am talking about doing this manually, you will typically automate the process. Windows Server Failover Clustering and System Center Virtual Machine Manager (VMM) can make some of those things happens automatically. In some scenarios, the whole move can happen in just seconds (assuming you are pausing/resuming the VM and the disks are in a SAN). However, there is no option today with a robot to physically move disks from one host to another :-).
A few tables
Since there are lots of different choices and options, I put together a few tables describing the scenarios. They will help you verify the many options you have and what features are available in each scenario.
Table 1
VHD on host volume
Passthrough disk on host
Directly to guest
DAS (SAS, SATA)
X
X
FC SAN
X
X
iSCSI SAN
X
X
X
Table 2
DAS or SAN on host,
VHD or passthrough disk on host,
exposed to guest as IDE
DAS or SAN on host,
VHD or passthrough disk on host,
exposed to guest as SCSI
not exposed to host,
exposed to guest as iSCSI LUN
Guest boot from disk
Yes
No
No
Additional sw on guest
Integration Components (optional)
Integration Components
iSCSI initiator
Guest sees disk as
Virtual HD ATA Device
Msft Virtual Disk SCSI Disk Device
MSFT Virtual HD SCSI Disk Device
Guest max disks
2 x 2 = 4 disks
4 x 64 = 256 disks
Not limited by Hyper-V
Guest hot add disk
No
No
Yes
Guest hw snap on SAN
No
No
Yes
Table 3
Scenario
1
IDE VHD Local
2
SCSI VHD Local
3
IDE Passthrough Local
4
SCSI Passthrough Local
5
IDE VHD Remote
6
SCSI VHD Remote
7
IDE Passthrough Remote
8
SCSI Passthrough Remote
9
Guest iSCSI
Storage type
DAS
DAS
DAS
DAS
SAN, FC/iSCSI
SAN, FC/iSCSI
SAN, FC/iSCSI
SAN, FC/iSCSI
SAN, iSCSI
Exposed to host as
VHD on NTFS
VHD on NTFS
Passthrough disk
Passthrough disk
VHD on NTFS
VHD on NTFS
Passthrough disk
Passthrough disk
Not exposed
Exposed to guest as
IDE
SCSI
IDE
SCSI
IDE
SCSI
IDE
SCSI
iSCSI LUN
Guest driver is “synthetic”
No (a)
Yes
No (a)
Yes
No (a)
Yes
No (a)
Yes
No (b)
Guest boot from disk
Yes
No
Yes
No
Yes
No
Yes
No
No (i)
Guest max disks
4
256
4
256
4
256
4
256
(j)
Guest max disk size
~2 TB (c)
~2 TB (c)
Limit imposed by guest (d)
Limit imposed by guest (d)
~2 TB (c)
~2 TB (c)
Limit imposed by guest (d) (e)
Limit imposed by guest (d) (e)
(d) (e)
Hyper-V VHD snapshots
Yes
Yes
No
No
Yes
Yes
No
No
No
Dynamically expanding VHD
Yes
Yes
No
No
Yes
Yes
No
No
No
Differencing VHD
Yes
Yes
No
No
Yes
Yes
No
No
No
Guest hot add disk
No
No
No
No
No
No
No
No
Yes
SCSI-3 PR for guests on two hosts (WSFC)
No
No
No
No
No
No
No
No
Yes
Guest hardware snapshot on SAN
N/A
N/A
N/A
N/A
No
No
No
No
Yes
P2V migration without moving SAN data
N/A
N/A
N/A
N/A
No
No
Yes (f)
Yes (f)
Yes (g)
VM migration without moving SAN data
N/A
N/A
N/A
N/A
Yes (h)
Yes (h)
Yes (f)
Yes (f)
Yes (g)
(a) Works as legacy IDE but will perform better if Integration Components are present.
(b) Works as legacy network but will perform better if Integration Components are present.
(c) Hyper-V maximum VHD size is 2040 GB (8 GB short of 2 TB).
(d) Not limited by Hyper-V. NTFS maximum volume size is 256 TB.
(e) Microsoft iSCSI Software Target maximum VHD size is 16 TB.
(f) Requires SAN reconfiguration or NPIV support, unless using a failover cluster.
(g) For data volumes only (cannot be used for boot/system disks).
(h) Requires SAN reconfiguration or NPIV support, unless using a failover cluster. All VHDs on the same LUN must be moved together.
(i) Requires third-party product like WinBoot/i from EmBoot.
(j) Not limited by Hyper-V.
References
http://blogs.msdn.com/tvoellm/archive/2008/01/02/hyper-v-scsi-vs-ide-do-you-really-need-an-ide-and-scsi-drive-for-best-performance.aspx
http://blogs.technet.com/jhoward/archive/2007/10/04/boot-from-scsi-in-virtual-server-vs-boot-from-ide-in-windows-server-virtualization.aspx
Screenshots
Screenshot of settings for scenario 2 in table 3 (VHD exposed as SCSI):
Screenshot of settings for scenario 8 in table 3 (iSCSI LUN passthrough exposed as IDE, which your guest can boot from):
Virtualization terminology
Before we start, I wanted to define some terms commonly used in virtualization. We refer to the physical computer running the Hyper-V software as the parent partition or host, as opposed to the child partition or guest, which is the term used for virtual machine. You can, say, for instance, that the host must support hardware-assisted virtualization or that you can now run a 64-bit OS in the guest.
The other term used with Hyper-V is Integration Components. This is the additional software you run on the guest to better support Hyper-V. Windows Server 2008 already ships with Hyper-V Integration Components, but older operating systems will need to install them separately. In Virtual Server or Virtual PC, these were called “additions”.
Exposing storage to the host
A Hyper-V host is a server running Windows Server 2008 and it will support the many different storage options of that OS. This includes directly-attached storage (SATA, SAS) or SAN storage (FC, iSCSI). Once you expose the disks to the host, you can expose it to the guest in many different ways.
VHD or passthrough disk on the host
As with Virtual Server and Virtual PC, you can create a VHD file in one of the host’s volume and expose that as a virtual hard disk to the guest. This VHD functions simply as a set of blocks, stored as a regular file using the host OS file system (typically NTFS). There are a few different types of VHD, like fixed size or dynamically expanding. This hasn’t changed from previous versions. The maximum size of a VHD continues to be 2040 GB (8 GB short of 2 TB).
You can now expose a host disk to the guest without even putting a volume on it using a passthrough disk. Hyper-V will let you “bypass” the host’s file system and access a disk directly. This raw disk, which is not limited to 2040 GB in size, can be a physical HD on the host or a logical unit on a SAN. To make sure the host and the guest are not trying to use the disk at the same time, Hyper-V requires the disk to be in the offline state on the host. This is referred to as LUN passthrough, if the disk being exposed to the guest is a LUN on a SAN from the host perspective. With passthrough disks you will lose some nice, VHD-related features, like VHD snapshots, dynamically expanding VHDs and differencing VHDs.
IDE or SCSI on the guest
When you configure the guest’s virtual machine settings, you need to choose how to show the host disk (be it VHD file or passthrough disk) to the guest. The guest can see that disk either as a virtual ATA device on a virtual IDE controller or as a virtual SCSI disk device on a virtual SCSI controller. Note that you do not have to expose the device to the guest in the same way it is exposed to the host. For instance, a VHD file on a physical IDE disk on the host can be exposed as a virtual SCSI disk on the guest. A physical SAS disk on the host can be exposed as a virtual IDE disk on the guest.
The main decision criteria here should be the capabilities you are looking for on the guest. You can only have up to 4 virtual IDE disks on the guest (2 controllers with 2 disks each), but they are the only types of disk that the virtualized BIOS will boot from. You can have up to 256 virtual SCSI disks on the guest (4 controllers with 64 disks each), but you cannot boot from them and you will need an OS with Integration Components. Virtual IDE disks will perform at the same level of the virtual SCSI disks after you load the Integration Components in the OS, since they leverage the same optimizations.
You must use SCSI if you need to expose more than 4 virtual disks to your guest. You must use IDE if your guest needs to boot to that virtual disk or if there are no Integration Components in the guest OS. You can also use both IDE and SCSI with the same guest.
iSCSI directly to guests
One additional option is to expose disks directly to the guest OS (without ever exposing it to the host) by using iSCSI. All you need to do is load an iSCSI initiator in the guest OS (Windows Server 2008 already includes one) and configure your target correctly. Hyper-V’s virtual BIOS does not support booting to iSCSI directly, so you will still need to have at least one disk available to the guest as an IDE disk so you can boot to it. However, all your other disks can be iSCSI LUNs.
There are also third-party solutions that will that will allow a Hyper-V guest to boot from an iSCSI LUN exposed directly to the guest. You can check a product from EmBoot called WinBoot/i that does exactly that at http://www.emboot.com.
Moving disks between hosts
Another common usage scenario in virtualization is moving a virtual machine from one host to another. You will typically shut down the guest (or pause it), move the storage resources and then bring the VM up in the new host (or resume it).
The “move the storage” part is easier to imagine if you are using VHD files for guest disks. You simply copy the files from host to host. If you’re using physical disks (let’s say, SAS drives that are passthrough disks exposed as IDE disks to the guest), you can physically move the disk to another host. If this is a LUN on a SAN, you would need to reconfigure the SAN to mask the LUN to the old host and unmask it to the new host. You might want to use a technology called NPIV to use “virtual” WWNs for a set of LUNs, so you can move them between hosts without the need to reconfigure the SAN itself. This would be the equivalent of using multiple iSCSI targets for the same Hyper-V host and reconfiguring the targets to show up on the other host. If you use iSCSI directly exposed to the guest, those iSCSI data LUNs will just move with the guest, assuming the guest continues to have a network path to the iSCSI target and that you used one of the other methods to move the VM configuration and boot disk.
Windows Server 2008 is also a lot smarter about using LUNs on a SAN, so you might consider exposing LUNs to multiple Hyper-V hosts and onlining the LUNs as required, as long you don't access them simultaneosly from multiple hosts.
Keep in mind that, although I am talking about doing this manually, you will typically automate the process. Windows Server Failover Clustering and System Center Virtual Machine Manager (VMM) can make some of those things happens automatically. In some scenarios, the whole move can happen in just seconds (assuming you are pausing/resuming the VM and the disks are in a SAN). However, there is no option today with a robot to physically move disks from one host to another :-).
A few tables
Since there are lots of different choices and options, I put together a few tables describing the scenarios. They will help you verify the many options you have and what features are available in each scenario.
Table 1
VHD on host volume
Passthrough disk on host
Directly to guest
DAS (SAS, SATA)
X
X
FC SAN
X
X
iSCSI SAN
X
X
X
Table 2
DAS or SAN on host,
VHD or passthrough disk on host,
exposed to guest as IDE
DAS or SAN on host,
VHD or passthrough disk on host,
exposed to guest as SCSI
not exposed to host,
exposed to guest as iSCSI LUN
Guest boot from disk
Yes
No
No
Additional sw on guest
Integration Components (optional)
Integration Components
iSCSI initiator
Guest sees disk as
Virtual HD ATA Device
Msft Virtual Disk SCSI Disk Device
MSFT Virtual HD SCSI Disk Device
Guest max disks
2 x 2 = 4 disks
4 x 64 = 256 disks
Not limited by Hyper-V
Guest hot add disk
No
No
Yes
Guest hw snap on SAN
No
No
Yes
Table 3
Scenario
1
IDE VHD Local
2
SCSI VHD Local
3
IDE Passthrough Local
4
SCSI Passthrough Local
5
IDE VHD Remote
6
SCSI VHD Remote
7
IDE Passthrough Remote
8
SCSI Passthrough Remote
9
Guest iSCSI
Storage type
DAS
DAS
DAS
DAS
SAN, FC/iSCSI
SAN, FC/iSCSI
SAN, FC/iSCSI
SAN, FC/iSCSI
SAN, iSCSI
Exposed to host as
VHD on NTFS
VHD on NTFS
Passthrough disk
Passthrough disk
VHD on NTFS
VHD on NTFS
Passthrough disk
Passthrough disk
Not exposed
Exposed to guest as
IDE
SCSI
IDE
SCSI
IDE
SCSI
IDE
SCSI
iSCSI LUN
Guest driver is “synthetic”
No (a)
Yes
No (a)
Yes
No (a)
Yes
No (a)
Yes
No (b)
Guest boot from disk
Yes
No
Yes
No
Yes
No
Yes
No
No (i)
Guest max disks
4
256
4
256
4
256
4
256
(j)
Guest max disk size
~2 TB (c)
~2 TB (c)
Limit imposed by guest (d)
Limit imposed by guest (d)
~2 TB (c)
~2 TB (c)
Limit imposed by guest (d) (e)
Limit imposed by guest (d) (e)
(d) (e)
Hyper-V VHD snapshots
Yes
Yes
No
No
Yes
Yes
No
No
No
Dynamically expanding VHD
Yes
Yes
No
No
Yes
Yes
No
No
No
Differencing VHD
Yes
Yes
No
No
Yes
Yes
No
No
No
Guest hot add disk
No
No
No
No
No
No
No
No
Yes
SCSI-3 PR for guests on two hosts (WSFC)
No
No
No
No
No
No
No
No
Yes
Guest hardware snapshot on SAN
N/A
N/A
N/A
N/A
No
No
No
No
Yes
P2V migration without moving SAN data
N/A
N/A
N/A
N/A
No
No
Yes (f)
Yes (f)
Yes (g)
VM migration without moving SAN data
N/A
N/A
N/A
N/A
Yes (h)
Yes (h)
Yes (f)
Yes (f)
Yes (g)
(a) Works as legacy IDE but will perform better if Integration Components are present.
(b) Works as legacy network but will perform better if Integration Components are present.
(c) Hyper-V maximum VHD size is 2040 GB (8 GB short of 2 TB).
(d) Not limited by Hyper-V. NTFS maximum volume size is 256 TB.
(e) Microsoft iSCSI Software Target maximum VHD size is 16 TB.
(f) Requires SAN reconfiguration or NPIV support, unless using a failover cluster.
(g) For data volumes only (cannot be used for boot/system disks).
(h) Requires SAN reconfiguration or NPIV support, unless using a failover cluster. All VHDs on the same LUN must be moved together.
(i) Requires third-party product like WinBoot/i from EmBoot.
(j) Not limited by Hyper-V.
References
http://blogs.msdn.com/tvoellm/archive/2008/01/02/hyper-v-scsi-vs-ide-do-you-really-need-an-ide-and-scsi-drive-for-best-performance.aspx
http://blogs.technet.com/jhoward/archive/2007/10/04/boot-from-scsi-in-virtual-server-vs-boot-from-ide-in-windows-server-virtualization.aspx
Screenshots
Screenshot of settings for scenario 2 in table 3 (VHD exposed as SCSI):
Screenshot of settings for scenario 8 in table 3 (iSCSI LUN passthrough exposed as IDE, which your guest can boot from):
суббота, 5 декабря 2009 г.
Add W2K8 Standard member Server to W2k3 Standard Domain
http://www.eggheadcafe.com/software/aspnet/33891928/add-w2k8-standard-member.aspx
Even if you use a single domain, this is also your forest. So, you have to
run adprep /forestprep, adprep /domainprep and if you think about the future
also run adprep /rodcprep.
You can either run dcpromo /adv or choose the server manager, roles and add
the AD Domain services.
See here about some detailed steps:
!!!NEVER START BEFORE HAVING javascript:void(0) CREATED AND TESTED A BACKUP OF YOUR DATA/MACHINE!!!
- On the old server open DNS management console and check that you are running
Active directory integrated zone (easier for replication, if you have more
then one DNS server)
- run replmon from the run line or repadmin /showrepl (only if more then
one existing DC), dcdiag /v and netdiag /v from the command prompt on the
old machine to check for errors, if you have some post the complete output
from the command here or solve them first. For this tools you have to install
the support\tools\suptools.msi from the 2003 installation disk.
- run adprep /forestprep and adprep /domainprep and adprep /rodcprep from
the 2008 installation disk against the 2003 schema master, with an account
that is member of the Schema admins, to upgrade the schema to the new version
(44), you can check the version with "schupgr" in a command prompt.
- Install the new machine as a member server in your existing domain
- configure a fixed ip and set the preferred DNS server to the old DNS server
only
- run dcpromo and follow the wizard to add the 2008 server to an existing
domain, make it also Global catalog.
- if you are prompted for DNS configuration choose Yes. If not, install DNS
role after promotion.
- for DNS give the server time for replication, at least 15 minutes. Because
you use Active directory integrated zones it will automatically replicate
the zones to the new server. Open DNS management console to check that they
appear
- if the new machine is domain controller and DNS server run again replmon,
dcdiag and netdiag (copy the netdiag from the 2003 to 2008, will work) on
both domain controllers
- Transfer, NOT seize the 5 FSMO roles to the new Domain controller (http://support.microsoft.com/kb/324801
applies also for 2008)
- you can see in the event viewer (Directory service) that the roles are
transferred, also give it some time
- reconfigure the DNS configuration on your NIC of the 2008 server, preferred
DNS itself, secondary the old one
- if you use DHCP do not forget to reconfigure the scope settings to point
to the new installed DNS server
- export and import of DHCP database for 2008 choose "netshell dhcp backup"
and "netshell dhcp restore" command (http://technet.microsoft.com/en-us/library/cc772372.aspx)
Demoting the old DC (if needed)
- reconfigure your clients/servers that they not longer point to the old
DC/DNS server on the NIC
- to be sure that everything runs fine, disconnect the old DC from the network
and check with clients and servers the connectivity, logon and also with
one client a restart to see that everything is ok
- then run dcpromo to demote the old DC, if it works fine the machine will
move from the DC's OU to the computers container, where you can delete it
by hand. Can be that you got an error during demoting at the beginning, then
uncheck the Global catalog on that DC and try again
- check the DNS management console, that all entries from the machine are
disappeared or delete them by hand if the machine is off the network for ever
- also you have to start AD sites and services and delete the old servername
under the site, this will not be done during demotion
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Even if you use a single domain, this is also your forest. So, you have to
run adprep /forestprep, adprep /domainprep and if you think about the future
also run adprep /rodcprep.
You can either run dcpromo /adv or choose the server manager, roles and add
the AD Domain services.
See here about some detailed steps:
!!!NEVER START BEFORE HAVING javascript:void(0) CREATED AND TESTED A BACKUP OF YOUR DATA/MACHINE!!!
- On the old server open DNS management console and check that you are running
Active directory integrated zone (easier for replication, if you have more
then one DNS server)
- run replmon from the run line or repadmin /showrepl (only if more then
one existing DC), dcdiag /v and netdiag /v from the command prompt on the
old machine to check for errors, if you have some post the complete output
from the command here or solve them first. For this tools you have to install
the support\tools\suptools.msi from the 2003 installation disk.
- run adprep /forestprep and adprep /domainprep and adprep /rodcprep from
the 2008 installation disk against the 2003 schema master, with an account
that is member of the Schema admins, to upgrade the schema to the new version
(44), you can check the version with "schupgr" in a command prompt.
- Install the new machine as a member server in your existing domain
- configure a fixed ip and set the preferred DNS server to the old DNS server
only
- run dcpromo and follow the wizard to add the 2008 server to an existing
domain, make it also Global catalog.
- if you are prompted for DNS configuration choose Yes. If not, install DNS
role after promotion.
- for DNS give the server time for replication, at least 15 minutes. Because
you use Active directory integrated zones it will automatically replicate
the zones to the new server. Open DNS management console to check that they
appear
- if the new machine is domain controller and DNS server run again replmon,
dcdiag and netdiag (copy the netdiag from the 2003 to 2008, will work) on
both domain controllers
- Transfer, NOT seize the 5 FSMO roles to the new Domain controller (http://support.microsoft.com/kb/324801
applies also for 2008)
- you can see in the event viewer (Directory service) that the roles are
transferred, also give it some time
- reconfigure the DNS configuration on your NIC of the 2008 server, preferred
DNS itself, secondary the old one
- if you use DHCP do not forget to reconfigure the scope settings to point
to the new installed DNS server
- export and import of DHCP database for 2008 choose "netshell dhcp backup"
and "netshell dhcp restore" command (http://technet.microsoft.com/en-us/library/cc772372.aspx)
Demoting the old DC (if needed)
- reconfigure your clients/servers that they not longer point to the old
DC/DNS server on the NIC
- to be sure that everything runs fine, disconnect the old DC from the network
and check with clients and servers the connectivity, logon and also with
one client a restart to see that everything is ok
- then run dcpromo to demote the old DC, if it works fine the machine will
move from the DC's OU to the computers container, where you can delete it
by hand. Can be that you got an error during demoting at the beginning, then
uncheck the Global catalog on that DC and try again
- check the DNS management console, that all entries from the machine are
disappeared or delete them by hand if the machine is off the network for ever
- also you have to start AD sites and services and delete the old servername
under the site, this will not be done during demotion
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Migration from Exchange 2003 to Exchange 2010
Сейчас по утрам я учусь.
Не буду говорить, чего мне стоило пробить свое отсутствие по утрам с сохранением зарплаты (оплата курса, конечно, за мой счет), но это стоило того!
Ронен Габай - один из лучших в Израиле специалистов по Exchange Server, а может и лучший. Он же Microsoft Regional Director по Exchange Server, а также Microsoft MVP.
И вот - этот человек, который сначала проводил закрытые курсы по Exchange Server 2010 для работников самого Microsoft, сейчас дает 2-й публичный курс. Exchange только вышел 9 ноября, а 29-го ноября я уже слушаю курс по этой новой системе.
Уровень, конечно, фантастический, но и скорость - только успевай. Нет, кажется, вопроса, на который он не смог бы ответить. Один ученик сравнил удовольствие от прослушивания с тем, какое могло быть, если бы на сцене стояла Памела Андерсон !..
Дома я пробую сделать пробную миграцию Exchange 2003 на Exchange 2010.
И вот, что получается, точнее не получается.
Пока это все в процессе и записано на ломаном английском. В дальнейшем стиль и язык будут правиться...
Exists Configuration.
1st virtual computer - SRV2003 with roles: DC, CA, Exch2003.
2nd virtual computer - SRV2008 R2 with roles: standalone server.
Pre-installation steps.
1. On the 1st computer from ADDT (Active Directory Domains and Trusts) raise "Forest Functional Level" to Windows Server 2003 level, than raise "Domain Functional Level" to Windows Server 2003 level.
1. On the 1st computer attach SRV2008 ISO and run command: "ADPREP /forestprep /domainprep /rodcprep". This command usually exists in the folder X:\support\adprep of the SRV2008 DVD. We make it for extension of the Domain 2003 schema to the Domain 2008 schema.
2. Change network settings of the 2nd computer to the subnet of the 1st computer (DNS server IP address the must!).
3. Then attach 2nd computer to the Domain "Clus.local".
4. Promote 2nd computer to DC (you must be a Domain administrator for this). This make Domain "Clus.local" Domain 2008, but this step not necessary for Exchange install.
For promotion:
a) Add ADDS (Active Directory Domain Services) role from Server Manager (this step automatically adds "NET Framework 3.5.1" required feature)
b) Run "dcpromo" command. With this step you will install AD (the must), DNS and GC (optionally). Than reboot!
Now we go to installing prerequisites for the Exchange 2010 installation.
5. Attach to 2nd computer FILTERPACKX64.ISO and install FilterPackx64.exe from. This is the part from Office and necessary for Search capabilities.
6. Make "Net.Tcp Port Sharing" service running and in the "automatic" state.
7. From "cmd" run command: "ServerManagerCMD -ip D:\scripts\Exchange-Typical.xml" and reboot! This will install all the necessary prerequisites (100 prerequisites).
Now we muhanim for Exch2010 installing!
8. Attach to 2nd computer Exchange2010 ISO and run the "Setup" command.
9. Choose Exchange language from the options.
Right answer: "Install only languages from the DVD". This option make sense only for administrative interface. You have seen the Exchange management in the Hebrew !?
10. Error Reporting: No.
10. Installation Type: select "Typical Exchange Server Installation".
This will install HUB, CAS, Mailbox roles + Management Tools.
11. Configure Client Access Server external domain.
If your server will be accessible from the Internet (and will be), "Enter the domain name you will use with tour external Client Access servers".
This is for ActiveSync, Outlook Web App, Outlook Anywhere.
12. Now important question for the migration - Mail Flow Settings.
"To enable mail flow to Exchange 2003, a routing group connector is required. Select an Exchange 2003 server in the routing group to which Exchange 2010 will connect:"
But Setup will not ostavlyaet you alone, you simple haven't option to move without right choose (vybor):
"- You must specify the legacy routing server when you install the first Hub Transport server in an organization that contains legacy Exchange servers".
13. Customer Experience Improvement Program.
Right answer: "I don't wish to join the program at this time".
Next ! Duhh !! And you in the right place.
Now Exchange with help of ExBPA make Readiness Checks.
Organization Prerequisites Warning:
Setup is going to prepare the organization for Exchange 2010 by using "Setup /PrepareAD"...Bla-bla... After this operation, you will not be able to install any Exchange 2007 server roles."
:) :) :) But what the Shit! :(:(:(
Client Access Role Prerequisites Error:
"The start mode for the Net.Tcp Port Sharing service must be set to Automatic before Setup can continue."
And you must restart your install from the beginning (only make sure if that fucking service working in the Automatic mode) :)! And for now that Readiness shit working GOOD ! But ...
Organization Preparation Failed
The following error was generated when "$error.Clear(); install-ExchangeSchema -LdapFileName ($roleInstallPath + "Setup\Data\"+$RoleSchemaPrefix + "schema0.ldf")" was run: "There was an error while running 'ldifde.exe' to import the schema file 'C:\Windows\Temp\ExchangeSetup\Setup\Data\PostExchange2003_schema0.ldf'. The error code is: 8206. More details can be found in the error file: 'C:\Users\Administrator.CLUSDOM\AppData\Local\Temp\ldif.err'".
Не буду говорить, чего мне стоило пробить свое отсутствие по утрам с сохранением зарплаты (оплата курса, конечно, за мой счет), но это стоило того!
Ронен Габай - один из лучших в Израиле специалистов по Exchange Server, а может и лучший. Он же Microsoft Regional Director по Exchange Server, а также Microsoft MVP.
И вот - этот человек, который сначала проводил закрытые курсы по Exchange Server 2010 для работников самого Microsoft, сейчас дает 2-й публичный курс. Exchange только вышел 9 ноября, а 29-го ноября я уже слушаю курс по этой новой системе.
Уровень, конечно, фантастический, но и скорость - только успевай. Нет, кажется, вопроса, на который он не смог бы ответить. Один ученик сравнил удовольствие от прослушивания с тем, какое могло быть, если бы на сцене стояла Памела Андерсон !..
Дома я пробую сделать пробную миграцию Exchange 2003 на Exchange 2010.
И вот, что получается, точнее не получается.
Пока это все в процессе и записано на ломаном английском. В дальнейшем стиль и язык будут правиться...
Exists Configuration.
1st virtual computer - SRV2003 with roles: DC, CA, Exch2003.
2nd virtual computer - SRV2008 R2 with roles: standalone server.
Pre-installation steps.
1. On the 1st computer from ADDT (Active Directory Domains and Trusts) raise "Forest Functional Level" to Windows Server 2003 level, than raise "Domain Functional Level" to Windows Server 2003 level.
1. On the 1st computer attach SRV2008 ISO and run command: "ADPREP /forestprep /domainprep /rodcprep". This command usually exists in the folder X:\support\adprep of the SRV2008 DVD. We make it for extension of the Domain 2003 schema to the Domain 2008 schema.
2. Change network settings of the 2nd computer to the subnet of the 1st computer (DNS server IP address the must!).
3. Then attach 2nd computer to the Domain "Clus.local".
4. Promote 2nd computer to DC (you must be a Domain administrator for this). This make Domain "Clus.local" Domain 2008, but this step not necessary for Exchange install.
For promotion:
a) Add ADDS (Active Directory Domain Services) role from Server Manager (this step automatically adds "NET Framework 3.5.1" required feature)
b) Run "dcpromo" command. With this step you will install AD (the must), DNS and GC (optionally). Than reboot!
Now we go to installing prerequisites for the Exchange 2010 installation.
5. Attach to 2nd computer FILTERPACKX64.ISO and install FilterPackx64.exe from. This is the part from Office and necessary for Search capabilities.
6. Make "Net.Tcp Port Sharing" service running and in the "automatic" state.
7. From "cmd" run command: "ServerManagerCMD -ip D:\scripts\Exchange-Typical.xml" and reboot! This will install all the necessary prerequisites (100 prerequisites).
Now we muhanim for Exch2010 installing!
8. Attach to 2nd computer Exchange2010 ISO and run the "Setup" command.
9. Choose Exchange language from the options.
Right answer: "Install only languages from the DVD". This option make sense only for administrative interface. You have seen the Exchange management in the Hebrew !?
10. Error Reporting: No.
10. Installation Type: select "Typical Exchange Server Installation".
This will install HUB, CAS, Mailbox roles + Management Tools.
11. Configure Client Access Server external domain.
If your server will be accessible from the Internet (and will be), "Enter the domain name you will use with tour external Client Access servers".
This is for ActiveSync, Outlook Web App, Outlook Anywhere.
12. Now important question for the migration - Mail Flow Settings.
"To enable mail flow to Exchange 2003, a routing group connector is required. Select an Exchange 2003 server in the routing group to which Exchange 2010 will connect:"
But Setup will not ostavlyaet you alone, you simple haven't option to move without right choose (vybor):
"- You must specify the legacy routing server when you install the first Hub Transport server in an organization that contains legacy Exchange servers".
13. Customer Experience Improvement Program.
Right answer: "I don't wish to join the program at this time".
Next ! Duhh !! And you in the right place.
Now Exchange with help of ExBPA make Readiness Checks.
Organization Prerequisites Warning:
Setup is going to prepare the organization for Exchange 2010 by using "Setup /PrepareAD"...Bla-bla... After this operation, you will not be able to install any Exchange 2007 server roles."
:) :) :) But what the Shit! :(:(:(
Client Access Role Prerequisites Error:
"The start mode for the Net.Tcp Port Sharing service must be set to Automatic before Setup can continue."
And you must restart your install from the beginning (only make sure if that fucking service working in the Automatic mode) :)! And for now that Readiness shit working GOOD ! But ...
Organization Preparation Failed
The following error was generated when "$error.Clear(); install-ExchangeSchema -LdapFileName ($roleInstallPath + "Setup\Data\"+$RoleSchemaPrefix + "schema0.ldf")" was run: "There was an error while running 'ldifde.exe' to import the schema file 'C:\Windows\Temp\ExchangeSetup\Setup\Data\PostExchange2003_schema0.ldf'. The error code is: 8206. More details can be found in the error file: 'C:\Users\Administrator.CLUSDOM\AppData\Local\Temp\ldif.err'".
DCPromo error of Access Denied when trying to make 2008 server a Backup DC of a 2003 Server
Эта переписка в форуме Microsoft мне показалась интересной.
• Monday, February 11, 2008 5:31 AM AlphaMic
Hello All,
I have apparently ran up against a problem tha I am not able to solve. The problem is, is that when I attempt to make a new Windows Server 2008 machine a Backup Domain Controller of a Windows Server 2003 Primary Domain Controller, I recieve the following message from DCPROMO:
The Operation Failed Because:
A domain controller could not be contacted for the domain that contained an account name for this computer. Make the computer a member of a workgroup then rejpin the domain before retrying the promotion.
"Access Denied."
I am not exactly sure why this message is coming up, as I am using the bultin Administrator account, and I am able to ping the PDC.
Any suggesstions, ideas, or fixes is greatly appreciated.
Thanks!
Answers
• Tuesday, November 04, 2008 5:28 PM Miroslav Dvořák
Hi, we had the same problem and I found a solution at the end of this web site:
http://www.minasi.com/forum/topic.asp?TOPIC_ID=20461 (extract bellow)
It worked fine
___________________________________________________________
Posted - 11/20/2006 : 10:46:59 AM
________________________________________
Hello all - i see there has been 20+ reads and only replies by me.
I wanted to write this to show that I have finally resolved this issue. Since the kb250874 did not work for me I decided to take a break then dive deeper into it. As I was driving home from soemthign it popped into my head to check the Win2k DC domain security Policy.
This is what I did and I was able to promote my win2k3r2 servers to DC's
On the Win2k DC in the Domain Controller Security policy clicked local policies then selected user rights assignment and selected the
enable computer and user accounts to be trusted for delegation I added domain admins to that and replicated the policy and I was good to go..
Anyhow thats what I had to do.
I have the FSMO's moved over... no issues guess what is next?
o Marked As Answer by David Shen - MSFTMSFT, ModeratorWednesday, November 05, 2008 1:41 AM
• Wednesday, February 13, 2008 8:53 AM David Shen - MSFTMSFT, Moderator
Hi JZican,
1. Please verify that the DNS configuration of the Windows Server 2008 based computer has been pointed to the DNS server in current domain.
2. Try to join the Windows server 2008 computer to the current Windows 2003 domain first.
3. Run "adprep /forestprep" on the windows server 2003 domain controller which holds the schema operation master of the current domain to extend the schema.
4. Run "adprep /domainprep" on the windows server 2003 domain controller which holds the infrastructure master of current domain to prepare the domain.
5. To verify the schema changes, please try the following ways:
You may verify the level of the schema by using the "Adsiedit.exe" utility to view the "objectVersion" attribute in the properties of the "CN=schema, CN=configuration, DC= partition"
ObjectVersion = 44 (44 means that the schema is already for Microsoft Windows Server 2008)
6. After verifying the Schema version, you may run "dcpromo" on the Windows 2008 member server to promote it to be an additional domain controller of the current Windows 2003 domain.
7. If the dcpromo operation is not successful, please check the two log file on the problematic computer. Check if there are any error messages in them.
"%SystemRoot%\Debug\Dcpromo.log" and "%SystemRoot%\Debug\Dcpromoui.log"
Hope all the information helps.
David Shen
• Thursday, February 14, 2008 2:33 AM AlphaMic
Dear David,
Thank you for such a fast response. I actually just finished joining the Windows Server 2008 DC to the Windows Server 2003 Forest. It was actually a bad image that was given to me from Technet Direct. I Re-Downloaded the image and now it works. However the steps you have given me in your last post have helped solve other problems. Thank you so much for your help.
JZican
• Thursday, August 28, 2008 6:00 AM David Shen - MSFTMSFT, Moderator
Hi ninja6o4,
For this problem, there are several possible causes and also suggested action plan.
1. Network connectivity issue: please check if you can ping through from the problematic Windows Server 2008 computer to the Windows Server 2003 R2 PDC. If not, please verify there is no problem with the network device including routers, switches and cable between the 2 sites.
2. Windows Firewall issue: disable Windows Firewall service with all the profile by running the following command on the problematic computer.
Netsh advfirewall set allprofiles state off
3. DNS name resolution issue: please point the DNS of the Windows Server 2008 box to the Windows Server 2003 R2 box (it is possible a DNS serve in the scenario), and then run "ipconfig /flushdns", then run "nslookup" on the problematic server to check if you can resolve the FQDN name of the existing Windows Server 2003 R2 DC.
4. Duplicated computer name issue: Please verify that the computer name of the problematic server and the current domain controller is different.
5. Forest schema issue: please verify that the forest schema has been extended. You may refer to my previous replies.
6. NIC sequence issue :please check if there are several NICs on the problematic Windows Server 2008 computer. If so, please verify that the active NIC is on the top of the "Adaptors and Bindings" list.
Network and Sharing Center -> Manage network connections -> Advanced -> Advanced Settings -> Adaptors and Bindings -> Connections.
Afterwards, please first Add "Active Directory Domain Services" role via Server Manager on the problematic Windows Server 2008, and then run "dcpromo" to check if the issue still exists.
Hope this can be helpful.
________________________________________
David Shen - MSFT
o Marked As Answer byDavid Shen - MSFTMSFT, ModeratorThursday, October 23, 2008 8:41 AM
• Thursday, October 23, 2008 8:05 AM jimbudde
David,
I've run into the same problem with exact same error logs as Ninja604. I've followed your steps above and had the following results:
(The server at this point is simply a member server of the domain)
1. Connectivity via ping request works in both directions (SBS 2008 <-> SBS 2003), using both just hostname and FQDN.
2. Ran the command to turn off firewall
3. I was able to resolve SBS 2003 server using nslookup. all of the following resolved correctly, hostname, hostname.domain.local, domain.local
4. There is no duplicate name
5. Forest shema object version is 44.
6. Only one NIC in the server but confirmed there is only one NIC and it was above the Remote network bindings
7. Since I had left the AD binaries on the machine after previous failures, I went into the Server Roles and manually removed (rebooted for final removal, rebooted again) and then manually added the Role back. Prior to adding the role back I ran a Windows Update. After manually adding the AD role I still get the same errors after running dcpromo.
-Jim
I ran WireShark and got the following basic info which I’m hoping will be of help (the x.x.x.10 address is the SBS 2008 server and x.x.x.20 is the existing SBS 2003 server):
No. Time Source Destination Protocol Info
231 47.234223 192.168.1.10 192.168.1.20 SMB Negotiate Protocol Request
233 47.234773 192.168.1.20 192.168.1.10 SMB Negotiate Protocol Response
234 47.236801 192.168.1.10 192.168.1.20 TCP [TCP segment of a reassembled PDU]
235 47.236818 192.168.1.10 192.168.1.20 TCP [TCP segment of a reassembled PDU]
236 47.236827 192.168.1.10 192.168.1.20 SMB Session Setup AndX Request
237 47.237180 192.168.1.20 192.168.1.10 TCP microsoft-ds > 21581 [ACK] Seq=184 Ack=3077 Win=65535 Len=0
238 47.239295 192.168.1.20 192.168.1.10 SMB Session Setup AndX Response
239 47.240240 192.168.1.10 192.168.1.20 SMB Tree Connect AndX Request, Path: \\HOSTNAME.DOMAIN.LOCAL\IPC$
240 47.240621 192.168.1.20 192.168.1.10 SMB Tree Connect AndX Response
241 47.242091 192.168.1.10 192.168.1.20 SMB NT Create AndX Request, FID: 0x4004, Path: \srvsvc
242 47.242591 192.168.1.20 192.168.1.10 SMB NT Create AndX Response, FID: 0x4004
243 47.243168 192.168.1.10 192.168.1.20 DCERPC Bind: call_id: 1, 3 context items, 1st SRVSVC V3.0
244 47.243463 192.168.1.20 192.168.1.10 SMB Write AndX Response, FID: 0x4004, 160 bytes
245 47.244011 192.168.1.10 192.168.1.20 SMB Read AndX Request, FID: 0x4004, 1024 bytes at offset 0
246 47.244146 192.168.1.20 192.168.1.10 DCERPC Bind_ack: call_id: 1 Unknown result (3), reason: Abstract syntax not supported
247 47.244520 192.168.1.10 192.168.1.20 SRVSVC NetRemoteTOD request
248 47.244865 192.168.1.20 192.168.1.10 SRVSVC NetRemoteTOD response
249 47.245253 192.168.1.10 192.168.1.20 SMB Close Request, FID: 0x4004
250 47.245456 192.168.1.20 192.168.1.10 SMB Close Response, FID: 0x4004
251 47.249226 192.168.1.10 192.168.1.20 TCP [TCP segment of a reassembled PDU]
252 47.249249 192.168.1.10 192.168.1.20 SMB Session Setup AndX Request
253 47.249559 192.168.1.20 192.168.1.10 TCP microsoft-ds > 21581 [ACK] Seq=1131 Ack=6477 Win=65535 Len=0
254 47.251348 192.168.1.20 192.168.1.10 SMB Session Setup AndX Response, Error: STATUS_LOGON_TYPE_NOT_GRANTED
o Proposed As Answer byjimbudde Thursday, October 23, 2008 8:36 AM
o Marked As Answer byDavid Shen - MSFTMSFT, ModeratorThursday, October 23, 2008 8:41 AM
o Edited byjimbudde Thursday, October 23, 2008 8:45 AM
• Thursday, October 23, 2008 8:44 AM jimbudde
David,
Scratch the above, I still had some extra energy and found a fix posted on the following site, http://www.pcassistathome.co.uk/Tech%20Notes/index.html?330.htm for the given ERROR code in the trace file (despite the post being rather old).
The SOLUTION entailed changing the GPO security object that grants "Everyone" User Rights Assignment -> "Access this computer from the network" permission. I suggest people run the GPO modeler to determine which policy to change.
-Jim
o Marked As Answer byDavid Shen - MSFTMSFT, ModeratorFriday, October 24, 2008 7:24 AM
Saturday, October 25, 2008 12:03 AM Jason_C
Hi Jim,
Would you mind quoting the solution here? The link you provided points to some Activesync issue unrelated to this problem.
An update for Dave/everyone - After all the servers made it to our remote sites and were set up and replicating as expected, I did follow the suggestions you provided and everything looks perfectly fine. One thing I want to add if I didn't already is that this potential DC is a VM host in a 2008 Hyper-V.
-Jason
o Marked As Answer byDavid Shen - MSFTMSFT, ModeratorMonday, October 27, 2008 7:23 AM
• Monday, February 11, 2008 5:31 AM AlphaMic
Hello All,
I have apparently ran up against a problem tha I am not able to solve. The problem is, is that when I attempt to make a new Windows Server 2008 machine a Backup Domain Controller of a Windows Server 2003 Primary Domain Controller, I recieve the following message from DCPROMO:
The Operation Failed Because:
A domain controller could not be contacted for the domain
"Access Denied."
I am not exactly sure why this message is coming up, as I am using the bultin Administrator account, and I am able to ping the PDC.
Any suggesstions, ideas, or fixes is greatly appreciated.
Thanks!
Answers
• Tuesday, November 04, 2008 5:28 PM Miroslav Dvořák
Hi, we had the same problem and I found a solution at the end of this web site:
http://www.minasi.com/forum/topic.asp?TOPIC_ID=20461 (extract bellow)
It worked fine
___________________________________________________________
Posted - 11/20/2006 : 10:46:59 AM
________________________________________
Hello all - i see there has been 20+ reads and only replies by me.
I wanted to write this to show that I have finally resolved this issue. Since the kb250874 did not work for me I decided to take a break then dive deeper into it. As I was driving home from soemthign it popped into my head to check the Win2k DC domain security Policy.
This is what I did and I was able to promote my win2k3r2 servers to DC's
On the Win2k DC in the Domain Controller Security policy clicked local policies then selected user rights assignment and selected the
enable computer and user accounts to be trusted for delegation I added domain admins to that and replicated the policy and I was good to go..
Anyhow thats what I had to do.
I have the FSMO's moved over... no issues guess what is next?
o Marked As Answer by David Shen - MSFTMSFT, ModeratorWednesday, November 05, 2008 1:41 AM
• Wednesday, February 13, 2008 8:53 AM David Shen - MSFTMSFT, Moderator
Hi JZican,
1. Please verify that the DNS configuration of the Windows Server 2008 based computer has been pointed to the DNS server in current domain.
2. Try to join the Windows server 2008 computer to the current Windows 2003 domain first.
3. Run "adprep /forestprep" on the windows server 2003 domain controller which holds the schema operation master of the current domain to extend the schema.
4. Run "adprep /domainprep" on the windows server 2003 domain controller which holds the infrastructure master of current domain to prepare the domain.
5. To verify the schema changes, please try the following ways:
You may verify the level of the schema by using the "Adsiedit.exe" utility to view the "objectVersion" attribute in the properties of the "CN=schema, CN=configuration, DC=
ObjectVersion = 44 (44 means that the schema is already for Microsoft Windows Server 2008)
6. After verifying the Schema version, you may run "dcpromo" on the Windows 2008 member server to promote it to be an additional domain controller of the current Windows 2003 domain.
7. If the dcpromo operation is not successful, please check the two log file on the problematic computer. Check if there are any error messages in them.
"%SystemRoot%\Debug\Dcpromo.log" and "%SystemRoot%\Debug\Dcpromoui.log"
Hope all the information helps.
David Shen
• Thursday, February 14, 2008 2:33 AM AlphaMic
Dear David,
Thank you for such a fast response. I actually just finished joining the Windows Server 2008 DC to the Windows Server 2003 Forest. It was actually a bad image that was given to me from Technet Direct. I Re-Downloaded the image and now it works. However the steps you have given me in your last post have helped solve other problems. Thank you so much for your help.
JZican
• Thursday, August 28, 2008 6:00 AM David Shen - MSFTMSFT, Moderator
Hi ninja6o4,
For this problem, there are several possible causes and also suggested action plan.
1. Network connectivity issue: please check if you can ping through from the problematic Windows Server 2008 computer to the Windows Server 2003 R2 PDC. If not, please verify there is no problem with the network device including routers, switches and cable between the 2 sites.
2. Windows Firewall issue: disable Windows Firewall service with all the profile by running the following command on the problematic computer.
Netsh advfirewall set allprofiles state off
3. DNS name resolution issue: please point the DNS of the Windows Server 2008 box to the Windows Server 2003 R2 box (it is possible a DNS serve in the scenario), and then run "ipconfig /flushdns", then run "nslookup" on the problematic server to check if you can resolve the FQDN name of the existing Windows Server 2003 R2 DC.
4. Duplicated computer name issue: Please verify that the computer name of the problematic server and the current domain controller is different.
5. Forest schema issue: please verify that the forest schema has been extended. You may refer to my previous replies.
6. NIC sequence issue :please check if there are several NICs on the problematic Windows Server 2008 computer. If so, please verify that the active NIC is on the top of the "Adaptors and Bindings" list.
Network and Sharing Center -> Manage network connections -> Advanced -> Advanced Settings -> Adaptors and Bindings -> Connections.
Afterwards, please first Add "Active Directory Domain Services" role via Server Manager on the problematic Windows Server 2008, and then run "dcpromo" to check if the issue still exists.
Hope this can be helpful.
________________________________________
David Shen - MSFT
o Marked As Answer byDavid Shen - MSFTMSFT, ModeratorThursday, October 23, 2008 8:41 AM
• Thursday, October 23, 2008 8:05 AM jimbudde
David,
I've run into the same problem with exact same error logs as Ninja604. I've followed your steps above and had the following results:
(The server at this point is simply a member server of the domain)
1. Connectivity via ping request works in both directions (SBS 2008 <-> SBS 2003), using both just hostname and FQDN.
2. Ran the command to turn off firewall
3. I was able to resolve SBS 2003 server using nslookup. all of the following resolved correctly, hostname, hostname.domain.local, domain.local
4. There is no duplicate name
5. Forest shema object version is 44.
6. Only one NIC in the server but confirmed there is only one NIC and it was above the Remote network bindings
7. Since I had left the AD binaries on the machine after previous failures, I went into the Server Roles and manually removed (rebooted for final removal, rebooted again) and then manually added the Role back. Prior to adding the role back I ran a Windows Update. After manually adding the AD role I still get the same errors after running dcpromo.
-Jim
I ran WireShark and got the following basic info which I’m hoping will be of help (the x.x.x.10 address is the SBS 2008 server and x.x.x.20 is the existing SBS 2003 server):
No. Time Source Destination Protocol Info
231 47.234223 192.168.1.10 192.168.1.20 SMB Negotiate Protocol Request
233 47.234773 192.168.1.20 192.168.1.10 SMB Negotiate Protocol Response
234 47.236801 192.168.1.10 192.168.1.20 TCP [TCP segment of a reassembled PDU]
235 47.236818 192.168.1.10 192.168.1.20 TCP [TCP segment of a reassembled PDU]
236 47.236827 192.168.1.10 192.168.1.20 SMB Session Setup AndX Request
237 47.237180 192.168.1.20 192.168.1.10 TCP microsoft-ds > 21581 [ACK] Seq=184 Ack=3077 Win=65535 Len=0
238 47.239295 192.168.1.20 192.168.1.10 SMB Session Setup AndX Response
239 47.240240 192.168.1.10 192.168.1.20 SMB Tree Connect AndX Request, Path: \\HOSTNAME.DOMAIN.LOCAL\IPC$
240 47.240621 192.168.1.20 192.168.1.10 SMB Tree Connect AndX Response
241 47.242091 192.168.1.10 192.168.1.20 SMB NT Create AndX Request, FID: 0x4004, Path: \srvsvc
242 47.242591 192.168.1.20 192.168.1.10 SMB NT Create AndX Response, FID: 0x4004
243 47.243168 192.168.1.10 192.168.1.20 DCERPC Bind: call_id: 1, 3 context items, 1st SRVSVC V3.0
244 47.243463 192.168.1.20 192.168.1.10 SMB Write AndX Response, FID: 0x4004, 160 bytes
245 47.244011 192.168.1.10 192.168.1.20 SMB Read AndX Request, FID: 0x4004, 1024 bytes at offset 0
246 47.244146 192.168.1.20 192.168.1.10 DCERPC Bind_ack: call_id: 1 Unknown result (3), reason: Abstract syntax not supported
247 47.244520 192.168.1.10 192.168.1.20 SRVSVC NetRemoteTOD request
248 47.244865 192.168.1.20 192.168.1.10 SRVSVC NetRemoteTOD response
249 47.245253 192.168.1.10 192.168.1.20 SMB Close Request, FID: 0x4004
250 47.245456 192.168.1.20 192.168.1.10 SMB Close Response, FID: 0x4004
251 47.249226 192.168.1.10 192.168.1.20 TCP [TCP segment of a reassembled PDU]
252 47.249249 192.168.1.10 192.168.1.20 SMB Session Setup AndX Request
253 47.249559 192.168.1.20 192.168.1.10 TCP microsoft-ds > 21581 [ACK] Seq=1131 Ack=6477 Win=65535 Len=0
254 47.251348 192.168.1.20 192.168.1.10 SMB Session Setup AndX Response, Error: STATUS_LOGON_TYPE_NOT_GRANTED
o Proposed As Answer byjimbudde Thursday, October 23, 2008 8:36 AM
o Marked As Answer byDavid Shen - MSFTMSFT, ModeratorThursday, October 23, 2008 8:41 AM
o Edited byjimbudde Thursday, October 23, 2008 8:45 AM
• Thursday, October 23, 2008 8:44 AM jimbudde
David,
Scratch the above, I still had some extra energy and found a fix posted on the following site, http://www.pcassistathome.co.uk/Tech%20Notes/index.html?330.htm for the given ERROR code in the trace file (despite the post being rather old).
The SOLUTION entailed changing the GPO security object that grants "Everyone" User Rights Assignment -> "Access this computer from the network" permission. I suggest people run the GPO modeler to determine which policy to change.
-Jim
o Marked As Answer byDavid Shen - MSFTMSFT, ModeratorFriday, October 24, 2008 7:24 AM
Saturday, October 25, 2008 12:03 AM Jason_C
Hi Jim,
Would you mind quoting the solution here? The link you provided points to some Activesync issue unrelated to this problem.
An update for Dave/everyone - After all the servers made it to our remote sites and were set up and replicating as expected, I did follow the suggestions you provided and everything looks perfectly fine. One thing I want to add if I didn't already is that this potential DC is a VM host in a 2008 Hyper-V.
-Jason
o Marked As Answer byDavid Shen - MSFTMSFT, ModeratorMonday, October 27, 2008 7:23 AM
среда, 11 ноября 2009 г.
NetApp FAS2040
Trinity, технический блог: Новости – понятные и не очень.
NetApp расширил линейку систем хранения начального уровня, выпустив FAS2040.
Как и остальные системы 2000й серии, FAS2040 рассчитана на использование SAS и SATA дисков (до 12ти внутри контроллерного модуля), но расширяться может не только при помощи “классических” полок с FC или SATA дисками, но и уже чуть ранее объявленными SAS полками, так как на каждом контроллере есть по одному SAS порту. С одной стороны, система “помещена” между FAS2020 и FAS2050, но практически по всем характеристикам она превосходит и ту, и другую – расширяется до 136 дисков, имеет 8ГБ памяти, 8 портов ethernet и 4 порта FC (на два контроллера). Нет только возможности устанавливать в контроллер платы расширения, которая есть у FAS2050. Помимо объявления новой системы, сделано очень интересное предложение для покупателей FAS2020 – теперь они получат NFS и CIFS совершенно бесплатно (как и iSCSI). Видимо все больше ощущается конкуренция на рынках SMB со стороны Windows Storage Server, поэтому и было принято решение отдать CIFS в младшей системе даром, но наличие NFS и iSCSI (а также возможность получить двухконтроллерную систему) делает очень привлекательным использование FAS2020 не только для хранения файлов, но и в качестве хранилища для виртуальных машин VMware.
NetApp расширил линейку систем хранения начального уровня, выпустив FAS2040.
Как и остальные системы 2000й серии, FAS2040 рассчитана на использование SAS и SATA дисков (до 12ти внутри контроллерного модуля), но расширяться может не только при помощи “классических” полок с FC или SATA дисками, но и уже чуть ранее объявленными SAS полками, так как на каждом контроллере есть по одному SAS порту. С одной стороны, система “помещена” между FAS2020 и FAS2050, но практически по всем характеристикам она превосходит и ту, и другую – расширяется до 136 дисков, имеет 8ГБ памяти, 8 портов ethernet и 4 порта FC (на два контроллера). Нет только возможности устанавливать в контроллер платы расширения, которая есть у FAS2050. Помимо объявления новой системы, сделано очень интересное предложение для покупателей FAS2020 – теперь они получат NFS и CIFS совершенно бесплатно (как и iSCSI). Видимо все больше ощущается конкуренция на рынках SMB со стороны Windows Storage Server, поэтому и было принято решение отдать CIFS в младшей системе даром, но наличие NFS и iSCSI (а также возможность получить двухконтроллерную систему) делает очень привлекательным использование FAS2020 не только для хранения файлов, но и в качестве хранилища для виртуальных машин VMware.
Подписаться на:
Сообщения (Atom)