FIX: Cannot boot VM from ISO to install OS

Just sharing a quick fix for an issue you may encounter when working in secure environments.

The issue

I encountered a Hyper-V VM in the lab today that would not boot from an Ubuntu ISO image. No matter what I did, the VM went straight to attempting PXE boot (even with network boot at bottom of boot order list).

The fix

Then, I noticed in the VM Settings, the Enable Secure Boot option was checked. This feature (available only on gen 2, UEFI VMs) prevents unauthorized code from running at boot time…which includes random ISOs mounted to the VM.

image

Uncheck the ‘Enable Secure Boot’ option, and the VM will boot from the ISO as expected.

Read more about Secure Boot at https://blogs.technet.microsoft.com/dubaisec/2016/03/14/diving-into-secure-boot/

How to enable hibernation on a Guarded Host running Windows 10 Fall Creators Update

The Guarded Host feature (pictured below) allows us to run shielded VMs on Hyper-V with remote attestation. While uncommon on Windows 10, it can come up both in lab testing and developer scenarios in ultra-secure environments. In this case, a user noticed hibernation was disabled once the Guarded Host feature was enabled.  What’s more, it would not come back through changing the normal settings.

I assume this may not have been true on previous versions of Windows 10, as in this case, Guarded Host was in use for some time on previous Wndows 10 builds.

Figure 1. Guarded Host setting in Windows Feature dialogue

The fix
It turns out there is a setting in the registry that appears to be added when you enable the Guarded Host feature is installed. Find the registry key:

HKLM\SYSTEM\ControlSet001\Control\Power\ForceHibernateDisabled

Then, find the value GuardedHost, which will be set to 1 by default.

Change this value to 0 (the number zero) and reboot.

After reboot, hibernation will again be available.


	

Switch from dynamic IP to IP Pool in VMM 2016

Recently I migrated a VM from standalone Hyper-V server in 2016 to a Hyper-V cluster managed by Virtual Machine Manager (VMM) 2016. The VM was using DHCP for addressing and I wanted to flip it to get its address from the IP pool assigned to its logical network in VMM. However, even with the VM powered off, I found the setting to flip the VM to use a static IP was grayed out in the UI.

VM_Settings

How to fix? PowerShell, via the VMM cmdlets. Here is a sample script, intended to run on your VMM server.

$vm = Get-ScvirtualMachine -Name “<My VM Name>"

$staticIPPool = Get-SCStaticIPAddressPool -Name "< Name of my IP Pool>"

Grant-SCIPAddress -GrantToObjectType "VirtualNetworkAdapter" -GrantToObjectID$vm.VirtualNetworkAdapters[0].ID -StaticIPAddressPool $staticIPPool

Set-SCVirtualNetworkAdapter -VirtualNetworkAdapter $vm.VirtualNetworkAdapters[0]-IPv4AddressType static

<pre>

Questions or comments? Use the comments section below.

Veeam Management Pack v8 for VMware and Hyper-V

Veeam have released version 8 of their management pack for System Center 2012 R2 Operations Manager. Veeam is great for comprehensive monitoring of both Hyper-V and VMware deployments. In mixed Hyper-V and VMware mixed environments, the Veeam pack also offers a very consistent view of fabric health across the two platforms, providing a unified monitoring experience for heterogeneous environments. Most importantly, I find the Veeam pack delivers actionable alerts and data visualizations, enabling quick incident response instead of hours of digging for root cause.

I encourage any System Center administrator looking for a comprehensive virtualization monitoring approach to check it out.

New in Veeam Management Pack v8

  • Support for VMware vSphere v6
  • Enhanced Hyper-V Support
  • Veeam Morning Coffee Dashboard & Report
  • Hybrid Cloud planning for Microsoft Azure and VMware vCloud Air
  • Detailed snapshot and checkpoint tracking
  • Visibility for Veeam Backup & Replication

Get the What’s New Guide or download the Free Trial.

 

Now Available: Updated Best Practices for Monitoring VMware

You can download an updated copy of a whitepaper I wrote with my friends Alec King and Cameron Fuller, discussing effective monitoring of vSphere hosts and virtualized workloads with the latest version of the Veeam MP for VMware.

Download this white paper and discover the 6 key concepts to get the most out of VMware vSphere and Microsoft System Center Operations Manager, including:

  • Monitoring with the “private cloud fabric” in mind
  • Sorting the actionable alerts from alert “noise”
  • Understanding override behavior and best practices
  • And more!

http://www.veeam.com/wp-best-practices-monitoring-vmware-vsphere-scom-fuller-king-zerger.html

How to resolve non-OS disks offline in multi-disk VM deployment from template

Best practices for server configuration generally suggest installing applications / app data to a separate disk and volume than the OS. However, when you deploy a Windows 2008 or 2012 VM from a VM template in System Center 2012 R2 Virtual Machine Manager (VMM), you may find the second disk (vhd or vhdx) containing the application partition in an offline or uninitialized state when the VM is deployed from the template. The error you will see is “the disk is offline because of policy set by an administrator”.

Root Cause and Fix

This issue is caused by the default SAN Policy setting in Windows 2008 and Windows 2012. SAN policy was introduced in Windows Server 2008 to protect shared disks being accessed by multiple servers. If (and only if) the disk is not shared amongst other servers, you can change the SAN Policy setting to OnlineAll setting to get around this.

Perform these steps before running sysprep to create the VM template for VMM will ensure all the disks in a multi-disk VM template are in an online state on first boot.

To verify the current SAN Policy setting

From a command prompt, type DISKPART.EXE  and then press Enter.

DISKPART> san and then press Enter.

If the default is in place, this command will return a status of “Offline Shared”

To change SAN Policy to OnlineAll, type the following at the DISPART prompt: 

san policy=OnlineAll  and then press Enter.

Now you can sysprep your VM to make your template with the assurance that non-OS disks in your template will be online on first boot.