IT Consultant Everyday Notes

Just some problems/solutions storage

Category Archives: VMWare

Azure: Migrated VM cannot start with 0x000000e

I recently migrated some VMs to Azure for one of my Customers. VMs were in Production and the Customer was not ready to switch IP address to DHCP before migration. Unfortunately neither ASR nor MVMC was an option and I stopped on Disk2VHD tool by Mark Russinovich following PowerShell Add-AzureVHD cmdlet for the VHD upload.

To speed up the process I connected an empty virtual disk to the migrated machine and save VHD on it. After the VHD was captured by the tool I mounted it and edited registry to enable DHCP on its network adapter.

That was a mistake (I found that hard way after several hours of uploading the VHD to Azure). The VM built from the VHD failed to start. Fortunately we can now see Boot Diagnostics, so I found the VM failed with

Status: 0x000000e

Info: The boot selection failed because a required device is inaccessible.

image

Internet brought nothing about VM migration to Azure with such error Sad smile

I finally found an article from Mark himself where he described exactly scenario I had (except migration to Azure). The main point – never open captured VHD on the same machine where the source disk is. That will break disk signature on VHD and it become unbootable.

Fortunately Mark described how to fix the signature.

1. Mount the VHD in Disk Manager (it should give its volumes letters since there is no signature conflict at that point)

2. Load DCD hive (located under hidden \Boot folder in root of one of the volumes) to regedit

3. Search for “Windows Boot Manager”

4. Open key 11000001 under the same elements

5. Double Click Element reg value in this key and look for Offset 0x38. We need first four bytes

6. Write down the bytes in reverse order (last byte first, third one after that, then second one and the first byte) . For example if you have four first bytes in 0x38 offset as 38 d5 5C C0 your disk signature will be c05cd538

7. Unload hive and close regedit

8. Start Diskpart tool and connect to the disk you are fixing

9. Invoke the DISKPART command:   uniqueid disk id=c05cd538   (change signature to yours). At this point you should see VHD going offline in Disk Manager due to signature conflict with the source drive. This is expected, do not bring it online

10. Unmount VHD

At this point the disk signature should be fixed and disk is expected to be bootable again.

Advertisements

ADFS: Integration with VMWare Virtual Cloud Director

 

Milos and I tested an integration between VMWare Virtual Cloud Director (VCD) and Microsoft SSO implementation – ADFS installed on Windows Server 2012 R2. We used this ARTICLE in Dutch as a guidance.

1. Install ADFS role on 2012 R2 Server

2. Plan a name for ADS services. The name cannot be the same as the server name: if your server called server1.yourdomain.com call ADFS as sso.yourdomain.com  for example. Think abut external name if applicable. Request a certificate with EKU = Server Authentication (from WEB template) for the server. ADFS supports wildcard certificates or add all your ADFS service names to it as Subject Alternative Names (SANs)

3. Create an account for ADFS or use Group Managed Service Account (GMSA).

3.1 To create a GMSA:

Add-KdsRootKey –EffectiveTime (Get-Date).AddHours(-10)
New-ADServiceAccount FsGmsa –DNSHostName server1.yourdomain.com -ServicePrincipalNames https/server1.yourdomain.com

3.1 Create a test user in AD and set its email. Email is important it will be used for claims.

4. Add KDS Root Key (if not added with GMSA)

Add-KdsRootKey –EffectiveTime (Get-Date).AddHours(-10)

2. Go to ADFS roles and Click Additional Configuration Required. Configure ADFS (default configuration with Internal Database)

3. Add SSO.yourdomain.com to your DNS to be sure both VCD and Clients can resolve it.

4. After installation go to https://sso.yourdoamin.com/FederationMetadata/2007-06/FederationMetadata.xml and save it.

———————————   VCD SIDE   ———————————————-

5. Log on to VCD as administrator https://vcd.yourdomain.com/cloud/org/yourorg/.

6. Go to Administration-Federation

7. Select SAML Identity Provider

8. Copy content of XML file saved in step 4.

9. Go to User Management – Import Users and import a user as SAML User  with Name ID matching to e-mail of the user in Active Directory. For example user@yourdomain.com

10. Open Internet Explorer and navigate to https://vcd.yourdomain.com/cloud/org/yourorg/saml/metadata/alias/vcd save the file.

11. Copy vcd file to ADFS as vcd.xml

————————————————–  ADFS Part   ————————————————————–

12. Configure Relying Part Trust

12.1 login to ADFS as a Domain Administrator

12.2 Open ADFS Management Console

12.2 Right-Click “Relying Party Trust” and select “Add Relying Party Trust”

12.3 Click Start

12.4 Select “Import data about the relying party from a file and point the Wizard to the file saved in step 11

12.5 Click Ok in Warning Window

12.6 Add a Display name (for ex. VCD)

12.7 Do not add Multi-factor authentication or rules. Just finish the Wizard.

12.8 Right-Click newly created Relying Party Trust and select Properties

12.9 Under Advanced tab switch Hash Algorithm to SHA-1

i13. n original step it is marked as Optional but we found iintegration does not work without it. So, open PowerShell as Administrator and run:

Add-PSSnapin Microsoft.Adfs.Powershell       <—– NOT REQUIRED FOR Server 2012 R2
Set-ADFSRelyingPartyTrust -TargetName “vCD” -EncryptClaims $False

14. Configure ADFS Claims

14.1 Right-Click Relying Party Trust created in step 12. And select Edit Claim Rules

14.2 Click Add Rule

14.2.1 Select Send LDAP Attribute as Claims; Click Next

14.2.2 Add Claim Rule Name (for example “LDAP Attribute E-Mail Address”)

14.2.3 Select Active Directory as Attribute Store

14.2.4 In LDAP Attribute column select “E-mail Addresses”

14.2.5 In Outgoing Claim Type select “E-Mail Address”

14.2.6 Click Finish

14.3. Click Add Rule again

14.3.1 Select Transform an Incoming Claims; Click Next

14.3.2 Add Claim Rule Name (for example “Transform an incoming claims”)

14.3.3. In Incoming Claim type select “ E-MAil Address”

14.3.4 In Outgoing Claim Type select “Name ID”

14.3.5 Verify Pass through all claim values is selected

14.3.6 Click Finish

At this point you should have two rules like this:

 

image

ADFS is configured and you should be able to connect to VCD via ADFS

SCCM 2012: Preparing XP gold image

1. Prepare VM (on VMWare Workstation 8.0)

– VM type: Windows XP

– HDD: SCSI (check .vmdk file to verify SCSI type is set to BusLogic)

– Network adapter E1000 ( enter ethernetN.virtualDev = "e1000"  in VM configuration (.vmx) file. N is the adapter index, if there is only one adapter it will be 0)

2. Prepare SCCM boot image.

– Extract SCSI drivers from wimndows.iso in VMWare Workstation installation folder

– Add the drivers to 32-bit image

3. Prepare Driver package

– Create n empty Driver Package

– Add SCSI drivers to the package

– Download drivers from Intel site (Prowin32.exe)  http://downloadcenter.intel.com/detail_desc.aspx?agr=Y&DwnldID=18717

– Extract drivers to a temp folder and import them to the prepared Driver Package. Note: (some drivers are for Windows 8 and will give you an error).

4. Prepare Deployment Tool Package

– Extract \Support\Tools\Deploy.cab  to a tem folder

-Create a package using the temp folder as a source (we do not need any Program)

5. Create a package containing Software Updates for XP and Deploy it to a collection containing the reference machine (otherwise “Install Updates” step won’t work

6. Prepare Task Sequence:

– Add a TS variable OSDDiskpartBiosCompatibilityMode=TRUE to workaround Uberbug issue

image

-Add Apply Driver Package Step to apply VMWare drivers for XP

image

Note: If you use a Hyper-V based machine you do not need any additional drivers (but still need Uberbug step and a package for Deployment tools)

Note. As soon as the image is captured remove the .wim file from the destination folder. SCCM cannot manage situation when the destination file is already exists and the TS will fail if you will decide to recapture the image.

Speed up graphics in Windows Servers running on VMWare platform

Found an article explaining procedure of speeding up graphics on VMWare-based VMs (in addition to VMWare Tools installation). The matter in face even with installed VMWare tools the machines are mot using WDDM driver. Bust they can be installed manually from C:\Program Files\Common Files\VMware\Drivers\wddm_video. The drivers can also be injected in WinPE images.