Windows-Server-2016-Slider-Whats-new-in-Hyper-V

Look at all the awesome new features in Hyper-V server 2016. Really excited to give it a try!

Download your Technical Preview here:
https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-technical-preview?WT.mc_id=Blog_WS_Announce_TTD

Just to name a few:

Virtual Machine Protection

  • Trust is the biggest blocker to cloud adoption
  • MS wants customers to know their data is secure
  • Virtual TPM and secure boot with Linux (Ubuntu 14.04 or later and SUSE)
  • Shielded Virtual Machines – Supports bitlocker inside of the VM, plus other features

Isolation

  • Storage QoS
  • Can set a policy that caps the IOPS across multiple VMs and they share the policy
  • Great for service providers
  • Host resource protection: Dynamically identify VMs that are not playing well and reduce their resource allocation. Can help protect against malware taking over resources.

Availability

  • Today, if you have a temp network outage the hyperV cluster will panic and fall apart in a very bad way. If the storage outage goes above 60 seconds, I/Os will fail and the guest OS will likely crash.
  • Virtual machine storage resiliency – VM is paused/suspended until storage access resumes
  • Virtual machine cluster resiliency – 4 minute timeout for cluster services being stopped, with automatic healing. Another resiliency feature for flapping cluster services due to HW issues, and the host will be quarantined and VMs live migrated off after a certain period.

Shared VHDX

  • Going to allow host based (agent free) backups with shared VHDXs
  • Now you can back up cluster as easy as standalone servers
  • Now allows online resizing of shared VHDXs
  • New VHDX type: VHDS

Replica support for hot add of VHDX. When you add a new disk it added it’s into the non-replicated set.

Runtime resize of memory – For Ws2016 and Windows 10, you can increase/decrease the runtime memory while the VM is running.

Hot add/remove of network adapters. Applicable to Generation 2 VMs only.

Rolling cluster upgrade

  • You can now upgrade a 2012 R2 Hyper-V to WS Tech Preview 2 with no downtime, no new hardware, and ability to rollback.

Operational Improvements

  • Production checkpoints – Uses VSS instead of saved state to create checkpoint. Fully supported in production. FINALLY!

PowerShell Direct to Guest OS

ReFS Accelerated VHDX Operations – Instant fixed disk creation and merging of checkpoints. “Instantly” create fixed disks in about 3 seconds of almost any size. Merging checkpoints happens without data being copied.

Changing how we handle VM servicing

  • Integration components are now distributed via Windows update

Evolving Hyper-V Backup: New architecture plus change block tracking is now native

VM Configuration files: VMCX and VMRS. Now a binary format efficient at scale

Source:
http://blogs.technet.com/b/windowsserver/archive/2015/05/04/what-s-new-in-windows-server-2016-technical-preview-2.aspx

We have  custom APP that is used internally only, and even though the UAC is disabled it was throwing this annoying error:

security warning.zoom60

The fix is relatively easy, you just have to be cautious as it might cause potential harm.

1. Navigate to: (REGJUMP is your best friend for that!)

2. Add a new ‘String Value’, call it ‘LowRiskFileTypes’ and give it the value ‘.exe’.
3. Make sure to remove the ‘.exe’ from the ‘HighRiskFileTypes’ list.
4. Reboot.

Again, the warning, it poses extra risk as it will not warn when the user opens another ‘.exe’ file. We have great backups, users only use the same apps and have no rights to install things, so I am comfortable applying it this way.

We have a huge cloud migration coming up and have been syncing data for weeks now. It finally finished syncing, however the sync tool that we use broke the NTFS permissions… so I was looking for a way to export and import the NTFS permissions only.

ICACLS seem to work pretty good for that.

Just a word of warning, the more files and folders you have, the longer it takes. The import took several hours for me.

Source:
– https://marckean.wordpress.com/2013/01/03/copy-ntfs-permissions-only-and-no-data-from-source-to-target/

I run today into an odd issue, a user was not able to to RDP into their new Terminal Server.

RDC1

 

When you check on the RDP connection tab it says NLA is not supported.

RDC2

The cause seems to be an issue with a DLL file in the Registry.

And here is fix:

Configure Network Level Authentication
1. Click Start, click Run, type regedit, and then press ENTER.
2. In the navigation pane, locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
3. In the details pane, right-click Security Packages, and then click Modify.
4. In the Value data box, type tspkg. Leave any data that is specific to other SSPs, and then click OK.
5. In the navigation pane, locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
6. In the details pane, right-click SecurityProviders, and then click Modify.
7. In the Value data box, type credssp.dll. Leave any data that is specific to other SSPs, and then click OK.
8. Exit Registry Editor.
9. Restart the computer.

 

Sources:
– http://www.powercram.com/2009/07/enabling-network-level-authentication.html#
– https://community.dynamics.com/gp/b/gpdynland/archive/2013/07/26/windows-7-remote-desktop-connection-error-remote-computer-requires-network-level-authentication