Hyper-V on Server Core

Installing Hyper-V on a Server Core installation of Windows Server 2008 makes sense from a supportability and improving security perspective. It can be a challenge, here are some procedures, tips and resources to help you.

You can use unattended setup to configure a server running a Server Core installation and Hyper-V. For more information about unattended setup settings, see the Windows Automated Installation Kit (AIK). You can find more information and a sample unattend.xml file in the Server Core Installation Option of Windows Server 2008 Step-By-Step Guide.

NOTE: There is no way to upgrade from a full installation of Windows Server 2008 or a previous version of Windows Server to a Server Core installation. Only a clean installation is supported. There is no way to upgrade from a Server Core installation to a full installation of Windows Server 2008. If you need the Windows user interface or a server role that is not supported in a Server Core installation, you should install a full installation of Windows Server 2008.

If you close all local command prompts while installing the Hyper-V role, you will have no way to manage the Server Core installation. If this happens, press CTRL+ALT+DELETE, click Start Task Manager, click File, click Run, and type cmd.exe. Alternatively, you can log off and log on again.

Install Hyper-V on a Server Core installation

1. You must perform a Server Core installation before you install the Hyper-V role. For instructions, see the Server Core Installation Option of Windows Server 2008 Step-By-Step Guide, and complete the following tasks:

   • Setting the administrative password

   • Setting a static IP address (if required)

   • Activating the server

     You cannot activate a Server Core installation through a firewall that requires users to log on because there is no Web browser on a Server Core installation. Instead, you can activate by phone, using a Key Management Service (KMS) server, or remotely by typing the following command at a command prompt of a computer that is running Windows Vista or Windows Server 2008:

     cscript windows\system32\slmgr.vbs <ServerName> <UserName> <password>:-ato

   • Configuring the firewall for remote administration if you will be using a Microsoft Management Console (MMC) snap-in other than the Hyper-V snap-in for remote management

   • Joining a domain

     If you are going to join a server running a Server Core installation to an existing Windows domain, you need a user name and password for an account that has the administrative credentials to join a computer to the domain.

2. After you have installed Windows Server 2008, you must apply the Hyper-V update packages for Windows Server 2008 (KB950050). NOTE: Once you install these server updates, you will not be able to remove them. You should also apply any other require updates before you install the Hyper-V role.

   To view the list of software updates and see if any are missing, at the command prompt, type:

   wmic qfe list

   If you do not see “kbid=950050”, download the Hyper-V updates and then type the following command at a command prompt:

   wusa.exe Windows6.0-KB950050-x64.msu /quiet

   There are three update packages. The Update for Windows Server 2008 x64 editions (KB 950050), and Language pack for Hyper-V (KB951636) must be installed on the parent partition of the Server Core installation. After you install the server update you must restart the server.

   The Update for Windows Server 2008 (KB952627) is for remote management of the Server Core installation if you are managing the server from a computer running Windows Vista Service Pack 1 (SP1), and must be installed on the computer running Windows Vista SP1.

   Before you enable the Hyper-V role, ensure that you have enabled the required hardware-assisted virtualization and data execution prevention BIOS settings. Checks for these settings are performed before you enable the Hyper-V role on a full installation, but not on a Server Core installation.

   After you make the BIOS configuration changes to enable the required hardware features, you must complete a full power-cycle before proceeding. If you enable the Hyper-V role without modifying the BIOS settings, the Windows hypervisor may not work as expected. If this happens, check the event log for details, modify the BIOS settings according to the server hardware manufacturer instructions, complete a full power-cycle to restart the Server Core installation, and then install Hyper-V again.

   To check if your server hardware is compatible, see https://windowsservercatalog.com/. Click on the list of Certified Servers, and then click By additional qualifications – Hyper-V. For instructions about how to enable the BIOS settings, check with your hardware manufacturer.

3. The syntax for Ocsetup.exe is case sensitive. To install the Hyper-V role, at a command prompt, type:

   start /w ocsetup Microsoft-Hyper-V

4. Rename the server, if required. If your computer is joined to a domain, at a command prompt, type:

   netdom renamecomputer %computername% /NewName:<newname> /UserD:<domainusername> /PasswordD

   If your computer is not joined to a domain, at a command prompt, type:

   netdom renamecomputer %computername% /NewName:<newname>

   You must supply a value for placeholder text in angle brackets (<>)—do not type the brackets.

5. Enable Remote Desktop for Administration if you want to manage the server running a Server Core installation remotely. At a command prompt, type:

   cscript c:\windows\system32\scregedit.wsf /ar 0.

   If you are running the Terminal Services client on a previous version of Windows, you must turn off the higher security level that is set by default in Windows Server 2008. To do this, at a command prompt, type:

   cscript C:\Windows\System32\Scregedit.wsf /cs.

6. Add a user or group to the local Administrators group so that they can manage the Server Core installation remotely. To add a user to the local Administrators group, you must first add the user. At a command prompt type:

   net user <username> * /add

   To add a user to the local Administrators group, at a command prompt, type:

   net localgroup administrators /add <user>

   You cannot perform all management and configuration tasks at a command prompt or remotely through an MMC snap-in. A server that is running a Server Core installation does not generate any notifications for activation, new updates, or password expiration because these notifications require the Windows Explorer shell, which is not part of the Server Core installation. You can use the Scregedit.wsf script included with the Server Core installation to configure the following settings:

   • Enable automatic updates
   • Enable Remote Desktop for Administration
   • Enable Terminal Server clients on previous versions of Windows to connect to a server running a Server Core installation
   • Configure DNS SRV record weight and priority
   • Manage IPsec Monitor remotely

   The script is located in the \Windows\System32 folder of a server running a Server Core installation. At a command prompt, open the folder, and then use the following command to display the usage instructions for these options:

   cscript scregedit.wsf /?

   You can use this command with the /cli option to display a list of common command-line tools and their usage. To view your current Remote Desktop for Administration Settings, use the /v option. A "1" in the script output (without the quotes) means that remote connections are denied. A "0" means that remote connections are allowed.

7. If you wish to improve security by using BitLocker Drive Encryption to protext the server and VMs running on it, you should install the BitLocker feature before running any VMs. To install the BitLocker feature, at a command prompt type:

   start /w ocsetup BitLocker

   The BitLocker Drive Encryption feature requires additional hardware and BIOS configuration. For more information about using BitLocker with Hyper-V see Windows Server 2008 Hyper-V and BitLocker Drive Encryption.

8. Reboot the server by to make the changes take effect. At a command prompt type:

   shutdown /r /t 0

   The remote management tools are designed to manage one server running the Hyper-V role and the virtual machines on that server. To manage multiple servers running Hyper-V you can use System Center Virtual Machine Manager (SCVMM).

Additional information

• Windows Server 2008 Command Reference A-Z List

• OCSetup Command-Line Options for turning on BitLocker and such

  You can use the Manage-bde.wsf script to encrypt data volumes. To view more detailed Help for this script, type the following command:

  cscript.exe %windir%\system32\manage-bde.wsf -h

  If your server is domain-joined implement the guidelines in Configuring Active Directory to Back up Windows BitLocker Drive Encryption and Trusted Platform Module Recovery Information, so that BitLocker recovery information (such as recovery passwords) will be automatically backed up to Active Directory whenever this information is created and changed.

• Windows Server 2008 Evaluation Virtual Hard Drive Images (for Hyper-V) (two images - one Full and one Server Core)

• Scott Hinsley's What is Server Core? blog post

• Keith Combs's webcast on Server Core Hyper-V Prerequisites

• The Vista SP1 x64 Management package.

• The Vista SP1 x86 Management package.

• The Windows Server 2008 x86 Management package.  Note This package is permanent. Once installed, it cannot be uninstalled.

• Windows Server 2008 Hyper-V and BitLocker Drive Encryption white paper.

Comments

• Anonymous
  November 27, 2008
  PingBack from http://blog.networkfoo.org/?p=251