In this security conscious age, it makes sense to build your hypervisor (the layer that has access to EVERYTHING that goes to the physical resources in a virtual scenario) on a hardened underlying operating system. In order to allow for this, Microsoft has constructed Hyper-V so that you can use the Server Core edition of the operating system to install Hyper-V on. Installing on Server Core allows you to minimize the footprint of the operating system and the attendant vulnerabilities potentially created by the number of unnecessary components in the full Windows Server 2008 install (like the .NET framework, for example). The drawback is that you do not have the user friendly windows and elements provided by those "unnecessary components".
Falconic Note: Make sure that you have installed server manager on another computer so you can administer your Hyper-V instance. For best results, your server core installation would ideally be in a domain so that you can use shared credentials to make use of a Hyper-V snap-in on another machine in the domain or even SCVMM 2007 or 2008 beta.
To install the Hyper-V role on Server Core, the last step is actually the installation. First, you need to ensure your hardware is compatible. Then check to make sure your operating system is correct and ready for the installation. THEN install Hyper-V on the core installation. This mini-guide examines the server core installation from the BIOS check through to the installation of the role. This guide makes the assumption that the necessary portions like setting up your disk arrays has already taken place at a hardware level and that you are using directly connected storage or otherwise a storage arrangement which does not require additional steps. Should you need to install or configure a driver manually on server core, insert those procedures as necessary in this guide.
Ensure you are using a compatible processor.
Intel or AMD processor with Intel VT or AMD-V and eXecute Disable support. If an Athlon family processor, ensure that it uses "F2" stepping.
If necessary, replace your Athlon F2 processor with an Athlon F3 processor processor to reduce compatibility issues. Opteron and Xeon processors should be preferred over Athlon and Core2 lines of consumer processors.
Update your server motherboard to the absolutely latest version of the BIOS.
This is particularly important if you are using an Athlon or early version of an Opteron processor. I was getting frustrated with a processor based issue for more than a week when I installed first installed Hyper-V in beta. Trust me. It may not seem like its necessary but its worth 15 minutes up front to avoid possibly days of frustration later when you find out that there is a later BIOS version than you have which will make the whole thing work like magic.
After the BIOS update to your motherboard, enter the BIOS on boot and enable CPU features.
Enter the BIOS and we are going to go into the processor features. Sometimes this is under a menu with different names like "Processor Features", "Advanced Chipset Features", "Chipset Features", etc. There are two options we are interested in: eXecute Disable and Virtualization.
Be careful here. Sometimes the naming schemes on the BIOS and the way the feature works are counter intuitive. If the feature text says "Disable Virtualization", for example, you will want to set the feature to disable (if you disable a disable you are enabling the feature).
The net effect here should be that both the virtualization features and the execute disable features are made available to the operating system.
Optional: If your Windows Server 2008 Media does not have Hyper-V RTM, build a slipstreamed media for WDS or other deployment.
You don't actually have to do this, it just makes things a lot easier as it guarantees you are using media licensed to include Hyper-V and also keeps you from having to apply the Microsoft Update package which would otherwise provide the components to support Hyper-V.
The best procedure for this has already been written so there is really no point at all for me to reinvent the wheel. Instead, you should head over to John Howard's three part series on the subject. The first two parts of which deals with this particular subject.
Check out Part 1.
Check out Part 2.
Install a clean installation of Windows Server 2008, Server Core.
If you are re-purposing a Windows Server 2003 or other server box, you will want to spend the extra few minutes to go ahead and format the volumes to ensure that you have cleaned out the old system. This is a precautionary step but it never hurts, in my experience, that when you are truly going to be paving over and replacing something, that you take the extra motion of ensuring the old stuff is gone and not interfering with the new installation.
Assuming you are not using an unattend file, the process is really simple:
- Insert the appropriate Windows Server 2008 installation media into your DVD drive.
- When the auto-run dialog box appears, click "Install Now".
- Follow the instructions on the screen to complete Setup. Remember to select an installation of Server Core.
- After Setup completes, press Control+Alt+Delete to login, choose "Other User", type "Administrator" with a blank password and then press enter.
- Configure a password for the Administrator account.
Optional: Set a static IP address for your server.
By default, Server Core will attempt to use DHCP for each of our network interfaces on the server. If you would like to use DHCP to automatically obtain an IP every time the server starts, you may skip this step. For most people, this will not be desirable. (For some environments, a DHCP server is configured to automatically assign the same static IP address to servers every time they come online. Outside of these environments, your server should be using a static IP address that does not change.)
Remember that this is a Server Core installation of Windows Server 2008 and as a Server Core install there simply aren't going to be any graphical user-friendly installation window. Pretty much every step from here on in is going to have to be command line. Setting the IP address is going to be no different.
There are actually three steps here. The first is to get the list of interfaces on the server. At the command prompt, type:
netsh interface ipv4 show interfaces
Note the ID of the interface that you would like to configure your static IP address on (this is the number displayed in the "Idx" column of the list of network adapters). In order to actually set the IP, we need to have the ID of the interface to set, the IP address we would like to set on the interface, the subnet mask to set on the interface, as well as the IP address of the default gateway. To set the IP address, we use netsh again:
netsh interface ipv4 set address name="<ID>" source=static address=<StaticIP> mask=<SubnetMask> gateway=<GatewayIP>
To finish setting the IP address, we need to configure a DNS server (or 2 or three). There is an index number used for each DNS server. This index sets the order that the server should use the DNS servers. In an environment where you need multiple DNS servers, you need to run this command multiple times, using the index number to set the order of the server listings. At the command prompt, type:
netsh interface ipv4 add dnsserver name="<ID>" address=<DNSIPAddress> index=<Index>
Rename the server to use the desired hostname.
When Server Core installs, the hostname of the machine is set to a fairly random string of characters. Since we are in the command line world, we cannot simply choose a properties dialog and change a text field to set the hostname we would like to use. We need two steps. First, we need to obtain the hostname. Then we need to change it.
To obtain the current hostname of the server, enter 'hostname' at the command line (without the quotes) and press enter. This will return the name of the machine:
Once you have the current name of the computer, we can use the netdom command (which handles elements of the server naming and domain credentials) to set the new computer name. To set the computer name, we use the following command:
netdom renamecomputer <ComputerName> /NewName:<NewComputerName>
Entering this command should apply the new computer name to the server. If you choose to do so manually, restart the server with the following command:
shutdown /r /t 0
Optional: Join a domain.
Joining your server to a domain makes life easier for administering server core computers by providing shared credentials for your remote access to use in accessing the server. For some tools, this is an essential. You can, however, proceed without joining a domain, based on your environment.
To join a domain, we want to use the netdom command again to join the computer to the domain. To do this we use the following command:
netdom join <ComputerName> /domain:<DomainName> /userd:<UserName> /password:*
Note that you need the asterisk after the password argument and that after you enter this command, the system will prompt you for your domain password.
Once you have joined the domain, in most situations, you will need to add a series of domain users to the local administrators group on the server. For each user which you need to add from the domain to the local server, use the following command:
net localgroup administrators /add <DomainName>\<Username>
Restart the computer again:
shutdown /r /t 0
Verify your Windows Server 2008 Product and Architecture
There is no point in continuing to activate your server and then installing Hyper-V if we have the wrong product installed or it is installed on the wrong server. We can use the command line to make sure that we are using a type of Windows Server installation that supports Hyper-V and to ensure it is the 64-bit architecture version.
To find out what kind of Windows Server product we installed (and specifically, make sure it was not a without-Hyper-V license), we want to query the Windows Management Instrumentation for the SKU of the Operating System:
wmic OS get OperatingSystemSKU
The number that is returned will correspond with Microsoft's list of SKU numbers for Windows Server. Please ensure that your version supports Hyper-V.
Operating System SKU List for Server Core
|
Console Output |
Edition |
Hyper-V? |
|
12 |
Windows Server 2008 Datacenter Edition, Server Core |
Yes |
|
39 |
Windows Server 2008 Datacenter Edition without Hyper-V, Server Core |
No |
|
13 |
Windows Server 2008 Standard Edition, Server Core |
Yes |
|
40 |
Windows Server 2008 Standard Edition without Hyper-V, Server Core |
No |
|
14 |
Windows Server 2008 Enterprise Edition, Server Core |
Yes |
|
41 |
Windows Server 2008 Enterprise Edition without Hyper-V, Server Core |
No |
|
29 |
Windows Web Server 2008, Server Core |
No |
Now we check the architecture of the server installation as well which uses a similar command:
wmic OS get OSArchitecture
The architecture should be 64-bit in order to install Hyper-V.
Optional: Install Windows Updates
In Server Core, because we do not have a browser or most of the GUIs we are used to, we need to start Windows Update from the command line.
First, lets set the service to be turned on and use the default time of 3am to check for (and schedule automatic install of) patches:
cscript c:\windows\system32\scregedit.wsf /au 4
net stop wuauserv
net start wuauserv
Falconic Note:
If you are in a managed environment with SLAs or specific change windows, these settings should NOT BE APPLIED in your environment without researching and modifying the right way to make sure that what you are implementing is compliant with your environment policy. If you then want to force an update check (which will return nothing to the foreground but rather will start in the background):
wuauclt /detectnow
Optional (Sort-Of): Install Hyper-V RTM Update
If you did not earlier slipstream the Hyper-V RTM updates onto your server installation medium, at this point, you will need to download and install the update that contains the RTM bits onto your server. Unfortunately, I can only provide limited assistance with how to do this. There are two possible methods here. The first is to download the RTM update file on to a local share somewhere in your organization and then use robocopy to download it from the command line. Assuming the file is on \\fileserver\sharename then the command would look like this:
robocopy \\fileserver\sharename\Windows6.0-KB950050-x64.msu c:\windows\temp\Windows6.0-KB950050-x64.msu
The other way to do it is with File Transfer Protocol (FTP), assuming you have the file on an FTP server somewhere. Assuming that your FTP server is called ftp.myserver.com, you do this with the command:
cd c:\windows\temp
ftp ftp.myserver.com
When prompted, you would enter your username and press enter. Then enter the password for that user on the FTP server and press enter.
When at the FTP command line (the prompt looks like ftp> ), enter the command:
get Windows6.0-KB950050-x64.msu
Once the file is downloaded, enter the word 'quit' (without the quotes) and press enter to quit the FTP connection.
In either case, you would then run the update file you downloaded from the c:\windows\temp directory:
Wusa.exe Windows6.0-KB950050-x64.msu /quiet /norestart
Optional: Allow Remote Management in the Firewall and enable Remote Administration
To allow remote management of the server core machine, you will need to create an exception in the firewall to do so. As with all the other steps, we need to do this from the command line. We access this functionality through the netsh command:
netsh advfirewall set allprofiles settings remotemanagement enable
Then, we enable the remote desktop for administration service by default:
cd \windows\system32
cscript scregedit.wsf /AR 0
Falconic Note:
Although I completely DO NOT RECOMMEND IT, you can disable the firewall completely in Server Core as well:
netsh firewall set opmode disable
Activate Windows Server 2008 on your Server.
In order to be able to use your server long-term, you will need to activate your server. We do this with a visual basic script file which Microsoft includes on the Server Core installation. This command will only provide any feedback if you run into problems activating your Windows Server 2008 Server Core installation. Assuming that you have a key management server in the environment, to activate your server:
slmgr.vbs -ato
If you are using a MAK (also known as an actual product key from MSDN, Technet, some enterprise users), you will not like activating with the default method because the activation will look for a key management server and will not find one. So there are two steps. First, set the key, THEN activate the server:
slmgr.vbs -ipk <ProductKeyWithDashes>
slmgr.vbs -ato
Install the Hyper-V role.
We are finally ready to actually make the installation of the role itself. To do this, we use the ocsetup.exe command and supply Hyper-V as the role to be installed:
start /w ocsetup.exe Hyper-V
Once the Hyper-V role has been installed, in order to force it to operate, the server will need to be restarted. Should you need to manually restart, you may do so with the shutdown command we used earlier:
shutdown /r /t 0
Check for errors in the event log.
Getting event log information on Server Core is ugly. I mean really ugly. When you go through the event log on a standard machine, it can be difficult to sort out the hundreds of lines of auditing crud to get to the 2 or 3 lines that really let you know whatever you are looking for. When you are in a text environment, it is that much harder because the normal GUI controls we use to sort and display that information are not available on the command line. Microsoft has included a command line tool, wevtutil.exe, which allows us to retrieve information from the command line but in order to get specifically the important things we are looking for, we need to know how to craft the command to specifically retrieve Hyper-V related errors.
In order to obtain meaningful results, we need to focus on query specifically on events generated by Hyper-V. Further, we need to grab only the most recent last few events. We need them in reverse chronological order. We need only the events which show an error.
In order to retrieve all of the Hyper-V related errors, of specifically 'Error' level, we need to use this complex event log query. Please note that as with many of the commands on this page, this is case sensitive!
wevtutil.exe qe System /q:"*[System[Provider[@Name='Microsoft-Windows-Hyper-V-Hypervisor'] and (Level=2)]]" /rd:true /f:text /c:5
This command will display any errors in the event log which were generated by the Hyper-V hypervisor as it started up on server core following our installation of the role and the subsequent restart. Particular errors to look out for include errorid 42, 46, 47, and 51, all of which are the Hypervisor being unable to start up because of CPU issues with either the virtualization or execute disable features.
If no results come back from the query above, run the following query to check for a successful startup:
wevtutil.exe qe System /q:"*[System[Provider[@Name='Microsoft-Windows-Hyper-V-Hypervisor'] and (EventID=1)]]" /rd:true /f:text /c:3
If you receive listings from this event log query, Hyper-V was successfully installed and you should be ready to administer the Hyper-V virtual machines from another computer (assuming you have enabled remote management on your server)!
Falconic Note: Thanks to Sander Berkouwer, who put together a great response to some folks who were having trouble with server core. I added a few steps of my own to his procedure and have posted it here. Sander is a very good technical resource for all things server core. You may want to also have a look at his blog.