Hyper-V Server 2016 for a workgroup environment – Part 1

Pop quiz: Which Operating System edition from Microsoft has been free for use throughout it’s almost 10 year long lifespan?

Microsoft Hyper-V Server.

What is it?

Hyper-V is Microsoft’s hardware virtualization product. It lets you create and run a software version of a computer, called a virtual machine. Each virtual machine acts like a complete computer, running an operating system and programs. When you need computing resources, virtual machines give you more flexibility, help save time and money, and are a more efficient way to use hardware than just running one operating system on physical hardware.+

Hyper-V runs each virtual machine in its own isolated space, which means you can run more than one virtual machine on the same hardware at the same time. You might want to do this to avoid problems such as a crash affecting the other workloads, or to give different people, groups or services access to different systems.

Virtualization

VMware

There are 3 big players in the virtualization scene. VMware is probably the most well-known player and has been around for a long time. I have worked with ESX from their 2.5 days somewhere in 2004. While many things have changed, the basics are still the same.

You start with the Hardware > Installation of Hypervisor > Management through web interface. This is basically it. ESX has become picky with web browsers but in theory all you need is your web browser to do all the things on your server.

Hyper-V

Microsoft began with Hyper-V as a direct competitor against VMware with the introduction of Windows Server 2008 (aka the Vista edition). Yes it was a 1.0 product for them but it worked. One advantage and probably a disadvantage at the same time was that it could be a dedicated role on your server but it also allowed you to use your server as a regular server with the role Hyper-V on the side. Management throughout the GUI was done by a MSC (Microsoft Management Console snap-in). If you had a full server installed with GUI it was easy to manage on the server itself otherwise you almost had to have the server joined in a domain to manage it. It was possible to manage it from a workgroup but you would have to ‘break’ security on the server-side and perform some DCOM (Distributed Component Object Model) actions on the managing computer that resemble working with a crowbar.

XenServer

Xen backed by Citrix is the third player in the Hypervisor scene. Began as open-source project, was bought by Citrix and given back to the community. In comparison to VMware and Hyper-V it looks more like VMware. I have never worked with the pre-Citrix area of this product but from version 5.6 on you could manage your server through the XenCenter application, a Windows only program. There were alternatives for Linux like OpenXenManager but they were not officially supported by Citrix. The XenCenter application allows to connect to your server over the network with a username and password.

The Interfaces

vSphere 6.5 webclient, navigation bar on the left, menu bar on the top, content in the large screen. It’s okay for regular use. In previous versions you could ‘hack’ the performance monitoring tab to extend the only one hour limit of the free version to 3 days but this doesn’t seem to be possible anymore which is a shame and kind of negative point if you don’t have another system monitoring performance (which is kind of unusual in homelab setups)

Vsphere 6.5 interface

Hyper-V Manager, traditional MMC layout. List on the left, middle part has the content, right side covers the action bar. The Hyper-V Manager has has the basics of what you could do with a VM. Performance monitoring is real-time and will show only live CPU usage and Memory demand/usage.

Hyper-V 2016 interface

XenCenter, navigation bar on the left, toolbar with operations on the top, works with tabs for each different feature. Works great and I love the performance graphs. In previous releases Citrix sometimes used to change the feature level of the free edition and in the 6.x era you could enable enterprise features by using an older client but there is no need for these tricks anymore for regular users.

XenServer 7.2 interface

And XenCenter has one small benefit over the other 2 products with small and simple console allow you to start or shutdown VM’s on the console.

And XenServer has a simple interface on the server for basic operation.

 

Part 1 Finished

I won’t be going into much details which product is better for what reason but I chose Hyper-V Server for 1 reason as my ‘home‘ server. While VMware and Xen are pure virtualization hosts, Hyper-V allows me to use my server also as a file server.

Sure you can run a guest VM on VMware or Xen with multiple terabytes storage but my files are more important that a virtual machine and keeping my files on my harddisk on a VMFS formatted datastore in a VMDK or a XenServer Storage Repository running LVM and ext3 could be hell is something goes wrong with the hypervisor. I prefer to have my files on a harddisk and in case of a server failure I can remove the disk out of my server and plug it into a USB dock. Couldn’t be more simple than that.

Next time

Part 2 will cover the commands to make the most kickass home server setup for file sharing and running some VM’s.

 

Advertisements

Kodi and SMBv1 – how to jump into the 21st century

Kodi logo

What is it?

The Server Message Block (SMB) protocol is a network file sharing protocol that allows applications on a computer to read and write to files and to request services from server programs in a computer network. The SMB protocol can be used on top of its TCP/IP protocol or other network protocols. Using the SMB protocol, an application or the user can access files or other resources at a remote server. This allows applications to read, create, and update files on the remote server. It can also communicate with any server program that is set up to receive an SMB client request.

What versions are out there?

The original SMB1 protocol is nearly 30 years old, and like much of the software made in the 80’s, it was designed for a world that no longer exists.

The SMBv2 protocol was introduced in Windows Vista and Windows Server 2008. The SMBv3 protocol was introduced in Windows 8 and Windows Server 2012.

WannaCry

Almost everyone has heard of WannaCry in the recent weeks, an exploit that propagates EternalBlue, made by the NSA and lost by the NSA, an exploit of Windows’ Server Message Block (SMB) protocol.

WannaCry is made less harmful by patching Microsoft’s Operating Systems, disabling SMBv1 and blocking all versions of SMB at the network boundary by blocking TCP port 445 with related protocols on UDP ports 137-138 and TCP port 139, for all boundary devices.

 

How to enable or disable SMB protocols on the Windows SMB server

If you are running Windows Server you can use the Set-SMBServerConfiguration Windows PowerShell cmdlet. The cmdlet enables you to enable or disable the SMBv1, SMBv2, and SMBv3 protocols on the server component. You do not have to restart the computer after you run the Set-SMBServerConfiguration cmdlet.

To obtain the current state of the SMB server protocol configuration, run the following cmdlet:

Get-SmbServerConfiguration | Select EnableSMB1Protocol, EnableSMB2Protocol

To disable SMBv1 on the SMB server, run the following cmdlet:

Set-SmbServerConfiguration -EnableSMB1Protocol $false
Notes
  • You must run these commands at an elevated command prompt.
  • You do not have to restart the computer after you make these changes.

 

To enable or disable SMB protocols on an SMB Server that is running a Windows Desktop OS use Windows PowerShell or Registry Editor.

To disable SMBv1 on the SMB server-side, run the following cmdlet:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 -Force
Notes
  • You must run these commands at an elevated command prompt.
  • You must restart the computer after you make these changes.

 

How to enable or disable SMB protocols on the Windows SMB client

Note

You might think a Windows Server has nothing to do with the client side of SMB but it uses the client to connect to other servers. So if you want to completely disable SMBv1 you also need to do the following on the Server OS.

To disable SMBv1 on the SMB client, run the following commands:

sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi 
sc.exe config mrxsmb10 start= disabled
Notes
  • You must run these commands at an elevated command prompt.
  • You must restart the computer after you make these changes.

 

How to gracefully remove SMBv1 in Windows 8.1, Windows 10, Windows 2012 R2, and Windows Server 2016

If you are sure you do not need SMBv1 and will never need it you can also remove it from the OS.

If you are using Windows Server run the following cmdlet:

Remove-WindowsFeature FS-SMB1

If you are using a Windows Client IS run the following cmdlet:

Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol
Note
  • You must run these commands at an elevated command prompt.

 

 

When does Kodi come into play?

You might have read this so far and asked yourself what has this to do with Kodi? Well after I disabled SMBv1 on my free Microsoft Hyper-V Server 2016 (Blog Post coming soon) I noticed my OSMC Kodi client couldn’t access the libraries anymore.

That’s weird, OSMC is running a fairly new Linux kernel and is normally shipped with up to date packages. Samba 3.6 was the first version that made SMBv2 possible. Released at the end of 2011 this should have worked.

After a lot of time on the Kodi and OSMC forum it turns out that Kodi has some sort of its own smb configuration.

While normal Linux systems have the configuration file located in the /etc/samba/smb.conf file, it turns out that Kodi uses it own configuration file.

While bumping the system wide smb.conf file for Samba up to SMB2 or higher I was still unable to connect my Pi with OSMC to my Ubuntu Server running SMB3.

Using smbstatus you can get a report on current Samba connections

$ sudo smbstatus -b

Note

To get the Windows equivalent of smbstatus use the following PowerShell line:

Get-SmbSession | Select-Object -Property SessionId,ClientComputerName,ClientUserName,NumOpens,Dialect | Format-Table

 

The almost hidden .smb/smb.conf

Kodi has very poorly documented its own smb.conf file in the ~/.kodi/.smb/smb.conf location. This is the file that Kodi uses for its Samba configuration.

I started adding the option client min protocol = SMB2 to bypass SMB1. After this I still couldn’t make a connection with my files. Some people stated client max protocol = SMB3 should go along with the min setting. I also added client NTLMv2 auth = yes since this kinda is the default settings since Windows Server 2008.

After this I was able to connect with my Windows Server 2016 but still not with my Ubuntu Server. I downgraded the server protocol to SMB2 with server min protocol = SMB2 and things started to work.

$ sudo smbstatus -b

Samba version 4.3.11-Ubuntu
PID Username Group Machine Protocol Version
------------------------------------------------------------------------------
1741 nobody nogroup 172.16.1.195 (ipv4:172.16.1.195:50393) Unknown (0x0311)
1758 nobody nogroup 172.16.1.187 (ipv4:172.16.1.187:47632) SMB3_00
1758 -1 -1 172.16.1.187 (ipv4:172.16.1.187:47632) SMB3_00

Nice to see the client is connecting with SMB3 while it wouldn’t connect while the server was on SMB3 level… interoperability… jeej! 😉

So after some time I ended with the following configuration file for my Linux computers:

smb.conf

[global]
 client min protocol = SMB2
 client max protocol = SMB3
 client NTLMv2 auth = yes
 server min protocol = SMB2

 

After-effects

Disabling SMBv1 in Kodi breaks the SMB browsing function. You will not be able to use the SMB browser to navigate through your network and shares. If you want to connect to a new source you will have to type smb://MyServer/MyShare/

Android Phones/Tables/Players will not be able to make use of the more secure servers. While the same mechanism is still there the Samba client shipped with Kodi is not able to connect to SMB2/3 shares. According a developer from Kodi their Samba version for Android is not compatible with it.

Android/data/org.xbmc.kodi/files/.smb/smb.conf

A bit snooping arround github shows they are probably using Samba 3.0 with a lot of patches. The good news is that three weeks ago they started some work with Samba 4.1.

Until that work is complete a workaround for Kodi on Android might be switching to NFS or going truly hardcore with mounting cifs on the Android system.

vSphere ESXi 6.x – Easy update for standalone servers

vmware

To upgrade a vSphere host using this method you need access the keyboard of your server or use SSH to perform the commands. By default, remote command execution is disabled on an ESXi host, and you cannot log in to the host by using a remote shell. You can enable remote command execution from the direct console or from the vSphere Web Client.

Enable SSH on vSphere 6.5 host

Upgrading ESXi with esxcli commands requires an understanding of VIBs, image profiles, and software depots.

VIB

A VIB is an ESXi software package. VIBs are available in software depots.

Image Profile

An image profile defines an ESXi image and consists of VIBs. An image profile always includes a base VIB, and might include more VIBs.

Software Depot

A software depot is a collection of VIBs and image profiles. The software depot is a hierarchy of files and folders and can be available through an HTTP URL (online depot) or a ZIP file (offline depot).

Note

If you press Ctrl+C while an esxcli command is running, the command-line interface exits to a new prompt without displaying a message. However, the command continues to run to completion.

Continue reading vSphere ESXi 6.x – Easy update for standalone servers

Windows 10 Creators Update – What’s new

Windows 10 logo

See what’s new with the recent Windows 10 update with pictures to explain the changes.

Microsoft Edge

Set tabs aside in Microsoft Edge
Organize tabs

Sticky tabs

Pin tabs to keep your favorite sites in the same place every time you open your browser. Press and hold (or right-click) a tab, then select Pin.

Screenshot showing the tabs menu in Microsoft Edge

Preview pages

See small snapshots of pages by using your mouse to hover over open tabs. Or select Show tab previews to see visual previews of all your open tabs.

Image showing tab previews in Microsoft Edge

Save tabs for later

Save a group of tabs for later by selecting Set these tabs aside . When you’re ready to see them again, select Tabs you’ve set aside , then select Restore tabs.

Image showing the Set tabs aside and See tabs you''ve set aside buttons

 

Start Menu

Creating tile folders on Start
Organize with folders

Themes

Select the Start button, then select Settings > Personalization to preview and play with all the new settings.

Online gallery of themes
Themes are back

Night Light

Select the Start button, then select Settings > Display . Turn on Night light or select Night light settings to set your own schedule.

Night light settings on and off
Easier on the eyes – You should give this a try

Settings

Settings has been fine-tuned to make searching and getting help simpler. Apps and Gaming now have their own settings categories, and links to support, feedback, and other help is more readily available.

360° videos

The Movies & TV app now comes pre-stocked with 360° videos that let you look (or mouse) up, down, and all around as the video plays. You can also watch movie trailers, get recommendations based on your viewing habits, and browse and buy new movies and TV content right in the app.

Windows Defender Antivirus

Windows Defender is now Windows Defender Antivirus, featuring built-in virus and threat protection, as well as family options to help keep you safe online. Visit the Windows Defender Security Center to see how Windows is helping protect your PC.

Windows Defender Security Center

Is your Open command window here replaced with open PowerShell window here?

While PowerShell on Windows 10 doesn’t take forever to open like it did with previous Windows versions it is still a larger burden on your system then good old CMD. I am on Windows 10 build 15058 and I noticed Microsoft has changed the right mouse button menu while holding the shift key. The shift key provides me the open PowerShell window instead of the command window here.

Mouse click/keyboard modifier combinations for shell objects

  • SHIFT+right click: Displays a shortcut menu containing alternative commands

  • SHIFT+double click: Runs the alternate default command (the second item on the menu)

  • ALT+double click: Displays properties

To change this behaviour you need to do a little bit of registry editing.

Here’s what you need to do

  1. Open Regedit.exe
  2. Navigate to HKEY_CLASSES_ROOT\Directory\Background\shell
  3. Make a backup by right clicking with your mouse on the shell Key in the left view and choosing export.
  4. Change permissions on the same shell Key by right clicking shell and chosing permissions. Click on advanced in the new dialogue box. Another dialogue box will open where you can change the ownership rights. I suggest you change it to the group Administrators and check the box “Replace owner on subcontainers and objects
  5. Navigate to cmd (one level lower) and rename the DWORD HideBasedOnVelocityId to ShowBasedOnVelocityId
  6. Navigate to Powershell (beneath cmd) and to the opposite, rename the DWORD ShowBasedOnVelocityId to HideBasedOnVelocityId

And you’re done.

Mac-book keyboard backlighting – Does it drain battery life?

Most people already know that the display brightness has a huge impact on your battery life. The brighter the display the more power it uses and faster it drains your battery. But how about keyboard backlighting on a notebook. It’s just a led with no logic of super complex circuits behind it. Cant be that power-hungry right? wrong. Here are the numbers:

Continue reading Mac-book keyboard backlighting – Does it drain battery life?

Windows 10 – Remove app packages (.appx) with Powershell from your user account and machine.

There are a few ways to remove packages from Windows 10. While not every method is as easy as another, some might be less or more complete than others, this method seems to work with the current and previous Windows 10 builds and will keep working unless Microsoft makes some drastic changes.

Here is how I do things with a little explanation so that everyone can get the feeling they know what they are doing. 😉

Continue reading Windows 10 – Remove app packages (.appx) with Powershell from your user account and machine.

Creating a screenshot in Windows 10

You might have noticed a button on your keyboard with the text ‘prt sc‘ of something like that. Some people have no idea what that key is used for, others use it for making screenshots of your screen and save it to the hard drive.

Just hit that button and then paste it in mspaint.exe. Fast, clean en easy. Right? And if you where tech savvy you would even know you could use Alt and Print Screen to capture only the active Window without the other clutter on your screen.

It sure beats the lame snipping tool Microsoft shipped with Windows 7 of was it even Vista? It still makes me laugh seeing coworkers clicking on that snipping tool and then dragging a capture box that would always capture a little bit more around the edges then you would like to see and paste it in a Word or even Excel document!! so it can be mailed to someone. The madness of that… 😡

Continue reading Creating a screenshot in Windows 10