Skip to main content

SCVMM 2012- Creating a Highly Available VMM Server


Here are the pre-requisites for a HA VMM server installation:
1. Failover clustering feature added, cluster created and configured (Windows Server 2008 R2 is the minimum OS version supported as node servers)
2. Windows Automated Installation Kit (AIK) for Windows 7 installed on all nodes that will be used as VMM servers http://www.microsoft.com/downloads/en/details.aspx?FamilyID=696dd665-9f76-4177-a811-39c26d3b3b34&displaylang=en
3. Server and instance name of a SQL Server 2008 or SQL Server 2008 R2 cluster or remote SQL server (best practice to use clustered SQL Server with HA VMM servers)
4. For our DKM (Distributed Key Management) requirement, either logged on, installing VMM with an account that has “edit” permission on the Active Directory container (can be a lower level container doesn’t have to be the root) or DKM group pre-created on Active Directory and its name available to provide at setup (more on DKM requirement later)

HA VMM Installation Steps
When we were designing this feature we wanted it to be very easy and simple. Installation of VMM in an HA or standalone fashion is very similar and it is integrated into the usual standalone installation.
1. To install VMM in an HA fashion you just need to start installation of VM on one of the clustered nodes, and select install from our splash screen.
clip_image002
2. After accepting our EULA you will get our feature selection screen, as you can see one of the setup improvements that we did for this version of VMM is to chain the various VMM installations together.
clip_image004
3. Once you select VMM Server feature, we will detect that you are running this server on a failover clustering node and will offer you to start HA VMM setup instead, you will need to select YES at this dialog to start HA VMM setup. Note that it is supported to install VMM in a standalone fashion on a cluster node; all you have to do is select NO at this dialog box.
clip_image006
4. Once you select YES to the HA VMM opt-in question, setup will select the features that you need for this installation. In this version of VMM, regardless of its high availability aspect, it is a requirement to install VMM Console on all machines that VMM Server is installed; therefore in this dialog we will select VMM Server and VMM Console.
Another important thing to note here is that we actually do not recommend selecting Self-Service Portal during HA VMM installation, but it is allowed at Beta code, this will be fixed at RTM timeframe and we will gray out Self-Service Portal selection in this view.
clip_image008
5. After this page we will ask you standard questions about registration information, product key (another improvement; you can pass this product key section empty in VMM 2012), Microsoft Update configuration (if not configured previously), installation location and we finally we will come to the database configuration page.
In the database configuration page you will need to provide the server name, instance name and database name that setup will use.
There are many options here:
1. You can ask setup to create a new database (logged on user needs to have permission to create a database on the server name provided)
2. Use an existing database (if logged on user don’t have permission to create a database, database admins can pre-create an empty database and VMM can add its tables to that database during installation)
3. Provide different credentials other than logged on users credentials
Please note that as mentioned before the best practice is to use a clustered SQL server for HA VMM installations.
If you leave a port or instance name boxes empty in this page we will use the defaults for that box (e.g. if you leave port number empty we will use 1433, or if you leave the instance name empty we will use default instance on the SQL server that you provided.)
We will use the provided SQL server instance’s defaults for log and database file locations, if you like to provide different locations you can;
1. Pre-create an empty database with its log and database file locations pointing to where ever you want them to, and then provide this empty database to VMM as existing database during install.
clip_image010
6.
6. After database configuration page you will come to an HA VMM specific cluster configuration page. This page will be different for different configurations, for example for IPv6 and DHCP configured servers you will not see the second portion of the page and will only provide the cluster service name.
Cluster service name here basically is the name in active directory the users and admins will use to identify this HA VMM service. When choosing this name, make sure that it is a unique name that is easy to identify the HA VMM service.
clip_image012
7. Another important setup page in HA VMM installation is the account configuration page.
clip_image014
There are two things that are mandatory in this page for HA VMM installations:
a. HA VMM server installation requires a domain account as a startup account for the VMM service. You won’t have the choice to use a local system here. It is best practice to use a dedicated domain account created just for VMM as a service account here.
b. The other mandatory place in this page is for VMM to store its encryption keys in AD.
As mentioned at the beginning of the blog we use Distributed Key Management (DKM) to let users and processes running on different machines securely share data. Once an HA VMM node fails over to another node, the VMM service on that failed over node starts accessing the VMM database and uses the encryption keys conveniently stored under a container in AD to decrypt the data that is being held securely encrypted in the VMM database.
· The AD container distinguished name that will contain DKM data needs to be written in the LDAP Data Interchange Format (LDIF) at this screen.
· If the logged on user has permission to create a container in AD then the group won’t have to be pre-created. The group name can be anything VMM admin chooses, and the container in AD doesn’t have to be a root container.
Example#1: If domain name is contoso.com and the DKM group name was decided to be “VMMDKM”, user can writer CN=VMMDKM,DC=contoso,DC=com under the DKM and since the logged on user has permission to create this container, VMM setup would create this container in contoso.com domain.
Example #2: If user has no permission to create a container in AD then he/she needs to coordinate with the AD admins to create this group and get the container’s “distinguished name” from AD admins prior to HA VMM installation. Make sure to ask AD admin to provide the following rights to the setup user;
1. Generic Write
2. Generic Read
3. Create Child
One convenient way to get this information from AD admin could be to give him/her a ready script to run in his/her environment. This way you don’t have to explain much, they would just run the script and let you know when it successfully executes.

One easy way to create an ADSI script is to use “ADSI Scriptomatic” tool to create a script; you can get this tool from http://www.microsoft.com/downloads/en/details.aspx?FamilyID=39044e17-2490-487d-9a92-ce5dcd311228&DisplayLang=en
8. Once you are done with these pages you will see VMM port selection page and after that you will see the library creation page. For HA VMM installation this page is just there for warning purposes because setup does not create a default library share after HA VMM installations.
The reason behind this is that when creating high availability for VMM servers, it is important that not only the VMM server feature but all components that constitutes VMM service are also highly available (hence the best practice recommendation for clustered SQL Server in the previous step)

After HA VMM installation, a new library server and share needs to be added to VMM . It is best practice to use a HA file server for HA VMM library server.
clip_image016
9. After going through the installation summary page your installation will start and in couple of minutes end with a successful installation of the first node of your HA VMM server.
clip_image018
10. After the first node installation you can easily add another node to this HA VMM cluster that you just created, to do that simply start the VMM setup on the second node where you want to install HA VMM.
After going through the EULA page and selecting the VMM server feature checkbox you will see a similar popup as the first node installation, but this time we will detect the HA VMM and ask “if you want to add this server as a node”. If you say YES, there will be minimum amount of pages of setup and your second node will be added. You will need to repeat this on all of the nodes that you want to add to this HA VMM installation.
clip_image020
Important SCVMM 2012 HA VMM Facts
a. It is a fault tolerant service feature, but this not does increase scale/performance
b. There can be as many as 16 nodes in an HA VMM installation but there can be only one node active at any time.
c. When VMM console connects it asks for a VMM server name and port number. Make sure to provide the cluster name of the HA VMM service instead of a node name here. Connecting to a node name will not be allowed.
d. You can do a planned failover (i.e. to install a patch, do maintenance to a node etc..) using failover clustering UI; there is no way to failover HA VMM service using the VMM console in this version of VMM.
e. You can only see the active node of the HA VMM service from the failover clustering UI or using Get-SCVMMServer PowerShell commandlet at beta timeframe.
PowerShell Commands
There are three new parameters under Get-SCVMMServer
1. IsHighlyAvailable – True/False
2. FailoverVMMNodes – FQDN of all nodes that this HA VMM installation contains
3. ActiveVMMNode – FQDN of the active node
Failover
When you do a planned failover make sure to do following:
  • Always perform inside a maintenance window that is communicated to SCVMM users.  All running tasks and all connections to VMM consoles and Self-Service Portals will be stopped at failover time.
  • Running jobs that failed due to the failover will not start automatically after failover. If the particular job supports restarting it will be possible to restart this job but this process will not be automatic.
  • Ensure that when connecting VMM console the VMM cluster service name is used to enable reconnecting to the VMM service after planned failover.
Uninstall HA VMM Service
  • To uninstall an HA VMM server, simply go to any node and manually uninstall VMM server on that node, repeat this until you come to the last node, during last node un-installation, setup will warn you that this is the last node of the HA VMM Installation and removing this node will remove the clustering resources.
    • Note: You cannot uninstall HA VMM from an active node of a multi-node cluster; you will need to start from the inactive node first.

Popular posts from this blog

HOW TO EDIT THE BCD REGISTRY FILE

The BCD registry file controls which operating system installation starts and how long the boot manager waits before starting Windows. Basically, it’s like the Boot.ini file in earlier versions of Windows. If you need to edit it, the easiest way is to use the Startup And Recovery tool from within Vista. Just follow these steps: 1. Click Start. Right-click Computer, and then click Properties. 2. Click Advanced System Settings. 3. On the Advanced tab, under Startup and Recovery, click Settings. 4. Click the Default Operating System list, and edit other startup settings. Then, click OK. Same as Windows XP, right? But you’re probably not here because you couldn’t find that dialog box. You’re probably here because Windows Vista won’t start. In that case, you shouldn’t even worry about editing the BCD. Just run Startup Repair, and let the tool do what it’s supposed to. If you’re an advanced user, like an IT guy, you might want to edit the BCD file yourself. You can do this

DNS Scavenging.

                        DNS Scavenging is a great answer to a problem that has been nagging everyone since RFC 2136 came out way back in 1997.  Despite many clever methods of ensuring that clients and DHCP servers that perform dynamic updates clean up after themselves sometimes DNS can get messy.  Remember that old test server that you built two years ago that caught fire before it could be used?  Probably not.  DNS still remembers it though.  There are two big issues with DNS scavenging that seem to come up a lot: "I'm hitting this 'scavenge now' button like a snare drum and nothing is happening.  Why?" or "I woke up this morning, my DNS zones are nearly empty and Active Directory is sitting in a corner rocking back and forth crying.  What happened?" This post should help us figure out when the first issue will happen and completely avoid the second.  We'll go through how scavenging is setup then I'll give you my best practices.  Scavenging s

AD LDS – Syncronizing AD LDS with Active Directory

First, we will install the AD LDS Instance: 1. Create and AD LDS instance by clicking Start -> Administrative Tools -> Active Directory Lightweight Directory Services Setup Wizard. The Setup Wizard appears. 2. Click Next . The Setup Options dialog box appears. For the sake of this guide, a unique instance will be the primary focus. I will have a separate post regarding AD LDS replication at some point in the near future. 3. Select A unique instance . 4. Click Next and the Instance Name dialog box appears. The instance name will help you identify and differentiate it from other instances that you may have installed on the same end point. The instance name will be listed in the data directory for the instance as well as in the Add or Remove Programs snap-in. 5. Enter a unique instance name, for example IDG. 6. Click Next to display the Ports configuration dialog box. 7. Leave ports at their default values unless you have conflicts with the default values. 8. Click N