Updated Certification Roadmap Now Available

Microsoft have updated the popular Skills and Certification Roadmap to reflect the latest skills development and certification information, including the new Devices MCSE, Azure exams and exam electives.  For certification pathways, download the roadmap as a PDF here.

Aaron @aaronw2003

Teaming, QOS, and Virtual Fabric Adapters

By Aaron Whittaker

Lab: This is all done on Windows 2012 server.
Teaming: assume I have a x4 (quad) 10gig card for this discussion and demonstration.  That will give you an aggregate of 40gig in a team.  This is great and can be pooled using tagged/untagged traffic with QOS!

(First demo will be in GUI but can be done in Powershell [PS], the second demo can only be done in PS)

Go To Server Manger, Local Server, Select Teaming,  Tasks, New Team, Insert a team name and select the nics.

Insert a team name and select the nics.

Once this is done, select the team, select Team Interface, Add Interface, Enter a name and an additional port.

At the end of this demonstration we now have the team of nics that has untagged (default) traffic and also an additional DMZ VLAN 200.

We could add this to a single Hyper-V virtual switch and everything would work as expected.  Are we done? No. There is no isolation (customers may not like DMZ on the same virtual switch) additionally there is no switch QOS settings. Delete the interface and Team and start again.

In PowerShell lets make the a team with the same adapters.

New-NetLbfoTeam “4x10GbE Team” –TeamMembers “Ethernet 2″,“Ethernet 4″,“Ethernet 5″,“Ethernet 6″ –TeamNicName “4x10GbE”

Now we create a Hyper-V Virtual Switch that binds to the NIC team, this switch has bandwidth management set by KB/S.

New-VMSwitch “LM40GbE switch” –NetAdapterName “4x10GbE Team” –MinimumBandwidthMode Absolute –AllowManagementOS $false

New-VMSwitch “Mgmt40GbE switch” –NetAdapterName “4x10GbE Team” –MinimumBandwidthMode Absolute –AllowManagementOS $false

Now we can make many Virtual Fabric Adapters for the Hyper-V host.  Create a virtual NIC in the management operating system for Live Migration, and Virtual Machines.

Add-VMNetworkAdapter –ManagementOS –Name “LiveMig” –SwitchName “LM40GbE switch”

Add-VMNetworkAdapter –ManagementOS –Name “VMs” –SwitchName “Mgmt40GbE switch”

Assign a VLAN to the virtual network adapters.

Set-VMNetworkAdapterVlan –ManagementOS –VMNetworkAdapterName LiveMig –Access –VlanId 100

Set-VMNetworkAdapterVlan –ManagementOS –VMNetworkAdapterName Mgmt –Access –VlanId 1

For QOS/BandWidth managment, I refered to this

The reason to utilize the Add-VMNetworkAdapter cmdlet is we can now have a dedicated Virtual Network Adapter for the Host to assign to the Virtual Switch.  We can then have full switch isolation while utilizing a shared pool resource (the nic team).  Now that we have different switches we can set different bandwidth polices for different pools of VMs or VLANS.

All comments/suggestions are welcomed.

Aaron @aaronw2003

Installing and Running Azure Active Directory Sync AADSync Beta 3

Created by Aaron Whittaker.  Not to be reproduced without prior permission.

Ingredients Required: AADSync MicrosoftAzureActiveDirectoryConnect.msi installer from the BETA program (using version 3.7.1224), Domain Controller, Office 365 subscription, Azure, 2 Windows 2012 R2 domain joined servers, Public trusted certificate and a valid domain.

Time: A few hours.

My deployment is not complete and requires further work or your input.  I will mention that my virtual machines are running in another Azure subscription (which is a supported configuration see my TechNet article on the topic here).  I will investigate if something is blocking here (endpoints inbound and outbound.) 

The first time I tried this exercise I did not have a public trusted certificate.  I tried a Self Signed certificate but it did not work (Azure documentation says that it should).  So I purchased a domain, so I could a valid public certificate.

My existing environment consisted of a DC and a DirSync server.  I simply turned off the DirSync server and created a new server called AADSync and a WebAppProxy.  This normally leaves the sync’ed users populated in your Azure AD.  This was not an issue for me as the new DirSync server will take over, or I could have manually removed the now ‘In Cloud’ users.  I installed DirSync just via running the new AADSync DirectorySyncTool.exe installer (just using the default SQLExpress) and just configured and installed DirSync.  This was because I didnt have the certificate.

I ran the MicrosoftAzureActiveDirectoryConnect.msi installer on my server named AADSync.  The installer is only 976kb so it downloading all files as required.

Installing DirSync


The installer now installs the pre-requirements if required which is a nice feature!

  • .NET 3.5
  • SQL Express LocalDB
  • Azure Active Directory Sync Services
  • Sign-in Assistant
  • AAD Connector
  • Azure Active Directory module for Windows PowerShell

2 3

After going away and making an Azure subscription for my Office 365 tenant, here I entered my Office 365 public domain verified administrator account adminuser@brisbanecloud.net


Here I chose Customize.


I selected single AD forest.


I selected Single Sign On.


Entered my local Domain Admin credentials.


Error: Here is where I ran into my first issue.  I only had a .cer file, once I made a self signed .pxf I still could not proceed.  

I pressed back several times and proceeded with Express settings.

9 10 express 11 12

After this new Installer I was able to go in and configure DirSync as described in my previous post here.  The DirSync configuration wizard ran as normal and as expected.  The location to administer dirsync changes is in the location shown below.  This is still no DirSync app showing on the desktop or under programs.

21 22

 Installing SSO

Here are the steps for SSO configuration.

I went away and purchased brisbanecloud.net, then created a free public trusted certificate.  Then I re-ran the Azure AD Connect Preview shortcut located on my desktop for a second time.  Here you can see that my Office 365 credentials (now also Azure creds) were required.  If you go into the installer and press back a few times as you can see it saves your settings (only for that install session).  I selected Continue, entered my Active Directory credentials, next.


Here I browse and select my Public Trusted certificate.  It must be in PFX format.  I enter my password.  From the drop down I select the URL.

Error: Subject name must have www.  I went and renamed my pfx file and reloaded it to fix this issue.

I selected next, then I added my AADSync server which will become my ADFS federation server, next

34 after pfx password  36

Then I selected my Web Application Proxy server,

Error: Here I had to enable PSRemoting on the WebAppPrxy server via PowerShell.

Then I selected next.


Then I entered my same Domain Admin credentials (Enterprise admin was required), next.  Then I selected Create a group Managed Service Account for me and next.

40 41

Then from the drop down I had this error.

Error:  The domain needed www. in it.

I went to Azure as it mentions ‘Azure’ in the error and verified http://www.brisbanecloud.net under domains in Active Directory (WAAD) as shown below.

43 44

Back on the installer there was no update to my latest change.  I went and removed the domain from Azure and then added http://www.brisbanecloud.net within Office 365 domains.  Immediately after a press of previous and then next on the installer, I was able to see the correct address of www.brisbanecloud.net.


After reviewing the options I also selected Configure password hash.  The installer started and things looked good.

46 47

Then I received another error.

Error: Can’t remotely install Active Directory PowerShell.

After getting the same error a few times, I ran the following on WebAppProxy, DC, and AADSync servers.

Administrative PowerShell: set-WSManQuickConfig

Administrative PowerShell: winrm QuickConfig

Administrative PowerShell: enable-psremoting -force 

48 error 49 powershell commands

Then I selected retry to attempt the install again.

Error:  An error occurred while executing the ‘Convert-MsolDomainToFederated’ command. Microsoft.Online.Administration.Automation.DomainNotRootException —> Microsoft.Online.Identity.Federation.Powershell.FederationException  ……  The task ‘Create AAD Trust’ has failed.

So them I though I will just run this command manually with an Administrative PowerShell.

PS C:\> Convert-MsolDomainFederated -DomainName brisbanecloud.net

50 51

Then I got a new error

Error: This was a credential issue since the user account is now syncing.  I needed to change the credentials so I closed it and went to re-run the installer again (as there was no back button).


So I re-ran the Azure AD Connect (Preview)

Error: An error occurred while executing the ‘Update-MsolFederatedDomain’

I thought I should try to manually run this command in PowerShell.

PS C:\> Update-MsolFederatedDomain -domainname:brisbanecloud.net

Successfully updated ‘brisbanecloud.net’ domain.

As you can see below I am still getting an issue.  I have not had another chance to try a different workaround as yet 95% completed…



Thoughts and Comments



Hyper-V Recovery Manager is avaliable

Hyper-v recovery manager in Azure has been in beta for a while now and has just gone to GA.  The cost is per VM protected per month.

Orchestrate protection and recovery of private clouds

Windows Azure Hyper-V Recovery Manager can help you protect important services by coordinating the replication and recovery of System Center 2012 private clouds at a secondary location.

Automated protection

System Center 2012 Virtual Machine Manager clouds can be protected through automating the replication of the virtual machines that compose them at a secondary location. The ongoing asynchronous replication of each VM is provided by Windows Server 2012 Hyper-V Replica and is monitored and coordinated by Hyper-V Recovery Manager.

Continuous Health Monitoring

Hyper-V Recovery Manager monitors the state of Virtual Machine Manage clouds continuously and remotely from Windows Azure.

Orchestrated Recovery

Can automate the recovery of your datacenter to a secondary location.

Cost: Is per VM protected per month.

Performing an In Place upgrade from 2012 to 2012 R2

My host (Windows 2012) was running 1 virtual machine.

pre upgrade

I doubled clicked the iso to mount it, ran the setup, then selected install.  I received no warning telling me to power off my VM.

installThen selected No Thanks to downloading updates,

Capture2I then selected a GUI install

Capture3I then Accepted the terms and selected next,

Capture4I then Selected upgrade,

Capture5The install took slightly longer than 10 minutes.  Once the install had finished and I logged in, the machine was on the domain, all roles and features were installed as expected, Hyper-V was fine.  I powered on my Virtual DC.  The DC powered on fine and there were no issues at all.  This was a very painless operation with minimal downtime.


August Session~ Hyper-V 2012 R and SCCM 2012 R2 Preview Release

Chris Crampton Infrastructure SME from Technology Effect will be providing an overview and discussion on the new features and enhancements in the Windows Server 2012 R2 Hyper-V and System Center 2012 R2 Preview Release. The presentation will include demos showing off the new Hyper-V 2012 R2 features.

There will be prizes/giveaways and pizza.
The lifts close at 6:00 pm so please call Aaron on 0490074501, if you are late.

Register here

April Session- Veeam’s powerful easy-to-use management tools for Hyper-V

Hyper-V-Ready – Veeam’s powerful and easy-to-use management tools for Hyper-V
Learn how to effectively protect and manage your Hyper-V infrastructure starting today!
Veeam will have a speaker from Sydney present on the management tools available for Hyper-V.

There will be prizes/giveaways and pizza.
The lifts close at 6:00 pm so please call Aaron on 0400980129, if you are late.

Please Note: April event is on Monday 15th due MS room booking.

Register here

SMB 3.0 Session- NetApp Demo 21st March

One of the most highly touted features of Hyper-V on Windows Server 2012 is the ability to store VMs on file shares via the new SMB 3.0 protocol. This opens up a new way of presenting storage to Hyper-V clusters – previously only iSCSI or Fibre Channel setups with Cluster Shared Volumes could be used for Hyper-V clusters.

Whilst you can setup a Windows Server 2012 file server cluster and serve SMB 3.0 shares for Hyper-V, a more efficient, scalable and higher performance approach is to leverage storage arrays that can natively present SMB 3.0 shares direct to the Hyper-V cluster nodes.

Come to this meeting of the Brisbane Hyper-V User Group to learn how NetApp has built SMB 3.0 directly into their storage arrays. See a live demo showing the rapid provisioning of 1000 VMs on a NetApp SMB 3.0 share in less than 5 mins, and gain an understanding of the pros and cons of using SMB 3.0 versus iSCSI/FC. Finally, see a live demo of ODX copy offload technology for very fast, space efficient, host-free data copies.

Register Here

Cheers Aaron

How to run a Domain Controller within your Hyper-V cluster

Here is a great post showing a new feature in Windows 2012.  Now you can run a Domain Controller within your Hyper-V cluster.  Previously this was a problem as the cluster could not start up without a Domain Controller being available.  Although this situation should be avoided if possible, it is technically possible.

Click Here 

Happy Clustering. Aaron

Hyper-V Cluster replication

By -Aaron Whittaker

Here are the short steps to configure Hyper-V Cluster replication, all virtual!:

Create a Domain Controller, x2 Hyper-V hosts in a cluster [production site](only 1 needs to be one to actually work), x2 additional Hyper-V hosts [disaster recovery site].

As this is just a test lab you may wish to do this all from the one Hyper-V host.

Add the 4 hosts to the domain.

To enable Hyper-V on a virtual machine you will need to run the follow commands on each host in powershell.  You cannot add the Hyper-V roles from Server Manager.

DISM /Online /Enable-Feature /all /FeatureName:Microsoft-Hyper-V

DISM /Online /Enable-Feature /all /FeatureName:Microsoft-Hyper-V-Management-Clients


Create a cluster with the default settings (you will need to install the failover clustering role).  Add x2 servers to each cluster.

Go to Windows firewall on the DR Hyper-V hosts.  Find the inbound rule called Hyper-V Replica HTTP Listener rule. Right click ‘enable’ it.

On each cluster create a Hyper-v Replica Broker, as in the screen shot.

Once it is configured wait for it to be running (automatic).

If you go back to the Hyper-V replication settings, you will see they are now greyed out due to the host being in a cluster.

You can configure the cluster replication settings if you wish.  In my demonstration we wont, we will be automatically prompted to do this.  Go failover cluster manager create a basic vm.  Mine cannot be turned on as it is a virtual in a virtual.  Right click the VM, select Replication, Enable Replication.

You get an error asking to configure replica settings.

Configure the settings, I am just using Kerberos with no certificates. This is why you need a domain controller.

Select the appropriate recovery points (remember replication occurs every 5 mins and cant be modified)

All configured, as you can see the VM now appears on both servers.  I can’t turn it on my test VM due to it being a VM inside another VM.

Please leave any comments/sugguestions.