Windows Server 2016 Core: Hyper-V Installation

From Wiki³
Revision as of 02:08, 11 November 2018 by Kyau (talk | contribs) (→‎Hyper-V)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
IconUNDER CONSTRUCTION: The document is currently being modified!
Icon  Back to Category:Windows

Icon Introduction

The Server Core option is a minimal installation option that is available when you are deploying the Standard or Datacenter edition of Windows Server. Server Core includes most but not all server roles. Server Core has a smaller disk footprint, and therefore a smaller attack surface due to a smaller code base.[1] Most notably, no Windows Explorer shell is installed. All configuration and maintenance is done entirely through command-line interface windows, or by connecting to the machine remotely using Microsoft Management Console (MMC), remote server administration tools, and PowerShell.[2]

Microsoft Hyper-V, codenamed Viridian and formerly known as Windows Server Virtualization, is a native hypervisor; it can create virtual machines on x86-64 systems running Windows.[3]

Testing was done on my Dell PowerEdge R620, the following image was used:

Icon en_windows_server_version_1803_x64_dvd_12063476.iso

Icon Installation

Insert the Server 2016 boot media into the machine and reboot (or power on) the machine, booting from the inserted media. Follow the instructions on the screen to install and reboot.

IconA Hyper-V Server only requires ~32GB of hard drive space. Perform a "Custom" install, partitioning the C: drive accordingly, then assign the rest to D: for virtual machines.

Upon reboot you will be prompted to set an Administrator password, doing so will log into the machine finalizing the installation.

Use the command prompt provided to launch Windows PowerShell.

C:\> powershell

Icon Networking

Before Hyper-V itself can be setup, a strong networking backbone needs to be setup.

Rename the computer.

PS C:\> Rename-Computer -NewName "NATASHA"

Join the local workgroup.

PS C:\> Add-Computer -WorkGroupName "AH42"

List the current network adapters.

PS C:\> Get-NetAdapter -Physical

The Dell R620 comes with a built-in quad-port NIC, one will be assigned to management while the other three will be teamed together for VMs.

First create the NIC team.

PS C:\> New-NetLbfoTeam -Name "Hyper-V Team" -TeamMembers "Ethernet 2", "Ethernet 3", "Ethernet 4"

Verify it created the team correctly.

PS C:\> Get-NetLbfoTeam
IconIf you need to specify a VLAN for the NIC team, use Set-NetLbfoTeamNic -Team "Hyper-V Team" -VlanID 123.

Rename the original adapters for consistency.

PS C:\> Rename-NetAdapter -Name "Ethernet" -NewName "Management"


PS C:\> Rename-NetAdapter -Name "Ethernet 2" -NewName "Ethernet Team 1"


PS C:\> Rename-NetAdapter -Name "Ethernet 3" -NewName "Ethernet Team 2"


PS C:\> Rename-NetAdapter -Name "Ethernet 4" -NewName "Ethernet Team 3"

Static IP

In order to setup a static IP address DHCP has to be disabled, the current IPs have to be removed, then new IPs can be assigned.

Remove DHCP from both adapters.

PS C:\> Set-NetIPInterface -InterfaceAlias "Management" -Dhcp Disabled


PS C:\> Set-NetIPInterface -InterfaceAlias "Hyper-V Team" -Dhcp Disabled

Remove the current IP addresses from both adapters (use A to choose Yes to All when removing).

PS C:\> Get-NetAdapter -InterfaceAlias "Management" | Remove-NetIPAddress


PS C:\> Get-NetAdapter -InterfaceAlias "Hyper-V Team" | Remove-NetIPAddress

Put both of the network adapters on Private networks.

PS C:\> $Profile1 = Get-NetConnectionProfile -InterfaceAlias "Management"
 
PS C:\> $Profile2 = Get-NetConnectionProfile -InterfaceAlias "Hyper-V Team"
 
PS C:\> $Profile1.NetworkCategory = "Private"
 
PS C:\> $Profile2.NetworkCategory = "Private"
 
PS C:\> Set-NetConnectionProfile -InputObject $Profile1
 
PS C:\> Set-NetConnectionProfile -InputObject $Profile2

Set the IP information for both adapters.

PS C:\> New-NetIPAddress -InterfaceAlias "Management" -IPAddress 10.0.42.10 -AddressFamily IPv4 -PrefixLength 24 -DefaultGateway 10.0.42.1


PS C:\> New-NetIPAddress -InterfaceAlias "Hyper-V Team" -IPAddress 10.0.42.11 -AddressFamily IPv4 -PrefixLength 24 -DefaultGateway 10.0.42.1

Also add DNS servers for both.

PS C:\> Set-DnsClientServerAddress -InterfaceAlias "Management" -ServerAddress 10.0.42.1


PS C:\> Set-DnsClientServerAddress -InterfaceAlias "Hyper-V Team" -ServerAddress 10.0.42.1

Icon Remote Management

In order to use RSAT and Windows Admin Center remotely a few changes need to be made.

Enable WinRM.

PS C:\> Enable-PSRemoting -Force

Enable remote authentication acceptance.

PS C:\> Enable-WSManCredSSP -Role server

Enable firewall rules for remote management.

PS C:\> Set-NetFirewallRule -DisplayGroup 'Windows Management Instrumentation (WMI)' -Enabled true -PassThru


PS C:\> Set-NetFirewallRule -DisplayGroup 'Remote Event Log Management' -Enabled true -PassThru

Icon Housekeeping

Remove Windows Defender.

PS C:\> Uninstall-WindowsFeature -Name Windows-Defender

Finally reboot the machine to commit the machine name and IP changes.

PS C:\> Restart-Computer

Icon Hyper-V

Return to PowerShell and use the following command to install Hyper-V and required pre-requisites.

PS C:\> Install-WindowsFeature -Name Hyper-V -IncludeManagementTools -Restart

Icon Hyper-V Configuration

You should now be able to connect to the machine remotely from Hyper-V Manager.

Be sure to run through the Hyper-V Settings, I typically setup a VM and VHD directory (eg. D:\VMs\, D:\VHDs\) and then enable Enhanced Session Mode Policy.

Next open Virtual Switch Manager and create a new External virtual switch bound to the Microsoft Network Adapter Multiplexor Driver.

Make sure Allow management operating system to share this network adapter is enabled.

Icon Secure Boot

While the virtual machine is in the OFF state, run the following command on the physical Hyper-V host to disable secure boot.

PS C:\> Set-VMFirmware 'VMNAME' -EnableSecureBoot off

Icon Nested Virtualization

While the virtual machine is in the OFF state, run the following command on the physical Hyper-V host to enable nested virtualization.

PS C:\> Set-VMProcessor -VMName "VMNAME" -ExposeVirtualizationExtensions $True

Icon Dell OMSA

If you are running this on a Dell server, you might also want to install OMSA. At this point you should be able to access the administrative shares for windows.

Copy the OMSA installer onto the Hyper-V Server using the admin shares (eg. \\NATASHA\d$).

Run the EXE from the command prompt or PowerShell to extract to C:\OpenManage.

Run the pre-requisite checker.

PS C:\> C:\OpenManage\windows\PreReqChecker\RunPreReqChecker.exe /s

Provided no errors are seen, install OMSA.

PS C:\> msiexec /i C:\OpenManage\windows\SystemsManagementx64\SysMgmtx64.msi

During the installation it might be beneficial to choose Custom and then add the Remote Manager.

Once installed a firewall rule will be needed to access OMSA from another computer.

PS C:\> New-NetFirewallRule -Name Dell_OMSA -DisplayName "Dell OMSA" -Description "Dell OMSA Web Management" -Protocol TCP -Enabled True -Profile Any -Action Allow -LocalPort 1311

Icon NFS

Install the NFS Server feature.

PS C:\> Install-WindowsFeature FS-NFS-Service -IncludeManagementTools

Create the shares.

PS C:\> New-NfsShare -Name 'ftp' -Path 'D:\NFS\FTP' -EnableUnmappedAccess $True -Authentication sys
 
PS C:\> New-NfsShare -Name 'www' -Path 'D:\NFS\WWW' -EnableUnmappedAccess $True -Authentication sys

Set IP restrictions

PS C:\> Grant-NfsSharePermission -Name 'www' -ClientName '10.0.42.30' -ClientType 'Host' -Permission 'readwrite' -AllowRootAccess $True

Icon Conclusion

The server should now be completely setup for VMs.

Icon References