Windows Server 2016 Core: Hyper-V Installation
|UNDER CONSTRUCTION: The code monkeys are on the loose! Check back for updates!|
The Server Core option is a minimal installation option that is available when you are deploying the Standard or Datacenter edition of Windows Server. Server Core includes most but not all server roles. Server Core has a smaller disk footprint, and therefore a smaller attack surface due to a smaller code base. Most notably, no Windows Explorer shell is installed. All configuration and maintenance is done entirely through command-line interface windows, or by connecting to the machine remotely using Microsoft Management Console (MMC), remote server administration tools, and PowerShell.
Microsoft Hyper-V, codenamed Viridian and formerly known as Windows Server Virtualization, is a native hypervisor; it can create virtual machines on x86-64 systems running Windows.
Testing was done on my Dell PowerEdge R620, the following image was used:
Insert the Server 2016 boot media into the machine and reboot (or power on) the machine, booting from the inserted media. Follow the instructions on the screen to install and reboot.
|A Hyper-V Server only requires ~32GB of hard drive space. Perform a "Custom" install, partitioning the C: drive accordingly, then assign the rest to D: for virtual machines.|
Upon reboot you will be prompted to set an Administrator password, doing so will log into the machine finalizing the installation.
Use the command prompt provided to launch Windows PowerShell.
Before Hyper-V itself can be setup, a strong networking backbone needs to be setup.
Rename the computer.
|PS C:\> Rename-Computer -NewName "NATASHA"|
Join the local workgroup.
|PS C:\> Add-Computer -WorkGroupName "AH42"|
List the current network adapters.
|PS C:\> Get-NetAdapter -Physical|
The Dell R620 comes with a built-in quad-port NIC, one will be assigned to management while the other three will be teamed together for VMs.
First create the NIC team.
|PS C:\> New-NetLbfoTeam -Name "Hyper-V Team" -TeamMembers "Ethernet 2", "Ethernet 3", "Ethernet 4"|
Verify it created the team correctly.
|PS C:\> Get-NetLbfoTeam|
|If you need to specify a VLAN for the NIC team, use Set-NetLbfoTeamNic -Team "Hyper-V Team" -VlanID 123.|
Rename the original adapters for consistency.
|PS C:\> Rename-NetAdapter -Name "Ethernet" -NewName "Management"|
|PS C:\> Rename-NetAdapter -Name "Ethernet 2" -NewName "Ethernet Team 1"|
|PS C:\> Rename-NetAdapter -Name "Ethernet 3" -NewName "Ethernet Team 2"|
|PS C:\> Rename-NetAdapter -Name "Ethernet 4" -NewName "Ethernet Team 3"|
In order to setup a static IP address DHCP has to be disabled, the current IPs have to be removed, then new IPs can be assigned.
Remove DHCP from both adapters.
|PS C:\> Set-NetIPInterface -InterfaceAlias "Management" -Dhcp Disabled|
|PS C:\> Set-NetIPInterface -InterfaceAlias "Hyper-V Team" -Dhcp Disabled|
Remove the current IP addresses from both adapters (use A to choose Yes to All when removing).
|PS C:\> Get-NetAdapter -InterfaceAlias "Management" | Remove-NetIPAddress|
|PS C:\> Get-NetAdapter -InterfaceAlias "Hyper-V Team" | Remove-NetIPAddress|
Put both of the network adapters on Private networks.
|PS C:\> $Profile1 = Get-NetConnectionProfile -InterfaceAlias "Management"|
|PS C:\> $Profile2 = Get-NetConnectionProfile -InterfaceAlias "Hyper-V Team"|
|PS C:\> $Profile1.NetworkCategory = "Private"|
|PS C:\> $Profile2.NetworkCategory = "Private"|
|PS C:\> Set-NetConnectionProfile -InputObject $Profile1|
|PS C:\> Set-NetConnectionProfile -InputObject $Profile2|
Set the IP information for both adapters.
|PS C:\> New-NetIPAddress -InterfaceAlias "Management" -IPAddress 10.0.42.10 -AddressFamily IPv4 -PrefixLength 24 -DefaultGateway 10.0.42.1|
|PS C:\> New-NetIPAddress -InterfaceAlias "Hyper-V Team" -IPAddress 10.0.42.11 -AddressFamily IPv4 -PrefixLength 24 -DefaultGateway 10.0.42.1|
Also add DNS servers for both.
|PS C:\> Set-DnsClientServerAddress -InterfaceAlias "Management" -ServerAddress 10.0.42.1|
|PS C:\> Set-DnsClientServerAddress -InterfaceAlias "Hyper-V Team" -ServerAddress 10.0.42.1|
In order to use RSAT and Windows Admin Center remotely a few changes need to be made.
|PS C:\> Enable-PSRemoting -Force|
Enable remote authentication acceptance.
|PS C:\> Enable-WSManCredSSP -Role server|
Enable firewall rules for remote management.
|PS C:\> Set-NetFirewallRule -DisplayGroup 'Windows Management Instrumentation (WMI)' -Enabled true -PassThru|
|PS C:\> Set-NetFirewallRule -DisplayGroup 'Remote Event Log Management' -Enabled true -PassThru|
Remove Windows Defender.
|PS C:\> Uninstall-WindowsFeature -Name Windows-Defender|
Finally reboot the machine to commit the machine name and IP changes.
|PS C:\> Restart-Computer|
Return to PowerShell and use the following command to install Hyper-V and required pre-requisites.
|PS C:\> Install-WindowsFeature -Name Hyper-V -IncludeManagementTools -Restart|
You should now be able to connect to the machine remotely from Hyper-V Manager.
Be sure to run through the Hyper-V Settings, I typically setup a VM and VHD directory (eg. D:\VMs\, D:\VHDs\) and then enable Enhanced Session Mode Policy.
Next open Virtual Switch Manager and create a new External virtual switch bound to the Microsoft Network Adapter Multiplexor Driver.
Make sure Allow management operating system to share this network adapter is enabled.
While the virtual machine is in the OFF state, run the following command on the physical Hyper-V host to disable secure boot.
|PS C:\> Set-VMFirmware 'VMNAME' -EnableSecureBoot off|
While the virtual machine is in the OFF state, run the following command on the physical Hyper-V host to enable nested virtualization.
|PS C:\> Set-VMProcessor -VMName "VMNAME" -ExposeVirtualizationExtensions $True|
If you are running this on a Dell server, you might also want to install OMSA. At this point you should be able to access the administrative shares for windows.
Copy the OMSA installer onto the Hyper-V Server using the admin shares (eg. \\NATASHA\d$).
Run the EXE from the command prompt or PowerShell to extract to C:\OpenManage.
Run the pre-requisite checker.
|PS C:\> C:\OpenManage\windows\PreReqChecker\RunPreReqChecker.exe /s|
Provided no errors are seen, install OMSA.
|PS C:\> msiexec /i C:\OpenManage\windows\SystemsManagementx64\SysMgmtx64.msi|
During the installation it might be beneficial to choose Custom and then add the Remote Manager.
Once installed a firewall rule will be needed to access OMSA from another computer.
|PS C:\> New-NetFirewallRule -Name Dell_OMSA -DisplayName "Dell OMSA" -Description "Dell OMSA Web Management" -Protocol TCP -Enabled True -Profile Any -Action Allow -LocalPort 1311|
Install the NFS Server feature.
|PS C:\> Install-WindowsFeature FS-NFS-Service -IncludeManagementTools|
Create the shares.
|PS C:\> New-NfsShare -Name 'ftp' -Path 'D:\NFS\FTP' -EnableUnmappedAccess $True -Authentication sys|
|PS C:\> New-NfsShare -Name 'www' -Path 'D:\NFS\WWW' -EnableUnmappedAccess $True -Authentication sys|
Set IP restrictions
|PS C:\> Grant-NfsSharePermission -Name 'www' -ClientName '10.0.42.30' -ClientType 'Host' -Permission 'readwrite' -AllowRootAccess $True|
The server should now be completely setup for VMs.