VMware Workstation 9.x --- Repair virtual disk when disk defragment fail

The behavior of virtual disk is a little like as the physical disk drive that file, program and unused space dose not continue serial arrangement. It will become fragmented in the duration of working so that will influence read/write performance.
For improving this, maybe we need to defrag virtual disk to rearrange the file and program sometimes. So does that the file will be opened quickly or the program run faster than before.

For this sake, I have to first power off VM and then click Edit virtual machine settings to launch the Virtual Machine Settings. When I select the hard disk entry from the Hardware tab and click the Utilities next to select Defragment in menu,a warning message pop up and tell me that “Defragmentation failed: The specified virtual disk needs repair”.Based on this warning sentence, I search the answer from the VMware KB and it is lucky for me to find out How to do it.On the command prompt to run “vmware-vdiskmanager.exe -R “path of the vmdk file”After redo the above operation for defragment, it will successfully complete now.

Hyper-V 3.0 --- Deploy Replica with self-signed certificate (part 10)

Although it is simple and easy to configure Hyper-V Replica that join AD domain, it still exist risk as the data transfer is unencrypt or have not flexibility as the network traffic cannot be in the dedicated line. For improve this, we can replace Kerberos authentication with Certificate based authentication. To continue the previous article, I will introduce “Step by Step” to you when we have already apply for the self-signed certificate.

Add a record into hosts fileOn Primary Node
Due to this computer never join AD, we have to modify the hosts file to map hostname to IP address and its value will be the Replica Server information. Of course, it is another method to add this record into DNS server.The “AS-IS” of the name resolutionThe “TO-BE” of the name resolutionOn Replica Node
To do the same activity “map hostname to IP address in hosts file” for name resolution
Enable & Configure Replica on Replica NodeIn Hyper-V Manager, select Replica node as “VW-HYPERV-05” next to click Hyper-V Settings… linkIn Hyper-V Settings, select Replication Configuration Enabled as a Replica server and click Enable this computer as a Replica server check box. In Authentication and ports combo box, enable Use certificate-based Authentication (HTTPS) check box next to click Select Certificate… buttonIn Windows Security dialog, select one certificate to be used for the authentication next to click OK button.So does that this certificate information will show up in Specify the certificate field.
In Authorization and storage combo box, we will choose Allow replication from the specified servers option next to click Add… button.In Add Authorization Entry dialog, write down the primary server, the default location to store replica files, and the trust group next to click OK button.If the setting is right about Allow replication from the specified servers, click OK button to close this procedure.Suddenly, the alert message will show up and tell us to confirm whether inbound TCP 443 port traffic is allowed in the firewall rule. If no any question, click OK button to complete the Replica setting.
Enable VM Replication on Primary NodeIn Hyper-V Manager, right-click one VM next to select Enable Replication… in menu to launch the Enable Replication wizard.In Before You Begin dialog, click Next > buttonIn Specify Replica Server dialog, write down Replica server name as “vw-hyperv-05.xxx.mooo.com” next to click Next > button In Specify Connection Parameters dialog, click Select Certificate… buttonIn Windows Security dialog, select one certificate to be used for authentication next to click OK buttonSo does that the imported certificate will show up. If no any question,click Next > button to go ahead.In Choose Replication VHDs dialog, select some virtual Hard Disks that want to be replicated and click Next > buttonIn Configure Recovery History dialog, select Additional recovery points option, specify Number of additional recovery points to be stored, enable Replicate incremental VSS copy every check box, and change the frequency to take Volume shadow Copy Service (VSS) incremental snapshots. If the correction is right, click Next > button to go ahead.In Choose Initial Replication Method dialog, click Next > button if the default choice can be accepted.Click Finish button to complete the Enable Replication wizardThe initial replication will begin to trigger from Primary to Replica server.and the data delivery will go through the dedicated replication path until the replication finish.
On Primary Node
On Replica Node
Test Failover on Replica Node
For confirming the replicated VM function on Replica server as it locate on the Primary server, we have to execute a test failover before the system will be online or in the duration of maintenance.
In Hyper-V Manager of Replica server, right-click the VM that want to do “test failover” next to select Replication and Test Failover… linkIn Test Failover dialog, choose a recovery point next to click Test Failover buttonSo does that a VM with the name as “VW-CENTOS-01 - Test” will be created. To right-click this VM and select Start in menu.The temporary VM will be online and it doesn’t interrupt the ongoing replication & production VM on Primary node.But it have one drawback --- this test VM doesn’t connect to any network by default so that we have to modify the network setting by ourselves.

<<<   Hyper-V 3.0 --- the prerequisite of Replica with self-signed certificate (part 9)

Hyper-V 3.0 --- the prerequisite of Replica with self-signed certificate (part 9)

For configuring Hyper-V replica, we have two authentication choice: Kerberos or Certificate. If use Kerberos authentication, the data transmitted from the primary to the replica server is not encrypted. For the date to be encrypted, we will use Certificate authentication and the certificate type has X.509v3 or self-signed. In this moment, we will introduce you how to deploy Hyper-V replica with self-signed certificate.

Due to Hyper-V Replica use machine level mutual authentication, we have to do the prerequisites of the certificate except for the steps about Kerberos authentication.

Add DNS suffix on Primary & Replica Node
To use the command “NetDom computername” with parameter “/enumerate” (# 1) to realize what the computer name is.On Primary Node
To add a new alternate by using the following command and the name must be a fully qualified DNS name (FQDN)
                  netdom computername vw-hyperv-04 /Add:vw-hyperv-04.xxx.mooo.comTo make an existing alternate name into the primary name and the name must be a fully qualified DNS name (FQDN)
          netdom computername vw-hyperv-04 /MakePrimary:vw-hyperv-04.xxx.mooo.comAfter reboot the system, the change will take effect and we can confirm by using the command “NetDom computername” with parameter "/enumerate” again.The “AS-IS” status of the DNS suffixThe “TO-BE” status of the DNS suffixOn Replica Node
To add a new alternate by using the following command and the name must be a fully qualified DNS name (FQDN)
                    netdom computername vw-hyperv-05 /Add:vw-hyperv-05.xxx.mooo.comTo make an existing alternate name into the primary name and the name must be a fully qualified DNS name (FQDN)
             netdom computername vw-hyperv-05 /MakePrimary:vw-hyperv-05.xxx.mooo.com

Open TCP 443 port on Primary & Replica NodesOn Primary Node
To enable HTTPS (port 443) replica traffic, we can run the following from an elevated command-prompt:
      netsh advfirewall firewall set rule group="Hyper-V Replica HTTPS" new enable=yesThe “AS-IS” status of the firewallThe “TO-BE” status of the firewallOn Replica Node
To enable HTTPS (port 443) replica traffic, we can run the following from an elevated command-prompt:
           netsh advfirewall firewall set rule group="Hyper-V Replica HTTPS" new enable=yes
Create self-signed certificate on Primary & Replica Nodes
On Primary Node
For creating a self-signed root authority certificate, we can run the following from an elevated command-prompt to install a Test certificate in the root store of the local machine and be saved as a file locally.
                        makecert -pe -n “CN=PrimaryTestRootCA” -ss root -sr LocalMachine –sky signature -r “PrimaryTestRootCA.cer”For creating a new Test certificate, we can run the following elevated command to install a Client and Server certificate in the Personal store of the local machine and be saved as a file locally.
                        makecert -pe -n “CN=vw-hyperv-04.xxx.mooo.com” -ss my –sr LocalMachine -sky exchange –eku     1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 –in “PrimaryTestRootCA” -is root -ir LocalMachine -sp “Microsoft RSA SChannel Cryptographic Provider” -sy 12 PrimaryTestCert.cerOn Replica Node
For creating a self-signed root authority certificate, we can run the following from an elevated command-prompt to install a Test certificate in the root store of the local machine and be saved as a file locally.
                        makecert -pe -n “CN=ReplicaTestRootCA” -ss root -sr LocalMachine –sky signature -r “ReplicaTestRootCA.cer”The “AS-IS” status of the certificateThe “TO-BE” status of the certificate
For creating a new Test certificate, we can run the following elevated command to install a Client and Server certificate in the Personal store of the local machine and be saved as a file locally.
                        makecert -pe -n “CN=vw-hyperv-05.xxx.mooo.com” -ss my –sr LocalMachine -sky exchange –eku     1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 –in “ReplicaTestRootCA” -is root -ir LocalMachine -sp “Microsoft RSA SChannel Cryptographic Provider” -sy 12 ReplicaTestCert.cerThe “AS-IS” status of the certificateThe “TO-BE” status of the certificate
Import a self-signed root CA into each node
On Primary Node
Copy “ReplicaTestRootCA.cer” from the Replica server to the Primary server next to import self-signed Root CA by running the following command.
                                       certutil -addstore -f Root “ReplicaTestRootCA.cer”The “AS-IS” status of the root certificateThe “TO-BE” status of the root certificate
On Replica Node
Copy “PrimaryTestRootCA.cer” from the Primary server to the Replica server next to import self-signed Root CA by running the following command.
                                        certutil -addstore -f Root “PrimaryTestRootCA.cer”
Disable CRL check on each node
Due to the self-signed certificate doesn’t support Revocation check, we have to modify the following registry key on each node for disabling the CRL check and reboot it.
                         reg add “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Replication” /v  DisableCertRevocationCheck /d 1 /t REG_DWORD /fThe “AS-IS” status of the registry keyThe “TO-BE” status of the registry key
Validate certificate on each node
We can run the following command to realize whether this certificate validates on primary & replica server such as “Encryption test passed.
                                                                    certutil –store my

Until now, we have already prepared the related prerequisite for certificate implement. In next article, we will begin to enable replication by using certificate based authentication.

Reference :
(# 1)  The command “NetDom computername” is that manage the primary or alternate name for one Computer. A syntax is "NetDom computername Computer /enumerate[:{ALTERNATENAMES | PRIMARYNAME | ALLNAMES}]”
           Parameters: /enumerate
           ALTERNATENAMES     Lists the alternate names only.
           PRIMARYNAME            Lists the primary name only.
           ALLNAMES                     Lists the primary and any alternate names. This is the default.
(# 2) About where to get Makecert.exe, we can download/install Windows SDK for Windows 7 on Windows 7 from Microsoft        and find it on  Microsoft sdks directory “C:\Program Files (x86)\Microsoft SDKs\Windows\v7.xA\Bin\makecert.exe”         or directly download it from http://www.inventec.ch/chdh/notes/makecert_5_131_3790_0.zip
         When got this file, please Copy this File (makecert.exe) to C:\Windows\System32 or C:\Windows\sysWOW64 depending on the OS.
        
        If want to realize this command in detail, please refer to Makecert.exe (Certificate Creation Tool)

<<<   Hyper-V 3.0 --- Create VM that its virtual hard disk (VHDX) with parent-child relationship (part 8)

Hyper-V 3.0 --- Deploy Replica with self-signed certificate (part 10)   >>>