Ubuntu on Hyper-V issues with Integration Services

I’ve set up a new VM with Ubuntu 10.10 server, running on our Hyper-V 2008 R2 SP1 cluster.

I followed the excellent walkthrough by Ben Armstrong here to make sure I wasn’t missing anything.

However after the install completed, I immediatly I ran into problems. Following the instructions to enable the Integration Services, after a reboot there was still no network connectivity, and I started seeing strange errors during the boot process mentioning Call Trace errors.

As well, the CPU on the VM was running at 100% constantly.

After further reboots, the VM would lock up entirely and become unresponsive.

I restarted the process, but immediately after first login made a snapshot and started looking.

Running the “top” command, I found the process ksoftirqd taking 100% of the CPU. Looking into that brought me to this forum post:

http://ubuntuforums.org/showthread.php?t=1494797

It sounds very similar to my environment, as I’m using Dell R410 with Broadcom NIC’s.
Following those instructions, I was able to disable the integration components and add a legacy network adapter. Now the VM is running just fine.

Of course, I’m going to have to set up NTP now, and accept a bit of lower performance, but in this instance, thats fine.

If I ever do find out the source of this issue, I’ll edit this post.

Find Hyper-V VM GUID

While creating and converting VM’s using SCVMM puts the configuration files and VHD’s in a nicely structured set of folders, if you create a VM through Hyper-V Manager or convert using disk2vhd, the files will be stored based on the GUID for the VM, which isn’t found anywhere in the GUI tools for Hyper-V.
Luckily I came across this blog post to which I owe full credit for the solution:

http://blogs.technet.com/b/m2/archive/2008/07/04/how-to-get-the-bios-guid-from-a-hyper-v-vm.aspx?ppud=4&wa=wsignin1.0#comments

Save the VBS script below as guid.vbs, copy to your Hyper-V host, and use psexec to execute it with this:

psexec \\hyperv cmd.exe

cscript c:\guid.vbs

You are using PSexec right?

Option Explicit
Dim WMIService
Dim KvpComponents
Dim VMList
Dim VMSettingList
Dim VM
Dim item
Dim setting
Dim component
 
'Get instance of 'virtualization' WMI service on the local computer
Set WMIService = GetObject("winmgmts:\\.\root\virtualization")
'Get all the MSVM_ComputerSystem object
Set VMList = WMIService.ExecQuery("SELECT * FROM Msvm_ComputerSystem")   
For Each VM In VMList  
 if VM.Caption = "Virtual Machine" then      
  WScript.Echo "========================================"      
  WScript.Echo "VM Name: " & VM.ElementName      
  WScript.Echo "VM GUID: " & VM.Name     
  WScript.Echo "VM State: " & VM.EnabledState   
 
  ' Now get the BIOS GUID for this VM
  Set VMSettingList = WMIService.ExecQuery("SELECT * FROM Msvm_VirtualSystemSettingData")   
  For Each setting In VMSettingList
   Dim tempVMname
   tempVMName = "Microsoft:"  + VM.Name
   if setting.InstanceID = tempVMName then      
    WScript.Echo "VM BIOS GUID: " & setting.BIOSGUID  
   end if
  Next
 end if
Next

Delegate minor Active Directory changes

There are a few values within Active Directory that we like to keep up to date. The include things such as Telephone number, Title, Manager and department. By having accurate information, our Exchange Global Address List can be used as an effective company directory and search tool.

However, placing the burden of keeping these things up to date on myself as System Administrator isn’t acceptable, especially when the information is already in the hands of someone else.

Luckily I found a way to use an MMC control to delegate changes to certain personnel.

Note: This is only tested on Windows XP

To begin, create a user group called “ADedits” or something appropriate. Assign this group to the top level User OU in your structure, with special permissions for the following attributes:

Read Name                                         
Read Display Name                                   
Read First Name                                     
Read Initials                                       
Write telephoneassistant                            
Read/write adminDescription                         
Read/write adminDisplayname                         
Read/write assistant                                
Read/write fax numbers(other)                       
Read/write mobile number (other)                    
Read/write businessCategory                         
Read/write street                                   
Read/write Notes                                    
Read/write TelephoneNumber                          
Read/Write department                               
Read/Write Description                              
Read/Write Title
Read/Write Comment                                    
Read/Write Fax Number
Read/Write Home Address
Read/Write Street Address
Read/Write Company
Read/Write Home Phone
Read/Write Home Phone (others)
Read/Write Mobile Number
Read/Write Pager Number (others)
Read/Write Phone Number (others)
Read/Write Pager Number
Read/Write roomNumber
Read/Write Post office Box
Read/Write PostalAddress
Read/Write Zip/PostalCode
Read/Write Manager

On the computers where the changes will be made, install the adminpak.msi package from here:

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=c16ae515-c8f4-47ef-a1e4-a8dcbacff8e3&displaylang=en

Then create an MMC file, with the Active Directory Users and Computers snap-in. Once thats loaded, right click on the container OU for your user accounts, and select “New Window from Here”. In the window list in the MMC control, close the original window, and then save the MMC for redistribution.

Now you have a control that targets only the Users OU, secured for specified people.

DFSR Event 5014: The remote procedure call failed

I had been receiving this DFSR error in the event logs for some time, and couldn’t find any real resolution on it. The exact text of the error is:

The DFS Replication service is stopping communication with partner “partner” for replication group “RG Group” due to an error. The service will retry the connection periodically.
Additional Information:

Error: 1726 (The remote procedure call failed.)

Connection ID: 3880BBEC-6FC1-45B9-8750-196A7C32C9D8

Replication Group ID: B8242CE2-F5EB-47DA-BA5B-1DD2F7EE3AB9

 

This would cause a break in replication which wasn’t desirable during production hours. The strange thing was, it occurred every 5 minutes like clockwork, for all our servers separated by VPN.

I eventually discovered it was a problem with our Sonicwall devices providing the VPN connection. There was a 5 minute timeout value for TCP connections, which was being enforced on the DFSR connections for some reason.

While not an ideal solution, we have worked around this error by setting the value to a sufficiently high number.

UPDATE Sept 2011: I realized that the majority of this post was describing the problem and not the solution, so I’ve updated with clear instructions on what I’ve done to resolve this.

To start I only created these rules on my hub firewall at our head office. Doing them on each branch office wasn’t necessary.

I created address objects for each of my DFS servers, and placed them into two groups – one for local (from the firewall’s perspective) and one for servers across a VPN link.

Address objects for DFSR servers

Then using the firewall rules matrix, I create two rules, one in each of the indicated sections:

Firewall Rules matrix
The two rules I created look like this:


On the properties for each rule, on the Advanced tab, increase the TCP connection timeout to some large value:

 

This was necessary for my Sonicwall Pro 4060 running SonicOS Enhanced 4.0.0.2-51e. In a couple of days we are replacing this with an NSA 2400 on SonicOS 5.8.x, so I’ll disable these rules to see if the issue still occurs on new hardware.