Windows Server 2012 Hyper-V server command line configuration

Build a Hyper-V Server 2012 or Windows Server 2012 with Hyper-V from the command line including Server Core network configuration, whether it be PowerShell or Command Prompt. Please note, this roughly covers configurations for both a single server with a single NIC, and a server to be used in a failover cluster using several NICs including iSCSI. These are not an exact order of steps to follow, but more so my notes that I use when building a server which I follow roughly. So a fairly good technical knowledge is needed to follow and understand this. I have included a large diagram on this page which should help you understand the new Hyper-V virtual extensible switch. Even if you don’t intend to run virtual machines on top of Hyper-V, you would still need the Hyper-V role to be installed to give you a whole new range of cool virtual network options that you never got before. Most of the PowerShell network cmdlets below require the Hyper-V role to be installed, as not only Hyper-V provides a virtual machine solution, but also a really good virtual network solution as well.

• In front of the server 

To start with, there are several steps that need to be done from the console in front of the server. To open this blue box on Server Core, run sconfig from the command prompt.

• Remote Management needs to be configured.

1. Select option 4 
2. Select all options, 1 and 3. 

• Enable Remote Desktop 

To allowing for older clients, run the following command:

cscript C:\Windows\System32\Scregedit.wsf /ar 0

• Install the Hyper-V role 

This is only if needed. Run the following cmdlet.

Add-WindowsFeature Hyper-V -Restart

• NIC Teaming 

To setup NIC Teaming on the server:

1. Run the following command from PowerShell to see a list of all network adapters

   Get-NetAdapter

2. Run the following command to setup a new NIC Team:

   New-NetLbfoTeam –Name Team1 –TeamMembers NIC1,NIC2

3. Configures the NIC Teaming mode

   Set-NetLbfoTeam -Name Team1 –TeamingMode SwitchIndependent

   The setting SwitchIndependent Specifies that a network switch configuration is not needed for the NIC team. Because the network switch is not configured to know about the NIC teaming, the team members can be connected to different switches. 

• Create a Hyper-V Extensible switch 

Hyper-V switches have a one-to-one relationship with a physical NIC, whether it be a teamed NIC or an individual NIC.

New-VMSwitch -Name VMNET -NetAdapterName 1G -AllowManagementOS $False -MinimumBandwidthMode Weight 

Hyper-V extensible switch, converged networks 

• Virtual NICs 

Create host level virtual NICs for each desired VLAN. This is more so for the purpose of a Windows failover cluster where many host networks are required. These vNICs will hang off the vSwitch you created in the previous step. Please note, as the vSwitch will be tied to a physical NIC and in turn connected to a physical port on a switch, this switch would need to be trunked with the relevant VLANs required. Each vNIC can have only one VLAN ID associated with it.

1. Create the vNIC and assign it to the VMNET vSwitch:

   Add-VMNetworkAdapter -ManagementOS -Name "Management" -SwitchName "VMNET"

2. Assign a VLAN ID to the vNIC:

   Set-VMNetworkAdapterVlan -ManagementOS -VMNetworkAdapterName "Management" -Access -VlanId 10

3. Assign the MinimumBandwidthWeight. This guaranties a bandwidth that is available on the virtual network adapter in relation to the other adapters. The weight value for all NICs must add up to 100, as this is a percentage.

   Set-VMNetworkAdapter -ManagementOS -Name "Management" -MinimumBandwidthWeight 30

• Configure VLAN IDs 

Configure VLAN ID directly on the physical network connection if required.

1. Run the following command from PowerShell to see a list of all network adapters:

   Get-NetAdapter

2. Run the following command to configure the VLAN ID:

   Set-NetAdapter –Name "Ethernet 1" -VlanID 10

• IP Addresses 

Configure IP Address for the server

1. Select Option 8 

• Windows Firewall 

Disable Windows Firewall. From the command prompt or by using PowerShell, run the following command:

1. From the command line

   netsh advfirewall set allprofiles state off  
   

2. Using Powershell

   Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False

• Hostname 

Give the server a name:

1. Select option 2 

   Then reboot 

• Remote Server configuration 

The rest of the configuration can be done from another computer remotely via a remote desktop connection.

• Windows Time and Date

1. From the command prompt, run the following commands:

   sc config w32time start= auto

   net start w32time

2. Open the Date and Time GUI by running the following command:

   Control timedate.cpl

• DNS suffix

1. Run the following PowerShell command to set the correct Domain and SearchList REG_SZ entries.

   Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" Domain -Value dc.local –Force  
   Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" SearchList -Value dc.local –Force

• DNS Registration 

If you don’t want DNS registration of an IP address to occur, then when setting the primary or secondary DNS address, add Register=None to the end.

1. Run the following to see a list of network interfaces:

   netsh interface ipv4 show interfaces  
   

2. Configure the Primary DNS address while disabling DNS registration 

   netsh interface ipv4 add dnsserver "Local Area Connection" address=<IP address of the primary DNS server> index=1 Register=None  

3. Configure the Secondary DNS address while disabling DNS registration 

   netsh interface ipv4 add dnsserver "Local Area Connection" address=<IP address of the secondary DNS server> index=2 Register=None 

• Disable IPv6 

This is for all servers that don’t require IPv6. More info here.

1. Run the following PowerShell command to disable IPv6:

   New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters -Name DisabledComponents -PropertyType DWord -Value 0xffffffff

• Disable NetBIOS over TCP/IP

1. Run the following command to get a list of interfaces on the machine

   wmic nicconfig get caption,index,TcpipNetbiosOptions  
   

2. Take note of the index number for the adapter that you want to disable NetBIOS over TCP/IP. Then run the following.

   wmic nicconfig where index=1 call SetTcpipNetbios 2

   SetTcpopNetbios options: 

    

   0 – Use NetBIOS setting from the DHCP server  
   1 – Enable NetBIOS over TCP/IP  
   2 – Disable NetBIOS over TCP/IP

• SMB2 share connections 

When connecting to SMB2 based shares, you might receive an error "An unexpected network error occurred" Run the following PowerShell cmdlet to allow the server to connect to SMB2 based shares.

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" RequireSecureNegotiate -Value 0 –Force

http://support.microsoft.com/kb/2686098

• File and Print Sharing 

File and Printer Sharing should be disabled for NICs relating to iSCSI

Use a utility called NVSPbind to clean up protocols on an adaptor, disable File and Print sharing. Also to change the binding order of network adaptors:

ms_netbios (NetBIOS Interface)  
ms_netbios (NetBIOS Interface)  
ms_server (File and Printer Sharing for Microsoft Networks)  
ms_server (File and Printer Sharing for Microsoft Networks)  
ms_pacer (QoS Packet Scheduler)  
ms_msclient (Client for Microsoft Networks)  
ms_msclient (Client for Microsoft Networks)  
ms_lltdio (Link-Layer Topology Discovery Mapper I/O Driver)  
ms_rspndr (Link-Layer Topology Discovery Responder)  
ms_tcpip6 (Internet Protocol Version 6 (TCP/IPv6))  
ms_netbt (WINS Client(TCP/IP) Protocol)  
ms_netbt (WINS Client(TCP/IP) Protocol)  
ms_smb (Microsoft NetbiosSmb)  
ms_smb (Microsoft NetbiosSmb)  
ms_tcpip (Internet Protocol Version 4 (TCP/IPv4)) 

1. Download NVSPbind from http://archive.msdn.microsoft.com/nvspbind/Copy to the local machine, then from the command prompt, run nvspbindwith no switches. This will list all your adaptors and the protocols enabled or disabled.

   For example, to disable a protocol on an adaptor, use the switch /d to disable binding of specified protocol from specified nic(s). If we were to disable File and Printer Sharing for Microsoft Networks for adaptor {913D8F46-BFC7-4359-A024-90485C276984}, then we would type in:

   nvspbind –d {913D8F46-BFC7-4359-A024-90485C276984} ms_server

2. To see the current order of adaptors, type in:

   nvspbind /o ms_tcpip

   To change the order of an adaptor, to move an adaptor right to the top, type in:

   nvspbind /++ "Local Area Connection" ms_tcpip

• Windows Updates 

Download and install Windows Updates

1. Select Option 6 

• Additional Drives 

Connect remotely to the server using a computer management console, then configure any additional drives

The HP Array Configuration Utility can be setup on the server by running C:\Program Files (x86)\Compaq\Cpqacuxe\Bin\setup.exe from the command line. Select Remote mode.

Then remotely, the HP ACU can be accessed by navigating to https://<ServerName>:2381/ACU-XE/ACU.htm

• Virtual memory/paging file 

Configuring the Paging File on Windows Server Core or Hyper-V Server 2012 R2 can be difficult, as this needs to be done via the command prompt.

1. To check the current paging file configuration, check the registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management or run the following:

   wmic pagefile list /format:list

2. Turn off automatic paging files

   wmic computersystem where name="%computername%" set AutomaticManagedPagefile=False 
   

3. Create a new paging file on a separate drive

   wmic.exe pagefileset create name="S:\pagefile.sys" 
   

4. Manually configure the new paging file

   wmic.exe pagefileset where name="S:\\pagefile.sys" set InitialSize=64509,MaximumSize=65000 
   

5. Delete the default C:\ drive paging file

   wmic.exe pagefileset where name="C:\\pagefile.sys" delete

• Configuration for Remote Machine connection 

Configuration steps from the management machine, so that you can connect successfully to the non-GUI server.

1. If the server is not a member of the domain, add server credentials to the remote machine, so that remote connections will be seamless by not asking for credentials 
   1. Run the following command:

      cmdkey /add:<ServerName> /user: <ServerName>\<UserName> /pass:<password>  
      

2. On the remote computer, add the Hyper-V server as a trusted host with the following Windows PowerShell cmdlet:

   Set-Item WSMan:\localhost\Client\TrustedHosts -Value <RemoteServerName> -Concatenate  
   

3. Edit DCOM security on the remote machine to allow for Remote Access 
   1. Click Start > Run > open DCOMCNFG
   2. Browse through to: "Component Services > Computers > My Computer" 
   3. Open Properties for My Computer and select the COM Security tab 
   4. In Access Permissions area click the Edit Limits button 
   5. Select the Anonymous Logon group and make sure the Remote Accessis set to Allowed 

COMPUTERS AND INTERNET UNCATEGORIZED