New-NetNat Invalid property "InternalIPInterfqaceAddressPrefix"

In Windows Server 2016 and Windows 10, it is easy for us to create NAT network for virtual machines without additional virtual machine to be a router. However, when you create a NAT network in Hyper-V environment. You may have the below problem.

To solve this problem, we can do the following steps.
1. Launch PowerShell as administrator.
2. Perform Suspend-Service winmgmt to pause the Windows Management Instrumentation service.

3. Perform Rename-Item -Path C:\Windows\System32\wbem\repository\ -NewName repository_OLD to rename repository folder.

4. Perform Resume-Service winmgmt to resume the Windows Management Instrumentation service.

Now, you can perform New-NAT to create the NAT network for virtual machine.

Remark: After resume winmgmt service, you may also need to restart Hyper-V Virtual Machine Managment service.

For creating NAT network on Hyper-V, please check the following link for your reference.
Set up a NAT network

This posting is provided “AS IS” with no warranties, and confers no rights!

Certlm.msc on Windows Server 2012 / Windows 8 or later

Started from Windows Server 2012 / Windows 8 or later, there is a new msc, Certlm.msc, were added to the Windows. Certlm.msc can directly open a computer certificate store. As previous, we needed to use Microsoft Management Console to add the computer certificate store to the console. So, It's easy for administrator to check the computer certificate via GUI.

This posting is provided “AS IS” with no warranties, and confers no rights!

Linux Bash will be available on coming Windows 10 Insider build

In Build 2016, Microsoft announced that the user mode of Ubuntu bash will be available on the coming Windows 10 Insider preview for public to test and experience. One of recorded video of Build 2016 to talk and do some demo about Linux bash shell on Windows 10. Please watch Running Bash on Ubuntu on Windows! for more information.

This posting is provided “AS IS” with no warranties, and confers no rights!

Reschedule - Deploying Windows 10: Automating Deploying by Using System Center Configuration Manager from Microsoft Virtual Academy

This live event is rescheduled on Microsoft Virtual Academy on 13-Apr-2016 to talk about deploying Windows 10 by System Center Configuration Manager (SCCM). This event is hosted by Aaron Czechowski, Senior Program Manager, Microsoft Enterprise Client Management, and Wally Mead, Principal Program Manager, Cireson. Don't miss it If you plan to deploy Windows 10 to your environment by SCCM.

Deploying Windows 10: Automating Deploying by Using System Center Configuration Manager

E-book related to this event.

This posting is provided “AS IS” with no warranties, and confers no rights!

Using robocopy for file servers migration

"Robocopy" is a robust and powerful command on Windows to copy files and directories. Why do we use "robocopy" for file server migration?

There are some reasons.

1. It can maintain NTFS permission of files and directories during copy to new file server within the same domain.

2. It provided verification function to check the difference of source and destination

3. "Robocopy" supports multi-threaded copies. It improves the efficiency.

4. The backup mode of "robocopy" can copy files or directories to destination which you aren't granted permission to access it.

In my case, I performed "robocopy" with the following parameters to copy files and directories from source to destination.

Assuming that I logged in to a new file server, Windows Server 2012 R2, and then mapped network to the old file server.

For the first time, I performed Robocopy <source directory or drive> <Destination directory or drive> /ZB /e /sec /copyall /TEE /MT:128 /r:0 /log:C:\copylog.txt

/ZB: use restart mode first. If the file or directory isn't granted permission for us to copy, use backup mode to copy it.

/e: copy subdirectories, including Empty ones.

/sec: copy files and directories with Security

/copyall: copy files and directories info like auditing info

/TEE: this is an optional parameter which is displayed the coping status on "Command Prompt"

/MT:128 use 128 threaded to copy files and directories. However, it use many CPU resource.

/r:0 I don't want to retry at this time.

/log: save a log file to location

The second time, I prefer to copy the delta of files and directories. I added 4 parameters to copy from source to destination again.

Robocopy <source directory or drive> <Destination directory or drive> /ZB /e /sec /copyall /TEE /MT:128 /r:1 /XD /XF /XO /purge /log:C:\copylog.txt

/XD: eXclude Directories matching given names/paths but it can still add new or extra directories

/XF: eXclude Files matching given names/paths/wildcards but it still can add new or extra files

/XO: exclude older files or directories

/purge: delete dest files/dirs that no longer exist in source. 

After that, we can migrate share permission of share folder. To migrate share permission, please read Migrating File Servers in the same domain. Then, we can stop sharing from the old server and change the network drive mapping to the new file server.

This posting is provided “AS IS” with no warranties, and confers no rights!

Change network connection profile by PowerShell on Windows 8 or later

Started from Windows 8, there are 2 PowerShell cmdlets for administrators to get and set network connection profiles which are Get-NetConnectionProfile and Set-NetConnectionProfile.

Get-NetConnectionProfile can check the current network connection profile for all network NICs.

The current network profile of this NIC is "Private"

To change the network connection profile to public, we can perform Set-NetConnectionProfile -InterfaceAlias <NIC Name> -NetworkCategory Public.

The network connection profile has been changed to "Public"

Make sure the PowerShell console is "run as administrator". if not, you get the following error message.

Set-NetConnectionProfile : Unable to set the NetworkCategory ...

From Windows 10 PowerShell console

The another reason to show this error message is that you performed Set-NetConnectionProfile to "DomainAuthenticated".

From Windows 8.1 PowerShell console

"DomainAuthenticated" network connection profile should be automatically assigned when a computer was joined domain. It cannot be changed by Set-NetConnectionProfile cmdlet because it is controlled by "Network List Manager" of Group Policy. However, we can change the other NICs of domain computers.

This posting is provided “AS IS” with no warranties, and confers no rights!

Microsoft published the update change log of the February 2016 update for Windows 10

In February 2016 update for Windows 10, Microsoft published the first update history of a cumulative update for Windows 10. Now, we can go to the following web sites to check which updates are applied to Windows 10 in this cumulative update.

Windows 10 update history

Cumulative update for Windows 10 1511: February 9, 2016

Cumulative update for Windows 10: February 9, 2016

This posting is provided “AS IS” with no warranties, and confers no rights!

Enable nested virtualiztaion on Windows Server 2016 TP4 or Windows 10

In Windows 10 build version 10586 and Windows Server 2016 Technical Preview 4, Microsoft added nested virtualization on Hyper-V. We can enable Hyper-V feature on a virtual machine which is installed Windows Server 2016 TP4 or Windows 10 build 10586. The build versions prior to Windows Server 2016 TP4 or Windows 10 build 10586. It doesn't work. At this moment, there are some limitations on a virtual machine which will be enabled Hyper-V feature.

• Dynamic memory must be off
• Runtime memory resize doesn't support (Windows Server 2016 Hyper-V new feature)
• Checkpoint doesn't support
• Live migration doesn't support
• Save or Restore of a virtual machine doesn't support

There are some requirements to use nested virtualization.

• Once nested virtualization is enabled in a VM, MAC spoofing must be enabled for networking to work in its guests
• Hosts with Device Guard enabled cannot expose virtualization extensions to guests. You must first disable VBS in order to preview nested virtualization
• Hosts with Virtualization Based Security (VBS) enabled cannot expose virtualization extensions to guests. You must first disable VBS in order to preview nested virtualization
• This feature is currently Intel-only. Intel VT-x is required
• Beware: nested virtualization requires a good amount of memory. I managed to run a VM in a VM with 4 GB of host RAM, but things were tight

Reference from Windows Insider Preview: Nested Virtualization

To enable nested virtualization on a VM, we can perform Set-VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $True

or We can use a script which is provided by Microsoft to enable it.

The script will configure a virtual machine to fulfill the requirements like disabling Mac address spoofing, changing the memory size and so on.

Then, we can enable the Hyper-V feature on a VM.

Please try to use it and give some feedback to Microsoft.

More information:

Nested Virtualization

This posting is provided “AS IS” with no warranties, and confers no rights!

Check allocation unit size of formatted NTFS volume

To easily check the current allocation unit size of formatted NTFS volume, we can perform fsutil command to do it.

1. Launch Command Prompt at administrator.

2. Perform fsutil fsinfo ntfsinfo <Drive letter or CSV path> to check the "Bytes Per Cluster".

This volume was formatted as 4K

This volume was formatted as 64K

Or, we can perform Get-CimInstance Win32_Volume | FT Name,BlockSize -AutoSize to check it.

This posting is provided “AS IS” with no warranties, and confers no rights!

Security in the Enterprise on Microsoft Virtual Academy (MVA) course

There is a new course on Microsoft Virtual Academy (MVA) to talk about security. Security in the Enterprise is hold by Simon May, Infrastructure Technical Evangelist, and Erdal Ozkaya, Microsoft MVP in Windows IT Pro. It a entry level MVA course to let you understand the concept and get some tips to protect your enterprise. It's worth watching it.

This posting is provided “AS IS” with no warranties, and confers no rights!

Clear Windows.old after update to Windows 10

After updated to Windows 10 on your computer, there is a folder named Windows.old to store your old Windows environment like Windows 7 or Windows 8 and 8.1. This folder is used to roll back to previous Windows version when you click Get Started under Recovery. By default, Windows.old will be deleted after 1 month after upgrade successfully. Except the default setting, we can manually delete Windows.old by checking Previous Windows installation(s) at Disk clean-up as administrator right to delete Windows.old.

After deleting Previous Windows installation(s), you cannot roll back to previous Windows version. Make sure your Windows 10 environment is stable before deleting Windows.old.

This posting is provided “AS IS” with no warranties, and confers no rights!

Join Windows 10 workstation to Azure AD

Azure Active Directory (AD) is a new way to store user and group accounts on Microsoft Azure. Azure AD can integrate with Microsoft Intune to provide device management instead of using Group Policy and System Center Configuration Manager (SCCM). In this post, I would like to join a Windows 10 workstation to Azure AD.

Prerequisites

• Make sure you have a Microsoft Azure with configured Azure AD or Office 365 subscription
• Operating System: Windows 10 professional or enterprise workstation
• Make sure the Windows 10 workstation can connect to Internet

Goal

• Join a Windows 10 workstation to Azure AD

Case 1

1. Log in as local administrator on Windows 10

2. Click Start > Settings or press Win key + I.

 

3. Click System.

4. On left pane, click About.

On this window, you can select to join Azure AD or join on-premises domain. There is no option related to join or disjoin Azure AD and domain for normal user accounts.

5. Click Join Azure AD.

6. On Join Azure AD window, click Continue.

7. Enter the user name and password of your Microsoft online subscription like Azure AD or Office 365 and then click Sign in.

8. Click Join.

9. Click Finish.

Case 2

If Windows 10 workstation can access internet when first start up, there is an option for user to join Azure AD.

Enter the user name and password of your Microsoft online subscription like Azure AD or Office 365 and then click Sign in.

This posting is provided “AS IS” with no warranties, and confers no rights!

Learn Windows 10 features from Microsoft Ignite 2015 sessions

In Microsoft Ignite 2015, there are many sessions to talk about Windows 10. In this post, I'd like to share some links which are related to Windows 10. If you're interested, please click the following links to watch these sessions.

Top Features of Windows 10

This session is held by Simon May. He talked about the new feature on Windows 10 and join the Azure Active Directory on Windows 10.

https://channel9.msdn.com/Events/Ignite/2015/BRK2339

Microsoft Edge (formerly "Project Spartan") Overview

In Windows 10, Microsoft Edge is the default browser of Windows 10. To understand more, watch this session.

https://channel9.msdn.com/Events/Ignite/2015/BRK1301

Windows 10 Mobile Device Management (MDM) in Depth

Many companies are interested in Enterprise Mobility Management. Can we apply it in Windows 10 and how to apply it? Watch this session to get some concepts.

https://channel9.msdn.com/Events/Ignite/2015/BRK3313

What's New in Windows 10 Deployment

This session is presented by Michael Niehaus. He talked about the any deployment of Windows 10.

https://channel9.msdn.com/Events/Ignite/2015/BRK3321

I will try to keep updating this post.

This posting is provided “AS IS” with no warranties, and confers no rights!

The management and remote access connectivity of Windows 10

Speaker: Michael Niehaus, Senior Product Marketing Manager

In the last few days, I attended Tech.Days Hong Kong 2015.

In this event, I attended 2 Windows 10 sessions which are "Windows 10: Remote Access Connectivity and Windows 10 Management Technologies: What's New". After attending Windows 10 sessions, it seems that Microsoft tends to use more Microsoft Intune and System Center Configuration Manager to manage Windows 10 or later operating systems. I'm going to explain this.

In Windows 10, we can join the Windows 10 device to Azure Active Directory (AAD).

There is no group policy on AAD. To apply the security settings to Windows 10 device which is joined to AAD, administrators can configure Microsoft Intune on the cloud to integrate with Azure Active Directory. When a device is joined to the Azure Active Directory, it will automatically applied the company policies through Microsoft Intune. Many security settings can be through Microsoft Intune to configure it. If there isn't enough option for administrators to configure it, administrators can upload the PowerShell script to Microsoft Intune. The next version of Microsoft Intune supports WMI bridge and PowerShell configuration. administrators can also upload PowerShell script though Microsoft Intune to apply to the device. Honestly, Microsoft Intune for management desktop isn't robust enough to compare with Group Policy but Microsoft will add more options based on market trend.

The next version of System Center Configuration Manager will be integrated with Microsoft Intune. administrators can use one portal to manage mobile and desktop devices. 

The next version of Microsoft Intune is not only for applying security settings to Windows 10 device but also apply a new feature to Windows 10 device like "Per-application VPN". "Per-application VPN" is a new feature on Windows 10 to control which applications can be connected to the corporate network. For an example, your company only allows Internet Explorer to connect to your corporate web site through VPN. Apply "Per-application VPN" to a Windows 10 device which is enrolled Mobile Device Management (MDM) by Microsoft Intune. The user still can use other browsers like Chrome to access other web sites but the chrome browser cannot access the corporate web site.

In Windows 10, Microsoft works with other VPN vendors like Cisco, F5 and so on to change the configuration method of VPN. Users can be through Windows Store to download and install VPN plug-in from supported vendors. After that, users can set up a VPN connection at "Add a VPN connection" Wizard.

After installing other VPN plus-in from Windows Store, we can select it from "VPN provider". It's easy for us to set up a VPN connection from any vendor.

Eventually, there are some new management solutions in Windows environment. The old management solution like Group Policy will be phased out in the future.

This posting is provided “AS IS” with no warranties, and confers no rights!

Hyper-V Network Adapter Name in Windows Server 2016 (Technical Preview)

Starting from Windows Server 2016 (Technical Preview), Microsoft added Hyper-V Network Adapter Name property on Windows 10 and Windows Server 2016 (Technical Preview).

This property works with "Device naming" option of virtual NICs of virtual machines which are installed generation 2 version.

In Windows Server 2012 and Windows Server 2012 R2, we can create virtual NICs with the name which you assigned to virtual machines by performing PowerShell cmdlet, Add-VMNetworkAdapter -Name. However, virtual machines don't know the name which you assigned. Microsoft added this option, Device naming, in Windows Server Technical Preview or Windows 10 with Hyper-V for virtual machines which are installed generation 2 version.

Enabled "Device naming" option on vNICs of a virtual machine, the vNIC name will be passed to "Hyper-V Network Adapter Name" value into a virtual machine. I'm going to do a demonstration for this.

Lab environment

• 1 Hyper-V host which is installed Windows Server Technical Preview named HV02
• 1 generation 2 virtual machine which is installed Windows Server Technical Preview named WSTP without vNIC

Lab

Launch "PowerShell" console, perform "Add-VMNetworkAdapter -VMName WSTP -SwitchName <Virtual Switch Name> -Name <vNIC name>".

A new vNIC has been added into WSTP. Then, we need to enable Device naming option by performing "Set-VMNetworkAdapter -VMName WSTP -Name <vNIC name> -DeviceNaming On".

To check the "Hyper-V Network Adapter Name" value in a virtual machine, we can use Device Manager or PowerShell".

I hot-added a vNIC into the running virtual machine so there is no value at this moment. The virtual machine is needed to shut down and then power on to update the value. 

Remark: We can also restart the virtual machine for updating the Hyper-V Network Adapter Name value. However, I found that some types of value cannot pass to the value box by restarting virtual machine in Windows Server Technical Preview and Windows 10 Technical Preview. The value will be showed Network Adapter in Hyper-V Network Adapter Name value.

These types of value affect the result.

1. The virtual NIC name is more than 6 characters.

2. Or, the virtual NIC name included space in the whole name.

3. Or, the virtual NIC name included characters.

I think the next release will fix this minor bug.

After shut down and power on the virtual machine, the Hyper-V Network Adapter Name value has been updated into a virtual machine.

In my opinion, this is a useful feature for us to identify which NIC is a virtual machine mapped to which virtual NIC name. However, the feature only supports virtual machines which are installed Windows Server Technical Preview and Windows 10 Technical Preview. I hope the feature in the RTM version of Windows Server will support the previous operating systems like Windows Server 2012 and Windows Server 2012 R2.

More references:
Sneak Peek into the Next Release of Windows Server Hyper-V

Hot add/remove of network adapters and enabling device naming in Windows Server Hyper-V

This posting is provided “AS IS” with no warranties, and confers no rights!

Hot add or remove virtual NICs for generation 2 virtual machines on Hyper-V of Windows Server Technical Preview (vNext)

As previous versions of Hyper-V, we need to shut down to add or remove virtual NICs on virtual machines. In Windows Server Technical Preview (vNext), we can hot add or remove virtual NICs on generation 2 virtual machines.

The generation 2 virtual machines support Windows (Windows 8 x64, Windows 8.1 x64, Windows 10 x64, Windows Server 2012, Windows Server 2012 R2 and Windows Server Technical Preview (vNext)) and Linux (CentOS, Red Hat Enterprise, Debian, Oracle, SUSE, Ubuntu and FreeBSD) operating systems.

Remark: Please check the Linux versions which are supported to install on generation 2.

To hot add or remove virtual NICs on virtual machines, we can use Hyper-V manager or perform PowerShell cmdlet.

Lab environment

• 1 server is installed Windows Server Technical Preview with Hyper-V role

On Hyper-V Manager of Windows Server Technical Preview (vNext), we can select an option of virtual machine settings to add Network Adapter on a virtual machine which is running.

Add and apply the network adapter to the virtual machine.

The virtual NIC was added to the running virtual machine immediately.

Click "Remove" to remove the virtual NIC of this virtual machine.

Click "Yes".

The virtual nic of this virtual machine was removed.

Perform "Add-VMNetworkAdapter -VMName <VM Name> -SwitchName <Virtual Switch Name>" to add a virtual NIC for the virtual machine.

Perform "Remove-VMNetworkAdapter -VMName <VM Name>  -Name "Virtual NIC name"".

Eventually, Microsoft added this feature on Hyper-V of Windows Server Technical Preview. Let wait and see the final version of the next version of Windows Server.

This posting is provided “AS IS” with no warranties, and confers no rights!