Hyper-V Setup - ethan's notes

# Update Server Firmware 1. Boot into Lifecycle controller (F10) 2. Setup lifecycle controller with DHCP shared with the server management port. This is not active until you boot into the Lifecycle controller. port should not be a part of a teamed adapter. 1. Set DNS to `8.8.8.8` 2. Setup iDRAC with open static IP, setup credentials and document 3. Get latest Firmware from HTTP server. `ftp.dell.com` (user and other info blank) 1. If `ftp.dell.com` does not work try using HTTP mode, select Network Share -> HTTP and enter `downloads.dell.com` in the Share Name/Address field. Then enter catalog in the File Path or Update package path to download the latest update catalog. # Configure BIOS 1. System Setup > Advanced Hardware Configuration (may also be accessible through iDRAC) 1. System BIOS 1. SATA settings > AHCI Mode 2. Boot settings > UEFI 3. System Profile Settings> Performance 4. System Security > AC Power Recovery: On 5. Miscellaneous Settings > 1. Set Time and Date 2. Add MT Tag number 3. F1/F2 Prompt on error Disabled 2. Configure RAID and deploy OS 1. If installing a different OS or RAID level than the default install 1. Delete existing virtual disk and create new. Name the volume “Storage”. Keep all other settings default with exception to the RAID type. For 4 drives use Raid 10. For 3 use RAID 5 1. Deploy OS 2. Install Server2016 (With GUI for stand-alone servers. This is no longer switchable on Server2016) 3. Create 90GB Partition & Install OS # Configure Windows Server 1. Change local Administrator Password and document 1. **NOTE:** Hyper-V Hosts should **not** be domain joined. This allows for reduced impact in case domain credentials are compromised. The exception to this is for Hyper-V Clusters. Make sure Local Admin credentials are not the same as Domain Admin. 2. Change Computer Name: COMPANY-HV01 3. Ensure Passwords Never Expire ```cmd net accounts /maxpwage:unlimited ``` 4. Enable Remote Desktop 1. Network Level Authentication checked 5. Set Date & Time / Zone 6. Turn off IE enhanced security for Admins (Install Edge) 7. Add Shared Folder named ‘Transfers’ to drive of Hyper-V – (Only Admin access) 8. Install the following roles/features 1. Hyper-V role (Change default locations in Hyper-V for VHDs and VM’s to DATA drive) 2. telnet client ```PowerShell Install-WindowsFeature -Name Hyper-V,Telnet-Client -IncludeManagementTools -Restart ``` 9. Download & Install Updates 1. Settings -> Update & Security -> Windows Update -> Check for Updates 10. Create a DATA Partition using unallocated space (Not for SAN deployments) 11. Install Connectwise Automate using company specific install file 12. Change Power options to High Performance 13. Adjust Hyper-V shutdown timeout settings (this is the amount of time it will wait for VM's to shutdown before the host shuts down) 1. `HKLM\Software\Microsoft\Windows NT\CurrentVersion\Virtualization\ShutdownTimeout` (set this to 300 seconds for a server with a small load or 600 seconds for a larger server deployment with several VM's) # Setup Remote Management for Core 1. Enable Remote Management on Server 1. Open Command Prompt 1. `netsh advfirewall show currentprofile` (if profile is public see step 2 first) 2. `netsh advfirewall set currentprofile settings remotemanagement enable` 3. `netsh advfirewall firewall set rule group="Windows Firewall Remote Management" new enable=yes` 4. `winrm qc` 1. WinRM Make Changes: Yes 2. Force NLA to Private Network: 1. Use `Get-NetConnectionProfile` to find the InterfaceIndex #X 2. `Set-NetConnectionProfile -InterfaceIndex X -NetworkCategory Private` (Replace X with interface index number.) 3. Verify using `Get-NetConnectionProfile` again 3. Run the following PowerShell commands on server ```PowerShell Enable-NetFirewallRule -DisplayGroup “Windows Remote Management” Enable-NetFirewallRule -DisplayGroup “Remote Event Log Management” Enable-NetFirewallRule -DisplayGroup “Remote Volume Management” Set-Service VDS -StartupType Automatic Enable-PSRemoting Enable-WSManCredSSP -Role server netsh advfirewall firewall set rule group="Remote Volume Management" new enable=yes ``` # OpenManage Configuration 1. Insert DVD in server and install OpenManage AND the iDRAC Service module. 1. Open Command Prompt (admin) and change working directory to `D:\SYSMGMT\srvadmin\windows\SystemsManagement\` 2. Run `Msiexec.exe /i SysMgmt.msi` 3. Run: `netsh advfirewall firewall add rule name="OMSA" dir=in action=allow profile=any localip=any remoteip=any localport=1311 remoteport=any protocol=TCP interfacetype=any` # Network Configuration > [!Warning] > Do not Team between two different NIC vendors. We have seen problems with this in the past ## Switch Embedded Teaming (SET) 1. Get your network adapters ```PowerShell Get-NetAdapter ``` 2. Rename network adapters ```PowerShell Rename-NetAdapter -Name "Ethernet" -NewName "ManagementAdapter" ``` 3. Create the VM Switch with the appropriate adapters ```PowerShell New-VMSwitch -Name SETswitch -NetAdapterName "S1-P1","S1-P2" -EnableEmbeddedTeaming $true ```