IT Strategies from Window NT 3.51 to the Cloud Era – Part 1

Posted on by
1

Because hope don’t float!
This is part 1 of a series on IT Strategies. Just some musings. You can find Part 2 here: https://blog.workinghardinit.work/2010/08/14/it-strategies-from-window-nt-3-51-to-the-cloud-era-part-2/
Not many people I meet in businesses seem to be able to define “ICT strategy” without playing some sort “Bullshit Bingo” I’ll give you my opinion. During my years in IT I’ve read and thought a lot about the value of what we design and build. What you’ll find here stems from well over a decade of reading, thinking, working, discussing and helping to develop IT Strategies with colleagues, businesses and consultants whilst exploring ways to deliver value through ICT. One thing I should perhaps add that I have never been in a sales role, so this is not from an account manager’s perspective. But I do recognize and accept that everyone whatever his or her function has a “sales” role in order to be allowed to execute ones proposals. I owe a debt of gratitude to so many people over the years who have helped shape my vision on IT. There are so many voices and opinions, some I agree and some I disagree with, that have influenced my ideas, that in the end all of what you read here is a collection of all those opinions combined with my interpretation of them. Part 1 is about where IT strategies fit in and why they are. Part 2 will address my opinion on how to achieve them.

Introduction

The reason you hear more and more about strategic IT and commodity IT in recent years is due to the attention cloud computing is getting in the media. One of the main forces driving the cloud computing business is economic pressure and the need to provide affordable, scalable IT in a commodity market. Combine this with the “discovery” of business and IT alignment by main stream management and the “strategic” plans will flow abundantly. They’ll almost certainly throw in an “IT needs to learn it’s here for the business needs”. What does that really mean? That management is not capable of using IT for its business needs and allows money to be wasted. Whose responsibility is that? What if they let the same happen between financials and sales? In my humble opinion main stream business managers urgently need to make the effort to learn about the realistic use and benefits of IT. A divide between business and IT is a manmade artifact and not something natural, it is a result of management failure. Bar the stereo type nerds, I see more efforts of IT managers & architects to think business minded than by main stream management in thinking about using IT as a true competitive differentiator. Once the words economy and competition are in play you start talking strategies, just like the military. That’s not a coincidence. Take away the niceties and business is a non-lethal form of warfare. I guess that’s why “The Art of war” was or is such a popular book in top business circles. Just do an internet search for “The art of war business strategy”. The correct definition of what strategy means is out there in plain sight for all of to read and learn.

So why is it that when talking about strategies, ICT related or otherwise, you rarely get a solid response that truly addresses the subject? People seem to mistake simple long term planning and goals for strategies. Plans are used to realize strategic goals; they do not define a strategy. A strategy is what you will do to out flank your competitors to gain an advantage. That advantage, in today’s world, means being different and good. It is almost certainly not about being the best. What is best depends too much on the unique situation of every organization, its specific needs and circumstances at that moment in time. It’s indeed all rather fluid and dynamic, so “best” is very time limited. Anyway you’d better have something that differentiates you from the competition in a positive way. Otherwise there is no compelling reason to become your customer.

Why is having a unique approach and being good at it so important? Being the same as anyone else makes you plain, a commodity that’s readily available. If on top of that your customer’s service sucks, you’ll start losing customers as no one is willing to pay for that. This drives down prices even more and robs you of all potential benefits of any unique selling points you might have. That is far from competitive. Unless your aim is to become king of low priced, bulk delivery for a product that doesn’t require services whatsoever that’s a bad strategy and even then you will have to be better than your competitors in that particular playing field. You have to stand out somehow.

Also, a strategy has to be correct and honest. False assumptions, self-deception, faking and lying as in “methodology religion” will make you lose all professional credibility with your personnel and investors. Once you’ve sunk to that level there is little or no hope of ever recovering from that position. You really cannot get away with faking a strategy.

So what is “my” strategy as an infrastructure guy in a business world to make sure that we are different and good? Well, you already read the appetizer, now read on to find out. And believe me, you need to find out! Way too many business & IT strategies are esoteric boardroom level documents that have little or no correlation with the reality in the trenches. They are made to have some checkboxes ticked on an audit report or are actually just plans with not strategic content what so ever. Sometimes you really wonder why they even bother making them. At least they could have avoided wasting the time and effort.

Defining how the ICT strategy relates to the business strategy

Before we can define what makes a good ICT strategy we need to talk business. It needs to be a part of the strategic business plan or you shouldn’t even bother having one. Oh, and by the way, if you don’t have a high quality business plan made by and supported in actions by knowledgeable, passionate, driven, motivated and hardworking management, walk away. No good ICT strategy will ever come from such a situation. Buying technology cannot fix organizational problems. Please repeat this last sentence at least three times out loud. You need to hear it and let the message sink in! In such a situation having an IT strategy is the least of your problems.

We already stated that a strategy is about distinguishing you from your competitors. This can mean many different things depending on the circumstances. Better products, the same product but with better services, cheaper but good enough for its purpose, etc. Be brutally realistic. If what you do does not set you apart from your competition in a positive way, you have no strategy or have been ill advised on what constitutes a strategy. The fact that “no one else does what we do” is not a strategy, it will not last! The fact that people are obligated to use your services by law is not a strategy. It might be a short term advantage, but it creates no good will with your customers, especially not if your services or products are mediocre or bad. And please be more than just be the odd one out, sure you’re different but that’s not the different you’re looking for.

You must also realize that strategies have a limited shelf life. Sooner or later your competitors will realize what your strategy is and if it works they will start copying it. More often than not they will add some improvements having the benefit of 20/20 vision through hind sight. This means that, over time, what was once a distinguishing solution that gave you a competitive advantage becomes a mere main stream commodity. Now please realize that being a commodity does not mean irrelevant or useless. Power, heating, fuel, telephones, e-mail, storage, file servers… are all commodities we cannot do without! But in the commodity sector you will compete by being different in pricing, quality of services and added value. Only when technology becomes a blast from the past by significant advances or changes in science it becomes economically useless. Think steam engines … but … retro does exist and come backs do occur. Windmills any one?

I know the cloud hype recuperates just about everything that is delivered can be over the internet and is service oriented but please realize that not all commodities are or will be services.

clip_image002[5]

Given the fact that strategies are far from long lasting entities, what does this mean for an IT strategy? Simply put: speed and agility are of the essence. We must be capable of moving fast and decisive. There is no time anymore for years of thinking, contemplating and testing. The long term vision must still exist and it is extremely important, but it is not the same as a strategy. To reap the benefits of long term thinking one needs to survive long enough to be around! 15 year long term strategies are doomed. These are day dreams. A bit like the Maginot Line the French build for over a decade but was utterly useless as its concept was out of date by the time World War II broke out. Long terms visions are realized through several sequential and adaptive strategies. As you can see in the figure with time strategic solution becomes a commodity and a part of the IT infrastructure that needs to be maintained. A good strategy takes this into account so that the strategic solution can evolve into an operational and tactical commodity instead of a very expensive drain of resources.

One could say that all IT can be found somewhere between following states:

· Strategic: Technology that differentiates us in support of (new) business strategies. This is what makes us more competitive, that adds value, because it’s unique and innovative.

· Commodity: Stuff we need but no longer adds competitive advantage. It does provide tactical or operational benefits and you can’t do without them. Make note, strategic commodities exist, oil is a prime example, water another one. So commodity is not a synonym for low value, it just doesn’t add value in itself or no longer serves as a differentiator.

Everything else, whether it is cheap or expensive, subsidized or self-sustaining are frankly technology hobbies (not in the picture). Where are the value and the profit? Management should avoid this. The best thing that can happen here is that you actually learn something building & maintaining it or use it as a lab for creative innovation. But that’s not a hobby anymore … that’s a dream job for engineers.

Tell me what an ICT strategy is already!

An ICT strategy supports the business initiatives that provide a competitive advantage to an organization in such a way that it does not become a pain in the ass over time. Only incur technology debt where and when needed and manage it carefully. But how the hell does that materialize in reality you must be wondering by now? Well it is the combination of creatively building, deploying, operating and using solutions that deliver value by making you more competitive. Solutions scan be realized using standard software and hardware, with custom build applications or a combination of both. Whatever the case … the solution requires very knowledgeable people, serious skill sets, a mind driven by curiosity and the need for results.

People buy results, not services or efforts. This is one of the big mistakes in the thinking of many modern so called service driven companies. They fail to provide good services, let alone results. They are in effect just low cost / low value operators. If you provide services they need to be there to produce the results. Otherwise you are, for all practical purposes and intent, lying which will come back to bite you. Take note however that too much service is financial suicide. Don’t cater to individual and unique needs unless that is your core business.

Since solutions are custom build on development platforms and infrastructure it is critical to realize that the choice of platforms and infrastructures can mean the success or failure for an organization since it directly relates to its ability to compete. Yes, once again, the reason for having a strategy in the first place!

The most common issue we see when dealing with an IT strategy is that many organizations have no clear picture about what they do, how and why. They just seem to do “stuff” and expect of rather hope that hard work and effort will help them realize their goals. But without clear and well defined goals there is no way of achieving them. Efforts and hard work alone will not produce results. Customers do not pay for hard work, they do not reward efforts. That was something that worked in kinder garden but fails in a business environment. Remember, customers pay for results. You cannot buy a product that will deliver these out of the box.

So what must an ICT strategy achieve?

Since we have seen that strategic solutions eventually become commodities, any combination of infrastructure, platforms and solutions must work well during their entire life cycle. Decisions that focus only on strategy might lead to the implementation of the latest and greatest technology. This can lead to very divers, esoteric and heterogeneous environments with very high integration & support costs. It also incurs the cost of finding, retaining and maintaining good developers and engineers with knowledge about such systems.

On the other side of the equation one can not only worry about keeping short- and long-term support costs low. This will lead to missing out on the business benefits that new technologies can bring. In the end finding the right balance between these two is very important and failing to do this will be very costly in financial repercussions, lost opportunities and failed projects. This ends in the downfall of the organization since it becomes irrelevant in the market and has no more means to support itself.

Custom build solutions do not exist in isolation. They need to run on an infrastructure, connect to other systems, be able to be secured etc … This is called integration and if this is overlooked it can become a financial burden that negates the added value of an IT solution and make it a cost instead of an asset. For example “Best of breed” has often failed in the sense that is did not deliver enough value to justify the high cost of acquisition, maintenance and integration. The real killer here is the efforts and thus cost involved in integrating all these. Even if you do get it to work it is often in a way that negates good practices, reduces security and incurs a high, cumbersome administrative overhead which is error prone and expensive. It does make a good revenue stream however for “consultants”.
This is part 1 of a series on IT Strategies. Just some musings. You can find Part 2 here: https://blog.workinghardinit.work/2010/08/14/it-strategies-from-window-nt-3-51-to-the-cloud-era-part-2/

Reflections on Getting Windows Network Load Balancing To Work (Part 2)

Posted on by
59

This is part 2 in series on Windows Network Load Balancing. Part 1 can be found here: https://blog.workinghardinit.work/2010/07/01/reflections-on-getting-windows-network-load-balancing-to-work-part-1/

On Default Gateways, Routing & Forwarding.

Here’s a bullet list of what people tend to trip over when configuring NLB network settings.

  • No support for multiple Default Gateways that are on multiple subnets
  • The default gateway does not have to be empty on the NLB NIC
  • The Private and the NLB NIC can be on separate or the same subnets
  • You can have multiple Default Gateways if they are on the same subnet
  • Don’t forget about static routes where and when needed.
  • Beware of the strong host model in Windows 2008 (R2) for both IPv4 & IPv6 (WK3 it was only for IPv6)
  • Mind the order of the connections in Adapters and Bindings.

Now let’s address the subjects in this list.

No support for multiple Default Gateways that are on multiple subnets

When using IP addresses from different subnets you cannot have a default gateway on every NIC because that will cause routing issues. This is not different for the NIC’s used in Windows NLB. So you can have only one NIC with a Default Gateway and if the other NICs need to route somewhere you need to add static persistent routes. Those routes must be persistent or they will not survive a reboot of the server. In the figure below you see a classic two NIC NLB cluster with the Default Gateway Empty on the NLB NIC. This could be a valid setup for an intranet. You can add routes for the subnet in the company that need to be able to talk to the NLB Cluster and you’re golden. The Private NIC gets a default gateway and acts like any other NIC in your network.

In this example we have the Default Gateway on the Private NICs they can route internally and to the internet. If you need traffic to & from the internet form the NLB NIC you could enable forwarding on the NLB NIC or enable weak host behavior which can be done more atomic than what you achieve by enabling forwarding. If you only need to route internally we could use the same approach of enabling forwarding instead of adding static persistent routes for the NLB NIC. But then you don’t isolate & protect traffic that neatly and it will route to everywhere the default gateway can get.

So we prefer to play with static persistent routes in this case. We’ll briefly look at some examples now. If you only need to route internally (i.e. to reach the database or a client PC) from the NLB NIC we add the needed static persistent routes on the NLB NICs using the route command.

In order for the NLB NICs to reach the database with strong host model and no forwarding enabled:

Route add -p 10.30.0.0 mask 255.255.0.0 10.10.0.1

To reach the client PC’s:

Route add -p 10.20.0.0 mask 255.255.0.0 10.10.0.1

(Using route print you can look at the routes and using route delete you can get rid of them.)

Or by using netsh, (it’s advised to use netsh from Windows 2008 on)

netsh interface ipv4 add route 10.30.0.0/16 “NLB NIC” 10.10.0.1

netsh interface ipv4 add route 10.20.0.0/16 “NLB NIC” 10.10.0.1

(you can look at the routing table by using netsh interface ipv4 show route, with netsh interface ipv4 delete route you get ridd of then, see http://technet.microsoft.com/en-us/library/cc731521(WS.10).aspx for more information.

You could also connect to the database over the PRIVATE NIC and then you don’t need that route. If you can configure it like that it’s a good solution. But all situations differ.

You can also play with the weakhost / stronghost model behaviour:

netsh interface ipv4 set interface Private NIC weakhostsend=enabled

netsh interface ipv4 set interface Private NIC weakhostreceive=enabled

netsh interface ipv4 set interface NLB NIC weakhostsend=enabled

netsh interface ipv4 set interface NLB NIC weakhostreceive=enabled

Now don’t just blindly enable on every NIC you can find on the server. Test what you really need and use only that. I leave that as an exercise to the readers. It really depends on the situation and needs for your particular situationJ. Keep in mind that when you enable weakhostsend and weakhostreceive on every NIC this reverts your Windows 2008 servers back to Windows 2003 behavior and this might not be needed or wanted. So just enable what you need for optimal security.

Naturally enabling forwarding will do the trick as well, as this creates a weak host model. Depending on how many NICs you use and how traffic must flow you might have to do it on more than one NIC, normally the one(s) without a default gateway.

netsh interface ipv4 set interface “NLB NIC” forwarding=enabled

 

If you want to see the configuration of the NIC you can run:

           netsh interface ipv4 show interface l=verbose

That will produce something like below:

Interface Local Area Connection Parameters

IfLuid                             : ethernet_5
IfIndex                            : 3
State                              : connected
Metric                             : 10
Link MTU                           : 1500 bytes
Reachable Time                     : 21500 ms
Base Reachable Time                : 30000 ms
Retransmission Interval            : 1000 ms
DAD Transmits                      : 3
Site Prefix Length                 : 64
Site Id                            : 1
Forwarding                         : disabled
Advertising                        : disabled
Neighbor Discovery                 : enabled
Neighbor Unreachability Detection  : enabled
Router Discovery                   : dhcp
Managed Address Configuration      : enabled
Other Stateful Configuration       : enabled
Weak Host Sends                    : disabled
Weak Host Receives                 : disabled
Use Automatic Metric               : enabled
Ignore Default Routes              : disabled
Advertised Router Lifetime         : 1800 seconds
Advertise Default Route            : disabled
Current Hop Limit                  : 0
Force ARPND Wake up patterns       : disabled
Directed MAC Wake up patterns      : disabled


The default gateway does not have to be empty on the NLB NIC

It is not a hard requirement to leave the Default Gateway on the NLB NIC empty and put it on the private NIC. You can set it on the NLB NIC and leave the private NIC’s gateway empty instead. An example of this you can see in the demo. This is the best choice in my opinion when you need the NLB NIC to route to destinations you don’t know how to reach, i.e. the internet, so for public websites. The prime function of the default gateway is exactly to help with that. When you don’t know where to send it, send it to the Default Gateway. If you need to reach other internal subnets from the Private NIC, just use static routes. Don’t use the NLB NIC as that is internet facing in this case. You can see an example of this in the figure below. Also in this case you’ll find that you do not have to enable forwarding on the NIC using netsh, as the NIC that has to answer to the unknown IP Address has the Default Gateway. This setup works great for example in a managed domain environment for internet access where the NLB NICs are internet facing and the private NIC is for management, Active Directory, Backups, etc.

In this example we have the Default Gateway on the NLB NICs so it can route internet traffic. Any routes needed in the Private NIC subnet are added as persistent static routes. An example of this is to reach the database server.

As traffic from the Private range is never supposed to go via the NLB Public range and vice versa we do not need to care about forwarding or strong host /weak host models. We can keep traffic nicely separated and that is a good thing. If you build this on Windows 2008(R2) just like you did on Windows 2003 it would work out of the box and you might not even know about a change in default behavior from weak host model to strong host model.

To get the PRIVATE NIC to reach the database server you’d add static routes and be done with it.

Add needed static persistent routes using the route command:

Route add -p 10.20.0.0 mask 255.255.0.0 172.16.2.1

Or by using netsh, (it’s advised to use netsh from Windows 2008 on)

netsh interface ipv4 add route 10.20.0.0/16 “PRIVATE NIC” 172.16.2.1

No requirement to have different subnets for Private and NLB NICs  / Multiple Gateways When the subnets are the same

There is no requirement to have different subnets for every NIC. Sometimes I read that this is a requirement on forums when someone is having issues but it’s not. You can also experiment with multiple Default Gateways if they are on the same subnet (WARNINGS APPPLY*)

So here you can play with giving every NIC a default gateway (same subnet, so no issues), with static persistent routes, with enabling forwarding and weak host / strong host configuration. I tend to use only one gateway and use static persistent routes. If I need to relay I’ll go for weak host minimal configuration or revert to forwarding.

WARNINGS APPLY*: When you start having multiple NIC’s for multiple NLB Clusters on the same NLB nodes, things can get a bit complicated and unpredictable. So I prefer only to use a default gateway on both NICs when you have two NIC , one for private (management) traffic and one for the NLB cluster traffic. Once you have multiple NIC’s for multiple NLB clusters (1 private NIC + 2 or more NLB cluster NICs) you can no longer play this game safely, even if they are all on the same subnet, without running into trouble I have experienced. You can get an event id 18 “NLB cluster [X.X.X.X]: NLB detected duplicate cluster subnets. This may be due to network partitioning, which prevents NLB heartbeats of one or more hosts from reaching the other cluster hosts. Although NLB operations have resumed properly, please investigate the cause of the network partitioning” . Also in this situation you can’t have a default gateway on the management NIC and one on one of the NLB NIC’s without a default gateway on the second NLB NIC. Forget that. You can get issues with a node remaining in “converging” forever and what’s worse the NLB cluster will send traffic to all nodes so 1/x connections will fail. Rebooting one node might help but once you reboot ‘m both you run the risk of this happening and you really don’t want that. Once you dealing with multiple cluster IP addresses on multiple separate NIC’s you’d better stick to one default gateway on one of the NIC’s and nowhere else.  This kind of makes me wonder if it’s pure luck that it works with 2 cluster NICs or not, with multiple and with reboots of the nodes I know we run into trouble and that’s no good.

It’s also smart not to mix static routes with forwarding to achieve the same thing. And please have the exact same configuration on very particular NIC on every node. Not one node with NLB NIC 1 routing via static routes and the other node using forwarding on NLB NIC 1. That’s asking for inconsistent behavior.

We’ll briefly look at some examples now.

If you only need to route internally (i.e to reach the database or a client PC) we add the needed static persistent routes on the NLB NICs using the route command.

In order for the NLB NICs to reach the database with strong host model and no forwarding enabled:

Route add -p 10.30.0.0 mask 255.255.0.0 10.10.0.1

To reach the client PC’s:

Route add -p 10.20.0.0 mask 255.255.0.0 10.10.0.1

(Using route print you can look at the routes and using route delete you can get rid of them.)

Or by using netsh, (it’s advised to use netsh from Windows 2008 on)

netsh interface ipv4 add route 10.30.0.0/16 “NLB NIC” 10.10.0.1

netsh interface ipv4 add route 10.20.0.0/16 “NLB NIC” 10.10.0.1

(you can look at the routing table by using netsh interface ipv4 show route, with netsh interface ipv4 delete route you get ridd of then, see http://technet.microsoft.com/en-us/library/cc731521(WS.10).aspx for more information.

You can also just enter the default gateway on the NLB NICs as well. All NICs are on the same subnet this will cause no issues. Just remember that traffic will also go to where ever that gateway routes, even to the internet.

We already know we can play with the weakhost / stronghost model:

netsh interface ipv4 set interface Private NIC weakhostsend=enabled

netsh interface ipv4 set interface Private NIC weakhostreceive=enabled

netsh interface ipv4 set interface NLB NIC weakhostsend=enabled

netsh interface ipv4 set interface NLB NIC weakhostreceive=enabled

Again don’t just blindly enable on every NIC you can find on the server. Test what you really need and use only that. I leave that as an exercise to the readers. As I’ve said before, it really depends on the situation and needs for your particular situation. Keep in mind that when you enable weakhostsend and weakhostreceive on every NIC this will just revert your Windows 2008 server into Windows 2003 behavior and this might not be needed or wanted. So just enable what you need for optimal security.

There is a very good explanation of strong and weak host behavior by “The Cable Guy” at http://technet.microsoft.com/en-us/magazine/2007.09.cableguy.aspx I strongly advise you to go take a look.

And naturally enabling forwarding will do the trick in this scenario as well, as this creates a weak host model. Depending on how many NICs you use and how traffic must flow you might have to do it on more than one NIC, normally the one(s) without a default gateway.

netsh interface ipv4 set interface “NLB NIC” forwarding=enabled

When & Why Use Three NICs or more?

NLB supports using multiple network adapters to configure separate clusters. This allows for configuring multiple independent clusters on each host. We used to have only virtual clusters meaning that you could configure multiple clusters on a single network adapter. Anyone who ever had to trouble shoot some networking or configuration issues on a production NLB will appreciate the ability to limit interruptions and problems to one cluster instead of 2 or more. As an example of this I had to trouble shoot a CAS/HUB Exchange Implementation two node NLB implementation. The NLB Cluster of the CAS role had this very issue, but since it was running on its own cluster with a separate NIC the HUB role NLB cluster has no issues what so ever. Another good reason to use more NIC is to separate traffic, for example FTP versus HTTP on the same NLB Cluster.

One of the worst things that can happen is that an issue messes up the proper functioning of the NLB itself. That way even if the virtual IP remains available no host or only some of the hosts get network traffic. That means the cluster is unavailable or is only partially responding. This is a bad situation to be in and can be hard to trouble shoot. Since it’s a high availability technology you can bet someone is looking over your shoulder that has a vested interest in getting that resolved as soon as possible.

Mind the order of the connections in Adapters and Bindings

Make sure the PRIVATE NIC that is to be used for private network traffic (DNS, AD, RDP, …) is listed first. That prevent any issues (speed, functionality) of those services and you experience will be much better. This is illustrated in the figures below. LAN-HUB is the PRIVATE NIC here. The others are for NLB (yup it’s an Exchange 2010 setup).

Conclusion & recapitulation

I’ll finish with some closing musings on single & multiple default gateway and getting/sending network traffic where it needs to go.

When you enter a gateway on the second, third and so on NIC next to the one on the first NIC you’ll get a warning:

—————————

Microsoft TCP/IP

—————————

Warning – Multiple default gateways are intended to provide redundancy to a single network (such as an intranet or the Internet). They will not function properly when the gateways are on two separate, disjoint networks (such as one on your intranet and one on the Internet). Do you want to save this configuration?

—————————

Yes No

—————————

This will not work reliable when you have multiple subnets. This is why you use static persistent routing entries. Depending on your needs you can also use forwarding or the weak host model and even combine those with static persistent routes if needed of desired. Now the above also means that if you have multiple NICs with IP addresses on the same subnet you can indeed enter a Default Gateway on all of them.

If you don’t have or cannot have a Default Gateway filled in you are left with two options. If you know what needs to go where you can add static routes, which is basically telling the NIC the IP of a gateway to send traffic to for a certain destination. This is assuming you can reach that IP and that the traffic is not from a source/ to a destination that has no route defined and firewall allow for it, etc.

If you have no route or you can’t specify one (i.e. you can’t predict where traffic will have to go) you have one other option left and that is to route the traffic via the NIC that does have a Default Gateway. This used to work out of the box on Windows 2003 and earlier, but it doesn’t work out of the box since Windows 2008 (R2). That is because by default NICs in Windows 2008(R2) operate in a strong host model. So it will not receive or send traffic destined for some other IP than itself or send traffic originating somewhere else than itself. For that you’ll need to set the NIC properties to weak host send and receive or you need to enable forwarding. Actually forwarding is disabled by default on Windows 2003 as well. The big difference is that Windows 2003 operates in a weak host manner (send/receive) as opposed to Windows 2008 (R2) strong host mode. By enabling forwarding we put the Windows 2008 server in weak host mode and as such it works (see RFC1122). On the internet you’ll find both solutions, but the link between the two is often never made. Using weak host receiving and weak host sending allows for more atomic, custom configurations than forwarding.

Contact me via the web site or leave a comment if you have any questions or suggestions.

Post Script / Side Note because someone asked J

Basically you can have multiple gateways on a server but only one default gateway. You can add more than one default gateway on the same NIC but then they will only be used when the default gateway filled out in is not available, it will then try the next one and so forth. You can add multiple gateways to a single NIC or one or more to multiple NICs but that can, get messy very quickly. Whether it is wise to provide gateway redundancy in such a manner is another discussion. See also KB article http://support.microsoft.com/kb/157025. Be mindful of the extra configurations you’ll need (Dead Gateway Detection). This is a rather uncommon scenario on a windows server. You can use it for redundancy or when you want the traffic to go to a certain default gateway instead of another when it is available (so separate traffic for example for cost or to reduce the traffic load).

And then there’s adding a default gateway that’s on another subnet than the IP address of the NIC. In that case you get this warning:


—————————

Microsoft TCP/IP

—————————

Warning – The default gateway is not on the same network segment (subnet) that is defined by the IP address and subnet mask. Do you want to save this configuration?

—————————

Yes No

—————————

All pretty cool stuff you can do to mess with peoples head and understanding of what’s going on (it can work if the router on the local subnet has a route the subnet where that default gateway lives and PROXY ARP is working … but we’re not going to turn this into a networking course or pretty soon we’ll be installing RRAS and turn the server into a router.

Windows 2008 R2 SP1 Beta Install Gone Wrong: Service Pack Installation failed with error code 0x800f0818

Posted on by
19

Today I was in the lab installing Windows 2088 R2 SP1 beta on the nodes of a test Hyper-V Live Migration Cluster. It went pretty well and quick on all nodes except for one. I got “An unknown error has occurred” and the details said Service Pack Installation failed with error code 0x800f0818. A quick search on the internet didn’t provide any applicable results.  Bummer. I really need all nodes on SP1 Beta. The CBS log didn’t reveal much either but the tool Microsoft advices to use when clicking on the link to get more information about the error helped out. The link sends you to http://windows.microsoft.com/en-gb/windows7/troubleshoot-problems-installing-service-pack and explains things to check, which is apart from anti virus tools and such inconsistencies in the Windows Servicing Store . It also points you towards the System Update Readiness Tool and provides a link http://windows.microsoft.com/en-GB/windows7/What-is-the-System-Update-Readiness-Tool. Click on the link to get more information on the use of it. Download the appropriate versions (in our case Windows 2008 R2 x64) and install the tool. This will check for any issues and repair them if possible. After that you can try to install SP1 beta again. But this didn’t work. What now? Well that tool creates a log named produced a log named CheckSUR.log  in the folder C:WindowsLogsCBS. This is something that is documented in http://support.microsoft.com/?kbid=947821 a KB titled “Description of the System Update Readiness Tool for Windows Vista, for Windows Server 2008, for Windows 7, and for Windows Server 2008 R2”

So we went to look for the log and yes it was there.

In that log file at C:WindowsLogsCBSCheckSUR.log I found the following warning:

=================================
Checking System Update Readiness.
Binary Version 6.1.7600.20667
Package Version 8.0
2010-07-17 12:40

Checking Windows Servicing Packages

Checking Package Manifests and Catalogs
(f)    CBS MUM Corrupt    0x00000000    servicingPackagesMicrosoft-Windows-FileServices-BPA-Package-MiniLP~31bf3856ad364e35~amd64~en-US~7.1.7600.16422.mum        Expected file name Microsoft-Windows-Rights-Management-Services~31bf3856ad364e35~amd64~~6.1.7600.16385.mum does not match the actual file name

Checking Package Watchlist

Checking Component Watchlist

Checking Packages

Checking Component Store

Summary:
Seconds executed: 371
Found 1 errors
CBS MUM Corrupt Total count: 1

Unavailable repair files:
servicingpackagesMicrosoft-Windows-FileServices-BPA-Package-MiniLP~31bf3856ad364e35~amd64~en-US~7.1.7600.16422.mum
servicingpackagesMicrosoft-Windows-FileServices-BPA-Package-MiniLP~31bf3856ad364e35~amd64~en-US~7.1.7600.16422.cat

Ah well we’ve dealt with issues like this before with Vista and Windows 2008 when files in the C:Windowswinsxs folder get corrupted. No sweat, especially since this is a lab and I have other servers available. The trick is to copy these from another Windows 2008 R2 server (those where a more recent version than the ones on the problematic server). Now to be able to do this you might need to take ownership of the folder and grant yourself full control so you can overwrite the files.

The default permissions on the Package folder.

An example of the default permissions of a file in the Package folder.

Afterwards you give ownership back to the original owner of the folder and files and take away your permissions to restore the original state of the server. The Local Administrator group is the default owner and the Trusted Installer is the one with Full Control permissions, so make sure that’s back in order.

But the main thing is using the System Update Readiness Tool and checking the log file resulted in me being able to find the root cause of the SP1 beta install issue and fix it. It’s a typical issue your see once with a service pack install. The solution is a bit convoluted and you need a good second machine to borrow the files from but in the end it’s not very complicated to fix.

So if you run into some issues during the Windows 2008 R2 SP1 Beta installation you know what to try so you to can enjoy testing Windows 2008 R2 SP1 just like me 🙂

Hyper-V 3 & Windows 8, Musings on Hypervisors & Crystal Ball Time

Posted on by
4

I think Microsoft sales might be getting a head ache by the ever increasing speed by which people are looking and long for features in the “vNext” version of their products whilst they are still just getting people to adopt the current releases but I like the insights and bits of information. It helps me plan better in the long term.

A lot of you, just like me, have been playing around with Hyper-V since the betas of Windows 2008. As I run Windows Server tweaked to act en look like a workstation I wanted to move my virtualization solution on the desktop to hyper-V as well. I use Windows server as a desktop because it allows me to install the server roles and features for quick testing, screen shot taking, managing the lab, etc. during writing and documenting.

Now a lot of you will have run into some performance issues on the host related to the video card, the GPU. Ben Armstrong mentioned it on his blog and wrote Knowledge Base article on it (http://support.microsoft.com/kb/961661). He later provided more insight into the cause of this behavior in the following blog post http://blogs.msdn.com/b/virtual_pc_guy/archive/2009/11/16/understanding-high-end-video-performance-issues-with-hyper-v.aspx it’s a good write up explaining why things are the way they are and why this cannot be “fixed” easily.

For me this was a bummer as I had a decent GPU on my workstation and I sometimes do need the advanced graphic capabilities of the card.

So when the first rumors of about “Windows 8” & “Hyper-V version 3” hit the internet I was very happy to see the mention of Hyper-V being used in Windows 8 as a client hyper-visor virtualization solution. See http://virtualization.info/en/news/2010/07/first-details-about-hyper-v-3-0-appear-online.html, this link was brought to my attention by Friea Berg from Netapp on twitter (@friea). Now there is more to it than just my tiny needs and wishes. Integration with App-V and other functionality that integration of Hyper-V in “MiniWin” can offer, but have a look at the link and follow the source links if you can read French.

The thing is that Hyper-V in the client would mean that they will have fixed this GPU performance issue by then. They have to; otherwise those plans can’t work. As the code bases of Windows client and server run parallel it should also be fixed on the server side. We’re used to more rich functionality in desktop virtualization by VMware Workstation en Virtual PC. Fixing this also makes sense in another way. Microsoft could be moving forward on one virtualization solution both on server and the desktop and gradually phasing out Virtual PC. They can opt to provide richer functionality with extra features that might be unnecessary or even undesirable on a server but is very handy on a workstation or on a lab server. This is all pure speculation (crystal ball time) by me but I’m pretty convinced this where things are heading.

Combine this that by the time “Windows 8” arrives most hardware in use will be much more capable of providing advanced virtualization features and enhancements and in all aspects, things are looking bright. So no I can dream of affordable 32 GB laptops with dual 8 core CPUs with a wicked high end GPU running Hyper-V.

By the way VMware is also working on similar ideas to provide a true hypervisor on the desktop I guess as they seem to be abandoning VMware Server (no enhancements, not fixes, etc.) and I can also imagine them making VMware Workstation as true hyper-Visor to reduce the product line development and support costs. Pure speculation, I know, especially since the confusing message around off line VDI but never underestimate the ability of a company tho change its mind when practical for them. 😉

Someone at SUN Oracle must be smiling at all of this, especially as Virtual Box is getting richer and richer with memory ballooning, hot add CPU capability (I like this and I want this in Hyper-V), etc. unless Microsoft and VMware totally succeed in making hosted virtualization a thing of the past. In the type 1 hypervisor space they are consolidating what they bought. Virtual Iron (Xen) was killed almost immediately and the SUN xVM Hypervisor is also dead. Both have been replaced by Oracle VM (Xen).

So as everyone seems to have good type 1 hypervisors that are ever improving it might become less and less a differentiator and more of a commodity that one day will be totally embedded in the hardware by Intel and AMD. The OS and software vendors then provide the management, high availability features and integration with their products. And if that is the evolution of things where does that leave KVM (Linux) in the long run? Probably the world is big enough for both types. For the moment both types seem to be doing fine.

As I said, all of this is musings and crystal ball time. Dreaming is allowed on sunny lazy Sunday afternoons. Open-mouthed