Sunday, August 5, 2018

Setting up Hyper-V Server 2016 as Host

Setting up Hyper-V Server 2016 as Host, and connecting a Client computer with Hyper-V Manager in Windows 10

Scenario: You want to use Hyper-V Manager, with a Windows 10 Pro client computer, to connect with to Windows Hyper-V Server 2016, which is a Workgroup computer (non-domain joined).

HOST Server
- A bootable USB with a Hyper-V Server 2016 ISO Image. You can download it for free from here.
- Target computer to be your Hyper-V Server.
- One (1) Terabyte of storage disk space. This very much depends on what you want to do with your server, though we will assume you want to use it for Virtual Machines.
- Minimum 4GB RAM (assuming you are going for Virtual Machines, though even then recommended at least 8GB).
- Network connection to server.
- Keyboard and mouse plugged into your server computer.

CLIENT Computer
- Windows Pro or Enterprise (to access Hyper-V).
- Administrator privileges on your target client user.
- Network connection to server (WIFI OK).

Setting up Host Server computer
1. Boot your server computer with your bootable USB plugged in, and select from the initial screen, to go to the Boot Menu (sometimes F11 or F12, depending on your computer).

2. Select to boot from your USB ISO, to begin the install for Windows Hyper-V Server 2016.

3. You will see a message: Press any key to boot from CD or DVD. Press any key (such as enter).

4. The Install Microsoft Hyper-V Server Wizard will begin, where you will need to provide the Language to install, your Time and currency format, and your preferred Keyboard or input method; click Next when you are done:

5. Setup will begin (with a Setup is starting message), then you will be prompted to agree to the licensing terms by checking the checkbox and clicking Next.

6. For the purpose of this tutorial, we are setting up the server for the first time (rather than upgrading), so on the next window, select the selection Custom: Install the newer version of Hyper-V Server only (advanced).

7. On the next window, you will need to choose which Drive you wish to install onto. If you have multiple drives, you will need to select one to be the primary drive.

8. If your drive is NOT empty, now is the time to Format it: do this by selecting it within the inner window and click the Format button. Be aware, you will only need about eighty (80) gigabytes for Hyper-V Server 2016 to run well, so consider creating a new partition of this size, and selecting that.

9. With your drive ready to go, click Next. Hypervisor will be installed locally, which may take some time (10-30 minutes, depending on your computers power). Once finished, the server will reboot and load hypervisor for the first time:

10. Upon rebooting, the Hyper-V Server will scan available hardware and load Windows drivers.

11. When it is all ready, you will be prompted to set an Administrator password. Use the arrow keys to navigate to OK, and then press the enter key to continue.

12. Type your new password; it needs to have a level of complexity, so try lower and upper case letters, numbers, and a special character (!@#$%^&()?/_). This suggestion is for your security too, so set something reasonably strong. Press enter once done.

13. You will be prompted that your password has been changed, once you have set it well. Press the enter key on OK, to continue:

14. Two screens will be loaded: Server Configuration and a CLI (behind it):

a. Server Configuration screen (blue):
i. This screen allows the administrator to make changes to the most common and necessary settings to ensure the server runs properly.
ii. Make changes by entering the corresponding number next to the setting you wish to modify. You will then be prompted to enter the change to be made. Depending on the change, a reboot may be triggered, which you must do now or postpone.

b. Command-line interface (CLI) (black):

i. Once you have exited the Server Configuration screen, you will be taken to the CLI screen. You can load PowerShell from here, and also load back into the Server Configuration screen:
- PowerShell: powershell.
-Server Config: C:\Windows\System32\Sconfig.cmd

15. You must now enable Hyper-V Server remote management. This is accomplished through using the Server Config screen:
a. Type: 4, and press enter. This will open the settings for Remote Management.
b. Type: 1, to open config for Remote Management.
c. Type: E, and press enter, to enable Remote Management.
d. Also within Remote Management, type: 3, to enable Remote Ping. Click Yes, when prompted.
e. Navigate back to Server Config.
f. Next, type: 7, and press enter. This will open the settings for Remote Desktop.
g. Type: E, and press enter.
h. Then type: 1. This will enable remote desktop (you will get a prompt) about the level of security. For this example, we are using more secure, though choose what suits your setup.
i. A reboot may be required.

16. Once rebooted, open the hypervisor again (Ctrl + Alt + Del). Then, type: 14, to exit to command-line (CLI).

17. Within the CLI, type: powershell, and press the enter key.

18. PowerShell will begin within the CLI (you will be able to see this, as Windows PowerShell will be printed as a message, before providing the cursor back to you).

19. Type: Enable-PSRemoting, and press the enter key.

20. Type: Enable-WSManCredSSP -Role server, and press the enter key.

21. Type: Y, and press the enter key, to accept the CredSSP Authentication message.

22. The server (Host) is now configured, and able to be pinged from another computer on the network.

23. Then, type: Set-NetFirewallRule -DisplayGroup 'Windows Management Instrumentation (WMI)' -Enabled true -PassThru, and press the enter key.

24. After, type: Set-NetFirewallRule -DisplayGroup 'Remote Event Log Management' -Enabled true -PassThru, and press the enter key.

25. The next command will allow other computers to access your Host server drive (important when install you ISOs). It is recommended, that once you have copied your ISOs to the local drive, to disable this.

- Type: netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes
- To later disable this, type: netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=No

26. Last, you need the IP Address of the server, and to note down your server FQDN (also known as your fully qualified domain name:
- Navigate back to the Server Config screen, by typing: sconfig and pressing the enter key.
- Type: 8 in Sever Config, and press the enter key, to open the Network Settings section, and note down your IP Address and the server name (FQDN); you can edit the server name from Server Config also, just ensure you note it down, and reboot after the update.

Setting up Client computer
1. Open PowerShell as Admin (Windows Key + X, then A).

2. Activate Hyper-V on client computer; in PowerShell: Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All. If you have any issues, check PowerShell is open as Administrator.

3. Edit the hosts file, to add your server's IP Address and FQDN.
a. Type: notepad C:\Windows\System32\drivers\etc\hosts, and press the enter key, to open the hosts file within Notepad.
b. At the bottom of the file, tab across, then add your IP Address, press tab again, and add your FQDN (server Name).
c. Save the file.

d. In PowerShell, type: Enable-PSRemoting -SkipNetworkProfileCheck.
- The above parameter is added, so that you do not need to go through your computer, changing all your networks to Private or Domain. Though, be aware, that the above setting means that only connections on the same subnet as your computer, will be able to connect (which is fine, in this case, as the server Host is on the same network).
e. Next, within PowerShell, Type: gpedit and press the enter key. The Local Group Policy Editor will open, where you need to update a setting:

a. Navigate through: Computer Configuration > Administrative Templates > System > Credentials Delegation.
b. Click Credentials Delegation, and in the window to the right, find Allow delegating fresh credentials with NTLM-only server authentication. Double-click to open.
c. Change the configuration to Enabled, by clicking it. Then, within the Options box below that, click the newly enabled Show... button.
d. The Show Contents popup window will open. Click the first row, second column, under the Value header, and type: wsman/host-server-fqdn (i.e. wsman/SERV01). Ensure that you place "wsman/" before the Host name.
e. Click OK on the Show Content Window, and then lastly click Apply on the Allow delegating fresh credentials with NTLM-only server authentication window. Make sure to leave gpedit open for the next step.

6. With gpedit still open, you also need to set the Encryption Oracle Remediation:
a. Navigate through: Computer Configuration > Administrative Templates > System > Credentials Delegation > Encryption Oracle Remediation.
b. It will likely be set as Not configured. Update this to Enabled.
c. Once enabled, within the Options box below, click the Protection Level drop-down box, and update it to Vulnerable.
d. Click Apply once set, and then OK.

7. Within PowerShell, once again, type: Set-Item WSMan:\localhost\Client\TrustedHosts -Value "FQDN" (change FQDN with your Host name). Press the enter key, and a dialog box will prompt.

8. Type: Y when prompted to modify the TrustedHosts list, then press the enter key, to accept.

9. Type: Enable-WSManCredSSP -Role client -DelegateComputer "FQDN" (change FQDN with your Host name). Press the enter key, and a dialog box will prompt.

10. Type: Y when prompted to enable CredSSP authentication, then press the enter key, to accept.

11. Type: MOFCOMP %SYSTEMROOT%\System32\WindowsVirtualization.V2.mof, and press the enter key, to accept parsing the Virtualization (V2) file, using the MOF compiler.

12. Add the remote login next, by typing: cmdkey /add:FQDN /user:Administrator /pass:p@ssword1, (where you need to change FQDN with your Host server name, provide your user name - probably Administrator - and then provide your password for that user). Press the enter key to register the login information, which is necessary to connect with the Hyper-V Server.

13. As an additional OPTIONAL step, to help you copy your ISOs to your server Host, map the Host drive to your client computer, by typing: Net use \\FQDN\c$. Be aware, 'c$' here, denotes the main drive of the server. This may vary, depending on your set up.

14. Open Hyper-V Manager, and click the Hyper-V Manager text, located in the left-side panel, to select it.

15. With that selected, the far-right panel will provide the option to Connect to Server...: click this, and a popup window called Select Computer will appear.

16. With the Another Computer: radio button selected, type in the FQDN of your Host server, and press the enter key. You should NOT tick Connect as another user.

It is possible to completely automate the above, client computer, setup for PowerShell, so the next worthwhile step for you to take, is to create that. Though, keep in mind that any edits to the registry need you to reboot your client computer, to take effect.

nsquared solutions

No comments: