Ignite 2017 @ Orlando Day 4

Day 4:

Azure High Performance Networking

This was a very interesting session with lots of good info. It started of wit VNet integration of Azure Container Service and the ability to give an IP to a single container instead of sharing the IP with several containers.

VNet Service endpoints is also new which gives you the ability to deny internet access to VM’s but allow specific Azure services as Endpoint. So your VM’s can talk to Azure Services or Paas Services without you trying to figure out behind what IPs the endpoints are located and talking to the rest of the internet.

Then NSG’s got a bit less dumber then they were. The applied service tags to NSG’s. So what it means is that you can for example set a tag SQL Servers, or IIS Servers and make all IIS or SQL Servers being tagged by the policy. So you setup one rule with a tag SQL and all your SQL servers wil be bound to that NSG rule instead of creating several rules based on source IP’s of that SQL server.

Read more

VMM 2016 and Network Controller certificate Issue’s

Since near the end of last year I was blessed with some hardware to test al lot of new features and stuff of Windows Server 2016, System Center 2016 and Azure Stack. Last week I experienced an issue with my Network Controller VM’s. In the end it turned out to be more of a VMM issue I think. But I wanted to share this with the world in case somebody else experienced this issue and does google for nothing because there is nothing to find about this issue.

Problem

I did the network controller and SLB Mux setup several weeks ago and all was running fine while all of a sudden I couldn’t change stuff in VMM anymore. Almost every action I did triggered this error:

Error (21426)
Execution of :: on the configuration provider  failed. Detailed exception: Unable to connect to the network service. Check connection string and network connectivity. Execution of Microsoft.SystemCenter.NetworkService::OpenDeviceConnectionEx on the configuration provider 3e2875a7-5831-4fb2-b388-1672e1c20fee failed. Detailed exception: System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
Check the documentation for the configuration provider or contact the publisher support.
Unable to connect to the network service. Check connection string and network connectivity.

Recommended Action
Check the documentation for the configuration provider or contact the publisher support.

Troubleshooting

So I did a bunch of tests and troubleshooting

Read more

Hyper-V Virtual Switch Internal with NAT -Update-

This is a quick blog post to correct a “legacy blog” I made in January this year..

I haven’t been using any VM’s on my Surface for a long time, since then new Windows 10 builds have arrived. As Thomas Maurer discribes here things have changed.

If you were running the commands in my previous blog and have been using it you have come to the conclusion (I hope sooner as me 🙂 ) that the Nat VSwitch is gone and the VM’s depending on it have no network connection.

You can recreate it as internal VSwitch like this:


New-VMSwitch -Name VSwitch-NAT -SwitchType Internal
New-NetIPAddress –IPAddress 10.10.0.1 -PrefixLength -InterfaceAlias "vEthernet (VSwitch-NAT)"
New-NetNat –Name NATnetwork –InternalIPInterfaceAddressPrefix 10.10.0.0/24

But you will run in to an issue with the last command.

Read more

Hyper-V Virtual Switch Internal with NAT

—- UPDATE—- Be sure to check the updated blog for the powershell commands since it has changed in the newer Windows 10 and Windows Server 2016 builds

A will a go Microsoft released Windows Server 2016 TP4 and Windows 10 Build 10586. For Windows 10 it was all about nested virtualization that is a great feature which i use a lot with nano server and containers now days.

But another great feature came with that release that completely  slipped my attention and I stumbled on it exploring the New-VMSwitch powershell Cmdlets. Since that release you have the ability to set you Virtual Switch (VSwitch) not only to External, Internal and Private but also to a fourth option, which is NAT mode.

Let me explain, when you run some VM’s on your local laptop, tablet or test/dev server you probably created a Vswitch which is connected to your LAN or WIFI adapter for outside network acces or internet access. Or when you want them to talk to each other in there own subnet and you requier no internet access you have a VSwitch with a Internal Network connection type. But if you require the VM’s to have internet connection and want multiple subnets you need vlan’s.

Since not everybody has VLAN’s on a home network or you are located in a company network were you do not have controle over the network you cannot use the External Network type VSwitch to get al the VM’s on the internet or the rest of the network. Or when you are like me and are located in several different customer networks, IP’s change all the time when on DHCP or my VM’s need to change IP addresses all the time if i want to test somethings in VM’s.

All that is behind us now because we can create VSwitches for Internal Network and enable NAT on the VSwitch.

Read more

System Center 2016 VMM Logical Switch Improvements

Over the last month I had some time to play around with Windows Server 2016 TP3 and VMM 2016 TP3. There were some nice improvements in the logical switch section that makes our job a bit more easy.

Back in VMM 2012 R2 you could create a logical switch with uplink profiles and classifications that you can use for all hosts and then add the virtual switch per host. Then you also have to create all virtual nics also on a per host bases. That can be a lot of work and creates room for error and name mismatches.

Now in VMM 2016 you can create you’re VNic’s in the Logical Switch object.

Read more