Home > Uncategorized > VMware Template Deployments–Part 2: Working 2008 R2

VMware Template Deployments–Part 2: Working 2008 R2

In my previous post, I was having an issue modifying an existing template to accomodate VMXNET3 and PVSCSI drivers – and to get it to auto deploy using a Customization Wizard template.  They just weren’t showing up on the domain, and I wanted the automation to be working.  So we’re going to create a brand new template…..

Let’s start by creating our Virtual Machine Template.

In the vSphere Client, right click on your Datacenter and choose NEW VIRTUAL MACHINE:

image

Go with TYPICAL:

image

Give your VM Template a nice name – something like “TEMPLATE – Windows 2008 R2 x64 SP1”:

image

Pick your cluster:

image

Pick your resource pool:

image

Pick an appropriate storage location:

image

Ensure the OS version and type are correct:

image

Pick your network and NIC.  Remember we want VMXNET3:

image

Remember that the minimum requirements for Windows 2008 R2 are listed at 32GB.  This template will likely be < 10GB, but you’re going to need room for growth.  Set it as thin provisioned, as there is no point taking up more space than is needed for templates:

image

Let’s edit the virtual machine hardware before we complete:

image

The SCSI controller is set to the default of LSI Logic SAS:

image

Click Change Type:

image

And change it to VMware Paravirtual.  Click OK.

The CDROM is set to local.  Let’s give it a datastore based ISO:

image

Click DATASTORE ISO and BROWSE:

image

Browse to a datastore and folder that has the ISO you’re looking for and click OK.

Don’t forget to set it to “Connect at power on”

image

We’re going to need a floppy drive now. Click ADD in the hardware window:

image

Select Floppy Drive and click NEXT:

image

We want to “Use a physical floppy drive” – we’ll modify this in a bit. Click NEXT.

Click OK to save the VM.

image

If you have Storage DRS, you might get a recommendation on where to place the VM.  Accept it.

Right click on the VM and choose OPEN CONSOLE:

image

Click the green play button to turn on the VM:

image

Because there is no OS on the hard disk you’ve added, it will boot from the ISO by default:

image

While it is doing this, click on VM –> EDIT SETTINGS.  We’ve been here before, but what we need to do wasn’t present yet.

image

Now we want to give the Floppy Drive 1 an image to use.  First check off CONNECTED and CONNECT AT POWER ON.  Then select “Use existing floppy image in datastore” and click BROWSE.

image

When you see your list of datastores, there is also a folder present called “vmimages”.  This is hosted on the vCenter Server as I understand it, and is the floppy disk images with your F6 based storage drivers – which is what we’re looking for.  Click on VMIMAGES.

image

Floppies:

image

Select pvscsi-Windows2008.flp, and click OK:

image

And click OK to exit the VM Settings.

By now, Windows has started loading from the ISO:

image

Click NEXT

image

Click INSTALL NOW.

image

Select your version.  I’m going to suggest Windows Server 2008 R2 Enterprise.  This version (Enterprise) allows for Hot-Add of CPU and RAM and is also needed for various clustering, PKI, etc.  Most virtualization shops are likely licencing using Enterprise for 4 OSE (Operating System Environments) or Data Center for unlimited, as long as you have enough Data Center licences per socket of the host.  Thus, it just makes sense to go with Enterprise all the time.  If you need Standard, it is easy enough to change the edition live, and this will keep your templates matching rather than having two parallel templates.

image

Accept the licence agreement and click NEXT.

image

It really doesn’t matter what you pick, there is no existing OS.  Click CUSTOM

image

What?  No hard disk?  Ah, right, the “F6 Floppy”.  Click “Load Driver”

image

Click OK to let it search.

image

Click NEXT

image

Excellent – the 40GB Hard Disk we expected.  Click NEXT and it will use it all for the C: drive.

image

Now let Windows install…..

image

Change the password when prompted, after the reboot.

image

Press OK.  Let it finish up the install.

image

Now we can’t do much here, because we have no networking.  We need to install VMware Tools in order to get the driver for the VMXNET3 adapter.  Click VM –> GUEST –> INSTALL VMWARE TOOLS:

image

image

Isn’t that what I said?

image

We want to “Run Setup64.exe”

image

 

clip_image001

Pick CUSTOM

clip_image002

Unselect SHARED FOLDERS

clip_image003

Restart, of course

Now is a good time to boot to the VMware BIOS and remove some devices. Either press ESCAPE to enter the boot menu, or EDIT -> VM SETTINGS -> OPTIONS tab -> BOOT option -> check FORCE BIOS SETUP (The next time the virtual machine boots, force entry into the BIOS screen).

clip_image004

Other options to check while you are in here:

clip_image005

OPTIONS tab -> VMware Tools -> ADVANCED -> check “Check and upgrade Tools during power cycling”. This will help automate the keeping of your VMware Tools up to date. Do NOT select “Synchronize guest time with host”. While it sounds like a good idea, your VM’s should all be synchronizing to a Domain Controller and IT should be synchronizing to an NTP server. Most likely your hosts are either using the DC or the same external NTP server anyway, but…. Keep things simple, synchronize time with your DC.

clip_image006

On the OPTIONS tab -> ADVANCED -> MEMORY/CPU HOTPLUG, set the “Enable CPU/memory hot add for this virtual machine”. We’re deploying Windows 2008 R2 Enterprise which supports Hot Add, and this is a nice feature to have.

clip_image007

Under OPTIONS tab -> ADVANCED -> CPU/MMU VIRTUALIZATION are the options you might need to set if you want to do nested hypervisors. This would let you run HyperV on this VM, on top of ESXi. Automatic should suffice for most cases, but in case you are trying this later, this is the place you want to know about.

clip_image008

Let’s click REMOVE on that Floppy Disk – we’re not going to be needing it again. Remove the files from disk too.

clip_image009

Let’s set the CD/DVD drive to “client device” which disconnects the ISO and sets it to idle.

Now that we’ve booted, it will enter the BIOS.

clip_image010

Press the RIGHT ARROW to move to ADVANCED and then the DOWN ARROW to I/O DEVICE CONFIGURATION and hit ENTER.

clip_image011

You’re going to see something similar to the above, all set to AUTO or ENABLED. Let’s disable all of these legacy devices.

clip_image012

Much better. Press ESCAPE to go back a screen.

clip_image013

You MAY want to RIGHT ARROW over to the BOOT menu and change the CDROM to be the first device. This is entirely administrator preferences. Sometimes it can be hard to hit the ESCAPE key during the very quick boot sequence to select the CDROM and this avoids having to come into the BIOS and change it one time only. Leaving it this way will probably introduce a very small delay in booting, and/or may cause issues if you forget to disconnect an ISO. To which I say – never forget to disconnect an ISO!

clip_image014

So let’s EXIT and SAVE CHANGES and boot the VM up.

Let’s start by opening Server Manager. We need to adjust some basic settings:

clip_image015

NOTE: We’re assuming there is a DHCP server in this environment, so the template can get an IP via DHCP. If there is not, then you should configure the network connections appropriately to get a static network address for most of the rest to work at all.

Set the REMOTE DESKTOP to Enabled and SERVER MANAGER REMOTE MANAGEMENT. There are two links over to the right.

CONFIGURE REMOTE DESKTOP:

clip_image016

Because we’ve selected ALLOW CONNECTIONS, it is telling us it will set a Firewall Exception. Click OK on both windows. Yes, I am not choosing to use NLA which is more secure, but every environment I’ve seen does not use it.

CONFIGURE SERVER MANAGER REMOTE MANAGEMENT:

clip_image017

Check the box and click OK.

Click CHANGE SYSTEM PROPERTIES as well. Then click the ADVANCED tab. In the PERFORMANCE, click the SETTINGS button:

clip_image018

This is a server, and a VM. We really don’t care about fancy appearances. Set this to ADJUST FOR BEST PERFORMANCE and click OK twice.

Let’s move on to the SECURITY INFORMATION section. You can click the UP arrow next to COMPUTER INFORMATION and it will slide closed:

clip_image019

First, let’s turn of the IE ESC for Administrators. Yes, we should not be web browsing from servers, but dear god there is something to be said about functionality.

clip_image020

Just turn it off for Administrators, but leave it on for Users. Click OK

Click on CONFIGURE UPDATES:

clip_image021

Click on LET ME CHOOSE to get some additional options.

clip_image022

I like to have the updates installed automatically at 5:00AM which is not quite the middle of the night, but still early enough to be before users come in. I also take the Recommended Updates, and anyone on the server can install them. For those that don’t like Windows Updates to occur automatically – set this in the GPO settings for your domain, rather than the template. This will ensure a non-domain joined template deployment will still go and patch itself, and if you have GPO’s with WSUS, etc, those will take precedence and override these options anyway.

Click OK.

If you click CONFIGURE UPDATES again, you’ll be taken to the Windows Update screen, as the first time wizard has now been run:

clip_image023

While it is scanning, let’s go ahead and click on the “FIND OUT MORE” beside “Get updates for other Microsoft products” – we DO want to patch SQL, Exchange, etc, right?

clip_image024

IE will open and show you the Microsoft Update page. Click “I agree…..” and click INSTALL

clip_image025

And now it takes you back to where it is checking for updates. Let this run for a bit, it will take a while.

clip_image026

So let’s “roll up” the SECURITY INFORMATION section, so we can see the ROLES and FEATURES. Generically we don’t want to add much here. But SNMP and WMI might be wise. So let’s click on ADD FEATURES.

clip_image027

Click on SNMP Services, and it will auto select the SNMP Service and SNMP WMI Provider as well. Click NEXT.

clip_image028

Yes, that looks good. Click INSTALL.

clip_image029

And then click CLOSE

Let’s go back and check on that Windows Update scan:

clip_image030

Well that’s not so bad J Click on “4 optional updates” so we can review, and select the optional ones.

clip_image031

Now, some like Microsoft Silverlight, you may not want. You can right click on them and choose “Hide this update”. This will ensure that your clones of this template won’t see this option either unless you un-hide it. This again is Administrator Preference. If you click on the box next to NAME, it will “Select All”

clip_image032

Check your IMPORTANT list too – there often is a few that are unchecked by default. Click OK.

You’re now back at the screen showing you the IMPORTANT and OPTIONAL items, and the INSTALL UPDATES button. Click this and answer “I accept….” To any of the next few pop ups, depending on what updates are listed:

clip_image033

You can see at the top “(1 of 2)” which tells you how many screens to expect. Click “I accept” and click NEXT until it starts downloading.

clip_image034

There you go – this part will take a while. Let it run. Don’t forget after you reboot, to do this again. There likely are patches and hotfixes for the patches and hotfixes you just installed as pre-requisites. Keep doing this until you get no more patches and updates.

clip_image035

Remember to come back and check on this from time to time, as it’s going to prompt you at least once, for at least IE9. You’ll want to click INSTALL and go back to your other customizing.

While that’s running, let’s do some customization.

Click START, RUN, and run “services.msc” to open the Services Console

clip_image036

clip_image037

Find the SNMP Service and double click. You configure the SNMP settings from the Services Console, rather than the Control Panel or somewhere else that makes any sense.

If you only want the system to be POLLED by SNMP, then you click on the SECURITY tab.

clip_image038

Click ADD under ACCEPTED COMMUNITY NAMES (obscured here) and add your company SNMP Read Only community name. Note that this is like a password, so the world probably shouldn’t know what it is. I use NW_PUBLIC vs PUBLIC.

On the bottom, select “Accept SNMP packets from any host” if you want anything to be able to poll, or click ADD/EDIT to create a list of known management hosts. You can set this via GPO as well, so you may not need to do too much here if you KNOW you are doing it later. Click OK and then restart the service.

Back in Server Manager, expand STORAGE and then DISK MANAGEMENT. Personally, I despise having the optical drive as D:, so I set it to Z: or something very far down level. Also if I was to make a partition/volume just for the swap file, I might make it X: or Y:

clip_image039

clip_image040

Click CHANGE

clip_image041

Pick the new drive letter and click OK.

clip_image042

Yes, we’re fine with that. Click YES.

Let’s take this chance to customize IE a bit. Open Internet Explorer and click on TOOLS –> OPTIONS:

clip_image043

Let’s go ahead and click “USE BLANK” – we don’t need to see the Windows internal stuff. Click on “Delete browsing history on exit” – we don’t need to save this.

Click on SETTINGS in Search. I’m not going to cover this in detail but I would suggest:

· Adding Google as your search provider – no one uses Bing.

· Remove all Bing search and add-ons – do you really need the Blog add-on in your server? Or the mapping features?

· Remove all other accelerators or toolbars.

Click OK to close the settings box.

Let’s modify some typical Explorer preferences. Open Explorer and click TOOLS -> FOLDER OPTIONS:

clip_image044

Pesonally, I HATE having each folder open in a new window, especially as I browse through a folder path – and end up with 20 open windows. I find single-click to open too touchy. I like the Navigation Pane to show all the folders, and expand to my current one. Click APPLY and click on the VIEW tab.

clip_image045

I like to see hidden files, and extensions. Call me old, but it’s what I like. Click OK.

While Explorer is still open, right click on the C: drive and choose PROPERTIES:

clip_image046

clip_image047

There is no good reason to index C: – especially when you might have dozens of VM’s on the same storage, this isn’t a great idea for optimizing IO. Click OK. However, if you want to configure Shadow Copies in the template, you could do so now.

clip_image048

You’ll get prompted to apply these changes for the indexing. Click OK.

Let’s customize the Task Bar now. Right click on it and choose PROPERTIES.

clip_image049

I like to set it to Auto-Hide and Use Small Icons. Click OK.

Once you’ve verified all your Windows Updates are done, and especially 2008 R2 SP1 is installed, you’re going to want to install HotFix 2550978from MS to address the VMXNET3 adapter getting detected as new on clone and showing up as “Local Area Connection #2”.   There’s not much to document there:

  • Go to the link.
  • Request the HotFix be e-mailed to you
  • Download from the link in your e-mail
  • Apply the HotFix and reboot.

Next, clean up the local system a little.  Places you’re going to want to look:

  • %TEMP% – but this will be specific to the user profile you are logged in with
  • C:\WINDOWS\TEMP – obvious
  • C:\RECYCLED
  • C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOADS – this is where Windows Updates stores all of its downloads before it installs them.  This is not where it keeps them if you want to do an uninstall.  So this is very safe to purge, I do so regularly.

Also, if you had to install SP1 or it was slipstreamed, either way it might be good to reclaim the space used by the installer.  Specifically you want to run: dism /online /cleanup-image /spsuperseded

image

At this point, you have:

  • A Windows 2008 R2 x64 Enterprise installation
  • You’re using PVSCSI and VMXNET3 drivers
  • You’ve removed various legacy hardware via the BIOS
  • You’ve customized the VMware hardware itself (ie: Hot-Add, VT-x/VT-d virtualization, etc)
  • All your patches are current and up to date
  • SNMP and WMI are installed and configured
  • IE is optimized a bit
  • VMware Tools are installed

I’m going to pause this post at this point.  From here you can:

  • Shutdown the VM
  • Right click and “Convert to Template”
  • Right click on the template and “Deploy Virtual Machine from Template”
  • Select a Deployment Customization to join the domain, set the IP address, etc.

There are some caveats yet.  Some commands just don’t get retained through the SysPrep process that VMware runs on the image to deploy it.  So you need to run those as “Run Once” options at the end.  Or as part of a first run login script.  Or modify an Unattend.XML file, etc.  I’m going to cover those in another post.

Various RunOnce commands that don’t survive a SysPrep:

rem ****************************************
rem Disable automatic updates (does not survive sysprep)
rem ****************************************
reg add “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update” /v AUOptions /t REG_DWORD /d 1 /

rem ****************************************
rem Set your product key, required for activation
rem ****************************************
start /w slmgr.vbs -ipk <YOUR PRODUCT KEY HERE>

rem ****************************************
rem Activate Windows
rem ****************************************
start /w slmgr.vbs -ato

rem ****************************************
rem Set bootmenu timeout to 5 seconds (does not survive sysprep)
rem ****************************************
bootcfg /timeout 5

rem ****************************************
rem Turn off Hibernation (does not survive sysprep)
rem ****************************************
powercfg.exe -h off

Advertisements
Categories: Uncategorized
  1. Tim
    August 20, 2012 at 10:59 AM

    Thanks for writing this guide – it’s helped me out a lot! I followed the guide very closely, but some of my customizations aren’t sticking. Specifically all the changes to the ‘System Properties’ section (Best performance instead of Let Windows Choose), and the Show Hidden Files/Hide Extensions for Known Types, etc. in the Folder Options.

    Anyone else having a similar problem? I’d love to have a perfect template I don’t need to make changes to post-rollout!

    • Tim
      August 20, 2012 at 11:13 AM

      Just a follow up on my first note – it appears that all the things I’m complaining about can be fixed by copying the Administrator profile over. It seems like I’d have to manually sysprep myself first and NOT use the VMware Deployment Customization…which I really don’t want to do.

      The only part that concerns me is the System Properties -> Best Performance section. I cannot find a GPO that will do this for me. Since we want to avoid manually sysprepping before we make a template, is there a way around this?

      • September 6, 2012 at 11:43 PM

        Tim:

        I do recall on a few of the sites I was either researching from and or linked to, that there was the type of issue you describe. There are a number of features and setting that don’t survive the SysPrep process. I understand this to be true whether we do the SysPrep manually or vSphere does it. The solution is to add these as VBS/REG/BAT/PS scripts that run as part of your “post-install” process or as part of your GPO. I might suggest that as a computer based startup script would be appropriate, so that if another admin modified the settings, they would always get reset at some point.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: