Ran into an issue to day installing Server 2012 R2 from an ISO file onto a fresh/brand new VM.

"0xE0000100: "Windows installation encountered an unexpected error. Verify that the installation sources are accessible, and restart the installation."

A little Google-Fu fixed me right up. New VM’s only have 512 MB of “startup memory” and you need to set it to at least 1024 MB to allow the installation to proceed without error.

I had Dynamic Memory setup with a range of 512 MB to 8192 MB and thought I would be okay. Not so. Anyhow, I just statically gave it 4 Gb for the install and changed it around once the install was finished. That being said, I am keeping the startup memory at 1024 MB now for all Server 2008R2+ VM’s.

Cheers!

I love Hyper-V 3.0… particularly compared to earlier versions. It comes packed with some very nice new features, several of which are geared around the idea of thin deployment. One such feature is Dynamic Memory. Dynamic Memory allows you to set a base “Starting” amount of RAM for a server (say something low like 512 MB) and then also set a max amount it can take up (say 8 Gb). The idea is that you can over-provision RAM on a Host server and still be okay if the majority of your VM’s are usually just sitting their idle. Which in most cases they usually are. The problem is that on the client machine, if you are running Windows Task manager at least, you will almost always see 90 – 95% memory utilization and it will show whatever the max is that your server can scale to (say 8 GB).

This really threw me off recently. I had one VM that was misbehaving due to having the VHDX file on a slow share on a storage array. Initially, not knowing what was broken, I took a look at task manager on the VM (which was running Server 2012) and noted that it was showing nearly Maxed out RAM usage. Further investigation though showed that it couldn’t possibly be using more than 1 Gb (of the 8 Gb shown in task manager) at any one time.

After some further investigation I learned that this is common behavior on VM’s that are allocated memory dynamically and nothing to be concerned with. The VM today still has dynamic memory and still shows 95% usage pretty much all the time but runs just fine now that the VHDX file has been moved to faster storage. Anyhow, hope this helps someone else out!

The company I work for has some rather remote offices and we are in the process of virtualizing some of our infrastructure components, particularly our remote domain controllers. I have done a remote DC deployment in one of our other foreign offices and the replication of the Domain took quite a while. In that case, I didn’t realize I would be rebuilding a domain controller in virtual until after I showed up at the office. This time though I know what I am going into. So… the goal? Build the DC here as a Hyper-V VM, export it to an encrypted drive, take it with me, and re-import the VM to the new Hyper-V server I will be putting in on the other side. I realize I will need to make some DNS updates as the AD server’s IP will be changing but, based on what I have read, I think this should go pretty smoothly! Wish me luck!

I am not sure when OpenVPN added multi-factor support to their Access Server but I am thrilled that they did. It must have been recently (within the last few weeks or months) as I was using OpenVPN Access Server about 4 months ago as a temporary solution while my main solution was down and it did not have Multi-Factor built-in. All I have to say is, THANK YOU! (more…)

In a previous post I dealt with setting up an OpenVPN Community Edition server which is the free version of OpenVPN. I had initially hoped to use Authy for two-factor authentication in addition to LDAP but later found out that wasn’t going to work. So now I am looking at using DUO for two-factor authentication and OpenVPN Access Server.

Access Server is the “paid” version of OpenVPN and is significantly easier to install and configure vs. the open-source community edition. The two different products fulfill the same function and rely on the same technology to do so, but the underlying structure of Access Server is significantly different from the community edition.

Just to be clear, if you don’t need two-factor authentication, and don’t mind applying a bit of digital elbow grease, I highly recommend going with the community edition of OpenVPN as it is extremely scalable with no licensing fees. That being said, Access Server is decently economical, especially compared to putting in a hardware device like a Fortigate or Cyberroam UTM box.

This guide assumes you have an Ubuntu 13 box to work with, have full root access, know your way around the linux command-line, and have a basic understanding of networking concepts including VPN.

Let’s dive in!

Before you go any further, if you plan on using LDAP/Microsoft Active Directory, you need to make sure all of the proper ports are open between your Active Directory Domain Controller and your OpenVPN server. You can see which ports are needed for AD traffic here: What ports on the firewall should be open between Domain Controllers and Member Servers?

(more…)