Installing SQL 2008 R2 on 2008 R2 Server Core

Following on from previous posts on a similar theme, I wanted to make a quick note of how SQL 2008 R2 is installed on a 2008 R2 Server Core VM.

SQL 2008 R2 has a number of feature dependencies that must be present before an installation can take place. Assuming that you’ve deployed your VM, given it some network settings and joined it to your domain (if you want) then there are three further things you need to address to get SQL installed.

The first is adding some disk space to the VM. If, like me, you deploy Windows server VMs with a reasonable 40Gb of C: drive space you’ll need to add something to have enough room for SQL and some databases. I like to keep databases and log files on separate drives to the main OS so I tend to add extra disks to the VM. I’ve covered that off in a previous post.

Next up – those pesky dependencies. You could do this remotely with Server Manager running on another machine somewhere or you could just use the command line. Hint: if you’ve got the commands written down somewhere then the command line is so much quicker. Just RDP to your 2008 R2 Server Core VM and paste the following into the command prompt:

[text]dism /online /enable-feature /featurename:NetFx2-ServerCore
dism /online /enable-feature /featurename:NetFx3-ServerCore
dism /online /enable-feature /featurename:NetFx2-ServerCore-WOW64
dism /online /enable-feature /featurename:NetFx3-ServerCore-WOW64
dism /online /enable-feature /featurename:IIS-WebServerRole
dism /online /enable-feature /featurename:IIS-ISAPIFilter
dism /online /enable-feature /featurename:IIS-ISAPIExtensions
dism /online /enable-feature /featurename:IIS-NetFxExtensibility
dism /online /enable-feature /featurename:IIS-ASPNET[/text]

The final stage is installing SQL itself. Simply mount the DVD ISO and run setup! Note though that I think SQL 2008 may not be supported on Server 2008 Core versions. SQL 2012 seems to be but I haven’t played with that yet.


Adding disks to 2008 R2 Server Core VMs

In a lab environment, sometimes anything can go. Solutions aren’t always standards compliant or don’t always follow best / sensible practices. One that I can’t shake off though is using separate drives in my VMs for operating systems and data. It’s too ingrained.

Given my new found penchant for using Windows 2008 R2 Server Core for VMs in my lab though I hit a little niggle that I thought I ought to note down for when I inevitably forget about it.

When deploying a VM from a template for a specific purpose, it’s natural to add extra disks to it. In the normal version of windows, using the DiskManagement snapin to bring the disk online automatically makes it read-write as well. In Server Core, you can’t use the snapin locally. Firewalls permitting, you should be able to use it remotely (via RSAT tools installed on another machine) but if you’re in a hurry and comfortable with DISKPART then you might be tempted to use that. And that’s where the niggle is.

In DISKPART when you online a new disk, it changes the disk’s state but not whether it is read-only or read-write. And you can’t create a partition on a readonly disk!

So, what do you do? It’s just a couple of extra steps really.

1. In the command prompt window on the VM’s console, start up DISKPART.

2. First, list the disks present on the VM:

You notice that Disk 1 is 100% free but Offline.

3. Next we select that disk and then turn it Online.

If you tried to create a partition now you’d get a fairly non-specific error.

4. Look at the disk’s detail and you see why though.

“Current Read-only State: Yes”, not the clearest way of saying it but the disk is read-only at present.

5. To make the disk writable you need only type ATTRIBUTE DISK CLEAR READONLY.

Now you can create a partition as you normally would.

Job done.


Installing VMtools on Windows 2008 Server Core

Not having a full GUI to use, it can sometimes be difficult to install software on Windows 2008 Server Core machines. You need to get used to scripted installations, software distribution methods and / or silent installs.

If you’ve gone as far as initiating the tools installation for a VM you could be forgiven for wondering what the heck you’re going to do next. The install doesn’t autorun (Windows Explorer does this normally but Windows Explorer isn’t there). Even if you run setup64.exe manually it won’t help.

If you run setup64.exe /? though you get a little bit of help.

A typical (and silent) install of VMtools can therefore be performed by running:

[text]setup64.exe /s /v /qn[/text]

The VM will automatically reboot though, just so you know…

Note: Jonathan Medd has a very similar (and excellent) post about installing VMtools on Windows Server 8 Beta.


Windows 7 Printer Sharing with a Mac

For quite some time I had my home printer connected to a USB port on one of my ESXi hosts. To save a bit of memory I doubled up my home lab’s AD domain controller as a print server. I did this because the only other non-virtual computer at home capable of printer sharing was running Windows 7 and for some reason I could not get my Mac to work properly with the printer when it was shared from that. (Authentication would fail when trying to connect to it via SMB.)

The downside of this arrangement though was that my AD VM was tied to that single ESXi host. I couldn’t vMotion it without losing the printing functionality – something that my wife quite rightly complained to me about on several occasions! Obviously I should probably just get a new wireless printer and solve the problem that way. Believe me it’s tempting but I so rarely print that it seems slightly wasteful whilst the old printer still works and I was also determined to make it work and bend it to my will.

Finally I did some digging and found a way to make it work. The printer is now shared from the Windows 7 desktop and usable by me and my Mac, my wife from her laptop and the children from the PC itself.

How? Like this…

On the PC:

1. Open The Control Panel.

2. Select “Programs and Features”.

3. Click the link to “Turn Windows Features on of off”.

4. Under “Print and Document Services” enable the “LPD Print Service”. Click “OK”.

5. Finally share your Windows printer as normal.

On the Mac:

1. Open System Preferences

2. Open “Print & Fax”.

3. Click the little “+” icon to add a new printer.

4. In the “Add Printer” dialog select the “Advanced” section.

  • Select “LPD/LPR Host or Printer” as the type.
  • In the “URL” field enter the URL in the format lpd://ipaddressorhostname/printersharename
  • Give the printer a suitable name.

5. Select a driver by selecting “Select Printer Software” from the “Print Using” dropdown (note that I have CUPS+Gutenprint drivers installed to give me a wider selection of drivers).

6. Finally “Add” your chosen printer.

It should be noted that this solution of course requires that the PC be on for printing to be possible. Most of the time the one that I am using is asleep or hibernated and I just give it a poke with a WOL packet generated from a local webpage when I need to print. It’s not like I do a lot of printing anyway.


Fixing “HostDatastoreSystem.QueryVmfsDatastoreCreateOptions” Issue

Having recently made a right old mess of my home lab, I set about building it from scratch over the weekend. Having installed some nice, fresh builds of ESXi 5.0 I started adding in my SATA disks and began to create VMFS datastores on the hosts.

The first one worked ok. The second one didn’t for some reason. I got an error part way through the “Add Storage” wizard. The error stack wasn’t too helpful:

Call “HostDatastoreSystem.QueryVmfsDatastoreCreateOptions” for object “datastoreSystem-9” on vCenter Server “svr-vcenter.vspecialist.co.uk” failed.

Continue Reading


vCenter Orchestrator Silent Install

Article by Michael Poore (@mpoore)

Is it possible to install vCO on a Windows server silently? Yes.

If you have the EXE file (DVDDrive:vCenter-ServervCOvCenterOrchestrator.exe) available on the server then installing is as simple as:

[text]D:vCenter-ServervCO>vCenterOrchestrator.exe -i silent[/text]

It takes a few seconds to complete but at the end of it the vCO Configuration service is present and running:

Of course that’s just installing vCO, it’s not configured – that’s still to be done (see my earlier article on configuring vCO).

So, what’s the point of doing such an install then? Where’s the benefit? If you look at vCO’s Configuration Maximums it’s not entirely obvious is it?

Item Maximum
Connected vCenter Server systems 10
Connected ESX/ESXi servers 300
Connected virtual machines spread over vCenter Server systems 15000
Concurrent running workflows 150

You’d need a very large environment to *need* more than one vCO server let alone to need a method of automatically deploying them. Either that or a very particular use case.


Install vCenter Orchestrator on a Dedicated Server

Article by Michael Poore (@mpoore)

The binaries for vCenter Orchestrator (vCO) come bundled alongside vCenter Server and are installed by default when vCenter is installed. But what if, and it’s probably a better practice, you want to install vCO on a separate server to vCenter. How’s that done?

Before running through that, first let’s cover requirements. vCO server components must be installed on a 64-bit Windows OS. The client component can happily sit on 32-bit. The minimum recommended RAM is 4GB but in a lab or non-production environment you can get away with less depending on if the database is co-located or not. Continue Reading


Configuring vCenter Orchestrator

Article by Michael Poore (@mpoore)

vCenter Orchestrator (vCO) is a no charge extra for vCenter Server owners. In fact the binaries are installed alongside vCenter Server itself.

This post covers what you need to configure vCO and start to use it. It’s based on the GA release of vCenter 5.0. (Of course I should point out that other orchestration products are available.) Continue Reading


Creating VLANs in DD-WRT (Part 3)

In the second part of this post I completed the setup of VLANs on my WNR3500L router. To make them available to hosts (and VMs) I now have to configure my Cisco SLM2008 switches.

Fortunately that turns out to be fairly simple. The SLM 2008 has a web-based GUI that does the job nicely. Once logged in it’s a matter of opening the VLAN >> VLAN Settings page. Then just tap in the VLAN ID that you want to create and click “Add”.

This then drops you into an additional page where you choose which ports to associate the VLAN with. I picked all of the ports on this switch (where my ESX hosts are located). Then I clicked “Save”.

It’s just then a case of repeating for the other VLANs that are required. And that’s the switches done. The default configuration of them doesn’t require any further tweaking.

Within vSphere, the configuration required should be obvious. Here’s a screenshot from my ESX host with a portgroup called “Test” defined.

It has a VLAN ID of 6 and one VM in it with an IP Address of It can reach the router’s primary network, the internet and be contacted from my main network and wireless clients.

Exactly what I want for now.


Creating VLANs in DD-WRT (Part 2)

In the first part of this post I created some VLANs on my NetGear WNR3500L router that I’ve flashed with DD-WRT firmware. In this second part of the post I will be assigning IP address ranges to those VLANs and configuring the router’s firewall.

I want the VLANs that I setup previously to use separate IP Address ranges. To do this it’s back into to the telnet session and enter the following command:

[text]nvram set rc_startup=’
ifconfig vlan6 netmask
ifconfig vlan7 netmask
ifconfig vlan8 netmask
ifconfig vlan9 netmask
ifconfig vlan10 netmask
ifconfig vlan11 netmask
ifconfig vlan12 netmask
ifconfig vlan13 netmask
ifconfig vlan14 netmask
ifconfig vlan15 netmask

ifconfig vlan6 up
ifconfig vlan7 up
ifconfig vlan8 up
ifconfig vlan9 up
ifconfig vlan10 up
ifconfig vlan11 up
ifconfig vlan12 up
ifconfig vlan13 up
ifconfig vlan14 up
ifconfig vlan15 up

(There is actually a way to do this step through the router’s GUI too.)

Reboot the router again for the changes to take effect.

The final configuration that needs to be made is to the internal firewall of the router. With all of these new interfaces created, we need to define some rules to permit (or deny) traffic between them.

Now I could have just turned the firewall off but that wouldn’t be a very good idea. Instead I modified the rules. For a single VLAN (VLAN 6 for example) the following commands were required:

[text]iptables -I INPUT -i vlan6 -j ACCEPT
iptables -I FORWARD -i vlan6 -o br0 -m state –state NEW -j ACCEPT
iptables -I FORWARD -i vlan6 -o ppp0 -m state –state NEW -j ACCEPT[/text]

The first line allows traffic from VLAN6 to talk to the router. The second line allows VLAN6 to talk to the default LAN network (VLAN1). The final line allows VLAN6 to access the WAN interface (internet).

There are two ways of applying these rules. The first is by executing the following on the router’s telnet interface:

[text]nvram set rc_firewall=’
iptables -I INPUT -i vlan6 -j ACCEPT
iptables -I FORWARD -i vlan6 -o br0 -m state –state NEW -j ACCEPT
iptables -I FORWARD -i vlan6 -o ppp0 -m state –state NEW -j ACCEPT'[/text]

The other method is to use the GUI. Under Administration >> Commands there is a text are to enter the commands. Then all you need to do is click the “Save Firewall” button to have the commands take effect at the next reboot of the router. Additionally you can click the “Run Commands” button to execute them immediately. (Bear in mind though that commands run immediately are not persistent across a reboot.)

I thought that would sort everything out so I made the same changes for all of the VLANs. However, when it came to using those VLANs I discovered that although the could “talk” to the internet and to wireless clients, they could not “talk” to each other. This meant a revision to the firewall rules that I set out above was required.

Whilst working out what I needed, I discovered that a wildcard character exists and that what I wanted to achieve could be done in just 4 lines:

[text]iptables -I INPUT -i vlan+ -j ACCEPT
iptables -I FORWARD -i vlan+ -o br0 -m state –state NEW -j ACCEPT
iptables -I FORWARD -i vlan+ -o vlan+ -m state –state NEW -j ACCEPT
iptables -I FORWARD -i vlan+ -o ppp0 -m state –state NEW -j ACCEPT[/text]

Line 1 accepts input from any of the VLAN interfaces into the router.

Line 2 allows any traffic coming from the VLAN interfaces to access the bridge (this is connected to the RJ45 ports and the wireless)

Line 3 allows traffic to come from any VLAN and go to any VLAN (this was the rule I was missing the first time around)

Line 4 allows traffic coming from any of the VLANs to go to the internet.

However, a quick word on the internet (WAN) interface, ppp0, and security in general. The WNR3500L router does not have an ADSL modem in it. (I have a separate one of those (Draytek Vigor 120)). Configuration of the WAN for my environment is therefore completed using the PPPoE protocol and hence the WAN interface gets called ppp0. If you use this router with cable broadband (e.g. Virgin Media) you may end up with a different WAN interface name. Not only will you have to adjust the rules above accordingly, you need to make sure that you don’t inadvertently open up a gaping security hole!

Which is why it might be best to stick the following rules into the router instead of the ones above:

[text]iptables -I INPUT -i vlan6 -j ACCEPT
iptables -I FORWARD -i vlan6 -o br0 -m state –state NEW -j ACCEPT
iptables -I FORWARD -i vlan6 -o vlan+ -m state –state NEW -j ACCEPT
iptables -I FORWARD -i vlan6 -o ppp0 -m state –state NEW -j ACCEPT
iptables -I INPUT -i vlan7 -j ACCEPT
iptables -I FORWARD -i vlan7 -o br0 -m state –state NEW -j ACCEPT
iptables -I FORWARD -i vlan7 -o vlan+ -m state –state NEW -j ACCEPT
iptables -I INPUT -i vlan8 -j ACCEPT
iptables -I FORWARD -i vlan8 -o br0 -m state –state NEW -j ACCEPT
iptables -I FORWARD -i vlan8 -o vlan+ -m state –state NEW -j ACCEPT
iptables -I INPUT -i vlan9 -j ACCEPT
iptables -I FORWARD -i vlan9 -o br0 -m state –state NEW -j ACCEPT
iptables -I FORWARD -i vlan9 -o vlan+ -m state –state NEW -j ACCEPT
iptables -I INPUT -i vlan10 -j ACCEPT
iptables -I FORWARD -i vlan10 -o br0 -m state –state NEW -j ACCEPT
iptables -I FORWARD -i vlan10 -o vlan+ -m state –state NEW -j ACCEPT
iptables -I INPUT -i vlan11 -j ACCEPT
iptables -I FORWARD -i vlan11 -o br0 -m state –state NEW -j ACCEPT
iptables -I FORWARD -i vlan11 -o vlan+ -m state –state NEW -j ACCEPT
iptables -I INPUT -i vlan12 -j ACCEPT
iptables -I FORWARD -i vlan12 -o br0 -m state –state NEW -j ACCEPT
iptables -I FORWARD -i vlan12 -o vlan+ -m state –state NEW -j ACCEPT
iptables -I INPUT -i vlan13 -j ACCEPT
iptables -I FORWARD -i vlan13 -o br0 -m state –state NEW -j ACCEPT
iptables -I FORWARD -i vlan13 -o vlan+ -m state –state NEW -j ACCEPT
iptables -I INPUT -i vlan14 -j ACCEPT
iptables -I FORWARD -i vlan14 -o br0 -m state –state NEW -j ACCEPT
iptables -I FORWARD -i vlan14 -o vlan+ -m state –state NEW -j ACCEPT
iptables -I INPUT -i vlan15 -j ACCEPT
iptables -I FORWARD -i vlan15 -o br0 -m state –state NEW -j ACCEPT
iptables -I FORWARD -i vlan15 -o vlan+ -m state –state NEW -j ACCEPT[/text]

Whilst it’s not as elegant a solution as the one with the wildcards, it is more specific and hence more secure and I’m not an iptables expert so I’m going for the safer option. Also note that in the above example, I’ve only given VLAN6 access to the ppp0 (internet / WAN) interface.

That’s just the simple firewall changes that can be made. More complex setups can be achieved but you need to know what you’re doing. There’s an introduction to IPTABLES that can be found on the DD-WRT site.

That’s it for the router’s configuration. In the third and final part of the post I describe how the VLANs are defined on the Cisco SLM2008 switches that I have connected to the router.