Tag Archives: virtual machine manager 2016

Installing Highly Available SystemCenter VMM 2016 – HowTo…

Prerequisites:

if you want to install a highly available VMM you need two VM´s (to create a VMM cluster) and a extra HA SQL Server (ideally two SQL 2016 core Nodes with AlwaysOn – for installing this SQL nodes see http://blog.mscloud.guru/2016/10/28/installing-sql-server-2016-core-on-windows-server-2016-core/

VM(s):
  • Create two VMs with a OS vhdx (optional one additional Data drive if you want to split OS and VMM in two different drives), 2 vCPUs and at minimum 4096 MB Memory (if you want to use Dynamic RAM, set Startup value to 4096MBs or more and Minimum RAM to 2048 or more, otherwise setup check will fail…) – see SystemCenter requirements: https://technet.microsoft.com/en-us/system-center-docs/system-requirements/minimum-hardware-recommendations
  • Create a cluster with this two VMs, no cluster disks necessary, don’t forget to create a witness (my preferred FileShare or Cloud Witness)

SQL:
  • create a AlwaysOn Listener on your SQL cluster (you can deploy VMM in a “Common” Instance with other databases or you prefer a dedicated instance for VMM – collation should be: SQL_Latin1_General_CP1_CI_AS
Software:

  • Install ADK on both VMM nodes with the following options:
    • DeploymentTools
    • Windows Preinstallation Environment

…copy downloaded ADKSetup Files to both VMM nodes and install with GUI or unattended:

…after a few minutes check c:\temp\install.txt – the last entry should be “…Exit code 0…”:

  • Install the SQL tools in GUI mode or unattended:

  • do this on both vm nodes and restart the servers
Accounts:
Login Purpose Permission
DOMAIN\_svc_vmmservice SCVMM Service Account Local admin rights on VMM nodes
DOMAIN\_svc_vmmrunas Service Account for manageging Hyper-V Hosts Local admin rights on Hyper-V servers/nodes
(optional) DOMAIN\_svc_vmm2scom SCVMM to SCOM connector account SCOM Admin and SCVMM Admin role
(optional) DOMAIN\_svc_vmmtemplate Account used in templates to join Domain and run scripts while deployment you can use delegate control in AD for this account – Computer Objects/Reset Password/Validated write to DNS host name/Validated write to service principal name/Read/Write Account Restrictions (This object and all descendant objects – Create/Delete Computer Objects)
Groups:
Name Members Scope Permission
gg_VMMAdmins your account/_svc_vmmservice/_svc_vmmrunas Global -
lg_VMMAdmins gg_VMMAdmins Local Put this group in local admins group on VMM nodes
AD container:

if you install VMM in HA mode you must create a container in AD to allow VMM to store their key´s. See https://technet.microsoft.com/en-us/library/gg697604(v=sc.12).aspx

open ADSIEdit.msc and connect to the domain partition of the active directory domain:

…double click on “Default namin context…” and right click on domain context:

..give it a name (ie. VMMDKM – “Virtual Machine Manager Distributed Key Management”)

…refresh the console:

…click on domain -> your container -> and check your if your container is created successfully:

 

…close ADSIEdit and open “Active Directory Users and Computers” – click View -> Advanced Features:

…open Properties of your container:

…add VMM service account with R/W/Create child permissions:

…click Advanced and chance permissions to all descendant objects:

FileShare:

In a VMM HA install the FileShare for Library must be created outside of VMM servers – you have to create a fileshare on a MS fileserver or fileservercluster (NAS or other CIFS components are not possible because VMM installing his own VMM agent on the fileserver for management purposes…)

Install:

you can choose between nonGUI and GUI VMM setup – even on server core edition:

Server core install:

change to your VMM setup path and edit the file VMserver.ini (ie: C:\VMMSetup\amd64\Setup\VMserver.ini)

call the setup with the following parameter:

check the VMMLog in C:\ProgramData\VMMLogs

Installation in GUI mode:

..start setup – choose install, click VMM server and next:

Server name -> Name of you AlwaysOn Listener

Port -> Listener Port

Instance name -> name of SQL instance

use your vmm-service account -> see “Accounts” above and the Distinguished Name of the container you created in AD before (see container above)

HINT: ..normally everything should ok – if you get an error like me (see text in screenshot) regarding the SCP in AD – maybe you have moved your Nodes in AD in another OU and forget to give the ClusterObject the permission to create Computer Objects within this OU! – see: https://technet.microsoft.com/en-us/library/dn466519(v=ws.11).aspx or see: http://www.systemcenter.ninja/2014/01/creating-service-connection-point-scp.html

..in my case i manually create the computer object (same OU as FC object) and give the failoverclusterobject Full-rights on this new object – after that i run the configurescptool.exe command (see text above) again and voila – in Cluster Manager the Role can be started with success…

On second node:

start setup (vmmsetup recognize that it runs in a cluster and that a “primary” vmm node exist):

…if you click on VMM management server in next screen you will get the following message:

…enter registration informations again:

…settings for database are greyed-out because setup reads this info from primary installed node:

…reeenter password for vmm-service:

accept all other with next and click install:

…after a while setup should finished with success:

Last step in HA install is to make the VMM DB highly-available – we installed it with the AlwaysOn Listener but the DB itself must be switched to HA with the SQL AlwaysOn Wizard – open the SQL Studio and connect to your AO Database:

…standard SQL setup for join a single DB to AO group – change recovery mode/make backup/add db to ao group:

…right click on AOgroup and select “Add Database…”:

HINT: in SQL Alvailability group dont forget to keep your SQL users on the database in sync (!) – see: http://blog.mscloud.guru/2016/10/28/installing-sql-server-2016-core-on-windows-server-2016-core/ since every works perfekt until the first failover of the DB – then VMM service failed to start, because the (ie. _svc_vmmservice) user does not exist on the failover target server.

FINISH: now you have a fully highly available SCVMM installation – test it with failover of DB (nothing should happen) – and failover of VMM (an open VMM console should simple reconnecting after a few seconds)