Kit Kai's Tech Blog

Not sure if this applies to virtualised instances of ISA 2006 on virtual server, but it sure does on HyperV. There are many variants of the problem which you can find on the internet. Here's mine

I've set up ISA 2006 on a virtual host with three network cards. One for management, one for virtual machines, and one for the Internet. ISA 2006 is connected to two of them, virtual machine and internet. Set up all the rules as I did on my physical host which is about to be decommissioned, but the funny thing is Internet access on the ISA is fine, but not on other clients. Monitoring the log tells me that all traffic is being blocked by the default enterprise deny all rule, even though the source to destination and protocol matches the rules above it.

I also realise that start-up and shut-down of ISA takes a fairly bit of time, and accessing the certificates is a pain. Remembering that other MVPs faces some problem with virtualised ISA, and many of them disabled TCP Offloading and it solved their problem. That works for me too, and it solved all the slow start-up, shut-down and access certificate.

Previously, I've mentioned that I've replaced my motherboard with Asus Rampage Formula. This board comes with a dual gigabit lan port. So I was playing with the network configuration on my hyper-v host. The LAN Left is where the virtual network switch is attached to, and all virtual machines uses this to communicate. The LAN Right is where the host is using to communicate.

I remember seeing a network layer diagram somewhere which I can't find now. It says that when network traffic comes into a network card, it will route the traffic to both the host and the virtual machine network switch, which means installing ISA on virtual machine does not protect the host. Installing IS on host does not protect the virtual machines if they are listening to the external network card.

Since I now have a dedicated lan port for the host, I was playful, and disabled the LAN port for virtual machines on my host. If I do that on virtual server / virtual pc, I'm quite sure that the network connectivity will be gone, even though the network cable is still shown as attached. But in Hyper-V, it is still working! I can access my virtual machines from my laptop, and vice versa. In fact, if i disable both, I still have network connectivity to my virtual machines, though I won't be able to access the host!

Now, if I virtualise ISA, since the virtual network switch does not have an IP, and the external network card does not have an IP for the host, does it mean that all network will go through ISA? Does it means that my ISA really behaves exactly like a physical box, without compromising the host?

Cool huh?

[Updated]

Found something that explain how networking works in hyper-v

Details and download bits can be found here.

Just some additional details. If you have existing Windows 2008 virtual machines, you need to download this and package it into an ISO to mount it into the virtual machine's CD-Rom drive, as you will lose your network connections after upgrade.

For your existing windows 2003 or windows XP machines, you just need to update the Integration Services

Sigh, for the past three days, I was trying to fix my hardware, as one fine morning, the PC is beeping continuously. After reboot, it is checksum error. Naturally, thinking its motherboard problem, I went to buy a high-end gaming rig (Rampage Formula), as that would be better to run 24x7 rather than a normal motherboard, but later realise that it is the CPU that short-circuit the motherboard. A few trips to Sim Lim, and I got myself a quad core, while waiting for my E6600 to be replaced by Intel.

And you know what I saw in Sim Lim? A gigabyte motherboard that says "Support 6 quad processor"!!! I ask the person, what does that mean. He says 6 core is coming out soon!

http://www.engadget.com/2008/03/18/intels-6-core-dunnington-coming-in-2008-nehalem-official/

More reasons to play with HyperV! Now, if only motherboard comes with more ram slots...

Found this will reading Ken Schaefer's blog. It is about moving your virtual machines around.

While this seems to be better than exporting and importing, I still prefer the old ways of moving virtual machines. Just move the harddisk with the virtual machine configuration file. I haven't tried this yet, but looking forward to the day when I have enough money to get a desperately needed new SATA drive to "load balance" my IO traffic...

It has been an eventful week for me... First, I was nominated as one of the 20 local IT hero by Microsoft. So I was @ the launch event to be honored, and I receive a certificate of thanks, and a wonderfully designed personalised jacket, which I love so much!  Thanks Yasmeen for designing that!

Next thing I know, I was asked by Microsoft if I'm ok to be interviewed by 93.8 Live! Nervous, of course, but I want to experience how it was like to be on radio... So this morning, I went to mediacorp to meet Stanley Leong, the host, together with two other Global IT Hero, Lup Yuen, who happens to be my colleague, and Pom. I was surprised that my Marketing Communication people are there as well, since the program is interviewing the IT Hero, not my company.

Anyway, I really have to thank Steven Leong for being such a good host in helping us IT guys chat naturally. Personally, I think there are so many others out there that deserves the honour, countless hours you guys have put in, and yet not appreciated by your company. Making you guys work till 3 am, and if you leave at 9pm, you are branded as not committed. To you guys, I salute you.

But there is one thing that really got me pissed off. After the interview, the marketing communication person tell me that next time, if there is such interviews, please let them know, and prepare a script of what I'm going to say for them to vet. There are things they don't agree! But come on! The interview is about IT heros in the industry! Not IT Heros in my company! What I have mentioned is a common problem in the industry! Sales people basically oversell! Delivery people, has to deliver! PERIOD! Now that I'm in the position to do damage control to not oversell when I'm designing the architecture and drawing the proposal, that makes my company credible right?

Anyway, the experience was really cool. There is a repeat tonight around 10:30pm... Will be listening in and see how I sound... :)

While there are two other products, like Visual Studio 2008 (which I should be more familiar, since I'm a Dev, but that's not the case, thanks to Windows Insider), and SQL 2008, I'm looking at Windows 2008 more than anything else, since I'm very interested in virtualisation.

I've started with using Virtualisation heavily when I was working with Commerce Online, of course doing SharePoint development. At that time, VMWare was king (and still is), while Microsoft just release Virtual PC 2004 (I think). The company was using VMWare more, hence I too was using VMWare to do development. At that time, it was VMWare 5.0. It does save me lots of time, when development turns sour, since SharePoint 2003 was very fragile (compared to SharePoint 2007), especially when you are doing hardcord customisation with CAML, Site Definitions etc. One wrong move, your entire server is down. Snapshots helped me a lot, but my one single complain was memory leak, which requires me to reboot the laptop after I stopped the virtual machine, as resources wasn't released.

When Virtual Server is out, I started to try it out. Compared to VMWare, there isn't much features. With one level of undo, you need to remember to commit changes at every milestone, or risk losing all your work when your virtual machine dies. Another thing I used was differentiating disk, which I built a base virtual machine with windows 2003, build another base with SQL and SharePoint differented from the Windows 2003 base, and have instances on top of the SharePoint base. However, perforamance sucks, and I quickly reverted to single disks, making copies instead of creating differentiating, effectively increase my storage requirements

Then I've decided to buy my own pc, since I'm facing hardware crunches already in this company, plus all the goodies I'm receiving as an MVP to play with cutting edge (or bleeding edge) technology. Even at financial crunch (wedding, house, renovations) I still decide to get a CPU with good L2 cache, and hardware virtualisation, anticipating for the arrival of Hyper-V, in slightly more than a year's time. At the mean time, my C2D 6600 cpu with 4 gb ram continued to run virtual server, meeting all my development needs, especially building testing environment for MOSS beta. But using virtual server did limits me, as I can only assign one cpu to a virtual machine, and no x64 support. This means that SharePoint x64, ad exchange 2007 is out of my reach.

Last year, Dennis graciously included me in his Windows Insider program, and I learn quite a lot of stuff about Windows 2008. Things that caught my interests is Terminal Services, and of course virtualisation. I immediately wiped out my machine and put Hyper-V up. Migrated all the virtual machines I have to Hyper-V, and something prompted me to increase my ram to 8GB. Before Hyper-V, cpu usage was high, above 50% with about 3 to 4 virtual machines running. With Hyper-V, and 4GB ram, my CPU usage overs at 10%. With 8GB, it hovers at 10% as I'm not running 1 AD, 1 CA, 2 MOSS, 1 Exchange (which eats up 2.5gb ram). I'm looking at my task manager, and per core, there are only 6 peaks most hitting only 50% - 75% in the graph at one time. The only crunch time is when my SharePoint is doing profile sync and indexing, which by that time, I suspect its IO that is the bottleneck. All my virtual machines are running off a single sata harddisk, so that's my next upgrade.

Moving on to my new role in CAO doesn't reduce the need for hardware. Without support from company to provide hardware for my playground, I found myself using my hardware more and more, intensifying my desire to get a second powerful machine for virtual host (hoping for fat bonus this year, or anyone willing to sponsor?... :p). And nope, lack of company support does not quench my thirst to learn more of the technology. Now with Exchange 2007, I was able to try out incoming email in detailed, which I would have otherwise missed. And as my boss wants to grow me further, with virtualisation I can play with other products in the Microsoft stack, and other portals outside Microsoft Platform...

I even excited my new colleague, Alvin Lau, in Hyper-V, and he is in the process of setting up his own environment, and we even have plans to set up adfs between our two home network, just to have an environment to test out extranet scenario when our solutioning job requires it.

So why am I writing about this, right before the launch? Two things that virtualisation brings to the table. I'm sure SME (licenses aside), will be trying to save on hardware, and faces the hardware crunch as I am constantly facing (I'm almost like sme, just that I don't make money out of my hardware investments). But I'm sure whatever application you want to run will not fully utilise your dedicated hardware. Virtualisation can help you squeeze more from your hardware... Of course MNCs will benefit as well, with snapshots and other stuff, but many says that Hyper-V is still behind VMWare, which I agree, but not too sure to what extend, since I'm actually not IT Pro, and I'm not very into the operational aspect of IT.

For developers out there, whose company is just giving you a 1gb or 2gb laptop for development, especially those in the end user environment. I don't know if you will agree with me, but I do envision SharePoint being part of the infrastructure one day. (It is already happening in a few engagements I'm involved). Rather than letting such medicore hardware slows you development time, and limits your ability to pick up new skillset, why not invest in one machine that allows you to do virtualisation, be it Hyper-V or VMWare, which you can dual boot for your gaming needs. Get your work done faster so you can return home earlier, and use that to pick up new skillset too!

I guess Microsoft still need to release an Express version of Hyper-V... :P (not suggesting there is one...)

Anyway, back to the launch. Computer Times actually asked me to pen some thoughts about Windows 2008, with regards to certain topics. Of course, I picked on Virtualisation. Lucky I was informed by friends that it came out in today's Computer Times... So I grabbed a copy to keep. Check that out if you want... :) See you tomorrow at the launch!

It have been some time since I've done this poll. There isn't a lot of responses, probably lack of interest in this area. I actually wanted to keep the code to myself, but I may just put it to codeplex, not sure yet. Anyway, this is what I did.

 Basically, I've created a process of filing documents, and items into my personal KM. It is not a one email filing, but a series of emails that needs to be sent, if you do not have the template. That helps users not to remember the format of the email, and also prevent a chatty interface.

For a first time user, he / she will be sending a blank email to the document library / list, with the subject [Request]

After sending out the email, the user will get a reply from SharePoint, asking which content type he / she wants to file as.

As you can see, the list of content types configured for the document library / list are listed below the field. User just need to hit "Reply", and copy and paste the content type he is interested in filing against, and send it out.

SharePoint will then send a template email for end user to start the actual filing. This template can be kept for future filing, avoiding the first two steps.

The user just need to change the subject, as the system will use the subject as the title, attach the document, fill in the meta data below and send it out.

I still need to add support for multivalues, and user fields. Once that is done (with no timeline in sight), I'll consider publishing it in codeplex.

Comments are greatly welcomed.

Microsoft can be quite creative in their marketing...

http://blogs.technet.com/windowsserver/pages/about-lone-server.aspx

Video speaks for itself. This should really put those who keep complaining about their situation (me included) to shame.

http://www.youtube.com/watch?v=LnLVRQCjh8c

Check out this post @ Dennis's blog

My last statement to Microsoft about the so called minority geeks who uses windows 2008 on their laptop with Hyper-V. If you are going to tell us that Hyper-V is meant for server only operation, hence you disable the sleep functionality on the laptop running windows 2008, you fix your virtualisation story on vista, expecially to support x64 platform, and give me the ability to move my virtual machines from a Hyper-V machine to virtual server / virtual pc, which every you choose to improve. And this support, I ask that you do not provide 6 months or longer down the road, but immediately, or 1 month after Hyper-V goes into rtm. Yes, Hyper-V is great virtualisation story for server operations, and there is a marked improvement over virtual server, and I'm pleased with the x64 support. But I love my sleep functionality more than Hyper-V virtualisation. If I am to run Hyper-V 24/7, I won't choose a laptop to host it! And when I run Hyper-V, I only use it if I need to have access to server applications, which is not 100 percent of the time!

If you can't let the laptop sleep with virtual machine running in Hyper-V, can you explore the following instead of disabling sleep totally?

- display a message that sleep mode is not support when virtual machines is running, during installation, or when a sleep is intiated

- allow sleep to happen when there is not virtual machines running 

- allows sleep to continue and let the owner handle the risks themselves

If I am ever forced to use vmware, I will not switch back to your virtualisation story.

I don't know how much stronger this minority geek can say to you. But you are not leaving a lot of option for me.

To readers: Do leave your comments. I'm sure some of you will want the sleep function, while others would think what the hell do I want windows 2008 on my laptop...

Especially if you are going to move between Hyper-V and Hyper-V / Virtual Server.

First of all, if you need to move virtual machines from one hyper-v to another hyper-v, you need to do an export before you can import it back into Hyper-V. I didn't read the documentation with regards to what export does (currently don't have time), but recently, I need to make a copy of the virtual machine (no, snapshot is not what I wanted), and I used the export function and import it back into hyper-V. First, I see two virtual machines with the same name. The only thing that allows me to differentiate which is which is the creation date. I noticed that the screen resolution has changed.

I don't like the export functionality at all. If it is copying the VHD, and create a configuration file which Hyper-V can understand and import, why can't we just copy the entire folder which has the configuration file and vhd and add it into another Hyper-V machine as an existing virtual machine? I like the way virtual pc and virtual server is handling virtual machines now. Virtual Server keep failing on me, and I have to do a re-install every two months or so. All I need is just to add existing machines, and I'm good to go. Every release of Windows 2008, I don't do upgrade (as upgrade failed on me before), but clean install. But Hyper-V does not allow me to add existing machines. I have to export first. And I don't remember I need to export in vmware as well!

Moving between Hyper-V and virtual server is another thing. First, if you intend to move to virtual server (because there is not other option for virtualisation on client other than virtual server and virtual pc), don't create a IDE harddisk bigger than 129gb. Second, your virtual machine may not work well when moving back to virtual server. I had a MOSS 2007 that was created in virtual server. Moved it to Hyper-V to do my development. Yesterday, I had to move it back to virtual server as a backup demo virtual machine, just in case I'm at the mercy of broadband on mobile. Straight off copying the vhd over, the virtual machine doesn't boot. Duplicate the virtual machine in Hyper-V to uninstall the Integration Service component, and copy it to virtual server again, also doesn't boot the thing. Give up, as I'm running late.

Another plea to Microsoft. Please don't forget the virtualisation story on Vista! You are not leaving a lot of option for the minority geeks who are still supporting you! Now that Windows 2008 does not have the sleep function when installed on a laptop, I have two less reason to stick to Hyper-V, and use VMWare now!

P.S. In response to this post about why sleep is not available. I don't see why the host need to save the state of the running virtual machine. Why can't the sleep function put the virtual machines into pause state, and save the memory state of the host?

Email address of each document library depends on the incoming email settings you have configured in central admin, especially the email domain the farm will use. If you have configured AD integration, whenever you have enabled a incoming email feature for a list or document library, it will create a contact entry in AD, which would place an entry in exchange contact list. After the address list gets updated, the email gets listed in the address book in Outlook, allowing users to email content into the document library without requiring them to remember the email address.

I don't know about you, but I live and breathe in my Outlook (which is why Dynamics CRM has an edge over the rest of the CRM product isn't it?). I'm receiving so much information in my outlook that I need some good way to start to capture these information. Plus the fact that my harddisk is running out of space. Hence I thought of using incoming email feature to allow me to post content into my SharePoint knowledge database behind my firewall, not accessible via the internet because Starhub blocks port 80, and port 443 is already used by another application.

The following values are ficticious. My internal domain is litware.intranet. Internet domain is litware.internet. Central administration allows me to configure two values for the domain, as shown in the screenshot below.

As the label put it, the first settings is SMTP mail server for incoming email. I interpret it as the FQDN for which the virtual smtp server is set up at. Hence I gave the internal fqdn, which is sharepoint.litware.intranet. Then, there is a label that says email server display address, and the format of the text box implies the email domain which will be shown to the users. So I set that to sharepoint.litware.internet. Then it is time to configure Exchange to route email from sharepoint.litware.internet. Sharepoint.litware.intranet is taken care of with a MX record in the intranet dns. Combined knowledge has a white paper on how to configure Exchange to route the email here. I used the Exchange 2007 paper, but the security settings mentioned wasn't enough for SharePoint to write to the OU. After some tweaking, the whole set up finally works, with email routed to SharePoint and my custom email handler works perfectly, or so I thought.

Looking at the contact list in Exchange, I realised that all the email domain is wrong! Instead of using internet domain, it is using the intranet domain. With Steve Smith and Kevin Laahs's help, I began playing with the settings by first changing the SMTP mail server setting to the external domain. Email routing wasn't affected at all, but new email contact for new email enabled document is showing the correct email address. Then I realise that SharePoint doesn't talk to the smtp server, since the external domain is not resolvable internally, and internet will resolve to my exchange. It just monitors the drop folder. Misleading huh? At least to me, it is...

Having solved the problem, my emailed enabled knowledge library is working, enabling me to file documents and tag them at the same time. I've done a poll on how people are using incoming email, but response wasn't very positive. So the next few posts, I will probably be writing about how my solution works, but I won't be sharing the source code. If you are interested, you can contact me to bounce ideas, or I can get my company to be involved in a consultancy exercise. (I don't earn extra, since I work for the company, not own it)

 P.S. Do you know that MSN Space allows you to use email to upload images and post blog posts?