Archive

Posts Tagged ‘vsphere template’

How to Build a VMware vSphere VM Template for Windows Server 2008 R2

May 7th, 2010 100 comments

A co-worker and myself were asked to create a VMware vSphere (ESX) template for Server 2008 R2 and it’s not as easy as you might think. Over the course of a day and half and through much research and trial and error, we have come up with the perfect template for our organization. It’s a perfect base template for us but depending on where you intend to deploy it and your own organization’s requirements, you may have to edit it a bit. We intend to tweak the template even further and possibly even create separate images depending on if the VM will be deployed internally or externally. Please do comment if you have any suggestions or think we may have missed something.

Building a VMware template for Server 2008 vs. Server 2008 R2 has some differences. This blog post will cover everything we did to successfully get it working and a detailed explanation of why we chose certain settings. Big thanks to to Jeremy Waldrop and his blog post that described setting up a template for 2008 which helped us quite a bit in our research to create the perfect template for 2008 R2.

OS Used: Windows Server 2008 R2 Standard (x64) Volume License Edition

VM Hardware config:

  • Single vCPU
  • 4 GB RAM
  • 40 GB Primary Hard Drive (for Operating System)
  • 10 GB Secondary Hard Drive (for Page File
  • LSI Logic SAS SCSI Controller
  • VMXNet 3 Network Adapter

I know most organizations using Server 2003 have always done a 20 GB C: partition. With 2008, I suggest going to 40 GB OS drives as a standard. Server 2008 (especially x64 versions) requires more space. Out of the box 2008 R2 x64 takes up 10 GB. Also Server 2008 has a component store (c:\windows\winsxs) which is very large. This is because 2008 no longer uses i386, everything is stored locally already in this component store folder. Remember, Server 2008 and any future MS product is all about componentization!! When you install a component from this store, my understanding is that it is “projected” to the OS. So basically Windows 2008 installed components run from this component store essentially. As the system receives updates over time, expect this directory to grow even larger since it never deletes old stuff. Think of the different versions of kind of stacking on each other. I believe with each service pack there is a tool to uninstall components that are no longer necessary or superseded. So stick with a 40 GB OS partition and you should be fine for a long time. You will also notice we have a 10 GB secondary drive for a page file. We’ll get to that later in the article.

Now on to the actual build:

  1. First create a new VM
    • Select Custom Configuration
    • Enter VM Name and Inventory Location
    • Select Datastore
    • Select Virtual Machine Version: 7
    • Select “Microsoft Windows Server 2008 R2 (64-bit)” as OS Version
    • # of Virtual Processors: 1
    • Amount of RAM: 4GB
    • Network
      • # of NICs: 1
      • Adapter Type: VMXNET 3
      • Select “Connect at Power On
    • SCSI Controller: LSI Logic SAS
    • Create New Virtual Disk: 40GB
    • Advanced Options: No Change
  2. Now prepare the virtual hardware:
    • Edit VM Settings > Options > General Section > Uncheck “Enable logging”
    • Boot Options > Check box to force going into the BIOS on next boot
    • Power on the VM (will go directly to BIOS) > Advanced > I/O Device Configuration:
      • Disable Serial port A
      • Disable Serial port B
      • Disable Parallel port
    • Exit and Save
  3. OS Installation and Configuration
    • Install Windows 2008 R2 Standard – Full Install
    • After OS install and reboot, change Administrator Password (will prompt)
    • Disconnect Windows 2008 R2 ISO and set device type to Client Device
    • Set Time Zone
    • VMware Tools Install
      • Install VMtools, choose Custom Install Type
      • Disable the “Shared Folders” drive and install Tools ** Note we are disable Shared Folder due to profile loading issues which was documented even back in ESX 3.5 and VMware Tools here on the VMare Communities forum. I have not personally had an issue leaving it enabled but just to be cautious and the fact we don’t use this feature in our organization, we have left it disabled.
      • Set time synching between the VM and ESX host
      • Reboot after Tools Install
    • Network Configuration
      • From Server Manager, select View Network Connections
      • Right click on Local Area Connection and select properties
      • Uninstall QoS Packet Scheduler and both Link-Layer Topologies (Mapper & Responder) ** We don’t do QOS at the server level, our switches do that. Link Layer is not used by us.
      • Uncheck IPv6 and close network connection screens ** We don’t use IPv6 yet so we disabled it for now
    • Server Name
      • From Server Manger select Change System Properties
      • On System Properties screen click Change on Computer Name Tab
      • Set Server Name and restart
    • Windows Updates
      • From Server Manager under Security Information, select Configure Updates
      • Select Let me choose
      • Under Important Updates, select Never check for updates, click ok
      • Start > All Programs > Windows Update > Check for updates and install all Recommended Updates
    • Enable Remote Desktop, choose “Allow connections from computers running any version of Remote Desktop” (2nd option)
    • Disable Windows Firewall **Not best practice to disable, but my environment requires it
    • From Server Manager, select “Do not show me this console at logon” and close Server Manager
    • Taskbar Changes
      • Right click 3rd icon from Start Button (Windows Explorer) and select “Unpin this program from taskbar”
      • Right click 2nd icon from Start Button (Windows PowerShell) and select “Unpin this program from taskbar”
      • Right click Taskbar and choose Properties and choose Customize under Notification Area
      • Select “Turn system icons on or off”, and turn Volume Off, click Ok
    • System Performance
      • From Server Manager select Change System Properties
      • Select Advanced Tab > Settings and choose “Adjust for best performance”
    • Folder and Search Options
      • Open “Computer” > Select Organize > Choose Folder and search options
      • Under View Tab
        • Select “Show hidden files, folders and drives”
        • Uncheck “Hide extensions for known file types”
    • IE ESC
      • From Security Information Section, select Configure IE ESC
        • Change Administrators to Off and leave Users On ** My reasoning for this is the only “Users” should be service accounts on a server so leaving it On should not matter
    • Change IE Home Page to blank so you don’t get that pesky Internet Exploer Enhanced Security Configuration warning page
    • Under Computer, right click c: and select properties, uncheck “Allow files on this drive to have contents indexed in addition to file properties”
      • Apply changes to c:\ and all subfolder/files
      • Continue/Ignore on Access Denied errors
    • Power Options (from Control Panel)
      • Change option to High Performance
    • Disable Hibernation
      • Command Prompt, enter powercfg.exe –h off
    • Delete the Page file and reboot (so c:\ can be fully defragmented)
    • Run defrag
    • Page File
      • Edit VM Properties
      • Add a 2nd hard drive (10GB) and change to SCSI (1:0)
      • Run Disk Manager and format as Z:\ drive ** We use Z: as the drive letter so it does not interfere with adding additional drives later on.
      • From Server Manager, select System Properties > Advanced > Performance Settings > Advanced > Virtual Memory Change
        • Assign 1024MB Page file to c:\
        • Assign 5120MB Page file to z:\
    • SNMP
      • Server Manager > Add Features > SNMP
      • Server Manager > Configuration > Services > SNMP > Security
        • Accepted community names – Add your community (as READ ONLY)
        • Accept SNMP Packets from these hosts – Add your hosts (remember to leave localhost in there)
  4. Turn VM into a Template
    This procedure will copy the Administrator account profile into the default user profile so that all users that login or that will be created in the future will get the same profile with all the customizations you have done above. When you sysrep a server template and create a new VM from it, a new SID is generated which means a new local Administratior account is created during the sysrep procedure. This means all the customizations you have done will be wiped out above unless you copy all your settings above when you create a new VM. In the past with Server 2003 and even Server 2008, you had the “Copy To” feature to copy a user profile to another. With Server 2008 R2, Microsoft has disabled this feature. It is now done via an unattend.xml file using the “CopyProfile” node. I actually prefer this method now after doing it a few times. This procedure is detailed per the Microsoft KB article http://support.microsoft.com/kb/959753

    • Create unattend.xml in “c:\windows\system32\sysprep” folder as follows. NOTE: Do not copy and paste the text below because WordPress messes up the quotes which will lead to errors during sysprep. Please right click-save as this link and copy and paste from the txt file instead.
      
      <?xml version="1.0" encoding="utf-8"?> 
      <unattend xmlns="urn:schemas-microsoft-com:unattend"> 
      <settings pass="specialize"> 
      <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> 
      <RegisteredOrganization>Your Organization Name</RegisteredOrganization> 
      <RegisteredOwner>Your Registered Owner</RegisteredOwner> 
      <CopyProfile>true</CopyProfile> 
      </component> 
      </settings> 
      <cpi:offlineImage cpi:source="wim:f:/sources/install.wim#Windows Server 2008 R2 SERVERSTANDARD" xmlns:cpi="urn:schemas-microsoft-com:cpi" /> 
      </unattend>
      
    • At command prompt, type the following command:
      C:\windows\system32\sysprep\sysprep.exe  /generalize /unattend:unattend.xml
    • System Preparation Tool 3.14
      • Choose Enter System OOBE
      • Check Generalize button
      • Leave shutdown option as reboot
      • Click OK
    • Release the IP and turn VM into a template in Virtual Center
  5. I hope this guide we wrote helps someone out there and saves you time. If you have any suggestions or questions, please leave a comment. I can take screenshots of any parts above you are confused on. I am also interested in knowing about more performance related customizations you guys might use we can add to your template so if you have any, please let me know. :)

server2008r2logo