RSC200355: How to Configure a RayPack Studio Application for Hyper-V

  • Host - the machine which has RayPack Studio (RayPack, RayQC, and/or RayEval) installed
  • Server - machine which contains the Hyper-V server
  • VM - the virtual machine which is used by RayPack Studio

 

1) Network Connection

In order to properly connect a virtual machine to a RayPack Studio application, an internet connection with a Hyper-V server and a virtual machine is necessary. To properly connect the virtual machine to the internet the Hyper-V switch needs to be configured.

https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/get-started/create-a-virtual-switch-for-hyper-v-virtual-machines

 

HyperV_01.png

 

HyperV_02.png

 

Connection type Description
External Enables access for virtual machines to a physical network in order to communicate with servers and clients on an external network. Allows virtual machines which reside on the same Hyper-V server to communicate with each other.
Internal Allows for communication between virtual machines on the same Hyper-V server and between the virtual machines and the management host operating system.
Private Only allows for the communication between virtual machines on the same Hyper-V server. The private network is isolated from all external network traffic on the Hyper-V server. This type of network is recommended if an isolated networking environment needs to be created. An example for this is an isolated test domain.

 

Change the Network Adapter of the virtual machine.

 

HyperV_03.png

 

2) WinRM

RayPack Studio applications connect to the Hyper-V server and the virtual machine using the windows remote management. This purpose should be kept in mind when performing the configuration. 

It is important to configure WinRM on the machine with the RayPack Studio application and the target virtual machine!

https://technet.microsoft.com/en-us/library/ff700227.aspx

  1. First, PowerShell remoting needs to be enabled. Use the following command to do this:
    Enable-PsRemoting
    https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/enable-psremoting?view=powershell-5.1

  2. In the next step, WinRM needs to be configured. Before this can be done, all networks need to set to be either private or domain. 
    https://www.itechtics.com/change-network-type-windows-10/

    The easiest way to change the network type is by using the Local Security Policy editor (this might be unsecure). 

    Change network type using Local Security Policy

    1. Go to Run -> secpol.msc

    2. Select Network List Manager Policies. This will list all the networks in the right hand pane. 

    3. Double click your desired network, go to Network Location tab.

    4. Change the Network location type to either Not configured, private or public.

    5. If you want to do this for all the connected networks, you can double click All Networks instead of your desired network.

    HyperV_04.jpg

    (Source: https://www.itechtics.com/change-network-type-windows-10/)



  3. Now it is possible to begin with the main part of the configuration.
    https://msdn.microsoft.com/en-us/library/aa384372(v=vs.85).asp

    Run PowerShell as an administrator and use the following command: 
    winrm qc
    Confirm it twice. 

    If there is an additional firewall, an exception for the port 5985 needs to be added (WinRM 2.0: The default HTTP port)!

  4. The next step is to add 'Trusted Hosts'. In most cases, it will be possible to work with remote computers which are located in other domains. However, if a remote computer is not in a trusted domain, the remote computer might not be able to authenticate the credentials. To enable the authentication of the credentials it is necessary to add the remote computer to the list of trusted hosts for the local computer in WinRM.

    The following command line can be used for this:
    winrm s winrm/config/client '@{TrustedHosts="RemoteComputerOrHyperVServer, OtherComputer"}'
    RemoteComputer is used for the name of the remote computer. For example: 
    winrm s winrm/config/client '@{TrustedHosts="MachineWithPackBot"}'
    It is possible to use '*' instead of all TrustedHost names. This will enable the authentication for all connections.
    The Windows Remote Management should be configured correctly now.

 

3) Connection Test

It is necessary that the machine with the RayPack Studio application has a correctly configured connection to a Hyper-V server and a virtual machine. To test the connection the following commands can be used: Test-WSManNew-PSSession, and Enter-PSSession.

 

Test-WSMan

This command tests whether the WinRM service is running on a local or on a remote computer.

https://docs.microsoft.com/en-us/powershell/module/microsoft.wsman.management/test-wsman?view=powershell-6

New-PSSession

This command creates a persistent connection to a local or a remote computer.

https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/new-pssession?view=powershell-6

Enter-PSSession

This command start an interactive session with a remote computer.

https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/enter-pssession?view=powershell-6

Example:

Enter-PSsession –ComputerName HyperVServerOrIP –Credential username

 

4) Known Errors

1. "Access denied" when configuring WinRM using a local administration account.

When configuring WinRM on a local computer using a local administration account the following error may occur:

WSManFault

   Message = Access is denied.

 

Error number: -2147024891 0x80070005

Access is denied

This error might occur even if the account is a local administrator and the command line is run using administrative privileges.

To solve this problem, UAC filtering for local accounts must be disabled by creating the following DWORD registry entry and setting its value to 1:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] LocalAccountTokenFilterPolicy

https://msdn.microsoft.com/en-us/library/aa384423.aspx

Comments

Powered by Zendesk