I’ve edited out the ServerBeach specific stuff and will post pictures…. soonish.

The following link has some great pictures not included here. http://sqlblog.com/blogs/john_paul_c…h-hyper-v.aspx

I’ll add some nice little pictures here once I get some screenshots together.

CONFIGURE HYPERV

1. Configure an “Internal” HyperV network
2. Set each Virtual Machine to use the Internal network and assign them and your HyperV host on the correct subnet (in this example 10.0.0.1 for the host and 10.0.0.10 for the VM).

ENABLE ROUTING AND REMOTE ACCESS ON THE HOST MACHINE

1. Click -> Start -> Administrative Tools -> Routing and Remote Access
2. Right Click on Server#### (local) -> Configure & Enable Routing & Remote Access
3. Click -> Next on Welcome Window
4. Select Custom Configuration Click -> Next
5. Select NAT Click -> Next
6. Select your public interface
7. Select your Internal HyperV interface
8. Select “I will set up name and address services later” Click -> Next
9. Click -> Finish

CONFIGURE ROUTING AND REMOTE ACCESS ON THE HOST MACHINE

1. Routing and Remote Access should be running on the server now
2. Expand out the Server
3. Expand out IP Routing
4. Select NAT/Basic Firewall
5. Right-click your public interface. Select properties
7. Network Address Translation Properties Window will open
8. Select Radio Button for “Public Interface Connected to the Internet”
9. Select the check box for both “Enable NAT on this interface”
10. Click on the Address Pool Tab
11. Click the Add button and add your secondary IP addresses. The “Start Address” and “End Address” will be the same in most cases.

*NOTE* You do not want the secondary IP address configured in the TCP/IP Properties of the Host machine.

12. Click the Reservations button and enter your static IP mappings. That is, specify that you want traffic on your secondary IP mapped to your VM’s internal IP.
13. In services.msc, make sure that RRAS is set to start automatically and Windows ICS is disabled.

NOTES #1

When configuring and experimenting with the RRAS firewall, create a batch file to stop the service in case you forget to allow RDC or otherwise render the system inaccessible.

Code:

net stop “remoteaccess”

Then add the batch file to the scheduler and have it run some time after you apply your changes.

NOTE #2

RRAS is really finicky about the interfaces installed on the server. If an interface is changed in any significant way, it’ll have to be disabled and reconfigured.

Hyper-V is also similarly finicky about its virtual networks. I can’t count the number of times I had to remove and recreate networks. Thankfully, this was rather painless with only one VM to propagate changes to.

If you should encounter any difficulties with adding your additional VMs to the server, try resetting HyperV networking, individual VM network binding (in the VM’s settings), confirming physical host interfaces, and then reconfiguring RRAS in this order.

NOTE #3

Those who have had HyperV configuration problems solved it by disabling TCP/Offload Engine. Symptoms include, RRAS just not working, or working sporadically. If in doubt, disable TCP/Offload Engine

http://social.technet.microsoft.com/…8-d22aca6154ee
http://support.microsoft.com/default…b;EN-US;904946

So if this applies to you, run on the host and on any 2008 VMs:

$ netsh int ip set global taskoffload=disabled

and add the following registry key to any 2003 VMs:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\DisableTaskOffload

This is a DWORD entry that should have a value of 1.

Note to self: Sysinternals is Microsoft’s saving grace:

Process Explorer: A more advanced taskmgr, if you will. It’s most awesome feature is it’s ability to search for processes holding a certain handle, allowing you to resolve locked file issues:

Home page: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

Or just run it from http://live.sysinternals.com/procexp.exe

Process Monitor: Basically, Regmon + Filemon:

Home page: http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx

Or just run it from http://live.sysinternals.com/Procmon.exe

Overview: fdisk w/ a W95 partition table
mkdosfs

If you need the step by step, it’s below:

fdisk /dev/sd(whatever drive you want to reparition, ‘b’ in this case), then follow along:

The number of cylinders for this disk is set to 20023.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
(e.g., DOS FDISK, OS/2 FDISK)

Command (m for help): m
Command action
a toggle a bootable flag
b edit bsd disklabel
c toggle the dos compatibility flag
d delete a partition
l list known partition types
m print this menu
n add a new partition
o create a new empty DOS partition table
p print the partition table
q quit without saving changes
s create a new empty Sun disklabel
t change a partition’s system id
u change display/entry units
v verify the partition table
w write table to disk and exit
x extra functionality (experts only)

Command (m for help): n

Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-20023, default 1):
Using default value 1
Last cylinder or +size or +sizeM or +sizeK (1-20023, default 20023):
Using default value 20023

Command (m for help): t
Selected partition 1
Hex code (type L to list codes): c
Changed system type of partition 1 to c (W95 FAT32 (LBA))

Command (m for help): p

Disk /dev/sdb: 164.6 GB, 164696555520 bytes
255 heads, 63 sectors/track, 20023 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x000f0136

Device Boot Start End Blocks Id System
/dev/sdb1 1 20023 160834716 c W95 FAT32 (LBA)

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.

WARNING: If you have created or modified any DOS 6.x
partitions, please see the fdisk manual page for additional
information.
Syncing disks.

root@sbrescue:/# mkdosfs /dev/sdb1
mkdosfs 3.0.1 (23 Nov 2008)
root@sbrescue:/# mount /dev/sdb1 /mnt
root@sbrescue:/# cd /mnt
root@sbrescue:/mnt# touch asdf
root@sbrescue:/mnt# ls
asdf
root@sbrescue:/mnt#

All done! =D

AFAIK, it has to do with a NETBIOS limitation.

Symptom: Every available port from 1024-5000 is used to connect to various servers on destination port 445. Basically, the worm opens these connections to download and wait for malicious binaries.

The removal tools at http://www.bdtools.net/ does not detect this variant, and you have to use Dr.Web’s Cureit to detect and remove it. According to them, the recommended procedure is to install the following hotfixes:
* MS08-067
(http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx);

* MS08-068
(http://www.microsoft.com/technet/security/bulletin/ms08-068.mspx);

* MS09-001
(http://www.microsoft.com/technet/security/bulletin/ms09-001.mspx).

And then run Cureit, a fully functional shareware app.

In case you’re reading this from an infected server, I’ve downloaded and included some of these files here (because if you’re infected, you won’t be able to access certain sites, drweb.com being one).

Our favorite worm got an update 8 April according to Network World. Read more here…
And of course, at downadup.org.

If you can stand the gripes from your users, disabling Autorun through a forced registry setting (scripts, custom built ADM) is not a bad idea in general, so what if they have to open the folder and double-click the executable that’s likely in the top-level directory anyways?. Read the Cert/CC blog for more about this work around. Of key importance is that for whatever reason, the setting in HKCU overrides the HKLM setting. It may go without saying, but your best bet is cover both fronts.

If your network is infected presently, the following site hosted by BitDefender has a good list of symptoms to look for. In addition, the company has recently published both a single-workstation tool and a network tool to remove the worm from your computers. You can find these resources at http://downadup.org/.