Saturday, June 15, 2019

Hyper-V SCSI Controller Error

I recently upgraded storage on my Hyper-V server that hosts all of my virtual machines to SSD drives. As part of this, I got lazy for some of the VMs and copied the files manually from drive to drive by using File Explorer rather than moving the VM storage by using Hyper-V Manager. After the disk reconfiguration was done, I got this error for the VMs where I had simply copied the data.
Synthetic SCSI Controller (Instance ID GUID): Failed to Power on with Error 'General access denied error'.
Account does not have permission to open attachment 'PathToVirtualDisk'. Error: 'General access denied error'.


This is a permissions error indicating that the VM doesn't have access to it's own virtual hard disk. As part of my file copying, the VM level permissions were lost. You can see in the screenshot below that only System, Administrators, and Users have permissions. Normally, you should also see permissions for a GUID that represents the VM with Full control.


A quick and dirty fix that you can use for test environments is giving Full control to Everyone. However, for production we can do better than that. We can rebuild the permissions for each VM properly.

The basic process is:
  1. Get the GUID for the virtual machine
  2. Set permissions on the virtual hard disk file for the GUID
We can get the GUID for the virtual machine by using PowerShell:
(Get-VM VMName).VMId.Guid

Then set permissions by using icacls.exe:
icacls.exe VirtualDiskFile /Grant Guid:F
Notice that in the example that granting permissions is combination of the GUID and the permissions that we want to assign. In this case, the GUID is being assigned full control (F) permission. The result is shown in the permissions.


If you only have one or two VMs to fix, this method is pretty quick and easy. However, I had about twenty of them. So, I created a script to handle this.

 $VMName = Read-Host "Enter VM Name or name pattern (Example NYC*)"  
   
 $VM = Get-VM $VMName  
   
 Foreach ($v in $VM) {  
   $Disks = Get-VMHardDiskDrive $v  
   $Permissions = $v.VMId.Guid + ":F"  
   
   Foreach ($d in $Disks) {  
     icacls $d.path /grant $Permissions  
   }  
 }   

This script will ask you for the name of the VM. You can enter a single VM name or a text pattern to query a list of VMs.

Then the script loops through each of the VMs, finds the disks for each VM, and sets the permissions.

If you have snapshots on the VMs, it properly sets the permissions on the .avhd file in use for the snapshot. I have not verified whether permissions on the main .vhdx file that the snapshot is based on need to be modified after a snapshot is removed. Worst case, just run the script again for the VM and it will fix it after the snapshot is removed.

Thursday, June 13, 2019

Set PowerShell prompt text

I have an annoying issue where I'm storing scripts in a path so long that it makes it awkward to work at the PowerShell prompt. Almost everything I do is wrapping onto the next line.

So, to set the prompt to static text that doesn't include the path, use the following command:
function prompt {"PS> "}
If I'm working with PowerShell prompts connected to different Office 365 tenants, I'll put in text that identifies the tenant.

If you do need to view the current directory, you can use Get-Location or $pwd.

Unable to add drive to storage pool

I bought some new SSD drives for my test server that I run VMs on. The number of disks the system could handle was maxed out. So, I needed to shuffle around some data as part of the installation process.

During my shuffling, I temporarily added two of the SSD drives and used them as normal drives (not in a storage pool). Later, I deleted the data from those drives and wanted to create a new storage pool with those two drives. However, I found that when I ran the wizard to create the new storage pool, the drives were missing (not listed). They were also not listed in the primordial pool.

Using Server Manager, I tried:
  • removing volumes
  • resetting the drives
  • reinitializing the drives
  • taking the drives offline and online
  • changing between GPT and MBR
I saw some web site references to drives attached to RAID cards having duplicate identifiers, but mine were attached directly to the SATA interface and had unique identifiers. However, when I ran Get-PhysicalDisk, I noticed that the drives had a property CanPool set to False. This seemed a likely explanation for my issue.

After a quick bit of searching, I found that running Reset-PhysicalDisk should change the CanPool property to True. And it did. My surprise is that resetting the drive using Server Manager didn't reset that property to True.


Once I reset the disks with Reset-PhysicalDisk, I was able to create a new storage pool using those disks. And my test server has never been faster!