Windows Server Issues on Vmware ESX

By freemchr
in Microsoft (Windows)

 Share

Recommended Posts

Neowinian

freemchr

Posted
Posted

Hi Guys

I have an interesting issue though I think we know what the fix is but want to double check and ensure we are on the right page.

I have a customer who has the following setup:

 

Dual CPU Quad Core 

144GB RAM 

Vmware ESX Hypervisor 4.1

 

1st VM

Windows Server 2008 R2

Running as Domain Controller and File Server

Alloted 30GB RAM and 2 vCPU's in Vmware

2nd VM

 

Windows 7 Professional 

Running http://www.aads-worldwide.hk/ as a Terminal Server

Alloted 110GB RAM and 2vCPU's in Vmware

 

Customer has around 22 user's who logon to the second box via RDP port 4000 (We changed it from 3389) and use Terminal Services. They use a mix of Outlook, Word, MYOB (only one user), and Adobe Acrobat and some web browsing within the terminal session.

 

Issue we have had is that the 2nd VM is maxing CPU at 100% constantly (was maxing RAM previously as well but we just bumped the server to max memory).

 

I noted the other night that we think that the server is running Vmware Hypervisor FREE which only allocated maxiumum 4 vCPU's but I am going to check with Vmware tomorrow with the license key that we have.

 

We then adjusted the vCPU so that we had 1 vCPU on the 1st VM and 3 on the second and CPU utilisation dropped to 20%.

However this then causes issues with the first box locking up when running backup and a few other processes.

 

What I want to know is the following:

 

Should we look at upgrading the box to ESX 6.0 and then getting an enterprise license to unlock the remainder cores? If so will 2 vCPU's allocated to box one and 6 vCPU's or similar on box 2 fix the issue?

 

How is the licensing for this done? Do you know what the cost may be? Not that familiar with the VMware ESX setup they currently have so looking for some guidance.

 

Thanks in advance.

Link to comment
https://www.neowin.net/forum/topic/1260052-windows-server-issues-on-vmware-esx/
Share on other sites
Grand Master

farmeunit

Posted
Posted

I personally would look at upgrading, to ESX 6.  It's recommended to do VM conversions, though instead of just upgrading.  That's to get the benefits of the new VMFS and such.  Be careful upgrading the VM version, though, since you're using the free version.  Some features can't be changed if you go past VM version 8 without vCenter.

 

I do NOT think that alone would fix your problem, though, but it might.  I can't remember what the license restrictions were with 4.x.  We only have a few multi-vCPU machines, and none of them over 4.  You can assign more vCPUs than you have if they see loads at different times of the day.  Have you tried changing the number of threads as well, or do you have any extra threads available?

Grand Master

sc302 Veteran

Posted
  • Veteran
Posted

I would not jump on the 6.0 band wagon yet. Stick with 5.5. I am having major network issues with vms on 6.0. I am trying to determine what the issue is. But we don't have issues with 5.5. It could be vmotion. You don't need enterprise to unlock processors. Physical processors are licensed regardless of cores. You could purchase essentials and run what you have if you wanted support and to be licensed properly.standard would also work. See which one would work best with what your have

  • offroadaaron
  • Like 1
Grand Master

offroadaaron

Posted
Posted

I would not jump on the 6.0 band wagon yet.

 

I agree with this 100%. I would be upgrading maybe to 5.5 as long as everything you have supports it.... Backup, monitoring, etc, etc...

 

 

Customer has around 22 user's who logon to the second box via RDP port 4000 (We changed it from 3389) and use Terminal Services. They use a mix of Outlook, Word, MYOB (only one user), and Adobe Acrobat and some web browsing within the terminal session.

 

I know this isn't the main question, but why change the port number? I don't see any sense in this...

 

 

 

Are there any snapshots or anything present on that server?

Veteran

sinetheo

Posted
Posted

I agree with this 100%. I would be upgrading maybe to 5.5 as long as everything you have supports it.... Backup, monitoring, etc, etc...

 

 

 

I know this isn't the main question, but why change the port number? I don't see any sense in this...

 

 

 

Are there any snapshots or anything present on that server?

 

It is a good security practice. Hackers have millions upon millions of bots that try to infect your server every 20 - 30 seconds!

 

If you do not believe me connect an unpatched WIndows XP box with no firewall to the internet. You will be infected before the install even finishes :-)

 

So a worm trying to exploit VMWare will of course port scan and inject at port 4000. That doesn't mean someone wont try other stuff at other ports but it leaves bots/worms with another to scan that is typically not associated with that particular port

Proficient

Thunderbuck

Posted
Posted

Your customer is clearly cheaping out.  Running sessions for that many concurrent users with only 2 vCPU is asking for trouble.

 

Running it on Win7 isn't helping.  Best you could do is move to 2008 R2 core (non-GUI) and strip it down to the bare minimum services.

  • offroadaaron
  • Like 1
Grand Master

binaryzero

Posted
Posted

Wow. I'd do the following:

 

- Upgrade host to 5.5 U<lnsert latest number here>.

- Create a new VM for a file server. Allocate some of the memory from the DC to that. Migrate data to new file server.

- Allocate 4 vCPU to your Win7 box at least.

- Create 2 new terminal services VMs using a server OS and spread users across this. Give half of the memory you've given to the Win7 box to one of these VMs?

- Can the Win7 box.

 

Or something along those lines, you get the drift.

  • offroadaaron
  • Like 1
Grand Master

offroadaaron

Posted
Posted

It is a good security practice. Hackers have millions upon millions of bots that try to infect your server every 20 - 30 seconds!

 

If you do not believe me connect an unpatched WIndows XP box with no firewall to the internet. You will be infected before the install even finishes :-)

 

So a worm trying to exploit VMWare will of course port scan and inject at port 4000. That doesn't mean someone wont try other stuff at other ports but it leaves bots/worms with another to scan that is typically not associated with that particular port

 

 

No, it's not good security practice at all. There's proper ways of doing things. I would say that's 2005 style security. Those hackers with bots can view what port 4000 is doing and continue on their hacking ways.

 

 

Wow. I'd do the following:

 

- Upgrade host to 5.5 U<lnsert latest number here>.

- Create a new VM for a file server. Allocate some of the memory from the DC to that. Migrate data to new file server.

- Allocate 4 vCPU to your Win7 box at least.

- Create 2 new terminal services VMs using a server OS and spread users across this. Give half of the memory you've given to the Win7 box to one of these VMs?

- Can the Win7 box.

 

Or something along those lines, you get the drift.

 
Provided everything is compatible with ESX 5.5. If they don't have maintenance on backup or monitor then look into that first. Nothing worse than not being able to backup your servers because you've upgraded to a version that not supported.
Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Since when is terminal services available on windows 7?  Windows 7 is a desktop OS - not a server that you would run terminal services on.. Clearly this is not a supported setup from MS.  I don't see how they can even sell such software legally.,.

 

Windows 7 be it pro, ultimate, whatever supports 1 remote desktop session - not 22..  Are you saying 22 different users all log into this machine at different times?

 

Out of curiosity where do these users log in from - the public? Is it via a vpn?  What I would suggest to be honest is you need to allow remote users access to a windows session via say rdp.. That you do so with legal software from the makers of the software you want to use..  Seeing up a virtual environment for multiple users to access can be done securely and robustly..  But really free esxi and some questionable software to enable multiple users on a windows 7 vm or hardware is not the way to go about it.. 

 

VDI is normally down with vmware horizon as one of the enterprise grade solutions

http://www.vmware.com/products/horizon-view

  • 6 months later...
Contributor

TIGOS

Posted
Posted

Im in agree with BudMan.

 

 

I've faced same scenario and this cheap solution doesnt work at all.

 

What u need is to put an W2k8R2 or W2k12R2 to run with VMWare ESXi 6 (or 5.5)

 

About processor, maybe could be Adobe Acrobat, we have some issues with CPU high use because this ###### soft. So we decided change to Sumatra PDF.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Apple and Tesla trade secrets reportedly exposed following a Tata Electronics cyberattack

      By Hamid Ganji · Posted

      Apple and Tesla trade secrets reportedly exposed following a Tata Electronics cyberattack by Hamid Ganji Image via Depositphotos.com Tata Electronics has confirmed that it detected a cybersecurity incident in some of its systems. The Indian company is a manufacturing partner of both Apple and Tesla, and the incident may have exposed some trade secrets belonging to the two American companies. The World Leaks ransomware group is said to be behind the attack, and it has reportedly posted up to 200,000 files on the dark web, including component designs and specification documents related to Apple and Tesla products. Tata Electronics told Reuters that its response protocols were deployed immediately and that the “incident has had no impact on our operations across businesses, which remain unaffected.” The ransomware group reportedly sent a ransom demand to Tata Electronics, while Apple has launched an investigation into the incident. World Leaks claims it stole more than 200,000 files totaling over 630GB from Tata Electronics. Some database files on the ransomware group’s website are titled "com.apple.factorydata," which could refer to Apple’s iPhone production operations in India. Moreover, some documents reportedly contain material specifications and quality inspection standards for iPhone circuit board components. However, Apple is not the only affected company. A folder found in the World Leaks database is titled "NV36 Chargeport Controller - North America," which may refer to Tesla Model Y components. Additionally, other files in the database reportedly contain drawings related to Tesla’s Project Highland, the internal codename for the EV maker’s updated Model 3 sedan. To support the authenticity of the stolen files, World Leaks has published documents containing footers that read: "This document contains proprietary and confidential information of Apple Inc." and "information contained herein is deemed confidential, proprietary, and a trade secret of Tesla Inc." Cybersecurity researcher Rajshekhar Rajaharia told Reuters that the database also contains emails, event logs spanning several years, and passport copies of employees, including foreign nationals. Both Tesla and Apple have declined to comment on the scale of the incident.
    • Anyone Here With Turbo Pascal Experience?

      By PsYcHoKiLLa · Posted

      Last time I used Pascal was in college about 40 yrs ago, programmed an inventory database for my exam.
    • Valve finally confirms Steam Machine prices, starts at $1049 for 512GB option

      By PsYcHoKiLLa · Posted

      If they don't sell enough of the 1st gen then there won't be a 2nd gen
    • Valve finally confirms Steam Machine prices, starts at $1049 for 512GB option

      By PsYcHoKiLLa · Posted

      Epic fail, should've added an eSata port on the back, also if the memory/NVME are soldered then they're hardly gonna sell any, first thing most people do with their Steamdeck is, or used to be, replacing the NVME with a 2TB one. At that price they should, possibly for the first time, offer an installments option, say 24 months, they may sell a lot if they do. I'm sure they would have no shortage of credit companies willing to partner.
    • Politically funny images of the World

      By PsYcHoKiLLa · Posted

  • Recent Achievements

    • One Month Later
      nates earned a badge
      One Month Later
    • Week One Done
      Almohandis earned a badge
      Week One Done
    • Rookie
      dorf went up a rank
      Rookie
    • First Post
      mike_rumble earned a badge
      First Post
    • Dedicated
      tuben earned a badge
      Dedicated

  • Popular Contributors

    1. 1
      +primortal
      487
    2. 2
      +Edouard
      204
    3. 3
      PsYcHoKiLLa
      94
    4. 4
      Michael Scrip
      91
    5. 5
      neufuse
      71
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!