Posts in category Peter Noorderijk

New 5nine Cloud Security 4.0 for Hyper-V is Now Available

Agentless Multi-Tenant Security, Antivirus and VM Isolation Help Enterprises and Cloud Providers to Enforce Security and Compliance for Hyper-V.

February 5, 2014, Seattle, WA, USA. 5nine Software, a leading provider of agentless security, compliance and management products for Microsoft Hyper-V, announced the immediate availability of new 5nine Cloud Security 4.0 for Hyper-V. The solution provides enterprises and cloud providers with agentless antivirus, comprehensive multi-tenant security support and complete control over VM isolation, thus helping to ensure security and compliance for Microsoft Cloud OS, Windows Server, and Microsoft Hyper-V Server.

With the release of 5nine Cloud Security 4.0, we enforce security for our customers with a powerful solution that provides active antivirus protection, comprehensive multi-tenant SDN (Software Defined Networking) security, and unmatched levels of industry-demanded protection and compliance, including PCI-DSS, HIPAA and Sarbanes-Oxley,” said Konstantin Malkov, CTO, 5nine Software.

5nine Cloud Security for Hyper-V is the first and only agentless anti-malware and virtual firewall solution for the Windows Server Hyper-V, utilizing the flexibility of Hyper-V Extensible Switch. Enterprises and cloud providers can:

  • Secure multi-tenant Hyper-V environments and provide VM isolation
  • Protect Hyper-V with light-speed agentless antivirus
  • Enforce PCI-DSS, HIPAA and Sarbanes-Oxley compliance
  • And more

5nine Cloud Security provides multi-layered protection with integrated firewall, antivirus and IDS in one package. Agentless firewall provides complete traffic control and isolation between VMs. Antivirus performs incremental scans up to 50x faster than competitors. Solution also provides real-time detection of malicious attacks with IDS.

“In line with Microsoft’s longstanding and deep commitment to security, Windows Server 2012 R2 with Hyper-V was designed to the highest security standards,” said Chris Van Wesep, Group Product Marketing Manager, Microsoft. “Building on that security foundation, 5nine Software has a long history of delivering enhanced security solutions for Microsoft platforms. Now, 5nine Cloud Security provides multi-tenant SDN security along with VM isolation and agentless antivirus for Hyper-V environments.”

New 5nine Cloud Security 4.0 for Hyper-V features:

  • Secure multi-tenancy and VM isolation
  • Virtual Machine security groups and cloud tenant security
  • User/roles access that allows users or user groups to manage only objects associated with them
  • Agentless antivirus for Hyper-V hosts and real-time protection for VMs
  • NVGRE support
  • New LWF R2 vSwitch extension
  • Enhanced API and advanced event logging

Availability, Demos: 5nine Cloud Security 4.0 for Hyper-V is available now worldwide. It updates and replaces 5nine Security Datacenter 3.0. For product description and feature information, please visit: moved to Windows Azure has been around since 2008. A lot of content has been added to the blog since then. Many hours of research and writing form the basis for that. Our site has been running in a hosted VM, managed by Jaap Wesselius since 2008.

We know some Hyper-V, System Center, CloudOS. But this WordPress….. that is a different story. MySQL database, PHP and all other scary stuff. With Jaap leaving we were doomed to manage and troubleshoot the site our own.

We needed a new strategy. We needed a solid foundation with as little WordPress to manage as possible and with an infrastructure we understand. The answer was easy. We needed Windows Azure.

After numerous evenings of testing and a lot of troubleshooting to cleanup some legacy issues in the (now old) environment. We are proud to announce that we succesfully migrated to Windows Azure.

Combined with the migration we changed the layout of the site. We hope you enjoy the new look and feel of R2.

Bare metal deployment stuck on step 1.2.12

Today (and yesterday) I was troubleshooting a Hyper-V bare metal deployment of a Windows Server 2012 R2 Hyper-V host from out System Center Virtual Machine Manager 2012 R2 environment.

All preparations were done (like: Marcs blog). PXE boot went well, deep discovery went well, image was succesfully deployed but then the process stuck on step 1.2.12 (Wait for physical machine to reboot and customization to be finished 0%).


When we manually join the host to the domain the step resume to 50% and stops then again. So computer name or IP address is not yet set. An IP address is already claimed from the IP pool but as I said not configured on an interface. Communication with the host is still possible.

After a lot of trial-and-error (manually register the host in DNS/ prestage computer account in AD/ use DHCP instead of IP from a pool and so on…) we replaced the Windows Server 2012 R2 OS image (stored in the SCVMM library) with a new fresh image (All Windows updates applied and firewall on all profiles disabled). Retried the operation and this time the bare metal deployment runs succesfull. We could not find a specific problem with the old OS image (we could succesfully use it for VM deployment) however when we use the image for bare metal deployment the process stuck on step 1.2.12.

So if you encounter this problem, replace your OS image in the SCVMM library with a new fresh image and retry the operation.

Generation 2 Virtual Machine template and the invalid boot device

Last week I build a Generation 2 virtual machine (Windows Server 2012 R2) which I will be use as a virtual machine template in SCVMM 2012 R2. I build this virtual machine with SCVMM 2012 R2. After building and configuring the virtual machine I have converted the virtual machine to a template and stored the template on a library share.

As soon as the virtual machine was stored in the library I would like to deploy some virtual machines from this template. I started the deploy and I saw that the virtual machine was created succesfully. However during the template rollout the proces stops at step 1.4 (view from the “Jobs” tab):


I switched to the “Summary” view and there I saw the following Error: VMM cannot find the device or this device is not valid for a boot device.



Update: The story continues: vNICs and VMs loose connectivity at random on Windows Server 2012 R2

See for the latest updates the end of this post.

In this post Marc van Eijk points out connectivity issues with VMs and vNICs. At random virtual machine or vNIC would loose connectivity completely. After a simple live migration the virtual machine would resume connectivity.

Marc has already logged a support case at Microsoft and HP and they are investigating this issue. Last week I also discovered this issue, here is my configuration:

Currently we experience network connectivity issues with one of our cluster networks in a Windows Server 2012 R2 Hyper-V cluster environment.

Our environment is as follows:

- Two HP BL460 G7 servers (name of the servers: Host01 and Host02)

- 6x HP NC553i Dualport Flexfabric 10GB Converged Networkadapters (only 2 active)

- Installed with Windows Server 2012 R2 Hyper-V (full edition)

- Configured in a Windows Failover Cluster

The NICs are installed with the following driver

Driver: Emulex, Driver date: 5-6-2013, Driver version:

We have configured a switch-independent NIC team with dynamic loadbalancing with 2 NIC team members. Upon this NIC team we have configured a vswitch.

In this vswitch we have created three vNICs of type Management OS:

- Management

- Live Migration

- Cluster CSV

Every NIC is configured in a separate VLAN. Only the Live Migration network may be used for Live Migration traffic (Configured in Windows Failover Clustering).

The initial installation and configuration of Hyper-V and the Windows Failover Cluster was OK. Over all the networks, communication between the hosts in the cluster was possible.

The Cluster Validation Wizard runs successfully without any warning or error.

After the installation of the Hyper-V cluster we start creating and installing the virtual machines. No problems at all, till we build a specific VM called VM06. This VM was created on the host Host01.

When the VM resides on this host everything is OK. As soon as we move this virtual machine (via Live Migration) to the host Host02 the cluster network called Live Migration went down and communication on this network between the two Hyper-V hosts is not possible anymore. When we move the virtual machine back to Host01 the cluster network called Live Migration comes back online. Also when we shut down the virtual machine when it resides on node Host02 the cluster network called Live Migration comes back online.

When we change the NIC teaming configuration to a Active/ Standby configuration, as Mark described in his blog, this network issue does not appear.

Microsoft requested us to disable Large Send Offloading: “Get-NetadapterLSO | Disabel-NetadapterLSO” (with NIC teaming in active/ active). However the issue is still there.

Update 11-26-2013 14:45: After disabling RSS and RSC (which does not change te situation) Hans suggest to disabling VMQ. We used PowerShell to disable VMQ on all interfaces: “Get-NetAdapterVmq | Disable-NetAdapterVmq” …. and yes disabling VMQ does the trick. Off course this is not a solution but only a workaround. These findings are logged in the case @ Microsoft and they will investigate this futher.

Update 12-02-2013 10:45: After applying update KB2887595-v2 to both of our Hyper-V nodes the network problems with our Live Migration network are gone. Even with VMQ enabled the network keeps up and running. However this update does fix the problem for our situation but not for the situation that Marc describes. So it seems that we’ve two different issues here.

We, Hans, Mark en me, will continue to investigate this issue and will update you on!

5nine Software announces complimentary 5nine Security for Microsoft Hyper-V with built-in Security and Compliance Scanner

5nine Software, the only vendor delivering management and agentless/host-based security and compliance products for Windows Server and Microsoft Hyper-V, has released a complimentary 5nine Security for Hyper-V with built-in 5nine Security and Compliance Scanner.



Experts Live 2013 – Call for sessions!

Experts Live is THE event for Microsoft Azure, System Center, Hyper-V, SQL Server, Windows Server and PowerShell. This year, Experts Live will be held for the third time on November 28th 2013 in The Netherlands.

Experts Live is organized by and for the various communities and usergroups such as System Center User Group Windows Azure User Group Dutch PowerShell User Group and PASS (SQL) Experts Live has been profiled as the goto knowledge event. Known speakers from the community such as Microsoft MVP’s already have committed to this
year’s event. Community experts will present level 300 to level 400 in-depth breakout sessions, allowing attendees to catch up on the various Microsoft technologies in one single day. Experts Live is an event driven by the community; that makes Experts Live unique in its kind.

By the end of the day you can expect a spectacular closing keynote by: André Kuipers

Call for session

We invite every Microsoft System Center, Hyper-V, Azure, PowerShell, SQL and Windows Server expert for this ‘Call for Sessions’ for Experts Live 2013.

You can send your proposal or proposals to The session will be around 60 minutes and we prefer level 300 or 400 sessions. See for more information this ‘Call for session’ paper.

Your proposal must be applied before the 11th of September 2013!

We are looking forward to your contribution!

5nine security for Hyper-V support for R2 and some new products

In previous blogs I wrote about 5nine Security Manager for Hyper-V:

5nine Security for Hyper-V delivers a multi-layered Agentless Security solution including anti-virus, virtual firewall and intrusion detection (IDS).

Today 5nine announced full support for Windows Server 2012 R2, Windows 8.1 release previews, as well as Hyper-V Server 2012 R2.

“As Microsoft continues to add more features and strong functionality to Windows Server and Windows 8, 5nine Software is committed to supporting these new operating system versions by delivering our comprehensive security solutions in step with the Microsoft product releases. We have already heard from dozens of our Windows Server clients that they will migrate to Windows Server 2012 R2 immediately upon its release, to take advantage of some key new features for virtualization. To best support Microsoft we want to be sure our products run on these new platforms the day they are released,” says Dr. Konstantin Malkov, CTO of 5nine Software.

There is a plugin available for SCVMM. You can download this plugin here:

Beside of this extended support they also introduced a new product called 5nine Security for Hyper-V Free. It gained full functionality of 5nine Security Manager Standard, which is out of their product line see: for more information.

Last but not least two new products are coming in the next few months (currently in beta):

In the coming few months we will test these products and will let you know what we think about these solutions.

Disable: NetFTFlt driver (Microsoft Failover Cluster Virtual Adapter Performance Filter (NetFT-LWF) ) when using Windows Server 2012

A while ago I wrote a blog about problems with virtual guest clusters and NIC teaming. See this link.

I ended this blog with a workaround: disable checksum offloading.

Today I received a message from Microsoft Premier Support that they found the root cause for this problem: The NetFTflt (Microsoft Failover Cluster Virtual Adapter Performance Filter (NetFT-LWF) ).

If you disabled Checksum Offloading, re-enable it using:

Get-NetAdapter –name XXXX   | enable-NetAdapterChecksumOffload

Here is a more detailed explanation of the symptoms, the cause and the workaround:


Failover clusters that are running inside of virtual machines (sometimes referred to as “guest clusters”) may have problems with nodes joining the cluster.
If using the “Create Cluster Wizard” the cluster may fail to create. Additionally, the report from the wizard may have the following message:

An error occurred while creating the cluster.
An error occurred creating cluster ‘<clustername>’.
This Operation returned because the timeout period expired

Note: The above errors can also be seen anytime that communications between the servers that are specified to be part of the cluster creation do not complete. A known cause is described in this article.

In some scenarios, the cluster nodes are successfully created and joined if the VMs are hosted on the same node, but once the VMs are moved to different nodes the communications between the nodes of the guest cluster starts to fail. Therefore the nodes of the cluster may be removed from the cluster.


This can occur due to packets not reaching to the virtual machines when the VMs are hosted on Windows Server 2012 failover cluster nodes, due to a failover cluster component that is bound to the network adapters of the hosts.  The component is called the “Microsoft Failover Cluster Virtual Adapter Performance Filter” and it was first introduced in Windows Server 2012. 

The problem only effects the network packets addressed to cluster nodes hosted in virtual machines. 


It is recommended that if the Windows Sever 2012 failover cluster is going to host virtual machines that are part of guest clusters, you should unbind the “Microsoft Failover Cluster Virtual Adapter Performance Filter” object from all of the virtual switch network adapters on the Windows Server 2012 Failover Cluster nodes.

Note: This problem can affect any Windows Server Failover Cluster version that is running inside of virtual machines as a guest cluster. The information mentioned in the cause and workaround of this article is specific to Windows Server 2012 Failover Clusters that are used to host virtual machines.

You can disable the “Microsoft Failover Cluster Virtual Adapter Performance Filter” object using one of the methods from below:

Disabling using the GUI

Open “Network Connections” to get the list of network adapters.  All network adapters with the “vEthernet” (default name) are the virtual networks (i.e. virtual switch).  The physical adapters that also have a Hyper-V virtual adapter configured for it will not have the “Microsoft Failover Cluster Virtual Adapter Performance Filter” binding, so there is nothing to disable for those adapters.

  1. Right click on one of the “v” adapters and select “Properties” from the menu.
  2. Uncheck the item labeled “Microsoft Failover Cluster Virtual Adapter Performance Filter”
  3. Click on “OK to close the dialog and have the binding disabled for the unchecked item.
  4. Repeat for all the adapters.

Disabling using Windows PowerShell

The following will disable the network adapter binding for “Microsoft Failover Cluster Virtual Adapter Performance Filter” on every adapter on the server that has the Componentid of “vms_mp”.  This Componentid indicates that the adapter is a Hyper-V adapter used by the virtual switch. 

You can run this on each node of the server so that every server has the binding disabled for the adapters used by the virtual switch.

  • Open the Windows PowerShell console with Administrator access using the “Run as Administrator” option.
  • Run the following:Get-netadapter | Disable-NetAdapterBinding -DisplayName “Microsoft Failover Cluster Virtual Adapter Performance Filter”

    Note: If you desire to enable the binding again, just replace “Disable-NetAdapterBinding” with “Enable-NetAdapterBinding”.

  • To verify which network adapters have the “Microsoft Failover Cluster Virtual Adapter Performance Filter” item bound to it, you can run the following:PS C:Windowssystem32> Get-NetAdapterBinding | Where-Object {$_.DisplayName -eq “Microsoft Failover Cluster Virtual Adapter Performance Filter”} | FT Name,DisplayName,Enabled

    Name             DisplayName                                     Enabled
    ——-             —————                                    ———-
    vEthernet        Microsoft Failover Cluster Virtual A…    False
    vEthernet 2      Microsoft Failover Cluster Virtual A…    False
    vEthernet 3      Microsoft Failover Cluster Virtual A…    False
    Ethernet 3       Microsoft Failover Cluster Virtual A…    False
    Ethernet 2       Microsoft Failover Cluster Virtual A…    False
    Ethernet          Microsoft Failover Cluster Virtual A…    False

    The “Enabled” property of the binding for each adapter is “False”, which means it’s not bound to that adapter.


System Center Summer Night–Presentations

The 3rd of July 2013 was a great day for the System Center en Hyper-V community in the Netherlands. After TechEd North America and TechEd Europe a lot of news regarding the 2012 R2 releases of System Center and Hyper-V was presented at the System Center Summer Night.

It was a great event with a very positive vibe. Over 110 visitors has visit the event and they heard about all the cool stuff in System Center 2012 R2 and Hyper-V 2012 R2. Also the BBQ afterwards was a great succes!

Many thanks to our sponsors for making this day possible:

We also want to thank all visitors for this great event, you all made this a great success.

The presentations are online and you can find them on the following locations:

Hope to see you again on the next event!