BitLocker Fixed Hyper-V Microsoft Problem Succeed twitter Uncategorized vmware Windows 7

Hurrah – a hibernating Hyper-V laptop!

Well, almost J

I got a new laptop last year and having bumped up the RAM and disk, I wanted to use for a virtualised lab on board whilst travelling or at clients.  Having experimented and asked around on Twitter there was no way (my preferred method) of having Windows 7 with ESXi running under VMware Workstation and then have 64bit guests in vCentre – the VT is not exposed to the ESX guests.  This would have given me the best of ESXi (and a VMware lab), and the VM’s I wanted for carrying a lab in the bag.  VMware workstation was not much use to me as without any memory management I would run out of headroom (although the tree cloned drives would be nice).
A non-trivial additional factor was that I insist on encrypted disks in my laptops.
I then experimented with getting a dual boot world going.  BitLocker and Boot from VHD work well, but not together.  I got a Bitlockered guest machine under Hyper-V as a VHD to boot, but the content was a bit flaky – device drivers).  I then tried getting a dual boot to work with the second boot from a VHD but BitLocker got in the way.  See: Am I really asking too much of Hyper-V  I learned a bit about BDCEDIT along the way.
Eventually after a couple of gotchas/glitches I gave up on the BitLocker VHD or alternate boot option as it was taking too much time (and I had read in a few places I was asking the impossible).    And besides: Word from the wise on BitLocker
Becoming impatient, I then restarted my thinking.  I continued with the Windows 2008 R2 build (Bitlockered drive), with the intent of then building the VM’s that I wanted.
The first bit was to get Windows Server 2008 R2 look more like Windows 7 so it could be my standard desktop-like working world along with some other bits and pieces – I added the following to the machine (some are dependencies):
  • Web Server (IIS)
  • .NET Framework 3.5.1 Features
  • BITS
  • Desktop Experience
  • Ink and Handwriting Services (it’s a tablet)
  • Remote Server Administration Tools
  • Telnet Client (I never usually remember this is off by default!)
  • PowerShell ISE
  • Windows Server Backup Features
  • Wireless LAN Service (it’s a laptop!)
  • BitLocker Drive Encryption
  • Group Policy Management
  • Windows Server Migration Tools (just in case)
I then installed all the usual productivity tools, Office, DropBox, the loathsome iTunes etc. etc.
However, Hyper-V cannot use a Wi-Fi network for external access.  My Lab network is behind a Threat Management Gateway 2010 Server, so only this needs true connectivity.  So a quick bit of research, and I came across the idea of a bridge between the Hyper-V network and the Wi-Fi here: Connecting Hyper-V over WiFi and it works a treat.
So the laptop was where I wanted it to be, the VM’s were being created.  BUT….  You cannot hibernate a Hyper-V machine.  This is clearly a sensible idea, but for the road warrior, it’s more than a nice to have.  To wait for a machine to fully shutdown can be embarrassingly long.
So over to the internet.
The first hit was “Create Dual Boot” solution.  This works by duplicating the boot entry (back to BCDEDIT), and then you choose to run with or without Hyper-V.  Without Hyper-V you can hibernate the machine and bring it back quickly.  But you need to reboot the machine to get Hyper-V back, and then you can start your VM’s.  After that you can run your productivity apps, but can no longer hibernate the machine.  This can be found here: Creating a no hypervisor boot entry on Windows Server 2008
And then I found this:
Hibernate and sleep with Windows Server
All you do is the following three steps:
  • Set Hyper-V to start on demand “SC CONFIG HVBOOT START= DEMAND” (note the space after the = sign); then reboot the machine
  • Enable Hibernation “POWERCFG -HIBERNATE ON”
  • Then when you want to run VM’s – “NET START HVBOOT”
Lo and behold.  I have a single boot machine.  Until I start HVBOOT then the machine will hibernate.  Once you have started HVBOOT, then you have to shut down the machine instead, but this is good enough for now.  I’m not certain what impact not running Hyper-V will have on the performance of the machine, but not much I guess.
What next?
Well I guess that I might put VMware Workstation on as well to get some VM’s running whilst still being able to hibernate – maybe just 1 or two so that I can PowerShell in Windows 7 as well…  If only Workstation could use VHD’s (or Hyper-V VMDK’s!!!!)
Oh, and if you try to start a VM without HVBOOT running?  You get this:

BitLocker Hyper-V Microsoft Uncategorized

Am I really asking too much of Hyper-V VHD boot and BitLocker?

I have a laptop on which I originally had a BitLocker secured Windows 7 installation. I've replaced the hard disk with something bigger, and gone for Windows 2008 R2 to give me the ability to run 64bit clients under HyperV.

To add in a complication this laptop does not have a TPM, but by using local GP I've enabled BitLocker in the OS and use the USB key to boot.

Want i want to do is run the old Win7 install as a VHD. Either as a guest of the OS, or a boot from VHD.

Primary Challenge – Run a guest OS
Challenge 1: image the BitLockered disk.
Solution: external USB chassis for the SATA drive and connect to the machine, run WinImage to convert the hard disk to a VHD.

Challenge 2: boot the VHD in a VM (remember it's a BitLockered drive!) when HyperV does not support USB devices.
Solution: use WinImage (again!) to create a .fdp file of 1.44MB and copy the BitLocker startup key file to it, DON'T PANIC – it's a floppy image that is itself hosted on a BitLockered drive so is no less secure.

Challenge 3: get the guest to boot.
Partial Solution: attach the .fdp image to the machine and it boots OK past the BitLocker bit, but the OS boots crashes out with bad hardware. I tried another boot and it blue screened on me. Fortunately i could attach a Win7 ISO and boot into the repair phase (still able to unlock the BitLockered drive with the .fdp floppy), but the repair option does not fix anything.

Interesting Challenge: HyperV has hot key combo of Ctrl-Alt- to release the mouse from a dos window. When this is the rotate combination for a touch laptop… C-A-D is your friend releasing control back to the host OS

So, that challenge was paused for a bit

Secondary Challenge – boot from VHD instead
Challenge 1: image the BitLockered disk.
Solution: already done!

Challenge 2: create the BCD entry
Solution: follow the many helps out there – this is the one I followed

Challenge 3: get it to boot
Solution: that didn't work either. BCD entry is corrupt – i guess this might be the BitLocker setup that is confusing the boot sequence.

So, if you reached this far.. Is it possible to have have a BitLockered machine, that can either:
A) boot a guest OS that is also BitLockered ?
B) alternatively boot to VHD with a BitLockered VHD?
And all on one partition 'cos I cannot be bothered to guess partition sizes for now!

FWIW I think a) is unnecessary (i can remove bit locker on the original build and create a VHD) but b) is desirable as otherwise this OS install is exposed to data loss if the laptop is lost or stolen.

Ideally I'd like option B because then the VHD build has the full hardware environment, especially USB drives and so on.