Thursday, 28 May 2015 00:00

Restoring Hyper-V virtual machines

  Virtual Servers
 
Rate this item
(0 votes)

Task conditions:

What we have: a folder with configuration files of virtual machine and snapshots (xml) and files of virtual disks and snapshots vhd and avhd.

The folder remained after system partition was lost and after copying virtual machine instead of exporting it.

The goal: connect virtual machine with all snapshots.

So, let’s create a new virtual machine in the folder c:\VMs and name it DeleteMe.

Picture 1. Creating virtual machine.
b2ap3_thumbnail_01.PNG.jpg

Then lets create several snapshots with Hyper-V Manager console. Take note of the file’s name for HDD on IDE Controller 0 and network settings.

Picture 2. Virtual machine settings.

b2ap3_thumbnail_02.PNG.jpg

Let’s see what we’ve got in the c:\VMs folder after performing the abovementioned actions.

We can see that a new folder with the name of virtual machine has been created. This folder contains files of hard disks and snapshots and folders with configurations of VMs and Snapshots.

Picture 3. C:\VMs\DeleteMe folder.

b2ap3_thumbnail_4e0c976c02c198e1499ab814e695558c.png.jpg

Picture 4. C:\VMs\DeleteMe\Snapshots folder.

b2ap3_thumbnail_36ef1937ac0716d3a606a8ed63c1eafe.png.jpg

Picture 5. C:\VMs\DeleteMe\Virtual Machines folder.

b2ap3_thumbnail_603562843f37da15d1296e8e4a777e2a.png.jpg

So now we are done with entry-level configuration and its time to ‘lose’ a virtual machine.

To make the experiment simpler, let’s stop the Hyper-V management service via Hyper-V Manager console and copy the entire DeleteMe folder.

And additional assurance measure with Volume Shadow Copy. Using Volume Shadow Copy for disk containing virtual machine configurations file and on system partition is a fairly good option for recovering correct configuration or full virtual machine that was accidentally deleted. However, using Volume Shadow Copy for partition where disks and snapshots of virtual machines are stored, gives rise to some doubts. Copy on Write will induce additional overhead during write. Especially if a free space on the same partition is used for keeping Shadow Copy instead of a separate dedicated disk.

So, we laid the foundation, stopped the Hyper-V management service and now we can delete the virtual machine with Hyper-V Manager console.

Picture 6. Deleting DeleteMe VM.

b2ap3_thumbnail_a15d53f65e8c2b0c15b5507889fd07cf.png.jpg

Having done that, lets compare contents of C:\VMs\DeleteMe folder before and after deletion.

The number of files reduced by half. It’s fantastic! Using Hyper-V Manager you can delete half of files in a compound folders structure with a single command!!!

Take note of the values in Location and Contains fields.

Picture 7. C:\VMs\DeleteMe folder before and after deleting VM.

b2ap3_thumbnail_b69f9dcae56ae0995ae5832fb28db91a.png.jpg

Why only half of files were deleted? Why there were 12 files? I can’t tell. I look forward to your comments and suggestions on this one:)

And it’s about time we start the recovery process.

Stop the Hyper-V management service. Copy DeleteMe folder contents back. Under these conditions this step corresponds to server recovery/reinstallation or connecting disks to another server.
And now the most interesting part begins… How do we explain to the Hyper-V service that it is required to read Vm’s configuration from some file in the file system? A hidden folder C:\ProgramData\Microsoft\Windows\Hyper-V is responsible for the internal operation of Hyper-V. This folder contains a role-based access control file to Hyper-V InitialStore.xml, as well as Virtual Machines and Snapshots folder. The trick here is that during the creation of virtual machine with Hyper-V Manager a NTFS hardlinks for configuration files are created in those folders. Therefore, the task comes to hard links creation.

So lets create a hard link by running mklink in administrative command line.

Picture 8. Creating hard link for VM’s configuration file.

b2ap3_thumbnail_47d91f38e4a9053f5b0a2cd307b8d4ab.png.jpg

Then we launch the Hyper-V management service and see that nothing has showed up in the console…

All gone… We mined deep but there is no gold…

But an event log contains a letter from an upset Hyper-V:

Picture 9. Error loading VM configuration.


b2ap3_thumbnail_0629d59308f916f1790a1e9ab7827aae.png.jpg

Check ACL of object hardlink for virtual machine, created with Hyper-V Manager. Our hardlink does not contain VM SID with Full Control permission.

For some strange reasons VM SID looks like GUID, from which consists the name of VM configuration file.

Stop the Hyper-V management service.

Modify ACL with cacls.

Picture 10. Modifying ACL for VM configuration file’s hardlink.

b2ap3_thumbnail_6585e9da6a4e1f5e31df1a6cd1500c23.png.jpg

Take note of the name Security Principal NT VIRTUAL MACHINE\<GUID>.

Launch Hyper-V management service.

Open Hyper-V Manager console. Oh miracle!!! Virtual machine is back.

Though without snapshots and with lost network. Note that the disk is connected to the correct avhd file. I.e. the virtual machine is in the last active condition but without a chance to delete or apply necessary snapshot.

Picture 11. VM configuration.

b2ap3_thumbnail_5c826e6e64e939a340a6022d0b47c260.png.jpg

Let’s check the log again.

Picture 12. Error loading snapshots.

b2ap3_thumbnail_51c041a0c33ff59f3b0607cbb0d389cd.png.jpg

And again we have to stop the Hyper-V management service.

At this point we need to create a hardlink for every snapshot and add a Full Control permission for VM SID in every hard link.

Picture 13. Creating hardlink and modifying ACL for snapshot.

b2ap3_thumbnail_dce675ca925ac7d07de5e4e91a40d615.png.jpg

Launch Hyper-V management service and another miracle…

Picture 14. Hyper-V Manager console. VM with snapshots connected.

b2ap3_thumbnail_b8a44fff3eea7d48e08b35b8f6e08779.png.jpg

For it to be not only seen in the console but also use it, we need to give a Full Control access to VM SID to the folder containing VM’s configuration and disk files.

Picture 15. Modifying ACL of DeleteMe folder

b2ap3_thumbnail_617fa258caf4f7be990117cbe5acfa7e.png.jpg

Voila! Now we can change VM configuration, replace the active snapshot and start looking for a solution for automatic selection of proper VM network interface…

P.S. Scrennshots and all tests made inside the VM.

P.P.S. Comments and feedback are welcome!

Last modified on Thursday, 28 May 2015 15:43
Data Recovery Expert

Viktor S., Ph.D. (Electrical/Computer Engineering), was hired by DataRecoup, the international data recovery corporation, in 2012. Promoted to Engineering Senior Manager in 2010 and then to his current position, as C.I.O. of DataRecoup, in 2014. Responsible for the management of critical, high-priority RAID data recovery cases and the application of his expert, comprehensive knowledge in database data retrieval. He is also responsible for planning and implementing SEO/SEM and other internet-based marketing strategies. Currently, Viktor S., Ph.D., is focusing on the further development and expansion of DataRecoup’s major internet marketing campaign for their already successful proprietary software application “Data Recovery for Windows” (an application which he developed).

Latest from Data Recovery Expert

More in this category: « Virtual machine recovery from SAN snapshots with Veeam Backup & Replication Moving virtual machine without using Hyper-V export/import. »

Leave a comment

Make sure you enter the (*) required information where indicated. HTML code is not allowed.

back to top
Copyright © 2024 DataRecoup Recovery Services. All Rights Reserved. Designed by DataRecoup Lab.

Get Help Now

800.659.3012
Thank you for contacting us.
Your Private Investigator will call you shortly.
Click to Text Us!