Sniffing the Parent Partitions Network Traffic in a Hyper-V Virtual Machine

This article discusses a situation whereby you want to monitor/mirror/sniff network port traffic on a Hyper-V Parent Partition inside on of its own child VM’s.

Why would you need to do this?

Under a traditional architecture you have the flexibility to tell your switch to mirror all traffic into or out of Port 6 onto Port 21. You then connect a laptop to Port 21 and promiscuously monitor the traffic coming into that port. Under a modern Converged/Software Defined Network architecture, this will not work.

In a modern Converged Fabric design, physical NICs are teamed. The parent partition on the hypervisor no-longer uses the physical NICs, but logically uses its own synthetic NICs for data transfers.

  1. Link Aggregation/LCAP/EtherChannel will split the traffic at the switch
  2. Teaming/LBFO will split the traffic at the hypervisor
  3. Data security will fire a red flag as you will be monitoring too much unrelated traffic
  4. If you combine them, you will overload the monitoring Port with aggregated traffic, causing performance issues and packet loss
  5. You may impact the performance of tenant VM’s and mission critical services

Fortunately the Parent Partitions own Virtual NICs are identical to the vNICs in any Hyper-V virtual machine. Consequently, you can use the same Hyper-V functionality on the Parent Partition as you would any VM.

 

Requirements

In order to sniff traffic on the Parent Partition you must ensure the following:

  1. The Parent Partition and the VM must be connected to the same Virtual Switch
  2. The “Microsoft NDIS Capture” extension must be enabled on the Virtual Switch (this is enabled by default)
    Enable the Microsoft NDIS Capture Extensions
  3. The monitoring VM should have 2 vNICs. The vNIC used to monitor traffic should be configured onto the same VLAN as the vNIC on the Parent Partition. The monitoring NIC should have all of its service and protocol bindings disabled to ensure that only port mirrored traffic is appearing in the WireShark logs
    Disabling service and protocol bindings on the vNIC
  4. Wireshark, Microsoft NetMonitor or another promiscuous network traffic monitor
  5. If you are in a corporate environment, ensure that you have approvals from your Information Security team. In some jurisdictions port sniffing can be considered an offence

 

Enabling Port Sniffing

You cannot enable Port Sniffing on the Parent Partition using the Hyper-V Manager GUI. Open PowerShell on/to the Parent Partition

Execute Get-NetAdapter

Identify the name of vNIC that you will sniff traffic to/from e.g. vEthernet (Management)

Taking only the value inside the parenthesis "Management" enter the following command

Get-VMNetworkAdapter -ManagementOS 'Management' | Set-VMNetworkAdapter -PortMirroring Source

Substituting WireSharkVm for the name of your monitoring VM. Execute Get-VMNetworkAdapter 'WireSharkVm'

Identify the MAC Address of the vNIC’s that you will use to receive the Port Mirror from the Hyper-V host and enable it as the recipient for the mirror

Get-VMNetworkAdapter 'WireSharkVm' | ?{$_.MacAddress -eq '001512AB34CD'} | Set-VMNetworkAdapter -PortMirroring Destination

If the Parent Partition and VM vNICs are in the same VLAN. You should now be able to sniff traffic inbound to / outbound from the Parent Partition.

 

Disabling Port Sniffing

When using Port Mirroring, remember that it consumes CPU time and network resources on the hypervisor. To disable the port mirror, repeat the above commands substituting ‘None’ as the key-word for the PortMirroring parameter e.g.

Get-VMNetworkAdapter -ManagementOS 'Management' | Set-VMNetworkAdapter -PortMirroring None
Get-VMNetworkAdapter 'WireSharkVm' | ?{$_.MacAddress -eq '001512AB34CD'} | Set-VMNetworkAdapter -PortMirroring None

Scanning and repairing drive 9% complete – the curse of chkdsk

This article discusses an issue of a computer getting stuck at boot with the message “Scanning and repairing drive 9% complete” with chkdsk hanging at 9%.

The hypervisor was 12 months over-due for a BIOS update. Updating the UEFI should be simple enough, however SuperMicro have a nasty habit of clearing the CMOS during BIOS updates. Why most other OEM’s are able to transfer settings and SuperMicro insists on not is one of only a few gripes that I have ever had with the firm. Yet it is a persistent one that I’ve had with them going back to 1998.

The Fault

After the successful update, I reset the BIOS to the previous values as best I could recall. Unfortunately I also enabled the firmware watchdog timer.

SuperMicro’s firmware level watchdog timer does not operate as you might expect. It requires a daemon or service to be present within the running operating system that polls the watchdog interrupt periodically. If the interrupt isn’t polled, the firmware forces a soft reboot. Supermicro do not provide a driver to do this for Windows, although their IPMI implementation can do so.

After 5 minutes from the POST the hypervisor performed an ungraceful, uninitaited reset. Following the first occurrence I assumed it was completing Windows Update. Subsequent to the second, I was looking for a problem and after the third (and a carefully placed stopwatch) I had a suspicion that I must have turned on the UEFI watchdog.

I was correct and, after disabling it, the issue was resolved.

This particular hypervisor has SSD block storage for VMs internally and large block storage for backup via an external USB 3.1 enclosure – a lot of it. Without giving it any thought, I told the system to

chkdsk <mountPoint> /F

Note that this does not include the /R switch to perform a 5 step surface scan. I told chkdsk not to dismount the volume, but to bundle all of the scans together during the required reboot to scan the C:. Doing it this way meant that I could walk away from the system. In theory this would mean that when chkdsk finished, it would rejoin the Hyper-V cluster on its own and become available to receive workloads.

… and restarted.

 

Scanning and repairing drive 9% complete

chkdsk skipped the SSD storage as it is all configured as ReFS. Under ReFS, disk checking is not required as it performs journaling activities in the background to preserve data integrity. Unfortunately, the external backup enclosure volume was NTFS. It would be scanned – and it was also quite full.

The system rebooted, and sitting at the intermedia chkdsk stage of the NT boot process. It zipped through the SSD NTFS boot volume in a few seconds, before hitting the external enclosure. Within around 5 minutes it had arrived at the magic “9% complete” threshold.

1 hour, 2 hours, 4 hours… 8 hours. That turned into 24 hours later and the message was still the same.

Windows Boot Scanning and repairing drive (F:): 9% complete

Scanning and repairing drive (F:): 9% complete.

Crashing the chkdsk

The insanity of waiting over 24 hours had to come to an end and I used IPMI to forcefully shutdown the server.

After a minute or two, we powered back on. To be met with a black screen of death from Windows after the POST.

The c:\pagefile.sys was corrupt and unreadable. Perform a system recovery or press enter to load the boot menu. On pressing enter, the single option to boot Windows Server 2019 was present, and, after a few moments. Windows self-deleted the corrupt pagefile.sys, recreated it and booted -to much relief.

I then ran

chkdsk c: /f

and rebooted, which completed within a few seconds and marked the volume as clean, with no reported anomalies.

The Windows System Event Log contained no errors (in fact as you might expect, no data) for the 24 hour period that the server had been ‘down’. The were no ‘after the event’ errors added to the System log or any of the Hardware or Disk logs either. for all intents and purposes, the system reported as fine.

 

Trying chkdsk for a second time

I decided to brave running chkdsk on the external enclosure again. Initially in read-only mode

chkdsk F:

Note the absence of the /F switch here.

It zipped through the process in a few seconds stating

Windows has scanned the file system and found no problems.
No further action is required.

Next I ran a full 3-phase scan

chkdsk F: /F

Again, it passed the scan in a few seconds without reporting any errors. So much for the last 24 hours!

 

Analysis

The corruption in the page file indicates that Windows was doing something. The disk array was certainly very active, with disk activity visible (via LED), acoustically and via data from the power monitor on the server all confirming that “something” was happening. Forcibly shutting down the system killed the page file during a write. Had been a 5-step chkdsk F: /f /r scan I could understand the length of time that it was taking.

With chkdsk /f /r – assuming a 512 byte hard drive – the system has to test 1,953,125,000 sectors for each terabyte of disk space. Depending on the drive speed, CPU speed and RAM involved it isn’t uncommon to hear of systems taking 5 hours per-terabyte to scan. This scan was not a 5-step scan, just a 3-step. A live Windows environment could scan the disk correctly in a few seconds.

Resources were not an issue in this system. Being a hypervisor, it had 128GB of RAM and was running with 2018 manufactured processors.

My suspicion is that the problem exists because of a bad interaction between the boot level USB driver and the USB enclosure. The assumption is that Windows fell into either a race condition or a deadlocked loop. During this fault, chkdsk was genuinely scanning the disk and diagnostic data was being tested in virtual memory (i.e. in the page file) but it was never able to successfully exit.

The lesson that I will take away from this experience is that unless it to avoid using a boot cycle chkdsk to perform a scan on a USB disk enclosure.

WorkFolders Folder shows Sync Error even though its contents are fully synchronised

WorkFolders allows you to perform policy based file HTTPS synchronisation between corporate servers and BYOD devices or teleworker devices. This article discusses a workaround to a problem where an anonymous sync error appears on a directory despite all of its contents synchronising successfully.

Outline of the Problem

Assume the following directory structure

C:\Users\CompanyUser\WorkFolders\Documents\WorkFolders Test

The following files/folders are present within WorkFolders Test:

WorkFolders Test\Problem Folder
WorkFolders Test\Problem Folder\File in Problem Folder.docx
WorkFolders Test\This file is OK.txt

Windows Explorer will display a Green circle with a tick for file/folder object that is synchronised and a Red circle with a cross for a faulted file/folder. After synchronising, the sync results will display as follows:

WorkFolders Test\Problem Folder [CROSS]
WorkFolders Test\Problem Folder\File in Problem Folder.docx [TICK]
WorkFolders Test\This file is OK.txt [TICK]

No errors are displayed in the Control Panel WorkFolders applet. There are no related errors in the clients WorkFolders Management/Operational Event Viewer logs. No relevant errors are present in the file servers SyncShare Operational/Reporting logs.

WorkFolders Error Screenshot - outer folder
The parent folder shows that its sub-folder has a sync error
WorkFolders Error Screenshot - inner folder
The contents of the error’d folder are however correctly synchronised.

Analysis

Although WorkFolders is indicating that the issue is being caused by the “Problem Folder” directory. The issue is being caused by the “File in Problem Folder.docx”.

The following symptoms will be true:

  1. Renaming “Problem Folder” will not fix the issue
  2. Altering the filename of “File in Problem Folder” will not fix the issue
  3. Changing the “File in Problem Folder.docx” file extension (e.g. to .txt) will not fix the issue
  4. Opening and saving the “File in Problem Folder.docx” will not solve the issue
  5. Moving “File in Problem Folder.docx” out of “Problem Folder” will clear the sync error, but the error will immediately migrate to the new location
  6. Rebooting the client computer will not help
  7. Restarting the server will not help
  8. The file does not have any connected temp files or lock files associated with it in the client file system

 

There is nothing wrong with the file itself. It is not corrupt, pay-loaded with a virus or violating any policy. It is my (unproven) belief that the record for the file in the WorkFolders synchronisation database is corrupt. Performing any of the above steps will not alter the record in the WorkFolders client database, thus the problem cannot be ameliorated.

 

Fixing the problem

One you have identified the problem file(s). You can use one of the methods below to correct the error.

Save the file as a completely new file

  1. Open the file in its associated editor (e.g. Microsoft Word for docx files)
  2. File > Save as…
  3. Save the file in its original location, but with a different file name (do not overwrite the original)
  4. Delete the original file
  5. Allow WorkFolders to re-sync
  6. Rename the new file as required

This approach is easy for an end-user to perform, but can be very time consuming if you are troubleshooting a large number of such issues. It requires you to know which file is causing the problem in the first place.

 

Compression

  1. Compress the file using Windows Compressed folders (Right click > Send to… > Compressed (zipped) file)
  2. Delete the original file
  3. Wait for the folder to re-sync and clear the error
  4. Extract the original file from the zip back into the desired location

This method will create a new record in the WorkFolders synchronisation database and the error will not reappear. You can use the technique to fix an entire folder structure without having to first identify the problem file. It is also easy for an end-user to perform.

 

Move the file

  1. Move the file outside of the WorkFolders monitored file system. For example, move the file to C:\ or into the Recycle Bin
  2. Allow the original folder to re-sync and clear the error
  3. Return the original file to its original location and allow it to re-sync

Again, this method will create a new synchronisation record. In a managed environment this may be harder for an end-user to perform due to permissions. It is however easier for an administrator to perform as you can cut/paste the entire file structure out and then back into the WorkFolders sync root.

If you use this method, remember to move it to a location within the same drive letter. If you do, the move will preserve permissions, file dates and will not physically copy the underlying data to the new location (just update the MFT).

Installing Plex Media Server on Windows Server 2016 or Windows Server 2019 Core

System Requirements

  • Windows Server Core
  • Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019
  • Plex Media Server

 

The Problem

“Just because you shouldn’t do something, doesn’t mean you can’t”

Plex Server, the sometimes controversial media streaming hub, is a staple of the media diet of many home-brew media centre connoisseurs. I personally keep it installed as a gateway between Smart TV’s and my music/video/photo library as it is a convenient way of getting DLNA support on the network. Where pushed due to lack of Kodi support Plex also gives a consistent alternative front-end user interface.

The problem with Plex Server is that it isn’t quite a “server”. It’s a service, but one that insists on running in the userland (as a tray icon). If you log off from its user account, it shuts down the service and you no longer have a working Plex environment.

 

Why is this a problem?

At home, the only computers that I have running 24/7 are servers and these are exclusively Hypervisors. I want Plex to be always on, but not to be sharing a with VM performing other duties. Neither do I want it be forced to leave a logged-on VM running that does something else and thus increases the attack vector.

To date, my answer has been to run Plex Server in a Windows 10 VM, but this means consuming a £120+ Windows 10 Pro license so that it can effectively molly-coddle a tray icon.

Ah ha! I hear you cry. How is consuming a £900 Windows Server license any better?

It’s not, obviously… unless you’ve got Windows Server Data Centre licenses. If you fall into this category, it literally doesn’t matter how many VMs you install on your hypervisor. The argument is academic as long as your have the horsepower on your server to keep piling on additional VMs.

More commonly however, and perhaps more practically. You may find that you have some old Windows Server 2012, 2012 R2 or 2016 Standard licenses knocking around from recent server decommissions. This may become more common again as your organisation starts migrating to Windows Server 2019.

The advantage of using even a down-version of Windows Server comes in the fact that versions of Windows from 2012 upwards all remain part of the Microsoft Long-term Servicing Branch (LTSB) support model. Consequently, by re-using the licenses your Plex install will receive security patches for many years to come, while remaining lighter than a client edition of Windows and – in the cae of Windows 10 – will save you from the 6-monthly ache of having to Feature Update Windows 10. In other words. Server Core gives you a stable platform to ‘set it and forget it’.

So, for these minority edge cases, an experiment was born to see Plex Media Server could in fact run on Windows Server Core.

 

Why Windows Server Core?

Partly because I’m a stickler for pain and partly because at ~5GB (Windows Server 2019), it represents a considerable disk and resource saving over the ~18GB of Windows 10. My Windows 10 VM Plex Server install, with Windows 10 Pro, Plex and its various database (but no local media assets) weighed in at 33GB (after defragging and compressing). Its RAM utilisation typically sitting between 1.4 GB and 1.8 GB (remember that it’s sitting at a user account lock screen most of the time, but a user is logged on non the less).

This gives us some numbers to define relevant success or failure of the experiment against.

 

How To

The new VM was setup with the following specs:

  • 3 CPU Cores*
  • 1024 MB Startup RAM with dynamic memory between 400 MB and 2048 MB
  • A 127 GB dynamic VHDX
  • Connected to the correct network
  • Set (in my case) to PXE boot and install from my build server
  • Windows Server 2019 Core as the install source

*I find that at 2 cores, Plex rides the CPU at 90% during library updates. With 3 cores, it is usually sub 40% and does make use of the available thread afforded from the extra CPU.

 

Minimising

Firstly, remove any unwanted Windows Features. My build server is configured to enable several features by default, so we’ll strip these off. Fewer features and less services mean a leaner VM footprint. Use Get-WindowsFeature in PowerShell* to view the state of play with yours and remove as appropriate. For example

Remove-WindowsFeature -Name Hyper-V

Remove-WindowsFeature -Name Windows-Defender

* At the comment prompt type “start powershell” and hit enter to launch a PowerShell console.

Simiarly, go through Get-WindowsOptionalFeature -online | ? {$_.State -eq 'Enabled'} to check for more things to disable e.g.

Disable-WindowsOptionalFeature -online -FeatureName <name>

As well as Get-Windowscapability -online | ? {$_.State -eq 'Installed'}

Remove-WindowsCapability -online -Name <name>

… and Get-WindowsPackage -online | ? {$_.PackageState -eq 'Installed'} using

Remove-WindowsPackage -online -PackageName <name>

Note: Do not remove WOW64 from the install as you will require it to run Plex.

 

Preparing

If you aren’t automated, patch it, join it to the domian and make any registry and config changes that you need (such as IP addressing and enabling Remote Desktop).

Decide what account your Plex Server install will run in. Obviously, you’ll be sitting in an administrator account after install, and you don’t want to run Plex in that! I have a user account on the domain that has minimal permissions and access to multimedia shares. You should decide what will work for you.

Set the Windows Firewall so that you can perform remote management. Here are some examples of functions that you may wish to enable (they may differ depending on the Windows Server Edition). We need to enable File and Printer Sharing (SMB) access so that we can copy the Plex installer over to the VM from a management workstation.

enable-netfirewallrule -displaygroup "Core Networking"

enable-netfirewallrule -displaygroup "File and Printer Sharing"

enable-netfirewallrule -displaygroup "Network Discovery"

enable-netfirewallrule -displaygroup "Performance Logs and Alerts"

enable-netfirewallrule -displaygroup "Remote Desktop"

enable-netfirewallrule -displaygroup "Remote Event Log Management"

enable-netfirewallrule -displaygroup "Remote Event Monitor"

enable-netfirewallrule -displaygroup "Remote Scheduled Tasks Management"

enable-netfirewallrule -displaygroup "Remote Service Management"

enable-netfirewallrule -displaygroup "Remote Shutdown"

enable-netfirewallrule -displaygroup "Remote Shut-down"

enable-netfirewallrule -displaygroup "Remote Volume Management"

enable-netfirewallrule -displaygroup "Windows Firewall Remote Management"

enable-netfirewallrule -displaygroup "Windows Remote Management"

enable-netfirewallrule -displaygroup "Windows Management Instrumentation (WMI)"

enable-netfirewallrule -displaygroup "Windows Backup"

Before you can run Plex Server, you will also need to enable Windows Media Foundation services.

Add-WindowsFeature -Name Server-Media-Foundation

Now jump to a Management machine, something with Windows 10 1809 and RSAT installed on it.

On the management machine, open Computer Management from the start button right click or by calling the MSC. Right click on “Computer Management (Local)” at the top of the left-hand pane and connect to the machine by hostname or IP Address. You can now:

  • Manage Task Scheduler
  • View the Event Logs
  • Manage Shared Folders
  • Manage Local Users & Groups

Note: If you are in a workgroup, you need to ensure that the user account and password used to open Computer Management matches the administrator account on the Plex VM. Otherwise you will see ‘Access Denied’. You will also need to have setup WinRM, which is beyond the scope of this article.

 

Auto Log-on

Installing on Windows Server will not change Plex’ behaviour. It will still run as a tray service even though there isn’t a systray to display its icon in. This means that the virtual machine must auto log-on at reboot in order to start Plex Server’s services.

To set auto-logon, from an administrator account add the following registry material.

Note: You can type regedit at the command prompt to gain access to the standard Windows registry editor if you prefer to do it manually.

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /t REG_SZ /v "DefaultUserName" /d "Plex" /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /t REG_SZ /v "DefaultPassword" /d "your_password_here" /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /t REG_SZ /v "DefaultDomainName" /d "your_domain_here" /f

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /t REG_SZ /v "AutoAdminLogon" /d "1" /f

To test whether you have successfully setup auto-logon, simply reboot the server VM.

Note: The password is inserted in fully readable plain text in the registry. Keep that in mind when designing the security for this account!

 

Install Plex Media Server

Use the following process to install Plex on the new Windows Server Core VM:

  1. Log onto the VM using your preferred Plex user account. For the rest of this article we will call the username for that account “Plex”. This is to create the user account structures.
  2. Download the latest Plex Server installer file from www.plex.tv.
    Note: For some silly reason at the time of writing, the download link is in the page footer with the copyright. It’s almost as if they don’t want you to download it… but I digress.
  3. In file explorer on the management machine, open a SMB share to the VM either using \\<FQDN>\c$ or \\<ipAddress>\c$. Copy the Plex installer file into \\<host>\c$\Users\Plex
  4. Return to the VM via Remote Desktop or your Hypervisor, and ensure that you are logged on as the Plex user account. You should be a command prompt “C:\Users\Plex>”
    1. If your user account is a member of the local administrators group: Type “Plex” and hit tab, it should auto complete the full file name of the Plex installer and hit return e.g.
      Plex-Media-Server-1.14.0.5470-9d51fdfaa.exe
    2. If the Plex account is a standard user: Type “runas /noprofile /user:domain\adminUsername Plex-Media-Server-1.14.0.5470-9d51fdfaa.exe” and hit return.
  5. Should you receive any errors from the installer, you can access the log file via the management machine at the following path to troubleshoot the problem:
    \\<host>\c$\Users\Plex\AppData\Local\Temp

Once the installer has finished, the Launch button will not doing anything as it is attempting to start the default web browser – and there isn’t a default web browser on Windows Server Core. Simply exit the installer to complete the installation.

 

Post-install

At this point you will have the Plex Server binary files installed, however unlike on a GUI install, Plex will not yet function correctly.

 

Drive Maps

Should you need to set up drive maps for media content you can use group policy or create local account mapped shares to your media files using

net use <driveLetter> \\server\share /persistent:yes

 

Auto-Start

Now that Plex is in installed, it is necessary to start its processes. As Windows Explorer (and the startup folder) does not exist to do this for us, you will have to set it up manually.

The obvious way would have been to use task scheduler.

SchTasks /Create /SC ONLOGON /TN "Plex Server" /TR "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"

However, I was unable to get the event to fire at logon and the service never started.

Equally, I was unable to get an auto-run working from HKCU\Software\Microsoft\Windows\CurrentVersion\Run on a non-administrative account, although your mileage may vary if you are using an administrative account.

In the interest of time, the quickest way to achieve this is to use the following procedure:

  1. Log in as a system administrator
  2. Open Regedit
  3. Navigate to:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AlternateShell\AvailableShells
  4. Right click on the AvailableShells key, click Permissions…
  5. Click Advanced
  6. Change the Owner to the administrators group and cascade the ownership change to sub-objects
  7. Set the Administrators group to have Full Control of ‘This key and subkeys’
  8. OK back to Regedit
  9. Edit the REG_SZ under AvailableShells so that you add cmd.exe /k “C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe” into the Value data string e.g.
    cmd.exe /c "cd /d "%USERPROFILE%" & start cmd.exe /c "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe" & start cmd.exe /k runonce.exe /AlternateShellStartup"
    Note: The last command (each & is the start of a seperate command) to be executed will be the window on top after the boot completes.

Note: You cannot use SC as a mechanism to invoke the auto-start as Plex requires the user account to functionally access remote file shares. If all of your media is stored locally on the Plex Server VM then technically you could use SC and in this case you would not need to auto-logon the VM at all.

If you log-off and log-on again you should get the Plex Media Server.exe process running in taskmanager.

 

Adding the ability to Shutdown the VM

If you want your non-administrative user to shutdown the VM without having to log-off, log onto an administrator account and then perform the shutdown. You need to modify the local security policy (or Group Policy) to grant your low security account this right.

You can either

  1. Export a modified policy as a template from your management machine in Local Security Policy (Security Settings > Local Policies > User Rights Assignment > Shut down the system) and then import it onto the Windows Server Core VM using secedit /configure /cfg <exportFilePath> /db secedit.sdb
  2. Use ntrights.exe from the Windows Server 2003 Resource Kit Tools and issue the command ntrights.exe -U "domain\username" +R SeShutdownPrivilege

Download: Windows Server 2003 Resource Kit Tools

 

Open Plex

To start using Plex as part of a new install. Return to your management machine and open a web browser and navigate to:

http://<ipAddress>:32400/web/

You should be presented with the beginning of the Plex configuration wizard in your browser. Do not not be surprised if Plex knows who you are based upon your IP address if you are an existing user. You should be able to  sign-in and configure Plex as required based on it being a new install.

 

Migrating your Plex Server

If you wish to migrate an existing Plex Server into the VM, use the following procedure to perform the migration:

  1. Ensure that both source and destination Plex Installs are running the same version
  2. Shutdown the Plex Media Server processes on both the source and destination Plex Installs by entering
    net stop PlexUpdateService
    tskill "Plex Media Server"
    tskill "PlexScriptHost"
  3. On the old server, export the entirety of the “HKEY_CURRENT_USER\Software\Plex, Inc.” registry key and import it onto the new server
  4. On the new server, rename “C:\Users\Plex\AppData\Local\Plex Media Server” to “C:\Users\Plex\AppData\Local\Plex Media Server-OLD”
  5. Copy the “C:\Users\Plex\AppData\Local\Plex Media Server” folder from the old server to the new server. This folder will be very large and the copy will be very slow as it contains a large number of files and folders. In my case some 662,915 files and folders totalling around 18 GB.
  6. Ensure that your old Plex install remains offline
  7. Reboot the new Plex VM
  8. Test
  9. Delete “C:\Users\Plex\AppData\Local\Plex Media Server-OLD”

 

The Results

At the beginning of the article, I outlined that the old Windows 10 VM disk was sitting at 33 GB with typical idle RAM use sitting around 1.4 GB.

After defragging and compressing the virtual disk for the Windows Server Core VM, the VHDX file size was 27 GB; a small improvement. RAM use was also better. Typical idle values of around 550 MB matched library updates sub-720 MB and observed highs around 900 MB.

Boot times for the VM are considerably faster compared to Windows 10, not that it is especially important for media consumption. As an early superficial observation, the library load times between a Smart TV and the Plex DLNA enumeration service appear snappier than under the previous install. I leave that as a subjective and not an empirical observation however.

So is it worth it? The answer to this should depend on your comfort level with managing Windows Server Core. If you want to play with Server Core to learn it, or are already familiar with it, then it is worth considering for the RAM saving alone. The promise of a long-term stable platform under LTSB servicing does allow you to “set it and forget it” and, if like me you are fed-up of contending with large 6-monthly full reinstalls of Windows 10 for no intrinsic gain. It really does offer a streamlined way to host Plex.

With that said, you do lose three practical things by using Server Core and not much else

  1. The omnipresent tray icon which lets shortcut into the web GUI or manually initiate library scans (all of which you can do from the web UI).
  2. The ability to open the web UI on the VM itself is lost.
  3. Being able to troubleshoot with a GUI in Windows Explorer is occasionally useful. You must now use an intermediate management machine/VM to do this. For any admin who already manages Server Core, they will already have this environment. They will also be used to viewing the local server console as a weapon of last resort, not first resort as will be the case with the majority of GUI administrators.

Once working on Server Core, Plex is essentially managed exclusively through the web UI. There are only very occasional needs to interact with Windows Installer on the console during version upgrades. If you want your Plex VM to do something other than just Plex, then it probably isn’t worth considering going down this route. Should you think like a server admin however and prefer task isolation, then why do you need a GUI, Game Bar and Candy Crush saga to server multimedia content to your TVs? If you think like a savvy consumer, why do you need the extra licensing overhead?