Create a Hyper-V NAT Switch with PowerShell – the easy way

You can follow the original guide by Microsoft and manually edit all the details, or just use the variables from the script below and let PowerShell do the work for you.
# Variables
$InternalSwitchName = "Internal Virtual Switch"
$NATGatewayPrefixLength = "24"
$NATGatewayNetwork = "192.168.0.0/$NATGatewayPrefixLength"
$NATGatewayIP = "192.168.0.1"
$NATNetworkName = "NAT Network"

# Create the VM Switch and NAT Gateway
New-VMSwitch -SwitchName $InternalSwitchName -SwitchType Internal
New-NetIPAddress -IPAddress $NATGatewayIP -PrefixLength $NATGatewayPrefixLength -InterfaceIndex (Get-NetAdapter -Name $("vEthernet ($InternalSwitchName)")).InterfaceIndex
New-NetNat -Name $NATNetworkName -InternalIPInterfaceAddressPrefix $NATGatewayNetwork

Unknown Devices when installing Hyper-V on Windows 10

The following unknown device IDs will pop-up when you run the script or when you open Device Manager:

ROOT\VMBUS\0000
ROOT\VID\0000
ROOT\VPCIVSP\0000
ROOT\STORVSP\0000
ROOT\SYNTH3DVSP\0000

If you want to find all Unknown Devices, open PowerShell as an Administrator and run:

Get-WmiObject Win32_PNPEntity | Where-Object{$_.ConfigManagerErrorCode -ne 0} | Select DeviceID

On my work notebook, all drivers were correctly populated so it had to be something with my test laptop. It’s a fresh Windows 10 machine deployed by a Task Sequence – enabled with Device Guard and Credential Guard.

Solution:
During the installation I’ve installed the Microsoft-Hyper-V-Hypervisor feature on Windows 10. You also need to install the Microsoft-Hyper-V-Services if you want to have those drivers installed as well.

Hyper-V RemoteFX doesn’t work with Shielded VMs

Cause

Recently I replaced my workstation and that was a perfect time to rebuild my home lab. After I got green lights from my employer to install the all new Windows 10 Creators Update, I also installed Hyper-V and started to build servers in my lab. I was playing around with Shielding, Virtual TPM and SecureBoot until I found out that RemoteFX didn’t work anymore. I added the RemoteFX adapter to a VM with shielding enabled, but saw in the Hyper-V Settings menu that “0 virtual machines are currently using this GPU”. I first thought about updating my drivers, but I realized that I was playing around with some new features. After disabling Shielding for this VM, RemoteFX started to work!

Continue reading

Screen display flashes or blinks if Device Guard or Credential Guard with Hyper-V has been enabled

When you enable Device Guard or Credential Guard with Hyper-V on your system, your screen will blink every X seconds. This is a really annoying bug and has been fixed by Intel.

Solution:

Upgrade your Intel(R) HD Graphics driver to version 20.19.15.4352.

Enable Hyper-V during Task Sequence in SCCM 2012 R2

Because I wanted to configure Device Guard with Windows 10, I need the Hyper-V Hypervisor to be enabled on Windows 10. I tried to do this with DISM and an answer file, but it’s not possible to enable Hyper-V during the Task Sequence Deployment because Hyper-V requires a couple of reboots.

Solution:

Create a new “Set Task Sequence Variable” task in your Task Sequence. This will run the PowerShell command after the Task Sequence ends. I’ve set this task before enabling the Driver Package, but it should be possible to place this task anywhere you like.

Task Sequence Variable: SMSTSPostAction

Value: powershell -ExecutionPolicy ByPass -Command “Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V-Hypervisor -all -NoRestart;Disable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V-Tools-All,Microsoft-Hyper-V-Services -NoRestart”

This will do the following:

  1. Enable all the Hyper-V Features after the deployment
  2. Remove the Hyper-V Tools and Services (Management Tools) afterwards. I found out that this is the best way to only add the Hyper-V Hypervisor.

You still need to reboot the system a few times to enable this feature. Because I enabled the BitLocker PIN, I can’t reboot the machine because it will ask for a PIN a few times.

Screenshot:

Enable-HyperV