A few things I learned after uploading this video: - SecureBoot is not required to install Windows 11. You can make it work by simply enabling vTPM support. - If you want full SecureBoot support, there is an extra step that must be done, prior to installing the VM, once on the pool: secureboot-certs install. This will download and add Microsoft's UEFI certificates, which we can't ship in XCP-ng, due to incompatibilities between open source licenses and these certificates' licenses (you'd think they would be in the public domain, but they aren't). -Bitlocker, one of the possible uses of a vTPM, isn't supported. Actually, it does work, but it also implies Measured Boot, which is highly sensitive on any firmware changes. And, in a VM, the firmware is emulated by software which is bound to received updates independently from VM administration. When this happens, booting the VM will hang until you provide bitlocker's recovery passphrase. The same would happen when migrating to a host with a different version of the firmware software, or when restoring a snapshot or backup made when the firmware software was different. So use bitlocker at your own risk. Thanks @stormisamuelv2 for the notes

Obviously you know it’s good timing, which is why you are posting xcpng videos- but also- good timing, sir! Please keep the xcpng topics coming!

Not sure if this was partially prompted by my comment in the previous video, but thank you for showing this.

@LAWRENCESYSTEMS

3 ай бұрын

How to setup Windows on xcp-ng is in high demand

Hi Tom. Awesome video as always. Does XCP-ng/ XO support the dynamic resolution's of a VM like VMware/HyperV does. IDK what its actually called but an example is when I open the virtual console of a VM in vCenter, it will size the vm's monitor to the size of my browser. Does Xen does that too?

@jowdyboy

3 ай бұрын

Great question. This is likely not related to XCP-ng at all. If you use a Remote Desktop Manager, most will auto-scale the desktop resolution to match your window size. RemoteNG, Microsoft Remote Desktop Connection Manager, etc., regardless of what Hypervisor your Windows OS sits on.

Hi Tom. I'm also installing Windows (Server 2022) on XCP-ng at the moment. I was wondering about how you setup your storage? Is it shared among multiple hosts? is it iSCSI. If so, is it connected through the OS or directly via the NICs? Spinning, SSD, SATA SAS, NVMe ..? Care to share?

@LAWRENCESYSTEMS

3 ай бұрын

I have a whole video talking about storage design here kzread.info/dash/bejne/Y6lnw8ueZNqZYso.html

So... let's say you are using bitlocker, the key to unlock (in the vTPM storage) isn't encrypted ? and sits next to the VM disk ?

Where did the vTPM come from? Is this a standard option in Xen Orchestra setup? (Or do you only get a vTPM if your physical CPU has a real TPM? Related question on "hardware inadequate for W11". My homelab setup is based on Xeon E5-2650v2 (IvyBridge 3rd Gen) on a famous Chinese mobo, 32GB RAM - and has plenty of oomph, tho not suitable for W11. Is there a straightforward way to get a W11 VM setup on that kind of legacy setup?

@LAWRENCESYSTEMS

3 ай бұрын

The vTPM is a feature in XCP-ng 8.3

Why did i cringe so hard when you chose Windows Home even just for the demo 😂

@LAWRENCESYSTEMS

3 ай бұрын

Yeah, I chose the Home version just for that 🙃

Hi Tom, If I have been using Windows update for the drivers, whats the best way to move over to the download option in the vid?

@LAWRENCESYSTEMS

Ай бұрын

If what you are using is working, don't change it. If you do feel like changing it there are some bugs you might run into so make sure you have backups.

@SusanPowers-wj2ow

Ай бұрын

Apparently my comment isn’t sticking(poor reception), but there appears to be a 🐛 in the latest XenServer driver that impacts the 2.5Gb NIC and its respective domains aka virtual machines. I resolved the issue partially by removing the driver altogether. I plan to wipe, install NixOS with VirtMan and KVM/Qemu, learn virsh and add my own dashboard. I want to point out that I actually paid for the standard license from Vates for a few months. But have zero plans to continue down that path

It might be interesting too to make a tutorial on how to do it on 8.2.1 without TPM, it was not too difficult, just had to edit a regedit field. Also a tutorial on how to passthough a GPU to a windows machine would be really interesting, I followed the docs and was easy enough. An intel igpu worked for ubuntu but not for windows though, probably driver related but not sure.

Hi Tom. Any chance you could do a video on using the clipboard/drop & drag function on VMs. I recently installed both Debian Bookworm and Windows 10 Pro on Virtual Box and neither allow the use of either the cut & paste or drop & drag functions do not work even when you go into Settings/Advanced/Bidirectional.... The error messages state either the Host OS does not support the actions or Guest Additions not installed. My guess is this situation will be the default case regardless which Hypervisor is being used to Host.

@LAWRENCESYSTEMS

3 ай бұрын

You do need the guest tools installed for that to work, but I never use the console after basic loading of a VM because the console is not the best way to interact with the VM. For Linux I ssh in and for Windows I use RDP or a remote access tool.

@markandrews1219

3 ай бұрын

@@LAWRENCESYSTEMSThanks for replying

I am not reaching the windows install screen after following these steps. at your timecode 2:33, I never reach that state. I have the 8.3 version of XCP, I have a current version of the W11 ISO loaded into the ISO store, I have tried secure boot both ways (saw your update), also tried with the vTPM enabled/disabled. The only way i was able to reach a windows screen was by disabling the vTPM, but the installer doesn't see any mounted disks -- I was able to find it in CMD and tried to "clean" to no avail. When the settings are all as you specified, i keep running into this: UEFI interactive shell v2.2 EDK II UEFI v2.7 (EDK 11, 0x00010000) Mapping table FS0: Alias(s) then it continues with some PCI info and other BLKs. Press escape to skip startup.nsh or any key to continue. Neither escape or the "any key" work :(

@jgelliot

Ай бұрын

Not sure exactly how this worked, but switching from a SMB mounted ISO storage to a local one got the bood media connected.

does Xen/ XCP-ng offer the tools/drivers/mgmt agent as ISO if drivers would not be picked up or to install it in an air gaped environment? Qemu-guest-agent/drivers are available as iso, you can mount like in vmware

@scanmikey

3 ай бұрын

I created an iso of the tools using folder2iso. There may be an iso somewhere but I couldn't find it.

@LAWRENCESYSTEMS

3 ай бұрын

Yes, but you could also just download and copy that file over to the VM.

@scanmikey

3 ай бұрын

True, the file could just be copied but having it in an iso datastore is way more handy.

No option for vTPM version? Also why would you want to copy host BIOS strings to the VM?

@shanent5793

2 ай бұрын

If the host has a Windows license then copying the BIOS strings should let the VM also recognize the license

Did Citrix change things? As of a few weeks ago, I swear I couldn't download the driver/management agent without having an account.

@LAWRENCESYSTEMS

3 ай бұрын

If you Google Citrix guest tools it lands on that page, it has a higher SEO position than the one I shared.

I dont have a Win11 template. XO with latest commit. Is it based on the detected ISO that i get vTPM ?

@LAWRENCESYSTEMS

3 ай бұрын

You can use the Window 10 template and the "Enable VTPM" option is part of 8.3

@PowerUsr1

3 ай бұрын

@@LAWRENCESYSTEMS Thanks. You are correct. What is the point of installing the xen tools tho? The NIC driver was discovered either way.

@LAWRENCESYSTEMS

3 ай бұрын

@@PowerUsr1 The management tools give you the IP address in Xen, allow live switching of NIC, and dynamic memory changing.

@PowerUsr1

3 ай бұрын

@@LAWRENCESYSTEMS Understood. Thank you for clearing that up for me and anyone else who reads the comments :) appreciate it !

I wrote a comment giving extra information, as XCP-ng Release Manager / Lead Maintainer, but youtube apparently deleted without the slightest notification. There wasn't any link but I did mention a website. Any chance you have a trace of it somewhere? Otherwise I'll write it again and save it this time.

@LAWRENCESYSTEMS

3 ай бұрын

KZread deletes links / sites in comments.

@stormi_v2

3 ай бұрын

@@LAWRENCESYSTEMSIt deleted my comment again :/

@LAWRENCESYSTEMS

3 ай бұрын

That is why I have forums, KZread's spam solution is to delete things in comments that contain links.

Love these detailed tutorials; can't wait to get hands-on with XCP-ng in a business IT setting as well. We're VMware for now but that'll change when the inevitable price hikes drop. These videos are going to be a great resource for the post-VMware world for years to come, just like the pfSense series videos are still wildly useful a while after their initial release.

Can you do another quick video installing Gentoo? 😂

@LAWRENCESYSTEMS

3 ай бұрын

Why not Arch? 😜

I found a bug that only effects non-normie win11 users. If you have a local account (i mean, who would ever sign up for an awful MS account), and you fought and won that battle with the installer (praise to rufus), you will get random hardware crashes if that local account is an admin. There's a C# bug that was acting up that had me download about a dozen patches, then it manifested into the "Intel Management Engine WMI Provider" causing crashes by 'impersonating permissions'. It was/is a non-deterministic bug and I thought I may have built my PC incorrectly (even though it never crashed on prime nor 3dmark). So yeah, if you set up local accounts make sure you have an admin account and a user account or you may crash (and windows will not care).

@hotelbooking6923

3 ай бұрын

I don't think anyone who's been in the business longer than a day is setting up Windows with a MS account on a domain

Snort 4.1.6_15

@LAWRENCESYSTEMS

2 ай бұрын

🐷

This is not as simple as shown. You have to set up TPM and secure boot in advance.

@LAWRENCESYSTEMS

3 ай бұрын

It is as simple as demonstrated in the video, the only editing I did was fast forwarding the load screens for Windows. The vTPM is a feature of XCP-ng 8.3

@pepeshopping

3 ай бұрын

In “advance” of WHAT exactly? Guess the usual technical people do not understand virtualization. In a PC, you “enable” Secure Boot and the TPM module in the BIOS, right? That’s exactly what happened for that virtual machine when you select SecureBoot and virtual-TPM!

@timk6246

3 ай бұрын

@CESYSTEMS Why are my comment replies getting removed immediately after posting them? Unless something has changed between 8.2.1 and 8.3, the UEFI default certificates need to be installed and configured. Every time I link to guest-uefi-secure-boot documentation my comment gets nuked.

@LAWRENCESYSTEMS

3 ай бұрын

@@timk6246 KZread does not allow links to be posted and in 8.3 you do not need to do this.

@timk6246

3 ай бұрын

That is good news then, the developers are closing the gap with VMware. Now they just need to get that web interface modernized!!!@@LAWRENCESYSTEMS