Subscribe via Email

Subscribe via RSS/JSON


Creative Commons Attribution 4.0 International License
© Rakhesh Sasidharan


Notes on Hyper-V differencing disks

I am using Hyper-V again to setup a lab on one of my laptops. Most of the VMs are going to be Server 2012 (GUI or Core) and rather than “waste” space for each VM I decided to create a base VHD and use.

Generation 1 VM only!

The steps below only work for a Generation 1 VM. If you want to use a Generation 2 VM read this post to get an idea of what I am doing, but don’t follow all the steps. Instead, check out my next post where I go into UEFI and GPT and the boot process there, and follow the steps there.

Using the VHD created below in a Generation 1 VM gives the following error when booting: Boot failed. EFI SCSI Device. No Operating System was Loaded. Press a key to retry the boot sequence ...

Here’s how I went about doing it. (None of this is new material, the below is just notes to my future self). Also, all these steps are on my Windows 8.1 with Update laptop, so it might not work on older versions of Windows (I know for sure that these won’t work on Windows 7).

First, mount the Server 2012 ISO:

The ISO is mounted at F: drive. The sources\install.wim file in this drive contains the WIM file with all the Server 2012 images. A WIM file (short for “Windows IMaging” file) is a file-based image. Unlike a block-based image (which is what most of us are familiar with from tools such as Ghost) a file-based image contains the files and file-system as it. In addition to that the files are compressed, and duplicate file names point to one actual file, so you could have a WIM file that contains all the editions of Server 2012 but the size of the WIM file isn’t equal to the size of one of these multiplied by the number of editions. Since Vista WIM files are what Microsoft’s been using to install the OS. The install program sets up your hard disk and then dumps a WIM file onto it. After a reboot, the machine boots into this dumped image and continues configuring and customizing.

The beauty of this is that one can dump a specified image from a WIM file onto a virtual hard disk too – which is what I am going to do here. I select an image from my WIM file, create a VHD file, and apply this image to the VHD file. Then when I boot up from this VHD file in a newly created VM the setup process continues as it is. The difference here is that I am going to apply to the image to a VHD file, and then use that VHD file as a base image and create new “differencing” VHD files off that. This way each newly created VM uses the differencing VHD file, and the size of that is more or less equal to the changes I make in the VM. That’s way better than having multiple VHD files all of which contain the same OS and similar files and together take up a lot of space!

Back to the WIM file, find the image that we are interested in:

I am interested in the first image here (Serer 2012 R2 Standard Core). I want to apply this image to a VHD. So I create a 20GB VHDX file:

Mount the VHDX file:

Note that I use Get-Disk above. That’s because the VHDX doesn’t have a file system yet, and hence no volume. I will have to prepare the VHDX before I can apply the previous WIM image onto it. So let’s do that.

Create a partition and format it as NTFS. Assign a drive label while we are at it.

NOTE: It is possible to combine all the cmdlets above from New-VHD to Format-Volume into one long pipe. That way easier to copy paste than the multiple cmdlets above. Here’s the combo version:

Now I apply the WIM image to this drive letter (which is actually the VHDX file I created earlier):

This cmdlet will take a while to complete (and it doesn’t offer much by way of a progress bar)

NOTE: You can use the DISM command too instead of the cmdlet above. That has a more informative progress bar:

Install a boot loader on the VHD so it boots.

Don’t forget the boot loader!

I had missed this step when I first wrote this post. Apologies if anyone followed the steps and ended up with non-bootable VHD. I realized this omission only after I tried booting the VHD and got the following error:


Finally dismount the VHDX:

Dismount the ISO file too if you are done with it:

Finally, I make a new differencing VHD:

That’s it. Now I can create a VM and assign the WINDC01.vhdx disk to it. As far as the VM (or even us if we mount the VHDX file directly) are concerned the WINDC01.vhdx file is identical to the 2012R2.vhdx file it is based up. Just that what the file actually contains is only the differences from the base file. Any references to files in the base VHD file are looked up there transparently; any references to new/ changed files are looked up in the differencing VHD file.

Generation 1 VM only!

As mentioned at the beginning of this post, the VHDX file created using the above steps only works with a Generation 1 VM. With a Generation 2 VM you get an error like this:


This is because Generation 2 VMs are using UEFI and they have a different boot process. Check my follow-up post on what to do with a Generation 2 VM. .

New GPG key, revoking old keys, etc

I decided to create a new GPG key for myself. My first key (created using PGP) is from 1999 while at University. This key (ID 15E7AC77) is associated with one of my older email accounts I don’t have that key any more, nor did I set an expiry on it or create a revocation certificate, so the key is still active but not used by me. I don’t use that email address either.

My next key (again created using PGP) is from 2001 while at my first job. This key (ID 12D101F1) is associated with my work email from that time. Again, I don’t have that key any more, nor did I set an expiry on it or create a revocation certificate, so the key is still active but not used by me. I don’t have access to that work email address either.

My third key (created using GPG) is from 2007. This key (ID C7A2DC31) is active, but I don’t use it much. Thankfully I had a copy of the key with me and I remember its password (a good thing since I was dumb enough not to create a revocation certificate again), so I created a revocation certificate for it today and revoked it.

Today I made my fourth key (using GPG). This key (ID 2673D9BF) is what I plan on using going forward. I have added all my usual email addresses to it and also uploaded it to from where it should replicate to other servers.

It’s been a while since I used GPG so here are some notes to myself on how to get things done with it. Most of these can be accomplished using the Kleopatra GUI that’s bundled with GPG.

Sending keys to the public key servers

The is actually just an endpoint for a collection of servers.

Refreshing keys from the public key servers

Editing a key

At this prompt I can type a ? to get a list of sub-commands. For instance:

  • list – list all the IDs in the key,
  • adduid – add a new ID,
  • uid – select an ID (useful to perform an operation on the ID),
  • deluid – delete the selected ID,
  • revuid – revoke the selected ID (do this instead of deleting when it’s one of your own keys/ IDs),
  • primary – mark the selected ID as primary (useful when you have many IDs and you want to mark one as primary), and
  • addrevoker – add a revocation key.

Creating a revocation certificate

This creates a revocation certificate. Without the --output switch the certificate is output to the screen (ASCII armored). With the switch and the file name following it, the certificate is output to that file.

Note: If you want to revoke an individual ID in your key, there’s no need to do the above. Use the revuid command as in the previous section. It is, however, a good idea to create a revocation certificate for each of your keys and store it someplace safe. This way if you lose the private key or forget the password, you can always use the revocation certificate to revoke that key. The revocation certificate is like your fail-safe switch in case the private key is lost.

To actually revoke a key, import the revocation certificate as in the next section. And then send the key to the public key servers as in the first section.

Importing a key

You can skip the file name, in which case you will be prompted to copy-paste the key.

That’s more or less the basic stuff. Most of these can be done via the Kleopatra GUI. Stuff you can’t do via the GUI include creating a revocation certificate or revoking a particular ID.

Coming soon … fingers crossed!

October was a good month. I had the good fortune to attend a Microsoft workshop on Active Directory troubleshooting last month. And before that, I was at our Amman office for an upgrade from Windows XP (yeah we still had that!) to Windows 7 and I got to build a standard Windows 7 image with all our software and updates and create a bootable USB key that lets users install the OS and apps to a fresh machine. I want to write some posts on both of these – especially the Active Directory workshop, which was ah-maa-zing! – but also on the Windows 7 USB stuff (which is nothing novel but I’d like to write a post nevertheless).

I don’t know if I’ll manage to. I have ambitious plans on the Active Directory posts. It was a 4 day course and we covered many interesting topics such as replication, Kerberos, DNS, as well as a lot of troubleshooting. Many of these were familiar concepts to me but this was the first time I was presented with all of them together and that too someone was teaching the concepts rather than me Googling and/ or reading. I have already forgotten most of what I learnt, I think, but before I forget the rest I want to write multiple posts about the topics of each day, supplemented with more reading and notes from the Internet sort of as a revision to myself. Like I said – ambitious! – and the more ambitious I aim the less likely I am to achieve it (going by my track record). For starters, ever since the training finished I have been down with a stomach bug and so been too wasted to sit at the computer and write a blog post, let alone collect all my thoughts together. This post itself is sort of a last ditch attempt at getting the ball rolling by putting something out there, just so I have a commitment out in the open to get this done.

Fingers crossed, there’ll be more technical posts appearing soon! :)