2

Question:

Does anyone know how I can get the Windows 2012R2 virtual machines to shutdown when sent the signal by the cluster resource manager?

Background:

I am running Windows 2012R2 servers as Virtual Machines (VMs) on KVM, using corosync/pacemaker for high availability. To migrate a VM from one node to the other, the VM is sent a shutdown signal. The command issued is:

crm resource migrate p_virtdom_win2012R2

Which I believe this is equivalent to:

virsh shutdown <vmname>

Once the machine powers off, it is started on the other node.

The problem I am having is that the Windows 2012R2 VMs do not seem to respond to the shutdown command - and keep running until the operation times out.

ACPI is enabled in the virtual hardware, and acpid is installed on the ubuntu 14.04 LTS host machines.

I am able to get the migrate command to work if I connect to the console and "slide up" the screen to reveal the login screen, however this is not practical for a high availability system as it should gracefully shutdown without user intervention.

History:

I had the same problem with Windows 2008 servers, and was able to get around it by using the following group policy settings:

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Do not require CTRL + ALT + DEL

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Shutdown: Allow system to be shut down without having to log on

This keeps the machine at the login page, showing the "Shutdown" icon in the corner, and works fine for migration.

Unfortunately, this setting does not keep Windows 2012R2 at the login screen. Instead, it seems to allow you to swipe up instead of hitting CTRL + ALT + DEL to access the login page.

I have also found a suggestion here:

https://hashtips.wordpress.com/2013/03/19/shutdown-windows-kvm-virtual-machine/

to virtually "move the mouse" to allow the shutdown to occur, however logging in to the console and moving the mouse only reveals the screen with the time and date, and does not seem to solve the problem.

EDIT/NOTE: The registry edit that allows the Windows 2012 R2 VM to shut down without login is not set on the Windows 2008 VM - only the group policy option is required!

DougC
  • 97
  • 1
  • 11
  • All else failing, `virsh destroy ` would forcefully shut the VMs (it is roughly the equivalent of yanking power from a real box). – iwaseatenbyagrue Apr 24 '17 at 16:23
  • For the record, setting the two policy options fixes the problem on Windows server 2016 Essentials too – Joril Sep 10 '18 at 14:59

1 Answers1

3

According to [1] the "allow system to shut down without logon" policy is present in ws2012r2.

All KVM (well, actually qemu) does is send an ACPI shutdown command to the guest, and after that the guest should handle the request. Just like with real hardware, the alternative is a manual shutdown or pulling the power (virsh destroy GUEST in libvirt verbs)

[1] https://technet.microsoft.com/en-us/library/jj852274(v=ws.11).aspx

Here are some additional instructions I gathered online:

Modify the following to allow shutdown without logon:

  • HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon - change "ShutdownWithoutLogon" to 1

Also, the power settings may effect the machine's ability to respond to ACPI commands, so modifying the following may also help:

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\ 7516b95f-f776-4464-8c53-06167f40cc99\8EC4B3A5-6868-48c2-BE75-4F3044BE88A7 set "Attributes" value to 2
  • "Control Panel" > "System and Security" > "Power Options" > "Change plan settings" on current power plan > "Change Advanced Power Settings" > "Display" and set 'Console lock display off timeout' to 0 (disable it)
DougC
  • 97
  • 1
  • 11
dyasny
  • 18,482
  • 6
  • 48
  • 63
  • Thanks for the info. So I guess the question is why doesn't Windows Server 2012 R2 shut down in response to ACPI shutdown command with the policy set? – DougC Apr 24 '17 at 17:54
  • does it shutdown when there's a logged in user present in the console? – dyasny Apr 24 '17 at 18:19
  • Yes, it will also shutdown if you connect to the console and "slide up" to show the login screen (without actually logging in). It only seems to have problems when you are at the screen that just shows the time and date. – DougC Apr 25 '17 at 12:48
  • I suppose there is another policy setting in there somewhere... Since this is Windows, call MS support for help? – dyasny Apr 25 '17 at 14:22
  • @DougC see the latest edit on my post – dyasny Apr 25 '17 at 19:55
  • The first addition ("ShutdownWithoutLogon" to 1) seems to have done the trick. Strange that I needed that as well as the group policy - I will have to investigate further. – DougC Apr 28 '17 at 20:26
  • I have suggested an edit to provide more information about the registry edits, please have a look. – DougC Apr 28 '17 at 20:32