“I’ve seen things you people wouldn’t believe…” [laughs] attack systems firing on our Hyper-V guests beyond the shoulder of our firewalls, I watched photons underline the Heisenberg uncertainty principle. All those moments will be lost in time, like photons that have been intercepted… Time… to write.
It took about a year for someone to infect the first virtual machine in a way that we couldn’t get antivirus back on it, so what I needed to do was delete the old machine and restore a new one.
Using our Windows Hypervisor we were able to do just that without any problem by creating an exact replica of a currently working virtual machine and importing it back in the Hyper-V Host.
Here’s How I Exported and Imported the Hyper-V Guest
1) Login to your Hypervisor as an administrator
2) Open the Hyper-V Manager (if’n you don’t know how to do this without a graphic… I’m worried)
- Note: Shutdown powers off the machine gracefully where “Turn Off” will simulating you pulling the plug… not gracefully.
4) Select “Export…“
5) Select a location to export the client to… in the picture below I just used the variable x… but you will need to figure out a drive that has enough space to export to and create the directories yourself. I recommend just a general directory as the export will automagically create a directory in the name of the machine you are exporting.
- Note that after you clicked on “Export” there is a “Cancel Exporting” option under your virtual machine’s “action pane” on the left side.
You now have to wait for the export to finish and this to go away before continuing to the next step.
- Also if you right click on the machine that you are exporting you’ll get an option “Cancel Exporting”
- Do not click on cancel and just wait – exporting may take over an hour depending on the size of your virtual hard disk and how slow your Hyper-V server is… (yes despite what your partner may say… size does matter)
7) Now is a good time to observe or know what you have just exported. There are three directories that are exported with every virtual machine along with a config.xml file.
They are as follow:
- config.xml: Contains the virtual machine settings. Don’t butter it up son… it is what it is.
- Virtual Hard Disks: This is where your virtual hard drive(s) (aka .vhd files) are stored. This by far is where most of the time is spent during an export on copying the data over. Note: If you have two virtual hard disks with the same name but in different locations prior to the export… the export will fail. Thus why it’s a best practice to have different names for each hard drive connected to the same Hyper-V guest.
- Virtual Machines: This is where your virtual machine settings are stored in an “.exp” file with your virtual machine settings. This .exp file uses the “virtual machine ID” Globally Unique Identifier (aka GUID) as the name of the file and thus will change for every different machine you export. If the virtual machine was in a “saved state” when exporting to the subfolder there will be a .vsv and .bin file exported here as well.
- Snapshots: Basically any snapshots of this virtual machine will be stored in this folder.
- If you have no snapshots, this will be empty.
- If you do have snapshots It will contain a .exp file for each snapshot the virtual machine had. It will also contain a folder named after each snapshot ID and in those folders will be the saved state files. Finally a folder named after the Virtual Machine ID will contain the differencing disks used by all of the snapshots associated with the virtual machine (aka .avhd files).
8) Note, you may now copy/move/backup this directory if you would like.
- Keep in mind you can also perform steps 1-6 for the bad virtual machine to keep it in case you want to delete it from the disk and still retain a backup.
- You can also backup any data on the bad virtual machine and restore it later to the new virtual machine using a backup utility.
- After the export was completed, I took the time to move the Hyper-V copy we just made to another directory for the restore. I also made sure I had a backup of the bad virtual machine in case I needed it later to restore or reference. Then I deleted the bad virtual machine from the Hypervisor and the disk after it was backed up.
- “Move or restore the virtual machine (using the exiting unique ID)“: Select this only if you want to move the machine from one server to another and discontinue the use of that machine on the old Hyper-V Host. Remember I talked about the GUID above? Well they have to be different, and thus like Highlander “There can only be one”. If you select this option and you continue to use the original machine you just copied – you will run into issues. This will be bad not only if you are keeping the machine you copied in production. It would be equally as bad if someone decided to fire the original machine up again later with the same settings as the cloned machine!
- “Copy the virtual machine (create a new unique ID)“: This is what I selected. Select this if you want to replicate a machine (clone it) and keep the existing machine running. Doing this will create a new MAC address. However, the Hyper-V name will remain the same and you’ll need to change it.
- “Duplicate all the files so the same virtual machine can be imported again”: Depending on your version of Windows you may have an option you can select that will duplicate all the files and simulate a copy of that virtual machine so you don’t have to manually copy it. Note this will take longer if selected.
- I manually just copy and paste my files to do this and it works fine. I actually like to manually do copy the files we just exported as it places the files right where I like them.
- When you are done selected your options, click on “Import” and wait for the progress bar below to finish.
11) Change the name of the virtual machine to make it unique so you may identify it in the Hyper-V Manager. To do this right click on the virtual machine you want to change the name on and select “Rename….” and then type in the name you want to change it to.
Other things you may want to do if you made a copy of the machine and the machine you copied is still in production:
1. Connect to the virtual machine and turn it on.
2. Disconnect the network adapter (so you don’t remove the other machine you copied from the domain)
3. Disconnect the machine from the domain and reboot
4. Rename the machine and reboot
5. Enable the network adapter (so you can join the domain)
6. Join the domain and finish anything else you want to finish.
Kind of makes me think of Blade Runner:
“Replicants are like any other machine – they’re either a benefit or a hazard. If they’re a benefit, it’s not my problem” – Deckard
With that said… good bye old hazardous virtual machine replicant! We now have replicated a beneficial one to replace you!
I just hope that new one doesn’t come back to kill me… yikes!