IT knowledge

Wednesday, February 15, 2012

vmware snapshot issue.

service mgmt-vmware restart

service vmware-vpxa restart

Symantec backup Exec 2010 HotFix – Feb 2012

http://www.symantec.com/business/support/index?page=content&id=TECH178798&actp=search&viewlocale=en_US&searchid=1329280264040

Method 1 – Using Microsoft URL Rewrite Module

For this method of redirecting from HTTP to HTTPS, you will need to do the following;

Install the Microsoft URL Rewrite Module
Install your SSL certificate in IIS 7 and bind it to your website
Make sure Require SSL is NOT checked under SSL Settings for your website (uncheck the boxes that are checked in this screenshot)
Copy and paste the following code between the <rules> and </rules> tags in your web.config file in your website root directory.
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
    <conditions>
      <add input="{HTTPS}" pattern="off" ignoreCase="true" />
    </conditions>
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
</rule>
Test the site by going to http://www.yoursite.com and making sure it redirects

Tuesday, February 14, 2012

Windows Service Accounts Inventory

You have a list of service account names and a list of server names. You need to know which service account is used in which server. You can logon to each server and go through the Services MMC if there are not too many servers and service accounts. However, if you have too many servers or service accounts to check, the following vbscript might be of a little help.

You can download a copy of this vbscript from http://www.mediafire.com/?jfh5w4774w6ayru.

On Error Resume Next

Const ForReading = 1

Set objFSO = CreateObject("Scripting.FileSystemObject")

'Open the servers.txt containing the server names for reading
Set objServersFile = objFSO.OpenTextFile("servers.txt", ForReading)

'The results will be written to SvcAcctServers.txt
strFileName = "SvcAcctServers.txt"
Set objResultFile = objFSO.OpenTextFile(strFileName, 8, True, 0)
objResultFile.WriteLine "Server Name" + vbTab + "Service Account" + vbTab + "Service Name"

'Loop through all the server names in the servers.txt file
Do Until objServersFile.AtEndOfStream
strServerName = objServersFile.Readline

    Wscript.Echo "Connecting to " + strServerName

    'For each server, connect to the \root\cimv2 WMI namespace
    Set objWMIService = GetObject("winmgmts:" _
        & "{impersonationLevel=impersonate}!\\" & strServerName & "\root\cimv2")

    'Catch the error connecting to the WMI namespace
    If Err.Number <> 0 Then
        objResultFile.WriteLine strServerName + vbTab + "Error Connecting" + vbTab + "Error"
        Err.Clear
    Else
        'Open the services.txt file containing all the service accounts for reading
        Set objServiceAcctsFile = objFSO.OpenTextFile("services.txt", ForReading)
        Wscript.Echo "Checking " + strServerName + "..."

        'Loop through the services.txt file
        Do Until objServiceAcctsFile.AtEndOfStream
            strServiceName = objServiceAcctsFile.Readline

            'Get all the Windows services on the server by quering the win32_Service class
            Set colServices = objWMIService.ExecQuery _
                ("Select * from win32_Service")

            'Loop through all the Windows services
            For each objService in colServices
                'If the service account name of the Windows Service matched the service account name in the services.txt
                If InStr(1,objService.StartName, strServiceName , 1) > 0 Then
                        objResultFile.WriteLine strServerName + vbTab + strServiceName + vbTab + objService.Name
                End If
            Next
        Loop
    End If
    'Clean up
    objServiceAcctsFile.Close
Loop
'Clean up
objResultFile.Close
objServersFile.Close

You need to two input files to run this script. The first file is servers.txt which contains the name of all your servers. The second file is services.txt which contains the name of all the service accounts.

Example of servers.txt and services.txt:

servers.txt	services.txt
deServer1 deServer2 deServer3 deServer4 deServer5 deServer6 deServer7 deServer8	ArcSvc AppsSvc BackupSvc MSSQLSvc SOClusterSvc SOMSSQLSvc SFClusterSvc SFMSSQLSvc

From the command prompt, run the vbscript using cscript.exe. Make sure that the command prompt is open using an account that has administrative access to the server because the script impersonate the account to connect to the server.

C:\scripts\Services>cscript ServiceAcctsInventory.vbs
Microsoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.

Connecting to deServer1
Checking deServer1...
Connecting to deServer2
Checking deServer2...
Connecting to deServer3
Checking deServer3...
Connecting to deServer4
Checking deServer4...
Connecting to deServer5
Connecting to deServer6
Checking deServer6...
Connecting to deServer7
Checking deServer7...
Connecting to deServer8
Checking deServer8...

C:\scripts\Services>

The results will be written to SvcAcctServers.txt which is tab delimited. Below is a sample of the results opened in Excel.

Server Name	Service Account	Service Name
deServer1	ArcSvc	AMS
deServer1	ArcSvc	MMS
deServer1	ArcSvc	StorageNode
deServer3	MSSQLSvc	MSSQLSERVER
deServer3	MSSQLSvc	SQLSERVERAGENT
deServer3	SFClusterSvc	ClusSvc
deServer3	SFMSSQLSvc	MSSQLSERVER
deServer3	SFMSSQLSvc	SQLSERVERAGENT
deServer5	Error Connecting	Error
deServer7	BackupSvc	BackupExecAgentBrowser
deServer7	BackupSvc	BackupExecDeviceMediaService
deServer7	BackupSvc	BackupExecJobEngine
deServer7	BackupSvc	BackupExecManagementService
deServer7	BackupSvc	BackupExecRPCService

deserver2, deserver4, deserver6 and deserver8 do not use any of the service accounts to run its Windows Services so they do not appear in the results. There is an error connecting to deServer5 and it is most likely caused by permission issues, WMI service not working or non Windows systems.

Vmware ESX – VMFS block size

With 1MB block size, the maximum virtual HDD size will be 256GB

File System : VMFS 3.21 , VMFS 3.46

Block Size : 8 MB

Monday, February 13, 2012

http://www.vcritical.com/2009/09/use-coreinfo-to-view-vm-core-and-socket-count/

Saturday, February 11, 2012

How to create certificate .cer file

How to create certificate .cer file ?

openssl pkcs12 -export -out mycertkey.p12 -in certificate.txt -inkey key.txt

https://www.thawte.com/index.html

convert the .pfx to a .cer

openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes

Convert PEM file to PKCS#12 format for Windows IIS Web Server

openssl pkcs12 -export -passout pass:"<enter a good password>" -in <faz.dhcp.fnal.gov>.pem -out <faz.dhcp.fnal.gov>.p12 -name "<faz.dhcp.fnal.gov>"

http://www.globalsign.com/support/intermediate/extendedssl_intermediate.php

To generate the needed PKCS #12 Certificate File using OpenSSL do the following:

Thursday, February 9, 2012

SSL Cert Installation Instructions Microsoft IIS 7

The following instructions are generally only applicable if we automatically generated your CSR during the ordering process. If you provided your own CSR we recommend using our standard installation instructions by Clicking Here.

Create A New PKCS12 (PFX) File For Importing Into IIS

A PKCS12 (PFX) file is a specially formatted file which includes the SSL Certificate, Private Key and optionally any required Intermediate CA Certificates. The file has an extension of .PFX and is compatible with Windows Internet Information Service (IIS).

To create the PKCS12 (PFX) file please visit the Tracking section of our website. Scroll down to the "Create PFX" button. You will be required to enter a password for the file - this ensures the security of the file.

If your CSR wasn't generated during the ordering process you can still using our Tracking system to create a PKCS12 (PFX) file. However, you will be required to provide your associated Private Key when generating the PKCS12 (PFX) file for it to be created successfully.

The PKCS12 (PFX) file may be compressed and saved as a ZIP file, please ensure to UNZIP it before import. The (PKCS12) PFX file should include all required components (SSL Certificate, Private Key and any required Intermediate CA Certificates).

How To Import The PKCS12 (PFX) File Into Windows Server

Importing a (PKCS12) PFX file into Microsoft IIS is generally a straight-forward process. Please review the instructions below of follow the instructions that are provided by Microsoft.

Step 1 : Click "Start" and choose "Run".

Step 2 : In the "Run" dialogue box type "MMC" and click "OK". The MMC should then appear.

Step 3 : Go to the File tab or menu and select "Add / Remove Snap-In".

Step 4 : Click on "Certificates" and click "Add".

Step 5 : Select "Computer Account" and click "Next".

Step 6 : Select "Local Computer" and click "Finish".

Step 7 : Click "OK" to close the "Add / Remove Snap-In" window.

Step 8 : Double click on "Certificates (Local Computer)" in the center window.

Step 9 : Right click on the "Personal Certificates Store" folder.

Step 10 : Choose "ALL TASKS" then select "Import".

Step 11 : Follow the "Certificate Import Wizard" to import your "Primary Certificate" from the .PFX file.

Step 12 : Browse to the .PFX and enter the associated password when prompted.

Step 13 : If desired, check the box to "Mark This Key As Exportable". We recommend choosing this option.

Step 14 : When prompted, choose to automatically place the Certificates in the Certificate Stores based on the type of the Certificate.

Step 15 : Click "Finish" to close the Certificate Import Wizard.

Step 16 : Close the MMC console. It is not necessary to save any changes that you have made to the MMC console.

How To Bind The SSL Certificate To Your Site In IIS 7

Once the SSL Certificate has been imported it is important to now bind the SSL Certificate to your website so that the website functions correctly.

Step 1 : Click "Start", "Administrative Tools" and then choose Internet Information Services (IIS) Manager.

Step 2 : Click on the server name and expand the "Sites" folder.

Step 3 : Locate your website (usually this will be called "Default Web Site") and click on it.

Step 4 : From the "Actions" menu (on the right) click on "Site Bindings" or similar.

Step 5. In the "Site Bindings" window, click "Add" or similar. This will open the "Add Site Binding" window.

Step 6 : Under "Type" choose https. The IP address should be the corresponding dedicated IP address of the site or "All Unassigned". The "Port" which traffic will be secured by SSL is usually 443. The "SSL Certificate" field should specify the SSL Certificate that was installed during the import process above.

Step 7 : Click "OK".

Step 8 : Your SSL Certificate should now be installed and functioning correctly in conjunction with your website. Occasionally a restart of IIS may be required before the new SSL Certificate is recognised.

How To Verify Your SSL Certificate Installation

To check if your SSL Certificate and any required Intermediate CA Certificates have been installed correctly please Click Here and follow the instructions.

Wednesday, February 8, 2012

How to manually install the GFI LanGuard agent

The GFI LanGuard Agent can be deployed manually as follows:

Locate the LanGuard10Agent.msi found in the main install folder of GFI LanGuard, under the \Agent subdirectory on the GFI LanGuard server
On a 32 bit install, the default path would be ..Program Files\GFI\LanGuard 10\Agent
On a 64 bit install, the default path would be ..Program Files (x86)\GFI\LanGuard 10\Agent
Copy the LanGuard10Agent.msi file to the target machine
From command prompt on the target machine, run the following command to install the Agent manually:
LanGuard10agent.msi /qn GFIINSTALLID="Install_IDfromCrmiini.xml" /norestart /L*v "%temp%\LANSS_v10_AgentKitLog.csv
Notes:
Install_IDfromCrmiini.xml is a dynamic variable that can be found in the crmiini.xml file of the GFI LanGuard install directory on the GFI LanGuard server. The default path for crmiini.xml is ..program files\gfi\LanGuard 10 Agent; ...program files (x86)\gfi\LanGuard 10 Agent for a 64 bit Operating System
When using Install_IDfromCrmiini.xml in above command, include the quotes from the crmiini.xml file
Example of command use: LanGuard10agent.msi /qn GFIINSTALLID="551ce557-a485-4fb6-af72-2e744fee1192" /norestart /L*v "%temp%\LANSS_v10_AgentKitLog.csv

Notes:
Any errors during the process will be logged to the 'LANSS_v10_AgentKitLog.csv' file
Once Agent installation completes, it is important that you run the deployment from the GFI LanGuard console too, as otherwise it would not be aware of the new agent

Saturday, January 28, 2012

Model #: SR5890D

Product #: NJ060AA-AB4

Serial #: CNX9180P0N

Software Build #: 92APv3PrA1

Service ID #: 062-409

PCBRAND: Presario¿

Monday, January 23, 2012

Application Pools <applicationPools>

http://www.iis.net/ConfigReference/system.applicationHost/applicationPools

Warning: Authorization - Cannot verify access to path (C:\inetpub\wwwroot\).

I'm sure you have seen the below warning message many times with IIS 7+

The server is configured to use pass-through authentication with a built-in account to access the specified physical path. However, IIS Manager cannot verify whether the built-in account has access. Make sure that the application pool identity has Read access to the physical path. If this server is joined to a domain, and the application pool identity is NetworkService or LocalSystem, verify that <domain>\<computer_name>$ has Read access to the physical path. Then test these settings again.

Now, you are getting this message, when you clicked on the 'Test Connection' button while you adding new site or virtual directory. I have seen quite many posts regarding this misleading message :)

First of all, this is not an error but warning message instead, next the warning message is pretty self explained, and no need to be extra alarm about it. Anyway, in short because the default application pool identity is NetworkService account, which is a built-in account + default authentication mode is pass-through, hence IIS can't verify 'simulate' or verify the access when you clicked the button. Hmm.... ha! well that's exactly what's written in the warning message :) haha! if you put in a custom account, IIS will take it and access using the account SID, for built-in account, 'things' will kick in at run time. Next, if the resource is readible by user, NetworkService account should have no issue reading the file as well.

Anyway, if you do experience access problem later when you test to access the content path, IIS log file - request status code + sub status code is your best friend, if it is permission related you should be getting 401.3 error. You can also get procmon to help troubleshooting access related errors.

Saturday, January 21, 2012

IIS 7.5

By default, IIS_WPG includes:

BUILTIN\IIS_IUSRS
NT AUTHORITY\LOCAL SERVICE
NT AUTHORITY\NETWORK SERVICE
NT AUTHORITY\SERVICE
NT AUTHORITY\SYSTEM

Friday, January 20, 2012

HTTP Error 500.19 - Internal Server Error: The requested page cannot be accessed because the related configuration data for the page is invalid.

http://www.winservermart.com/Howto/HTTP_Error_500_19_IIS_7.aspx

Open IIS Manager, select root node( the hosting server), in the middle panel double click Feature Delegation. In right panel select Custom Site Delegation..., In upper part of middle panel, click the drop down list and select your site. In Action panel click Reset All Delegation.

Monday, January 16, 2012

SSID

dsquery * -filter "&(objectcategory=computer)(samaccountname=servername$)" -attr objectsid

Sunday, January 15, 2012

Unable to migrate from <source server> to <destination server>: Virtual machine is configured to use a device that prevents migration: Device '<device>' is a SCSI controller engaged in bus-sharing.

Troubleshooting migration compatibility error: Device is a SCSI controller engaged in bus-sharing

Symptoms

A VMotion migration fails
When performing a VMotion migration, the following compatibility error displays:

Unable to migrate from <source server> to <destination server>: Virtual machine is configured to use a device that prevents migration: Device '<device>' is a SCSI controller engaged in bus-sharing.

Resolution

Overview

This error appears if you have a SCSI controller being used in a virtual machine that has the bus-sharing mode changed to either virtual or physical. This configuration is used in virtual machines that are running Microsoft Cluster Services.

Workaround

VMware does not permit VMotion migrations when a virtual machine is using SCSI bus-sharing.

To migrate a virtual machine that is participating in SCSI bus-sharing, VMware recommends powering down the virtual machine and performing a cold migration to the new host.

Friday, January 13, 2012

Thursday, January 12, 2012

Backup- System?State VSS Snapshot warning. File %BeBootDrive%\bootmgr is not present on the snapshot.

BOOTMGR

Error:
File %BeBootDrive%\bootmgr is not present on the snapshot.

Example of error from the Remote Agent debug log on service start:

[2444] Initializing FSs
[2444] Unable to process entry %BeBootDrive%\bootmgr, this means restore will have issues

Example of error in the Remote Agent debug log during a backup job:

[4108] AD:Trouble moving to ROOT path - Status ????? (0x2000FE07) in SystemState::AddPathToSnapshotSet:615
[4108] AD:Trouble adding "System?State\Active Directory" to set - Status FS_NO_MORE (0x2000FE07) in SystemState::AddToSnapshotSet:495
[4108] Writer Automated System Recovery include file list:
[4108] Writer Automated System Recovery exclude file list
[4108] WriterID {BE000CBE-11FE-4426-9C58-531AA6355FC4} InstanceID {9EB918D9-CFC4-4036-9154-259E516D7DD7} selected for backup or restore.
[4108] ImagePath does not has a valid File path
[4108] Status INVALID_PATH_DESCRIPTOR (0xE000FE21) processing file path \\?\GLOBALROOT\Device\HarddiskVolume1\EFI\Microsoft\Boot when getting file descriptors
[4108] Unable to process entry %BeBootDrive%, this means this file will have issues
[4108] Component BCD file list:
[4108] o: %BeBootDrive%\bootmgr

Cause:
A System that utilizes uEFI may receive the exception above when the System State is backed up.

Solution:
1. Exclude the ASR writer from the list of approved writers; ASR writer id is '{BE000CBE-11FE-4426-9C58-531AA6355FC4}'.

To exclude the ASR Writer follow the steps below:
a. Open the Registry on the machine being protected.

Warning:
Incorrect use of the Windows registry editor may prevent the operating system from functioning properly. Great care should be taken when making changes to a Windows registry. Registry modifications should only be carried-out by persons experienced in the use of the registry editor application. It is recommended that a complete backup of the registry and workstation be made prior to making any registry changes.

b. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Backup Exec for Windows\Backup Exec \Engine\Shadow Copy Components\
c. Right click Shadow Copy Components and create a new Key as Additional Not Authorized Writers.
d. Select or Highlight Additional Not Authorized Writers key, and create a String value named ASR.
e. Double click the created String Value ASR, add the value of ASR Writer id '{BE000CBE-11FE-4426-9C58-531AA6355FC4}'.
f. Close the Registry.
Note:
This will ignore the ASR Writer from the approved Writer list.

2. Run the System State backup.

All backups that have the System State selected and have uEFI will need to have the job recreated or System State removed from the job manually and re-selected.

Friday, January 6, 2012

How to enable or disable "debug logging" in Backup Exec for Windows Servers

http://www.symantec.com/business/support/index?page=content&id=TECH23853

Enable debug logging for Backup Exec for Windows Servers

You can temporarily enable Backup Exec debug logging by adding the -debug start parameter to the Backup Exec Remote Agent for Windows Servers service. This is a temporary setting that will be reset when the services are cycled or at the next server reboot. To enable debug logging permanently, see the second section that details editing the reqistry.

To temporarily enable Backup Exec debug logging on Windows 2000, Windows XP, Windows 2003 and Windows 2008:

1. Go to Start > Programs > Administrative Tools > Services

2. Select the Backup Exec Remote Agent for Windows Servers service, and click Stop. When prompted, click Yes to shut down the service.

3. Select and right-click on the Backup Exec Remote Agent for Windows Servers service, and then select Properties

4. In the Startup Parameters box, type -debug. Click Start in the Properties page to start the service. Click OK

5. Select and right-click the Backup Exec Job Engine service, and then select Properties

6. In the Startup Parameters box, type -debug. Click Start in the Properties page. Click OK to close.

To permanently enable Backup Exec debug logging on Windows NT 4.0, Windows 2000, Windows XP, Windows 2003 and Windows 2008:

1. Stop all Backup Exec for Windows Servers services

2. Run REGEDIT.EXE

3. a. Backup Exec 10d or below: Browse to HKey_Local_Machine\Software\VERITAS\Backup Exec\Engine\Logging

b. Backup Exec 11d or above: Browse to HKey_Local_Machine\Software\Symantec\Backup Exec for Windows\Backup Exec\Engine\Logging

4. Change the value of CreateDebugLog to 1 to enable debug logging

5. Quit the registry editor

6. Start the Backup Exec for Windows Servers services

After the Backup Exec Job Engine and Backup Exec Remote Agent for Windows Servers service are started, two log files will be created in the Backup Exec \Logs directory, which is located in one of the following directories:

Backup Exec 10d or below: \Program Files\Veritas\Backup Exec\NT\Logs
Backup Exec 11d or above: \Program Files\Symantec\Backup Exec\Logs

The name of the log files will follow the format of <ServerName>-BENGINEXX.Log for the Backup Exec Job Engine service, and <ServerName>-BEREMOTEXX.LOG for the Backup Exec Remote Agent for Windows Servers service. The XX will increment each time the services are started with the -debug option, so that a new log file is created.

Reference: http://seer.entsupport.symantec.com/docs/254212.htm

Cause:
A System that utilizes uEFI may receive the exception above when the System State is backed up.

Solution:
1. Exclude the ASR writer from the list of approved writers; ASR writer id is '{BE000CBE-11FE-4426-9C58-531AA6355FC4}'.

2. Run the System State backup.

All backups that have the System State selected and have uEFI will need to have the job recreated or System State removed from the job manually and re-selected

Friday, December 30, 2011

Upgrade vCenter Server 4.1 to 5.0

http://www.vmadmin.co.uk/vmware/36-virtualcenter

http://www.vmadmin.co.uk/vmware/36-virtualcenter/284-vsphere4to5upgradevcenter41to5

DRS Rules - Keeping VMs on and seperating VMs across physical servers

http://www.vmadmin.co.uk/vmware/36-virtualcenter/59-drsvmhostrules

Thursday, December 29, 2011

Restrict RDP to certain IP addresses

I suggest you try to configure the following policies on TS server to allow only certain users:

[Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights assignment]

- Allow logon through Terminal Services
- Deny logon through Terminal Services.

Add the users to above policy accordingly.

Restrict remote desktop access to server via IP address

You can use Windows Firewall Advanced settings to restrict the Scope.

Go to Control Panel, Administrative Tools, Windows Firewall with Advanced Settings, Inbound Rules, Remote Desktop (TCP-In), Properties, Scope, Local / Remote IP Address.

How to restrict remote desktop control applications

For instance Terminal Service/Remote Desktop uses tcp port 3389 on the
target computer. You could create ipsec filtering polices that would restrict access
to the port used for your remote access application only from authorized ip addresses
or block certain address ranges. Ipsec policies can be administered via group policy
and local administrators could not override them. If you are having an abuse of
privileges issue, you may also want to enable auditing of logon events on domain
computers which should show when these "administrators" are accessing other
computers. I don't know if it would intefere with their adminstrative functions, but
domain computers can also be configured via security policy/local policies/user
rights assignments for allow and deny access to this computer from the network.

Tuesday, December 27, 2011

VMware ESX physical MAC Address

esxcfg-info -n | grep -B4 'MAC Address' | grep -A5 vmnic

Notes on VMware -

http://www.vmware.com/kb

Knowledge base of troubleshooting information by product

http://www.vmware.com/community/index.jspa

VMware's Discussion Forums

http://www.vmware.com/support/pubs

VMware's Technical Solutions Guides

http://www.vmware.com/support

File Support Requests Online. Phone Contact Information. Support Coverage. Account Information and much more

Chris Wolf

http://www.chriswolf.com/

Mike Laverick - RTFM - VI3 Admin Guides

http://www.rtfm-ed.co.uk/?page_id=7

VMwareland
http://vmware-land.com/Top_10_Lists.html

Scott Lowe
http://blog.scottlowe.org

Daniel Petri

http://www.petri.co.il/virtualization.htm

Documents
http://searchvmware.techtarget.com/
http://searchservervirtualization.techtarget.com/

*********************

Cisco Discovery Protocol (CDP) on vSwitches

http://blog.scottlowe.org/2008/03/11/identifying-esx-server-nics-in-blades/

Starting with version 3.5, VMware added support for Cisco Discovery Protocol (CDP) on the ESX Server vSwitches. CDP support is enabled on a vSwitch with this command:

esxcfg-vswitch -B both vSwitch0
The "-B" parameter is case-sensitive; the "-b" (note the lowercase B) displays CDP status while the "-B" (uppercase B) configures CDP.

Once CDP support is enabled on the vSwitch—and assuming it is enabled on the physical switch—running the "show cdp neighbor" IOS command will show the link between each physical switch port and the matching ESX Server NIC. The output will look something like this:

Capability Codes: R-Router, T-Trans Bridge, B-Source Route Bridge
S-Switch, H-Host, I-IGMP, r-Repeater, P-Phone

Device ID Local Intrfce Holdtme Capability Platform Port ID
s3 Gig 0/26 147 T S WS-C3524-XFas 0/24
esx04 Gig 0/22 168 S VMware ESXvmnic0
esx04 Gig 0/21 168 S VMware ESXvmnic1
As you can see in the output above, the CDP output clearly links the physical switch port and the ESX Server NIC. This makes it incredibly easy to identify the NICs in the server. This is particularly helpful in blade situations, since you can't exactly unplug the NIC and see which one goes down with "esxcfg-nics -l" (a common approach to identifying the NICs in the server). Of course, this requires Cisco switches in the blade chassis. Since the internal port mappings on the blade chassis determine which NICs connect to which ports, this command adds the mapping within ESX Server and lets us quickly and definitively identify the NICs in the server as seen by ESX Server.

*********************

As for gathering cdp information on the esx service console you can run command esxcfg-info, for example to gather cdp information for each nic run 'esxcfg-info | grep -C 18 "\==+CDP Summary"'

*********************

Grep for network info

(note: hints are a record of networks/VLANs ESX has detected - this may not be completely accurate or all inclusive)

Grep parameters

-A NUM
--after-context=NUM
-B NUM
--before-context=NUM

-C NUM
--context=[NUM]
(GNU Extension)
Print NUM lines (default 2) of output context
-e PATTERN
--regexp=PATTERN

-i
--ignore-case

Ignore case distinctions in both the pattern and the input files

*********************

To rename an esx server find and rename the hostname in the files
/etc/hosts
/etc/sysconfig/network
/usr/lib/vmware-mui/apache/conf/httpd.conf
Then reboot the host, or schedule a reboot.

We have had some bad issues with our HA/DRS cluster when renaming esx hosts. It is wise to remove the host you want to rename from the cluster before you rename it and put it back in afterwards. Even then HA will sometimes fail (we had this with one host). If that happens just rename it back and try again.

As far as we could see the issue was that other HA nodes still thought that the old hostname was a primary node of the HA cluster and so they failed to form the HA cluster again. Reinstalling is an option but I'm unsure if this will save your performance/log history (we had no issues on that with renaming).

You should replace the SSL certificate as well.

backup /etc/vmware/ssl/
rm /etc/vmware/ssl/*
service mgmt-vmware restart

vmware ESX 3.5 ip and hostname change
21. January 2008, 16:16 UhrDaily Strugglesjokach
Thanks to the this VMWare blog for providing great instruction on how to change the IP address of my VMWare ESX 3.5 server. Basically I did the following from the service console:

esxcfg-vswif -a vswif0 -p Service\ Console -i 10.1.1.1 -n 255.255.255.0 -b 10.1.1.255
(where -i is my new address, -n is the subnet, and -b is the broadcast address)

We had set it up originally (just to get it going) as a DHCP address, but are ready to put it on the network for good. I also had to change the gateway, and hostname and all as well, which I was able to do easily by logging into the Service Console as root, and then changing /etc/sysconfig/network as follows:

NETWORKING=yes
HOSTNAME=MYSERVERNAME.MYDOMAIN.COM
GATEWAYDEV=10.1.0.250

I then rebooted the ESX server (after bringing down my VM's) to ensure the change is consistent, then did the following from the commandline to ensure it can see the gateway:

[root@extapvmware1 root]# route add default gw 10.1.0.250
[root@extapvmware1 root]# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.1.0.0 * 255.255.0.0 U 0 0 0 vswif0
169.254.0.0 * 255.255.0.0 U 0 0 0 vswif0
default 10.1.0.250 0.0.0.0 UG 0 0 0 vswif0

*********************

Increase Service Console memory before installing Dell Open Manager (800)

*********************

List network info

esxcfg-vswitch -l
esxcfg-vmknic -l
esxcfg-vswif -l
esxcfg-nics -l

Restart VC mgmt agents
service mgmt-vmware restart
service vmware-vpxa restart

List processor info
cat /proc/cpuinfo

Enter maintenance mode from the ESX command line

vimsh -n -e /hostsvc/maintenance_mode_enter

Enable VMotion from the command line:

vimsh -n -e "hostsvc/vmotion/vnic_set vmk0"

Backup every running vm via vcb in just one command:

for /f "tokens=2 delims=:" %%i in ('vcbvmname -h <virtualcenterserver> -u <user> -p <password> -s Powerstate:on ^| find "name:"') do cscript pre-command.wsf "c:\program files\vmware\vmware consolidated backup framework\" %%i fullvm

Dump a specific disk via the VCB Proxy monolithic(1 big chunk)

Open a cmd and go to your VCB installation path

"vcbexport.exe -M 1 -d test01.vmdk -s TestVM/TestVM.vmdk"

Any swapping going on or more info on memory usage in general

Open a putty session to your ESX box

"watch -n 1 cat /proc/vmware/sched/mem"

Reinitialize the VirtualCenter Database

Stop the service

Start vpxd.exe with the option "-b"

CAUTION, this will wipe out the entire database, this is a last resort!

All the VMID's also known as World ID's

vm-support -x

List Snapshots - every delta file gets listed, including the unregistered and/or orphaned snapshots

find /vmfs/volumes -iname "*delta.vmdk"

Grep for network info
esxcfg-info |grep -i -E "MAC|vmnic"
esxcfg-info |grep -i -E "MAC|vmnic|hint|pci"

Esxcfg-vswif – Creates and updates service console network settings. This command is used if you cannot manage the ESX Server host through the VI Client because of network configuration issues

esxcfg-vswif -i new.ip.add.here -n new.sub.net.mask -b new.broad.mask.here vswif0

Changing your service console IP address:

esxcfg-vswif -i new.ip.add.here -n new.sub.net.mask -b new.broad.mask.here vswif0

restart the management software using this: service mgmt-vmware restart

Change the default gateway by editing /etc/sysconfig/network
restart your network services using this: service network restart

Networking
Esxcfg-firewall – Configures the service console firewall ports
Esxcfg-nics – Prints a list of physical network adapters along with information on the driver, PCI device, and link state of each NIC. You can also use this command to control a physical network adapter's speed and duplexing
Esxcfg-route – Sets or retrieves the default VMkernel gateway route
Esxcfg-vmknic - Creates and updates VMkernel TCP/IP settings for VMotion, NAS, and iSCSI
Esxcfg-vswif – Creates and updates service console network settings. This command is used if you cannot manage the ESX Server host through the VI Client because of network configuration issues
Esxcfg-vswitch – Creates and updates virtual machine (vswitch) network settings

Storage
Esxcfg-mpath - Configures multipath settings for your Fibre Channel or iSCSI disks
Esxcfg-nas – Manages NAS mounts. You use this command to add, delete, list, and change the attributes of NAS devices
Esxcfg-swiscsi – Configures your software iSCSI software adapter
Esxcfg-vmhbadevs – Prints a map of VMkernel storage devices to service console devices (no VI client equivalent)

General
Esxcfg-advcfg - Configures advanced options for ESX Server.
Esxcfg-auth – Configures authentication (no VI client equivalent)
Esxcfg-info - Prints information about the state of the service console, VMkernel, various subsystems in the virtual network, and storage resource hardware
Esxcfg-resgrp - Restores resource group settings and lets you perform basic resource group management
Esxcfg-upgrade - Upgrades ESX Server from ESX Server 2.x to ESX Server 3.x. This command is not for general use

Boot/diagnostic
Esxcfg-boot – Configures bootstrap settings (no VI client equivalent)
Esxcfg-dumppart - Configures a diagnostic partition or searches for existing diagnostic partitions
Esxcfg-init - Performs internal initialization routines (no VI client equivalent)
Esxcfg-linuxnet - Converts vswif to eth when booting ESX Server into service-console-only mode rather than into ESX mode (no VI client equivalent)
Esxcfg-module - Sets driver parameters and modifies which drivers are loaded during startup (no VI client equivalent)

Display disk/directory information on the Service Console
Type "df –h" to show drives and space
Type "fdisk –l" to show physical drive information
Type "cat /proc/scsi/scsi" to show SCSI device information
Type "vdf –h" to show vmfs volumes and space
Type "ls –ltr" to show files and space

Other Commands
vmkping - use vmkernel to ping a device
esxcfg-vswif for configuring network interface
vm-support to run diagnostic commands
esxupdate -l query query patches installed on ESX Server
esxcfg-rescan vmhba1 to rescan HBA's
ps -ef | grep hostd To check hostd is running
esxcfg-mpath -l to list path details

esxcfg-vswif -l
Provides a list of the service console's current network interfaces. Check that vswif0 is present and that the current IP address and Netmask are correct.

esxcfg-vswitch -l
Provides a list of current virtual switch configurations.
Check that the uplink adapter configured for the service console is connected to the appropriate physical network.

exscfg-nics -l
Provides a list of current network adapters along with their names
Check that the uplink adapter configured for the service console is up and that the speed and duplex are both correct.

esxcfg-nics -s <speed> <nic>
Changes the speed of a network adapter.

esxcfg-nics -d <duplex> <nic>
Changes the duplex of a network adapter.

esxcfg-vswif -i <new ip address> vswifX
Changes the service console's IP address.

esxcfg-vswif -n <new netmask> vswifX
Changes the service console's netmask.

esxcfg-vswitch -U <old vmnic> <service console vswitch>
Removes the NIC for the service console

esxcfg-vswitch -L <new vmnic> <service console vswitch>
Changes the uplink for the service console.

If you encounter long waits when using esxcfg-* commands, it is possible that DNS is misconfigured.

*******************

To install a guest operating system from an ISO image
1 Log in to VI Web Access.
2 Select the virtual machine into which you are installing the guest operating system from the Inventory panel.
3 In the Hardware section of the Summary tab, click the CD/DVD drive's icon and choose Edit.
4 Select Connect at power on.
5 Select ISO Image. Click Browse to navigate to a file with the .iso extension in an existing datastore. If you enter the path manually, you must use the format: [ datastore_name ] path_and_filename.iso
6 Select the SCSI or IDE device node in the Virtual Device Node section.
NOTE In this release, only Host Media is supported.
NOTE You might need to change the boot order in the virtual machine BIOS so that the virtual machine attempts to boot from the CD/DVD device before trying other boot devices. To do so, press F2 when prompted during virtual machine startup.
7 Click OK to save your changes.
8 Click Power On to power on your virtual machine.
9 Click the Console tab to complete the guest operating system installation using VMware Remote Console. Follow the instructions provided by the operating system vendor.
10 If the ISO image spans multiple files, when you are prompted to insert the next CD:
a Click the Summary tab.
b In the Hardware section, edit the CD settings by clicking the CD/DVD drive's icon and choosing Edit.
c Browse to the location of the next ISO image file, and keep all other selections as they are.
d Click OK.
e Click the Console tab to return to VMware Remote Console.
f In the guest operating system, click OK or otherwise respond to the prompt so that installation can continue.
g Repeat this process for additional files.
11 Install VMware Tools, as described in "Installing VMware Tools" on page 75.

****************************

VMware Infrastructure v3.0 (ESX Server)

Error: Insufficient resources to satisfy HA failover level on cluster in data center.
Error: Internal AAM error. Agent did not start.

Solution:

- Check the HOSTNAME entry in /etc/sysconfig/network to the short name.
- Check if your FQDN is greater than 30 characters, in which case HA will not configure properly. This is a known bug in VC20 (see KB article 2259).
- Check IP, routing, and DNS for each host.
- Make sure that storage and network are available across the cluster - Ensure that the hosts are not managed directly: perform all host management through VC.
- May want to add nodes to /etc/hosts on ESX Server AND hosts file on VC Server. A better plan would be to use primary and secondary DNS servers.
- Check if Service Console has default gateway defined.
- Verify logs: /opt/LGTOaam512/* and /opt/LGTOaam512/vmsupport/*.
- Check /etc/hosts and /etc/resolv.conf.
- In ESX 3.x the memory reservation is zero, and the limit is "unlimited." To see this, edit the settings of a virtual machine, click on the Resources tab, and select Memory on the left. To conform to the ESX 3.x defaults, change the settings to a reservation of 0, and check the Unlimited box under limit. After doing this for all virtual machines, edit the settings for the cluster. Disable HA, and then edit the cluser settings again to reenable HA. The current failover capacity should now match the configured capacity.

**************************

Important Notes on VMotion
• VMotion compatibility depends on the model and stepping of the processor involved. It does not
depend on the model of the system or speed of the processor. Figure 1-1and Figure 1-2 illustrate
VMotion compatibility with respect to Dell PowerEdge systems.
For more information on processor specific information, refer to the Knowledge Base articles 1991,
1992, 1993 on the VMware Knowledge Base website at www.vmware.com/support/kb.
• To determine if processor support exists in a specific VMware ESX release, refer to the appropriate
Systems Compatibility Guide on the VMware website at www.vmware.com.
• Each system model listed in Figure 1-1 includes all currently supported processor models, stepping,
and speeds with that system.
• Each processor specification/model number/series includes all supported processor variants of the
family.
• For the latest information on ESX server support matrix for Dell PowerEdge systems, see the Systems
Compatibility Guide For ESX Server 3.0.x on the VMware website at www.vmware.com.
• Update all systems to the latest BIOS version available on the Dell Support website at
support.dell.com.
NOTE: VMotion between systems with older BIOS versions may fail.
• Migrating between certain processor models require the NX bit to be turned off. This can be
accomplished from VI client interface.
To migrate, right-click Virtual Machine and select Edit Settings? Options? Advanced Settings.
Select Hide the NX flag from guest radio button.
• 64-bit guest operating systems are fully supported starting with ESX 3.0.1. Virtualization Technology
(VT) is required to run 64-bit guest operating systems on Intel platforms. VMware ESX Server does not
use VT to run 64-bit guest operating systems on AMD platforms. For more information on 64-bit guest
operating system VMotion compatibility, see Figure 1-2.
• Disable the the Demand Based Switching (DBS) feature on Intel platforms, in BIOS.
Legend
6 Compatibility Matrix
• Create consistent Virtual Switch names on each of the ESX Servers.
• VMotion requires the setup of a Gigabit Ethernet migration network between all ESX Servers
configured for VMotion. It is recommended that this network is isolated from other production
network traffic.

**********************************

Using Dell OpenManage™ to Configure VT and DBS
http://www.dell.com/downloads/global/solutions/vmotion_compatibility_matix.pdf
In addition to using the BIOS utility, Dell OpenManage can be used to configure Virtualization Technology and DBS (on Intel platforms). For more information on OpenManage installation, see
Installing Dell OpenManage Software in a VMware ESX Server Software Environment on the Dell website
at www.dell.com/vmware.

To verify the current BIOS Settings for VT and DBS, run the following command:
$ omreport chassis biossetup

To enable VT (if it is disabled), run the following command and reboot the system:
$ omconfig chassis biossetup attribute=cpuvt setting=enabled

To disable DBS (if it is enabled), run the following command and reboot the system:
$ omconfig chassis biossetup attribute=dbs setting=disabled

Using OpenManage to Obtain Processor Information
Processor information, such as model number, is available during boot up and through the BIOS utility.
Additionally, OpenManage may be used. Run the following command on the system to get the processor information:
$ omreport chassis processors

*************************

Persistent binding and path failover policy are two different things.

persistent binding is used to map a storage array's port to a fixed SCSI address (e.g. vmhba1:1).

path failover policy tells the multipath driver within ESX server how to respond to fails and repairs of paths to an individual LUN. E.g. fail from vmhba1:0:2 to vmhba1:1:2 or vmhba2:0:2, but don't fail back if vmhba1:0:2 comes back (=MRU).

I don't know what you mean by "LUN ID", but your problem is one level 'higher' (the target 'address'). The order of targets is defined by how they are entered into the Fibre Channel switch's name server and this can change. The fix is: persistent binding (of SCSI targets = storage controller ports).

**************************

Re: The request refers to an object that no longer exists or has never existed Feb 14, 2008 8:54 AM
in response to: Engelsman
kesparlat
8 posts since
Oct 30, 2007
Reply 9. Re: The request refers to an object that no longer exists or has never existed Feb 14, 2008 8:54 AM
in response to: Engelsman

Hi,

I had the same problem. This error is caused when you add a server in mainteinance mode to your DRS cluster. VC cannot recalculate the cpu and memory for the resource pools avaiable in this moment. If you have this problem (requested object....) ,put your server in maintenance mode, drag your server out of the cluster, exit maintenance mode and drag into again.

****************************************

Renaming VM file names when changing VM machine name

Just rename the VM in VC and do a cold migrate with datastore relocation (assume you have a 2nd VMFS volume to move to). VC will move the files to the different datastore and rename them to match your VM name in the process.

*********************

Troubleshooting a purple screen of death

Panicking at the onset of a high impact technical problem can cause impulsive decision making that enhances the problem. Before trying to troubleshoot any problem, pause and relax to approach the task with a clear mind, then address each symptom, possible cause and resolution appropriately.

In this series, I offer solutions for many common problems that arise with VMware ESX host servers, VirtualCenter, and virtual machines in general. Let's begin by addressing common issues with VMware ESX host servers.

Windows server administrators have long been familiar with the dreaded Blue Screen of Death (BSOD), which signifies a complete halt by the server. VMware ESX has a similar state called the purple screen of death (PSOD) which is typically caused by hardware problems or a bug in the VMware code.

Troubleshooting a purple screen of death

When a PSOD occurs, the first thing you want to do is note the information displayed on the screen. I suggest using a digital camera or cell phone to take a quick photo. The PSOD message consists of the ESX version and build, the exception type, register dump, what was running on each CPU at the time of the crash, back-trace, server up-time, error messages and memory core dump info. The information won't be useful to you, but VMware support can decipher it and help determine the cause of the crash.

Unfortunately, other than recording the information on the screen, your only option when experiencing a PSOD is to power the server off and back on. Once the server reboots you should find a vmkernel-zdump-* file in your server /root directory. This file will be valuable for determining the cause. You can use the vmkdump utility to extract the vmkernel log file from the file (vmkdump –l ) and examine it for clues as to what caused the PSOD. VMware support will usually want this file also. One common cause of PSOD's is defective server memory; the dump file will help identify which memory module caused the problem so it can be replaced.

Checking your RAM for errors

If you suspect your system's RAM may be at fault you can use a built-in utility to check your RAM in the background without effecting your running virtual machines. The RAM check utility runs in the VMkernel space and can be started by logging into the Service Console and typing Service Ramcheck Start.

While RAM check is running it will log all activity and any errors to the /var/log/vmware directory in files called ramcheck.log and ramcheck-err.log. One drawback, however, is that it's hard to test all of your RAM with this utility if you have virtual machines (VMs) running, as it will only test unused RAM in the ESX system. A more thorough method of testing your server's RAM is to shutdown ESX, boot from a CD, and run Memtest86+.

Using the vm-support utility
If you contact VMware support, they will usually ask you to run the vm-support utility that packages all of the ESX server log and configuration files into a single file. To run this utility, simply log in to the service console with root access, and type "vm-support" without any options. The utility will run and create a single Tar file that will be named "esx---..tgz". You can send it via FTP to VMware support. Make sure you delete the Tar file from the ESX Server once you are done to save disk space.

Alternatively, you can generate the same file by using the VMware Infrastructure Client (VI Client). Select Administration, then Export Diagnostic Data, and select your host (VirtualCenter data optional) and a directory on your local PC to store the file that will be created.

Using log files for troubleshooting
Log files are generally your best tool for troubleshooting any type of problem. ESX has many log files. Which ones you should check depends on the problem you are experiencing. Below is the list of ESX log files that you will commonly use to troubleshoot ESX server problems. The VMkernel and hosted log files are usually the logs you will want to check first.

VMkernel - /var/log/vmkernel – Records activities related to the virtual machines and ESX server. Rotated with a numeric extension, current log has no extension, most recent has a ".1" extension.

VMkernel Warnings - /var/log/vmkwarning – Records activities with the virtual machines, a subset of the VMkernel log and uses the same rotation scheme.

VMkernel Summary - /var/log/vmksummary - Used to determine uptime and availability statistics for ESX Server; readable summary found in /var/log/vmksummary.txt.

ESX Server host agent log - /var/log/vmware/hostd.log - Contains information on the agent that manages and configures the ESX Server host and its virtual machines. (Search the file date/time stamps to find the log file it is currently outputting to, or open hostd.log, which is linked to the current log file.)

ESX Firewall log - /var/log/vmware/esxcfg-firewall.log – Logs all firewall rule events.

ESX Update log - /var/log/vmware/esxupdate.log – Logs all updates done through the esxupdate tool.

Service Console - /var/log/messages - Contains all general log messages used to troubleshoot virtual machines or ESX Server.

Web Access - /var/log/vmware/webAccess - Records information on web-based access to ESX Server.

Authentication log - /var/log/secure - Contains records of connections that require authentication, such as VMware daemons and actions initiated by the xinetd daemon.