Monday, November 15, 2010

VMware HA

You will need this if you have environments with both ESXi and ESX.

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006541

Friday, November 12, 2010

Collecting from ESX/ESXi with VMware vCM 5.4

If you have VMware vCM (Configuresoft ECM, EMC Ionix SCM) and want to collect from ESX/ESXi you have to create a local user on the ESXi host and give that user Administrator permissions. That can be quite a daunting task if you have more than a handful of machines so I wrote the below powershell program that allows interactive use or automated use with a .CSV file.


---Start Script
Function NextUser
{
if ($newUser)
{
Write-host "Do you want to specify a new service account username or password? [y],[n]" -Fore Green
$continueUser = read-host
if ($continueUser -eq "y")
{
DoIt
}
if ($continueUser -eq "n")
{
DoItUsers
}
}
}

Function ExistingUsers
{
if ($newUser)
{
Write-host "Do you want to specify a new service account username or password? [y],[n]" -Fore Green
$continueUser = read-host
if ($continueUser -eq "n")
{
DoItUsers
}
if ($continueUser -eq "y")
{
DoIt
}
}
if (!$newUser)
{
DoIt
}
}

Function DoIt
{
write-host "Please enter the username that you would like to use for the vCM Service Account:" -Fore Green
$newUser = read-host
write-host "Please enter the password that will be used for the service account:" -Fore Green
$newPass = read-host
write-host "Ok, I am going to add $newUser with a password of $newPass to $connectedServer" -Fore Green
Start-Sleep -seconds 3
New-VMHostAccount -ID $newUser -password $newPass -Description "vCM Service Account"
write-host "Ok, I am now adding administrator permissions to the account we just created" -Fore Green
New-VIPermission -Role admin -Principal $newUser -Entity $connectedServer
write-host "Congratulations, you have added the new vCM service account successfully." -Fore Green
write-host "Would you like to configure another host? [y],[n]" -Fore Green
$nextHost = read-host
if ($nextHost -eq "y")
{
NextHost
}
if ($nextHost -eq "n")
{
write-host "Thanks, have a great day!" -Fore Green
exit
}
}


Function DoItUsers
{
write-host "Ok, I am going to add $newUser with a password of $newPass to $connectedServer" -Fore Green
Start-Sleep -seconds 3
New-VMHostAccount -ID $newUser -password $newPass -Description "vCM Service Account"
write-host "Ok, I am now adding admin permissions to the account we just created" -Fore Green
New-VIPermission -Role admin -Principal $newUser -Entity $connectedServer
write-host "Congratulations, you have added the new vCM service account successfully." -Fore Green
write-host "Would you like to configure another host? [y],[n]" -Fore Green
$nextHost = read-host
if ($nextHost -eq "y")
{
NextHost
}
if ($nextHost -eq "n")
{
write-host "Thanks, have a great day!" -Fore Green
}
}


Function NextHost
{
write-host "Please enter the FQDN of the server that you would like to connect to:" -Fore Green
$server = read-host
write-host "Connecting to $server using the credentials that you specified..." -Fore Green
Connect-VIServer -Server $server -User $existingUser -Password $existingPass
$connectedServer = Get-VMHost
write-host "Now using $connectedServer..." -Fore Green
if (!$connectedServer)
{
write-host ""
write-host "That host does not appear to be valid, please try again." Fore Yellow
NextHost
}

ExistingUsers
}


write-host ""
write-host ""
write-host "-- Welcome to my VMware vCM ESX/ESXi Service Account user deployment tool. This tool will allow you to easily deploy a vCM Service Account to your ESX/ESXi hosts -calebs71.blogspot.com --" -Fore Cyan
write-host ""
if (!$args[0])
{
write-host "Did you know that you can provide a CSV file with your server FQDN, ESX user, ESX Password, New Service User, New Service Password and automate the whole process?" -Fore Yellow
write-host ""
write-host "Example: vCM Service Acct on ESX.ps1 c:\list.csv"
write-host "FQDN,User,Password,SVCuser,SVCPass"
write-host "machine1.test,root,password,vcm_svc,password2"
write-host ""
write-host "Please enter a valid ESX/ESXi account with permissions to add a new user:" -Fore Green
$existingUser = read-host
write-host "Please enter the password:" -Fore Green
$existingPass = read-host
$connectedServer = Get-VMHost
if (!$connectedServer)
{
write-host ""
write-host "You are not connected to an ESX host..." -Fore Yellow
NextHost
}
write-host "You are currently connected to $connectedServer do you want to change servers? [y], [n]" -Fore Green
$response = read-host
if ($response -eq "y")
{
NextHost
}
if ($response -eq "n")
{
write-host "Continuing to use $connectedServer" -Fore Green
DoIt
}
}
if ($args[0])
{
$listMachines = import-csv $args[0]
if ($listMachines)
{
foreach ($MachineItem in $listMachines)
{
# write-host "FQDN : " $MachineItem.FQDN
# write-host "User : " $MachineItem.User
# write-host "Password : " $MachineItem.Password
# write-host "SVC User : " $MachineItem.SVCUser
# write-host "SVC Pass : " $MachineItem.SVCPass
# write-host "Connect-VIServer -Server "$MachineItem.FQDN " -User "$MachineItem.User " -Password "$MachineItem.Password
# write-host "New-VMHostAccount -ID "$MachineItem.SVCUser " -password "$MachineItem.SVCPass " -Description "vCM Service Account""
# write-host "New-VIPermission -Role admin -Principal " $MachineItem.SVCUser " -Entity " $MachineItem.FQDN

Connect-VIServer -Server $MachineItem.FQDN -User $MachineItem.User -Password $MachineItem.Password
New-VMHostAccount -ID $MachineItem.SVCUser -password $MachineItem.SVCPass -Description "vCM Service Account"
New-VIPermission -Role admin -Principal $MachineItem.SVCUser -Entity $MachineItem.FQDN
}

}

}

Wednesday, October 27, 2010

Error Removing Host from vSphere

I have a host (ESX 4.0) that I need to remove from one of my clusters but after putting it into maintenance mode and shutting it down the Remove option is grayed out. I found some references online that mention using the PowerCLI to manually remove the host but ran into a caveat that none of the other posts mentioned. When I ran the remove-vmhost command I got the following error: "The method is disabled by 'com.vmware.vcintegrity'". To get around this I had to take the disconnected host and remove it from the cluster and then run the remove-vmhost command to remove it from vSphere. I imagine that this is related to capacity issues on our old cluster but we are trying to move our blades and accompanying guests to a new cluster so HA and DRS is not high on the priority list.

Wednesday, October 20, 2010

Syntax to install HP CIM Providers on ESX4i

First, download and install the vCLI tools from vmware.com on your desktop.

Second, download the CIM Providers from HP.com

Third, Place host in Maintenance Mode and then scan the ESXi host for the Bulletin ID to be installed

c:\Program Files (x86)\VMware\VMware vSphere CLI\bin>vihostupdate.pl -server -username root - scan - bundle

should return a name like

hpq-esxi4.1uX-bundle-1.0 (note: this is case sensitive)

Fourth, install the bulletin

c:\program files (x86)\VMware\VMware vSphere CLI\bin>vihostupdate.pl -server -username root -bundle c:\hpq-esxi4.1uX-bundle-1.0.zip -install - bulletin hpq-esxi4.1uX-bundle-1.0

Fifth, reboot the host.

Monday, September 27, 2010

A Truly Virtual ESX Environment

Here is a training environment that I am almost done building on my laptop. I am running Windows 7 x64 with 8GB RAM and VMware Workstation 7.
Guests are:
1. Openfiler NAS (iSCSI Target)
2. ESX 4.1 Host
3. ESX 4.1 Host
4. XP
5. vCenter Server

In the past I always put the vCenter box on the ESX hosts however 4.1 requires a 64 bit OS and that is not possible yet in a nested virtual environment.



Up next DRS needs configured and I will have a ready to roll ESX Cluster.

Issues Configuring VMware ESX HA

I got the following error when attempting to add my ESX hosts to a vCenter Cluster: "Cannot complete the configuration of the HA agent on the host. Misconfiguration in the host network setup." This was caused because I don't have a default gateway since it is a small test environment. It appears that you have to be able to ping your default gateway to enable HA. For my test environment I now have a VM that is a guest under my test ESX host that is on the DG IP. Problem solved.

Side note: If you have a VMware ESX cluster and one of the nodes fails and your default gateway is unavailable your HA will fail...

Tuesday, September 21, 2010

SSRS 2008 Domain User Issue

Scenario: I have a new SQL Server Reporting Services 2008 R2 x64 instance that works if you are the local administrator. Once I switch to another user who is an implied administrator via an AD group I get the following error when attempting to access SSRS in a browser:

"User 'TESTDOM\user' does not have required permissions. Verify that sufficient permissions have been granted and Windows User Account Control (UAC) restrictions have been addressed."

The user is a member of the domain admins group which is obviously a member of the local admins. Also if I right click on IE8 and say "Run As Administrator" it works. The quick fix is to disable the UAC. If you don't want to do that then just do the below:

1. Launch IE8 using "Run As Administrator" and in SSRS (http://servername/Reports) click on Site Settings. In Site Settings navigate to "Security" and add your user "TESTDOM\user" as a System Administrator.

2. Click on "Home" and then "Folder Settings". Now add your account again this time assigning yourself all the roles (Browser, Content Manager, My Reports, Publisher, Report Builder).

3. Close Administrative IE session and open a normal IE8 window and your SSRS should work.

Wednesday, September 1, 2010

Removing BitLocker on Windows 7

When attempting to remove BitLocker drive encryption from your Windows 7 machine you would naturally right click on the drive in question and say "Manage BitLocker". This brings up a couple options but none of them will allow you to remove BitLocker and decrypt the drive. What you need to do is go Control Panel > System and Security > BitLocker Drive Encryption and select the option to remove BitLocker.

Monday, July 26, 2010

Killing a hung VM in LabManager (ESX)

First find the machine name which in LabManager is usually proceeded by a 6 digit number. Then from the console type
"ps -auxwww | grep -i (######-machine name).vmx"

This will give you the PID which you can kill using
"kill -9 (PID)"

Wednesday, July 14, 2010

Windows Update Issue

I just won against a Windows Update issue on XP that had me quite puzzled. The error that I was getting with both Microsoft and Windows Update was "Error Number: 0x8024402C The website has encountered a problem and cannot display the page you are trying to view." and "Error Number: 0x8024402C The website has encountered a problem and cannot display the page you are trying to view."

Looking at the WindowsUpdate.log file under "c:\Windows\" I found a line that says

"WARNING: SendRequest failed with hr = 80072ee7. Proxy List Used <proxy.company.com:1234> Bypass List Used : <null>"

The proxy however in IE has been removed so that there is no proxy under Tools > Internet Options > Connections > LAN Settings. Here is the catch, if you open a command prompt and type in "proxycfg" you will see that the proxy listed in the WindowsUpdate.log error is still in the registry. To clear this type in the following

proxycfg -d
net stop wuauserv
net start wuauserv

Once you have cleared that cached proxy MS update and Windows Update will work again. MS has a document on this proceedure on their website.

Tuesday, June 15, 2010

BartPE and GetDataBack for NTFS

I was running into an issue while building a BartPE image with "GetDataBack For NTFS" where the Bart CD would work fine until I attempted to launch GetDataBack then nothing would happen. I have tried different versions of the Windows build source (2k3, xp, different service packs) and different versions of the GetDataBack plugin to no avail, it just will not launch. Oddly enough this appears to be caused by the build machine which in my case is running Windows 7. It appears that if you build your ISO on a Windows 7 machine even though you are using XP build source the plugin will not work. I copied my PeBuilder directory to an XP machine that had BartPE installed and it works fine.

Tuesday, June 8, 2010

Cisco IPSec 64bit VPN

Cisco finally released a version of the Cisco VPN Client that works on 64bit machines and is IPSec capable.

From their site:
"The new release VPN Client 5.0.07 supports the Windows Vista on both x86 (32-bit) and x64. Refer to the 5.0.07.0240 Release Notes for more information."

I just installed it on my Windows 7 x64 laptop and it works just fine.

Friday, May 14, 2010

Bad ESX Network Driver on BL490c G6

Ok, so here is the scenario: HP Blade (BL490c G6) has a bad stick of RAM, pull blade from cabinet, swap RAM, re-insert blade, power on blade and receive the following ESX error:

"networking-drivers ...
No compatible network adapter found. Please consult the product's Hardware Compatibility Guide (HCG) for a list of supported adapters."

At first we were sure that the issue was firmware related however it appears that it just might be a bad VMware driver. Here's why: I went ahead and did two test cases to isolate the issue to the VMware driver on our BL490c G6 blades.

Blade 1: Updated to newest Firmware from HP Smart Update Firmware. This updated the NIC Bootcode from 5.0.11 to 5.2.7 but left the iSCSI at 3.1.5. After this the machine will boot most of the time after the blade is removed from the chassis, however after several reboots there are seemingly random times when ESX will not load the NIC and you get the "No compatible network adapter found" error when attempting to boot ESX. After installing the new drivers found at "http://www.vmware.com/support/vsphere4/doc/drivercd/esx40-net-bnx2x_400.1.48.107-1.0.4.html" using the esxupdate command it works fine. I have rebooted many times and removed the blade and am no longer able to get the error.

Blade 2: I left the firmware alone and just updated the VMware driver to the latest from the above URL. After several reboots and physically removing the blade from the cabinet twice I am unable to get the error.

Conclusion: Looks like a VMware driver issue; however updating the HP Firmware on the NIC from 5.0.11 to 5.2.7 does seem to help the issue taking it from happening every time to approximatly %50 of the time.

Wednesday, April 21, 2010

W32/Wecorl.a McAfee False Positive Workaround

If you are running McAfee Antivirus on Windows XP SP3 and have an issue with your computer rebooting with a message of "Windows must now restart because the DCOM Service Process Launcher service terminated unexpectedly" and W32/Wecorl.a is reported on your machine in the Application Event Log then it is caused by a known issue with DAT 5958. To abort the automated shutdown open a command prompt and type in "shutdown -a" and then get yesterday's (5957) superDAT from McAfee at http://www.mcafee.com/apps/downloads/security_updates/superdat.asp?region=us&segment=enterprise and run the file from the command prompt with a /F switch to force the downgrade and reboot when prompted. That will work until McAfee fixes the issue.

*QUICK UPDATE*
After doing the above steps you may not be able to connect to the network and also will notice that many of your services that are set to automatic will not start. This is because your svchost.exe file was eaten by McAfee. Copying SVCHOST.exe from another good XP SP3 machine to your broken one's c:\windows\system32\ directory fixes that issue.

Friday, March 19, 2010

Outlook 2007 - Cannot open the Outlook Window

I ran into an interesting issue this morning. User is running Windows 7 with Outlook 2007 and when he attempts to launch Outlook he gets an error that says "Cannot Start Microsoft Outlook. Cannot open the Outlook Window." I have attempted to repair Office which failed with the bootstrapper crashing but was able to uninstall Office 2007 and re-install it. The issue still remained even after a full removal and re-install. I deleted the mail profile and OST which also did nothing. The final fix is this: Open a command prompt and navigate to the Office12 directory and run this command "outlook.exe /resetnavpane" Odd that a re-install does not reset it enough...