I've had several times where the question of what type of power does a switch require has come up during design and installs. How much PoE can it provide if we use this power supply or that one?
Here's a handy little web page from Cisco that I always struggle to find... It's all on the 4500 series power supplies and PoE capabilities and is great for determining whether you can plug in your switch or not...
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps4324/product_data_sheet09186a00801f3dd9.html
Oh and I apologize for the lack of virtual-ness in the post, but I'm afraid that's how my posts will be. :)
Tuesday, December 29, 2009
Monday, December 28, 2009
VMware Static MAC addresses
I have come across the need for the static MAC addresses on many machines that I have P2V'd that have licensing tied to a single MAC.
Here is a great doc link and a a link to a tool to set many vm's at a time.
http://virtrix.blogspot.com/2007/04/vmware-configuring-static-mac-address.html
http://www.run-virtual.com/?page_id=173
Here is a great doc link and a a link to a tool to set many vm's at a time.
http://virtrix.blogspot.com/2007/04/vmware-configuring-static-mac-address.html
http://www.run-virtual.com/?page_id=173
Sunday, December 27, 2009
Microsoft NLB in VMWare
I have been setting up MS NLB's for Exchange and Sharepoint for awhile now and have come across a list of best practices if building the environment in a virtual environment.
1.) You must use Multicast NLB’s – Unicast will cause failover and load balancing to occur very slowly or not at all due to ARP Cache not being refreshed and moved to new Virtual Hosts quick enough. The work around to make Unicast (Turning off Switch Notify) work will cause VMotion and DRS issues inside of vSphere. These should get you started
a. http://telnetport25.wordpress.com/2008/03/24/quick-tip-configuring-network-load-balancing-nlb-on-windows-2008-for-exchange-cas-servers/
b. http://msmvps.com/blogs/clusterhelp/archive/2007/10/05/exchange-server-2007-hub-transport-and-client-access-service-on-the-same-nlb-cluster.aspx
2.) By default server 2008 has IP forwarding disabled which means you either need to add a default gateway to the NLB Multicast nic (not desirable) or reenable IP forwarding (easy and preferred)
a. http://www.windowsreference.com/windows-server-2008/dual-nic-nlb-configuration-with-windows-server-2008-nlb-clusters/
3.) Because Microsoft cannot follow an RFC the MS NLB’s Multicast MAC address is not recognized by most hardware vendors by default. You will most likely need to statically add an Arp entry on your router. Here is an example for Cisco (provided by Rob)
a. http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a0080a07203.shtml
1.) You must use Multicast NLB’s – Unicast will cause failover and load balancing to occur very slowly or not at all due to ARP Cache not being refreshed and moved to new Virtual Hosts quick enough. The work around to make Unicast (Turning off Switch Notify) work will cause VMotion and DRS issues inside of vSphere. These should get you started
a. http://telnetport25.wordpress.com/2008/03/24/quick-tip-configuring-network-load-balancing-nlb-on-windows-2008-for-exchange-cas-servers/
b. http://msmvps.com/blogs/clusterhelp/archive/2007/10/05/exchange-server-2007-hub-transport-and-client-access-service-on-the-same-nlb-cluster.aspx
2.) By default server 2008 has IP forwarding disabled which means you either need to add a default gateway to the NLB Multicast nic (not desirable) or reenable IP forwarding (easy and preferred)
a. http://www.windowsreference.com/windows-server-2008/dual-nic-nlb-configuration-with-windows-server-2008-nlb-clusters/
3.) Because Microsoft cannot follow an RFC the MS NLB’s Multicast MAC address is not recognized by most hardware vendors by default. You will most likely need to statically add an Arp entry on your router. Here is an example for Cisco (provided by Rob)
a. http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a0080a07203.shtml
Sunday, December 13, 2009
SRM 4.0 Best Practices Guide
The SRM Best practices guide was released a few weeks ago.
Here is the link. Very good read.
http://blogs.vmware.com/uptime/2009/12/vmware-vcenter-site-recovery-manager-40-performance-and-best-practices-white-paper-posted.html
and for those that want to play with SRM but dont have the equipment here is a guide on how to do it.
http://tendam.wordpress.com/2008/11/18/srm-in-a-box-final-release-the-complete-setup/
Awesome guide.
Another great place for guides is
http://viops.vmware.com/home/community/availability?view=documents
Here is the link. Very good read.
http://blogs.vmware.com/uptime/2009/12/vmware-vcenter-site-recovery-manager-40-performance-and-best-practices-white-paper-posted.html
and for those that want to play with SRM but dont have the equipment here is a guide on how to do it.
http://tendam.wordpress.com/2008/11/18/srm-in-a-box-final-release-the-complete-setup/
Awesome guide.
Another great place for guides is
http://viops.vmware.com/home/community/availability?view=documents
VMware VIEW4 Deployment
After doing a few of these a few things keep coming back and I wanted to point them out and give some links.
The desktop image has become the single most important factor is making sure your implementation is successful from the end user perspective. This is the guide from VMware that is buried in the Administrator guide.
TCPDump has the best guides that I have seen when it comes to VDI deployments.
Desktop Tweaks
General Link for VDI
SSL Certificate guide, generate and install
ThinApp
VMware Security Explained
A great description on why we break out the service console from the network nics from the VMware security blog.
http://blogs.vmware.com/security/
October 6th Post
http://blogs.vmware.com/security/
October 6th Post
The Common Vulnerability Scoring System and VMware network isolation
The Common Vulnerability Scoring System (CVSS) is an standard for assessing the severity of computer system security vulnerabilities. CVSS is composed of three metric groups: Base, Temporal, and Environmental, each consisting of a set of metrics. For those not familiar with CVSS, here is a blog post Common Vulnerability Scoring System (CVSS) Explained.
In this blog post I intend to show with VMware products the CVSS Access Vector (AV) can be different depending on how virtual networking is setup, and is thus affected by the user environment. Perhaps CVSS should consider moving the Access Vector metric from the Base metric set to Environmental metric set. I will show why it is so important to isolate your management network, because when using VMware's best practices the CVSS base score of many vulnerabilities will be reduced.
This is where both the ESX Service Console (or the ESXi management network) and the virtual machine network are both on the same vSwitch which connects them to the Internet. Note this is NOT recommended! Most Operating Systems don't have virtual switches or layer 2 network isolation, and so they would fall under Scenario 1 where all networking is exposed to the Internet. This Leaves the CVSS Access Vector value to be Network.
Here the management network is on a different vSwitch and on a totally different network then the virtual machines which are connected to the Internet. There is NO direct route from the Internet to the management interface, nor to the ESX Service Console. This is VMware's recommendation for platform security best practices and it provides an additional layer of protection. In this scenario using the CVSS definitions, the management network is on a local IP subnet or Adjacent Network, and the virtual machine port group is on the Internet or CVSS defined "Network."
The National Vulnerability Database rates this CVE as:
CVSS v2 Base Score:5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:N/A:P)
But this also assumes the Access Vector is Network (AV:N). If you are following VMware's best practices, then your management network is isolated. There is no way an attacker from the Internet/Network can get to the management network stack, even if there is a flaw in the management network stack, thus the only Access Vector is through the Adjacent Network (AV:A). This adjustment in the Access Vector to (AV:A) from (AV:N) changes the CVSS score to:
CVSS v2 Base Score:3.3 (LOW) (AV:A/AC:L/Au:N/C:N/I:N/A:P)
This is just one example where a base metric Access Vector doesn't meet the CVSS criteria of "the characteristics of a vulnerability that are constant with time and across user environments" because of virtualization. While looking at CVSS we noticed a few other interesting conditions that need to be considered because of virtualization. But we'll leave that to another post.
All ESX Service Console vulnerabilities and ESXi management service vulnerabilities can also be modified when using VMware security best practices as shown above. The Access Vector is no longer just Network (AV:N), but it becomes Adjacent Network (AV:A) when using multiple virtual switches
So when evaluating security risk using CVSS consider how you have deployed your machines, consider how the networking is setup and if you are following VMware's best practices you may be able to lower your CVSS score to better reflect your risk. If you NOT following VMware's best practices, perhaps it is time to re-evaluate your security setup and consider isolating your management network.
- Base: represents the intrinsic and fundamental characteristics of a vulnerability that are constant over time and user environments.
- Temporal: represents the characteristics of a vulnerability that change over time but not among user environments.
- Environmental: represents the characteristics of a vulnerability that are relevant and unique to a particular user's environment.
- Access Vector (AV)
- Access Complexity (AC)
- Authentication (Au)
- Confidentiality Impact (C)
- Integrity Impact (I)
- Availability Impact (A)
| Metric Value | Description |
|---|---|
| Local (L) | A vulnerability exploitable with only local access requires the attacker to have either physical access to the vulnerable system or a local (shell) account. Examples of locally exploitable vulnerabilities are peripheral attacks such as Firewire/USB DMA attacks, and local privilege escalations (e.g., sudo). |
| Adjacent Network (A) | A vulnerability exploitable with adjacent network access requires the attacker to have access to either the broadcast or collision domain of the vulnerable software. Examples of local networks include local IP subnet, Bluetooth, IEEE 802.11, and local Ethernet segment. |
| Network (N) | A vulnerability exploitable with network access means the vulnerable software is bound to the network stack and the attacker does not require local network access or local access. Such a vulnerability is often termed "remotely exploitable". An example of a network attack is an RPC buffer overflow. |
In this blog post I intend to show with VMware products the CVSS Access Vector (AV) can be different depending on how virtual networking is setup, and is thus affected by the user environment. Perhaps CVSS should consider moving the Access Vector metric from the Base metric set to Environmental metric set. I will show why it is so important to isolate your management network, because when using VMware's best practices the CVSS base score of many vulnerabilities will be reduced.
Consider the following scenarios.
In the following scenarios we'll take a look at an ESX system with several virtual machines. The virtual machines are connected to the Internet.Scenario 1
Scenario 2
Vulnerabilities
Now consider a vulnerability in the ESX Service Console. Let's take CVE-2008-4309, "a denial-of-service flaw was found in the way net-SNMP processes SNMP GETBULK requests. A remote attacker who issued a specially-crafted request could cause the snmpd server to crash."The National Vulnerability Database rates this CVE as:
CVSS v2 Base Score:5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:N/A:P)
But this also assumes the Access Vector is Network (AV:N). If you are following VMware's best practices, then your management network is isolated. There is no way an attacker from the Internet/Network can get to the management network stack, even if there is a flaw in the management network stack, thus the only Access Vector is through the Adjacent Network (AV:A). This adjustment in the Access Vector to (AV:A) from (AV:N) changes the CVSS score to:
CVSS v2 Base Score:3.3 (LOW) (AV:A/AC:L/Au:N/C:N/I:N/A:P)
This is just one example where a base metric Access Vector doesn't meet the CVSS criteria of "the characteristics of a vulnerability that are constant with time and across user environments" because of virtualization. While looking at CVSS we noticed a few other interesting conditions that need to be considered because of virtualization. But we'll leave that to another post.
All ESX Service Console vulnerabilities and ESXi management service vulnerabilities can also be modified when using VMware security best practices as shown above. The Access Vector is no longer just Network (AV:N), but it becomes Adjacent Network (AV:A) when using multiple virtual switches
So when evaluating security risk using CVSS consider how you have deployed your machines, consider how the networking is setup and if you are following VMware's best practices you may be able to lower your CVSS score to better reflect your risk. If you NOT following VMware's best practices, perhaps it is time to re-evaluate your security setup and consider isolating your management network.
DMZ on vSphere with Cisco Nexus Whitepaper
http://www.vmware.com/files/pdf/dmz-vsphere-nexus-wp.pdf
Great Whitepaper co-branded by both Cisco and VMware
Great Whitepaper co-branded by both Cisco and VMware
VMware Distributed Switch
A great guide on what it is, how it works and how to migrate to it.
http://blogs.vmware.com/networking/2009/07/vnetwork-distributed-switchmigration-and-configuration.html
http://blogs.vmware.com/networking/2009/07/vnetwork-distributed-switchmigration-and-configuration.html
Thursday, November 19, 2009
NO SQL or Crystal Service
We had an error when we removed the VMware tools it removed the MSVCP71.dll from the C:\Windows\System32 directory.
The funny thing was that many other programs use that dll. We copied it from another server and "poof" all services worked.
Later
bb
The funny thing was that many other programs use that dll. We copied it from another server and "poof" all services worked.
Later
bb
Tuesday, November 17, 2009
SRM and Linked clones
I was given this link by a very awesome VMware engineer.
Enjoy
bb
http://virtualgeek.typepad.com/virtual_geek/2009/10/howto-use-site-recovery-manager-and-linked-clones-together.html
Enjoy
bb
http://virtualgeek.typepad.com/virtual_geek/2009/10/howto-use-site-recovery-manager-and-linked-clones-together.html
Friday, November 13, 2009
Thursday, November 12, 2009
ThinApp Resources
I've been doing some ThinApp testing, and have found a few useful resources.
http://blogs.vmware.com/thinapp/
The blog itself is awesome, but there are a few specific posts relating to IE6 that are important if you ever need to ThinApp it.
http://blogs.vmware.com/thinapp/2009/02/ie_notes.html
http://blogs.vmware.com/thinapp/2009/09/running-ie6-on-a-windows-xp-with-ie8-locally-installed.html
And this one for JAVA:
http://blogs.vmware.com/thinapp/2008/10/step-by-step-in.html
Enjoy!
http://blogs.vmware.com/thinapp/
The blog itself is awesome, but there are a few specific posts relating to IE6 that are important if you ever need to ThinApp it.
http://blogs.vmware.com/thinapp/2009/02/ie_notes.html
http://blogs.vmware.com/thinapp/2009/09/running-ie6-on-a-windows-xp-with-ie8-locally-installed.html
And this one for JAVA:
http://blogs.vmware.com/thinapp/2008/10/step-by-step-in.html
Enjoy!
Friday, November 6, 2009
Hooray!!! I am now a VCP 4
I passed my VCP exam today! I used many things to help study but one of the best things was this.
http://www.vreference.com/vsphere4-card/
Later
Sensei
http://www.vreference.com/vsphere4-card/
Later
Sensei
Monday, November 2, 2009
Sunday, November 1, 2009
USB inside a VM?
http://www.petri.co.il/vmware-esxi4-vmdirectpath.htm
While not an officially supported option, this is a nice article on getting USB and PCI direct access to a Virtual Guest
While not an officially supported option, this is a nice article on getting USB and PCI direct access to a Virtual Guest
Ninja Down
One of our own is under the weather, take your time, get well, and slowly virtual domination will once again be ours.
Good luck C.R.
Sensai
Good luck C.R.
Sensai
ISCSI, Jumbo Frames, Round Robin, etc
I have been doing a lot of Dell Equalogic installs lately so I wanted to share the Links/Docs that I use to to set MTU, JUMBO Frames, and Round Robin setups.
With a Distributed Switch (Enterprise Plus)
http://blog.scottlowe.org/2009/05/21/vmware-vsphere-vds-vmkernel-ports-and-jumbo-frames/
Normal Vswitch
http://blog.scottlowe.org/2008/04/22/esx-server-ip-storage-and-jumbo-frames/
Everything you every wanted to know about iSCSI and how it relates to the different vendors
With a Distributed Switch (Enterprise Plus)
http://blog.scottlowe.org/2009/05/21/vmware-vsphere-vds-vmkernel-ports-and-jumbo-frames/
Normal Vswitch
http://blog.scottlowe.org/2008/04/22/esx-server-ip-storage-and-jumbo-frames/
Everything you every wanted to know about iSCSI and how it relates to the different vendors
Sample Config for EtherChannel/Link agg with Cisco/HP
LINK to the Direct VMWARE KB PAGE
The following are EtherChannel supported scenarios:
One IP to many IP connections. (Host A making two connection sessions to Host B and C)
Many IP to many IP connections. (Host A and B multiple connection sessions to Host C,D, and etc)
Note: One IP to one IP connections over multiple NIC is not supported. (Host A one connection session to Host B uses only one NIC)
Compatible with all ESX VLAN configuration modes: VST, EST, and VGT. For more information on these modes, see Configuring VLANs in an ESX Server environment (1003806).
Supported Cisco configuration: EtherChannel Mode ON – (Enable Etherchannel only)
Supported HP configuration: Trunk Mode
Supported switch Aggregation algorithm: IP-SRC-DST short for (IP-Source-Destination)
Supported Virtual Switch NIC Teaming mode: IP HASH
Lower model Cisco switches may have MAC-SRC-DST set by default and may require additional configuration. See the following article for additional information: http://www.cisco.com/en/US/tech/tk389/tk213/technologies_tech_note09186a0080094714.shtml
The following is a Cisco EtherChannel sample configuration:
interface Port-channel1
switchport
switchport access vlan 100
switchport mode access
no ip address
!
interface GigabitEthernet1/1
switchport
switchport access vlan 100
switchport mode access
no ip address
channel-group 1 mode on
!
ESX Server and Cisco switch sample topology and configuration:
Run the following command to verify EtherChannel loadbalancing mode configuration:
Switch# show etherchannel load-balance
EtherChannel Load-Balancing Configuration:
src-dst-ip
mpls label-ip
EtherChannel Load-Balancing Addresses Used Per-Protocol:
Non-IP: Source XOR Destination MAC address
IPv4: Source XOR Destination IP address
IPv6: Source XOR Destination IP address
MPLS: Label or IP
Switch#show etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
Number of channel-groups in use: 2
Number of aggregators: 2
Group Port-channel Protocol Ports
------+-------------+-----------+--------------------------
1 Po1(SU) - Gi1/15(P) Gi1/16(P)
2 Po2(SU) - Gi1/1(P) Gi1/2(P)
Switch#show etherchann protocol
Channel-group listing:
-----------------------
Group: 1
----------
Protocol: - (Mode ON)
Group: 2
----------
Protocol: - (Mode ON)
HP Switches Sample Configuration
The following configuration is specific to HP switches:
HP switches supports only two modes of LACP, ACTIVE, and PASSIVE while ESX does not support either LACP mode currently.
Set HP Switch port mode to TRUNKto accomplish static link aggregation with ESX.
TRUNK Modeof HP switch ports are the only supported aggregation method compatible with ESX 3.X NIC teaming mode IP hash.
Configuring loadbalancing within the Virtual Infrastructure Client
To configure vSwitch properties for loadbalancing:
Highlight the ESX Server host.
Click the Configuration tab.
Click the Networking link.
Click Properties.
Highlight the virtual switch in the Ports tab and click Edit.
Click the NIC Teaming tab.
From the Load Balancing dropdown, choose Route based on ip hash.
Verify that there are two or more network adapters listed under Active Adapters.
The following are EtherChannel supported scenarios:
One IP to many IP connections. (Host A making two connection sessions to Host B and C)
Many IP to many IP connections. (Host A and B multiple connection sessions to Host C,D, and etc)
Note: One IP to one IP connections over multiple NIC is not supported. (Host A one connection session to Host B uses only one NIC)
Compatible with all ESX VLAN configuration modes: VST, EST, and VGT. For more information on these modes, see Configuring VLANs in an ESX Server environment (1003806).
Supported Cisco configuration: EtherChannel Mode ON – (Enable Etherchannel only)
Supported HP configuration: Trunk Mode
Supported switch Aggregation algorithm: IP-SRC-DST short for (IP-Source-Destination)
Supported Virtual Switch NIC Teaming mode: IP HASH
Lower model Cisco switches may have MAC-SRC-DST set by default and may require additional configuration. See the following article for additional information: http://www.cisco.com/en/US/tech/tk389/tk213/technologies_tech_note09186a0080094714.shtml
The following is a Cisco EtherChannel sample configuration:
interface Port-channel1
switchport
switchport access vlan 100
switchport mode access
no ip address
!
interface GigabitEthernet1/1
switchport
switchport access vlan 100
switchport mode access
no ip address
channel-group 1 mode on
!
ESX Server and Cisco switch sample topology and configuration:
Run the following command to verify EtherChannel loadbalancing mode configuration:
Switch# show etherchannel load-balance
EtherChannel Load-Balancing Configuration:
src-dst-ip
mpls label-ip
EtherChannel Load-Balancing Addresses Used Per-Protocol:
Non-IP: Source XOR Destination MAC address
IPv4: Source XOR Destination IP address
IPv6: Source XOR Destination IP address
MPLS: Label or IP
Switch#show etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
Number of channel-groups in use: 2
Number of aggregators: 2
Group Port-channel Protocol Ports
------+-------------+-----------+--------------------------
1 Po1(SU) - Gi1/15(P) Gi1/16(P)
2 Po2(SU) - Gi1/1(P) Gi1/2(P)
Switch#show etherchann protocol
Channel-group listing:
-----------------------
Group: 1
----------
Protocol: - (Mode ON)
Group: 2
----------
Protocol: - (Mode ON)
HP Switches Sample Configuration
The following configuration is specific to HP switches:
HP switches supports only two modes of LACP, ACTIVE, and PASSIVE while ESX does not support either LACP mode currently.
Set HP Switch port mode to TRUNKto accomplish static link aggregation with ESX.
TRUNK Modeof HP switch ports are the only supported aggregation method compatible with ESX 3.X NIC teaming mode IP hash.
Configuring loadbalancing within the Virtual Infrastructure Client
To configure vSwitch properties for loadbalancing:
Highlight the ESX Server host.
Click the Configuration tab.
Click the Networking link.
Click Properties.
Highlight the virtual switch in the Ports tab and click Edit.
Click the NIC Teaming tab.
From the Load Balancing dropdown, choose Route based on ip hash.
Verify that there are two or more network adapters listed under Active Adapters.
Tuesday, October 27, 2009
Fresh SQL 2008 Install.....DO THIS FIRST! or be sucked into the "The SQL Vortex of Hell'
I cannot take credit but I can point you in the right direction if you are about to do a virgin install of SQL 2008. Recently on an install we were finding inconsistent behavior in our SQL 2008 cluster. SP1 had been applied and CU3...Still weird things going on.
Again, after some checking around on the wonderful internets , we found we were not alone and found this....
Creating a merged (slipstreamed) drop containing SQL Server 2008 RTM + Service Pack 1
can be found at .....
http://blogs.msdn.com/petersad/archive/2009/02/25/sql-server-2008-creating-a-merged-slisptream-drop.aspx
Quick SQL uninstall, reboot, and install from the new SlipStream media and all is good. I used the same media on different hardware 2 weeks later and no issues at all!!
Take the extra 10 minutes to do this and save yourself from 'The SQL Vortex of Hell' of finding little bugs!
Thanks Peter Saddow!!!!!!!
Asta Ninjas
Again, after some checking around on the wonderful internets , we found we were not alone and found this....
Creating a merged (slipstreamed) drop containing SQL Server 2008 RTM + Service Pack 1
can be found at .....
http://blogs.msdn.com/petersad/archive/2009/02/25/sql-server-2008-creating-a-merged-slisptream-drop.aspx
Quick SQL uninstall, reboot, and install from the new SlipStream media and all is good. I used the same media on different hardware 2 weeks later and no issues at all!!
Take the extra 10 minutes to do this and save yourself from 'The SQL Vortex of Hell' of finding little bugs!
Thanks Peter Saddow!!!!!!!
Asta Ninjas
Monday, October 26, 2009
vSphere Server ODBC weirdness with W2K8 64-bit & SQL 2K5
For those of you that cringe at SQL Express in a VMWare installation and prefer separate SQL Servers follow me and let me save you some time if you are setting up your System DSN to SQL 2005 for vSphere Server...
First off - the out of the box ODBC driver for SQL Server on W2K8 does not play well... go here:
http://www.microsoft.com/downloads/details.aspx?FamilyId=50b97994-8453-4998-8226-fa42ec403d17&displaylang=en
..or Bing or Google "Microsoft SQL Server 2005 - February 2007"
Install this baby on the vSphere Server and log in (hopefully) as your bare bones AD sql service account (Local Admin of course!)
Hopefully by now you have your SQL DB provisioned on your SQL box. If not create the DB in question (I prefer vSphereServerDB) and set security to use the AD account and make sure of course it is the owner (DBO).
Now back to the ODBC connector:
You need to re-create the shortcut to the ODBC admin tool using this path:
C:\Windows\SysWOW64\odbcad32.exe
I just right clicked on the desktop and added new shortcut and dropped in the above for the target, call it what you want...done.
Next setup your "Systerm DSN" as usual except make sure you choose "SQL Native Client" instead of the "SQL Server" that exists after a bare bones W2K8 install...
This will make the install go much smoother...trust me!
For full "Systen DSN" creation instructions and setup reference pages 70-74 in the "ESX and vCenter Server Installation Guide"
Link to PDF below!
http://www.google.com/url?sa=t&source=web&ct=res&cd=1&ved=0CAsQFjAA&url=http%3A%2F%2Fwww.vmware.com%2Fpdf%2Fvsphere4%2Fr40%2Fvsp_40_esx_vc_installation_guide.pdf&rct=j&q=vsphere+server+install+guide&ei=RX7mSuPfNYyk8Aax5oWfBw&usg=AFQjCNH2s3xWksHp05f7SCB5lq1JK8z9QQ
Chow Ninjas
First off - the out of the box ODBC driver for SQL Server on W2K8 does not play well... go here:
http://www.microsoft.com/downloads/details.aspx?FamilyId=50b97994-8453-4998-8226-fa42ec403d17&displaylang=en
..or Bing or Google "Microsoft SQL Server 2005 - February 2007"
Install this baby on the vSphere Server and log in (hopefully) as your bare bones AD sql service account (Local Admin of course!)
Hopefully by now you have your SQL DB provisioned on your SQL box. If not create the DB in question (I prefer vSphereServerDB) and set security to use the AD account and make sure of course it is the owner (DBO).
Now back to the ODBC connector:
You need to re-create the shortcut to the ODBC admin tool using this path:
C:\Windows\SysWOW64\odbcad32.exe
I just right clicked on the desktop and added new shortcut and dropped in the above for the target, call it what you want...done.
Next setup your "Systerm DSN" as usual except make sure you choose "SQL Native Client" instead of the "SQL Server" that exists after a bare bones W2K8 install...
This will make the install go much smoother...trust me!
For full "Systen DSN" creation instructions and setup reference pages 70-74 in the "ESX and vCenter Server Installation Guide"
Link to PDF below!
http://www.google.com/url?sa=t&source=web&ct=res&cd=1&ved=0CAsQFjAA&url=http%3A%2F%2Fwww.vmware.com%2Fpdf%2Fvsphere4%2Fr40%2Fvsp_40_esx_vc_installation_guide.pdf&rct=j&q=vsphere+server+install+guide&ei=RX7mSuPfNYyk8Aax5oWfBw&usg=AFQjCNH2s3xWksHp05f7SCB5lq1JK8z9QQ
Chow Ninjas
KB974571 Crypto-API "Update" Kills OCS
Last week while at a client site we decided to deploy some Microsoft "Security Updates" that included KB974571 for CryptoAPI. The updates were applied to a W2K8 OCS 2007 Enterprise R2 installation.
Then the party started.....After a quick lunch the IT Staff mentioned the OCS client was not logging into the server as usual. A quick look at the event logs by on the technicians noticed this:
Log Name: Office Communications Server
Source: OCS Server
Date: Date
Event ID: 12290
Task Category: (1000)
Level: Error
Keywords: Classic
User: N/A
Computer: Computer
Description:
The evaluation period for Microsoft Office Communications Server 2007 R2 has expired. Please upgrade from the evaluation version to the full released version of the product.
The client had asked if we had installed and evaluation copy of OCS? A quick sanity check on TechNet for the licensing model was in order and I found out we were good...as suspected.
I quick Bing and found that we were not the only ones in this sinking boat. We simply pulled KB974571 off the server and a quick reboot; all was well again.
Just a heads up if you are on the more proactive side of applying Microsoft patches.....This was published October 13, 2009. This is similar to the incident back in May that broke Share Point Server 2007 BTW!
Links in case you want to know what Uncle Billy's Staff in Redmond have to say:
http://support.microsoft.com/kb/974571
Later Ninjas
Then the party started.....After a quick lunch the IT Staff mentioned the OCS client was not logging into the server as usual. A quick look at the event logs by on the technicians noticed this:
Log Name: Office Communications Server
Source: OCS Server
Date: Date
Event ID: 12290
Task Category: (1000)
Level: Error
Keywords: Classic
User: N/A
Computer: Computer
Description:
The evaluation period for Microsoft Office Communications Server 2007 R2 has expired. Please upgrade from the evaluation version to the full released version of the product.
The client had asked if we had installed and evaluation copy of OCS? A quick sanity check on TechNet for the licensing model was in order and I found out we were good...as suspected.
I quick Bing and found that we were not the only ones in this sinking boat. We simply pulled KB974571 off the server and a quick reboot; all was well again.
Just a heads up if you are on the more proactive side of applying Microsoft patches.....This was published October 13, 2009. This is similar to the incident back in May that broke Share Point Server 2007 BTW!
Links in case you want to know what Uncle Billy's Staff in Redmond have to say:
http://support.microsoft.com/kb/974571
Later Ninjas
Thursday, October 15, 2009
Ninjaness
If someone leaves there laptop for another person to use and they post on the ninja blog are they a ninja? (albeit it not virtual)
OCS R2 modify MsRTCSip settings
It's not VMWare, heck its even on a physical server.
Migrating a customer from OCS 2007 to OCS 2007 R2 with integration into a Cisco Call Manager box, we wanted to enable Enterprise Voice with PBX Integration. To do this we needed to modify the MsRTCSip-Line and LineServer settings. When we originally setup RCC we used VIM to parse a file for LDIFDE import, but since my VIM Guru was MIA I needed to find a more "non-linux user" friendly method. After some looking found MS Log Parser 2.2 and some documentation and my world may never be the same...
Steps to bulk modify these settings
1.) Download Microsoft Log Parser 2.2 and install
2.) Get a CSV Dump
CSVDE -f users.csv -r objectCategory=person -l "DN, SamAccountname, TelephoneNumber, msrtcsip-line, msrtcsip-lineserver"
(This will dump current settings so you can go back if need be)
3.) Clean up CSV if needed (Remove non ocs users or contacts)
4.) Create log parser template file (Log parser is confusing when picking variable fields, it is the number you think plus 2) IE: DN is field 1 but you need to put %field_3%
Examples
MSRTCSIP-Line.tpl:
dn: %FIELD_3%
changetype: modify
replace: msrtcsip-line
msrtcsip-line: tel:+%FIELD_5%
-
MSRTCSIP-LineServer.tpl:
dn: %FIELD_3%
changetype: modify
replace: msrtcsip-lineserver
msrtcsip-lineserver: sip:%FIELD_5%;phone-context=dialplan@cupsFQDN.com
-
5.) Copy logparser.exe, logparser.dll, users.csv to a folder (IE C:\OCS)
6.) create a batch file to parse msrtcsip-line.tpl and msrtcsip-lineserver.tpl
type c:\OCS\users.csv logparser "SELECT * FROM STDIN" -i:CSV -o:tpl -tpl:"C:\OCS\msrtcsip-line.tpl" -q:on -stats:off > "C:\OCS\msrtcsip-line.ldf"
type c:\OCS\users.csv logparser "SELECT * FROM STDIN" -i:CSV -o:tpl -tpl:"C:\OCS\msrtcsip-lineserver.tpl" -q:on -stats:off > "C:\OCS\msrtcsip-lineServer.ldf"
7.) Edit each ldf file to replace \\ with \ (notepad find replace)
8.) Import each ldf file seperately
ldifde -i -f c:\OCS\msrtcsip-line.ldf
ldifde -i -f c:\OCS\msrtcsip-lineserver.ldf
Migrating a customer from OCS 2007 to OCS 2007 R2 with integration into a Cisco Call Manager box, we wanted to enable Enterprise Voice with PBX Integration. To do this we needed to modify the MsRTCSip-Line and LineServer settings. When we originally setup RCC we used VIM to parse a file for LDIFDE import, but since my VIM Guru was MIA I needed to find a more "non-linux user" friendly method. After some looking found MS Log Parser 2.2 and some documentation and my world may never be the same...
Steps to bulk modify these settings
1.) Download Microsoft Log Parser 2.2 and install
2.) Get a CSV Dump
CSVDE -f users.csv -r objectCategory=person -l "DN, SamAccountname, TelephoneNumber, msrtcsip-line, msrtcsip-lineserver"
(This will dump current settings so you can go back if need be)
3.) Clean up CSV if needed (Remove non ocs users or contacts)
4.) Create log parser template file (Log parser is confusing when picking variable fields, it is the number you think plus 2) IE: DN is field 1 but you need to put %field_3%
Examples
MSRTCSIP-Line.tpl:
dn: %FIELD_3%
changetype: modify
replace: msrtcsip-line
msrtcsip-line: tel:+%FIELD_5%
-
MSRTCSIP-LineServer.tpl:
dn: %FIELD_3%
changetype: modify
replace: msrtcsip-lineserver
msrtcsip-lineserver: sip:%FIELD_5%;phone-context=dialplan@cupsFQDN.com
-
5.) Copy logparser.exe, logparser.dll, users.csv to a folder (IE C:\OCS)
6.) create a batch file to parse msrtcsip-line.tpl and msrtcsip-lineserver.tpl
type c:\OCS\users.csv logparser "SELECT * FROM STDIN" -i:CSV -o:tpl -tpl:"C:\OCS\msrtcsip-line.tpl" -q:on -stats:off > "C:\OCS\msrtcsip-line.ldf"
type c:\OCS\users.csv logparser "SELECT * FROM STDIN" -i:CSV -o:tpl -tpl:"C:\OCS\msrtcsip-lineserver.tpl" -q:on -stats:off > "C:\OCS\msrtcsip-lineServer.ldf"
7.) Edit each ldf file to replace \\ with \ (notepad find replace)
8.) Import each ldf file seperately
ldifde -i -f c:\OCS\msrtcsip-line.ldf
ldifde -i -f c:\OCS\msrtcsip-lineserver.ldf
Wednesday, October 14, 2009
Monday, October 12, 2009
Vsphere False high memory readings in Vcenter Guest Mem%
I have come across this "issue" a few times.
This is the work around provided in the VMware thread.
http://communities.vmware.com/message/1347211#1347211
This is the work around provided in the VMware thread.
http://communities.vmware.com/message/1347211#1347211
VMWARE Tools Upgrade for VSphere
The following procedures are involved in upgrading virtual machines:
Upgrade VMware Tools
Upgrade virtual hardware
During the VMware Tools upgrade, the virtual machine remains powered on. Microsoft Windows
operating systems, you must reboot the guest operating system at the end of the VMware Tools upgrade
procedure.
When you upgrade VMware Tools, expect downtime as follows:
You must reboot the virtual machine at the end of the upgrade procedure, or later, to make the upgrade
take effect.
On Windows guest operating systems, you must reboot the virtual machine a total of three times when
you upgrade VMware Tools and the virtual hardware:
-Power on the virtual machine.
-Upgrade VMware Tools.
- Reboot the virtual machine at the end of the VMware Tools upgrade.
Change the network adapter type to VMXNET3 from the Flexible.
Common Problem
Under certain conditions, you may see the following error message from a Windows guest operating system:
The IP address XXX.XXX.XXX.XXX you have entered for this network
adapter is already assigned to another adapter Name of adapter. Name of
adapter is hidden from the network and Dial-up Connections folder
because it is not physically in the computer or is a legacy adapter
that is not working. If the same address is assigned to both adapters
and they become active, only one of them will use this address. This
may result in incorrect system configuration. Do you want to enter a
different IP address for this adapter in the list of IP addresses in
the advanced dialog box?
In this message, XXX.XXX.XXX.XXX is an IP address that you are
trying to set and Name of adapter is the name of a network adapter that
is present in the registry but hidden in Device Manager.
This can occur when you change a network connection’s TCP/IP configuration from DHCP to a static IP address if:
You have upgraded VMware virtual network adapters (for example
when you migrate a virtual machine from an older to a new version of
VMware software.)
You have added and removed network adapters multiple times.
The cause of the error is that a network adapter with the same IP
address is in the Windows registry but is hidden in the Device Manager
(My Computer > Properties > Hardware > Device Manager). This
hidden adapter is called a ghosted network adapter.
Using the Show hidden devices option in the Device Manager (View
Show hidden devices) does not always show the old virtual NIC
(ghosted adapter) to which that IP Address is assigned
Microsoft addresses this issue in their Knowledge Base article
269155, which is available at the time of this writing at
http://support.microsoft.com/?kbid=269155.
To resolve this problem, follow these steps to make the ghosted
network adapter visible in the Device Manager and uninstall the ghosted
network adapter from the registry:
1. Select Start > Run.
2. Enter cmd.exe and press Enter.
3. At the command prompt, run this command:
set devmgr_show_nonpresent_devices=1
4. Enter Start DEVMGMT.MSC and press Enter to start Device Manager.
5. Select View > Show Hidden Devices.
6. Expand the Network Adapters tree (select the plus sign next to the Network adapters entry).
7. Right-click the dimmed network adapter, and then select Uninstall.
8. Close Device Manager.
Upgrade VMware Tools
Upgrade virtual hardware
During the VMware Tools upgrade, the virtual machine remains powered on. Microsoft Windows
operating systems, you must reboot the guest operating system at the end of the VMware Tools upgrade
procedure.
When you upgrade VMware Tools, expect downtime as follows:
You must reboot the virtual machine at the end of the upgrade procedure, or later, to make the upgrade
take effect.
On Windows guest operating systems, you must reboot the virtual machine a total of three times when
you upgrade VMware Tools and the virtual hardware:
-Power on the virtual machine.
-Upgrade VMware Tools.
- Reboot the virtual machine at the end of the VMware Tools upgrade.
Change the network adapter type to VMXNET3 from the Flexible.
Common Problem
Under certain conditions, you may see the following error message from a Windows guest operating system:
The IP address XXX.XXX.XXX.XXX you have entered for this network
adapter is already assigned to another adapter Name of adapter. Name of
adapter is hidden from the network and Dial-up Connections folder
because it is not physically in the computer or is a legacy adapter
that is not working. If the same address is assigned to both adapters
and they become active, only one of them will use this address. This
may result in incorrect system configuration. Do you want to enter a
different IP address for this adapter in the list of IP addresses in
the advanced dialog box?
In this message, XXX.XXX.XXX.XXX is an IP address that you are
trying to set and Name of adapter is the name of a network adapter that
is present in the registry but hidden in Device Manager.
This can occur when you change a network connection’s TCP/IP configuration from DHCP to a static IP address if:
You have upgraded VMware virtual network adapters (for example
when you migrate a virtual machine from an older to a new version of
VMware software.)
You have added and removed network adapters multiple times.
The cause of the error is that a network adapter with the same IP
address is in the Windows registry but is hidden in the Device Manager
(My Computer > Properties > Hardware > Device Manager). This
hidden adapter is called a ghosted network adapter.
Using the Show hidden devices option in the Device Manager (View
Show hidden devices) does not always show the old virtual NIC
(ghosted adapter) to which that IP Address is assigned
Microsoft addresses this issue in their Knowledge Base article
269155, which is available at the time of this writing at
http://support.microsoft.com/?kbid=269155.
To resolve this problem, follow these steps to make the ghosted
network adapter visible in the Device Manager and uninstall the ghosted
network adapter from the registry:
1. Select Start > Run.
2. Enter cmd.exe and press Enter.
3. At the command prompt, run this command:
set devmgr_show_nonpresent_devices=1
4. Enter Start DEVMGMT.MSC and press Enter to start Device Manager.
5. Select View > Show Hidden Devices.
6. Expand the Network Adapters tree (select the plus sign next to the Network adapters entry).
7. Right-click the dimmed network adapter, and then select Uninstall.
8. Close Device Manager.
Sunday, October 11, 2009
How to turn xp and xpe into a VIEW Client Shell
http://blogs.vmware.com/view/2009/02/vmware-view-client-as-a-shell-for-xpe-and-xp-pro-clients.html
This is directly from the mothership from a vmware blog.
This is directly from the mothership from a vmware blog.
VMware VIEW Setup Guides
This is the best VIEW/Virtual Desktop documentation that I have found by TcpDump.
VIEW
http://www.tcpdump.com/kb/virtualization/virtual-desktop/deploying-vmware-view-manager-security-server/security-server-configuration.html
Virtual Desktop
http://www.tcpdump.com/kb/virtualization/virtual-desktop/
ThinApp
http://www.tcpdump.com/kb/virtualization/virtual-desktop/thinapp-deployment-guide/intro.html
VIEW
http://www.tcpdump.com/kb/virtualization/virtual-desktop/deploying-vmware-view-manager-security-server/security-server-configuration.html
Virtual Desktop
http://www.tcpdump.com/kb/virtualization/virtual-desktop/
ThinApp
http://www.tcpdump.com/kb/virtualization/virtual-desktop/thinapp-deployment-guide/intro.html
The Best 2008 Virtual Template Guide I have found.
This is a great guide made by Jeremy Waldrop. I highly recommend it.
http://jeremywaldrop.wordpress.com/2008/10/28/how-to-build-a-windows-2008-vmware-esx-vm-template/
http://jeremywaldrop.wordpress.com/2008/10/28/how-to-build-a-windows-2008-vmware-esx-vm-template/
Subscribe to:
Comments (Atom)
Posts
