Leave a reply

Checking ESXi NTP

So i just happen to check the time on one of my ESXi hosts, and noticed that the time was way off, by like hours. I checked the NTP service on the host, and it was not running. So updated and stated to check the other hosts. However, I didn’t feel like logging into each one. So I found a few one liners that helped me check all the hosts in my environment, and updated where necessary.

First, connect to the appropriate vcenter
then run the following to get the time and service status on all hosts on that vCenter

Get-VMHost | Sort-Object Name |  Select Name, @{N=";NTPServer";;E={$_ |Get-VMHostNtpServer}}, Timezone, @{N=";CurrentTime";;E={(Get-View $_.ExtensionData.ConfigManager.DateTimeSystem) | Foreach {$_.QueryDateTime().ToLocalTime()}}}, @{N=";ServiceRunning";;E={(Get-VmHostService -VMHost $_ | Where-Object {$_.key -eq "ntpd";}).Running}} ` | Format-Table -AutoSize 

If you need to update your ntp server
First, remove the old NTP Server

Remove-VMHostNTPSserver -NTPServer <NTP Server> -vmhost (Get-VMHost) -confirm

Second, add the new one

Get-VMHost | Add-VMHostNtpServer -NtpServer 172.16.4.53

If you need start and stop the NTP Service and set to automatic

Get-VMHost| Get-VMHostService| Where-Object{$_.key -eq"ntpd"} | Start-VMHostServiceGet-VMHost

Get-VMHostService| Where-Object{$_.key -eq"ntpd"} | Set-VMHostService-policy "automatic"

That should get the host back on the same time

On a side note, I did this all with PowerShell Core on Ubuntu, with the VMWare Core powershell modules loaded. I noticed, that if you use Sort, rather than Sort-Object pwsh does not recognize it.


Leave a reply

Certificates for vCenter and HTML 5 Appliance – Part 1

So I pretty much lost a day and half trying to sort out certificates for one of my vCenter clusters.  I’ve read through many VMware KB’s different blogs and articles on how to have a valid certificate for my vCenter servers, but didn’t quite find a definitive one.  So I’m hoping that what I did early in the week will be helpful.  It will also serve as a reminder for me on how I did this.

As of March 7, 2019 I am running VCSA 6.0 Build 9291058, I also have Microsoft CA to generate and issue certificates.

From the VCSA, I logged in as root and ran the following command

/usr/lib/vmware-vmca/bin/certificate-manager

This will bring up the vSphere 6.0 Certificate Manager

certman

Select Option 1 to replace machine ssl certificate with custom certificate.

Follow the prompts to enter credentials for the SSO and vCenter server.

After a successful login, select option 1 to generate certificate signing request(s) and key(s) for machine SSL certificate

genssl

You’ll then be prompted for a location to save the CSR(s) and Private Key(s).  Enter a desired location and select whether or not to reconfigure certool.cfg.  If you already have one configured, you can select no, to save some time.  Otherwise select Y and enter the appropriate values.

certool2

After the csr is generated, select Option 2 to exit the certificate manager

certool_complete

Next up, you’ll need to go to your Microsoft CA to request a certificate.

req_cert

Open the CSR in a text editor and copy it into the field, add any attributes if neccesary:

SAN:DNS=<FQDN>&DNS=<hostname>&DNS=<IP_Address>&IPADDRESS=<IP_Address>

submt_csr

After you submit the request, open the .cer in a text editor and copy that into a text editor on your VSCA.  Save the file with a meaningful name, ie; hostname.cer

Next, you’ll need to create a signed chained cert.

You’ll need the cer that was just created, as well as any intermediate CA certs and the root cert.

For my purposes, I exported the certs from the built-in windows certificate management console.  Selected the intemediate and root certs, and exported them. Be sure to download the cert in Base64 format

req_cert_base64

After you have all the certs, copy it to your vCenter, and then you’ll need to create a signed chained cert in this order: <generated CA cert> <intermediate cert> <root cert>

cat certnew.cer intermediateCA.cer RootCA.cer > name_of_signing_chain.cer

After creating the chained cert, run the certificate manger again

/usr/lib/vmware-vmca/bin/certificate-manager

Select Option 1

certman

Enter credentials for SSO and select Option 2 to import certs.
genssl

Provide the location of the generated cert, the private as well as the chain cert.

This will take a minute or two.  After the certs are successfully imported, you’ll valid SSL cert for you vCenter.


Leave a reply

MS Products Coming Up on End of Life

Just a n FYI that the following Microsoft products will be end of life “relatively soon”

July 9, 2019 – MS SQL Server 2008/ 2008 R2 – July 9, 2019
January 14, 2020 – MS Windows Server 2008 / 2008 R2

After these dates, extended support will end and the affected products will no longer have security or reliability patches.

You will probably be able to still run them, but I would not suggest it.


Leave a reply

PDQ and Windows Updates

Last year introduced PDQ as way to easily deploy applications to desktops. In the past, applications were either installed in the master clone, thinapp’d or manually installed by remotely connecting to the VM and installing it locally.

This is where I did a POC and proved that this was a time saver and pretty much fool proof.

In the last few months I started looking at using PDQ to install Windows patches. Preliminary tests showed that it worked well. I did look at WSUS, but was limited in terms of scheduling, and without using something like SCCM or SCOM, it would be very hard to manage. I also did not want to put up infrastructure just for patching.

PDQ pushes out Windows patches just like any other application, connects to the target, installs, and reboots, if you choose to. DONE.

However, there was no easy way to snapshot the VM. I came up with a PowerCLI script attached as a Pre-Step, however, I soon discovered that the PowerCLI script also ran on the target computer, and not on the source. One solution presented was installing PowerCLI on all server VMs. Tossed that idea out quickly as I didn’t want to install PowerCLI on all VMs, and with how the script worked, a snapshots of all VMs would occur on all VMs. So if I had 10 VMs in the script, the script would run on all 10 VMs, give me 100 snaps in total.

After some brainstorming, I decided to have the script run as scheduled task. If I had the patching occur at 2AM, I could have the script run at 1:58AM. Early testing showed that this worked just as expected. BINGO!

Only thing I need to make sure of, is to update the server list, so the VMs scheduled for patching gets snapped.

So essentially, have a scheduled task run the script 2 minutes before patch time, and then have the patch schedule run.

Hope this helps other people facing the same or similar problem


Leave a reply

Time…

The other day, I was asked how to change the NTP Server on a Windows Server 2008 R2 VM.  I responded with a dumbfounded look, and replied with, “You don’t, the Server talks back with an AD server that with PDC Emulator role and syncs with that server…”  Of course, my storage guy only asked me because his Unisphere VM was almost 2 minutes off.  So naturally I took a look and discovered, that it was not syncing at all. 

Query the current time settings always pointed back to

Local CMOS Clock

which is not a good thing.

Further investigation showed that the registry settings for W32time was incorrectly modified.

So after much Googling, I ended up resetting the Windows Time:

net stop w32time
W32tm /unregister
w32tm /register
net start w32time

Then for good measure, I configured Windows Time is use the forest time hierarchy:

w32tm /config /syncfromflags:domhier /update /reliable:no
w32tm /resync /rediscover
net stop w32time && net start w32time

After a few minutes, the Windows Time was now sync’d up with the AD Server.


Leave a reply

Creating transforms file and using PDQ

The other day I need to “mass deploy” an application to our users at the hotels.  Normally, pushing applications using PDQ is straightforward, however, the installation needed some user inputs such as server name, username and install feature.  Luckily, the installer was an MSI, and was able to create a transforms file to automatically answer those questions.

 

Found this simple application, Transforms Creator

The application is fairly simple, after installing the Transforms Creator, you would find the MSI in question, right click it and select Create Transforms.  The MSI will then simulate an install, answer all the questions needed, once you’re done, an MST will be generated.

Tested it out, and it worked exactly as I needed.

I did run into some issue using TRANSFORMS in PDQ.  This was merely a user issue and not knowing how to do this rather than technical.  So for future reference, when creating a package in PDQ, you’ll need to the following settings in the Edit Package dialog box:

Parameters: TRANSFORMS=transforms_package.mst

and the ensure that you check “Include Entire Directory” otherwise,  you’ll get an error message saying:

“This installation package could not be opened. Verify that the package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package.”

 

 


Leave a reply

Guest OS reporting error during quiescing

My storage engineer recently approached me about a couple of VMs that were failing to backup because it could not quiesce.  We were seeing:

 

My storage engineer recently approached me about a couple of VMs that were failing to backup because it could not quiesce.  We were seeing:

“An error occurred while saving the snapshot: Failed to quiesce the virtual machine.”

An open call to EMC said to run an extended Snapshot, however, that is only available starting with vSphere 6.5.  Despite that, running a manual snapshot using the vCenter MOB was successful.

Running scheduled and unscheduled backups failed with the same message.

However, after digging into the logs, I saw a very specific error message:

The guest OS has reported an error during quiescing. The error code was: 5 The error message was: ‘VssSyncStart’ operation failed: IDispatch error #8472 (0x80042318)

A quick search shows that this can be resolved by a number of ways, re-registering the VSS Components and re-configure VMTools.

for my purposes, re-registering the VSS Components did the trick.  Instead of running each of the following commands separately, I put them into a batch script.

cd /d %windir%\system32
net stop vss
net stop swprv
regsvr32 /s ole32.dll
regsvr32 /s oleaut32.dll
regsvr32 /s vss_ps.dll
vssvc /register
regsvr32 /s /i swprv.dll
regsvr32 /s /i eventcls.dll
regsvr32 /s es.dll
regsvr32 /s stdprov.dll
regsvr32 /s vssui.dll
regsvr32 /s msxml.dll
regsvr32 /s msxml3.dll
regsvr32 /s msxml4.dll
vssvc /register
net start swprv
net start vss

Leave a reply

Reusing Computer Names in a Full Clone Pool

For the few of us using Full Clones in their Horizon View environment, we’ve always run into the issue of not being able to reuse computer names like you can in a Linked Clone pool.

However, I came across a VMWare KB that explains how to do this.  I’d advise you fully read the KB as it involves modifying the ADAM database.  I don’t have to tell you what can potentially happen if that get’s corrupted.  So backup and/ or snapshot before making changes.

So basically, you need to modify the following value in the ADAM database for the pool in question.

pae-VMNameReuseAllowed = 1

You would need to remote onto one of you connection servers, and  open up ADSI Edit from Administrative Tools, select the ADAM Database, go to OU=Server Groups, right click the pool in question and find the above attribute and change it to 1.

Have fun!

For reference here is the KB:

https://kb.vmware.com/s/article/2138714

 

 


Leave a reply

ending the week on a high note

nothing like ending the week on a high note. Been running RecoverPoint for VM for the past few weeks with lack luster results with the same level of support. Replication was painfully slow along with a UI that was severely lacking in features. However, after setting up Zerto, which took about 15 minutes or so, I was already replicating a 9.4TB VPG, with an ETA of 20h.  This same VPG in RP4VM nearly took 2 weeks to replicate.  Even after increasing the RPA resources to 8vCPU and 16GB RAM, we only ever got 11MB/sec at best.  With Zerto I’m seeing 112MB/sec constant.

 

Next week, I’ll have enough information to make the case to go with Zerto and drop RP4VM

 


Leave a reply

Windows Update Error 8024402F

I’ve recently built a new W7 VM for AppVolume provisioning, however, when trying to install windows updates, I get the following

 

For whatever reason, my new Windows build couldn’t contact the MS Windows Update servers.  After some Googling, I ran into a post saying to add windowsupdate.microsoft.com to the list of trusted sites.  After putting that in, I was able to update the OS.

 

 

 


%d bloggers like this:
Bitnami