Leave a reply

No Sound on Windows 10

If you’re still running vSphere 6.0 like I am, Windows 10 VMs will not have any sound. To fix this, you’ll need to edit the vmx file and add the following lines:

sound.allowGuestConnectionControl = "true"
sound.autoDetect = "true"
sound.virtualDev = "hdaudio"
sound.present = "TRUE"
sound.fileName = "-1"

Once added, you sounded should be working.

FYI, this works for Server 2019 as well.

Given the above, should really upgrade to 6.5 or 6.7 as 6.0 will be EOL on March 12, 2020


Leave a reply

Removing vmnic from vDS from esxi host

Early this morning, I had to reboot my vCenter, as there were some issues with it where I had to reboot it. However, after it came back up it was no longer reachable. Rebooted a second time and still got the same results. So I connected to the host client, and disconnected the network.

Big mistake….

Didn’t realize that when a VM is on a vDS, you can’t connect the VM back to the network. And without any standard switches, I was in a bind. After some searching, I found that I could reconfigure the vDS on the host that the vCenter resides on. This pretty much entailed removing a vmnic from the vDS and then reattaching it to a vSwitch. Below are the commands that I used to do this.

To get a list and note down the port ID and switch name

esxcli network vswitch dvs vmware list

This removes the vmnic from the vDS\vSwitch

esxcfg-vswitch -Q vmnicXX -V <port_id> <name_of_vswitch>

Now, if haven’t create a standard vSwitch, and add the vmnic to the vSwitch

esxcli network vswitch standard uplink add --uplink-name=vmnicXX --vswitch-name=<name_of_vSwitch>

Now, modify the VM to connect to vSwitch and now you should be back up and running. Now, you can revert those changes back if you need to.

In my case, I may redesign my virtual network to have a my VCSA on a vSwitch rather than distributed, just in case this happens again.


Leave a reply

Finally Migrated to 6.5U3

So in my last post, I was struggling with updating VCSA 6.0 to VCSA 6.5U3. I opened up an SR, and the initial call had me to restore the Machine SSL to use the VMCA. Feeling confident that would work, the tech ended the call mid way through the update.

Two days later, after examining logs, and looking. through the certificate store, I noticed that there were 2 certs had aliases of my cert servers. Before I removed those two certs, I stood up a new 6.0 VCSA just to see if it would update to 6.5. I imported the cert chain, created a custom machine ssl and it updated without out issue.

Back to the original VCSA, I removed the 2 certs and added the cert chain. After the VCSA saw the 2 certs, I proceeded with the update.

Happy to say after about 3 days, my vCenter is now on 6.5U3.

If you happen to get failing to start vpxd when updating, check the following logs in

/var/log/vmware/vpxd


Leave a reply

FAIL: VCSA 6.0U3 upgrade to 6.5U3

So I’ve been fighting an VCSA upgrade from 6.0U3 to 6.5U3. Everything goes smoothly until trying to start vCenter services. After about 5 minutes, I get an error “An error occurred while starting service ‘vpxd'”

Digging into the logs I keep seeing the following errors:

PeerThumbprint: <removed thumbprint>
--> ExpectedThumbprint:
--> ExpectedPeerName: localhost
--> The remote host certificate has these problems:
-->
--> * Host name does not match the subject name(s) in certificate.)
--> [context]zKq7AVECAAAAAH6z1gANdnB4ZAAAoPMqbGlidm1hY29yZS5zbwAAiCAbAC6ZGABeMyIAKWQiANs3IgCTPCIA+ZQjADFiIwD6ZCMAXUkrAdRzAGxpYnB0aHJlYWQuc28uMAACvY4ObGliYy5zby42AA==[/context]
2019-10-15T14:24:29.590Z error vpxd[19950] [Originator@6876 sub=AuthzStorageProvider] [AuthzStorageProvider::CreateAuthzMgr] Failed to connect to IS: <N5Vmomi5Fault17HostCommunication9ExceptionE(Fault cause: vmodl.fault.HostCommunication

I’ve reset all certs, regenerated new ones, and I still get the above. I have an open call with VMware support, so I’ll see what they say.


Leave a reply

Checking ESXi NTP

So i just happen to check the time on one of my ESXi hosts, and noticed that the time was way off, by like hours. I checked the NTP service on the host, and it was not running. So updated and stated to check the other hosts. However, I didn’t feel like logging into each one. So I found a few one liners that helped me check all the hosts in my environment, and updated where necessary.

First, connect to the appropriate vcenter
then run the following to get the time and service status on all hosts on that vCenter

Get-VMHost | Sort-Object Name |  Select Name, @{N=";NTPServer";;E={$_ |Get-VMHostNtpServer}}, Timezone, @{N=";CurrentTime";;E={(Get-View $_.ExtensionData.ConfigManager.DateTimeSystem) | Foreach {$_.QueryDateTime().ToLocalTime()}}}, @{N=";ServiceRunning";;E={(Get-VmHostService -VMHost $_ | Where-Object {$_.key -eq "ntpd";}).Running}} ` | Format-Table -AutoSize 

If you need to update your ntp server
First, remove the old NTP Server

Remove-VMHostNTPSserver -NTPServer <NTP Server> -vmhost (Get-VMHost) -confirm

Second, add the new one

Get-VMHost | Add-VMHostNtpServer -NtpServer 172.16.4.53

If you need start and stop the NTP Service and set to automatic

Get-VMHost| Get-VMHostService| Where-Object{$_.key -eq"ntpd"} | Start-VMHostServiceGet-VMHost

Get-VMHostService| Where-Object{$_.key -eq"ntpd"} | Set-VMHostService-policy "automatic"

That should get the host back on the same time

On a side note, I did this all with PowerShell Core on Ubuntu, with the VMWare Core powershell modules loaded. I noticed, that if you use Sort, rather than Sort-Object pwsh does not recognize it.


Leave a reply

Certificates for vCenter and HTML 5 Appliance – Part 1

So I pretty much lost a day and half trying to sort out certificates for one of my vCenter clusters.  I’ve read through many VMware KB’s different blogs and articles on how to have a valid certificate for my vCenter servers, but didn’t quite find a definitive one.  So I’m hoping that what I did early in the week will be helpful.  It will also serve as a reminder for me on how I did this.

As of March 7, 2019 I am running VCSA 6.0 Build 9291058, I also have Microsoft CA to generate and issue certificates.

From the VCSA, I logged in as root and ran the following command

/usr/lib/vmware-vmca/bin/certificate-manager

This will bring up the vSphere 6.0 Certificate Manager

certman

Select Option 1 to replace machine ssl certificate with custom certificate.

Follow the prompts to enter credentials for the SSO and vCenter server.

After a successful login, select option 1 to generate certificate signing request(s) and key(s) for machine SSL certificate

genssl

You’ll then be prompted for a location to save the CSR(s) and Private Key(s).  Enter a desired location and select whether or not to reconfigure certool.cfg.  If you already have one configured, you can select no, to save some time.  Otherwise select Y and enter the appropriate values.

certool2

After the csr is generated, select Option 2 to exit the certificate manager

certool_complete

Next up, you’ll need to go to your Microsoft CA to request a certificate.

req_cert

Open the CSR in a text editor and copy it into the field, add any attributes if neccesary:

SAN:DNS=<FQDN>&DNS=<hostname>&DNS=<IP_Address>&IPADDRESS=<IP_Address>

submt_csr

After you submit the request, open the .cer in a text editor and copy that into a text editor on your VSCA.  Save the file with a meaningful name, ie; hostname.cer

Next, you’ll need to create a signed chained cert.

You’ll need the cer that was just created, as well as any intermediate CA certs and the root cert.

For my purposes, I exported the certs from the built-in windows certificate management console.  Selected the intemediate and root certs, and exported them. Be sure to download the cert in Base64 format

req_cert_base64

After you have all the certs, copy it to your vCenter, and then you’ll need to create a signed chained cert in this order: <generated CA cert> <intermediate cert> <root cert>

cat certnew.cer intermediateCA.cer RootCA.cer > name_of_signing_chain.cer

After creating the chained cert, run the certificate manger again

/usr/lib/vmware-vmca/bin/certificate-manager

Select Option 1

certman

Enter credentials for SSO and select Option 2 to import certs.
genssl

Provide the location of the generated cert, the private as well as the chain cert.

This will take a minute or two.  After the certs are successfully imported, you’ll valid SSL cert for you vCenter.


Leave a reply

MS Products Coming Up on End of Life

Just a n FYI that the following Microsoft products will be end of life “relatively soon”

July 9, 2019 – MS SQL Server 2008/ 2008 R2 – July 9, 2019
January 14, 2020 – MS Windows Server 2008 / 2008 R2

After these dates, extended support will end and the affected products will no longer have security or reliability patches.

You will probably be able to still run them, but I would not suggest it.


Leave a reply

PDQ and Windows Updates

Last year introduced PDQ as way to easily deploy applications to desktops. In the past, applications were either installed in the master clone, thinapp’d or manually installed by remotely connecting to the VM and installing it locally.

This is where I did a POC and proved that this was a time saver and pretty much fool proof.

In the last few months I started looking at using PDQ to install Windows patches. Preliminary tests showed that it worked well. I did look at WSUS, but was limited in terms of scheduling, and without using something like SCCM or SCOM, it would be very hard to manage. I also did not want to put up infrastructure just for patching.

PDQ pushes out Windows patches just like any other application, connects to the target, installs, and reboots, if you choose to. DONE.

However, there was no easy way to snapshot the VM. I came up with a PowerCLI script attached as a Pre-Step, however, I soon discovered that the PowerCLI script also ran on the target computer, and not on the source. One solution presented was installing PowerCLI on all server VMs. Tossed that idea out quickly as I didn’t want to install PowerCLI on all VMs, and with how the script worked, a snapshots of all VMs would occur on all VMs. So if I had 10 VMs in the script, the script would run on all 10 VMs, give me 100 snaps in total.

After some brainstorming, I decided to have the script run as scheduled task. If I had the patching occur at 2AM, I could have the script run at 1:58AM. Early testing showed that this worked just as expected. BINGO!

Only thing I need to make sure of, is to update the server list, so the VMs scheduled for patching gets snapped.

So essentially, have a scheduled task run the script 2 minutes before patch time, and then have the patch schedule run.

Hope this helps other people facing the same or similar problem


Leave a reply

Time…

The other day, I was asked how to change the NTP Server on a Windows Server 2008 R2 VM.  I responded with a dumbfounded look, and replied with, “You don’t, the Server talks back with an AD server that with PDC Emulator role and syncs with that server…”  Of course, my storage guy only asked me because his Unisphere VM was almost 2 minutes off.  So naturally I took a look and discovered, that it was not syncing at all. 

Query the current time settings always pointed back to

Local CMOS Clock

which is not a good thing.

Further investigation showed that the registry settings for W32time was incorrectly modified.

So after much Googling, I ended up resetting the Windows Time:

net stop w32time
W32tm /unregister
w32tm /register
net start w32time

Then for good measure, I configured Windows Time is use the forest time hierarchy:

w32tm /config /syncfromflags:domhier /update /reliable:no
w32tm /resync /rediscover
net stop w32time && net start w32time

After a few minutes, the Windows Time was now sync’d up with the AD Server.


Leave a reply

Creating transforms file and using PDQ

The other day I need to “mass deploy” an application to our users at the hotels.  Normally, pushing applications using PDQ is straightforward, however, the installation needed some user inputs such as server name, username and install feature.  Luckily, the installer was an MSI, and was able to create a transforms file to automatically answer those questions.

 

Found this simple application, Transforms Creator

The application is fairly simple, after installing the Transforms Creator, you would find the MSI in question, right click it and select Create Transforms.  The MSI will then simulate an install, answer all the questions needed, once you’re done, an MST will be generated.

Tested it out, and it worked exactly as I needed.

I did run into some issue using TRANSFORMS in PDQ.  This was merely a user issue and not knowing how to do this rather than technical.  So for future reference, when creating a package in PDQ, you’ll need to the following settings in the Edit Package dialog box:

Parameters: TRANSFORMS=transforms_package.mst

and the ensure that you check “Include Entire Directory” otherwise,  you’ll get an error message saying:

“This installation package could not be opened. Verify that the package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package.”

 

 


%d bloggers like this:
Bitnami