Enterprise Admins.org

I’m a little bit of a snob…I like using my domain credentials on anything I log into. My favorite ESXi 4.1 feature isn’t the storage performance improvement provided by SIOC or VAAI nor is it the added memory compression technology. Instead, I like using my domain credentials for host authentication. I’ve recently starting poking at resxtop more, which puts me in the vMA more often. Unfortunately it required that I login using vi-admin, a user name that I typically forgot.

The other day while trying to remember my user name and password I found this article:
http://vbl0g.blogspot.com/2010/07/update-vma-40-to-41.html which describes a simple way to setup AD Authentication inside the vMA.

Verify that you have the latest vMA bits

vma-update update

This could take a few minutes to complete if an upgrade is required.

Once you are up to date, you can join AD:

domainjoin-cli join fully.qualified.domain.name username

After a reboot you can login with your domain credentials. The above link also shows how to add AD users/groups to the sudoers file but I did not do that in my environment.

Here are some additional instructions on using the domainjoin-cli from Likewise:
http://archives.likewise.com/likewise-open/docs/domainjoin-cli.8.html

In one vSphere environment I support we do not use templates to deploy virtual machines. Instead, Microsoft Deployment Toolkit is used. This allows both physical and virtual servers to be created using the same process and improves overall standardization of the customers network.

After several dozen Windows 2008 R2 servers had been deployed, we realized that a BDEDrive partition had been created on the boot partition. This partition was in the way and prevented the C: drive from being extended. Here are steps to resolve this issue on existing servers

At a command prompt run:

bcdboot c:\windows /s c:

After the command completes, right click the c: partition in Disk Management and set it as active. Reboot the server, delete the BDEdrive partition and extend the C: drive…

More importantly, this issue needed addressed on future builds to allow more flexible growth of the C: drive (without the required reboot from above). After a quick Google, I found this article: social.technet.microsoft.com… that describes adding the following text:

DoNotCreateExtraPartition=YES

to the CustomSettings.ini file. As described in the article, the cAsE of the DoNotCreateExtraPartition=YES attribute is important. After our deployment configuration management team added this attribute the BDEdrive partition stopped appearing on new builds.

I have been using the vCheck v5 for several months and have nothing but good things to say about it. The script has helped me find and resolve several issues in the environments I maintain. There are a few additional checks that I have come up with myself, but I usually run those manually once a month or so and then view the output from a command prompt. I have spent a couple of hours recently retro-fitting the scripts I use into vCheck format and then adding them to the existing script. If you would like to use these checks, please get the full script from here (after leaving a quick thank-you for Al). Here are my additions:

[cc lang=”powershell” width=”550″ height=”700″]
#Stuff added by bwuch:
$ShowThickDisk = $true
$ShowMisnamedVM = $true
$ShowWrongOS = $true
$ShowWrongSyslog = $true
$syslogserver = “Your_syslog_server:514”
$ShowRemoteTSM = $true

if ($ShowThickDisk) {
Write-CustomOut “..Checking for thick provisioned virtual disk files”
$thickdisks = @()
foreach ($vmguest in ($VM | get-view))
{
$name = $vmguest.name
$vmguest.Config.Hardware.Device | where {$_.GetType().Name -eq “VirtualDisk”} | %{
if(!$_.Backing.ThinProvisioned){
$myObj = “” |
select Name,Label,File,CapacityGB
$myObj.Name = $name
$myObj.Label = $_.DeviceInfo.Label
$myObj.File = $_.Backing.FileName
$myObj.CapacityGB = [math]::round(($_.CapacityInKB / 1024 / 1024),2)
$thickdisks += $myObj
}
}
}
If (($thickdisks | Measure-Object).count -gt 0) {
$myReport += Get-CustomHeader “Thick provisioned virtual disks : $($thickdisks.count)” “Standard virtual disks in this environment are thin provisioned. Thick provisioned disks represent a possible waste of storage space and should only be used when disk I/O performance is a top concern.”
$myReport += Get-HTMLTable $thickdisks
$MyReport += Get-CustomHeaderClose
}
}

#——————–
if ($ShowMisnamedVM) {
Write-CustomOut “..Finding mis-named VMs”
$misnamed = @()
foreach ($vmguest in ($VM | where { $_.Guest.HostName -ne $NULL -AND $_.Guest.HostName -notmatch $_.Name }))
{
$myObj = “” | select VMName,GuestName
$myObj.VMName = $vmguest.name
$myObj.GuestName = $vmguest.Guest.HostName
$misnamed += $myObj
}
If (($misnamed | Measure-Object).count -gt 0) {
$myReport += Get-CustomHeader “Mis-named virtual machines : $($misnamed.count)” “The following guest names do not match the name inside of the guest.”
$myReport += Get-HTMLTable $misnamed
$MyReport += Get-CustomHeaderClose
}
}

#——————–
if ($ShowWrongOS) {
Write-CustomOut “..Finding guests with wrong OS selected.”
$wrongOS = @()
foreach ($vmguest in ($VM | get-view |
where ({ $_.Guest.GuestFullname -ne $NULL -AND $_.Guest.GuestFullname -ne $_.Summary.Config.GuestFullName})))
{
$myObj = “” | select Name,InstalledOS,SelectedOS
$myObj.Name = $vmguest.name
$myObj.InstalledOS = $vmguest.Guest.GuestFullName
$myObj.SelectedOS = $vmguest.Summary.Config.GuestFullName
$wrongOS += $myObj
}
If (($wrongOS | Measure-Object).count -gt 0) {
$myReport += Get-CustomHeader “Guests with wrong OS $($wrongOS.count)” “The following virtual machines contain operating systems other than the ones selected in the VM configuration.”
$myReport += Get-HTMLTable $wrongOS
$MyReport += Get-CustomHeaderClose
}
}

#——————–
if ($ShowWrongSyslog) {
Write-CustomOut “..Checking VM Host syslog server”
$wrongSyslog = @()
foreach ($vmhost in ($VMH |
Where {$_.state -ne “Disconnected”} | Select Name, @{N=”SLServer”;E={$_ | Get-VMHostSyslogServer}} |
Where {$_.SLServer -notmatch $syslogserver}))
{
$myObj = “” | select Name,SyslogServer
$myObj.name = $vmhost.name
$myObj.SyslogServer = $vmhost.SLServer
$wrongSyslog += $myObj
}
If (($wrongSyslog | Measure-Object).count -gt 0) {
$myReport += Get-CustomHeader “Hosts with the wrong syslog specified $($wrongSyslog.count)” “The following hosts do not have a proper syslog specified.”
$myReport += Get-HTMLTable $wrongSyslog
$MyReport += Get-CustomHeaderClose
}
}

#——————–
if ($ShowRemoteTSM) {
Write-CustomOut “..Checking VM Host for remote TSM enabled”
$startingEAP = $ErrorActionPreference
$ErrorActionPreference=”SilentlyContinue”
$remoteTSM = @()
foreach ($vmhost in ($VMH))
{
$socket = new-object Net.Sockets.TcpClient
$socket.connect($vmhost,22)
if ($socket.Connected) {
$myObj = “” | select Name,Connected
$myObj.Name = $vmhost.name
$myObj.Connected = “TRUE”
$remoteTSM += $myObj
$socket.close()
}
}
$ErrorActionPreference = $startingEAP
If (($remoteTSM | Measure-Object).count -gt 0) {
$myReport += Get-CustomHeader “Hosts with remote tech support enabled $($remoteTSM.count)” “The following hosts have SSH/remote tech support mode enabled.”
$myReport += Get-HTMLTable $remoteTSM
$MyReport += Get-CustomHeaderClose
}
}

[/cc]

Several times I have ran into the following issue with an event being logged in the vCenter Server event log every minute:

Active Directory Web Services encountered an error while reading the settings for the specified Active Directory Lightweight Directory Services instance. Active Directory Web Services will retry this operation periodically. In the mean time, this instance will be ignored. Instance name: ADAM_VMwareVCMSDS

I had fixed this on several vCenters that I managed. However the problem returned on one vCenter this weekend after enabling vCenter Linked Mode. I decided to document the solution here so it is easier to find if I run into this problem again.
As described here this is caused by a simple registry setting. Browse to the following key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ADAM_VMwareVCMSDS\Parameters

Delete the existing key (string) for “Port SSL” and replace it with a DWORD named “Port SSL” with a value of 636 (in decimal).

Restart ADAM_VMwareVCMSDS and ADWS services. Problem solved.

When I setup a vCenter server I typically use a DNS alias (CNAME). This allows me to use a server name that follows an enterprise naming convention, such as S898PAP1B.domain.parent.local, but connect to vCenter with an easy to remember name like vcenter.parent.local.

There are various articles that cover the SSL installation and regeneration process.

However, these never really worked well with my alias. When installing Update Manager a dialog box pops up asking you to select either the name or IP address of how the Update Manager server is identified on the network. This name or IP is then used when Update Manager extensions are registered in the vCenter server.

I’ve tried everything I could think of to resolve this issue. I’ve manually edited the D:\Program Files\VMware\Infrastructure\Update Manager\extension.xml file and even updated the vmw-vc-URL attribute of the ADAM distinguishedName CN=com.vmware.vcIntegrity,CN=vCenter_GUID,OU=ComponentSpecs, OU=Health,DC=virtualcenter,DC=vmware,DC=int. None of these changes appeared to work.

Finally, after much searching, I found the following VMware KB article: http://kb.vmware.com/kb/1013222 that does work!

D:
cd "Program Files\VMware\Infrastructure\Update Manager"
vciInstallUtils.exe --vc vcenter.parent.local --port 80 -U  -P  -S extension.xml -C . -L . -O extupdate

Now my vCenter Update Manager is now registered in vCenter using the alias.