VMware vSphere vCenter Storage Alarms

One of the complaints of vCenter 2.x was the limited number of alarms that could be configured. With vCenter 4.x VMware addressed this by giving admins the ability to create alarms for just about any event on any object.

There are several alarms that are configured out of box and defined at the topmost vCenter server level.

One of the pre-configured alarms that seems to always be in a warnings state is the “Datastore usage on disk” alarm. 95% of the time this alarm is in a warning state because of the local VMFS data store that is required in ESX 4 for the Service Console OS to live in.

I still have yet to understand why VMware decided to put the COS in a VMDK. If anyone knows why this is beneficial I would love to here from you.

Anyway, back to the “Datastore usage on disk” alarm issue.

I have found that the following procedure is the best way to prevent this alarm on the local VMFS datastores.

1. Go to the Home –>Inventory—>Datastores view in the vSphere Client
2. Right-click on your datacenter and create two new folders, one named LOCAL-COS-DATASTORES and one named SAN-DATASTORES.
3. Drag and drop the local VMFS datastores into the LOCAL-COS-DATASTORES folder and the SAN datastores into the SAN-DATASTORES folder.
4. Go to the alarm definition for “Datastore usage on disk” and disable it by clearing the Enable this alarm box.
5. Create a new alarm at the LOCAL-COS-DATASTORES level named “Datastore usage on LOCAL Disks”.
6. Configure the “Datastore usage on LOCAL Disks” trigger to alarm a warning at 90% and alert at 95%.
7. Create a new alarm at the SAN-DATASTORES level named “Datastore usage on SAN Disks”.
8. Configure the “Datastore usage on SAN Disks” trigger to alarm a warning at 70% and alert at 85%.

Now you should have a lot fewer datastore warning alarms.

Windows 2008 Failover Clustering on vSphere with EMC PowerPath VE

VMware/Microsoft doesn’t support third-party multipathing or the Round Robin path policy for VMs setup in a Microsoft Failover Cluster. This fact is stated in the “Setup for Failover Clustering and Microsoft Cluster Service” PDF on pages 11, 25 and 36 http://www.vmware.com/pdf/vsphere4/r40_u1/vsp_40_u1_mscs.pdf

The reason why this isn’t supported is due to the way the SCSI-3 command sets are changed when the NMP (Native Multipathing Plugin) Round Robin is set or when third-party multipathing software (EMC PowerPath VE) is installed.

If you try to create a cluster on an ESX host with either of these the Microsoft cluster validation check will fail on the SCSI-3 Persistent Reservation check.

If you need to run a Microsoft Cluster on a host with PowerPath VE installed you can modify the claim rules so that PowerPath VE doesn’t claim the LUNs that the cluster will be using.

Lets say for example the LUNs the Microsoft cluster will be using are LUNs 12 – 14. To modify the claim rules using the ESX COS CLI run these commands

To list the current claim rules run

esxcli corestorage claimrule list

To add claim rules that force the Microsoft cluster LUNs to be owned by the NMP (Native Multipathing Plugin) run these commands

esxcli corestorage claimrule add –rule=210 –plugin=”NMP” –lun=12 –type=”location”
esxcli corestorage claimrule add –rule=211 –plugin=”NMP” –lun=13 –type=”location”
esxcli corestorage claimrule add –rule=212 –plugin=”NMP” –lun=14 –type=”location”
esxcli corestorage claimrule load
esxcli corestorage claimrule run

NOTE – The rule number must be between 201 and 249

Run esxcli corestorage claimrule list to verify the new rules were added.

You can also use the VMware vSphere CLI 4 from a remote machine or the VMware vSphere Management Assistant (vMA). When running esxcil from either of these the commands will look like this.

esxcli –server=esxhostname –username=root corestorage claimrule add –rule=210 –plugin=”NMP” –lun=12 –type=”location” corestorage claimrule add –rule=210 –plugin=”NMP” –lun=12 –type=”location”
esxcli –server=esxhostname –username=root corestorage claimrule add –rule=211 –plugin=”NMP” –lun=13 –type=”location” corestorage claimrule add –rule=210 –plugin=”NMP” –lun=12 –type=”location”
esxcli –server=esxhostname –username=root corestorage claimrule add –rule=212 –plugin=”NMP” –lun=14 –type=”location” corestorage claimrule add –rule=210 –plugin=”NMP” –lun=12 –type=”location”
esxcli –server=esxhostname –username=root corestorage claimrule load
esxcli –server=esxhostname –username=root corestorage claimrule run

esxcli –server=esxhostname –username=root corestorage claimrule list

Using vSphere Host Profiles with 10G and CNA Adapters

I am currently working on a VMware vSphere project that is being built on Cisco UCS blades. The UCS blades have a single dual port CNA that acts as both an HBA and a 10G NIC.

When we tried to apply the host profile built from our reference blade we got this error message “Error during the configuration of the host: Invalid argument: Invalid argument”.

The host profiles log “pyVmomiserver.log” didn’t have any useful information and we couldn’t find anything on the web so opened a case with VMware support.

It turns out this is a known issue with 10G adapters and will be fixed in ESX 4 Update 1. The issue is that the host profile tries to set the speed/duplex of the NIC to auto but since auto isn’t an option for 10G adapters it fails.

To workaround this issue you can edit the host profile and set the NIC speed and duplex to 10000 and full. After we set the NIC speed and duplex the host profile successfully applied to the other hosts.

 

 

 

Synchronizing BlackBerry, Outlook and GMail without a BES Server

My wife recently purchased a BlackBerry Storm and wanted a way to keep her Outlook contacts and calendar in sync with her BlackBerry and Gmail. I did some research and found that it isn’t as easy as I originally thought would be.

A quick Google search pointed my to a free Google application called Google Sync that claims to sync BlackBerry contacts and calendar with Gmail.

This sounded exactly like what I was looking for so I went ahead and installed Google Sync on the BlackBerry and performed a sync. After the sync I had a big mess on my hands, there were duplicates, triplicates and quadruplicates of all of the contacts. I did some research and found that a lot people were having this same issue. Back to square 1.

After we spend a few hours cleaning up the mess I did some more research and found a better solution.

After searching the web and looking at a few different products I came up with a solution using two products;  gSyncit – http://www.daveswebsite.com/software/gsync/ and Handheld Contact – http://outlook.handheldcontact.com/support.php#contact-form

gSyncit synchronizes Outlook Contacts and Calendar with Gmail Contacts and Calendar.

Hendheld Contact synchronizes Outlook Contacts and Calendar with BlackBerry Contacts and Calendar.

gSyncit allows one way or two way synchronization and you can have multiple Outlook profiles syncing with multiple Gmail accounts.

gSyncit has a one time $15 dollar license fee and works with Outlook XP – Outlook 2007 and Windows XP – Windows 7 (32 and 64 bit editions).

Setup and configuration of gSyncit was very simple and didn’t require a reboot.

Handheld Contact is a service that has an annual fee of around $60 dollars. There is client that is installed in Outlook and on the BlackBerry.

The combination of these two products works great. I can add, edit a contact or calendar event in Outlook, Gmail or BlackBerry and it will sync over the air with the other applications.

Automating ESX 4 Installs with the Ultimate Deployment Appliance

In preparation for a vSphere 4 upgrade project I was researching the best way to automate the ESX 4 builds. Even though this is an upgrade project from vCenter 2.5 and ESX 3.5 we have found it best to rebuild the hosts instead of upgrading them. The upgrades take longer and are not as clean as fresh installs.

With ESX 3.x for our larger clients we had used a third part tool called VPloyment from Repton. It seams that Repton is no longer around I was unable to find any information on VPloyment support for ESX 4.

Since VPloyment was not an option my first thought was to script the install using a kickstart script so did some research and found out that the install options set during a manual install of ESX 4 are in a kickstart script that is saved to /root/ks.cfg. I considered putting a kickstart script on a floppy disk image or USB key and then mounting the ESX ISO with the Dell DRAC to perform the automated install. I decided against this route because it wasn’t very efficient and I would have to have a different script for every server.

The other goal I wanted to achieve was to provide a better way around preventing the installer from wiping all the VMFS LUNs that the host is connected. For manual installs we pule the fiber cables or removing the LUNs from the host before the rebuild. With this automated approach I wanted to find a more efficient option.

Enter Mike Laverick and the Ultimate Deployment Appliance (UDA). I had heard about UDA a couple years ago but never took the time to try it out because we started using VPloyment and 90% of the ESX installs I do are less than 5 hosts.

I downloaded UDA 2 from http://www.ultimatedeployment.org/uda20beta.html and using Mike Laverick’s excellent guide http://www.rtfm-ed.co.uk/?page_id=366 I tested it out using VMware Workstation for the UDA and my test ESX 4 host.

Within 30 minutes I had configured UDA and performed an automated install of ESX 4.

One of the coolest features of UDA 2 are the subtemplates that let you create your own variables for things like hostnames and IP addresses. These allow you to have one kickstart script file for any number of hosts.

Here is a short video of an install of ESX 4 in a VMware Workstation VM.

http://goview.com/?id=1e5f67a7-4b84-4b56-962a-f4eec218c412

How to copy profiles in Windows 2008 R2 and Windows 7

In Windows 2008 R2 and Windows 7, Microsoft has disabled the Copy To.. button on the User Profiles screen.

This process has been used for years to create a custom default user profiles and now they go and break that with no real workaround.

They want people to move to Windows 2008 and Windows 7 but they keep doing things like this that keep companies away from deploying it.

They say they did this because there are issues with copying user profiles and instead want you to use the methods in the KB – http://support.microsoft.com/default.aspx?scid=kb;EN-US;959753

I have had a lot of questions on this of late so I decided to do some research to figure out a workaround. Thankfully someone else has already did the work and has come up with a good workaround.

http://joeelway.spaces.live.com/blog/cns!2095EAC3772C41DB!2708.entry

Terminal Server/XenApp vs VDI

There is a lot of hype these days around VDI and it seems like every week there is some new VDI related product or company being announced. With all of these options available how is company ever to decide on which VDI solution to go with?

In my opinion you should first decide on whether or not you want to go with Terminal Services/XenApp or VDI. Both technologies offer the same advantages and feature sets but Terminal Services/XenApp has a much cheaper per user cost and is a proven solution that has been around for 12 years. VDI is cool, hip and is in all of the industry news but it is very young and still evolving.

In my opinion VDI is for special use cases and for applications that will not run in Terminal Services.

Brian Madden did a great session on this at VMworld Europe 2009.

Any company currently looking at VDI should watch this session and first decide if Terminal Services would work for them. If so you can save a lot of money in infrastructure costs by using Terminal Services/XenApp.

http://www.brianmadden.com/blogs/videos/archive/2009/03/23/terminal-services-versus-vdi-brian-s-presentation-from-vmworld-europe-2009.aspx

VMworld 2009 Updates

For anyone interested I am posting updates from VMworld 2009 on Twitter. You can access my Twitter account here.

http://twitter.com/jeremywaldrop

How to install EMC Navisphere Host Agent on Citrix XenServer 5

If you are integrating Citrix XenServer with EMC Clariion storage the Navisphere Host Agent (naviagent) can be installed in the Linux management OS (domain 0) so that the host registers with Navisphere.

1. Download the Navisphere Host Agent 6.28 from here (requires Powerlink login) - http://tinyurl.com/n5cbu2
2. Unzip and copy the RPM to the /tmp folder of the XenServer host. I use a tool from Bitvise called Tunnelier to do this – http://dl.bitvise.com/Tunnelier-Inst.exe
3. From the SSH shell go to the /tmp folder and give give yourself execute permissions to the rpm with this command “chmod 755 *.rpm”
4. Type this command to install “rpm -i naviagent-6.28.20.1.40-1.noarch.rpm”
5. Open the firewall ports using these commands

iptables -D RH-Firewall-1-INPUT -j REJECT –reject-with icmp-host-prohibited
iptables -A RH-Firewall-1-INPUT -m state –state NEW -p tcp –dport 6389 -j ACCEPT –src SPA-IP-ADDRESS
iptables -A RH-Firewall-1-INPUT -m state –state NEW -p udp –dport 6389 -j ACCEPT –src SPA-IP-ADDRESS
iptables -A RH-Firewall-1-INPUT -m state –state NEW -p tcp –dport 6389 -j ACCEPT –src SPB-IP-ADDRESS
iptables -A RH-Firewall-1-INPUT -m state –state NEW -p udp –dport 6389 -j ACCEPT –src SPB-IP-ADDRESS
iptables -A RH-Firewall-1-INPUT -m state –state NEW -p tcp –dport 6390 -j ACCEPT –src SPA-IP-ADDRESS
iptables -A RH-Firewall-1-INPUT -m state –state NEW -p tcp –dport 6390 -j ACCEPT –src SPB-IP-ADDRESS
iptables -A RH-Firewall-1-INPUT -m state –state NEW -p tcp –dport 6391 -j ACCEPT –src SPA-IP-ADDRESS
iptables -A RH-Firewall-1-INPUT -m state –state NEW -p tcp –dport 6391 -j ACCEPT –src SPB-IP-ADDRESS
iptables -A RH-Firewall-1-INPUT -m state –state NEW -p tcp –dport 6392 -j ACCEPT –src SPA-IP-ADDRESS
iptables -A RH-Firewall-1-INPUT -m state –state NEW -p tcp –dport 6392 -j ACCEPT –src SPB-IP-ADDRESS
iptables -A RH-Firewall-1-INPUT -j REJECT –reject-with icmp-host-prohibited
iptables-save >/etc/sysconfig/iptables

Reboot the host and then check Navisphere to see if the host registered.

VMware VMotion EVC Reference for Intel and Dell PowerEdge Servers

I was doing some research for a client today on Intel CPU compatibility for VMware VMotion EVC between Dell servers with 7300 series CPUs and 7400 series CPUs and came across this great PowerPoint and VMware KB.

Intel and Dell VMotion Compatibility with VMware EVC

Enhanced VMotion Compatibility (EVC) processor support

VMware Fault Tolerance Requirements and Limitations

Here are a good list of links on the new VMware FT requirements and limitations. FT is the new HA feature in vSphere 4 that offers VM level continuous availability.

CPU compatibility with FT

VMware Fault Tolerance Requirements and Limitations

Processors and guest operating systems that support VMware Fault Tolerance

Understanding VMware Fault Tolerance

vSphere 4 Availability Guide

vSphere Pre-requisites Checklist

CIFS Shares and EMC Celerra Replicator Switchover

I recently setup Celerra Repliator v2 between an old NS to a new NS to migrate CIFS shares and VDM configuration. The replication worked great and replicated 3 TB of data in about 30 hours. Once replication was complete I switched over the files system and VDM replication sessions in Celerra Manager. The switcheover went great and I was able to access the CIFS server and shares on the new NS.

When I used Celerra Manager to view the CIFS shares and CIFS server on the new NS there was nothing listed on the shares tab or CIFS servers tab. I new the shares and server was there because I could use Computer Managment MMC to connect to the CIFS server name and vew the shares.

The only I found to get the CIFS shares and server to show up in Celerra Manager was to reboot the control stations.

Anyone else know of a way to update the control station without having to reboot it?

Citrix Provisioning Server 5.1 and XenDesktop Setup Wizard

With the new version of Provisioning Server Citrix changed the management console ports from 8000 and 8001 to 54321 and 54322. The reason for this change is so that PVS can be installed on the XenDesktop Desktop Delivery Controller without port conflicts.

The port change breaks the the XenDesktop Setup Wizard because by default the setup wizard tries to communicate with PVS on ports 8000 and 8001.

To fix this you must edit the SetupToolApplication.exe.config file that is located in the “C:\Program Files\Citrix\XenDesktop Setup Wizard” folder and change the two ports from 8000 to 54321 and from 8001 to 54322.

The Provisioning Server 5.1 release notes states that you only have to change the 8000 port but in my experience I had to change both.

http://support.citrix.com/article/CTX121336

New Citrix XenDesktop Virtual Desktop Agent

Citrix just released an updated build of the XenDesktop VDA.

I was experiencing slow login times at one of my clients with the previous 3.1 build and this updated build fixed the issue.

http://support.citrix.com/article/CTX121590

Citrix XenConvert

Citrix XenConvert is a tool to migrate (P2V) physical (or virtual) Windows systems to XenServer.

XenConvert is similar to VMware Converter but without some of the advanced features and functions differently.

XenConvert is installed and executed on the source system and only one local disk can be converted at a time.

You must have 115% free space to convert a disk, the free space doesn’t have to be on the same local disk but cannot be a mapped network drive. XenConvert creates a local VHD file, mounts it as a new drive and then copies the contents of the local drive you are converting to the new VHD file.

If during the XenConvert wizard you chose to migrate to XenServer it then takes the VHD and creates an XVA (XenServer Virtual Applicance) and then moves it up to the XenServer and creates the new VM.

The process takes at least twice as long as it does with VMware Converter. Most of this time is spent copying the local disk to the local VHD file.

XenConvert does not have a feature that lets you resize the destination VHD, if your local disk is 72 GB then the virtual disk will be 72 GB.

Some other features of XenConvert include the ability to convert an offline VMDK to either a VHD or OVF and Microsoft VMs to OVF.

http://community.citrix.com/blogs/citrite/simoncr/2009/04/16/XenConvert+v2+Tech+Preview+-+OVF+and+VMDK+Support+for+XenServer

New Exchange 2007 Tools from U-BTech

I was showing a client the “Exchange Tasks 2007″ tool from U-BTech website yesterday and noticed some new free tools for Exchange 2007 and Windows 2008.

• Certificate Manager for Exchange 2007 -Exchange 2007 enables SSL within IIS by default. Using PowerShell commands, certificate creation and management is quite confusing and often results with incorrect results due to the nature of the syntax. U-BTech Solutions is providing Certificate Manager for Exchange Server 2007 freely, to ease the process with a simple, easy to use GUI.http://www.u-btech.com/products/certificate-manager-for-exchange-2007.html
• SimplyPSO – Windows Server 2008 introduces a new feature to create separate password policies for different users or groups within the same Active Directory domain. In all previous versions of the Windows Server family of products, password policy has been configured on the domain level alone. The new feature is called fine grained password policy objects and is available when the domain functionality level is set to: Windows Server 2008 native. Unfortunately, there is no simple user interface to configure Password Settings Objects in the Windows Server 2008 environment and in order to configure PSOs, we need to dive deep into the ADSI editing tool. SimplyPSO is a graphical and useful tool that can be invoked directly from the Active Directory Users and Computers snap-in. http://www.u-btech.com/products/simplypso.htm
  
• ESIEMail Protector – ESIEMail Protector (pronounced EASY Mail Protector) is a product dedicated to one goal: “Securing your email communications”. By using ESIEMail Protector you can use Encryption, Digital Signature and IRM Permissions (Information Rights Management) to secure your messaging environment, hence the name. http://www.u-btech.com/products/esiemail-protector.html

VMware Site Recovery Manager Service Account

You are probably wondering what I am talking about because the VMware Site Recovery Manager Service in the Windows Services manager runs as “Local System”.

The service account I am talking about is the one that is used by the SRM service to pair the sites together and to connect to vCenter. This is the account used for Credential Based Authentication.

I stumbled upon this after the VMware Site Recovery Manager service wouldn’t start. I looked in the log file located in the C:\Documents and Settings\All Users\Application Data\VMware\VMware Site Recovery Manager\Logs” directory. I opened the latest vmware-dr-x.log file and found this.

Failed to login to VC:

Unexpected MethodFault (vim.fault.InvalidLogin) {

dynamicType = <unset>,

msg =
“Login failed due to a bad username or password.”

As soon as I saw that in the log file I new what had happened. The admin that had installed SRM had changed his password.

I looked in the “Site Recovery Manager Administration Guide” and found a command line tool called srm-config.exe on page 86. On page 86 there is a section called “Reinitializing credential-based authentication after a user ID or password change“.

I created a new local administrator on both SRM servers named SRMAdmin, gave the account vCenter Administrator permissions and SRM Administrator permissions.

I then ran this command to change the account in SRM.

C:\Program Files\VMware\VMware Site Recovery Manager\bin>srm-config.exe -cmd updateuser -cfg ..\config\vmware-dr.xml -u SRMAdmin

After I ran this on both SRM servers I was able to start the service.

I then had to reconfigure the connection between the two SRM servers.

There isn’t really any recomendation in the admin guide about a dedicated account for SRM. The only reference to the fact that it even uses an account is on page 34 when it is talking about using Credential Based Authentication and on page 86 in the srm-config.exe section.

VMware should add this to their guide.

Citrix preps Feature Pack 1 for XenDesktop 3

The below is from Brian Madden’s blog.

Citrix will be releasing Feature Pack 1 for XenDesktop 3 at Citrix Synergy in two weeks.

Here is a list of new features.

• Multimedia redirection for Flash (or HDX MediaStream or whatever it’s called now). This just means that the remote host will send the raw flash content to the endpoint where it will be rendered locally, similar to the RAVE technology that’s been in place for media streams for the past five years.
• Improvements for general host-based motion, including Silverlight, Quicktime, dragging windows, PowerPoint animations, etc.
• VoIP soft-phone support for LAN users
• Bi-directional audio support in Vista.
• Refined smart card support, including flowing sessions between devices with different brands of readers
• Windows 7 guest support (which will be huge)

http://www.brianmadden.com/blogs/brianmadden/archive/2009/04/20/citrix-preps-feature-pack-1-for-xendesktop-3-catapulting-its-ica-features-past-ica-in-xenapp-behold-the-powers-of-competition.aspx

Advanced Access Control and the Citrix Secure Access Client

When using the Citrix Advanced Access Control (AAC) software with the Citrix Access Gateway the Secure Access Client must be installed with some additional command line arguments. The Secure Access Client must be downloaded and insalled with these command line arguments.

CitrixSAClient.exe -Q -D https://cag.company.com -i

After installing there will be a shortcut on the desktop that will take the user to the CAG login page. After login the user will be prompted to install the net6helper.dll add-on in Internet Explorer.

After this add-on is installed the user will then be connected to the VPN.

http://support.citrix.com/article/CTX114917

http://support.citrix.com/article/CTX108757

How to automatically upgrade VMware Tools

The following how-to is from this VMware KB  —  http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1010048

Before you begin

Before you perform the steps in this article, ensure that you have applied these prerequisite patches:

Note: Ensure to choose the patch for the product you are running.

• VMware ESX 3.5 Patch ESX350-200811401-SG
• VMware ESXi 3.5 Patch ESXe350-200811401-T-BG

The steps in this article require these components:

• Windows PowerShell 1.0. This version of Windows PowerShell is installed as Microsoft KB926139-v2.

  For more information, see http://www.microsoft.com/windowsserver2003/technologies/management/powershell/default.mspx.
  Note: The preceding link was correct as of July 23, 2008. If you find the link is broken, please provide feedback and a VMware employee will update the link.

• VI Toolkit. For more information, see http://vmware.com/download/download.do?downloadGroup=VI-WT-15.

Note: VMware recommends that you install NET 2.0 SP1 to avoid slow operations.

Setting all virtual machines to automatically upgrade VMware Tools

To use VI Toolkit and PowerShell to set all virtual machines to automatically upgrade VMware Tools:

1. Start VI Toolkit from Start > Programs > VMware > VMware VI Toolkit > VMware VI Toolkit.
2. Connect to the VirtualCenter Server with the command:

   connect-viserver -server <VirtualCenter Server IP address> -user <VirtualCenter User> -password <VirtualCenter password>

3. Copy the following command into the Windows VI Toolkit window:

   Foreach ($v in (get-vm)) {
   $vm = $v | Get-View
   $vmConfigSpec = New-Object VMware.Vim.VirtualMachineConfigSpec
   $vmConfigSpec.Tools = New-Object VMware.Vim.ToolsConfigInfo
   $vmConfigSpec.Tools.ToolsUpgradePolicy = “UpgradeAtPowerCycle”
   $vm.ReconfigVM($vmConfigSpec)
   }
   
   The VI Toolkit window does not display any output until the command has completed for each virtual machine. When the command is done running, a reconfigure task displays in VirtualCenter for every virtual machine.

Note: To disable this setting, follow steps 1 and 2, then copy this command into the VI Toolkit window:

Foreach ($v in (get-vm)) {
$vm = $v | Get-View
$vmConfigSpec = New-Object VMware.Vim.VirtualMachineConfigSpec
$vmConfigSpec.Tools = New-Object VMware.Vim.ToolsConfigInfo
$vmConfigSpec.Tools.ToolsUpgradePolicy = “manual”
$vm.ReconfigVM($vmConfigSpec)
}