Installing the Performance Overview Plug-In in VirtualCenter 2.5 Update 4

Symptoms:

Performance Overview is an optional plug-in available with VirtualCenter 2.5 Update 4. If the Performance Overview plug-in is installed, the Performance Overview tab in the VirtualCenter displays a single view of key performance metrics for CPU, memory, disk, and network without navigating through multiple charts.

Solution:
Prior to installing the Performance Overview plug-in:
  1. Copy the VirtualCenter 2.5 Update 4 build to the VirtualCenter Server system. Example: Copy CD contents to the VirtualCenter's local disk.

    Note    : If the contents of the folders vpx\perfCharts (iso) or bin\perfCharts (ZIP) are not copied to the local drive of the VirtualCenter Server, an Access Denied error appears when the install.bat command is run later in the installation process.

  2. If you are upgrading to VirtualCenter 2.5 Update 4, stop the VMware Infrastructure Web Access service before upgrading the VirtualCenter.
  3. Install or upgrade to VirtualCenter 2.5 Update 4 and start the VMware Infrastructure Web Access service.
  4. Download Java SE Development Kit 6u11, and install JDK 1.6.
  5. Configure the environment variables:

    1. Right-click My Computer and click Properties.
    2. In the Advanced tab, click Environment Variables.
    3. In the System variable list, select Path and click Edit.
    4. In Variable value, append C:\Program Files\Java\jdk1.6.0_11\bin\

      If an older version of JRE is present, run the following command in the command window:

      set path=C:\Program Files\Java\jdk1.6.0_11\bin\;%path%

      Note: The above command is an example. It replaces your current path. If your path already has links, you have to append to the list.

    5. In the System variable list, select JAVA_HOME and click Edit.
      If JAVA_HOME does not exist, click New and in the Variable name, enter JAVA_HOME.
    6. In Variable value, enter C:\Program Files\Java\jdk1.6.0_11
    7. Log out and log back in to the VirtualCenter Server.
To install the Performance Overview plug-in:
  1. In the command window of VirtualCenter Server system, go to the vpx/perfCharts folder, the location where the Performance Overview plug-in is available.
    If you are using the ZIP file, go to the bin\perfCharts folder.
  2. Run install.bat

Labels:

Converting a virtual machine to OVF format fails when the target does not support large files

Symptom:

  • While attempting to convert a virtual machine to an appliance (.OVF file) the process fails.
  • The source and destination are on the same volume, connected by USB and the file system does not support large files.
  • Conversion fails while creating the new virtual machine file.
  • The virtual machine is larger than 2GB.
  • An error appears in the Converter log:

    FAILURE TO CREATE Disk name= DiskLib error = 12
Solution:

This can because of an issue where Converter attempts to create a file that is too large for the file system and causes the file creation to fail.
To work around this issue, select a destination formatted with a file system that supports large files, such as NTFS.
Labels: , , ,

Enabling Support for NetQueue on Intel Gigabit adapters using the igb driver

The igb driver supports in version 1.3.8.6.3 two families of Intel Gigabit adapters.

Networking devices based on the Intel® 82575 Gigabit Ethernet Controller:

Intel® 82575EB Gigabit Network Connection
Intel® 82575EB Gigabit Backplane Connection
Intel® Gigabit VT Quad Port Server Adapter

Networking devices based on the Intel® 82576 Gigabit Ethernet Controller:

Intel® 82576 Gigabit Network Connection
Intel® Gigabit ET Dual Port Server Adapter
Intel® Gigabit EF Dual Port Server Adapter

This version of the driver driver utilizes VMware's NetQueue technology to enable Intel Virtual Machine Device Queues (VMDq). One main distinction between the two families is the number of receive queues supported. All adapters based on the Intel® 82575 Gigabit Ethernet Controller provide 4 receive queues per port, while the adapters based on the Intel® 82576 Gigabit Ethernet Controller provide 8 receive queues per port.


Solution:

Enabling VMDq

To enable VMDq:
  1. Enable NetQueue in VMkernel using VMware Infrastructure 3 Client:

    1. Choose Configuration > Advanced Settings > VMkernel.
    2. Select VMkernel.Boot.netNetqueueEnabled.

  2. Enable the igb module in the service console of the ESX Server host:

    # esxcfg-module -e igb

  3. Set the required load option for igb to turn on VMDq:

    The option IntMode=3 must exist to indicate loading in VMDq mode. A value of 3 for the IntMode parameter specifies using MSI-X and automatically sets the number of receive queues to the maximum supported (devices based on the 82575 Controller enable 4 receive queues per port; devices based on the 82576 Controller enable 8 receive queues per port). The number of receive queues used by the igb driver in VMDq mode cannot be changed.

    For a single port, use the command:

    # esxcfg-module -s "IntMode=3" igb

    For two or more ports, use a comma-separated list of values as shown in the following example (the parameter is applied to the igb-supported interfaces in the order they are enumerated on the PCI bus):

    # esxcfg-module -s "IntMode=3,3, ... 3" igb

  4. Reboot the ESX Server system.
Labels: ,

VMware ESX and ESXi 3.5 Update 3 I/O failure on SAN LUN(s) and LUN queue is blocked indefinitely

Symptoms:

One or more of the following may be present:

  • VMware ESX or ESXi host might get disconnected from VirtualCenter.
  • All paths to the LUNs are in standby state.
  • esxcfg-rescan might take a long time to complete or never completes (hung).
  • Error messages matching this pattern are repeated continually in vmkernel:
     vmkernel: cpu6:1177)SCSI: 675: Queue for device vml. has been blocked for 7 seconds.
     vmkernel: cpu7:1184)SCSI: 675: Queue for device vml. has been blocked for 6399 seconds.

    If you look at log entries previous to the first blocked message, you will see storage events and a failover attempt.
    Example:
    vmkernel: 31:19:32:26.199 cpu3:3824)Fil3: 5004: READ error 0xbad00e5
    vmkernel: 31:19:32:29.224 cpu1:3961)StorageMonitor: 196: vmhba0:0:0:0 status = 0/5 0x0 0x0 0x0
    vmkernel: 31:19:32:29.382 cpu2:1144)FS3: 5034: Waiting for timed-out heartbeat [HB state abcdef02 offset 3736576 gen 26 stamp 2748610023852 uuid 4939b0cf-c85aa695-158d-00144f021dd4 jrnl drv 4.31]
    vmkernel: 31:19:32:29.638 cpu3:1053)<6>qla2xxx_eh_device_reset(1): device reset failed
    vmkernel: 31:19:32:29.638 cpu3:1053)WARNING: SCSI: 4279: Reset during HBA failover on vmhba1:2:1 returns Failure
    vmkernel: 31:19:32:29.638 cpu3:1053)WARNING: SCSI: 3746: Could not switchover to vmhba1:2:1. Check Unit Ready Command returned an error instead of NOT READY for standby controller .
    vmkernel: 31:19:32:29.638 cpu3:1053)WARNING: SCSI: 4622: Manual switchover to vmhba1:2:1 completed unsuccessfully.
    vmkernel: 31:19:32:29.638 cpu3:1053)StorageMonitor: 196: vmhba0:2:1:0 status = 0/1 0x0 0x0 0x0
    vmkernel: 31:19:32:29.640 cpu2:1067)scsi(1): Waiting for LIP to complete...
    vmkernel: 31:19:32:29.640 cpu2:1067)<6>qla2x00_fw_ready ha_dev_f=0xc
    vmkernel: 31:19:32:30.532 cpu2:1026)StorageMonitor: 196: vmhba0:0:0:0 status = 0/2 0x0 0x0 0x0
    last message repeated 31 times
    vmkernel: 31:19:32:31.535 cpu2:1067)<6>dpc1 port login OK: logged in ID 0x81
    vmkernel: 31:19:32:31.541 cpu2:1067)<6>dpc1 port login OK: logged in ID 0x82
    vmkernel: 31:19:32:31.547 cpu2:1067)<6>dpc1 port login OK: logged in ID 0x83
    vmkernel: 31:19:32:31.568 cpu2:1067)<6>dpc1 port login OK: logged in ID 0x84
    vmkernel: 31:19:32:31.573 cpu2:1067)<6>dpc1 port login OK: logged in ID 0x85
    vmkernel: 31:19:32:31.576 cpu2:1067)<6>dpc1 port login OK: logged in ID 0x86
    vmkernel: 31:19:32:32.531 cpu2:4267)StorageMonitor: 196: vmhba0:0:0:0 status = 0/2 0x0 0x0 0x0
    last message repeated 31 times
    vmkernel: 31:19:32:32.532 cpu1:3973)StorageMonitor: 196: vmhba0:0:0:0 status = 2/0 0x6 0x29 0x0

Solution:

This issue can occur on VMware ESX servers under the following conditions:
  • Hypervisor version: VMware ESX 3.5 U3.
  • SAN hardware: Active/Passive and Active/Active arrays (Fibre Channel and iSCSI).
  • Trigger: This occurs when VMFS3 metadata updates are being done at the same time failover to an alternate path occurs for the LUN on which the VMFS3 volume resides .
A reboot is required to clear this condition.
Labels: , ,

Microsoft Distributed Transaction Coordinator and SysPrep Clones

Symptoms:

  • When using Microsoft DTC in a Cloned or Converted virtual machine you receive the following error:

    Failed to propagate transaction

  • DTC nodes cannot communicate with each other
  • You encounter EventID 4101
Solution:
This is a DTC issue, not a VMware issue.
DTC uses a unique identifier to identify the DTC node, and two nodes with the same unique identifier cannot communicate with each other.
Labels: , , ,

Unisys ES7000/7600 requires ehci USB module to be disabled for Console Manager to work

Purpose:
Unisys ES7000/7600 systems have a Console Manager application used to remotely access the partition and control the keyboard, video, mouse and storage (KVMS) from a workstation. This application uses USB for connectivity.
Console Manager does not work if the ehci (USB 2.0) driver module is loaded in ESX 3.5. When the driver module is unloaded, the Console Manager works.

Solution:

Disable the ehci module in ESX Console by running the following command:
rmmod ehci-hcd
Connect to the server using the Console Manager.

Labels: ,

Troubleshooting a Unable read partition information from this disk error in the Add Storage wizard

Error:

  • Cannot use the Add Storage wizard to format a disk with a new VMFS Datastore.
  • The Wizard reports that it is unable to read the pre-existing partition table from the disk.
  • You receive the following error:

    Unable read partition information from this disk
Purpose:

This can be caused by an inability to read inforamtion from the start of the disk or because that information is in an unexpected format. This article deals with other pre-existing partition tables that ESX does not support.
There are several different partitioning schemes that can be used on a disk. Each has a corrosponding identifying disk label. Common labels include bsd, dvh, gpt, loop, mac, msdos, pc98 or sun. Of these, only the msdos label and partitioning scheme is used by ESX. This scheme allows for up to 4 Primary partitions or Extended partitions which contain Secondary partitions. The Add Storage wizard in the VI Client repartitions and formats a volume, but only if there is no other unsupported partitioning scheme already present on the disk.

The following is an example of a GUID Partition Table (GPT) as seen by ESX, when running fdisk in the Console operating system:

[root@esx root]# fdisk -l /dev/sdb

Disk /dev/sdb: 536 MB, 536870912 bytes
255 heads, 63 sectors/track, 65 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System
/dev/sdb1 1 66 524287+ ee EFI GPT

ESX neither removes or changes this partition table, as it is not in the understood msdos partition layout. To use this volume for VMFS, the partitioning scheme and disklabel needs to be changed to msdos. This removes the partitions, and all data on the volume is no longer be available.


Solution:

The command line utility parted can be used in the Console operating system to change the label and partitioning scheme.
Caution: This removes the pre-existing partition table, and any data on the volume is no longer be available. Ensure you are operating against the correct disk.
To change the label and partitioning scheme:
  1. Find the /dev/node for the disk from its vmhbaX:Y:Z notation on a given ESX host. Run the following command:

    [root@esx ~]# esxcfg-vmhbadevs -q
    On ESX 3.x: vmhba1:0:3 /dev/sdb
    On ESXi 3.x: vmhba1:0:3 /vmfs/devices/disks/naa.6001e4f02cc632001033b31a09de3611

  2. Start parted to analyze the existing partition. Print the existing partition information, taking note of the Partition Table, size, and name. Ensure this is the data intended to be removed. Run the following commands:

    [root@esx ~]# parted /dev/sdb
    GNU Parted 1.8.1
    Using /dev/sdb
    Welcome to GNU Parted! Type 'help' to view a list of commands.

    (parted) print
    Disk geometry for /dev/sdb: 0.000-512.000 megabytes
    Disk label type: gpt
    Number Start End Size File system Name Flags
    1 17.4kB 134MB 134MB Microsoft reserved partition msftres

  3. Change the partition table (disklabel) type to msdos. This deletes the pre-existing partitions. Print the partition table again to observe the changes. Quit parted. Run the following commands:

    (parted) mklabel msdos

    (parted) print
    Disk geometry for /dev/sdb: 0.000-512.000 megabytes
    Disk label type: msdos
    Minor Start End Type Filesystem Flags

    (parted) quit
  4. Return to the VI Client and use the Add Storage wizard again. Select the same LUN, create a new partition, and format it with a VMFS Datastore as normal.
Labels: ,

Vmware Convertor fails when source or destination do not support large files

Errors:

  • Conversion fails after you specify the source and attempt to move to the next step in the Conversion wizard.
  • You receive the following error:

    Cannot open file, since the file is too big.
  • The conversion may fail when the destination is select instead of the source as the condition is checked during both operations.
  • The log files show the following error:

    Underlying file system does not support that big files.
Solution:

Certain network protocols (such as SMB, NFS), or networked devices such as a NAS or file server (UNC) may not allow read or write operations on files over 2GB. In addition, the file system that is local to the device may lack large file support, such as the FAT32 file system.
When a networked source is selected, Converter attempts to determine if the source or destination file system supports files over 2GB. Even if the file system is capable, certain aspects of the networking protocol may not pass this information to Converter and therefore prevent proper detection. To avoid possible corruption of the files, Converter issues this error message and aborts the process instead of risking data integrity even if the file system truly supports the file size.
To work around this issue, move the source files to a different file system, use a different network protocol, or copy the files to the local file system to run the conversion.
Labels: ,

"Failed to install the VC agent service" Error Message Appears after VirtualCenter Upgrade


After applying a patch or upgrading VirtualCenter Server, I cannot connect to my ESX Server hosts from VirtualCenter. I also see the error message:
Failed to install the VirtualCenter agent service

Solution:

Either:
  • The VirtualCenter agent service was installed, but did not start properly, or
  • The VirtualCenter agent service was not installed, as the error message states.
To resolve this issue:
  1. Disable VMware High Availability (HA). Otherwise, the virtual machines might be forcibly powered down by step 2.
  2. At the service console, issue the command:

    service mgmt-vmware restart
  3. At the service console, runthe command:

    service vmware-vpxa restart

  4. Reconnect the virtual machines to VirtualCenter.
  5. Attempt to re-enable VMware High Availability (VMware HA) within VirtualCenter. If this doesn't work, this means that vpxa did not install properly.
  6. At the service console, run the command:

    rpm -qa | grep vpxa

  7. At the service console, run the "rpm -e" command on the rpm file that displayed in the previous command.

    rpm -e

    This uninstalls the agent from the ESX host. Reconnecting the host to VirtualCenter re-installs the agent.

  8. Reconnect the virtual machines in the usual manner within VirtualCenter.
  9. Re-enable VMware HA.

Labels: ,

Unable to download latest ESX patches using VMware Update Manager

Error:

  • VMware Update Manager fails to download the latest patches
  • You receive the following message when the Scheduled Task is set to run at a time rounded off to an hour:

    Unable to download latest ESX patches using VMware Update Manager
  • The logs contain the following snippet:

    [2009-02-03 12:02:22:368 'HostUpdateMetadataMgr' 2688 INFO] [hostUpdateMetadataMgr, 753] save meta data to: C:\Documents and Settings\All Users\Application Data\VMware\VMware Update Manager\Data\\hostupdate\update_metadata.xml
    [2009-02-03 12:02:22:384 'VciSigUpdateTask.SigUpdateTask{5}' 2688 INFO] [vciSigUpdateTask, 442] No new host updates.

Solution:
Workaround

Re-configure the Update Manager Scheduled Task to some random time which is not within 5-10 minutes of an given hour to avoid the hourly request spike. For example, configure Update Manager Scheduled Task to 1:17, or 2:48 — instead of 1:00 or 3:00.
Labels: , ,

USB Keyboard Does Not Work When Connected to a Rear Port of Dell PowerEdge 2950 Server

Error :

With the ESXi 3.5 Installable version on a Dell PowerEdge 2950 server running BIOS version 2.2.6, the PowerEdge server does not accept inputs from a USB keyboard.

Solution:

Connect the keyboard to one of the USB ports at the front of the PowerEdge server.
Labels: ,

ESX350-200811408-BG and ESX350-200811409-BG Cannot Be Installed on ESX Server 3.5 Update 3vmware

You might not be able to install patches ESX350-200811408-BG and ESX350-200811409-BG on an ESX Server 3.5 Update 3 host in the following scenarios:
  • The HP e1000 driver is installed on the ESX Server host by using the esx350-e1000-350.7.6.15.5vmw-134354.iso Driver CD file.
  • The ESX Server system is booted by using the esx350-e1000-350.7.6.15.5vmw-134354.iso Driver CD file, and ESX Server 3.5 Update 3 is installed by using an ISO image.
This is a known issue. As a workaround, install patch ESX350-200901406-BG. This patch updates the kernel-source and kernel-vmnix RPMs to versions later than those of patch ESX350-200811409-BG, and the patch ESX350-200811408-BG can be installed on the ESX Server host.
However, with this workaround, if any NICs HP NC360m and HP NC364m network adapters are used in a system that is booted in the service console (troubleshooting mode), then those NICs will not be recognized.
Labels: ,

VMware ESX and ESXi 3.5 U3 I/O failure on SAN LUN(s) and LUN queue is blocked indefinitely

Error:

One or more of the following may be present:

  • VMware ESX or ESXi host might get disconnected from VirtualCenter.
  • All paths to the LUNs are in standby state.
  • esxcfg-rescan might take a long time to complete or never completes (hung).
  • Error messages matching this pattern are repeated continually in vmkernel:
     vmkernel: cpu6:1177)SCSI: 675: Queue for device vml. has been blocked for 7 seconds.
     vmkernel: cpu7:1184)SCSI: 675: Queue for device vml. has been blocked for 6399 seconds.

    If you look at log entries previous to the first blocked message, you will see storage events and a failover attempt.
    Example:
    vmkernel: 31:19:32:26.199 cpu3:3824)Fil3: 5004: READ error 0xbad00e5
    vmkernel: 31:19:32:29.224 cpu1:3961)StorageMonitor: 196: vmhba0:0:0:0 status = 0/5 0x0 0x0 0x0
    vmkernel: 31:19:32:29.382 cpu2:1144)FS3: 5034: Waiting for timed-out heartbeat [HB state abcdef02 offset 3736576 gen 26 stamp 2748610023852 uuid 4939b0cf-c85aa695-158d-00144f021dd4 jrnl drv 4.31]
    vmkernel: 31:19:32:29.638 cpu3:1053)<6>qla2xxx_eh_device_reset(1): device reset failed
    vmkernel: 31:19:32:29.638 cpu3:1053)WARNING: SCSI: 4279: Reset during HBA failover on vmhba1:2:1 returns Failure
    vmkernel: 31:19:32:29.638 cpu3:1053)WARNING: SCSI: 3746: Could not switchover to vmhba1:2:1. Check Unit Ready Command returned an error instead of NOT READY for standby controller .
    vmkernel: 31:19:32:29.638 cpu3:1053)WARNING: SCSI: 4622: Manual switchover to vmhba1:2:1 completed unsuccessfully.
    vmkernel: 31:19:32:29.638 cpu3:1053)StorageMonitor: 196: vmhba0:2:1:0 status = 0/1 0x0 0x0 0x0
    vmkernel: 31:19:32:29.640 cpu2:1067)scsi(1): Waiting for LIP to complete...
    vmkernel: 31:19:32:29.640 cpu2:1067)<6>qla2x00_fw_ready ha_dev_f=0xc
    vmkernel: 31:19:32:30.532 cpu2:1026)StorageMonitor: 196: vmhba0:0:0:0 status = 0/2 0x0 0x0 0x0
    last message repeated 31 times
    vmkernel: 31:19:32:31.535 cpu2:1067)<6>dpc1 port login OK: logged in ID 0x81
    vmkernel: 31:19:32:31.541 cpu2:1067)<6>dpc1 port login OK: logged in ID 0x82
    vmkernel: 31:19:32:31.547 cpu2:1067)<6>dpc1 port login OK: logged in ID 0x83
    vmkernel: 31:19:32:31.568 cpu2:1067)<6>dpc1 port login OK: logged in ID 0x84
    vmkernel: 31:19:32:31.573 cpu2:1067)<6>dpc1 port login OK: logged in ID 0x85
    vmkernel: 31:19:32:31.576 cpu2:1067)<6>dpc1 port login OK: logged in ID 0x86
    vmkernel: 31:19:32:32.531 cpu2:4267)StorageMonitor: 196: vmhba0:0:0:0 status = 0/2 0x0 0x0 0x0
    last message repeated 31 times
    vmkernel: 31:19:32:32.532 cpu1:3973)StorageMonitor: 196: vmhba0:0:0:0 status = 2/0 0x6 0x29 0x0

Solution:

This issue can occur on VMware ESX servers under the following conditions:
  • Hypervisor version: VMware ESX 3.5 U3.
  • SAN hardware: Active/Passive and Active/Active arrays (Fibre Channel and iSCSI).
  • Trigger: This occurs when VMFS3 metadata updates are being done at the same time failover to an alternate path occurs for the LUN on which the VMFS3 volume resides .
A reboot is required to clear this condition.
Labels: ,

Deploying ThinApp 4.0 packages using an Active Directory policy fails

Symptoms:
  • The application may install normally when manually installed.
  • When the computer is started it indicates that it is installing the software ThinApp packages assigned to the computer policy however when the user logs in, none of the applications have been installed.
  • ThinApp packages assigned to a computer using an Active Directory policy fail to install automatically.
  • The following events appears in the Event Log:
    • Event ID 102
      The install of application "Package Name" from policy "Policy Name" failed. The error was The installation source for this product is not available. Verify that the source exists and that you can access it.
    • The reinstall of application (VMware ThinApp) from policy Virtual Desktops failed. The error was : The installation source for this product is not available. Verify that the source exists and that you can access it.
    • The removal of the assignment of application (VMware ThinApp) from policy Virtual Desktops succeeded.
  • Solution

This issue occurs when the NT Authority/System user is being used to access the ThinApp .MSI package file from a network share. This account cannot be used to access a network share managed by a domain. The package fails to install because it cannot be access by the computer for installation.
To resolve this issue, create a network shared folder to store the .MSI package files and assign read access rights to the Domain Computers security group.
Labels: ,

Verbose logging for VMware Infrastructure Client

The purpose of using Verbose logging is for troubleshooting with VI client to observe detailed logs.


To see these logs, you need invoke the Vpx Client from the command line using the following command:

VpxClient.exe -log +sd
For example:

%ProgramFiles%\VMware\Infrastructure\Virtual Infrastructure Client\Launcher\VpxClient.exe -log +sd

This enables verbose logging for the VI Client.
Labels:

Error" Creating a quiesced snapshot failed because the created snapshot operation exceeded the time limit for holding off I/O in the frozen vm"

You have to disable the SYNC or VSS driver within the guest operating system to allow non-quiesced backups of the virtual machine.
Note: VMware snapshot operations (quiesced) do not provide backups of any network attached storage mounted within the guest operating system (including iSCSI LUNs mounted via in-guest iSCSI software initiator, or CIFS/NFS share mounted within the guest operating system). For information on creating backups for these types of guest accessible storage, refer to your backup solution provider or storage hardware vendor for an appropriate solution.

Disabling VSS

This applies to virtual machines created on ESX 3.5 U2 or later.
To disable the VSS driver through VMware tools, open VMware Tools in the virtual machine and select Disable guest quiescing.

Disabling SYNC

This applies to virtual machines created on ESX 3.5u2 or prior.
To disable SYNC drivers:
  1. Open Device Manager, click View, and select Show hidden devices.
  2. Expand Non-Plug and Play Drivers.
  3. Right-click Sync Driver and select Disable.
  4. Click Yes twice to disable the SYNC driver and restart the virtual machine.

Implications of workaround

After removing the VSS and SYNC driver you do not have an application consistent backup of your guest operating system. Disabling the quiescing provides only a crash consistent backup of the virtual machine. This is similar to having a host powered off abruptly, then powering it back up, any data that was stored in memory is not saved to disk.
If you are running mission critical applications like Exchange, SQL, or Oracle, they require a separate backup process or workaround to ensure application level consistency. See Microsoft Exchange Server on a virtual machine can freeze under load when you take quiesced snapshots or use custom quiescing scripts (5962168) for an example of how to workaround quiescing operations in an Exchange environment. The same concepts within the article can be applied to most applications.
Labels:

How to Configure Vmware Networking using Service Console

  1. Ensure the network adapter you want to use is currently connected

    [root@server root]# esxcfg-nics –l
    Name PCI Driver Link Speed Duplex Description
    vmnic0 06:00.00 tg3 Up 1000Mbps Full Broadcom Corporation NetXtreme BCM5721 Gigabit Ethernet
    vmnic1 07:00.00 tg3 Up 1000Mbps Full Broadcom Corporation NetXtreme BCM5721 Gigabit Ethernet

    Up indicates that the network adapter is available and functioning.
  1. List the current virtual switches

    [root@server root]# esxcfg-vswitch –l
    Switch Name Num Ports Used Ports Configured Ports Uplinks
    vSwitch0 32 3 32 vmnic0

    PortGroup Name Internal ID VLAN ID Used Ports Uplinks
     VM Network portgroup2 0 0 vmnic0

    In the above example, there exists a virtual machine network named "VM Network" and no Service Console portgroup. For illustration, we will create a new virtual switch and place the service console portgroup on it.

  2. Create a new virtual switch:

    [root@server root]    # esxcfg-vswitch –a vSwitch1

  3. Create the Service Console portgroup on this new virtual switch:

    [root@server root]# esxcfg-vswitch –A “Service Console” vSwitch1

    Because there is a space in the name we chose (Service Console), we must enclose it in quotation marks.

  4. Uplink vmnic1 to the new virtual switch:

    [root@server root]# esxcfg-vswitch –L vmnic1 vSwitch1

  5. If you need to assign a VLAN, use the command:

    [root@server root]# esxcfg-vswitch -v -p “Service Console” vSwitch0

    where is the VLAN number. A zero here specifies no VLAN.

  6. Verify the new virtual switch configuration:

    [root@server root]# esxcfg-vswitch –l

    Switch Name Num Ports Used Ports Configured Ports Uplinks
    vSwitch0 32 3 32 vmnic0

    PortGroup Name Internal ID VLAN ID Used Ports Uplinks
     Service Console portgroup5 0 1 vmnic0

    Switch Name Num Ports Used Ports Configured Ports Uplinks
    vSwitch1 64 1 64 vmnic1

     PortGroup Name Internal ID VLAN ID Used Ports Uplinks
    Service Console portgroup14 0 1 vmnic1

  7. Create the vswif (Service Console) interface. For example:

    [root@server root]# esxcfg-vswif –a vswif0 –i 192.168.1.10 –n 255.255.255.0 –p “Service Console”
    [‘Vnic’ warning] Generated New Mac address, 00:50:xx:xx:xx:xx for vswif0

    Nothing to flush.

  8. Verify the configuration:

    [root@esx]# esxcfg-vswif –l
    Name Port Group IP Address Netmask Broadcast Enabled DHCP
    v    swif0 Service Console 192.168.1.10 255.255.255.0 192.168.1.255 true false
Labels:

Foundry Server Iron SSL Management

Here is the example how to import SSL Certificate to Foundry Server iron

Login(telnet) to Foundry load balancer and enter sh config

you will find as mentioned below

ssl profile public_ssl
keypair-file public_key09
certificate-file public_cert09
cipher-suite all-cipher-suites
enable-certificate-chaining
session-cache off

Make note of existing keypair and Certificate file and logon to Apache server or Linux server where Certificate located

eg, in my case i have my cert at /opt/prikey.key and servercrt.crt

scp /opt/prikey.key root@x.x.x.x(foundry ip):sslkeypair:prikey.key:pem

scp /opt/servercrt.crt root@x.x.x.x(foundry ip):sslcert:servercrt.crt:pem

Verify file whether uploaded to foundry by using below command

sh ssl key*

Sh ssl Cert*

Then, unbind the existing SSL to bind new uploaded cert


server virtual public_ssl X.X.X.X
port default disable
port http
port ssl sticky
no port ssl ssl-terminate
no bind ssl server_real http server_real http


end

write mem


Update SSL Profile

ssl profile public_ssl
keypair-file prikey.key
certificate-file servercrt.crt
cipher-suite all-cipher-suites
enable-certificate-chaining
session-cache off

Again bind Virtual server to the profile public_ssl

server virtual public_ssl X.X.X.X
port default disable
port http
port ssl sticky
port ssl ssl-terminate
bind ssl server_real http server_real http

end

Write mem

you are done!
Labels:

Extract Pem Private key from PFX Certificate

This will help to extract pem private key from PFX certificate.

If you want to extract private key from a pfx file and write it to PEM file
openssl.exe pkcs12 -in publicAndprivate.pfx -nocerts -out privateKey.pem

If you want to extract the certificate file (the signed public key) from the pfx file
openssl.exe pkcs12 -in publicAndprivate.pfx -clcerts -nokeys -out publicCert.pem

To remove the password from the private key file.
openssl.exe rsa -in privateKey.pem -out private.pem

This is required as, at the time of exporting privateKey, you have added a password to the private key to secure it. If you left the password with it, it will keep asking the password as any application tries to access it.
Labels: ,

convert PFX file to Cert and Private Key

This tips will help you to extract Server crt and Private key from PFX certificate.

Make sure you have installed OPENSSL on the system and follow the steps mentioned below

To convert the .pfx file to a file that your Apache server will understand Run the following command using OPENSSL:

1. To export the Private key file from the .pfx file

openssl pkcs12 -in filename.p12 -nocerts -out privatekey.key

2. To export the Certificate file from the .pfx file
.
openssl pkcs12 -in filename.p12 -clcerts -nokeys -out sslcert.crt

Remove passphrase from Certificate

You'll need to remove the encryption from the server's private key. First look up where it is, look for "SSLCertificateKeyFile" in your /etc/httpd/conf/httpd.conf.

Then do "openssl rsa -in oldprivatekey.key -out " newprivatekey.key

As choose a different filename. Now change the httpd.conf file so "SSLCertificateKeyFile" points to the newly created file.

Note that, if this private key is stolen, your server is no longer secure, since the key is now no longer protected by a passphrase!
Copy Certs to respective directories in apache and restart apache server.

You are done!
Labels: ,

"OpenSSL:error:0B080074:x509 certificate routines:x509_check_private_key:key values mismatch"

This problem will occur if the private key and certificate do not match.To resolve this problem, specify the correct private key for the certificate. Compare the modulus of the certificate against the modulus of the private key to see if they match. Follow these steps:

1. View the certificate modulus using the following command:

openssl x509 -noout -text -in www.mydomain.com.crt –modulus



2. View the key using the following command:

openssl rsa -noout -text -in www.mydomain.com.key –modulus


3. Verify the following:

o Verify that the certificate and private key is saved in notepad/vi and that it has no trailing spaces.
o The "modulus" and "public exponent" portions in the key and the certificate must match exactly.
o Verify the modulus of the default server.key file as the CSR could have been generated off this key.
o You should also check the httpd.conf file to make sure that the directives are pointing to the correct private key and certificate.
o Search for all private keys on your server and compare the modulus. Use the following commands: locate "*.key" or find / -name "*.key"

4. If they do not match, you will have to reissue your certificate.


Labels:

Installing SSL Certificate - Apache 2.x

Once your SSL certificate has been signed and issued,Go Daddy® will send you an e-mail message that allows you to download the signed certificate and our intermediate certificate bundle, both of which must be installed on your Web site.

Note: You must use the provided certificate-download link within three days of receiving the certificateissuance e-mail message. If the download link is allowed to expire, you must request a certificate re-key in order to retrieve your signed SSL certificate.

Follow the instructions below to download and install an SSL certificate on your Web server.

Note: Before you install your issued SSL certificate you must install our intermediate certificate bundle (null) on your Web server. You may also download the intermediate certificate bundle from the repository.

Installing SSL Certificate and the Intermediate Certificate
i. Copy your issued certificate, intermediate certificate and key file (generated when you created the Certificate Signing Request (CSR)) into the directory that you will be using to hold your certificates.

ii. Open the Apache ssl.conf file and add the following directives:
* SSLCertificateFile /path to certificate file/your issued certificate
* SSLCertificateKeyFile /path to key file/your key file
* SSLCertificateChainFile /path to intermediate certificate/null

iii. Save your ssl.conf file and restart Apache.
Labels: ,
Subscribe to: Posts (Atom)