Skip to main content

Posts

Showing posts from 2018

Emulex OneConnect OCe10102 on ESXi 6.0

Please refer to following post for basic troubleshooting of Emulex OneConnect. How to Install Proper Drivers for 3rd Party Network Adapter on ESXi 5.x I have a box uses Emulex OneConnect OCe10102 network adapters. The adapter is quite old and Emulex brand card doesn't support ESXi 6.0. I upgraded the server to ESXi 6.0 and the Emulex adapters lost. In the initial troubleshooting, I noticed that the adapters are still visible in BIOS. So it should be some driver level issues. I checked VMware Compatibility Guide . The model OCe10102 doesn't support by ESXi 6.0. If you run the following command you will still be able to see the adapters in PCI list on ESXi. [code language="perl"] esxcli hardware pci list [/code] So it indicates the adapters are not visible in ESXi since the newer Emulex driver doesn't contain the model of the adapter in ESXi 6.0 native driver. Then I uninstalled the native Emulex driver for ESXi 6.0 by the following command and rebooted the ESXi ho

How to Find Out Source of Domain Accounts Locking on vCenter Server

I wrote an article talk about how to find out which services lockout domain accounts on vCenter Server. It only applies to the scenarios that domain accounts very frequently lockout. Like every 1 second. If it's minutes, it will be hard to find out as it's manually processing. The other way to identify source is to use vSphere Web Client. The trick was told by VMware BCS team. Log in to vSphere Web Client. Go to the main page and the Events node. Search for "authen" you may see some error events. The real source is red text. User CONTOSOtest-user @192.168.1.1 .....  

Remote Manage Workgroup Windows Server 2016 Core

I wrote an article about how to manage Windows Server 2016 TP remotely . Today I had some spare time to re-build my lab environment by the latest release of Windows Server 2016 Core. It's easy to remotely manage a Windows Server in a domain, but a trick for workgroup Windows Server. Following is an improved procedure. One Windows Server 2016 Core Run sconfig command on Windows Server 2016 Core. Go to Configure Remote Management - Enable Remote Management   to enable remote management. Then enable responding to ping in same page. Enable NetBIOS protocol on the firewall by PowerShell. Set-NetFirewallRule -Name FPS-NB_Name-In-UDP -Enabled True Set-NetFirewallRule -Name FPS-NB_Name-Out-UDP -Enabled True One client Windows 10 Install Remote Server Administration Tools on the client Windows 10. Reboot the client. Open " Server Manager ". Add the Windows Server 2016 Core machine by IP address. Go to " All Servers " in " Server Manager ".

Mouse Cursor Disappeared in Remote Desktop in mRemoteNG

mRemoteNG is a very nice fork of open source remote tools. It supports multi-protocol. The official website says: mRemoteNG supports the following protocols: RDP (Remote Desktop/Terminal Server) VNC (Virtual Network Computing) ICA (Citrix Independent Computing Architecture) SSH (Secure Shell) Telnet (TELecommunication NETwork) HTTP/HTTPS (Hypertext Transfer Protocol) rlogin Raw Socket Connections But one thing makes me frustrated is the mouse cursor disappeared randomly when I try select strings in browser or notepad in remote desktop. I use Windows 10, the issue doesn't occur in Windows native remote desktop. I went through the bug list of mRemoteNG, and figured out it may be related to HiDPI of my screen.  Looks like no solution at this moment until 1.77 release. The workaround is the following: Right click desktop - Personalize - Themes . Click Mouse cursor . Change Scheme to Windows Black ...

"The Update is Not Applicable to Your Computer" When Install KB3046101

  HPE 3PAR upgrading team usually sends a per-requisites before upgrading. One thing in the guide incorrect is the Windows 2012 required patch KB3046101 .     You may see error below when you install the path on Windows 2012 server.     The update is not applicable to your computer       The reason is the version of mpio.sys and msdsm.sys on your server is higher than 6.3.9600.17809 . Usually, because the server installed KB3121261 already. You can ignore KB3046101 .

Vlan 'xxx' resolved to unsupported VLAN ID in Cisco UCS Manager

You may need only 1 IP address for blade console in Cisco UCS Manager. You can follow Understanding “Management IP” of Cisco UCS Manager to configure it. You may see warning " Vlan 'xxx' resolved to unsupported VLAN ID " when you delete existing inbound and outbound IP pools if you are trying to clean up existing management IP pools. That's because inbound IP address for blade is not cleaned. You have to go to " Equipment " -> " Chassis " -> Target chassis -> " Servers " -> Target server -> Go to " Inventory " tab -> " CIMC " tab -> Click " Change Inbound Management IP " -> Remove existing VLAN and IP pool. You will see inband IP tab is blank once it's saved. Please note, the IP address reassign back after 1 minute if you clicked " Delete Inband Configuration " instead of " Change Inbound Managemnt IP ".

Highlight Scripts in Microsoft OneNote 2016

I usually document my scripts in OneNote. It would be perfect if OneNote 2016 can highlight scripts. I found a nice plugin call " NoteHighlight2016 " for OneNote 2016. It's not only for 32 bit but also for 64 bit. You can download it in Github . The default codes are C#, SQL, CSS, JS, HTML, XML, JAVA, PHP, Perl, Python, Ruby, and CPP. But you can change the settings to show more or less in riboon.xml in the installation folder.

"x/xx on FI-A is connected by a unknown server device" on Cisco UCS

You may see following errors in ' info' category of error messages in the Cisco UCS Manager after upgrading infrastructure firmware to 3.2.x. "x/xx on FI-A is connected by a unknown server device" This is bug documented in CSCvk76095 . You have to reset the port on FI to fix it. Go to " Equipment " in Cisco UCS Manager. Go to " Fabric Interconnects " -> Go to the corresponding FI. Right-click the port x/xx -> Choose " Disable ". You will see multiple major faults. Wait for 5 seconds. Right click the port x/xx -> Choose " Enable ". All warnings disappeared after 5 mins. You may still see the warning in GUI due to cache. Relogin and check. This change impacts to one link between IOM and the FI port. You need downtime if the IOM only has a single path. I don't see any impact to ESXi blades in the pod.

"The update is not applicable to your computer" When Install Standalone Patch on Windows Server 2016

You may see error message below when installing standalone patches on Windows Server 2016. The update is not applicable to your computer It may be caused be servicing stack update is not installed on the server. Please install KB4132216 before installing the patch.

Connect to New Provisioned Raspberry Pi Less than $3

The IP configuration of new provisoined Raspberry Pi struggled me a long time. I need to connect to a monitor so I login to system and configure IP address. The problem was I don't have monitor. I only have a laptop. Last year, my old laptop dead. I connected the laptop monitor to a HDMI board to my Raspberry Pi. It's not a low cost solution, it costed me more than $10. And the monitor, cables and board looks uglily. Actually there is another solution to leveraging laptop keyboard and monitor. It's serials port to console. Something similar like when you configure Cisco network switches. Following is how to do it. I achieve that on Raspberry Pi 2. You need to buy a USB to TTL device with chipset CP2102. Connect the pins to Raspberry Pi 2. Refer here for GPIO layout. TXD > Pi RXD Pin #10 (GPIO 16) RXD > Pi TXD Pin #08 (GPIO 15) GND > Pi GND Pin #6 Connect the USB to laptop. You will see a device in 'Device Manager' needs drivers. Download driver and

Show CDP Neighbor of Cisco UCS Uplinks

There are two ways to know which network switch ports the network uplinks of Cisco UCS Fabric Interconnects are connected to. By CLI SSH to the Cisco UCS Manager. Connect to FI-A. # connect nxos a Show neighbor of network uplinks. # show cdp neighbor interface ethernet <port num> By PowerShell Make sure Cisco PowerTool (For UCS Manager) is installed. Enabling the Information Policy via UCSM GUI. Go to " Equipment " -> " Policies " tab -> "Global Policies" tab -> " Info Policy " area. Change to " Enabled ". (No impact to running blades) Open a PowerShell window. Connect to the UCS Manager. # Connect-Ucs <UCS FQDN> Show CDP neighbor details. # Get-UcsNetworkLanNeighborEntry Side notes Following command can shows network switch name, network switch ports and FI ports # Get-UcsNetworkLanNeighborEntry | Select deviceid,remoteinterface,localinterface If you prefer to enable the " Info Policy &qu

"default Keyring's certificate is invalid" in Cisco UCS Manager

You may see following error in Cisco UCS Manager: default Keyring's certificate is invalid The reason is Admin -> Key Management -> KeyRing default is expired. It's not possible to delete or change the KeyRing in GUI. You have to log in to SSH of Cisco UCS Manager and run following commands (The strings after "#"): lab-B# scope security lab-B /security # scope keyring default lab-B /security/keyring # set regenerate yes lab-B /security/keyring* # commit-buffer lab-B /security/keyring # This will result in a disconnect of the Cisco UCS Manager GUI on your client computer. Just refreshing the page after 5 seconds. It's no impact to blades.

A Huge Amount of Warnings of "Image is Deleted" in Cisco UCS Manager

A few days ago, I deleted some older firmware packages in Cisco UCS Manager. Suddenly more than 100 warnings were generated. The error messages are similar below: blade-controller image with vendor Cisco System Inc......is deleted Cause: image-deleted Clearly, it's triggered due to packages deletion. But all of my service profiles and service profile templates were using existing firmware packages. The deleted packages were not been used anywhere. I also deleted download tasks and cleaned up everything I can. The warnings still persisted. I figured out it's caused by the default firmware policy when I read a blog article . In case you are facing same issue. Please go to Servers -> Policies -> Host Firmware Packages -> default ->  Click Modify Package Versions -> Change it to available version.  

Install LXC on CentOS 7 Minimal Version

Some notes for LXC. CentOS 7 minimal version doesn't support LXC installation by default since LXC is deprecated in version 7. The new container solution is based on docker framework. There is an alternative to install LXC. Following are procedures: Install Epel (Extra Packages for Enterprise Linux) repository. # yum install epel-release Install some dependencies. # yum install perl debootstrap libvirt Now you can install LXC in the epel repository. # yum install lxc lxc-template

Cannot Open KVM Virtual Machine Manager on CentOS 7

I got following error message when I try to run KVM Virtual Machine Manager: virt-manager on SSH. Gtk-WARNING **: cannot open display: There are several things need to be checked: Make sure " X11Forwarding " is set to " yes " in /etc/ssh/sshd_config on the machine you run  virt-manager . cat /etc/ssh/sshd_config | grep "^X11" If you are using Windows to connecting SSH. The X11 need to be forwarded to an "X Window server" on top of Windows. I use xming . If you connect SSH by Putty on Windows. Please configure X11 forwarding. Go to " Connection " -> " SSH " -> " X11 ". Check " Enable X11 forwarding ". Assign xming.exe path in " X authority file for local display ". If you are using  terminal on Mac OS. You need to install  Xquartz . It configures  terminal automatically. Now you are ready to use "virt -manager ".

"Timed out waiting for the PowerShell extension to start" in Visual Studio Code

When you load a PowerShell script you may see following error messages: Timed out waiting for the PowerShell extension to start If you see error logs, following appears: The language service could not be started One possible reason is your PowerShell executive policy is set to " AllSigned ". You can find the policy by run PowerShell command below. Get-ExecutionPolicy Run the following command in an elevated PowerShell window to change the policy. Set-ExecutionPolicy -ExecutionPolicy RemoteSigned  

Cisco UCS Blade Cannot Get IP Address for KVM

You may see " The IP address to reach the server is not set " when clicking the KVM console in Cisco UCS Manager. The issue persists even Cisco UCS Manager has enough IP addresses for management. Re-acknowledge or reset CIMC cannot fix the problem. The fix procedure is go to " Equipment " -> Select the server -> " General " tab -> " Server Maintenance " -> " Decommission " the server. Wait for the decommission completed, then re-acknowledge the server. IP address will be assigned to the server after the acknowledge process is completed.

How to Specific Allowed IP Addresses in ESXi Firewall by PowerCLI

In recent LAB environment reviewing, I noticed my LAB ESXi hosts allow connections from all IP address for NTP services. This is not the best practices for the solid environment. I want to specify certain IP addresses are allowed in case of vulnerabilities in NTP services. There are a lot of blogs talking about how to enable/disable firewall ruleset but no one talks about how to do so. Following is what I figured out. Please let me know if you see anything I can improve. # Please connect to vCenter Server by Connect-ViServer before use this script. $vmhosts = Get-VMHost -Location esxiCluster foreach($vmhost in $vmhosts){ $esxcli=get-esxcli -vmhost $vmhost -V2 $ntpRuleSet = $esxcli.network.firewall.ruleset.set.CreateArgs() $ntpRuleSet.allowedall="false" $ntpRuleSet.rulesetid=" ntpClient " $esxcli.network.firewall.ruleset.set.Invoke($ntpRuleSet) $ntpAllowIP = $esxcli.network.firewall.ruleset.allowedip.add.CreateArgs() $ntpAllowIP.rulesetid=" ntpClient " $nt

ESXi Disconnects From vCenter

If you are still using Windows 2008 for vCenter Server. You may see ESXi hosts lost connection back and forth on vCenter Server after recent Windows pathing. It's not something like a heartbeat lost for a few seconds. ESXi can takes minutes to back online. You can see similar logs in vpxd.log: 2018-08-03T09:24:23.337-04:00 error vpxd[20160] [Originator@6876 sub=HttpConnectionPool-000000] [ConnectComplete] Connect failed to <cs p:00000000200ed300, TCP:XXXXXXXXXXXXXXXX:443>; cnx: (null), error: class Vmacore::SystemException(Only one usage of each socket address (protocol/network address/port) is normally permitted) 2018-08-03T09:24:23.337-04:00 error vpxd[06332] [Originator@6876 sub=Vmomi opID=HB-host-28@307067-1d257f9c] [VpxdClientAdapter] Got vmacore exception: Only one usage of each socket address (protocol/network address/port) is normally permitted   2018-08-03T09:24:23.338-04:00 error vpxd[06332] [Originator@6876 sub=Vmomi opID=HB-host-28@307067-1d257f9c] [VpxdClientAdap

Basic Concepts: Linux Disks

Disk Interface IDE (ATA): Bandwidth is 133 Mbps. IOPS is ~100. The interface can connect maximum 2 disks. SCSI: IOPS is ~ 150. It can connects 8 or 16 disks Ultrascsi320 - 320 MB/s Ultrascsi640 - 640 MB/s SATA: Bandwidth is 6 Gbps. IOPS is ~150. It can connects to 8 or 16 disks. SAS: Bandwidth is 6 Gbps. IOPS is ~200. It can connects to 8 or 16 disks. USB: Bandwidth is 480 MB/s. IOPS is vary. Linux Disks Disk (Device) Types Block : Can be accessed randomly. Unit is "block". Character : Can be accessed sequentially. Unit is "character". Disk Files (FHS) Files are under ' /dev/' . Every disk (device) is file on Linux environment. Device ID: Major : Primary device ID. To identify device type for proper drivers. Minor : Secondary device ID. It's the entree of specific device of same type of device. Create new device: # mknode [root@centos] mknode /dev/usbtest b 100 231 [root@centos] ll | grep test brw-r--r--. 1 root root 100, 231 Jul 1 11:02 us

UI Hang on "Loading" on vRealize Operations Manager (vROPs)

Sometimes you may see vROPs web UI hang, keep on "Loading", or no responding to any click. It because you are using vRealize Operations Manager 6.6 or earlier version, and your computer is touch screen. There are two ways to fix that: Disable touch screen hardware in  Device Manager . The device name usually is " HID-compliant touch screen " under " Human Interface Device " If you are using Chrome, follow the steps below: Open Chrome and browse chrome://flags . Find " Touch Events API " and disable it.

Regular Expression

Regular Expression also calls  Regexp . There are two classes regular expressions: Basic Regexp (BRE) and Extended Regexp (ERE). Regexp should be put in double quotation marks . It can be categorized to: Strings . - Can be any character. Sample: #cat /etc/fstab | grep "U..D" It returns the lines contains U, D and whatever 2 characters between its. [] - Any specified single character. Sample: #cat /etc/fstab | grep "U[ UAB ]ID" It returnes the lines contains U, I, D and U or A or B . [^] - Any character except specified single character. Sample: #cat /etc/fstab | grep "[^ AB ]ID" It returnes the lines contains I and D but no A or B in left. [[:digit:]] - All digital characters. [[:lower:]] - All lower case characters. [[:upper:]] - All upper case characters. [[:alpha:]] - All alphabet characters. [[:alnum:]] - All alphnumeric characters. [[:space:]] - All space. [[:print:]] - All visible characters and space. [[:blank:]] - Space and tab. [

Error 0x800f081f When Enable .Net 3.5 on Windows 10

When you install vSphere Client 5.x on Windows 10 computer. You may see " Enable .net 3.5 failed " message. And when you try to enable .Net 3.5 on Windows 10 manually, it shows error code 0x800f081f. This issue occures on internet blocked or policy restricted computer. The only way to avoid that is use command line to specific .Net local path and force install it. Mount the Windows 10 ISO to your computer as a new drive. Copy the path of " xxx:sourcessxs ". Run the following command. dism /online /enable-feature /featurename:netfx3 /all /limitaccess /source:xxx:sourcessxs

UCS Manager UI Fonts Size on 4K Screen

Older UCS Manager uses Java application. The UI fonts could be extremely small on high DPI screen. The fix is: Go to " C:Program Files (x86)Javajre1.8.0_171bin ". Go to " Properties " of " jp2launcher.exe ". " Compatibility " tab -> " Change high DPI settings ". Check " Override high DPI scaling behavior.... ". Select " System (Enhanced) " or " System ".  

在VMware Workstation上部署vCenter Server VCSA

网上有很多关于如何在VMware Workstation上部署vCenter Server VCSA的文章,但根据这些文章在部署过程中总是会遇到各种各样。以下是几点我总结出来的要点,仅供参考。 我假设你的实验环境里没有DNS或者域服务器,只是简单的使用VMware Workstation的DHCP服务,虚拟机的网卡选择的是“ host-only ”。以下步骤仅用于做一些快速测试时使用。 vCenter Server安装好后第一次启动的时候会检测FQDN。如果你没有DNS服务器,FQDN检测会失败。所以在安装vCenter Server时要确保“ Host Network Identity” 输入的是IP地址。 OVA文件导入后虚拟机会立刻自动启动,有时候虚拟机的网卡可能会是断开状态的。要确保网卡是连接状态。 第一次启动耗时大约15至20分钟,在没有完全启动完毕前虚拟机的控制台界面是不现实IP地址的。另外一个vCenter Server准备就绪的表现是IP地址ping得通了。 vCenter Server第一次启动后,需要打开  https://vcenter_ip:5480  继续完成vCenter Server的配置。 Administrator@vsphere.local 的密码就是你在OVA导入界面里输入的密码。 2018 5月28日更新: 在以上步骤的第四步中,你可能无法登陆root,提示验证失败。这是由于root锁死造成的,需要按照以下步骤解锁: 重启vCenter Server虚拟机。 在Photon启动界面按“ e ”键。 在第二行结尾加入" rw init=/bin/bash "。具体参考 这里 。 当你看到#提示符时,运行命令" passwd "更改root密码。 运行命令" pam_tally2 --user root "检查root密码输入错了多少次。 如果输入错误次数大于1,运行命令 " pam_tally2 --user root --reset " 解锁root账号。 重启虚拟机,现在应该可以登录了。 2018 5月31日更新: 在以上步骤的第四步中,登陆后你应该会看到vCenter Server安装向导。如果

Deploye vCenter Server Virtual Appliance on VMware Workstation

There are a lot of articles introduce how to deploy vCenter Server virtual appliance on VMware Workstation. I tried but somehow it's failed. Following are some notes for your reference if you want to deploy vCenter Server virtual appliance on VMware Workstation real quick. I assume you don't have DNS or domain servers. Native DHCP services of VMware Workstation is used. You just want to use vCenter Server for some quick testings purpose, and " host-only " NIC you want to select. vCenter Server installer validates FQDN when it's first boot up. The process fails if FQDN doesn't work. So please make sure " Host Network Identity " is IP address of the VM when you set the OVA options. The VM is immediately booted up after importing the OVA file. But VM NIC is " disconnected " status sometimes. You have to enable the NIC in VM properties real quick. You have to wait for about 15 - 20 minutes after first boot. Console screen doesn't show

Troubleshooting Network Performance of Virtual Machine

There are several layers of networking on the virtualization infrastructure. Guest operating system, Virtual Machine, ESXi driver, physical network adapters, RJ45/SFP and network switches...etc. Sometimes it's hard to say where exactly caused a problem. Especially hardware layer problems. Today I worked on a very interesting case, it may give some ideas to troubleshooting network performance issue which is caused by hardware layers. A user told me he was bothered by network performance of a virtual machine. It's slow to copy data to NFS share. But responding to "ping" command looked good. I didn't see any issue on virtual machine layer. VMware Tools was up to date, Windows OS was patched, virtual network adapter type was VMXNET3 and VM version was also up to date. When I tried to copy an image file to share folder of the virtual machine, I did see sometimes speed was fast, but sometimes not. Since I have two physical uplinks, it led me to guess it could be one of

IE 11 Window Doesn't Change Between 4K Internal and Regular External Monitors

Just a quick notes. If you use multiple monitors, some are 4K and some are regular resolution, you may see window display issue when move Internet Explorer between these monitors. Follow the KB below to change register to allow Internet Explorer 11 accommodates the monitor solutions. Internet Explorer 11 window display changes between a built-in device monitor and an external monitor

The older version of cis-upgrade-runner cannot be removed when upgrade vCenter Server 6.0

When you upgrade or patch vCenter Server 6.0 for Windows, you may see following symptoms: "The older version of cis-upgrade-runner cannot be removed. Contact your technical support group." Or error code 1063: "Installation of component VMware CIS upgrade runner failed with error code '1063'" That means the vCenter Server installer cannot find MSI files of existing vCenter Server services. It could be following reasons: You delete MSI files in "Temp" folder of the profile you used to install vCenter Server. The account you used to login and install vCenter Server was roaming profile. The profile's "Temp" folder was automatically deleted when you reboot/logoff the server. vCenter Server 6.0 for Windows is consist of lot of standalone package. The upgrading process usually uninstall old packages, and then install newer packages. So the failure doesn't impact to database or inventory data. You can re-initiate the upgrading again.

CVE-2017-5754, CVE-2017-5753 and CVE-2017-5715 (Spectre and Meltdown)

You may know there are 3 vulnerabilities recently noticed by industry. Long story to short, kernel address space exposed to hackers when processors running user space code. It's not only impact to Intel processors but also AMD and ARM. CVE-2017-5715 is a hardware issues that only apply certain firmware can fix the vulnerabilities. CVE-2017-5754 and CVE-2017-5753 need to apply OS patches to change how codes access kernel address space. Following are some useful links just for your reference. CVE-2017-5753 CVE-2017-5715 CVE-2017-5754 VMware: https://www.vmware.com/security/advisories/VMSA-2018-0002.html (For CVE-2017-5753 and CVE-2017-5715. VMware has not published anything for CVE-2017-5754 yet.) Microsoft: https://support.microsoft.com/en-gb/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution https://support.microsoft.com/en-gb/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in HPE: http://h22208.www2.hpe.com/eginfolib/