Netbackup 7 Permissions needed to Backup VM’s in vCenter 4.x

Summary:
Symantec will tell you that full administrator is needed to backup systems properly.  It is the easiest way, but I’m here to tell you that is not required.  There are two things that need to be done:
  1. Create a proper security role
  2. Apply that role to the various different nodes in vCenter
Details: (Update to Role Perms can be found here.)
Role Permissions needed (we’ll call it Netbackup Role):
Privilege Group Privilege(s) to Enable
Datastore Allocate Space
Browse Datastore
Low level file operations
Global Licenses
Configuration Add existing disk
Add new disk
Change resource
Disk lease
Remove disk
Settings
Provisioning Allow disk access
Allow read-only disk access
Allow virtual machine download
State Create Snapshot
Remove Snapshot
Next, you need to apply permissions to the correct nodes in vCenter:
  1. Apply the Netbackup service account w/ the Netbackup Role to the vCenter Node.
    1. Propagate down if you want everything under the vCenter node to be backed up.  If not, then do not check the ‘propagate’ checkbox and continue to next steps.
    2. vCenter Node
  2. If you are continuing, that means you probably have multiple datacenters.  Next is to simply apply the Netbackup service account w/ the Netbackup Role to the Datacenter’s you want to be backed up.
    1. Go ahead and propagate down for all datacenters you want backed up.  You’re finished @ this point if there are no hosts/clusters or vm’s that need to be omitted.  Otherwise continue forward.
    2. vCenter DC Node
  3. Next, to omit certain hosts/clusters, simply select the host/cluster that you would like to omit from backups, find the netbackup account under the permissions tab and change it’s role to ‘no access’ (if Netbackup has problems @ this point, you may need to change the role to ‘read-only’)
    1. This same idea applies to VM’s and folders, if you use them.
    2. vCenter Cluster Node
That’s pretty much it.  I would recommend this practice for any size shop since you never want a generic service account to have more access than it needs.  Questions?  Did I get something wrong?  Leave comments please.

Create iOS like page using Powershell

Summary:

I was simply bored w/ the standard directory listing provided by IIS and was inspired by a page I saw.  I decided to make one modeled after that one and automatically generated using PowerShell.  I added some tooltips and text below the images while I was at it.  I run this script now every 5 minutes on my server to have something pretty to look at before going to my ugly reports.

Anyway you can view a live example here:  http://techexamples.zsoldier.com

I filled up the directory w/ copies of one html file just to show what page looks like when there are lots of html files.

Here is the Powershell script: http://techexamples.zsoldier.com/Create-HTMLDefaultDirectoryPage.ps1

I utilized CSS for all images.  My next steps when I get time are to:

  1. Extract <title> tags from the html files in the directory and have them inserted into the tooltip.
  2. Preview the target report via a screenshot and place into the tooltip.
  3. Extract the apple-touch-icon tag to use the images as a link image rather than use a generic image.

Post comments if you have questions or suggestions.  I’m always interested in hearing them.

PowerCLI weirdness around Get-SCSILun and where statement

Summary:
Using a where –eq statement against the objects provided by the Get-SCSILun either the vendor or model properties ends w/ 0 objects returned.  The following is an example:
Example:
   1: Get-VMhost myESXHost | Get-SCSILun | where {$_.Model -eq "SYMMETRIX"}
   2: Get-VMhost myESXHost | Get-SCSILun | where {$_.Vendor -eq "EMC"}
These two examples will likely return 0 results because the Model property is ALWAYS 16 characters and the Vendor property is ALWAYS 8 characters.  Each property are padded w/ spaces.  How did I figure this out?  Like this:
1: $Test = Get-VMhost myESXHost | Get-SCSILun | where {$_.Model -eq "SYMMETRIX"}
   2: $Test[0].Model.Length <-- This returns 16
   3: $Test[0].Vendor.Length <-- This returns 8
Resolution:
I suggest using –like or –match when querying against these properties.  I prefer match, but to each their own.  Like so:
1: Get-VMhost myESXHost | Get-SCSILun | where {$_.Model -match "SYMMETRIX"}
   2: Get-VMhost myESXHost | Get-SCSILun | where {$_.vendor -like "EM*"}
I also found this communities post after banging my head against the wall and figuring it out myself w/ some help from marcus:
http://communities.vmware.com/message/1648743

View Composer not deleting or spinning up VM’s…

Summary:

When deleting VM’s from inventory, View Composer usually starts the job in vCenter within a few minutes.  In this case, it was not and restarting the View Composer service on vCenter didn’t fix it.

Config:

  • vCenter 4.1
  • View 4.5

Resolution:

In this particular case, one of my View Connection Broker Replica servers had shutdown and the following logs were seen on my primary connection broker:

Event Type:    Information
Event Source:    VMware View
Event Category:    VMware View
Event ID:    102
Date:        10/25/2010
Time:        11:24:51 AM
User:        NT AUTHORITY\SYSTEM
Computer:    Primary Broker Name
Description:
The failed LDAP replication attempt to Secondary-Replica Broker Name can be caused by a firewall blocking communication between this server and Secondary-Replica Broker Name or if the server is down.

By simply bringing back the secondary replica broker, the primary seems to have been able to continue w/ the jobs I had assigned it.  It seems that it was stuck until it could finally talk to the secondary broker.  Strangely enough though, this was only 1 of 4 secondary brokers that was down causing my entire environment to screech to a halt.  A bug perhaps?

Error upgrading VMware Tools.

Summary:

When attempting an automatic upgrade of tools on a RHEL VM, the above error shows up w/ no additional details in vCenter tasks & events.  This is a possible bug as the following entries show up in the VM’s vmware.log:

  •  vmx| TOOLS INSTALL Copying upgrader files from /usr/lib/vmware/tools-upgraders into guest at /tmp/vmware-root
  • vcpu-0| TOOLS INSTALL Error copying upgrader binary into guest. success = 0, HgfsStatus = 1

Resolution:

Confirm and/or create the path /tmp/vmware-root on the RHEL guest.  In my case, the /tmp/ mount was there, but the sub-directory vmware-root was not.  After creating it, the vmware tools were able to upgrade successfully.  VMWare has a KB that is somewhat related, but only mentions Windows.  I would expect VMWare to create the directory if it didn’t find it, but maybe there is some reason behind this.

Provisioning error occurred for Machine vmname01: View Composer agent initialization failed.

This error may also appear in View’s Event Log:

“View Composer agent initialization state error (6): Unknown failure (waited 0 seconds)”

View 4.5 Agent apparently still has an issues with the App-V agent or vice versa.  The “Application Virtualization Client” (sftlist) should be disabled or placed into manual mode on your Parent VM.  Rest of instructions on how to combat this can be found here: http://tech.zsoldier.com/2010/03/view-composer-agent-initialization.html

EMC Virtual Storage Integrator (VSI) 3.0.1.5 the, what I hope to be, easy explanation

Summary:
Everywhere I read and hear “oh it’s easy”.  Yes, it is, but it is so poorly implemented and explained.  The reason is that you need two pieces to make it work, Solutions Enabler and VSI itself.  Here are the steps in nutshell:
Recommended Install Steps:
  1. Install Solutions Enabler on Windows Server (Linux Server and running this locally is also an option)
    • Can be a VM, but there are some caveats if your ESX hosts connect to vMax/Symmetrix arrays.
    • Choose Complete and leave the rest of options default on install.
    • Open a cmd prompt to the install directory. (Normally C:\Program Files\EMC\SYMCLI\BIN)
    • Run the following commands:
      • stordaemon install storsrvd –autostart
      • stordaemon start storsrvd
        • The VSI 3.1.0 install guide has the above command backwards.
  2. Install Solutions Enabler on a system that will be running the vSphere Client (normally your desktop/laptop)
    • Choose Complete and leave the rest of options default on install.
  3. Install VSI on the same system running the vSphere Client and Solutions Enabler
  4. Open the vSphere Client and go to management –> EMC Storage
  5. In the Remote Server Name box, type in the name of the Windows server running Solutions Enabler in Step 1.  If all steps have been performed correctly up to this point clicking the Test Connection link will result in a ‘Passed’ as pictured below:
    • vSphereEMCVSI-Settings
  6. Next click on the array tab and plug in IP’s or DNS names for Clariion array SP’s and a username/password w/ proper rights that are appropriate.
    • Username and Password must be made on the SAN side.
    • Read-only (Monitoring) is suggested, but full admin is possible if you want to create/delete lun’s from the vSphere client.
    • Celerra is the same, but only one IP or name of Celerra Control Station is required.
    • EMC-VSI-ArrayConfig
  7. If you have Symmetrix/vMax arrays connected to your vmware environment, the version described here requires that a single LUN, for every array that your vmware environment is connected to, must be mapped to the Solutions Enabler server created in Step 1.
    • This majorly sucks if your Solutions Enabler server is a VM, this means mapping an RDM to your VM, but on a bigger scale, mapping to every ESX host that your VM is hosted on.
    • Directly from the installation guide:
      • Symmetrix arrays can only be discovered in-band; this means that at least one LUN must be accessible for that Symmetrix array.

View 4.5 Post-Synchronization Script not running?

Summary:

I have a post synchronization and power-off script that clears some McAfee reg keys, starts App-V services, and other misc. stuff (workaround from 4.0.1) that I’ve ported over to 4.5.  Essentially, I noticed when logging into my View 4.5 systems, this script was not being run for some reason.  Below is what I was seeing in my View pool settings:

ViewPostSyncGuestCustom

Notice the Yen symbols?  This likely happened when I recreated these pools and I was typing in “Romaji” instead of “US” on my Mac.  The Yen symbol is the equivalent of backslash(‘\’) on the keyboard and translates fine for most applications, not for View 4.5 apparently though.  This is likely a rare occurrence in which my Japa-cheesyness isn’t so cool.

Resolution:

Replace the Yen symbol w/ a good ‘ol US backslash(‘\’) as picture below:

ViewPostSyncGuestCustomAfter

The good news is that after making this change any new VM’s that spin-up will run the batch files correctly.

API version '4' for vCenter Server '<vCenterName>' is not supported.

Summary:
This helpful message appears when you attempt to use a VUM 4.1 PowerCLI cmdlet against a 4.0 vCenter / Update Manager version.
Resolution:
Uninstall VUM 4.1 PowerCLI and install VUM 4.0U1 PowerCLI.
Takeaway:
Read the release notes and hope that VMWare has right download link posted on their site, which as of this posting is wrong.  The link posted above is correct.
vmwaresite

Samsung Vibrant and 802.1x WEP…

If there is an easier or non-root required method to what I’ve outlined here, please I’m ALL EARS.

Summary:

I pretty much hate Samsung or Android, not sure where to direct my h8, but whatever.  I wasn’t going to let it beat me.  Essentially I needed to connect to an AP that uses 802.1x WEP, PEAP, and MSCHAPv2 radius authentication to get access.  Not that difficult on my iPhone w/ the use of profiles, but Android/Samsung wasn’t as easy.  Here it is in a nutshell:

Nitty Gritty:

  1. Follow the instructions on how to root your Vibrant.
  2. Once your vibrant has been rooted, you need to download and install the SDK.
  3. Turn off your phone’s Wifi, and turn USB debugging on (Settings –> Applications –> Development).
  4. This is where it gets interesting (Windows method):
    1. Open a command prompt, go to where you installed the SDK, tools folder. (My case was where I downloaded it which was the desktop)
    2. Type adb shell
    3. This brings you to the Android shell prompt, which starts w/ a $ symbol, now type su
      1. Your phone, if rooted properly, should pop-up w/ a permission request, touch accept or ok, can’t remember how it pops up.
    4. Once in your root the prompt should now show the # symbol.  Now type busybox cp /data/wifi/bcm_supp.conf /sdcard
      1. This copies your current WiFi config file to an area that you can pull from the phone w/o root creds.
    5. Now hit Ctrl-C to get out of the shell prompt.
    6. Type adb pull /sdcard/bcm_supp.conf C:\
      1. This places the bcm_supp.conf file on the root of your C drive.  Feel free to place it elsewhere.
    7. Open the file w/ your text editor of choice (notepad is built in, but I prefer notepad++) 
    8. If you’ve attempted configuring an 802.1x connection, you should see an entry like something below:
      1. network={
        ssid="SomethingRidiculousUsually"
        scan_ssid=1
        key_mgmt=WPA-EAP IEEE8021X
        eap=PEAP
        identity="YourUserName"
        password="YourPassword"
        phase2="auth=MSCHAPV2"
        priority=4
        }



    9. The above entry is configured for 802.1x WPA, some lines need to change as highlighted below:

      1. network={
        ssid="SomethingRidiculousUsually"
        group=WEP104 WEP40
        auth_alg=OPEN SHARED
        scan_ssid=1
        key_mgmt=IEEE8021X
        eap=PEAP
        phase1="peapver=0"
        identity="YourUsername"
        password="YourPassword"
        phase2="auth=MSCHAPV2"
        priority=1
        }

    10. Once you’ve made your changes, save the file.  Now we need to place this modified file back in the mix.

    11. In the command prompt, type adb push C:\bcm_supp.conf /sdcard


      1. The path will be different if you place the bcm_supp.conf file elsewhere.  We can’t directly copy because adb can’t run as root yet.

    12. Now type: adb shell.  Then type: su (to get into root mode).

    13. Now to apply the conf file type: busybox mv /sdcard/bcm_supp.conf /data/wifi/bcm_supp.conf

    14. Now simply hit CTRL-C to exit the console.  If everything was done correctly, you should be able to turn on your Wifi on the phone and get a successful connection to your 802.1x WEP secured AP.

Caveats


Usually domain networks require you to change your password, so you may have to do this exercise every time you change your password.  Hopefully Android fixes this.

ScsiCore: 1181: Sync CR

Summary:

One VM out of several thousands became inaccessible via network and vCenter console access (sample pictured below).  Other symptoms included:

vCenterConsole issue

Resolution:

“Trespass” or “Failover” the LUN w/ the questionable VM to another storage processor (SP).  This immediately stopped all errors and all unaffected VM’s on that LUN continued to run while releasing whatever lock was placed on the LUN causing these ‘wonky’ issues.

Other related reading from VMWare:

VMWare View 4.0.1 no desktop resources exist, but admin console shows VM’s in Ready status…

Summary:

Essentially the title sums it up.  A user tries to connect to a pool, but they get an error stating that no desktop resources are available to them.  A look @ the admin console shows either the VM is in “Ready” or “Disconnected” status.

Possible Resolutions:

  1. Reset the “VMWare View Agent” service on all or a specific VM in a pool.
  2. Reset the VM from the vCenter management console.
  3. Check your DHCP pools, make sure all addresses are not reserved already.

I believe the View admin console lacks the code to display something like ‘offline’ when it loses communication w/ a VM’s View Agent.  It’s interesting because the View broker is aware that a VM’s View Agent is offline based on it’s debug logs (Usually found under C:\Documents and Settings\All Users\Application Data\VMWare\VDM\logs), but you would never be the wiser because the admin console shows everything to be fine.  It seems that status is only updated when it ‘expects’ something back from the Agent like after initial deployment (error/timeout or ready) and user connection status change (agent initiated).

The debug logs look something like “debug-yyyy-mm-dd-######.txt”.  In it, search for the term ‘offline’.  I’ll probably open a ticket w/ VMWare.

Desktop Composer Error:VMware.Sim.Fault.AdAuthenticationFault

Summary:
This particular error occurred when I was migrating my vCenter / vComposer server to new hardware.  There were 2 successive errors that would appear in View Manager that look something as follows:

  • Pool ::Unable to remove from inventory VM /DataCenter/vm/VDIFolderName/VMName - Failed to cleanup linked clone /DDTC/vm/VDIFolderName/
  • Desktop Composer Error:; Error Type:com.vmware.SviService.AdAuthenticationFault;Error FaultActor:null; Error code:{http://schemas.xmlsoap.org/soap/envelope/}Server.generalException; Error details:[Lorg.w3c.dom.Element;@1fc1ee1


Resolution:
Essentially the system was complaining that the vComposer account that is specified under Configuration -> Server -> vCenter Servers was not part of the local administrator group (Windows side, not vCenter) of the vCenter server.  This was one part of the issue, the other half were the QuickPrep accounts, the accounts specified need to have AD rights to create/modify/delete computer accounts.  If it is not able to, this error may occur as well.  In my case, the accounts were locked out.  I unlocked them, then re-entered the passwords for each quickprep account specified.





The Username specified here, must be part of the Windows local administrator group of the vCenter/vComposer server.







The Username(s) specified here, must have AD computer modify/delete/add rights.

VMWare View (Desktop Composer Fault: Virtual Machine with input specifications already exists)

Summary

This error is caused when View Composer has some kind of hiccup and ‘thinks’ it deployed a desktop and can’t get over the fact that it failed.  There are 3 event entries that will usually show up right next to each other:

  • Desktop Composer Error:VMware.Sim.Fault.InvalidParameterFaultParam: cSpec Detail: AlreadyExist; Error Type:com.vmware.SviService.InvalidParameterFau
  • Desktop Composer Fault: Virtual Machine with input specifications already exists
  • PendingOperation-Path/that/has/been/defined/VMName

Config:

  • View 4.0.1
  • SQL 2005

Resolution:

I found this SQL script on the vmware communities board after I went through the manual hell of finding each related key.  Essentially, you need to delete all related SQL entries so View Composer can move on to start deploying VM’s again.  This script makes this job a WHOLE lot easier.

   1: DECLARE @vmdelete varchar(20);
   2: set @vmdelete = 'FAILED_VM_NAME';
   3: delete from SVI_VM_NAME where NAME = @vmdelete
   4: delete from SVI_COMPUTER_NAME where NAME = @vmdelete
   5: delete from SVI_TASK_STATE where SIM_CLONE_ID = (SELECT ID FROM SVI_SIM_CLONE WHERE (VM_NAME = @vmdelete))
   6: delete from SVI_SC_BASE_DISK_KEYS where PARENT_ID = (SELECT ID FROM SVI_SIM_CLONE WHERE (VM_NAME = @vmdelete))
   7: delete from SVI_SC_PDISK_INFO where PARENT_ID = (SELECT ID FROM SVI_SIM_CLONE WHERE (VM_NAME = @vmdelete))
   8: delete FROM SVI_SIM_CLONE WHERE (VM_NAME = @vmdelete)

Powershell –replace method and my own frustration.

Summary:
I added some code to my VMWare Infrastructure script for a new column of data to show a tooltip when clicked or hovered over.  Because I also have it export a csv file from this code, I use the –replace method to strip the html formatting.  Because of one section, more data than I wanted was being stripped.  Why?  Probably because I used this: .*>
Resolution:
Anyway here is the string I was using:
   1: foreach {$_ -replace("<p style='font-weight:bold;color:orange'>","") -replace("<p style='font-weight:bold;color:red'>","") -replace("<a class='cluster' href=./healthcheck.htm#.*> ","") -replace("</p>","") -replace ("</a>","") -replace ("<a href='#' class='tt'>","") -replace ("<span class='tooltip'><span class='top'></span><span class='middle'>Digi says... <br />.*","") -replace ("</span><span class='bottom'></span></span>","") }|

And here is how I fixed it:


   1: foreach {$_ -replace("<p style='font-weight:bold;color:orange'>","") -replace("<p style='font-weight:bold;color:red'>","") -replace("</p>","") -replace ("</a>","") -replace ("<a href='#' class='tt'>","") -replace ("<span class='tooltip'><span class='top'></span><span class='middle'>Digi says... <br />.*","") -replace ("</span><span class='bottom'></span></span>","") -replace("<a class='cluster' href=./healthcheck.htm#.*> ","")}

Simply by moving one replace statement w/ the .*> to the end of the chain solved my problem.  I still don’t quite understand, but whatever, some other time and place.

Side note:

I think I’m going to make separate properties in my report object for RAW data, add html formatted versions to other properties, and use Select statements for export to avoid this conundrum altogether. 

Battered, bruised, but alive


2010 Scripting Games--I was there!


I only wish that I had the time to finish the rest of the games.  There is always next year I suppose.

Bug? Feature? VM Hardware 7 RHEL5 32-bit running 64-bit

Summary:

Under VM Settings --> Option Tab --> General Options –> Guest Operating System, Red Hat Enterprise Linux 5 (32-bit) is selected.  However, the installed OS is actually RHEL5 64-bit.  Under VM Hardware version 4, this combination was not possible as RHEL would detect that the processor was not 64-bit capable probably because of masking.  Not that I care all that much since it seems to work fine, but what would this be considered?  A feature or a bug?  Only reason I noticed was because our Linux admins were wondering why in a set of 6 VM’s running 32-bit, this one was running a 64-bit version…

Answer: Because someone on their end screwed up and installed the wrong version, can’t completely blame them though since in version 4 they would have been denied.

Example:

bugorfeature

Side Note:

Interestingly, the Guest OS field now seems to update w/ the actual Guest OS information provided by the VMWare tools.

Rename a VM without shutting down…using storage vMotion

Summary

When renaming a VM in vCenter, underlying files and folders remain named the same as when the VM name was first designated.  This can make for a difficult recovery scenario if file/folders and names in vCenter are out of sync.

Config

  • vCenter 4.0 U1
  • ESX 4.0 U1

Solution

  1. Rename the VM in vCenter
  2. Migrate the VM to another Datastore
  3. Done!
    • If you check the VM’s settings and/or datastore, all related files/folders should now match the VM name in vCenter.

Maybe this was obvious to some folks, but it wasn’t until I was doing maintenance @ the wonderful hour of 2am that this dawned on me as a possible solution.  I’m so used to having to go through this process.

There are errors during the remediation operation…updating esx host using update manager.

Summary:

One of the greatest features of Update Manager (4.0 U1 P1) is that you can click on a cluster and remediate the whole thing.  It places one host @ a time into maintenance mode and does it’s thing.  Unless of course Update Manager happens to be a VM that resides on one of those hosts in the cluster.

Example of Error:

Update Manager VM Error

WorkAround:

  1. Update one host in your cluster manually
  2. Migrate the Update Manager VM to that updated host
  3. Remediate the entire cluster.

Rant:

I like the fact that vCenter returns such an obvious error, but why can’t it move itself to another host like any other self-respecting VM.

(Storage vMotion) Source detected that destination failed to resume.

Summary:
I had to script migrate 130+ VM’s off a clariion SAN array because of SP utilization issues to a vMAX array.  All but 3 succeeded.  1 of which exhibited the below symptoms.  The other two were a MSCS cluster, unrelated to this post.
Symptoms:
  1. Above message appears when attempting a Storage vMotion on a VM.
  2. Gets to 5% to 10% before above error appears.
  3. When VMWare’s KB1010045 does not apply as evidenced in my Summary.
Work Around:
  1. vMotion VM to another ESX host.
  2. Attempt Storage vMotion.
    • I have no clue why this worked, but whatever.  If this helps someone make their day a little easier then I’m happy.

An error occurred during installation (Mac OS X 10.6.3)

Configuration:

Mac OS X 10.6.3 (Originally installed w/ English, later changed to Japanese)

Summary:

Using Mac’s Software Update system, I was presented w/ the above error followed by “Some of the selected updates couldn’t be installed, an unexpected exception occurred.”  Deleting the contents /Library/Update did not help.  My system was running in Japanese mode.

Workaround:

Change the system back to English, run Software Update again.  Success.

 

No clue as to why I had to do this, I thought all underlying binaries were written in the same language, but I guess I might be mistaken.

PowerGUI Script Editor Menu Bar Items Grayed Out

[Update: The config file, named BarManagerLayoutFile.xml is likely responsible for this weirdness is located in your user's application data folder.  
Win7 - C:\Users\MyUserName\AppData\Quest Software\PowerGUI
WinXP - C:\Documents and Settings\MyUserName\Application Data\Quest Software\PowerGUI
Play w/ the settings changing them from False to True.  Looking @ my own, most are set to True.
]
Summary:
Weird issue, I open PowerGUI’s script editor one morning and my menu bar items are all grayed out.  This makes it so that I can't use my mouse to select File, Edit, View, Go, Debug, Tools, or Help.  Reinstallation doesn’t seem to help either.
Solution:
  1. Right-click in the menu bar area and select “Customize:”
    • powergui_customize
  2. Highlight “Menu Bar” and whatever other buttons/menus are grayed out and click the reset button.
    • PowerGUI_Customize_MenuBar
  3. The Menu Bar and other toolbars should now be un-grayed out unless they are supposed to be.
Configuration:
  • Windows 7 64-bit
  • PowerGUI Script Editor 2.0.0.1082

VM Infrastructure Powershell Summary Report v. 2.5

PowerCLI_Logo-150x150

I've completely rewritten my original summary script for much faster performance (From 20 min. to approx. 3 min. in an environment running 60 Hosts, 1300VMs, and 181 Datastores).  Nothing much has changed as far as how or what it reports on, but here is a list of changes:

  1. Much Faster Performance.
  2. CSS can be used to change mouse cursor to hand icon for table header. 
  3. vCPU and Datastore Percent numbers to highlight ‘out of spec’ numbers in customizable variables now.
  4. Custom ico file specifiable. (icon to show up in supported browsers)
  5. Custom JScript specifiable. 
  6. Added some versioning

There is still plenty to be refined about this script, but it’s pretty fast and can give you an overall picture of how your environment is doing.  Plus, it’s a good thing to put in front of management to help them understand what’s going.  I run this script about every hour so I know when I need to allocate additional datastores.

It’s not part of this posted code, but I’ve added code to link cluster names to a more detailed report that shows host information about each cluster.  I’m working on the detailed report portion as it’s still rather cludgy.  Comments are appreciated. \(^o^)/

Click here to see an example of what the generated report looks and feels like. 

Here is the code: Get-SummaryReportv2.5.ps1

VMWare Paravirtual SCSI Driver and gParted

[Update:  Windows 2008 does not require gParted.  It can extend disks on the fly.]
Summary
gParted does not detect drives using VMWare’s paravirtual scsi controller.  Unable to extend a boot partition.
Workaround
  1. Change the SCSI Controller to the LSI Logic Parallel controller.
    1. SCSIController
  2. Boot into gParted and extend the disk.
  3. Shutdown the VM and change the SCSI Controller type back to VMWare Paravirtual.
Easy Peasy!

Can't get to Google.com or YouTube.com from Japan...

Summary:
Ran into an interesting issue today.  Friend from Japan messaged me that they were having issues connecting to Google and YouTube.  I remoted into their computer and found something interesting.  Google and YouTube were resolving to IPv6 addresses.

Hypothesis:
I'm thinking Japan's ISP's are upgrading their networks to IPv6.  Still, I found it strange that even though Google and YouTube were resolving properly, the pages wouldn't render.  Only those people connected directly to their modem would likely see this issue, if you are behind a router, then this issue would likely not manifest.

Resolution:
Anyway, to resolve this issue just requires that IPv6 be unbound from the Network Adapter setting in Windows.  Below a sample screenshot from my Windows 7 VM.

Unable to apply DRS resource settings on host…

Summary:

VMWare KB 1004667 addresses a different scenario than below.

This error can also occur if a VM has issues w/ the vmxf file as evidenced by digging into the hostd.log file.  What’s interesting, the VM can be fully functional, vMotion’d, and not show a single error in vCenter.  Once you dig to find a VM is causing the issue, vMotion’ing this VM to another host, the new host begins having issues applying DRS settings.

Unable to apply DRS resource settings on host (Reason: A general system error occurred: Invalid Fault). This can significantly reduce the effectiveness of DRS.

Hostd.log (/var/log/vmware/hostd.log) contains messages similar to:

[2010-03-22 15:13:05.285 F5CA0B90 info 'Libs'] Vix: [18420 foundryFile.c:2109]: FoundryFile_Save: Failed to open file /vmfs/volumes/volumeID/vmname/vmname.vmxf

[2010-03-22 15:13:05.285 F5CA0B90 info 'Libs'] Vix: [18420 foundryFile.c:2130]: FoundryFile_Save: Failed to close file /vmfs/volumes/volumeID/vmname/vmname.vmxf, Bad file descriptor

[2010-03-22 15:13:05.285 F646DB90 info 'Vmsvc'] SaveWorkingCopy: Error: (4) A file was not found

[2010-03-22 15:13:05.285 F646DB90 info 'vm:/vmfs/volumes/volumeID/vmname/vmname.vmx'] Failed to update resource config: vim.fault.FileNotFound

[2010-03-22 15:13:05.290 F646DB90 info 'App'] AdapterServer caught exception: vim.fault.FileNotFound

Resolution:

Once the VM causing issues is identified, I noticed that the vmware.log file was growing incessantly.  This is what I found in it:

Mar 19 03:41:31.166: vmx| TOOLS received request in VMX to set option 'synctime' -> '0'
Mar 19 03:41:31.171: vmx| VMXVmdb_LoadRawConfig: Loading raw config

Then repeat about thousands of times.  Short answer, in my case, was to upgrade the tools and reboot the VM.

View Composer agent initialization state error (6): Unknown failure (waited 0 seconds)

Perhaps the most useless error message on the planet, right next to PC Load Letter.


[UPDATE: The workaround detailed below refers to quickprep only.  Versions 4.5 and above now allow you to use customization specifications in vCenter.  I'd recommend using those for easier administration, especially when expanding your environment.]


Summary:
This error message can appear when deploying View Pool from a Parent VM (aka Gold Image) that has Microsoft’s App-V 4.5 client installed:
View Composer agent initialization state error (6): Unknown failure (waited 0 seconds)
Workaround:
  • On the Parent VM, change the “Application Virtualization Client” service to manual.
  • App-VClientService
      • Next steps are completely voluntary.  The only reason I went further was so that as soon as a user logs into a View session, their App-V applications would show up immediately.
      • Create a batch/cmd file and place it on the root directory of the VM. (Commonly C:\)
        • Open Notepad
        • Paste the following two lines:
          • sc config sftlist start= auto
            sc start sftlist
        • Save the file as a bat or cmd (For this example, I’m naming mine “Custom.bat”)
    • Once you’ve snapshot your changes, all you need to do is change the following setting to use the batch file that was created in the previous step Post synchonization script.
      • QuickPrep
      • Done, this should resolve the stupid error above.
Extra Stuff
One thing the App-V / Softgrid client does is add an entry to the UserInit Key (HKLM\Software\Microsoft\Windows NT\Winlogon) in Windows.  From my understanding, best practice from MS is that your supposed to put a comma after any entry that you append to this key.  App-V 4.5 / Softgrid don’t do this.  So when you install the View Agent, make sure the key reads something like this:
  • C:\WINDOWS\system32\userinit.exe,"C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftdcc.exe","C:\Program Files\VMware\VMware View\Agent\bin\wssm.exe",
It is highly likely this was something left over from Microsoft’s acquisition of Softricity that was never corrected or left to the wayside.

VMWare Update Manager PowerCLI Released

All I can say, it’s about F’N time!  Now I can update my templates on a monthly basis.

http://www.vmware.com/support/developer/ps-libs/vumps/

Requirements:

vCenter Permissions/Roles overkill? maybe? maybe not… specifically with View 4.0.1

Related Products:
  • VMWare View 4.0.1
  • VMWare vCenter 4.0 U1
Problem Statement:
When creating a View Desktop Pool, no folder path, or datastores are presented and a whole other slew of errors should you decide NOT to grant the administrator role to the View Composer Service Account.
Resolution:
View Composer Role permissions need to be granted in 1 or 6 places in vCenter depending on how restricted the account should be.  1 place would be to grant the administrator role to the View Composer Service Account @ the vCenter Node Level and propagate down.  If the aim to to restrict access to one cluster/host, then the View Composer Role must be applied to the following areas:
Pictures are provided as an example and are not a reflection of how all vCenter servers are configured/designed.
  1. VM and Templates – Role added to Chosen Target Folder, Gold Image Folder, and the “VMWareViewComposerReplicaFolder
    1. ViewComposerReplicaFolder
  2. Hosts and Clusters – Role added to Host | Cluster
    1. ClustersViewPerms
  3. Datastores – Role added to Datastores related to Cluster or Host chosen.
    1. DatastoresViewedit
  4. Datacenter – Role added to Datacenter node, do NOT propagate the View Composer Role permission.
    1. Datacenter Perms
  5. vCenter – This would be the name of your vCenter server, Add the role to this node, do NOT propagate.
    1. vCenterPerms
  6.  Networking – All networks would need to be sorted into folders and your service account granted read-only permissions all networks or just ones you specify.
Further reading:
I came across something interesting today while I was setting up my production View environment.  One of the requirements when setting up View Composer is that it needs an account that has be part of the administrator group of the Windows OS on the vCenter server.  Not a big deal since we don’t grant access to “BuiltIn\Administrators” rights to vCenter itself.
Now granted, the service account needs rights to vCenter which is up next, requirements state that the vCenter Composer service account be granted what VMWare calls the “View Composer” Role.  ACTUAL View Composer Role Permissions needed, to break it down on one table here it is:
[UPDATED Permissions Table found HERE]
Privilege Group Privilege(s) to Enable
Folder Create Folder
Delete Folder
Datastore Browse Datastore
File Management - (This is listed in the admin guide, VMWare needs to clarify this.)  My understanding is the following:
Allocate Space
Remove File
Virtual Machine Inventory (All Rights)
Configuration (All Rights)
Interaction > Power On
Interaction > Power Off
Interaction > Suspend
Interaction > Reset
State
Provisioning > Clone
Provisioning > Allow Disk Access
Provisioning > Deploy Template
Provisioning > Read Customization Specifications
Resource Assign Virtual Machine to Resource Pool
Global Enable Methods
Disable Methods
NOT in the admin guide:
System Tag
Global Tag
Network NOT in the admin guide:
Assign Network
Sessions NOT in the admin guide:
Validate session
View and Stop sessions

vCenter 4.0 U1 Performance Statistics w/ mix of ESX 3.5 and 4.0 Hosts

Configuration:
  • ESX 4.0 U1
  • ESX 3.5 U4
  • vCenter 4.0 U1
Issue:
Discrepancy between tracked metrics and “Statistics Level” set in vCenter.  For instance, Level 1 Statistics Level in 4.0U1 now includes “CPU Ready” in historical tracking.  In vCenter 2.5, this metric was only historically tracked @ Level 3.  However, this seems to only apply to VM’s hosted on ESX 4.0 AND vCenter 4.0.  If the VM is hosted on an ESX 3.5 system, then that metric is not tracked.  Another possible cause for lack of historical metric data may be that SQL jobs are not completing properly.  See SQL Job resolution section.
Hypothesis:
I’m guessing here, but this is likely due to the way ESX 3.5 identifies the metric to vCenter which is probably as Level 3.  Below is what you might see when looking @ a VM’s performance on an ESX 3.5 and 4.0 host.
Examples:
ESX 3.5 VM w/ vCenter 4.0 Stat Lvl 2:
3.5 VM
ESX 4.0 VM w/ vCenter 4.0 Stat Lvl 2:
4.0 VM
References:
SQL Resolution:
This is something I ran into that may have been caused by someone in my group or may have happened during an upgrade.  Essentially, vCenter creates SQL jobs to rollup historical data, if one of these breaks, then you may only notice the issue when/if you change your vCenter Stats level. (New Counters don’t show up.)  In my case, a job was partially working so it would report success upon execution, but was not performing a ‘step’ because the previous step was set to quit upon success rather than proceeding to the next step.
This ‘broken’ job left me with a ‘hist_stat2’ table of 150 Million rows.  So, here are some steps to remedy something like this:
  1. Run the following against each ‘hist_stat#’ table to determine whether you need to truncate the table.  If it takes longer than 5 min to run, you might have a broken SQL job and should probably truncate the table(as long as your SQL server is performing normally)
   1: select count(*) from vpx_hist_stat3


  • The job I had problems with in particular was one named “Past Week stats rollup<databasename>”

  • Step 2 in the job was configured to “Quit the job” on success.  This step should be configured to “Go to the next step” on success.

  • WARNING: These next steps WILL delete all data against the target table and you will lose some historical performance data.  Be sure to have a backup just in case.

    • Once you’ve determined the table that hasn’t been getting rolled up, run the following command to truncate the table:
       1: truncate table vpx_hist_stat3

    iPhone 文字バケ(MojiBake) gMail

    Summary:
    Sending and receiving emails from the iPhone mail app with Japanese characters are unreadable due to mojibake.

    Details:
    This seems to only occur if you use gMail's ActiveSync option by setting up your account on the iPhone by selecting Microsoft Exchange as the account type.

    Workaround:
    To remedy this, use either POP or IMAP when setting up your 'mail' account. You can still have your iPhone sync contacts and calendars seperately.