Get Dell ESX host warranty info via PowerCLI version 3

Summary:
Had a script that was doing a screen scrape of Dell's support page for warranty info.  Now they require a log in.  So it was time to finally revise my script to use Dell's wsdl (SOAP) interface.

Example:

Details:
I was able to simplify the script a bit using the code provided by Jon Gurgul to pull from Dell's provided SOAP service.  I copied the code into a Get-DellAssetInformation.psm1 file so I could call the function as a module.

The variable you should probably update is the $ServiceDescription variable to match the warranty type you expect from your boxes so you get an actual return of data.

I simply plugged this into my existing code removing the screen scrape code and this is what I ended up with:

Script:

Add-PSsnapin VMware.VimAutomation.Core

#Module code courtesy of Jon Gurgul
Import-Module C:\myModuleDirectory\Get-DellAssetInformation.psm1
$VIServer = Connect-VIServer myvCenterServer

$date            = Get-Date
$htmpath        = "C:\inetpub\wwwroot\"
$csvpath        = "C:\inetpub\wwwroot\csv\"
$htmname        = "VMHostInvReport.htm"
$csvname         = "VMHostInvReport.csv"

#You can find out what service descriptions are available by using calling the Get-DellAssetInformation module and seeing what ones are available to you. Like so:

#[xml]$AssetInfo = Get-DellAssetInformation servicetagname

#$AssetInfo.ArrayOfAsset.Asset.entitlements.entitlementdata | select ServiceLevelDescription

$ServiceDescription  = "4HR"


#Report Title appears in <title> section and shows in the browser window.
$ReportTitle     = "VM/ESX Host Inventory Data"

#IconPath is the icon that is rendered on supported web browsers tab or address bar
$IconPath        = "/images/mySuperAwesomeIcon.ico"

#AppleIconType, set this to "Apple-touch-icon" if you would like the iOS device to render a glass effect on top of your custom icon.
#Otherwise use "Apple-touch-icon-precomposed" to just use your stock image.  45x45 is recommended, but higher rez can be used.
$AppleIconType     = "apple-touch-icon-precomposed"

#AppleTouchIcon is the image that appears on an iOS and/or Android device when a home screen bookmark is created.
$AppleTouchIcon = "/images/apple-touch-icon.png"

#Stylesheet is the path where your CSS file lies.
$Stylesheet        = "./styles/style.css"

#SortScript is where the sorttable.js script resides.  This allows dynamic sorting of table information within the browser.
$SortScript     = "./scripts/sorttable.js"

#Used to generate encrypted xml password file
#New-VICredentialStoreItem -Host doesntreallymatter -User root -Password "" -File "C:\CredentialStore\yourESXiRootCreds.xml"
#xml is only valid w/ the account that created the xml file, so create it with the service account you plan to run w/ this.
$Creds = Get-VICredentialStoreItem -File C:\CredentialStore\yourESXiRootCreds.xml
$ESXServers = Get-VMHost -Server $VIServer
$ESXServerView = @()
$Count = $ESXServers.Count
While ($Count -gt 0)
{
$Count = $Count - 1
$VIESXHost = Connect-VIServer $ESXServers[($Count)].Name -User $Creds.User -Password $Creds.Password
If ($? -ne $true){}
Else{$ESXServerView += Get-VMHost -Server $VIESXHost | Get-View}
Disconnect-VIServer -Server $VIESXHost -Confirm:$false
}
#$ESXServerView = $ESXServers | Get-View
#$ServiceTagList = foreach($VMHost in $ESXServerView){($VMHost.hardware.systeminfo.OtherIdentifyingInfo | where {$_.IdentifierType.Key -eq "servicetag"}).identifierValue}
$ESXInfo = @()

Foreach ($ESX in $ESXServers){
$TargetESXServerView = $ESXServerView | where {$_.Name -eq $ESX.Name}
$NewObj         = "" | Select Cluster, Name, Model, Version, BIOs, ServiceTag, AssetTag, ShipDate, ExpiryDate
$NewObj.Cluster = $ESX.Parent.Name
$NewObj.Name    = $ESX.Name
$NewObj.Model    = $ESX.Model
$NewObj.Version    = $ESX.Version
$NewObj.BIOs    = (($TargetESXServerView.Runtime.HealthSystemRuntime.SystemHealthInfo.NumericSensorInfo | where {$_.Name -like "*BIOS*"  -and $_.SensorType -eq "Software Components"}).Name) -replace(".* BIOS ","") -replace(" .*","")
$NewObj.ServiceTag     = ($TargetESXServerView.hardware.systeminfo.OtherIdentifyingInfo | where {$_.IdentifierType.Key -eq "servicetag"}).identifierValue -replace(" ","")
$NewObj.AssetTag    = ($TargetESXServerView.hardware.systeminfo.OtherIdentifyingInfo | where {$_.IdentifierType.Key -eq "assettag"}).identifierValue -replace(" ","")

## Gets ServiceTag Info from Dell
$ServiceTag = $null
If ($NewObj.ServiceTag -eq $null -or $NewObj.ServiceTag -eq "unknown" -or $NewObj.ServiceTag -eq "") {$ServiceTag = $NewObj.AssetTag} Else {$ServiceTag = $NewObj.ServiceTag}

[xml]$AssetInfo = Get-DellAssetInformation $ServiceTag

$Warranty = $null
If ($Warranty -ne $null -or $Warranty -eq " " -and $ESX.Manufacturer -match "Dell"){$Warranty = "Expired"}
$Warranty = $AssetInfo.ArrayOfAsset.Asset.entitlements.entitlementdata | where {$_.DaysLeft -gt "0" -and $_.ServiceLevelDescription -match "$($ServiceDescription)" -and $_.EntitlementType -match "Active"}

$ShipDate = ([datetime]$AssetInfo.ArrayOfAsset.Asset.AssetHeaderData.SystemShipDate).toShortDateString()
$EndDate = ([datetime]$Warranty.EndDate).toShortDateString()

If ($Warranty -ne "Expired")
{

If ([int]$Warranty.DaysLeft -lt "15") {$EndDateHTM = "<p style=`"font-weight:bold;color:red`">$($EndDate)</p>"}

ElseIf ([int]$Warranty.DaysLeft -lt "90") {$EndDateHTM = "<p style=`"font-weight:bold;color:orange`">$($EndDate)</p>"}

ElseIf ([int]$Warranty.DaysLeft -gt "90") {$EndDateHTM = $EndDate}

}

If ($Warranty -eq "Expired") {$EndDateHTM = "<p style=`"font-weight:bold;color:red`">$($Warranty)</p>"}

$NewObj.ShipDate    = $ShipDate
$NewObj.ExpiryDate    = $EndDateHTM

$ESXInfo += $NewObj
$ShipDate = $null
$EndDate = $null
$EndDateHTM = $null
}
$Head = "<LINK REL=`"SHORTCUT ICON`" HREF=`"$($IconPath)`"><link rel=`"$($AppleIconType)`" href=`"$($AppleTouchIcon)`"/><title>$($ReportTitle)</title><link rel=`"stylesheet`" type=`"text/css`" href=`"$($Stylesheet)`"><script src=`"$($SortScript)`"></script>"
$ESXInfo | ConvertTo-Html –body "<a name=`"Data`"></a><strong>$ReportTitle $date</strong>
<br><a href=./csv/$($csvname)>(Click here to download csv copy)</a>" -head "$($Head)" | 
foreach {$_.replace("&lt;","<").replace("&gt;",">").replace("<tr><th>","<table class=`"sortable`"><thead><tr><th>").replace("</th></tr>","</th></tr></thead><tbody>").replace("</table>","</tbody><tfoot></tfoot></table>").replace("&quot;","`"")} | 
Out-File -Encoding ASCII -FilePath "$($htmpath)$($htmname)"

$ESXInfo | convertto-csv -NoTypeInformation | foreach {$_ -replace("<p style=`"`"font-weight:bold;color:orange`"`">","") -replace("<p style=`"`"font-weight:bold;color:red`"`">","") -replace("</p>","")} | Out-File -Encoding ASCII -FilePath "$($csvpath)$($csvname)"

Disconnect-VIServer -Confirm:$false -Server $VIServer

Auto-Remediation vCenter Alarm

Summary:
I've been dealing w/ issues on Emulex OCe11102-FM logging out of the vSAN Fabric and not recovering.

Long story short, it's been a firmware problem and I was able to get a alpha firmware that fixed the issue.

In the meantime, I had created a PowerCLI script to auto-remediate every hour if a degraded path was detected.  I wasn't fond of the solution, so I looked to vCenter alarms to see if I could have them do it for me.  Turns out they can, but there are caveats to this approach.

What follows is an example of how to set something like this up and details specific to the errors/configuration I was dealing with.

SOAP(y) Powershell fun w/ BT Diamond's IPAM (Part 2)

Since my initial attempt using New-WebServiceProxy failed because it didn't like the XML return from IPControl, I needed to find out why.  This is where I downloaded SOAPUI to dig in and find out why.  More importantly, I found that I could use the info from it to plug into the Invoke-WebRequest cmdlet.

[I'm going to be using Dell's web service as an example simply because it's easier from an example standpoint.  Dell's service actually works w/ the New-WebServiceProxy cmdlet.  The basic concept of what I'm doing is the exact same though.]

SOAP(y) Powershell fun w/ BT Diamond's IPAM (Part 1)

PreReq:

1. API Access
2. Powershell 2.0 +
1. I'm using 3.0 now.  I assume these examples work in 2.0 as well, but I'm too lazy to test.

This was a bit of an interesting exercise for me since I've mostly only ever used cmdlets.  I'm still using cmdlets, but calling SOAP based web services to gather information.

Here is what I've been experimenting with:

#Credentials are needed when working w/ a secure web service.

$Creds = Get-Credential

#I was able to find the correct API address by clicking the help link on the login page.  They seem to have a different web service per API instruction type.  In this case, I just want to 'get' address information thusly demonstrated below.

$IPControlGetService = New-WebServiceProxy "https://myIPControlServerNameorIP/inc-ws/services/Gets?wsdl" -Credential $creds

#This is where it gets interesting, from here I can essentially browse what properties and methods are available to me by calling the $IPControlGetService variable.

#This provides me a list of properties and methods I can call against this SOAP service.
$IPControlGetService | get-member

Roadblocks:

The downside, I was unable to successfully receive a valid xml response from IPControl that Powershell's New-WebServiceProxy cmdlet liked.  Error:
Exception calling "getDeviceByHostname" with "1" argument(s): "There is an error in XML document (1, 2947)."

Long story short, it appears to be related to the xml return 'style' being 'RPC' rather than 'Document', but I cannot say for certain.  I only noticed this while using SOAPUI to see the returned xml and noticing the 'style' property compared to that of Dell's web service.

To be continued in Part 2...Using SOAPUI and Powershell's Invoke-WebRequest cmdlet...

RacADM, Powershell, and Kerberos KeyTabs

Summary:
I was looking to automate configuration of iDRAC's (Dell Remote Admin Console) synonymous w/ iLOM and many other acronyms.  I also wanted to enable domain authentication in a somewhat secure manner.  By using a kerberos keytag, I'm able to in the very least obfuscate the username and password into a file for upload into the iDRAC.  What follows is a journey into a ridiculous realm.

PreReqs:

1. RACADM
2. ktpass
3. Powershell 3.0 (2.0 probably works too, but I was using 3.0 @ the time)
4. Your root CA's cert
1. This is so it AD Authentication can be setup

Solution:

It's not a complete solution, but hopefully it'll help you get started in your own endeavors.  Below assumes the iDRAC has been configured and is available on the network in default config.

To generate a kerbero's keytab, you simply need the name and password of a service account (this is simply a Active Directory user account) in your domain.

ktpass /pass ReallySecurePas5word /ptype KRB5_NT_PRINCIPAL /princ someserviceaccount@yourdomain.somethinglikethis.com /out C:\directoryofyourchoice\aNameThatMakesSense.keytab

$IPAddress="192.168.123.42"  #This would be the IP of your iDRAC.
$DNS1="8.8.8.8"  #These are google's DNS and likely don't know about your AD so don't use these.
$DNS2="8.8.4.4"
$myDomainName="yourdomain.somethinglikethis.com" #If it's not obvious, you want to change this to something appropriate to you.
$myRootDomain="somethinglikethis.com" # mydomainname and rootdomain may be the same, iDRAC uses this to look up a list of domain controllers defined as GC's
$nameofADGroup="domain admins" # You want to populate this a domain group that you want to have admin rights to the iDRAC.
$RootCALocation="C:\certs\myDomainsCA.cer"  # If you don't have this, you can forego it, but your authentication calls to AD will be unencrypted.
$EnableCertValidation="Enabled" #Disable this if you don't upload a root CA cert.  "Disabled" is valid
$KeyTabLocation="C:\directoryofyourchoice\aNameThatMakesSense.tab"
$NTP1="nameofNTPserver"
$NTP2="nameofNTPserver2"
$TimeZone="US/Eastern"  # You can check the GUI to see what options would be valid.
$iDracSchema="2" # 2 means that your Active Directory has not been extended w/ Dell's Schema.  If it has you can change this to 1, but I don't know if there other things you need to configure.

Write-Host "Disabling annoying error message" -ForegroundColor:Green
& 'C:\Program Files\Dell\SysMgt\rac5\racadm.exe' -r $IPAddress -u root -p calvin set iDRAC.Tuning.DefaultCredentialWarning Disabled

Write-Host "Uploading RootCA Cert" -ForegroundColor:Green
# The '-t 2' portion is specifying that you are uploading 
& 'C:\Program Files\Dell\SysMgt\rac5\racadm.exe' -r $IPAddress -u root -p calvin sslcertupload -f $RootCALocation -t 2
Write-Host "Uploading Kerberos KeyTab File" -ForegroundColor:Green
& 'C:\Program Files\Dell\SysMgt\rac5\racadm.exe' -r $IPAddress -u root -p calvin krbkeytabupload -f $KeyTabLocation

Write-Host "Configuring TimeZone" -ForegroundColor:Green
& 'C:\Program Files\Dell\SysMgt\rac5\racadm.exe' -r $IPAddress -u root -p calvin set iDRAC.Time.Timezone "$($TimeZone)"

Write-Host "Configuring NTP" -ForegroundColor:Green
& 'C:\Program Files\Dell\SysMgt\rac5\racadm.exe' -r $IPAddress -u root -p calvin set iDRAC.NTPConfigGroup.NTP1 $NTP1
& 'C:\Program Files\Dell\SysMgt\rac5\racadm.exe' -r $IPAddress -u root -p calvin set iDRAC.NTPConfigGroup.NTP2 $NTP2
& 'C:\Program Files\Dell\SysMgt\rac5\racadm.exe' -r $IPAddress -u root -p calvin set iDRAC.NTPConfigGroup.NTPEnable Enabled

Write-Host "Configuration AD User Domain" -ForegroundColor:Green
& 'C:\Program Files\Dell\SysMgt\rac5\racadm.exe' -r $IPAddress -u root -p calvin set iDRAC.UserDomain.1.Name $myDomainName

Write-Host "Configuring Enable DNS from DHCP (Needed for AD Configuration)" -ForegroundColor:Green
& 'C:\Program Files\Dell\SysMgt\rac5\racadm.exe' -r $IPAddress -u root -p calvin set iDRAC.IPv4.DNSFromDHCP Enabled
& 'C:\Program Files\Dell\SysMgt\rac5\racadm.exe' -r $IPAddress -u root -p calvin set iDRAC.IPv4Static.DNS1 $DNS1
& 'C:\Program Files\Dell\SysMgt\rac5\racadm.exe' -r $IPAddress -u root -p calvin set iDRAC.IPv4Static.DNS2 $DNS2

Write-Host "Sorry waiting 15 seconds to make sure AD recognizes configured DNS settings." -ForegroundColor:Green
Start-Sleep -Seconds 15

Write-Host "Configuring Active Directory Authentication" -ForegroundColor:Green
& 'C:\Program Files\Dell\SysMgt\rac5\racadm.exe' -r $IPAddress -u root -p calvin set iDRAC.ActiveDirectory.CertValidationEnable Enabled
& 'C:\Program Files\Dell\SysMgt\rac5\racadm.exe' -r $IPAddress -u root -p calvin set iDRAC.ActiveDirectory.DCLookupByUserDomain Enabled
& 'C:\Program Files\Dell\SysMgt\rac5\racadm.exe' -r $IPAddress -u root -p calvin set iDRAC.ActiveDirectory.DCLookupEnable Enabled
# These particular options rely upon DNS to work and setting them prior to DNS recognition causes an error.
$count = 0
While ($? -ne $true -and $count -lt 5){
$count ++
Write-Host "Sorry, I seem to have failed in setting the DC Lookup Option.  Trying again, Try count: $($count)" -ForegroundColor:Yellow
& 'C:\Program Files\Dell\SysMgt\rac5\racadm.exe' -r $IPAddress -u root -p calvin set iDRAC.ActiveDirectory.DCLookupEnable Enabled
If ($? -ne $true -and $count -eq 5){Write-Host "Unfortunately, I was unable to successfully enable Active Directory Domain Controller lookup.  Please do so manually." -ForegroundColor:Red }
Start-Sleep -Seconds 5
}
& 'C:\Program Files\Dell\SysMgt\rac5\racadm.exe' -r $IPAddress -u root -p calvin set iDRAC.ActiveDirectory.GCLookupEnable Enabled
# These particular options rely upon DNS to work and setting them prior to DNS recognition causes an error.
$count = 0
While ($? -ne $true -and $count -lt 5){
$count ++
Write-Host "Sorry, I seem to have failed in setting the GC Lookup Option.  Trying again, Try count: $($count)" -ForegroundColor:Yellow
& 'C:\Program Files\Dell\SysMgt\rac5\racadm.exe' -r $IPAddress -u root -p calvin set iDRAC.ActiveDirectory.GCLookupEnable Enabled
If ($? -ne $true -and $count -eq 5){Write-Host "Unfortunately, I was unable to successfully enable Active Directory Global Catalog lookup.  Please do so manually." -ForegroundColor:Red }
Start-Sleep -Seconds 5
}
& 'C:\Program Files\Dell\SysMgt\rac5\racadm.exe' -r $IPAddress -u root -p calvin set iDRAC.ActiveDirectory.GCRootDomain $myRootDomain
& 'C:\Program Files\Dell\SysMgt\rac5\racadm.exe' -r $IPAddress -u root -p calvin set iDRAC.ActiveDirectory.Schema 2
& 'C:\Program Files\Dell\SysMgt\rac5\racadm.exe' -r $IPAddress -u root -p calvin set iDRAC.ActiveDirectory.SSOEnable Enabled
& 'C:\Program Files\Dell\SysMgt\rac5\racadm.exe' -r $IPAddress -u root -p calvin set iDRAC.ActiveDirectory.Enable Enabled

Write-Host "Configuring Active Directory Group" -ForegroundColor:Green
& 'C:\Program Files\Dell\SysMgt\rac5\racadm.exe' -r $IPAddress -u root -p calvin set iDRAC.ADGroup.1.Domain $myDomainName
& 'C:\Program Files\Dell\SysMgt\rac5\racadm.exe' -r $IPAddress -u root -p calvin set iDRAC.ADGroup.1.Name $nameofADGroup
& 'C:\Program Files\Dell\SysMgt\rac5\racadm.exe' -r $IPAddress -u root -p calvin set iDRAC.ADGroup.1.Privilege 0x1ff

VMware vCenter Storage Monitoring Service - Provider sync failed

Summary:
This error appears to be benign, but what I found interesting was that there really wasn't an article on how to correct this error.

Resolution:
Simply restart the VMware VirtualCenter Management Webservices.

Find out Frame and LUN ID for VM RDM's from a Symmetrix/vMax Array.

Summary:
I was looking for a way to translate RDM info into a simple frame and SCSI ID.  I took my Naa.ID script and modified to look @ it in this way.  RDM's are needed for EMC based management tools, that's pretty much the only reason I use RDM's.

Usage:

1. Save the below script as a .psm1 file.
2. Import-Module Convert-LUNUuidToVMaxFrameandDeviceId.psm1 file (I happened to name my psm1 file the same as the function name.  You can name it differently if you want.)
3. Convert-LUNUuidToVmaxFrameAndDeviceId #############################
1. This'll return a Frame and Device value written to screen.
4. Below you can see how to get the LUNUUid info and how you batch the info.

Script:

# Batch scripting information
#$TVM = Get-VM 
#$Devices = $TVM.extensiondata.config.hardware.device
#$DeviceBacking = @()
#foreach ($device in $devices) {$devicebacking += $device.backing}
#$devicebacking = $devicebacking | where {$_.lunuuid -ne $null}
#foreach ($device in $devicebacking){Convert-LUNUuidToVMaxFrameandDeviceId $device.lunuuid}

Function Convert-LUNUuidToVmaxFrameAndDeviceId ($LUNUuid) {
  if ($LUNUuid.length -ne 54) { "LUNUuid must be 54 characters"; break }
  $deviceString = $LUNUUid.ToCharArray()
  # Prepended w/ Frame info.
  $device = ("Frame $($deviceString[26])$($deviceString[27])$($deviceString[28])$($deviceString[29]) Device ") 
  $device += [char][Convert]::ToInt32("$($deviceString[32])$($deviceString[33])", 16)
  $device += [char][Convert]::ToInt32("$($deviceString[34])$($deviceString[35])", 16)
  $device += [char][Convert]::ToInt32("$($deviceString[36])$($deviceString[37])", 16)
  $device += [char][Convert]::ToInt32("$($deviceString[38])$($deviceString[39])", 16)
  $device += [char][Convert]::ToInt32("$($deviceString[40])$($deviceString[41])", 16)
  return $device
}

Powershell: Convert VMware NAA value to Frame and Device ID (for vMax and Symmetrix)

Summary:
Found a script to convert the naa value to device id, but not return the frame info.  So I augmented it to parse that info out as well.

Script Module:
Function Convert-NaaIdToVmaxFrameAndDeviceId ($naa) {

  # Original -> http://vmwise.com/2012/06/01/naa-ids-and-breaking-them-apart/
  if ($naa.length -ne 36) { "NAA value must be 36 characters"; break }
  $deviceString = $naa.ToCharArray()
  # Prepended w/ Frame info.
  $device = ("Frame $($deviceString[20])$($deviceString[21])$($deviceString[22])$($deviceString[23]) Device ") 
  $device += [char][Convert]::ToInt32("$($deviceString[26])$($deviceString[27])", 16)
  $device += [char][Convert]::ToInt32("$($deviceString[28])$($deviceString[29])", 16)
  $device += [char][Convert]::ToInt32("$($deviceString[30])$($deviceString[31])", 16)
  $device += [char][Convert]::ToInt32("$($deviceString[32])$($deviceString[33])", 16)
  $device += [char][Convert]::ToInt32("$($deviceString[34])$($deviceString[35])", 16)
  return $device
}

To use it:

Save the above into a .psm1 file.
Import-Module nameofpsm1file.psm1
Convert-NaaIdToVMaxFrameAndDeviceID naa.#############################

This will return something like this: Frame #### Device ######



To use it programmatically:


Import the module

$LUNs = Get-VMHost | Get-ScsiLUN | where {$_.Model -match "SYMMETRIX"};
Foreach ($LUN in $LUNs){Convert-NaaIdToVMaxFrameAndDeviceID $_.CanonicalName}

This will return all vMax/Symmetrix LUNs attached to all hosts in your vCenter server translating the naa value to "Frame #### Device ######" format.








Stay tuned for my next module where I translate vml RDM entries into Frame and Device ID's.

SCOM Adapter Configuration for vCOPs

Summary:
I wanted to test the SCOM adapter in vCOPs to see what data I could get and see how it could be used.  Unfortunately, the VMware video demonstrating it's installation did not work for me without some tweaks.

Config:
vCOPs 5.7.1 (vApp)
SCOM Adapter Build 1036195

Installing the Adapter:

1. Log into your vCOPs admin page (Usually https://vcopsServer/admin)
2. Select the Update tab and upload the 'pak' file



3. Accept the EULA, wait.
• Pretty much the same as updating vCOPs @ this point.
4. Once completed, you need to log into the custom UI (https://vcopServer/custom) as an admin.
• If you setup LDAP and made your account an admin, you're good.  Otherwise, you can login as the same admin account as the admin page.
5. Once in the custom UI screen, hover over admin and select 'support'



6. Select the 'Info' tab, click the gear to start the 'describe' process.



7. Once the process is completed you should see the SCOM adapter available in the adapters info table.



8. Congrats, the adapter is now installed.  Next we need to configure it to pull data.
• If it's not there, you may need to restart vCOPs services.

SCOM Adapter PreReqs:

1. SQL Account w/ dataread role access to the SCOM database.
1. Windows account "MAY" work, but there may be a syntax problem.  I still need to test this more.

Configure Adapter Instance:

1. At this point, watching the video would probably be easier than me typing it out w/ screenshots.
2. If it works, GREAT!  If not, follow these next steps.
3. SSH into the UI VM.
4. Use VI to edit the scom.properties file.
1. vi $ALIVE_BASE/user/plugins/inbound/msscom_adapter3/conf/scom.properties
2. Click here if you need info on how to use VI.
5. The line you need to change is jdbcDriver=jtds to jdbcDriver=sqljdbc
6. Save your changes and now SSH into the Analytics VM and start @ step 4.
7. Once done, try configuring the adapter again.  Hopefully this solves your problem.  It certainly solved mine.

An error occurred while restarting virtual machine after taking a snapshot.

Summary:
I was receiving the above error usually immediately after netbackup attempted consolidating the backup.

VMware KB:
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1033571

My particular issue:
Seemed to revolve around the fact that I had "Storage I/O" control enabled on my datastores that was causing this issue.  It was odd that only 1 VM seemed to be affected, but after turning it off the symptoms stopped.  Reading the KB above seems to allude to this fact, but I'm still researching.

My resolution:
Turning off Storage I/O control.

UCS LDAP Authentication "Domain Users" will not work

[Update: Cisco has opened a bug for this.  Expected to be fixed in 2.2 release, but you can track the progress here: CSCui60138]

Summary:
In my previous post, I hypothesized that "Domain Users" simply contained too many members.  I was wrong.

Details:
After performing a couple of packet captures, I found that "Domain Users" was not an attribute returned in the "memberOf" property.  This seems to be a known response as "Domain Users" is typically classified as a "PrimaryGroup" and is therefore recorded in the "PrimaryGroupID" attribute.

Since UCS is only looking @ the "memberOf" attribute, "Domain Users" would not be returned.  I've made Cisco TAC aware of this discovery.  Whether it gets added as a bug or is simply relegated as a low hanging feature request is anybodies guess.  In the very least, I feel better to get this monkey off my back.

UCS Version:
2.1(1a)

UCS LDAP Workflow (as how it looked in my packet capture):

1. UCS makes a LDAP bind call querying for the entered username for its "DN" and "memberOf" attributes.
2. Once the information is returned, UCS appears to check the list of attributes in "memberOf"
3. If UCS finds a match, it essentially grants whatever role access is granted to that LDAP group.
4. UCS does query the LDAP group, but I'm unsure as to why it does this.  Seems redundant.

Additional Notes:

http://stackoverflow.com/questions/5754924/ldap-query-not-work-for-group-domain-users