420 4.2.0 RESOLVER.ADR.Ambiguous; ambiguous address in the Exchange 2010 Submission Queue

Posted on April 25, 2012 by SeanLaBrie

I ran into a problem this week where a user was sending email to an external email address and the message would leave outlook, but never arrive. Interestingly this user also could not send email to another internal user who was configured for forward to this same external address(via a contact in Active Directory). Other users were able to send messages both to the internal user (and have them forward) as well as directly to the external email address without issue.

I did some google-ing on the 420 4.2.0 RESOLVER.ADR.Ambiguous; ambiguous address and kept coming up with results that wanted me to check for duplicate proxy addresses in exchange. See this article for how to figure that out: here. After searching I was unable to find the duplicate entry, so I moved on.

What I ended up doing was deleting the external contact, re-creating it, re-set up forwarding for the internal user in question and then tested again. As soon as that contact was deleted the submission queue started to empty, and inital user who reported the problem was now able to send to both addresses, just like the other internal users.

Not an elgant fix, but I figured I’d share it anyway due to the low number of results that I found on google when searching for a resolution.

 

Posted in Exchange 2010 | Leave a comment

Give Standard Users the Ability to Manage Print Queues and Printers in MAC OS X 10.6

Posted on March 2, 2012 by SeanLaBrie

I ran into a problem the other day where the standard user accounts we have on our Apple lab computers were unable to resume the printer queues on the computers. Any time the printer queue would pause, we’d have to go and resume it with an account that has administrator permissions. Here is how I resolved this so that the standard users could resume printers and manage print queues.

First, if you’ve messed around with the cups.conf file already, set it to default CUPS config file by performing the following:

  1. Click on Go menu, Click on Go To Folder…, enter: /private/etc/cups
  2. Copy cupsd.conf.default to the desktop, rename it to cupsd.conf
  3. copy it back to /private/etc/cups, overwriting the original file.

Next Obtain user information for the standard account that needs the permission:

  1. Open System Preferences, and then go into “Accounts”
  2. Unlock the preference pane at the bottom and then right click on the user account that needs access. Click “Advanced Options…”
  3. Record the users case sensitive Account Name and the User’s ID.

Now it’s time to Make the change:

  1. Open Terminal
  2. Enter the following commands:
  3. sudo dscl . -append /Groups/lpadmin GroupMembership <User ID>
  4. and
  5. sudo dscl . -append /Groups/lpadmin GroupMembership <Account Name>
  6. Afterwards run this command to verify that both are listed in the group:
  7. dscl . -read /Groups/lpadmin

Log out and log back in as the user and verify that they can now manage print jobs, and pause and resume printers.

Posted in Apple | Leave a comment

Renewing a 3rd Party SSL Certificate on SBS 2008

Posted on February 21, 2012 by SeanLaBrie

Here is how to renew a certificate that’s expired or about to expire on your SBS 2008 Server.

  1. Open the Windows SBS Console
  2. Click on Network
  3. Click on “Add a trusted Certificate”
  4. Click “Next”
  5. Click “I want to renew my Current Trusted Certificate with the same provider” Click Next.
  6. Click Save to file and save the file.
  7. In this case we’re using godaddy, so log into the godaddy website using you username and password.
  8. Purchase a SSL renewal if you’ve not already done so and then launch your SSL Certificate control panel.
  9. Click Request Certificate on the right hand side
  10. Copy the contents of the saved file from step 6 into the CSR section of the godaddy renewal wizard. Click Next on the CSR wizard twice. Click Finished on the CSR renewal wizard.
  11. Approve the confirmation email that godaddy sends, and then log back into your SSL Certificate control panel at godaddy.
  12. Wait for the Certificate to be processed, and then download the certificate with the updated expiration date. Select the Exchange 2010 download format.
  13. Extract the files to a folder, and then return to your “Add a trusted Certificate” wizard.
  14. Select the option for “I have a certificate from my certificate provider” and then click “Next”
  15. Click the “Browse” button and select the .crt file from the folder you just created. Click “Next”.
  16. Wait for the wizard to complete. If the wizard fails follow these instructions:
  17. Right click on your .crt file and select install. Follow the wizard to install it.
  18. Open your TS Gateway Manager, verify that on the “SSL Certificate” tab the proper certificate and expiration date are listed”
  19. Open your Exchange Management Shell
  20. Run the following command and make not of the new certificate’s thumbprint. “Dir cert:\LocalMachine\MY | fl
  21. Run a “get-exchangecertificate | fl” to see a list of all certificates and what services they are tied to.
  22. Verify that the newly installed certificate is configured for IIS, and any other services it should be attached to.
  23. Connect to https://127.0.0.1/owa and verify that the certificate being used is the newest certificate.
  24. If IIS is not using the correct certificate you’ll need to run this command from the exchange management shell: Enable-ExchangeCertificate –Thumbprint XXXXXXXXXXXXXXXXXXXXX –services “iis,IMAP,POP” where the XXX is the new thumbprint and the services listed are the ones that should be using the new cert.

Note: if you need more information on install the certificate in exchange you can read this.

Note: if you can’t figure out where the “TS Gateway Manager” you can read a write up on how to enable it here.

Posted in Certificates, Microsoft, SBS 2008, SBS 2011 | Leave a comment

Force All Traffic over a NetExtender SSL VPN Connection, but allow users to continue to access the Internet.

Posted on February 21, 2012 by SeanLaBrie

I have a client that is using a medical application whose access to the cloud based storage is locked down by Public IP address. This restricts access to the application to only folks who are in the office, Users who work from home, or take their laptop home with them on the weekend are unable to work from home. To solve this problem I’ve setup netextender and forced it to tunnel all traffic back into the main site, but users were then unable to connect to any resources on the internet.

Here is how to resolve this issue. First let’s configure the SSL VPN:

  1. Log into your Sonicwall, and expand “Network”
  2. Click on “Interfaces” and then click on the Configure link for your WAN connection.
  3. Make sure the box that says “User Login: Https” has a check mark, and then click “OK”
  4. Expand “SSL VPN” on the left, and then click “Server Settings”
  5. Click the red dot next to “WAN” and wait for it to turn green.
  6. Click “Client Settings” on the left, and then configure an IP address range for your SSL VPN Guests, also configure the User Domain, and DNS servers.
  7. Click “Client Routes” on the left pane, Enable “Tunnel All Mode”, this is done to ensure all traffic sent by the client appears to originates from the main office, and not the client’s home router.

Now let’s create a user and grant them access to the appropriate networks during an VPN connection.

  1. Expand “Users” on the left, and then click on “Local Users”.
  2. click “Add User…”
  3. On the “Settings” tab, give the user a username and password.
  4. On the “Groups” tab, Add the user to “Trusted Users”, “Everyone”, and “SSLVPN Services”. Click OK.
  5. Click “Local Groups” on the left.
  6. Click on the “Configure” button for the group “Trusted Users”
  7. Click on the “VPN Access” tab, add “LAN Subnets” and “WAN RemoteAccess Networks” to the list. Click OK.

Now have the user connect to the SSL VPN, open a command prompt and ping anything, the first hop should be the main office’s WAN connection’s Default gateway, this shows that you’re tunneling all traffic over the SSL VPN and still able to get online.

Posted in SonicWall, SSL VPN, VPN | Leave a comment

Disable ‘A program is trying to access e-mail address information stored in Outlook…’ dialog in Outlook 2007 using group policy

Posted on January 23, 2012 by SeanLaBrie

I have a client with an application that requires access to their outlook inbox, the problem is that every 10 minutes the users get prompted with a message that says

‘A program is trying to access e-mail address information stored in Outlook. If this is unexpected, click Deny and verify your antivirus software is up-to-date.

For more information about e-mail safety and how you might be able to avoid getting this warning, click Help.

Allow access for ____________’

Normally you’d not want to disable this warning, but my users are locked into a internet disabled Terminal Services environment, and they don’t need to worry about this. I wanted to disable this warning for all of them at once, so a GPO was in order.

Here is how you can disable it for all users at once:

  1. First, download and install the Office 2007 ADM templates from here.
  2. Extract them to your Domain controller, and then open Group Policy Management Console.
  3. Create a new GPO and link it to the OU containing the user accounts in question
  4. Right click the new Policy and click “Edit…”
  5. Expand User Configuration > Administrative Templates
  6. Right click on Administrative Templates and select “Add/Remove Templates…”
  7. Click “Add…”
  8. Browse to the directory where you extracted the ADM files and then select ‘outlk12.adm’. Click Open. Click ‘Close’.
  9. Expand Administrative Templates > Microsoft Office Outlook 2007 > Security >
  10. Double Click on ‘Programmatic Access Security’
  11. Set it to ‘Enabled’ and then select ‘Never warn me about suspicious activity (not recommended)’
  12. Close the GPO and Exit GPMC.msc.

Thats it, outlook will now suppress the warning and allow access to the application requesting access to the user’s outlook information.

Posted in Applications, Outlook 2007 | Leave a comment

MAC Laptop can’t connect to Dell 55xx Series Switch

Posted on December 19, 2011 by SeanLaBrie

I ran into a problem with various Mac laptops being unable to obtain an IP, or determine network speed, when plugged into a Dell Power Connect 55xx series switch. Turns out this isen’t just effecting Apple products, it’s also a problem with some PC’s that have newer Intel network cards. The problem is stemming from some of the newer Green Ethernet standards and in this case the switch and computer are unable to work out power settings on the NIC and are unable to set the proper speed and duplex. If you set the computer’s network card to Full Duplex and set the speed you should be able to connect, but this becomes burdonsome. The best way to fix this issue it to disable “EEE” on the 55xx series switch. Follow these steps:

  1. Console into your switch and enter config mode by typing “config”.
  2. Enter the command “No eee enable”.
  3. Save the running config and then reboot the switch.

After the switch reboots, connect the Mac and verify that you can obtain network connectivity with the nic set to automatic.

Posted in Apple, Dell, Switching | 1 Comment

Creating a Server 2008R2 Template on vCenter 4.1

Posted on December 5, 2011 by SeanLaBrie

Long Story Short: It’s pretty simple, but if you want to do advanced things like automatically activate, activate office, join domain, etc, then you need to use sysprep.exe and that’s another post entirely. Take a look at my post on using Windows 7 with WDS for a good idea at how to do some interesting things with your sysprep.xml file.

In this post I’ll show you how to Create a basic template for a workgroup server with a preconfigured network settings that’s not automatically activated. What you want to do after that is your call. Follow these steps.

  1. Create a new VM, Select “Typical” and click “Next >”.
  2. Name the VM, it would be a good idea to identify this image as a template so that you can go back later, clone it, and make new templates from it. Click “Next >”.
  3. Select the Host or Cluster that this VM will run on, and then click “Next >”.
  4. Select the Datastore to run your host on, and then click “Next >”.
  5. On the screen where you select which operating system to use, select “Microsoft Windows” and then from the drop down select “Microsoft Windows Server 2008 (64-bit)”. The reason for this is VMware is doing something funky during the template process for Server 2008 R2 that it’s not doing for Server 2008 (x64). I kept running into networking problems when I selected 2008R2, where IP and Default Gateway settings were just not working properly, if you choose to use 2008 (x64) it works wonderfully. You can change it back to 2008R2 after the VMs have been deployed from template if you wish. Click “Next >”.
  6. Select the size and type of the disk you’d like, and then click “Next >”.
  7. Click “Finish”. Open the settings for the VM and change it to boot into the BIOS on first boot.
  8. Once in the BIOS, disable the Com and LTP ports. Now attach an ISO of Server 2008 R2, and install the OS.
  9. Once the installation is completed, install your software, run updates, set a static IP address, etc. Because we’re not doing anything fancy with this Template we’ll not configure a sysprep file, we’ll let VMware take care of this for us. Shut down your VM.
  10. Right click on your VM in vCenter client and select “Template >”, then select “Convert to Template”.
Now that we’ve got a updated template we’ll configure a customization file for it. This will allow us to rapidly deploy VMs from this template using a nice and easy wizard that will update our Static IP address as we deploy VMs. Follow these steps:
  1. Go to the Home screen in the vSphere client, and click on “Customization Specifications Manager”.
  2. Click the “New” button.
  3. Choose “Windows” from the Virtual Machine OS drop down, assign this Specification a name and a description and then click “Next >”.
  4. Now enter the Name and Organization that will appear in the guest OS. Click “Next >”.
  5. On the NetBIOS name screen, select “Enter a name in the Deploy wizard” and click “Next >”.
  6. On the Product Key screen enter the product key that you’ll be using for this deployment and then click “Next >”. Note if you are using trial software for temporary VMs or test environments just leave this blank. Click “Next >”.
  7. Define an Administrator password and then click “Next >”.
  8. Set the time zone, and then click “Next >”.
  9. On the “Run Once” section, enter any commands you would like to run when the machine boots for the first time. When done press “Next >”.
  10. On the Network screen, select “Custom Settings” and then click “Next >”.
  11. Press the button next to the first nic labeled “…”. Select the option “Prompt the user for an address when the specification is used”. Enter all IP information except for the IP address and then click “OK”. Click “Next >”.
  12. On the Workgroup section, leave the defaults and click “Next >”.
  13. Check the box titled “Generate New Security ID (SID). Click “Next >”.
  14. Click Finish.
Now that we have a customization settings file that we can apply to templates we can start to deploy VMs from our newly created template. Let’s deploy a new VM. Follow these steps:
  1. Change back to “VMs and Templates” view, and then right click on your newly created template and select “Deploy Virtual Machine this Template…”
  2. Give the new VM a name, and select where to store it. Click “Next >”.
  3. Select the Host or Cluster where this VM will run on, and then click “Next >”.
  4. Select the Datastore where this VM will be stored, and then click “Next >”.
  5. Select the Disk format for this new VM and then click “Next >”.
  6. Click the radio button titled “Customize using an existing customization specification” and then choose the newly created specification that we just made. Click “Next >”.
  7. Assign this new VM a NetBIOS name, and give it an IP address that matches the subnet/gateway that we created in the specification. Click “Next >”.
  8. Click “Finish”.
Now when this VM is booted for the first time, it will get to the “Control + Alt + Delete” screen. DO NOT do anything, just wait. VMware will take care of syspreping this machine, generating a new SID, and applying the settings you’ve just chosen. Once the VM as rebooted you THEN can log in and use it. 
Posted in Virtual Machines and Templates, VMWare | 2 Comments

Installing vMA 4.1 in vShpere 4.1

Posted on December 1, 2011 by SeanLaBrie

Here is a quick guide to installing and configuring vMA 4.1 into a vSphere 4.1 installation. vMA is a management assistance tool that allows you to more easily manage your hosts or vcenter server. Follow these instructions:

  1. First download the vMA ovf file from here.
  2. Open your vSphere client and connect to your vCenter server. Click on the “File” menu and then click “Deploy OVF template…”.
  3. Click “Browse…” and then locate your downloaded oMA ovf file, click “Next >”.
  4. Click “Next >”, Agree to the EULA, and then click “Next >”.
  5. Give the vMA a name, and then select the Data center it will be deployed to. Click “Next >”.
  6. Select the host or cluster it will run on, and then click “Next >”.
  7. Select the Data store to place the files on, and then click “Next >”.
  8. Select your disk provision format, and then click “Next >”.
  9. Select your network from the drop down list, and then click “Next >”.
  10. Click Finish.

Once the import is finished we can start the wizard to configure the vMA tool. Open your vSphere client, connect to your vCenter server. Follow these steps:

  1. Find your vMA VM, open its console and click start.
  2. The vMA will boot to a prompt asking to use DHCP to assign an IP. Enter “no” and press “Enter”.
  3. It will now prompt for am IP address, enter an IP address and the press “enter”.
  4. It will now prompt for a Subnet mask, enter a mask and then press “enter”.
  5. It will now prompt for a gateway, enter the IP address of your gateway and then press “enter”.
  6. It will now prompt you twice for your primary and secondary DNS, enter the IP addresses and press “enter” after each.
  7. It will prompt you for the vMA’s hostname, enter a FQDN and then press “enter”
  8. Type “yes” to confirm the settings and then press “enter”.
  9. the vMA vm will now reboot, and when it comes back up it will prompt you twice for a password.
  10. The VM will now display a screen telling you how to SSH into the box. For now press “Alt” and F2″ to enter the virtual terminal. Login with “vi-admin” and the password you just created.

Before we continue we should make sure that our Active Directory contains a security group called EXACTLY: “ESX Admins” and contains the accounts that we want to have Administrator access to our ESX/ESXi hosts. During the domain join process this group will automatically be granted the Administrator role on each ESX/ESXi host.

Now we need to join the vMA to the active directory domain. If you’re not already logged into the Virtual Terminal on the vMA vm, then follow setup 10 above and then perform the following:

  1. Enter the command “sudo domainjoin-cli join <your domain fqdn> <your AD domain username>” press “enter”
  2. The vMA will now prompt you for the password for the “vi-admin” account created on the vMA. Enter it and then press “enter”.
  3. The vMA will now prompt you for the password for the Active Directory user account you are trying to use to join it to the domain, enter the password and then press “enter”.
  4. You should now receive an error about the PAM module, and the word “SUCCESS” at the bottom of the screen. You’ve successfully joined to the Active Directory domain.

If we’ve not already joined our ESXi servers to the Active Directory domain now is a good time to do so. This is not a required step, but it will allow us to cut down on the amount of usernames and passwords we’ll need to use to configure our ESXi hosts when using the vMA. Follow these steps:

  1. Open the vSphere client and connect to your vCenter Server.
  2. Navigate to “Inventory” and then “Hosts and Clusters”.
  3. Select the first ESXi host, and then click on the “Configuration” tab.
  4. Click on “Authentication Services” and then click on “Properties…”.
  5. Change the “User Directory Service” from “Local Authentication” to “Active Directory”.
  6. Enter your domain name in the box titled “Domain:” and then click “Join Domain”.
  7. When prompted enter your Active Directory name and password, and then Click “OK”.
  8. Click the “Permissions” tab.
  9. Right Click and select “Add Permission…”.
  10. Change the drop down box to “Administrator” and then click the button titled “Add…”.
  11. Highlight users and/or groups that should be added to the list of local administrators on your ESXi server. Click the button titled “Add”. Click “OK”.
  12. Click “OK” again to add the permission.

The next thing we need to do is configure our vMA with a list of servers to manage, and which authentication type to use to manage them. Follow these steps:

  1. Open the console for your vMA
  2. If you’re not already logged in, log in as “vi-admin”
  3. Enter the following command to add your servers “vifp addserver <host's FQDN> --authpolicy adauth” and then press “enter”
  4. When prompted for a username enter <domain>\<username> of a user who was granted administrator permissions on that ESXi host. Make sure the host is not in standbymode, otherwise you’ll get an error.
  5. repeat this step for each host and the vcenter server.

Now that we’ve got all of our servers in the list we can issue commands to them by appending the following to each command --server <Host's FQDN>  or if you get tired of having to specify the server each time you can set which server to use by issuing the following command: vifptarget -s <host's FQDN>. To clear the currently selected server issue the following command to the vMA: vifptarget -c . Also, if you get tired of having to type your Username and password in each time you can just append the following flag to the end of each command:  --passthroughauth

Posted in ESX/ESXi Networking, ESXi 4.1, vCenter Server 4.1 | Leave a comment

ESXi 4.1 Embedded (Installed on USB, SD, Flash) Does not allow Integrated Authentication to work. Error: gss_acquire_cred failed

Posted on December 1, 2011 by SeanLaBrie

I ran into a problem recently when configuring vMA for ESX/ESXi 4.1. I was able to join it, as well as, the ESXi hosts to the domain, but I was unable to log into the ESXi hosts with my AD credentials with either the vMA or the vSphere client. I double checked that my AD account did have Administrator permissions on the hosts, but still I could not log in. I was given the following error by the vSphere Client, as well as the vMA console:

Error connecting to server at 'https://<hostname>/sdk/vimService.wsdl':
SOAP Fault:
-----------
Fault string: A general system error occurred: gss_acquire_cred failed
Fault detail: SystemErrorFault

The interesting thing is this: If i manually specified which account to use, instead of checking the box to use the account I was logged in with. I could connect and perform the actions I wanted to do. If I checked the box, then I got the error: “gss_acruire_cred failed”. The was was true with vMA. If I used the –passthroughauth option the command would fail, but if I allowed vMA to prompt me for a username and password the command would succeed. Only Integrated Authentication between windows and the vmware software was failing.

I did some research, and it turns out that when ESXi is installed on USB Drive, or SD card, or flash memory it does not automatically create Persistent Scratch space. This is the space that’s used to store temporary data among other things. This lack of persistent scratch space was somehow effecting the login process, but only when trying to pass credentials from a windows session and not by typing them in manually.

Here is how you can configure Persistent Scratch space on either local storage or a vmfs volume using the vSphere client:

  1. Connect to vCenter Server or the ESXi host using the vSphere Client.
  2. Select the ESXi host in the inventory.
  3. Click the “Configuration” tab.
  4. Click “Storage”.
  5. Right-click a datastore and select “Browse”.
  6. Create a uniquely-named directory for this ESX host (ex. .locker-<ESXHostname> )
  7. Close the Datastore Browser.
  8. Click “Advanced Settings” under “Software”.
  9. Select the “ScratchConfig” section.
  10. Change the ScratchConfig.ConfiguredScratchLocation configuration option, specifying the full path to the directory. For example: /vmfs/volumes/DatastoreName/.locker-<ESXHostname>
  11. Click “OK”.
  12. Put the ESXi host in maintenance mode and reboot for the configuration change to take effect.

Once the host is rebooted you’ll be able to use vMA with the –passthroughauth flag, or login by checking the box on the vSphere client to use the account you’re already logged in with. To read more about this check out this link to VMware’s KB1033696

Posted in Authentication, ESXi 4.1, vCenter Server 4.1, vMA 4.1, VMWare | Leave a comment

Enabling Jumbo Frames on your iSCSI vmnics and vSwitches ESXi 4.1

Posted on November 30, 2011 by SeanLaBrie

When we setup our switches, we changed the mtu on our vlan for iSCSI traffic. Now we need to edit the mtu on our iSCSI port groups, and vSwitch to also allow jumbo frames.

The first thing we need to do is take stock of what virtual swtich and port group we’re using for iSCSI traffic on each ESXi host. Follow these steps:

  1. Log into your host or vCenter server and then navigate over to your host’s “Configuration” tab.
  2. Click “Networking” on the left.
  3. Verify the Port Group name, Virtual Switch name, vmk number, IP address, and
    iSCSI Port Group

    Figure 1

    which vmnics are being used. See Figure 1.

  4. If you’ve not already installed either vCLI or vMA see the posts on how to install and configure them Here and Here.
  5. Open either vCLI or ssh into your vMA VM.
  6. enter the following command “esxcfg-vswitch -m 9000 <vSwitch's name> --server <Hosts's FQDN>
  7. When prompted for a username and password enter the name and password of an account with Administrator permissions on that host.
  8. Verify that this change has taken effect by running the following command: “esxcfg-vswitch -l --server <Hosts's FQDN>“. The MTU for your vSwitch should now be displayed as 9000.

We can’t modify the mtu on our port group, so we’ll need to migrated any VMs on iSCSI storage on this Host off of this Host and then remove our iSCSI port group. Once you’ve migrated any running VMs follow these steps:

  1. Open the Preferences of your vSwitch that we just modified.
  2. Select the port group in questions, and then click “Remove”.
  3. Now enter the following command in either vCLI or the vMA, “esxcfg-vswitch -A
    "iSCSI" <vSwitch's name> --server <Host's FQDN>    “. This command re-created our iSCSI port group, attached it to our vSwitch, but did not add a vmknic to the port group.
  4. Now enter the following command to re-create the vmknic, “esxcfg-vmknic -a -i <ip address> -n <netmask> -m 9000 "vmk#" -p "iSCSI" --server <Host's FQDN>“.
  5. We can now verify that our port group has the correct mtu by running the following commands:  ”esxcfg-vmknic -l --server <Host's FQDN>” and “esxcfg-vmknic -l --server <Host's FQDN>“. Check the MTU settings on both your Port group and Nics, they should now both be 9000.
We now need to rescan our iSCSI software adapter, and refresh our storage view to make sure our iSCSI Datastores are re-connected. Follow these steps:
  1. Click on “Storage Adapters” under the “Configuration” tab of your Host.
  2. Scroll down to your iSCSI Software Adapter, and then click “Rescan All…” in the top right, Verify that the iSCSI LUN(s) have re-appeared.
  3. Now click on “Storage” under the “Configuration” tab of your Host.
  4. Click “Rescan All…” in the top right of the screen. Verify that your iSCSI  Datastores have re-appeared.
Finally let’s verify that our iSCSI network is fully supporting our jumbo frame size. Follow these steps:
  1. Log into the console of your ESXi Host.
  2. Press F2 to customize your host.
  3. When prompted, log into your Host.  Scroll down to “Troubleshooting Options”. Press “enter”.
  4. Press enter on “Enable Local Tech Support” to enable it.
  5. Now press “Alt and F1″ to enter the console, and then log in again.
  6. Enter the following command: “vmkping -s 9000 <IP Address of your SAN's iSCSI interface>“. The ping should work and confirm that the mtu is 9000. If this does not succeed double check the mtu settings on your switches and SAN.
  7. Press ” Alt F2″ to exit the local console.
  8. Press enter on “Disable Local Tech Support” to disable the local console on your host.
  9. Exit your hosts’s console.
That’s it, your host is now configured to use jumbo frames, and now you can repeat these steps on the remaining Hosts.

Attached Files:

Posted in ESX/ESXi Networking, ESXi 4.1, Storage Area Networks, VMWare | Leave a comment