Monthly Archives: December 2011

MAC Laptop can’t connect to Dell 55xx Series Switch

I ran into a problem with various Mac laptops being unable to obtain an IP, or determine network speed, when plugged into a Dell Power Connect 55xx series switch. Turns out this isen’t just effecting Apple products, it’s also a problem with some PC’s that have newer Intel network cards. The problem is stemming from some of the newer Green Ethernet standards and in this case the switch and computer are unable to work out power settings on the NIC and are unable to set the proper speed and duplex. If you set the computer’s network card to Full Duplex and set the speed you should be able to connect, but this becomes burdonsome. The best way to fix this issue it to disable “EEE” on the 55xx series switch. Follow these steps:

  1. Console into your switch and enter config mode by typing “config”.
  2. Enter the command “No eee enable”.
  3. Save the running config and then reboot the switch.

After the switch reboots, connect the Mac and verify that you can obtain network connectivity with the nic set to automatic.

Creating a Server 2008R2 Template on vCenter 4.1

Long Story Short: It’s pretty simple, but if you want to do advanced things like automatically activate, activate office, join domain, etc, then you need to use sysprep.exe and that’s another post entirely. Take a look at my post on using Windows 7 with WDS for a good idea at how to do some interesting things with your sysprep.xml file.

In this post I’ll show you how to Create a basic template for a workgroup server with a preconfigured network settings that’s not automatically activated. What you want to do after that is your call. Follow these steps.

  1. Create a new VM, Select “Typical” and click “Next >”.
  2. Name the VM, it would be a good idea to identify this image as a template so that you can go back later, clone it, and make new templates from it. Click “Next >”.
  3. Select the Host or Cluster that this VM will run on, and then click “Next >”.
  4. Select the Datastore to run your host on, and then click “Next >”.
  5. On the screen where you select which operating system to use, select “Microsoft Windows” and then from the drop down select “Microsoft Windows Server 2008 (64-bit)”. The reason for this is VMware is doing something funky during the template process for Server 2008 R2 that it’s not doing for Server 2008 (x64). I kept running into networking problems when I selected 2008R2, where IP and Default Gateway settings were just not working properly, if you choose to use 2008 (x64) it works wonderfully. You can change it back to 2008R2 after the VMs have been deployed from template if you wish. Click “Next >”.
  6. Select the size and type of the disk you’d like, and then click “Next >”.
  7. Click “Finish”. Open the settings for the VM and change it to boot into the BIOS on first boot.
  8. Once in the BIOS, disable the Com and LTP ports. Now attach an ISO of Server 2008 R2, and install the OS.
  9. Once the installation is completed, install your software, run updates, set a static IP address, etc. Because we’re not doing anything fancy with this Template we’ll not configure a sysprep file, we’ll let VMware take care of this for us. Shut down your VM.
  10. Right click on your VM in vCenter client and select “Template >”, then select “Convert to Template”.
Now that we’ve got a updated template we’ll configure a customization file for it. This will allow us to rapidly deploy VMs from this template using a nice and easy wizard that will update our Static IP address as we deploy VMs. Follow these steps:
  1. Go to the Home screen in the vSphere client, and click on “Customization Specifications Manager”.
  2. Click the “New” button.
  3. Choose “Windows” from the Virtual Machine OS drop down, assign this Specification a name and a description and then click “Next >”.
  4. Now enter the Name and Organization that will appear in the guest OS. Click “Next >”.
  5. On the NetBIOS name screen, select “Enter a name in the Deploy wizard” and click “Next >”.
  6. On the Product Key screen enter the product key that you’ll be using for this deployment and then click “Next >”. Note if you are using trial software for temporary VMs or test environments just leave this blank. Click “Next >”.
  7. Define an Administrator password and then click “Next >”.
  8. Set the time zone, and then click “Next >”.
  9. On the “Run Once” section, enter any commands you would like to run when the machine boots for the first time. When done press “Next >”.
  10. On the Network screen, select “Custom Settings” and then click “Next >”.
  11. Press the button next to the first nic labeled “…”. Select the option “Prompt the user for an address when the specification is used”. Enter all IP information except for the IP address and then click “OK”. Click “Next >”.
  12. On the Workgroup section, leave the defaults and click “Next >”.
  13. Check the box titled “Generate New Security ID (SID). Click “Next >”.
  14. Click Finish.
Now that we have a customization settings file that we can apply to templates we can start to deploy VMs from our newly created template. Let’s deploy a new VM. Follow these steps:
  1. Change back to “VMs and Templates” view, and then right click on your newly created template and select “Deploy Virtual Machine this Template…”
  2. Give the new VM a name, and select where to store it. Click “Next >”.
  3. Select the Host or Cluster where this VM will run on, and then click “Next >”.
  4. Select the Datastore where this VM will be stored, and then click “Next >”.
  5. Select the Disk format for this new VM and then click “Next >”.
  6. Click the radio button titled “Customize using an existing customization specification” and then choose the newly created specification that we just made. Click “Next >”.
  7. Assign this new VM a NetBIOS name, and give it an IP address that matches the subnet/gateway that we created in the specification. Click “Next >”.
  8. Click “Finish”.
Now when this VM is booted for the first time, it will get to the “Control + Alt + Delete” screen. DO NOT do anything, just wait. VMware will take care of syspreping this machine, generating a new SID, and applying the settings you’ve just chosen. Once the VM as rebooted you THEN can log in and use it. 

Installing vMA 4.1 in vShpere 4.1

Here is a quick guide to installing and configuring vMA 4.1 into a vSphere 4.1 installation. vMA is a management assistance tool that allows you to more easily manage your hosts or vcenter server. Follow these instructions:

  1. First download the vMA ovf file from here.
  2. Open your vSphere client and connect to your vCenter server. Click on the “File” menu and then click “Deploy OVF template…”.
  3. Click “Browse…” and then locate your downloaded oMA ovf file, click “Next >”.
  4. Click “Next >”, Agree to the EULA, and then click “Next >”.
  5. Give the vMA a name, and then select the Data center it will be deployed to. Click “Next >”.
  6. Select the host or cluster it will run on, and then click “Next >”.
  7. Select the Data store to place the files on, and then click “Next >”.
  8. Select your disk provision format, and then click “Next >”.
  9. Select your network from the drop down list, and then click “Next >”.
  10. Click Finish.

Once the import is finished we can start the wizard to configure the vMA tool. Open your vSphere client, connect to your vCenter server. Follow these steps:

  1. Find your vMA VM, open its console and click start.
  2. The vMA will boot to a prompt asking to use DHCP to assign an IP. Enter “no” and press “Enter”.
  3. It will now prompt for am IP address, enter an IP address and the press “enter”.
  4. It will now prompt for a Subnet mask, enter a mask and then press “enter”.
  5. It will now prompt for a gateway, enter the IP address of your gateway and then press “enter”.
  6. It will now prompt you twice for your primary and secondary DNS, enter the IP addresses and press “enter” after each.
  7. It will prompt you for the vMA’s hostname, enter a FQDN and then press “enter”
  8. Type “yes” to confirm the settings and then press “enter”.
  9. the vMA vm will now reboot, and when it comes back up it will prompt you twice for a password.
  10. The VM will now display a screen telling you how to SSH into the box. For now press “Alt” and F2″ to enter the virtual terminal. Login with “vi-admin” and the password you just created.

Before we continue we should make sure that our Active Directory contains a security group called EXACTLY: “ESX Admins” and contains the accounts that we want to have Administrator access to our ESX/ESXi hosts. During the domain join process this group will automatically be granted the Administrator role on each ESX/ESXi host.

Now we need to join the vMA to the active directory domain. If you’re not already logged into the Virtual Terminal on the vMA vm, then follow setup 10 above and then perform the following:

  1. Enter the command “sudo domainjoin-cli join <your domain fqdn> <your AD domain username>” press “enter”
  2. The vMA will now prompt you for the password for the “vi-admin” account created on the vMA. Enter it and then press “enter”.
  3. The vMA will now prompt you for the password for the Active Directory user account you are trying to use to join it to the domain, enter the password and then press “enter”.
  4. You should now receive an error about the PAM module, and the word “SUCCESS” at the bottom of the screen. You’ve successfully joined to the Active Directory domain.

If we’ve not already joined our ESXi servers to the Active Directory domain now is a good time to do so. This is not a required step, but it will allow us to cut down on the amount of usernames and passwords we’ll need to use to configure our ESXi hosts when using the vMA. Follow these steps:

  1. Open the vSphere client and connect to your vCenter Server.
  2. Navigate to “Inventory” and then “Hosts and Clusters”.
  3. Select the first ESXi host, and then click on the “Configuration” tab.
  4. Click on “Authentication Services” and then click on “Properties…”.
  5. Change the “User Directory Service” from “Local Authentication” to “Active Directory”.
  6. Enter your domain name in the box titled “Domain:” and then click “Join Domain”.
  7. When prompted enter your Active Directory name and password, and then Click “OK”.
  8. Click the “Permissions” tab.
  9. Right Click and select “Add Permission…”.
  10. Change the drop down box to “Administrator” and then click the button titled “Add…”.
  11. Highlight users and/or groups that should be added to the list of local administrators on your ESXi server. Click the button titled “Add”. Click “OK”.
  12. Click “OK” again to add the permission.

The next thing we need to do is configure our vMA with a list of servers to manage, and which authentication type to use to manage them. Follow these steps:

  1. Open the console for your vMA
  2. If you’re not already logged in, log in as “vi-admin”
  3. Enter the following command to add your servers “vifp addserver <host's FQDN> --authpolicy adauth” and then press “enter”
  4. When prompted for a username enter <domain>\<username> of a user who was granted administrator permissions on that ESXi host. Make sure the host is not in standbymode, otherwise you’ll get an error.
  5. repeat this step for each host and the vcenter server.

Now that we’ve got all of our servers in the list we can issue commands to them by appending the following to each command --server <Host's FQDN>  or if you get tired of having to specify the server each time you can set which server to use by issuing the following command: vifptarget -s <host's FQDN>. To clear the currently selected server issue the following command to the vMA: vifptarget -c . Also, if you get tired of having to type your Username and password in each time you can just append the following flag to the end of each command:  --passthroughauth

ESXi 4.1 Embedded (Installed on USB, SD, Flash) Does not allow Integrated Authentication to work. Error: gss_acquire_cred failed

I ran into a problem recently when configuring vMA for ESX/ESXi 4.1. I was able to join it, as well as, the ESXi hosts to the domain, but I was unable to log into the ESXi hosts with my AD credentials with either the vMA or the vSphere client. I double checked that my AD account did have Administrator permissions on the hosts, but still I could not log in. I was given the following error by the vSphere Client, as well as the vMA console:

The interesting thing is this: If i manually specified which account to use, instead of checking the box to use the account I was logged in with. I could connect and perform the actions I wanted to do. If I checked the box, then I got the error: “gss_acruire_cred failed”. The was was true with vMA. If I used the –passthroughauth option the command would fail, but if I allowed vMA to prompt me for a username and password the command would succeed. Only Integrated Authentication between windows and the vmware software was failing.

I did some research, and it turns out that when ESXi is installed on USB Drive, or SD card, or flash memory it does not automatically create Persistent Scratch space. This is the space that’s used to store temporary data among other things. This lack of persistent scratch space was somehow effecting the login process, but only when trying to pass credentials from a windows session and not by typing them in manually.

Here is how you can configure Persistent Scratch space on either local storage or a vmfs volume using the vSphere client:

  1. Connect to vCenter Server or the ESXi host using the vSphere Client.
  2. Select the ESXi host in the inventory.
  3. Click the “Configuration” tab.
  4. Click “Storage”.
  5. Right-click a datastore and select “Browse”.
  6. Create a uniquely-named directory for this ESX host (ex. .locker-<ESXHostname> )
  7. Close the Datastore Browser.
  8. Click “Advanced Settings” under “Software”.
  9. Select the “ScratchConfig” section.
  10. Change the ScratchConfig.ConfiguredScratchLocation configuration option, specifying the full path to the directory. For example: /vmfs/volumes/DatastoreName/.locker-<ESXHostname>
  11. Click “OK”.
  12. Put the ESXi host in maintenance mode and reboot for the configuration change to take effect.

Once the host is rebooted you’ll be able to use vMA with the –passthroughauth flag, or login by checking the box on the vSphere client to use the account you’re already logged in with. To read more about this check out this link to VMware’s KB1033696