Adsense Code

Friday, 23 September 2016

A clean Windows 7 PC - takes ages to download updates

This problem took a while to sort out - originally we left the PC overnight but still not all of the updates came down.  So we started hitting Google - and here is the solution.

This assumes that your PC is clean Windows 7 SP1 installation.  No other software at all.  Then install this software (transfer by USB or something) https://support.microsoft.com/en-us/kb/3020369

Reboot afterwards.  I know it makes no sense but reboot again after that.  That's what we ended up having to do make this next KB download work.

Then download and apply this update

https://support.microsoft.com/en-us/kb/3172605

Then reboot.

And then trying downloading and applying the Windows updates you need.  It should now happen in a much more timely manner!

Monday, 4 July 2016

Using the SAME VMware tools location for multiple stand alone hosts and different vCenters

Now that VMware tools has been fully separated, and importantly, is now working properly with version 10.0.9 - I now want to get VMware tools consistent across our estate.

As we have separate vCenters (for SRM) and stand alone ESXi hosts using the free license in remote offices - I don't want to manage multiple silos of VMware tools.  So I have set up a NFS share on a Windows server (which is a VM on our main production site) which can then be accessed by all the hosts.

Here's what I did.


I set up an alias in DNS pointing to the VM that will host the new NFS share. I called it

vmtools-nfs.dinerthit.co.uk

Obviously ensured that the NFS service was installed on the Windows VM that was going to host this.  I presented a new VMDK to make this disk dedicated for this requirement.  

I then mounted the disk, formatted it, created a sub-directory and then went to the new tab on the properties to create a NFS share.



The main thing is to make the share name as unique as possible.  This is the authentication for security.  So, you could put something more GUID like {47623568934-fghgh-37647839} for example, but the sake of documentation, I will leave it as VMToolsDatastore.

Don't forget to click the Permissions button (highlighted in green).  You need to change the Type of Access to Read-Write - just highlight the ALL MACHINES and change the drop down menu.



Then that is it really.  Click OK, OK.

Now go to your vSphere client - I am naughty - I am still using the C# client as it is just faster - but the logic would still work through on the web client.

Go to a host, configure storage and go to add storage.


You will see this screen.


The box highlighted in red, you type in the DNS alias you created.
The box highlighted in green, you type in the unique share name that you created within the Windows NFS share properties.
The box highlighted in blue, you type in a name that you wish the datastore to be called on your ESXi hosts.

Click finish, and look at your datastores!


Tada!

So now you can do this on your other hosts.  That makes the one datastore consistent across your disparate hosts, in different datacenters and stand alone ESXi hosts.

Now to get VMware tools on there.  Download the latest VMware tools from the VMware website and extract the ZIP.  You will end up with two folders - one called floppies and one called vmtools.

You need to upload them to your new datastore.  This bit is annoying in the fact you end up like a user with a sub-directory with the same name as the parent directory but the vmware tools installation for your VMs needs the two folders, floppies and vmtools.  So you can could call the parent directory, VMwareToolsDistribution or something - but.... I didn't.


So, you can see the folder structure and the uploaded files.  Now we need to make the hosts see the new VMware tools locations.

I've SSH'd into one of my hosts and you can see the folder structure that we created with the AnotherDirectory and OtherDirectory also visible.




Now you need to go to the Advanced Software settings on each host and slide down to the UserVars on the left (highlighted in red) and amend the UserVars.ProductLockerLocation on the right hand side (highlighted in green)




Note the last subdirectory on the configuration string is VMTools (the directory I created) and not vmtools (the one I uploaded).

Once you have amended that setting on the host, you can either arrange to reboot the host or amend the shortcut within the OS (just like a Windows shortcut) that actually points to that directory.

SSH on to the host in question and type in

rm /productLocker/

That removes the original shortcut

Then, the next command is a lower case L

ln -s /vmfs/volumes/CentralVMwareTools/VMTools /productLocker

Then that is it - you just need to make the amendment on all of your hosts.  I know there will be a boffin out there who will script it all, but I've got under 20 hosts in total (including the freebie ESXi hosts) so I've worked through it.

It is a bit of work but then after that, you have just ONE central repository of VMware tools to maintain.

Happy Maintaining peeps!







Friday, 17 June 2016

Problems with snapshots and backups - Upgrade your VMware tools - a new patch out from VMware

We have had a problem for sometime in Dinerth IT towers where snapshots within our vSphere environment have almost been a nightmare.  And just to confuse matters, if we ran the backups during the day (affecting IO performance) they usually, not always, worked.  This meant that the underpinning technology was not at fault.

We logged calls with VMware and their only solution was to uninstall VMware tools.  Reboot the VM.  Re-install Vmware tools, reboot.  As all good VMware customer setups use VMXnet3 network cards and paravirtualised vSCSI adapters that means you have to setup IP addresses and possible reconfigure virtual disks.  So, we did it on a few in desperation, still no changes and fed it abck to VMware.

At long last a solution has come out.  VMware tools 10.0.9.  Here is a link to the release notes:-


Here is a screen grab of the main thing that interests us.


I am annoyed that this fix has taken such a long time to come out from VMware, not forgetting that VMware is a premium product and they have real competitors now.  They should do better.

Nonetheless - it was worked and the mass update of VMware tools to multiple VMs appears to have worked.  Download Vmware tools 10.0.9 from here.


Thursday, 3 March 2016

How to work out CPU Ready - super super easy!

I used to use a spreadsheet to keep some basic numbers in and I would collate my numbers and then work it out.  It didn't take long but it was a faff.  Not a big deal - but still, a faff all the same.

However, I have stumbled onto this website www.vmcalc.com

You just put in the numbers that you are reading from the graph, adjust the time scale that you are reading from into the website and click calculate!

Boom!

Instant CPU ready result!


Wednesday, 10 February 2016

Google Chrome not working with IIS websites - but all the other browsers work - what gives?

A bizarre issue happened here in Dinerth IT towers where we had a website running on IIS on a Windows 2008R2 server.  It was running over HTTPS and had valid certificates.

The website would not work on Chome.  The website would work fine in Internet Explorer, Safari, Opera and Dolphin.  Just not Chrome.  The error messages we would get would include that the website was using too many redirections, the website could not be found (odd when you could use another browser) - but nothing massively conclusive.

It was affecting an important website for us so we did spend a lot of time investigating and we ended up hitting on this blog by Toby Meyer which helped us actually implement a fix.  We used IIS Crypto to help us achieve the fix because otherwise you are faffing about the registry - which is fine but the possibility of human error with typos etc is just increased.  

IIS Crypto lets you sort out the different cipher methods that the SSL encryption can use and prioritise them.  Now - what it is that stops Chrome from working and other web browsers to keep on working - I have no idea - but this is the Cipher order that worked for us.

Within IIS Crypto I clicked the Best Practices button then I checked the settings within each of the dialogue boxes.


Under protocols

TLS 1.0
TLS 1.1
TLS 1.2



Under Ciphers Enabled

Triple DES 168
AES 128/128
AES 256/256



Under Hashes Enabled

MD5
SHA
SHA 256
SHA 384
SHA 512




Under Key Exchanges Enabled

Diffie-Hellman
PKCS
ECDH



And under the SSL Cipher Suite Order - we had to re-organise the ciphers into the following order.  All the other ciphers are unticked and not being used.


TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA


You click Apply, IIS Crypto tells you that it won't reboot the server but you do need to reboot the server later.  We just did that as we had a significant amount of traffic coming from Chrome sources.  Post reboot - working fine!



Tuesday, 26 January 2016

AIX disk extending - physical volumes, volume groups and mount points

I come from a Windows background and I have done a bit of work with AIX before - really basic stuff and to be honest I struggled with some of the disk concepts.  However, now that I have had exposure to Storage Spaces within Windows, some of the basic disk management in AIX has become a whole lot clearer to me!

A physical disk is a physical disk.  You can add physical disks to a volume group should a volume group run out of space.  You can extend one of the physical disks that belong to a volume group should a volume group run of space.

The volume groups in AIX are akin to a storage group in Windows Storage Spaces.

The logical volumes in AIX are akin to a storage space in Windows Storage Spaces.

So - here is how to extend a disk within AIX - assuming you have a SAN - as that what I have worked with.

We got the message that our /other directory (mountpoint) had run of space.  This can be cofirmed by typing in


df -g /other       

(The g here stipulates Gigabytes, you can use m for megabytes and k for kilobytes - this helps demonstrate the heritage that AIX/Unix has - but you're more than likely going to need Gigabytes)

Now type in 

lsvg | lsvg -li


This will show you all the mount points and, importantly, will show you the volume groups and logical volumes that the mount points are allocated against. Have a look at the screen grab below.




 So on the right hand side, within the red box, you can see the mount point /other.  Over on the left hand side on the same line as /other, you can see the logical volume name (other02_lv) that provides the mount point.  Multiple logical volumes can exist on a volume group (it's a group of volumes!) So above the other02_lv you can see othervg02: - this shows that the logical volume other02_lv is on the volume group othervg02.  In this instance, we actually have a dedicated volume group per logical volume which helps explain the structure you can see on the other disk structures you can see.

So now we know the volume group it is on, we can now type in 

lspv

This will list the physical volumes - which you can see below.




You can see the name of the volume group on the right hand side, othervg02 and now we can see the physical disk that that volume group is configured on.

On our setup we use an Hitachi SAN for the storage backend so I need to type in

dlnkmgr view -lu

This will show the LUNs as presented from the SAN - see below.



For reason that I don't know why, unlike on Windows and VMware, the number you see (the 0182) is not the HLUN number - it is the actual LUN/LDEV number that the SAN itself uses for management.  It does change anything but it is just something to factor in when you are doing SAN management stuff and you don't deleted / extend the incorrect LUN.  So, on the Hitachi SNM program, just check the host group and check the size


So you can see how the number 182 correlates with 760GB of disk allocation.  Good, we have done all the tracing and we know the mount point is on a particular logical volume, and we know that that logical volume is on a particular volume group and we know that that volume group is on a particular physical disk (that happens to be presented from a SAN) and we know that the physical disk has been extended on the SAN.  What size does the physical disk in AIX think it is?  Type in this command

lspv hdisk10



So we can see on the above screen grab that the physical disk is 573184 Megabtes in size, or 573GB and there is 768MB free.  We know from the SAN software that the disk is larger than that - so we need to extend!  How do we do that?

Type in

chvg -g othervg02

Amazingly - this doesn't actually do anything.  It just makes the volume group have a good long hard look at itself.  

Type in 

lspv hdisk10

again and you will now see a different amount space available on the physical volume.




If you type in 

lsvg othervg02

this will show you the amount of space now available to the volume group that it can expand into (remember, we could have added more physical disks to the volume group and this would provide a similar result)



So you can see the command that we have entered at the top and on the right in the green box the amount of space free.

So now we just type in

chfs -a size=+200G /other

We are telling the /other mountpoint to increase in size by 200GB.  You should get a nice little response saying that the filesystem has changed size.

Type in

lsvg othervg02

again and now we get this response.



The number of Free PPs has gone down and the number of Used PPs (the field below) has gone up.  

If we type in

df -g /other    (this was the very first command we typed in at the beginning)

we will get a different response to what we got at the beginning and more space being reported.

Job done.






Tuesday, 19 January 2016

After upgrade to vCenter 5.5 Update3b on the appliance, SRM no longer works - How to fix it!

You have upgraded to vCenter 5.5 Update3b on the VMware appliance and SRM has stopped working.  You know this is because of SSLv3 (you have read the upgrade notes after all!) - but you need to upgrade because of updates and security etc - but you can't upgrade to vCenter 6 as your backup product does not support vCenter 6 - what can you do?

You can still upgrade!

Upgrade as you would normally and the vCenter replication will still continue but your SRM management will fail.  You will use the vSphere client and you will get error messages saying it cannot communicate with the SRM server.  If you try to install, modify, upgrade your installation on the SRM server you will get this error message.

Internal error: unexpected error code: -1

Fortunately, this knowledge base article 2139396 (from VMWare has the answer contained within it - but which option should you use?  It's the VMware Virtual Center Server (vpxd) - Port 443 option.


VMware Virtual Center Server (vpxd) - Port 443

To enable SSLv3:
  1. Open the vpxd.cfg file:

    • Windows default location: C:\ProgramData\VMware\VMware VirtualCenter\vpxd.cfg
    • vCenter Server Appliance default location: /etc/vmware-vpx/vpxd.cfg
  2. Create a backup copy of the file.
  3. Edit the file to add or remove <sslOptions>16924672</sslOptions> to enable or disable SSLv3 respectively:

    <vmacore>
    <cacheProperties>true</cacheProperties>
    <ssl>
    <useCompression>true</useCompression>
    <sslOptions>16924672</sslOptions>
    </ssl>
    <threadPool>
    <TaskMax>90</TaskMax>
    <threadNamePrefix>vpxd</threadNamePrefix>
    </threadPool>
    </vmacore>

  4. Save the file.
  5. Restart the vpxd Service.     - Do this by typing in   service vmware-vpxd restart
  6. To disable SSLv3, ensure that the sslOptions is not set in the vpxd.cfg file.