Howto: Disable Automatic Windows Updates in VMware Template
If your not using guest customization specifications, get going now! Some people ask why do this in a VMware Template when you can do it via Active Directory using Group Policy. We use our templates a lot for test machines which may or may not end up joined to a domain. This ensures that no unwanted updates get applied to these test machines. Works great across Windows XP, Server 2003, Vista, Server 2008 and Windows 7 (might also work on Windows 2000 but I didn't check). If you don't know what guest customization specifications are checkout my other posting explaining all about them and howto create one.
To disable Automatic Windows Updates, all you need to do is add this entry to the RUNONCE area of your customization specification:
reg add “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update” /v AUOptions /t REG_DWORD /d 1 /f
It's that simple!
VMware vCenter Converter Standalone 5.0 Released!
Most folks with well established vSphere environments don't have many physical machines left kicking around--but incase you do Converter Standalone 5.0 was released a couple of days ago with some awesome new features:
Preserving the LVM configuration on the source machine during Linux conversions.
Only LVM2 is supported
You have to manually do this during the P2V--Under data to copy, hit the dropdown at the top and select volumes to copy. Then click the Advanced button and select the destination layout tab. Pick a disk and click To LVG (Logical-Volume Group)
Enhanced synchronization including options for scheduling synchronization tasks and performing multiple synchronization tasks in a conversion job.
You can schedule the synchronization for a date/time you specify now instead of only being able to synchronize immediately after cloning.
You set these options under the Options page--click the Advanced options button.
Optimized disk and partition alignment and cluster size change.
When you are doing a P2V check the box shown below to enable the new alignment feature. If you are tweak happy you can hit the Advanced button, then select the destination layout tab. You will notice you can change the NTFS cluster size as well.
Conversion data is encrypted between the source and the server.
This should make the security folk happy.
Restoring VCB images.
Take note when using this feature the MAC address will be regenerated, important to note if the machine the VCB image is from was running a licensing server. Some vendors generate license files based on MAC address, since the MAC address will have changed the license server won't distribute licenses to clients anymore. (Products leveraging FlexLM/FlexNet Publisher) Specific Products that come to mind are: AutoCAD & Rosetta Stone.
Read the full release notes here: http://www.vmware.com/support/converter/doc/conv_sa_50_rel_notes.html#whatsnew
vCenter Orchestrator Import Signed Certificate
So your trying to import a signed certificate that was created with the certificate signing request (CSR) you get an error in vCenter Orchestrator Configuration about the cert not being the correct format. If your using Microsoft Active Directory Certificate Services here are the exact steps:
- Export a certificate signing request from the VMware vCenter Orchestrator Configuration: Server Certificate area (goto http://vco-server:8282 then click Server Certificate on the left). If this option isn't displayed select the option to install a self signed certificate and then you will get the option to export a certificate signing request.
- Copy and paste the contents of the CSR file you downloaded from vCO Config area to your Cert Server web interface (http://CERTSERVER/certsrv).
- Select Web Server from the drop down and submit.
- Now ensure DER encoded is selected and download the certificate chain.
- Change the file extension on the file you just downloaded from .p7b to .csr
- You should now be able to upload it immediately using the "Import certificate signing request signed by CA" option inside the VMware vCenter Orchestrator Configuration: Server Certificate area (again goto http://vco-server:8282 and select Server Certificate on the left)
- You get a green bubble by Server Certificate and everything is happy.
VMware Security Advisories
VMware posts security advisories to notify users of any vulnerabilities or other security issues that effect their products. You can subscribe to be notified via email whenever they post a new advisory. Keeping on top of these security advisories so you can evaluate each one and understand any risks is important as a VMware Administrator.
These advisories are posted in a couple of places:
- http://www.vmware.com/security/advisories/
- http://lists.vmware.com/mailman/listinfo/security-announce
vCenter Server Source of Active Directory User Account Lockouts?
So a user account is getting locked out from your vCenter server? Check the windows security event logs, they typically clearly point out the culprit. If they are not much help you can start with the common things that are applicable for any server causing account lockouts:
Services
These can be running under the locked out user account
Persistent Drive Mappings
Using the locked out user account credentials
Disconnected TS/RDS Sessions
A process can be running that is using the locked out user credentials
ODBC Connections
Ensure you did not use the user account that is being locked out for an ODBC connection for the vCenter database
Scheduled Tasks
Scheduled task(s) can be setup to run as the locked out user
Once you've exhausted all of that...
VMware Specific Areas to Check
vSphere Client
Can be running with out of date credentials and caused the lockout, you can use the sessions area in vCenter to check for active sessions
vCenter Plugins
Guided Consolidation
Uses a specified user account to poll servers to see if they are good candidates for virtualization
Update Manager
Has a proxy configuration area you can define a user account to login to the proxy with
VMware Data Recovery
Data Recovery uses stored credentials to connect to vCenter, ensure the specified user isn't the one being locked out
NetApp's Vitual Storage Console
I don't think there is specifically a place you can have cached credentials in here, but I registered this to my vCenter using my account and it ultimately ended up locking me out about a month later when I changed my password due to expiration
Still Stumped?
Look at any Monitoring Tools (especially trials and free utilities you may have forgotten about) you ever installed on the box that might be running with the locked out user account: Veeam tools, vKernel tools, Vizioncore tools, Quest vFoglight Quick View, etc. You can always disable services and wait to see if the lockouts continue if you really get stumped.
vCenter: Physical or Virtual? High Availability? Clustered?
First please know that vCenter being down does not take your whole vSphere environment down. It limits you on creating new tasks (like deploying a new VM from template) until vCenter is back up. When vCenter is down HA/FT continue to function.
Physical or Virtual
vCenter is the heart of VMware's virtualized infrastructure, but many folks are reluctant to virtualize their vCenter. Running vCenter as a VM is completely supported by VMware. You get all kinds of benefits from running vCenter as a Virtual Machine:
- HA will also protect vCenter in the event the host it is running on goes down
- You can vMotion vCenter from one host to another for maintenance and other things
- Prior to upgrading vCenter to a newer version you can snapshot to help with rolling back more easily
- Best of all--You gain the benefit of virtualizing yet another system and move towards virtualizing 100% of your data center.
If you are thinking about Virtualizing vCenter glance over this page out of the VMware Library:
VMware Online Library: Install vCenter Server in a Virtual Machine
High Availability
First the biggest thing is that you should remember HA/FT will continue to operate without vCenter--all decisions will be made using a snapshot of what the extra resources were in the cluster prior to vCenter going down.
Lets look at the major things vCenter does:
- VMware Distributed Resource Scheduler (DRS)
- VMware High Availability (HA)/Fault Tolerance (FT) - Configuration
- VMware VMotion + Storage VMotion
- VMware Update Manager (Guest and Host)
After reviewing those items--does anything stick out that makes you think vCenter needs to be up 24/7? Would HA be sufficient protection so you only have a small amount of downtime in the event the host running your vCenter VM went down? I think yes.
Clustered?
You can look into vCenter Server Heartbeat, this is licensed as an addon to vCenter. vCenter Server Heartbeat is basically an Active/Passive cluster for vCenter that can be setup to run locally or across your WAN. vCenter Server Heartbeat also has the advantage that it can protect more then just the vCenter, it also protects the addons like vCenter Converter and vCenter Update Manager--even Guided Consolidation can be protected. It is more costly then just running vCenter as a VM and protecting it with HA but the benefit of having an Active/Passive clustered vCenter + addons across the LAN/WAN may be beneficial for your organization.
Microsoft Cluster Services / Veritas Cluster Services
vCenter can be protected via "third party solutions" such as MSCS or VCS and VMware will support you to some degree but they do not certify these configurations. If you have an issue VMware may determine the cause to be the third party software and not be of much assistance beyond that... If you are thinking of going this route read over this VMware KB: Supported vCenter Server high availability options
Improve Windows VMware Guest Performance with these Tweaks
Disable Screensavers
Disabling the screensaver saves valuable resources, also note that VMware KB 9275881 recommends disabling the Logon Screensaver as well.
You can disable the login screensaver via the registry: "HKEY_USERS\.DEFAULT\Control Panel\Desktop\ScreenSaveActive" should be set to 0
Set Visual Effects for Performance
These are unnecessary effects that waste CPU cycles, things like the fades transitions for windows and shadows under windows. You can change this setting under Control Panel -> System -> Advanced -> Performance Settings
Disable Indexing
If you don't need it disable it--you can stop the service to kill it entirely across the whole VM, or on a drive by drive basis by right-clicking and selecting properties. There is an option to index or not to index the drive.
Make sure VMware Tools is installed/running
This is more for remote control performance, VMware Tools improves the mouse greatly--also make sure you set the Hardware Acceleration to full
Use VMXNET Network Adapters
VMware Tools is a requirement for VMXNET Adapters, they are the best performing network adapters
Uninstall Unnecessary Hardware/Software
If the VM was P2V'd chances are it has things like OpenManage and Broadcom/Intel related software for the old physical NICs. You should remove this extra software that is no longer necessary.
Also the old network card is likely still installed, you can remove these by running "set devmgr_show_nonpresent_devices=1" at the command-line then going into device manager, select View -> Hidden Devices and you will now see all that old hardware and can right-click and uninstall.
Introducing: VMware vCenter Mobile Access (vCMA) from VMware Labs
VMware vCenter Mobile Access (vCMA) is a cool fling from VMware Labs. It allows mobile access to your vSphere environment via your vCenter(s). Setting up vCMA takes very little effort as it is packaged as a virtual appliance. You simply download vCMA as an OVF, deploy the OVF Template, and power on vCMA. Once powered on, config the network and your ready to go. Note that vCMA does not use a service account or static connector to vCenter, each user will login to vCenter via vCMA with their own credentials--think of vCMA as a web-based version of the vSphere Client.
Howto: Build a Windows Server 2003 R2 VMware Template
With how many hits my 2008 R2 walkthrough got, I figured it was about time I do one for 2003 R2.
Remember to setup vCenter for Guest Customizations by placing the sysprep files for all the various versions of Windows in the proper locations, refer to this VMware KB Article for locations and instructions: VMware KB:1005593
Give your feedback, if you don't agree with something let me know!
Introducing InventorySnapshot from VMware Labs
Checkout this awesome new Fling from VMware Labs, it's called InventorySnapshot. Basically what it does is allows you to snapshot your vCenter and reproduce it on another vCenter. Say you were doing an out of place migration and didn't want to bring your old database along for some reason, or just in your lab trying to replicate your production config. You don't have to reproduce all the objects though, you can specifically restore just Resource Pool settings, DRS settings, Roles & Permissions, or again the whole damn inventory.
InventorySnapshot supports reproducing the following vCenter objects:
- Datacenter Folders
- Datacenters
- Clusters
- Resource Pools
- vApps
- Hierarchy
- Roles & Permissions
- Configuration Settings
- Custom Fields
As you can see the only major item they are missing is Alarms, which they are working to support. The developers Balaji Parimi and Ravi Soundararajan did an excellent job documenting their Fling with a 17 page doc, they took the time to write a large troubleshooting and layout a few caveats/known bugs.
Twitter Feed
- My contribution to the #VMTNSubscriptionMovement http://t.co/lKBxhvQ #VMware is good at listening to the community, hope they deliver...
- @gf3 Your node.js IRC lib the server-side opens the IRC socket?
- @gf3 Hey man, websockets noob here. I was hoping web sockets = raw sockets but that is not the case right?
- Need 50lb of bacon bits cheap? http://digs.by/ibWKj9
- @Morgon Thanks for running MGC as long as you did--Hopefully ripples will be heard by M$ and they'll fix the issues finally
Tags
- 17426 – SoFL Smarthome
- Desktop Engi
- Frag the Weak
- New Universe Mall
- Requeny Solutions
- Salvagg
- Technology Orgasm
- Truckputer
27,380 | Unique Visitors |
Geocaching
