Month: June 2011

Categories
General

vCenter : Creating a new vSphere Cluster in vCenter

image002

Creating a new vSphere Cluster in vCenter

Right-click the Datacenter object in the vCenter tree and select ‘New Cluster’

    

 The ‘New Cluster Wizard’ will be launched, enter a Cluster Name and select the cluster features you would like to enable:

     

 If you enable DRS you will be prompted to configure DRS;

  • Manual (suggest only, no automation)
  • Partially Automated (VM’s will automatically start on a node determined by DRS, but will not be moved)
  • Fully Automated (VM’s auto power on DRS assigned node and will be moved according to DRS)

     

 You will also be prompted to enable/disable DPM (VM hosts will be powered on/off dynamically as capacity requirements increase):

  • Off
  • Manual (recommend only)
  • Automatic (automated)

     

 

Next you’re prompted to configure VMHA, depending on your configuration you will want to set:

  • Enable Host Monitoring (recommended in most scenarios)
  • Enable/Disable Power on VM’s that violate availability constraints

 I have selected the latter because I have then determined VM HA requirements on a per-VM basis on the cluster (shown later).

     

 

You’ll then be prompted to configure the defaults for VM restart priority and the Host Isolation Response:  

     

You can also monitor individual VM’s if required; VM’s will automatically restart if monitoring fails:

     

In order to ensure host compatibility with the cluster you can enforce an EVC mode:

     

Configure the default swap-file location:

     

Then click finish to create the cluster:

     

To add nodes to the cluster simply drag and drop them into the new cluster object in the vCenter tree:

     

 You will see the progress of each node being added in the task status area of the venter console:

    

 

Categories
Windows 2008

HP Dataprotector 6.0: Backup SQL Server 2008

HP Dataprotector 6.0: Backup SQL Server 2008

In order to backup SQL 2008 using DP 6.0 you must use the DataProtector 6.11 Agent (as well as installing the SQl 2005 Backwards Compatibility Pack), if you do not use the 6.11 agent you will receive the following error on the Cell Manager Session logs:

[Critical] From: @demhpdb01.domain.local “”  Time: 08/06/2011 13:47:13
    Virtual Device Interface reported error:
The object was not open.

    See also Data Protector debug.log and SQL Server error log for details.

[Normal] From: [email protected] “MHP”  Time: 08/06/2011 13:47:14

Completed OB2BAR Backup: demhpdb01.domain.local:/MHP/model/0 “MSSQL”

[Major] From: [email protected] “MHP”  Time: 08/06/2011 13:47:14

[Normal] From: [email protected] “MHP”  Time: 08/06/2011 13:47:41

[Critical] From: @demhpdb01.domain.local “”  Time: 08/06/2011 13:47:42
    Virtual Device Interface reported error:
The object was not open.

    See also Data Protector debug.log and SQL Server error log for details.

From: @ “”  Time:

From: @ “”  Time:

[Major] From: [email protected] “CDC-WIN-DEMHPDB01-SQL 2”  Time: 08/06/2011 13:46:49

Bad catalog access – FormatMessage() failed with 1813Bad catalog access – FormatMessage() failed with 1813Bad catalog access – FormatMessage() failed with 1813

The Application Event Log on the client will also log:

SQLVDI: Loc=IdentifySQLServer. Desc=MSSQLSERVER. ErrorCode=(1060)The specified service does not exist as an installed service.
. Process=3208. Thread=3912. Client. Instance=. VD=.

Categories
General

vCenter : Installation Steps for Remote Clustered SQL Database

vCenter Build : Installation Steps

1    vCenter 4.1 does not support 32-bit OS; use Windows 2008 R2 x64 Standard

2    Install / Configure a SQL 2008 R2 Cluster Database (outside the scope of this document), set the Instance port to 2126

3    Execute the following SQL to allow DP backups:   

  • CREATE LOGIN [DOMAIN\svc_DP-agent] FROM WINDOWS 
  • sp_addsrvrolemember @loginame =  [DOMAIN\svc_DP-agent], @rolename = 'sysadmin'

4    Create two databases on the HA database cluster:  

  • VCDB1 
  • VCUMDB1

5    Create a sevrice account for the vCenter cluster:   

  • svc_euvcenter01 (Note each vCenter must have a unique account (offline vCenter shares the same as online))

6    Using secpol.msc or Group Policy grant the service account tothe following user rights on both VCENTER servers:

  • Act as part of the Operating System
  • Logon as a Service

8    Execute the following SQL to add the user to the SQL instance:  

  • CREATE LOGIN  [DOMAIN\svc_euvcenter01] FROM WINDOWS

9    Execute the following SQL:

  • ALTER LOGIN   [DOMAIN\svc_euvcenter01] WITH DEFAULT_DATABASE = VCDB1

10    On VCDB1 execute the following SQL:  

  • EXEC sp_changedbowner @loginname='svc_euvcenter01' @map='true'

11    On VCUMDB1 execute the following SQL:  

  • EXEC sp_grantdbaccess 'DOMAIN\svc_euvcenter01', 'svc_euvcenter01'   EXEC sp_addrolemember 'db_owner', 'svc_euvcenter01'

12    Grant the service account db_owner permissions on the MSDB database:  

  • USE MSDB;   GO   EXEC sp_grantdbaccess 'spicerseu\svc_euvcenter01', 'svc_euvcenter01'   EXEC sp_addrolemember 'db_owner', 'svc_euvcenter01'

13    Create the following SQL Maintenence Tasks:  

  1. Daily 21:00 Check Integrity, Backup and Cleanup old BAK Files VCDB1  
  2. Daily 22:00 Check integrity, Backup and Cleanup old BAK Files VCUMDB1  
  3. Weekly 00:00 Sunday Check Integrity, Backup and Cleanup BAK Files SYSTEM Database

14    Make the svc_euvcenter01 account a local administrator on the vCenter server

15    Install SQL 2008 Native Client on both vCenter Servers

16    Create a 64-bit ODBC DSN for VCDB1:  

  1. Select SQL Native Client as driver  
  2. Server: EUVCDBCL1I1\I1,2126  
  3. Use Windows Authentication (do not define SPN)  
  4. Change default database to be VCDB1

17    Create a 32-bit ODBC DSN for VCUMDB1:  

  1. Select SQL Native Client as driver  
  2. Server: EUVCDBCL1I1\I1,2126  
  3. Use Windows Authentication (do not define SPN) 
  4. Change default database to be VCUMDB1

18    Create a exclusion policy for McAfee and apply to vCenter servers:   \Device\vstor*

19    Create firewall exceptions on EUVCENTER01/02:  

  • netsh advfirewall firewall add rule name="vCenter HTTP" dir=in action=allow protocol=TCP localport=80
  • netsh advfirewall firewall add rule name="vCenter AD Services" dir=in action=allow protocol=TCP localport=389
  • netsh advfirewall firewall add rule name="vCenter Client Listener" dir=in action=allow protocol=TCP localport=443
  • netsh advfirewall firewall add rule name="vCenter Linked Mode SSL" dir=in action=allow protocol=TCP localport=636
  • netsh advfirewall firewall add rule name="vCenter Management" dir=in action=allow protocol=TCP localport=902
  • netsh advfirewall firewall add rule name="vCenter Console" dir=in action=allow protocol=TCP localport=903
  • netsh advfirewall firewall add rule name="vCenter Management WebService" dir=in action=allow protocol=TCP localport=9080
  • netsh advfirewall firewall add rule name="vCenter HTTPS" dir=in action=allow protocol=TCP localport=9443
  • netsh advfirewall firewall add rule name="vCenter SDK" dir=in action=allow protocol=TCP localport=60099

20    Enable ICMP Echo Request on both vCenter Servers

21    Install .NET 3.5.1 via Server manager > Features

22    Install J# x64 from VMware-VIMSetup-all-4.1.0-259021\redist\vjredist

23    Install Visual C++ 2005, 2008 (x64 and x86) from VMware-VIMSetup-all-4.1.0-259021\redist\vcredist\2005

24    Logon as service account

25    Install vCenter:

  • Ensure that Web Server HTTP/HTTPS ports are changed from 8443 and 8080 to 9443 and 9080 this is because these ports conflict with McAfee EPO
  • Create dependency on MacAfee Framework Service for vpxd (due to conflict)

26    Restart server, check all VMWare services start

27    Remove MSDB permissions for svc_euvcenter01 account (when second sever is completed)

28    Configure Virtual Connect profiles for all VM servers   

29    Deploy ESXi to all virtual hosts using HP ESXi media

30    Configure TCP/IP, hostname and root password to XXXXXXXXX and set management VLAN (if applicable)

31    Configure forward and reverse DNS entries for vCenter Servers

32    Login to vSphere Client

33    Add licenses to vCenter

34    Create a new Datacenter

35    Import vSphere Hosts

36    Set Time Server Settings

37    Create a vSphere cluster

38    Drag and drop nodes imported into cluster

39    Create the following distributed switches:  

  • dvSwitch_Management/vMotion
  • dvSwitch_Ecommerce
  • dvSwitch_Internal

40    Create the following dvPortGroups under dvSwitch_Management/vMotion: 

  • dvPortGroup_Internal_VLAN120  
  • dbPortGroup_Internal_VLAN121
  • dbPortGroup_Internal_VLAN121

41   Create the followingdvPortGroups under dvSwitch_Internal:  

  • dvPortGroup_Internal_VLAN1  
  • dvPortGroup_Internal_VLAN90  
  • dvPortGroup_Internal_VLAN110  
  • dvPortGroup_Internal_VLAN115

42   Create the followingdvPortGroups under dvSwitch_Ecommerce:

  • dvPortGroup_Ecommerce_VLAN1  
  • dvPortGroup_Ecommerce_VLAN10  
  • dvPortGroup_Ecommerce_VLAN20  
  • dvPortGroup_Ecommerce_VLAN35  
  • dvPortGroup_Ecommerce_VLAN70

43  On dvSwitch_Internal change teaming and failover settings so that VLAN120 is preferred on adapter dvUplink1 and VLAN121 and VLAN122 are preferred on dvUplink2

44  Migrate server console to dvSwitch_ManagementvMotion

45    Define host level vmk1 and vmk2 Virtual Adapter and enable vMotion – this is a manual process on each host individually

46    Create host profile and validate all nodes against this

47    Present shared storage to all cluster nodes

48    Configure datastores and ensure availability on all hosts; odds sys side, evens cdc side

49    Create Windows and Linux VM’s

50    Test vMotion Host move

51    Test vMotion Datastore Move

52    Test VMWare HA

53    Test vVMWare DRS

54    Test DR scenarios:  

  1. Controlled shutdown
  2. Storage failover
  3. VMHA – Poweroff Node and wait for VM startup on another node
  4. SAN Storage Failover

55    Configure Network IO correctly on each Distributed Switch

56    Configure vCenter Mail Settings

57    Configure Exchange CAHT relay permissions

58    Configure alarms to send emails for the following host related issues:  

  • Host connection failure  
  • Host Storage Status  
  • Network connectivity lost  
  • Network uplink redundancy degraded  
  • Host CPU Usage  
  • Host Memory Usage

59    Modify c:\Program Files\VMware\Infrastructure\VirtualCenter Server\extensions\com.vmware.vim.stats.report\extension.xml  

  • Replace * with server FQDN this will resolve the ‘Navigation to the webpage was cancelled Refresh the page’ error

Setup Standby vCenter Server

1  Stop live vCenter VMWare Services, shutdown live vCenter

2    Perform full database backup

3    Make the svc_euvcenter01 account a local administrator on the vCenter server

4    Install SQL 2008 Native Client

5    Create a 64-bit ODBC DSN for VCDB1:  

  • Select SQL Native Client as driver  
  • Server: EUVCDBCL1I1\I1,2126  
  • Use Windows Authentication (do not define SPN) 
  • Change default database to be VCDB1

 6   Create a 32-bit ODBC DSN for VCUMDB1:  

  • Select SQL Native Client as driver  
  • Server: EUVCDBCL1I1\I1,2126  
  • Use Windows Authentication (do not define SPN)  
  • Change default database to be VCUMDB1

7    Create a exclusion policy for McAfee and apply to vCenter servers:   \Device\vstor*

8    Install .NET 3.5.1 via Features

9    Install J# x64 from VMware-VIMSetup-all-4.1.0-259021\redist\vjredist

10  Install Visual C++ 2005, 2008 (x64 and x86) from VMware-VIMSetup-all-4.1.0-259021\redist\vcredist\2005

11  Logon as service account:   svc_euvcenter01   p/w:XXXXXXXXX

12  Install vCenter, using the same license key as the other vCenter  

  • Ensure that WebServer HTTP/HTTPS ports are changed from 8443 and 8080 to 9443 and 9080 this is because these ports conflict with McAfee EPO

13    Restart server, check all VMWare services start

14    Modify c:\Program Files\VMware\Infrastructure\VirtualCenter Server\extensions\com.vmware.vim.stats.report\extension.xml  

  • replace * with EUVCENTER01.spicers.europeThis will resolve the ‘Navigation to the webpage was cancelled Refresh the page’ error

15   Configure same IP address as EUVCENTER01 – YES

16   Login to the Standby vCenter

17   Re-connect each ESXi host

18   Create dependency on mcAfee framework service for vpxd

Categories
Windows Server 2003

Dataprotector : IDB Maintenence

image002

Dataprotector : IDB Maintenence

.1 IDB Backup

Make sure all Data Protector production backups have completed overnight. Any backups that need to be re-run should be re-run before the backup of the IDB is taken. It would also be worth making sure there is no known requirement for a Data Protector restore. Disable all backups scheduled to run before 6pm.

Note: Timings listed on this document are approximate, based on previous run times. Depending on the condition of the Data Protector IDB and available resource on the Cell manager, times could differ. Though it’s expected regular purge procedures on the DP IDB will decrease job times lower than projected.

Take the following services Offline:

OBVS_MCRS

OBVS_VELOCIS

Copy the Data Protector IDB files from the R:/ of UKSPICDP. These files should be backed up to a local drive.

Once copied, bring the above listed services back online.

1.2 IDB Purge

 

Run the following commands from a command line on the Data Protector Cell manager:

omnidb –strip               (seconds)
Omnidbutil –purge –filenames –days 1  -force ( >5 hours)

(This task can take a number of hours, if this task is not finished by early afternoon 3 – 3.30pm, this complete process should be re-run another day)

Note in the above screen shot, this error will be displayed if you try to run another omnidbutil command whilst one is in progress.

To monitor the purge bring up task manager. The rds.exe process is running your purge task.

Omnidbutil –purge –sessions 1  -force   (Seconds)
Omnidbutil –purge –DCBF –days 1  -force       (Seconds)
Omnidbutil -purge_failed_copies                       (Seconds)

Create the folder c:\IDBtemp on Cell Manager (If directory already exists delete any existing files)

Run the following commands:
Omnidbutil –writedb –mmdb c:\IDBtemp -cdb c:\IDBtemp   (>1 hours)

(This command exports the data base files to a temp folder)

Omnidbutil –readdb –mmdb c:\IDBtemp -cdb c:\IDBtemp                    (>40 minutes)

(This command re-imports the data, leaving behind purged files)

 

omnidbutil -remap_dcdir                       (Seconds)
omnidbutil –fixmpos                              (Seconds)
omnidbutil -remap_dcdir                       (Seconds)
omnidbutil -cdbsync ukspicdp   (Seconds)

Any Backups disabled before the purge task should be re-enabled.

Perform a test or monitor a production backup to completion to confirm DP is working.

1.3 Stopping purge jobs

Purge jobs should only be cancelled if totally necessary, IE urgent business requirement of a restore/ High impact on Production backups.

If for some reason no up to date backup was taken of the IDB, the job should not be cancelled and procedure completed fully. Disabling a purge job in progress can corrupt the IDB, meaning restoring from an offline backup to get Data Protector operational.

If purge commands do need to be stopped, the following command should be used:

Omnidbutil -purge_stop

Categories
Windows 2008

cClass Blades: Boot for SAN

cClass Blades: Windows 2008 R2 Boot for SAN

In order to facilitate a boot fom SAN installation of Windows 2008 R2 the following process must be adhered to:

  1. Configure only a single path in your initial zone for the blade, Windows setup does not support multipathing, if this is missed you will end up with an error ‘Setup was unable to create a new system partition or locate an existing system partition.’
  2. Configure only a single port on the HBA, ensure its BIOS is enabled and that the boot LUN is configured. Ensure the second port is disabled/has no configuration.
  3. Ensure you have downloaded the HBA’s driver from the HP Support website – this may not be necessary, but have it ready just in case.
  4. Boot from the Windows 2008 R2 DVD using the iLO (you may find you recieve an error regarding a missing CD/DVD drive driver, if so try the Windows 2008 R2 vanialla DVD without SP1 integrated)
Categories
Performance

ESXi Troubleshooting Peformance

http://communities.vmware.com/docs/DOC-14905

Categories
Backups

VMware vCenter Backup and Restore

VMware vCenter Backup and Restore

The ADAM data is backed up every 5 minutes into the vCenter Server database. To backup the latest update of ADAM data, ensure that the VMware VirtualCenter Management Webservices service is running for at least 5 minutes before stopping the other vCenter services.

Backup

Stop the VMware VirtualCenter Service, VMwareVCMSDS, and the Database service.

Back-up the vCenter Server database.

This backup includes backing up ADAM information. For more information, see the vSphere Upgrade Guide.

Backup the SSL certificate folder at:

  • On Microsoft Windows 2003: %ALLUSERSPROFILE%\Application Data\VMware\VMware VirtualCenter
  • On Microsoft Windows Vista and Microsoft Windows 2008 Server: %ALLUSERSPROFILE%\VMWare\VMware VirtualCenter

Restore

Restore the database. For more information, see the vSphere Upgrade Guide.

Restore SSL certification.

Copy the backed up SSL certificate folder to the same path on the destination.

Create the folder if it does not already exist.

Prepare a DSN that points to the database.

Install vCenter Server 4 and connect it to the database during installation steps. ADAM information is restored by this process.(If vCenter Server 4 was installed on the target operating system to restore, you need to uninstall it prior to the restoration.)

Categories
Backups

EsxI Backup Configuration via PowerCLI

EsxI Backup Configuration via PowerCLI The following PowerCLI script will backup the configuration of your ESXi servers: $backpath = “C:\backups\” $eVMHs = Get-View -ViewType HostSystem |?{$_.config.product.ProductLineId -eq “embeddedEsx”} |?{$_.Runtime.ConnectionState -eq “connected”} Foreach ($eVMH in $eVMHs) {Set-VMHostFirmware -VMHost $VMH.name -BackupConfiguration -DestinationPath $backpath} To restore the configuration Step#1, put the ESXi host is maintenance mode, this is a requirement: set-VMHost -vmhost MyESXiHost -state Maintenance Step#2, restore the config bundle: Get-VMHost MyESXiHost | Set-VMHostFirmware -Restore -SourcePath C:\Temp\configBundle-MyESXiHost.tgz You can eventually add the -Force if the bundle is mismatched, that is when you restore to a different ESXi build.

Categories
Windows Server 2003

AD CS : Delegate GPO Creation/Management

AD CS : Delegate GPO Creation/Management

To delegate creation of new Group Policy Objects and link Group Policy Objects to existing OU’s you mustperform the following tasks:

  • Add the user to the Group policy Creator Owner built-in group
  • Delegate the ‘Manage Group Policy links‘ permission on the Organisational Units you wish the user to be able to link policies to.

Optional for generating RSOP information:

  • Delegate the ‘Read Group Policy Results data‘ permission on the Organisational Units you wish the user to be able to link policies to.

You can also utilise GPMC for delegation of GPO permissions.

Categories
Windows Server 2003

LastlogonTimeStamp : Report

LastlogonTimeStamp : Report

Use the following script to report on your users lastLogontimeStamp – note this will be accurate to within one week due to the very nature of the lastlogonTimeStamp attribute being replicated between DC’s once per week.

Save the text below into a VBS file and execute like so: cscript.exe file.vbs >> report.csv

If the script fails, download a copy from here: http://cb-net.co.uk/downloads/compreport2.txt

Option Explicit

Dim objRootDSE, adoConnection, adoCommand, strQuery, strCN
Dim adoRecordset, strDNSDomain, objShell, lngBiasKey
Dim lngBias, k, strDN, dtmDate, objDate
Dim strBase, strFilter, strAttributes, lngHigh, lngLow

‘ Obtain local Time Zone bias from machine registry.
‘ This bias changes with Daylight Savings Time.
Set objShell = CreateObject(“Wscript.Shell”)
lngBiasKey = objShell.RegRead(“HKLM\System\CurrentControlSet\Control\” _
    & “TimeZoneInformation\ActiveTimeBias”)
If (UCase(TypeName(lngBiasKey)) = “LONG”) Then
    lngBias = lngBiasKey
ElseIf (UCase(TypeName(lngBiasKey)) = “VARIANT()”) Then
    lngBias = 0
    For k = 0 To UBound(lngBiasKey)
        lngBias = lngBias + (lngBiasKey(k) * 256^k)
    Next
End If
Set objShell = Nothing

‘ Determine DNS domain from RootDSE object.
Set objRootDSE = GetObject(“LDAP://RootDSE”)
strDNSDomain = objRootDSE.Get(“defaultNamingContext”)
Set objRootDSE = Nothing

‘ Use ADO to search Active Directory.
Set adoCommand = CreateObject(“ADODB.Command”)
Set adoConnection = CreateObject(“ADODB.Connection”)
adoConnection.Provider = “ADsDSOObject”
adoConnection.Open “Active Directory Provider”
adoCommand.ActiveConnection = adoConnection

‘ Search entire domain.
strBase = “”

‘ Filter on all user objects.
strFilter = “(&(objectCategory=computer)(objectClass=user))”

‘ Comma delimited list of attribute values to retrieve.
strAttributes = “distinguishedName,lastLogonTimeStamp,cn”

‘ Construct the LDAP syntax query.
strQuery = strBase & “;” & strFilter & “;” & strAttributes & “;subtree”

‘ Run the query.
adoCommand.CommandText = strQuery
adoCommand.Properties(“Page Size”) = 5000
adoCommand.Properties(“Timeout”) = 60
adoCommand.Properties(“Cache Results”) = False
Set adoRecordset = adoCommand.Execute

‘ Enumerate resulting recordset.
Do Until adoRecordset.EOF
   ‘ Retrieve attribute values for the user.
    strDN = adoRecordset.Fields(“distinguishedName”).Value
    strCN = adoRecordset.Fields(“cn”).Value
    ‘ Convert Integer8 value to date/time in current time zone.
    On Error Resume Next
    Set objDate = adoRecordset.Fields(“lastLogonTimeStamp”).Value
    If (Err.Number 0) Then
        On Error GoTo 0
        dtmDate = #1/1/1601#
    Else
        On Error GoTo 0
        lngHigh = objDate.HighPart
        lngLow = objDate.LowPart
        If (lngLow
            lngHigh = lngHigh + 1
        End If
        If (lngHigh = 0) And (lngLow = 0) Then
            dtmDate = #1/1/1601#
        Else
            dtmDate = #1/1/1601# + (((lngHigh * (2 ^ 32)) _
                + lngLow)/600000000 – lngBias)/1440
        End If
    End If
    ‘ Display values for the user.
    If (dtmDate = #1/1/1601#) Then
       Wscript.Echo chr(34) & strDN & chr(34) & “,” & strCN &  “,Never”
    Else
       Wscript.Echo chr(34) & strDN & chr(34) & “,” & chr(34) & strCN & chr(34) & “,” & dtmDate
    End If
    adoRecordset.MoveNext
Loop

‘ Clean up.
adoRecordset.Close
adoConnection.Close