Monday, December 8, 2014

vcsa 5.5 with domain authentication

If you have joined the vcsa to a domain in the authentication tab of your vcsa administrative console, you do not need to add a STS SPN; you can use the machine account to add the identity source of that same domain.

What you do need is to go to your AD DNS and make sure the forward and reverse entries for the new VCSA and your AD have been created, and your VCSA has the proper DNS settings.

pics will come, but I have seen google lead me to believe I have to use a SPN, or that I have to add it as a AD LDAP source. None of these are needed if you already joined the VCSA to the domain; you could use them for additional domains.

Sunday, December 7, 2014

Nested ESXi in a physical ESXi quick sheet

First of all, hardware has to meet some minimum requirements

- your CPU should have VT (google the CPU, see the advanced technologies at the bottom, example:
- enable CPU VT option in BIOS (if you just did a BIOS update, check it again)
- this machine should have enough RAM for the physical ESXi and the nested ESXi (especially if you want to run more than one nested host to test all features of vcenter) and the VMs. I'd say 16GB is conservative, but definitely doable.

Recommendations so the VMs perform well
- SSD (if you have both SSD and spinning, move VMs you aren't using as much to the slower disk)
- at least 1 cabled gigabit
- plenty of ram

if the physical host is 5.0 and you are deploying nested 5.5

- choose rhel 5 x64 bit as OS when creating the nested ESXi VM
- I honestly only put a 1GB disk. if you need the logs, you can send them elsewhere using syslog.
- I choose vmxnet3 - intel should work too
- make sure you give it more ram (the default for rhel 5 is 1GB and the installer would fail)
- add the string vhv.allow = "TRUE"  to /etc/vmware/config in your Physical ESXi 5.0 host (with vi through SSH, for example)

Thursday, November 20, 2014

F5 replacement useful commands

some F5 commands - v11.

-Shutting down that F5 box:

plagiarized from here , SSH and run

Actually if you want them to shutdown then power off use the following.

shutdown -hP now

h means halt.
P means power off.

- Restore another's device full configuration (even all network and mgmt ip address, all vlans, virtual servers, etc) without running into licensing issues (useful for RMA or DR). This is the condensed form of this article. I assume you can access the new device through web/ssh by the mgmt IP.

1. Through SSH/SCP, copy the .ucs file you want to restore (default is /var/local/ucs)
2. leave a SSH session open to the new mgmt IP
3. turn off the other device (see above)
4. in the SSH session, run tmsh and then load /sys ucs <path/to/UCS_file> no-license. You can "complete with tab" when putting the filename to make double sure.
5. once the file is processed, your old mgmt IP will begin responding, and your new mgmt IP will go offline
6. change cables from old to new device
7. check. Sometimes a vip needs to be disabled and enabled for stuff to work (arp?)
8. think highly of yourself

- Clear a device to factory settings (except mgmt IP)

I assume you figured out how to get the mgmt IP setup right. Now go here . Really. It's short and sweet.

Tuesday, October 21, 2014

date windows updates were installed

You have a need to present the dates of installed updates in Windows Servers. WSUS gives you which patches, but not when.


if you haven't used pstools, please download and read and use.

Use psinfo:

psinfo -h \\remotecomputer > d:\path\server.txt

the > sends the output to a file you define.
you can omit \\remotecomputer if you are running locally


use this wmic script

wmic qfe list full /format:htable > d:\path\server.htm

the > sends the output to a file you define.

Saturday, July 5, 2014

Nested ESXi lab - part 1 - getting the right downloads for the main site

I reviewed what I want to accomplish in this lab in

Now I get to do it.

The first site will be done in VMware workstation v9. I use this version because when I got the VCP certification, they gave me a free license. However, you can buy or get a trial license from the site. I believe all trials are for 60 days.

I am using the linux version - just because i'm trying to learn linux, and there's no better way to learn than doing - but you can probably do the same things in the windows version. If you have problems running the linux version, please see this post

First let's download the appropriate ISOs:


You'll need to setup a free account if you don't have one already. I will attach screenshots since some friends have asked me exactly what to download.

In my case I will enroll in a vSphere with Operations Management (also called vSOM) trial.

Here is where you create or login to your MyVMware account (usual activation steps required)

Make a note of the evaluation license key and let's download the required packages.

ESXi - this iso is typically around 300MB. This lab will be done on ESXi5.5. I will be actually using an older one so we can patch it once installed, but here is the image of how it looks

vCenter - this is the windows installer, we will use it on the remote site. This is typically a 3GB ISO. I will use an older version and then upgrade it with the newest as part of the lab. The windows C# vsphere client is included in this ISO, so there is no need to download it separately.

vCenter appliance. Download either the one .ova file, or the very small ovf file and both disks (check for vmdk). Why both options? OVA is a tar of an OVF. Workstation can open ovf and vmdk's directly, but it will need to unzip the OVA.

Operations management is it's own OVA file. This will be the last one we download for now.


This is basically linux based SAN software. For the main site, I will use it as a iSCSI target. It's simple and small enough (500MB download) for my purposes. I will change this in the recovery site and use NFS instead there for study purposes.

We will download the v2.99 ISO and create our own VM. i know there's a prepackaged one there, but see what I do and then decide for yourself. Cick on the community edition and the download arrow.

don't forget to read the system requirements


We will download a trial of Server 2012 R2 to setup AD. I actually want to test an installation with no GUI for the recovery site, see how managing that works. Make sure you choose the ISO download option. You will need a microsoft related account to register.

Always important to read the system requirements . Note also that this trial runs for 180 days.

We will also download a SQL Server trial. We will use it with the windows based vCenter in our recovery site. VMware vCenter includes an embedded, free edition of MS SQL, but nobody uses that in a real company - it is very limited. You should involve your company's DBA to take care of your vCenter SQL DB and have it run as best as it can. Installation is tougher this way, but when you work with your DBA and tell him dbo rights are really required, you will understand why.

Important caveat - as of this writing, SQL server 2014 is not in the VMware inter-operatibility matrix - 2012 is the newest supported one.

This is the link for the 2012 trial

Also read the system requirements


We need some VMs. We already have the 2012 R2 installer, but we should also practice Linux. My workstation runs on Fedora, but in an effort to branch out, I will use the Ubuntu 14.04 LTS server

Al of these downloads are upwards of 12GB, so make sure you have them ready before starting the next step.

Nested esxi lab - design thoughts

I will create a lab with 2 sites, one site using VMware Workstation on my laptop and the other will be a physical ESXi host.

In each, we will create nested ESXi v5.5 hosts.

The objectives of this lab are:

1) practice for VCAP-DCA
2) learn and test vSphere replication and SRM
3) learn and test vCops

We will also work with

Active Directory - one ADDC for each site, running in the nested ESXis
iSCSI on the main site with Openfiler running on a VM at the same level as the nested ESXis
NFS on the backup site, with TBD running on a VM at the same level as the nested ESXis

One vcenter will be the appliance and another the windows version, running on the nested ESXis

The hardware we have:

both i7
both 32 gb ram
both have one SSD and one hard disk
communicating over a home wireless 802.11ac (not exactly gigabit, but this simulates commercial WAN links fairly decently)

All will run on temporary licenses.

Friday, July 4, 2014

webm test using gnome screenshot's screencast function

I will document my VCAP studies lab setup for anyone who finds themselves in this position. I also plan to learn vSphere replication and SRM with this lab, using a laptop as the production site and a desktop as the recovery site.

Since I switched to Linux less than a year ago, i've found different ways to solve the same problems I had in windows. The prt scn (print screen) button does not work by default - you have to install a tool for it. A google seach recommends a tool called Shutter; I had already installed GNOME Screenshot.

While searching for he hot keys, I found a feature that interested me in the GNOME Screenshot tool called Screencast.

This basically allows you to take a small video of what you are doing. It stores the files as .webm - the HTML5 video format that is supported by all modern browsers.

So, here is my first webm embedded video in a blog post - let's see how it looks.

webm test

good news - it runs as advertised. bad news is the resolution sucks, and it grabs all the desktop (in my case, 2 screens). I will update this when I find a solution where 1) i can specify what's recorded, instead of all the desktop 2) i can read what's recorded.

Thursday, July 3, 2014

Windows partition sizes in 2012 R2 for people that like XXX.0 in their disk list

When you are creating your disk partitions, you have options. You might be one of those persons that like to see disk drive sizes as 146.0 instead of 149.56. If you are one of those, you will find out how to calculate the disk size in the following lines:

When installing windows, choose custom. The default system reserved partition changed is now 350 MB. Use this formula if you want to get, say, 146GB as a drive C size:

Add 350 MB to 146GB (converted to MB), 1 MB for MBR partitioning space lost, and fill the value. The calculation is 146x1024+350+1 = 149855

For disks that will be partitioned with GPT, use 2 MB instead of one for MBR.

Friday, June 27, 2014

SEP 12 nugget to stop the service in windows server 2003

You may know that in windows 2003 you can't stop the SEP service from the Services snap-in, but you can from command line:

start smc -stop


start smc -start

What I didn't know, and just confirmed today, is that the command only works if the GUI is not running :p

Sunday, June 1, 2014

my vcap strategy for dca and dcd

My biggest goal this year, apart from living happily with my loved ones, is getting the VCAP certifications in datacenter administration (dca) and datacenter design (dcd). I already took the requisite courses, but studying for the certification is a whole different matter. Here is how I plan on attaining them.

(Note - the amazon links below have my partner code, meaning if you buy the books through these links, my account balance won't be a big fat zero, like it has been for many years straight... I realize it looks like a sales post).

First, decide which one to pursue first:

I think I have decided to do DCA first, since it's more technical and requires you to learn more than what was already covered in the VCP5-DCV. This will allow me to be more knowledgeable when I study for the DCD exam: it will allow me to understand why a design criteria is better than another, and in which scenarios a certain approach is better.

Second, focus on re-learning what I studied for the vcp, with the 5.5 version. For my VCP exam, I read scott lowe's mastering vsphere 5.0 from the first to the last page. I put it here as a reference, in case someone wants to do the 5.0 versions of the exams, instead of the 5.5 - but I would buy the 5.5 version if I were new to all this.

There were many topics in the book that were not included in the vcp blueprint, and thus I didn't really try them out on the labs. The vcap-dca is probably the only exam that goes deep into every feature of vsphere, so now is the time to dig deep and do labs on every topic. Also, since the book has a new version out, I will use this book and again read it it from page one to the last page, but this time trying to do labs for everything.

Once I have finished the book I will schedule the exam - probably with a month of wiggle room. I will then focus on the blueprint, the study guides, and other resources, such as vBrownBag podcasts, or whatever google throws at me. I will also finally read the clustering deep dive, which I had bought for a very reasonable price as a Kindle edition. There will be no 5.5 version of this book, since the authors stated there were not many changes between 5.1 and 5.5.

By this time I should have identified many holes in my knowledge, and I should be referring to the vmware documentation and google to clear any confusions. However, I will also ask my employer to buy the certification book, which was recently released:

Lastly, I will double-check the course materials and labs, any mock exams I find, and commend myself to my creator.

Assuming success, then...

For the DCD, I will follow a similar approach. This time, it's another Scott Lowe book, "VMware vSphere Design".

and hopefully my employer sees value in his new VCAP-DCA and allows me to expense the other certification book:

(Please be careful when buying the certification books - sometimes the bonus exam content is only available in the print edition.)

I had assumed the design test would be with a live panel, but apparently it's also computer-based. Hopefully with the DCA VCAP and these books, it will be an easy exam :)

And that should be it. It is an attainable goal - more than half of the year is still available. Wish me luck, internet!

Monday, May 26, 2014

Installing ubuntu over an already dual boot windows/fedora

I installed ubuntu over my dual boot fedora/windows machine.

I told the ubuntu installer to use the same /boot drive - it errored, and after i selected another drive (the one it suggested), continued.

Once booted, i only had my old fedora and windows entries in grub.

Run this in a root shell to get ubuntu loaded - note, you must have mounted the ubuntu / partition before executing it.

grub2-mkconfig -o /boot/grub2/grub.cfg

Generating grub.cfg ...
Found linux image: /boot/vmlinuz-3.14.4-200.fc20.x86_64
Found initrd image: /boot/initramfs-3.14.4-200.fc20.x86_64.img
Found linux image: /boot/vmlinuz-3.13.5-200.fc20.x86_64
Found initrd image: /boot/initramfs-3.13.5-200.fc20.x86_64.img
Found linux image: /boot/vmlinuz-3.13.4-200.fc20.x86_64
Found initrd image: /boot/initramfs-3.13.4-200.fc20.x86_64.img
Found linux image: /boot/vmlinuz-0-rescue-5a03a6d41476417baf5f18f5d1eec2af
Found initrd image: /boot/initramfs-0-rescue-5a03a6d41476417baf5f18f5d1eec2af.img
Found Windows 8 (loader) on /dev/sda1
Found Ubuntu 14.04 LTS (14.04) on /dev/sda5


** tip **

in case you don't like the distro you added, you can remove the partition you installed to, and then run this command again, and the grub entry will be updated accordingly :D

installing vmware workstation 9 in fedora 20 / and also how to fix when kernel upgrades don't let it compile

I was going to make a new post, but honestly, for the installation, this one covers it really well.

I would obey the instructions - including leaving the root user in the dialog. This adds the benefit of only the root user being able to change the program (for example, when applying a license key).

When upgrades come, it will ask to recompile and may fail. Check these 3 things

A) login as root, do this (anytime your kernel changes)

cp /usr/src/kernels/`uname -r`/include/generated/uapi/linux/version.h /lib/modules/`uname -r`/build/include/linux/

B) If the upgrade process still fails - the referenced log will say something like

 error: conflicting types for ‘VNetFilterHookFn

Follow this then:

The people that get an error when applying the patch - you already have the patch (open the file, you will see it). it fails because you are running the patch twice.

C) if the above patch is already in place, open the error log and try running the build command that fails. if you find:

/tmp/modconfig-iyZm3D/vmnet-only/netif.c:152:64: error: macro "alloc_netdev" requires 4 arguments, but only 3 given
    dev = alloc_netdev(sizeof *netIf, deviceName, VNetNetIfSetup);
then use what eris23 did in the comments of danda3 (he said he found it in - it's in italian but you can see the post on the left). It is a 2nd patch, you have to extract and tar again, but basically you are adding a 4th parameter to bypass the error). This was on line 152 (the error shows it)

Making it simple:

1) cd /usr/lib/vmware/modules/source/

2) tar xvf vmnet.tar vmnet-only/netif.c

open the netif.c file, go to line 152, add NET_NAME_UNKNOWN, in place of a 3rd argument (i did not find this to do any harm to workstation).

3) tar -uvf vmnet.tar vmnet-only/netif.c

and now run the installer, which in my case, finally worked.

If it still doesn't work, grab the command at the end of the error log, execute it, and start troubleshooting from there, looking for errors. Good luck!

Wednesday, March 26, 2014

Decibel Audio Player in Fedora 20

One of the things I haven't found in Linux (maybe until today) was a simple music player that would just let me pick a folder where I had a album and play it. Too many of those music managers turn me down as soon as they mention an "import". My music manager is the file manager :)

So I'm giving Decibel Audio Player a try. I installed it from the software GUI in Fedora 20. No problem at all - but when I tried to run some MP3s I got no audio. Now, Rhythmbox and others will guide you if you don't have the correct drivers, and maybe even help you install the rpmfusion repositories, but there was no error message here.

After googling around, the correct thing to type is

yum install gstreamer-plugins-ugly

and that will allow you to play MP3's (I closed and re-opened just in case).

Monday, February 10, 2014

SNMP testing with getif

Sometimes you just need to test if SNMP settings and the network between devices works ok. Most of the normal SNMP software are too big to install on any server, and have a db, a service and a web front - in short, for just testing SNMP, are too much work.

To that end, I've found that this small exe is great at that. It's old... and thus very small. Just used on 2k8 r2 server today with no issues - just put ip and string and hit start.

Tuesday, January 28, 2014

thinking about it ops: paying dues

There are some familiar dues when you take shortcuts in IT. I'll try to add to them as time passes.

1) not patching, not being on top of patching

lots of vulnerabilities show up when performing it sec scans
no knowledge of acceptable downtime when you need to patch
increased risk to new viruses and exploits
if you are under a time constraint to patch, you made the list much longer than if you were actively patching

2) not documenting, or not documenting properly

if something you own goes down when on vacation, expect to be called
when time passes, expect to spend time relearning what was done
no one else can learn and assist unless you dedicate a lot of time to tribal knowledge

3) not training others

you either will never stop owning a platform, or still be called once you have moved to another position
when considering who to promote from a team, the fierce owner will be less likely to be promoted, since there is no one to fill the gap

4) not managing the server lifecycle

no one knows when the server was bought, by who, for what
any specific info regarding the server is lost with time
unclear who manages or who it's downtime affects
unclear what needs to be backed up, what can be deleted when space is filled
unclear what servers and services it affects if decomissioned
no trail on how the server and it's data was disposed

Wednesday, January 15, 2014

Broadcom Corporation BCM4352 802.11ac and kmod-wl has inconsistent or slow internet with channel 11 wifi

This was a weird one. Every device in my house was ok with my AP broadcasting over channel 11, but fedora 20 with BCM4352, installed using "yum install kmod-wl" from the rpmfusion repositories, had very erratic behaviour.

Someone in a forum had asked a person with a similar problem to show what channel they were using, and it made me check my home settings. I tested and was able to connect satisfactorily to another wifi network, which was on channel 01. I switched my AP's radio from channel 11 to channel 1, and it's been working perfectly now.

A command to display what channel is being used is

$ iwlist wlp3s0 freq
wlp3s0    26 channels in total; available frequencies :
          Channel 01 : 2.412 GHz
          Channel 02 : 2.417 GHz
          Channel 03 : 2.422 GHz
          Channel 04 : 2.427 GHz
          Channel 05 : 2.432 GHz
          Channel 06 : 2.437 GHz
          Channel 07 : 2.442 GHz
          Channel 08 : 2.447 GHz
          Channel 09 : 2.452 GHz
          Channel 10 : 2.457 GHz
          Channel 11 : 2.462 GHz
          Channel 12 : 2.467 GHz
          Channel 13 : 2.472 GHz
          Channel 14 : 2.484 GHz
          Channel 36 : 5.18 GHz
          Channel 38 : 5.19 GHz
          Channel 40 : 5.2 GHz
          Channel 42 : 5.21 GHz
          Channel 44 : 5.22 GHz
          Channel 46 : 5.23 GHz
          Channel 48 : 5.24 GHz
          Channel 149 : 5.745 GHz
          Channel 153 : 5.765 GHz
          Channel 157 : 5.785 GHz
          Channel 161 : 5.805 GHz
          Channel 165 : 5.825 GHz
          Current Frequency:2.412 GHz (Channel 1)

where wlp3s0 is your interface. you can use tab to fill it in, or get the name from ifconfig

Thursday, January 9, 2014

remote desktop from linux (accessing Windows machines via RDP with Remmina)

Fedora 20 is one of the easiest to use, most integrated distributions I've experienced. It was quite a surprise for me to find that establishing a simple RDP session would be a bit of work.

In a fresh installation, in software / utilities, you see a program called "Remote Desktop Viewer". Sure enough, RDP is listed as a protocol for connection. However, when you try using it, nothing happens. Turns out if you google around, this program does not support RDP currently.

There have been previous programs that support this, such as rDesktop and tsclient. However, googling a bit more will tell you that what all the cool kids use now is Remmina with freeRDP.

So how do I install this program? well, with a "yum install remmina" of course! And it installs, but... you only SSH and SFTP connections.

Turns out you must also install the rdp plugins. This is achieved with a "yum install remmina-plugins-rdp". But nothing happens on the client. Maybe I should close it and re-open it? Wow, it still doesn't display anything!

This post saved my life when I was about to fork into who knows what procedure to get this working. It explains Remmina doesn't quit when you close it... so basically you have to kill the process for it to load the plugins (if you did it in the same order I did)

To see running programs (such as dropbox) in the tray, move your mouse to the bottom right corner (and do it kind of fast).

So, the better way of installing this RDP client is

yum install remmina-plugins-rdp 

as it will install remmina as a requirement and load the RDP plugin correctly the first time you run it.

Hope it helps someone :) it's a good solution so far and offers quite a few options.

gftp in fedora 20 is as winscp in windows

Winscp is a really easy to use scp client but it's for windows only. The closest i have found in fedora 20 is a program called gFTP.

yum install gftp

before you can actually do an scp connection, go to FTP, Preferences, SSH tab

where it says "ssh prog name" type ssh in lower case

and that's it - make sure you specify the right port, username, password, and SSH2 in the dropdown. press enter and you should get the familiar "add ssh key" prompt.

Here are some topics which I want to learn and include in this blog

windows AD
simple website design
google app engine
google adsense and it's variants

more to come, but that is the idea :)