VMworld 2011 Content Catalog (U.S. Version) Now Available

8 06 2011

You can browse the entire catalog at the link below:

http://bit.ly/kq9jJO





Get off my array! (Scripting datastore migrations with PowerCLI)

6 05 2011

We were recently asked by our storage team to migrate all VMs off of one array we are using and onto another.  Not being a huge fan of planning and carrying out a move like this one virtual disk at a time, I decided to take a stab at a datastore evacuation script.  There was already some know-how out there, so I started poking around and found some useful posts & threads:

http://get-admin.com/blog/how-to/vmware/powercli-evacuate-a-datastore/

http://communities.vmware.com/thread/299279/ Read the rest of this entry »





Implementing the HyTrust Appliance – Part 2

29 03 2011

Last time I went into our deployment of the HyTrust Appliance (HTA), some configuration considerations, and setting up the appliance for centralized authentication using Active Directory.  For this post I will talk a bit about our use of host compliance templates and, my favorite feature, root password vaulting. Read the rest of this entry »





FIX: Slow console performance for Windows Server 2008 R2 on vSphere

28 03 2011

For the past year or so, our team has been living with the pain of Windows 2008 and Windows 7 virtual machine (VM) consoles, thinking that the fix was just on the horizon with the next VM tools update.  It’s very possible that I’m behind the curve on this one and the fix has been well known for some time, but we just recently found what seems to be a sure-fire method to resolve this issue:

http://kb.vmware.com/kb/1026466

From the article:

Switching from SVGA II to WDDM

1. Click Start.
2. Right-click Computer and click Manage.
3. Click Device Manager in the left pane.
4. Expand Display Adapters.
5. Right-click VMware SVGA II and click Uninstall.
6. Select Delete the driver software for this device.
7. Reboot the virtual machine.
8. Click Start.
9. Right-click Computer and click Manage.
10. Click Device Manager.
11. Expand Display Adapters.
12. Right-click Standard VGA Graphics Adapter and click Update Driver Software.
13. Select Browse my computer for the driver software.
14. Navigate to and select the folder C:\Program Files\Common Files\VMware\drivers\wddm_video.
15. Reboot the virtual machine.





FIX: “The security database on the server does not have a computer account for this workstation trust relationship”

2 03 2011

I’ve seen a lot of solutions, or suggestions rather, with regard to the error in the title of this post.  In my experience, the problem can almost always be resolved without extra domain add/removes and reboots, which is the most prevalent solution I have seen around.  Usually, this issue is due to a mismatch between attributes of the computer account in Active Directory and those values on the system itself.  Here are the steps I take to fix this issue when it crops up: Read the rest of this entry »





Killing a virtual machine in ESXi 4.1

26 02 2011

* I’m pretty sure at least one step I take in this post is unsupported by VMware, so please use at your own risk.  If you don’t feel entirely comfortable with any part of this, and have a support contract – use it.

I was re-IPing a virtual machine (VM) today when it locked up and showed no signs of life (zero CPU usage, disk I/O, etc.). I went in through the host that it runs on using the vSphere Client and tried to hard reset it… which stuck at 95%. I restarted the management agents on the host, which successfully killed the reset command.

Now the VM showed as invalid, so I tried unregistering the VM, then selecting “Add to Inventory” by right-clicking on the <vmname>.vmx file in the VM’s folder on the datastore.  While this made the host recognize the virtual machine correctly again, it didn’t help with booting the VM up – I was now getting an error while booting that told me the virtual machine swap file (<vmname>.swp) was locked.

I’d seen similar errors before, and have a good history with the tried-and-true hard kill method for resolving these:

ps aux | grep <vmname>  –> which gave me a series of process IDs (pid) for the VM’s world
kill -9 <pid>

which resulted in:

cannot kill pid 123123: No such process

Uh-oh.  At this point I began contemplating contacting all of the customers whose VMs (about 40 of them) are on this host for an emergency reboot of their systems so I can reboot the physical host.  Then I found some threads that talked about the vm-support command and how it can hard crash the VM world for you. Huh.  Cool.  Here’s how I used that to make my day much better:

vm-support -x   (this lists out all of the VM worlds running on your host)

When I found the numeric world ID (wid) for my VM, I then ran this command and allowed it to kill the VM:

vm-support -X  <wid>

This process took a while (10-15 minutes), but it worked!  Here’s a good KB article on the use of vm-support and other means of killing virtual machines that just won’t stop:

http://kb.vmware.com/kb/1014165





Implementing the HyTrust Appliance – Part 1

25 02 2011

It happened for our Windows infrastructure several years ago, and now it’s happening at the hardware virtualization layer – we’re too big for our britches and lack a solid methodology for monitoring, securing, and maintaining our vSphere systems as we continue to expand.  Originally, I approached HyTrust regarding their HyTrust Appliance (HTA) primarily as a means to implement two-factor authentication for the virtual infrastructure via RSA SecureID.  Our RSA/two-factor project is in limbo, but I quickly realized that HyTrust had much more to offer us than just two-factor authentication.  Their implementation of host configuration templates alone has made it worth the purchase, not to mention the granular access policies and auditing, and root password vaulting (my favorite).  Over a couple of posts, I hope to relay some of the implementation trials, tribulations, and successful milestones as we roll the HTA into production and start to get a better handle on our environment.

Read the rest of this entry »