Azure Alert: Default Outbound Access Ends March 31st
Is your “Internet-less” VM about to lose its connection? Here is the fix.
For years, Azure allowed Virtual Machines without an explicit outbound connection (like a Public IP or NAT Gateway) to “cheat” and access the internet using a default, hidden IP. That ends on March 31st 2026. If you haven’t transitioned your architecture, your updates will fail, your scripts will break, and your apps will go dark.
1. What exactly is changing?
Microsoft is moving toward a “Secure by Default” model. The “Default Outbound Access” (which was essentially a random IP assigned by Azure) is being retired. From now on, you must explicitly define how a VM talks to the outside world.
2. The Three “Lazy Admin” Solutions
You have three ways to fix this before the deadline. Choose the one that fits your budget and security needs:
Option A: The NAT Gateway (Recommended)
This is the most scalable way. You associate a NAT Gateway with your Subnet. All VMs in that subnet will share one (or more) static Public IPs for outbound traffic.
- Pro: Extremely reliable and handles thousands of concurrent sessions.
- Con: There is a small hourly cost + data processing fee.
Option B: Assign a Public IP to the VM
The simplest “Quick Fix.” Give the VM its own Standard Public IP.
- Pro: Immediate fix for a single server.
- Con: Itโs a security risk (opens a door into the VM) and gets expensive if you have 50 VMs.
Option C: Use a Load Balancer
If you already use an Azure Load Balancer, you can configure Outbound Rules.
- Pro: Professional, enterprise-grade setup.
- Con: More complex to configure if you’ve never done it before.
3. How to find your “At Risk” VMs
Don’t wait for March 31st 2026 to find out what’s broken. Run this PowerShell snippet to find VMs that might be relying on default outbound access:
# Find VMs without a Public IP in a specific Resource Group$VMs = Get-AzVM -ResourceGroupName "YourRGName"foreach ($vm in $VMs) { $nic = Get-AzNetworkInterface -ResourceId $vm.NetworkProfile.NetworkInterfaces[0].Id if ($null -eq $nic.IpConfigurations.PublicIpAddress) { Write-Host "Warning: $($vm.Name) has no Public IP and may rely on Default Outbound Access!" -ForegroundColor Yellow }}๐ก๏ธ Lazy Admin Verdict:
If you have more than 3 VMs, deploy a NAT Gateway. Itโs the “Set and Forget” solution that ensures you won’t get a 2 AM call on April 1st when your servers can’t reach Windows Update.
LazyAdminBlog.com : M365 E7: The “Super SKU” is Here (And it Costs $99)
Is the new ‘Frontier Suite’ a lazy admin’s dream or a budget nightmare?
After 11 years of E5 being the king of the mountain, Microsoft has officially announced its successor: Microsoft 365 E7. Launching May 1, 2026, this isn’t just a minor updateโitโs a $99/month powerhouse designed for an era where AI agents are treated like actual employees.
1. Whatโs inside the E7 Box?
If youโve been “nickel and dimed” by add-on licenses for the last two years, E7 is Microsoftโs way of saying “Fine, hereโs everything.”
- Microsoft 365 Copilot (Wave 3): No more $30 add-on. Itโs baked in, including the new “Coworker” mode developed with Anthropic.
- Agent 365: This is the big one. A brand-new control plane to manage, secure, and govern AI agents across your tenant.
- Microsoft Entra Suite: You get the full identity stack, including Private Access (ZTNA) and Internet Access (SSE), which were previously separate costs.
- Advanced Security: Enhanced features for Defender, Intune, and Purview specifically tuned for “Agentic AI” (AI that actually performs tasks, not just answers questions).
2. The $99 Math: Is it worth it?
At first glance, $99 per user per month sounds like a typo. But letโs look at the “Lazy Admin” math:
| Component | Standalone Cost (Est.) |
| M365 E5 | $60 (post-July 2026 hike) |
| M365 Copilot | $30 |
| Agent 365 | $15 |
| Entra Suite Add-on | $12 |
| Total Value | $117/month |
By moving to E7, youโre saving about $18 per user and, more importantly, you stop managing four different license renewals. That is the definition of working smarter.
3. The “Agentic” Shift
Why do we need E7? Because in 2026, agents are becoming “Frontier Workers.” Microsoftโs new stance is that AI agents need their own identities. Under E7, your automated agents get their own Entra ID, mailbox, and Teams access so they can attend meetings and file reports just like a human. E7 provides the governance layer to make sure these agents don’t go rogue and start emailing your CEO the companyโs secrets.
๐ Microsoft 365 License Comparison: E3 vs. E5 vs. E7
| Feature Category | M365 E3 | M365 E5 | M365 E7 (Frontier) |
| Monthly Cost | ~$36.00 | ~$57.00 | $99.00 |
| Core Productivity | Full Apps + Teams | Full Apps + Teams | Full Apps + Teams |
| Security | Basic (Entra ID P1) | Advanced (Entra ID P2) | Autonomous (P3) |
| Compliance | Core eDiscovery | Inner Risk + Priva | Agentic Governance |
| AI Integration | Add-on Required | Add-on Required | Native Copilot Wave 3 |
| Specialized Tooling | None | Power BI Pro | Agent 365 (Suite) |
| Threat Protection | Defender for Endpoint | Defender XDR Full | Quantum Defender |
| Endpoint Mgmt | Intune (Basic) | Intune (Plan 2) | Autopilot Frontie |
๐ก๏ธ Lazy Admin Verdict:
- Upgrade to E7 if: You already have 50%+ Copilot adoption and youโre starting to build custom AI agents in Copilot Studio.
- Stay on E5 if: Youโre still fighting with users to turn on MFA and haven’t touched AI yet.
๐ References & Further Reading
- Official Microsoft Announcement: Introducing the First Frontier Suite built on Intelligence + Trust โ The primary source for E7 pricing and the “Wave 3” Copilot vision.
- Technical Deep Dive: Secure Agentic AI for your Frontier Transformation โ Details on how Agent 365 integrates with Defender and Purview.
- Partner Insights: Leading Frontier Firm Transformation with Microsoft 365 E7 โ Great for understanding the licensing shift from an MSP/Partner perspective.
- Analysis: M365 E7 to Launch May 1 for $99 Per User Per Month โ Independent analysis of the “Super SKU” value proposition.
LazyAdminBlog.com : Guide to the Entra ID Passkey Rollout (March 2026)
How to avoid 500 helpdesk tickets by spending 10 minutes in the Admin Center today.
If you woke up this morning to find a new “Default Passkey Profile” in your Entra tenant, don’t panic. Microsoft is officially “encouraging” (read: forcing) the world toward phishing-resistant auth. As a Lazy Admin, your goal isn’t to fight the changeโit’s to control it so it doesn’t control your weekend.
1. The Big Change: Passkey Profiles
Previously, FIDO2 was a simple “On/Off” switch. Now, we have Passkey Profiles.
- The Default Behavior: If you didn’t opt-in, Microsoft has created a “Default Profile” for you.
- The Trap: If you had “Enforce Attestation” set to No, Microsoft is now allowing Synced Passkeys (iCloud Keychain, Google Password Manager). This means users can put corporate credentials on their personal iPhones.
2. The “Lazy” Strategy: Tiered Security
Don’t treat your CEO and your Summer Intern the same way. Use the new Group-Based Profiles to save yourself the headache of “One Size Fits None.”
| User Group | Recommended Profile | Why? |
| IT Admins | Device-Bound Only | Requires a physical YubiKey or Windows Hello. No syncing to the cloud. |
| Standard Users | Synced & Device-Bound | Maximum convenience. If they lose their phone, iCloud/Google restores the key. Zero helpdesk calls. |
| Contractors | AAGUID Restricted | Only allow specific hardware models youโve issued to them. |
3. Avoid the “Registration Deadlock”
Many admins are seeing “Helpdesk Hell” because their Conditional Access (CA) policies are too strict.
The Problem: You have a policy requiring “Phishing-Resistant MFA” to access “All Apps.” A user tries to register a passkey, but they can’t log in to the registration page because… they don’t have a passkey yet.
The Lazy Fix: Exclude the “Register security information” user action from your strictest CA policies, or better yet, issue a Temporary Access Pass (TAP) for 24 hours. A TAP satisfies the MFA requirement and lets them onboard themselves without calling you.
๐ ๏ธ The 5-Minute “Lazy Admin” Checklist
- [ ] Check your Attestation: Go to Security > Authentication Methods > Passkey (FIDO2). If you want to block personal iPhones, set Enforce Attestation to Yes.
- [ ] Kill the Nudges: If you aren’t ready for the rollout, disable the “Microsoft-managed” registration campaigns before they start bugging your users on Monday.
- [ ] Review AAGUIDs: If you only use YubiKeys, make sure their AAGUIDs are explicitly whitelisted in your Admin profile.
Bottom Line: Spend 10 minutes setting up your profiles today, or spend 10 hours resetting MFA sessions next week. Choose wisely.
LazyAdminBlog.com : Setting Up Microsoft Entra Connect (Step-by-Step)
Why do manual user management when you can let a sync engine do the heavy lifting?
If youโre still manually creating users in both on-premises Active Directory and the Microsoft 365 portal, stop. Youโre working too hard. Microsoft Entra Connect (formerly Azure AD Connect) is the “bridge” that syncs your local identities to the cloud. Set it up once, and your users get one identity for everything.
1. The “Pre-Flight” Checklist (Don’t skip this!)
The biggest mistake admins make is running the installer before the environment is ready. To be truly “lazy,” do the prep work so the installation doesn’t fail midway.
- Server: A domain-joined Windows Server 2016 or later (2022 is recommended).
- Hardware: Minimum 4GB RAM and a 70GB hard drive.
- Permissions: * Local: You need to be a Local Admin on the sync server.
- On-Prem: An Enterprise Admin account for the initial setup.
- Cloud: A Global Administrator or Hybrid Identity Administrator account in Entra ID.
- Software: .NET Framework 4.7.2 or higher and TLS 1.2 enabled.
Pro Tip: Run the Microsoft IdFix tool first. It finds duplicate emails and weird characters in your AD that would otherwise break the sync.
2. Step-by-Step Installation
Download the latest version of the Entra Connect MSI here.
Step A: The Express Route
- Launch
AzureADConnect.msi. - Agree to the terms and click Use Express Settings. (Note: Use “Custom” only if you have multiple forests or need specific attribute filtering).
- Connect to Entra ID: Enter your Cloud Admin credentials.
- Connect to AD DS: Enter your Enterprise Admin credentials.
- Entra ID Sign-in: Ensure your UPN suffixes match. If your local domain is
corp.localbut your email islazyadminblog.com, you need to addlazyadminblog.comas a UPN suffix in AD.
Step B: The “Staging Mode” Safety Net
Before you hit install, youโll see a checkbox for “Start the synchronization process when configuration completes.” If you are replacing an old server or are nervous about what will happen to your 5,000 users, check the “Enable staging mode” box. This allows the server to calculate the sync results without actually exporting anything to the cloud. You can “peek” at the results before going live.
3. Post-Setup: The “Lazy” Health Check
Once installed, the sync runs every 30 minutes by default. You don’t need to babysit it, but you should know how to check it:
- The Desktop Tool: Open the Synchronization Service Manager to see a green “Success” status for every run.
- The PowerShell Way: To force a sync right now (because youโre too impatient for the 30-minute window), run:PowerShell
Start-ADSyncSyncCycle -PolicyType Delta
4. Troubleshooting Common “Gotchas”
- “Top-level domain not verified”: You forgot to add your domain (e.g., https://www.google.com/search?q=myblog.com) to the Entra ID portal.
- “Object Synchronization Triggered Deletion”: By default, Entra Connect won’t delete more than 500 objects at once. This is a safety feature to stop you from accidentally wiping your cloud directory. If you intended to delete them, you’ll need to disable the export deletion threshold.
The “Lazy Admin” Sync Monitor Script
Copy and save this as Monitor-EntraSync.ps1 on your sync server.
# --- CONFIGURATION ---
$SMTPServer = "smtp.yourrelay.com"
$From = "EntraAlert@lazyadminblog.com"
$To = "you@yourcompany.com"
$Subject = "โ ๏ธ ALERT: Entra ID Sync Failure on $(hostname)"
# --- THE LOGIC ---
# Import the AdSync module (usually already loaded on the server)
Import-Module ADSync
# Get the statistics of the very last sync run
$LastRun = Get-ADSyncRunProfileResult | Sort-Object StartDateTime -Descending | Select-Object -First 1
# Check if the result was NOT 'success'
if ($LastRun.Result -ne "success") {
$Body = @"
The last Entra ID Sync cycle failed!
Server: $(hostname)
Run Profile: $($LastRun.RunProfileName)
End Time: $($LastRun.EndDateTime)
Result: $($LastRun.Result)
Please log in to the Synchronization Service Manager to investigate.
"@
# Send the alert
Send-MailMessage -SmtpServer $SMTPServer -From $From -To $To -Subject $Subject -Body $Body -Priority High
}
๐ ๏ธ How to set it up (The Lazy Way)
To make this fully automated, follow these steps:
- Create a Scheduled Task: Open Task Scheduler on your Entra Connect server.
- Trigger: Set it to run every hour (or every 30 minutes to match your sync cycle).
- Action: * Program/script:
powershell.exe- Add arguments:
-ExecutionPolicy Bypass -File "C:\Scripts\Monitor-EntraSync.ps1"
- Add arguments:
- Security Options: Run it as SYSTEM or a Service Account that has local admin rights so it can access the ADSync module.
Why this is better than “Default” monitoring:
- No Noise: You only get an email if there is an actual problem.
- Proactive: You’ll likely know the sync is broken before your users start complaining that their new passwords aren’t working.
- Zero Cost: No need for expensive third-party monitoring tools for a single-server task.
References & Further Reading
EVC Mode & CPU Compatibility: The “Lazy Admin” FAQ
Youโve just unboxed a shiny new host with the latest Intel or AMD processor, but your current cluster is running hardware from three years ago. You try to vMotion a VM, and vSphere gives you the dreaded “CPU Incompatibility” error.
Enter Enhanced vMotion Compatibility (EVC). Hereโs everything you need to know to get your mixed-hardware cluster working without the headache.
What exactly is EVC?
Think of EVC as a “lowest common denominator” filter for your CPUs. It masks the advanced features of newer processors so that every host in the cluster appears to have the exact same instruction set. This allows VMs to live-migrate between old and new hardware because the “view” of the CPU never changes.
Quick FAQ
Q: Can I mix Intel and AMD in the same EVC cluster? A: No. EVC only works within a single vendor family. You can mix different generations of Intel, or different generations of AMD, but you cannot vMotion between the two brands.
Q: Will EVC slow down my new servers? A: Technically, yesโbut rarely in a way youโll notice. It hides new instructions (like specialized encryption or AI math sets), but the raw clock speed and core count of your new CPUs are still fully utilized. Most general-purpose VMs don’t use the high-end instructions being masked.
Q: Do I need to power off VMs to enable EVC? A: It depends:
- Enabling on an empty cluster: No downtime.
- Enabling on a cluster where VMs are already running on the oldest host: Usually no downtime.
- Enabling on a cluster where VMs are running on newer hosts: You must power off those VMs so they can “re-boot” with the masked CPU instructions.
Q: What is “Per-VM EVC”? A: Introduced in vSphere 6.7, this allows you to set the EVC mode on the VM itself rather than the whole cluster. This is a lifesaver for migrating VMs across different vCenters or into the Cloud (like AWS/Azure).
How to Find Your Correct EVC Mode
Don’t guess. Use the official tool:
- Go to the VMware Compatibility Guide (CPU/EVC Matrix).
- Select your ESXi version.
- Select the CPU models of your oldest and newest hosts.
- The tool will tell you the highest supported “Baseline” you can use.
Step-by-Step: Enabling EVC on an Existing Cluster
- Select your Cluster in vCenter.
- Go to Configure > VMware EVC.
- Click Edit.
- Select Enable EVC for Intel/AMD hosts.
- Choose the Baseline that matches your oldest host.
- Validation: vCenter will check if any running VMs are currently using features above that baseline. If they are, you’ll need to shut them down before you can save the settings.
Summary Table: EVC Baselines
| If your oldest host is… | Use this EVC Mode |
| Intel Ice Lake | Intel “Ice Lake” Generation |
| Intel Cascade Lake | Intel “Cascade Lake” Generation |
| AMD EPYC Rome | AMD EPYC “Rome” Generation |
Zerto vs. vSphere Replication: Which DR Strategy is for You?
When it comes to Disaster Recovery (DR) in a VMware environment, there are two names that always come up: vSphere Replication (VR) and Zerto.
One is often “free” (included in most licenses), while the other is a premium enterprise powerhouse. But in 2026, with the shifts in Broadcomโs licensing and the rise of ransomware, the choice isn’t just about priceโit’s about how much data you can afford to lose.
The Contenders
1. vSphere Replication (The Built-in Basic)
vSphere Replication is a hypervisor-based, asynchronous replication engine. Itโs integrated directly into vCenter and captures changed blocks to send to a target site.
- Best For: Small to medium businesses with “relaxed” recovery goals.
- Cost: Included with vSphere Standard and vSphere Foundation subscriptions.
2. Zerto (The Gold Standard for CDP)
Zerto uses Continuous Data Protection (CDP). Instead of taking snapshots, it uses a lightweight agent on each host to intercept every write in real-time and stream it to the DR site.
- Best For: Mission-critical apps where losing 15 minutes of data is a catastrophe.
- Cost: Licensed per VM (Premium pricing).
Key Comparison: RPO and RTO
In the world of “Lazy Adminning,” we care most about RPO (Recovery Point Objective – how much data we lose) and RTO (Recovery Time Objective – how fast we get back up).
| Feature | vSphere Replication | Zerto (HPE) |
| Replication Method | Snapshot-based (Asynchronous) | Journal-based (CDP) |
| Best RPO | 5 to 15 Minutes | 5 to 10 Seconds |
| Point-in-Time Recovery | Limited (up to 24 instances) | Granular (Any second within 30 days) |
| Orchestration | Requires VMware Site Recovery Manager (SRM) | Built-in (One-click failover) |
| Snapshots | Uses VM Snapshots (can impact performance) | No Snapshots (Zero impact on IOPS) |
Why Choose vSphere Replication?
If you have a limited budget and your management is okay with losing 30 minutes of data, VR is the way to go.
- Pros: Itโs already there. No extra software to install besides the appliance. It works well for low-change workloads.
- Cons: It relies on snapshots, which can cause “stun” on high-load SQL servers. Without adding SRM (Site Recovery Manager), failover is a manual, painful process of registering VMs and fixing IPs.
Why Choose Zerto?
If you are running a 24/7 shop or protecting against Ransomware, Zerto is king.
- Pros: The Journal is a time machine. If ransomware hits at 10:05:30 AM, you can failover to 10:05:25 AM. It also handles IP re-addressing and boot ordering natively.
- Cons: Itโs an expensive add-on. It also requires a “Virtual Replication Appliance” (VRA) on every host in your cluster, which uses a bit of RAM and CPU.
The Verdict: Which one is “Lazy”?
- vSphere Replication is lazy at the start (easy to turn on), but high-effort during an actual disaster (lots of manual work).
- Zerto is a bit more work to set up but is the ultimate “Lazy Admin” tool during a disasterโyou literally click one button, walk away, and grab a coffee while the entire data center boots itself at the DR site.
Lost Your VM? How to Find Its ESXi Host from the Guest OS
Itโs a classic “Ghost in the Machine” scenario: You can RDP or SSH into a virtual machine, but you can’t find it in vCenter. Maybe itโs a massive environment with thousands of VMs, maybe the naming convention doesn’t match, or maybe you’re dealing with a rogue host that isn’t even in your main cluster.
If VMware Tools is installed and running, the VM actually knows exactly where it lives. You just have to ask it nicely through the Command Prompt.
The Magic Tool: vmtoolsd.exe
On Windows VMs, the VMware Tools service includes a CLI utility called vmtoolsd.exe. This tool can query the hypervisor for specific environment variables that are passed down to the guest.
1. Find the ESXi Hostname
If you need to know which physical server is currently crunching the cycles for your VM, run this command:
"C:\Program Files\VMware\VMware Tools\vmtoolsd.exe" --cmd "info-get guestinfo.hypervisor.hostname"2. Get the ESXi Build Details
Need to know if the underlying host is patched or running an ancient version of ESXi? Query the build number:
"C:\Program Files\VMware\VMware Tools\vmtoolsd.exe" --cmd "info-get guestinfo.hypervisor.build"Why is this useful?
- vCenter Search is failing: Sometimes the inventory search index gets corrupted, and “Name contains” returns nothing.
- Nested Environments: If you are running VMs inside VMs, this helps you verify which layer of the onion you are currently on.
- Troubleshooting Performance: If a VM is lagging, you can quickly identify the host to check for hardware alerts or CPU contention without leaving the OS.
What if I’m on Linux?
The same logic applies! Most modern Linux distributions use open-vm-tools. You can run the same query via the terminal:
vmtoolsd --cmd "info-get guestinfo.hypervisor.hostname"Important Requirement: Guest RPC
For these commands to work, the VM must have VMware Tools installed and the guestinfo variables must be accessible. In some hardened environments, admins might disable these RPC (Remote Procedure Call) queries in the .vmx file for security reasons, but in 95% of standard builds, this will work out of the box.
Troubleshooting: How to Force Cancel a Hung Task in vCenter or ESXi
Weโve all been there: a vMotion hits 99% and just… stays there. Or a backup job finishes on the proxy side, but vCenter still thinks the VM is “busy.” Usually, the Cancel button is grayed out, leaving you stuck in management limbo.
When the GUI fails you, itโs time to hop into the CLI. Here is how to manually kill a hung task by targeting the VM’s parent process.
Step 1: Verify the Task
Before pulling the trigger, confirm the task is actually stuck and not just slow. Check the Monitor > Tasks and Events tab for the specific VM. If the progress bar hasn’t budged in an hour and the “Cancel” option is disabled, proceed to the host.
Step 2: Enable and Connect via SSH
To kill a process, you need to be on the specific ESXi host where the VM is currently registered.
- Enable SSH: Go to the ESXi host in vSphere > Configure > System > Services > Start SSH.
- Connect: Open your terminal (Putty, CMD, or Terminal) and log in as
root.
Step 3: Locate the Parent Process ID (PID)
We need to find the specific process tied to your VM. Use the ps command combined with grep to filter for your VM’s name.
Run the following command:
ps -v | grep "Your_VM_Name"(Note: Using the -v flag in ESXi provides a more detailed view of the world ID and parent processes.)
Look for the line representing the VM’s main process. You are looking for the Leader ID or the first ID listed in the row.
Step 4: Kill the Process
Once you have identified the ID (e.g., 859467), send the kill signal. Start with a standard terminate signal, which allows the process to clean up after itself.
Run the command:
kill 859467Lazy Admin Tip: If the process is extremely stubborn and won’t die, you can use
kill -9 859467to force an immediate termination. Use this as a last resort!
Step 5: Verify in vSphere
Give vCenter a minute to catch up. The hung task should now disappear or show as “Canceled” in the Tasks and Events console. Your VM should return to an “Idle” state, allowing you to power it on, move it, or restart your backup.
Level Up: Becoming a Zerto Certified Professional (ZCP)
In the world of Disaster Recovery, there are two types of admins: those who panic during an outage, and those who have “Master of Disaster” status.
If you’re looking to join the elite ranks of the latter, itโs time to talk about Zerto Certified Professional (ZCP) training. While the original ZVR 4.5 training was a game-changer for its time, Zertoโs training ecosystem has evolved significantly since then to keep pace with modern cloud and ransomware threats.
What is ZCP Training?
Zerto Certified Professional (ZCP) is the official technical certification program designed for customers and partners. It moves you beyond the basics of “click and replicate” into the deep engineering of Continuous Data Protection (CDP).
The current curriculum has shifted from just “Basic” to a more modular, role-based approach available through the myZerto University platform.
Key Learning Pillars:
- Architecture & Installation: Setting up the Zerto Virtual Manager (ZVM) and Virtual Replication Appliances (VRAs).
- VPG Management: Creating Virtual Protection Groups (VPGs) to keep multi-VM applications consistent.
- The “Time Machine” (Journal): Master file-level restores and point-in-time recovery to defeat ransomware.
- The Big Red Button: Coordinating Test Failovers, Live Failovers, and Move operations without breaking a sweat.
Is it still “Basic”?
Zerto has streamlined its certifications into several paths to match your specific environment:
| Certification | Level | Focus Area |
| ZCP Enterprise | Foundation | Core vSphere/Hyper-V to On-Prem replication. |
| ZCP Azure/AWS | Intermediate | Hybrid Cloud DR and migration to public clouds. |
| ZCP Advanced | Expert | Complex troubleshooting, multi-site, and API automation. |
| ZCP Managed Services | Partner | Specifically for DRaaS (Disaster Recovery as a Service) providers. |
Why Bother Getting Certified?
- Confidence: Knowing exactly how the journal works means you can recover data from seconds before a crash.
- Professional Status: It officially recognizes you as a “Master of Disaster” within the community.
- Efficiency: You’ll learn the “Lazy Admin” way to automate IP re-addressing and boot ordering, so you don’t have to do it manually during a crisis.
How to Get Started
- Access: Head over to the myZerto Portal. (Note: You still need to be a customer or partner to access full technical training).
- Time Investment: Most foundational courses take between 90 minutes and 3 hours of self-paced e-learning.
- The Exam: Youโll typically need a 75% or higher to pass. The exams are online, unproctored, and refreshingly focused on real-world scenarios rather than trivia.
Lazy Admin Tip: Don’t just watch the videos. If you have a lab environment, try to break a VPG and see how the ZVM alerts you. Real learning happens when the lights go red!
Recovery Guide: Fixing Corrupt Image Profiles on ESXi
Weโve all been thereโa patch remediation task in vSphere Update Manager (VUM) or vSphere Lifecycle Manager (vLCM) gets interrupted (shoutout to that one colleague!), and suddenly your ESXi host is in a “zombie” state.
If you see the dreaded “Unknown – no profile defined” error, your host has lost its identity. It no longer knows which VIBs (VMware Installation Bundles) should be installed. This is usually caused by a corrupt imgdb.tgz file.
Weโve all been thereโa patch remediation task in vSphere Update Manager (VUM) or vSphere Lifecycle Manager (vLCM) gets interrupted (shoutout to that one colleague!), and suddenly your ESXi host is in a “zombie” state.
If you see the dreaded “Unknown – no profile defined” error, your host has lost its identity. It no longer knows which VIBs (VMware Installation Bundles) should be installed. This is usually caused by a corrupt imgdb.tgz file.
The Symptom: Missing Image Profile
When an image profile is empty or corrupt, you cannot install patches, remove drivers, or perform upgrades. ESXi relies on the image database to maintain consistency.
How to Diagnose a Corrupt imgdb.tgz
Before you resort to a full host rebuild, verify the file size of the database. A healthy imgdb.tgz is typically around 26 KB. If yours is only a few bytes, itโs corrupted.
SSH into the host.
Locate the files:
cd /vmfs/volumesfind * | grep imgdb.tgz
Note: You will usually see two results (one for each bootbank).
Check the size:
ls -l <path_to_result>/imgdb.tgzIf the size is tiny (e.g., 0-100 bytes), the database is toast.
The Fix: Borrowing a “Known Good” Profile
Instead of a time-consuming reinstall, you can manually restore the database from a healthy host running the exact same version and patch level.
Step 1: Export from a Healthy Host
On a working ESXi host, copy the healthy database to a shared datastore:
cp /bootbank/imgdb.tgz /vmfs/volumes//Step 2: Restore on the Corrupt Host
On the host with the issue, move the good file to /tmp and extract it to access the internal VIB and Profile metadata:
cp /vmfs/volumes//imgdb.tgz /tmpcd /tmptar -xzf imgdb.tgzStep 3: Rebuild the Database Directories
Now, manually place the healthy metadata into the system directories:
Copy Profiles:
cp /tmp/var/db/esximg/profiles/* /var/db/esximg/profiles/Copy VIBs:
cp /tmp/var/db/esximg/vibs/* /var/db/esximg/vibs/Replace Bootbank File:
rm /bootbank/imgdb.tgzcp /tmp/imgdb.tgz /bootbank/
Step 4: Finalize and Persist
To ensure these changes survive a reboot, run the backup script:
/sbin/auto-backup.shSummary Table: Resolution Options
| Option | Effort | Risk | When to use |
| Rebuild Host | High | Low | If you don’t have a matching “known good” host. |
| Manual File Copy | Low | Medium | When you need a fast fix and have a twin host available. |
How to reset ESXi 5.x root password using Host Profiles
According to VMware, the only supported way to reset a lost password is to do a fresh install. However, there are ways around it if your host is already connected to vCenter.
If you doย NOTย know the host password but itโs currently connected to vCenter, you can use Host Profiles to reset the password. This is only possible because the vpxa user on each ESXi host, added when the ESXi host is connected to vCenter Server, has root privileges.
Host Profiles are a feature of Enterprise Plus licensing only.
The is a VMware KB which mentions root password recovery is this one and it clearly states that itโs not supported to reset passwords on ESXi 5.x and ESXi in general as there is no longer the Linux console where you would use the single-user mode for the job:
Reinstalling the ESXi host is the only supported way to reset a password on ESXi. Any other method may lead to a host failure or an unsupported configuration due to the complex nature of the ESXi architecture. ESXi does not have a service console and as such traditional Linux methods of resetting a password, such as single-user mode.
But using host profiles to change the root password on ESXi host is supported and if you got the appropriate licensing then you should be able to change the root password.
Steps:
1. Right click the host, choose All vCenter Actions, Host Profiles, and select Extract Host Profile. Run through the wizard to create the new profile.
2. At the top of the vSphere client, click Home and Host Profiles under the Management section.ย Right click the newly created profile and choose Edit.
3. Click Next to the Edit Host Profile step and expand Security and Services, then expand Security Settings. Click on Security Configuration. Modify the dropdown list and select the โConfigure a fixed administrator passwordโ option. Enter the new password.
4. Complete the wizard which will save all your changes.
5.ย Back in the Hosts and Clusters view, right click your host and go to All vCenter Actions, Host Profiles, and Attach Host Profile. Select your profile you created and customized and finish the wizard.
6. Put your host in maintenance mode.
7. Right click the host again,ย All vCenter Actions, Host Profiles, and Remediate. If your host is not in maintenance mode, youโll get the message โRemediate operation is allowed only for hosts in maintenance modeโ
8. Once the Host Profile is applied, the host will reboot and your password will now be updated.
How to Remove Storage Devices from ESXi Hosts
Unmounting a LUN checklist
Before unmounting a LUN, ensure that:
- If the LUN is being used as a VMFS datastore, all objects (such as virtual machines, snapshots, and templates) stored on the VMFS datastore are unregistered or moved to another datastore.Note: All CD/DVD images located on the VMFS datastore must also be unregistered from the virtual machines.
- The datastore is not used for vSphere HA heartbeat.
- The datastore is not part of a datastore cluster.
- The datastore is not managed by Storage DRS.
- The datastore is not configured as a diagnostic coredump partition.
- Storage I/O Control is disabled for the datastore.
- No third-party scripts or utilities running on the ESXi host can access the LUN that has issue. If the LUN is being used as a datastore, unregister all objects (such as virtual machines and templates) stored on the datastore.
- If the LUN is being used as an RDM, remove the RDM from the virtual machine. Click Edit Settings, highlight the RDM hard disk, and click Remove. Select Delete from disk if it is not selected, and click OK.Note: This destroys the mapping file, but not the LUN content.
- Check if the LUN/datastore is used as the persistent scratch location for the host.This PowerCLI script can be used to check the current scratch location:
$vcServer = “vCenter01”
$cluster = “CL01”
$esxCred = Get-Credential
Connect-VIServer $vcServer | Out-Null
#Connect to ESX hosts in cluster
foreach ($esx in Get-Cluster $cluster | Get-VMHost) {
Connect-VIServer $esx -Credential $esxCred | Out-Null
Get-VMHostAdvancedConfiguration -Name “ScratchConfig.ConfiguredScratchLocation”
}
Note: When using the vSphere Web Client with vSphere 5.1, 5.5 and 6.0, only these checks are performed during the datastore unmount operation:
- Host should not have any virtual machines residing on this datastore
- Host should not use the datastore for HA heartbeats
Obtaining the NAA ID of the LUN to be removed
From the vSphere Client, this information is visible in the Properties window of the datastore.
From the ESXi host, run this command:
# esxcli storage vmfs extent list
You see output similar to:
Volume Name VMFS UUID Extent Number Device Name Partition
———– ———————————– ————- ———————————— ———
datastore1 4de4cb24-4cff750f-85f5-0019b9f1ecf6 0 naa.6001c230d8abfe000ff76c198ddbc13e 3
Storage2 4c5fbff6-f4069088-af4f-0019b9f1ecf4 0 naa.6001c230d8abfe000ff76c2e7384fc9a 1
Storage4 4c5fc023-ea0d4203-8517-0019b9f1ecf4 0 naa.6001c230d8abfe000ff76c51486715db 1
LUN01 4e414917-a8d75514-6bae-0019b9f1ecf4 0 naa.60a98000572d54724a34655733506751 1
Make a note of the NAA ID of the datastore to use this information later in this procedure.
Note: Alternatively, you can run the esxcli storage filesystem list command, which lists all file systems recognized by the ESXi host.
Unmounting a LUN using the vSphere Client
To unmount a LUN from an ESXi 5.0 host using the vSphere Client:
- If the LUN is an RDM, skip to step 2. Otherwise, in the Configuration tab of the ESXi host, click Storage. Right-click the datastore being removed, and click Unmount.A Confirm Datastore Unmount window appears. When the prerequisite criteria have been passed, click OK.Note: To unmount a datastore from multiple hosts in the vSphere Client, click Hosts and Clusters > Datastores and Datastore Clusters view (Ctrl+Shift+D). Perform the unmount task and select the appropriate hosts that should no longer access the datastore to be unmounted.
- Click the Devices view (under Configuration > Storage): ย ย ย ย ย ย ย ย ย ย ย ย ย
- Right-click the NAA ID of the LUN (as noted above) and click Detach. A Confirm Device Unmount window is displayed. When the prerequisite criteria are passed, click OK. Under the Operational State of the Device, the LUN is listed as Unmounted.Note: The Detach function must be performed on a per-host basis and does not propagate to other hosts in vCenter Server. If a LUN is presented to an initiator group or storage group on the SAN, the Detach function must be performed on every host in that initiator group before unmapping the LUN from the group on the SAN. Failing to follow this step results in an all-paths-down (APD) state for those hosts in the storage group on which Detach was not performed for the LUN being unmapped.
- Confirm if the LUN is successfully detached. The LUN can then be safely unpresented from the SAN. For more information, contact your storage array vendor.
- Perform a rescan on all ESXi hosts which had visibility to the LUN. The device is automatically removed from the Storage Adapters.
When the device is detached, it stays in an unmounted state even if the device is re-presented (that is, the detached state is persistent). To bring the device back online, the device must be attached.
If you want the device to permanently decommission from an ESXi host, manually remove the NAA entries from the host configuration:
- To list the permanently detached devices, run this command:# esxcli storage core device detached listYou see output similar to:Device UID State
———————————— —–
naa.50060160c46036df50060160c46036df off
naa.6006016094602800c8e3e1c5d3c8e011 off - To permanently remove the device configuration information from the system, run this command:# esxcli storage core device detached remove -d NAA_IDFor example:# esxcli storage core device detached remove -d naa.50060160c46036df50060160c46036df
VMware vCenter Release and Build Number History
| vCenter Build Numbers | |||||
| Name | Version | Release | Build | Installer | Version |
| vCenter Server 6.0.0 Update 1 | 6.0 U1 | 9/10/2015 | 3018524 | 3040890 | |
| vCenter Server 6.0.0b | 6.0.0b | 7/7/2015 | 2776511 | 2800571 | |
| vCenter Server 6.0 Express Patch 1 | 6.0.0a | 4/16/2015 | 2656758 | 2656757 | |
| vCenter Server 6.0 | 6.0 GA | 3/12/2015 | 2494585 | 2562643 | |
| vCenter Server 5.5 Update 3 | 5.5 U3 | 9/16/2015 | 3000241 | 3000346 | |
| vCenter Server 5.5 Update 2e | 5.5 U2e | 4/16/2015 | 2646482 | 2646481 | 5.5.0.44687 |
| vCenter Server 5.5 Update 2d | 5.5 U2d | 1/27/2015 | 2442329 | 2442328 | 5.5.0.43769 |
| vCenter Server 5.5 Update 2b | 5.5 U2b | 10/9/2014 | 2183111 | 2183112 | 5.5.0.43013 |
| vCenter Server 5.5 Update 2 | 5.5 U2 | 9/9/2014 | 2001466 | 2105955 | 5.5.0.42389 |
| vCenter Server 5.5 Update 1c | 5.5 U1c | 7/22/2014 | 1945274 | 1945270 | 5.5.0.42156 |
| vCenter Server 5.5 Update 1b | 5.5 U1b | 6/12/2014 | 1891310 | 1891314 | 5.5.0.41927 |
| vCenter Server 5.5 Update 1a | 5.5 U1a | 4/19/2014 | 1750795 | 1750787 | 5.5.0.41222 |
| vCenter Server 5.5c | 5.5c | 4/19/2014 | 1750596 | 1750597 | 5.5.0.41218 |
| vCenter Server 5.5 Update 1 | 5.5 U1 | 3/11/2014 | 1623101 | 1623099 | 5.5.0.40799 |
| vCenter Server 5.5b | 5.5b | 12/22/2013 | 1476327 | 1476387 | 5.5.0.39885 |
| vCenter Server 5.5a | 5.5a | 10/31/2013 | 1378903 | 1378901 | 5.5.0.38845 |
| vCenter Server 5.5 | 5.5 GA | 9/22/2013 | 1312298 | 1312299 | 5.5.0.38036 |
| vCenter Server 5.1 Update 3b | 5.1 U3b | 10/1/2015 | 3070521 | 3072311 | |
| vCenter Server 5.1 Update 3a | 5.1 U3a | 4/30/2015 | 2669725 | 2670344 | |
| vCenter Server 5.1 Update 3 | 5.1 U3 | 12/4/2014 | 2306353 | 2308386 | 5.1.0.43263 |
| vCenter Server 5.1 Update 2c | 5.1 U2c | 10/30/2014 | 2207772 | 2212977 | 5.1.0.43068 |
| vCenter Server 5.1 Update 2a | 5.1 U2a | 7/7/2014 | 1882349 | 1917403 | 5.1.0.41903 |
| vCenter Server 5.1 Update 2 | 5.1 U2 | 1/16/2014 | 1473063 | 1474365 | 5.1.0.39867 |
| vCenter Server 5.1 U1c | 5.1 U1c | 10/30/2013 | 1364037 | 1364079 | 5.1.0.38659 |
| vCenter Server 5.1 U1b | 5.1 U1b | 8/1/2013 | 1235232 | 1235309 | 5.1.0.37189 |
| vCenter Server 5.1 U1a | 5.1 U1a | 5/22/2013 | 1123961 | 1123966 | 5.1.0.36098 |
| vCenter Server 5.1 Update 1 | 5.1 U1 | 4/25/2013 | 1064983 | 1065152 | 5.1.0.35539 |
| vCenter Server 5.1b | 5.1b | 12/20/2012 | 947673 | 947939 | 5.1.0.34460 |
| vCenter Server 5.1a | 5.1a | 11/19/2012 | 880146 | 880471 | 5.1.0.33762 |
| vCenter Server 5.1 | 5.1 GA | 9/11/2012 | 799731 | 799735 | 5.1.0.32743 |
| vCenter Server 5.0 Update 3e | 5.0 U3e | 10/1/2015 | 3073236 | 3073234 | |
| vCenter Server 5.0 Update 3d | 5.0 U3d | 4/30/2015 | 2656067 | 2692807 | |
| vCenter Server 5.0 Update 3c | 5.0 U3c | 11/20/2014 | 2210222 | 2215678 | 5.0.0.43079 |
| vCenter Server 5.0 Update 3a | 5.0 U3a | 7/1/2014 | 1917469 | 1923446 | 5.0.0.42044 |
| vCenter Server 5.0 Update 3 | 5.0 U3 | 10/17/2013 | 1300600 | 1343691 | 5.0.0.37933 |
| vCenter Server 5.0 Update 2 | 5.0 U2 | 12/20/2012 | 913577 | 923238 | 5.0.0.34130 |
| vCenter Server 5.0 U1b | 5.0 U1b | 8/16/2012 | 804277 | 804276 | 5.0.0.32829 |
| vCenter Server 5.0 U1a | 5.0 U1a | 7/12/2012 | 755629 | 757163 | 5.0.0.31955 |
| vCenter Server 5.0 Update 1 | 5.0 U1 | 3/15/2012 | 623373 | 639890 | 5.0.0.29542 |
| vCenter Server 5.0 | 5.0 GA | 8/24/2011 | 456005 | 456005 | 5.0.0.16964 |
| vCenter Server 4.1 U3a | 1/31/2013 | 925676 | 978694 | ||
| vCenter Server 4.1 U3 | 8/30/2012 | 799345 | 816786 | ||
| vCenter Server 4.1 U2 | 10/27/2011 | 491557 | 493063 | ||
| vCenter Server 4.1 U1 | 2/10/2011 | 345043 | 345042 | ||
| VUM-KB-1023962 | 7/19/2010 | 275390 | |||
| vCenter Server 4.1 | 7/13/2010 | 259021 | 259021 | ||
| vCenter Server 4.0 Update 4b | 4.0 U4b | 2/7/2013 | 934016 | ||
| vCenter Server 4.0 U4 | 11/17/2011 | 496403 | |||
| vCenter Server 4.0 U3 | 5/5/2011 | 385281 | |||
| vCenter Server 4.0 U2 | 6/10/2010 | 258672 | |||
| vCenter Server 4.0 U1 | 11/19/2010 | 208111 | |||
| vCenter Server 4.0 Patch 1 | 2/25/2010 | 183347 | |||
| vCenter Server 4.0 | 5/21/2009 | 162856 | |||
| VirtualCenter 2.5.0 U6b | 3/8/2012 | 598800 | |||
| VirtualCenter 2.5.0 U6a | 5/5/2011 | 341471 | |||
| VirtualCenter 2.5.0 U6 Localized | 1/29/2010 | 227640 | |||
| VirtualCenter 2.5.0 U6 English | 1/29/2010 | 227637 | |||
| VirtualCenter 2.5.0 U5 Localized | 7/10/2009 | 174835 | |||
| VirtualCenter 2.5.0 U5 English | 7/10/2009 | 174768 | |||
| VirtualCenter 2.5.0 U4 Localized | 2/23/2009 | 147704 | |||
| VirtualCenter 2.5.0 U4 German | 2/23/2009 | 147697 | |||
| VirtualCenter 2.5.0 U4 English | 2/23/2009 | 147633 | |||
| VirtualCenter 2.5.0 U3 | 10/3/2008 | 119598 | |||
| VirtualCenter 2.5.0 U2 | 7/25/2008 | 104215 | |||
| VirtualCenter 2.5.0 U1 | 4/10/2008 | 84767 | |||
| VirtualCenter 2.5.0 | 12/10/2007 | 64192 |
How to recover the only administrator account for Cisco UCS Manager
Recovering the only administrator account for Cisco UCS Manager:
If we lost/forgot the password of the only administrator account, you cannot retrieve the original password. However you have the option to recover it by changing the password for which you need to to power cycle all fabric interconnects (FI) in aย Cisco UCS domain.
You can reset the password for all other local accounts through Cisco UCS Manager. However, you must log in to Cisco UCS Manager with an account that includes aaa or admin privileges. If you do not have access to a admin account then read below:
I am going to tell you in steps how to do that:
Prerequisite 1: Determining the Leadership Role of a Fabric Interconnect
- In the Navigation pane, click the Equipment tab.
- In the Equipment tab, expand Equipment > Fabric Interconnects.
- Click the fabric interconnect for which you want to identify the role.
- In the Work pane, click the General tab.
- In the General tab, click the down arrows on the High Availability Details bar to expand that area.
- View the Leadership field to determine whether the fabric interconnect is the primary or subordinate.
Prerequisite 2: Verifying the Firmware Versions on a Fabric Interconnect
You can use the following procedure to verify the firmware versions on all fabric interconnects in a Cisco UCS domain. You can verify the firmware for a single fabric interconnect through the Installed Firmware tab for that fabric interconnect.
- In the Navigation pane, click the Equipment tab.
- In the Equipment tab, click the Equipment node.
- In the Work pane, click the Firmware Management tab.
- In the Installed Firmware tab, verify that the following firmware versions for each fabric interconnect match the version to which you updated the firmware:
Kernel version
System version
Scenario 1: Recovering the Admin Account Password in a Standalone Configuration
This procedure will help you to recover the password that you set for the admin account when you performed an initial system setup on the fabric interconnect. The admin account is the system administrator or superuser account.
Before You Begin:
- Physically connect the console port on the fabric interconnect to a computer terminal or console server
- Determine the running versions of the following firmware:
The firmware kernel version on the fabric interconnect
The firmware system version
- Connect to the console port.
- Power cycle the fabric interconnect:
Turn off the power to the fabric interconnect.
Turn on the power to the fabric interconnect.
- In the console, press one of the following key combinations as it boots to get the loader prompt:
Ctrl+l
Ctrl+Shift+r
You may need to press the selected key combination multiple times before your screen displays the loader prompt.
- Boot the kernel firmware version on the fabric interconnect.
loader >
boot /installables/switch/
kernel_firmware_version
Example:
loader >
boot /installables/switch/ucs-6100-k9-kickstart.4.1.3.N2.1.0.11.gbin
- Enter config terminal mode.
Fabric(boot)#
config terminal
- Reset the admin password.
Fabric(boot)(config)#
admin-password
password
Choose a strong password that includes at least one capital letter and one number. The password cannot be blank. The new password displays in clear text mode.
- Exit config terminal mode and return to the boot prompt.
- Boot the system firmware version on the fabric interconnect.
Fabric(boot)#
load /installables/switch/
system_firmware_version
Example:
Fabric(boot)#
load /installables/switch/ucs-6100-k9-system.4.1.3.N2.1.0.211.bin
- After the system image loads, log in to Cisco UCS Manager.
Scenario 2: Recovering the Admin Account Password in a Cluster Configuration
This procedure will help you to recover the password that you set for the admin account when you performed an initial system setup on the fabric interconnects. The admin account is the system administrator or superuser account.
Before You Begin
- Physically connect a console port on one of the fabric interconnects to a computer terminal or console server.
- Obtain the following information:
The firmware kernel version on the fabric interconnect
The firmware system version
Which fabric interconnect has the primary leadership role and which is the subordinate
- Connect to the console port.
- For the subordinate fabric interconnect.
- Turn off the power to the fabric interconnect.
- Turn on the power to the fabric interconnect.
- In the console, press one of the following key combinations as it boots to get the loader prompt:
Ctrl+l
Ctrl+Shift+r
You may need to press the selected key combination multiple times before your screen displays the loader prompt.
- Power cycle the primary fabric interconnect:
- Turn off the power to the fabric interconnect.
- Turn on the power to the fabric interconnect.
- In the console, press one of the following key combinations as it boots to get the loader prompt:
Ctrl+l
Ctrl+Shift+r
You may need to press the selected key combination multiple times before your screen displays the loader prompt.
- Boot the kernel firmware version on the primary fabric interconnect.
loader > boot /installables/switch/
kernel_firmware_version
Example:
loader > boot /installables/switch/ucs-6100-k9-kickstart.4.1.3.N2.1.0.11.gbin
- Enter config terminal mode.
Fabric(boot)# config terminal
- Reset the admin password.
Fabric(boot)(config)# admin-password password
Choose a strong password that includes at least one capital letter and one number. The password cannot be blank. The new password displays in clear text mode.
- Exit config terminal mode and return to the boot prompt.
- Boot the system firmware version on the primary fabric interconnect.
Fabric(boot)# load /installables/switch/
system_firmware_version
Example:
Fabric(boot)# load /installables/switch/ucs-6100-k9-system.4.1.3.N2.1.0.211.bin
- After the system image loads, log in to Cisco UCS Manager.
- In the console for the subordinate fabric interconnect, do the following to bring it up:
- Boot the kernel firmware version on the subordinate fabric interconnect.
loader > boot /installables/switch/
kernel_firmware_version
- Boot the system firmware version on the subordinate fabric interconnect.
Fabric(boot)# load /installables/switch/
system_firmware_version
How to configure a Dell iDRAC card without rebooting
First of all download the Racadm tool from the thisย link. It is included inย Dell OpenManage DRAC Tools.ย The Dell Remote Access Controller (DRAC) console is management station software designed to provide remote management capabilities for the Dell systems. You can remotely connect to the DRAC hardware and access the DRAC features either by using a web browser or the RACADM Command Line Interface (CLI). RACADM CLI is the command line user interface to the DRAC.
Syntax Usage
The following shows an example of a simple RACADM subcommand, getsysinfo, used with each RACADM utility. See the end of this articleย for links to documentation containing the full list of RACADM commands.
Remote RACADM
Remote RACADM commands must include the ip address or hostname of the idrac, and the idrac username and password.
racadm -r <ip address or hostname> -u <username> -p <password> <subcommand>
racadm -r 10.1.1.1 -u root -p calvin getsysinfo
NOTE: Remote racadm uses the web server SSL certificate of the iDRAC to authenticate the session. You will receive a warning message if certificates have not been configured or if the certificate is invalid. However, the command will execute normally following the message. If you wish to halt the command on certificate errors, use the -S option in the command. For information on configuring certificates on the iDRAC, see the user’s guide for your iDRAC linked at the end of this article.
Local RACADM
You do not have to specify the ip address, username, or password in Local RACADM commands.
racadm <subcommand> eg.ย racadm getsysinfo
racadm getniccfg
racadm setniccfg โs 172.17.2.124 255.255.252.0 172.17.0.5racadm getconfig -g cfgLanNetworkingracadm config -g cfgLanNetworking -o cfgNicIpAddress 172.17.2.124racadm config -g cfgLanNetworking -o cfgNicNetmask 255.255.252.0racadm config -g cfgLanNetworking -o cfgNicGateway 172.17.0.7racadm config -g cfgLanNetworking -o cfgDNSServer1 172.17.0.6racadm config -g cfgLanNetworking -o cfgDNSServer2 172.17.0.5racadm config -g cfgLanNetworking -o cfgDNSRacName ServerName-DRACracadm config -g cfgLanNetworking -o cfgDNSDomainName corp.company.comSSH/Telnet/Serial (Firmware) RACADM
You do not have to specify the ip address, username, or password in Firmware RACADM commands.
racadm <subcommand> ย eg.ย racadm getsysinfo
or
racadm <Enter> – takes you to a racadm>> prompt ย eg.ย racadm>>getsysinfo
Raising a support case for ProLiant/Blades Series Servers, the step by step approach!
Now a days HP has segregated theย support types, the server support comes underย Hewlett Packard Enterprise.
Select your product
HP ProLiant DL Multi Node Servers
HP ProLiant Packaged Cluster Servers
HP ProLiant WS Workstation Blades
Or
if you are not able to find your product, check the below link to manually search the server model/ number in the Hewlett Packard Enterprise Products: eg.ย ProLiant DL360 Gen9
You will get log of results like below:
Finally if the above of these do not help then you can raise case by clicking the below link. You need to create a HP passport login in case you do not have an account.ย HP Passport is a single sign in service that lets you use one User ID and password for all HP Passport-enabled websites.
Submit or manage support cases
You may also check existing ticket updates by providing the case ID.
I hope techies find it useful ๐
Connections and Ports in ESX and ESXi
A high resolution pdf can be downloaded hereย Connections and Ports in ESX and ESXi
VMware ESXi Release and Build Number History – A must for confirming your ESXi hosts are up to date!
The following listings are a comprehensive collection of the flagship hypervisor product by VMware. All bold versions are downloadable releases.
vSphere ESXi 6.0
| Name | Version | Release | Build |
|---|---|---|---|
| ESXi600-201511001 | ESXi 6.0 Express Patch 4 | 2015-11-25 | 3247720 |
| ESXi600-201510001 | ESXi 6.0 Update 1a | 2015-10-06 | 3073146 |
| VMware ESXi 6.0 Update 1 | ESXi 6.0 Update 1 | 2015-09-10 | 3029758 |
| ESXi600-201507001 | ESXi 6.0b | 2015-07-07 | 2809209 |
| ESXi600-201505001 | ESXi 6.0 Express Patch 2 | 2015-05-14 | 2715440 |
| ESXi600-201504001 | ESXi 6.0 Express Patch 1 | 2015-04-09 | 2615704 |
| VMware ESXi 6.0 | ESXi 6.0 GA | 2015-03-12 | 2494585 |
ย vSphere ESXi 5.5
| Name | Version | Release | Build |
|---|---|---|---|
| ESXi550-201512001 | 2015-12-08 | 3248547 | |
| ESXi550-201510001 | ESXi 5.5 Update 3a | 2015-10-06 | 3116895 |
| VMware ESXi 5.5 Update 3 | ESXi 5.5 Update 3 | 2015-09-16 | 3029944 |
| ESXi550-201505002 | ESXi 5.5 Patch 5 | 2015-05-08 | 2718055 |
| ESXi550-201504002 | Recalled | 2015-04-30 | 2702864 |
| ESXi550-201504001 | ESXi 5.5 Express Patch 7 | 2015-04-07 | 2638301 |
| ESXi550-201502001 | ESXi 5.5 Express Patch 6 | 2015-02-05 | 2456374 |
| ESXi550-201501001 | ESXi 5.5 Patch 4 | 2015-01-27 | 2403361 |
| ESXi550-201412001 | ESXi 5.5 Express Patch 5 | 2014-12-02 | 2302651 |
| ESXi550-201410001 | ESXi 5.5 Patch 3 | 2014-10-15 | 2143827 |
| VMware ESXi 5.5 Update 2 | ESXi 5.5 Update 2 | 2014-09-09 | 2068190 |
| ESXi550-201407001 | ESXi 5.5 Patch 2 | 2014-07-01 | 1892794 |
| ESXi550-201406001 | ESXi 5.5 Express Patch 4 | 2014-06-10 | 1881737 |
| ESXi550-201404020 | ESXi 5.5 Express Patch 3 | 2014-04-19 | 1746974 |
| ESXi550-201404001 | ESXi 5.5 Update 1a | 2014-04-19 | 1746018 |
| VMware ESXi 5.5.1 Driver Rollup | 2014-03-11 | 1636597 | |
| VMware ESXi 5.5 Update 1 | ESXi 5.5 Update 1 | 2014-03-11 | 1623387 |
| ESXi550-201312001 | ESXi 5.5 Patch 1 | 2013-12-22 | 1474528 |
| vSAN Beta Refresh | 2013-11-25 | 1439689 | |
| VMware ESXi 5.5 | ESXi 5.5 GA | 2013-09-22 | 1331820 |
vSphere ESXi 5.1
| Name | Version | Release | Build |
|---|---|---|---|
| ESXi510-201510001 | 2015-10-01 | 3070626 | |
| ESXi510-201503001 | 5.1.0 Patch 7 | 2015-03-26 | 2583090 |
| VMware ESXi 5.1 Update 3 | 5.1.0 U3 | 2014-12-04 | 2323236 |
| ESXi510-201410001 | 5.1.0 Patch 6 | 2014-10-31 | 2191751 |
| ESXi510-201407001 | 5.1.0 Patch 5 | 2014-07-31 | 2000251 |
| ESXi510-201406001 | 5.1.0 Express Patch 5 | 2014-06-17 | 1900470 |
| ESXi510-201404001 | 5.1.0 Patch 4 | 2014-04-29 | 1743533 |
| ESXi510-201402001 | 5.1.0 Express Patch 4 | 2014-02-27 | 1612806 |
| VMware ESXi 5.1 Update 2 | 5.1.0 U2 | 2014-01-16 | 1483097 |
| ESXi510-201310001 | 5.1.0 Patch 3 | 2013-10-17 | 1312873 |
| ESXi510-201307001 | 5.1.0 Patch 2 | 2013-07-25 | 1157734 |
| ESXi510-201305001 | 5.1.0 Express Patch 3 | 2013-05-22 | 1117900 |
| VMware ESXi 5.1 Update 1 | 5.1.0 U1 | 2013-04-25 | 1065491 |
| ESXi510-201303001 | 5.1.0 Express Patch 2 | 2013-03-07 | 1021289 |
| ESXi510-201212001 | 5.1.0 Patch 1 | 2012-12-20 | 914609 |
| ESXi510-201210001 | 5.1.0a | 2012-10-24 | 838463 |
| KB2034796 | 5.1.0 | Hot-Patch | 837262 |
| VMware ESXi 5.1 | 5.1.0 GA | 2012-09-11 | 799733 |
vSphere ESXi 5.0
| Name | Version | Release | Build |
|---|---|---|---|
| ESXi500-201510001 | 2015-10-01 | 3086167 | |
| ESXi500-201502001 | 5.0.0 Patch 11 | 2015-02-26 | 2509828 |
| ESXi500-201412001 | 5.0.0 Patch 10 | 2014-12-04 | 2312428 |
| ESXi500-201408001 | 5.0.0 Patch 9 | 2014-08-28 | 2000308 |
| ESXi500-201407001 | 5.0.0 Express Patch 6 | 2014-07-01 | 1918656 |
| ESXi500-201405001 | 5.0.0 Patch 8 | 2014-05-29 | 1851670 |
| ESXi500-201401001 | 5.0.0 Patch 7 | 2014-01-23 | 1489271 |
| VMware ESXi 5.0 Update 3 | 5.0.0 U3 | 2013-10-17 | 1311175 |
| ESXi500-201308001 | 5.0.0 Patch 6 | 2013-08-29 | 1254542 |
| ESXi500-201305001 | 5.0.0 Express Patch 5 | 2013-05-15 | 1117897 |
| ESXi500-201303001 | 5.0.0 Patch 5 | 2013-03-28 | 1024429 |
| VMware ESXi 5.0 Update 2 | 5.0.0 U2 | 2012-12-20 | 914586 |
| ESXi500-201209001 | 5.0.0 Patch 4 | 2012-09-27 | 821926 |
| ESXi500-201207001 | 5.0.0 Patch 3 | 2012-07-12 | 768111 |
| ESXi500-201206001 | 5.0.0 Express Patch 4 | 2012-06-14 | 721882 |
| ESXi500-201205001 | 5.0.0 Express Patch 3 | 2012-05-03 | 702118 |
| ESXi500-201204001 | 5.0.0 Express Patch 2 | 2012-04-12 | 653509 |
| VMware ESXi 5.0 Update 1 | 5.0.0 U1 | 2012-03-15 | 623860 |
| ESXi500-201112001 | 5.0.0 Patch 2 | 2011-12-15 | 515841 |
| ESXi500-201111001 | 5.0.0 Express Patch 1 | 2011-11-03 | 504890 |
| ESXi500-201109001 | 5.0.0 Patch 1 | 2011-09-13 | 474610 |
| VMware ESXi 5.0 | 5.0.0 | 2011-08-24 | 469512 |
vSphere ESXi 4.1
| Name | Version | Release | Build |
|---|---|---|---|
| ESXi410-201404001 | 4.1.0 Patch 11 | 2014-04-10 | 1682698 |
| ESXi410-201312001 | 4.1.0 Patch 10 | 2013-12-05 | 1363503 |
| ESXi410-201307001 | 4.1.0 Patch 9 | 2013-07-31 | 1198252 |
| ESXi410-201304001 | 4.1.0 Patch 8 | 2013-04-30 | 1050704 |
| ESXi410-201301001 | 4.1.0 Patch 7 | 2013-01-31 | 988178 |
| ESXi410-201211001 | 4.1.0 Patch 6 | 2012-11-15 | 874690 |
| VMware ESXi 4.1 Update 3 | 4.1.0 U3 | 2012-08-30 | 800380 |
| ESXi410-201206001 | 4.1.0 Express Patch 3 | 2012-06-14 | 721871 |
| ESXi410-201205001 | 4.1.0 Express Patch 2 | 2012-05-03 | 702113 |
| ESXi410-201204001 | 4.1.0 Patch 5 | 2012-04-26 | 659051 |
| ESXi410-201201001 | 4.1.0 Patch 4 | 2012-01-30 | 582267 |
| VMware ESXi 4.1 Update 2 | 4.1.0 U2 | 2011-10-27 | 502767 |
| ESXi410-201107001 | 4.1.0 Patch 3 | 2011-07-28 | 433742 |
| ESXi410-201104001 | 4.1.0 Patch 2 | 2011-04-28 | 381591 |
| VMware ESXi 4.1 Update 1 | 4.1.0 U1 | 2011-02-10 | 348481 |
| ESXi410-201011001 | 4.1.0 Express Patch 1 | 2010-11-29 | 320137 |
| ESXi410-201010001 | 4.1.0 Patch 1 | 2010-11-15 | 320092 |
| VMware ESXi 4.1 | 4.1.0 | 2010-07-13 | 260247 |
How to generate VMware ESXi logs and how to Upload via the FTP portal using a third party FTP client for a VMware Support Case
How to generate VMware ESXi logs:
Identify the ESXi host on which the server is hosted, putty to the Host and run the following command. But before you run the command, you need to select a ย desired datastore ย to direct the support log bundle to a location using the same command (mentioningย the destination path).
For example:
vm-support -s >ย /vmfs/volumes/datastorexxx/vm-support-Hostname.tgz
ย Datastorexxx = will be datastore with free space
vm-support-Hostname.tgz = host name
- After the log bundle has been collected and downloaded from the datastore by browsing the particular datastore normally using the vSphere client, then upload the logs to the SFTP/FTP site.
How to Upload via the FTP portal using a Filezilla (FTP Client)
There are many third-party GUI-based FTP clients that run on multiple platforms. These clients are able to perform the operations in this article using an intuitive GUI interface. Feel free to use the FTP client of your choice, which supports passive mode.
FileZilla is a popular third party FTP client.
To upload files from Windows using FileZilla:
- Open the FileZilla client.
- Set the transfer mode to binary:
Go to theย Transferย menu >ย Transfer typeย >ย Binary
- Go to theย Fileย menu >ย Site Manager.
- Add the VMware FTP site to My Sites using the Site Manager. The credentials are:
Address = ftpsite.vmware.com
Logon Type = normal
User = inbound
Password = inbound - Clickย Connect.
- Change to the correct destination directory for your Support Request:
- If this is the first time you are uploading files to the VMware FTP Server for this case, create a directory in the root of the VMware FTP. To do this, right click the root directory on the remote site in the right pane and chooseย Create directory.
- If this is not the first time you are uploading files for this case, proceed to step 7.
- Change to your SR directory using the Remote site field.
For example:
Remote site:ย /12345678901
Notes:
- For security reasons, you do not see any files or directories on the VMware FTP server, including files you have uploaded.
- The destination directory should contain numbers only. Do not enter letters or other characters.
- Once you connect to the correct destination directory, browse to the location of the log files on your local system using the file browser in the left pane or enter the full path in the Local site field.
- Right click the file and selectย Uploadย to start the transfer.
- Monitor the transfer progress in the Queued files pane.
How to power off a Virtual Machine on an ESXi host via Putty
Sometime aย virtual machine mayย not responsive and cannot beย stopped or killed, then this is a workaround to reboot the virtual machineย via putty.
Theย esxcliย command can be used locally or remotely to power off a virtual machine running on ESXi 5.x or later.
- Open a console session where the esxcliย tool is available, either in the ESXi Shell, the vSphere Management Assistant (vMA), or the location where the vSphere Command-Line Interface (vCLI) is installed.
- Get a list of running virtual machines, identified by World ID, UUID, Display Name, and path to the.vmxย configuration file, using this command:esxcli vm process list
- Power off one of the virtual machines from the list using this command:esxcli vm process kill –type=[soft,hard,force]–world-id=WorldNumber
Notes:
Three power-off methods are available. Soft is the most graceful, hard performs an immediate shutdown, and force should be used as a last resort.
Alternate power off command syntax is:ย esxcli vm process kill -t [soft,hard,force] -wย WorldNumber - Repeat Step 2 and validate that the virtual machine is no longer running.
How to fix a RDP issue without reboot?
The following steps can be used to resolve RDP issues without a restart:
ย Note: The below condition will be applicable only if the server is available on NetworkJ.
ย ย Troubleshooting Steps:
1. Check if the Windows Firewall Setting is Enabled on the server. If yes, have them Disabled.
ย Note: This is primarily applicable for Virtual Servers (VM machines) and if it is accessible in VM console.
ย 2.ย The following registry location, which is responsible for Terminal Server to access the via RDP:
ย HKEY_LOCAL_MACHINE \SYSTEM\CurrentControlSet\Control\Terminal Server
ย Under the Terminal Server key, the REG_DWORD value named fDenyTSConnection should be 0 because the value data 1 denies connecting to Terminal Services (to access the server via RDP).
ย Note: Even if the value is 0, change it from 0 to 1 and refresh the registry. Again the change the value back from 1 to 0 and refresh the registry.
ย HKEY_LOCAL_MACHINE \SYSTEM\CurrentControlSet\Control\Terminal Server
ย Under the Terminal Server key, the REG_DWORD value named fAllowToGetHelp should be 0 because the value data 1 denies the Remote Assistance on a server (to access the server via RDP).
Note: Even if the value is 0, change it from 0 to 1 and refresh the registry. Again the change the value back from 1 to 0 and refresh the registry.
3. The following registry location is used to enable Remote User Session on a server (Citrix)
ย HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\ICA-Tcp
ย Under the ICA-Tcp key, the REG_DWORD value named fEnableWinStation should be 1 because the value data 0 denies remote user sessions (to access the server via RDP).
Note: Even if the value is 1, change it from 1 to 0 and refresh the registry. Again the change the value back from 0 to 1 and refresh the registry.
ย 4.ย The following registry location is used to enable Remote User Session on a server
ย
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp
ย Under the ICA-Tcp key, the REG_DWORD value named fEnableWinStation should be 1 from 0 because the value data 0 denies remote user sessions (to access the server via RDP).
Note: Even if the value is 1, change it from 1 to 0 and refresh the registry. Again the change the value back from 0 to 1 and refresh the registry.
5. The following registry location, which is responsible for RDP port:
ย HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp
Under the RDP-Tcp key, the REG_DWORD value named PortNumber should be 3389 because by default, the Remote Desktop listens on port 3389 via TCP connection (to access the server via RDP).
ย Note: Open command prompt and type the below command
ย C:\telnet โSERVERNAME OR IP ADDRESSโ 3389
ย See if it is opened!!
ย P.S: At times, this may require a restart after making these changes if it still doesnโt work.
ย 6.ย The following registry location is used to enable/disable logon to a Terminal Server
ย HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
ย Under the Winlogon key, the REG_DWORD value named WinStationsDisabled should be 0 because the value data 1 denies logon to a Terminal Server via RDP.
Note: Even if the value is 0, change it from 0 to 1 and refresh the registry. Again the change the value back from 1 to 0 and refresh the registry.
What is a Queue Manager? What are the responsibilities of a Queue Manager?
A Queue Manager or a Dispatcher is a resource who primary task is to assign the incident tickets to resources as per their skill set. Their primary role is to meet the SLA targets for an incident ticket. Below are the responsibilities of a Queue Manager:
- Monitoring the queues and assign the incidents before missing Response time SLA
- Tickets to be assigned with respective Support Engineer according to required skills sets
- Follow up with engineerย for closing the tickets those are going to be SLA breached
- Assigned the tickets which are out of scope to Service Desk/Other Teams.
- Publishing Weekly Change Calendar
- Daily Report on Incidents/Change/Problem tickets and SLA status
- Daily Change schedule reminder to respective changeย assignee
- Shift Handover to Next Queue Manager
- Summary report on all Major incidents happen on that day
- For high number of repeated incidents, you need to relate the incidents with Parent incident and cancel the duplicate incident by marking the parent ticket info.
- Need to discuss with TL/Shift lead for taking action against bouncing tickets
The below are the knowledge or skills which a Queue Manager should possess in order to deliver their job.
- SLA Metric
- Process knowledgeย (IM/CM/PM/SR)
- Support Scope
- Inter team SPOC contact
- Escalation Matrix & Entire team contacts
- Incident Categorization
- Entire team Skill set Matrix
- Current Shift Roster & Oncall Resource
- Technology specific SME for Tech assistance
- Inter Supplier Support Scope & Queue Name
- Inter Supplier Support SPOC & Contact Details
- Application Owners Contact & Queue Name
- Generating the reports fromย Ticketing Tool
How to install a memory on a Cisco UCS B200 M3
To install a DIMM into the blade server, follow these steps:
Procedure
Step 1: Open both DIMM connector latches.
Step 2:ย Press the DIMM into its slot evenly on both ends until it clicks into place.
DIMMs are keyed, if a gentle force is not sufficient, make sure the notch on the DIMM is correctly aligned.
Note:ย Be sure that the notch in the DIMM aligns with the slot. If the notch is misaligned you may damage the DIMM, the slot, or both.
Step 3:ย Press the DIMM connector latches inward slightly to seat them fully.
Supported DIMMs
The DIMMs supported in this blade server are constantly being updated. A list of currently supported and available drives is in the specification sheets at:
Cisco does not support third-party memory DIMMs, and in some cases their use may irreparably damage the server and require an RMA and down time.
Memory Arrangement
The blade server contains 24 DIMM slotsโ12 for each CPU. Each set of 12 DIMM slots is arranged into four channels, where each channel has three DIMMs.
| 1 | Channels A-D for CPU 1 | 2 | Channels E-H for CPU 2 |
DIMMs and Channels
Each channel is identified by a letterโA, B, C, D for CPU1, and E, F, G, H for CPU 2. Each DIMM slot is numbered 0, 1, or 2. Note that each DIMM slot 0 is blue, each slot 1 is black, and each slot 2 is off-white or beige.
The figure below shows how DIMMs and channels are physically laid out on the blade server. The DIMM slots in the upper and lower right are associated with the second CPU (CPU shown on right in the diagram), while the DIMM slots in the upper and lower left are associated with the first CPU (CPU shown on left).
Courtesy: Cisco
Microsoft is Adding a Native SSH Client and Server to Windows
As Microsoft has shifted towards a more customer-oriented culture, Microsoft engineers are using social networks, tech communities and direct customer feedback as an integral part on how we make decisions about future investments. A popular request the PowerShell team has received is to use Secure Shell protocol and Shell session (aka SSH) to interoperate between Windows and Linux โ both Linux connecting to and managing Windows via SSH and, vice versa, Windows connecting to and managing Linux via SSH. Thus, the combination of PowerShell and SSH will deliver a robust and secure solution to automate and to remotely manage Linux and Windows systems.
SSH solutions are available today by a number ofย vendors and communities, especially in the Linux world. However, there are limited implementations customers can deploy in Windows production environments. ย After reviewing these alternatives, the PowerShell team realized the best option will be for our team to adopt an industry proven solution while providing tight integration with Windows; a solution that Microsoft will deliver in Windows while working closely with subject matter experts across the planet to build it. Based on these goals, Iโm pleased to announce that the PowerShell team will support and contribute to the OpenSSH community – Very excited to work with the OpenSSH community to deliver the PowerShell and Windows SSH solution!
A follow up question the reader might have is When and How will the SSH support be available? The team is in the early planning phase, and thereโre not exact days yet. However the PowerShell team will provide details in the near future on availability dates.
Finally, I’d like to share some background on todayโs announcement, because this is the 3rd time the PowerShell team has attempted to support SSH.ย The first attempts were during PowerShell V1 and V2 and were rejected.ย Given our changes in leadership and culture, we decided to give it another try and this time, because we are able to show the clear and compelling customer value, the company is very supportive.ย So I want to take a minute and thank all of you in the community who have been clearly and articulately making the case for why and how we should support SSH!ย Your voices matter and we do listen.
Thank you!
Angel Calvo
Group Software Engineering Manager
PowerShell Team
Additional Information
For more information on SSH please go to http://www.ietf.org/rfc/rfc4251.txt
For information on OpenSSH go to: http://www.openssh.com/index.html
ESXi 6.0 and vCenter Server 6.0 launched
ESXi 6.0 and vCenter Server 6.0 has been launched on 12th May 2015.
Whatโs New in the VMware vSphereยฎ 6.0 Platform – Please checkย http://www.vmware.com/files/pdf/vsphere/VMW-WP-vSPHR-Whats-New-6-0-PLTFRM.pdf
Want to upgrade to ESXi 6.0, check the Vmware compatibility guide. http://www.vmware.com/resources/compatibility/search.php
What is Vblock?
Vblocks are bundled virtual machine, server and storage packages marketed by the Virtual Computing Environment (VCE) Coalition, which comprises VMware, Cisco and EMC. Vblock bundles come as Vblock 0 (300 to 800 VMs), Vblock 1 (800 to 3,000 VMs) and Vblock 2 (3,000 to 6,000-plus VMs) and are made up of Cisco UCS servers, Cisco Nexus and MDS fabric switches; and EMC Clariion or Symmetrix storage arrays.
VCE’s Vblocks come in three configurations — Vblock 0 (for 300 to 800 VMs with EMC Celerra storage), Vblock 1 (for 800 to 3,000 VMs with Celerra or Clariion storage) and Vblock 2 (for 3,000 to 6,000-plus VMs with Symmetrix storage).
Vblocks 0, 1 and 2 each have completely different EMC storage subsystems thatย can’t talk to each other, are not interchangeable and you can’t scale through them.
For more details related to Vblock architecture, please seeย http://www.vce.com/asset/documents/infrastructure-platforms.pdfย
How to fix if you are unable to upgrade existing VMware Tools in a Windows 2003 virtual machine
As per VMware, the cause of this issue is currently unknown and is under investigation.ย In order to help identify the cause, report this issue to VMware Support and provide answers to the following questions:
- What version of the tools are you upgrading from?
- What version of the tools are you upgrading to?
- What method is being used to upgrade the tools?
In order to determine the previous versions of the VMware Tools thatย were installed on your system, open the Microsoft Windows event viewer and search for Event Source of MsiInstaller and Event ID of 1034 for more information on viewing events, see the Filter Displayed Events Tech Net article from Microsoft.
Now, toย fix this issue involvesย modifies the Windows registry. Before making any registry modifications, ensure that you have a current and valid backup of the registry and the virtual machine.
- Start the virtual machine and log on as the Administrator.
- Take a full backup of the registry prior to editing it. Do not skip this step.
- Open the Windows Registry editor. Click Start > Run, type
regedit, and press Enter. - Delete these registry keys if they exist:
HKEY_CLASSES_ROOT\Installer\Features05014B32081E884E91FB41199E24004HKEY_CLASSES_ROOT\Installer\Products05014B32081E884E91FB41199E24004HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features05014B32081E884E91FB41199E24004HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products05014B32081E884E91FB41199E24004HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\ComponentsB150AC107B12D11A9DD0006794C4E25HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3B410500-1802-488E-9EF1-4B11992E0440}HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.
- Some services might need to be removed manually from the registry. Delete these as well if they exist:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VMToolsHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VMUpgradeHelperHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VMware Physical Disk Helper ServiceHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmvss
- Search the registry for vmware and delete all associated entries.Note: On virtual machines with any other VMware products installed (for example, vCenter Server), you might not want to delete all entries. If you do have another VMware product installed, then you can skip this step if you have already removed the entries in the previous procedures.
- Close the registry editor.
- Open Windows Explorer.
- Delete the %ProgramFiles%\VMware\VMware Tools folder.
- Restart the virtual machine.
- Install the new version of VMware Tools.
The request failed because the remote server took too long to respond. (The command has timed out as the remote server is taking too long to respond)
You will notice this errorย ย “The request failed because the remote server “Vcenter name / ip” took too long to respond. (The command has timed out as the remote server is taking too long to respond),ย ” while checking the storage view of a VM or DataCenter.
To solve this,ย Just type your credentials manuallyย in the vsphere client and login asย the “Use Windows Session Credentials” doesn’t work always with SSO.
Thereby be sure to follow http://kb.vmware.com/kb/2035510 when adding external domains. After that, add the trusted domains to the default domains and reorder the domains to suit your needs and save it.
How to monitor the Disk Command Aborts on an ESXi host
When storage is severely overloaded, commands are aborted because the storage subsystem is taking too long to respond to the commands. The storage subsystem has not responded within an acceptable amount of time, as defined by the guest operating system. Aborted commands are a sign that the storage hardware is overloaded and unable to handle the requests in line with the host’s expectations.
The number of aborted commands can be monitored by using either vsphere client or esxtop.
- ย from vsphere client, monitor disk commands aborts
this one can be generated from host and clusters->Performance-> Advanced -> Switch to disk -> chart options-> commands aborted-> ok.
- from esxtop, monitor ABRTS/s
Open putty, login to the ESXi host, run esxtop, for the disk type u, type f to change the settings and type L to select Error stats. Press W to save it.
Once this is we can see the ABRTS/s field there which tracks the SCSI aborts, Aborts generally occur because the array takes long time to respond to commands.
Now if you are planning to deploy a monitoring tool to monitor this parameter, the threshold for ABRTS/s should be 1. This signifies number of SCSI commands aborted during the collection interval i.e. in 1 second.
DISKย ย ย ย ย ย ABRTS/sย ย ย ย ย ย ย ย ย ย ย ย ย ย 1ย ย ย ย ย ย ย ย ย ย ย ย ย Aborts issued by guest(VM) because storage is not responding. For Windows VMs this happens after 60 seconds by default.ย Can be caused for instance when paths failed or array is not accepting any IO for whatever reason.
However having said that the in ideal case the output of ABRTS/s should be 0, which may sometime not been observer during peak hours i.e. Backup may be running on the servers hosted on the ESXi host resulting in disk intensive workouts. This ABRTS/sย will fluctuate 0 to 0.xx in real case scenario as the storage is always overloaded during these peak hours.
How to install and configure Multipathing I/O on a computer running Windows Server 2008
To install Multipath I/O
- Open Server Manager.To open Server Manager, click Start, point to Administrative Tools, and then click Server Manager.
- In the Features area, click Add Features.
- On the Select Features page of the Add Features Wizard, select Multipath I/O, and then click Next.
- On the Confirm Installation Selections page, click Install.
- When installation has completed, click Close.
To install Multipath I/O on a computer by using the Server Manager command line, complete the following steps.
To install Multipath I/O by using a command line
- Open a Command Prompt window with elevated privileges.Right-click the Command Prompt object on the Start menu, and then click Run as administrator.
- Type the following, and press ENTER.ย ServerManagerCmd.exe -install Multipath-IO
- When installation has completed, you can verify that Multipath I/O has installed by entering the following command and reviewing the query results in the command window. Multipath I/O should show in the list of installed packages.ย ServerManagerCmd.exe -query
![IC347745[1]](https://lazyadminblog.com/wp-content/uploads/2015/05/ic3477451.gif)
Removing Multipath I/O
To remove Multipath I/O, complete the following steps.
To remove Multipath I/O
- Open Server Manager.To open Server Manager, click Start, point to Administrative Tools, and then click Server Manager.
- In the Features area, click Remove Features.
- On the Select Features page of the Add Features Wizard, select Multipath I/O, and then click Next.
- On the Confirm Installation Selections page, click Install.
- When installation has completed, click Close.
To remove Multipath I/O by using the Server Manager command line, complete the following steps.
To remove Multipath I/O by using a command line
- Open a Command Prompt window with elevated privileges.Right-click the Command Prompt object on the Start menu, and then click Run as administrator.
- Type the following, and press ENTER.ย ServerManagerCmd.exe -remove Multipath-IO
- When removal has completed, you can verify that Multipath I/O was removed by entering the following command and reviewing the query results in the command window. Multipath I/O should not be in the list of installed packages.ย ServerManagerCmd.exe -query
- Select the Add support for iSCSI devices check box, and then click Add. When prompted to restart the computer, click Yes.
- When the computer restarts, the MPIO Devices tab lists the additional hardware ID โMSFT2005iSCSIBusType_0x9.โ When this hardware ID is listed, all iSCSI bus attached devices will be claimed by the Microsoft DSM.
How to fix UCSM login problems with the Java 7 Update 45
This thread was brought to my attention – https://supportforums.cisco.com/thread/2246189
After updating Java to Update 45 – you can no longer login to UCSM (UCS Manager)
You may see one of two errors:
Login Error: java.io.IOException: Invalid Http response
Login Error: java.io.IOException: Server returned HTTP response code: 400 for URL: http://x.x.x.x:443/nuova
Cisco Bug ID: CSCuj84421
This is due to a change introduced in Java
The solution posted is to rollback to Update 25. Rolling back to Update 40 also works.
Help and support service not running in Windows 2003
To fix this:
- Open a Command Prompt
- Run the following commands
- %SystemDrive%
- CD %windir%\PCHealth\HelpCtr\Binaries
- start /w helpsvc /svchost netsvcs /regserver /install
The service should install and start automatically.
How to Clean up the WinSxS Directory on Windows Server 2008 R2
Prior to this we need to install Disk Cleanup on Windows 2008. Disk Cleanup is not installed by default on Windows Server 2008 R2. It is instead a component installed with the Desktop Experience feature.
To install Disk Cleanup without reboot the server – How to install Disk Cleanup without reboot the server in Window 2008
Now download the appropriate package and install the on the system.
| Operating system | Update |
|---|---|
| All supported x86-based versions of Windows 7 | |
| All supported x64-based versions of Windows 7 |
ย ย
 Download |
| All supported x64-based versions of Windows Server 2008 R2 |
ย ย
Download |
Looking at my Windows 2008 R2 Server with SP1 installed, according to Windows Explorer, the size of my Windows/WinSxS directory is as follows:
![pic1[1]](https://lazyadminblog.com/wp-content/uploads/2015/05/pic11.png)
The size of the WinSxS directory will vary by server. Some of you will have smaller WinSxS directories, some larger.
Installing the update is just like installing any other update. Just download and double-click on the .msu file:
![pic2[1]](https://lazyadminblog.com/wp-content/uploads/2015/05/pic21.png)
Now we need to run the disk cleanup wizard. Disk Cleanup option can be found under Startย –> All Programsย –> Accessoriesย –> System Tools: or go to run and type ‘cleanmgr’ to launch it.
![pic8[1]](https://lazyadminblog.com/wp-content/uploads/2015/05/pic81.png)
On launch, Disk Cleanup prompts for the drive you want to clean up, default drive will be C: drive
![pic9[1]](https://lazyadminblog.com/wp-content/uploads/2015/05/pic91.png)
After clicking Ok, a scan is performed:
![pic10[1]](https://lazyadminblog.com/wp-content/uploads/2015/05/pic101.png)
Several options are provided for cleanup, including a new option for Windows Update Cleanup:
![pic11[1]](https://lazyadminblog.com/wp-content/uploads/2015/05/pic111.png)
If you didnโt launch Disk Cleanup as Administrator, at this point, youโll need to take a couple extra steps. Youโll need to click on the Clean up system files button.
![3348.diskcleanup3[1]](https://lazyadminblog.com/wp-content/uploads/2015/05/3348-diskcleanup31.png)
The actual cleanup occurs during the next reboot. After the reboot, taking a look at the WinSxS directory, it has shrunk to the following:
![pic12[1]](https://lazyadminblog.com/wp-content/uploads/2015/05/pic121.png)
How to change default snapshot location in VMware ESXi 5
Defaulty the snapshots which are taken for any virtual machine are stored with their parent in the same directory or storage. Sometimes you may run out of space and you might not be able to take anymore snapshots so in that case you can always use some other location for the storage of snapshots.
These are the required steps to be taken toย change the default locations of all the snapshots .
NOTE: Please ensure that the vm you are working on is powered OFF.
Right Click the vm and selectย Edit Settings
Click onย Optionsย from the top TAB, selectย Generalย and open theย Configuration parameters
Add a new row with the following details
snapshot.redoNotWithParent
Save this parameter with a value “true” as shown below
Now open the CLI of the host where the vm is located
Go to the vm’s parent directory where all the vm files are stored and open the main .vmx file
As in my case
# cd /vmfs/volumes/53652b45-90f342h4-v3r3-s5dw676h5674/Windows2003
# vi Windows2003.vmx
Now add this line anywhere in the .vmx file with the path location where you want your snapshots to be stored
workingDir = “/vmfs/volumes/54332bf4-gd3bf353-g45b-g2ft353b5545/snapshots”
Save the file and exit
Now you need to reload this vm to make the changes take affect.
# vim-cmd vmsvc/getallvms | grepย Windows2003
13ย Windows2003 [iSCSI-Datastore15] Windows2003/Windows2003 win2003ย vmx-07
Here 13ย is the vm id which you can find out using the above command
# vim-cmd vmsvc/reloadย 13
Now when you take snapshots the snapshot files and vm swap files will be created in a different location.
How to redirect vm’s swap file
In case you do not want vm swap file to be redirected to another location and you want it to the same parent directory.
Add an extra parameter in the Configuration Parameter option shown above
sched.swap.dir=”<path_to_vm_directory>”
For example
/vmfs/volumes/54332bf4-gd3bf353-g45b-g2ft353b5545/vmswap
Save the settings and exit. Now each time you take snapshot the snapshot files and vm swap files will be saved at specified different location.
AD account lockout issues
Let me give some more idea which will help you to troubleshoot similar steps in future. Here are the most probable reasons which can cause account lockout issues. Exchange ActiveSync mobile devices – 90% of account lockout issues are caused by an โunknownโ device trying to sync with your Exchange mailbox.
- Apple MobileMe โ contacts sync – Check and ensure the user hasnโt configured MobileMe to sync his contacts from Outlook. If this is configured with AD credentials, it can be a reason for account lockout
- Applications / Web applications/ Tools which sync with Active Directory for authentication – There might be third party applications which are running which may have AD username and password stored within and lot of times the moment the user open applications like Internet explorer / browser, the application or the tools, it will try to authenticate in the background and lock the password.
- Vault for credentials in Windows Control Panel or Credential manager – This is the second most obvious reason the user might get locked out. In my case, the user had an intranet SharePoint web portal and the AD credentials where cached in Credential manager.ย Make sure Windows Credentials area is empty
Stored usernames and passwords โ rundll32.exe keymgr.dll, KRShowKeyMgr – This shouldnโt be a problem in most cases. Open a run windows and type rundll32.exe keymgr.dll, KRShowKeyMgr and delete stored passwords if any.
- Rename AD Profile on the user machine – This is more like trying to fix the issue without knowing whatโs causing it. This is under the assumption that account lockout happens when the user is logged into his client machine. If the account lockout is caused from an application or โsomethingโ from that machine, rename the AD profile on the client from โDocuments and Settings in XP and Users in Win7โณ, advise the user to login again and monitor the situation.
![lockoutstatus[1]](https://lazyadminblog.com/wp-content/uploads/2015/04/lockoutstatus1.jpg)
Other advanced level tools are LockOutStatus and ADLockouts.
Syslog Server storage logs size calculation
Syslog Server storage calculation:
I want to modify the settings so that my logs size is upped from 2mb to 10mb and we rotate after 40 logs not 20.Here we need to do some planning to see if we have enough free space.
Count hosts:ย 100
Current size log max: 2
Current rotation count: 20
Total possible MB used: 100x2x20 = 4,000MBย ย (4gb)
Count hosts: 100
Desired size log max: 10
Desired ย rotation count: 40
Total possible MB used: 100x10x40=40,000MB (40GB)
So the drive where your logs are stored would need 40gbfree in the above example to be able to service future demands.
How to modify the VMware Syslog Collector configuration after it is installed:
- Make a backup of the file:vCenter Server 5.5 andย lower:ย %PROGRAMDATA%\VMware\VMware Syslog Collector\vmconfig-syslog.xml
vCenter Server 6.0: %PROGRAMDATA%\VMware\vCenterServer\cfg\vmsyslogcollector\config.xml - Open the copied file using a text editor.
- Under <defaultValues>, change any of the options to the required values.For example, to increase the log file size to 10 MB and to decrease the number of files retained to 20, modify the attributes:<defaultValues>
<maxSize>10</maxSize>
<rotate>20</rotate>
<sslPort>1514</sslPort>
</defaultValues>Note: This configuration in vCenter Server overrides the ESXi host configuration file.
- Save and close the file.
- Stop the VMware Syslog Collector service.
- Remove the file:
vCenter Server 5.5 and lower:ย %PROGRAMDATA%\VMware\VMware Syslog Collector\vmconfig-syslog.xml
vCenter Server 6.0:ย %PROGRAMDATA%\VMware\vCenterServer\cfg\vmsyslogcollector\config.xml
- Rename the copy of the modified file to:vCenter Server 5.5 andย lower:ย %PROGRAMDATA%\VMware\VMware Syslog Collector\vmconfig-syslog.xml
vCenter Server 6.0:ย %PROGRAMDATA%\VMware\vCenterServer\cfg\vmsyslogcollector\config.xml - Start the VMware Syslog Collector service. It may be required to restart the syslog service on the ESXi host if logs are no longer updating on the Syslog Server. To restart the syslog service, see VMware ESXi 5.x host stops sending syslogs to remote server (2003127).
The maximum supported number of hosts for use with each vSphere Syslog Collector instance is 30, however depending on the load generated by your environment, you may encounter issues below this number.
To work around this issue, you can deploy multiple instances of vSphere Syslog Collector on separate Windows machine which allows you to distribute the load.
Multipathing policies in ESXi 5.x and ESXi/ESX 4.x
These are referred to as Path Selection Plug-ins (PSP), and are also called Path Selection Policies.
These pathing policies can be used with VMware ESXi 5.x and ESXi/ESX 4.x:
- Most Recently Used (MRU): Selects the first working path, discovered at system boot time. If this path becomes unavailable, the ESXi/ESX host switches to an alternative path and continues to use the new path while it is available. This is the default policy for Logical Unit Numbers (LUNs) presented from an Active/Passive array. ESXi/ESX does not return to the previous path if, or when, it returns; it remains on the working path until it, for any reason, fails.
Note: The
preferredflag, while sometimes visible, is not applicable to the MRU pathing policy and can be disregarded. - Fixed (Fixed): Uses the designated
preferredpath flag, if it has been configured. Otherwise, it uses the first working path discovered at system boot time. If the ESXi/ESX host cannot use thepreferredpath or it becomes unavailable, the ESXi/ESX host selects an alternative available path. The host automatically returns to the previously definedpreferredpath as soon as it becomes available again. This is the default policy for LUNs presented from an Active/Active storage array. - Round Robin (RR): Uses an automatic path selection rotating through all available paths, enabling the distribution of load across the configured paths.
- For Active/Passive storage arrays, only the paths to the active controller will be used in the Round Robin policy.
- For Active/Active storage arrays, all paths will be used in the Round Robin policy.
Note: For logical Units associated with Microsoft Cluster Service (MSCS) and Microsoft Failover Clustering virtual machines, the Round Robin pathing policy is supported only on ESXi 5.5 and later.
- Fixed path with Array Preference: The
VMW_PSP_FIXED_APpolicy was introduced in ESXi/ESX 4.1. It works for both Active/Active and Active/Passive storage arrays that support Asymmetric Logical Unit Access (ALUA). This policy queries the storage array for the preferred path based on the array’s preference. If no preferred path is specified by the user, the storage array selects the preferred path based on specific criteria.Note: The
VMW_PSP_FIXED_APpolicy has been removed from ESXi 5.0. For ALUA arrays in ESXi 5.0, theMRUPath Selection Policy (PSP) is normally selected but some storage arrays need to useFixed. To check which PSP is recommended for your storage array, see the Storage/SAN section in the VMware Compatibility Guide or contact your storage vendor.
Notes:
- These pathing policies apply to VMware’s Native Multipathing (NMP) Path Selection Plug-ins (PSP). Third-party PSPs have their own restrictions.
- Round Robin is not supported on all storage arrays. Please check with your array documentation or storage vendor to verify that Round Robin is supported and/or recommended for your array and configuration. Switching to a unsupported or undesirable pathing policy can result in connectivity issues to the LUNs (in a worst-case scenario, this can cause an outage).
Warning: VMware does not recommend changing the LUN policy from Fixed to MRU, as the automatic selection of the pathing policy is based on the array that has been detected by the NMP PSP.
Dell ExtPart Partion Utility Tool
The ExtPart utility provides support for online volume expansion of NTFS formatted basic disks.
This is a self extracting file that will install the extpart.exe utility. No reboot is necessary.
RVTools 3.7
RVTools
RVTools is a windows .NET 2.0 application which uses the VI SDK to display information about your virtual machines and ESX hosts. Interacting with VirtualCenter 2.5, ESX Server 3.5, ESX Server 3i, VirtualCenter 4.x, ESX Server 4.x, VirtualCenter 5.0, VirtualCenter Appliance, ESX Server 5.0, VirtualCenter 5.1, ESX Server 5.1, VirtualCenter 5.5, ESX Server 5.5. RVTools is able to list information about VMs, CPU, Memory, Disks, Partitions, Network, Floppy drives, CD drives, Snapshots, VMware tools, Resource pools, Clusters, ESX hosts, HBAs, Nics, Switches, Ports, Distributed Switches, Distributed Ports, Service consoles, VM Kernels, Datastores, Multipath info and health checks. With RVTools you can disconnect the cd-rom or floppy drives from the virtual machines and RVTools is able to update the VMware Tools installed inside each virtual machine to the latest version.
Version 3.7 (March, 2015)
VI SDK reference changed from 5.0 to 5.5
Extended the timeout value from 10 to 20 minutes for really big environments
New field VM Folder on vCPU, vMemory, vDisk, vPartition, vNetwork, vFloppy, vCD, vSnapshot and vTools tabpages
On vDisk tabpage new Storage IO Allocation Information
On vHost tabpage new fields: service tag (serial #) and OEM specific string
On vNic tabpage new field: Name of (distributed) virtual switch
On vMultipath tabpage added multipath info for path 5, 6, 7 and 8
On vHealth tabpage new health check: Multipath operational state
On vHealth tabpage new health check: Virtual machine consolidation needed check
On vInfo tabpage new fields: boot options, firmware and Scheduled Hardware Upgrade Info
On statusbar last refresh date time stamp
On vhealth tabpage: Search datastore errors are now visible as health messages
You can now export the csv files separately from the command line interface (just like the xls export)
You can now set a auto refresh data interval in the preferences dialog box
All datetime columns are now formatted as yyyy/mm/dd hh:mm:ss
The export dir / filenames now have a formated datetime stamp yyyy-mm-dd_hh:mm:ss
Bug fix: on dvPort tabpage not all networks are displayed
Overall improved debug information
Download link:ย http://robware.net/index.php/register
Documentation:ย http://robware.net/download/RVTools.pdf
Installing Disk Cleanup In Windows 2008 Without Rebooting The Server
The Disk Cleanup executable file cleanmgr.exe and the associated Disk Cleanup button are not present in Windows Serverยฎ 2008 or in Windows Serverยฎ 2008 R2 by default.ย This is by design, as the Disk Cleanup button is part of the Desktop Experience feature. In order to have Disk Cleanup button appear on a diskโs Properties dialog, you will need to install the Desktop Experience feature.
So in order to use cleanmgr.exe youโll need to copy two files that are already present on the server, cleanmgr.exe and cleanmgr.exe.mui. Use the following table to locate the files for your operating system.
Windows Server 2008 R2 64 bit
C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_6.1.7600.16385_none_c9392808773cd7da\cleanmgr.exe
Windows Server 2008 R2ย 64-bit
C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b9cb6194b257cc63\cleanmgr.exe.mui
Windows Server 2008 64-bit
C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr.resources_31bf3856ad364e35_6.0.6001.18000_en-us_b9f50b71510436f2\cleanmgr.exe.mui
Windows Server 2008 64-bit
C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_6.0.6001.18000_none_c962d1e515e94269\cleanmgr.exe.mui
Windows Server 2008 32-bit
C:\Windows\winsxs\x86_microsoft-windows-cleanmgr.resources_31bf3856ad364e35_6.0.6001.18000_en-us_5dd66fed98a6c5bc\cleanmgr.exe.mui
Windows Server 2008 32-bit
C:\Windows\winsxs\x86_microsoft-windows-cleanmgr_31bf3856ad364e35_6.0.6001.18000_none_6d4436615d8bd133\cleanmgr.exe
Once youโve located the files move them to the following locations:
1. Cleanmgr.exe should go in %systemroot%\System32
2. Cleanmgr.exe.mui should go in %systemroot%\System32\en-US
You can now launch the Disk cleanup tool by running Cleanmgr.exe from the command promptย or by clicking Start and typing Cleanmgr into the Search bar.
Restart the domain controller in Directory Services Restore Mode locally
If you have physical access to a domain controller, you can restart the domain controller in Directory Services Restore Mode locally. Restarting in Directory Services Restore Mode takes the domain controller offline. In this mode, the server is not functioning as a domain controller.
When you start Windowsย Serverย 2003 in Directory Services Restore Mode, the local Administrator account is authenticated by the local Security Accounts Manager (SAM) database. Therefore, logging on requires that you use the local administrator password, not an Activeย Directory domain password. This password is set during Activeย Directory installation when you provide the password for Directory Services Restore Mode.
Administrative credentials
To perform this procedure, you must provide the Administrator password for Directory Services Restore Mode.
To restart the domain controller in Directory Services Restore Mode locally
- Restart the domain controller.
- When the screen for selecting an operating system appears, press F8.
- On the Windows Advanced Options menu, select Directory Services Restore Mode.
- When you are prompted, log on as the local administrator.
Change the static IP address of a domain controller
Administrative Credentials
To perform this procedure, you must be a member of the Domain Admins group in the domain of the domain controller whose IP address you are changing.
To change the static IP address of a domain controller
- Log on locally (also known as interactively) to the system console of the domain controller whose IP address you want to change. If you are not able to log on to the domain controller by using the domain, you may have to start the domain controller in Directory Services Restore Mode (DSRM). For more information, see Restart the domain controller in Directory Services Restore Mode locally (https://lazyadminblog.wordpress.com/2015/04/11/restart-the-domain-controller-in-directory-services-restore-mode-locally/).
On the desktop, right-clickย My Network Places, and then clickย Properties.
- In theNetwork Connectionsย dialog box, right-clickย Local Area Connection, and then clickย Properties.
- In theLocal Area Connection Propertiesย dialog box, double-clickย Internet Protocol (TCP/IP).
- In theInternet Protocol (TCP/IP) Propertiesย dialog box, in theย IP addressย box, type the new address.
- In theSubnet maskย box, type the subnet mask.
- In theDefault gatewayย box, type the default gateway.
- In thePreferred DNS serverย box, type the address of the DNS server that this computer contacts.
- In theAlternate DNS serverย box, type the address of the DNS server that this computer contacts if the preferred server is unavailable.
- If this domain controller uses WINS servers, clickAdvancedย and then, in theย Advanced TCP/IP Settingsย dialog box, click theย WINS
- If an address in the list is no longer appropriate, click the address, and then clickEdit.
- In theTCP/IP WINS Serverย dialog box, type the new address, and then clickย OK.
- Repeat steps 11 and 12 for all addresses that need to be changed, and then clickOKย twice to close theย TCP/IP WINS Serverย dialog box and theย Advanced TCP/IP Settingsย dialog box.
- ClickOKย to close theย Internet Protocol (TCP/IP) Propertiesย dialog box.
After you change the IP address of a domain controller, you should run theย ipconfig /registerdnsย command to register the host record andย dcdiag /fixย command to ensure that service records are appropriately registered with DNS. For more information, see Dcdiag Overview and subordinate topics for additional information about the Dcdiag tool (https://lazyadminblog.wordpress.com/2015/04/11/dcdiag-overview/).
Changing the IP settings of a server does not affect the share resources or shared permissions on that server, if the name resolution structure DNS and WINS settings are correctly configured. However, if network drives or passive connections (connections that are made manually from a command prompt or run line) are mapped using the IP address, an update is required. For example, if a client computer has G: drive mapped using the following commandย net use g: \\192.168.0.199\dataย and the IP address of the server that hosts the Data shared folder is changed from 192.168.0.199 to 192.168.1.200, the new G: drive mapping command should be changed toย net use g: \\192.168.1.200\data. A better solution would be to ensure that DNS name resolution is working properly and to use the server name, as opposed to the IP address, in the command. For example, if the server name is DC1, the command to map a G: drive to the Data share on the server isย net use g: \\dc1\data. It changes only if the server name changes; it is not affected if the IP address of the server changes.
Using esxtop to identify storage performance issues for ESX / ESXi (multiple versions) (1008205)
The interactive esxtop utility can be used to provide I/O metrics over various devices attached to a VMware ESX host.
Configuring monitoring using esxtop
ย To monitor storage performance per HBA:
- Start esxtop by typing esxtop at the command line.
- Press d to switch to disk view (HBA mode).
- To view the entire Device name, press SHIFT + L and enter 36 in Change the name field size.
- Press f to modify the fields that are displayed.
- Press b, c, d, e, h, and j to toggle the fields and press Enter.
- Pressย s and thenย 2ย to alter the update time to every 2 seconds and press Enter.
- See Analyzing esxtop columns for a description of relevant columns. For more information, see Interpreting esxtop Statistics.
Note: These options are available only in VMware ESX 3.5 and later.
To monitor storage performance on a per-LUN basis:
- Start esxtop by typing esxtop from the command line.
- Press u to switch to disk view (LUN mode).
- Press f to modify the fields that are displayed.
- Pressย b, c, f, and h to toggle the fields and press Enter.
- Press s and then 2 to alter the update time to every 2 seconds and press Enter.
- See Analyzing esxtop columns for a description of relevant columns. For more information, see Interpreting esxtop Statistics.
To increase the width of the device field in esxtop to show the complete naa id:
- Start esxtop by typing esxtop at the command line.
- Press u to switch to the disk device display.
- Press Lย to change the name field size.Note: Ensure to use uppercase L.
- Enter the value 36 to display the complete naa identifier.
To monitor storage performance on a per-virtual machine basis:
- Start esxtop by typing esxtop at the command line.
- Type v to switch to disk view (virtual machine mode).
- Press f to modify the fields that are displayed.
- Pressย b, d, e, h, and j to toggle the fields and press Enter.
- Press s and then 2 to alter the update time to every 2 seconds and press Enter.
- See Analyzing esxtop columns for a description of relevant columns. For more information, see Interpreting esxtop Statistics.
Analyzing esxtop columns
Refer to this table for relevant columns and descriptions of these values:
| Column | ย Description |
| CMDS/s | This is the total amount of commands per second and includes IOPS (Input/Output Operations Per Second) and other SCSI commands such as SCSI reservations, locks, vendor string requests, unit attention commands etc.ย being sent to or coming from the device or virtual machine being monitored.In most cases, CMDS/s = IOPS unless there are a lot of metadata operations (such as SCSI reservations) |
| DAVG/cmd | This is the average response time in milliseconds per command being sent to the device. |
| KAVG/cmd | This is the amount of time the command spends in the VMkernel. |
| GAVG/cmd | This is the response time as it is perceived by the guest operating system. This number is calculated with the formula: DAVG + KAVG = GAVG |
These columns are for both reads and writes, whereas xAVG/rd is for reads and xAVG/wr is for writes. The combined value of these columns is the best way to monitor performance, but high read or write response time it may indicate that the read or write cache is disabled on the array. All arrays perform differently, however,ย DAVG/cmd, KAVG/cmd, and GAVG/cmd should not exceed more than 10 milliseconds (ms) for sustained periods of time.
Note: VMware ESX 3.0.x does not include direct functionality to monitor individual LUNs or virtual machines using esxtop. Inactive LUNs lower the average for DAVG/cmd, KAVG/cmd, and GAVG/cmd. These values are also visible from the vCenter Server performance charts. For more information, see theย Performance Charts section in the Basic System Administration Guide.
If you experience high latency times, investigate current performance metrics and running configuration for the switches and the SAN targets. Check for errors or logging that may suggest a delay in operations being sent to, received, and acknowledged. This includes the array’s ability to process I/O from a spindle count aspect, or the array’s ability to handle the load presented to it.
If the response time increases to over 5000 ms (or 5 seconds), VMware ESX will time out the command and abort the operation. These events are logged; abort messages and other SCSI errors can be reviewed in these logs:
- ESX 3.5 and 4.x โ /var/log/vmkernel
- ESXi 3.5 and 4.x โ /var/log/messagesย
- ESXi 5.x and later – /var/log/vmkernel.log
The type of storage logging you may see in these files depends on the configuration of the server. You can find the value of these optionsย by navigating toย Host > Configuration > Advanced Settings > SCSI > SCSI.Log* or SCSI.Print*.
Connecting to a virtual machine console fails with the error: The VMRC Console has Disconnected. Trying to reconnect (2050470)
Error: The VMRC Console has Disconnected.. Trying to reconnect
If this happens, then the VM will not be reachble on the network and you cannot see black screen on the VM console.
To fix this, killย the vmware-vmrc.exe*32 service from Windows Task Manager and thenย open the console again.
vSphere IDs: The Ultimate Quick Reference Guide
Ever feel like youโre drowning in a sea of GUIDs and MoRefs? When youโre scripting or troubleshooting, using the wrong ID is the fastest way to break a backup job or target the wrong server.
Here is the “Lazy Admin” breakdown of the most common vSphere identifiers and how to grab them with PowerCLI.
1. vCenter Instance UUID (serverGuid)
This is the “SSN” of your vCenter server. Itโs generated at install time and stays durable for that instance.
- Why it matters: In Linked Mode or cross-vCenter environments, this identifies which vCenter owns an object.
- PowerCLI:PowerShell
$vcenter = Connect-viserver vcsa-01a.corp.local $vcenter.InstanceUuid
2. ESXi Host UUID
Unlike other IDs, this isn’t generated by VMware. Itโs pulled from the hardware’s SMBIOS.
- Why it matters: Itโs unique to the physical motherboard/vendor.
- PowerCLI:PowerShell
(Get-VMHost | Select -First 1).ExtensionData.hardware.systeminfo.uuid
3. VC-VM Instance UUID (The “Management” ID)
Found in the .vmx file as vc.uuid. This is what vCenter uses to track VMs.
- The “Magic”: vCenter actively scans for duplicates of this ID and will “patch” (change) it automatically if it finds a conflict within its own inventory.
- PowerCLI:PowerShell
(Get-VM | Select -First 1).extensiondata.config.InstanceUUID
4. VM SMBIOS UUID (The “Guest” ID)
Found as uuid.bios in the .vmx. This is what the Guest OS (Windows/Linux) sees as the hardware serial number.
- The “Magic”: vCenter tries not to change this because many applications use it for licensing. If you move/copy a VM, vCenter will ask you what to do to prevent duplicates.
- PowerCLI:PowerShell
(Get-VM | Select -First 1).extensiondata.Config.UUID
5. VM Location ID
Stored as uuid.location. This is a hash of the VMโs configuration file path and the ESXi host UUID.
- The “I Moved It” Prompt: When this hash doesn’t match the current environment, vSphere triggers that famous “Did you move it or copy it?” popup.
- PowerCLI:PowerShell
(Get-VM | Select -First 1).extensiondata.config.LocationId
6. VM MoRef (Managed Object Reference)
The MoRef is the “Short ID” (like vm-43) used by the API and the vCenter database.
- Why it matters: This is the most important ID for database associations (stats, events, tasks). It is not unique across different vCenters.
- PowerCLI:PowerShell
(Get-VM | Select -First 1).ExtensionData.Moref.Value
Quick ID Reference Table
| ID Name | Scope | Persistence | Best Use Case |
| MoRef | Single vCenter | Changes if re-inventoried | API calls & DB tracking |
| Instance UUID | Single vCenter | High (Patched by VC) | Unique VM tracking |
| SMBIOS UUID | Global/Guest OS | Very High | Guest Software Licensing |
| Host UUID | Physical Hardware | Permanent | Hardware Asset Tracking |
Hyper-V Performance Hack: The Essential Antivirus Exclusions List
Running antivirus on your Hyper-V host is a security must, but if you don’t configure it correctly, you’re asking for trouble. We’re talking “disappearing” VMs, corrupted virtual disks, and performance so sluggish you’ll think you’re back on physical hardware from 2005.
The culprit is usually the Real-Time Scanning engine trying to “inspect” a 100GB .vhdx file every time the guest OS writes a single bit. Here is the definitive “Lazy Admin” guide to Hyper-V AV exclusions.
1. File Extension Exclusions
Tell your AV to keep its hands off these specific virtual machine file types:
- Virtual Disks:
.vhd,.vhdx - Snapshots/Checkpoints:
.avhd,.avhdx - Saved State:
.vsv,.bin,.vmgs - Configuration:
.xml,.vmcx,.vmrs - ISO Images:
.iso - Tracking:
.rct(Resilient Change Tracking)
2. Directory Exclusions
If you are using the default paths, exclude these. If you have a dedicated D:\VMs drive (which you should!), exclude that entire custom path as well.
- Default Configs:
C:\ProgramData\Microsoft\Windows\Hyper-V - Default VHDs:
C:\Users\Public\Documents\Hyper-V\Virtual Hard Disks - Default Snapshots:
C:\ProgramData\Microsoft\Windows\Hyper-V\Snapshots - Cluster Shared Volumes (CSV):
C:\ClusterStorage - Hyper-V Replica: Any custom replication data folders.
- SMB 3.0 Shares: If your VMs live on a remote file server, apply these same exclusions to that file server!
Lazy Admin Pro-Tip: If you’re using a Cluster, don’t just exclude the
C:\ClusterStoragefolder by path. Use the Volume ID (get it viamountvol) to ensure the exclusion sticks even if drive letters or paths shift.
3. Process Exclusions
Sometimes excluding the file isn’t enough; you need to exclude the “person” opening the file. Exclude these core Hyper-V executables:
- Vmms.exe: The Virtual Machine Management Service.
- Vmwp.exe: The Virtual Machine Worker Process (one runs for every active VM).
- Vmcompute.exe: (For Windows Server 2019+) The Host Compute Service.
Why this matters (The “Error 0x800704C8”)
If you don’t set these, you’ll eventually see the dreaded Error 0x800704C8 (The process cannot access the file because it is being used by another process). This happens when your AV locks the VM’s configuration file exactly when Hyper-V tries to start it.
What about Windows Defender?
Good news for the truly lazy: if you are using built-in Microsoft Defender on Windows Server, it automatically detects the Hyper-V role and applies most of these exclusions for you. However, it does not always catch your custom storage paths (like E:\MyVMs), so always double-check your work!
Lazy Admin Blog 