VMware ESX/ESXi 4.0 not working with Intel Dual/Quad PCIe NICS

VMware ESX/ESXi 4.0 Driver CD for Intel 82575 and 82576 Gigabit Ethernet Controller

Even after installing update 1 for ESX/ESXi 4.0, the OS still will not see these NIC's as being available to your system. Apparently after talking to VMWare support, there is an updated IGB driver available that you can download although it is a bit hidden on VMWare's website.

You will want to SCP this over to your server and then follow the instructions for an offline installation. The only problem is that you will have to take your ESX server into maintenance mode to do the update. Once it is done and you reboot, you can then see the NIC's and use them as part of your VM configuration.

Configure port forwarding on Juniper routers and ScreenOS

Juniper Networks - ScreenOS Cookbook Recipe 8.7 - Configure Destination PAT (Port Address Translation) - Knowledge Base

There is no easy way to say this but if you are used to dealing with Cisco devices over the years and are suddenly thrust in front of a Juniper device - you will think that Juniper is very weird. I am sure there are folks who absolutely love Juniper but for me I personally don't like dealing with them. In any event, if a client has a Juniper device and you need to configure it, you dive right in and make the best of it.

One of the things that I find odd is the way that port forwarding works on the device. Once you see it you will think it makes perfect sense but unfortunately the documentation on the subject is lacking.

For example, lets assume your firewall has an external interface on 1.1.1.1 and you have 4 usable IP addresses. You want to host an internal WWW server on 192.168.1.10 that is connected to the internal LAN. Here is the syntax to make this work:

set arp NAT-DST
set address untrust server-www-public 1.1.1.1/32
set policy from untrust to untrust any server-www-public http nat dst ip 192.168.1.10 port 80 permit

The weird part for me was the untrust to untrust which didn't make a whole lot of sense. In any event, that will work.

Now, what if you wanted to host something via NAT that came through the external IP of the firewall interface?

In this case, we need to change the admin port of the firewall to something different if we want to host WWW traffic and then do the NAT'ing:

set admin port 8080
set service "HTTP-8080" protocol tcp src-port 1024-65535 dst-port 8080-8080
set interface ethernet0/0 vip untrust-ip 80 "HTTP-8080" 192.168.1.10
set policy id 1 from untrust to trust any vip(ethernet0/0) HTTP permit

A bit odd but gets the job done. Good luck.

Configuring Volume Shadow Copy on Windows Server 2008 - Techotopia

Configuring Volume Shadow Copy on Windows Server 2008 - Techotopia

Just a quick heads up for anyone configuring shadow copies on Windows Server 2008 - you no longer can right click on the volume under My Computer to enable shadow copies. You have to go into disk management and enable on each volume there first. I am not sure why they made this change but if you start scratching your head and wondering where it went - this is how you will find it.

DisableMSI and Windows Server 2008 R2

DisableMSI (Windows)

When I install Server 2008 R2 I have came across a weird problem that will prevent me from running any MSI installation program even though I am an administrator on the box.

The system administrator has set policies to prevent this installation

Of course, I haven't set any policies to prevent this but I found the following registry key which will override this setting. Apparently by default the policy with R2 is to disable all installs of MSI's - fairly draconian but better than the default I guess:

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer

REG_DWORD

DisableMSI set to 0

Windows Server 2008 R2 - adprep

Adprep

Windows Server 2008 R2 has added some additional Active Directory objects that need to be imported into your domain and forests before it can become a domain controller. The tool that you will need to use to get your forest/domain ready for this new OS is called "adprep" and it can be found in your Windows Server 2008 R2 CD. Unlike previous versions of adprep, R2 includes a 32-bit (adprep32.exe) and a 64-bit (adprep.exe) copy for you to use. You have to run this tool on an existing domain controller so know your architecture before you start copying around the folder to your servers. You will need to do the following:

adprep /forestprep

adprep /domainprep

adprep /rodcprep

The first command will add the necessary objects into your forest, then add the necessary objects into your domain and finally it will prep your domain for the new concept that is read-only domain controllers. Once you have ran these commands and AD has replicated throughout your network, you can safely run dcpromo.exe from your Windows 2008 R2 server and make it a domain controller.

PS6500E installation and configuration

One of the nice things about setting up a Dell Equallogic SAN is how amazingly simple it is to configure. You would think that for an expensive piece of equipment that it would be harder to configure and get going, but fortunately that is not the case.

After unpacking all 48 hard drives and inserting them into the chassis which definitely took quite a bit of time, plugging in three power cables and inserting an ethernet cable - it took right off. I was pretty impressed with the fact that none of the drives that shipped with the unit was bad - you would usually expect at least one to be bad out of 48 but not in this case. I inserted the Dell Configuration assistant CD into one of my servers and was able to run the remote configuration assistant where I got to set up the networking information and set the initial passwords and group membership. Since this was my first SAN, I set it up in its own group and assigned it a static IP address. I created a single storage pool of RAID5 in order to begin my testing and then the unit was up and functional.

I was able to log in to the web interface to the unit and do some more configuration and take a look at all of the settings. One thing I noticed was that the firmware was out of date on the unit but you cannot download directly from the SAN - you must first set up an Equallogic support account and then download the firmware separately. This was a bit of a pain and hopefully something that can be a bit more automated in the future.

Right now I have two volumes configured with IP address access going to a VMWare ESX server and a Windows 2003 Server for testing purposes. The Microsoft iSCSI initiator installation is very straight forward and setting up my targets were very simple.

I enabled SNMP monitoring through Solarwinds Orion and so far everything looks good.

Modifying the All Users profile in Vista or Windows Server 2008

The Virtual World of Peter Fitzsimon : Modifying the All Users profile in Vista or Windows Server 2008

Another strange thing about Windows Server 2008 is the new location of the all users profile:

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

This is another oddity and I am not really sure why it was changed but in any event if you run BGInfo like I do, you will want to place your shortcut here for it to run on every user login.

Installing VMware vCenter on Windows Server 2008 R2

Installing VMware vCenter prerequisites on Windows Server 2008 R2 | Servers and Storage | TechRepublic.com

Windows Server 2008 R2 is now officially supported as a VMWare VCenter server since 4.0 update 1 has been released. However, you may run into some difficulty getting it installed as things are a bit different in the Windows 2008 world.

One of the most common mistakes is how to add a 32bit DSN to your system since Windows 2008 is 64-bit. If you launch the ODBC Administrator from the start menu, this gives you the 64bit drivers which is not supported with VCenter at this time. You need to launch the DSN configuration from the command line in order to get the 32bit drivers:

c:\windows\syswow64\odbcad32.exe

This will allow you to create a 32bit DSN assuming you have installed the 32bit SQL Server client drivers on your box.

Once this is set up, the rest is pretty easy and will work without trouble.

VMware Site Recovery Manager Service installation logs

VMware Site Recovery Manager Service Account « Jeremy Waldrop's Blog

Today I ran into a problem installing Site Recovery Manager 4.0 update 1 where it would attempt to start the service and fail. The error message told me to check the server logs but I could not find any documentation on where these would be. Luckily I ran across this blog entry which details the location of the installation logs:

C:\Documents and Settings\All Users\Application Data\VMware\VMware Site Recovery Manager\Logs

I have no idea why VMWare would choose to put these logs in this odd location but once you are there you can quickly determine why the service is not starting. My problem was with SQL Server authentication which I was quickly able to correct and get the service to start properly.

The SAN's have arrived

Today, 520 pounds of PS6500E storage arrived through the delivery company. My only complaint I have is that the drives arrived in a box and you have to load the array yourself. No big deal but you would think for $80k a piece that they could at least load the array. In any event, I am super-excited to get these built and rolling.

VMWare servers have arrived

Part of the joy I get from my career is the ability to play with new hardware. Yesterday I got to install VMWare ESX 4.0 on three brand new Dell R710 servers that were loaded with dual 2.93ghz quad core processors and 96gb of RAM with (12) gigabit NIC's in each box. This is all part of large in-house Disaster Recovery project where we will have two data centers that are separated by 2000 miles or so with a 100megabit point to point fiber connection. Two Dell PS6500E SAN's with 48tb raw capacity will be on each side and replicate the data to each other respectively. We will utilize VMWare VMotion to keep the hardware completely transparent and Site Recovery Manager to automatically bring up each data center to the respective hardware in the case of a complete failure. We are going to be able to reduce our physical server count down to 8 total servers for the entire enterprise which is pretty amazing and house our internal DR facilities. I am very excited about this project even though it is in the early stages but I must admit I am impressed so far with VCenter Server and Site Recovery Manager 4.0 - even the licensing aspect of everything has been a breeze to set up and configure. As I travel down this path I will be blogging more and more about this project as I find this topic extremely interesting. Stay tuned!

Adobe Reader automatic updater coming soon

Happy New Year to everyone! It is that time of the year to talk about some of the things that really bother me - a virtual cleansing if you will. One of the things that I truly hate to live with is Adobe Reader and Adobe Acrobat. Lately these tools have become a thorn in my side due to the countless number of security vulnerabilities that have been discovered and the need to "update" to newer versions each time a problem is found. I use the term "update" loosely because Adobe never really patches their software, they just release complete, brand new installs for a new version. Going from version 9.1 to 9.2 requires a complete 40 meg roll out of a new piece of software and not a simple patch. This causes problems with settings that were once installed as well as file associations with other PDF software such as full blown Acrobat. Who knew that pushing out new Adobe products would be such a pain??

Today comes word that Adobe has finally realized just how insane their approach to patch management has become and is working on a beta for a new Adobe updater package to be shipped with software later this year. I don't understand what has taken them this long but I for one cannot wait for this to get here.

http://www.macworld.com/article/145475/2010/01/reader_acrobat.html?lsrc=rss_main