Category Archives: Configuration

Configuring Vembu Backup on Hyper-V

I’m starting today series of posts focusing solely on backing up VMs hosted on Hyper-V.  In these posts, I will cover the unique configurations of Hyper-V and Vembu BDR. There are striking differences in the configuration steps which I considered worth covering in these posts. Continue reading Configuring Vembu Backup on Hyper-V

My Learnings on Sysprep, Answerfile and Mass Deployment -Post01

I started with a aim to find a information on how to mass deploy windows 2012R2 on AHV and end up learning whole lot of things. I want to know how can we clone VMs in AHV i.e. Acropolis Hypervisor. Well there are multiple ways of it. I want to talk about the one which is relevant to AHV. I will explore the other options via this series of posts.

Goal

Create OSE (operating system environment) based on windows 2012 R2 with following features

  1. Automatic partition of windows OS
  2. Automatic selection Windows 2012 R2 Standard Edition
  3. Automatic addition of Windows Server to domain
  4. Automatic creation of one local user id with admin priviliges
  5. Automatic enabling Remote desktop
  6. Automatic configuration of time zone
  7. Automatic disabling of Enchanced I.E. security features for Administrators
  8. Automatic disabling Welcome to Server Managed at logon
  9. Automatic configuration of powershell to executionmode=remotesigned
  10. Automatic installation of RSAT tools and Telnet client

List doesn’t end here

In order achieve it, you must know how to create an answer file. Answer file creation process is explained in all over places. But I didn’t found a simple post about it. First and foremost you need a Windows Assessment and Deployment Kit (Windows ADK) for Windows 8.1 Update. It is here. Download and install it. Installation file is just under 1.5 MB. Install it and it will further ask you following question.

2016-04-06_19-41-26

Select appropriate choice of yours. I choose to install on same PC, so I left the default selection and press Next, Next and selected only deployment tools.

2016-04-06_19-44-40

Post installation, you need a take a trouble to find where is Windows System Image Manager. I prefer you create a shortcut on taskbar. Now you need the ISO. You can’t use evaluation version, you must have a ISO which is licensed. You can either mount the ISO or extract the ISO. I would prefer to extract. Create a directory of your choice. Mine is workingdir as shown below. After ISO is extracted go to the path shown below. 

2016-04-06_20-50-58

Copy install.wim into WorkingDir folder. Open Windows System Image Manager, open install.wim file by going to Windows Image, right click

2016-04-06_20-55-28

You will get a prompt as shown below, select the Edition of operation system.

2016-04-06_20-57-51

It is will prompt to create catalog. Just say “yes”. It will take ample time to create catalog.

2016-04-06_20-59-55

Now to create new answer file, click as shown below

2016-04-06_21-06-07

To complete answer file you need add various components shown above. This is very meat of entire post. Loads of options are available, which one to choose and what to fill is very important.let’s First add Microsoft-Windows-International-Core-WinPE this is basically going to automate default language, locale, and other international settings.

2016-04-06_21-16-33

After you add it to pass 1, fill in the details. If you are getting lost, just use Help, it is excellent source of information.

 

Then add Microsoft-Windows-Setup component it contains settings that enable you to select the Windows image that you install, configure the disk that you install Windows to, and configure the Windows PE operating system. Now this has lots of stuff. Let’s start from top to bottom. There is nothing in DiskConfiguration to configure other than shown below

2016-04-06_22-02-47

Right click on DiskConfiguration and Insert New Disk. For Disk0 we will wipe it as configured below.

2016-04-06_22-03-12

After disk is wiped, you need to create and define partition. All our SOE will have 80 GB drive just for installing Guest OS and basic softwares e.g. AV, monitoring agents, VMware Tools and etc. No applications.  We will create two partitions, one for system and other for windows.

2016-04-06_22-04-08

System partition will be 350 MB in size and has to be non-extending.

2016-04-06_22-04-37

similarly windows partition will be set to extending true and will be second partition

2016-04-06_22-16-00

If you are installing Windows to a blank hard disk, you must use the CreatePartitions and ModifyPartitions settings to create and format partitions on the disk

2016-04-06_22-19-46

Make partition1 active and it will be label as System. Order 1 suggest it will be first created

2016-04-06_22-24-22

Now Partition2 where OS will be installed will be label Windows and will be assigned Drive C:\

2016-04-06_22-48-10


 

Now lets move to ImageInstall, ImageInstall specifies the Windows image to install and the location to which the image is to be installed. InstallFrom doesn’t applies in ISO installation, so skip it. You must specify either the InstallTo or the InstallToAvailablePartition settings (shown below)

2016-04-06_23-18-25

2016-04-06_23-04-35

 

2016-04-06_23-04-53

However we need to specific installation path for Image and therefore we need to add MetaData

2016-04-06_23-05-18

Finally you must  specific InstallTo e.g. Disk0 and Partition2, it where you will install Operating System

2016-04-06_23-19-17

Task 1, 2 are achieved

UserData

In this screen, we will add EULA and skip product key as I don’t have valid product key. You can use license keys mentioned here.

2016-04-06_23-23-20

 

I’m skipping name of the computer.  As I don’t believe putting computer name in answer file is a recipe for mass deployment. I will explore this option in future post.

4 Specialize

Add Microsoft-Windows-Shell-Setup to specialize Pass.

we need to add same key again in 7 oobe System but options are completely different which you will observed

2016-04-07_19-29-24

Enter Name of the organization, Registered Owner and Time zone as shown above. Task 6 is achieved

Add Microsoft-Windows-IE-ESC in Pass 4 and enter False of IEHardenAdmin and True(which is default) for IEHardenUser. Task:07 is achieved

2016-04-07_19-43-35

Add Microsoft-Windows-ServerManager-SvrMgrNc in Pass 4 and enter True for DoNotOpenServerManagerAtLogon. Task:08 is achieved

2016-04-07_19-46-22

Add Microsoft-Windows-UnattendedJoin in Pass 4 and edit JoinDomain name shown below. Next add Identification specifies credentials to join a domain. Task3 is achieved.

2016-04-07_19-59-20

Use either Provisioning or Credentials to join an account to the domain.

2016-04-07_20-51-05

Add Microsoft-Windows-TerminalServices-LocalSessionManager in Pass 4 and edit False for fDenyTSConnections to remote desktop and below to open firewall port. Task 5 is achieved.

2016-04-07_19-47-26

Add Networking-MPSSVC-Svc in Pass 4 to add remote desktop group. You must add firewall group as shown below. You must insert firewall group to enable or disable firewall for. To achieve Task 5

2016-04-07_20-54-40

2016-04-07_20-53-58

Now let’s provide IP Address to VM, I don’t believe IP Address should be part of unattend.xml. It is the property which changes per VM and it should be dynamic. I have a post reserved for it. It will be coming soon. For sake of this post let’s complete the parameters. Drag wow64_Microsoft-Windows-TCPIP component into Answer file shown below.

2016-04-10_20-31-27

In the interface tab, right click and create Insert New Interface.

2016-04-10_20-29-16

In the Interface type Identifier. This identifier is “Ethernet” you can’t say Local Area Connection here. It has to be Ethernet.

2016-04-10_20-35-02

Below in Ipv4Settings, Don’t touch anything here as everything here is optional.

2016-04-10_20-36-34

Then there is Routes, It is for providing gateway details. Right click Routes and Insert New Route.

2016-04-10_20-37-40

You can say any number for integer. It is of little use here. Leave Metric blank. NextHopAddress should be default gateway. Prefix for 255.255.255.0 should be 0.0.0.0/0.  

2016-04-10_20-39-11

 

Finally Unicast IP Address which is IP Address of the VM. Right click and select Insert New IP Address. Key is 1 and value is IP Address as shown below.

2016-04-10_20-40-542016-04-10_20-41-46

7 oobe System

Add Microsoft-Windows-Shell-Setup to oobe pass to enable autologon as shown below

2016-04-07_20-56-45

Create a local user and give him administrator rights as shown below. Task 4 is achieved

2016-04-07_20-58-34

 

For every account you create you must add password value as shown above

Now final piece, FirstLogonCommands. These commands are made to run when you have enabled autologon for administrator. These commands run under administrator privileges.  I have selected Synchronous command and provided the order in which they should run. I’m using Powershell to install RSAT tool and Telnet tools. And in second command I’m changing powershell execution mode to remotesigned. Both commands I have copied and pasted for better visibility.

2016-04-10_20-42-56

%WINDIR%\System32\WindowsPowerShell\v1.0\PowerShell.exe -command Import-Module ServerManager; Add-WindowsFeature RSAT-Role-Tools; Add-WindowsFeature RSAT-DNS-Server; Add-WindowsFeature Telnet-Client

2016-04-10_20-44-12

%WINDIR%\System32\WindowsPowerShell\v1.0\PowerShell.exe -command set-executionpolicy remotesigned -force >> C:\Users\Public\Documents\setExecution.log

2016-04-10_20-45-09

Task 9 & 10 is achieved.At this stage answer file is ready.

Few tips

  1. Select Sensitive data to hide password.

2016-04-11_9-50-03

  1. Domain Join password doesn’t get encrypted. You need to find a workaround for it. It is my next post.
  2. Every time you save answer file it is by default validated.

Attaching answer file

Answer file can be attached using

  1. USB drive
  2. External disk
  3. CDROM Image

For AHV, I have yet to figure this out. But there are posts around which advocate burning unattended file directly on Windows CD or inserting into Windows ISO. Both approach are not  scalable.  XML file will be unique per VM, so you need to look at the mechanism how to ensure XML file is generated & Unique for each VM without much hassle and same file much be seamless attached as CDROM/made visible to boot process.

For this post I’m going to use inbuilt tool which is oscdimg.exe. This exe is part of Windows AIK and located in

C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Deployment Tools\amd64\Oscdimg folder.

Save a xml file to some folder. In my case I created a folder Answer and copied unattended file into it as shown below.

2016-04-10_20-47-54

run following command

oscdimg.exe -n c:\Answer c:\ans999.iso

2016-04-10_20-48-36

That is all. Attach answerfile.iso to AHV and boot VM and it should read the answer file. Only caveat, you have to attach additional CDROM to the VM and ensure it is second IDE device and not first. First IDE device is used to boot from ISO.

 

Using custom properties to govern Service in vRA 6.2

We all have been impressed with governance engine of vRA/vCAC. Governance is biggest advantage over vCloud Director. Approval policies are the crux of governance. I have explained in detailed approval policies in my previous post. Approval policies can have multiple level and can span across your different divisions e.g. IT, HR, Finance. These policies are little bit revised in vRA 6.2 to leverage extensibility aspect. Again this revision is brought due to customer demand. In previous release if end user has specific requirement and is requesting something, If it is not available, workflow use to end and user has to request service again with different requirement. This was especially true for custom properties. For system property it was possible to do so, however system defined property have very limited scope. Continue reading Using custom properties to govern Service in vRA 6.2

Cost Profiles in vRealize Automation

Recently I was queried on how to apply cost profile. I thought, it is super simple to do so. However when I tried in my lab, it took quite a while to find cost profiles screen and how does it work. While working on cost profile in my lab I realized few things. In this post I’m sharing how to use cost profiles and how it is related to compute resources, Fabric group

You have to associate Cost profiles with compute resources. Compute resources is pool of clusters available in your endpoint. This is the single most thing I would like you to take as a learning from this post. Compute resource is in turn associated with fabric. There is direct relationship between compute resource and fabric. So when you create a fabric, you also carry along cost profile defined at the compute resource. Fabric admin creates reservation i.e. carves the chunk out of the fabric. Cost profiles get carried to this chunk. So cost profile applies to all the VMs created out of the fabric. Since it is fabric based operation, you need Fabric admin credentials to do this job. Continue reading Cost Profiles in vRealize Automation

Networking Changes in ESXi 5.0

Networking Changes in ESXi 5.0
Some ESX 4.x and ESXi 4.x network settings stored in /etc/sysconfig/network are migrated in the upgrade or migration to ESXi 5.0. In the migration to ESXi 5.0, ESX Service Console virtual NICs (vswifs) are converted to ESXi virtual NICs (vmks).The distributed port group or dvPort that the virtual NICs connect to is also migrated. The Service Console port group is renamed as the Management Network port group. When vswifs are migrated to vmks, they are numbered to follow any existing vmk in sequence.


For example, if the version 4.x ESX host has virtual NICs vmk0, vmk1, and vswif0, after the migration the new ESXi configuration will be vmk0, vmk1, and vmk2, where vmk2 is the management interface
.


When you upgrade from ESXi 4.x to ESXi 5.x, the default maximum number of ports for a virtual switch changes from 64 to 128.
ESX hosts have two IP stacks, one for the vmkernel and one for the Service Console. Because ESXi hosts have only one IP stack, the migration cannot preserve both ESX default routes. After migration, the ESX Service Console default route becomes the single ESXi default route, replacing the vmkernel route. The change to a single ESXi default route might cause loss of connectivity for routed non-management traffic that originates from vmkernel. To restore vmkernel networking, you can configure static routes in addition to the default route.
All vswif interfaces are migrated to vmk interfaces. If a conflict is detected between two interfaces, one is left in disabled state. The upgrade disables any conflicting kernel IP addressing in favor of the management interface.
The migration to ESXi 5.0 disables any existing vmk virtual NIC that meets the following conditions.

  • The vmk virtual NIC has a manually configured (static) IP address.
  • The IP address is in the same subnet as a vswif virtual NIC that is being migrated to a switch containing the vmk virtual NIC.
  • The vmk and vswif NICs are both on the same virtual switch.


For example, if vswif0, with IP address 192.0.2.1/24 on vswitch1, is migrated to a switch containing vmk0, with IP address 192.0.2.2/24, also on vswitch1, after the migration, vmk0 will be disabled.


ESX 4.x Service Console Port Group Removed in Migration to ESXi 5.0

Because ESXi 5.0 has no Service Console, migrating from ESX 4.x to ESXi 5.0 removes the Service Console port group. After the migration to ESXi 5.0, a new port group, the Management Network port group, is created.

Configuration Changes After Migration or Upgrade to ESXi 5.0

Firewall Configuration Changes After Migration or Upgrade to ESXi 5.0

The migration or upgrade from ESX/ESXi 4.x to ESXi 5.0 results in several changes to the host firewall configuration. When you migrate from ESX 4.x to ESXi 5.0, the ESX 4.x rulesets list is replaced by the new rulesets list in ESXi5.0.

The following configuration from the /etc/vmware/esx.conf file is preserved:

  • · The existing enabled/disabled status.
  • · The allowedip added by esxcfg-firewall.

Ruleset files that are added by the user and customized firewall rules created in ESX 4.x. are not preserved after the migration. In the first boot after the migration, for those rulesets that don’t have entries in the ESX 4.x /etc/vmware/esx.conf file, the ESXi 5.0 firewall loads the default enabled status.

After the migration to ESXi 5.0, the default block policy is set to false (PASS all traffic by default) on ESXi 5.0 only when both blockIncoming and blockOutgoing values of the default policy are false in the ESX4.x /etc/vmware/esx.conf file. Otherwise the default policy is to deny all traffic. Custom ports that were opened by using the ESX/ESXi 4.1 esxcfg-firewall command do not remain open after the upgrade to ESXi 5.0. The configuration entries are ported to the esx.conf file by the upgrade, but the corresponding ports are not opened.


IMPORTANT The ESXi firewall in ESXi 5.0 does not allow per-network filtering of vMotion traffic. Therefore, you must install rules on your external firewall to ensure that no incoming connections can be made to the vMotion socket.


Resource Pool Settings Affected by the Upgrade from ESX 4.x to ESXi 5.0

After the upgrade to ESXi 5.0, ESX 4.x resource pool settings might be insufficient to start all virtual machines in the pool. The upgrade to ESXi 5.0 affects the amount of memory available to the host system. You can find this alert by pressing Alt + F11 in the ESXi direct console.

SSH Configuration Affected by Upgrading or Migrating to ESXi 5.0

The host SSH configuration is migrated only for upgrades from ESXi 4.1 to ESXi 5.0. SSH configuration is not migrated for ESX 4.x hosts or ESXi 4.0 hosts. For these hosts, SSH access is disabled during the upgrade or migration process. You can re-enable SSH access in the direct console.