Get-ClusterRules

16/06/2017

I recently encountered an interesting question, maybe not the one you will see every day. A vCenter Center server runs a large number of Clusters; the VMs on those clusters are controlled by a considerable number of DRS rules. The question that raised; “How do we know if the DRS rules we once designed are still in place?” In the course of time, rules can be disabled, VM or Host groups does not match any more. Trying to answer this question by going through the vCenter Server configuration is not the way to go.

Thankfully, the VMware PowerCLI contains a useful Cmdlet Get-DrsRule that enables you to create a dump of the configured rules for each cluster. This makes checking your configuration a lot easier.

But there is another thing, now we know about the configuration, but what do we know about the actual situation? For instance, VM to Host affinity has “should” and “must” rules, but to what extent is a “should” rule fulfilled?

So time to create a PowerShell script which performs the following tasks; for each Cluster within a vCenter Server, a dump of the configured DRS rule is made. The second part of the script determines on which host a VM is running and compares it to the configured rules. The script will also report if a DRS rule is disabled and displays the power state of each VM. You will probably worry less about a powered down VM.

The script can be found here on GitHub.

I am aware that the script and my programming skills are far from perfect, so expect updated versions in the future.


Check_MK and vSphere – vCenter Server

22/08/2016

This post is the third part in a series about Check_MK and vSphere. In the second part, I showed you the options for monitoring an ESXi host without using vCenter Server. In this post we will explore the options for monitoring a vCenter Server on Windows and also the vCenter Server Appliance (VCSA).

vCenter Server Windows

For this POC we have a vCenter Server 6.0 U2 (build 3634793) on a Windows Server 2012 R2. As this is a normal Windows server, I installed the Check_MK agent for Windows and added the host to Check_MK. For the property Agent type, select “Check_MK Agent (Server)”.

2016-08-21_01Figure 1

By default the Check_MK Windows Agents presents – without further tweaking – a lot of information; CPU and Memory utilization, Disk I/O, status of the filesystems, status of the Network interfaces and many more.

Now it’s time to reveal the vSphere options. We follow the same procedure as we did for the ESXi host. In the WATO configuration go to Host & Service Parameters \ Datasource Programs and select Check state of VMware ESX via vSphere. Now create a second rule for the vCenter Server, start with providing a descriptive name.

Read the rest of this entry »


Deploying replica fails with .vmdk access errors

24/04/2016

A quick post about an annoyance I encountered while recomposing a View Horizon Linked-Clone desktop pool to multiple local datastores. In this situation multiple replicas will be created from the Parent VM.

These replicas are created simultaneously; however during this process the task pane in the vCenter Server shows many .vmdk access errors on the parent VM and as a result replicas are created one after the other.

VMware KB “Deploying multiple virtual machines in VMware vCenter Server 5.x and 6.0.x from the same template fails with the error: vmdk access error (2114026)” explains that this issue occurs because of locked –ctk.vmdk files. These files are part of the Change Block Tracking (CBT) mechanism. The KB provides instructions how to modify the settings of the Parent VM by disabling CBT.

However after editing the .vmx file and deleting the –ctk.vmdk files from the datastore, the files reappeared immediately. To resolve this behavior, SSH to an ESXi host and browse to the datastore where the Parent VM is located.
Then, edit ALL .vmdk files and remove or comment out the line starting with; changeTrackPath=.


2016-04-24-01Figure 1

Now, the –ctk.vmdk files will be gone for good.
To prevent third-party applications from enabling CBT, you can add the following line to the .vmx file of the Parent VM: ctkDisallowed=”true”.
As always, I thank you for reading and welcome your comments.


Resolving MS SQL Remote connection issues II

07/02/2014

In my previous post, I discussed some steps for troubleshooting the connection from a new would be vCenter Server to a remote MS SQL Server. Because MS SQL servers can host multiple database instances, I added a second Named instance “Dynamic” to my SQL Server 2012.

Start the SQL Server Configuration Manager. Go to SQL Server Network Configuration. Now we see our second instance named “Dynamic”. Note that the TCP/IP protocol is (again) enabled by default. Open the properties and switch to the “IP Addresses” tab.

20140207-01Figure 1

Read the rest of this entry »


Resolving MS SQL Remote connection issues I

06/02/2014

Setting up a vCenter Server with a remote MS SQL database is a common practice for environments other than very small, proof of concepts or labs. Chances are, you will face some difficulties setting up a remote connection from the new vCenter Server to the MS SQL server. In case the DBA is not around, this post presents a few points to help you setting up a remote connection to the database.

In this example, I installed MS SQL 2012 on a Windows Server 2012 R2.

The first part of the VMware vCenter Server is the Single Sign On (SSO) server. SSO also needs connectivity to the MS SQL Server; unfortunately, SSO comes with its own peculiarities. So my advice is to test the connectivity beforehand, by setting up an ODBC connection to the database. The areas of interest are:

  • Default Instance and Named Instances
  • Ports and Network configuration.
  • Services.
  • Windows firewall.
  • Permissions.

Read the rest of this entry »


vCenter Configuration Manager – The Videos

23/12/2013

Aka vSphere Hardening – Part 5

Someone over at VMware has been reading my mind or my blog posts. A few weeks ago, I wondered about the few posts and videos available regarding the VMware vCenter Configuration Manager.

But things have changed, on 22th December 2013; VMware has uploaded 4 Videos on YouTube:

VMware vCenter Configuration Manager 5.7 Installation

Data Collection from vSphere with vCenter Configuration Manager 5.7

VMware vSphere Hardening and Compliance with vCenter Configuration Manager 5.7

Compliance Data in vCenter Operations with vCenter Configuration Manager 5.7

I have watched the videos, a few remarks.

The Installation video presents a comprehensive overview of the installation process, take notice that in this demo, the prerequisites have been fulfilled. See also my post on the installation process.

The Data Collection video, details how to connect a vCenter Server to vCenter Configuration Manager and start collecting data. This video covers my previous post on the configuration of VCM.

The third video shows how to perform some high level remediation on ESXi hosts. It also introduces some of the Compliance options and even shows how to automatically run compliance checking jobs.

The final video shows how to incorporate Compliance data into the vCenter Operations Manager. It shows how to register the vCenter Configuration Manager server in vCenter Operations Manager and the necessary configuration of vCenter Configuration Manager.

 

This post is the fifth part in a series about vSphere hardening. See also:
Part 1 vSphere Hardening, Introduction
Part 2 vSphere Hardening, Available Tools
Part 3 vCenter Configuration Manager – Installation
Part 4 vCenter Configuration Manager – Configuration
Part 5 vCenter Configuration Manager – The Videos
Part 6 vCenter Configuration Manager – First Run