Network Administrator Knowledgebase


May 15, 2008  1:54 AM

iSCSI in VMWare ESX 3

Michael Khanin Michael Khanin Profile: Michael Khanin

iSCSI has become a very popular way of having shared storage among several physical or virtual computers. The benefits of shared storage are even greater when combined with the abilities of VMWare such as VMotion, High Availability and Distributed Resource Scheduler.

Below are the basic (and I do emphasize basic) to configuring iSCSI storage with VMWare 3.0. Like any shared storage infrastructure there are a number of possible methods and structures that could change the way that iSCSI is installed and used.

Step 1 – Add in extra Service Console and iSCSI VMKernal
The service console and VMKernal need to be on the same physical NIC on the ESX server. The IP’s for these services need to be on the same subnet as the iSCSI storage device. The pictures below outline the end-result if your iSCSI VLAN were to be 192.168.4.0/24. Note that the service console that you is shown below is the second and therefore additional service console. The original stays unchanged.

Sample Configuration Page

Sample End Result

Step 2 – Allow iSCSI traffic through the firewall
The Software iSCSI Client for ESX needs to be allowed through the firewall which is located under the security profile section. If you don’t do this then you will not be able to use the service. I found this interface “tricky” to use. Sometimes I would make changes and they wouldn’t take effect until the server was rebooted.

Step 3 – Enable Software Initiator Properties
The iSCSI storage adapter needs to be configured. Find the newly created iSCSI Software Adapter on the Storage Adapters tab you will need to:

  1. Open the properties
  2. Configure and subsequently enable the iSCSI Initiator
  3. On the Dynamic Discovery tab you can add in the iSCSI server IP


Step 4 – Create iSCSI targert on iSCSI device
This will depend on your iSCSI hardware as to how you do this. Each manufacturer has their own way of doing this.

Step 5 – Add LUN to target

Links:
VMWare’s design guide for iSCSI – short but good: http://www.vmware.com/pdf/vi3_iscsi_cfg.pdf
Really good blog post by David Davis about VMWare and iSCSI:

http://www.petri.co.il/connect-vmware-esx-server-iscsi-san-openflier.htm

May 1, 2008  1:54 AM

Download Windows XP Service Pack 3 Now!

Michael Khanin Michael Khanin Profile: Michael Khanin

It is available on public Windows Update Servers:http://download.windowsupdate.com/msdownload/update/software/svpk/2008/04/windowsxp-kb936929-sp3-x86-enu_c81472f7eeea2eca421e116cd4c03e2300ebfde4.exe


May 1, 2008  1:52 AM

System center Virtual Machine Manager 2008 Beta

Michael Khanin Michael Khanin Profile: Michael Khanin

At the Management Summit in Vegas, Microsoft announced the beta of System Center Virtual Machine Manager 2008. This version can manage Hyper-V hosts!

It should be available on connect.

Microsoft has announced the formal name and beta availability of System Center Virtual Machine Manager 2008, a member of the System Center suite of server management products. The announcements came April 29 at the Microsoft Management Summit in Las Vegas, which showcased the beta of the System Center Virtual Machine Manager 2008 (VMM), managing both Hyper-V and VMware virtual infrastructure. Additional functionality new to this version of VMM includes Performance and Resource Optimization (Pro), which dynamically tunes virtual infrastructure, simplified virtual host cluster support, and other improvements and enhancements.


April 27, 2008  3:35 PM

Configuring the Firewall on Server Core for Remote Management

Michael Khanin Michael Khanin Profile: Michael Khanin

On all Windows 2008 Editions, the firewall is on by default. This true in a Server Core as well. Many IT Pro loves a new Windows 2008 Server Core Edition, but friendly speaking manage it from a command line for many Administrators is not so easy. Yes, We can manage Windows 2008 Core remotely, but we have to configure Firewall on the Core box. There are then three scenarios for remote management via MMC:

  1. Server Roles – when a server role is installed, the appropriate ports are opened to allow the role to function as well as to allow remote management, so no additional configuration is required. Using the Remote Server Administration Tools (RSAT) feature on a full server installation, we can install just the MMC snap-ins for a role and use them to remotely manage the role on Server Core.
  2. Domain joined – Once domain joined, the firewall profile is changed to the domain profile which allows remote management. Again, no additional configuration is required.
  3. Workgroup server – This is the scenario (is most popular when IT Pro demonstrates or tests a new Windows 2008) in which We may need to make firewall configuration changes to allow remote management. If we want all remote managements to work, we can use:

Netsh advfirewall firewall set rule group=“remote administration” new enable=yes

However, there may be situations where we only want to allow certain MMCs to connect for remote administration. Not every MMC snap-in has a firewall group, here are those that do:

MMC Snap-in

Rule Group

Event Viewer

Remote Event Log Management

Services

Remote Service Management

Shared Folders

File and Printer Sharing

Task Scheduler

Remote Scheduled Tasks Management

Reliability and Performance

“Performance Logs and Alerts” and “File and Printer Sharing”

Disk Management

Remote Volume Management

Windows Firewall with Advanced Security

Windows Firewall Remote Management

On the Server Core box we can enable these by running:

Netsh advfirewall firewall set rule group=“<rule group>” new enable=yes

Where <rule group> is the name in the above table.

Not every MMC snap-in has a rule group to allow it access through the firewall.

MMC Snap-ins that Require Addition Configuration
In addition to allowing the MMC snap-ins through the firewall, the following MMC snap-ins require additional configuration:

  • Device Manager
    To allow Device Manager to connect, you must first enable the “Allow remote access to the PnP interface” policy

    1. On a Windows Vista or full Server installation, start the Group Policy Object MMC snap-in
    2. Connect to the Server Core installation
    3. Navigate to Computer Configuration\Administrative Templates\Device Installation
    4. Enable “Allow remote access to the PnP interface”
    5. Restart the Server Core installation
  • Disk Management
    You must first start the Virtual Disk Service (VDS) on the Server Core installation
  • IPSec Mgmt
    On the Server Core installation you must first enable remote management of IPSec. This can be done using the scregedit.wsf script:

Cscript \windows\system32\scregedit.wsf /im 1/span>


April 25, 2008  10:27 PM

What already installed on Windows 2008 Core

Michael Khanin Michael Khanin Profile: Michael Khanin

By running Oclist on Windows 2008 Server Core we can get full information what Installed and what Not installed on server.
The full list is very long and not comfortable for reading. If you don’t want to include all of the many “Not Installed” options in the output of Oclist, run:

Oclist | find ”  Installed”


April 25, 2008  10:03 PM

How to figure out what OS Edition is running on Server 2008?

Michael Khanin Michael Khanin Profile: Michael Khanin

We can do this via WMI.
The command line is:

wmic
path win32_operatingsystem get OperatingSystemSKU / value
The value Should be converted to hex and then mapped to the list at:
http://msdn2.microsoft.com/en-us/library/ms724358. aspx


April 25, 2008  5:06 PM

Running Windows 2008 Server core under VMware

Michael Khanin Michael Khanin Profile: Michael Khanin

One of the first software that I install on any OS under VMWARE is VMware Tools. The most important benefit is the VMware enhanced video and mouse drivers. On VMware ESX, VMWare tools must be installed to get the NIC working. The Installation process of VMware Tools on Windows 2008 Server Core edition is a bit tricky. As far as you remember, Server Core it is a command line only version of Windows Server 2008. VMWareTools is a GUI installation so this is not an option for Server Core. Today we have few workarounds :)Solution 1

  • Log into your Windows Server 2008 Server Core VM with an admin account
  • From the VMware Workstation console, click the VM menu Install VMware Tools. This will mount the VMware Tools disk (Windows. iso file) in the virtual CD-Rom drive.
  • Switch to drive D: (or whatever drive is your CD drive)
  • Type Setup and press Enter
  • Click Install to the VMware informational message. The VMware Tools will begin to setup.
  • Click Next to install
  • Click Next to perform a Typical setup
  • Click Install to begin the installation
  • When you see the status stall, open Task Manager (Ctrl-Alt-Ins Start Task Manager)
  • Click the Applications tab, select the RUNDLL process and choose End Task
  • Close Task Manager and click OK to any error messages. Setup will continue as normal.
  • Click Finish and click Yes to restart the server
  • When Windows Server 2008 Server Core starts up, it will be in 640×480 resolution. As a quick solution, read my “CoreConfigurator – Graphic Management Tool  for Windows Server 2008 Core” post to explain how to configure the resolution in Windows 2008 Server Core :).

Solution 2

  • First step, On Server Core we need to mount the VMware Tools ISO by selecting the “Install VMware Tools” option:
  • From a command line run the following command:

    msiexec / i “d:\VMware Tools. msi” / qn

Solution 3
This solution a specially for VMware ESX Server. The workaround is to transfer VMWareTools (contained in a file called windows.iso) from your ESX server to a local drive. Use Virtual Center to mount the windows.iso file as a CDROM drive in the Windows 2008 Server Core VM. The exact location of driver is: \ Program Files\VMWare\VMWare Tools\Drivers\VMXNet\w2k of the windows.iso file. The command used to install the drivers is:

C:\Windows\System32> pnputil – i -a vmxnet. inf

You should get the following message:

Microsoft PnP Utility
Processing inf : vmxnet. inf
Successfully installed the driver on a device on the system.
Driver package added successfully.
Published name : oem2. inf

The next step is to set “Hardware Acceleration” for the display adaptor to “Full”. Well, you have to use Registry.
Launch the Registry editor on the command prompt by typing “ regedit”. Then you navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{81E0A29D-B654-4848-9421-BEA1C8A6F938}000

The long number is a GUID and it will be different on your system. You should find Acceleration.Level key in the 0000 folder. To be sure that you’ve found a correct key check in the same location key “Device Description” with a value “VMware SVGA II“. You have to set the Acceleration.Level key value to 0.

Exit from registry and reboot your server.

The END :).


April 20, 2008  7:31 PM

CoreConfigurator – Graphic Management Tool for Windows Server 2008 Core

Michael Khanin Michael Khanin Profile: Michael Khanin

The default management for Windows Server 2008 Core is the command line. Yes, the main powerful of Windows Server Core becomes available when using such an approach, but sometimes it’s not so user friendly. This is why I’ve been asking so many times if exist anything more graphic :). Yes, one of the first recommendations to work and manage Windows 2008 Server Core is to use MMC from a remote machine, but MMC cannot do everything. Of course to allow work with remote tools this tool should be allowed passage through the firewall packages Server Core. In addition, this is for many more difficult than editing the registry. :) Therefore, I would like to have a simple graphical tool for configuring local system. The task of developing such an interface is complicated by that the Server Core has a limited set of graphics API, this is a reason why so beautiful MMC doesn’t work on it.

So, if Microsoft has not established such utilities anybody else did this. Look at the utility CoreConfigurator developed by Guy Teverovsky, MVP from Israel.

This is what it can:

  • Product Activation Product Activation
  • Configuration of display resolution Configuration of display resolution
  • Clock and time zone configuration Clock and time zone configuration
  • Remote Desktop configuration Remote Desktop configuration
  • Management of local user accounts (creation, deletion, group membership, passwords) Management of local user accounts (creation, deletion, group membership, passwords)
  • Firewall configuration Firewall configuration
  • WinRM configuration WinRM configuration
  • IP configuration IP configuration
  • Computer name and domain/workgroup membership Computer name and domain / workgroup membership
  • Installation of Server Core features/roles Installation of Server Core features / roles

To setup this utility use MSI package and then run the CoreConfigurator. exe file. The following interface will appear.

Just in case, it’s not necessary to install CoreConfigurator, we can simply copy its files into the system. The result will be the same. The video settings look like this:

Setting “Show window content while dragging” may very markedly improve display window objects, if you work with the server via terminal connection. Please note that the setting affects only the current user. According to the picture, to change the time zone, the developer did not reinvent the wheel, and just call to standard timedate.cpl

Remote Desktop Options look like this:

All would be good, but in this version you still have to allow RDP connections in the firewall manually using netsh. Hopefully, in the next version this will be fixed. Management of local users and groups is done through the following windows.

Installation of Roles and Features became a more visual :

Instantly, functionality of firewall management is very limited, but at least he had already to incorporate all necessary rules for the remote control.

Configuring your network interfaces habitually looks fairly.

To set the activation key and Activate the OS is also very simple and all this done via GUI :)

In addition, let me show winrm interface, interface to rename computer and join it to domain:

It is understandable that CoreConfigurator is not officially supported by Microsoft. Many IT professionals probably have any doubts, whether to trust manufacturer of the software. As usual choice, set its server utility or not is up to you. :)


April 20, 2008  4:29 PM

PowerShell – The Next Step for System Administrator

Michael Khanin Michael Khanin Profile: Michael Khanin

I’ve just come back from Seattle where I have been on Global MVP Summit 2008.
Microsoft spoke about new technologies, about new products, about plans and visions.

I have been on many sessions, and I’d like to say what I see as of the highest importance.

If you are Network or Systems Administrator and dealing with Windows environment, you SHOULD start to learn and using PowerShell (if you already not doing so :)). An absolutely every new program / system from Microsoft supports PowerShell, I remember just one exception, Windows 2008 Core. We cannot install and use PowerShell on Windows 2008 Core box, but we can manage and control Windows 2008 Core by using PowerShell on other Windows 2008, Vista or even Windows XP machines.

I’ll try to speak more about PowerShell and I’ll show how PowerShell can serve us in our daily stuff. If you want to do any script and consider about doing it in PowerShell, VB or simple Batch file, I suggest to do it in PowerShell. I’ll try to assist you as much as I could.


April 18, 2008  1:00 AM

2008 MVP Global Summit

Michael Khanin Michael Khanin Profile: Michael Khanin

At this time I have been in Seattle, on the MVP Summit 2008. Soon I’m going back to home. I had a lot of good sessions about Windows 2008, Exchanges, SharePoint, PowerShell and much more. The detailed report about new Microsoft staff I will write a bit later. It’s not going to be a report with big details, a lot of information on this Summit is under NDA, but I’ll try to publish as much as I can. So, keep checking for a new posts ;)


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: