vSphere: Get ESX Server Serial Numbers

KB ID 0001670

Problem

A few weeks ago I needed to sort out some extended warranty for a customers servers. To do that  I needed the serial numbers of those servers, (a mixture of IBM/Lenovo and Dell Servers).

As I didn’t fancy a drive to two different datacenters, I wanted to try and get them programatically.

Solution

After some searching I came across a post by one of my old EE buddies LucD with exactly what I needed. I’m assuming you have PowerCLI setup before beginning.

Connect to your Virtual infrastructure;

[box]

Connect-VIServer {vCenter-server-FQDN}

[/box]

Then, (assuming you have a folder called C:\Temp that you can write to).

[box]

Get-VMHost | Select Name, @{N='Serial';E={(Get-EsxCli -VMHost $_).hardware.platform.get().SerialNumber}} | Export-Csv c:\temp\serial.csv -NoTypeInformation -UseCulture

[/box]

Then  open your C:\Temp\SerialNumber.csv file, and there’s your serial numbers.

 

Related Articles, References, Credits, or External Links

NA

VMware ‘Disable DelayedAck’ Does Not Work?

KB ID 0001525

Problem

I’ve got a client that’s been having some performance issues with their VMs. Their storage vendor, (EMC) said that as a result of finding this in the logs;

[box]

B       02/28/19 09:50:53.953 scsitarg          117000e [INFO] System: iSCSI Logout Initiator Data: IP=192.168.200.161 Name=...-ec-21 Target Data: Port=2 Flags=0x00002002 Info=0x01200801
B       02/28/19 09:50:53.969 scsitarg          117000e [INFO] System: iSCSI Logout Initiator Data: IP=192.168.201.161 Name=...-ec-21 Target Data: Port=3 Flags=0x00002002 Info=0x01200801
B       02/28/19 09:51:16.413 Health              608fe [WARN] User: Host ESXi-01.petenetlive.com does not have any initiators logged into the storage system.
A       02/28/19 10:04:25.968 scsitarg          117000d [INFO] System: iSCSI Login Initiator Data: IP=192.168.200.161 Name=...-ec-21 Target Data: Port=2 Flags=0x00002002 Info=0x00000000 [Target]
B       02/28/19 10:04:26.034 scsitarg          117000d [INFO] System: iSCSI Login Initiator Data: IP=192.168.200.161 Name=...-ec-21 Target Data: Port=2 Flags=0x00002002 Info=0x00000000
A       02/28/19 10:04:31.996 scsitarg          117000d [INFO] System: iSCSI Login Initiator Data: IP=192.168.201.161 Name=...-ec-21 Target Data: Port=3 Flags=0x00002002 Info=0x00000000 [Target]
B       02/28/19 10:04:32.055 scsitarg          117000d [INFO] System: iSCSI Login Initiator Data: IP=192.168.201.161 Name=...-ec-21 Target Data: Port=3 Flags=0x00002002 Info=0x00000000
B       02/28/19 10:04:57.438 Health              608fc [INFO] User: Host ESXi-01.petenetlive.com is operating normally.
Host Host ESXi-01.petenetlive.com is accessing lun Datastore_3 as HLU 3, After the initiators for this host start logging in/logging,  unit attention update events will be logged as the paths to the luns have changed this is expected
2019/02/28-09:50:41.607527 ~~~~     7F3C92369703      std:TCD:   Unit Attention update from 0000001A to 0001030D for LUN 0x3.
2019/02/28-10:02:55.860669 ~~~~     7FE476E61702      std:TCD:   Unit Attention update from 00010149 to 00010157 for LUN 0x3.

[/box]

We should disable DelayedAck and they kindly gave me the VMware KB that outlined the procedure.

Solution

The procedure outlined (for VMware 6.x) is to put the host in maintenance mode, then edit the properties of the iSCSI controller(s), untick the DelayedAck options, reboot the Host, and everything will be peachy. However, even though (post reboot) everything looks good in the the vSphere Web console. If you look on the host you may find something like this;

[box]

vmkiscsid --dump-db | grep Delayed

[/box]

DelayedAck = ‘1’ means ENABLED, DelayedAck = ‘0’ means DISABLED

So half my iSCSI entries in the iSCSI database still have DelayedAck ENABLED?

Some Internet searching told me this was quite common, and that the best way to ‘fix‘ it was to, disable the iSCSI initiator, remove the iSCSI database, reboot and then setup iSCSI again;

[box]

cd /etc/vmware/vmkiscsid
esxcfg-swiscsi -d
rm -f vmkiscsid.db
reboot

[/box]

Which is fine IF YOU ARE USING A SOFTWARE iSCSI INITIATOR, I however was not, I had 2x dedicated hardware iSCSI HBAs on each host!

After many hours of messing about and trial and error, it became clear, I had to do things in a certain order, or DelayedAck would simply just be enabled whether I liked it or not. 🙁

Disable DelayedAck With Hardware iSCSI NICs / HBAs

MAKE SURE THE HOST IS IN MAINTENANCE MODE FIRST

Then take a note of your iSCSI setup, Port Groups, VMKernel Ports, and Physical NICs, you are going to delete the iSCSI database in a minute, and you will need to ‘rebind’ the VMKernel Ports and add the iSCSI targets back in again.

Manually remove your iSCSI target(s) for ALL the iSCSI NIC/HBA’s

Below if you re-run the command, vmkiscsid –dump-db | grep Delayed you will see there’s still some entries in the database with DelayedAck enabled! So unlike above (see example for software iSCSI) we are going to remove the iSCSI database, only here we don’t need to disable the software iSCSI initiator (because we are not using one!) Finally reboot the host.

[box]

cd /etc/vmware/vmkiscsid
rm -f vmkiscsid.db
reboot

[/box]

When the host is back online ADD in the Network Port Binding for the appropriate VMkernel adaptor.

Like so;

DON’T RESCAN THE CONTROLLER AS PROMPTED TO DO SO!

On the Advanced Settings of EACH hardware iSCSI NIC/HBA > Edit > UNTICK ‘DelayedAck’.

Double check they are both still unticked (I’ve seen them re-tick themselves for no discernible reason!) Then rescan the controller(s).

Target > Add.

Re-add the iSCSI target back in, (that you took note of above).

Select the Target > Advanced > Untick the DelayedAck option (Note: This time it’s not inherited). Repeat for any additional iSCSI targets.

When they are all added, rescan the storage controllers again.

Finally recheck all the database entries are set to DISABLED.

[box]

vmkiscsid --dump-db | grep Delayed

[/box]

Related Articles, References, Credits, or External Links

Thanks to Russell and Iain for their patience while I worked all that out!

Upgrading vSphere ESXi Hosts (Including HP and Dell)

KB ID 0001343

Problem

Before you think about upgrading your hosts, you should upgrade your vCenter,

Upgrade vSphere vCenter Appliance

Assuming that’s all done, your task now is to upgrade your hosts, if you have a vanilla VMware ESXi version installed. You COULD simply SSH into the host, and execute the following commands;

[box]

esxcli network firewall ruleset set -e true -r httpClient
esxcli software profile install -p ESXi-6.5.0-20170702001-standard -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml

[/box]

Well that’s great but if you are using a custom ESXi image, the process won’t even start, you simply get warned that this won’t work, as it will break all the vendor specific drivers/software, (which is a good thing I suppose, the warning I mean, not the breaking things!)

Still, if you have a vendor modified copy of ESX what do you do? Well the following procedures will work for any version of the software, either vanilla VMware or HP/Dell/IBM etc. AND IT RETAINS ALL THE HOST SETTINGS, i.e. licences, vSwitches (standard and distributed), certificates etc.

Solution 1: Use an ‘Offline Bundle’ update

Firstly, you need a copy of the appropriate ‘offline bundle’ update, below you can see this is the customised one for HPE servers.

Upload the offline bundle into a datastore, (that the host to be upgraded has access to!) While in here, shut down the guest VMs on this host, and put the host into ‘maintenance mode‘.

NOTE: If you are updating an HPE Server, there will be a gen-9 and a pre-gen-9 update bundle! Pick the correct one!

Or, you can upload the bundle via SCP into the appropriate datastore, if you prefer.

SSH into the host you are going to upgrade. Below you can see me navigating to the Datastore;

[box]

cd /vmfs/volumes
ls

[/box]

Enable SSH Access to VMware vSphere ESX

And there’s my offline bundle ready to be installed.

Remember: Even if you’re in the correct directory, you need to specify the ‘full path’ to the ‘offline bundle‘ (or it looks in the ‘/var/log’ directory and won’t work). Execute the following command;

[box]

esxcli software vib update -d /vmfs/volumes/{Datastore-Name}/VMWare-ESXi-6.5.0-Update2-9298722-HPE-preGen9-650.U2.9.6.8.3-Sept2018-depot.zip

[/box]

For a while it will look like nothing is happening, (don’t panic.) After a while a LOT of text will scroll past (quickly). Scroll back up to the TOP of all that text, and you are looking for, is ‘The update completed successfully‘.

Reboot the host.

Solution 2: Use VMware Update Manager

Warning: You CANT deploy an ESXi image, thats OLDER than the Update Manager you are running, i.e. if your vCenter is 6.5 you cant upload an ESX 6.0 image, (it will fail – this cost me two hours onsite!)

Warning 2: You need vCenter 6.0 Update1 or newer to perform this function.

I’ve got two hosts, one’s a Dell PowerEdge and the other a HP Proliant, I’ve already upgraded the HP server, you will see that in the screen shots below, now I’m going to upgrade the Dell.

Before Starting;

  • Download the install .ISO file that has the newer version of the ESXi software.
  • vMotion all the VM’s off the host being upgraded, (to save time).
  • If you have two hosts, (like me.) You might want to disable HA and DRS on the cluster as well temporarily!

Connect to vCenter > Home.

Update Manager.

Select the vCenter > Manage > ESXi Images > Import ESXi image.

Browse to the .iso file you downloaded and upload it to update manager.

After a short pause you should see the image appear, (Note: you can see the HP one I uploaded earlier) > Select the one to deploy > Create Baseline.

Give it a sensible name > OK.

Back in ‘Hosts and Clusters’ View > Select the Cluster > Update Manager > Attach Baseline.

Select your new one > OK.

Scan for updates > Select Upgrade Only > OK.

After a while, you will see your baseline saying ‘Non-Compliant‘ > Select it > Remediate.

Select the new baseline again > Next > Select the ‘Target Host’ to upgrade > Next > Accept the EULA > Next.

Next > Next.

Next > Finish.

Watch the task bar > Remediation will start > The host will go into Maintenance mode, get upgraded, reboot, and be taken out of maintenance mode.

Here you can see my host is now upgraded. (Mine’s an older server, it took about 45 minutes).

Note: If you disabled HA, DRS etc, you will want to re-enable that now.

 

Related Articles, References, Credits, or External Links

Upgrade vSphere vCenter Appliance to Version 6.5

VMware Upgrading the vSphere Virtual Center Appliance

VMware ESXi 5 – Applying Patches and Updates

Update VMware ESXi from 4.0 to 4.1

Upgrade ESX 3 to version 4.1.0

Dell iDRAC: ‘Virtual Media is Detached’

KB ID 0001459

Problem

I’d needed to present an .iso image to my Dell server and got this;

Either Virtual Media is detached or
Virtual Media redirection for the selected virtual disk is already in use

Solution

System  > Console Media > Configuration > Virtual Console > Enabled (tick)  > Status (Auto Attach) > Save.

Related Articles, References, Credits, or External Links

NA

Cisco IOS – Enabling LLDP

KB ID 0001289 

Problem

If you’re running Cisco IOS on all you devices then you can use CDP  to see what’s directly connected, (unless you are on a Cisco firewall, but I did say IOS devices). 

[box]

Petes-Switch#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
                  D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
Petes-CPE.petenetlive.com
                 Gig 1/0/19        148             R S I  CISCO2901 Gig 0/0
Petes-Switch#

[/box]

But just about every other vendor uses LLDP (Link Layer Discovery Protocol,) to do the same job. So how do you discover what ports you are plugged into on them, or what they are?

 

Solution

Well in most cases, (depending on your code) your devices also support LLDP, it’s just disabled by default. You simply turn it on with an ‘lldp run’ command.

[box]

Petes-Switch(config)#lldp run
Petes-Switch(config)#exit
Petes-Switch#show lldp ?
  entry      Information for specific neighbor entry
  errors     LLDP computational errors and overflows
  interface  LLDP interface status and configuration
  neighbors  LLDP neighbor entries
  traffic    LLDP statistics
  |          Output modifiers
  

[/box]

Now I see my neighbours, (yes that is how it’s spelt I’m English!) In my example below the neighbour is a Dell Switch.

[box]

Petes-Switch#show lldp neighbors
Capability codes:
    (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
    (W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other

Device ID           Local Intf     Hold-time  Capability      Port ID
90b1.1cf4.39e1      Gi1/0/11       120                        ManagementEthernet 0/0
90b1.1cf4.39e1      Gi1/0/14       120                        TenGigabitEthernet 1/45
90b1.1cf4.39e1      Gi2/0/13       120                        TenGigabitEthernet 0/44
90b1.1cf4.39e1      Gi1/0/13       120                        TenGigabitEthernet 1/44
90b1.1cf4.39e1      Gi2/0/14       120                        TenGigabitEthernet 0/45
90b1.1cf4.39e1      Gi1/0/16       120                        TenGigabitEthernet 1/47
90b1.1cf4.39e1      Gi2/0/16       120                        TenGigabitEthernet 0/46
90b1.1cf4.39e1      Gi1/0/15       120                        TenGigabitEthernet 1/46
90b1.1cf4.39e1      Gi2/0/15       120                        TenGigabitEthernet 0/47

Total entries displayed: 9

[/box]

 

Related Articles, References, Credits, or External Links

HP Networking – Tracing Networks and Locating IP addresses

Dell Inspiron 1525 – Bluetooth Problem

KB ID 0000402 

Problem

I promised to take a quick look at one of my mum’s friends laptops the other evening, the brief was; they had a problem opening office attachments, and their wireless mouse was’nt working. I assumed they needed the document conversion pack and probably had a flat battery, so I downloaded the update, and slung some batteries in my laptop bag.

The attachment problem was sorted (by re-installing office and changing some file assocations). But the mouse (Which was bluetooth) was somewhat more “fun” to fix.

Basically the laptop had been rebuilt some time ago, and since then the bluetooth would not work, normally I’d just download the drivers but that would have been too simple. Before I could get the mouse to work I needed to enable bluetooth on the laptop.

Solution

1. Stop searchig the chassis there is no switch to enable blueetooth, it can only be enabled by software.

2. Download Bluetooth Driver software here.

3. Install the update.

4. It will dump all its files in C:delldriversR140135, once the files have extracted navigate to the C:delldriversR1401353100_216 folder and run setup.exe.

5. At the end it will tell you to enable wireless by pressing fn&F2 – THIS WONT WORK, click cancel.

6. Back in the C:delldriversR1401353100_216 folder you need to open the Win32 folder if your on a 32 bit machine or the Win64 folder if you on a 64 bit machine. (I dont know).

7. Locate the Inst.exe file and run it.

8. At the end it will once again ask you to press Fn and F2 – Do nothing, but leave the install sat there waiting.

9. With the install still waiting, navigate to “C:Program FilesWIDCOMMBluetooth Software” and locate BTTray.exe

10. Double click BTTray.exe and after a few seconds the bluetooth icon should appear in the taskbar (bottom right). Right click it and turn it on.

11. At this point, the install will burst back into life and setup your bluetooth wireless.

 

Related Articles, References, Credits, or External Links

NA

Dell PowerEdge – PERC RAID Card Importing / Using ‘Foreign’ Disks

KB ID 0000639 

Problem

I bought some SAS disks from eBay to go in my Power Edge 2900 Server, and scratched my head for a while trying to get the PERC RAID controller to use them. I could only see them marked as ‘Foreign’. Probably because they did not have their original config ‘wiped’ off them before I bought them.

Solution

1. Boot the server, Press CTRL+R when prompted, then press ‘C’ to enter the Configuration Utility.

WARNING: DONT clear the config on the controller or you lose ALL your Virtual Disks / Arrays.

2. Select the controller > F2 > Foreign Config > Clear > Confirm.

3. You can now add the disk(s) as a new Virtual Disk.

4. I’m just presenting one 300GB SAS disk as RAID0 here.

Related Articles, References, Credits, or External Links

NA

Accessing Dell ‘DRAC’ Fails – ‘DRAC5 Console Redirection Client Unable to launch application’

KB ID 0000918

Problem

After I got a new laptop, I attempted to connect to my test server and was greeted with this error.

Application Error
Unable to launch the application

Name: DRAC5 Console Redirection Client
Publisher: Dell Inc
Location: {ip-address}:443

So I hit the details tab and got this,

Error: Missing required Permissions manifest attribute in main jar:
https://{ip-address}:443/plugins/vkvm/avctDRAC5Viewer.jar

Solution

Luckily I had seen a similar error a couple of weeks ago, while a colleague was trying to set up a Cisco ASDM. This is a ‘security feature’ of Java version 7 (Update 51). Work had pre-built my new laptop, so I simply downgraded to Java version 7 Update 45. And it burst into life.

DRAC 5 Java Workaround

Currently Dell consider DRAC5 EOL (End Of Life) and will not fix the certificate issue with updated firmware. Their official response is ‘Maintain an older version of Java’. So either downgrade or lower the security settings;

1. Windows Key + X > Control Panel.

2. Java > Security> Set to Medium.

Related Articles, References, Credits, or External Links

Original article written:19/02/14

Dell DRAC 5 – ‘Error when reading from SSL socket Connection’

Dell DRAC 5 – ‘Error when reading from SSL socket Connection’

KB ID 0001062 

Problem

Ages ago I did an article on how a Java update has stopped me getting access to the DRAC 5 controller on my Power Edge 2950. Well I had more problems this week trying to get on from my MAC.

Solution

The problem is, Java have pretty much blocked communications with SSLv3 (in light of the recent Poodle attack scares). Which is fair enough, but it’s not helping me get on my server that’s 50 miles away! The following procedure allows you to re-enable SSLv3 in Java (Tested on version 8 update 40). Obviously there is some security risks in doing so, this is as SSLv3 is exploitable, so best practice would be to just do this temporarily to get access then disable it again when no longer needed.</p?

1. You need to locate your java.security file, I’ve found paths all over the Internet to its location, the one that matters I found in the following locations;

MAC OSX: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/security/java.security

Windows: C:Program Files (x86)Javajre{version}libsecurityjava.security

Note: If Java/Apple monkey around with paths and you are looking at this in the future execute the following terminal command to find the file;

[box]find / -name ‘java.security‘ -print 2>/dev/null[/box]

2. Once located, edit the file and locate the line that reads;

[box]jdk.tls.disabledAlgorithms=SSLv3[/box]

MAC OSX Java.Security

Windows Java.Security

3. Simply remove SSLv3 from the end of the line and save the file. NOTE: With MAC OSX you will need to SUDO, to have the permissions to edit this file (see below).

Related Articles, References, Credits, or External Links

NA