Having your ESX Server running the correct time is quite important, and before you visit this subject, I would suggest you MAKE SURE the time is set in the ESX Servers BIOS, ie the internal clock is set correctly first. I’ve lost count of the amount of times I’ve seen Windows domains fall over because the ESX host has reverted to its BIOS time and replicated that time to its guests, suddenly your domain clocks are two years apart and carnage ensues!
Throughout this procedure I will be setting my VMware environment to sync time with a LOCAL windows domain controller, some may argue if the domain controller is a virtual machine in a virtual environment that this is a BAD IDEA. I understand that argument (but this is my test network). In production I would rather have my devices getting time synchronised from a public reliable public time source.
Solution : ESX NTP
Step 1: vCenter NTP
Assuming you have already set time correctly on you domain controller as per this article. Then the next step is to configure you vCenter server(s) NTP time source. note: If you are using stand-alone ESX Servers please skip this section.
Note: For this to work the hosts need to be able to communicate with the time servers over NTP (UDP Port 123), ensure your firewall has this port open to the NTP source or time sync will fail.
Connect you your vCenter(s) direct admin console https://{ip-or-domain-name}:5400 log in as root. Navigate to Time > Select the correct Time Zone (Note: there is GMT but no BST So if you’re in the UK select Europe/London). Under Time Synchronization > Edit > Mode = NTP > Time Servers = the IP(s) of you time sources > Save.
Have a coffee, eventually it should look like this.
Step 2: ESX NTP (Directly)
Note: If you are managing ESX hosts via vCenter skip to the next section, this procedure is used to set NTP on an ESX host directly. Connect to the management console of your ESX Server. Navigate to Manage > System > Time & Date > Edit NTP Settings.
Select “Start and Stop with Host” > Enter the IP addresses or names of the NTP Source(s) > Save.
Step 2: ESX NTP (via vCenter)
Connect to vCenter and select your first ESX host > Configure > Time configuration > Add Service > Network Time Protocol > Enter the IP addresses(s) or name(s) of you NTP Server(s) > OK.
At this point go and have a coffee > Hit Refresh > ONCE there’s an entry under Last Time Sync > Test Services.
The output should look something like this
ESX NTP For OLDER versions of vSphere
Connect to the host (or vCenter and drill down to the host(s)). Select the host in question > Configuration > Time Configuration > Properties > Tick NTP Client Enabled > Options > Add > Add in your public time server IPs > Tick ‘Restart NTP Service to apply changes’ > OK > OK.
Note: I’m in the UK so I’m using two time servers in this country, you may want to use one closer to home.
Note: If all these details are IN RED, then it has failed to sync, either be patient, try putting the host into and out of maintenance mode, or reboot it, if it continues to fail check it can see the public time servers on UDP port 123.
Related Articles, References, Credits, or External Links
If you have arrived here, you have either noticed that the time is wrong on your server(s) or client PC(s), or you have looked in the event viewer and seen one of the following events being logged. Event ID’s 12, 22, 29, 36, 38, 47, and 50.
Event ID 12 (W32 Time Time Provider NtpClient: This machine is configured to use {text omitted}, but it is the PDC emulator…).
Event ID 29 (The time provider NtpClient is configured to acquire time from one or more time sources…).
Event ID 36 (The time service has not synchronized the system time for 86400 seconds…).
Event ID 38 (The time provider NtpClient cannot reach or is currently receiving invalid time data from…).
Event ID 47 (Time Provider NtpClient: No valid response has been received from manually configured peer…).
Domain Time Problem Events – On Domain Members
Event ID 50 (The time service detected a time difference of greater than 5000 milliseconds for 900 seconds…).
Event ID 22 (The time provider NtpServer encountered an error while digitally signing the NTP response for peer…).
Solution : Domain Time Problems
Setting domain time is a TWO-STEP process, set the time correctly on the PDC emulator, then let the clients take their time from the PDC emulator.
Locate the PDC Emulator
1. On a domain controller, Windows Key+R > netdom query fsmo {Enter}.
2. Take note of the PDC name and go to that server.
NTP Firewall config (Domain Time)
1. Ensure UDP Port 123 is open outbound from the PDC Emulator. How this is done will vary depending on your firewall vendor. If you have a Cisco ASA or a Cisco PIX see my article here.
To Test Use NTPTool
Below either the port is blocked (or the hostname/IP of the external NTP server is incorrect);
This is how it should look, every-time you press query you should get a response, now you know the correct port is open;
Configure the PDC Emulator to collect Reliable Domain Time
Of course our PDC Emulator is also a domain controller, so we need to link a GPO to the domain controllers OU. But we dont want all DC’s getting their time from an external source, so we will create a WMI filter to ensure the policy will only apply to the PDC emulator server.
Administrative tools > Group Policy Management > WMI Filter > New > PDC-Emulator-Only > Add > Select * from Win32_ComputerSystem where DomainRole = 5 > OK.
Don’t panic if you see this error > OK > Save.
Create a new GPO linked to the Domain Controllers OU.
Change the policy so it uses your WMI filter;
Edit The Policy, and navigate to;
[box]Computer Configuration > Policies > Administrative eTemplates > System > Windows Time Service > Time Providers[/box]
Configure Windows NTP Client
Enable the policy > set the NtpServer setting to server-name(comma)stratum-type(space). If you get this wrong you wont sync, and you will see this error.
Enable Windows NTP Client
Enable the Policy (The server still needs to get its time from the external source!)
Enable Windows NTP Server
Enable the policy (The server also needs to provide time to the domain clients).
Save and exit the policy editor, then on the PDC emulator force a policy update and resync the time. Finally run rsop to make sure the settings have applied.
Setting PDC Emulator Time From Command Line
1. On the PDC emulator Windows Key+R > cmd {Enter}.
2. At command line execute the following four commands;
[box]
w32tm /config /manualpeerlist:ntp2d.mcc.ac.uk /syncfromflags:manual /reliable:yes /update
net stop "windows time"
net start "windows time"
w32tm /resync
[/box]
Note: If you are NOT in the UK or simply want to use a different NTP time server go here for alternatives.
3. Look in the servers Event log > System Log for Event ID 37.
---------------------------------------------------------------
Event Type: Information
Event Source: W32Time
Event Category: None
Event ID: 37
Date: xx/xx/xxxx
Time: xx:xx:xx
User: N/A
Computer: {servername}
Description:
The time provider NtpClient is currently receiving valid time
data from ntp2d.mcc.ac.uk (ntp.m|0x0|10.0.0.1:123->130.88.203.64:123).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. —————————————————————
4. You will also see Event ID 35.
---------------------------------------------------------------
Event Type: Information
Event Source: W32Time
Event Category: None
Event ID: 35
Date: xx/xx/xxxx
Time: xx:xx:xx
User: N/A
Computer: {servername}
Description:
The time service is now synchronizing the system time with the time source
ntp2d.mcc.ac.uk (ntp.m|0x0|10.0.0.1:123->130.88.203.64:123).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. —————————————————————
Step 2 Check the domain clients
This is all you should need to do, because, (by default) all Domain clients get their time from the PDC when they log on, but to check;
1. Windows Key+R > cmd {enter}.
2. Execute the following command;
[box] w32tm /monitor [/box]
3. You will see the time this client can see, on all the domain controllers.
(In the case above the time on server-dc is way out, address that first – (it was an old Windows 2000 server and running “net time server-pdc” {enter} fixed it).
4. Once all the domain controllers have a time that’s accurate (like the last three in the example above), then proceed.
5. Execute the following commands on a client machine;
[box]
net stop "windows time"
net start "windows time"
w32tm /resync
[/box]
6. The machines event log should show the following successful events;
Event ID 37 (The time provider NtpClient is currently receiving valid time data from..).
Event ID 35 (The time provider NtpClient is currently receiving valid time data from..).
Setting Domain Clients Time via GPO
As already outlined you should not need to do this, (as it’s the default setting,) but if there’s a problem you can force domain clients to look at your PDC emulator for reliable time.
Create a GPO, and link it to the OU containing the computers you want to sync’
Edit the policy and navigate to;
[box]Computer Configuration > Policies > Administrative eTemplates > System > Windows Time Service > Time Providers[/box]
Configure Windows NTP Client
Enable the policy > Set the NtpServer to {Your-PDC-Name},0x9 > Set the Type to NT5DS.
Enable Windows NTP Client
Enable this policy.
Testing Client NTP Settings
Either run;
[box]w32tm /query /status[/box]
Or run RSOP.
Related Articles, References, Credits, or External Links
Remotely connecting to Windows is easy we’ve had RDP since Windows NT4, (yes I’m that old). But what if you want to remote connect to a mac? Well that has ‘Screen Sharing’ built in, (which it pretty much the same, but it uses VNC).
If you’re unfamiliar with VNC, (Virtual Network Computing,) you can install it on both Windows and Linux. Normally you need a client, (to connect with) and a server, (to connect to). VNC server is built into your Mac, so you just need to switch it on.
Note: To access though a firewall you will need to have TCP port 5900 open/forwarded to the mac.
Solution
Apple Symbol > System Prefernces > Sharing.
Tick: ‘Screen Sharing‘ > Computer Settings > Tick VNC viewers may control screen with password > Enter a password > OK.
On a remote machine download a VNC client (there are a lot to choose from!) > Point it to the IP address of your mac > Enter the password you set, (above).
And you are connected.
Related Articles, References, Credits, or External Links
Given the amount of deployments I do, it’s surprising that I don’t use KMS more often. Like most technical types, I find a way that works for me, and that’s the way I do things from then on. However these last few weeks I’ve been putting in a new infrastructure for a local secondary school. Their internet access is through a proxy server, that refuses to let Windows activation work. Unfortunately the “Administrators” of this proxy server were not disposed to give me any help, or let me anywhere near it, to fix it.
So after activating a dozen servers over the phone, I decided enough was enough “I’m putting in a KMS Server!”
I’m deploying KMS on Windows Server 2008 R2, and it is for the licensing and activation of Serer 2008 R2 and Windows 7. I will also add in the licensing KMS mechanism for Office 2010 as well.
Note: If you are using Server 2003 it will need SP1 (at least) and this update.
Solution
To be honest it’s more difficult to find out how to deploy a KMS server, than it actually is to do. I’ve gone into a fair bit of detail below but most of you will simply need to follow steps 1-4 (immediately below). In addition, after that I’ve outlined how to deploy KMS from command line. Then how to test it, and finally how to add Microsoft Office 2010 Licenses to the KMS Server.
Install Microsoft Windows 2008 R2 Key Management Service (EASY)
1. The most difficult part is locating your KMS Key! If you have a Microsoft License agreement, log into the the Microsoft Volume License Service Center, and retrieve the KMS License Key for “Windows Server 2008 Std/Ent KMS B”
Note: To License/Activate Server 2008 R2 AND Windows 7 THIS IS THE ONLY KEY YOU NEED. You do NOT need to add additional keys for Windows 7. (You DO for Office 2010, but I’ll cover that below).
2. Armed with your new key, you simply need to change the product key on the server that will be the KMS server, to the new key. Start > Right Click “Computer” > Properties. (Or Control Panel > System). Select “Change Product Key” > Enter the new KMS Key > Next.
3. You will receive a warning that you are using a KMS Key > OK. You may now need to activate your copy of Windows with Microsoft, this is done as normal, if you can’t get it to work over the internet you can choose to do it over the phone.
4. In a corporate environment (behind an edge firewall) you may have the local firewall disabled on the server. If you do NOT then you need to allow access through the local firewall for the “Key Management Service”, (this runs over TCP port 1688). To allow the service, Start > Firewall.cpl {enter} > Allow program or feature through Windows Firewall” > Tick Key Management Service > OK.
Note: Should you wish the change the port the service uses, you can do so with the following command, i.e. to change it to TCP Port 1024;
[box]
cscript c:\Windows\System32\slmgr.vbs /SPrt 1024
[/box]
That’s It! That is all you should need to do, your KMS Server is up and running.
Install Microsoft Windows 2008 R2 Key Management Service from Command Line
You will notice below that I’m running these commands from command windows running as administrator (Right click “Command Prompt” > Run as administrator).
Note: To License/Activate Server 2008 R2 AND Windows 7 THIS IS THE ONLY KEY YOU NEED. You do NOT need to add additional keys for Windows 7. (You DO for Office 2010, but I’ll cover that below).
2. Providing the command runs without error, we have just changed the product key for this Windows server to be the KMS key.
3. Now we need to activate the Windows Server > Run the following command;
[box]
c:\Windows\System32\slui.exe
[/box]
Select “Activate Windows online now” > Follow the on screen prompts.
4. When complete, it should tell you that it was successfully activated.
5. In a corporate environment (behind an edge firewall) you may have the local firewall disabled on the server. If you do NOT then you need to allow access through the local firewall for the “Key Management Service”, (this runs over TCP port 1688). To allow the service, Start > Firewall.cpl {enter} > Allow program or feature through Windows Firewall” > Tick Key Management Service > OK.
Note: Should you wish the change the port the service uses, you can do so with the following command, i.e. to change it to TCP Port 1024;
[box]
cscript c:\Windows\System32\slmgr.vbs /SPrt 1024
[/box]
That’s It! That is all you should need to do, your KMS Server is up and running.
Testing the Key Management Server
Before it will start doing what you want it to, you need to meet certain thresholds, with Windows 7 clients it WONT work till it has had 25 requests from client machines. If you are making the requests from Windows 2008 Servers then the count is 5. (Note: For Office 2010 the count is 5 NOT 25)
Interestingly: On my test network I activated five Windows 7 machines, then one server, and it started working.
Windows 7 and Windows 2008 R2 have KMS Keys BUILT INTO THEM, if you are deploying/imaging machines you should not need to enter a key into them (unless you have entered a MAK key on these machines then you will need to change it to a client KMS Key). These are publicly available (see here).
1. The service works because it puts an SRV record in your DNS, when clients want to activate, they simply look for this record before they try and activate with Microsoft, if they find the record, they activate from your KMS Server instead. If you look on your domain DNS servers, expand “Forward Lookup Zones” > {your domain name} > _tcp > You will see an entry for _VLMCS that points to your KMS Server.
2. From your client machines you can test that they can see the SRV record, by running the following command;
[box]
nslookup -type=srv _vlmcs._tcp
[/box]
Note: If this fails, can your client see the DNS server? And is it in the domain?
3. There is no GUI console for KMS to see its status, so run the following command on the KMS server;
[box]
cscript c:\Windows\System32\slmgr.vbs /dli
[/box]
4. As I’ve mentioned above, with Windows clients you need 25, and Windows Servers you will need 5 requests before KMS will work, before this you will see;
Windows Activation
A problem occurred when Windows tried to activate. Error Code 0xC004F038
5. For each of these failures, look-in the KMS Server, and the “Current count” will increment by 1 till it starts to work). In a live environment this wont be a problem, (You probably wont be looking at KMS with less than 25 clients!). On a test network just clone/deploy a load of machines until you hit the threshold.
Troubleshooting KMS Clients
To make things simple the command to execute on the clients, is the same command that you run on the KMS server to check the status.
[box]
cd c:\windows\system32
slmgr /dli
[/box]
For further troubleshooting, see the following links.
In addition to servers and clients, KMS can activate and handle Office 2010 licenses as well. You simply need to add in Office support, and your Office 2010 KMS key. As mentioned above, unlike Windows clients, you only need five requests to the KMS server before it will start activating Office 2010 normally.
1. First locate your Office 2010 KMS Key! If you have a Microsoft License agreement, log into the the Microsoft Volume License Service Center, and retrieve the KMS License Key for “Office 2010 Suites and Apps KMS”
Note: As with Windows 7, and Server 2008 R2, Office 2010 comes with a KMS key already installed, if you have changed the key to a MAK key you can change it back using the Microsoft public KMS keys (see here).
If you have a Meraki Security device and have enabled ‘Content Filtering’, instead of a nice ‘block-page’ informing you why you are being blocked you may see this;
http://wired.meraki.com:8090
This is happening because your Corporate DNS is resolving ‘wired.meraki.com’ to 54.241.7.184, which you can also see if you look at the URL you are trying to connect to it on port 8090. A quick nmap of that IP will tell you port 8090 is not open, (only port 80 and port 443 are).
This is happening because if you were to use your Meraki Device for DNS forward lookups, it would ‘DNS Doctor’ the return DSN packet and insert its own IP address in there instead. That’s fine but most corporate networks don’t want to use their Meraki devices for DNS forward lookups.
The easiest way to resolve the problem, is with your own corporate DNS servers.
Solution
First you need the inside IP of your Meraki device(s). You can get these from the Meraki Dashboard (Security Devices > Addressing and VLANS). If you browse to that IP, you should se something similar to below;
Armed with that information, go to one of your DNS Servers, and create a new forward lookup zone.
Next > Primary zone > Next > To all DNS Servers… > Next.
Zone Name = wired.meraki.com > Next > Allow only Secure… > Next > Finish.
In the newly created zone, create a ‘New Host (A or AAAA) record.
Enter the Inside IP or your MX device (only) > Add Host > Repeat for each Meraki device, if you have more than one.
Now you will receive a slightly more friendly blocked page.
Related Articles, References, Credits, or External Links
In Part 3 we ran through manual pools, if you want to deploy automated pools using ‘Linked Clones’, then you will need VMware Composer. Composer installs on your Virtual Center Server. It also requires a database, the following is a step by step guide to installing SQL Server 2008 R2 and configuring it for Composer.
VMware View 5 Suppored Database Platforms
When you have your databse platform installed and configured, on the Virtual center server create an ODBC connection to the database and install VMware Composer. Finally you will need to enable composer in the VMware View Administrator Console.
Solution
VMware View – Installing SQL 2008 R2 and Configuring for Composer
1. Let the SQL DVD auto-run and choose Installation > New installation > OK > Product Key > Next > Accept the EULA > Next > Install the setup files.
2. Take note of any warnings, here it’s complaining that I’m on a domain controller (in a test environment this is OK, don’t do this in production!). And it’s giving me a firewall warning. I’m going to disable the firewall as I’m behind a corporate firewall, BUT if you want to create an exception for TCP port 1433, or run the following command. That would be the correct way to address the warning.
[box] netsh advfirewall firewall add rule name = SQLPort dir = in protocol = tcp action = allow localport = 1433 remoteip = localsubnet profile = DOMAIN [/box]
3. You only need the “Database Engine Services” and the “Management Tools” , or you can simply install everything > Next > Next > Select Default Instance* > Next > Next.
*Unless you specifically want a named instance.
4. I set the services to run under the ‘System’ account, if you want to use the domain admin, or another domain service account use that instead. You can use the “Use same account button for all” to save typing > Next.
5. We will need SQL authentication, type in a suitable complex password (You can add the current user of the domain administrator as well) > Next > If your installing Analysis services you can add an account here > Next.
6. Install the native mode default configuration > Next > Next > Next > Install > Close > Exit the SQL installer.
7. Launch the SQL Management Studio > Log in (for servername simply type in localhost) > Right click Databases > New Database..
8. Give the Database a name > Select the ‘Options’ Settings.
9. Change the recovery model to ‘Simple’ > OK.
10. Expand Security > Logins > Create a new login.
13. Give the new user/login a name, select SQL authentication > Set a complex password > Untick Enforce password expiration > Select the user mappping section (on the left).
14. Select the database you have just created and give this new user the “db_owner” role > OK > Exit the management studio
VMware View – Configure ODBC Settings on the Virtual Center Server
15. On the vCenter Server > Start > Administrative Tools > Data Sources (ODBC).
16. System DSN > Add > SQL Server Native Client > Finish,
17. Add in the Database name and the server you installed SQL on > Next.
18. Supply the details for the user you created and the password you set > Next.
19. Change the default database from ‘master’ to the one you created > Next > accept all the defaults > Finish.
20. Click ‘Test Data Source’ and it should say TEST COMLPETED SUCESSFULLY > OK > OK > OK.
VMware View – Installing VMware Composer
Note: Composer MUST be installed on your VMware virtual Center (vCenter) Server.
21. Run the installer > Next > Next > Accept the EULA > Next > Next > Enter the ODBC details and login you created earlier > Next.
22. Next > Install > Finish.
VMware View – Add Composer to VMware View Administrator Console
23. Connect to, and log into the VMware View Administrator Console > View Configuration > Servers > If you already have a vCenter server select Edit > If not select Add.
24. On the vCenter Server settings tab ensure ‘Enable View Composer’ is ticked and add in a domain user (with rights to create, and delete computer objects in the domain) > OK.
25. You will know if the operation was successful as the vCenter logo will change, it will now have a gold/yellow box around it.
Related Articles, References, Credits, or External Links
Below I’ll configure SQL 2008 R2, insofar as I will setup a new database for the View Events, create a user for that database, then finally connect the View 5 Horizon View Connection Server to that database.
Solution
1. Firstly, I’m assuming you have a SQL Server setup and ready to create database on, If you do not rather than reinvent the when follow my instructions in the article below.
Note: Complete ONLY Steps 1 to 6 then return here.
2. Login to the SQL Management Studio > Databases > New Database.
3. Call it View5Events (Note: You can call it ‘Aunty Mary’s Canary’ if you want to).
4. Options section > change the recovery mode to ‘Simple’ > OK.
5. Expand Security > Logins > New Login.
6. Give the user a name i.e. view5events > Tick ‘SQL Authentication’ > Type and re-type a password > Untick ‘Enforce password policy’.
7. User Mapping tab > Tick the View5Events Database > Tick db_owner > OK > Close the SQL Management Studio.
8. Login to the Connection Server (Flash Required) > View Configuration > Event Configuration > Edit,
Database Server: The name of the Server Running SQL. Port: 1433 (Standard SQL Port make sure it it NOT blocked by a firewall). Database Name: View5Events User name: view5events Password: {You set above} Table prefix: _vdi
9. To see if it is working > Monitoring > Events > (It may be empty for a while don’t panic).
Related Articles, References, Credits, or External Links
The ability to administer vCenter via a web browser is nothing new, vCenter has had a web console in previous versions.
vCenter vSphere 4 Web Client (Web Access)
The version with vSphere 5 is much more feature rich. Like the VMware vSphere client it talks directly to the vCenter vSphere API, but unlike previous web access, the component needs to be installed and configured before you can use it.
What the Web Client Can Do
1. Connect to a vSphere vCenter server.
2. Can be used on non Windows machines (VI Client is Windows only).
3. Deploy Virtual Machines (Including deployment from Templates).
Prerequisite: The vCenter server needs to have Adobe Flash installing on it to access the management console.
1. From the vCenter Installer media select “VMware vSphere Web Client (Server) > Install > Follow the on screen prompts.
2. Accept all the defaults, note the secure port number we will be using that later (TCP Port 9443).
3. Once installed > On the vCenter server itself open a browser window > navigate to > https://{servername}:9443/admin-app > Select “Register vCenter Server”.
vSphere Web Client Supported Browsers: Internet Explorer (7 or newer) and Firefox (3.5 or newer), I’ve tried Chrome, it works, but some functionality is lost. (anything that requires the plug in i.e. console connections).
4. Enter the details for the vCenter server > Take note of the URL for your client to access (https://{servername}:9443/vsphere-client) > Register.
5. You will probably be using self signed certificates to tick the box and select “Ignore”.
6. That’s the server configured and ready to go.
Step 2 – Access the vCenter from web client
1. Open a browser window and navigate to https://{servername}:9443/vsphere-client> You may receive a warning about the certificate (because it’s self signed) click to continue > Enter your credentials > Login.
2. The first time you connect it launches the welcome splash screen > tick “Do not show..” and close the window. (Note you can launch it again from the help menu).
Note: If you see this error:
Connection Error
Unable to connect to vCenter Inventory Service –
https://{servername}:10443
Check on the vCenter server to make sure this service is running.
3. You should then be connected, and be able to browse your virtual infrastructure.
4. You can “console” onto your VM’s (Note: will need a plug in installing your browser will prompt you to accept/install).
Related Articles, References, Credits, or External Links
Note: I’ve had the same problem on a freshly installed vCenter 5.1 as well.
I upgraded my Virtual Center from 5.0 to 5.1 yesterday, and post upgrade I could no longer login, it would tell me “Unknown user or bad password”.
During the upgrade I did see this error, but after that the install completed successfully.
Error 29155.Identity source discovery error
As it turns out this was the root cause of my problem.
Solution
1. Firstly install the ‘Web Client’ on the Virtual Center. Note: You will need Adobe flash installing for this to work. (Sometimes this needs a reboot, and the firewall turning off, and/or adding to trusted sites in IE, before it works).
Note: The Web Client is on the Virtual Center install CD.
2. Connect to the the server on https://localhost:9443 log on (Note: Use the username of admin@System-Domain and the password you used when you installed Single Sign on earlier). Expand Sign on and Discovery > Configuration > Select the ‘Add’ icon.
3. Supply your domain details as follows, those ldapURL’s simply point to the domain controller(s).
4. Scroll down and enter the domain logon credentials, then select ‘Test Connection’.
5. It should say connected successfully, if not check the comms and the details you entered are correct.
6. Click the ‘Add to Default Domains’ Icon.
7. Finally save the changes by selecting the ‘Save’ icon, you should now be able to authenticate to the vCenter with your domain credentials.
Related Articles, References, Credits, or External Links
I wanted to perform command line access to a virtual firewall on my home ESXi server, (a Juniper Firefly vSRX) via a console session. To do that I needed to add a serial port to that VM.
Solution
1. From Within the VI client > Select the ESXi Host > Configuration > Security Profile > Firewall Section > Properties.
2. Locate and enable ‘VM serial port connected over network’ > OK.
3. From the actual VM‘s properties, (right click > Edit settings) > Add > Serial Port > Next.
4. Connect via Network > Next.
5. Select ‘Server (VM listens for connection)’ > In Port URI enter telnet://{IP-of the ESX-Server}:2001 > Next.
Note: That’s the IP of the ESX server NOT the VM, here I’m using port 2001, but you can use 23 (standard telnet), or a random port above 1024.
6. Review the settings > Finish.
7. Now on a machine that has network connectivity to the ESX server > launch a telnet session to the VM (remember to use port 2001 as telnet defaults to 23!).
Here I’m using PuTTY but you can run ‘telnet {ip-address} {port}’ from a Windows client, (providing you have telnet enabled).
8. I’m in and working.
Related Articles, References, Credits, or External Links