I’ve been rebuilding some Hyper-V hosts over the last few weeks, and one thing I learned rebuilding VMware ESX hosts is, ‘make sure you know what all the network cards are doing before you flatten it!’
The same is true of storage as well but here I’m just concentrating on networking.
List Network Cards and MAC Addresses
If you have these documented you can rename the network card correctly after the rebuild and the mac addresses ensure you have the right names assigned to the right NICs. (Without having to go and check all the cabling afterwards!)
From the names of the network connections above we can see we are using network teaming, but even if yours dont have sensible names, you can get the team names and the NICs that are a member of each team with the following command;
[box]Get-NetLbfoTeam[/box]
List NICs and IP addresses
To see what IP addresses are in use on which NICs, (physical or virtual) use the following;
2. Know how to connect to a Cisco Firewall (CLICK HERE).
Solution
Step 1 (Add an interface to your host machine)
1. On your host PC/VM Click Start > Run > hdwwiz.cpl {enter} > At the “Add Hardware Wizard” click Next > Let it search > Tick “Yes I’ve allready connected the hardware > Next > Scroll to the bottom > Select “Add a new hardware Device > Next.
2. Select “Install the hardware that I manually select” > Next > Next > Select Network Adaptor > Next > Next > Finish.
3. Click Start > Run > ncpa.cpl > Right Click the new NIC and rename it to loopback adaptor > Then give it a valid IP on your test network. (Right click > properties > TCP/IP).
Step 2 (Configure the connection)
4. Connect to the PIX as shown in Part 1 > Give the PIX an IP address with the following commands;
[box]
enable
{Password} - Set blank by default
configure terminal
int e1
no shutdown
nameif inside
ip address {ip on test network}{subnet of test network}
write men
[/box]
5. To connect tie PIX to the Loopback adaptor you need to add some networking in the GNS3 console > Drag the cloud object into the work area > Right click > Configure.
6. Select C0.
7.Select the loopback adaptor > Add > Apply OK
Note: If you are presenting a real adaptor you will only see some uncomprehensable numbers – locate the “Network Device List” Batch file in the GNS3 directory and run it whis will de-cypher those numbers for you.
8. Drag a switch onto the workspace.
9. Click the connection tool and select “Fast Ethernet”.
10 Select the cloud (Loopback Adaptor) and drag a connection to the switch.
11. Select the PIX (Inteface e1) and drag a connection to the switch.
12. All green lights is good 🙂
13 From another machine on the network make sure you can ping the PIX to test connectivity.
Note: If you are using Microsoft Hyper-V server, you may find that the whole thing fails at this point, If thats the case, then close down the Guest machine and add and configure a “Legacy Network Card”. Bring the system back up and configure the new network card accordingly.
Also if you are in a virtual environment you can simply add another network card and get the cloud to use that instead of using a loopback adapter.
Step 3 Install and configure the ASDM (Web Inteface)
1. Set up your TFTP server and have the asdm image file ready in the TFTP servers root directory.
2. We are now going to allow connection to the PIX via Telnet – becaue the console can be a bit twichy in the GNS3 environment.
[box]
enable
{Password} <-blank be default
configure terminal
telnet 0.0.0.0 0.0.0.0 inside
passwd cisco <- sets telnet password to cisco
write men
[/box]
3. Now you can telnet to the PIX from another machine and copy the ASDM image from your TFTP server to the PIX.
[box]
enable
{Password} <-blank by default
copy tftp flash
{ip of the hosst running TFTP}
{filename of the asdm inage}
{Enter} to accept
[/box]
4. Once the file is copied over you need to let the Firewall know that its the one to use, turn on the internal http server and allow access.
[box]
enable
{Password} <-blank by default
conf t
asdm image flash:asdm-603.bin
http server enable
http 0.0.0.0 0.0.0.0 inside
write men
[/box]
The file will be copied over into the firewalls flash memory (Time for a coffee).
5. Now simply connect via the ADSM inteface – if your unsure how to do that see my article here
Using the information above you can present multiple network cards and clouds to the Virtual firewalls various interfaces (There are 5 interfaces on this firewall – its a PIX 525) – enjoy
NB Please dont email and ask me for PIX images and/or activation keys as refusal often offends – PL
Related Articles, References, Credits, or External Links
This article is primarily geared towards making your guest virtual machines hard drives LARGER, If you want to SHRINK or make the drive smaller then see the following article.
1. On the properties of the VM select the hard disk in question and locate its size.
2. Enter the new size and hit OK. Note: Making the drive size smaller, will have no affect, if you want to do that clone the drive. If the option is “Greyed out” then make sure you DO NOT have any snapshots for this machine.
Re-sizing the guests “Volume” Option 1 – Graphically
Note: To do this using diskpart skip forward to number 10.
3. On the guest > Right click “My Computer” > Manage > Locate “Disk Management”. You will see there’s some free space that’s appeared on the end of the drive, (Click action > Re-scan if you can’t see it).
4. Simply right click the existing volume and select “Extend Volume”.
5. Next.
6. Copy in the extra space you want to assign (all of it probably) > Next.
7. Finish.
8. All the physical drive should now be committed.
9. And just to be sure, look in “My Computer” the drive is now 300 GB.
Re-sizing the guests “Volume” Option 2 – From Command Line with diskpart
10. Start > run > cmd{enter}
[box]diskpart list volume< select volume x –Where x is the volume number of the volume to be re sized[/box]
11. The final command is simply extend (This uses ALL the available free space.) Note the volume size in the picture below has jumped up by 40 GB.
Resizing a System (boot) Partition.
Server 2008 R2 and Windows 7 can do this quite happily. Older versions of Windows do not like having their system drive re sized, you see the following error if you try,
Error: The volume you have selected may not be extended. Please select another volume and try again.
Option 1 (Connect this drive to another machine)
In a virtual environment this is much simpler, but even if its a real physical hard drive, you can put it into another server and re size it. In an ESX environment simply do the following,
1. Shut down the machine that needs its drive re sizing, then go to another virtual machine’s properties and select add.
2. Hard Disk > Next.
3. Select “Use existing virtual disk” > Next.
4. Browse to the the drive we want to re size > Next.
5. Next.
6. Finish.
7. Now on the VM (Action > Re-scan disks). You will see the drive, and it’s not listed as a system drive, so you can extend it using any of the methods listed above.
8. For example, heres the drive re sized using disport.
9. when you have re sized the drive go back to the properties of the machine you have connected it to, and remove it.
10. OK.
11. Now power on the original VM and drive will be re sized.
Option 2 (Re size the Windows volume with GParted)
Note: This will work for a physical server as well.
1. Here’s our system drive with some nice shiny free space.
2. Make sure the server in question can boot from CD, in VMware do the following to boot to the machines BIOS, for a real server watch the screen as the server boots for instructions (Usually F10, F1 or Esc but differs depending on vendor).
3. Locate the boot order and make sure CD/DVD is at the top of the list.
4. Download GParted burn the image to CD, if you are working on a real server (use ImgBurn if your stuck). Or simply point the VM to the iso image, and boot the machine in question from it. At the welcome screen press Enter.
5. Use your arrow and tab keys to select Don’t touch the keymap > OK.
6. Pick a language.
7. We want to launch the GUI (X Windows), so select 0 (Zero).
8. Select Re size/Move > Drag the arrow to include the free space > Re size/Move.
9. Apply
10. Apply.
11. Close.
12. Click GParted > Quit.
13. Exit > Reboot/Shutdown > OK.
14. Remove the CD/ISO and press Enter.
15. The guest will run chkdsk the firs time it boots. This is normal don’t panic.
16. Once booted the volume will be re sized.
Shrink a Windows Partition with diskpart
1. To actually make the volume smaller with diskpart, the initial commands are the same.
2. If you use “shrink” on its own is will shrink the drive as much as it can (I cannot think of any situation where you would do this!). So to shrink the volume by 10 GB simply issue a “shrink minimum 10240”. (The figure in in MB).
Related Articles, References, Credits, or External Links
I thought I’d spin up Server 2012 today, and as usual with all new OS’s I run them up in VMware Workstation to take a look (I’m running Workstation 8.0.3 build-703057).
As soon as it started up I was greeted by this.
Your PC needs to restart.
Please hold down the power button.
Error Code: 0x0000005D
Parameters:
0x000000000FEBFBFF
0×0000000020000800
0×0000000000000000
0×0000000000000000
1. In my case it was simply a BIOS setting that needed to be enabled. Enter your system BIOS and locate a feature called Data Execution Prevention, (or No Execute Memory Protection).
2. Enable that setting, then ensure you shut the machine down then manually power it back on again.
Additional Points to Note when installing Server 2012
Make sure on the properties of the VM > Hardware > Processors > Tick Virtualize Intel VT-x/EPT or V/RVI (Note: Virtual support should also be enabled in the host machines BIOS).
VMware Workstation likes to automatically install VMware Tools, Sometimes Server 2012 does not like this and sits with a black screen that will flash blue when you click on it. So to Stop it Installing VMware Tools, Options Tab > VMware Tools > Select Manual. Note: you can always snapshot it and then manually install it later it you want to test. This has been a problem since the early releases of Windows 8.
2. Before you do anything you need to be at ESXi 5.0 U1 for Server 2012 to be supported (That’s build number 623860 or better).
3. However in this case the problem is the same as above, The server in question was an HP Proliant ML 350 G5. Boot the server and press F9 to enter the RBSU > Advanced Options.
4. Processor Options
5. Enable ‘No-Execute Memory Protection” > Exit and save settings.
6. And now we are good to go.
Follow up
04/07/12 Email from Simon Reindl:
I had to update my Bios as InsydeH2O does not offer any tweaking options, It is using Compal Bios (previous 9, now 10 – downloaded from Compal.com. It is using InsydeH20 BIOS on a Compal motherboard. It is a custom build.
Related Articles, References, Credits, or External Links
I have plenty of real ASA firewalls to play with, but it’s getting round to re-certification time, so for ease I thought I’d run up a Virtual ASA on my vSphere 5 box just for testing and breaking.
However no matter what type of Virtual Network adaptor I used (vmxnet3, e1000, etc) I could not connect to the virtual firewall.
Solution
1. Firstly make sure you actually have an IP address in the correct range set on the ASA, and the interface is up.
Note: To connect a virtual ASA to the outside world you need to have a ‘Cloud’, then assign your machines NIC to the cloud. Finally you join the cloud to the ASA with a switch.
2. From my laptop (out on the network), I could not connect to, or ping the ASA 🙁
3. However if you log into your ESX/vCenter Server and change the settings on the virtual switch that the parent VM is attached to. Configuration > Networking > Switch > Properties > vSwitch > Edit > Security Tab > Change Promiscuous Mode to Accept > OK.
4. Now it works!
Related Articles, References, Credits, or External Links
Cisco Firewall’s are expensive, I know I own some, and my firm sells them, getting hardware to run on your test bench is difficult enough, but getting high end Cisco equipment is an expensive proposition for your average “Techy”. These days most people run their test networks in virtual environment. I run Hyper-V at at home for Testing and I have my own VMware ESX server at work for testing and proof of concept work.
However the big problem is to build test networks that reflect what we are doing in a corporate environment. We usually have to compromise and find some obscure Linux firewall to pop in the virtual environment, which is a pain if like me your a died in the wool Cisco-ite.
To do this we need some software – PEMU PIX emulator has been out for quite some time, but some users will find it “sandal wearingly difficult” to set up, so an easier prospect is to use the GNS3 software which is a nice GUI wrapper that contains PEMU (It does a lot more as well but that’s outside the scope of this exercise).
What do you need?
1. A PC – I’m running on a windows XP VM but a physical machine will do just as well.
2. A version of the Cisco PIX software, this needs a Valid Cisco support agreement and a CCO Login to Cisco.
3. A Valid Cisco PIX Serial Number and activation key – from a firewall you have legally purchased!.
Solution
Step 1 (Get Everything together)
1. Download GNS3 from http://www.gns3.net/
2. Download the PIX Operating system from Cisco (Note PIX and ASA firewall’s have DIFFERENT operating systems). At time of writing the latest version is 8.0(3) so this is the one we will use. At this point it might be worth downloading the ASDM which we will use in part 2 later – at time of writing 6.0(3)).
Step 2 Install and configure GNS3
3. Run the setup file for GNS3.
4. Click Next > I Agree > Next > Next > Next Install.
5. You may need to install WinPcap as part of the install just accept all the defaults. When done, GNS3 setup will continue.
6. Click finish
7. Launch GNS3
8. If the setup wizard starts just click OK. Click Edit > Preferences.
9. Select Pemu on the left then enter the following three pieces of information Under “Defaults PIX Settings”. PIX Image: The path to the PIX OS you downloaded in step 2. Key: the activation Key from your PIX Firewall. Serial: The Serial number of the PIX Click Apply > OK
Note: This trips a lot of people up (Including me for about three hours!) You get the key and serial from the firewall by issuing a “show version” command. However modern PIX firewall’s display their Serial number in Decimal, PEMU was built when PIX was at version 6 and the serials in those days were displayed in HEX – so use windows calculator (in scientific mode) to convert the serial number to HEX (EXAMPLES BELOW ARE NOT REAL KEYS!!)
Like so,
PIX Serial = 405400123 converted to Hex = 1829EA3B Key to Enter = 0x1829EA3B
If the activation key is 0x36b86cee 0xb136bdee 0x20c173ee 0xf62b35ee you remove the spaces and replace them with commas, i.e. 0x36b86cee,0xb136bdee,0x20c173ee,0xf62b35ee
10. Back in the main screen click and drag the PIX firewall from the left hand column to the central workspace.
11. Right click the firewall and Select Start
12. Right click it again and select console >and you will connect to the virtual firewall.
13. Now you have to enter the Activation key (Yes even though you have allready put it in).
Enter the following commands;
Note: NOT REAL KEYS!!
[box]enable {password} – blank by default configure terminal activation 0x36b86cee 0xb136bdee 0x20c173ee 0xf62b35ee write mem reload[/box]
That’s you up and running,Note: the passwords will be blank. In Part 2 we will install the web management console and give the PIX a real connection.
Related Articles, References, Credits, or External Links