0

Do my ESXi hosts have the same VLANs?

PowerCLIIn a small vSphere environment that I’ve recently been working on, I started to notice that some of my VMs were disappearing off the network from time to time. Reboots of the VM didn’t seem to fix the issue but a quick vMotion of the VM to another host did.

If you haven’t figured it out yet, one of my hosts was missing a VLAN and VMs connected to a certain portgroup were affected whenever they ran on the host.

vSphere will warn you if a host that you’re trying to migrate a VM to doesn’t have the right portgroup and host profiles (if you’re using Enterprise Plus licensing) will alert you to the fact that a portgroup isn’t configured with the right VLAN ID but nowhere in vSphere will you get an alert if a required VLAN is not being presented to a host. So you have to use other means to check this information.

You could manually examine the properties of each physical NIC in turn but that could take some time. The method that I used on this occasion was a PowerCLI script. I could have written one myself but a quick google lead me to a script written by Luc Dekens that did what I wanted already (and a little more besides). I modified it to suit my needs (demonstrating to the person in the remote datacenter that there was a network misconfiguration) and ran it. The output is below:

[ps]Host:  esx1.mydomain.com

vmnic0  VLAN224 VLAN227

vmnic1  VLAN224 VLAN227

vmnic2  VLAN250 VLAN252 VLAN251

vmnic3  VLAN250 VLAN252 VLAN251

Host:  esx2.mydomain.com

vmnic0  VLAN227 VLAN226 VLAN224

vmnic1  VLAN227 VLAN226 VLAN224

vmnic2  VLAN251 VLAN252 VLAN250

vmnic3  VLAN251 VLAN252 VLAN250

Host:  esx3.mydomain.com

vmnic0  VLAN224 VLAN227 VLAN226

vmnic1  VLAN224 VLAN227 VLAN226

vmnic2  VLAN250 VLAN252 VLAN251

vmnic3  VLAN250 VLAN252 VLAN251

Host:  esx4.mydomain.com

vmnic0  VLAN224 VLAN226

vmnic1  VLAN224 VLAN226

vmnic2  VLAN250 VLAN251

vmnic3  VLAN250 VLAN251 VLAN252[/ps]

As you can see, there are some discrepancies in which VLANs are presented to the four hosts that I ran it against and vmnic2 on Host4 was the one causing my problems. The hosts are supposed to have the vmnics paired (vmnic0/vmnic1 in one pair and vmnic2/vmnic3 in another) with identical configuration between the hosts.

The modified script that I used is attached below. Many thanks, as always, LucD.

Show-PNICVLANs.ps1

0

Reset VM Stuck at 95%

I’m not convinced that this is supported, but it did work. As with anything on a blog, use at your own risk.

I was working on rebuilding my home lab and wanted to clear down the host that my vCenter VM was sitting on. Before doing that I wanted to rescue some files from it (long story). For some reason it hung on me and wouldn’t respond so I tried to reset it. This process got as far as 95% and then got stuck 🙁

One way to unstick such a VM is to SSH onto the hosts that it’s running on and use the vm-support command. How?

Run “vm-support -x” to show the world IDs of the running VMs on the host:

The one that I wanted was 9190. Using “vm-support -X 9190” and answering “y” to the three questions that follow will, eventually, result in you getting control back of the VM without affecting anything else. Just remember, try it at your own risk 🙂

0

Fixing “HostDatastoreSystem.QueryVmfsDatastoreCreateOptions” Issue

Having recently made a right old mess of my home lab, I set about building it from scratch over the weekend. Having installed some nice, fresh builds of ESXi 5.0 I started adding in my SATA disks and began to create VMFS datastores on the hosts.

The first one worked ok. The second one didn’t for some reason. I got an error part way through the “Add Storage” wizard. The error stack wasn’t too helpful:

Call “HostDatastoreSystem.QueryVmfsDatastoreCreateOptions” for object “datastoreSystem-9” on vCenter Server “svr-vcenter.vspecialist.co.uk” failed.

Continue Reading

0

Bye, bye Service Console

This isn’t just another article about vSphere 5. It’s not my aim simply to rattle off a list of new and improved features. There are probably a plethora of those posts out there already, some better than others – use Google to find them. Smile

I was inspired to write this after I saw white paper linked to on Twitter about the differences between ESX and ESXi written by Global Knowledge. Actually it was the responses to that article that prompted me.

Of all of the many changes announced today, it is the departure of the Service Console that is perhaps the most significant in my view. It may not be a new, super-whizzy feature and many people are already using ESXi and might be thinking “so what”. For me, removing the COS / SC / Service Console is significant for two reasons.

Firstly, no longer can the unenlightened refer to vSphere as “Linux based” or “Unix based”. ESX never really was that and it wound me up more than it should have done when people got it wrong. I have a strong Microsoft background (although I can hold my own when it comes to Unix / Linux OSs) but in some companies that seemed to exclude me from touching VMware infrastructure even though I knew all about it. Ok, that’s more of a pet peeve than a significant reason.

My other one though is that to me this signifies the direction in which VMware are taking virtualisation. It may even be more accurate to say that dropping the Service Console marks the completion of a transition or a journey. ESX was an excellent way for enterprises to make efficient use of powerful hardware amongst many other benefits but there was always a glass ceiling there.

Some say that ESXi isn’t as flexible because it doesn’t have a command line. Perhaps they don’t realise that it really doesn’t need one. Occasionally, when things go wrong, SSH access is useful and ESXi does provide that. But for day to day usage there are better and more efficient ways to manage a Virtual Infrastructure (PowerCLI, vCenter or one of the many VMware and 3rd party products) and dropping the Service Console is both recognition and reinforcement of that. ESXi turns the hypervisor into commodity or utility platform, it’s not a management interface in its own right. ESXi is a foundation stone for building a dynamic, automated infrastructure so forget about the Service Console now.

In some ways I’ll be sorry to see it go but ESX was a means to an end and it has reached its end.

0

ESX and ESXi AD Integration

If, like me, you make your ESX / ESXi server passwords nice and complex you end up having to dig them out of a password safe every time you want to connect directly to one of them. Or you have an SSH connection manager of some sort perhaps. Even then, there will come a time when you want to connect directly and that 16 character, random, mixed case password just isn’t memorable enough for you to use it.

Luckily if you’re running vSphere 4.1 or later you can configure your hosts to use AD authentication. Hooray!

Obviously there are security implications to doing this. Each environment is different and any risks should be considered before implementing this.

So, let’s deal with the pre-requisites first. There are three of those:

  1. Time synchronisation – Your ESX / ESXi hosts must be synchronised to a time source and they should be in sync with the domain controllers in your AD domain. The authentication mechanisms in AD are very sensitive to time differences. Actually, that’s a delicate way to put it. It won’t work if the time is wrong.
  2. Name resolution – The ESX / ESXi hosts will use DNS to locate domain controllers for whichever domain you configure them to use. Therefore each host must have a working DNS configuration.
  3. An AD group – Sadly there is a limitation here. AD users that you wish to grant administrative access of your hosts to have to be a specific group in AD called “ESX Admins”. This is not obvious in the documentation however.

The same document then talks you through configuring each host. It’s fairly simple.

Just find the “Authentication Services” option on the “Configuration” tab for each host. By default it will look like this:

Click on the properties link to edit the “Authentication Services Settings”. In the windows that opens, select “Active Directory” as the service type. Then enter the FQDN of your AD domain into the domain field and click the “Join Domain” button.

Finally you just need to enter the credentials of an account permitted to join the ESX host to the AD domain.

Once the task in vCenter completes (it can take a little while), just refresh the “Authentication Services” page and you’ll be able to see that the host is now joined to the AD domain.

All good unless you have a lot of hosts to work through. In which case, you might want to check out LucD’s very handy PowerCLI script to join hosts to an AD domain.

0

ESX 3.5 U5

I mentioned ESX 3.5 Update 5 only yesterday in my post about VMtools on Windows 2008 R2. Little did I know that 16 hours later I’d be writing about it again to say that it had been released!

The update can be downloaded from VMware’s website as usual. Shamelessly copied from the release notes, here’s what you can expect to have changed:

Enablement of Intel Xeon Processor 3400 Series – Support for the Intel Xeon processor 3400 series has been added. Support includes Enhanced VMotion capabilities. For additional information on previous processor families supported by Enhanced VMotion, see Enhanced VMotion Compatibility (EVC) processor support (KB 1003212).

Driver Update for Broadcom bnx2 Network Controller – The driver for bnx2 controllers has been upgraded to version 1.6.9. This driver supports bootcode upgrade on bnx2 chipsets and requires bmapilnx and lnxfwnx2 tools upgrade from Broadcom. This driver also adds support for Network Controller – Sideband Interface (NC-SI) for SOL (serial over LAN) applicable to Broadcom NetXtreme 5709 and 5716 chipsets.

Driver Update for LSI SCSI and SAS Controllers – The driver for LSI SCSI and SAS controllers is updated to version 2.06.74. This version of the driver is required to provide a better support for shared SAS environments.

Newly Supported Guest Operating Systems – Support for the following guest operating systems has been added specifically for this release:

For more complete information about supported guests included in this release, see the VMware Compatibility Guide: http://www.vmware.com/resources/compatibility/search.php?deviceCategory=software.

  • Windows 7 Enterprise (32-bit and 64-bit)
  • Windows 7 Ultimate (32-bit and 64-bit)
  • Windows 7 Professional (32-bit and 64-bit)
  • Windows 7 Home Premium (32-bit and 64-bit)
  • Windows 2008 R2 Standard Edition (64-bit)
  • Windows 2008 R2 Enterprise Edition (64-bit)
  • Windows 2008 R2 Datacenter Edition (64-bit)
  • Windows 2008 R2 Web Server (64-bit)
  • Ubuntu Desktop 9.04 (32-bit and 64-bit)
  • Ubuntu Server 9.04 (32-bit and 64-bit)

Naturally you’ll need to upgrade vCenter to Update 5 to gain some of these benefits. The release notes for that mention only one significant enhancement:

Support for High Consolidation in VMware HA Clusters – VirtualCenter 2.5 Update 5 includes significant performance and scalability improvements to VMware HA. Use VirtualCenter 2.5 Update 5 for environments with more than 35 virtual machines per host in an HA cluster.
For information on the ESX Server host settings required for this scalability improvement, see ESX Server host settings required for environments with up to 80 virtual machines per host in an HA Cluster (KB 1012002).

I think that there is a good chance that Update 5 may be the last major update that the 3.5 line of products receives. Or at least it will be for some time. I’ll have some upgrades to do as a result of this release but I’m pushing for upgrades to vSphere like crazy. You know it makes sense.