Monday 28 January 2013

ESXi losing logs after reboot


We recently upgraded from ESX 4.1 (FAT) to ESXi 5 and we were used to having the logs stored on the local disk so that we can do diagnostics when things go wrong. As ESXi can run stateless the logging is stored in memory during runtime by default and if the host was to freeze or you issued a reboot then all the logs would disappear.
VMware gives you options to either create a syslog server to have the host sending information to it, or like me our servers have plenty of local disk space so why not use them to store the logs like before.

Here are the steps to quickly setup using vCentre client:

  •  Log on to vcenter and locate your host or use the vCentre client to connect directly to the host.
  •  Create a new directory on your local datastore e.g. “logs” 

  • Go to “advanced settings”

  •  Select “ScratchConfig” and change “ScratchConfig.ConfiguredScratchLocation” to your new path. e.g. "/vmfs/volumes/vhyp002/logs", Click “OK"
  • If you go back and view the setting again you will see that the path would have changed to disk UUID instead of the name “vhyp002”

  • A quick check on CLI you can you can see the name “vhyp002” has the UUID of “50a6xx” which matches the above
  • Give the host a reboot and now when you browse to the local disk folder you will see the logs are writing there

Here is an VMware article which towards the end tells you how to create the persistent scratch area using PowerCLI, vCLI, Tech support mode, vSphere web client ESXi 5.1, kickstart script during build and GUI method I have described above.





Saturday 19 January 2013

Office 365 User Group London event 24th January 2013

Most people will now be thinking should we start using cloud services? One of the most obvious service to move would be email. Why email you may ask, well it is probably the most established services out on the internet.

Want to know what benefits it brings to your users and if it is worth moving? Then come along to the Office 365 UK user group in London on the 24th January from 6:30pm - 9pm. Nuno will be doing a presentation on his experience and view of Microsoft's offering of Office 365. See you there


http://o365.co.uk/event/office-365-uk-user-group-london-24th-jan-2013/

Friday 18 January 2013

London VMUG 24th January 2013

The first VMUG for 2013 in London is on the Thursday 24th January 2013 and is a whole day event. Looking at the agenda it appears to be based around end user computing (EUC). A few interesting ones would be "VMware HA deep dive" and "vCD 5.1 and VXLAN". Hope to see some of you there.

Here is the agenda
  • Nutanix Presentation - Alan Campbell and Rob Tribe, Nutanix
  • Your Journey to the Post-PC Era - Brian Gammage, VMware
  • EUC Panel with VDI Gurus - Brian Gammage, VMware
  • Deploying vCD 5.1 and VXLAN - Dan Senior
  • VMware HA Deep Dive - Eric Sloof
  • Zerto Presentation – How One Company Averted Disaster from the VMworld 2012 - Joshua Stenhouse, Zerto
  • 10Zig Presentation – Thin Client Technology at Its Peak - James Broughton, 10Zig
  • Big Data for the Uninitiated - Stu Radnidge
  • Update – What’s Here and What’s Coming Soon - Spencer Pitts, VMware EUC
  • VMware Certification Update - Gregg Robertson
  • vCAC - Kim Raynard, VMware
  • Networking and Lunch
  • Onward Drinks at Pavilion End
Go here to register for the event http://www.vmug.com/e/in/eid=695

Thursday 17 January 2013

550 5.7.1 Unable to relay

Due to a change in our Call Logging system (the application the Help Desk uses to log IT service calls for users), we had to allow it to send e-mails as coming from the Help Desk mailbox to external users.
 
So, I created a new receive connector just for the servers hosting that application and allowed for anonymous users to use it as the application doesn’t support authenticated SMTP...
 
 
This grants permissions to the anonymous account but it still doesn’t give the application relay permissions. If you try to relay using this receive connector, you will get the following SMTP error message:
550 5.7.1 Unable to relay

The ACL that controls relay is the ms-Exch-SMTP-Accept-Any-Recipient. To add this ACL to this receive connector, we have to use Exchange Management Shell:
Get-ReceiveConnector "Infra" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-Exch-SMTP-Accept-Any-Recipient"

Please, don’t forget to keep relay as restricted as possible, as your domain might get black-listed!
 

Wednesday 9 January 2013

RVTools - GUI App displaying VM details

I was shown RVTools by a colleague of mine which is a Windows GUI tool to display information about your VMs and ESX host. It is a very lightweight app and provides most of the important information you normally like to know like snapshots, powerstate and CD -ROM connection states. Although you can use powershell to get this information it can sometimes be a pain to get it working !!. So if you need something quick and easy to use then this is the tool.

http://www.robware.net/

Tuesday 8 January 2013

SPF Records

To configure Sender ID filtering in Exchange, you must first understand the Sender Policy Framework (SPF) records.
 
SPF records allows software to identify messages that are or are not authorized to use the domain name in the SMTP HELO and MAIL FROM commands, based on information published in a sender policy of the domain owner. Forged return paths are common in e-mail spam. SPF is defined in RFC 4408.
 
SPF records work with sender ID filtering to stop malicious e-mails. The SPF record is a piece of information on the DNS servers that is required by sender ID filtering to determine whether the e-mail message was sent by an authorized server for the specified domain. In simple terms, an SPF record is a listing of authorized SMTP servers for a particular domain or set of domains in the DNS database.
 
Publishing an SPF record in the public DNS allows the recipient SMTP servers to perform a reverse MAIL Exchanger (MX) lookup by cross-referencing the IP addresses of the authorized SMTP servers against that organization’s DNS entry for their domain.

SPF records can be in different formats. Here are a few examples:
 
myvmx.com IN TXT “v=spf1 mx –all”
This indicates that all servers identified by an MX record for the myvmx.com domain are allowed to send e-mails for that domain.
 
v=spf1 mx ip4:192.168.10.10 –all
This SPF record indicates that server 192.168.10.10 identified by an MX record is allowed to send e-mails from my domain.
 
MAIL IN TXT “v=spf1 a –all”
This one indicates that server MAIL is allowed to send e-mails for my domain.
 
myvmx.com IN TXT “v=spf1 ip4:192.168.10.10 –all
This SPF record indicates that a server with the IP address 192.168.10.10 is allowed to send e-mails for the myvmx.com domain.
 
v=spf1 mx mx:mail1.myvmx.com mx:mail2.myvmx.com mx:mail3.myvmx.com –all
Where:
v=spf1 designates that this is an SPF record and it is version 1.
mx mx:mail1.myvmx.com mx:mail2.myvmx.com mx:mail3.myvmx.com means that mail1, mail2 and mail3 are authorized to send and receive e-mails for myvmx.com domain
-all designates that no one besides the IP addresses in myvmx.com’s MX records are authorized to send e-mails.
 

Creating an SPF Record
To create SPF records, you can use Microsoft’s four-step wizard. If you want to use the advanced features of SPF format, you may need to manually edit the SPF record created by this wizard (in this example, myvmx.com).
 
 
2. At Identify Your Domain, enter the domain name for which you want to create a new SPF record and click Start;
 
3. At Display Published DNS Records, you’ll see that the wizard checked the DNS for information about myvmx.com, including existing SPF, MX and A records;
 
4. If an SPF record was found, you can verify its contents and use the remaining steps of the wizard to modify the record. If no SPF record was found, you can use information from the domain’s MX and A records to create a new SPF record. Click Next;
 
5. At Create SPF Record, the wizard prompts you to choose proper options to create SPF records. This step is divided into different sections. Your choices are:
 
Domain Not Used for Sending E-Mail
Check this option if this domain is not used for sending outbound e-mail.
 
Inbound Mail Servers Send Outbound Mail
If your inbound mail servers are also used to send outbound mail, you should add this option to your new SPF record.
 
Outbound Mail Server Addresses
If all the IP addresses listed in A records for your domain in DNS are outbound mail servers, you should include this option in your new SPF record.
 
Reverse DNS Lookup
Check this box if all the reverse DNS records (PTR records) for your domain resolve to outbound e-mail servers.
 
Outsourced Domains
Choose this option if domain’s outbound e-mail is routed through another domain.
 
Direct Mailing Status
If your domain only sends mail directly to its intended recipients (it does not send mail to mailing lists), you should add this attribute to the SPF record.
 
Policy Testing Status
If you wish to publish the SPF record in a “testing” mode where it can be read by others servers but its policies will not be implemented, select this option.
 
Default
Does your domain send e-mail from any IP addresses that are not identified in the above sections? Choose appropriate settings for your environment.
 
Scope
What e-mail identities can this SPF record used to validate. Choose appropriate settings for your environment.
 

6. Click Next;
 
7. At Generate SPF Record, the wizard will provide you with the generated SPF records.
 
For more information please go to:
- SPF Record Syntax:
http://www.openspf.org/SPF_Record_Syntax
- WikiPedia: http://en.wikipedia.org/wiki/Sender_Policy_Framework
 

Thursday 3 January 2013

Veeam B&R Free NFR licences

Veeam have be renown for their backup software for VMware virtual infrastructure. Now if you are VMware or Microsoft certified then you can apply for a 2 CPU socket NFR (no for resale) licence to test drive the full version of the product. Here is the link to the blog post from veeam to apply for one http://www.veeam.com/nfr/free-nfr-license

Tuesday 1 January 2013

vCheck by Alan Renouf

As you would be aware there is some much information that is held on vCenter. Each morning you could end up spending a few hours to make sure nothing out of the ordinary happened last night or over the weekend. Well thanks to Alan Renouf who started a powershell script that you could schedule to run which would check for the main issues that could go wrong.

I have used this script back sometime ago but now it has changed to be more modular so that you can include/exclude checks. Most of the checks are done as separate plugins which sure make it more easier for people to contribute.

Head over to Alan Renouf website and give the script a go:
http://www.virtu-al.net/vcheck-pluginsheaders/vcheck/

New Azure KMS IP and domain Addresses for activation

For Windows virtual machines deployed into Azure using marketplace images you may have created rules in your NSG or firewalls to allow the s...