Virtual Machine Cannot Mount ISO on System Center Virtual Machine Manager 2012 R2

A few days ago a user report to me that he cannot mounts ISO image to virtual machines on SCVMM 2012 R2. The error message is the following:

Error (2912)

An internal error has occurred trying to contact the dcahyv01.amat.com server: NO_PARAM: NO_PARAM.

 

WinRM: URL: [http://hyper01.contoso.com:5985], Verb: [INVOKE], Method: [GetError], Resource: [http://schemas.microsoft.com/wbem/wsman/1/wmi/root/microsoft/bits/BitsClientJob?JobId={89EC51A2-633C-4E06-8B09-3A84146830B5}]

The reason is the communication between SCVMM and Hyper-V servers are blocked due to certification on SCVMM application is expired. The default expiry date of SCVMM certification is 1/1/2019. The issue got fixed after renewing certificates in System Center 2012 R2 Virtual Machine Manager.

Private IP Address Routes to L3 Subnet on Dual vNIC VM

It’s not easy for me to describe the issue in one line on the title. Let me give some background here. I have 2 set of VMs. Set 1 has VM A & VM B. Set 2 has VM C & VM D. Each VM has a vNIC configured with a private IP address. VM A and VM C also have another vNIC configured with an L3 (Routable) IP address. Each set’s private IP addresses are the same. To make sure no confusion I implemented a vRouter VM for each set. The vRouter is same as VM A or VM C, it has two vNICs. One is connected to L3 network, another is connected to the private network. This way can keep the private network traffic not going outside of the set. So the both set no disturb each other when I set same private IP addresses.

Diagram

Following are IP addresses I set for each VM:

  • VM A: 192.168.0.11
  • VM B: 192.168.0.12
  • VM C: 192.168.0.11
  • VM D: 192.168.0.12

The problem is I still can get ping responding on VM A to 192.168.0.12 when I turn off VM B. I expected to see the L2 traffic goes to it own vRouter and finds VM B is offline. But tracert command shows me the traffic goes from VM A’s L3 network to vRouter of the 2nd set, and then get the answer from VM D. Looks like the L2 ping package is broadcasting on L3 network.

The issue was fixed by enabling a feature on L3 network. It called “Enforce Subnet Check for IP Learning“. Cisco changed the name to “Limit IP Learning To Subnet“. It’s a VLAN level setting. It will not allow broadcasting the private Ip traffic on an L3 network. It forces private IP traffic to go to L2 network only.

Emulex OneConnect OCe10102 on ESXi 6.0

Please refer to following post for basic troubleshooting of Emulex OneConnect.

How to Install Proper Drivers for 3rd Party Network Adapter on ESXi 5.x

I have a box uses Emulex OneConnect OCe10102 network adapters. The adapter is quite old and Emulex brand card doesn’t support ESXi 6.0. I upgraded the server to ESXi 6.0 and the Emulex adapters lost.

In the initial troubleshooting, I noticed that the adapters are still visible in BIOS. So it should be some driver level issues. I checked VMware Compatibility Guide. The model OCe10102 doesn’t support by ESXi 6.0.

If you run the following command you will still be able to see the adapters in PCI list on ESXi.

[code language="perl"]
esxcli hardware pci list
[/code]

So it indicates the adapters are not visible in ESXi since the newer Emulex driver doesn’t contain the model of the adapter in ESXi 6.0 native driver.

Then I uninstalled the native Emulex driver for ESXi 6.0 by the following command and rebooted the ESXi host.

[code language="perl"]
esxcli software vib remove -n elxnet
[/code]

The adapters still not visible after rebooting since no any drivers for Emulex adapters. Then I downloaded the Emulex drivers for ESXi 5.5 on VMware website and uploaded the “offline” package in the zip file to /tmp directory of the host. Then installed the driver by the following command:

[code language="perl"]
esxcli software vib install -d "/tmp/xxxxx.zip"
[/code]

The adapters appeared after rebooting the host.

How to Find Out Source of Domain Accounts Locking on vCenter Server

I wrote an article talk about how to find out which services lockout domain accounts on vCenter Server. It only applies to the scenarios that domain accounts very frequently lockout. Like every 1 second. If it’s minutes, it will be hard to find out as it’s manually processing.

The other way to identify source is to use vSphere Web Client. The trick was told by VMware BCS team.

Log in to vSphere Web Client. Go to the main page and the Events node. Search for “authen” you may see some error events. The real source is red text.

User CONTOSO\test-user@192.168.1.1 .....

 

Remote Manage Workgroup Windows Server 2016 Core

I wrote an article about how to manage Windows Server 2016 TP remotely. Today I had some spare time to re-build my lab environment by the latest release of Windows Server 2016 Core. It’s easy to remotely manage a Windows Server in a domain, but a trick for workgroup Windows Server. Following is an improved procedure.

One Windows Server 2016 Core

  1. Run sconfig command on Windows Server 2016 Core.
  2. Go to Configure Remote ManagementEnable Remote Management to enable remote management.
  3. Then enable responding to ping in same page.
  4. Enable NetBIOS protocol on the firewall by PowerShell.
    Set-NetFirewallRule -Name FPS-NB_Name-In-UDP -Enabled True
    Set-NetFirewallRule -Name FPS-NB_Name-Out-UDP -Enabled True

One client Windows 10

  1. Install Remote Server Administration Tools on the client Windows 10.
  2. Reboot the client.
  3. Open “Server Manager“.
  4. Add the Windows Server 2016 Core machine by IP address.
  5. Go to “All Servers” in “Server Manager“.
  6. Right-click the newly added server – “Managed As…“.
  7. Enter the administrator credential of the target server. Format is “workgroup/Administrator”.  For example, my workgroup is “DC”, so the account is “dc/Administrator”.

 

Mouse Cursor Disappeared in Remote Desktop in mRemoteNG

mRemoteNG is a very nice fork of open source remote tools. It supports multi-protocol. The official website says:

mRemoteNG supports the following protocols:
RDP (Remote Desktop/Terminal Server)
VNC (Virtual Network Computing)
ICA (Citrix Independent Computing Architecture)
SSH (Secure Shell)
Telnet (TELecommunication NETwork)
HTTP/HTTPS (Hypertext Transfer Protocol)
rlogin
Raw Socket Connections

But one thing makes me frustrated is the mouse cursor disappeared randomly when I try select strings in browser or notepad in remote desktop. I use Windows 10, the issue doesn’t occur in Windows native remote desktop. I went through the bug list of mRemoteNG, and figured out it may be related to HiDPI of my screen. 

Looks like no solution at this moment until 1.77 release. The workaround is the following:

  1. Right click desktop – PersonalizeThemes.
  2. Click Mouse cursor.
  3. Change Scheme to Windows Black

“The Update is Not Applicable to Your Computer” When Install KB3046101

  HPE 3PAR upgrading team usually sends a per-requisites before upgrading. One thing in the guide incorrect is the Windows 2012 required patch KB3046101.     You may see error below when you install the path on Windows 2012 server.    
The update is not applicable to your computer
      The reason is the version of mpio.sys and msdsm.sys on your server is higher than 6.3.9600.17809. Usually, because the server installed KB3121261 already. You can ignore KB3046101.

Vlan ‘xxx’ resolved to unsupported VLAN ID in Cisco UCS Manager

You may need only 1 IP address for blade console in Cisco UCS Manager. You can follow Understanding “Management IP” of Cisco UCS Manager to configure it. You may see warning “Vlan ‘xxx’ resolved to unsupported VLAN ID” when you delete existing inbound and outbound IP pools if you are trying to clean up existing management IP pools.

That’s because inbound IP address for blade is not cleaned. You have to go to “Equipment” -> “Chassis” -> Target chassis -> “Servers” -> Target server -> Go to “Inventory” tab -> “CIMC” tab -> Click “Change Inbound Management IP” -> Remove existing VLAN and IP pool.

You will see inband IP tab is blank once it’s saved. Please note, the IP address reassign back after 1 minute if you clicked “Delete Inband Configuration” instead of “Change Inbound Managemnt IP“.

Understanding “Management IP” of Cisco UCS Manager

IP address for KVM in Cisco UCS Manager is different with HPE servers. It may assign multiple IP addresses to same blade if you don’t configure it properly. In my case each blade gets 3 IP addresses!

There are actually 3 types of IP address for KVM. (Cisco manual says 2):

  • Outbound Management IPs.
  • Inbound Management IPs for Blades.
  • Inbound Management IPs for Service Profiles.

Outbound Management IP” is default for KVM. Every new deployed blade will try to get a DHCP IP over management port in same VLAN of Cisco UCS Manager.

The more confused is the 2nd and 3rd IPs.  “Inbound Management IPs for Blades” is from “hardware” perspective. “Inbound Management IPs for Service Profiles” is from “logical” perspective.

If you go to “Equipment” -> Chassis -> blade -> Click the KVM to go console. You get console over either “Outbound Management IP” or “Inbound Management IPs for Blades“.

If you go to “Servers” -> “Service Profiles” -> Click the KVM of a service profile. You get console over either “Outbound Management IP” or “Inbound Management IPs for Service Profiles”.

If you want to configure just 1 IP for a blade whatever it’s for hardware or service profile. You need to do following:

  1. Delete the range of the default “ext-mgmt” in “IP Pools” of “LAN” node in Cisco UCS Manager.
  2. Create a new inbound IP pool and a VLAN group without uplink.
  3. Assign the VLAN and inbound IP pool to templates or service profile.

Refer to Setting the Management IP Address of Cisco UCS Manager manual for detail.

BTW, you may see Vlan ‘xxx’ resolved to unsupported VLAN ID in Cisco UCS Manager when you clean up existing IP pool and create new inbound pool.

Highlight Scripts in Microsoft OneNote 2016

I usually document my scripts in OneNote. It would be perfect if OneNote 2016 can highlight scripts. I found a nice plugin call “NoteHighlight2016” for OneNote 2016. It’s not only for 32 bit but also for 64 bit. You can download it in Github.

The default codes are C#, SQL, CSS, JS, HTML, XML, JAVA, PHP, Perl, Python, Ruby, and CPP. But you can change the settings to show more or less in riboon.xml in the installation folder.