Monthly Archives: October 2017

Disable PXE Boot for Individual vNIC on Virtual Machine

To achieve Auto Deploy I’d like to control PXE boot process. I want the vNICs of management network can do PXE boot only. That’s because DHCP server may learns incorrect MAC address of management network if ESXi host boots up by non-management network NICs.

The psychical servers are easy to disable PXE boot feature of individual network adapters in BIOS or server profile. Virtual machines is tricky. Following is how to do it. It’s useful for home lab.

  1. Make sure your ESXi VM uses E1000E vNIC. You can only disable PXE boot for all vNICs in one time if type is vmxnet3. And nested ESXi doesn’t support E1000 vNICs.
  2. Go to the VM folder and edit vmx file.
  3. You should see similar entries below. The vNIC name starts from  ethernet0 to ethernetn. It matches vmnic0 to vmnicx on ESXi.

    ethernet1.virtualDev = “e1000e”

  4. I have 4 vNICs. I want to keep PXE boot for ethernet0 and ethernet1. So I only disable it on rest of vNICs. Add following lines to vmx file.

    ethernet2.opromsize = “0”
    ethernet3.opromsize = “0”

  5. Save the vmx file and quit.
  6. Power on the VM.

Please make sure you power on the virtual machines by vSphere Client or vSphere Web Client. As you may know VM console may opened by VMware Workstation if workstation and vSphere Client both existing on your computer. Looks like sometimes the parameter doesn’t work if you power on the  VM by VMware Workstation.

VMware KB Disabling Network boot option from appearing in a virtual machine’s BIOS (1014906) talks about same thing but the value of parameters looks like incorrect for ESXi 6.5.


How To Find Non-tagged ESXi Hosts

There are plenty of scripts to find tagged ESXi hosts. But what if you want to find out all ESXi hosts not be tagged? Following is a simple script:

Compare-Object ((Get-VMHost | Get-TagAssignment).Entity | select -uniq) (Get-VMHost)

The output is similar like following:

InputObject      SideIndicator
-----------      -------------
esx1         =>  
esx2         =>  
esx3         =>

The => indicates ESXi hosts in InputObject are not tagged.

If return is nothing, it means all ESXi hosts are tagged.

Please refer to “Using the Compare-Object Cmdlet” for detail.

Unable to Upgrade to Windows Server 2012 R2

I searched internet but there is no more information about this specific error message.

When you upgrade to Windows Server 2012 R2 or 2016. You may see following error message:

Windows won’t install unless each of these things is taken care of. Close Windows Setup, take care of each one, and then restart Windows Setup to continue.

Upgrades to this build have been disabled.

The reason is there is a hidden parameter in the image disabled uprading. You can only re-install by the image but cannot do upgrading. You have to ask vendor provide you a right copy, or buy Microsoft official image to do upgrading. I cannot publish the parameter due to legal reason.

Most of hardware vendors sale Windows copy along with new hardware. This kind of Windows calls OEM version. There are several different versions of Windows:

OEM SLP – This key comes pre-installed in Windows, when it comes from the Factory. This key is geared to work with the OEM Bios Flag found only on that Manufacturer’s computer hardware. So when Windows was installed using the OEM SLP key (at the factory) Windows looks at the motherboard and sees the proper OEM Bios Flag (for that Manufacturer and that version of Windows) and Self-Activates. (that’s why you did not need to Activate your computer after you brought it home)

OEM COA SLP – This is the Product key that you see on the sticker on the side (or bottom) of your computer. It is a valid product key, but should only be used in limited situations. The key must be activated by Phone. Usually you don’t have to input key during Windows installation since it check your hardware to get key.

OEM COA NSLP – Similar to OEM COA SLP license. Only different is you need to input the key during Windows installation. You must follow EULA to stay the copy on same computer forever.

Retail – Product keys are what the customer gets when he buys a Full Packaged Product (FPP), commonly known as a “boxed copy”, of Windows from a retail merchant or purchases Windows online from the Microsoft Store.

KMS Client and Volume MAK – They are issued by organizations for use on client computers associated in some way with the organization. Volume license keys may not be transferred with the computer if the computer changes ownership. Consult your organization or the Volume Licensing Service Center for help with volume license keys.

Hardware vendors may don’t allow you upgrade Windows in certain licensing mode. So they may provide you a newer Windows image to request you  do re-install on the computers but not upgrading.

Please refer following links for license key details.

What is the difference between SLP and NSLP versions of Windows 7?

Windows License Types Explained

HPE OEM Microsoft Windows Server FAQ Series- Part 1: Licensing Overview

HPE OEM Microsoft Windows Server FAQ Series- Part 2: OEM Licensing Basics

HPE OEM Microsoft Windows Server FAQ Series- Part 3: Microsoft Certificate of Authenticity (COA)

HPE OEM Microsoft Windows Server FAQ Series- Part 4: Windows Server 2016 Basics

HPE OEM Microsoft Windows Server FAQ Series- Part 5: Core-Based Licensing

HPE OEM Microsoft Windows Server FAQ Series- Part 6: Reseller Option Kit

HPE OEM Microsoft Windows Server FAQ Series- Part 7: Client Access Licenses (CALs)

HPE OEM Microsoft Windows Server FAQ Series- Part 8: OEM License Support

Network Problems of Auto Deployed ESXi Host in LAB

I built a simple Auto Deploy environment by vSphere 6.5 on nested environment. I created virtual ESXi hosts on a physical ESXi host to do the testing. The whole configuration was smoothly, I’m impressed Auto Deploy can be implemented in few hours. One thing bothered me was networking.

New ESXi hosts cannot get IP addresses properly somehow. It’s not a single problem. The symptoms are ESXi hosts cannot get IP address, or the Configure Management Network was grayed out on console, or ESXi hosts can get IP address but no responding to ping. Just quick post my solutions here.

To fix all these problems you need to do following:

  1. Enable Promiscuous Mode on the vSwtich which is attached to nested ESXi hosts on physical ESXi hosts.
  2. (I did that on Web Client of vCenter 6.5 U1. You may see different procedure on earlier versions.) Edit the host profile of Auto DeployNetworking configurationHost port group — Highlight Management Network — The option Determine how MAC address for vmknic should be decided — Choose Use the MAC Address from which the system was PXE booted.

If you don’t do step 1, your nested ESXi hosts may not able to get DHCP IP addresses properly, or it can get IP addresses but maps to a new MAC address lead to network packages cannot be transmitted.

Nested ESXi hosts get a DHCP IP addresses when do PXE booting. The hosts get another new IP addresses when apply host profile as soon as management network is created. It could be two different IP addresses and the MAC address of management network could be a new one that not same to any of vmnics. It will be hard to trace back on network switch in real environment, so I think it’s better also to do step 2.

Update 10/25/2017 — You should choose “User must explicitly choose the policy option” in step 2 above if you have multiple NICs. The reason is DHCP IP address during PXE may be captured by random NICs. If you choose what I mentioned in step 2, you will see DHCP server may learns MAC address of a none management network NICs associated with management IP address. Please refer this article for more detail.

Maximum Supported Boot Devices in Virtual Machine BIOS

Noticed a interesting limitation on VMware virtual machines. If you configure multiple SCSI controllers and distribute more than  8 virtual  disks. You may experience randomly OS boot up failure when power cycle VMs. Only last 8 disks with higher SCSI ID present in boot order settings of BIOS. You cannot choose the disks with lower SCSI ID.

You need to following up VMware KB “Changing the boot order of a virtual machine using vmx options (2011654)” to force virtual machines boot up on proper SCSI node.

Automatic vSphere Capacity Report in PPT

Reporting is important to management. To be a IT Pro, you may need to run regular reports for management. Some reports may be generated time consume. vRealize Operations Manager is an alternative to create customized reports. It’s a powerful product to organize data and create PDF or CSV files on scheduled intervals. I recommend have a look if you have planned to implement performance, capacity and alarm system for virtual environment.

What if budget is constrained? Is there a way to create such kind of reports? The answer is “Yes”. I worked out an automatic workflow to create the reports. I will not provide step-by-step guide in this post since it’s advanced integration of multiple products, everyone may have different way to do that. You can even create everything by script if you have strong programming skill. I’m not, I only look for the easiest way to achieve the goal.

Here is a scenario for  example: I want to run a monthly report for vSphere CPU and memory count and present to management by PowerPoint. I want to show management the historical trend of CPU and memory data. The traditional way is collect data in vCenter, organize and create charts in PowerPoint slides. So the whole workflow is: vCenter -> PowerPoint

If you want to automate the whole process you need to introduce few things more: PowerCLI, CSV and Excel. You need to develop a PowerCLI script to grab CPU and memory data on vCenter Server, then export the data to a CSV table by PowerShell command export-csv. Then import the table to an Excel file by Office feature Query Data. It loads the CSV table dynamically, you can even specific what data can be queried by filter.

Once the table is present in Excel, you need to create a chart accordingly. It’s trick when you paste the chart to PowerPoint Slide. You need to use Paste Special to paste the chart as Microsoft Excel Chart Object. The pasted chart can be updated automatically when you open the PowerPoint file.

The last step is created a scheduled task to run the PowerCLI script. Make sure you read my blog Extremely slow when run PowerShell script by scheduled tasks before create the task.

You can also configure the Excel file to automatically update table by CSV file.

Cannot Launch Patch Installer on Windows Server 2016

I was trying to update one Windows Server 2016 by standalone patch file. Somehow nothing happened after I double click the installer file. That’s because Windows Server 2016 prevent execute the  file due to it’s download from internet.

The quick fix is right click the file – Properties – Check Unblock – Click OK button.

Further more. The file has ADS (alternate data streams) attached. The ADS marked the file as download from internet.

You can run following two PowerShell commands to figure out object and value of the ADS.

PS C:\> Get-Item test file.msu -Stream *
PSPath : Microsoft.PowerShell.Core\FileSystem::C:\Users\wzheng110917a\Dow
PSParentPath : Microsoft.PowerShell.Core\FileSystem::C:\Users\wzheng110917a\Dow
PSChildName : 20171011_KB4038801_Updates.msu::$DATA
PSDrive : C
PSProvider : Microsoft.PowerShell.Core\FileSystem
PSIsContainer : False
FileName : C:\Users\wzheng110917a\Downloads\20171011_KB4038801_Updates.msu
Stream : :$DATA
Length : 1241376269

PSPath : Microsoft.PowerShell.Core\FileSystem::C:\Users\wzheng110917a\Dow
PSParentPath : Microsoft.PowerShell.Core\FileSystem::C:\Users\wzheng110917a\Dow
PSChildName : 20171011_KB4038801_Updates.msu:Zone.Identifier
PSDrive : C
PSProvider : Microsoft.PowerShell.Core\FileSystem
PSIsContainer : False
FileName : C:\Users\wzheng110917a\Downloads\20171011_KB4038801_Updates.msu
Stream : Zone.Identifier
Length : 26


PS C:\> Get-Content testfile.msu -Stream Zone.Identifier

You can  see the ZoneId is 3. Following is a table to show which type of file it is.

0     My Computer 
1     Local Intranet Zone 
2     Trusted sites Zone 
3     Internet Zone 
4     Restricted Sites Zone

For more reference please read Microsoft blog “Alternate Data Streams in NTFS“.

You can use Unblock-File if you want to unblock multiple files.



科技的发展真是非常快,十年前我还在用Windows Server 2003 和 Windows XP。十年后的今天,我们已经初尝到人工智能的味道。有那么多的Apps、网站、技术帮助我们更快速的学习新知识,人们的生活节奏越来越快,甚至学习这个人类的基本技能也在传统方式上增加了“碎片时间”方式(一个被“逻辑思维”所倡导的,2017年很流行的学习新方式)。


这个国庆假期,利用空闲时间在网络上搜索搭建SS服务器的资料,无意间看到逗比根据地上的一篇文章介绍一个给互联网上所有网站做历史快照的网站,就随手搜了搜我的过去,竟然无意间发现了自己十几年前写的博客。这些文章早已被我遗留在互联网的某个角落,忘记了。看起来那应该是我从MSN Live空间搬过去的,还依稀记得2000年那会儿博客非常火爆,互联网企业都在推各自的免费博客服务,微软也不例外,但是后来好像因为这种服务不赚钱,以及监管原因,大量的博客服务开始关停,微软也不例外。幸好我当时把文章都转移了,今天才有机会帮我回忆起当时的状态。