Wu's Blog

My IT Adventure

Category: English

English version of my posts.

  • “The update is not applicable to your computer” When Install Standalone Patch on Windows Server 2016

    You may see error message below when installing standalone patches on Windows Server 2016.

    The update is not applicable to your computer

    2018-09-29 14_50_07-Windows Server 2016 GUI - VMware Workstation

    It may be caused be servicing stack update is not installed on the server. Please install KB4132216 before installing the patch.

  • Show CDP Neighbor of Cisco UCS Uplinks

    There are two ways to know which network switch ports the network uplinks of Cisco UCS Fabric Interconnects are connected to.

    By CLI

    • SSH to the Cisco UCS Manager.
    • Connect to FI-A.
    # connect nxos a
    • Show neighbor of network uplinks.
    # show cdp neighbor interface ethernet <port num>

    By PowerShell

    • Make sure Cisco PowerTool (For UCS Manager) is installed.
    • Enabling the Information Policy via UCSM GUI.
      • Go to “Equipment” -> “Policies” tab -> “Global Policies” tab -> “Info Policy” area.
      • Change to “Enabled“. (No impact to running blades)
    • Open a PowerShell window.
    • Connect to the UCS Manager.
    # Connect-Ucs <UCS FQDN>
    • Show CDP neighbor details.
    # Get-UcsNetworkLanNeighborEntry

    Side notes

    Following command can shows network switch name, network switch ports and FI ports

    # Get-UcsNetworkLanNeighborEntry | Select deviceid,remoteinterface,localinterface

    If you prefer to enable the “Info Policy” by PowerShell, run following command

    # Get-UcsTopInfoPolicy | Set-UcsTopInfoPolicy -State enabled -Force

  • “default Keyring’s certificate is invalid” in Cisco UCS Manager

    You may see following error in Cisco UCS Manager:

    default Keyring’s certificate is invalid

    The reason is Admin -> Key Management -> KeyRing default is expired. It’s not possible to delete or change the KeyRing in GUI. You have to log in to SSH of Cisco UCS Manager and run following commands (The strings after “#”):

    lab-B# scope security
lab-B /security # scope keyring default
lab-B /security/keyring # set regenerate yes
lab-B /security/keyring* # commit-buffer
lab-B /security/keyring #

    This will result in a disconnect of the Cisco UCS Manager GUI on your client computer. Just refreshing the page after 5 seconds. It’s no impact to blades.

  • A Huge Amount of Warnings of “Image is Deleted” in Cisco UCS Manager

    A few days ago, I deleted some older firmware packages in Cisco UCS Manager. Suddenly more than 100 warnings were generated. The error messages are similar below:

    blade-controller image with vendor Cisco System Inc……is deleted

    Cause: image-deleted

    Clearly, it’s triggered due to packages deletion. But all of my service profiles and service profile templates were using existing firmware packages. The deleted packages were not been used anywhere.

    I also deleted download tasks and cleaned up everything I can. The warnings still persisted. I figured out it’s caused by the default firmware policy when I read a blog article.

    In case you are facing same issue. Please go to Servers -> Policies -> Host Firmware Packages -> default ->  Click Modify Package Versions -> Change it to available version.

     

  • Install LXC on CentOS 7 Minimal Version

    Some notes for LXC. CentOS 7 minimal version doesn’t support LXC installation by default since LXC is deprecated in version 7. The new container solution is based on docker framework.

    There is an alternative to install LXC. Following are procedures:

    1. Install Epel (Extra Packages for Enterprise Linux) repository. 
      # yum install epel-release
    2. Install some dependencies. 
      # yum install perl debootstrap libvirt
    3. Now you can install LXC in the epel repository. 
      # yum install lxc lxc-template

  • VMware Recalled VMware Tool 10.3.0

    There is an issue been identified in VMware Tools 10.3.0 can result in a PSOD or guest network connectivity loss. VMware has released KB57796 for that.

  • Cannot Open KVM Virtual Machine Manager on CentOS 7

    I got following error message when I try to run KVM Virtual Machine Manager: virt-manager on SSH.

    Gtk-WARNING **: cannot open display:

    There are several things need to be checked:

    • Make sure “X11Forwarding” is set to “yes” in /etc/ssh/sshd_config on the machine you run virt-manager. 
      cat /etc/ssh/sshd_config | grep "^X11"
    • If you are using Windows to connecting SSH. The X11 need to be forwarded to an “X Window server” on top of Windows. I use xming.
    • If you connect SSH by Putty on Windows. Please configure X11 forwarding.
      • Go to “Connection” -> “SSH” -> “X11“.
      • Check “Enable X11 forwarding“.
      • Assign xming.exe path in “X authority file for local display“.
    • If you are using terminal on Mac OS. You need to install Xquartz. It configures terminal automatically.

    Now you are ready to use “virt-manager“.

  • “Timed out waiting for the PowerShell extension to start” in Visual Studio Code

    When you load a PowerShell script you may see following error messages:

    Timed out waiting for the PowerShell extension to start

    If you see error logs, following appears:

    The language service could not be started

    One possible reason is your PowerShell executive policy is set to “AllSigned“. You can find the policy by run PowerShell command below.

    Get-ExecutionPolicy

    Run the following command in an elevated PowerShell window to change the policy.

    Set-ExecutionPolicy -ExecutionPolicy RemoteSigned

     

  • Cisco UCS Blade Cannot Get IP Address for KVM

    You may see “The IP address to reach the server is not set” when clicking the KVM console in Cisco UCS Manager. The issue persists even Cisco UCS Manager has enough IP addresses for management. Re-acknowledge or reset CIMC cannot fix the problem.

    The fix procedure is go to “Equipment” -> Select the server -> “General” tab -> “Server Maintenance” -> “Decommission” the server.

    Wait for the decommission completed, then re-acknowledge the server. IP address will be assigned to the server after the acknowledge process is completed.

  • How to Specific Allowed IP Addresses in ESXi Firewall by PowerCLI

    In recent LAB environment reviewing, I noticed my LAB ESXi hosts allow connections from all IP address for NTP services. This is not the best practices for the solid environment. I want to specify certain IP addresses are allowed in case of vulnerabilities in NTP services. There are a lot of blogs talking about how to enable/disable firewall ruleset but no one talks about how to do so. Following is what I figured out. Please let me know if you see anything I can improve.

    # Please connect to vCenter Server by Connect-ViServer before use this script.
$vmhosts = Get-VMHost -Location esxiCluster
foreach($vmhost in $vmhosts){
$esxcli=get-esxcli -vmhost $vmhost -V2
$ntpRuleSet = $esxcli.network.firewall.ruleset.set.CreateArgs()
$ntpRuleSet.allowedall="false"
$ntpRuleSet.rulesetid="ntpClient"
$esxcli.network.firewall.ruleset.set.Invoke($ntpRuleSet)
$ntpAllowIP = $esxcli.network.firewall.ruleset.allowedip.add.CreateArgs()
$ntpAllowIP.rulesetid="ntpClient"
$ntpAllowIP.ipaddress="192.168.0.1"
$esxcli.network.firewall.ruleset.allowedip.add.Invoke($ntpAllowIP)
$ntpAllowIP.ipaddress="192.168.0.1"
$esxcli.network.firewall.ruleset.allowedip.add.Invoke($ntpAllowIP)
}

    The red text is customized parameters. Please change accordingly.

    The script gets all ESXi hosts details in the specified location, you can use a cluster name, ESXi name, or folder. Then it disables “Allow connections from any IP address” option of the ruleset, and add 2 IP addresses to the ruleset.