Updating ESXi / vSphere 5 using the CLI (Command Line Interface)

By | Published 10/01/2012

In a previous article, I blogged on how to update ESXi 4.0 to 4.1. The pricipals I described could be applied to all updates of version 4 of ESXi / vSphere that followed thereafter.

Unfortunately, with the release of version 5 of ESXi, the method I described previously no longer works when patching the system. If you attempt it, you get the following error message:

“This operation is NOT supported on 5.0.0 platform.”

Instead, you now need to use a different command line tool, which I shall now describe.

First off, you need the newest release of the CLI install package from VMware, which can be freely downloaded here.

Having installed, I highly recommend a restart of the workstation you using the CLI on. On my system, some of the Perl related libraries the CLI depends on didn’t seem to work till I did a restart.

Having restarted, bring up a Windows command line prompt, ideally in elevated admin mode (to make sure you have unrestricted access to your own system). Normal mode should be ok, as long as your update files have been downloaded to a local file system that can be accessed by your user account.

You also need to have the VMware vSphere Client installed, which you should be able to get (if you don’t have it already) just be entering the IP address of your ESXi host in a web browser window. The web server running on there should give you a download link.

Finally, go on the VMware website, and download the latest patches you want to apply to your ESXi 5 setup. At this present moment in time, I was applying the major Nov 2011 update, which brought me up to ESXi 5.0.0 build 515841.

For simplicity, having downloaded the latest ‘vib’ update (VMware’s terminology for an update archive, normally in the form of a ZIP file), I renamed it to Update.zip.

Having done this, you will need to upload the file into one of your storage volumes via the vSphere client. Note the path location to where you put the file. Furthermore, make a note of the full storage mount location of the actual data store, which can be found by selecting the datastore under Configuration -> Storage in vSphere client, and looking in the bottom panel labelled Datastore Details. As much as a pain it might be, my findings were that it was easiest to take the whole entry next to ‘Location’ and not substituting the common name of the datastore (so the entry you need will have a long GUID type path entry).

Go back to the Windows command line and type one of the following from the command prompt in order to get in to the CLI script folder:

For 32-bit OS:
cd C:\Program Files\VMware\VMware vSphere CLI\bin

For 64-bit OS:
cd C:\Program Files (x86)\VMware\VMware vSphere CLI\bin

You may also wish to enter your host in to maintenance mode before doing the update, which can be easily done from the vSphere Client.

Finally type the following command:

esxcli -s 192.168.0.10 -u root -p password software vib install -d
/vmfs/volumes/4ff41a22-76ab1cd3-2516-001ed2a2e4dc/Updates/Update.zip

In the above, I’ve put my personal entries in unboldened italics. You will need to put in your own entries as follows:

-s    Your Server IP or Hostname
-u    Your ESXi host admin user name, normally ‘root’
-p    Your ESXi host password
-d    The location of your Update.zip file, using the location of the datastore, and the further folder location you may have created to put the update in (the ‘d’ stands for ‘depot’, by the way).

When you hit enter, the cursor will drop for a time, and nothing may appear to happen for several minutes. If the update is successful, you will eventually get an installation result message confirming all is ok, with a list of all updates applied. If it fails, I assume it will tell you, but it has yet to fail for me :)

You will then need to go back in to the vSphere client, restart the ESXi server, and then take it out of maintenance mode. Then manually fire up any virtual machines you have. You should then be done.

There may be a way of applying multiple updates simulteneously, but I’ve yet to need to do that. Doing one file at a time should work ok though (I suggest oldest updates first).

Posted in ESXi, VMware | Leave a comment

Microsoft Forefront TMG 2010 won’t upgrade to Service Pack 2

By | Published 13/12/2011

On trying to upgrade to service pack 2 for MSForeFront TMG (Threat Management Gateway), I repetitively got the below error:

“The upgrade patch cannot be installed by the windows Installer service beause the program to be upgraded may be missing, or the upgrade patch may update a different version of the program. Verify that the program to be upgraded exists on your computer and that you have the corect upgrade patch.”

This one has me beaten for a while. I had already upgraded to SP1 for TMG, and I couldn’t see why upgrading to SP2 wouldn’t work. Furthermore, in recent years Microsoft have generally allowed you to jump service packs anyway (such as going to a Service Pack 2, whilst still having the original RTM of a given product).

I dug around a bit, and found there is an interim update for TMG, post SP1, that must be installed to install SP2. This update (unsurpisingly named “Software Update 1 for Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 1″) can be found here.

Install this, then try running the SP2 for TMG update again. You should find it all goes well.

Posted in Forefront | 10 Comments

The £89 / $99 HP TouchPad. A disaster for HP, or a genius recovery strategy?

By | Published 24/08/2011

Like many others, I have been frantically trying to buy an HP TouchPad. From all I’ve read, it’s a good bit of kit, despite a lack of third party apps and unclear future support. One potential offering (which I think will happen in some / several forms) of an Android port makes it exciting too. Because as much as this tablet’s Operating System, webOS, might rock, it’s pretty much dead. Right?

I think wrong. I pondered this for the last few days, and what I’m about to say here is purely speculation, but there could be something in it.

HP, under its new leadership et al, want to exit the consumer laptop and tablet market. Less than 2 months after its intro, the TouchPad is being ditched. All looks a bit sad. HP, one would hope, have evaluate the unsuccessful market takeup of the TouchPad (pre-discount) and things looked grim. Additionally, under the new leadership of Leo Apotheker, there has been a stated desire to move in the direction of being a foremost consulting / software firm, possibly taking a path similar to IBM’s move when they ditched their laptop devision to Lenovo a few years back. Already HP have bought up Autonomy, reflecting their new intended direction.

They have not specified the future certainty of webOS’ fate. No doubt they truly want (whether you think it is insane or not) to kill the TouchPad off as a hardware device, but perhaps they really do want to keep webOS alive and license it out to third parties, as part of their strategic way forward. If so, what’s a way of increasing the ‘in the wild’ volume of webOS instances overnight, whilst also off loading your unwanted hardware? Sell it for a song.

The price reduction of the HP TouchPad 16GB to $99 in the States and £89 in the UK has undoubtedly massively increased the amount of webOS users. It’s the best selling device on practically every hardware site that holds [held] it. There could be 10 times or more the number of the devices out there being used right now (no stats have been released yet, that I’m aware), versus pre-August 19th, and suddenly a system no-one was taking enough notice off to survive is desired by everyone and their dog.

Sure, HP might still ditch webOS, or just shoehorn it in to printer interfaces, but I doubt it. I think what we’re actually seeing is a true disaster turned in to a fantastic and potentially fruitful marketing opportunity for the webOS platform, using the now dirt cheap hardware as a superb and clever marketing device.

This has undoubtedly cost HP millions of dollars as an offload. The lucky people who got the cheap TouchPads are the immediate benefactors (yes, I am jealous!). But almost overnight, HP massively increased the user base of a platform that might, just maybe, now appeal to developers a lot more, and third parties to consider licensing and writing apps for, given the publicity and the hands on use it will now be getting. If they were going to ditch the hardware anyway, what did they have to lose? There’s no risk, and frankly if I was an HP executive, I’d say worth a punt.

This is just my two pennies worth, and I could well be wrong. But if I see webOS taking 5% of the market sector for tablets in the next year, with HP reaping massive royalties for licensing the technology to the likes of Samsung, HTC, etc, then I won’t fall out my chair; I’m half expecting it. It may be that HP make a massive financial turn around to this whole mess, having made a loss leader out the TouchPad intially, but as a bridge to triumphantly elevate webOS to a level that could never have been achieved had it stayed anchored to their own exclusive products and no-one elses’.

Let’s see how history unfolds on this one; it’s going to be fun to see what happens when the chaos is over, and what emerges from the ashes. Maybe webOS has just been given a place in the future that less than a week ago would have been impossible. I know i still want one ;)

Posted in HP, TouchPad | Leave a comment

Avast! Business Protection [Plus] – exclamation mark on client Avast and console, when shields are disabled

By | Published 03/08/2011

Avast Business Protection [Plus] has recently been released – a way overdue update to Avast’s business targeted line, which has previously been left on the 4.8 code base since the beginning of 2010 (when Avast 5.0 came out for home users). I’ve had various problems with this update, mostly to do with licensing, but I’ll save that for another blog….

In the new admin console I have created different groups for different servers / workstations, dependent on their shield (module) need, and dropped the PCs discovered on the network in to the correct groups. For example, our general file servers do not need the SharePoint or the Exchange shield scanning plug-in to be enabled; it’s an unnecesary overhead, and at best just pointless to be on.

Disabling the unneeded shields was nice and easy – can all be done under the group settings for a collection of computers (under the sensibly named ‘Shields‘). But whilst this worked, the end result was not good; on the client side (the server or workstation running the pushed out copy of Avast Business Protection client), I got an exclamation mark on the taskbar like this:

And in the Avast! Administration Console, for the given computers:

It would seem there are no easy tick boxes to stop this problem; you have to find the solution by clicking a big scary button…

To start, go to edit the settings for your given group that you want to modify shield monitoring. In the window that appears, click on the bottom left hand option ‘Expert settings’.

Next, click the big scary button that reads “I’ll take the risk, show the expert settings”

No doubt, you could seriously mess-up some installs if you alter some settings – I don’t know what most the functions do. I played with a test setup first, and was delighted to find what I needed to correct these problems.  Let’s assume we just wanted to disable monitoring of the Exchange module, on systems that don’t have Exchange. Scroll down in the list, and find:

avastcfg://avast5/Common/PropertyPowerbarExchange

You’ll notice it has a value of ‘1‘ set to the right of it. Double click on this value, and change it to ‘0‘.

Left click save at the bottom of the window, and within one minute, your client system’s exclamation mark should have gone, and your admin console for the system should look more like this:

You’ll notice there are lots of other ‘PropertyPowerbar‘ options in the same area of expert settings. Zero-ing out any of these will stop the Avast client monitoring that shield, and the fault of bringing up the explanation mark. Be careful – you don’t want to zero out a shield you are actually running, as if this shield is at anytime disabled by some rogue virus or the like, it won’t show up on the console.

This seems a silly error that Avast will no doubt fix at some point in the future – if nothing else, disabling a given shield should zero the value for you. At the start of August 2011, this is yet to be seen – early days! :)

Posted in Avast!, Business Protection, Business Protection Plus | Leave a comment

Adding .admx GPO templates for Win 2008 Group Policy and beyond…

By | Published 21/07/2011

For a long time I have tried to add .admx files to individual group policies using the management editor, as I do with older .adm template files. However, whilst the conventional Add/Remove Templates method works for the old school .adms, it gives the following error message if you try and add an .admx:

“file.admx is not a valid template file. Only files that end with the .adm file externsion can be added to this Group Policy Object.”

Why does this happen? Because Microsoft revised their policy on where the templates were stored and implemented from. Now, you just need to make sure that your required .admx files are placed in the %systemroot%\PolicyDefinitions folder. Also, the .adml files (which should be provided) need to be placed in the appropriate language subdirectory (such as en-us) of this folder, for the policies to list and work correctly. This only needs to be on the system you manage group policy from, not every DC in your Active Directory network.

The upshot of this new method is that for every .admx / .adml file you add to this folder tree, it is automatically available to all GPOs managed with that system. Converesely, I believe under the old system that you had to add the .adm file to every individual policy you wanted to use the template in.

Posted in Group Policy, Microsoft, Uncategorized | 2 Comments

SharePoint 2010 – Search and other Web Apps don’t work out the box

By | Published 21/07/2011

Every time I tried to do a search on my SharePoint server, it came back with an error as follows:

“The Web application at http://sharepoint.domain.local/ could not be found. Verify that you have typed the URL correctly. If the URL should be serving existing content, the system administrator may need to add a new request URL mapping to the intended application.”

For a while it had me beaten. Then I realised the problem – elements of SharePoint will not work properly if the Internal FQDN (Fully Qualified Domain Name) is used from a browser instead of the Host name, because elements of SharePoint will only work when using the pre-defined names it knows. To illustrate the point, by connecting to the server via http://sharepoint/, the search process worked perfectly.

So how to fix this? In an ideal world you want to be able to have SharePoint working fine on the Hostname, the Internal FQDN and [depending on your setup] the external FQDN. And here is how you do it……

1) Fire up the SharePoint Central Administration.

2) On the opening page, look under the System Settings heading for Configure alternate access mappings.

3) From here you can edit, add or ‘map to external resource’ a URL. In this case, I am going to add a URL for my internal FQDN. So I click Add Internal URLs.

4) Next, you need to select the entry for Alternate Access Mapping Collection. I click the drop down link to do this and use the change option, and in the proceeding window select my main SharePoint site. This then takes me back to the previous window with this option selected.

5) In the field for Add Internal URL, I need to add my FQDN, protocol and port number. As I am operating on port 80 / http, this is set as: http://sharepoint.domain.local:80. My required domain is internal, so from the zone list I select Intranet then click on Save.

6)You’re done! Fire up a browser using the newly added domain name, and you will find all should now work. Note that if you are applying an internal domain name that is completely different from the SharePoint host name, you will need to make changes to your DNS servers records to reflect this, or else the name won’t resolve.

Posted in Microsoft, SharePoint | Leave a comment

Google Earth – change location of ‘My Places’ / .kml files

By | Published 20/07/2011

When you create drop pins on Google Earth, and add them to ‘My Places’, the underlying information is stored in several .kml files. By default, under Windows 7 at least, the location of these files is in:

C:\Users\%userprofile%\AppData\LocalLow\Google\GoogleEarth

In my view, this is a bad place for a number of reasons. The main one for me is that I use redirected folders to keep my app data on a network server, and this server is backed up nightly. With the default Google Earth config, the kml files just sit on the local PC, don’t get backed up, and would be lost if the hard drive ever went down. Also, I like to hot desk between computers, and with the default config my .kml files aren’t going to be following me.

As far as I can see, the solution is simple. open up regedit without elevated persmissions, and drill through until you find the entry:

HKEY_CURRENT_USER\Software\Google\Google Earth Plus\KMLPath

If you bring up the data entered for KMLPath you will see the aforementioned path location in there. Completely remove this. You can now replace it with another local location, or a network location. The location must be a complete path; I found variables such as %username% do not work. So, for example, I changed mine to:

\\Server1\Redirected Folders\bobby.c\Application Data\Google\Google Earth

You must make sure that Google is long since exited, and that the folder you map to does already exist on the server (just create it using win explorer). You should be able to copy existing kml files across from the old to the new location, and Google should roll with them. I would copy all kml files only (leave the cache et al where it is), and as ever make sure you keep a backup before doing this….

Posted in Google, Google Earth | Leave a comment

‘Verify that the Activity Feed Timer Job is enabled’ error in SharePoint 2010

By | Published 13/07/2011

I’m only just breaking open the box on properly using SharePoint. Every test install I have done, I have been hampered by this same error. The solution is simple.

First off, completely ignore the link that Microsoft gives you for ‘help’ – it resolved nothing. Instead, from within the Central Administration home page, do the following:

Click the Monitoring title.
Under the Timer Jobs heading, click on Review job definitions.
Scroll down the list and look for User Profile Service Application – Activity Feed Job (might be worded differently on pre- SharePoint 2010 SP1). You’ll note this is ‘disabled’. Click on the title link, and then the Enable button in the page that follows. This will set the service to hourly by default, and in the span of time your problem should disappear from the problems list in Central Administration.

Posted in Microsoft, SharePoint | Leave a comment

SharePoint 2010 – ‘database requires upgrade or not supported’ error post SP1 install

By | Published 10/07/2011

I was unable to search for anything in my SharePoint portal. On inspection in the Central Administration panel, I got the error message in the title.

To correct this, I did as it said in the ‘remedy’ area, when clicking on the problem. In summary:

1) Fired up the PowerShell; in my case with Win 2008 R2 and SharePoint 2010 installed, this can be found as ‘Windows PowerShell Modules’ under the  ‘Administrative Tools’ section on the from the start menu.

2) Run Upgrade-SPContentDatabase -id WSS_Content. If you want to upgrade a different database, you will need to find its GUID instead, which should be listed within the database name

3) You will be asked for confirmation as to whether you want to do this. Upon approving this, a percentage readout will trickle along PowerShell window. This may take a few minutes or more to complete, depending on how much data you have.

4) Your database for content should now be updated!

N.B. Having done the above, I found that SharePoint was still having problems with a lot of other database. My conclusion was that during the SP1 update, it did not update the databases. An easy resolution to this to go to:

Start -> All Programs -> Microsoft SharePoint 2010 Products ->SharePoint 2010 Products Configuration Wizard

This will save a lot of time! The wizard is automated, and fixed all problems for me :) Why the upgrade didn’t do this automatically is anyone’s guess!

Posted in Microsoft, SharePoint | 10 Comments

RemoteApp programs ‘lock’ after 10 minutes of inactivity

By | Published 11/04/2011

I’ve just rolled out a 32-bit Windows 2008 Server, for the sole purpose of running our legacy DOS and other 16-bit applications via a Terminal Server (these apps are just a little long in the tooth, but still currently important part to the firm I work for). We’re running Windows 7 x64, so DOS mode is now a non-entity for us on local systems.

For the problem I suffered, this was beside the point. After some effort, the RemoteApps would work absolutely fine, but if the user was to leave their computer for 10 minutes, when they returned the RemoteApp was locked. It required re-entering the password for the TS account in use for these apps, something which they shouldn’t even have to know (and don’t).

With Google as my friend, I set out trying to find a resolution. The resolution was along the lines I thought it might be – it’s all to do with a screensaver ‘time-out’ (the time marker for displaying the screensaver), which kicks in regardless of whether a screen saver is set or not. There were a series of solutions, most suitably involving Group Policy, but I simply couldn’t get them to work.

The problem is, the articles out there tell you what to do, but don’t clarify that the policy needs to ultimately apply to the Terminal Server, or the user account in use with Terminal Server. By implication I was left believing that the policy should be applied to the user workstation itself, and that the 10 minute screen saver setting for the workstation was causing a lock to the remoteapps. This is not the case.

Having established this, I set about creating a GPO. In my case, the setup is simple versus other real world scenarios; I only need one user account that all my RemoteApps are run through, and I only have one 2008 Terminal Server. I have done everything on the terminal server to ensure my user account can access the server via RDP, whether via a RemoteApp or full Remote Desktop Connection.

Because my setup is basic, I was able to put both the TS user account and the Terminal Server in its own OU called ‘Terminal Servers’. From here, I created and linked a GPO, and set the following policy setting:

User Configuration -> Policies -> Administrative Template -> Control Panel / Personalization -> Screen saver timeout

I enabled this setting, and set the value to 0 seconds.

If you have a more complex setup, with Terminal Servers in different OUs to user accounts (highly likely), you may need to play around with loop back processing to get this to work. Also, the templates for GPOs in my Active Directory are based around 2008 R2, so you may find the ‘Screen saver timeout’ setting in a slight different place.

To expidite the application of the new setting, run gpupdate /force from a TS user session on the Terminal Server. Otherwise, wait a time and it should kick it (although a restart to the server might be a good idea, to refresh any disconnected but still open TS sessions).

Posted in Microsoft, Remote Desktop, Terminal Server | Leave a comment

Swedish Greys - a WordPress theme from Nordic Themepark.