Icenlemon.co.uk - Page 2 of 3 - Just Another IT blog

September 7, 2011September 7, 2011

Checking partition alignment in vCenter using Powershell

A quick PowerCLI and Powershell script to check the partition alignment of Windows guests in a specific VM cluster under VMWare.

More information in the importance of partition alignment on hosts using storage arrays can be found at the following links:

NetApp – Best Practices for File System Alignment in Virtual Environments
Aligning your VMs virtual hard disks
Current Status, An Update, and a Look to the Future of Alignment

Good luck!

Connect-VIServer  myserver.fqdn.com
$Cluster = (Read-Host "Enter cluster name")

$myCol = @()
$vms = Get-Cluster $Cluster | get-vm | where {$_.PowerState -eq "PoweredOn" -and `
$_.Guest.OSFullName -match "Microsoft Windows*" } | Sort Name 

foreach($vm in $vms){
try {
$wmi = get-wmiobject -class "Win32_DiskPartition" `
-namespace "root\CIMV2" -ComputerName $vm            
	foreach ($objItem in $wmi){
        $Details = "" | Select-Object VMName, Partition, StartingOffset ,Status
		if ($objItem.StartingOffset) {
		$Details.StartingOffset = $objItem.StartingOffset
		$objItem.StartingOffset = $objItem.StartingOffset / 4096
#				Write $objItem.StartingOffset.gettype().name
            if ($objItem.StartingOffset.gettype().name -eq "UInt64"){
                $Details.VMName = $objItem.SystemName
                   $Details.Partition = $objItem.Name
                $Details.Status = "Partition aligned"
            }
            else{
                $Details.VMName = $objItem.SystemName
                   $Details.Partition = $objItem.Name
                $Details.Status = "Partition NOT aligned"
            }
    $myCol += $Details
    }
	}
}
catch {
Write "Error... "; $Error[0]
}
$myCol 
}

September 7, 2011

How to add datastores to single host in vCenter using Powershell

Connect-VIServer myserver.fqdn.com 
$VMHost = (Read-Host "Please enter the name of your the ESX Host you wish to configure")

$shellObject = new-object -comobject wscript.shell 
$intAnswer = $shellObject.popup("Do you want to add the datastores?", 0,"Add datastores - remember you must have added the hosts on the storage",4) 
If ($intAnswer -eq 6) {
Write "Creating Datastores on $VMHost…" 
New-Datastore -Nfs -VMHost $VMHost -Name datastorename -Path /vol/volname -NfsHost 10.10.10.10
New-Datastore -Nfs -VMHost $VMHost -Name datastorename -Path /vol/volname -NfsHost 10.10.10.10
} else {
Write "Skipping Datastores on $VMHost…" 
}

August 30, 2011September 1, 2011

Remote Desktop Disconnected: The authentication certificate received from the remote computer is expired or invalid.

Upon connect to a remote machine I can across the following error. Since deploying Server 2008 I have seen this issue a few times so I thought I would blog it.

When connecting to a remote machine some clients (usually clients with a new version of the Remote Desktop client on their machine) the following error is received:

The first thing to check is the remote machines certificate. So from a client that can connect or directly on the console do the following:

Start > Run > mmc.exe
File > Add/Remove Snap-in…
Certificates > Add > Computer Account > Local Computer > Finish
Remote Desktop > Certificates
Check the certificate expiration date. If the date has past or the certificate is invalid simple right click and delete the certificate
From a client that was failing to connect try and connect again. Upon the reconnection attempt the remote machine with auto generate a new certificate

Should you still have problems ensure the client settings for remote desktop connection are set to “Warn Me” or “Connect and don’t warn me” under Advanced and Server Authentication. Also check for clock drift (both time and date) between the client and remote computer, anything more than a few minutes can cause problems.

Happy troubleshooting! 🙂

August 30, 2011August 30, 2011

The AppSense User Virtualization service will start then immediately stops

The AppSense User Virtualization service will start then immediately stops with the error message from windows reading as follows:

“The AppSense User Virtualization Service on the Local Computer started and then stopped. Some services stop automatically if they have no work to do, for example, the Performance Logs and Alerts service.”

All other AppSense services remain running but as a result no AppSense Environment policies are being applied.

The application event log only shows the following message:
Source: AppSense EmCoreService
Event ID:8001
Description: AppSense Environment Manager: Service stopped

After sometime with AppSense technical support the issue was caused by a missing registry key. The key HKLM\Software\Microsoft\Windows NT\CurrentVersion\AeDebug must be present for the AppSense User Virtualisation service to start. As it happens the previously upgraded AppSense Policy Configuration was deleting that key to disable Dr. Watson debugging as per the Microsoft KB article KB188296. To resolve the issue I simply removed the action and started the service.

August 12, 2011August 12, 2011

List all VMs with a memory limit set in vCenter using Powershell

This script lists all VMs with a memory limit set in Resource Manger in a given VMWare cluster.

Connect-VIServer myserver.fqdn.com 
Get-Cluster $Cluster | Get-VM | Get-VMResourceConfiguration | where {$_.MemLimitMB -ne "-1"}

If you want to clear all memory limits and set them to unlimited use the following code

Connect-VIServer myserver.fqdn.com 
Get-Cluster MyCluster | Get-VM | Get-VMResourceConfiguration | where {$_.MemLimitMB -ne "-1"} | Set-VMResourceConfiguration -MemLimitMB $null

The same can also be done for the CPU management using CpuLimitMhz attribute.

August 12, 2011August 12, 2011

Set OS Customization in vCenter using Powershell

How to set the OS Customization at any time even after the VM creation using Powershell and PowerCLI.

Connect-VIServer myserver.fqdn.com 
Get-VM -Name MyVM | Set-VM -OSCustomizationSpec "MyCustomSpec"

August 2, 2011August 2, 2011

Citrix The Independent Management Architecture service terminated with service-specific error 2147483659

In Citrix Presenstation Server version 4 and 4.5 you may receive the following error messages in the event log.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7024
Date: 01/08/2011
Time: 15:53:15
User: N/A
Computer: SERVER1
Description:
The Independent Management Architecture service terminated with service-specific error 2147483659 (0x8000000B).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: IMAService
Event Category: None
Event ID: 3601
Date: 01/08/2011
Time: 15:53:15
User: N/A
Computer: SERVER1
Description:
Failed to load initial plugins with error IMA_RESULT_TIMEOUT

Event Type: Error
Event Source: IMAService
Event Category: None
Event ID: 3609
Date: 01/08/2011
Time: 15:53:15
User: N/A
Computer: SERVER1
Description:
Failed to load plugin ImaRuntimeSS.dll with error IMA_RESULT_TIMEOUT

Event Type: Error
Event Source: IMAService
Event Category: None
Event ID: 3609
Date: 01/08/2011
Time: 15:53:15
User: N/A
Computer: SERVER1
Description:
Failed to load plugin ImaPsSs.dll with error IMA_RESULT_TIMEOUT

Event Type: Error
Event Source: IMAService
Event Category: None
Event ID: 3615
Date: 01/08/2011
Time: 15:53:15
User: N/A
Computer: SERVER1
Description:
The server running MetaFrame Presentation Server failed to connect to the Data Store. Error – IMA_RESULT_TIMEOUT An unknown failure occurred while connecting to the database.

After initial investigation it wasn’t create if the IMA configuration was connecting to the datastore correctly so I followed CTX105257 to check the location of the DSN was correct. After looking through the config for some reason this server wasn’t connecting directly SQL instance but instead was indirectly connecting to another Presentation server which was down and hense the IMA service couldn’t find the datastore. I reconfigure the datastore to be the SQL instance and started the service which ultimately fixed this issue.

June 15, 2011June 15, 2011

Citrix XenDesktop VDA’s not registering

Today I walked in on an odd issue with XenDesktop. The Delievery Controllers were showing each of the VDA’s as “Not Registered”

The environment is currently as follows:

XenDesktop 4 with Multiple Active Directory Forests.

Forest 1 is Windows 2003 located in local data centre

Forest 2 is Windows 2008 with the PDC located on a remote WAN site, the are local write-able domain controllers located within the local data centre

There is a domain level trust between the child domains

There are DNS stub zones for the other domains on each of the domain controllers

Desktop Delievery Controllers are located in the local data centre and are members of Forest 1

XenDesktop VDA’s are located in the local data centre but the machines are members of Forest 2

The NTLM authentication happens via the domain trust.

After viewing the trusty event viewer on the Delievery Controller you might see the following:

Event ID: 1309
The delivery controller failed to broker a connection for user ‘[email protected]’ to desktop group ‘Desktop Group’. The assigned virtual desktop ‘‘ for the user is not available.

This may be because the desktop is not connected to a controller, another user is already using the desktop, or it may still be initializing.

Moving across to the desktop event log you see the following:

Event ID: 1221
The Citrix Desktop Service cannot connect to the delivery controller ‘http://controller.fqdn:8080/Citrix/CdsController/IRegistrar’ (IP Address ‘10.10.10.10’)

Check that the system clock is in sync between this machine and the delivery controller. If this does not resolve the problem, please refer to Citrix Knowledge Base article CTX117248 for further information.

Error Details:
Exception ‘Fail worker callback using SPN HOST/machine.domain.com and IP address 10.10.10.10’ of type ‘System.ServiceModel.FaultException`1[Citrix.Cds.Protocol.Controller.Fault]’.

Event ID: 1246
The Citrix Desktop Service has detected that the delivery controller controller.fqdn (IP Address 10.10.10.10) cannot connect to the Service. One possible reason for this is that the ‘Access this computer from the network’ security policy does not allow the delivery controller server identity to access this machine.

Please check that a local or group policy is not set incorrectly to disallow access from the delivery controller servers.

Event ID: 1208
The Citrix Desktop Service’s connection to the Citrix Desktop Delivery Controller Service was terminated. The Citrix Desktop Delivery Controller Service is running on server ‘controller.fqdn’.

Check that there is no active firewall blocking the controller communicating with this machine.

Please refer to Citrix Knowledge Base article CTX117248 for further information.

Error details:
Keep-alive request was rejected.

After some troubleshooting with the AD team it turns out that the domain controller for Forest 2 at the local data centre had stop replicating and was no longer accepting requests for Directory Services. Other services on the local DC were working as expected and even an LDAP bind was working inbound to the box but outbound (return) communications were not. Once the Directory Services service was restarted authentication started to flow again which in turn allowed the VDAs to register again.

A good article on how NTLM authenication works with multi domains can be found here.

June 13, 2011June 3, 2013

Remote Desktop Services: The Local Session Manager service failed the logon

After rebooting one on my XenApp servers the other day I was then unable to log on receiving the error “The Local Session Manager service failed the logon. The requested session access is denied”

After some investigation the local session manager was failing to contact the Windows license server. The server was up but the Remote Desktop Licensing Manager was showing as “Not Activated”, clicking activate just resulted in a further error. The event manager was also showing the following.

After some more search I discovered a Microsoft KB article KB983385, it turns out an expired certificate was causing the issue, after installing the hotfix and rebooting the license server I also had to reboot the XenApp server at which point I was then able to log on again.

April 19, 2011August 12, 2011

IIS Kerberos and 401 – Unauthorized: Access is denied due to invalid credentials.

I came across a bizarre issue this week and thought it should be shared.

An existing server was running a web application on IIS 7, the virtual directory used Kerberos as the only authentication method. This had been working for server months without issue but then seemed to randomly stop authenticating the users. Both client and server logs (event viewer and IIS logs) were unusually quiet. After some serious head scratching I found this article that was very usefully as a sanity checker.

However after checking the SPNs and trusted delegation settings I did some further testing which pointed towards a client issue. Under advanced setting the option “Enable Intergrated Windows Authentication” had become unchecked. Checking this option enables Kerberos authentication at the client end, without it Kerberos authenticated websites will not work. Interestingly NTLM will work with this option disabled. It looks like this may have been caused by a Windows update but I can’t be sure.

Anyway I hope this helps anyone else scratching their heads 🙂 Happy troubleshooting!