Translate

Wednesday, September 7, 2016

Windows update is disabled by administrator

Windows update can't  check for updates because settings on this PC are controlled by your system administrator

To disable this option

Open Registry Editor

Navigate to key path 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

now look for nowindowsupdate key and change its value to 0.

Go back to Control panel and check on windows update, it should be back to normal now.
This fix works on Windows Server 2012 R2

Tuesday, December 9, 2014

Backup VMware ESXi 4.1 Configuration



Errors: GET https://serverip/downloads/configbundle-servername.tgz unsuccessful : 404 Not Found


Thing in place

vCLI (Download vCli from ESXi hosts home page)
Putty



Steps to follow

Create a Folder in c:\VMware_Backup


  • To create a folder in windows is very easy, right click on c: and create a new folder VMware_Backup. You can choose whatever location you want, in this case it is c:


Create a scratch Partition in ESXi host


  • Login to ESXi host using Putty



  • Type commands


cd tmp

mkdir scratch (* If this folder exists already, you don't need to create one)

cd scratch

mkdir downloads (* If this folder exists already, you don't need to create one)



Now open up vCli


  • Type commands


vicfg-cfgbackup.pl --server server_ip -s c:\vmware_bkup\servername.txt

It will prompt you for username and password



Your configuration has been saved


Hit Like if this post helpful to you.

Friday, June 20, 2014

Steps to configure VMware Syslog ServerHow to Setup VMware Syslog Server


Installed Syslog server on any windows machine, accept default option including port numbers and default location. (If you want to change it, you can customize it depending upon your choice)

Go to ESXi host
Go to Configuration Tab
Go to Software and  Advanced Setting
Click on Syslog 

Change Syslog.global.logdir      Value: [datastorename]/Log Location     (Make sure this datastore is accessible by all hosts)
Select Syslog.global.logDirUnique
Put the value on Syslog.global.logHost as tcp://IPADDRESS:514



Hit Ok

One requirement

Go to ESXi Firewall and enable syslog ports on it




Now see you Syslog server Location for files, you should see some files on Data folder under syslog Server

Hit me if you have any question

Wednesday, May 14, 2014

How to convert Disk throughput and Block size into IOPS
How to convert IOPS and Blcok size to throughput


Formula

To calculate IOPS

IOPS = (MBps throughput / Block Size) * 1024

Explanation:

Throughput is how much a disk can write per seconds
Block size is how much one IO can write per seconds
1024 is given from the formula to conversion like KBps or MBps

Example:


  • What number of IOPS should be used with Storage I/O Control to limit disk throughput to roughly 10MBps if the guest application writes 64KB blocks?


  1. IOPS= (10 / 64) *1024

         = 160 IOPS


To calculate Throughput

Throughput = (IOPS * Block Size) / 1024

Example:


  • What number of IOPS should be used with Storage I/O Control to limit disk throughput to roughly 10MBps if the guest application writes 64KB blocks?



  1. Throughput = (160 * 64) /1024

                           = 10

Tuesday, October 1, 2013

SCOM 2012 Certificate check script

This script will help you to figure out if your certificate is installed correctly or not. This will help you to find where is an issue with your certificate for SCOM 2012 SP1 to monitor DMZ servers through certificates



#
# SCOMCertCheck.ps1

#
#
# Considering all certificates are in the Local Machine "Personal" folder


$certs = [Array] (dir cert:\LocalMachine\my\)

write-host "Checking that there are certs in the Local Machine Personal store..."
if ($certs -eq $null)
{
    Write-Host "There are no certs in the Local Machine `"Personal`" store."
    Write-Host "This is where the client authentication certificate should be imported."
    Write-Host "Check if certificates were mistakenly imported to the Current User"
    Write-Host "`"Personal`" store or the `"Operations Manager`" store."
    exit
}

write-host "Verifying each cert..."
foreach ($cert in $certs)
{
    write-host "`nExamining cert - Serial number $($cert.SerialNumber)"
    write-host "---------------------------------------------------"

    $pass = $true
      
    # Check subjectname
          
    $pass = &{
        $fqdn = $env:ComputerName
        $fqdn += "." + [DirectoryServices.ActiveDirectory.Domain]::GetComputerDomain().Name
        trap [DirectoryServices.ActiveDirectory.ActiveDirectoryObjectNotFoundException]
        {
            # Not part of a domain
            continue;
        }
            
        $fqdnRegexPattern = "CN=" + $fqdn.Replace(".","\.") + '(,.*)?$'
            
        if (!( $cert.SubjectName.Name -match $fqdnRegexPattern ))
        {
            Write-Host "Cert subjectname" -BackgroundColor Red -ForegroundColor Black
            Write-Host "`tThe SubjectName of this cert does not match the FQDN of this machine."
            Write-Host "`tActual - $($cert.SubjectName.Name)"
            Write-Host "`tExpected (case insensitive)- CN=$fqdn"
            $false
        } else { $true; Write-Host "Cert subjectname" -BackgroundColor Green -ForegroundColor Black }
    }
      
    # Verify private key
            
    if (!( $cert.HasPrivateKey ))
    {
        Write-Host "Private key" -BackgroundColor Red -ForegroundColor Black
        Write-Host "`tThis certificate does not have a private key."
        Write-Host "`tVerify that proper steps were taken when installing this cert."
        $pass = $false
    } elseif (!($cert.PrivateKey.CspKeyContainerInfo.MachineKeyStore))
    {
        Write-Host "Private key" -BackgroundColor Red -ForegroundColor Black
        Write-Host "`tThis certificate's private key is not issued to a machine account."
        Write-Host "`tOne possible cause of this is that the certificate"
        Write-Host "`twas issued to a user account rather than the machine,"
        Write-Host "`tthen copy/pasted from the Current User store to the Local"
        Write-Host "`tMachine store.  A full export/import is required to switch"
        Write-Host "`tbetween these stores."
        $pass = $false
    }
    else { Write-Host "Private key" -BackgroundColor Green -ForegroundColor Black }

    # Check expiration dates
            
    if (($cert.NotBefore -gt [DateTime]::Now) -or ($cert.NotAfter -lt [DateTime]::Now))
    {
        Write-Host "Expiration" -BackgroundColor Red -ForegroundColor Black
        Write-Host "`tThis certificate is not currently valid."
        Write-Host "`tIt will be valid between $($cert.NotBefore) and $($cert.NotAfter)"
        $pass = $false
    } else { Write-Host "Expiration" -BackgroundColor Green -ForegroundColor Black }
      
      
    # Enhanced key usage extension
            
    $enhancedKeyUsageExtension = $cert.Extensions |? {$_.ToString() -match "X509EnhancedKeyUsageExtension"}
    if ($enhancedKeyUsageExtension -eq $null)
    {
        Write-Host "Enhanced Key Usage Extension" -BackgroundColor Red -ForegroundColor Black
        Write-Host "`tNo enhanced key usage extension found.`n"
        $pass = $false
    }
    else
    {
        $usages = $enhancedKeyUsageExtension.EnhancedKeyUsages
        if ($usages -eq $null)
        {
            Write-Host "Enhanced Key Usage Extension" -BackgroundColor Red -ForegroundColor Black
            Write-Host "`tNo enhanced key usages found.`n"
            $pass = $false
        }
        else
        {
            $srvAuth = $cliAuth = $false
            foreach ($usage in $usages)
            {
                if ($usage.Value -eq "1.3.6.1.5.5.7.3.1") { $srvAuth = $true}
                if ($usage.Value -eq "1.3.6.1.5.5.7.3.2") { $cliAuth = $true}
            }
            if ((!$srvAuth) -or (!$cliAuth))
            {
                Write-Host "Enhanced Key Usage Extension" -BackgroundColor Red -ForegroundColor Black
                Write-Host "`tEnhanced key usage extension does not meet requirements."
                Write-Host "`tRequired EKUs are 1.3.6.1.5.5.7.3.1 and 1.3.6.1.5.5.7.3.2"
                Write-Host "`tEKUs found on this cert are:"
                $usages |%{ Write-Host "`t$($_.Value)" }
                $pass = $false
            }
            else { Write-Host "Enhanced Key Usage Extension" -BackgroundColor Green -ForegroundColor Black }
        }
    }
      
    # KeyUsage extension
      
    $keyUsageExtension = $cert.Extensions |? {$_.ToString() -match "X509KeyUsageExtension"}
    if ($keyUsageExtension -eq $null)
    {
        Write-Host "Key Usage Extensions" -BackgroundColor Red -ForegroundColor Black
        Write-Host "`tNo key usage extension found."
        Write-Host "`tA KeyUsage extension matching 0xA0 (Digital Signature, Key Encipherment)"
        Write-Host "`tor better is required."
        $pass = $false
    }
    else
    {
        $usages = $keyUsageExtension.KeyUsages
        if ($usages -eq $null)
        {
            Write-Host "Key Usage Extensions" -BackgroundColor Red -ForegroundColor Black
            Write-Host "`tNo key usages found."
            Write-Host "`tA KeyUsage extension matching 0xA0 (DigitalSignature, KeyEncipherment)"
            Write-Host "`tor better is required."
            $pass = $false
        }
        else
        {
            if (($usages.value__ -band 0xA0) -ne 0xA0)
            {
                Write-Host "Key Usage Extensions" -BackgroundColor Red -ForegroundColor Black
                Write-Host "`tKey usage extension exists but does not meet requirements."
                Write-Host "`tA KeyUsage extension matching 0xA0 (Digital Signature, Key Encipherment)"
                Write-Host "`tor better is required."
                Write-Host "`tKeyUsage found on this cert matches:"
                Write-Host "`t$usages"
                $pass = $false
            } else { Write-Host "Key Usage Extensions" -BackgroundColor Green -ForegroundColor Black }
        }
    }
      
    # KeySpec
            
    $keySpec = $cert.PrivateKey.CspKeyContainerInfo.KeyNumber
    if ($keySpec -eq $null)
    {
        Write-Host "KeySpec" -BackgroundColor Red -ForegroundColor Black
        Write-Host "`tKeyspec not found.  A KeySpec of 1 is required"
        $pass = $false
    }
    elseif ($keySpec.value__ -ne 1)
    {
        Write-Host "KeySpec" -BackgroundColor Red -ForegroundColor Black
        Write-Host "`tKeyspec exists but does not meet requirements."
        Write-Host "`tA KeySpec of 1 is required."
        Write-Host "`tKeySpec for this cert: $($keySpec.value__)"
        $pass = $false
    } else {Write-Host "KeySpec" -BackgroundColor Green -ForegroundColor Black}
      
      
    # Check that serial is written to proper reg
            
    $certSerial = $cert.SerialNumber
    $certSerialReversed = ""
    -1..-10 |% {$certSerialReversed += $certSerial[2*$_] + $certSerial[2*$_ + 1]}
  
    if (! (Test-Path "HKLM:\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Machine Settings"))
    {
        Write-Host "Serial number written to registry" -BackgroundColor Red -ForegroundColor Black
        Write-Host "`tThe cert serial number is not written to registry."
        Write-Host "`tNeed to run MomCertImport.exe"
        $pass = $false
    }
    else
    {
        $regKeys = get-itemproperty -path "HKLM:\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Machine Settings"
        if ($regKeys.ChannelCertificateSerialNumber -eq $null)
        {
            Write-Host "Serial number written to registry" -BackgroundColor Red -ForegroundColor Black
            Write-Host "`tThe cert serial number is not written to registry."
            Write-Host "`tNeed to run MomCertImport.exe"
            $pass = $false
        }
        else
        {
            $regSerial = ""
            $regKeys.ChannelCertificateSerialNumber |% {$regSerial += $_.ToString("X2")}
                  
            if ($regSerial -ne $certSerialReversed)
            {
                Write-Host "Serial number written to registry" -BackgroundColor Red -ForegroundColor Black
                Write-Host "`tThe serial number written to the registry does not match this certificate"
                Write-Host "`tExpected registry entry: $certSerialReversed"
                Write-Host "`tActual registry entry:   $regSerial"
                $pass = $false
            } else { Write-Host "Serial number written to registry" -BackgroundColor Green -ForegroundColor Black }
        }
    }


    # Check that the cert's issuing CA is trusted (This is not technically required
    # as it is the remote machine cert's CA that must be trusted.  Most users leverage
    # the same CA for all machines, though, so it's worth checking

    $chain = new-object Security.Cryptography.X509Certificates.X509Chain
    $chain.ChainPolicy.RevocationMode = 0
    if ($chain.Build($cert) -eq $false )
    {
        Write-Host "Certification chain" -BackgroundColor Yellow -ForegroundColor Black
        Write-Host "`tThe following error occurred building a certification chain with this cert:"
        Write-Host "`t$($chain.ChainStatus[0].StatusInformation)"
        write-host "`tThis is an error if the certificates on the remote machines are issued"
        write-host "`tfrom this same CA - $($cert.Issuer)"
        write-host "`tPlease ensure the certificates for the CAs which issued the certificates configured"
        write-host "`ton the remote machines is installed to the Local Machine Trusted Root Authorities"
        write-host "`tstore on this machine."
    }
    else
    {
        $rootCaCert = $chain.ChainElements | select -property Certificate -last 1
        $localMachineRootCert = dir cert:\LocalMachine\Root |? {$_ -eq $rootCaCert.Certificate}
        if ($localMachineRootCert -eq $null)
        {
            Write-Host "Certification chain" -BackgroundColor Yellow -ForegroundColor Black
            Write-Host "`tThis certificate has a valid certification chain installed, but"
            Write-Host "`ta root CA certificate verifying the issuer $($cert.Issuer)"
            Write-Host "`twas not found in the Local Machine Trusted Root Authorities store."
            Write-Host "`tMake sure the proper root CA certificate is installed there, and not in"
            Write-Host "`tthe Current User Trusted Root Authorities store."
        }
        else
        {
            Write-Host "Certification chain" -BackgroundColor Green -ForegroundColor Black
            Write-Host "`tThere is a valid certification chain installed for this cert,"
            Write-Host "`tbut the remote machines' certificates could potentially be issued from"
            Write-Host "`tdifferent CAs.  Make sure the proper CA certificates are installed"
            Write-Host "`tfor these CAs."
        }

    }


    if ($pass) { Write-Host "`n***This certificate is properly configured and imported for Ops Manager use.***" }
}


Reference: http://blogs.technet.com/b/momteam/archive/2009/01/23/troubleshooting-ops-mgr-certificate-issues-with-powershell.aspx

Thursday, August 29, 2013

Turn windows features on or off blank

Windows 7 Turn windows features on or off is blank
Turn Windows features on or  off is empty
optionalfeatures.exe is blank or empty

After you open Turn windows features on or off and after few second it will remain blank

Solutions

1) rum below command in command prompt

SFC /scannow

It will take 15 to 20 mins and it will fix lost or corrupt files. If this doesn't work try next steps

2) refer to few blogs on google, found below solution if it works

reg de;ete HKLM\COMPONENTS /v StoreDirty 

If this doesn't work, try next one

3) Download System update readiness tool according to your operating system

Install system update readiness tool, if this doesn't work try next step

4) In my case, try reinstalling .net framwork as optionalfeatures.exe uses .Net framework

If this doesn't work, try more research


Tuesday, August 27, 2013

PowerCLI command to get VMware tools and VMware hardware version information

*Command to find out VMware tool status
*How to find out VMware tools status from Command / PowerCLI



It is easy to find VMware hardware version by using below command

Get-VM | Select name, Version | FT -AutoSize

As version is a root property of get-vm command.

However if we want to get VMware tool status, we need to deep dive into their extension property data and create a custom field as given below*

New-VIProperty -Name ToolsVersionStatus -ObjectType VirtualMachine -ValueFromExtensionProperty 'Guest.ToolsVersionStatus' -force

now rerun above command with ToolsVersionStatus

Get-VM | Select Name, Version, ToolsVersionStatus | FT -AutoSize




If you want to export it

Get-VM | Select Name, Version, ToolsVersionStatus | Export-Csv  -NoTypeInformation -UseCulture -Path c:\yourfile.csv




To get this information on Datacenter level

Get-Datacenter Datacentername | Get-VM | Select name, Version, ToolsVersionStatus | FT -AutoSize

To get this information on Cluster Level

Get-Cluster ClusterName | Get-VM | Select name, Version, ToolsVersionStatus | FT -AutoSize

To get this information on Host level

Get-VMHost hostname.domain | Get-VM | Select name, Version, ToolsVersionStatus | FT -AutoSize


*taken reference for this blog from blogs.vmware.com


Post your question and comment