Setting NTP on ESXi Hosts with PowerCLi

Setting NTP on ESXi hosts is a quick procedure using PowerCLi. Don’t forget to edit the script for your environment. Once you’re connected to vCenter you can run this script:


silhouette with brain and gears turning
Knowledge is power

Comments are always welcomed. Let me know if this has been helpful.

More from my site

Scratch File Location for VMHosts PowerCLi Script

Schannel Set-Crypto PowerCLI Script

Backup VDS PowerCLI Script

Cross SSO vMotion Between vCenters

Setting DNS for Windows Servers Using PowerShell

Advertisements

Setting DNS for Windows Servers Using PowerShell

Setting DNS for Windows servers is straightforward using PowerShell. Utilizing Get-WMIObject Win32_NetworkAdapterConfiguration against a list of servers from a text file in a loop is the best way to handle a bulk dns change to your servers. I was prompted to share my PowerShell script after reading a post from Mike Tabor on his blog at MikeTabor.com titled How to update VMware Windows VM’s DNS using PowerCLI .

Mike Tabor goes through his process of taking an old script he found and updated it to more modern PowerCLI script. His script is very useful in that you can change the IP address in addition to setting dns for Windows servers in your VMware environment. He credits Jase McCarty who created the original script and helped Mike update it. I encourage you to go check it out.

Person's hand typing on a MacBook Pro with code on the screen
Scripting time

Set-ServersDNS

Here is my purely PowerShell script that I have been using for the past few years to make dns changes. It does not update IP addresses but does allow for changes to dns settings. Using a foreach loop with all the necessary dns settings through Get-WMIObject makes for a simplified script. But just because it is simplified doesn’t mean you can’t do mass amounts of damage to your environment. I always test against a few individual test servers just to make sure before I send this against all my Windows servers.

It does work on both physical and virtual Windows computers. Unfortunately we still have a few Windows physical servers so I will still utilize this script when setting dns for Windows servers. However, when I need to make a mass IP and dns change to virtual machine servers I will utilize Mike Tabor’s script. I expect that soon my environment will not have any physical Windows servers. All virtual is the goal!

Caution: Like all code you download from the internet, please understand and modify the code accordingly to prevent unforeseen production problems.  Also known as career-altering events. 

More From My Site

Schannel Set-Crypto PowerCLI Script

Backup VDS PowerCLI Script

vami_config_net To Change VCSA Hostname

Deleting Orphaned Virtual Desktops In VMware View

PowerShell SSL Certificate Script

SEsparse Snapshot Data Inconsistencies

SEsparse snapshot data inconsistencies have been reported with databases. This is one of last week’s more interesting knowledge base articles. This is not something to take lightly. The knowledge base article is titled ‘Virtual Machines running on an SEsparse snapshot may report guest data inconsistencies (59216)’ . The good news is that it has been resolved and there is also a workaround. Please click on the link to see the entire kb article that includes the workaround.

Symptoms

  • Applications such as databases may report block-level data inconsistency.
  • Guest operating systems may report file system metadata inconsistencies
  • The VM fails to boot when it is running from an SEsparse snapshot.

SEsparse is a snapshot format introduced in vSphere 5.5 for large disks, and is the preferred format for all snapshots in vSphere 6.5 and above with VMFS-6.

Cause

VMware has identified an issue in SEsparse VM snapshots that can cause data inconsistencies.

This issue occurs when a VM is running on an SEsparse snapshot and experiences a burst of non-contiguous write IO in a very short period of time.

Impact / Risks

Impacted Configurations:

  • VMFS-5 or NFS Datastores: VMs with virtual disks >2TB and snapshots. On VMFS-5 and NFS, the SEsparse format is used for virtual disks that are 2 TB or larger
  • VMFS-6 Datastores: VMs with snapshots. SEsparse is the default format for all snapshots on VMFS-6 datastores.

Impacted vSphere releases:

  • vSphere 6.5 and above with VMFS-6 and any VM with snapshots.
  • vSphere 5.5 and above when VMs with virtual disks >2TB have snapshots.

Note: VMFS-5 or NFS datastores only use SEsparse with snapshots when virtual disks exceed 2 TB in size or SEsparse is explicitly configured.

silhouette with brain and gears turning
Knowledge is power

Resolution

The issue is resolved the following releases:

Beyond SQL on VMware Best Practices

Going beyond SQL in VMware Best Practices has involved settings and configurations that are never mentioned in the SQL Server On VMware Best Practices Guide. Working in a healthcare environment means working with a large EMR (Electronic Medical Record) provider like EPIC. In tuning one of their many large sql databases they had some recommendations. Some of these are throwbacks to my old days of tweaking performance out of a desktop with settings like TCP parameter KeepAliveTime. How many of you go beyond the recommendations in the SQL Best Practice Guide?

floating book in quaint library
Knowledge shared becomes wisdom attained (Photo by Jaredd Craig on Unsplash)

I’ve listed here some of the settings that have been suggested for our larger more accessed and just plain busy sql servers:

ESXi Settings

Adjust the Round Robin IOPS limit from the default 1000 to 1 on each database LUN. Refer to VMware KBA 2069356 for more information on setting this parameter. (We already utilize Round Robin but each lun was set to the default)

Why would you want to make this change?
“The default of 1000 input/output operations per second (IOPS) sends 1000 I/O down each path before switching. If the load is such that a portion of the 1000 IOPS can saturate the bandwidth of the path, the remaining I/O must wait even if the storage array could service the requests. The IOPS or bytes limit can be adjusted downward allowing the path to be switched at a more frequent rate. The adjustment allows the bandwidth of additional paths to be used while the other path is currently saturated. “

How to make this change:

In ESXi 5.x/6.x:
for i in esxcfg-scsidevs -c |awk '{print $1}' | grep naa.xxxx; do esxcli storage nmp psp roundrobin deviceconfig set –type=iops –iops=1 –device=$i; done

Where, .xxxx matches the first few characters of your naa IDs.
 
To verify if the changes are applied, run this command:

esxcli storage nmp device list
 
You see output similar to:
 
Path Selection Policy: VMW_PSP_RR
Path Selection Policy Device Config: {policy=iops,iops=1,bytes=10485760,useANO=0;lastPathIndex=1: NumIOsPending=0,numBytesPending=0}
Path Selection Policy Device Custom Config:
Working Paths: vmhba33:C1:T4:L0, vmhba33:C0:T4:L0

Registry Settings

Configure Windows TCP Parameters in the Registry

The default setting for the Windows TCP parameter KeepAliveTime is two hours. This setting controls how often TCP sends a keep-alive packet to verify that an idle connection is still intact. Reducing it from two hours to five minutes helps windows detect and clean up stale network connections faster.


How to make this change:

Use regedit to create the DWORD KeepAliveTime (if it does not currently exist) at HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\ . Then modify the value to 300000 (time in milliseconds).

The default setting for the Windows TCP parameter TCPTimedWaitDelay is four minutes. This setting determines the time that must elapse before TCP/IP can release a closed connection and reuse its resources. By reducing the value of this entry, TCP/IP can release closed connections faster and provide more resources for new connections.

How to make this change:

Using regedit to create the REG_DWORD TCPTimedWaitDelay (if it does not currently exist) at HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\ . Then modify the value to 30 .

What kind of ESXi settings, Windows registry settings, config file changes, etc. do you implement in your environment that goes beyond the SQL Server On VMware Best Practices Guide ? As always, I look forward to your comments and sharing of knowledge.

HPE DL560 Gen9 Will Soon Be on VMware HCG

HPE DL560 Gen9 servers will soon be on the VMware HCG. Like many of you we plan ESXi upgrades to new versions months into the future. As we approach our planned upgrades we hope that our HPE hardware will be on VMware’s HCG (Hardware Compatibility Guide) as approved for the latest ESXi 6.7 version. I can’t remember the last time that our hardware wasn’t on the HCG as approved.

My understanding is that most people that are using HPE server hardware are using the DL360 models. Typically those models get qualified faster. For philosophical reasons we like to use the DL560 models. We currently have quite a few of the DL560 gen9 models that we want to use. So far HPE has not bothered to have the DL560 gen9 model qualified as compatible with ESXi 6.7 but they did qualify the gen10 model. Our HPE guy has hinted that the DL560 is just not purchased nearly as much as the DL360s and that contributes to the slowness of getting the hardware on the HCG.

Well I have good new for those in the same boat as us. HPE has notified us that the qualification is being performed and will be completed around April 2nd. This may or may not come true but I thought I’d share the information.

I am very interested to hear what you are doing in your datacenter with HPE and VMware. Are HPE DL360s more your flavor or do you like the HPE DL560s like we do? Comments are always welcome! I look forward to hearing from all of you especially if you have HPE DL560 gen9 servers in your environment.

Datacenter with full racks of servers with flashing lights.  HPE DL560 gen9 servers are among the other servers

Nutanix vs VMware – Who is bullying whom?

Nutanix vs VMware – Who is bullying whom? Can’t we just all get along? Apparently not! VMware and Nutanix are at it again. Nutanix claims that VMware is bullying them by responding to Nutanix’s ‘You Decide’ marketing. When you mess with the bull you get the horns. Head on over to The Register to check out their always unique reporting. I have not used Nutanix in my environment so I can’t give a knowledgeable or unbiased response.

Nutanix vs VMware

Come back and let me know what you think. Comments are always welcome!

VMware Recertification Is Up To You

The pain is over for all that hated the every 2 years recertification policy for VMware certs.  You get to decide when you want to upgrade.  What a novel concept! We’ll see how this plays out as to whether this is a good idea or not.  In the meantime check out the comments in the VMware subreddit. As always, Reddit delivers with comments like ‘This looks like a hostage video’.

Here is the ‘hostage’ video:

via VMware Certification: Recertification Is Changing and What It Means to You – VMware Education Services

Scratch File Location for VMHosts PowerCLi Script

I’ve been wanting to create a PowerCli script to automatically configure a scratch file location if one did not exist. This script would come in handy when moving to a new lun for the scratch location. After some quick google fu I came across a great script that met my requirements plus a little more.

Check out the post over at http://miklm.com/2018/01/configure-scratch-location-with-powercli/

In addition to creating the needed scratch file location this script indicates if it is already created and if the vmhost needs a reboot to complete the process. A csv file is created with a list of all the hosts that need a reboot. I made two small changes to the script. I added the cluster name to the exported name of the csv file. A disconnect-viserver command was added to the end of the script.

PowerCLi Script
Coding
Scripting Time

Feel free to comment and give suggestions on how to improve this script or any others I have shared. While you’re here check out my Schannel Set-Crypto PowerCLi Script Feedback is always appreciated.

Schannel Set-Crypto PowerCLI Script

Are you in need of configuring crypto or schannel (IIS) settings on more than a few Windows virtual machines?  The Set-Crypto PowerCLI script might be of interest to use in your VMware environment. Recently I had to configure all the Windows servers in our VMware environment to use the correct crypto/schannel settings.  The gold standard for Windows/IIS administrators for configuring crypto is a program called IISCrypto . 

Schannel Security
Schannel Security

I have been using IISCrypto for a few years now and it is hands down the easiest way to configure your Windows vms using the schannel settings you choose. It also has built-in ‘best practices’ settings for general security as well as pci and fips requirements.  This is a great tool for setting one server at a time but I needed to do this en masse.  I thought wouldn’t it be great if they had a command-line tool.  Well it turns out that they do have a command-line tool. It allowed me to create a script to configure all my servers for crypto/schannel settings.

Set-Crypto Schannel

The schannel PowerCLI script  Set-Crypto utilizes IISCrypto command-line, batch files, and template profiles created ahead of time based on ‘best practices’ for 2012R2 Windows Server and 2016 Windows Server respectively. You can also go to my Pastebin Set-Crypto folder to get the needed batch files and template profile files. You will need to get IISCrypto from Nartac software.  It is free to use but their site does not explain their licensing model so I do not know the implications of using their software.  Please contact Nartac software for more information regarding licensing.  Please read the assumptions at the beginning of the script. Always be sure to read and understand any code you download from the internet before running in a production environment.


Feel free to comment and give suggestions on how to improve this script or any others I have shared.  If you like this script you may want to check out one of my previous scripts Powershell SSL Certificate Script .

 

 

Last Week’s Most Interesting VMware KBs

Last Week’s VMware KBs of Interest for week ending May 27th, 2018

These are the KBs I found of the most interest to me in my environment.  They might be of interest to you as well.

vCenter Server Appliance Management Interface might not display the vCenter Server 6.7.0a patch  

If you were one of the psychos that likes to upgrade to the bleeding edge as soon as it goes GA then this one may have bitten you. There is currently no resolution but there is a workaround. 

 

While migrating from a Windows vCenter Server to a 6.5 vCenter Appliance, one or more services fail to start

If you utilize hosts files instead of a valid forward and reverse dns entry then this one my rear its ugly head during your migration.  There is a workaround with two parts.  You really should use the first part of the workaround and skip the second part which continues the use of hosts files.  This is why you are in this mess in the first place.  Please check it out.

Upgrading VM Virtual Hardware through Update Manager 6.x fails on Linux Virtual Machines

This is a known issue and there is no resolution currently.  Please see KB for a list of the symptoms to see if you are truly affected.

Hopefully these are helpful and hopefully reading these will prevent some issues before they happen. Please read the full list by clicking the picture below or the source link.

Get in there!

 

VMware Support News, Alerts, and Announcements

Source: VMware Support Insider