VMware vSphere and templates

I just converted one of my (old) templates, as I wanted to refresh the updates and the virus scanner. After converting, I was asked about the UUID (no clue why), and expected to be done with it. But after looking at the console, I got the following, completely cryptic message:

Unable to connect to MKS
Unable to connect to MKS

After digging a bit deeper (that is looking at the vmware.log of the virtual machine, since the message of the GUI is *real* cryptic), I’m a bit wiser:

After softly shutting the VM down, and the powering the VM back up everything is back to working order.

IBM TS7530 and the Virtualization Engine for Tape Console

I just had yet another support call with IBM, concerning the Tape Console (or VE console, courtesy of Falconstor). My basic problem was/is, that I, as a german person, do have a german Windows Server 2003 installation. Now, if you do have german decimal number format selected in the regional settings, the display is gonna be kinda impaired and you’re gonna see something like this:

VE console with german decimal number format

And now compared to the english decimal number format:

VE console with english decimal number format

This time, the IBM support was quite fast in answering to my ESC, more or less to my satisfaction. Basic statement from IBM is: The VTL console isn’t supported on any german Windows OS. It’s only supported on a english Windows OS.

IBM RSA II adapter and Java RE

Today, after a short break (you can call it break, I think), I sat down and looked at the IBM RSA II adapter’s remote management GUI and it’s trouble with JRE versions. Ever since the last Java updates, I was unable to access the RSA console because Java would throw an error like this:

In the end, I downloaded every version since JRE 1.5.0.11 (that is 20 different versions :!:), as wittnessed by Michael Ellerbeck that the last working version for him was JRE 1.5.0.11, and gave each one a try (since I want to report the issue to IBM, so that they gonna release a fix sometime soon).

So here’s the list of what Java JRE version works with an RSA II adapter running Firmware 1.10 (GGEP36B):

  • Java JRE 1.50 U11 ……… works
  • Java JRE 1.50 U12 ……… works¹
  • Java JRE 1.50 U13 ……… works
  • Java JRE 1.50 U14 ……… works
  • Java JRE 1.50 U15 ……… works
  • Java JRE 1.50 U16 ……… works
  • Java JRE 1.50 U17 ……… works
  • Java JRE 1.50 U18 ……… works
  • Java JRE 1.60        ……… works
  • Java JRE 1.60 U01 ……… works
  • Java JRE 1.60 U02 ……… works
  • Java JRE 1.60 U03 ……… works
  • Java JRE 1.60 U04 ……… works
  • Java JRE 1.60 U05 ……… works
  • Java JRE 1.60 U06 ……… works
  • Java JRE 1.60 U07 ……… works
  • Java JRE 1.60 U12 ……… not working (see above)
  • Java JRE 1.60 U13 ……… not working (see above)
  • Java JRE 1.60 U14 ……… not working (see above)

1: This version presents some small annoyances (garbled video output)

Update: IBM already knows about the problem, but says it’s presumably a Java problem since it stopped working mid-version in between U11 and U12.

Custom certificates in VMware vSphere

Finally, after about 6 months (I last talked about that on February 25th, when Virtual Center 2.5U4 was released) our troubles with our “custom” certificates seems to be resolved! As it turns out, it really was our fault and not VMware’s.

When generating the pfx from the signed certificate and the key-file, you need to supply a password, otherwise the vCenter service is unable to utilize the private key of the pfx, since it’s unable to access the PFX with the default password (testpassword is the default for Virtual Center as well as vSphere).

As noted in the Replacing VirtualCenter Server Certificates document for Virtual Infrastructure 3, as well as through our Customer support, you need to specify the password when exporting the signed crt/Private key into the pfx:

After successfully doing so, you just need to replace the original files (hopefully move them away beforehand) with the ones generated. And afterwards, you should be able to utilize your new certificates! When you now try to clone a template and customize it using an existing customization spec, you’re gonna see this:

vCenter: Cannot decrypt password
vCenter: Cannot decrypt password

After clicking on “OK“, you’re gonna get the normal customization specification edit frame, where you should be able to skip ahead to “Workgroup or Domain“, where you’re gonna have to reenter the domain administrator password.

Windows XP(e) refusing to connect to a terminal server

Today a error message reappeared I thought I wouldn’t see again. We use Wyse Thin Clients and 2X running on two terminal servers, to provide the thin clients with applications. Now, once a while one of the thin clients (not all at once, just a single one) refuse to connect to the terminal server jabbing about this:

The error message you get from the 2X client ain’t the slightest bit more helpful.

I remember the solution being not so trivial with the thin clients. As it turns out, Microsoft does have a solution for that kind of problem.

Simply” open up the registry, and clean out HKEY_LOCAL_MACHINESOFTWAREMicrosoftMSLicensing. That is the place where the remote desktop client saves the obtained terminal server licensing key.

Burning CD/DVDs as unprivileged user

After the last reinstallation of Windows (both at home and at work), I decided that from this day forth, I’d be working as unprivileged user (ie not as local administrator). Now, working as unprivileged user is some kind of relief (since not every program is able to wreak havoc within your computer), but also somewhat of a burden.

Up until now, I had serious troubles burning CDs and/or DVDs as unprivileged user. Basically InfraRecorder refused to work at all. Only way that I had left, was copying the ISO to my local disk and then use runas in conjunction with InfraRecorder, to execute as Administrator.

Yesterday, I sat down and searched the Net for any kind of information. After a short while, I stumbled upon this:

Execute secpol.msc as Administrator. You can configure this security setting by opening the appropriate policy and expanding the console tree as such: “Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity Options“. Toggle “Devices: Restrict CD-ROM access to locally logged-on user only” to enabled. After logging of and logging back on, you should be allowed to use the CD-drive as unprivileged user.

Updating a Linux VM from Virtual Infrastructure to vSphere

Well, if you’re gonna update a SLES10 (or even a SLES11) VM, you created with Virtual Infrastructure, you’re gonna run into a snag (like I do). Grub (or rather the kernel itself) is gonna barf.

Now, I searched for a while and didn’t find anything specific on the net, so I’m gonna write it down. Up till 3.5U4 the maximal resolution you’d be able to enter within a virtual machine was vga=0x32d (at least for my 19″ TFT’s at work). But now, after the upgrade to vSphere that isn’t working anymore.

Popped in a SLES10 install-cd selected the maximal resolution from the menu and switched to a terminal soon after it entered the graphical installer. A short cat /proc/cmdline revealed this: vga=0x334.

After switching these parameters in grub’s menu.lst, everything is back in working order and not waiting 30 seconds on boot …

New vmware-tools-kmp

Disclaimer: I don’t take any responsibility for faults within the software, I just provide the RPM’s! Feel free to ask me about stuff concerning these RPM’s, but I ain’t accountable if your stuff goes kaboom! Oh, and those RPM’s aren’t recommended or supported by VMware!

Since we recently upgraded our VMware Infrastructure to VMware vSphere, I finally had a chance to refresh the RPM’s for the KMP for 2.6.16.60-0.39.3-0.1 and 2.6.27.21-0.1. You can find the source RPM here.

  • vmware-tools-kmp-bigsmp (SLES10: i586)
  • vmware-tools-kmp-debug (SLES10: i586/x86_64; SLES11: i586/x86_64)
  • vmware-tools-kmp-default (SLES10: i586/x86_64; SLES11: i586/x86_64)
  • vmware-tools-kmp-kdump (SLES10: i586/x86_64)
  • vmware-tools-kmp-kdumppae (SLES10: i586)
  • vmware-tools-kmp-pae (SLES11: i586)
  • vmware-tools-kmp-smp (SLES10: i586/x86_64)
  • vmware-tools-kmp-trace (SLES11: i586/x86_64)
  • vmware-tools-kmp-vmi (SLES10: i586; SLES11: i586)
  • vmware-tools-kmp-vmipae (SLES10: i586)
  • vmware-tools-kmp-xen (SLES10: i586/x86_64; SLES11: i586/x86_64)
  • vmware-tools-kmp-xenpae (SLES10: i586)

Just a heads-up: while the modules itself work, VMware did something to the init-script which prevents it to load the modules unless you run vmware-config-tools.pl. I’m still in the process of sorting that out.

OCF agent for Tivoli Storage Manager: redux

Well, after I finished my first OCF agent back in October 2008, we have it running in production now for about ten months. During that time, we found quite a few points in which we’d like to improve the behaviour with that Linux-HA should handle TSM.

  • Shutdown TSM nicely if possible (Cancel client sessions, cancel running processes and dismount mounted volumes)
  • Better error handling

So, after another week of writing and testing with a small instance, I present the new OCF agent for Tivoli Storage Manager. It still has one or two weak points, but they are negligible. I still need to write the documentation for it, but the script should just work …

Read More

Weird TS3500 problem: redux

Well, after yesterday’s episode with our tape library today continued to be a taxing day. After restarting a few exports that were hanging yesterday due to our library problems, something similar returned. TSM was unable to locate a few (two to be exact) tapes in the library.

Yet the library reported the tapes were still inventoried. *shrug* Here we are again, looking completely baffled. After a short while trying to figure out what to do, we went through the Data Cartridge inventory again. As it turns out, through putting the library in “Pause”-Mode and restarting TSM multiple times, TSM apparently completely forgot that it had these tapes put into drives.

After manually moving the tapes back to their home slot via the management interface of the TS3500 and setting the volume access mode back to read-write, everything is fine now I could finish my pending exports!