Thursday, September 29, 2011

Avoiding your proxy at work

I bet you wanted to do this since you got hired and saw that there are filters for certain webpages. So here's the thing, you can create a tunnel between your worstation and a host at home using SSH via SSL port.

Here's a classic scenario:

Basically here you have your workstation, and in order to get to the internet, you need to go through an ISA server working as a proxy server filtering your content. Here's where your facebook, youtube, IRC, and so on, gets filtered.

Wednesday, September 21, 2011

Installing a centralized syslog

Remember that I told you about this guide? So here it is. Basically, it explains step by step how to install Adiscon LogAnalyzer in an Ubuntu box. Let me know if something's not clear enough:

The Prep:

Before we dive into setting up any of this we need to do a little prep work. If you are going to be looking at these logs in a web browser then it might be good if the time stamps you are seeing reflect the appropriate timezone.

Monday, September 19, 2011

Terminal Services Gateway

We were looking for some solution where we can centralize every RDP session coming from outside (especially for vendor access), and we ended up with 2 choices: Citrix or Terminal Services Gateway (now known as Remote Desktop Services Gateway). Considering we already have licenses for Terminal Services, we are taking the latter. If you don't know what it is, here's a brief explanation.

Windows Server Terminal Services uses Remote Desktop Protocol (RDP) to enable the connections from clients to the terminal server, which uses port 3389. If you need to access a terminal server from outside the internal network (intranet), you have two options for doing so. You can either enable port 3389 through your firewall to specific servers (which isn’t a good idea), or, more commonly, clients connect to the corporate network via VPN, which can then enable the RDP session in a secure manner.

Friday, September 16, 2011

vSphere Syslog Collector

I was trying to find a way to create a syslog server where I could centralize all my ESX hosts' logs. I was between options (like Kiwi, phpsyslog-ng, etc.) when I decided to do it with Adiscon LogAnalyzer, which is a free and opensource solution. I'll post a guide for its installation in another post (because I actually installed it successfully all the way).

When I was about to add the ESX hosts to my sources list in the syslog server, I found out that vSphere 5 contains a new feature called VMware Syslog Collector, and since we'll be migrating to that version in a few weeks, makes no sense to move on with my LogAnalyzer.

Thursday, September 15, 2011

UDP reference

You have to remember diferences between TCP and UDP. Here's a quick definition of UDP:

UDP is the User Datagram Protocol. It is used to send individual packets across an IP network, in an unreliable fashion. This means that successful, error-free delivery of a message is not guaranteed.

So remember that UDP is not reliable but it's fast! Examples of protocols that use UDP are TFTP, DNS (it can use TCP too!), DHCP, SNMP, RCP, NFS.

If you're really interested in its standard and how it's defined, you should definitely read the RCF doc here:

RFC 768 - User Datagram Protocol

And finally a couple of jokes:

"A UDP packet walks into a bar, no one acknowledges him.
A TCP packet walks into a bar twice because no one acknowledged him the first time."

"The best thing about UDP jokes is i don’t care if you get it or not."

Wednesday, September 14, 2011

vCenter Error registering vmx

I was trying to bring an ESX host to maintenance mode, but it keep failing to migrate a box using vMotion. Being that VM the only one left, I suspended it and migrated it manually. Everything worked ok.

When I came back to that box to power it on again, this error showed up:

This virtual machine cannot be powered on because its working directory is not valid. Use the configuration editor to set a valid working directory, and then try again.

Saturday, September 10, 2011

Understanding Spanning Tree Protocol

If you ever studied CCNA, I bet you had troubles understanding Spanning Tree Protocol (IEEE 802.1D). I know I did! Here's an explanation of it so you can clear your doubts.

1 - Basic concepts

Spanning Tree Protocol (STP) is a OSI layer 2 protocol (Data Link).

Its function is to deal with loops presence due to redundant links existence. This protocol grants switches the ability to enable or disable automatically the connection links guaranteeing a loop-free topology.

Thursday, September 8, 2011

PowerOff-VM function

Following my previous post, here's the PowerOff-VM function:

Function PowerOff-VM($vm, $id){
$getvm = Get-VM -Id $id
Shutdown-VMGuest -VM $getvm -Confirm:$false | Out-Null
Write-Host "$vm is stopping!" -ForegroundColor Yellow
sleep 10

do {
$vmview = Get-VM -Id $id | Get-View
$getvm = Get-VM -Id $id
$powerstate = $getvm.PowerState
$toolsstatus = $vmview.Guest.ToolsStatus

Write-Host "$vm is stopping with powerstate $powerstate and toolsStatus $toolsstatus!" -ForegroundColor Yellow
sleep 5

}until($powerstate -match "PoweredOff")
Write-Host "$vm is powered-off"

This function is a little more straightforward. It basically calls the VMGuest to shutdown and work from there. As the previous function, it imports the same two variables ($vm and $id) for the same purposes.

If you plan on scripting for powering off a VM, don't use Stop-VM! It powers off the VM cold, and it will give an error next time you boot. Only use it if you don't care about the next boot (e.g. VM is in IndependentNonPersistent).

PowerOn-VM function

Messing around with PowerCLI, I always had problems to power on and off cleanly/reliably. However, after a few tries, i've come up with two functions i use a lot now for almost every script that involves those two actions. Today i'm going to post the first one.

Here's the function for PowerOn:

Function PowerOn-VM($vm, $id){
$getvm = Get-VM -Id $id
Start-VM -VM $getvm -Confirm:$false -RunAsync | Out-Null
Write-Host "$vm is starting!" -ForegroundColor Yellow
sleep 10

do {
$vmview = Get-VM -Id $id | Get-View
$getvm = Get-VM -Id $id
$powerstate = $getvm.PowerState
$toolsstatus = $vmview.Guest.ToolsStatus

Write-Host "$vm is starting, powerstate is $powerstate and toolsstatus is $toolsstatus!" -ForegroundColor Yellow
sleep 5
#NOTE that if the tools in the VM get the state toolsNotRunning this loop will never end. There needs to be a timekeeper variable to make sure the loop ends

}until(($powerstate -match "PoweredOn") -and (($toolsstatus -match "toolsOld") -or ($toolsstatus -match "toolsOk") -or ($toolsstatus -match "toolsNotInstalled")))

if (($toolsstatus -match "toolsOk") -or ($toolsstatus -match "toolsOld")){
$Startup = "OK"
Write-Host "$vm is started and has ToolsStatus $toolsstatus"
$Startup = "ERROR"
[console]::ForegroundColor = "Red"
Read-Host "The ToolsStatus of $vm is $toolsstatus. This is unusual. Press +C to quit the script or press to continue"
return $Startup

As you can see, the function will return a code (OK or ERROR) and you can use it as you'd like in the main script. ERROR will happen when VMTools are not detected and $toolsstatus is "toolsNotInstalled".

In order to run this function, you would need to call two variables: $vm and $id. Here are the reasons for using this variables:

  • $id: I used this variable importing the id of a VM (e.g. VirtualMachine-vm-1234) because this way i could avoid having problems when i have two VMs with the same name. It's a bit tedious to add it to a script, but it was needed.

  • $vm: This one is pretty simple. Originally i was importing the VM name from a CSV file, and that's why I left it basically for aesthetic purposes (i.e. Write-Host cmdlets).

Here's an example for this function:

$vm = Get-VM -Name VM2134 | Select Name
$id = Get-VM -Name VM2134 | Select Id

PowerOn-VM $vm $id

Let me know if you think I can improve it or if you have any doubts.


Hello all!
I'm Aresius and I'm an IT guy. I've been working in IT for a few years now, and I've learned a thing or two. I've worked with a lot of different stuff including Windows/Linux servers, Cisco routing and switching, Cisco ASA, Cisco VoIP, VMware ESX and vCenter, PowerCLI, SAN, NAS, Exchange, OCS, AD, and so on.

I'll try to post about stuff that have been useful for me, and hopefully, for you!

Thanks for stopping by, and please, come back!