Microsoft Certificate Services and VMware SSL Cert

Here is a great post on how to get an SSL cert on your vSphere server using Microsoft Certificate Services.

If you are using SRM you will have to do a repair on the installation after changing the DB password.

http://community.citrix.com/display/ocb/2010/08/09/Secret+to+getting+VirtualCenter+to+use+an+Enterprise+CA+SSL+certificate

VMWARE SRM Netapp NFS

When configuring the array manager for SRM with Netapp NFS volumes you receive the following error:

Error while executing 'discoverLuns' command

If you are only using NFS with VMware you will need to create a dummy igroup for VMware -

igroup create -i -t vmware sra_dummy_igroup

vCenter vSphere client slow on Windows 7

Try this: Right-click the vSphere Client’s shortcut and choose Properties. In the Compatibility tab select Disable desktop composition.

Defragmenting Virtual Center 4.x (Update)

In SQL Server Management Studio:

Use
go
dbcc showcontig (VPX_HIST_STAT1)
dbcc showcontig (VPX_HIST_STAT2)
dbcc showcontig (VPX_HIST_STAT3)
dbcc showcontig (VPX_HIST_STAT4)
go

If fragmented run:
dbcc indexdefrag ('', 'VPX_HIST_STAT1', 'PK_VPX_HIST_STAT1')
dbcc indexdefrag ('', 'VPX_HIST_STAT2', 'PK_VPX_HIST_STAT2')
dbcc indexdefrag ('', 'VPX_HIST_STAT3', 'PK_VPX_HIST_STAT3')
dbcc indexdefrag ('', 'VPX_HIST_STAT4', 'PK_VPX_HIST_STAT4')
go

How to disable DEP fully

bcdedit.exe /set {current} nx AlwaysOff

How to rebuild the Exchange 2007 Index

From the Exchange command shell: ResetSearchIndex.ps1 [-force] -all

Event 111 and 1085

If you are using folder redirection via group policy and you see these events login as the user that is having issues redirecting their folder. Run regedit (you may have to temporarily add them as an admin) and go to the security of HKCU. Make sure that the user has full control permissions to HKCU.

I have seen it where the user has no permissions for HKCU and instead another user has the perms.

Exchange 2007 Cert Private Key Missing Error

Get the serial number of the cert via the certificates MMC.

Run the following command:

certutil -repairstore my “SerialNumber“

Migrating Netapp Filer to new SAN Switch

Exchange 2007 Convert a Shared Mailbox to a Regular

set-mailbox (mailboxname) -type:regular

Exchange 2007 with 2003 OWA Activesync Error 503

I was receiving this error on our front-end 2003 OWA server, which is connecting to a 2007 mailbox server and has ISA:

HTTP status code: [503]. Verify that the Exchange mailbox Server is working correctly.

I was also receiving this error:

The mailbox server does not allow "Negotiate" authentication to its [exchange] virtual directory. Exchange ActiveSync can only access the server using this authentication scheme.

Users couldnt use their iPhones to connect to Exchange. Indeed Windows authentication and basic authentication were enabled.

I tried everything and ended up rebuilding the Exchange virtual directory by doing:

remove-owavirtualdirectory -identity "server\exchange (default website)"

and recreating it:

New-OWAVirtualDirectory -OwaVersion:Exchange2003or2000 -VirtualDirectoryType Mailboxes -Name "exchange"

Boom.

How to Calculate VMware failover capacity

If you are getting insufficient resources to satisfy HA failover messages, check this article out on why and how to fix it. The way they calculate resources is kind of wack.

http://www.vmwarewolf.com/ha-failover-capacity/

VMware converter with Windows Server 2008 R2

If you try to use vmconverter to import a VM from another virtual center you probably have seen the "unable to determine guest operating system" error.

There is an easy workaround. Change the OS on the VM that you are going to import to Windows 2008 64 BIT. Run the import. Then change it back after the import.

NTP on ESX

I use this document so much that I figured I would post a link to it. I always seem to have issues with my ESX servers losing their time sync via NTP. Here is how to set it up correctly (it will still break) and how to fix it.

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1339

Kill Remote RDP Sessions with Command Line

A great way to kill remote RDP sessions is built into Windows. Do the following:

qwinsta /server:(ServerName)

Write down the session ID

Now to kill it:

rwinsta /server:(servername)

That is it. Works like a charm.

SDHolder AD Domain Admin Inherited Permissions

For those of you that have found issues with inherited permissions that you cant seem to get control of, read on. It may be because of the SDHolder object in AD. Here is an excerpt from Microsoft on it.

"Every hour, the Windows 20xx domain controller that holds the primary domain controller (PDC) Flexible Single Master Operation (FSMO) role compares the ACL on all security principals (users, groups, and machine accounts) present for its domain in Active Directory and that are in administrative groups against the ACL on the following object:
CN=AdminSDHolder,CN=System,DC=MyDomain,DC=Com

Replace "DC=MyDomain,DC=Com" in this path with the distinguished name (DN) of your domain.
If the ACL is different, the ACL on the user object is overwritten to reflect the security settings of the AdminSDHolder object (which includes disabling ACL inheritance). This protects these administrative accounts from being modified by unauthorized users if the accounts are moved to a container or organizational unit in which a user has been delegated administrative privilege for the modification of user accounts. Note that when a user is removed from the administrative group, the process is not reversed and must be manually changed."