Thursday, 1 March 2018

Cisco vWLC deployment in ESXi 6.5 Bug - "A required disk image was missing"

A marginal side track but still semi-relevant...

I tried to deploy an OVA file of the Cisco virtual WLC (vWLC), and I've tried a number of the versions and I keep getting the same error... - A required disk image was missing


After a little googling it appears to be a known bug, Cisco vWLC doesn't like being deployed on EXi 6.5 via the ESXi web interface. There seems to be 2 workarounds:
  • Deploying via vCenter web client
  • Using the OVF tool
I've tried the installation via the vCenter web client and I can confirm this works fine. I've not been able to try the OVF tool yet.

Wednesday, 21 February 2018

Customising VMware ESXi ISO - Adding Legacy Network Adapters

Part of my objective to understand VMware better is upgrading my lab hosts to a current version of ESXi, I've chosen 6.5 because it's the latest version and my lab is a long way away from a production environment so I don't have to worry about using a proven and stable release.

The snag I have is that one of my servers is a "white box" microserver, a Shuttle DS81, a great little box designed for digital signage, but the built-in Network Card is a Realtek 8111G, which is unsupported by VMware. This stops ESXi 6.x onwards being installed on the device. Error message shown below:

The way round this is customising your ESXi ISO image before installing it, adding the necessary drivers. Now this isn't a hack perse, because VMware actually gives you a tool in vCenter to do this, called the Image Builder, however I suspect this would affect your support from VMware because you are using unsupported hardware. I'm not fussed because this is a lab to enhance my learning, plus it's a great little box, very low power, reasonable spec (4 CPU, 16GB RAM), so there's no way I'm not using it.
VMware Image Builder:
https://blogs.vmware.com/vsphere/2016/11/getting-started-new-image-builder-gui-vsphere-6-5.html

Now I didn't actually use the image builder to customise the ISO files, I did give it a quick go but it is not immediately intuative for a complete novice.

There are 2 other ways (that I have found) to customise the ESXi ISO:

  • ESXi-Customiser
  • ESXi-Customiser-PS
The ESXi-Customiser is what I used, it's not an official VMware product, and has actually been suceeded by the ESXi-Customiser-PS but I found it so simple and easy to use, and works perfectly for ESXi 5.5, 6.0 and 6.5:
Just one note, I couldn't get this to work on windows 10, I had to use a win7 machine.

The ESXi-Customiser-PS (power shell), actually looks like it's semi easy to use as well but I'm a novice and my version of windows 10 said it couldn't run powershell scripts, so instead of getting side tracked learning about windows power shell (I'm concentrating on VMware, one thing at a time!), I decided to try the easy way, a 3 click, the ESXi-Customiser (above).

For anyone having the same issues with the Realtek 8111G NIC, the drivers I used were the 8168 driver pack, this page shows you how and provides a mirror:

vCenter License Administration; Apply the license! - Simple when you know

Ok, so this is actually a very simple topic / activity but it took me, a VMware rookie, a little while to suss out so I have decided to do a little blog post and perhaps it'll save someone some time in the future, or maybe just give me a giggle in a few years when I look back at this knowing more than I currently do.

Once you've installed your vCenter (vCSA) instance you will have the trial license installed with 60 days ticking down on the clock. Similarly, when you add a ESXi host into your vCenter inventory you will have an evaluation license, 60 days, ticking down. The free license which you get from VMware will not work when connecting the ESXi host to the vCenter server.

Licenses are installed in the licensing section, oddly enough!, but they don't actually take affect until you assign the license to one of your assets (the ESXi hosts or the vCenter Server itself). You can't just add the licenses and expect it to work, the added licenses are put into a pool, where they can then be assigned to an asset.

The licences section can be found here (in the vSphere Web Client):
Administration > Licensing > Licenses



There are 3 tabs in the pane, Licenses, Products and Assets. Licenses is where you add your licenses keys and then, once added, navigate to the assets tab, which shows your vCenter server and ESXi hosts, where you can then right click and assign a license to each of the hosts.

Friday, 16 February 2018

VMware vCenter vCSA Installation stuck at 80% Installing RPM

Installing vCenter 6-5 using the vCSA has been causing me a few issues, running through the GUI installation it kept getting stuck at 80% - installing RPM.




Doing a little googling this seems to happen semi-regularly when there is an issue with the installation.

My issue seemed to be that I was trying to install the vCenter vCSA on an ESXi which was version 5.5. Once I'd upgraded to 6.5 it seemed to install just fine.

If you are getting the same error it's worth checking the compatibility information:


The only other thing which I want to mention in case there is any connection, I also changed the 'system name' field to a FQDN, where previously I used an IP address.

For a link to an easy installation step-by-step for vCSA 6-5 see the below link:

honerable mention:

Wednesday, 29 July 2015

Windows 10 update not working - disable AVG = fix?? Maybe...

Hi,

Just a quick post but I wanted to get this up because I think I've got round my windows 10 update issue and possibly this might help someone else?

So I've been struggling with updating windows 10 this evening. It has not been automatically updating, so I gave it time, I waited for the notification from Microsoft which never came.

Seemingly windows update just wasn't finding the windows 10 update.

This post at Venture beat seemed to be the solution:
http://venturebeat.com/2015/07/28/how-to-force-windows-to-start-downloading-the-windows-10-update-files/

But I still couldn't get it to work.

Then I tried disabling AVG anti-virus... and now it's downloading...

I don't know why this seems to have worked but if anyone else is struggling to get windows 10 updated as well and you have AVG then try temporarily disabling it and then running through the steps on the above link.

Best of Luck!



** Important Update**

I think the old Cisco VPN client is causing issues. My upgraded has succeeded but I've lost all my network connections. They show in device manager but nowhere else, so no network access, internet access etc.

If you are doing the upgrade and have the VPN client installed I would strongly recommend uninstalling it first.

I'm not 100% sure if this is the reason but I'm not taking the risk on the next PC I upgrade!

Wednesday, 12 November 2014

vSphere client on Surface pro 3 / Windows 8.1 input issues

So here's an irritating issue... I have a Surface Pro 3, I really like it, however there are a few niggles and issues but on the whole it's great. (You generally get issues with new versions of windows anyway, anyone remember vista? and windows 7 wasn't perfect for a long time, although it's pretty damn stable now). 

One of these issues was that I couldn't use the VMware vSphere client to control virtual machines using the console on my SP3. The cursor wasn't in sync with the screen. I'd put the cursor in the middle of the screen and it would register further down and off to the right. This made it almost impossible to click anything. I got around this by creating a virtual machine and using RDP to connect to the virtual machine and then connecting that way but it's a bit of a mess.

So here's the actual solution, if you right click the vSphere client icon > Properties > Compatibility > then check the box which disables display scaling on high DPI.

This runs the application natively on the display, which makes everything very small because the screen resolution is fantastic, but I kinda like this, you get more real-estate. It messes up a few positions such as text boxes slightly screwy but at least it works!

I couldn't find any other pages which detail this issue so hopefully this'll help someone else with the same issue.

Friday, 25 July 2014

installing Windows XP in VMware ESXi

I'm relatively new to VMware, but it's on my list of things to look into / learn about, and as part of my little lab I'm building I've installed ESXi5.1 as the Hypervisor on my server. I've always used VMware Player and Workstation before and they are so easy to use but I wanted to use ESXi because it's a little more "real world".

Windows XP is one of my "go to" VMs, it's so quick and easy to install, I've only got trial versions of 7 and 8 and i'm just not familiar with Linux (although I'm trying... give me time) However XP and ESXi don't seem to get on initially.

It turns out XP, being the old OS that is is, does have the SCSI drivers needed, and ESXi chooses a SCSI hard drive by default.

There are two options here:
Install the 3rd party drivers in the XP host, here are the instructions for this:
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1000863

Alternatively, you can just change the hard disk type to IDE and that works a treat too:

Thursday, 24 July 2014

Bridging Cisco Wireless Router to an AP (Or your Phone!!)

Doesn't it just feel great when you figure something out after being stuck on something for a little while? This was one of those moments...

I'm going through the motions for building a portable lab whereby I can test various applications and software and features and one of my initial considerations was how to get Internet access to the lab. I've got a 1841 with a 3G HWIC module inside it so I could buy a sim and configure that but the plans for 'non-mobile' devices are crazy expensive, plus I'm already paying for an unlimited internet package for my phone so it just feels wrong spending more money. The other option is tethering the phone to the LAN in some way - either via a USB to RJ45 adapter (but then I can't charge and tether my phone at the same time) or 2ndly some way wireless-ly, and it turns out this is very possible with a feature called universal client mode.

Universal Client Mode allows the router / AP to connect to a wireless device as though it was a client, very cool! So I able to use the portable hot-spot functionality of the phone, and connect to the phone from the router as though it was a client, below is a rough diagram of the setup:

"Free" access for my Lab.

So now here's the important bit, the configuration. I couldn't find any other bogs etc where people have done this, there are similar things but not exactly this and as such I spent some time figuring this out so I'm putting it here for future reference, and hopefully it'll help someone else out in the future.

! first of all you need to configure the radio:
interface Dot11Radio0

! Tells the router to act in universal client mode
station-role non-root 

! Set the IP address to be obtained using DHCP
ip address dhcp

! create the ssid - has to be the same as the ssid advertised from the phone
dot11 ssid SSID_NAME

!set the authentication - I've used open
authentication open

! Go back into the dot11 radio interface and associate the ssid to the interface
interface Dot11Radio0
ssid SSID_NAME

At this point you should have a virtual-dot11radio interface configured and it should receive and IP address from the phone.

And from here you just create a default route, setup NAT and "jobs a good 'un".

A couple of notes: you have to make sure there is no vlan X command because Universal Client Mode needs to use the native vlan (I.E. no vlan configured)

Also, when I added the default route I had to manually set the IP address of the phone I.E. 192.168.43.1 (in my case) it didn't work when I set the exit interface as either dot11radio0 or the virtual-dot11radio0. I don't know why, perhaps someone can comment? But that's well worth noting.

Excellent!

Here's a quick update, if you are not happy without any encryption you can add WPA2 encryption with a Pre-Shared Key (PSK) with these commands:

!Under the dot11 SSID config:
 authentication key-management wpa
 wpa-psk ascii 0 password

!Under the dot11radio interface:
encryption mode ciphers aes-ccm


!!Update number 2!!
So I managed to break my NAT translations, I was playing with settings and "cleaning up the config" and I noticed that my lab VMs had lost internet connectivity.
I've since fixed it but my method is not 100% conventional. I had to change my NAT statement to refer to the pool of IP addresses being translated rather than the exist interface (virtual-dot11radio0) for some reason my NAT statement and default route doesn't work if I point to the virtual-dot11radio0 interface. The simple fix is to use the IP address rather than the interface but I'm a little wary because IP addresses can change. We'll see, if I find away around this I will update again. Anyway for the time being, here are the revised NAT statements:

ip nat pool NAT-POOL 192.168.43.183 192.168.43.183 netmask 255.255.255.0
ip nat inside source list PERMIT-NAT pool NAT-POOL overload

ip access-list standard PERMIT-NAT
permit 172.16.213.0 0.0.0.255

Thursday, 10 April 2014

OSFP LSA types 1-7

I'm going through the process of decertifying my CCNP and one thing I can never recall from memory is a good description of each of the OSPF LSA types. Therefore it gets a quick blog post to aid the old memory.

LSA Type 1 (Router LSA):
Routers each create a type 1 LSA for each area they connect to in order to represent themselves within an area. Therefore the LSDB for an area will contain one type 1 LSA  for each router in the area. 

LSA Type 2 (Network LSA):
The type 2 LSA is created by a DR to detail the subnet and connected router interfaces in that subnet.

LSA Type 3 (Network Summary LSA):
The type 3 LSA is used to advertise subnets listed in one area to another area. The is created by an ABR. 

LSA Type 4 (ASBR Summary LSA):
The type 4 LSA is created by an ABR when it receives a type 5 LSA from a ASBR. This LSA is required in order to support the tie breaking logic for best path selection for routers, internal to an area, when calculating the best path to an external network in another area. This is required because E2 external routes do not increment the metric when travelling through the network, therefore a router in an area could have 2 (or more) paths to the external network. The tie break logic says that even though the metrics tie the router should put into the routing table the best route to reach the ASBR. So if it had a fast Ethernet connection and a serial connection even though the metrics would be the same (20 by default for an E2) instead of load balancing the router looks up the best path to reach the ASBR and puts this route into the routing table.

Now the above logic works fine if the router and the ASBR are in the same area. If not then the router can calculate the best path to the ABR but beyond this it has no awareness of the topology. This is where the type 4 LSA comes in. A type 4 LSA is generated by an ABR and details the ABR cost to reach the ASBR. This solves the above problem because where a internal area router has 2 ABRs out of the area, it now knows the cost of each ABR to reach the ASBR in the other area and so can make the best path selection accordingly.

LSA Type 5 (AS External LSA):
The type 5 LSA is used to advertise external routes into an area, this is created by the ASBR.

LSA Type 6 (Group Membership):
Unused on Cisco IOS so I'm ignoring it for the time being

LSA Type 7 (NSSA External LSA):
The type 7 LSA is created by an ASBR in a stub area to advertise external routes from an ASBR within that stub area. Stub areas suppress type 5 LSAs therefore an ASBR in a stub area uses type 7 LSAs within the stub which are then converted to type 5 LSAs at the ABR. Stub areas with an ASBR are NSSAs (Not So Stubby Areas)


I might well update this as I read and learn more but for the time being it's a good reference for me. 

Friday, 28 March 2014

Juniper Part number confusion

So this is another one which should be very obvious but again I'd never questioned it until recently, so I'm jotting it down for reference.

For Juniper's larger routers (MX etc) there are a number of items which are redundant - PSU, RE, SCB etc. Now when looking through the price list these items each have 3 different part code options: -BB, -R, -S

Here are the differences:
-BB = Base Bundle - This item is purchased when buying a new chassis and is often discounted because of this. You cannot purchase this item with the complete chassis.

-R = Redundant - This item is purchased with a complete chassis when you want a redundant item. For example, if you require a chassis with 2 SCB then you would purchase 1 -BB and 1-R.

-S = Spare - This item is purchased often if you are upgrading an existing chassis - I.E. replacing an item in an existing chassis with a new item, or adding a redundant component to an existing chassis.

Cisco MSE Appliances need L2 adjacency for HA operation

HA is a wonderful thing for obvious reasons but you do have to tread carefully sometimes when designing and deploying it.  I am specifically referring to the appliances / applications themselves and their physical location. Some appliances need to be located on the same subnet, which usually means physically very close. You can often fudge this by extending the layer 2 domain (such as using OTV) but this can be dangerous due to latency etc which can cause some unpredictable results, and not always practical.

MSE (7.4) is one of these applications. It maintains a health monitor connection to keep the two appliances synchronised and up to date.

LX4 and LRM optics are not compatible

Here is something I ran into and is certainly worth noting down and remembering:

LX4 and LRM optics are not compatible

This perhaps should be obvious as they are different standards but it wasn't until I looked into it and now I know for certain.

LX4 is standard IEEE 802.3ae and LRM is standard IEEE 802.3aq, you can look into these further on Wikipedia or another resource but the gist of it seems to be that the standard work in different ways making them incompatible. There is a good support forum link in the resources below.

This all came around because a customer wanted to buy more X2-10GB-LX4 optics but these are EOS, the recommended replacement is the X2-10GB-LRM optic which is incompatible. The options here then are to upgrade the existing line cards and replace the old LX4 optics with LRM optics or try to purchase any existing LX4 optics which may be in stock somewhere, but this is only a temporary fix as Cisco are not making them any more.

So a work of caution, don't take the Cisco recommended replacements completely at face value.

As a side note, optics of different form factors are compatible, so a X2 LRM and Xenpak LRM module would be fine, in the same way a LC SFP module can connect to a SC GBIC module if they are both using the SX standard.

Resources
Cisco Support Forum post:
https://supportforums.cisco.com/discussion/11270096/x2-10gb-lx4-sfp-10g-lrm-compatibility

Juniper EX4550 Switches Airflow Confusion

So this is a quick note to clear up some confusion I had regarding the airflow on Juniper EX4550 switches.

The airflow on these switches is either front-to-back or back-to-front however this is not immediately apparent from the datasheet, and this is always my quick go-to place for information. I think this is mainly my fault for not reading this properly but it is also written in a confusing way.

The datasheet states:
"port side to PSU side airflow" which if you are reading this quickly looks suspiciously like "side-to-side"

To be sure I've had this checked with Juniper, and it is verified in the tech doc below, but the airflow is definitely front-to-back, back-to-front PSUs are also available.

References
EX4550 PSU Tech Doc:

EX4550 Datasheet: