Get Datastore Name and Canonical Name "naa."

Have a VMware storage migration going on??? Need to give your SAN Team canonical names? Here is a simple PowerCLI script to pull that information and dump it in a csv.
Just connect do your vCenter and let it rip.

$report = get-Datastore |
Where-Object {
$_.ExtensionData.Info.GetType().Name -eq “VmfsDatastoreInfo”} |
Select-Object -Property Name, CapacityMB, FreeSpaceMB, @{Name=”DiskName”;Expression={ $_.ExtensionData.Info.Vmfs.Extent[0].DiskName}}
$report | Export-Csv "C:\temp\reports\9-19-13WWN.csv" -NoTypeInformation -UseCulture

The output will look like this:

"3P-9DA03-T2-CHU2.1","1048320","975256","naa.50002ac00090000f"
"3P-9DA03-T2-CHU2.2","1048320","1027239","naa.50002ac00091000f"
"3P-9DA03-T2-CHU2.3","1048320","1047746","naa.50002ac00092000f"
"3P-9DA03-T2-CHMG.1","1048320","459469","naa.50002ac0006b000f"
"3P-9DA03-T2-CHMG.2","1048320","253995","naa.50002ac0006c000f"
"3P-9DA03-T2-CHMG.3","1048320","717312","naa.50002ac0006d000f"

ESXi5 Change Multipath Policy and IOoperationLimit PowerCLI Script

Recently I had a need to set all of my storage LUN's mulitpath policy to RoundRobin and IO Operation Limit to "1" inside my ESXi 5 environment. Setting these manually can take a long time since you have to hit each seperate LUN. I found out a way to make it really easy to deploy it by clusters. Sure, you can script it by vcenters but this time I wanted more control. After scrouring the internet looking for examples I was unable to find any that worked with ESXi5 and execute across multiply LUNs at one time. Therefor, I create my own using the help of the interweb. I hope this powershell script helps you as well.

#Script to configure the LUNs and Multipathing policies for a cluster.
#Author: Scott Sarkan

# Add the base vSphere cmdlets
Add-PSSnapin VMware.VimAutomation.Core

# This script adds some helper functions and sets the appearance.
"C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI\Scripts\Initialize-PowerCliEnvironment.ps1"

#Define some variables
$vcServer = "Vcenterserver"
$psp = "VMW_PSP_RR"
$DiskID = "naa.5000"
$cluster = "VirtualCluster1"

#Change SATP to match your storage array
$satp = "VMW_SATP_DEFAULT_AA"


#Prompt for Credentials
$vcCred = $host.ui.PromptForCredential("VCENTER LOGIN", "Provide VCENTER credentials (administrator privileges)", "", "")
$esxCred = $host.ui.PromptForCredential("ESX HOST LOGIN", "Provide ESX host credentials (probably root)", "root", "")

#Connect to vCenter
Connect-VIServer -Server $vcServer -Credential $vcCred

#Set Roundrobin Policy on specified LUNs and Connect to ESX hosts for IOPS setting
foreach ($esxhost in Get-Cluster $cluster | Get-VMHost) {
write-output $esxhost.Name #host you are connecting to

#Change Multipathing policy to RoundRobin
#Get-VMHost $esxhost |Get-ScsiLun -LunType "disk"|where {$_.MultipathPolicy -ne "RoundRobin"} | where {$_.CanonicalName -match $diskid}|Set-ScsiLun -MultipathPolicy "RoundRobin"

#Connect to vCenter
Connect-VIServer -Server $esxhost -Credential $esxCred

#Connect to ESXcli
$esxcli = Get-ESXcli

#Go through each storage device where the ID begins with naa.5000
$esxcli.storage.nmp.device.list() | where {$_.device -match $Diskid}| %{

#Capture the current configuration of the focused storage device
$configBefore = $esxcli.storage.nmp.psp.roundrobin.deviceconfig.get($_.device)

#Set the IOoperations limit using the currently focused naa ID
$esxcli.storage.nmp.psp.roundrobin.deviceconfig.set(0,$configBefore.device,[long]1,"iops",$false)

#Capture the configuration post the set
$configAfter = $esxcli.storage.nmp.psp.roundrobin.deviceconfig.get($_.device)

#Returns
$configBefore
$configAfter
}
#Change the default PSP for the specified SATP
#$esxcli.nmp.satp.setdefaultpsp($psp,$satp)


}

#Disconnect from ESX hosts
foreach ($esxhost in Get-Cluster $cluster | Get-VMHost) {
Disconnect-VIServer -Server $esxhost.name -Confirm:$false
}

#Disconnect from vCenter
Disconnect-VIServer $vcServer -Confirm:$false

WLAN 802.1x Using Machine/Computer Authentication

Recently, I was faced with a challenge to have machine accounts to authenticate to FreeRadius. Having never configured this before I thought I would share my experiences with you.

So, what do you need to do when you have a certificate that is auto deployed through AD and is stored in the Local Compute Certificate Store and you need to have a computer always connected to WLAN or LAN using 802.1x? Authenticate as a machine instead of a user!


Tools
Windows Server 2003 Enterprise Edition R2 - Active Directory + Enterprise Certificate Authority
Auto-enrollment template with auto-enrollment GPO
Windows XP Tablet SP3 with EAP-TTLS configured
Certificate Signed by CA
CA Public Certificate in the Trusted Root Certificate Store
FreeRADIUS or other RADIUS service

We have tablet machines which are configured with Windows XP Tablet SP3 that are joined to Windows 2003 domain but no domain users would ever log in. The few reasons that these are joined to AD without user interaction is to track the machine inside AD, manage it via SCOM & SCCM, and have it use Active Directory integrated certificate services via auto enrollment. The problem was that we could not deploy a machine certificate to the device, it was more like having to use the Local Computer Certificate Store for authentication. We had little experience using FreeRadius since it was a open source tool that was managed by an outside group. Therefore, we had to totally relied on our vendor that they had everything configured correctly on their end. When we were testing we found that if the certificate was in the User Certificate Store then it would work. But, since the machine would never have any domain users logged in it would never auto enroll a certificate into the User store. Thus, we were able to then find an article from Microsoft which prove to us that Computer Authentication would work. The only thing you we had to do was to add 2 DWORD registry entries in the "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EAPOL\Parameters\General\Global" directory.

1. Add SupplicantMode = 3 (http://support.microsoft.com/kb/931856)
2. Add AuthMode = 2 (http://support.microsoft.com/kb/309448)

Then configure the NIC as such:

Note: Make sure that the "Authenicate as a computer when computer information is available" checkbox in the Authenitcation tab is check.

Awesome iPhone App - Redlight Cameras

Yesterday I downloaded a new app for my iphone. It is called Trapster and has the potential to be the most useful, and the most money saving app of them all. Do you hate redlight cameras as much as I do?? Do you hate coughing up $100 for a right turn on red?? Then download this app now!

Trapster runs on top of google maps and users report where redlight cameras and speed traps are. As you drive the app gives you an audible and visual alert when you are coming close to a speed trap or camera. Another nice feature is that if gives you traffic updates as well, even for routes and highways other than major free/toll ways.

This app will be a huge help when traveling in unfamiliar territory. Especially for someone who recieved a redlight ticket before.

Biztalk Training

Last week, I attend a 3-day Biztalk training session in which I learned a few things. But before that, I want to disclaim that I, by no means, am Biztalk expert.

One, Biztalk databases must be backed-up using the included SQL backup job. This backups the database with the transaction logs and puts a stop point inside of the database so that restoration is easier. Two, a performance gain is not achived untill you reach 3 Biztalk servers due to overhead consumption. Three, there is a patch out there if you are running Biztalk server on a VMware virtual server, which we are. I guess you start seeing weird memory errors if you don't have this patch. We have experienced some of these errors and ar moving forward with deployment of this patch.

HP ze4900 Time and Date Problem

I somewhat started a little side business fixes PCs for people. I call it IT Pros PC Repair. I (we) are focused on professional repair service at an economical cost. But besides that, I recently was working on a customers HP ze4900 laptop. She was telling me that the windows time changes on her laptop and she think that her CMOS battery is going bad.
When I initially looked at it the system clock in the BIOS was set to 1/1/04 12:00am. So I figured it could be her CMOS battery but I still booted into XP and the time never changed again on me. Even when I unplugged all power sources to let the CMOS battery drain but, when I booted again it didn't change at all. I could not duplicate the issue anymore. She said that she would be in Windows and the time would change right infront of her eyes. So I went ahead and popped it open to check out the type of battery. It was a Maxwell M1220 Rechargable battery. I gave the laptop back to her and said that to wait untill it happens again and the check the time in the BIOS to see if has changed as well. That would isolate the issue between the BIOS and Windows. Sure enough it did change as well. You are now thinking BIOS battery, right? So she brought it back to me and wanted to move forwarded to order a new battery. After searching for the same battery for over an hour, I found a new one on Ebay. So, I ordered it.
As I was waiting for the new battery I was researching any issues with time and date on this model of laptops. One site suggested it was a MOBO change, and another suggested a Trojan virus that sets the time 2 years back. I booted the laptop and checked the BIOS. The clock was stopped at yesterday when I shut it down. Hmmm, seems like some funky BIOS. I then started researching for BIOS update from HP site. The version on the laptop was F10 and the current was F16. So I went ahead with the flash. All seems better as of now. The monitor even looks sharper (that was a fix in F14) and the time in the bios actually moves now and has held the date and time so far. I'll wait until the battery arrives before closing the issue.

Last Few Weeks and Now

Last week my 2nd son, Haydn arrived. He weighed in at 7lbs 14oz. He was born on his due date which was 4/21/08. It just so happens that the week I take off of work to be with him is the week that the RDM environment was being installed. So, I kind of missed out on the brutal install but, the other good news is that we'll hopefully be finishing up today. Yesterday I was looking into extending our AD Schema to add an attribute to the User class that will represent the 2 digit country code. The software needs that to associate restaurants in different countries. So, hopefully I will have more details on that soon.
Today I'm troubleshooting our Juniper SSL VPN. It seems to timeout the sessions when users are RDP'n to the servers in our RSM Lab. I will also be finishing the Biztalk configuration for RDM today. Now next week I'll be in Biztalk training so I will have details on that soon.

Other than that, at home I've been watching "Carrier" on PBS. It's a great series that dives into the lives of the crew onboard the USS Nimitz.