TokyoBrit

Forum Replies Created

Viewing 30 posts - 1 through 30 (of 56 total)
  • Author
    Posts
  • Avatar
    TokyoBrit
    Member

    Re: Windows 2008 R2 Cannot Access Network Shares By Namespace

    Not discounting a DNS issue, but the AD sites are configured correctly.

    The test DMZ is a different subnet, and does not hold a DNS server, nor do I register the WAN IP in DNS.

    But to make things clearer, here is my IPCONFIG:

    Windows IP Configuration
    Host Name . . . . . . . . . . . . : testsrv3
    Primary Dns Suffix . . . . . . . : testdomain
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : testdomain

    Ethernet adapter LAN:
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft Virtual Machine Bus Network Adapter #1
    Physical Address. . . . . . . . . : 00-15-5D-00-52-11
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    IPv4 Address. . . . . . . . . . . : 192.168.18.213
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . :
    DNS Servers . . . . . . . . . . . : 192.168.18.7
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter WAN:
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft Virtual Machine Bus Network Adapter #2
    Physical Address. . . . . . . . . : 00-15-5D-00-52-13
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    IPv4 Address. . . . . . . . . . . : 192.168.17.213
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.17.1
    NetBIOS over Tcpip. . . . . . . . : Disabled

    [/CODE]

    And I have a single persistent route to access the internal network:

    [CODE]Persistent Routes:
    Network Address Netmask Gateway Address Metric
    192.168.18.0 255.255.255.0 192.168.18.213 1
    [/CODE]

    If DNS were really up the spout, I doubt I would be able to access the other servers via their FQDN, nor would I be able to login to this new server using a domain account. The only thing that doesn’t work is accessing a DFS namespace from this server.

    It’s like the new server has no idea what DFS is, or knows how to enumerate DFS shares.[CODE]
    Windows IP Configuration
    Host Name . . . . . . . . . . . . : testsrv3
    Primary Dns Suffix . . . . . . . : testdomain
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : testdomain

    Ethernet adapter LAN:
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft Virtual Machine Bus Network Adapter #1
    Physical Address. . . . . . . . . : 00-15-5D-00-52-11
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    IPv4 Address. . . . . . . . . . . : 192.168.18.213
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . :
    DNS Servers . . . . . . . . . . . : 192.168.18.7
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter WAN:
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft Virtual Machine Bus Network Adapter #2
    Physical Address. . . . . . . . . : 00-15-5D-00-52-13
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    IPv4 Address. . . . . . . . . . . : 192.168.17.213
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.17.1
    NetBIOS over Tcpip. . . . . . . . : Disabled

    [/CODE]

    And I have a single persistent route to access the internal network:

    Persistent Routes:
    Network Address Netmask Gateway Address Metric
    192.168.18.0 255.255.255.0 192.168.18.213 1
    [/CODE]

    If DNS were really up the spout, I doubt I would be able to access the other servers via their FQDN, nor would I be able to login to this new server using a domain account. The only thing that doesn’t work is accessing a DFS namespace from this server.

    It’s like the new server has no idea what DFS is, or knows how to enumerate DFS shares.[CODE]Persistent Routes:
    Network Address Netmask Gateway Address Metric
    192.168.18.0 255.255.255.0 192.168.18.213 1
    [/CODE]

    If DNS were really up the spout, I doubt I would be able to access the other servers via their FQDN, nor would I be able to login to this new server using a domain account. The only thing that doesn’t work is accessing a DFS namespace from this server.

    It’s like the new server has no idea what DFS is, or knows how to enumerate DFS shares.

    Avatar
    TokyoBrit
    Member

    Re: Windows 2008 R2 Cannot Access Network Shares By Namespace

    I installed the DFS tools for RSAT onto both W2K8 servers and ran:

    dfsutil diag viewdfspath [URL=”file://\testdomainpublic”]\testdomainpublic[/URL]

    On the working server, this responds with:

    The DFS Path resolves to ->
    [/CODE]

    [URL=”file://\testfile”]\testfile[/URL] is a VM of Windows 2003 Storage Server.

    On the problematic server, the same command responds with:

    [CODE]
    Destination Path is inaccessible
    Could not execute the command successfully
    SYSTEM ERROR – A device attached to the system is not functioning.
    [/CODE]

    Nothing written in the event logs about this problem, so I don’t have a lot to go on.[CODE]
    The DFS Path resolves to ->
    [/CODE]

    [URL=”file://\testfile”]\testfile[/URL] is a VM of Windows 2003 Storage Server.

    On the problematic server, the same command responds with:

    Destination Path is inaccessible
    Could not execute the command successfully
    SYSTEM ERROR – A device attached to the system is not functioning.
    [/CODE]

    Nothing written in the event logs about this problem, so I don’t have a lot to go on.[CODE]
    Destination Path is inaccessible
    Could not execute the command successfully
    SYSTEM ERROR – A device attached to the system is not functioning.
    [/CODE]

    Nothing written in the event logs about this problem, so I don’t have a lot to go on.

    Avatar
    TokyoBrit
    Member

    Re: Windows 2008 R2 Cannot Access Network Shares By Namespace

    rob123;234291 wrote:
    Install this hotfix from Microsoft;

    KB2194664

    I’ve had a similar issue on both Windows Server 2008 R2 and Windows 7 Clients, this update has resolved the issue for me.

    Yes. I had seen that before. It was the main solution to a long thread about this issue, and I had hoped it would work for me, but there are 3 problems with it:

    1) I cannot access the network shares using the namespace even after immediately restarting the server.

    2) I can always access the remote server using either its FQDN or IP address, which is the issue that 2194664 addresses.

    3) When I run the Windows6.1-KB2194664-x64.msu, it says “The update is not applicable to your computer”.



    Never mind about 3). Because I installed Windows Server 2008 R2 SP1, the mrxsmb10.sys driver file is version 6.1.7601.17514, which is newer than the version that the hotfix installs.

    It has to be something else.

    Avatar
    TokyoBrit
    Member

    Re: Windows 2008 R2 Cannot Access Network Shares By Namespace

    gerth;234286 wrote:
    Does the ping testdomain command return the ip address of the domain controller? It sounds like some dns issue.

    It could be. AD is very susceptable to DNS issues. Just one little thing and a whole slew of problems arise, but as it happens, the ping works:

    Pinging testdomain [192.168.18.7] with 32 bytes of data:
    Reply from 192.168.18.7: bytes=32 time<1ms TTL=128
    Reply from 192.168.18.7: bytes=32 time<1ms TTL=128
    Reply from 192.168.18.7: bytes=32 time<1ms TTL=128
    Reply from 192.168.18.7: bytes=32 time<1ms TTL=128

    Ping statistics for 192.168.18.7:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
    [/CODE]

    I’m wondering if it’s because the default gateway is set for the external adapter, while the internal adapter uses a persistant static route.[CODE]
    Pinging testdomain [192.168.18.7] with 32 bytes of data:
    Reply from 192.168.18.7: bytes=32 time<1ms TTL=128
    Reply from 192.168.18.7: bytes=32 time<1ms TTL=128
    Reply from 192.168.18.7: bytes=32 time<1ms TTL=128
    Reply from 192.168.18.7: bytes=32 time<1ms TTL=128

    Ping statistics for 192.168.18.7:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
    [/CODE]

    I’m wondering if it’s because the default gateway is set for the external adapter, while the internal adapter uses a persistant static route.

    Avatar
    TokyoBrit
    Member

    Re: Windows 2008 R2 Cannot Access Network Shares By Namespace

    netxt;234277 wrote:
    What is the output of nslookup testdomain command ?

    That returns the IP addresses of the 2 DC’s in the test domain:

    Server: testdc.testdomain
    Address: 192.168.18.7

    Name: testdomain
    Addresses: 192.168.18.7
    192.168.19.7
    [/CODE]

    The testdomain simulates 2 sites, with a DC in each one and site links defined in AD.[CODE]
    Server: testdc.testdomain
    Address: 192.168.18.7

    Name: testdomain
    Addresses: 192.168.18.7
    192.168.19.7
    [/CODE]

    The testdomain simulates 2 sites, with a DC in each one and site links defined in AD.

    Avatar
    TokyoBrit
    Member

    Re: Windows 2008 R2 Cannot Access Network Shares By Namespace

    Cheers the for reply. Has me thinking. It’s possible I guess. Unlike the other W2K8 server, this one is dual-homed, with one IF on the test DMZ.

    I’ve configured the external IF to not register, so only the internal IP is registered in DNS on the test DC. NSLOOKUP resolves that fine.

    Will check into file and printer sharing some more. I don’t have it enabled, since it is for sharing files and printers on the local server, which I’m not doing, but it might have a knock-on affect.

    Hmm. If it was needed though, then I would expect the [URL=”file://\servernamesharename”]\servernamesharename[/URL] network shares to not work either, but they do. Does DFS use a different mechanism (ports/protocols) for it’s shares?

    Avatar
    TokyoBrit
    Member
    in reply to: Namespace problems #348296

    Re: Namespace problems

    On the Referrals tab of the namespace properties, under Ordering method, there is the option to “exclude targets outside of the client’s site”.

    So long as the Active Directory Sites & Services is configured correctly, along with the associated links and the link costs, then that should stop clients from going over the VPN to external sites.

    Avatar
    TokyoBrit
    Member
    in reply to: DFS Namespace fault-tolerance #348295

    Re: DFS Namespace fault-tolerance

    I’ve only dug into it cos I can no longer add namespaces to my Windows Storage Server 2003 using DFS Management.

    Which is what brought me to your thread.

    And yes, the same problem exists whether I use 2003 or 2008.

    I’ll create a thread under Windows 2003 concerning something I found out.

    Avatar
    TokyoBrit
    Member
    in reply to: DFS Namespace fault-tolerance #348294

    Re: DFS Namespace fault-tolerance

    Yes, although it seems that when Microsoft changed DFS between 2003 and 2003 R2 (and 2008), it wasn’t just the naming conventions they changed.

    While setting up namespaces and replication using the DFS Management snap-in is very different from the Distributed File System snap-in, the 2 versions must also store their meta data differently.

    I can see a Namespace under DFSMGMT which says it’s using some piddling amount of space in AD as reported on the General tab of the namespace properties, but when I look at the Publish tab of the properties using DFS, it says it’s not in AD.

    Are they not pulling their DFS configuration data from the same place in AD?

    DFSMGMT says it belongs to a Replication group that is replicating, but DFS doesn’t show the replication tab in the namespace properties dialog, which means replication is not configured.

    Must say though, it’s a doddle creating a highly available shared folder using the older DFS snap-in, whereas with the new DFSMGMT, all I see are errors errors and more errors, like:

    Add Namespace To Display. Scope: Domain. All I get is an error popup “The namespace cannot be enumerated. The remote procedure call failed and did not execute.”

    Add Namespace To Display. Scope: Server. The namespace shows up in the list (with a red cross) and double-clicking says “the namespace cannot be queried. element not found.”

    Both sound like AD integration issues, but I don’t see either problem if I use the DFS snap-in and publish into AD.

    Avatar
    TokyoBrit
    Member
    in reply to: DFS Namespace fault-tolerance #348293

    Re: DFS Namespace fault-tolerance

    So multiple hosts for DFS roots is new to 2008?

    But how would you go about protecting yourself against the loss of the DFS root host in 2003?

    It was last year I had a similar problem, in that the server hosting the DFS roots failed and all users lost access to the domain namespaces, even though they are configured with multiple targets.

    Should the DFS root be hosted on a cluster?

    If the DFS roots are saved in AD, can they easily be hosted on a new server?

    Edit: Nevermind. I was confused. I had been using the Distributed File System snap-in, not the DFS Management snap-in, which offers different settings. Also, I’ve found that losing the “original” host doesn’t not cause a loss of access if the namespace has been saved in AD, so long as there is at least one other accessible target namespace server.

    Avatar
    TokyoBrit
    Member
    in reply to: Run VMCONNECT As Administrator Through TS Web Access #348292

    Re: Run VMCONNECT As Administrator Through TS Web Access

    Found this blog entry, which allows me to run Hyper-V Manager from the Host without UAC, but it has no effect when running it via RemoteApp.

    http://blogs.technet.com/b/jhoward/archive/2010/07/07/avoiding-uac-prompt-starting-hyper-v-manager.aspx

    Avatar
    TokyoBrit
    Member
    in reply to: Run VMCONNECT As Administrator Through TS Web Access #348291

    Re: Run VMCONNECT As Administrator Through TS Web Access

    If I try using Runas, it still doesn’t work:

    runas /noprofile /user:domainadministrator “mmc virtmgmt.msc”

    Enter the password for domainadministrator:
    Attempting to start mmc virtmgmt.msc as user “domainadministrator” …
    RUNAS ERROR: Unable to run – mmc virtmgmt.msc
    740: The requested operation requires elevation.

    Avatar
    TokyoBrit
    Member
    in reply to: Exchange 2010 migration project time #348290

    Re: Exchange 2010 migration project time

    I’m looking into this myself, as I’d like to figure out whether I will need to have EX2003 and EX2010 coexist during the migration, or if can I move all the mailboxes over within a single day. While I understand that every migration will be different, surely there are some reference timings for Step 5 of this diagram?

    Aa998186.5fa85722-78bc-42a5-97f0-39f5c85b50e1(en-us,EXCHG.141).gif

    Our priv1.edb is about 25GB in size and there are 100 users, both servers are 8x core, 16GB memory, 10K RAID-5, and on the same gigabit segment. I think that is probably run-of-the-mill when it comes to hardware for Exchange, so baring no issues during the move, how long are we looking at for completing, say, the MoveMailbox.ps1 script? Or if we use the EMC and just create local move requests for all of the legacy mailboxes, what should we be expecting to see as a reasonable “Elapsed time”?

    Of course there is the public folder migration, but that is minimal, and we don’t use OWA or Active-Sync, so the whole legacy host name part is not needed. Mainly I’m looking for a ballpark figure of how long users will be unable to get email. The rest of the migration can be done without disruption.

    Avatar
    TokyoBrit
    Member
    in reply to: MX Record when changing hosting provider #348289

    Re: MX Record when changing hosting provider

    Umm. Where to start?

    First. Your AD DNS entries are for your internal use. From what is shown, www, list and ftp are all hosted by providerAA while mail is hosted by your own server. You will need to switch those to providerBB. Talk to providerBB to get that done.

    Actually, do http://www.demowolf.org, http://ftp.demowolf.org and list.demowolf.org point to any services at all? If not, you can delete them from your AD DNS.

    Second. You have an MX record in AD DNS for your mail server, which is strange, in that you don’t actually need that for internal client access.

    Try this:

    open up command prompt on your mail server
    type NSLOOKUP and press enter
    at the > prompt, type “server NS1.providerBB.com” without quotes, and press enter
    then type “set type=MX” without quotes and press enter.
    now type in “demowolf.org” without quotes and press enter.

    That should tell you what the public DNS entries are when it comes to email.

    You could also:

    type “set type=ANY” without quotes and press enter.
    type in “demowolf.org” without quotes and press enter.

    Which would give you more info about how we, on the outside, see that domain name presented and I would be hesitant to do much else without DNS being setup properly, as that can cause so many problems.

    Preferably we’d like you to talk with providerBB customer support to resolve this, since it certainly doesn’t seem to be a test environment, and we cannot be held responsible if something goes wrong given that we don’t know all of the facts.

    What I will say is that at some point, you will need to go into Exchange System Manager, open up the properties of your Default SMTP Server, go to the Delivery tab, click on Advanced, check the Fully-qualified domain name and Smart host values, as well as click on Configure to check what external DNS Servers are set.

    Those will most likely need to be changed from whatever they were for providerAA to whatever they should be for providerBB – and only they can tell you that.

    Avatar
    TokyoBrit
    Member
    in reply to: Service To Capture OutputDebugString #348288

    Re: Service To Capture OutputDebugString

    Yeah. Tried that using INSTSRV.EXE, but the created service (basically a wrapper around DebugView) failed to start.

    I’ve since gone and written my own service in C# using Visual Studio 2010 that hooks into the debug stream, but it doesn’t seem to pick up as many of them as the sysinternals program does.

    Ho hum.

    Still looking for a proper way to log OutputDebugString to a file as a service. :neutral:

    Avatar
    TokyoBrit
    Member

    Re: VMWare VCenter 4 licensing and usage for > 3 ESXi hosts

    The PDF is comprehensive, but please remember it is not an independant comparison. :|

    If you rewrote some of the bullets slightly, then you could put X’s for Hyper-V or Xen, and write No for vSphere. It all depends on perspective, and VMware’s is to sell vSphere.

    Also, I don’t think “Centralized licensing. Administer and manage all license keys centrally within vCenter Server.”, as an example, really counts, as 1) Of course you don’t get vCenter Server with Hyper-V or Xen, and 2) you can centralize licensing with a Windows License Server. :?

    Saying that, vSphere is undoubtedly the best virtualization product suite on the market. Whether it remains so will depend on VMware making the right strategic aquisitions and implementing features that customers say are lacking.

    simondrake79 is correct though in that you can use SCOM VMM to manage ESX hosts, and that you would need to purchase both the management suite and the various device licenses (which are the MS equivilent of the agent licenses).

    I believe that route has been shown to be more expensive over purchasing the vSphere ones at the onset. :shock:

    However, I may be in the same boat as Albertwt, as although I would prefer to future proof my virtualization purchases, the people that sign off on the budget may decide differently, in which case I’ll be stuck with getting Essentials and throwing it away a few years down the road.

    I’m hoping that none of the executive management find out that a low cost option that would cover our requirements for this year, but not next, is available. They can be so short-sighted. :sad:

    Avatar
    TokyoBrit
    Member
    in reply to: Exchange DAG Means Disable VMotion For Mailbox Server #348286

    Re: Exchange DAG Means Disable VMotion For Mailbox Server

    Thanks for the comments. Further reading supports your suggestions of keeping VMDK’s on shared storage, even for VM’s not participating in VMotion, et. al.

    But for the Exchange servers in particular though, the case could be considered different as there would already be a failover VM on the other ESX host.

    That is, DAG requires 2 servers so that if the primary fails, the database will remain accessible. So if the primary ESX host fails, Exchange will switch to using the secondary VM on the secondary ESX host to continue operations, without anything being done by vCenter.

    Essentially, losing the primary ESX is akin to losing the primary physical Exchange DB server.

    Saying that, it just makes it easier to maintain snapshots and perform updates if the Exchange DB VM’s involved in DAG are on shared storage.

    Avatar
    TokyoBrit
    Member

    Re: VMWare VCenter 4 licensing and usage for > 3 ESXi hosts

    No, the bare-metal ESX hypervisor on it’s own is free. That’s enough for setting up a single virtual host and running as many VM’s as you like on it, managed through the service console or some other ESX compatible tool, such as SCVMM.

    What you get extra with Standard is:

    • VMware vStorage VMFS
    • Four-way virtual SMP
    • VMware vCenter Server Agent
    • VMware vStorage APIs / VMware Consolidated Backup (VCB)
    • VMware vCenter Update Manager
    • VMware HA
    • VMware vStorage Thin Provisioning

    The important one is the agent, which is what allows an ESX host to be managed by vCenter Server, which in turn allows features like HA to work.

    But yes. Both Hyper-V and Xen include the VMotion capability as standard in their free versions, called Live Migration and XenMotion respectively. To get that in vSphere you have to buy the Advanced license for $2245.

    That fact alone has contributed to the erosure of VMware market share, with many SMB’s opting for Hyper-V or Xen over vSphere for smaller virtualization deployments. However, vSphere is the standard when it comes to enterprise virtual data centers.

    What I’ve seen though is that for most SMB’s, virtualization is a proof of concept, a prototype or something the IT guy wants to try.

    F5 have a great whitepaper about the challenges to virtualization.

    I’ve also spent a great deal of time the last few months doing a comparative analysis of the main 3 hypervisors, and I can say that if I only looked at my 1 year goals, I would go with Xen because Hyper-V isn’t really ready for production environments.

    However, I have to look ahead 3, 5 and 10 years – in which case vSphere is my choice, because there is lot more going for it, especially when it comes to shared storage support.

    Just look at the recent announcement by EMC for their new VPLEX. One of the features they are pushing is the fact you can do VMotion over distance of upto 100Km.

    If you want to future-proof your virtual data center, at this time I have to say go with vSphere – If you can afford it.

    In your case Albertwt, you can either continue to manage 2 groups of ESX servers, fork out for the vSphere Standards, or look for a third-party management tool that will handle all 5, but I don’t know if there are any licensing issues with that.

    Avatar
    TokyoBrit
    Member

    Re: VMWare VCenter 4 licensing and usage for > 3 ESXi hosts

    VMware vSphere Essentials comes with a special version of vCenter, called VMware vCenter Server for Essentials. That version is limited to 3 ESX hosts with 2 processors each, and cannot communicate with any other vCenter Server.

    You’ll also note that the PDF says that Essentials versions cannot be combined with any other vSphere product.

    So I’m afraid to say that if you want to manage 5 separate ESX hosts from a single management server, then you need to purchase vCenter Server Standard for $4995 and 8 VMware vSphere Standard licenses at $795 each.

    Avatar
    TokyoBrit
    Member
    in reply to: Outgoing Only Exchange 2010 in DMZ #348283

    Re: Outgoing Only Exchange 2010 in DMZ

    You know Simon, I had completely forgotten that Windows includes a SMTP service. :oops:

    Makes perfect sense. And a hardened Windows Server 2008 Core deployment would be just fine.

    Thanks for reminding me that simple solutions exist.

    Hmm. Maybe I’ll just use a Linux distro with SendMail. Save even more Yen that way. ;-)

    Avatar
    TokyoBrit
    Member
    in reply to: Secure DMZ VM deployment using separate vSwitch #348282

    Re: Secure DMZ VM deployment using separate vSwitch

    Well, the Petri IT KB has certainly helped me in the past. One of the few general IT resources in English that I have access to. Always welcome the feedback.

    So, the vShield Zones that simondrake79 linked seemed to fit the bill concerning my idea for a vFirewall, but there was a blog that had me thinking it’s probably not worth it.

    http://www.dailyhypervisor.com/2010/03/12/vshield-zones-some-serious-gotchas/

    The amount of manual configuration to get it working properly with VMotion and DRS seems a lot compared to most other features of vSphere. Maybe it’s just too new and the teams at VMware haven’t simplified the interface yet?

    In any case, if all my Perimeter/Internal VM communication is over a physical Back Firewall I don’t think there is any impact to security by not using vShield, but I’d like further comments.

    I’ve created a new physical/virtual combined diagram to help me get my head around this, and because diagrams are the best way to express ideas to my Japanese coworkers.

    Avatar
    TokyoBrit
    Member
    in reply to: Secure DMZ VM deployment using separate vSwitch #348281

    Re: Secure DMZ VM deployment using separate vSwitch

    Please don’t think I’m hijacking your thread. It just seems you are looking at the same thing I am, but maybe further along?

    I’ve included 2 attachments, which are simplified diagrams for explanations sake. Assume that physical network redundancy is included.

    The first is your typical web server deployment in a back-to-back perimeter network with 3 segments – public external, private perimeter, and private internal.

    The second diagram has the normal elements for a VMware configuration to allow for vMotion and HA.

    Now. If I want the Web Server in the first diagram to be hosted within the ESX cluster, then the Client Network of the second diagram should be connected to the Perimeter switch, just as Albertwt has done.

    However, if I have VM’s within that cluster that are to be connected to the Internal switch then I should have additional NIC’s on the hosts and create a 2nd Client Network with a second vSwitch.

    Is my understanding correct?

    Further thinking… If my ESX cluster contains a Perimeter vSwitch and an Internal vSwitch, is it better to let the physical Back Firewall handle traffic between VM’s on those vSwitches, or would I see better performance if I could include such a thing as a vFirewall?

    Avatar
    TokyoBrit
    Member
    in reply to: Change VHD Size as Reported to Windows #348280

    Re: Change VHD Size as Reported to Windows

    I will see about creating a different sized VHD as a test, but at this point I’m happy with the result from VHDresizer.

    The Windows guest reports a 31.9GB HDD installed with 11.9GB free, and the VHD is 23.7GB in size. The Virtual Disk Wizard shows it as 32768MB, which is what VHDresizer reports it as.

    Avatar
    TokyoBrit
    Member
    in reply to: Change VHD Size as Reported to Windows #348279

    Re: Change VHD Size as Reported to Windows

    I certainly have enough disk space, since I’m using a 320GB SATA drive connected via eSATA.

    But it was a simple matter of how VHDresizer calculates sizes.

    Even though it says the minimum is 30GB, the resize button doesn’t become enabled until I set the new size to 32GB.

    It’s processing the VHD now, and I’ll let you know if I was successful in turning a 60GB dynamic disk into a 32GB fixed disk.

    Avatar
    TokyoBrit
    Member
    in reply to: Change VHD Size as Reported to Windows #348278

    Re: Change VHD Size as Reported to Windows

    You guessed right. My apologies for not making that clear at the outset.

    I’ve used VHDResizer a lot when working with VHD’s, but then it’s usually me creating them and I prefer to start small and expand. With this one, one of our developers created it and picked the default settings for the VHD, so it created a 60GB file on his 80GB HDD.

    And that’s what I’m cleaning up.

    But something is still off as, even though VHDResizer now shows the minimum size possible is 30GB (after I changed the C: drive partition), the resize button is greyed out.

    Unfortunately it doesnt tell me why and I can’t find much info on their site since their forum has been disabled.

    Maybe it’s because I’m using 64-bit Vista rather than 32-bit XP? It’s the only machine with enough disk-space to compact the VHD.

    Avatar
    TokyoBrit
    Member
    in reply to: Windows 7 Guest Freezes #348277

    Re: Windows 7 Guest Freezes

    Thanks. I’ll take a look.

    Wasn’t sure whether 2008 R2 was a different beast. It certainly wasn’t for 2003… R2 just a more hardened version with additional security and hooks.

    I should mention that I’m now also looking at cloud computing providers, such as RackSpace, GoGrid or Amazon EC2.

    If all I want to do is spin up a couple of 2008 R2 instances, play about with clustering, and make notes on my findings, I don’t really need to invest in the physical hardware to create a virtual platform to do that.

    Avatar
    TokyoBrit
    Member
    in reply to: Windows 7 Guest Freezes #348276

    Re: Windows 7 Guest Freezes

    Yes Jas, you hit the nail on the head.

    VMware Server, although it supports Windows Server 2008, doesn’t support it very well, or Windows 7.

    As I said, I switched to VMware Player, which is the desktop virtualisation system, and I’ve had no problems with any of my Windows 7 or 2008 VM’s.

    Personally I feel that it’s the ActiveX control used for console operations in VMware Server that’s the problem, as the underlying paravirtualisation engine is the same for both Server and Player.

    I think this as I started the VM’s I had created under Server in Player, and they ran fine.

    MS had similar problems running VM’s between Virtual Server 2005 and Virtual PC 2007 prior to the service pack releases.

    Avatar
    TokyoBrit
    Member
    in reply to: Windows 7 Guest Freezes #348275

    Re: Windows 7 Guest Freezes

    Doing a Google search got me to a different site that has a copy of the article, so my understanding is that I should not use the SVGA drivers when I install the VMWare Tools on the guest OS.

    OK. That’s good to know.

    So I tried creating a new VM, but it freezes during the user password part, before I’ve even finished installing W7, so something else is off.

    Seems to occur most frequently when installing Windows 7 Enterprise rather than Windows 7 Professional.

    Going to switch to VMWare Player 3 to see if that resolves these problems.

    Avatar
    TokyoBrit
    Member
    in reply to: Windows 7 Guest Freezes #348274

    Re: Windows 7 Guest Freezes

    Maybe it could, if I could read it. :???:

    Is their KB down, cos all I get a 502 Proxy Error from their server saying it could not handle request.

    Doing a search on 1011709 showed an article titled:

    “VMware KB: Disabling SVGA drivers installed with VMware Tools on…”

    With a link to http://kb.vmware.com/kb/1011709

    Clicking on that link redirects me to:

    http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1011709

    Which gives me the same 502 error. :x

    Avatar
    TokyoBrit
    Member
    in reply to: A Stupid Mistake #348273

    Re: A Stupid Mistake

    Thanks for your inputs. Never heard of ILO, but we may have DRAC since they are Dell servers. Will check.

    All remote administration efforts have so far failed. There are some ports open (Backup Exec Remote Agent, McAfee Framework, and MSMQ), but I’ve not been able to gain access to processes on the secondary DC using those ports.

    We have installed LAN-controllable KVM switches in our local data center, but haven’t got round to doing it at the remote one unfortuantely. I might be able to push that implementation forward.

    Giving the engineers the password isn’t all that bad, since we change it on a monthly basis anyway, so if we can keep the primary up and running for the next 2 weeks, I’ll have them disable the firewall at the end of this month.

Viewing 30 posts - 1 through 30 (of 56 total)