Sure! Here is the new blog post based on the information provided:

—

vCLS Retreat Mode: A Lifesaver When NAS Failures Strike

As a vSphere administrator, I’ve been there – that dreaded moment when a NAS box fails and the NFS share it was providing to your vSphere environment is no longer available. It’s not just a minor inconvenience; it can bring your entire virtualization infrastructure to a grinding halt.

But fear not, dear reader! For I have found a hidden gem in the depths of vSphere Cluster Services (vCLS) that can help you escape such predicaments unscathed. It’s called “Retreat Mode,” and it’s a feature that can save your bacon when disaster strikes.

So, what is Retreat Mode, exactly? Essentially, it’s a way to shut down and delete vCLS VMs that are no longer needed or desired. And the best part? It does so without causing any disruptions to your running virtual machines!

To use Retreat Mode, follow these simple steps:

1. Select your cluster object in the vSphere client.

2. Go to Configure > vSphere Cluster Services > General > vCLS Mode > Edit vCLS mode.

3. Select “Retreat Mode” and click OK.

4. Wait for any running vCLS VMs to shut down and delete them.

5. Exit Retreat Mode by selecting “System Managed” and clicking OK.

That’s it! It may look like nothing is happening at first, but if you check the “Recent Tasks” section, you’ll see that any running vCLS VMs have been shut down and deleted, and any other orphaned VMs (including our troublesome one) have been deleted as well.

Now, I know what you’re thinking – what about the datastore that was no longer available? Can we still remove it? The answer is yes! Once the vCLS VMs are gone, you can safely remove the datastore from your vSphere environment.

In conclusion, Retreat Mode is an invaluable feature within vCLS that can help you clean up after a NAS failure or any other situation where you need to remove unwanted vCLS VMs. It’s a quick, easy, and non-disruptive way to regain control of your virtualization infrastructure when things go sideways. So, the next time disaster strikes, remember Retreat Mode – it just might save your bacon!

Deploying iSCSI Volumes: A Simple yet Mind-Bogglingly Easy Missed Step

As a seasoned IT professional with over 20 years of experience in deploying storage solutions, I recently encountered a frustrating issue while setting up a new SAN on my test network. Despite following all the standard procedures and troubleshooting steps, I was unable to present the storage volumes to my ESX hosts. The problem turned out to be an incredibly simple yet easily overlooked detail that had me and many others baffled for days. In this blog post, I will share my experience and the solution to this puzzle, hoping it will save some of you the same amount of time and frustration.

The Setup

I recently replaced my test network’s SAN with a new one, using direct cable connection (10Gbps iSCSI DAC). After creating vDisks and volumes, I presented those volumes to my ESX hosts. However, the hosts could not see the storage LUNS, even though they could see the SAN. The “Add Datastore” option in vSphere showed me no available storage.

Troubleshooting Efforts

I spent two days troubleshooting the issue, trying various solutions suggested by VMware and HPE documentation, as well as input from trusted colleagues and online forums. I manually changed the iQN names in VMware, proved connectivity from VM kernels to the storage array with vmping, updated the controller and card firmware, and even opened a question on Experts Exchange. However, none of these efforts resolved the issue.

The Hidden Gem

Finally, after trawling through old HPE and VMware forum posts, I found a link to a video that caught my attention. It was an Indian chap deploying some iSCSI volumes to a Windows server, even though I don’t speak Hindi, I thought “What the hell, I’ll watch it and make sure (once again) I had not done anything stupid.” As I watched the video, I noticed something so simple and mind-bogglingly easy to miss. When mapping a volume, he did something that no one I had spoken to had mentioned: he manually ticked the iSCSI ports for each LUN (in this example, LUN 10) before applying the rights.

The Key Takeaway

Here’s the key takeaway: when presenting iSCSI volumes, you must manually tick the iSCSI ports for each LUN before applying the rights. The green ticks over the iSCSI ports do not mean the storage is presented through those ports; they simply indicate there’s a working cable in those ports. To properly present the storage, you must go to each port and make sure it’s ticked.

The GUI Design Flaw

I cannot emphasize enough how mind-bogglingly easy it is to miss this step. The GUI design could be improved to draw more attention to this critical step or provide clearer indication that the ports need to be manually ticked. It’s a simple yet crucial detail that, once overlooked, can lead to hours of frustration and wasted time.

Conclusion

In conclusion, deploying iSCSI volumes is generally straightforward, but this seemingly minor detail can cause significant delays. By being aware of the importance of manually ticking the iSCSI ports for each LUN, you can avoid falling into the same trap I did and save yourself a significant amount of time and frustration. Remember that even with years of experience, it’s easy to overlook something as simple yet critical as this. Always double-check your work and consult multiple resources to ensure you haven’t missed anything crucial.

Exchange Size Limits: Understanding KB ID 0001368 and Resolving NDRs

If you’re experiencing issues with sending emails via Exchange, you may encounter an error message like the one below:

“The following files weren’t attached because adding them would cause the message to exceed the maximum size limit of {Size} MB: {File-Name}”

Or, when someone attempts to send a message to one of your mailbox users, they may receive an NDR with the following message:

“Remote Server returned ‘550 5.2.3 RESOLVER.RST.RecipSizeLimit; message too large for this recipient'”

These errors are usually caused by size limits set on the Exchange server, and they can be resolved by understanding the different size limits that apply to sending emails via Exchange.

TransportConfig Size Limits

One of the most common places where size limits are set is in the TransportConfig section of the Exchange server. To view these limits, use the following command:

Get-TransportConfig | format-list MaxSendSize, MaxReceiveSize

To change these limits, use the following command:

Set-TransportConfig -MaxSendSize 100MB -MaxReceiveSize 100MB

Send Connector Size Limits

Another place where size limits can be set is on the Send Connectors of the Exchange server. To view these limits, use the following command:

Get-SendConnector | format-list Name, name,maxmessagesize

To change these limits, use the following command:

Set-SendConnector “{connector-name}” -MaxMessageSize 100MB

Receive Connector Size Limits

The Receive Connectors of the Exchange server also have size limits that can be set. To view these limits, use the following command:

Get-ReceiveConnector | format-table Name, MaxMessageSize

To change these limits, use the following command:

Set-ReceiveConnector “{connector-name}” -MaxMessageSize 100MB

Mailbox Size Limits

Individual mailboxes can also have size limits set on them. To view these limits, use the following command:

Get-Mailbox -Identity “user-name” | format-table MaxSendSize,MaxReceiveSize

To set individual mailbox limits, use the following command:

Set-Mailbox -Identity “user-name” -MaxSendSize 100MB -MaxReceiveSize 100MB

Troubleshooting Tips

If the above steps do not resolve the issue, there are a few more troubleshooting tips you can try:

1. Check the OWA, EWS, and ActiveSync config files for maxRequestLength settings. These files are located in the ClientAccess folder of the Exchange installation.

2. Perform an IISRESET command to ensure that the new size limits take effect.

3. Check for any misconfigured AppPools in IIS on the CAS servers.

4. If the issue persists, check for any other size limits set on the Exchange server, such as the maximum message size limit set on the default frontend server.

Conclusion

In conclusion, understanding the different size limits set on an Exchange server is crucial in resolving issues with sending emails that exceed the maximum size limit. By using the commands and techniques outlined above, you can set individual mailbox limits, change send connector limits, and resolve NDRs caused by message size limits. Remember to always check for any misconfigured AppPools in IIS on the CAS servers, and perform an IISRESET command to ensure that the new size limits take effect.

VMware Enable SSH: A Step-by-Step Guide for ESX Hosts

Enable SSH on your ESX hosts to grant secure remote access to your virtual machines and host. VMware provides several methods to enable SSH, depending on your ESX version and the desired level of access. This guide covers the different approaches for ESX versions 4.0.0 and newer, as well as some important considerations when enabling SSH.

Enable SSH Permanently (ESX Versions 8 and Newer)

To enable SSH permanently on an ESX host running version 8 or newer, follow these steps:

1. Log in to the ESX host via the web console.

2. Select “Host” from the top menu bar.

3. Click “Actions” and then select “Services.”

4. Find “Secure Shell (SSH)” in the list of services and click the “Enable” button next to it.

5. Confirm the action by clicking “OK.”

Enable SSH Permanently (ESX Versions 6.5 and Newer)

For ESX versions 6.5 and newer, you can enable SSH permanently using the vCenter Web client or directly on the ESX host. Here are both methods:

Method 1 (vCenter Web Client):

1. Log in to the vCenter Web client and navigate to the “Hosts and Datacenters” view.

2. Select the ESX host you want to enable SSH for.

3. Click “Configure” and then select “Services.”

4. Locate “SSH” in the list of services and click the “Edit” button next to it.

5. Set the “Start-up Policy” to “Start and stop with the host” and click “OK.”

Method 2 (Directly on ESX Host):

1. Log in to the ESX host via the web console.

2. Select “Host” from the top menu bar.

3. Click “Actions” and then select “Services.”

4. Find “Secure Shell (SSH)” in the list of services and click the “Enable” button next to it.

5. Confirm the action by clicking “OK.”

Enable SSH Remotely (ESX Versions 5 and Newer)

To enable SSH remotely on an ESX host running version 5 or newer, follow these steps:

Method 1 (vCenter Web Client):

1. Log in to the vCenter Web client and navigate to the “Hosts and Datacenters” view.

2. Select the ESX host you want to enable SSH for.

3. Click “Configure” and then select “Security Profile.”

4. Scroll down to “Services” and locate “SSH.”

5. Click the “Edit” button next to it and set the “Start-up Policy” to “Start and stop with the host.”

6. Click “OK.”

Method 2 (Directly on ESX Host):

1. Log in to the ESX host via the web console.

2. Select “Host” from the top menu bar.

3. Click “Actions” and then select “Services.”

4. Find “Secure Shell (SSH)” in the list of services and click the “Enable” button next to it.

5. Confirm the action by clicking “OK.”

Important Considerations When Enabling SSH

1. Be aware that enabling SSH on your ESX hosts may expose your host to potential security risks, so exercise caution when enabling SSH, especially in production environments.

2. Ensure you have a strong root password for the ESX host, as this will be used for SSH access.

3. If you’re using version 4.0.0 or older, you may need to enable SSH locally from the console using troubleshooting options.

4. Keep in mind that enabling SSH permanently will display a warning message on the host summary page.

5. To suppress this warning message in version 6.5 and newer, you can follow the steps outlined in the “Enable SSH Permanently” section above.

Conclusion

In conclusion, enabling SSH on your ESX hosts provides secure remote access to your virtual machines and host. VMware offers several methods to enable SSH, depending on your ESX version and desired level of access. Remember to exercise caution when enabling SSH, especially in production environments, and ensure you have a strong root password for the ESX host.

Adding iSCSI Storage to vSphere: A Step-by-Step Guide

Introduction

————

iSCSI storage is a popular choice for virtual infrastructure due to its low cost and high performance. In this article, we will guide you through the process of adding iSCSI storage to your vSphere environment. We will cover the necessary steps to configure your VMware ESXi hosts to connect to an iSCSI target and present the storage as a datastore.

Step 1: Configuring the iSCSI Target

The first step is to configure the iSCSI target on your storage device. This will typically involve setting up the iSCSI initiator and configuring the target IP addresses. Note that the exact steps may vary depending on your storage vendor and device model.

Step 2: Creating a vSwitch for iSCSI

Once you have configured the iSCSI target, you will need to create a vSwitch for iSCSI. This is a special type of virtual switch that allows your ESXi hosts to connect to the iSCSI target. To create a vSwitch for iSCSI:

* Go to the vSphere client and select the host you want to configure.

* Click on the “Configure” button and select “Virtual Switches” from the drop-down menu.

* Select “Add Networking” and choose “VMKernel” as the network type.

* Follow the prompts to complete the creation of the vSwitch.

Step 3: Binding the VMKernel Port to the iSCSI Adaptor

Next, you will need to bind the VMKernel port to the iSCSI adaptor. To do this:

* Go back to the “Configure” menu and select “Storage Adapters” from the drop-down list.

* Select the iSCSI adaptor and click “Edit.”

* In the “Port Binding” section, select the VMKernel port you created earlier and click “Bind.”

Step 4: Presenting the Storage as a Datastore

Once the vSwitch and iSCSI adaptor are configured, you can present the storage as a datastore to your ESXi hosts. To do this:

* Go back to the “Configure” menu and select “Datastores” from the drop-down list.

* Click “Add Datastore” and follow the prompts to complete the creation of the datastore.

Troubleshooting Tips

If you encounter any issues during the configuration process, here are some troubleshooting tips:

* Make sure each ESXi host has only one iSCSI port group set to use ONE physical NIC (not the failover priority of the vSwitch).

* Ensure that each iSCSI port group is set to use a different physical NIC.

* Check that each ESXi host has the same procedure carried out on them.

* Make sure you have configured your iSCSI device, presented the storage, and allowed access to it from your ESX hosts.

Conclusion

———-

Adding iSCSI storage to your vSphere environment is a straightforward process that requires careful planning and execution. By following the steps outlined in this article, you should be able to successfully configure your VMware ESXi hosts to connect to an iSCSI target and present the storage as a datastore. Remember to test the configuration thoroughly before deploying it in a production environment.

Removing a Dead Domain Controller from Active Directory with Metadata Cleanup

As an IT professional, you may have encountered situations where a domain controller fails or is decommissioned improperly, leaving behind metadata in the Active Directory database that can potentially cause issues within the infrastructure. In such cases, it becomes essential to remove the dead domain controller from Active Directory, and this is where metadata cleanup comes into play. In this blog post, we will explore how to perform a metadata cleanup to remove a failed or improperly demoted domain controller from Active Directory.

Understanding Active Directory Metadata Cleanup

Before we dive into the process of removing a dead domain controller, it’s important to understand what metadata cleanup is and why it’s necessary. In the context of Microsoft’s Active Directory, metadata cleanup refers to the process of removing remnants of a failed or improperly demoted domain controller from the Active Directory database. When a domain controller fails or is decommissioned, it may leave behind metadata such as references to the failed domain controller’s object in the Active Directory database. If not properly cleaned up, these leftover metadata can potentially cause issues within the Active Directory infrastructure.

Performing Metadata Cleanup

To perform a metadata cleanup and remove a dead domain controller from Active Directory, follow these steps:

1. Open an administrative command window: Start by opening an administrative command window on a working domain controller. You can do this by right-clicking on the Start menu and selecting “Command Prompt (Admin)”.

2. Execute the following commands: Type the following commands in the command prompt, followed by pressing Enter:

ntdsutil

metadata cleanup

connections

connect to server name-of-a-working-domain-controller

q

3. Select operation target: After connecting to the working domain controller, you will be prompted to select an operation target. Select “List domains” and press Enter.

4. List sites: After selecting the operation target, you will be prompted to list sites. Select “List sites” and press Enter.

5. List servers in site: Next, you will be prompted to list servers in the selected site. Select “List servers in site” and press Enter.

6. Select server 0 (unless your failed DC is not item 0): After listing the servers in the selected site, you will be prompted to select a server. Select the server that corresponds to the failed domain controller, unless it is not item 0.

7. Remove selected server: Once you have selected the failed domain controller’s server, you will be prompted to remove it. Confirm by typing “yes” and pressing Enter.

8. Repeat steps 4-7 for all domains and sites: Repeat the above steps for all domains and sites until you have removed the failed domain controller from all of them.

9. Close the command prompt: After completing the metadata cleanup, close the command prompt and proceed with other necessary actions to ensure the stability of your Active Directory infrastructure.

Conclusion

In conclusion, removing a dead domain controller from Active Directory requires a thorough understanding of metadata cleanup and the steps involved in performing it. By following the process outlined in this blog post, you can effectively remove the failed domain controller from all domains and sites, ensuring the stability and integrity of your Active Directory infrastructure. Remember to always perform these actions with caution and careful planning to avoid any potential issues or disruptions within your network.

As the cloud computing landscape continues to evolve, organizations are increasingly exploring the possibility of repatriating their workloads from public cloud environments back to on-premises infrastructures. This trend, known as cloud repatriation, is driven by a variety of factors, including cost, reliability, and storage concerns. In this article, we’ll delve into the reasons behind this shift and explore the challenges that clients face when undertaking cloud repatriation.

The Cost Factor

One of the primary motivators for cloud repatriation is cost. While the public cloud promised to reduce operational expenses, many organizations have found themselves facing unexpected costs and complex pricing structures. As they delve deeper into their cloud usage, they often discover that the anticipated savings are elusive, overshadowed by hidden fees and overprovisioning.

The Allure of Agility

Another significant factor contributing to the repatriation trend is the allure of agility. While the public cloud initially lured businesses with promises of lower operational expenses and greater agility, many have found that the reality does not live up to the hype. The complexity of managing workloads across multiple environments can lead to increased costs and decreased efficiency.

Service Reliability Concerns

The recent acquisition of VMware by Broadcom has raised concerns among small businesses about the future of their cloud infrastructure. With consolidation in the industry, smaller players may find themselves at the mercy of larger corporations, prompting them to explore alternative solutions such as edge computing or investing in their own on-premises infrastructure. Moreover, even the largest hyperscalers are not immune to outages, highlighting the importance of reliability and customer-centric service.

Storage Costs

Storage costs also play a pivotal role in the decision to repatriate workloads. While public cloud providers offer convenient storage solutions, the costs can quickly escalate, especially for organizations with large volumes of data. Hybrid cloud, private cloud, or outsourcing to local providers offer more cost-effective alternatives, with the added benefit of greater control over data management and security.

Challenges Faced by Clients

Undertaking cloud repatriation poses several challenges for clients. These challenges can vary depending on factors such as the size of the organization, the complexity of their IT landscape, and their specific requirements. Common challenges facing clients undertaking cloud repatriation include:

1. Data migration and integration: Moving data from public cloud environments to on-premises infrastructures can be a complex and time-consuming process.

2. Resource allocation: Clients must carefully plan and allocate resources, such as storage, networking, and security, to ensure seamless operations.

3. Skill gaps: The shift from public cloud to on-premises infrastructures may require specialized skills and knowledge, posing a challenge for clients.

4. Security: Ensuring the security of data and workloads is a top priority when undertaking cloud repatriation. Clients must implement robust security measures to protect their assets.

5. Cost management: Managing costs effectively is crucial when migrating back to on-premises infrastructures. Clients must carefully plan and budget for the transition.

6. Service levels: Clients must ensure that service levels are maintained or improved during the repatriation process. This may require investment in new technologies and processes.

7. Vendor lock-in: The risk of vendor lock-in is a significant challenge when undertaking cloud repatriation. Clients must carefully evaluate their options to avoid being tied to a single provider.

Conclusion

The trend of cloud repatriation reflects a shift in priorities among businesses as they reevaluate their cloud strategies. While the public cloud has revolutionized IT infrastructure, its limitations and shortcomings have prompted a reexamination of cloud strategies. As businesses seek to optimize costs, enhance reliability, and regain control over their data, the trend of cloud repatriation is likely to continue gaining momentum in the years to come.

Broadcom’s Acquisition of VMware: A Seismic Shift in the Tech Industry

In a move that has sent shockwaves through the enterprise landscape, Broadcom has acquired VMware, signaling a significant shift in the tech industry. This acquisition has brought about a new era for VMware, one that is focused on subscription-based models and enterprise solutions, leaving behind perpetual licensing models.

The departure from perpetual licensing models is one of the most significant changes that have resulted from this acquisition. Gone are the days of perpetual licenses; instead, the focus is squarely on enterprise solutions. This shift signifies a move towards a subscription-based model, aligning with broader industry trends.

The landscape of VMware’s product offerings is undergoing a transformation as well. Carbon Black and Horizon are among the casualties, as Broadcom streamlines VMware’s portfolio. However, the core elements of the Sphere foundation – vCenter, ESXi, and vSAN – are set to endure, ensuring continuity for VMware’s loyal customer base.

As the dust settles, enterprises are left contemplating their options. Some may consider alternatives like Nutanix or Proxmox, while others eye the rising prominence of Kubernetes and Docker, potentially rendering the traditional hypervisor obsolete. However, it’s essential to note that VMware’s legacy persists. With Azure’s infrastructure relying heavily on Hyper-V, the hypervisor isn’t going extinct anytime soon. On-premises, Azure Stack HCI, built on Hyper-V, remains a robust solution for organizations invested in Microsoft’s ecosystem.

In this dynamic landscape, adaptation is key. As Broadcom steers VMware into a new era, enterprises must evaluate their strategies and embrace the evolving paradigms of virtualization and cloud computing. The new VMware subscription license models are still being finalized, but at time of writing, Broadcom has nominated seven UK Strategic partners to sell VCF for CSP. It remains to be seen how these changes will impact the industry and its players, but one thing is certain – the landscape of virtualization and cloud computing has been forever altered.

Stay tuned as we delve deeper into the implications of Broadcom’s acquisition and its ramifications for the future of enterprise IT. With the breakneck speed at which these changes have been brought in, it’s safe to say that the remainder of the UK Strategic partners are probably still deciding what to do next.

In conclusion, Broadcom’s acquisition of VMware has sent shockwaves through the enterprise landscape and signifies a significant shift towards subscription-based models and enterprise solutions. As the dust settles, enterprises must adapt and embrace the evolving paradigms of virtualization and cloud computing to ensure their place in this new landscape.

Note: This blog post is subject to change as more information becomes available. Please check back for updates and comment below with any questions or concerns.

Upgrade Azure AD Connect to Microsoft Entra ID Connect: A Step-by-Step Guide

Introduction:

Microsoft Entra ID Connect is the latest version of Azure AD Connect, and it offers several new features and improvements over the previous version. If you are currently using Azure AD Connect and want to upgrade to Microsoft Entra ID Connect, this guide will walk you through the process.

Migration vs. Upgrade:

Before we begin, it’s important to understand the difference between migration and upgrade. Migration refers to moving from one environment to another, while upgrade refers to updating the existing environment. Since Entra ID Connect is the same software as Azure AD Connect, there is no need to migrate if you are already using Azure AD Connect on Windows Server 2016 or newer. Instead, you can simply perform an in-place upgrade.

Upgrade Procedure:

To upgrade Azure AD Connect to Microsoft Entra ID Connect, follow these steps:

Step 1: Download the Installation Package

Download the Entra ID Connect installation package from the Microsoft website. The file name is AzureADConnect.msi.

Step 2: Launch Azure AD Connect

On the old server, launch the Azure AD connect shortcut > Configure.

Step 3: Export Settings

Select ‘View or export current configuration’ > Next. Export settings > Save them (by default in C:ProgramDataAADConnect) > Save > Exit.

Step 4: Install Entra ID Connect

On the new server, run the installer package > Agree to the EULA > Continue. Customize the installation by selecting ‘Import synchronization settings.’

Step 5: Import Settings

In the Location section, enter \old-server-namec$ProgramDataAADConnectfilename.json. Select ‘Install’ to begin the upgrade process.

Step 6: Configure Staging Mode

On both servers, configure staging mode as follows:

* On the old server, select ‘Enable Staging Mode.’

* On the new server, select ‘Disable Staging Mode.’

Step 7: Uninstall Old Server

On the old server, search for appwiz.cpl > run it > Select Microsoft Azure AD Connect > Uninstall > Yes > Remove. Exit.

Step 8: Verify the Upgrade

Verify that the upgrade was successful by checking the following:

* On the new server, launch Azure AD Connect > Configure > Next > Enter your admin password.

* On the old server, you should no longer see the Azure AD Connect icon in the system tray.

Troubleshooting:

If you encounter any issues during the upgrade process, here are some troubleshooting tips:

* Check the Event Viewer for any error messages related to the upgrade.

* Make sure that the old server is properly uninstalled before proceeding with the upgrade.

* Ensure that the new server meets the system requirements for Entra ID Connect.

Conclusion:

Upgrading from Azure AD Connect to Microsoft Entra ID Connect is a straightforward process that involves downloading the installation package, exporting the current configuration, installing Entra ID Connect on the new server, and configuring staging mode. By following these steps, you can ensure a successful upgrade and take advantage of the latest features and improvements offered by Entra ID Connect.