dell: idrac useful commands – racadm

power actions
racadm -r IDRAC_IP -u USERNAME -p PASSWORD serveraction powerstatus hardreset powercycle powerdown powerup graceshutdown -f

get fibre channel info
racadm -r IDRAC_IP -u USERNAME -p PASSWORD hwinventory FC

soft reset idrac
racadm -r IDRAC_IP -u USERNAME -p PASSWORD racreset soft

reset all lifecycle jobs
racadm -r IDRAC_IP -u USERNAME -p PASSWORD jobqueue delete -i JID_CLEARALL_FORCE

view job queue
rem racadm -r IDRAC_IP -u USERNAME -p PASSWORD jobqueue view

change root password
racadm -r IDRAC_IP -u USERNAME -p calvin config -g cfgUserAdmin -o cfgUserAdminPassword -i 2 PASSWORD

enable snmp/ipmi alerts
racadm -r IDRAC_IP -u USERNAME -p PASSWORD config -g cfgIpmiLan -o cfgIpmiLanAlertEnable 1
racadm -r IDRAC_IP -u USERNAME -p PASSWORD set lifecyclecontroller.lcattributes.lifecyclecontrollerstate 1
racadm -r IDRAC_IP -u USERNAME -p PASSWORD config -g cfgIpmiLan -o cfgIpmiLanEnable 1
racadm -r IDRAC_IP -u USERNAME -p PASSWORD config -g cfgRacTuning -o cfgRacTunePluginType 2

update dns servers
racadm -r IDRAC_IP -u USERNAME -p PASSWORD config -g cfgLanNetworking -o cfgDNSServer2 IPADDRESS
racadm -r IDRAC_IP -u USERNAME -p PASSWORD config -g cfgLanNetworking -o cfgDNSServer1 IPADDRESS

set time servers
racadm -r IDRAC_IP -u USERNAME -p PASSWORD set idrac.NTPConfigGroup.ntp1 SERVER1
racadm -r IDRAC_IP -u USERNAME -p PASSWORD set idrac.NTPConfigGroup.ntp2 SERVER2
racadm -r IDRAC_IP -u USERNAME -p PASSWORD set idrac.NTPConfigGroup.ntp3 SERVER3
racadm -r IDRAC_IP -u USERNAME -p PASSWORD set idrac.NTPConfigGroup.NTPEnable Enabled

get xml config
racadm -r IDRAC_IP -u USERNAME -p PASSWORD get -t xml -f d:\filename.xml

set xml config and force reboot
racadm -r IDRAC_IP -u USERNAME -p PASSWORD set -t xml -f d:\filename.xml -b forced

vmware: the object has already been deleted or has not been completely created

I’ve been performing loads of storage reclaim tasks all day and notices a few swap files in a datastore that needed to be pulled… so I calmly went ahead and disabled local swap on each ESX host with

esxcli sched swap system set -l false 

and this is all I remember doing as far as destructiveness goes. Perhaps this screwed something up but I digress… it’s too late and I neither have the time or any chance of reverting anything. 

I started getting this error in a cluster from which I pulled the darn swap datastore and reliable google wasn’t much help… I am unable to perform any tasks on VMs including power on, migrate, etc. Everything was fine half an hour ago. I can still power on the VMs through direct fat client connection to each host. Clearly it’s a cluster issue. 

I checked cluster’s swap settings… there you go. It was set to place them in the datastore I just reclaimed. In my case the quickest non-disruptive trick I could pull was to create a new cluster and move my hosts before my boss was back at his desk… so I did. However, I had to make sure to backup my folder structure, annotations, affinity rules, resource pools and vApps backed up before I could do so since I am responsible for a large environment.

1. Create a new cluster and configure
2. Right click – disconnect each host from vCenter
3. Right click – remove from inventory
4. Add hosts to new cluster
5. Attach distributed switches, if any

That’s it, now start restoring, and remember this next time you saw something sitting where it didn’t belong. 

vmware: useful powercli commands

List all LUNs that are not set to Round Robin:
Get-VMHost | Get-ScsiLun -LunType disk | Where {$_.MultipathPolicy -notlike "RoundRobin"}

Set all LUNs that are not set to Round Robin to Round Robin:
Get-VMHost | Get-ScsiLun -LunType disk | Where {$_.MultipathPolicy -notlike "RoundRobin"} | Set-Scsilun -MultiPathPolicy RoundRobin

List all VMs in a cluster:
Get-Cluster "Cluster Name" | Get-VM | Sort Name

List all services running on a host:
Get-VMHost "hostname" | Get-VMHostService | Select Key,Label

List servers with SSH server status:
Get-vmhost | Get-VMHostService | ? {($_.Key -eq "TSM-ssh")} | Select VMHost, Key,Label, Running

List servers with ESXi shell status:
Get-vmhost | Get-VMHostService | ? {($_.Key -eq "TSM")} | Select VMHost, Key,Label, Running

List servers with SSH server status in specific cluster:
Get-Cluster -Name "Non-Production-Pod-01" | get-vmhost | Get-VMHostService | ? {$_.Key -eq "TSM-ssh"} | Select VMHost, Key,Label, Running

Start ESX Shell on all hosts in vCenter:
Get-VMHost | Foreach {
Start-VMHostService -HostService ($_ | Get-VMHostService | Where { $_.Key -eq "TSM"} | Set-VMHostService -policy "on" -Confirm:$false)
}

Start ssh on all hosts in vCenter:
Get-VMHost | Foreach {
Start-VMHostService -HostService ($_ | Get-VMHostService | Where { $_.Key -eq "TSM-SSH"} | Set-VMHostService -policy "on" -Confirm:$false)
}

Suppress ssh alert on all hosts in vCenter:
Get-VMHost | Get-AdvancedSetting UserVars.SuppressShellWarning | Set-AdvancedSetting -Value 1

Create VM:
New-VM -RunAsync –name $servername –Datastore $datastore –Template $template –OSCustomizationSpec $spec –ResourcePool $host/resource pool -Location $folder

misc: how to set different certificate validity period for root and subordinate certificate authority (CA)

Here is the little issue that took me a good while to understand and figure out as I thought this is set during initial install through console or by .inf file as MS recommanded. Nope, didn’t work that way.

My setup consists of one standalone root CA with 30 year validity which will be turned off and stored in a safe place for many many years, and two subordinate enterprise CA in two sites which will perform all cert related tasks with 15 year certificate validity… simple enough. All three are 2012 R2 servers.

Adding the role and promoting servers is as easy as you expect. Trick is to get the right validity on subordinates. Regardless of what validity term is set on root CA, it will issue a 1 year certificate to subordinates by default. Trick is to use the following commands to change default registry values:

certutil -setreg ca\ValidityPeriod "Years"
certutil -setreg ca\ValidityPeriodUnits "15"

Make sure to restart cert server service right away. To check registry value for “years” use:

certutil -getreg ca\val*

If you get revocation server was offline error you can override it with this command:

certutil –setreg ca\CRLFlags +CRLF_REVCHECK_IGNORE_OFFLINE

Then reboot and ignore the error – service will start.

To roll back and enable revocation server check:

certutil –setreg ca\CRLFlags -CRLF_REVCHECK_IGNORE_OFFLINE

exchange: exchange 2013 prerequisites

Open an elevated Powershell window and paste this:

Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation

Install Unified Communications Managed API 4.0 Runtime

Install Microsoft Office 2010 Filter Packs – Version 2.0

Install Microsoft Office 2010 Filter Packs – Version 2.0 – Service Pack 1

Enable automatic updates and you’re all set.