Veeam V9.0 U2: Backup AlwaysOn SQL instance hosting vCenter database

Leave a reply

Recently I was troubleshooting a Veeam backup issue for a client who is utilizing the Always-On SQL architecture in their environment.  The client was receiving the following error when trying to backup any of their Always-On SQL instances:

“Failed to freeze guest, wait timeout”

Note that the backup jobs started failing right after migrating the client’s vCenter databases across to the Availability Groups hosted on the Always-On SQL instances.

The only bit of literature I could find on backing up AlwaysOn SQL instances was in this (not very helpful) Veeam guide.

So I’ve dug a little deeper and found this Veeam KB article, which suggests the issue maybe with the vCenter database failing to be excluded from Application-Aware image processing.

Continue reading

Script to create local administrator account on remote domain machine

20 Replies

As Microsoft no longer supports creating local user accounts on domain machines using GPO, I’ve put together this script below to achieve this. However note that once the account is created it can be modified using GPO.

This script will create a local user account on a remote domain machine, set the account password to never expire and add the account to the local Administrators security group (or which ever other group you desire – just change variable).

Run this script on a domain controller server using a domain administrator account, before executing the script, create a txt or csv file containing all the names of the computers on which you wish to create the local user account on (and place it in the root of the C drive), and define the user account variables (such as username, password, description) in the variables section of the script.


#Define variables
$computers = Get-Content C:\Computers.txt
#$computers = Import-CSV C:\Computers.csv | select Computer
$username = "Username"
$password = "Password"
$fullname = "Fullname"
$local_security_group = "Administrators"
$description = "Description"

Foreach ($computer in $computers) {
$users = $null
$comp = [ADSI]"WinNT://$computer"

#Check if username exists
Try {
$users = $comp.psbase.children | select -expand name
if ($users -like $username) {
Write-Host "$username already exists on $computer"

} else {
#Create the account
$user = $comp.Create("User","$username")
$user.SetPassword("$password")
$user.Put("Description","$description")
$user.Put("Fullname","$fullname")
$user.SetInfo()

#Set password to never expire
#And set user cannot change password
$ADS_UF_DONT_EXPIRE_PASSWD = 0x10000
$ADS_UF_PASSWD_CANT_CHANGE = 0x40
$user.userflags = $ADS_UF_DONT_EXPIRE_PASSWD + $ADS_UF_PASSWD_CANT_CHANGE
$user.SetInfo()

#Add the account to the local admins group
$group = [ADSI]"WinNT://$computer/$local_security_group,group"
$group.add("WinNT://$computer/$username")

#Validate whether user account has been created or not
$users = $comp.psbase.children | select -expand name
if ($users -like $username) {
Write-Host "$username has been created on $computer"
} else {
Write-Host "$username has not been created on $computer"
}
}
}

Catch {
Write-Host "Error creating $username on $($computer.path):  $($Error[0].Exception.Message)"
}
}

Migrate a VMware View linked-clone replica to another ESXi host

4 Replies

The other day I was patching the hosts in a cluster which currently hosts our Virtual Desktop environment.  I’ve put the first host in the cluster into the maintenance mode and migrated all the Virtual Desktops to the other host in the cluster.  Unfortunately I also migrated the VMware View Linked-Clone replica residing on that host.  I forgot to un-tick the prompt tick box about “Powered off VMs” which comes up after you initiate maintenance mode for the host.  Luckily this didn’t create a major issue as VMware View doesn’t care about which host the replica resides on.  It only cares about the datastore the replica and the linked clones are stored on (so it’s best to turn off SDRS for VDI clusters*). But nevertheless, I wanted to migrate replica back to its original host.  However, when I tried to do so, I’ve realised the migrate option on the replica was greyed out.

Continue reading

Customising the Cisco Jabber MSI file using Microsoft Orca

2 Replies

Last year we moved on to a Cisco based telephony infrastructure and installed Cisco Jabber on our client machines. We deployed Cisco Jabber via Microsoft group policies using the standard MSI file provided by Cisco. The deployment was successful however we ended up getting a lot of complaints from the users about not being able to login.

After some troubleshooting together with support, we established that the GPO deployed Jabber application was trying to authenticate against a WebEx Connect server on the cloud rather than the Unified Communication server based locally in the LAN. Since there was no WebEx Messenger subscription, the login process was failing. The solution was to customise the MSI file and prevent the installed Jabber application from trying to authenticate against a Webex Connect server.

Continue reading

SVA installation issue – “Unable to install SVA: com.symantec.vsep.VSEPException: bad certificate…”

Leave a reply

Symantec Security Virtual Appliance (SVA) was failing to deploy on to my Esxi hosts, producing the following error in the logs and on screen:

“Unable to install SVA: com.symantec.vsep.VSEPException: bad certificate, fingerprint: 99:eb:e7:73:e1:63:54:2c:94:81:7a:aa:c3:b9:3a:67:04:73:2e:ee”

Continue reading

SEPM12.1 – Security Virtual Appliance Unknown Status

Leave a reply

I have recently deployed Symantec EndPoint Protection in our my environment.  Great product, unfortunately can be a little tricky to configure sometimes.

For the purposes of this post, I’m assuming you have installed and configured the following:

  • vShield Manager
  • Security Virtual Appliance on each Esxi host, SVA must be installed on each host hosting virtual machines using a vShield-enabled Shared Insight Cache.
  • Symantec EndPoint Protection Manager
  • Symantec EndPoint Protection Client

Once all of the above is installed and configured, you may find you are getting a “Unknown Status” in the Security Virtual Appliance column of the Client table in Symantec EndPoint Protection Manager.

Continue reading

Dell PowerConnect series switch CLI commands

2 Replies

Here is a list of basic CLI commands which will help you manage your Dell PowerConnect series switches…

Show
/// Port VLAN details
> show interfaces switchport gigabitethernet 1/0/1
/// Port channel VLAN details
> show interfaces switchport port-channel 1
/// Port configuration
> show interfaces configuration gigabitethernet 1/0/1
/// Port channel configuration
> show interfaces configuration port-channel 1
/// VLAN 100 details
> show vlan tag 100
/// Display static routes
> show ip route static
/// Stack info
> show switch
/// Show all access-lists
> show access-lists

Continue reading