Wednesday, March 14, 2018

VMware vSphere: vCenter Single Sign-On (SSO)

One of the key pieces to administering a vSphere infrastructure is being able to assign administrative permissions on vSphere resources. Managing logins and permissions in a VMware vSphere vCenter Server environment is critical to not only allowing granular permissions on resources but also providing an audit trail of actions that are being performed within the vCenter environment.

Let’s take a look at key features to assigning permissions including vCenter Single Sign-On, Active Directory, roles and permissions assignment based on these.

vCenter Single Sign-On (SSO)

Prior to vSphere 5.1, vSphere authentication was either via the local security authority on vCenter server or via Active Directory. However, starting with vSphere 5.1, VMware introduced Single Sign-On or SSO to address the problem of being able to manage multiple ESXi hosts and other vSphere resources with the same user credentials. SSO allows not only Active Directory authentication but also any other Security Assertion Markup Language (SAML) 2.0 based authentication source. SSO authentication also improves security and agility of the VMware vSphere authentication mechanism by allowing token based authentication.

SSO is also important as today’s suite of VMware vSphere products integrate with the SSO authentication piece with vCenter. This allows for resources across the suite of products to be controlled/granted for a particular user with SSO.

The SSO piece of the vCenter infrastructure is handled by the Platform Services Controller VM when vCenter is installed. The platform services controller is configured during the configuration of the VCSA appliance. The PSC can be configured as the Embedded Platform Services Controller or can be configured as an External Platform Services Controller.

vCenter Server with Embedded Platform Services Controller

The Single Sign On domain for vSphere is also configured during the deployment of the VCSA appliance. The SSO administrator, password, SSO Domain name, and SSO Site name are configured during the install.

vCenter Single Sign On Set Up

The SSO domain is the default identity source of the vSphere environment when no other authentication domain is specified such as Active Directory. As already mentioned, it provides a token exchange mechanism for authenticating with identity sources such as AD, etc. Another item to remember when thinking about setting up your SSO domain is that this should not be the same as your Active Directory domain name and can cause issues if you set the SSO domain to mirror the AD domain name. Many choose an SSO domain name with *.local” as the suffix.

The SSO domain is a critical part of any vSphere architecture that provides the necessary mechanism to simplify and centralize access control and privilege management across the board with the vSphere family of products.

ESXi vMotion Network Configuration

Another very important network that needs to be configured when multiple ESXi servers are in a cluster configuration is the ESXi vMotion network (a concept we will discuss in our next post).

The ESXi vMotion Network Configuration enables live migration of running virtual machines from one ESXi host to another ESXi host. This allows for high availability of service for VMs running in the vSphere environment and moving VMs due to hardware maintenance, updates, or other service interruptions at the physical layer. VMs can simply be moved to another host with no interruption.

We have to have a Port group on a vSwitch that is enabled for vMotion in order to successfully vMotion a VM to another host. That host, of course, would need to have a vMotion network setup as well for the move to be successful.

The steps to configure the vMotion network are similar to configuring iSCSI storage networks, with a few subtle differences. Click on the Add Networking link in the upper right hand corner.
vSphere client

To create the vMotion vSwitch, we select VMkernel as the connection type.

Select the vmnics we want to assign to the vMotion vSwitch.
ESXi vMotion Network Configuration

We name our first vMotion Port group. We will have one port group per vmnic that we are assigning to the vSwitch for vMotion. Also, note we are checking the box next to Use this port group for vMotion.
Use this port group for vMotion

Next, we assign our IP Address settings.
Assign the IP Address settings

We finish out our configuration of the first port group in the new vMotion vSwitch.
Finish configuration

Add the second port group by viewing the properties of the vSwitch we created and click Add.
Finish configuration

We select that we want to use this port group for vMotion. After that, we need to assign an IP address to this VMkernel configuration.
Assign an IP address to VMkernel configuration

As we finish out, we see both port groups created.
Both port groups created

Again, we need to go into the properties of both the vSwitch and the port groups and make the change to jumbo frames.
Change jumbo frames in vSwitchChange jumbo frames in vMotion1 networkChange jumbo frames in vMotion2 network
Multi-NIC vMotion
To enable multi-NIC vMotion so that even vMotioning 1 VM will utilize multiple links, Under the NIC Teaming tab in the properties of both our port groups we need to select Override switch failover order and move the second adapter to Standby Adapters. We do the opposite for our second port group.
Override switch failover orderMove the second adapter to Standby Adapters


As mentioned, the vMotion network is an important network configured on our ESXi host as it will allow multiple ESXi servers configured in a cluster to live migrate VMs between their compute resources. In creating the vMotion network, we utilized the VMkernel ports making sure we enabled jumbo frames, as well as setting our NIC teaming so that multiple network adapters would be utilized during the vMotion process. In the next post, we will take a look at the VM network.

VMware Cluster. DRS Configuration

In the previous post, we looked at the importance of utilizing the VMware vSphere ESXi cluster to unlock the true potential of what VMware ESXi can do in the enterprise. One of the key advantages with the VMware cluster configuration is the efficient management of resources. The vSphere cluster technology that makes this possible is VMware DRS or distributed resource scheduler.

VMware DRS is designed to manage a cluster’s available resources effectively and efficiently. DRS can proactively manage resources in the cluster so that the load between hosts is more evenly shared. Also, DRS rules can make sure that certain VMs or groups of VMs are always on different hosts or the same hosts. Also, new to vSphere 6.5, DRS can take network bandwidth into consideration when scheduling resources to prevent oversubscription. When a host is added to a DRS cluster, the host’s resources become part of the cluster’s resources and is managed accordingly. This allows for the use of cluster-level resource pools and resource allocation policies. Resource pools allow you to allocate resources according to your needs, policies, or VM requirements. Resource pools can allow some VMs to have access to more hardware resources and others less resources.

Requirements for DRS include the following:
  • Shared storage
  • Processor compatibility – since DRS utilizes vMotion, the vMotion process transfers the running CPU state between the various ESXi hosts, requiring that destination hosts have at least the equivalent CPU instruction capability
  • Hosts in the cluster must participate in a vMotion network

DRS Configuration

In the vSphere vCenter 6.5 Flash Web UI, the DRS and HA options are configured using the Configure tab of the cluster. Click vSphere DRS and then Edit.
VMware Cluster. DRS Configuration

We are presented with a simple checkbox where DRS can be enabled.
Turn on vSphere DRS

If we drill into the DRS settings a bit more, we can customize the behavior of DRS within our VMware cluster. The automation level can be selected to decide how much control DRS has over migrating resources.
VMware DRS automation

New to DRS in vSphere 6.5, there is a Predictive DRS that allows DRS to interact with vRealize Operations Manager to actually predict the moving around of VM resources based on vROPs.
Predictive DRS
After we select our DRS options, we can select OK and the VMware cluster will be configured for DRS.


VMware DRS technology allows efficient and effective resource management of multiple hosts in the vSphere cluster. As shown, the feature is easily enabled and is very intuitive to configure. The new features of vSphere 6.5 also allow the technology to be predictive and proactive. The other very important technology feature that is enabled with the vSphere cluster is VMware HA or high availability. In the next post we will take a look at this other key VMware vSphere cluster feature.

Configuring a VMware ESXi Cluster

In a VMware ESXi cluster configuration, multiple ESXi hosts provide compute, memory, and network resources to the cluster environment as a whole, as well as protect cluster-housed VMs against physical server failures. This is accomplished by using a VMware vCenter Server (a requirement to create a VMware ESXi cluster). Once created, a vSphere cluster enables “cluster only” features such as HA (high availability) and DRS (distributed resource scheduler). Each of these features contributes to the tolerance of the VMware cluster withstanding failures as well as distributing resources across the VMware ESXi hosts. We will take a look at both of these in detail in upcoming posts. First though, let us take a look at the process of creating a VMware ESXi Cluster.

Creating a VMware ESXi Cluster

The configuration process for creating a VMware vSphere ESXi cluster is fairly straightforward. The main requirement is that you have a VMware vCenter Server up and running as well as have network connectivity to the intended ESXi hosts that are to join the cluster.

Let’s take a look at the steps to create a cluster once we have connected to the Web UI of our vCenter Server.
Right click on your vCenter server in the Web UI and choose New Datacenter. The datacenter object contains all the different types of objects needed to do work in the virtual infrastructure – hosts, VMs, networks, datastores, etc.

Configuring a VMware ESXi Cluster

Next, we assign a Datacenter name:
New Datacenter name

How to Create a New Cluster

Once the datacenter is created, we can choose to create a New cluster.
VMware vSphere Web Client - New cluster

We assign a cluster name.
New cluster name

Once the cluster object is added, we can Add Hosts to the Cluster object. Once we add a host to a cluster, the host’s resources become part of the cluster’s resources. The cluster manages the resources of all hosts.
VMware vSphere Web Client - Add host

The Add Host wizard begins and we enter the name or IP address of the host to add to the cluster.
Host name or IP address

Provide the credentials to access the host.
Enter administrative account information for the host

You may receive a certificate alert. Simply click Yes to continue connecting. This is a common warning with self-signed certificates present on the hosts by default. We can safely ignore this warning.
vCeneter Server - Security alert

The Host summary screen shows us any VMs that are present on the host if any.
VMware ESXi host summary

We have the option to select the license we want to use on the host. You can simply choose the evaluation license to continue with the trial license which is good for 60 days.
Evaluation License

Lockdown mode prevents remote users from logging into the host directly. This option is available for a more secure posture with the ESXi hosts. This can be enabled later as well.
Lockdown mode

Finally, we are ready to add the host. We will continue this process for all the hosts we wish to join to the cluster.
Ready to add the host

As you can now see, we have a datacenter, cluster, and our two ESXi hosts joined to the cluster.
VMware vSphere cluster


To unlock the true potential of a VMware ESXi hypervisor environment, utilizing the VMware vSphere cluster functionality is key. Running VMware ESXi in the cluster configuration with VMware vCenter server allows you to utilize the enterprise datacenter VMware vSphere technologies including HA (high availability) and DRS (distributed resource scheduler). Both of these technologies contribute to the tolerance of the VMware cluster withstanding failures as well as distributing resources across the VMware ESXi hosts. In the standalone VMware ESXi configuration, this is not possible.
Next, we will take a look at VMware DRS.

Friday, March 2, 2018

How to find Windows Product Key using Command Prompt or PowerShell

Recover Windows product key using Command Prompt

From the WinX Menu in Windows 10 / 8.1, open an elevated command prompt window, type the following command and hit Enter:

wmic path softwarelicensingservice get OA3xOriginalProductKey

Your Windows product key will be displayed.

Thursday, February 22, 2018

Fix Outlook 2013 and 2010 “Loading Profile” Problems

Fix It – #1

You can try to uninstall Office 2013 completely and re-install it. But this will take some time. You can also do a repair install from the Programs and Features section in the Control Panel.

Fix It – #2

You can also repair the .pst or .ost file using the Outlook repair tool.  ScanPST is a tool to scan and repair corrupted pst file. This file is located in different locations for different versions of Microsoft Outlook.
Windows 32-Bit   C:Program FilesMicrosoft OfficeOffice14
Windows 64-Bit   C:Program Files (x86)Microsoft OfficeOffice14
Windows 64-Bit   C:Program FilesMicrosoft OfficeOffice14
Windows 32-Bit   C:Program FilesMicrosoft OfficeOffice15
Windows 64-Bit    C:Program Files (x86)Microsoft OfficeOffice15
Windows 64-Bit  C:Program FilesMicrosoft OfficeOffice15
Windows 32-Bit    C:Program FilesMicrosoft OfficeOffice15
Windows 64-Bit  C:Program Files (x86)Microsoft OfficeOffice15
Run that file with elevated privileges and find the location of the .pst or .ost file. These files are nothing but related to your email accounts, in Outlook 2013. The most noteworthy location will be like this –
Click on the Start button. The tool will check for file consistency and check for any repairs in the .ost file in Outlook 2013. Once the repair complete dialog box is displayed, you can click on OK and try re-opening Outlook again. 
This sometimes mostly solves the problem.

Fix It – #3

Another solution is to disable hardware acceleration.
Fix : 
  1. Run regedit
  2. Browse to HKEY_CURRENT_USERSoftwareMicrosoftOffice15.0Common
  3. Create a New Key and name it “Graphics”
  4. Select Graphics, right-click on the right panel and create a New DWORD (32-bit) Value and name it DisableHardwareAcceleration.
  5. Enter Value data as 1

Fix It – #4

Another simple solution is to check the system drive for errors using the following command.  Solutions
Method : – simple solution on Windows 8:  Win + X  -> Command Prompt (Admin) -> chkdsk c: /f -> Answer (Y) -> Restart Windows.

Fix It – #5

Another simple method is to open Outlook in safe mode and disable the add-ins.
Method :
Let us open Outlook in safe mode and check. Follow the steps:
1. Press the Windows + R key on the keyboard.
2. Type Outlook /safe (leave a space after Outlook) -> Click OK.
If you are able to open Outlook 2013 or 2016, then disable the add-ins and check if it helps. Follow the steps disable the add-ins:
1. Click on File -> Go to Options.
2. Click on Add-ins -> select COM Add-ins under Manage ->Click Go
3.Select the add-ins to disable -> Click OK.

Fix It – #6

Sometimes a third-party VPN like “Express VPN” can interfere with the normal startup of Outlook. So either uninstalling the VPN or disabling it from running at start-up can solve the issue.

Fix It – #7

In corporate environment, you will not be given the access to uninstall VPN software. In such cases, if you can open Outlook in safe and disable the add-ins of your VPN software, then this can solve the issue. You can run the following two commands in the Run box.
outlook.exe /resetnavpane  or  outlook.exe /resetfolders
If everything works fine after the first command, then you are good to go. Otherwise, try the second command. But Outlook may take a bit of time, after execution of the 2nd command.

Fix It – #8

In Windows 8 and 7, there are some services which can interfere with the proper functioning of Outlook 2013 and 2016. One such service is the “Desktop Window Manager Session Manager”. You can stop this service and set the status to “Disabled“. Now Re-start and Outlook should open fine.

Fix It – #9

Lync is one Office product which can have compatibility problems with Outlook. So if you have it running parallel, then it’s best to kill the task using the Task Manager.  Now Outlook 2013 should open without problems.

Fix It – #10

The common cause for Outlook Profile not loading is because its data files are being accessed by other applications. If the data file are being locked or accessed by third-party applications like Google Calendar, Microsoft Communicator etc, this can happen. There are a few solutions in this case.
  1. You can stop the sync process of other applications which are trying to access these data files.
  2. You can disable your anti-virus temporarily and check if the problem is resolved.
  3. You can stop the Windows search indexing service and see if Outlook loads fine.
  4. You can kill the outlook.exe process and then restart Outlook.

Fix It – #11

Another common problem of Outlook taking forever to load in 2016 version could be due to compatibility problems. For example, if you are using Windows 7 SP1, then you can check the properties of Outlook 2016 shortcut. Now under “Compatibility” tab,  uncheck the box next to ‘Run this program in compatibility mode for: Windows 7 Service Pack 1‘.
If it is Windows 10, the short-cut would be available in the following path.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs
You can then run the “Troubleshoot Compatibility” tool which can fix this issue.

Fix It – #12

In Windows 10 and Outlook 2016, there can be problems related to Networking things. So while loading up Outlook if you can cut-off your Wi-Fi and other network interfaces, your Outlook should load fine. The general problem may be due to Telemetry and TCP related stuff.
These are some of the solutions I have tried to fix my Outlook 2013 loading profile problem.  You can disable the add-ins, which will reduce the delay in opening Outlook.

Saturday, February 17, 2018

Migrate Cluster Roles to Windows Server 2012 R2

Applies To: Windows Server 2012 R2
This guide provides step-by-step instructions for migrating clustered services and applications to a failover cluster running Windows Server 2012 R2 by using the Copy Cluster Roles Wizard. Not all clustered services and applications can be migrated using this method. This guide describes supported migration paths and provides instructions for migrating between two multi-node clusters or performing an in-place migration with only two servers. Instructions for migrating a highly available virtual machine to a new failover cluster, and for updating mount points after a clustered service migration, also are provided.

Operating system requirements for clustered roles and feature migrations

The Copy Cluster Roles Wizard supports migration to a cluster running Windows Server 2012 R2 from a cluster running any of the following operating systems:
  • Windows Server 2008 R2 with Service Pack 1 (SP1)
  • Windows Server 2012
  • Windows Server 2012 R2
Migrations are supported between different editions of the operating system (for example, from Windows Server Enterprise to Windows Server Datacenter), between x86 and x64 processor architectures, and from a cluster running Windows Server Core or the Microsoft Hyper-V Server R2 operating system to a cluster running a full version of Windows Server.
The following migrations scenarios are not supported:
Before you perform a migration, you should install the latest updates for the operating systems on both the old failover cluster and the new failover cluster.

Target audience

This migration guide is designed for cluster administrators who want to migrate their existing clustered roles, on a failover cluster running an earlier version of Windows Server, to a Windows Server 2012 R2 failover cluster. The focus of the guide is the steps required to successfully migrate the clustered roles and resources from one cluster to another by using the Copy Cluster Roles Wizard in Failover Cluster Manager.
General knowledge of how to create a failover cluster, configure storage and networking, and deploy and manage the clustered roles and features is assumed.
It is also assumed that customers who will use the Copy Cluster Roles Wizard to migrate highly available virtual machines have a basic knowledge of how to create, configure, and manage highly available Hyper-V virtual machines.

What this guide does not provide

This guide does not provide instructions for migrating clustered roles by methods other than using the Copy Cluster Roles Wizard.
This guide identifies clustered roles that require special handling before and after a wizard-based migration, but it does not provide detailed instructions for migrating any specific role or feature. To find out requirements and dependencies for migrating a specific Windows Server role or feature, see Migrate Roles and Features to Windows Server 2012 R2.
This guide does not provide detailed instructions for migrating a highly available virtual machine (HAVM) by using the Copy Cluster Roles Wizard. For a full discussion of migration options and requirements for migrating HAVMs to a Windows Server 2012 R2 failover cluster, and step-by-step instructions for performing a migration by using the Copy Cluster Roles Wizard, see Hyper-V: Hyper-V Cluster Migration.

Planning considerations for migrations between failover clusters

As you plan a migration to a failover cluster running Windows Server 2012 R2, consider the following:
  • For your cluster to be supported by Microsoft, the cluster configuration must pass cluster validation. All hardware used by the cluster should be Windows logo certified. If any of your hardware does not appear in the Windows Server Catalog in hardware certified for Windows Server 2012 R2, contact your hardware vendor to find out their certification timeline.
    In addition, the complete configuration (servers, network, and storage) must pass all tests in the Validate a Configuration Wizard, which is included in the Failover Cluster Manager snap-in. For more information, see Validate Hardware for a Failover Cluster.
  • Hardware requirements are especially important if you plan to continue to use the same servers or storage for the new cluster that the old cluster used. When you plan the migration, you should check with your hardware vendor to ensure that the existing storage meets certification requirements for use with Windows Server 2012 R2. For more information about hardware requirements, see Failover Clustering Hardware Requirements and Storage Options.
  • The Copy Cluster Roles Wizard assumes that the migrated role or feature will use the same storage that it used on the old cluster. If you plan to migrate to new storage, you must copy or move of data or folders (including shared folder settings) manually. The wizard also does not copy any mount point information used in the old cluster. For information about handling mount points during a migration, see Cluster Migrations Involving New Storage: Mount Points.
  • Not all clustered services and features can be migrated to a Windows Server 2012 R2 failover cluster by using the Copy Cluster Roles Wizard. To find out which clustered services and applications can be migrated by using the Copy Cluster Roles Wizard, and operating system requirements for the source failover cluster, see Migration Paths for Migrating to a Failover Cluster Running Windows Server 2012 R2.

Migration scenarios that use the Copy Cluster Roles Wizard

When you use the Copy Cluster Roles Wizard for your migration, you can choose from a variety of methods to perform the overall migration. This guide provides step-by-step instructions for the following two methods:
  • Create a separate failover cluster running Windows Server 2012 and then migrate to that cluster. In this scenario, you migrate from a multi-node cluster running Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2. For more information, see Migrate Between Two Multi-Node Clusters: Migration to Windows Server 2012 R2.
  • Perform an in-place migration involving only two servers. In this scenario, you start with a two-node cluster that is running Windows Server 2008 R2 SP1 or Windows Server 2012, remove a server from the cluster, and perform a clean installation (not an upgrade) of Windows Server 2012 R2 on that server. You use that server to create a new one-node failover cluster running Windows Server 2012 R2. Then you migrate the clustered services and applications from the old cluster node to the new cluster. Finally, you evict the remaining node from the old cluster, perform a clean installation of Windows Server 2012 R2 and add the Failover Clustering feature to that server, and then add the server to the new failover cluster. For more information, see In-Place Migration for a Two-Node Cluster: Migration to Windows Server 2012 R2.
We recommend that you test your migration in a test lab environment before you migrate a clustered service or application in your production environment. To perform a successful migration, you need to understand the requirements and dependencies of the service or application and the supporting roles and features in Windows Server in addition to the processes that this migration guide describes.