[VMware] Backup / Restore vCenter Server 6.x vPostgres database

[ Windows ]

~備份(Backup)~

step01.
cd %VMWARE_CIS_HOME%\bin

cd C:\"Program Files"\VMware\"vCenter Server"\bin

step02. 需先停止 vmware-vpxdvmware-vdcs 服務
~6.7 and 6.5 (Windows)~
service-control –stop vpxd
service-control –stop content-library

~ 6.0 (Windows)~
service-control –stop vpxd
service-control –stop vdcs

step03.
下載KB Attachments , 載點
備份批次檔 > backup_win.py
還原批次檔 > restore_win.py

step04.
建立C槽底下一個目錄 tmp
C:\tmp將批次檔放置這兒

step05.
(Caution) 在執行批次檔請勿任意停止將會影響 PostgreSQL Database不一致。
找出  %VMWARE_CFG_DIR%\vmware-vpx\ 底下 vcdb.properties 記錄下 DB帳號 vc 的密碼

step06. 備份 (Backup)
cd %VMWARE_CIS_HOME%\Python\
python.exe c:\tmp\backup_win.py -p “oMfcT=7C?5L&Wh@2″ -f c:\tmp\backup_VCDB.bak
** 成功就會如下訊息**
Backup completed successfully.

step07. 最後別忘了啟動這二支 vmware-vpxdvmware-vdcs 服務
~6.7 and 6.5 (Windows)~
service-control –start vpxd
service-control –start content-library

~ 6.0 (Windows)~
service-control –start vpxd
service-control –start vdcs


~還原(Restore)~

step01.
請以 administrator 權限身份登入

step02.需先停止 vmware-vpxdvmware-vdcs 服務
~6.7 and 6.5 (Windows)~
service-control –stop vpxd
service-control –stop content-library

~ 6.0 (Windows)~
service-control –stop vpxd
service-control –stop vdcs

step03.
(Caution) 在執行批次檔請勿任意停止將會影響 PostgreSQL Database不一致。
找出  %VMWARE_CFG_DIR%\vmware-vpx\ 底下 vcdb.properties 記錄下 DB帳號 vc 的密碼

step04. 還原 (Restore)
cd %VMWARE_CIS_HOME%\Python\
python.exe c:\tmp\restore_win.py -p “oMfcT=7C?5L&Wh@2″ -f c:\tmp\backup_VCDB.bak
** 成功就會如下訊息**
Backup completed successfully.

step05. 最後別忘了啟動這二支 vmware-vpxdvmware-vdcs 服務
~6.7 and 6.5 (Windows)~
service-control –start vpxd
service-control –start content-library

~ 6.0 (Windows)~
service-control –start vpxd
service-control –start vdcs





[ Linux (Appliance) ]
與 Windows 差異是多了change mode
chmod 700 /tmp/backup_lin.py
chmod 700 /tmp/restore_lin.py


Reference :
1. Back up and restore vCenter Server Appliance/vCenter Server 6.x vPostgres database (2091961)

[Windows]狂Ping指令,類Cisco Fast Ping 效果

下載PSTool工具 https://bit.ly/2Kys8

指令 > psping.exe -t -i 0 192.168.1.1

psping 64.exe -t -i 0 192.168.1.1
(註) 參數一定要如上不可隨便變動。否則僅是預設 ping 四次唷!


指令解釋:

– i > Usage for ICMP ping.
-t >Usage for TCP ping.
– l > Usage for latency test.
– b > Usage for bandwidth test.
-nobanner > Do not display the startup banner and copyright message.

[VMware] Windows 1903/1909 run VMware Workstation / Workstation Pro error “VMware Workstation and Device/Credential Guard are not compatible. VMware Workstation can be run after disabling Device/Credential Guard"

近日當在用Windows 10 1903/1909 在跑VM時會跳出錯誤訊息"VMware Workstation and Device/Credential Guard are not compatible. VMware Workstation can be run after disabling Device/Credential Guard"。

那工法稍稍多了點….Orz
不是單單什麼開啟 Windows boot menu Hyper-V auto 或 Hyper-V off之類就可以解決。

<Resolution>

step01. Win + R

step02. cmd.exe

step03. gpedit.msc

step04.
Computer Configuration > Administrative Templates > System > Device Guard > Turn on Virtualization Based Security (Disabled)
電腦設定 > 系統管理範本 > 系統 > Device Guard > 開啟虛擬化安全性 (已停用)

step05.
cmd.exe

step06.
mountvol X: /s

copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y

bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d “DebugTool" /application osloader

bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path “\EFI\Microsoft\Boot\SecConfig.efi"

bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}

bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS

bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X:

mountvol X: /d

step06.
bcdedit /set hypervisorlaunchtype off

(註)bcdedit /set hypervisorlaunchtype auto // 日後要用 Hyper-V 執行重開即可。


step07. 重開機記得要緊盯螢幕錯過以下動作還是無法啟動VMware Workstation 唷!!要按下WinKey或F3 才是真的達到關閉。
Virtualization Based Security Opt-out Tool
Do you want to disable Virtualization based security ?
Disabling this functionality changes the security configuration of Windows.
For the correct action in your oragization, contact your administrator before disabling.

** Press the Windows key or F3 to disabled protection . ESC to Skip this step. **


Reference :
0. “VMware Workstation and Device/Credential Guard are not compatible" error in VMware Workstation on Windows 10 host (2146361)
“Error 1402. Could not open key: UNKNOWN" while installing vCenter Server on Windows (1029282)
1. Dixin’s Blog – Run Hyper-V and VMware virtual machines on Windows 10
2. Leo Yeh’s Blog – 解決問題 Windows 10 (2)
3. 程式前沿 – 解決VM 與 Device/Credential Guard 不相容。在禁用 Device/Credential Guard 後,可以執行 VM 的方法
4. 小歐ou | 菜鳥自救會 – 設定開機選項選擇使用 VMWare 或 Hyper-V
5. ITREAD01 – VMware Workstation and Hyper-V are not compatible. 解決方案
6. 每日頭條 – VM與Device/Credential Guard解決方案

[Windows] fix 主機大量 zero window issue

step01. check current config

C:\WINDOWS\system32> netsh interface tcp show global
Querying active state…

TCP Global Parameters

Receive-Side Scaling State : enabled
Receive Window Auto-Tuning Level : normal
Add-On Congestion Control Provider : default
ECN Capability : disabled
RFC 1323 Timestamps : disabled
Initial RTO : 3000
Receive Segment Coalescing State : enabled
Non Sack Rtt Resiliency : disabled
Max SYN Retransmissions : 2
Fast Open : enabled
Fast Open Fallback : enabled
HyStart : enabled
Pacing Profile : off

step02. 把 Receive Window Auto-Tuning Level (接收視窗自動調整層級) 改為 Disabled .
> netsh interface tcp set global autotuninglevel=disabled

**回復預設值**
> netsh interface tcp set global autotuninglevel=normal


> netsh interface tcp set global autotuninglevel=normal

有些江湖傳言說改為 disabled會加快上網變快之類,若不熟悉者還是小心使用。

[VMware] 登入Windows版 vCenter 6.5 vSphere Web Client (Flash-base) 會一直跳出 “發生內部錯誤 – Error #1009″

在客戶升級了5.5U2 > 6.0 > 6.5U2 但居然會出現vCenter 5.5U1 Bug ;但這Bug在5.5U2已修正居然會出現不解啊 ><

情境: 使用 vSphere Web Client (Flash-base) login後會一直跳出 “發生內部錯誤 – Error #1009″ 錯誤訊息。

Workaround :

step01. 進入 C:\programdata\vmware\vCenterServer\data\vSphere Web Client\SerenityDB\

step02. 刪除 serenity 這個整個目錄

delete C:\programdata\vmware\vCenterServer\data\vSphere Web Client\SerenityDB\serenity

step03. 重啟vSphere Web Client服務即可
.\service-control –stop vspherewebclientsvc && .\service-control –start vspherewebclientsvc

step04. 確認服務處於running
.\service-control –status vspherewebclientsvc

Done.


Reference : VMware vSphere Web Client reports an internal error 1009 (2089949)

[Windows] How to determine install source is OEM/Retail/VOL ?

step01. cmd.exe

step02.  > slmgr.vbs /dli


Reference :

1. winaero – Find If Windows 10 License Type is Retail, OEM, or Volume

2. Gdaily – (教學) 查看你的完整 Windows 版本 Retail、VOL、OEM、RTM

3. 天缘博客 – MSDN、OEM、VOL、RETAIL密钥区别

[Windows] How to flush kerberos tickets

有時為了存取Windows 或 NetApp 之類機器檔案伺服器,總是遇到驗證不過。老是叫使用者重開機或登出再登入這有點老套。或是使用者有耐心叫他等個九個小時等票證過期 .(Default kerberos tickets age 9 hours)

換個方式若能像ipconfig /release  或 ipconfig /flushdns 清除快取之類總是時效好一些。

CIFS / SMB在存取檔案伺服器與Windows Active Directory 驗證時是用kerberos。微軟在Vista後的版本都有內建清除kerberos tickets.

[after vistat os]

step01. cmd.exe

step02.klist  // check current 快取的票證有幾個 ; 再者用 klist tgt (票證授予票(ticket-granting ticket))查看詳細票證相關資訊

step03.klist purge // Purge a user’s tickets

呼叫者登入識別碼: (0x0,0x3E7) // Purge tickets of the local system account
klist -li 0x3e7 purge

klist -lh 0 -li 0x3e7 purge

[Window XP & Windows Server 2003]

step01. download Windows Server 2003 Resource Kit Tools

step02. extract or perform ‘rktools.exe’

step03. klist.exe tickets // check current 快取的票證有幾個

step04. klist.exe purge

*補充*
啟用kerberos log
step01. regedit.exe

step02.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters

step03.
Entry: LogLevel
Type: REG_DWORD
Default Value: 0 改為 1 (0x1)


Reference :

  1. Microsoft – Kerberos protocol registry entries and KDC configuration keys in Windows
  2. Microsoft – Kerberos Authentication Tools and Settings (事件代碼參考)
  3. Web Debug – Kerberos认证问题的调试试验
  4. Norman Bauer – How to purge Kerberos tickets of the system account
  5. zhulinu的专栏 – Windows登录日志详解
  6. 从kinit到kerberos安全机制
  7. MIRU-CH – How to update group membership without logoff / logon /restart