VeeamPN - Setting Up a Persistent Route

When setting up VeeamPN gateway devices, the route back to the hub is not automatically created on the VeeamPN gateway appliance when the hub is not deployed in Microsoft Azure.

https://helpcenter.veeam.com/docs/veeampn/userguide/add_route.html?ver=10

Here Veeam shows how you can manually add the route, but once the appliance is restarted the route needs to be added again manually.

Thanks to linuxconfig.org, I found the steps to automatically execute a shell script at startup.

https://linuxconfig.org/how-to-automatically-execute-shell-script-at-startup-boot-on-systemd-linux


1. Create a system startup script - /etc/systemd/system/customroute.service
This service is run after the veeam-vpn-svc.service runs.

2. chmod 664 /etc/systemd/system/customroute.service

3. Create a custom shell script - /usr/local/bin/customroute.sh

The script loops through the output of route -n, looking for the tun0 device which is the established VeeamPN VPN tunnel back to the VeeamPN Hub appliance.  Once that is there, it adds the route with the route add command, and also prints the route -n output to the /root/routeprint.txt file.

4. chmod 744 /usr/local/bin/customroute.sh

5. systemctl daemon-reload

6. systemctl enable customeroute.service

7. restart the veeampn gateway - shutdown -r now

VMware Paravirtual Driver - Windows 2012 Installation

One day you may find yourself installing a Windows 2012 Server and wanting to use the VMware Paravirtual driver for the vSCSI controller for the disks.  The VMware KB article on this covers this topic very well.

1. Create a new VM
2. Remove the Hard disk 1 and click OK

3. Add a Hard disk and then click Change Type for SCSI Controller Type

4. Choose VMware Paravirtual and click OK and then OK again

5. During the Windows Installation Setup, you'll need to load the VMware Paravirtual SCSI driver.  Attach the floppy image to the VM using the "Connect to floppy image on a datastore..." option.

There will be a folder named "vmimages" then "floppies" and select the "pvscsi-Windows2008.flp" file and click OK.

6. Click on Load driver and then click on Browse

7. Select the "amd64" folder under the Floppy Disk Drive

8. Click Next

9. The disk is now present and you can continue with the Windows 2012 Setup

System Center Operations Manager 2012 R2 - System Center Management Health Service Unloaded System Rule(s) - Windows Server 2003/2008 (non R2) missing PowerShell 2.0

I know its been awhile since the last post, so here it goes...

Issue:

This week we are dealing with a specific error that caused multiple agents to throw the alert monitor, System Center Management Health Service Unloaded System Rule(s) with the following description.

The System Center Management Health Service ????????-????-????-????-???????????? running on host <computername> and serving management group with id {????????-????-????-????-????????????} is not healthy. Some system rules failed to load.

This caused the agents to go into a "grey" state.  Review the Operations Manager log on an affected agent computer and look for errors with event id 4513 with the following description.

The callback method DeliverDataToModule failed with exception "Could not load file or assembly 'System.Management.Automation, Version=1.0.0.0, Culture=neutral, PublicKeyToken=????????????????' or one of its dependencies. The system cannot find the file specified." in the module Microsoft.EnterpriseManagement.Modules.PowerShell.PowerShellProbeActionModule.

Workflow: Microsoft.IntelligencePacks.Types.HealthServiceProxyConfiguration 

The common factor among the affected computer agents was all Windows Server 2003 and Windows Server 2008 (non R2) which were missing Powreshell 2.0.

Solution and workaround:

The solution is to override the Advisor Proxy Setting Rule or install Powershell 2.0.

It was not until after I had called Microsoft Support which were quick to find the cause and provide a solution to this issue, that I found this issue being discussed on the TechNet Forum - Grey Agents after New Management Pack with id:"Microsoft.IntelligencePacks.Types", version:"7.0.9781.0" received. - and the Microsoft Azure forum - Windows Server 2003 'grey' due to missing Powershell system rule Microsoft.IntelligencePacks.Types.HealthServiceProxyConfiguration.

System Center Operations Manager 2012 - Installing Certificates on an Agent

In order to monitor servers not in a trusted domain, System Center Operations Manager uses certificates to authenticate agent communication.  Therefore, you'll need a certificate authority server to submit the certificate request and then download the certificate. You can use either a domain Certificate Authority (CA) server or a standalone CA if your environment already has that in place.  I used a standalone.

Requirements
Certificate Authority Server
Port 5723 open from Server01 to the Management Server

1. Create the request *.inf file.
   
2. From the command prompt (server01) create the request file. *Must be done on the computer the certificate is for
   
   certreq -new -f server01.inf server01.req
3. Copy the request file to the CA server and submit request file
   
   certreq -submit -f server01.req
1. Click OK to the dialogue box that pops up.
2. Take note of the RequestId
4. On the CA Server - launch the Certificate Authority MMC (certsrv.msc) - Select Pending Requests, right-click the certificate request with the RequestId from the previous step select All Tasks - Issue
   
   
5. Retrieve the certificate (CA Server)
   
   certreq -retrieve -f 4 server01.cer
1. Click OK
2. Copy the certificate file (server01.cer) to the server you are installing the agent on (server01)
6. On Server01 - Install the certificate in the Local Computer - Personal Certificate store
7. On Server01 - Export the certificate you just imported with the Private Key (server01-exported.pfx)
8. Retrieve the CA certificate - This certificate will need to be installed in the Trusted Root Certification Authorities store on the Agent computer (server01)
1. On the CA Server navigate to http://localhost/certsrv/
2. Click on Download a CA certificate, certificate chain, or CRL
3. Click on Download CA certificate
4. Save this file (cacert.cer) and copy it over to the server the agent will be installed on (server01)
9. On Server01 - Install the CA Certificate in the Trusted Root Certification Authorities
1. Launch an MMC console and add the Certificates snap-in| for the local computer
2. Right-click the Certificates folder under Trusted Root Certification Authorities select All Tasks -> Import
3. Browse to the CA certificate saved from the previous step (cacert.cer)
4. Click on Next, Next, and Finish
10. Install the System Center Operations Manager Agent
1. The files can be found on the Management folder
   C:\Program Files\Microsoft System Center 2012 R2\Operations Manager\Server\AgentManagement\
   64 bit agent - amd64 folder
   32 bit agent - x86 folder
2. Run the MOMCertImport.exe to import the certificate from step 7
   
   MOMCertImport.exe server01-exported.pfx
3. Enter the password set from step 7
4. If you're updating the certificate run the remove command first
   
   MOMCertImport.exe /Remove
11. Restart the Microsoft Monitoring Agent service

VMware PowerCLI - Creating Standard Virtual Switches and updating VM Network Adapter Labels

In preparation to migrate ESXi hosts from one VMware vCenter 5.0 server to another VMware vCenter 5.5 server, I created this script to automate re-configuring the VM network labels to use a standard vSwitch on each ESXi server.  The script connects to the vCenter server and creates a new standard vSwitch on each ESXi host as well as assigns an available physical uplink (vmnic).  Then also creates the portgroups for each VLAN, and finally updates the VMs network lables in a given cluster.

Download - VM-UpdateVMNetworking.ps1