Create user John who will view system information using base 2 in SMU:
# create user base 2 interfaces wbi level monitor John
Enter new password: ********
Re-enter new password: ********
Success: Command completed successfully. (John) – The new user was created.
(2012-01-20 15:54:35)
Create user MIB that can view the SNMP MIB, using authentication and encryption:
# create user interfaces snmpuser password Abcd1234 authentication-type SHA
privacy-type AES privacy-password Abcd5678 MIB
Success: Command completed successfully. (MIB) – The new user was created.
(2012-01-20 15:54:45)
Create user Traps that can receive SNMP trap notifications, using authentication without
encryption:
# create user interfaces snmptarget authentication-type MD5 trap-host
172.22.4.171 Traps
Enter new password: *********
Re-enter new password: *********
Success: Command completed successfully. (Traps) – The new user was created.
(2012-01-20 15:54:55)
Change the temperature scale and accessible interfaces for user jsmith:
# set user jsmith temperature-scale f interfaces wbi,cli
Success: Command completed successfully. – The settings were changed
successfully. (2012-01-21 14:39:50)
Change the password for user JDoe:
# set user JDoe password Abcd%1234
Success: Command completed successfully. – The settings were changed
successfully. (2012-01-21 14:39:56)
Change the authentication type for SNMPv3 user Traps:
# set user Traps authentication-type MD5 password Snmp%Trap
Success: Command completed successfully. – The settings were changed
successfully. (2012-01-12 14:40:10)
For the only CLI user with the manage role, try to reduce the role to monitor:
# set user SysAdmin roles monitor
Error: At least one CLI user must retain configuration privileges at all times.
(2013-10-31 14:10:47)
Show configured users:
# show users
Username Roles User Type User Locale WBI CLI FTP SMI-S SNMP
Authentication Type Privacy Type Password Privacy Password
Trap Host Address
—————————————————————————-
ftp manage,monitor Standard English x
********
MIB monitor Standard English U
SHA AES access_MIB MIB_access
manage manage,monitor Standard English x x x x
********
monitor monitor Standard English x x
********
Traps monitor Standard English T
SHA AES _Abc123_ _123Abc_
172.22.4.171
Rivera manage,monitor Standard Spanish x x
********
—————————————————————————-
Success: Command completed successfully. (2012-02-19 15:31:12)
If you have problem logging into Web Management this could be due to SSL cert error in browser. SSH to SAN then Enable http on SAN using cli below, then try login using http:// instead of https://. You can always create new user using the cli above.
Example Enable/Disable unsecure HTTP connections and enable FTP:
# set protocols http disabled ftp enabled
# set protocols http enabled ftp enabled
Certificate enrollment for Local system failed to enroll for a DomainController certificate from (The RPC server is unavailable. 0x800706ba (WIN32: 1722)).
We have seen this for Vista/server 2008 trying to register for V2 templates agains 2003 CAs and suspect the same issue would be present in Windows Server 2008. The following steps should resolve this:
1. Please check to ensure that a new security group, CERTSVC_DCOM_ACCESS, has been created after Windows Server 2003 SP1 or later has been applied.
2. Please add the “Domain Users”, “Domain Computers”, “Domain Controllers” groups to the new CERTSVC_DCOM_ACCESS security group.
3. Then we can have Certificate Services update the DCOM security settings by running the following commands:
To determine if you must use the command line, attempt to power off the virtual machine:
Connect VMware Infrastructure/vSphere Client to the vCenter Server. Right-click the virtual machine and click Power off.
Connect vSphere Client directly to the ESX host. Right-click the virtual machine and click Power off.
If this does not work, you must use the command line method.
Determining the virtual machine’s state
Determine the host on which the virtual machine is running. This information is available in the virtual machine’s Summary tab when viewed in the vSphere Client page.
Log in as root to the ESX host using an SSH client.
Run this command to verify that the virtual machine is running on this host:# vmware-cmd -l
The output of this command returns the full path to each virtual machine running on the ESX host. Verify that the virtual machine is listed, and record the full path for use in this process. For example:
# /vmfs/volumes/<UUID>/<VMDIR>/<VMNAME>.vmx
Run this command to determine the state in which the ESX host believes the virtual machine to be operating:
# vmware-cmd <path.vmx> getstateIf the output from this commandisgetstate() = on, the vCenter Server may not be communicating with the host properly. This issue must be addressed in order to complete the shutdown process.
If the output from this command is getstate() = off, the ESX host may be unaware it is still running the virtual machine. This article provides additional assistance in addressing this issue.
Powering off the virtual machine using the vmware-cmd command
Caution: If you want to collect the virtual machine logs to assist in troubleshooting, do not perform the steps in this section.
This procedure uses the ESX command line tool and attempts to gracefully power off the virtual machine. It works if the virtual machine’s process is running properly and is accessible. If unsuccessful, the virtual machine’s process may not be running properly and may require further troubleshooting.
From the Service Console of the ESX host, run the command:
vmware-cmd <path.vmx> stop
Note: <path.vmx>is the complete path to the configuration file, as determined in the previous section. To verify that it is stopped, run the command: # vmware-cmd <path.vmx> getstate
From the Service Console of the ESX host, run the command:
# vmware-cmd <path.vmx> stop hard
Note:<path.vmx>is the complete path to the configuration file, as determined in the previous section. To verify that it is stopped, run the command:
# vmware-cmd <path.vmx> getstate
If the virtual machine is still inaccessible, proceed to the next section.
Powering off the virtual machine while collecting diagnostic information using the vm-support script
Use this procedure when you want to investigate the cause of the issue. This command attempts to power off the virtual machine while collecting diagnostic information. Perform these steps in order, as they are listed in order of potential impact to the system if performed incorrectly.
Perform these steps first:
Determine the WorldID of the virtual machine with the command:
# vm-support -x
Kill the World_ID of the virtual machine by using this command in the root directory of the host:
# vm-support -X <world_ID>
It can take upwards of 30 minutes to terminate the virtual machine. Exercise patience to avoid corruption. Note: This command uses several different methods to stop the virtual machine. When attempting each method, the command waits for a predetermined amount of time. The timeout value can be configured to be 0 by adding the -d0 switch to the vm-support command.
If the preceding steps fail, perform these steps for an ESX 3.x host:
List all running virtual machines to find the VMID of the affected virtual machine with the command:
# cat /proc/vmware/vm/*/names
Determine the master world ID with the command:
# cat /proc/vmware/vm/####/cpu/status | less
Scroll to the right with the arrow keys until you see the group field. It appears similar to:
Group
vm.####
Run this command to shut the virtual machine down with the group ID:
# /usr/lib/vmware/bin/vmkload_app -k 9 ####
If the preceding steps fail, perform these steps for an ESX 4.x host:
List all running virtual machines to find the vmxCartelID of the affected virtual machine with the command:
# /usr/lib/vmware/bin/vmdumper -l
Scroll through the list until you see your virtual machine’s name. The output appears similar to:
Run this command to shut the virtual machine down with the vmxCartelID:# /usr/lib/vmware/bin/vmkload_app -k 9 ####
Using the ESX command line to kill the virtual machine
If the virtual machine does not power off using the steps in this article, it has likely lost control of its process. You must manually kill the process at the command line.
Caution: This procedure is potentially hazardous to the ESX host. If you do not identify the appropriate process ID (PID), and kill the wrong process, it may have unexpected results. If you are not comfortable with these procedures, contact VMware Technical Support and open a Service Request. Refer to this article when you create the SR.
To determine if the virtual machine process is running on the ESX host, run the command:
# ps auxwww | grep -i <VMNAME>.vmxThe output of this command appears similar to this if the .vmx process is running:
The process ID (PID) for this process is in bold. In this example, the PID is 3093. Take note of this number for use in these steps.
Caution: Ensure that you identify the line specific only to the virtual machine you are attempting to repair. If you continue this process for a virtual machine other than the one in question, you can cause downtime for the other virtual machine.
If the .vmx process is listed, it is possible that the virtual machine has lost control of the process and that it must be stopped manually.
To end the process, run the command:# kill <PID>
Wait 30 seconds and check for the process again.
If it is not terminated, run the command:# kill -9 <PID>
Wait 30 seconds and check for the process again.
Where possible, it may be necessary to migrate the virtual machine to another host and attempt the kill instruction from that host.
If it is not terminated, the ESX host may need to be rebooted to clear the process. This is a last resort option, and should only be attempted if the preceding steps in this article are unsuccessful.
Changing settings from the physical or remote console connection
Changing the IP for the Service Console must be done from the physical console or through a remote console session. If you make changes through a network connection such as SSH, network connectivity to the Service Console disconnects because the Service Console’s network interface changes.
Note: You may also need to verify and change the file /etc/vmware/esx.conf file for the hostname and IP address.
To change the default gateway address and the hostname, edit the /etc/sysconfig/network file and change the GATEWAY and HOSTNAME parameters to the proper values.
For the changes to take effect, restart the network service with the command:
[root@server root]# service network restart
Note: If you are required to edit the hostname, then you must reboot the host.
Note: This command breaks any current network connections to the Service Console, but virtual machines continue to have network connection. If the ESX host is managed by VirtualCenter or vCenter Server, you may have to remove and re-add the host to the inventory. For more information, see ESX not working properly in VirtualCenter after IP address change (1005633).
Excel documents saved fine this AM now I am getting the message “!document not saved” in Excel only. What is it? and How do I fix it?
Fix worked for me: check the document to see if there is any image embedded, just start removing them one at at time and identified small logo was corrupt and was causing “Document not saved.” error. after removing the image file saved without any issue.
You can check for all CA in domain by Running the following command from a CMD prompt: “certutil -config – -ping” it will prompt you with all the CA available in the organisation.
To remove from domain Open PKIView.msc, right-click on root node and select Manage AD Containers. Go through all tabs and remove items related to old CA. I have used this on Windows 2008 Server.
Taking ownership of a file
Open an elevated Command Prompt window. To do so, click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as Administrator.
Type the following command and press ENTER:
TAKEOWN /F
(Replace the text with the full path of the actual file.)
If the operation was successful, you should see the following message:
“SUCCESS: The file (or folder): “filename” now owned by user “Computer Name\User name”.”
Then to assign the Administrators group Full Control Permissions for the file, you may use the ICACLS command. Use this syntax:
ICACLS /grant administrators:F
Taking ownership of a folder
Use the following syntax:
takeown /f /r /d y
Then to assign the Administrators group Full Control Permissions for the folder, use this syntax:
icacls /grant administrators:F /T
The /T parameter is added so that the operation is carried out through all the sub-directories and files within that folder.
Command-line help: To know more information about the above commands, run these commands from a Command Prompt window.
The DHCP database can be moved or migrated from a Windows Server 2003 server to a Windows Server 2008 server, or from one Windows Server 2008 server to another. The information below details the necessary steps.
Export the DHCP database from a server that is running Microsoft Windows Server 2003 or Windows Server 2008
To move a DHCP database and configuration from a server that is running Windows Server 2003 or Windows Server 2008 to another server that is running Windows Server 2008:
1. Log on to the source DHCP server by using an account that is a member of the local Administrators group.
2. Click Start, click Run, type cmd in the Open box, and then click OK.
3. Type netsh dhcp server export C:\dhcp.txt all , and then press ENTER.
Note: You must have local administrator permissions to export the data.
Configure the DHCP server service on the server that is running Windows Server 2008
1. Click Start, click Administrative Tools, click Server Manager. If needed acknowledge User Account Control.
2. In Roles Summary click Add Roles, click Next, check DHCP server, and then click Next.
Import the DHCP database
1. Log on as a user who is an explicit member of the local Administrators group. A user account in a group that is a member of the local Administrators group will not work. If a local Administrators account does not exist for the domain controller, restart the computer in Directory Services Restore Mode, and use the administrator account to import the database as described later in this section.
2. Copy the exported DHCP database file to the local hard disk of the Windows Server 2008-based computer.
3. Verify that the DHCP service is started on the Windows Server 2008-based computer.
4. Click Start, click Run, type cmd in the Open box, and then click OK.
5. At the command prompt, type netsh dhcp server import c:\dhcpdatabase.txt all , and then press ENTER, where c:\dhcpdatabase.txt is the full path and file name of the database file that you copied to the server.
Note When you try to export a DHCP database from a Windows 2000/2003 domain controller to a Windows Server 2008 member server of the domain, you may receive the following error message:
Error initializing and reading the service configuration – Access Denied
Note You must have local administrator permissions to import the data.
6. To resolve this issue, add the Windows Server 2008 DHCP server computer to the DHCP Admins group at the Enterprise level and redo steps 4 & 5.
7. If the “access is denied” error message occurs after you add the Windows Server 2008 DCHP server computer to the DHCP Admins group at the Enterprise level that is mentioned in step 6, verify that the user account that is currently used to import belongs to the local Administrators group. If the account does not belong to this group, add the account to that group, or log on as a local administrator to complete the import and redo steps 4 & 5.
Authorize the DHCP server
1. Click Start, point to All Programs, point to Administrative Tools, and then click DHCP.
Note You must be logged on to the server by using an account that is a member of the Administrators group. In an Active Directory domain, you must be logged on to the server by using an account that is a member of the Enterprise Administrators group.
2. In the console tree of the DHCP snap-in, expand the new DHCP server. If there is a red arrow in the lower-right corner of the server object, the server has not yet been authorized.
3. Right-click the server object, and then click Authorize.
4. After several moments, right-click the server again, and then click Refresh. A green arrow indicates that the DHCP server is authorized.
Converting evaluation versions of Windows Server 2012 to full retail versions
Most evaluation versions can be converted to full retail versions, but the method varies slightly depending on the edition. Before you attempt to convert the version, verify that your server is actually running an evaluation version. To do this, do either of the following:
From an elevated command prompt, run slmgr.vbs /dlv; evaluation versions will include “EVAL” in the output.
From the Start screen, open Control Panel. Open System and Security, and then System. View Windows activation status in the Windows activation area of the System page. Click View details in Windows activation for more information about your Windows activation status.
If you have already activated Windows, the Desktop shows the time remaining in the evaluation period.
If the server is running a retail version instead of an evaluation version, see the “Upgrading previous licensed versions” section of this document for instructions to upgrade to Windows Server 2012.
For Windows Server 2012 Essentials: You can convert to the full retail version by entering a retail, volume license, or OEM key in the command slmgr.vbs.
If the server is running an evaluation version of Windows Server 2012 Standard or Windows Server 2012 Datacenter, you can convert it to a retail version as follows:
If the server is a domain controller, you cannot convert it to a retail version. In this case, install an additional domain controller on a server that runs a retail version and remove AD DS from the domain controller that runs on the evaluation version. For more information, see http://technet.microsoft.com/en-us/library/hh994618.aspx.
Read the license terms.
From an elevated command prompt, determine the current edition name with the command DISM /online /Get-CurrentEdition. Make note of the edition ID, an abbreviated form of the edition name. Then run DISM /online /Set-Edition:<edition ID> /ProductKey:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX /AcceptEula, providing the edition ID and a retail product key. The server will restart twice.