Operating System: VMware ESX Server 4.x, VMware ESXi 4.x, VMware ESXi 5.x Impact: A remote user can cause denial of service conditions. "Summary: VMware has updated VMware ESXi and ESX to address a vulnerability in an unhandled exception in the NFC protocol handler." Synopsis: VMware ESXi and ESX address an NFC Protocol Unhandled Exception Howto: 101 Scripting ESX server installation on vS.VMSA-2013-0011 - VMware ESXi and ESX address an NFC Protocol Unhandled Exception.vCenter Converter Standalone 4 - ports used.ESX 4.0 in Workstation - requires Intel-VT.Howto: Getting the Navisphere Agent for ESX Server.Read this article for further info on time sync. The ESX servers sync with the physical NTP server - but no synchronization between VM and ESX server. We had the PDC emulator sync with a dedicated physical NTP server, and then let the second DC sync with the PDC emulator. If you have a mixed environment of DCs (bare metal and virtual), then you can let a bare metal DC sync to an external source, and then let all the other DC's sync to the bare metal DC. We let Windows take care of the synchronisation. There's a feature in VMware tools, where you can synchronize the VM against the ESX - this we did not use. One important point is that there should be only one source for synchronization for all the DC's. There are several ways of setting up time synchronization. It may sound banal, but it is sometimes overlooked when the pace is fast and only basic OS testing is done. If your responisbility area does not cover the application layer, which it does not for me in this case, then arrange for an application responisble to test the app before it is released into production. After both had been migrated, the AD guy tested again. When it came back up, the AD guy tested and then moved FSMO roles over to the migrated DC. We resized the disks to save SAN space which was not a problem. Then we took the other one down and P2V'ed it. There were FSMO roles on the DC's, so before we began, we had the AD guy move all the roles over to one of the servers. We did cold clone because hot migration is likely to go wrong and it is not supported by Microsoft. However, we did not have enough time to do the recommended solution, so we whent for P2V. I like this way as it moves the responsibility away from the VMware team and over to the application responsible. This KB recommends that in stead of migrating, then deploy a fresh VM and do a 'dcpromo' and then shut down the physical server after. I knew that domain controllers in particular can give you trouble when being converted / migrated, so I researched it a bit and found a useful article on which linked to a very good VMware KB article. We had to migrate two root domain controllers the other day at work. Summary: Cold clone P2V of domain controllers works just fine.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |