A collection of useful information, Tips and “How To’s” gathered during my time as an IT consultant. You can navigate the site via the “Categories” menu on the right, or you can use the search box in the top right. I welcome articles from others – feel free to create an account and post. I hope you find this site useful it’s also now smart phone friendly so you can access it on the move!

If you need to setup a windows server in a hurry you can download the evaluation ISO from Microsoft, here

You can then at a later date convert to a fully licensed (retail/OEM) version of windows by running the following command from an elevated prompt:

Standard edition: DISM /online /Set-Edition:ServerStandard /ProductKey:YOUR-PRODUCT-KEY-HERE /AcceptEula

Datacenter edition: DISM /online /Set-Edition:ServerDatacenter /ProductKey:YOUR-PRODUCT-KEY-HERE /AcceptEula

You will need to restart.

One caveat is that you can’t do this on a domain controller.


Azure backup allows you to backup either files and folders are entire VMs into Azure. The article runs through the setup of a simple files and folder backup

  • Uses VSS to get consistent backup without shutting the maching down.
  • Only sends deltas – i.e. after the initial backup only changes are sent
  • For pricing information see here

Create Recovery Vault

Logon to the Azure portal and go to the “recovery services vault” section.

You may want to change the backup replication type – either Locally Redundant (LRS) or Geo Redundant (GRS). See here for further info.

Backup Files & Folders

In your recovery vault

  • Download the client.
  • Download the vault credentials
  • Install the client on the computer which contains the files you want to backup.


Create a backup schedule

To manually start a backup use the “Back Up Now” option

File\Folder Data Recovery

To recover data use the Azure client.

Configure Notifications

You will probably want to configure notifications


This article talks through the creation of a Route-Based VPN between Azure and an On Premise Sonicwall firewall. This is done using the Resource Manager deployment.

IP Schema

In this example I have used the below Azure subnets. You should plan your subnets before starting this process.

  • Full “virtual network” subnet    (e.g.
  • Gateway Subnet        (e.g.
  • Subnet for servers in Azure     (e.g.

Azure Configuration

NB – you may want to consider creating a dedicated resource group for the below if you have existing resource groups. In this example we are installing servers into the “UK West” Azure location.

Create Virtual Network

You will need to create a new virtual network. Obviously make sure the IP range doesn’t overlap with any existing subnets.

Go to “more services”, then “Virtual Networks”. For the deployment model select “Resource Manager”. Enter your new subnet details.

You will need to create an address space to include all your subnets, and an initial subnet – e.g. for servers. In the example above I have an address space or with a subnet of to store my servers.

Note if you need to add additional subnets you are able to do this after the Virtual Network is created.

Create Gateway Subnet

Within the Virtual network go to subnets and then click “Gateway Subnet”

The gateway subnet you create must be named GatewaySubnet or it won’t work.

In this example I have used a subnet of

Create Virtual Network Gateway

Go to “more services”, “virtual network gateway”. Click Add. Fill out as below – you will probably want to create a new public IP. Note this is policy-based.

Note provisioning virtual network gateway may take up to 45 minutes.

Create Local Gateway

Create an entry for your on-premise subnets.

Go to “more services”, “local network gateway” then click “add”.

  • IP Address = External interface of your VPN device/firewall
  • Address Space = e.g. the subnet used in the office you are connecting to
  • Resource group = select your existing resource group.

Note it may take a while to provision a public IP – be patient! Once the IP is display in the portal you can move on to the next step.

Configure Azure VPN

Go to “more services”, “connections”. Click “Add”. Fill out details as below.

Configure Sonicwall

Create Address Object

Create an address object for the Azure vNet subnet

Create VPN

Note the policy type is “tunnel interface

Create Route

Finally create a route to tell the sonicwall to use the VPN tunnel for the Azure subnets. Note for testing you might want to restrict the “source” to a single test maching on your on premise network.


If the VPN connects successfully you should see a green “dot” as below.

For testing it is helpful to have a VM running on the Azure subnet. Note that you will need to allow pings through the firewall of this VM.

netsh advfirewall firewall add rule name=”All ICMP V4″ protocol=icmpv4:any,any dir=in action=allow


Install Azure Powershell Modules

If you haven’t already installed the modules, open an elevated powershell window and enter

Install-Module AzureRM

Enter “Y” then “A” to install all modules. Then enter

Install-Module Azure

Again enter “A” to install al modules.

Connect to Azure

Enter the powershell cmd


You will be promted to login. Once logged in you are connected.

Following on from my previous post once connected to office365 you can load the modules for the below services using these powershell commands. Please note you will need to have the relevant software installed – see the bottom of the article.

sharepoint online

Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking

Connect-SPOService -Url https://domainhost-admin.sharepoint.com -credential $credential

Note substitute domainhost for your company sharepoint name BUT LEAVE THE -admin IN

skype for business

Import-Module SkypeOnlineConnector

$sfboSession = New-CsOnlineSession -Credential $credential

Import-PSSession $sfboSession

exchange online

$exchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri “https://outlook.office365.com/powershell-liveid/” -Credential $credential -Authentication “Basic” -AllowRedirection

Import-PSSession $exchangeSession -DisableNameChecking

security & compliance

$ccSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $credential -Authentication Basic -AllowRedirection

Import-PSSession $ccSession -Prefix cc




You will need to have the below installed on your PC

Microsoft Online Services Sign-in Assistant: 

Azure AD Module for Windows PowerShell 


Connect to Office 365

  1. Open powershell (I always run as admin)
  2. Paste the below into the powershell window

    $cred = Get-Credential

    Import-Module MSOnline

    Connect-MsolService -Credential $cred

    $s = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $cred -Authentication Basic -AllowRedirection

    $importresults = Import-PSSession $s


You will be prompted to enter the office365 username and password and then you should connect up as shown below.

We recently got sent a server with a Windows 2012 license and a Windows 2012 R2 media kit. Obviously we had to load the non-R2 version of Windows which presented us with a problem. We solved this by:-

  • Downloading the evaluation ISO from Microsoft, here: https://www.microsoft.com/en-gb/evalcenter/evaluate-windows-server-2012 (there are numerous versions of windows here including Windows 2012 and 2016.
  • Once installed, run the following command from an elevated prompt:
    • Standard edition: DISM /online /Set-Edition:ServerStandard /ProductKey:YOUR-PRODUCT-KEY-HERE /AcceptEula
    • Datacenter edition: DISM /online /Set-Edition:ServerDatacenter /ProductKey:YOUR-PRODUCT-KEY-HERE /AcceptEula
  • Confirm restarts when prompted


Assuming your infrastructure has been setup to support Voicemail, the below instructions detail how to enable Voicemail for an individual user. In this scenario the mailboxes are hosted on Office365 and Lync 2013 is used on premise.

 1.       Enable users for Unified Messaging

Ensure the user has Unified Messaging enabled in the Exchange admin center.



 2.       Grant Users with Hosted Voicemail Policy and enable for UM within Lync

Once the users have been enabled within Office 365, the user’s Lync account will need to be amended to use the new hosted voicemail platform. Below are the Lync Management Shell commands required to complete this. Substitute domain\username with the actual details. Policyname is the name of the UM policy created.


To grant the policy to a user, run:

Grant-CsHostedVoicemailPolicy –Identity domain\username –Policyname policyname


To enable the user for Hosted Voicemail, run:

Set-CsUser –identity domain\username –HostedVoicemail $true


 They should now have voicemail options in the Skype client



On a domain controller you can use Powershell to determine the Windows versions of systems on your domain

Get-ADComputer -Filter * -Property * | Format-Table Name,OperatingSystem,OperatingSystemServicePack,

OperatingSystemVersion -Wrap –Auto

Display info for all OSes. Output is formatted into columns
Get-ADComputer -Filter {OperatingSystem -Like “Windows Server*”} -Property * | Format-Table Name,OperatingSystem,OperatingSystemServicePack -Wrap -Auto
Display all Windows Servers devices
Get-ADComputer -Filter {OperatingSystem -Like “Windows Server*”} -Property * | Format-Table Name,OperatingSystem,OperatingSystemServicePack -Wrap -Auto > c:\servers.txt Display all Windows Servers devices with output to txt file.

VCP6 Study Notes

No comments

Below are the quick study notes I made whilst studying for my VCP6 (2V0-621D). I’ve tried to focus on the key areas to keep them as short as possible.

ESXi 6.0

Installation Requirements

  • Requires a minimum of 4GB RAM
  • At least two CPU CORES
  • 64-bit x86 processor released after September 2006
  • Requires the NX/XD bit to be enabled for the CPU in the BIOS

Scripted Installation

Performing a Scripted Install requires:

  • Creating a script ( ks.cfg) using the supported commands.
  • Editing the installation script as needed to change settings that are unique for each host.
  • Running the scripted installation process by either specifying boot options, or automatically booting using PXE boot.
  • The installation script ( ks.cfg) can reside in any of these locations:
    • FTP
    • NFS Share
    • USB flash drive
    • CD/DVD device



Holds IP address of DNS servers



The default option for ESXi 6 = retry=3 min=disabled,disabled,disabled,7,7

To explain the fields retry=3 min=disabled,disabled,disabled,7,7,passphrase=2








A user is allowed 3 attempts to enter a sufficient password.

Passwords containing characters from one character class must be at least eight characters long. For example: vmwareee

Passwords containing characters from two character classes must be at least eight characters long. For example: vmware12

Passphrases must contain words that are each at least eight characters long. For example: vmwareee

Passwords containing characters from all three character classes must be at least seven characters long. For example: VMware12

Passwords containing characters from all four character classes must be at least six characters long. For example: VMware1!

Require minimum of 2 “words”


The word “disabled” can be used to not use specific password complexity.

Lockdown Mode

  • Normal mode –
  • Strict mode –


ESXi can be updated via a VIB file (vSphere Installation Bundle). This is a collection of files packaged together in an archive. An offline bundle contains a VIB and the metadata required to manage the installation of the VIB.

Use the command esxcli software vib install -d to manually install an offline bundle on ESXi


List of incoming connections

vSphere Management Appliance

Key commands


View DNS addresses of host


Virtual Machines

Max number of CPUs = 128

VM Disks

Independent – means cannot be snapshotted.

  • Independent Persistent Mode – changes are persistent
  • Independent Non-persistent mode – when the VM is powered off or reverted to snapshot the contents of the disk revert to their original settings.

DirectPath I/O

Allows VMs to directly access hardware – e.g. physical NIC

Unexposed Features

Along with vsphere VMs are designed to run on workstation and fusion systems. There are certain VMS features that do not need to be enabled on a vsphere system.

CPU Affinity

Specifies VM to process placement

Reservation & LImits

A reservation = a guarantee on either memory or CPU

Virtual Machine Upgrade

Recommended pre-requisites

  • Create a backup or snapshot of the virtual machine.
  • Upgrade VMware Tools. On Microsoft Windows virtual machines, if you upgrade the virtual hardware before you upgrade VMware Tools, the virtual machine might lose its network settings.
  • Verify that all .vmdk files are available to the ESXi/ESX hosts on a VMFS 3, VMFS 5, or NFS datastore.
  • Verify that the virtual machines are stored on VMFS 3, VMFS 5 or NFS datastores.
  • Determine the version of the virtual hardware by selecting the virtual machine from the vSphere Client or vSphere Web Client and clicking the Summary tab. The VM Version label in the Compatibility field displays the virtual hardware version.


Linked mode enables windows and appliance-based VCs to communicate. Integrated with platform controller and no longer requires ADAM.

Communicates with ESXi hosts using ports 902, 903 and 443

Minimum requirement (Tiny with embedded controller):-

  • 120GB Disk space
  • 10GB RAM
  • 2 CPUs
  • If installing on Windows needs 2008 SP2 or higher


  • You can upgrade Vcenter appliances version 5.1 Update 3 and higher to 6.0
  • To upgrade a distributed vcenter server from 5.5 to 6.0 you must manually stop and remove the vcenter inventory service.
  • To triage installation problems look in the firstboot directory, or at the log files
    • Vminst.log – custom actions
    • vim-vcs-msi.log – vcenter service
    • pkgmgr.log

Platform Services Controller

Contains shared services such as SSO, licensing, certificate management. Can be embedded or installed separately. Recommend installing separately for large deployments with multiple VCs.


Database used can be embedded (postgres) or Oracle


Cannot be installed on a DC

Content Library

A Content Library is a place to store templates, vApps, OVA / OVF, as well as other files. You can subscribe to other content libraries via a subscription URL

AD Integration

When configuring note you can use a machine account or an SPN

vSphere Distributed Switch (VDS)

Requires Enterprise plus license

  • Host Networking Rollbacks – Any change that disconnects a host’s management connection will be automatically rolled back.
  • Distributed Switch Roll Backs – rolls back changes made to vds that cause the management connection to be dropped


Network I/O Control v3 –

Bandwidth guarantee to virtual machines using contructs of shares, reservation and limit.

  • IGMP/MLD Snooping –

Resource Pools

Resource Pools can be used for :-

  • Prioritising VMs
  • Selling resource inside or outside an organisation
  • Performance guarantee – i.e. create a “dev” and a “biz critical” resource pool

Key terms:-

  • Reservation – Amount of resource guaranteed to be available. If utilisation is lower than the guarantee the resource can be used elsewhere.
  • Expandable Reservation – can request addition CPU/RAM from parent over and above the memory reservation.





See below


Guaranteed CPU or memory for this resource pool

Expandable Reservation

Can use resources from parent – e.g. if powering on VM exceeds threshold


Upper limit of CPU or memory


Share allocation:-














  • Low = 2000
  • Medium = 4000
  • High = 8000


A slot is the maximum memory required by any VM and the maximum CPU resources required by any powered on VM in a cluster.


HA VM Monitoring

Will restart a VM if the heartbeat is not received in a certain interval and no storage or network IO is generated. The default interval for storage/network IO is 120 seconds although this can be changed via the cluster setting: das.iostatsinterval

Failure Interval – HA will restart the VM if the VMs Tools heartbeat is not received in this interval

Minimum uptime – after this time HA begins moniroing the VM

VM Overrides

To remove a VM from HA monitoring


vCenter 5.x & 6.0 use Fault Domain Manager (FDM) agents for HA. The log for these is found in /var/log/fdm.log

Storage DRS

  • Can balance VMs across datastores based on I/o metrics.
  • SDRS uses SIOC to evaluate datastore capabilitiesand latency info.
  • By default SDRS will not move VMs with independent disks
  • SDRS will not move VMs with fault tolerance enabled
  • When attempting to put a datastore into maintenance mode the task remains at 1%. This could be due to:-
    • SDRS being disabled on the disk
    • SDRS rules prevent the migration recommendations for the disk
  • Old Affinity rules take precedence over newer ones
  • Anti-affinity rules take precedence over affinity rules


Can set alarms at various levels including host.

Host Power Management


  • A private VLAN can be primary or secondary.
  • PVLANs can only be configured on vDS
  • Secondary VLANs only exist within primary vlans. Note a primary vlan can be promiscuous – meaning it can send and receive on all secondary vlans. Routers are typically attached to promiscuous ports.

Secondary PVLANs can be either:-

  • Isolated – Can only communicate with the promiscuous PVLAN
  • Community. – can communicate with other ports on the same secondary PVLAN


  • LACP works with IP Hash load balancing and link status failover detection.
  • It is not compatible with iSCSI multipathing and host profiles

Storage I/O Control


  • Enterprise plus licensing
  • ESXi 4.1 or later (block storage)
  • ESXi 5.0 or later (NAS)
  • If using tiering, check SAN compatibility guide to confirm certification of your array
  • Datastore must be managed by a single vCenter server

Not Supported

  • More than 1 extent
  • RDM

Will start at 90% of peak throughput by default


  • Permanent Device Loss (PDL) – when an array reports a LUN no longer exists
  • All Paths Down (APD) – cannot communicate with the storage device

Performance Management

You can edit the “shares” allocation of a VM here.


  • Pluggable Storage Architecture (PSA) – Used to manage storage multipathing. VMware provides a generic Multipathing Plugin (MPP) called Native Multipathing Plugin (NMP).
  • Storage Array Type Plug-Ins (SATPs) run in conjunction with the VMware NMP and are responsible for array-specific operations. ESXi offers a SATP for every type of array that VMware supports
  • If no SATP is assigned to the device by the claim rules, the default SATP for iSCSI or FC devices is VMW_SATP_DEFAULT_AA. The default PSP is VMW_PSP_FIXED
  • The default PSP for all devices claimed by VMW_SATP_ALUA is VMW_PSP_MRU
  • esxcli storage core plugin list –plugin-class=MP – Use to list multipathing modules

vSphere On-Disk Metadata Analyser (VOMA)

  • Introduced in vSphere 5.1
  • Allows you to check the metadata on a LUN – e.g. if you suspect corruption
  • Is a read-only tool
  • Requires exclusive access by 1 host (i.e. you need to unmount the LUN from the others)

partedUtil –

A cmd-line disk partitioning tool for ESXi

Storage IO Control

Requirements: –

  • Enterprise+ licensing
  • Hosts must be ESXi 4.1 or higher
  • Managed by single VC
  • NFS and RDM not supported
  • Only 1 extent allowed
  • Array must be SIOC certified

Auto Deploy

  • Can be used to deploy 100s of ESXi hosts
  • Rules can assign image profiles and host profiles to a set of hosts, or specify the location (folder or cluster) of a host on the target vCenter Server system. A rule can identify target hosts by boot MAC address, SMBIOS information, BIOS UUID, Vendor, Model, or fixed DHCP IP address.
  • Use Export-EsximageProfile to ensure imgage projfiles are saved after closing a powercli session


In vSphere 5.0 VMWare introduced a software FCoE adaptor. This means that with a NIC (that supports partial FCoE offload) you can access LUNs without the need to buy an expensive dedicated HBA or by using 3rd party drivers.

Configuration guidelines

  • Disable STP
  • Turn on Prirotiy-based Flow Control (PFC) and set to AUTO
  • Add each NIC port to separate vSwitch (for redundancy)
  • If moving a NIC from one vSwitch to another (when using FCOE) you will need to reboot (!)

vSphere Replication

Replicates virtual machines:-

  • From a source site to a target site
  • Within a single site from one cluster to another
  • From multiple source sites to a shared remote target site

Key features

  • License included in Essentials plus and up.
  • Supports a max of 24 snapshots\replicas
  • No need for VC at remote office (can use intra-VC replication)


The amount of bandwidth required will depend on:-

  • Network-based storage
  • Size of dataset
  • Data change rate
  • Recovery point objective (RPO)
  • Link speed

There is a vSphere Replication Capacity Planning Appliance that can be used to estimate the amount of bandwidth required.

Uses FastLZ compression library to provide balance of speed, CPU overhead and compression efficiency.


vSphere Replication uses (PKCS#12) certificate based authentication for all connections to vCenter Servers.

The keystore and truststore passwords might be stored in an access restricted config file. vSphere Replication has the following keystores:

  • /opt/vmware/hms/security/hms-keystore.jks, which contains the vSphere Replication appliance private key and certificate.
  • /opt/vmware/hms/security/hms-truststore.jks, which contains additional CA certificates besides the ones that Java already trusts.

Virtual SAN (VSAN)


A virtual SAN fault domain enables Virtual SAN to tolerate failures of entire physical rack as well as failures of a single host, capacity device, network link or a network switch.

When you configure a fault domain VSAN ensures protection objects (e.g. replicas and witnesses) are placed in different fault domains.

VSAN Requirements

  • 3 ESXi hosts
  • Requires a minimum of 1 SSD AND 1 HDD per host. Make sure the SSD is not used by the flash read cache.
  • 6GB RAM

Managing Disk Groups

  • You can chose 1 SSD and up to 6 HDDs per disk group
  • Best practise is to have multiple disk groups with fewer disks – otherwise rebuild times are awful

vSphere Flash Read Cache (vFlash)

  • New from vSphere 5.5 vFlash allows you to leverage local host SSDs as a cache.
  • Uses Virtual Flash File System (VFFS)
  • Needs Enterprise Plus
  • You must enable it at host and then on vm (hardware version 10 required)

VMKernel Ports

Useful CLI Cmds

esxcli software vib list –rebooting-image

Displays information for the ESXi image which becomes active after a reboot, or nothing if the pending-reboot image has not been created yet. If not specified, information from the current ESXi image in memory will be returned.

esxcli software vib update -d /vmfs/volumes/<your_volume>/VMware-ESXi-6.0.0-2494585-depot.zip

Update version of ESXi using cmd line

Esxcli network nic list

Show info on physical adaptors


Change password

Esxcfg-vswitch -l


Esxcli network vswitch standard list

Shows vSwitch info

Df -h

Show LUN info

Esxcli network vm list


Esxcli software vib install -d


Excli storage vmfs unmap

Claim back unused space from think provisioned lun

Log Files


Host management service logs, including virtual machine and host Task and Events, communication with the vSphere Client and vCenter Server vpxa agent, and SDK connections.


Core VMkernel logs, including device discovery, storage and networking device and driver events, and virtual machine startup


vCenter server agent logs

SSL Certificates

New to vSphere 6.0 are different SSL certificate options. They are:

  • VMware Certificate Authority mode – VMCA automatically provisions host certificates
  • Custom Certificate mode – Enabled you to use your own certificates
  • Thumbprint mode – Can be used to retain vSphere 5.5 certificates during upgrade


A NUMA (Non-Uniform Memory Access) is a design approach that places memory next to CPUs. For example on a dual-CPU server motherboard you will often see 2 banks of RAM around the 2 CPUs. In the example of a 2x CPU socket system with 6 cores per socket and 128GB RAM you have a 2x NUMA collections each with 1 socket, 6 cores and 64GB RAM.

When sizing “monster” VMs with many CPUs you should aim to avoid spanning physical CPUs as potentially introduces a performance hit.

Therefore in the above example for a VM that requires 8 CPUs it is better to create a VM with 2x virtual sockets and 4x virtual cores than to just create 8 virtual CPUs





Key Fields


M = memory





%RDY – How much time the VM CPU spent waiting for CPU

%MLMTD – If larger than 0 is being throttled by CPU limits

D = Disk Adapter


GAVG/rd should not be > 30

N = Network


V = Disk VM


Key Fields






How long the vm was ready but was waiting for a physical CPU. (CPU STOP)



Time VM unable to get access to physical CPU



Percentage of time the vCPU was ready to run but had hit the CPU limit setting



Amount of time the virtual machine is waiting for a VMkernel resource.



If near 100% check CPU affinity





In most cases CMDS = IOPs



Average response time



Amount of time the command spents in the VMKernel

Key Ports






Communication between vCenter and managed hosts



Remote Console



vCenter Appliance web user interface



vSphere Web Client default port (https)


Authorization types:-

  • Global – across multiple solutions (VCs)
  • vCenter – the hierarchy contained in a VC
  • vSphere.local – predefined platform services controller groups

The vsphere.local domain includes several predefined groups. For services that are not managed by vCenter priviledges are set by group membership below. Be careful adding users to these groups as it is often not recommended.

Default Roles

Lockdown Mode

Exception accounts can be used as ‘service accounts’ to connect to an ESXi server during lockdown mode.


A list of users granted access to the DCUI. By default this is only the “root” account

License Comparison