Browsing Posts published by Huw

This article explains how to create an SMTP relay on windows server. We have found that after migrating businesses to Office365 there are certain applications that need to send emails. By creating a local SMTP relay you bypass the need to relay the emails through Office365.

In this example we are installing and SMTP relay on Windows 2008r2


The server that will be acting as an SMTP relay must be allowed through the firewall for outbound port 25 connections.

Step 1 – Add SMTP server feature

Select SMTP server. It will ask you to install the pre-requisite roles which you will need to do.


Step 2 – Allow Relay

Open IIS Manager and go to the relay section of the SMTP virtual server (as shown below).

Enter the IP of the servers you would like to relay though this.

Step 3 – Configure Application

In the below example I have configured Veeam to use this server


Best Practise

As you have just created a non-registered SMTP server, there is a high chance that this email may be classed as spam. The below list will help ensure your email reaches its destination but are out of the scope of this article. You may want to

  1. Add the sending address to a whitelist (e.g. mimecast permitted senders)
  2. Add public IP used by the server to an allow list (such as the office365 allow list)
  3. Setup PTR record for the public IP used by this server
  4. Update SPF records to include the public IP used by this server


In this article I explain how to perform a simple P2V using vmware convertor. This guide is designed for IT professionals.

Pre-Requisite Checks

  • Are there any usual PCI cards e.g. SCSI cards. If there are you may not be able to virtualise
  • Are there any USB devices connected.
  • How big are the server drives will they fit on the destination ESXi server
  • Is there enough RAM on the destination ESXi server
  • Confirm both source and destination servers are on a GB port otherwise the p2v may take a long time.

Step 1 – Prepare the Machine for P2V

I recommend the following steps:-

  • Make a note of the IP settings. Go to the start menu, then choose run and enter “cmd”. This will bring up a cmd prompt. In the cmd prompt enter ipconfig /all > c:\ipconfig.txt. On windows 7 you will have to run the cmd prompt with administrative permissions or you may get an access denied error

This is because following the p2v a “new” network adaptor is installed and this will need to have the IP information entered into it.

  • Stop any services that will keep data files open for example the exchange information store or SQL services

This will ensure that the files are brought across in a consistent state.

Step 2 – Download and Install VMWare Convertor

  • Download and install. Although you can run vmware convertor remotely you will have a greater chance of success if you install it on the machine you want to p2v. Vmware convertor can be downloaded from here:-

  • Disable SSL (optional) – By default, VMware Converter uses SSL to transmit data. Switching off SSL will speed up the p2v. You can do this by editing an xml file on the machine running VMware converter. It is located in

    C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\converter-client.xml

    Look in the NFC section:


    <useSsl>false</useSsl> –Change to false.



Step 3 – Start the P2V

  1. Open VMware converterand select “convert machine”, then “This local machine” (assuming you installed the converter on the machine you want to p2v).

  1. Enter the details for the ESXi server you want to connect to and click next. Note that if you use a vCenter Server you may want to enter those details instead. Ignore any SSL errors.

  1. On the next screen enter the name of the VM and click next.
  2. On the next screen where you want to store the VM. Obviously make sure there is sufficient disk space!
  3. On the options section there are a few things you will wish to check. Firstly the disk layout if there machine has multiple drives you may wish to make sure they are all on separate virtualdisks. This will make resizing the drives in the future far easier.

  4. vCPUs – consider the number of CPUs needed for the virtual machine. If the VM is not running software that takes advantage of multiple CPUs (such as exchange, SQL etc) then there is little point having more than one CPU.
  5. Networks – Again if the VM only requires one network card there is little point having 2. I also recommend disabling the network card. This allows you to check the p2v has been successful before shutting down the original physical machine.

  1. Services – I recommend disabling any hardware specific services (such as Dell Openmanage) that will not be required once the machine is virtualised.

  1. I recommend choosing to install vmware tools following conversion (this saves doing it manually).

  1. Click next and start the p2v process.


Step 4 – Post P2V

  • Logon to the ESXi server (or vCenter) and check that the new virtual machine has started up successfully.
  • Assuming it has you can now power down the original host.
  • If you disabled the network card in step 7 above then you now need to enable it. You can do this by editing the properties of the VM.

  • Go to the control panel and remove any hardware specific software which is now not needed. For example Dell OpenManage software.
  • Again in the control panel go to the network section and put the IP addresses into the network card. You can get the IP information from the c:\ipconfig.txt file created in step 1.

  • Reboot the new VM and verify you can access it over the network.



In this article I am setting up a vCenter appliance and configuring it with Active Directory.


1 – Download and deploy appliance

Log onto and browse to the download section.

Log onto one of your ESXi hosts and deploy via the VI client.

I would also check the time on the ESXi hosts is correct and matches the time on your Active Directory DCs.

Follow the wizard, once complete you should have a running appliance.


2- Setup Appliance

Log on to the appliance using the link specified above (e.g. Note that the default username is root with a password of vmware.

Run through the wizard using the default settings.

Enter IP information on below section. Enter the Active Directory DNS servers.

Make sure the time zone is correct


3 – Configure Active Directory Integration

Go to the below tab and enter your active directory details. You will need to reboot the appliance once entered.

Then log onto the vCenter web client. This is on https://IP-OF-VCSA:9443

Note if you get an SSL error when trying to log into the web client you may need to regenerate the SSL certificate and reboot the appliance.

Once you have logged on go to the below section and add the active directory details. E.g.

Primary Server URL = ldap://FQDN-of-your-1st-DC

Secondary Server URL = ldap://FQDN-of-your-2nd-DC

Base DN for users = specify the active directory DN

Domain alias = your domain name

Base DN for groups = as above specify the active directory DN

Authentication type = Password

Username and password = enter the details of an active directory account

Click ok and then I would recommend rebooting the appliance.

Once rebooted you will need to log onto the appliance and manually add any active directory groups you want to give permissions to – see below.



This article explains how to upgrade the firmware on a Cisco SGE or SFE 2000 series switch. The firmware files are uploaded using TFTP so you will need to have this installed on whatever computer you are using to update from (i.e. your PC).

Download Firmware Update and Copy to TFTP

  • The current release for the SFE 2000 series switches (v3.0.2) can be found here
  • The current release for the SGE 2000 series switches (v3.0.2) can be found here
  • Once downloaded you should extract the firmware update file (.ros) and copy to the TFTP directory on your PC. I am using Solarwinds TFTP.

Note I have copied the .ros file into the TFTP directory

Upload to Switch

  • Log onto the switches web interface and navigate to the below screen.

  • Once you have filled out the appropriate info as shown above click on “apply”. This will initiate an upload of the file from your PC.
  • Once complete click “done” and navigate to the “active image” section

  • Change the active image after reboot. For example if the current active image is “Image 1″ change the after reset image to be “Image 2″. If the active image is “Image 2″ change the after reset image to “Image 1″.
  • Click Apply.

Reboot Switch

  • You must then reboot the switch. Go to the below screen and click on reset.

The switch will reboot and the firmware update should be complete.


This article explains how to install an SSL certificate on a Watchguard SSL100. I have purchased the certificate from godaddy.

If you found this article useful please click on my referral link before ordering your SSL certificate – cheers!


Step1 – Download and Install OpenSSL

NB – The SSL100 requires the certificate to be PEM formatted with a separate private key.

I recommend using openssl to generate the certificate signing request (CSR). You can download this from

I recommend downloading the version shown below.

Once downloaded please install this. If prompted to install any dependencies (e.g. Microsoft Visual C++ 2008 Redistributable Package) then please do so before installing openssl.

Step2 – Use OpenSSL to generate CSR

Open an elevated command prompt and change to the openssl-win32 directory (i.e. enter the commend cd \openssl-win32\bin). Then enter the below.

openssl genrsa -out wgnet.key 2048

openssl req -new -key wgnet.key -out wgnet.csr

Lastly you need to convert the private key into PKCS#8 format. Enter the command

openssl pkcs8 -topk8 -in wgnet.key -out wgnet.pk8

You have now generated 3 files – wgnet.csr, wgnet.key and wgnet.pk8

Step3 – Use CSR to generate SSL certificate

In this example I am buying the certificate from godaddy ( I chose godaddy as their certificates are easy to rekey incase of any errors or lost certificates. They are also cheap.

If you found this article useful please click on my referral link before ordering your SSL certificate – cheers!

You require a standard SSL certificate.

Once purchased go to manage your certificates and setup the certificate you have just bought.

Open the wgnet.csr file in notepad.

Copy the contents into the CSR window as shown below.

Follow the wizard through. You will need to run through domain validation before the certificate is issued.

Step 4 – Install Certificate

Once you have completed domain authentication you will get an email from godaddy with a link to download the certificate. Note below I have chosen the certificate type “other”.

Log onto the Watchguard SSL and go to manage system – certificates.

Click on add server certificate

Select the certificate you downloaded from godaddy and the key file you created in step 2. Use the password also created in step 2.

Then to make the certificate live go to “administration service” and select the server certificate you just added – as shown below.

Select “save” and then “publish”.

Then go to “device settings”. Select the new certificate here also. Note this will cause the device to reboot as shown below.

Once the device is back up select publish to make your changes live. You can then test this externally.

Again, if you found this article useful please click on my referral link before ordering your SSL certificate – cheers!


This article explains how to restore a single file from a Windows server using Veeam Backup and Recovery v6.5

Open Veeam Backup and Recovery and click “restore”, then choose “Guest files (windows)”

Select the server

They select the backup you want to restore from.

Browse through to the file you want to restore. I recommend copying this to another location and then renaming the document – e.g. WordDoc1-RESTORED.docx




  • Check that “virtualization technology” is enabled in the BIOS

Load ESXi software

  • Where possible download the vendors version of ESXi. For example Dell provide their own customized ISO that contains Dell specific settings for SNMP etc.
  • (Alternatively you can use the Dell Uniform Server Configurator – you will still need the Dell ESXi ISO however.

  • After downloading the ISO from the Dell Website I have booted the server off it and install ESXi.

  • Choose keyboard layout and enter root password

  • After reboot press F2 to enter the configuration screen

  • Configure the IP address, subnet mask, default gateway, DNS servers, hostname and suffix.


It is far, far easier to patch using virtual center if one is available.

Patching via command line

If the server connects to virtual center then I recommend using the “update” plugin to patch the host. Otherwise you will need to manually install the patches from the command line (either via the VMA or the vSphere CLI). Below are the commands to patch from the command line (warning it is likely that further patches will be released in addition to the below):

Please replace XXXX with the host ip address of your ESX server

Please replace YYYY with the root password –server XXXX –username root –password YYYY -i -b –server XXXX –username root –password YYYY -i -b –server XXXX –username root –password YYYY -i -b –server XXXX –username root –password YYYY -i -b –server XXXX –username root –password YYYY -i -b –server XXXX –username root –password YYYY -i -b

Patching Using VC

You will need to have the update manager plugin install on the VC.

Then use the update manager tab to patch the servers.

Install Custom Updates

If using a Dell server download and install the Equallogic Openmanage VIB.

Import the patch into the repository

Create a baseline for the patch


If you haven’t got the Vmware VI client installed on your PC already you will then want to download the VI client to enable you to manage this server. You can get this by opening a web browser and entering in the IP of the ESXi server (as shown in the diagram above).

Although I have configured the below settings via vi client you can also set these on the console of the ESXi server.

  • Click on the link highlighted above and install the VI client. Note that this downloads the client from the web and not from this server. It may take a few minutes.
  • Once installed open the vi client and connect to the ESXi server IP as shown below. Note the default username is root with no password.

You may now want to customise your install.

Add other NICs to vSwitch:

This will improve performance and add a degree of fault tolerance with the network cards.

Setup NTP:

Note that VMs will likely pickup the time from the ESXi server so it is important the time is correct

I recommend using the NTP servers:-


License VMware:

You will need to Register with Vmware and they will email you a license. Once you have this you can enter this on the below screen.

Setup iSCSI

If connecting to an iSCSI SAN you will need to setup iSCSI.

Create VMkernal ports

As below. Note the iSCSI heartbeat port must have the lowest vmk number.

Enable jumbo frames (if used on iSCSI network).

Change the MTU for the vSwitch

For each port group change the MTU to 9000

Change each of the iSCSI port groups to use an active and standby adapter. Each (iSCSI) port group should use a different active and unused adapter. i.e. the active adapter on iSCSI 1 is the unused adapter on iSCSI 2 and vice versa.

Add and Enable iSCSI adaptor

An iSCSI software adaptor should appear. Go into the properties of this and bind with VMkernel adapters.

Setup CHAP (If used)

Bind VMkernel ports

Connect to SAN

In the below example I have entered the Group IP of the iSCSI SAN

You should then rescan the adaptor

You should now be able to see LUNs from the SAN

Setup vMotion

In a multiple server environment with shared storage (e.g. SAN) you will want to setup vMotion to enable live migration of VMs.

Add a new (VMkernel) vSwitch and select the VMNIC you have setup for vMotion

Allocate a range on the vMotion subnet, click next and finish.


Health Monitoring (If using Virtual Center)

You can configure virtual center to send email alerts for specific events. You will need to setup your email server to allow smtp relay from the virtual center server. This is setup at the VC level so may already be enabled.

Configure Virtual Center Server settings

Configure the alert you want to be emailed about

Setup Scratch Location (if installed on SD or USB card)

VMWare recommend a persistant scratch location for temporary data such as logs, diagnostics, system swap etc. If you have install ESXi on an SD or USB card there may be no space for this. In this instance I have created a LUN specifically for scratch data.

Create a folder on the LUN for the new server

Go to “advanced settings” then “ScratchConfig” and specify the location you have just created (i.e. /vmfs/volumes/DatastoreName/foldername)

You will need to reboot for these changes to take effect.


Add other NICs to vSwitch0

It is recommended to add multiple NICs to vSwitch0 (to enable VMs to communicate over multiple NICs).


In this example I am installing the VMWare Storage Appliance onto ESXi servers that have existing running VMs. This is known as a brownfield installation.


  • The VSA Manager must be installed on a 64-bit Windows vCenter machine that runs vCenter Server version 5.0 or later.
  • vCenter does not need to be on the same subnet as the cluster
  • The VSA cluster service must be installed on a machine in the same subnet as the cluster
  • Once installed you cannot add another ESXi host to a running vCenter cluster
  • You can resize the size of the VSA storage after installation
  • You will need at least 2GB free space on the machine where you are installing the VSA cluster service.
  • The VSA Cluster Service is only necessary in two node configurations


  • 2x ESXi servers in head office
  • 1x ESXI server in branch office


  • You must have a vcenter server, with a data center created and the ESXi hosts added

Heap Size

  • I recommend changing the heap size on each ESXi server in the cluster to 256 (see below).

EVC mode

You have 2 options:-

  • Power off all the virtual machines before installing the VSA, or
  • Change the file to raise the EVC baseline

The file is located on the system where the vCenter Server is installed, under the C:\Program Files\VMware\Infrastructure\tomcat\webapps\VSAManager\WEB-INF\classes. Change the line evc.config.baseline=lowest to evc.config.baseline=highest

Switch Configuration

The switching setup is very important, therefore I recommend writing out what NICs are used for what. I recommend using VLANs to isolate cluster traffic so you will need to know the physical switch port that each VMnic connects to.





Active Use

Standby Use




VM Network

Management Network

VSA Front End




VSA Front End

VM Network

Management Network




VSA-Back End






VSA-Back End





Active Use

Standby Use




VM Network

Management Network

VSA Front End




VSA Front End

VM Network

Management Network




VSA-Back End






VSA-Back End

I then created a VLAN on the switches for the VSA-Back End (and VSA-VMotion) NICs. This is to isolate the traffic from the main network.

vSwitch Configuration

  • On each ESXi server create the vSwitches as shown below. Note that the Port-group names are case sensitive.
  • You will need to enable vMotion on the VSA-VMotion port group and assign an IP address.

As per the table in the switch section you need to set one active and one standby adaptor for the port groups.


Active for

Standby for


VM network

Management Network

VSA-Front End


VSA-Front End

VM network

Management Network


VSA-Back End




VSA-Back End

You can set the active/standby adapters for a port group on the below tab.

Install VSA Cluster Service

In the example below I am installing the VSA cluster service on the VMWare Management assistant. You will need to connect to the vMA and have internet access from the vMA. Alternatively there are Windows and Linux versions that can be downloaded and installed on separate OSes. I am not sure if VMWare support installation of the cluster service on the VMA so I would recommend installing it on a separate Windows or Linux VM.

From the vMA enter the below commands (for more information about this install see the excellent guide here):-

  • sudo zypper –gpg-auto-import-keys ar vMA-SLES-11.1
  • sudo zypper refresh
  • sudo zypper se gettext
  • sudo zypper in gettext-tools

From the VMware website download the VSA cluster service for Linux ( Create a folder(tmp) under the /home/vi-admin folder and copy the zip file into that.

Once the copy has completed enter the below commands

  • cd /home/vi-admin/tmp
  • unzip *.*
  • cd V*
  • cd setup
  • sudo ./

Apparently the above errors are not important

Installation of VSA Manager

On the VC download “VSA Manager” from the VMWare website (in this instance I used VMware-vsamanager-all-5.1.0-859644.exe)

Once installed open the vi client on the virtual center and you should see a VSA manager tab.

Run through the installer and choose the appropriate data center. Then select the hosts to go into the cluster

Note I have entered the IP of the VMA for the cluster service IP address.

Fill out the necessary IP info

Note that the VSA size below is 1TB. This will actually create 2x 500GB VSA datastores. You may want to check if any of your VMs have drives larger than the size of the VSA datastores. The reason it creates 2x 500GB datastores is that each server must replicates the other server’s datastore.

If you choose to format the disks immediately it may take a while.

Note that I have not used dedicated VLANs for the cluster front-end and back-end portgroups. As mentioned about I have created port based VLANs on the switch to isolate the back-end traffic.

I was initially concerned by the below message but I can confirm that after installation it did not wipe the datastores on which the existing VMs resided.

After a short while the installation will complete.

The VSA manager tab should now be populated with information about the cluster and storage. Note the “change password” option. As mentioned above it is recommended to change your password.

The Cluster is now installed and you now have the option to migrate your running VMs onto the VSA storage (e.g. VSADs-0 and VSADs-1)


When installing vCenter 5.1 you may get the error message:

“Error 32010. Failed to create database users. There can be several reasons for this failure. For more information, see the vmMSSWLCmd.log file in the system temporary folder”

You can find the location of vmMSSQLCmd.log in

The reason for the error should be in this file. In my instance it was because the passwords chosen for the RSA_DBA and RSA_USER accounts did not meet windows complexity requirements. I changed the passwords to something more complex and the install completed successfully.


If you found this article useful please click on my referral link before buying your godaddy certificate

When trying to purchase a SSL SAN certificate you may run into problems if your Active Directory domain uses a non-standard domain name e.g. if it ends with .local

For example godaddy with fail giving you the error message

One or more SANs is not a fully qualified domain name. You must drop the invalid SANs

Please note:After November 1, 2015, Go Daddy will no longer provide SSL certificates without a fully-qualified domain name or IP address, such as ‘mail’, ‘intranet’, or

This is due to a change in legislation for certificate authorities designed to improve security.

In the example below I have tried to register 5 FQDNs:-

  • Autodiscover.yourdomain.local (this is a non-standard FQDN)
  • Servername  (this is a non-standard FQDN)
  • Servername.yourdomain.local  (this is a non-standard FQDN)


As you cannot register the non-standard domains you will not be able to register

  • Autodiscover.yourdomain.local (this is a non-standard FQDN)
  • Servername  (this is a non-standard FQDN)
  • Servername.yourdomain.local  (this is a non-standard FQDN)

You can only register


This means that you will need to reconfigure your exchange server to use your public domain name (e.g. on your internal network. Otherwise you may get Outlook certificate error messages stating “The name on the security certificate is invalid or does not match the name of the site”.

Create DNS Zone for your public internet domain

By creating an Active Directory zone for your public DNS name you can change what IP address is resolved. E.g. should resolve to an internal IP. This is known as split brain DNS.

As you are creating a DNS zone for your public domain name you will need to enter any host records you use e.g. www for your website. All exchange DNS records should point to the exchange server’s internal IP.

This allows you to use your public FQDN internally. This reduces the number of DNS names you need to register, e.g. just two.


Note I have created host records for “mail” and “autodiscover”. Therefore please order the SSL certificate with just the 2 FQDNs e.g.,

Set Exchange to Use the Public FQDN

You can view what URLs exchange is using by running the “test e-mail autoconfiguration” program in Outlook.

You will need to set exchange to listen on the public FQDN for a number of key services. To do this need to open the Exchange Management Shell and enter the below commands changing the FQDN ( and change the servername (CAS_Server_Name)

Exchange 2007

  1. Change the Autodiscover URL in the Service Connection Point. The Service Connection Point is stored in the Active Directory directory service. To change this URL, type the following command, and then press Enter:

    Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceInternalUri

  2. Change the InternalUrl attribute of the EWS. To do this, type the following command, and then press Enter:



    Set-WebServicesVirtualDirectory -Identity “CAS_Server_Name\EWS (Default Web Site)” -InternalUrl

  3. Change the InternalUrl attribute for Web-based Offline Address Book distribution. To do this, type the following command, and then press Enter:

    Set-OABVirtualDirectory -Identity “CAS_Server_name\oab (Default Web Site)” -InternalUrl

  4. Change the InternalUrl attribute of the UM Web service. To do this, type the following command, and then press Enter:

    Set-UMVirtualDirectory -Identity “CAS_Server_Name\unifiedmessaging (Default Web Site)” -InternalUrl

  5. Open IIS Manager.
  6. Expand the local computer, and then expand Application Pools.
  7. Right-click MSExchangeAutodiscoverAppPool, and then click Recycle.


Note you can check the current settings using the get-clientaccessserver command.

Exchange 2010

  1. Start the Exchange Management Shell.
  2. Modify the Autodiscover URL in the Service Connection Point. The Service Connection Point is stored in the Active Directory directory service. To modify this URL, type the following command and then press ENTER:       Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceInternalUri
  3. Modify the InternalUrl attribute of the EWS. To do this, type the following command, and then press ENTER:         Set-WebServicesVirtualDirectory -Identity “CAS_Server_Name\EWS (Default Web Site)” -InternalUrl
  4. Modify the InternalUrl attribute for Web-based Offline Address Book distribution. To do this, type the following command, and then press ENTER:            Set-OABVirtualDirectory -Identity “CAS_Server_name\oab (Default Web Site)” -InternalUrl
  5. Open IIS Manager.
  6. Expand the local computer, and then expand Application Pools.
  7. Right-click MSExchangeAutodiscoverAppPool, and then click Recycle.

Confirm Working

By running test email autoconfiguration in Outlook the URLs used for exchange should have changed to the public addresses.