vmware fah appliance 3

Using FAHControl to monitor multiple Folding@Home Clients

Uncategorized, , ,

This blog post will cover how to centrally manage multiple Folding@Home clients.

  • Installing FAHControl
  • Monitor Multiple instances of VMware Appliance for Folding@home
  • Configuring Access to your Linux based clients or directly on the VMware F@H Appliance
  • Connecting FAHControl to your clients
  • Troubleshooting FAHControl issues
  • Firewall Rules

Installing FAHControl to monitor multiple installations

For Windows instances, this is installed as part of the FAHClient

  • “C:\Program Files (x86)\FAHClient\FAHControl.exe”

For Linux, you will need to install FAHControl separately

Monitoring multiple instances of the VMware Appliance for Folding@Home

When you deploy you’re OVA you’ll be asked to configure the below highlighted settings, by default we input a rule of 0.0.0.0/0 meaning any FAHControl node can connect (using the correct password). You can alter this for your local subnets.

VMware Appliance for FoldingatHome FAHControl remote management networks

Configuring Access to your Linux based clients or directly on the VMware F@H Appliance

On your Linux machines or deployed OVAs

  • Connect via SSH
  • Edit the config.xml file
vi /etc/fahclient/config.xml
  • Insert the following code to enable FAHControl access
    • From within vi press ‘i’ to enter insert mode
  • To configure a single address to access your client
    • Without passwords;
<command-allow-no-pass v='127.0.0.1 x.x.x.x’ />
  • With Password;
<command-allow v='127.0.0.1 192.168.200.10' />

<password v='VMware1!' />

N.B. The localhost address must remain configured, otherwise the client work run

  • Save the config.xml file
  • Press ESC key
  • Enter without quotes “:wq!”

Using FAHControl to monitor multiple Folding@Home Clients example config.xml file

  • Reload the FAHClient
    • /etc/init.d/FAHClient restart

reload FAHClient init.d restart

If you see “Starting fahclient … FAIL” check your XML file again for any syntax errors.

Examples Config.xml changes

Using password with a single IP restriction

  <!-- Remote Command Server -->

  <command-allow v='127.0.0.1 192.168.200.10' />

  <password v='VMware1!'/>

Without a password against a single IP restriction

  <!-- Remote Command Server -->

  <command-allow-no-pass v='127.0.0.1 192.168.200.10' />

Without either a password or IP restriction

<!-- Remote Command Server -->

  <command-allow-no-pass v='127.0.0.1 0.0.0.0/0' />

Connecting FAHControl to your clients

  • Open your FAHControl and click Add
  • Enter the name of your client as you would like it to be displayed, the IP address of your client and your password if necessary, and click save
  • You should now see your client is connected in FAHControl.

Connecting FAHControl to your clients adding a client

Connecting FAHControl to your clients adding a client settings

Troubleshooting FAHControl issues

FAHControl uses the default TCP Port 36330

Test access with telnet you should get a response as below.

FAHClient telnet port 36330

The VMware Appliance for Folding@Home has IPTables configured to allow this port by default, if you did not specify a specific remote management address during deployment, then access is open to all IP addresses.

Ensure that the machine where you are running FAHControl is not blocking outbound connections to TCP 33630.

Appendix

Firewall rules

The below firewall rules have been added to the VMware Appliance for Folding@Home  by default to allow for FAHControl to remotely manage FAHClient.

If you are using these instructions for a Linux machine, you can use the below settings as well.

iptables -A INPUT -p tcp --dport 36330 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p tcp --dport 36330 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

 

Regards

Dean Lewis
logo active directory

Migrating User and Password Objects between Active Directory Forests

Windows, ,

As part of some internal lab work, I had to move the user objects with their passwords to a new forest. It was key to migrate the passwords to ensure that disruption to the users was minimized.

To migrate the users, I used the Microsoft Active Direction Migration Tool (ADMT + documentation) alongside the Password Migration Service.

migrate users between forests overview

In this blog post I am going to cover;

  • Create connectivity between both AD Forests
  • Installing the ADMT software + Password Migration Service
  • Creating a user list for migration
  • Migrating User objects + Passwords between AD Forests

Create connectivity between both AD Forests

There must be IP network connectivity between the DC’s in your Forests.

DNS setup

You need to configure conditional forwarders between your forests, so they can resolve one another.

On the source domain controller;

  1. Open up the DNS console, and right click the Conditional Forwarder folder to create a new record.
  2. Enter your target domain name and IP address/es of your domain controllers in the target domain. Select “store this conditional forwarder in active directory”, to replicate to other DCs in the source domain.

MIgrate users between a forests create conditional forwarder MIgrate users between a forests create conditional forwarder 2 Continue reading Migrating User and Password Objects between Active Directory Forests

basic powershell commands intro 670x335

Powershell snippet – text to secure string and output to XML file

General, , , ,

Below is a quick Powershell command I use to convert passwords to secure strings and output to an XML file, I can encrypt that XML file locally on the machine where any scripts need to run from, and call it in another Powershell script.

$secpasswd = ConvertTo-SecureString "VMware1!" -AsPlainText -Force

#The logic used here between the brackets is Username,Password, where we call our previous variable

$mycreds = New-Object System.Management.Automation.PSCredential ("administrator", $secpasswd) 

$mycreds | export-clixml -path c:\temp\password.xml

It’s quick and easy to use, there will be other ways that may work better for you, if so, drop them in the comments.

Dean Lewis
vRA 8.0 header

vRSLCM – vRA fails to update from 8.0 to 8.0.1 – LCMVRAVACONFIG90030

VMware, , , ,

When updating my vRealize Automation instance from 8.0 to 8.0.1, I ran into an issue;

LCMVRAVACONFIG90030

Error Code: LCMVRAVACONFIG90030

vRA VA Upgrade Status Check failed.

Upgrade prepare on vRA VA sc-dc1-vra001.simon.local failed with state error. To know more about the failure, run command "vracli upgrade status --details" on the vRA VA sc-dc1-vra001.simon.local. If the prepare upgrade issue is fixed outside vRSLCM, the vRSLCM request can be proceeded to next step by clicking RETRY with proceedNext property set to true. Optionally, the whole upgrade can be cancelled and started afresh by clicking RETRY with cancelAndStartAfresh property set to true. If both the retry properties are set to true,cancelAndStartAfresh property will take precedence and will be honoured

vRSLCM vRA8 failed upgrade veducate.co .uk

I logged into my vRA node, and ran the recommended command “vracli upgrade status –details”. This basically told me no running application servers were running. Which was odd, as my vRA installation was working.

vRSLCM vRA upgrade failed vracli upgrade status details veducate.co .uk

So I ran “vracli status” and immediately seen that I had some issue with my database in the vRA node. I’m unsure if this was a pre-upgrade issue, or happening during the upgrade.

[ERROR] Exception while getting DB nodes.
...
Error getting database node status

I decided to run “deploy.sh” which re-runs all the Kubernetes configuration, thus killing and restarting all the services. This seemed to resolve my issue, as running the upgrade again worked as expected.

vRSLCM vRA upgrade failed vracli status deploy.sh veducate.co .uk

If you encounter this situation, I would recommend you contact VMware Support for guidance, and information as to why your services have stopped. As this is in my lab environment, I do not have the same considerations as those that run production.

Dean Lewis
windows server

Windows Server 2019 Evaluation – Activation fails

Windows, , , , , ,

I had issues converting one of my evaluation installations of Windows Server 2019 to a fully licensed copy. I’d extended the evaluation a few times using “slgmr /rearm” a few times, but had finally decided I was going to move this setup into production.

The issue

When going through the settings UI to activate, I could see an error message as below, and clicking the “Change product key” option did nothing.

Windows Activation 0x87E10BC6 veducate.co .uk

Running through the CLI using “slmgr.vbs” also returned errors;

CMD: 

Cscript.exe %windir%\system32\slmgr.vbs /ipk {key}

Error: 

0xC004F069 On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0xC004F069' to display the error text.

Following the rabbit down the hole;

CMD: 

slui.exe 0x2a 0xC004F069 

Error: 

Code: 0xC004F069
Description:
The Software Licensing Service reported that the product SKU is not found.
The fix

Continue reading Windows Server 2019 Evaluation – Activation fails