VRops deployed

I built out (with assistance) a new VRealize Operations Manager cluster. It is a pretty slick piece of software. when deployed with VRealize log viewer, it gives you insight into your entire environment. I have deployed it onto both Windows and Linux VM’s and it is just chugging along gathering every piece of information an admin could possibly want. Log viewer works as a syslog collector as well as an event viewer gathering point. All in all an amazing piece of kit to deploy in a medium to large sized VMware deployment.

Hyper Converged Panda

I have written about my desire for a VCDX in the past. I have found something that will assist me with that. I have foudn that I have access to cheap Colo at the UC Super Computer Center. This means that I can set up a proper lab and RDP into it. so my plans are the following

  1. pick up a Cheap C7000 enclosure and blades
  2. Install ESX on all of the blades
  3. build a SAN (or pick up a cheap san)
  4. build out my lab in that locale
  5. get mini rack out of my office.

I can do multiple things on this infrastructure. build my SCCM test lab. build a minecraft farm for Oliver to play in and maybe run as a fun project, build my ESX and VSAN lab.

My ideal situation would be to get my lab into a strong enough configuration that I can use it as my VCDX project for presentation.

I will update this post with a rack design and visio when I get the chance.

Beginning of new homelab

Have decided to rebuild my homelab on new hardware. I picked up a new NUC i5 with 64gb of ram a 128gb m2 drive and a 1tb spinning disk. 2 gb nics as well. Going to replace one of my dell 710’s with it. My eventual,goal is to replace my entire lab with NUCs. Then get a Synology NAS for the storage .

I’m then going to put Esxi 7 and VCSA 7 along with. Nsx 7

PowerCLI Primer

Picked this up from VMware Trainer blog

 

Power CLI primer

Just like many of the network professionals out here , I too believe that life is too short to learn all those command prompt tools and stick on to a graphical version of any tool if it is available . But some times the command prompt based tools can be indispensable if you have to do things repeatedly . For creating a single VM per day , I will surely use vsphere client , but for 50 VM per day , I prefer some method by which I can automate the process. That is the role the power CLI is playing in a vSphere environment .
This post is just a basic introduction in to the basic aspects of power CLI. Personally I am preparing this as a reference to me itself so that I will not miss any of the concepts of power CLI for my VCAP-DCA exam .
to begin your experiment with powerCLI , install it to any windows machine on your network . You can download it here 
installation is pretty straightforward . Finish it and open power CLI from all programs –vmware –vmware power CLI . but  wait , if you try to do it , you will be greeted with an error message like this .

Now try to open the same program with administrative privileges , ie right click and select run as administrator , you will find that the same error repeats this time also . But it is now time for us to set the execution policy of the PowerCLI to ” remoteSigned ” it will allow us to run scripts that have written on the local computer . That is exactly what we need to do . The default mode is restricted and that is why we are getting all those red colored scary messages . so go ahead and type this
set -executionPolicy Remotesigned
next time when you bring the powerCLI up , it will greet you in a much more pleasant manner . Remember that you don’t have to run it in administrative mode anymore for normal operations .

Now let us start by connecting to an ESXi host  or a vCenter Server . use the command   connect-Viserver  < ipadress or FQDN >
it will pop up a message asking for the user name and password . There are two option to avoid  it and specify it along with the commands
connect-viserver < ipaddress>  -user root -password P@ssw0rd  or you can use the credential variable  $Credential=Get-Credential and using the value $credential along with the command like  connect-viserver< ipaddress>  -credential $credential 


connect-VIserver -Menu is a nice option to list all your previously connected servers and you can choose one to which you wish to connect .

Beginning my quest for VCDX-DCV

for years now I have debated on MCSE vs VCDX.  with the recent switch by MS away from the tried and true MCSE to the app based certification I have finally made up my mind.  VMware has been a company that has remained the same for many years now.  always having the VCP, VCAP and then the VCDX.  VCDX has always meant that you have reached the pinnacle of your art and achieved a certification to prove it.  I have decided that I want to achieve that cert. I have been using VMWare for many years now and have always felt it was a very mature product.  Something that MS has always wanted to achieve with its Hyper-V offering.  However MS always seems to fall just short of the mark and then they change the entire infrastructure of things and try and force the industry to comply.  I am quite tired of that attitude so have thrown in my hat to supporting the real standard of virtualization, VMWare.

I have signed up to take the obligatory ICM class (Install/Configure/Manage) and will be taking that beginning next week.  then I begin my cert journey towards VCP-DCV (data center virtualization) and VCAP-DCV  then to pick up a project that is VCDX worthy and begin my design docs for that project.

SCCM Logs and Their Purpose

This is  a list of all SCCM logs and their purposes.  CMTrace is the best solution to reading them in sccm prior to 1910. In Current Branch 1910 and later Onetrace is the tool of choice.

Client Side – SCCM Logs

Log name Description
CAS.log The Content Access service. Maintains the local package cache on the client.
Ccm32BitLauncher.log Records actions for starting applications on the client marked run as 32 bit.
CcmEval.log Records SCCM client status evaluation activities and details for components that are required by the SCCM client.
CcmEvalTask.log Records the SCCM client status evaluation activities that are initiated by the evaluation scheduled task.
CcmExec.log Records activities of the client and the SMS Agent Host service. This log file also includes information about enabling and disabling wake-up proxy.
CcmMessaging.log Records activities related to communication between the client and management points.
CCMNotificationAgent.log Records activities related to client notification operations.
Ccmperf.log Records activities related to the maintenance and capture of data related to client performance counters.
CcmRestart.log Records client service restart activity.
CCMSDKProvider.log Records activities for the client SDK interfaces.
CertificateMaintenance.log Maintains certificates for Active Directory Domain Services and management points.
CIDownloader.log Records details about configuration item definition downloads.
CITaskMgr.log Records tasks that are initiated for each application and deployment type, such as content download and install or uninstall actions.
ClientAuth.log Records signing and authentication activity for the client.
ClientIDManagerStartup.log Creates and maintains the client GUID and identifies tasks performed during client registration and assignment.
ClientLocation.log Records tasks that are related to client site assignment.
CMHttpsReadiness.log Records the results of running the SCCM HTTPS Readiness Assessment Tool. This tool checks whether computers have a public key infrastructure (PKI) client authentication certificate that can be used with SCCM.
CmRcService.log Records information for the remote control service.
ContentTransferManager.log Schedules the Background Intelligent Transfer Service (BITS) or Server Message Block (SMB) to download or access packages.
DataTransferService.log Records all BITS communication for policy or package access.
EndpointProtectionAgent Records information about the installation of the System Center Endpoint Protection client and the application of antimalware policy to that client.
execmgr.log Records details about packages and task sequences that run on the client.
ExpressionSolver.log Records details about enhanced detection methods that are used when verbose or debug logging is turned on.
ExternalEventAgent.log Records the history of Endpoint Protection malware detection and events related to client status.
FileBITS.log Records all SMB package access tasks.
FileSystemFile.log Records the activity of the Windows Management Instrumentation (WMI) provider for software inventory and file collection.
FSPStateMessage.log Records the activity for state messages that are sent to the fallback status point by the client.
InternetProxy.log Records the network proxy configuration and use activity for the client.
InventoryAgent.log Records activities of hardware inventory, software inventory, and heartbeat discovery actions on the client.
LocationCache.log Records the activity for location cache use and maintenance for the client.
LocationServices.log Records the client activity for locating management points, software update points, and distribution points.
MaintenanceCoordinator.log Records the activity for general maintenance tasks for the client.
Mifprovider.log Records the activity of the WMI provider for Management Information Format (MIF) files.
mtrmgr.log Monitors all software metering processes.
PolicyAgent.log Records requests for policies made by using the Data Transfer Service.
PolicyAgentProvider.log Records policy changes.
PolicyEvaluator.log Records details about the evaluation of policies on client computers, including policies from software updates.
PolicyPlatformClient.log Records the process of remediation and compliance for all providers located in \Program Files\Microsoft Policy Platform, except the file provider.
PolicySdk.log Records activities for policy system SDK interfaces.
Pwrmgmt.log Records information about enabling or disabling and configuring the wake-up proxy client settings.
PwrProvider.log Records the activities of the power management provider (PWRInvProvider) hosted in the WMI service. On all supported versions of Windows, the provider enumerates the current settings on computers during hardware inventory and applies power plan settings.
SCClient_<domain>@<username>_1.log Records the activity in Software Center for the specified user on the client computer.
SCClient_<domain>@<username>_2.log Records the historical activity in Software Center for the specified user on the client computer.
Scheduler.log Records activities of scheduled tasks for all client operations.
SCNotify_<domain>@<username>_1.log Records the activity for notifying users about software for the specified user.
SCNotify_<domain>@<username>_1-<date_time>.log Records the historical information for notifying users about software for the specified user.
setuppolicyevaluator.log Records configuration and inventory policy creation in WMI.
SleepAgent_<domain>@SYSTEM_0.log The main log file for wake-up proxy.
smscliui.log Records use of the SCCM client in Control Panel.
SrcUpdateMgr.log Records activity for installed Windows Installer applications that are updated with current distribution point source locations.
StatusAgent.log Records status messages that are created by the client components.
SWMTRReportGen.log Generates a use data report that is collected by the metering agent. This data is logged in Mtrmgr.log.
UserAffinity.log Records details about user device affinity.
VirtualApp.log Records information specific to the evaluation of Application Virtualization (App-V) deployment types.
Wedmtrace.log Records operations related to write filters on Windows Embedded clients.
wakeprxy-install.log Records installation information when clients receive the client setting option to turn on wake-up proxy.
wakeprxy-uninstall.log Records information about uninstalling wake-up proxy when clients receive the client setting option to turn off wake-up proxy, if wake-up proxy was previously turned on.
ccmsetup.log Records ccmsetup.exe tasks for client setup, client upgrade, and client removal. Can be used to troubleshoot client installation problems.
ccmsetup-ccmeval.log Records ccmsetup.exe tasks for client status and remediation.
CcmRepair.log Records the repair activities of the client agent.
client.msi.log Records setup tasks performed by client.msi. Can be used to troubleshoot client installation or removal problems.

Server Side – SCCM Logs

SCCM Logs Description
adctrl.log Records enrollment processing activity.
ADForestDisc.log Records Active Directory Forest Discovery actions.
ADService.log Records account creation and security group details in Active Directory.
adsgdis.log Records Active Directory Group Discovery actions.
adsysdis.log Records Active Directory System Discovery actions.
adusrdis.log Records Active Directory User Discovery actions.
ccm.log Records client push installation activities.
CertMgr.log Records certificate activities for intrasite communication.
chmgr.log Records activities of the client health manager.
Cidm.log Records changes to the client settings by the Client Install Data Manager (CIDM).
colleval.log Records details about when collections are created, changed, and deleted by the Collection Evaluator.
compmon.log Records the status of component threads monitored for the site server.
compsumm.log Records Component Status Summarizer tasks.
ComRegSetup.log Records the initial installation of COM registration results for a site server.
dataldr.log Records information about the processing of MIF files and hardware inventory in the SCCM database.
ddm.log Records activities of the discovery data manager.
despool.log Records incoming site-to-site communication transfers.
distmgr.log Records details about package creation, compression, delta replication, and information updates.
EPCtrlMgr.log Records information about the syncing of malware threat information from the Endpoint Protection site system role server with the SCCM database.
EPMgr.log Records the status of the Endpoint Protection site system role.
EPSetup.log Provides information about the installation of the Endpoint Protection site system role.
EnrollSrv.log Records activities of the enrollment service process.
EnrollWeb.log Records activities of the enrollment website process.
fspmgr.log Records activities of the fallback status point site system role.
hman.log Records information about site configuration changes, and about the publishing of site information in Active Directory Domain Services.
Inboxast.log Records the files that are moved from the management point to the corresponding INBOXES folder on the site server.
inboxmgr.log Records file transfer activities between inbox folders.
inboxmon.log Records the processing of inbox files and performance counter updates.
invproc.log Records the forwarding of MIF files from a secondary site to its parent site.
migmctrl.log Records information for Migration actions that involve migration jobs, shared distribution points, and distribution point upgrades.
mpcontrol.log Records the registration of the management point with Windows Internet Name Service (WINS). Records the availability of the management point every 10 minutes.
mpfdm.log Records the actions of the management point component that moves client files to the corresponding INBOXES folder on the site server.
mpMSI.log Records details about the management point installation.
MPSetup.log Records the management point installation wrapper process.
netdisc.log Records Network Discovery actions.
NotiCtrl.log Application request notifications.
ntsvrdis.log Records the discovery activity of site system servers.
Objreplmgr Records the processing of object change notifications for replication.
offermgr.log Records advertisement updates.
offersum.log Records the summarization of deployment status messages.
OfflineServicingMgr.log Records the activities of applying updates to operating system image files.
outboxmon.log Records the processing of outbox files and performance counter updates.
PerfSetup.log Records the results of the installation of performance counters.
PkgXferMgr.log Records the actions of the SMS_Executive component that is responsible for sending content from a primary site to a remote distribution point.
policypv.log Records updates to the client policies to reflect changes to client settings or deployments.
rcmctrl.log Records the activities of database replication between sites in the hierarchy.
replmgr.log Records the replication of files between the site server components and the Scheduler component.
ResourceExplorer.log Records errors, warnings, and information about running Resource Explorer.
ruleengine.log Records details about automatic deployment rules for the identification, content download, and software update group and deployment creation.
schedule.log Records details about site-to-site job and file replication.
sender.log Records the files that transfer by file-based replication between sites.
sinvproc.log Records information about the processing of software inventory data to the site database.
sitecomp.log Records details about the maintenance of the installed site components on all site system servers in the site.
sitectrl.log Records site setting changes made to site control objects in the database.
sitestat.log Records the availability and disk space monitoring process of all site systems.
SMS_ISVUPDATES_SYNCAGENT.log Log file for synchronization of third-party software updates starting in SCCM version 1806.
SMS_PhasedDeployment.log Log file for phased deployments
SmsAdminUI.log Records SCCM console activity.
SMSAWEBSVCSetup.log Records the installation activities of the Application Catalog web service.
smsbkup.log Records output from the site backup process.
smsdbmon.log Records database changes.
SMSENROLLSRVSetup.log Records the installation activities of the enrollment web service.
SMSENROLLWEBSetup.log Records the installation activities of the enrollment website.
smsexec.log Records the processing of all site server component threads.
SMSFSPSetup.log Records messages generated by the installation of a fallback status point.
SMSPORTALWEBSetup.log Records the installation activities of the Application Catalog website.
SMSProv.log Records WMI provider access to the site database.
srsrpMSI.log Records detailed results of the reporting point installation process from the MSI output.
srsrpsetup.log Records results of the reporting point installation process.
statesys.log Records the processing of state system messages.
statmgr.log Records the writing of all status messages to the database.
swmproc.log Records the processing of metering files and settings.
ConfigMgrPrereq.log Records prerequisite component evaluation and installation activities.
ConfigMgrSetup.log Records detailed output from the site server setup.
ConfigMgrSetupWizard.log Records information related to activity in the Setup Wizard.
SMS_BOOTSTRAP.log Records information about the progress of launching the secondary site installation process. Details of the actual setup process are contained in ConfigMgrSetup.log.
smstsvc.log Records information about the installation, use, and removal of a Windows service that is used to test network connectivity and permissions between servers, using the computer account of the server that initiates the connection.
DWSSMSI.log Records messages generated by the installation of a data warehouse service point.
DWSSSetup.log Records messages generated by the installation of a data warehouse service point.
Microsoft.ConfigMgrDataWarehouse.log Records information about data synchronization between the site database and the data warehouse database.
FspIsapi Records details about communications to the fallback status point from mobile device legacy clients and client computers.
fspMSI.log Records messages generated by the installation of a fallback status point.
fspmgr.log Records activities of the fallback status point site system role.
CcmIsapi.log Records client messaging activity on the endpoint.
MP_CliReg.log Records the client registration activity processed by the management point.
MP_Ddr.log Records the conversion of XML.ddr records from clients, and then copies them to the site server.
MP_Framework.log Records the activities of the core management point and client framework components.
MP_GetAuth.log Records client authorization activity.
MP_GetPolicy.log Records policy request activity from client computers.
MP_Hinv.log Records details about the conversion of XML hardware inventory records from clients and the copy of those files to the site server.
MP_Location.log Records location request and reply activity from clients.
MP_OOBMgr.log Records the management point activities related to receiving an OTP from a client.
MP_Policy.log Records policy communication.
MP_Relay.log Records the transfer of files that are collected from the client.
MP_Retry.log Records hardware inventory retry processes.
MP_Sinv.log Records details about the conversion of XML software inventory records from clients and the copy of those files to the site server.
MP_SinvCollFile.log Records details about file collection.
MP_Status.log Records details about the conversion of XML.svf status message files from clients and the copy of those files to the site server.
mpcontrol.log Records the registration of the management point with WINS. Records the availability of the management point every 10 minutes.
mpfdm.log Records the actions of the management point component that moves client files to the corresponding INBOXES folder on the site server.
mpMSI.log Records details about the management point installation.
MPSetup.log Records the management point installation wrapper process.
objreplmgr.log Records details about the replication of software updates notification files from a parent site to child sites.
PatchDownloader.log Records details about the process of downloading software updates from the update source to the download destination on the site server.
ruleengine.log Records details about automatic deployment rules for the identification, content download, and software update group and deployment creation.
SMS_ISVUPDATES_SYNCAGENT.log Log file for synchronization of third-party software updates starting in SCCM version 1806.
SUPSetup.log Records details about the software update point installation. When the software update point installation completes, Installation was successful is written to this log file.
WCM.log Records details about the software update point configuration and connections to the WSUS server for subscribed update categories, classifications, and languages.
WSUSCtrl.log Records details about the configuration, database connectivity, and health of the WSUS server for the site.
wsyncmgr.log Records details about the software updates sync process.
WUSSyncXML.log Records details about the Inventory Tool for the Microsoft Updates sync process.
AppIntentEval.log Records details about the current and intended state of applications, their applicability, whether requirements were met, deployment types, and dependencies.
AppDiscovery.log Records details about the discovery or detection of applications on client computers.
AppEnforce.log Records details about enforcement actions (install and uninstall) taken for applications on the client.
awebsctl.log Records monitoring activities for the Application Catalog web service point site system role.
awebsvcMSI.log Records detailed installation information for the Application Catalog web service point site system role.
Ccmsdkprovider.log Records the activities of the application management SDK.
colleval.log Records details about when collections are created, changed, and deleted by the Collection Evaluator.
ConfigMgrSoftwareCatalog.log Records the activity of the Application Catalog, which includes its use of Silverlight.
NotiCtrl.log Application request notifications.
portlctl.log Records the monitoring activities for the Application Catalog website point site system role.
portlwebMSI.log Records the MSI installation activity for the Application Catalog website role.
PrestageContent.log Records details about the use of the ExtractContent.exe tool on a remote, prestaged distribution point. This tool extracts content that has been exported to a file.
ServicePortalWebService.log Records the activity of the Application Catalog web service.
ServicePortalWebSite.log Records the activity of the Application Catalog website.
SMSdpmon.log Records details about the distribution point health monitoring scheduled task that is configured on a distribution point.
SoftwareCatalogUpdateEndpoint.log Records activities for managing the URL for the Application Catalog shown in Software Center.
SoftwareCenterSystemTasks.log Records activities related to Software Center prerequisite component validation.
colleval.log Records details about when collections are created, changed, and deleted by the Collection Evaluator.
execmgr.log Records details about packages and task sequences that run.
AssetAdvisor.log Records the activities of Asset Intelligence inventory actions.
aikbmgr.log Records details about the processing of XML files from the inbox for updating the Asset Intelligence catalog.
AIUpdateSvc.log Records the interaction of the Asset Intelligence sync point with System Center Online (SCO), the online web service.
AIUSMSI.log Records details about the installation of the Asset Intelligence sync point site system role.
AIUSSetup.log Records details about the installation of the Asset Intelligence sync point site system role.
ManagedProvider.log Records details about discovering software with an associated software identification tag. Also records activities related to hardware inventory.
MVLSImport.log Records details about the processing of imported licensing files.
ConfigMgrSetup.log Records information about setup and recovery tasks when SCCM recovers a site from backup.
Smsbkup.log Records details about the site backup activity.
smssqlbkup.log Records output from the site database backup process when SQL Server is installed on a server that is not the site server.
Smswriter.log Records information about the state of the SCCM VSS writer that is used by the backup process.
Crp.log Records enrollment activities.
Crpctrl.log Records the operational health of the certificate registration point.
Crpsetup.log Records details about the installation and configuration of the certificate registration point.
Crpmsi.log Records details about the installation and configuration of the certificate registration point.
NDESPlugin.log Records challenge verification and certificate enrollment activities.

Disabling Dropbox from Installing or Running if Installed

Recently I was on a quest to disable the Dropbox program from running on company owned (domain joined) machines. There were lots of hacks to make it work but finally I found a solution, although it was worded relatively cryptically, on Experts Exchange by a McKnife (http://tinyurl.com/gr3f9ar). Long story short you can use Software Restriction Policies (https://technet.microsoft.com/en-us/library/bb457006.aspx) to do this but his solution was more elegant as it blocked Dropbox programs based on the certificate used to sign them as opposed to the file path or things that might change often. This not only blocks the Dropbox program if it’s already installed but also prevents a user from installing it in the first place. Here is my expanded version of his instructions.

First download the Dropbox installer. Right click it and select Properties then go to Digital Signatures. Select the first one (SHA1) and click “Details”. Click “View Certificate” then the Details tab then “Copy to File…”. This lets you export out the certificate. Click Next then “Base-64 encoded X.509 (.CER)” and next again. Save the certificate as something like “Dropbox SHA1 Cert.CER”. Once that one is exported repeat the procedure for the SHA256 certificate.

Once you have both certificates open up Group Policy Management and if you already have a software restrictions policy edit it. If not I suggest you create a new one. Navigate to Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Software Restriction Policies -> Additional Rules. Right click and create a “New Certificate Rule”. Browse for the SHA cert and make sure the Security Level is set to Disallow. Give it a description such as “Dropbox SHA Certificate”. When you click OK, if you didn’t have any certificate rules before, it will prompt you to turn them on and display the “Enforcement Properties” page. At the bottom “Enforce certificate rules” then “OK”. Repeat for the SHA256 certificate.

Once GPO updates Dropbox will no longer start and executing the exe or installer directly will give you a nice error message.

Side note: Once this policy is in place you will also not be able to uninstall Dropbox since the same certificate is being used on the uninstall. Keep that in mind…you would have to disable enforcing certificates temporarily to get it uninstalled.

Why the Cloud?

A decision that I have been seeing more and more recently is companies taking their entire infrastructure into the cloud.  Personally, I see this as a recipe for disaster!

Companies set up so that their entire infrastructure is cloud based but they only purchase a single cirquit to the net.  What happens if/when that cirquit fails?  I’ll tell you what!  You have an entire company that is sitting around playing solitaire because all their files are internet based.  The networking team is scrambling around because the network is down but there is not a whole lot that can be done if the link was cut by a backhoe operator who misread the plans about where he was supposed to start digging.  Don’t laugh, it happens.

My solution to this is using a hybrid configuration.  Have 1/3 or so of your processing power and the majority of your file servers on premise.  Use Onedrive or whatever your file storage solution of choice is strictly as a backup.  This way if you are down you can still work from the local storage and then backup to onedrive when the link is restored.