MLAG issue on CISCO UCS Servers with Arista switch

We were trying to configure the MLAG on the Arista switch on each uplink group of the CISCO UCS ( UCSC-C240-M3s) server . Initially ESXi 6.0 was installed and when we trying to enable the LACP on the dVswitch , host got disconnected and also stooped pinging and once we disabled the LACP option it came online. VMware support was involved and asked to install all the firmwares but still we had the same issue.

As a trouble-shooting step we installed the windows OS and once we enable the LACP option in the windows NIC Teaming it started same issue as server got disconnected and also stopped pinging.

Another set of ESX servers with same MLAG configuration on the HP Blade Enclosure on Arista was working fine without any issue .

We involved Cisco for the server and Arista from the switch end for the support , from the Cisco we didnt get any proper respond , finally the issue got escalated to the Tier-1 support in Arista and they found the issue is when the Cisco server is configured for trunk mode, the server is sending LACP frames tagged with a vlan id of 0. Currently, in the version of code we are running on this arista switch platform, it’s dropping these frames as it’s not accepting tagged LACPBPDUs. In addition, when the server is configured as an access port, it is sending the LACP frames tagged with the access vlan specified. Even if there is no default vlan specified, the server is still sending the LACP frames tagged with vlan 0. It seems there is no way to have the Cisco server to send the LACP frames un-tagged like HP blade chassis, tintris which are already on mlag.

Requested the Cisco engineer to see the reason for the server is tagging the LACP frames but didnt get the answer so as per the Arista recommendation we upgraded the  latest code on the switch to Version4.16.7M which fixed the issue.

Reference :

Posted in Arista MLAG, CISCO UCS Servers, ESXi issue, Windows | Tagged , | Leave a comment

Powershell Script to check the DNS Server IPs for the windows 2012 servers in AD.

I was asked to get the details in one of our old environment to get the DNS settings for a list of Server 2012 R2 servers in the AD and If the third octet on the primary DNS server setting does not match to the PRD then have to send an email to the operation team.

So I wrote the small script which three below parts to achieve the same.

1. Getting the windows 2012 details from the AD and exporting it to the CSV
2. From the CSV we need to get the DNS settings from the Nic
3. Searching it whether DNS server setting which does not match ‘14’ in third octet then send an email.

Pls download the script from the below link.




Posted in Powershell, Uncategorized, Windows | Tagged , , , | Leave a comment

Active Director user denied to ESXi SSH login – ESXi 6.0 ( 3620759)

After configuring the AD authentication on the ESXi 6.0 as per the KB 2075361 , we were not able to login to the ESX shell using the AD Authentication .

From the /var/log/ auth.log , we have noticed the below error.

pam_access(sshd:auth): access denied for user 

sshd[123225]: [module:pam_lsass]pam_sm_authenticate: failed [error code:40286

As per the KB 2145400 it is mentioned as the known issue and also mentioned the  workaround  but it didnt help so we contacted the VMware support and they fixed the issue by doing the changes below.

1. Run the command
cp /etc/likewise/openldap/ldap.conf /tmp <—- Copy the file ldap.conf to /tmp directory

2. give write permission to /tmp/ldap.conf
chmod +w /tmp/ldap.conf

3. Modify the file /tmp/ldap.conf to set buffer size to 15KB

Replace the line ‘SASL_SECPROPS maxbufsize=40960’ with ‘SASL_SECPROPS maxbufsize=5242880‘ –> 5 MB


4. Save the file

5. Copy /tmp/ldap.conf to /etc/likewise/openldap/ldap.conf

6. Verify the contents of /etc/likewise/openldap/ldap.conf is modified.

7. restart the likewise daemon lwsmd

/etc/init.d/lwsmd restart



Posted in ESXi issue, VMware | Tagged | Leave a comment

Trend Micro Deep Security Manager 9.6 ( service pack 1 upgrade ) – Part 5

Check my previous blog on DSM database schema changes which have to be done before upgrading the Trend DSM 9.6 to SP1 and also other blogs about DSM 9.5 and 9.6 installation and its functionality.

Download the Trend DSM SP1.


Click on the download SP1 file.


Accept the Agreement.


It will search for the previous version

Select the option to upgrade the existing installation.


Click next to the installation path.


It will extract the files in the background and start proceeding the installation .


Click finish


check by login in to the DSM Manager


We can check the version of the SP1


If we have another node, pls do the same steps to upgrade it to the SP1.

Posted in Trend Micro Deep Security | Tagged , , , | Leave a comment

Manually updating the Deep Security Manager (DSM) database before upgrading to 9.6 SP1 – Part -4

Check my other blog on Trend DSM 9.5 and 9.6 and in this blog we can see how to manually  perform  DSM database schema changes which required to upgrade the Trend DSM 9.6 SP1 or with the latest patch. These changes are required only for Microsoft SQL Server databases.

Trend has provided the tool to do this DB change but when i tried it in my lab it failed and also in our PRD there are lot of process to get approval to install any tool on the DB server so by using the manual method we completed the DSM DB schema changes.

Pls note it is very imp to take the DB backup before the activity .

Download the script from the Trendlink.



Database Integrity Check.

Before proceeding with the steps mentioned in the sections below, it is important to check first the database integrity for Deep Security Manager:

Log in to SQL Server and select Deep Security Database.

DeepSecurityDatabaseBigintMigrationScriptTableRecoveryCommand.sql script using Notepad and copy its contents to the New Query area.



Change the database name right at the top of the script with your DSM database.

Click Parse on the SQL Server.

Click Execute on the SQL Server.




Running the Migration script.

Make sure to take the DB backup and stop the Trend DSM Service on all the nodes.

Check the table usage and free disk space of SQL server.

Use the script DeepSecurityDatabaseBigintMigrationScriptTableSpaceUsageSummary.sql to get the summary of table space usage. Below is an example:


Go to the unzipped folder then locate the DeepSecurityDatabaseBigintMigrationScript.sql script.

Open the script and modify the database name for each tenants. For example, if your database name is DSM95, change the script to [DSM95] similar to the following:

use [DSM95]

We need to run the the same on each tenant database in themulti-tenant environment

Migration script is completed, Next blog we can see the steps on DSM installer SP1 upgrade.

Reference :


Posted in Trend Micro Deep Security | Tagged , , , | Leave a comment

Various options to enable the Telnet client and other methods to check the port.

In recent version of windows, Telnet Client is not enabled by default and in this blog we can see various method to install the client and to check the port connectivity.

Option 1 :

we can install it from the Add Roles and Feature.


Option 2:

Apart from this tradition way, we can install it using the below Power shell method.

Import-Module ServerManager
Add-WindowsFeature -Name Telnet-Client

Option 3:

dism /online /Enable-Feature /FeatureName:TelnetClient


Option 4:

Download the below Powershell script and run it on the server.


Option 5:

We can install telnet client using the package manager.

Pls note it will support only Windows Vista & higher.

c:>pkgmgr /iu:”TelnetClient”

Next we can see options to test the port from the source system to destination without using telnet.

Option 1:

On windows to test the port from the source system to destination we can use alternate method without installing the Telnet client is by Windows Sockets using the System.Net.Sockets provided in .NET framework.

New-object System.Net.Sockets.TcpClient(“IP”,”PORT”)


Option 2:

Use the below powershell script which can do the same operations.


Option 3:

To make it easy we can import this function as cmdlet or module and then use it as the easy powershell cmdlet to test port.

Import-module Test-port.psm1

Type get-help Test-port
syntax Test-port [[-computername] <Object>] [[-port] <Object>]

Test-port -computername -port 80

Download it from the Dropbox and get more info from the readme.

Option 4:

In VMware Vcenter appliance we have to use the CURL to test the  port connectivity.

KB2097039 will give more info on the same.

curl -v telnet://

Option 5:

Telnet is available only on ESX hosts. For ESXi 3.5, 4.x and 5.x, you will need to use the netcat (nc).

KB 2020669 will give more info on the same.

nc -z <destination-ip> <destination-port>

Reference :


Posted in ESX command, ESXi Tools, Powershell, VMware, Windows | Tagged , , , , , | Leave a comment

VMware KB articles with no resolution for few known Issues in Vsphere 6.0 and workaround to fix.

Check my other blog for the VC6.0 installation issues and here in this blog , I want to highlight VMware KB articles mentioned as no resolution for certain known issues but with some workaround to fix and also few issues got fixed with latest code.

will try to update the blog according to the update of the KB updates.

Issue 1 : 

Heavy logging on the Platform Services Controller Appliance 6.0 causes /storage/log to fill up.

KB: 2143565

Issue 2 :

Virtual Machines using large pages can temporarily become unresponsive after vMotion

KB: 2144984

Issue 3:

VMware Tools show status of Current even though tools image are replaced with newer version

KB: 2145464

Issue 4:

Actions performed against Active Directory may fail after upgrading to ESXi 6.0 Update 2

KB:  2145400

Issue 5:

ESXi 6.0 hosts become unresponsive when joined to an Active Directory domain

KB : 2145611

Issue 6: 

After upgrading to ESXi 6.0 Update 2, accessing the Host Client UI fails with error: 503 Service Unavailable (2144962)

KB: 2144962

Issue 7 : 

Possible virtual machine and data deletion when restoring the vCenter Server Appliance 6.0 from backup

KB : 2143799  Note : This issue has been fixed VC6.0 U2

Issue 8 :

vCenter Server or Platform Services Controller certificate validation error for external VMware Solutions in vSphere 6.0

KB: 2109074  Note : This issue has been fixed VC6.0 U1

Issue 9:

Using NAT between the vCenter Server system and ESXi/ESX hosts


Issue 10:

Service Composer fails to translate virtual machines into security-groups in VMware NSX for vSphere 6.x

KB : 2144726

Issue 11:

VMware vCenter Server Appliance workaround for CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow (2144075)

KB : 2144075 Note: This issue has been fixed in VC6.0 U2

Issue 12 :

Upgrading an ESXi 6.0 host to Update 2 with Lock Down mode enabled using vCenter Update Manager fails with the error: The host returns esxupdate error code:18 (2144691)

KB: 2144691

Issue 13: 

Red Hat Enterprise 7 virtual machine UTC time settings are not changed when deploying a customized virtual machine (2144594 )

KB: 2144594

Issue 14 :

Issuing a 0x85 SCSI Command from a VMware ESXi 6.0 host with the EMC XtremIO storage array may result in a PDL error (2133286)

KB: 3133286

Issue 15 :

Upgrading vCenter Server or Platform Services Controller Appliance 6.0 through the VAMI fails at 70% (2144485)

KB : 2144485 Note this issue has been fixed in VC6.0 U2

Issue 16 :

ESXi 5.5.x/6.0.x host in a VMware NSX for vSphere 6.2.1 environment fails with a purple diagnostic screen and reports the backtrace: PFFilterPacket and VSIPDVFProcessSlowPathPackets (2144018)

KB: 2144018 Note: This issue has been fixed with latest code.

Issue 17 :

Installing the VMware Client Integration Plug-in 5.5 Update 3 and 6.0 Update 1 hangs on Installing certificates and starting service (2133846)

KB: 2133846

Issue 18:

vCenter Server Performance has gap with Last Week,Month and Year .


KB : 2145455 Note : This issue has been fixed ESXi6.0P02

Issue 19:

Microsoft Convenience Update and VMware VMXNet3 Incompatibilities

VMware Blog:


Issue 20:


VMware ESXi 6.0, Patch ESXi600-201605401

(CBT Bug)

Take care – Express Patch 6 for ESXi 6 can break your Backup (CBT Bug)!

Issue 21:

Logging into the Virtual Appliance Management Interface (VAMI) using valid credentials fails

KB : 2144904

Issue 22:

Windows 2008+ incremental backups become full backups ESXi6.0

Link to check the status

Issue 23:

Upgrading Platform Service Controller or vCenter Server Appliance 6.0 fails at 70% (2145333)


 Issue 24:

vCenter Server 6.0 Update 2 displays on non-Virtual SAN enabled ESXi hosts displays the message: Retrieve a ticket to register the Virtual SAN VASA Provider


Issue 25:

Virtual machine crashes after migrating from ESXi 5.x to ESXi 6.0.x

KB : 2146748

Issue 26:

vAPI Endpoint out of memory issue in vsphere 6.x federated vcenter environments results in parts of UI being unresponsive


Issue 27:

Inventory objects fail to display in vSphere Web Client 6.0


Issue 28 :

Issue of delete blocks failed” error is displayed in vmkernel.log


Posted in vCSA 6.0, VMware | Tagged , , | 1 Comment