Tuesday, October 2, 2012

Unsolicited advice on how to get a job as a VMware admin or in general get a job in the IT industry

This contents of this post was in reply to this thread in certcollection.org - an excellent resource for learning and like minded individuals.

Oh BTW, there's a 25% voucher code posted on this same thread for VCP and VCAP exams.

The route into IT as a career usually isn't as straightforward. If you don't have the experience, be prepared to take a lower rung and lower paying position to get a foothold into a company and into the industry. Good and excellent System Administrators can't be trained in school. A quality of a good Systems Administrator is of continued learning and the ability to adapt that learning to whatever environment he/she happens to end up working in.

Usually when an organization hires a VMware admin, he or she is also expected to be extremely good at other aspects of technology.

VMware is just a platform, you have to prove you know more than just a platform. Usually, employers will not take risks with n00bs - as specially for datacenter type positions. There are other nuances a potential IT wannabe needs to know. Essentially, it's not just about how much you know and how well you know technology. It's about seeing the big picture. The book mentioned further in this topic will help give an idea of what the big picture is about.

Meanwhile, you can bolster your knowledge and skills while looking for a position by continued learning.

The difference between a good admin and a savant is how much that person puts into self study.

I would suggest that you pickup a  copy of "The Practice of System and Network Administration, Second Edition" (Amazon link here) - it's a very very good read and will give you a very good insight into the industry. It will help you with your mindset and the setting of career goals.

For a career in IT, you need to set a target or end goal. Then set the waypoints to that goal. If not, you will find yourself clueless and directionless.
You also will need to keep up with technology trends, spot emerging trends, how they relate and can be used in the corporate world. You will then need to learn those technology before it becomes the "in" thing. Only that way will you be able to demand a premium for your services.

This book has proven very useful to me - it's one of those books I wish I had read earlier.

Good luck in your search!

Monday, September 3, 2012

Fix - Citrix XenAppWeb.msi v11.0.0.5357 problem with IE9

Hopefully, this will save someone lots of hair-pulling.

IE9 crash on connection, IE9 goes into install loop upon connection with web interface.

Other error messages during debug process:
"The configuration manager cannot be initialized"

Offending client version information: - GUID {388C130B-0079-46B4-A0D5-DC2DD7A89A7B}

This is a known problem see Citrix KB CTX126653 and CTX129082

Download client Online Plug-in 12.3, Release Date: 4/16/2012

Other useful KBs:

Manually removing files that might remain after uninstalling the Citrix receiver for Windows.


This article has a table with GUIDs that might be useful:

Saturday, August 18, 2012

Technical summary of real-world perfomance between SSD controllers and manufacturers.

Reliability, performance and usable space.

While looking for SSD promotions, stumbled across the SSD 60GB Benchmarks and Review on tomshardware.com. Have summarized about 3 hours of research and reading in this post with links to relevant sites.

"Using reliability as a differentiator ...we shouldn't be looking for the cheapest SSD, but rather the most trustworthy one."

"When it comes to picking a 60 GB SandForce-based boot drive, NAND type is the biggest determinant of performance"

"Samsung uses Toggle NAND in the 830, which is a little better than synchronous, and a lot better than asynchronous"

Right. So many brands, so many mixes of controllers and NAND types. Different sizes. Different manufacturer published benchmarks, different opinions in forums/blogs. And then there is the price difference between products from the same manufacturer. And price differences between manufacturers using the same controller type... Pretty confusing isn't it?

After playing the the OCZ synapse (please stay away from theses. It works, yes, but it affects reliability), the Intel 25M-G2, Intel 320, Crucial M4, Samsung 470, Samsung 830 over a period of two years.

Personally, my preference right now is the Samsung 830. Have actually SEEN it go to 400MB/s speed while doing a VMware Workstation VMDK defrag. The Crucial M4 comes at a close second with the max seen rate at around 380MB/s.

Samsung SSDs (mostly 470s) are used in MACs, HPs, Lenovos as their base HDD - this should be a great indicator of the reliability of Samsung's products.

In my humble opinion, when considering which SSD to buy, the type of NAND used and the controller within the SDD is the most important factors to consider. Before purchasing, research what kind of NAND is in use on the SSD. Avoid asynchronous NAND - it has a pretty bad performance penalty as the drive fills up. Also avoid those SSDs that use compression. I don't have a good impression of OCZ and there's a saying going around in forums for OCZ "Live fast die fast".

Lastly, from what I've read so far, it's generally not a good idea to use sector-level encryption for SSDs. It will hasten the wear out of the NANDs. My guess is that the OEM version of the Samsung 470 may have this consideration built into the design but have no way to confirm as yet.

What follows is a summary of the information from that article and some research on the 3(?!) types of NAND available in the SSD market now.



Tests repeated on the SF-22xx-based SSDs accessing asynchronous NAND, found that only the 60GB capacities are affected significantly due to the low number of NANDS available for use by the firmware.

Read speeds are significantly impacted by the drive's free space. There is a noticeable drop-off on the lower-capacity SF-22xx-based SSDs due to compression and SandForce's foreground garbage collection mechanism.

Reading back information written on 60 GB Agility 3 falls between 150-200 MB/s and 450 MB/s on free space.

Intel 520 SSDs perform better, incompressible data is read back at 250 MB/s, 100 MB/s faster than the OCZ Vertex 3.

Crucial M4 (on Marvel controllers) use background garbage collection and does not compress data making it unaffected by the SSD's fill state.


The OCZ Vertex 3 behaves alot like Corsairs' Force GT when it comes to the performance data using synchronous NAND.

It doesn't matter much which firmware on the various manufacturers, and how they are tweaked, as the SF firmware elements remaing the same. "The relationship between hardware and firmware (and how it affects features like TRIM and garbage collection) functions identically from one drive to the next" - be it on a MAC or a PC.


There a cheap types which might fail earlier due to wear and tear (conjecture at this point)


Thursday, August 16, 2012

Windows 2003 - Enable OS firewall to allow exceptions by IP(s) and IP range(s).

There is no elegant way to do this on Windows 2003 Server.

The following will add TCP ports 5500 to 5700 one at a time - run at the command line.

"FOR /L %I IN (5500,1,5700) DO netsh firewall add portopening TCP %I "Passive FTP"%I"

The inelegant way is to add port range, you can use the GUI to add that range to a defined port then export that registry entry and make changes to that .reg file and import it back.

Will update details at later time.

Thursday, July 26, 2012

HOWTO Fix vCenter 4 search not working

First, reset Web Service in vCenter.

Then if it still doesn't work, on the vSphere clien (not verified nor tested)t:

1. Click Plug-in -> manage Plug-ins
2. Right click Hardware Status plugin and select Disable
3. Close and re-open vSphere client.
4. Click Plug-in -> manage Plug-ins
5. Right click Hardware Status plugin and select Enable

(Solution from one of my colleagues. Am not sure if this step is correct.. What does "Hardware Status" plugin have to do with search?)

If steps for client are wrong, welcome corrections.

Thursday, June 21, 2012

Kindle for PC - This book could not be opened

What worked for me. 

Start Kindle for PC, on menubar click on Tools, click Options, select/highlight Registration, click on Deregister.

Re-register by signing in again. Fixed!

Friday, May 11, 2012

Adobe Reader offline installer (.msi and .exe)

ftp://ftp.adobe.com/pub/adobe/reader -- .msi

ftp://ftp.adobe.com/pub/adobe/reader/win/10.x/10.1.0/ --navigate to parent to get the later versions

Updated 2013 Jan 14.
Tested working with IE9. Chrome may not work. Suggest use ftp client or command line to access.

Shadowing a RDP session

In short:
1. RDP to the server (it must be on the same server afaik) with the RDP session you want to shadow
2. Open command prompt
3. Type "shadow


Friday, May 4, 2012

Wednesday, April 25, 2012

Stress Management 101

Time management and self management is a life-skill. The earlier one is able to understand this and adapt/adopt, the complexity of life and level of personal stress will be more manageable. Many times, people fall into the trap of being unhappy and that affects personal performance turning into a vicious-cycle.

Wednesday, April 11, 2012

Bug in Vista that renames user profile (user account profile) as a backup

Reference to thread here

This issue seems to be caused by a horrendous bug in Vista that renames your User Account Profile as a backup, and then creates a new user account with the same name but with nothing in it. Here is a possible fix for this issue, but if it doesn't work, you may have to re-image the computer.

1. Boot up in Safe Mode. To do this, hit the F8 key while the computer is booting, and then scroll down to the "Safe Mode" option and press enter. On my computer the user account icon appeared, but bigger than normal, and I clicked it and it loaded my desktop in safe mode. It came up with an error bubble saying that my user account hadn't loaded properly, but i just ignored

2. Click the Start Button and in the white "Start Search" space at the
bottom type "regedit" (without the quotation marks). This will open the registry editor.

3. In the left-hand pane, navigate by clicking the little triangles next to the following folders:
Windows NT

You should now have a list of folders all starting with S-1-5- and then a number.
(You might need to drag the divider between the 2 panes of the window across so you can read the whole folder name)
Look at the end of each name and you should see one with .bak at the end of it, and there will be another one above it with exactly the same name but without .bak at the end.
The one that's got .bak at the end is your old User Profile that Vista has now made into a backup, and the one without .bak after it is the new empty User Profile that Vista has created.
Just to check that this is the case, have a look in the right-hand pane for each of the 2 folders and look at what's written after "ProfileImagePath".
For the folder with .bak at the end it should say C:\Users\ and then your
usual User Account name, and for the one that doesn't have .bak at the end it
should say C:\Users\TEMP.

What you need to do now is to rename the folders in the left-hand pane so that the one with .bak at the end changes back to being the one containing your proper User Profile and the new one without .bak at the end becomes the
backup. Do do this follow the next step:

4. Right click on the folder with .bak at the end and then click "rename", and just change the ".bak" part to ".bk" - i.e. just remove the "a" from the middle - (this is just to allow you to change the other one to have .bak at
the end). Press enter or click on some blank part of the screen for the
change to take effect.
Then, right click the one that doesn't have .bak at the end and click
"rename". Remove the .bak from the end and press enter or click anywhere on some blank part of the screen to accept the change.
Then, right click on the one that now has .bk at the end, choose "rename" and add the "a" back into the middle, so it now has .bak at the end. Press
enter or click on blank park of screen to accept the change.
Close the regedit window.

5. Click the Start Button and then "Restart". It should work now. Fingers

How to enable local administrator in Windows 7 using command line / scripting

1. Go to your Start menu and in “Accessories” list, open “Command Prompt” by right-clicking on its icon and choosing “Run as Administrator”
2. When the Command Prompt window appears, enter the command net user administrator /active:yes
3. When done, log out from your current account.
4. The Administrator account should now be present on your log in screen.

To turn the build in administrator account off, do the same except the command will be
net user administrator /active:no

Location of windows automatic backup (system restore) of user profiles

First you need to boot into safe mode and then have to enable the built-in Administrator account. Incase if you are not able to boot into the built-in Administrator account in safe mode then enable the Built-in Administrator account. So after successfully enabling it, follow the below method:
  1. First click on Start menu
  2. In the search dialog box, type regedit and press enter
  3. In regedit, go to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
  4. In the left pane, look for the S-1-5 folder (SID key) with the long number that has .bak at the end of the numbers.

The user profile service failed the logon error in Windows 7

This is a quick fix, delete profile and recreate. Not recommended for sites that have large number of clients as helpdesk will need to personally "touch" each instance of profile corruption.

You can quite easily fix this problem yourself, follow these steps give below: 
  • Delete the profile by using the Computer Properties dialog box. To do this, follow these steps:
    • Click Start, right-click Computer, and then click Properties.
    • Click Change settings.
    • In the System Properties dialog box, click the Advanced tab.
    • Under User Profiles, click Settings.
    • In the User Profiles dialog box, select the profile that you want to delete, click Delete, and then click OK.
  • Click StartCollapse this imageExpand this image, type regedit in the Start search box, and then press ENTER.
  • Locate and then expand the following registry subkey:
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
  • Right-click the SID that you want to remove, and then click Delete.
  • Log on to the computer and create a new profile.

Location of user profile registry hive

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

Monday, April 9, 2012

A computer that is running Windows Vista or Windows Server 2008 stops responding and hangs at the "Applying User Settings" stage of the logon process

In the dump file, the service control manager is trying to start up the HTTP.sys while the HTTP.sys is actually waiting on the Cryptographic service. But this Cryptographic service has not started up yet. So Cryptographic service is trying to start up to handle to request from http.sys.
But as the service control manager is starting up the http.sys and can’t handle the startup request from Cryptographic service, this cause a deadlock.

So this issue can be resolved by add dependency for the http.sys to make sure this http.sys will only try to start up itself when the Cryptographic service is up.
Step as below:
1.Locate and then click the following registry subkey:


2.On the Edit menu, point to New, and then click Multi-string Value.
3.Type DependOnService, and then press ENTER.
4.Right-click DependOnService, and then click Modify.
5.In the Value data box, type CRYPTSVC, and then click OK.
6.Restart the computer.
Note: The reason why we used the last known good and the server was fine may because in the last known good, the Cryptographic service somehow started up earlier than usual. But we still need to take the action plan above since we never known if sometimes the Cryptographic service will start up later than http.sys again.

How to force certain windows services to start first (or otherwise)

Basically, this article will enable us to hard-code the sequence of service start-up. It will be useful in some situations.

  1. Locate relevant "Service" registry key
  2. Right click -> New -> Multi-string Value
  3. Type "DependOnService", press ENTER
  4. In value data box, type , click OK
  5. Restart the computer
Full gory details follow:
The Registry subkeys for services are located in the following path and can control how services are loaded.
To create a new dependency, select the subkey representing the service you want to delay, click Edit, and then click Add Value. Create a new value name "DependOnService" (without the quotation marks) with a data type of REG_MULTI_SZ, and then click OK. When the Data dialog box appears, type the name or names of the services that you prefer to start before this service with one entry for each line, and then click OK

The name of the service you would enter in the Data dialog box is the exact name of the service as it appears in the registry under the Services key. 

When the computer starts, it uses this entry to verify that the service or services listed in this value are started before attempting to start the dependent service. 

In addition, Windows 2000 and Windows 2003 Active Directory needs to find and use the DNS Server service. The Netlogon service can be delayed to ensure that the DNS Server service is up and running for Dynamic DNS registration and query for existing Active Directory domain controllers that are in the DNS server database. Use the DependOnService in the Netlogon and add DNS to the list of LanmanWorkstation and LanmanServer. This delays Netlogon from starting until the DNS Server service on that same computer is started and ready. 

Note Only delay the Netlogon service for DNS on a Windows 2000 or Windows 2003 Server when the DNS service is on the same Windows 2000 or Windows 2003-based server. 

Note Entries in this field are NOT case-sensitive. 

Warning Adding this entry manually may prevent the system from starting properly if you establish a "circular dependency." In its simplest form, such a problem would occur when you make two differing services dependent on one another. Neither service would be able to start as they would both require the other to be started first.

Note If you have a service that needs to start late in the boot cycle but you do not have a specific service dependency, as explained above, then choose one of the services which startup last as the data value for the value "Depends on Service". Services commonly selected are Spooler and Messenger.

Storage vMotion of a virtual vCenter (Yes, a Virtual Machine)

Yes, it can be done. We've done it. :-D

Also reference to post by Iwan Rahabok:
Can you storage vMotion the vCenter VM itself?

Friday, April 6, 2012

Modifying a Crucial M4 to fit in 7mm slot/bays

Picture credits below go to this post:
Lenovo T420s with 7mm Crucial M4 Mod -- MichaelXavier.net

Top Panel removed showing spacer:

Opened up:

Put electrical insulation tape (prevent possible short circuit):

7mm Crucial M4!!:

Tuesday, March 27, 2012

HOWTO: Shortcuts to managing DHCP in enterprise environments

How to extract MAC address from DHCP reservations

netsh dhcp server dump >> reservationdump.txt
find “Add reservedip” reservationdump.txt >> reservations.csv

Updated June 26, 2012

Had another issue at work where I had to merge two DHCP scopes that divided a single segment between the scopes. Each scope controlled a range of IP addresses (Scope #1, .1 - .127, Scope #2, .128 - 254). 

Both of the scopes had custom scope attributes defined. 

One of the scopes had reservations defined.

To make matters more interesting, the subnet mask had to be changed from /25 ( to /24 ( - DHCP scope allows you to edit the defined range but the subnet mask is greyed out.

Lastly, a new scope had to be created under a new segment based on one of the old scopes above.

How to merge scopes without losing custom settings and re-doing reservations:

A variation of the commands  at the start of this post will get you a text dump.
(Note there are two kinds of export data; binary and text and they are not interchangable)

If you need to quickly modify a scope on DHCP, eg, delete a scope and recreate all the reservations in a new scope, the above technique with the following steps will make it easier.

1. Export the scopes: netsh dhcp server dump >> dump.txt
2. Edit the exported file (you can safely delete the other non applicable scopes)
3. Import the exported file using this command: netsh exec c:\dump.txt

You may encounter these errors when you try to export DHCP server configuration (binary):
"An attempt was made to load a program with an incorrect format" - Hotfix solution from Microsoft
"Access denied" error message when you use the "netsh dhcp server import" - Binary Export/Import DHCP database steps

Netsh commands for DHCP

Starting point for solution:
HOWTO: Import and Export DHCP reservations in server 2003

How to reset Windows XP/2000 default system security

I bet some of you guys have had these "power users" that absolutely screw up their own workstations so much so that you as an administrator can't control the file system nor control the machine remotely.


To restore Windows 2000/XP’s default system security you can execute following command:

secedit /configure /cfg "%systemroot%\security\templates\setup security.inf" /db waisaw.sdb /verbose

If file “%systemroot%\security\templates\setup security.inf” does not exist, retrieve it from another XP machine.

Friday, March 23, 2012

VMware/vSphere - CPU READY and CPU USAGE put simply

I was asked this question by my colleagues and after answering it with the official VMware explanation, they still didn't quite get it. (Yeah, actually if I look at it without the necessary background info, I'd probably not get it either...)

The following visualization helped put it simply:

What's the difference between CPU READY and CPU USAGE
CPU USAGE and CPU READY - What is it?

CPU Ready = % of time there is work to be done for VMs, but no physical CPU available to do it on (all host CPUs are busy serving other VMs). One rule of thumb that I heard is that below 5% Ready is normal; anything between 5% and 10%, best keep an eye on the VM and the host. Over 10% (for extended periods) you should be planning on taking some action.
-          CPU Usage = raw, absolute amount of CPU used by corresponding VM at the given moment.

The amount of time a virtual machine waits in the queue in a ready-to-run state before it can be scheduled on a CPU is known as ready time.
The higher the ready time is, the slower the virtual machine is performing. The ready time should preferably be as low as possible. Virtual machines that are allocated multiple cpus or have high timer interrupts are more frequently seen with high ready time values. 

Tuesday, March 20, 2012

The best way to disable 4300 computer accounts in Active driectory

Reposting here for my own reference.
Original thread can be found here

Here is a VBScript program Richard Mueller wrote a few years ago to disable computer accounts from a text file. The file name and path are hard coded in the program, so the file can be anywhere. The file must be a list of computer names (NetBIOS names), one name per line:

--- Begin script ---
Option Explicit

Dim strFile, objFSO, objFile
Dim objRootDSE, strDNSDomain, objTrans, strNetBIOSDomain
Dim strComputer, strComputerDN, objComputer

' Constants for the NameTranslate object.
Const ADS_NAME_TYPE_1779 = 1

' Specify text file of computer NetBIOS names.
strFile = "c:\Scripts\Computers.txt"

' Open the file for read access.
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(strFile, 1)

' Determine DNS name of domain from RootDSE.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")

' Use the NameTranslate object to find the NetBIOS domain name from the
' DNS domain name.
Set objTrans = CreateObject("NameTranslate")
objTrans.Init ADS_NAME_INITTYPE_GC, ""
objTrans.Set ADS_NAME_TYPE_1779, strDNSDomain
strNetBIOSDomain = objTrans.Get(ADS_NAME_TYPE_NT4)
' Remove trailing backslash.
strNetBIOSDomain = Left(strNetBIOSDomain, Len(strNetBIOSDomain) - 1)

' Read lines from the file.
Do Until objFile.AtEndOfStream
strComputer = Trim(objFile.ReadLine)
If (strComputer <> "") Then
' Convert NetBIOS name to DN.
' NetBIOS name must have "$" appended to end.
' Trap error if computer not found.
On Error Resume Next
objTrans.Set ADS_NAME_TYPE_NT4, strNetBIOSDomain & "\" & strComputer & "$"
If (Err.Number <> 0) Then
On Error GoTo 0
Wscript.Echo "Computer not found: " & strComputer
On Error GoTo 0
strComputerDN = objTrans.Get(ADS_NAME_TYPE_1779)
' Bind to the computer object.
Set objComputer = GetObject("LDAP://" & strComputerDN)
' Disable the computer.
objComputer.AccountDisabled = True
End If
End If

Wscript.Echo "Done"

--- End Script ---