Friday, March 25, 2016

Find CDP or LLDP information on Windows Servers

The Cisco Discovery Protocol (CDP) is a proprietary Data Link Layer protocol developed by Cisco Systems. It is used to share information about other directly connected Cisco equipment, such as the operating system version and IP address. 

The Link Layer Discovery Protocol (LLDP) is a vendor-neutral link layer protocol in the Internet Protocol Suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, principally wired Ethernet.

From Systems perspective You can view on which Switch and Switchport your Server or desktop NIC/Network cards are connected.
Finding CDP or LLDP information from ESXi very easy as VMware has provisioned separate interface for the same. As in the below screenshot click esxi server, then go to configuration tab, select Networking from Hardware, now as shown click on the CDP button after the Physical Network Card, and you will see CISCO Discovery Protocol, Now you can see I know which switch port I am connected, with this information I can connect to my networking team for any further troubleshooting issue or any changes if I required.
As I wanted to design HyperV/SCVMM solution, I was working on the same from networking part. and while architecturing Network solution for HyperV and I needed some Network side inventory like where my Windows Server HyperV Nic ports are connected on Physical switches for further designing, I don't see any separate interface or console where I can find such Information (if anyone know feel free to point out). So to find that information you can use Microsoft's tool Microsoft Network Monitor 3.4. It can capture network traffic and then you can filter the information you required. This topic is not only limited to Windows Server you can also use your own desktop to test this.
Here I will be using my favorite tool WiresharkWireshark is a network protocol analyzer for Unix and Windows, and it has many great features, I have download and installed it on my Windows Server., Here my server has got two physical ethernet cards and I want to know where both cards are connected on physical Switch. 
Search for wireshare and open it
Once Wireshark is running, you will detect all Network cards you have in your server, It matches the earlier screenshot I posted, Now You need to select one network card at a time, first NIC card I select is Team01, It will capture traffic on Team01 Nic.
Once you click on the network card it will start analyzing traffic in and out from the Nic. and you will see tons and tons of information. Now you will need to filter this captured information to find required CDP information. Type CDP and it will drop down the list of protocols from that list select CDP, incase you need LLDP information you can filter for LLDP.
Here I have got what I wanted. Very specific useful information regarding Switch name and Switch port number. 
Now I have collected information for one of the NIC card, I will be capturing data for another NIC card. from the capture menu press Stop to halt the capturing packets and go on selecting another Ethernet Card in the Options which is currently grayed out.
Now in the same Capture menu Options will be active once you stop capturing and we can click it to select another NIC.
You will again see 2 Nics in the list as we have already collected and captured information for one of the NIC in my scenario I had team01 and now will collect information for Management NIC card and click on start.
Now here is the info for another NIC card. As long as you keep wireshare capture starting and running, It will keep fetching the CDP data after some interval, Again you can capture LLDP information also with this tool. 
I found some of other tools exist which only CDP from tallsoft CDP monitor which is also handy, and there is windump.exe commandline utility which is available on the wireshark only.

My earlier useful script for collecting CDP and LLDP from VMWare ESXi environment.

Save complete virtual PortGroup information Settings - Powercli

Powercli Pull CDP and LLDP information in single nice table format - Part 2

Wednesday, March 23, 2016

Error resolved: Hyperv cannot be installed: A Hyperviser is already running.

From my earlier Post Powershell Rocks - Creating virtual Nic cards for testing (Standalone HyperV), While installing HyperV role I got error through Server Manager GUI I was receiving error, HyperV cannot be installed: A Hyperviser is already running. After many repetitive attempts through server manager GUI it was failing, I also used Powershell command Install-WindowsFeature Hyper-V but result was same. In the last I stumble upon Microsoft blog .
And I got to know about new command for installing optional roles. 
Enable-WindowsOptionalFeature –Online -FeatureName Microsoft-Hyper-V –All 
This resolved my error and after reboot I was able to use hyperV.

Old useful Posts
Configuring HyperV on windows 2008 R2 and configuring Failover clustering 

Powershell Rocks - Creating virtual Nic cards for testing (Standalone HyperV)

Today I had to setup some demo lab environment for my friend for tutoring purpose. He had couple of old desktop and Laptop with low configurations and one manageable old switch and router, I intended to install Windows server 2012 R2 on them and wanted to show standalone HyperV Demo. I installed and setup server everything was working fine but I wanted to show him HyperV Microsoft Failover Clustering but unable to simulate it, why because all those couple of desktops and laptop had only one NIC card and I required another Network Card for heartbeat purpose. but we didn't want to invest anything on the old. so here Powershell came to our rescue.
In windows server 2012 R2 when installed Hyperv Role and Powershell module, there is a feature you can create multiple virtual ethernet card, and all the traffic flows through single physical network card. Here I wanted to achieve my physical and virtual network card configuration like below diagram, HyperV role must be installed is requirement and Switch port where physical Nic is connected must be trunk if you want to use different subnets. 
Here are the Powershell commands with there parameters I used to setup and configure virtual network cards. First rule open Powershell as administrator.
Note: Running second command in the line can cause server disconnection. hence advised to not use remote desktop instead use ILO, DRAC or make sure you are in the front of server.
##*************************************************************************
Get-NetAdapter
New-NetLbfoTeam -Name "SwTeam" -TeamMembers PhysicalNic -TeamingMode Static -Confirm:$false
New-VMSwitch "VirtualSwitch" -MinimumBandwidthMode weight -NetAdapterName "SwTeam" -AllowManagement $false
Add-VMNetworkAdapter -ManagementOS -Name "Management" -SwitchName "VirtualSwitch"
Set-VMNetworkAdapter -ManagementOS -Name "Management" -MinimumBandwidthWeight 33
Add-VMNetworkAdapter -ManagementOS -Name "HeartBeat" -SwitchName "VirtualSwitch"
Set-VMNetworkAdapter -ManagementOS -Name "HeartBeat" -MinimumBandwidthWeight 33
Add-VMNetworkAdapter -ManagementOS -Name "Storage" -SwitchName "VirtualSwitch"
Set-VMNetworkAdapter -ManagementOS -Name "Storage" -MinimumBandwidthWeight 33
Get-VMNetworkAdapter -All -Name *
Get-NetAdapter
Set-VMNetworkAdapterVlan -ManagementOS -VMNetworkAdapterName "Management" -Access -VlanID 5
Set-VMNetworkAdapterVlan -ManagementOS -VMNetworkAdapterName "HeartBeat" -Access -VlanID 10
Set-VMNetworkAdapterVlan -ManagementOS -VMNetworkAdapterName "Storage" -Access -VlanID 20
Get-VMNetworkAdapterVlan -ManagementOS
##*************************************************************************

Now I will be running one command at a time and whatever I will be setting parameters based on results. First I will be running Get-Netadapter which shows all the Ethernet cards on the my system. As you can see from below screenshot I got only one Physical NIC and it is named as "PhysicalNic", Which I will be require in my next cmdlets.
Now I know, What is my Physical Nic name is, which I am going to use it in next command
Note: Running this command can cause server disconnection. hence advised to not use remote desktop instead use ILO, DRAC, or make sure you are in the front of server.
New-NetLbfoTeam -Name "SwTeam" -TeamMembers PhysicalNic -TeamingMode Static -Confirm:$false
It has created new software switch "SwTeam" and PhysicalNic is part of the Team, Static is the Teaming mode I am using here.
Tip: Incase you have installed HyperV but you are not able to find above command or next command I am going to run below command to install hyperv feature before starting command. HyperV role must be installed before running above commands. 
Install-WindowsFeature Hyper-V-PowerShell
New-VMSwitch "VirtualSwitch" -MinimumBandwidthMode weight -NetAdapterName "SwTeam" -AllowManagement $false
New-VMSwitch cmdlet creates a new virtual switch on one or more virtual machine hosts, Parameter minimumbandwidthMode is weight (weight is a unit (1 to 100) which i will be using in next command.)
Next I will be adding Virtual Network card and to the Host. and it will be using 33 % bandwidth weight of Physical nic. ManagementOS is your main operating system.
Add-VMNetworkAdapter -ManagementOS -Name "Management" -SwitchName "VirtualSwitch"
Set-VMNetworkAdapter -ManagementOS -Name "Management" -MinimumBandwidthWeight 33
Here is next screenshot after creating all the virtual nic cards. 
Next command to verify again what we have deployed. 
Get-VMNetworkAdapter -All -Name *
Get-NetAdapter
The last command is setting Vlan. and verify what settings has been configured. You can change below parameters as per your requirements. 
Tip: Incase you don't have trunk port(I mean your computers are connected to normal switches), do not run below commands, just assign IP directly.
Set-VMNetworkAdapterVlan -ManagementOS -VMNetworkAdapterName "Management" -Access -VlanID 5
Set-VMNetworkAdapterVlan -ManagementOS -VMNetworkAdapterName "HeartBeat" -Access -VlanID 10
Set-VMNetworkAdapterVlan -ManagementOS -VMNetworkAdapterName "Storage" -Access -VlanID 20
Get-VMNetworkAdapterVlan -ManagementOS
Now the last step is assign IP to virtual network cards and verify you can connect them over network, here I will assign IP on Management Network and just will check whether I am able to do RDP to the server. And I am Successful.


Sunday, March 6, 2016

Resolved: The trust relationship between this workstation and the primary domain failed

In my earlier post I knew only 2 commands (Netdom and Test-ComputerSecureChannel) to rejoin computer in domain without restart. One of the user Tim Basten commented on my post that there is one more powershell cmdlet can be used to fix broken computer account without restart. so I tried it and yes it works perfectly.

Reset-ComputerMachinePassword -Credential (Get-Credential)
Once you execute it will ask for your domain admin username and password.
It is fairly simple. I guess their might be more commands available to do same tasks, I know there is one more from command prompt nltest but never used it.

Powershell Rocks, Rejoin computers in domain without restart

Saturday, March 5, 2016

Powershell Rocks, Rejoin computers in domain without restart

I received below error many many times when logging to some critical server and I am stuck. (I am very sure you also must have received this error many times)
The trust relationship between this workstation and the primary domain failed.
Due to this error I cannot login into server with my domain credentials. In old days I had to disjoin this server from domain, reboot and rejoin again. This was big headache for Mission Critical servers. If you like using Powershell for system management it is very easy to rejoin computer account to domain without restarting server. You must have at least Powershell version 3 to use this command which is by default there in windows 2012 server version and windows 8. 

Video how to use Test-ComputerSecureChannel
It is obvious that you can use your domain accounts means you have to use your local administrator account to login, and open powershell as administrator.
Once powershell is fired up you have to just run below command to rejoin computer into domain without restart.

Test-ComputerSecureChannel -Repair -Credential (Get-Credential)

It prompts for username password, It should be domain and should have AD rights. 
It will simply repair broken computer account password on your computer. and will give message True. Once this is done and you can logoff and test logging with your Domain account, This trick has saved me many times when there was restriction on rebooting Server, even plenty of time I used it on my own desktop, so I dont have reboot and I can work undisturbed (I found I can no longer access file servers and other things).
there is old trick for old OS you can use Netdom command (I used to use it on Windows 2008 r2 and lower OS, you can find this netdom 2008 os series by default, for older you can download it from its CD/DVD)
netdom resetpwd /Server:DC /UserD:DomainAdmin /PasswordD:Password
In next blog I found one more command to rejoing computer into domain without reboot.

Resolved: The trust relationship between this workstation and the primary domain failed