Thursday, August 5, 2010

VMware virtual machine NIC not working

For a Windows 2003 VM running on ESX appears to be ok, but cannot access the network. The NIC appears to be connected and server is functional, but pings fail.

If you check Windows event viewer, you will see an IPSec error like this:

Event ID 4292: The IPSec driver has entered Block mode. IPSec will discard all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions.

To fix, disable the IPSec service and reboot the VM.

If that does not work, as specified in the MS KB below, you will have to rebuild the registry policy.

To resolve this issue, delete the following registry subkey and then rebuild the policy:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Local

Delete the local policy registry subkey. To do this, follow these steps:

  1. Click Start, click Run, type regedit, and then click OK.
  2. In Registry Editor, locate and then click the following subkey:
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local
  3. On the Edit menu, click Delete.
  4. Click Yes to confirm that you want to delete the subkey.
  5. Quit Registry Editor

Rebuild a new local policy store. To do this, follow this step:

  1. Click Start, click Run, type regsvr32 polstore.dll, and then click OK.
References:
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1000797

http://support.microsoft.com/kb/870910
Posted by at No comments:
Labels: ,

Tuesday, August 3, 2010

Upgrading to SQL 2008

Issue: "Rule "Security Group SID (Security Identifier)" failed." from Upgrade Rules check.

Found solution at referenced link, post by nctmyers...

Basically, you need to make sure the group SID of SQLServer... related local groups match with is in the registry. ie.

SQLServer2005MSFTEUser$ServerName$MSSQLSERVER
SQLServer2005MSSQLUser$ServerName$MSSQLSERVER

Download the free PSTools utilities and use "psgetsid.exe" to display the SIDs for the SQL user groups.
http://technet.microsoft.com/en-us/sysinternals/bb897417.aspx

psgetsid

Then use "regedit" and go to [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\Setup] to see the SIDs for each group...

For example...
AGTGroup="S-1-5-21-2065109431-430523663-1844936127-1037"
FTSGroup="S-1-5-21-2065109431-430523663-1844936127-1039"
SQLGroup="S-1-5-21-2065109431-430523663-1844936127-1038"
ASGroup="S-1-5-21-2065109431-430523663-1844936127-1040"

Replace any SIDs that do not match the local group SIDs found with psgetsid and re-run on the SQL 2008 Upgrade Rules page.

Reference: http://social.msdn.microsoft.com/forums/en-US/sqlsetupandupgrade/thread/0ca885d2-cd8d-4815-a258-d2962d477c35
Posted by at 2 comments:
Labels: , , ,
Subscribe to: Posts (Atom)