Recovering an ESXi host with the state archive….

I had the joy of dealing with the USB drive which hosts my ESXi host’s OS and configuration go bad, and naturally without a backup of the configuration.

I did manage to recover enough of the drive to gain access to the “state” archive which contains the host configuration (this is stored as state.tgz).

The following steps will go over how to restore the files located in the state archive to be able to run the host in its original pre-failure state. This will NOT cover how to recover state.tgz from a failed drive as there are far too many variables to be able to cover the different ways of recovery. It is highly recommended to work with copies of all data being manipulated and not the original version. All steps below are to be tested in a lab environment and extreme caution should be used when attempted in production environments.

1. Install ESXi on the host with new media. Steps for this can be found here. To make this easier, configure the host to the point of having username/password and network connectivity. I recommend using a different IP address and username/password combination from the original failed host so that way you can verify the restored configuration takes affect.

2. Copy state.tgz to a directory on the ESXi host such as /tmp I used WinSCP, but you are welcome to whatever method is desired.

3. Navigate to the location state.tgz is stored and extract the contents (local.tgz): Step3

4. Verify if local.tgz is already located in your root directory and rename it if it is:Step 4

5.  Copy the local.tgz file from /tmp to the root directory:Step 5

6. Extract the contents of local.tgz with tar -xvzf local.tgz:Step 6

7.  Run auto-backup.sh to have the extracted contents replaced with the current host’s configuration:Step 7

8. Reboot and verify your failed host has its settings restored:step-8

9. Setup proper backups for your virtual and physical server environment!  (Not included in this post).

 

Happy labbing!

Advertisements

Hiding (filtering) a specific user from reporting in Cisco ISE

I ran into an interesting problem preparing for an 802.1x deployment – the authentications report in Cisco ISE was full of all the network devices checking to make sure ISE was still available (health checks). As seen below the load balancer’s keep alive fill the logs pretty much on their own, imagine trying to troubleshoot a login issue!1 YUCK!

Something else I found interesting that my Google Foo (or knowledge of ACS and how to filter out a certain user) was no match for trying to find a solution for my issue. Because of this, I decided a quick how-to on this would be helpful (I can’t be the only person who will want to filter out such an annoying problem).

First Navigate to Administration > System > Logging:2

Once in the System Settings for Logging, navigate to “Collection Filters”:3

At this point, the rest is pretty straight forward. But for completeness I am going to finish the whole process, so click “Add”:4

After that just fill in the type of attribute you want to filter (Username, Policy Set Name, NAS IP Address, Device IP Address, or MAC Address), the Value for the selected attribute, and the Filter Type (Filter All, Filter Passed, FIlter Failed, or Bypass Suppression [with time limit]). Finally, click “Submit”!

5

For me, it made the most sense to filter the username used for the monitors, and to only filter on passes for that username. This allows me to use the least amount of filters, and if a health monitor fails for any reason will show up in the reporting still.

Final result (don’t mind the old logs, I was too impatient to wait for them to clear):

6

Happy troubleshooting!