Set SPN if Kerberos authentication not works or if using an DNS alias for a CIFS Share on NetApp

Our example CIFS SVM has the name SVM1 and is joined in Active Directory with the CIFS name SVM1 as well. We then need a DNS alias for CIFS access which is CIFSSHARES.DOMAIN.LOCAL.

# We had to set the Service Principal Name if the use of a DNS alias like in the example is needed or the output for the cifs sessions shows NTLM2 instead of Kerberos:

Node: NODE1
Vserver: SVM1
Session ID: 1
Connection ID: 12984403
Incoming Data LIF IP Address: 192.168.1.10
Workstation IP address: 192.168.50.101
Authentication Mechanism: NTLMv2
Windows User: DOMAIN\USER
UNIX User: pcuser
Open Shares: 1
Open Files: 0
Open Other: 0
Connected Time: 1d 14h 16m 52s
Idle Time: 28s
Protocol Version: SMB2_1
Continuously Available: No
Is Session Signed: false

# The SPN can be set and viewed with the setspn.exe utility on the domain controller servers like this:

setspn.exe -A HOST/CIFSSHARES SVM1

setspn.exe -A HOST/CIFSSHARES.DOMAIN.LOCAL SVM1

C:\Users\administrator.DOMAIN>setspn.exe -l SVM1
Registered ServicePrincipalNames for CN=SVM1,CN=Computers,DC=DOMAIN,DC=LOCAL:
HOST/CIFSSHARES.DOMAIN.LOCAL
HOST/CIFSSHARES
HOST/SVM1.DOMAIN.LOCAL
HOST/SVM1

# After setting the correct SPN entry the output of cifs sessions should be like this:

Node: NODE1
Vserver: SVM1
Session ID: 1
Connection ID: 263802468
Incoming Data LIF IP Address: 192.168.1.10
Workstation IP address: 192.168.50.101
Authentication Mechanism: Kerberos
Windows User: DOMAIN\USER
UNIX User: pcuser
Open Shares: 5
Open Files: 11
Open Other: 0
Connected Time: 3h 25m 46s
Idle Time: 35s
Protocol Version: SMB2_1
Continuously Available: No
Is Session Signed: false

Reference Site from NetApp:
https://kb.netapp.com/support/index?page=content&id=1013601&pmv=print&impressions=false

4 awesome PowerCLI Commands

Here are some useful PowerCLI Commands:

#Get all VirtualPortGroups and Loadbalance Policy
Get-VirtualPortGroup | ft Name, @{Label=”LoadbalancingPolicy”; Expression = { $_.ExtensionData.config.defaultportconfig.uplinkteamingpolicy.policy.value}}

#Get all VirtualPortGroups which are not IP-Hash
Get-VirtualPortGroup | ? { $_.ExtensionData.config.defaultportconfig.uplinkteamingpolicy.policy.value -ne “loadbalance_ip” }

#Get all VMs with CDROM attached
Get-VM | FT Name, @{Label=”ISOfile”; Expression = { ($_ | Get-CDDrive).ISOPath }}

#Get all VMs with Snapshots
Foreach($vm in get-vm){ get-snapshot $vm |select VM,Name,Description,Created}

Performance Charts service returned an invalid response

When I wanted to check the performance of a datastore I got the following error message:test

I am using vSphere Appliance 6.0 with Update 1.
This problem occurs with my domain account only and not with the administrator@vsphere.local account.

There is an easy way to fix this.
# SSH to the vCenter Appliance and enter the following two commands:

shell.set –enabled true
shell

# Go to the directory /usr/lib/vmware-perfcharts/tc-instance/conf/. Add the option maxHttpHeaderSize=”65536″ to your server.xml as follows (don’t forget to make a backup of the server.xml file):

<!– IPv4 configuration –>
<Connector address=”127.0.0.1″
acceptCount=”300″
maxThreads=”300″
connectionTimeout=”20000″
executor=”tomcatThreadPool”
maxKeepAliveRequests=”15″
port=”${bio.http.port}”
maxHttpHeaderSize=”65536″
protocol=”org.apache.coyote.http11.Http11Protocol”/>
<!– IPv6 configuration –>
<Connector address=”::1″
acceptCount=”300″
maxThreads=”300″
connectionTimeout=”20000″
executor=”tomcatThreadPool”
maxKeepAliveRequests=”15″
port=”${bio.http.port}”
maxHttpHeaderSize=”65536″
protocol=”org.apache.coyote.http11.Http11Protocol”/>

# Then simply restart the performance charts daemon:

service-control –stop vmware-perfcharts
service-control –start vmware-perfcharts

This issue should be resolved in vCenter Server 6.0 Update 2.

This Knowledge Base article is for Windows vCenter Server only but applies to Appliance as well:
https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2131040