Xenserver has no Local Storage

I added some new disks to a couple of HP servers including a 1RU stand-alone and a blade server recently, but in the end the fresh Xenserver has no Local Storage. Installing Xenserver 6.5 seemed to complete as expected, except that when I looked at the new server there was no Local Storage.

A DVD drive and a USB Removable device were recognised correctly.

I am still not clear on why it did not complete the process of preparing the Local Storage, but the following process resolved it for me.

Postscript: I then went to the second blade server and found a different config partly completed during the install resulting in the same issue but a different method to address it. See my other post Xenserver install without Local Storage.

In a nutshell, Xenserver Dom(0) was installed but did not configure the rest of the disk as a usable device.

Step 1. From the console identify the host uuid like this for the test server DS3001:

# xe host-list
uuid ( RO)                : 4c2e3091-502f-47b8-8f64-64e8feba806b
name-label ( RW): DS3001
name-description ( RW): Default install of XenServer

Step 2. Find the partition/drive configuration:

# cat /proc/partitions
major minor  #blocks  name

7        0      57216 loop0
104        0  292935982 cciss/c0d0
104        1    4193297 cciss/c0d0p1
104        2    4193297 cciss/c0d0p2
104        3  284546333 cciss/c0d0p3
104       16  976729816 cciss/c0d1         <<—  this is the one we want as it is the largest partition
11        0    1048575 sr0
11        1     589594 sr1
8        0 1953514583 sda
8        1 1953513559 sda1
8       16 1953514582 sdb
8       17 1953512534 sdb1

and then get the UUID :

# ls -lah /dev/disk/by-id
total 0
drwxr-xr-x 2 root root 180 Jul  6 12:29 .
drwxr-xr-x 7 root root 140 Jul  6 12:29 ..
lrwxrwxrwx 1 root root  16 Jul  6 12:29 cciss-3600508b100103231372020202020000f -> ../../cciss/c0d0
lrwxrwxrwx 1 root root  16 Jul  6 12:29 cciss-3600508b1001032313720202020200010 -> ../../cciss/c0d1

Step 3. Fill in the uuid and the device in to the following command:

# xe sr-create content-type=user device-config:device=/dev/disk/by-id/<cciss-xxxxxxxxxxxxxxxxxxxxxxxxx> host-uuid=<host-uuid> name-label=”Local Storage 2” shared=false type=lvm

Using the examples, to create:
# xe sr-create content-type=user device-config:device=/dev/disk/by-id/cciss-3600508b1001032313720202020200010 host-uuid=4c2e3091-502f-47b8-8f64-64e8feba806b name-label=”Local Storage” shared=false type=lvm

Run that command on Dom(0) console and the new Local Storage will appear in XenCenter.




At least one other site is using the same HTTPS binding

“At least one other site is using the same HTTPS binding …..”  is a prompt that every Windows Server IIS administrator has come across at some point.  It arises when trying to change or update an SSL certificate on Windows server IIS platform where there are multiple websites and potentially multiple certificates.

Multiple Sites Using Same IP and SSL

Multiple sites sharing an IP address use a process of host-header recognition in order to accept the in-bound connection. Where this is on port 80 (http) there is no issue.

However, with port 443, the IP address and port number are also bound to a certificate and changing one site certificate will impact all the other sites on the same IP address and port combination. Hence the following Alert (error) message is displayed.

IIS SSL Multiple Sites Alert

IIS SSL Multiple Sites Alert

Accepting or rejecting really depends on your server and what sites and certificates are actually in use. However, this may impact on the other sites and my past experience has been that other sites can be left in an unstable state either without a binding, a certificate, or a mix-up on which certificate.

Change SSL Certificate for Multiple Sites

Use the following steps to prepare manual change at the command line in order to avoid the above error message and address all sites using the same IP address : port and certificate at the same time.

All the detailed information has been sanitised to use dummy data, you will need to substitute the relevant information for your certificates and server.

First examine the certificates in use opening a command prompt – this is all read activity so Run as Administrator is not required, yet.

certutil -store My

This will display lists of certificates and applications like the following. I selected the 2 that I was looking for as follows:

the old certificate – based on NotBeforeDate – you need the highlighted hash from each certificate

================ Certificate 7 ================
Serial Number: 1234567890abcdef1234567890abcdef1234
Issuer: CN=AlphaSSL CA – G2, O=AlphaSSL
NotBefore: 01/01/2014 11:27 AM
NotAfter: 31/12/2016 11:27 AM
Subject: CN=*.yourdomain.tld, OU=Domain Control Validated
Non-root Certificate
Cert Hash(sha1): 12 34 56 78 90 ab cd ef 12 34 56 78 90 ab cd ef 12 34 56 78
Key Container = 12345a8277cd156abcd09d20dcba5c31_g3239vv5-8181-1234-b6ba-bbbb
Provider = Microsoft RSA SChannel Cryptographic Provider
Encryption test FAILED
CertUtil: -store command completed successfully.

and the new certificate – based on NotBeforeDate

================ Certificate 4 ================
Serial Number: 67890abcdef12341234567890abcdef12345
Issuer: CN=AlphaSSL CA – SHA256 – G2, O=GlobalSign nv-sa, C=BE
NotBefore: 01/01/2015 9:02 AM
NotAfter: 31/12/2016 11:27 AM
Subject: CN=*.yourdomain.tld, OU=Domain Control Validated
Non-root Certificate
Cert Hash(sha1): 78 90 ab cd ef 12 34 56 78 90 ab cd ef 12 34 56 78 12 34 56
Key Container = 1234abcd54d7161def4863d4d6b96633_f3239aa5-8080-1234-b6ba-abcd
Provider = Microsoft RSA SChannel Cryptographic Provider
Encryption test FAILED

Next, identify the ip address that is in use and, assuming that standard https is being used, port 443. This could be done by checking within IIS first to check which common IP address is being used.

netsh http show sslcert

Which will show all the ssl certificate bindings, or if you know which ipaddress, then be selective

netsh http show sslcert ipport=

Will show the results like:

SSL Certificate bindings:
————————-IP:port                 :
Certificate Hash        : 1234567890abcdef1234567890abcdef12345678
Application ID          : {34567812-3456-7890-abcd-ef123456789d}
Certificate Store Name  : MY
Verify Client Certificate Revocation    : Enabled
Verify Revocation Using Cached Client Certificate Only    : Disabled
Usage Check    : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout   : 0
Ctl Identifier          : (null)
Ctl Store Name          : (null)
DS Mapper Usage    : Disabled
Negotiate Client Certificate    : Disabled

The application ID is what is needed from the above but check that the correct certificate hash (the old one) is associated with this binding.

Now select all the relevant information from the results as shown

Old certificate hash (with spaces removed)


New certificate hash (with spaces removed)


and the AppID


The following two steps will need a new elevated command window selected with ‘Run as Administrator’

Delete old binding

netsh http delete sslcert ipport=

Then add new using hash and appid

netsh http add sslcert ipport= certhash=7890abcdef1234567890abcdef12345678123456 appid={34567812-3456-7890-abcd-ef123456789d}

which should result in

SSL Certificate successfully added

And finally if you want to check that it has been applied

netsh http show sslcert | findstr /R "7890abcdef1234567890abcdef12345678123456"

or to check that the old certificate hash is not still in use on another ipaddress:port binding use the above with the old certificate hash.


Reference: http://serverfault.com/questions/610841/replace-wildcard-certificate-on-multiple-sites-at-once-using-command-line-on-i

Windows RDS Stand-alone Server per User

When installing Windows RDS stand-alone server per user should not be used on a workgroup based server, i.e. there is no domain to authenticate the “per User” users.

There is a warning about it when adding licenses but it does not prevent you from adding them in per User mode.

While it seems odd that this is an issue when there is still Local User authentication available, it is apparently the case and the RDS server will not provide access, or at least will not assign licences. That said, I have not tried it in that mode.

The good thing is that you can change from per User to per Device at any time with the RD Licensing Manager using the Convert Licences option.


Converting licences can be done in either direction at any time so swapping is permitted.

Deploy RDS on a stand-alone Windows 2012 Server

Looking to deploy RDS on a stand-alone Windows 2012 Server I found a wealth of information where the authors make the assumption that you will use an Active Directory / Domain connected server.

A Microsoft team blog reference makes what I consider to be a fatal assumption in this reference RD Quick Start on a Domain Connected Server in stating that the instructions are suited to a small office deployment or as a proof of concept deployment. My take on a proof of concept is that a domain configuration is a lot of extra work for little value.

So I searched some more and arrived at Ryan Mangans’ blog and his post on the simple Setup Windows stand-alone RDS server.

Deploy RDS on a stand-alone Windows 2012 Server

Assumption: Using a single server for a small office and limited user environment.  A larger office, more users, more management option would require more than 1 server and separation of server roles.

Two methods depending on the server status of domain connected or stand-alone.

Deploy RDS on a stand-alone Windows 2012 Server using Role Based installation

This installation method assumes that the server is not connected to a domain.

Ref: http://ryanmangansitblog.com/2013/10/30/deploying-a-rdsh-server-in-a-workgroup-rds-2012-r2/

1. Using the Add Roles & Features Wizard

2. Deploy the RDS 2012 Session Host Role and the RDS licencing role

3. This will provide the role of Remote Desktop Services and 2 role services of Session Host and Desktop Licensing.

This method will not provide some features for management that are commonly referenced for ‘best practice’ as the vast majority of documentation assumes a domain based server has been used.

Deploy RDS on Domain connected Windows 2012 Server

As per the heading this installation assumes that the server is domain connected with an Active Directory. These steps are taken from the Microsoft reference and are included here for comparison to the above stand-lone server deployment method.

Ref: http://blogs.technet.com/b/askperf/archive/2015/04/09/remote-desktop-services-rds-2012-session-deployment-scenarios-quick-start.aspx

1. On the server that will become the Connection Broker, logon with a domain account that is an administrator and start Server Manager. From Manage menu item, select Add Roles and Features.

2. Select Remote Desktop Services installation.

3. Select Quick Start.

4. Select Session-based desktop deployment.

5. Add your local server to the Selected list for Specify RD Connection Broker server.

6. On the Confirm Selections dialog, check Restart the destination server automatically if required.

7. The RDS session deployment will now begin the install to all the servers and components selected. A progress dialog will be shown and the server will reboot.

8. After reboot, log in and the progress dialog will be shown again and installation will continue.

9. After installation is complete, in the Server Manager Dashboard, there will be a Remote Desktop Services role listed in the left navigation pane.

10. Selecting Remote Desktop Services will display the Overview of the new deployment. From this page, the next steps would be to add / specify both the license server and RD Gateway if needed.