by lunarg on September 9th 2021, at 11:25
A while back, Microsoft has introduced new security defaults in Windows 10 and Server 2019, disallowing unauthenticated guest access to shares. While this is a good security best practice, it can also break Samba implementations running on Linux. Older versions of Windows (and versions with this policy disabled) can still access the shares, but with the policy in effect, connections immediately fail.

While it would be possible to disable the policy, it's not a very good idea as it is a potential security flaw. A better solution is to fix it on your Linux Samba server, which can be easily done by completely disabling guest access and enforcing SMB3 and password encryption.

Add these lines t  ...
edited by lunarg on August 18th 2021, at 13:53
Occassionally, the vCenter may run out of disk space on a specific disk, in which case it may become necessary to resize it. While there are many articles written about resizing a disk (like this), VMware also provides a very useful auto-resize script which automatically does the work for you, significantly improving the user experience even to those who are not familiar with resizing partitions and/or LVM in Linux. The best part is that it can be done online, so no need to stop services.

Log on to the vCenter console through SSH or through VMRC using the root account. If you wish to use SSH, you may need to enable it first through VAM.

Determine which virtual disk needs resizing. VCSA use  ...
by lunarg on August 5th 2021, at 10:44
With the release of Chrome (and Edge) version 92, a new feature called CECPQ2 was introduced, hardening the TLS 1.3 keychain against brute-force attacks from quantum computers. Unfortunately, this breaks many SSL scanning (IDS) implementations on security appliances (such as firewalls). A workaround is to either temporarily disable scanning or disable CECPQ2 in the browser through a group policy (or registry key).

To turn off CECPQ2 for Chromium, create the following registry keys:





A browser   ...
by lunarg on July 15th 2021, at 14:50

Occassionally, it may be necessary to perform disk consolidation. If you have a lot of VMs which need consolidation, it can be tedious to do this in the webclient. Fortunately, it's also possible to mass-consolidate via PowerCLI.

Install and log in using PowerCLI.

To show which VM's need consolidation, run:

Get-VM | ? {$_.Extensiondata.Runtime.ConsolidationNeeded}

To actually perform disk consolidation, run:

Get-VM | ? {$_.Extensiondata.Runtime.ConsolidationNeeded} | % {$_.ExtensionData.ConsolidateVMDisks_Task()}
edited by lunarg on June 23rd 2021, at 16:17
Here's a list of common installation options for Cylance. Note that they can also be used with the Cylance Unified installation MSI. Replace <PIDKEY> with the tenant's installation key.

New tenant installation (so Cylance will be running in "learning mode" for a few weeks), where clients are using Windows Defender as the primary AV:

msiexec.exe /i "CylanceProtect_x64.msi" ALLUSERS=1 /qn /norestart /log output.log PIDKEY=<PIDKEY> LAUNCHAPP=1 REGWSC=0

Existing tenant (which is past the "learning period") or a new tenant where clients are using another (supported) anti-virus as the primary AV:

msiexec.exe /i "CylanceProtect_x64.msi" ALLUSE  ...
by lunarg on June 3rd 2021, at 13:34
When deploying Cylance for the first time in a new environment, best practice is to have it run in "audit mode" where Cylance detects but does not act upon it. Of course, this would not be very secure if you don't have another anti-virus in place. Starting from Windows 10 and Server 2016, Windows Defender is automatically installed and active if no other anti-virus product is installed. However, installing Cylance the regular way would result in Windows detecting the presence of Cylance and disabling most of the functionality of Defender. Luckily, you can workaround the issue by having Cylance not register as an anti-virus with Windows Security Center during the installation (or af  ...
by lunarg on May 18th 2021, at 17:57

Starting from Debian 10 ("Buster"), phpMyAdmin no longer exists as a package in the Debian repository. Instead, it needs to be installed manually. I found this article online which seems to explain the process very well:

by lunarg on May 11th 2021, at 08:00

Although 3CX has stopped development of the standalone Mac client, the latest version (although now a bit outdated) still works and is downloadable here: