Backtrack:  
 
showing all posts
 
by lunarg on March 25th 2019, at 13:33
You can reset the root password of any (recent) VMWare appliance, such as the vCenter Server Appliance (VCSA), or Platform Services Controller (PSC) by following the procedure outlined here. Note that you will need to have physical or console access to perform the reset. The reset also requires a restart of the appliance so you'll need to schedule downtime for it.

First of, take a snapshot or backup of the virtual appliance before proceeding. In case the reset should fail, you'll always have a backup to go back to.

Restart the appliance. Right after the BIOS screen, the PhotonOS splash screen will appear for a few seconds.

During this time, press e to enter the GNU GRUB edit menu, allowin  ...
by lunarg on March 25th 2019, at 12:15
You can change the default shell (used when logging on with VMRC or through SSH). By default, this is set to the appliance shell, providing limited functionality. If you rather have BASH as the default shell, you can switch this.

Log on through SSH or VMRC with the root account.

If shell access hasn't been activated yet, run this first:

shell.set --enabled true

If you are running the appliance shell, type shell to launch the BASH shell.

In the BASH shell, at the prompt, type the following to change the default shell to BASH (instead of the appliance shell):

chsh -s /bin/bash root

You'll need to log out for the changes to take effect. The next time you log in, you will log on directly   ...
by lunarg on March 21st 2019, at 12:24
The quickest way to enable auto-logon on Ubuntu 16.04+ and Debian (which are using systemd for management of their services) is by creating an override for the getty service, specifically for tty1 (or another tty if you prefer).

First, determine which tty you wish to have the auto-logon on. These are the terminals linked to the Alt+Fn keys, so tty1 = Alt+F1, tty2 = Alt+F2. The default is always tty1.

Next, create an override by typing:

sudo systemctl edit getty@tty1.service

This will open up a text editor where you can adjust the parameters like so:

[Service]ExecStart=ExecStart=-/sbin/agetty --noissue --autologin myusername %I $TERMType=idle

Replace myusername with the account you wish  ...
by lunarg on March 18th 2019, at 12:45
If you wish to use TLS, or are using TLS authentication in a Office 365 Hybrid environment, and have manually changed or renewed the SSL certificate, you may still get errors about unable to initiate the TLS session (STARTTLS), even though the SSL certificate has been correctly renewed. Just setting the SSL certificate to be used with SMTP is not enough to make TLS work correctly. You also need to (re-)configure the TLS certificate name on your receive connectors.

As stated by the manual:

TlsCertificateName
The TlsCertificateName parameter specifies the X.509 certificate to use with TLS sessions and secure mail. Valid input for this parameter is [I]Issuer[S]Subject. The Issuer value is fou  ...
by lunarg on March 13th 2019, at 13:49

Currently, it is not possible to configure the DNS suffix (search domain) for SSL VPN and IPSEC tunnels through the GUI, but it can be configured using the CLI.

For SSLVPN:

config vpn ssl settings
set dns-suffix example.com example.org
end

For IPSEC:

config vpn ipsec phase1-interface
set domain example.com
end

Changes are effective immediately. After configuring the setting, users will be able to resolve names using single names instead of FQDN.

by lunarg on February 8th 2019, at 10:04

An excellent TechNet-article explained how rules are evaluated in Windows Firewall, specifically in what order and which rules take precedence over others.

https://social.technet.microsoft.com/wiki/contents/articles/13894.troubleshooting-windows-firewall-with-advanced-security-in-windows-server-2012.aspx#Rules_are_evaluated_in_a_specific_order

by lunarg on February 8th 2019, at 10:02

If for some reason the deployment of the VMWare vConverter agent fails, you can also copy the installer to the machine you wish to P2V and manually install it.

On the machine VMWare vConverter is installed, navigate to the location where it's installed (by default: C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone), and look for the file VMware-Converter-Agent.exe. Copy over this file over to the target machine and run it to install the agent. Accept the defaults, including the TCP-port (unless your setup requires you to change it). Once finished, a service will have been installed and you will be able to connect to it using vConverter.

by lunarg on February 2nd 2019, at 15:44
You can disable password expiration from the command-line when logging on using SSH or by enabling the Bash shell. Note that you will need root privileges (i.e. root account) to make this change.

If shell access is not enabled, you need to enable it first:

Log on to the appliance management portal: https://ip-or-fqdn:5480/.

In the Navigator, click on Access. On the right side (Access Settings), click on the Edit button.

Tick the box next to Enable SSH Login for remote access, or if you rather prefer making the change through the VMRC, check the box Enable BASH Shell. Then click OK. The change is effective immediately.

Log on to the shell using either SSH (using PuTTY or another applicat  ...
by lunarg on January 29th 2019, at 12:03

Found this article online about how vSphere virtualizes NUMA and how this is relevant to the configuration of vCPUs in your VMs:

https://www.opvizor.com/decoupling-of-cores-per-socket-from-virtual-numa-topology-in-vsphere-6-5

by lunarg on January 11th 2019, at 10:04

In the event of migrating your old vCenter Server to a new version (or from Windows to the appliance), it may become necessary to first clear out old historical data. Not only will this speed up the migration process considerably, it will also prevent certain issues which may block the migration from completing successfully.

VMWare provided a KB with database scripts which allow you to selectively purge historical data and decreasing the database size: KB 2110031.

by lunarg on January 11th 2019, at 09:06

The Barracuda VPN Client does not work properly on macOS Mojave: after connecting the VPN, the UI crashes and restarting it immediately makes it crash again. The VPN tunnel itself does work, but other than manually killing the process (kill -9), it is not possible to terminate the tunnel (other than rebooting of course).

An updated version of the client, Barracuda VPN Client 5.0.2.5 for macOS is available which resolves these issues.

by lunarg on January 4th 2019, at 16:40
Handbrake offers the ability to convert copy-protected DVD's (aka "rip") too. It is not able to do this out of the box, but instead, relies on a specific library called libdvdcss. This library is installed by default when you also use VLC media player, but a version compatible with Handbrake is also available for download.

For Mac OSX, an installer was made available to easily install the library and have Handbrake use it, but due to the write-protection of system folders, introduced with macOS High Sierra, this method no longer works. As a result, it became difficult to use Handbrake. Fortunately, there are a number of workarounds and other methods of installing the library, whic  ...
by lunarg on December 20th 2018, at 15:10
On Windows Server 2016, when attempting to enter a full edition product key on an evaluation edition, you will get the error: "This edition cannot be upgraded". Fortunately, you can workaround the issue by "upgrading" via DISM (a built-in command-line tool).

Note that you will have to reboot the server when performing the upgrade, so schedule some downtime for it. Also, you cannot only convert full GUI versions of Windows Server. Server Core or Nano Server cannot be upgraded. Additionally, if you have the ADDS role installed, you need to uninstall this role before performing the upgrade.

Start an elevated command prompt, then type in the commands listed below.

First, m  ...
by lunarg on December 20th 2018, at 11:17
Starting or stopping the SSH service on multiple ESXi hosts can be a tedious job when having to do this via the vSphere (Web)Client. Fortunately, you can also use PowerCLI to start/stop services quickly. With a little scripting, you can expand this to start/stop services on a set of hosts, a cluster, or the entire vCenter.

First, start PowerCLI and make a connection to the vCenter. For automation, you can use something like this (note that you have to add code for credentials, if needed):

if (-not (Get-PSSnapin VMware.VimAutomation.Core -ErrorAction SilentlyContinue)) { Add-PSSnapin VMware.VimAutomation.Core | Out-Null }Connect-VIServer vcenter.domain.local

Once that's done, you can ga  ...
by lunarg on November 20th 2018, at 12:23

A nifty little feature of the Yealink IP Phones the ability to display the contents of the LCD via the management page.

Access the web management page, and after authenticating, change your browser URL to http://IP_of_phone/screencapture. Refresh the browser to update the capture.

This works on the following models: SIP-T48G, SIP-T46G, SIP-T42G, SIP-T41P, SIP-T29G, SIP-T28P, SIP-T27P, SIP-T26P, SIP-T23G, SIP-T23P, SIP-T22P, SIP-T21P E2.

by lunarg on November 19th 2018, at 11:07

The following default passwords are used for HP 3PAR storage systems:

UsernamePasswordUsed for
3paradm3pardataManagement port (MGMT) for admin control
Setupusr / root(blank)SP initial default credentials (before config)
Spvar3V#rparSP default credentials (after config)
3parcust3parInServSP default credentials, meant for customers to use
by lunarg on October 26th 2018, at 13:29

You can easily update your vCenter Server Appliance (VCSA) offline by downloading a product patch ISO and via the CLI.

Download the latest patch from VMware Patch Download Center. Select VC from the Search by Product drop-down menu, then select the correct version (i.e. 6.0 or 6.5). Download the patch ISO and attach it to the VCSA.

Log in to the shell (using SSH or VMRC) and initiate the update:

  1. Stage the ISO updates:
    software-packages stage --iso --acceptEulas
  2. Optionally, you can view the list of packages to be updated:
    software-packages list --staged
  3. To install the updates, run:
    software-packages install --staged

After the update has finished, you will have to reboot the VCSA.

by lunarg on October 22nd 2018, at 10:35
Barracuda NG Firewall has a comprehensive anti-malware and anti-virus scanning engine. Unfortunately, this clashes with the Apple Appstore: downloading apps and updates get blocked by the AV scanning engine. In order to resolve this, the URLs from Apple need to be excluded.

Using NGAdmin, log on to the firewall (or Control Center), navigate to the Virus-Scanner service of the firewall, and open the Virus Scanner Settings configuration node.

Click on Content Scanning and under the HTTP Multimedia Streaming section, add a new Scan Exception.

Enter a name for the exclusion, then enter these values:

Allowed MIME-Types: add the value *

Domain: *.apple.*

Setting the allowed MIME-type to * is  ...
by lunarg on September 27th 2018, at 11:38
It is best practice not to have an ISO mounted on a VM if it is not necessary. This is especially the case with VDI: if you forget to set the optical drive back to client, each of your desktops will have the ISO mounted as well, which can create a hassle with dependencies on the datastore where the ISO is located.

With PowerCLI, you can quickly resolve the matter with this one-liner:

Get-VM | Get-CDDrive | Where {$_.ISOPath -ne $null} | Set-CDDrive -NoMedia -Confirm:$false

For VDI, note that this will not work for replicas and master images containing snapshots, as the dependency remains intact if a snapshot exists where the ISO was still mounted. In that case, it is better to clone the m  ...
by lunarg on September 27th 2018, at 10:35

Similar as on FreeBSD and Linux, you can add/remove static network routes through the command line with the route command. The syntax somewhat differs from Linux, though.

To add a route (e.g. subnet 192.168.3.0/24 to gateway 192.168.1.254):

sudo route -n add -net 192.168.3.0/24 192.168.1.254

To remove a route:

sudo route -n delete -net 192.168.3.0/24

To show the current route table, you can use netstat:

netstat -nr
 
showing all posts