Orphaned VM in VMWare 6.5

Posted by robd on January 24, 2019
vmware / No Comments

Had an issue where I’d deleted a VMDK from a LUN and was left with orphaned VM in vSphere, no problem I thought…right click and remove from inventory.  The problem is, all options were greyed out:

So what to do?

Enable SSH on the host.

Connect wit Putty and run:

List all registered VMs

vim-cmd /vmsvc/getallvms

Then to unregistered:

vim-cmd /vmsvc/unregister <id>

 

Tags: , , ,

Group Policy for TPM 1.2 and 2.0

Posted by robd on January 23, 2019
Encyrption / No Comments

We have two GPO’s one for TPM 1.2 and one for TPM 2.0, the reason being is TPM 1.2 is not compataible with 256 encryption.

 

Here’s a handy table Dell have produced:

https://www.dell.com/support/article/us/en/04/sln312590/tpm-12-vs-20-features?lang=en

Algorithm Type Algorithm Name TPM 1.2 TPM 2.0
Asymmetric RSA 1024 Yes Optional
RSA 2048 Yes Yes
ECC P256 No Yes
ECC BN256 No Yes
Symmetric AES 128 Optional Yes
AES 256 Optional Optional
Hash SHA-1 Yes Yes
SHA-2 256 No Yes
HMAC SHA-1 Yes Yes
SHA-2 256 No Yes

 

We then use WMI filtering to distinguish TPM 1.2 from 2.0.

 

The TPM 1.2 WMI filter:

Namespace:

root\cimv2\security\microsofttpm

Query:

Select * from win32_tpm WHERE SpecVersion like "%1.2%"

 

The TPM 2.0 WMI filter:

Namespace:

root\cimv2\security\microsofttpm

Query:

Select * from win32_tpm WHERE SpecVersion like "%2.0%"

 

Tags: , ,

Client Connecting to WLAN on Cisco WLC

Posted by robd on January 22, 2019
Wireless / No Comments

Hi All,

Had a issue with users connecting to a WLAN on the virtual controller i.e. my mobile phone (94:65:2d:29:00:00) wouldn’t connect to standard PSK SSID.

So I ran the following on the console:

debug client 94:65:2d:29:00:00

Then tried to connect and had the following results:

(Cisco Controller) >*apfOpenDtlSocket: Jan 22 08:52:43.645: 94:65:2d:29:00:00 Recevied management frame ASSOCIATION REQUEST on BSSID f8:0b:cb:43:15:bb destination addr f8:0b:cb:43:15:bb
*apfOpenDtlSocket: Jan 22 08:52:46.278: 94:65:2d:29:00:00 Recevied management frame ASSOCIATION REQUEST on BSSID f8:0b:cb:43:15:bb destination addr f8:0b:cb:43:15:bb
*apfMsConnTask_6: Jan 22 08:52:46.278: 94:65:2d:29:00:00 Processing assoc-req station:94:65:2d:29:00:00 AP:f8:0b:cb:43:15:b0-01 ssid : GUEST thread:a513f80
*apfMsConnTask_6: Jan 22 08:52:46.278: 94:65:2d:29:00:00 Station: 94:65:2d:29:00:00 trying to join WLAN with RSSI -50. Checking for XOR roam conditions on AP: F8:0B:CB:43:15:B0 Slot: 1
*apfMsConnTask_6: Jan 22 08:52:46.278: 94:65:2d:29:00:00 Station: 94:65:2d:29:00:00 is associating to AP F8:0B:CB:43:15:B0 which is not XOR roam capable
*apfMsConnTask_6: Jan 22 08:52:46.278: 94:65:2d:29:00:00 Association received from mobile on BSSID f8:0b:cb:43:15:ba AP ISE-TEST-AP
*apfMsConnTask_6: Jan 22 08:52:46.278: 94:65:2d:29:00:00 Station: 94:65:2d:29:00:00 trying to join WLAN with RSSI -50. Checking for XOR roam conditions on AP: F8:0B:CB:43:15:B0 Slot: 1
*apfMsConnTask_6: Jan 22 08:52:46.278: 94:65:2d:29:00:00 Station: 94:65:2d:29:00:00 is associating to AP F8:0B:CB:43:15:B0 which is not XOR roam capable
*apfMsConnTask_6: Jan 22 08:52:46.278: 94:65:2d:29:00:00 Global 200 Clients are allowed to AP radio
*apfMsConnTask_6: Jan 22 08:52:46.278: 94:65:2d:29:00:00 Max Client Trap Threshold: 0 cur: 19
*apfMsConnTask_6: Jan 22 08:52:46.278: 94:65:2d:29:00:00 Rf profile 600 Clients are allowed to AP wlan
*apfMsConnTask_6: Jan 22 08:52:46.278: 94:65:2d:29:00:00 Max client(60) reached on WLAN. Sending assoc resp failure with reason code 17(max_sta)

The bottom line looked like the issue was a client connection limit per WLAN so I had a look on the console and found:

 

Changed it to 0 and BOOM.

Tags: ,

Azure – Linux – Change the time and time zone

Posted by robd on December 22, 2018
Linux, Server / No Comments

As you may have seen we have a Linux server in Azure running some weird stuff, anyhow the time was off screwing with reports and what not, so had to fix it.  Here’s what I did:

First, SSH onto the server and logon.

Check the time:

timedatectl

Find the timezone you would like:

ls /usr/share/zoneinfo/

Now change it:

sudo timedatectl set-timezone Asia/Dubai

Check it again:

timedatectl

Example:

Tags: , ,

Work Folders – more fun

Posted by robd on December 20, 2018
Work Folders / No Comments

Recently set up more work folder syncs, seemed to work well then tragedy happened and it broke….well it broke for one sync share and all its users:

The Windows Sync Share service failed to setup a new sync partnership with a device. Database: \\?\H:\userfiles\SyncShareState\userfiles\Metadata; User folder name: \\?\H:\USERFILES\WORKFOLDERS\Kev.Man; Error code: (0x80070002) The system cannot find the file specified.

The disks on the server are setup as a cluster, so failed the disks to the second cluster which has worked in the past i.e. force the sync service to start again…no luck.

So next I found a reg setting that will allow Work Folders to support up to 16 Sync Shares per Work Folders server.

The default number of JET databases that can be opened simultaneously is 16 per server.

You can increase the number of JET databases by creating the EseParameterSettings registry value under the following key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SyncShareSvc\Settings

Value: EseParameterSettings
Type: REG_MULTI_SZ
Data:

[GLOBAL]
JET_paramMaxInstances=1024

For JET_paramMaxInstances, the maximum value is 1024.

After creating the registry value, restart the Windows Sync Share (SyncShareSvc) service.

This is where I had some more issues.  The service just said “Stopping”, so fix this looked at the service and its called “svchost.exe”:

Looking in task managed there’s loads of svchost.exe files so check what the service is running as and then end the task that is accosicated to that user:

Boom, service stopped.

Start it up again…..no luck.

So at this point I was irritated, so I renamed the sync share folder and deleted the syncshare:

Remove-SyncShare -name userfiles

After that I re-created the folder and setup the share, PAYING VERY CLOSE ATTENTION TO THE FOLDER PERMISSIONS!!!

Then created the share:

New-SyncShare -Name "userfiles" -Path "H:\userfiles\workfolders_root" -User "bohemiamgrove\Workfolders Users" -RequireEncryption $false -RequirePasswordAutoLock $false

Well it still wasnt working, so I logged on as one the users and manually created their folder in the share location and all of a sudden it started working….I’m going to test a new user shortly to see if it creates the folders itself.

Tags:

Azure – Linux OS Partition

Posted by robd on December 15, 2018
Server / No Comments

Had an annoying issue where the OS disk on a linux server (hosted on Azure) was partitioned too small:

This disk is 30GB but has loads of free space::

Disk /dev/sda: 136.4 GB, 136365211648 bytes, 266338304 sectors

Then partition /dev/sda2 on the disk: 

Device Boot      Start         End      Blocks   Id  System

/dev/sda2         1026048    62914559    30944256   83  Linux

Feespace:

Number  Start   End     Size    Type     File system  Flags

        16.4kB  1049kB  1032kB           Free Space

1      1049kB  525MB   524MB   primary  xfs          boot

2      525MB   32.2GB  31.7GB  primary  btrfs

        32.2GB  136GB   104GB            Free Space

Here’s how I managed to grow the disk without loosing any data etc:

1) Login to the VM using SSH, we can check the size of the disk by using:

sudo dmesg | grep -i sda

2) To proceed with the partition resize, we will use:

sudo fdisk /dev/sda

type: p
this will show both partitions /dev/sda1 and /dev/sda2 which are basically partitions 1 and 2

type: d then 2 (to delete partition 2)
type: n then p2 (to recreate partition 2) you can accept the default values
type: w (to save the new partition)
type: q (to exit fdisk)
sudo reboot (to reboot the VM so the partition is updated)

3) To finalize the resize, after the reboot, execute the command:

For Red Hat 7.3 and CentOS 7.3:

sudo xfs_growfs /dev/sda2

For Oracle 7.3:

sudo btrfs filesystem resize max /

 

Tags: ,

Symbol RF Scanners and Cisco WLC

Posted by robd on November 13, 2018
Wireless / No Comments

Had a roaming issues with Symbol MC9090 RF scanners on a Cisco virtual WLC (AIR-CTVM-K9) but weirdly only at one site, even though the same setting were applied across all sites.

The issue was the scanners would drop their SSH connection when moving between APs.

Here’s all my findings:

  • Update the scanner firmware, do this, it’s a pain but the newer firmware has so many features that are beneficial.
  • Some Scanner firmware would not allow them to connect using the security method WPA2, so enable WPA /TKIP or a better option, update the scanner firmware.
  • Secondly change the Scanners to CAM Mode = constant awake mode.
  • Thirdly, Cisco TAC recommended using these settings:

Ensure the fast transition is set to adaptive (if you don’t see this then update the code on your WLC):

The Symbol RF scanners support CCKM according to the manual so enable this:

Weird one this one, Cisco told us to disable “Enable Session Timeout” (also disable Aironet IE)

Tags: , , , ,

Forcing a SMTP on a Mailbox fails

Posted by robd on October 24, 2018
Exchange Online / No Comments

As I mentioned in another post, you can force a EoL mailbox to take on a SMTP with this command:

Set-Mailbox User.Name -WindowsEmailAddress User.Name@Bohemiangrove.co.uk

But occasionally it won’t work:

The proxy address "SMTP:User.Name@Bohemiangrove.co.uk" is already being used by the proxy addresses or LegacyExchangeDN of "User.Name_bohemiangrove.co.uk#EXT#". Please choose another proxy address.

    + CategoryInfo          : NotSpecified: (Adri Donkers:ADObjectId) [Set-Mailbox], ProxyAddressExistsException

    + FullyQualifiedErrorId : [Server=VI1PR04MB4349,RequestId=8938a92c-006d-4f9f-b230-937f591d20e4,TimeStamp=22/10

   /2018 06:18:53] [FailureCategory=Cmdlet-ProxyAddressExistsException] 169E5E0,Microsoft.Exchange.Management.Rec 

  ipientTasks.SetMailbox

    + PSComputerName        : ps.outlook.com

So to find who’s using the address you can search all of Azure using:

Get-Recipient | where {$_.EmailAddresses -match "User.Name@Bohemiangrove.co.uk"} | fL Name, RecipientType,emailaddresses

 

Tags: ,

Exchange Online – Hybrid – Missing SMTP

Posted by robd on October 23, 2018
Exchange Online / No Comments

Strange issue today, synced a bunch of users from on prem to Exchange which was successful.

Then the user was missing his default SMTP address on EoL but the SMTP was there on prem:

EoL, no COM:

EX prem, has COM

First thing to check, is the domain setup as a accepted domain in EoL (should be as the migration would of failed otherwise).

Next you can “override” the sync process by using the following EoL cmdlet:

Set-Mailbox user@domain.com -WindowsEmailAddress new@domain.com

 

Tags: ,