VMware

Hard disk size is much larger than the data inside a virtual machine

VMware Community - Pi, 04/24/2020 - 19:52

hi every body

I have 3 host by Esxi 6.7 and many VM
All VM disk is THIN

3 VMs Hard disk size is much larger than the data inside a virtual machine like (photo Attached)

please help  me to improve this issue

Kategórie: VMware

vCenter 7 Lifecycle Manager 404 and Errors when Using Externally Signed Machine SSL Cert

VMware Community - Pi, 04/24/2020 - 19:20

I upgraded to vSphere 7 in my lab environment and noticed a strange issue that causes Lifecycle Manager not to load and work within vCenter v7.

 

I was coming from a VCSA 6.7 install which had an externally signed SSL cert added to replace the Machine Cert in vCenter that way when I load vCenter in web browser, it doesn't complain about a self-signed certificate. Everything worked great.

 

When I updated to VCSA 7, the update wizard told me I must reset the certificates back to VCMA certs since something about trust blah blah blah. I followed the KB article it provided which brough my 6.7 back to using vCenter generated self-signed cert. I retried the update to v7 and it worked fine. After upgrade I replaced the Machine SSL certs with my externally signed certs (from Namecheap, domain specific, not wildcard) and vCenter v7 said it was changed successfully and it rebooted the appliance. I can now login to Web UI without annoying warnings, great.

 

However, if I click "Lifecycle Manager" in vCenter v7, I get a red bar that pops up over that section that loads that says Status 404 - Error and list a URL that has to do with Lifecycle Manager I guess. And below, nothing loads in Lifecycle Manager, clicking any of the buttons doesn't do anything, or just produces more errors like "An unexpected error has occurred". Similar result if I click "Updates" tab on a host of cluster. Nothing to do with LM loads or works. everything else in VC seems to work fine, including proper serving of the signed SSL cert in my web browser.

 

If I go back to Certificate Management and change the Machine SSL cert back to one generated by vCenter as self-signed, after reboot, Lifecycle Manager works again.

 

Any ideas? Obviously LM doesn't like something about the externally signed cert even though it works everywhere else.

Kategórie: VMware

Esxi 7 Broadcom BCM57765 Driver for MacMin 5,3 (Mid 2011)

VMware Community - Pi, 04/24/2020 - 19:15

I am currently running:

 

6.7.0 Update 2 (Build 13006603)

 

Ethernet:

 

Name    PCI Device    Driver  Admin Status  Link Status  Speed  Duplex  MAC Address         MTU  Description

------  ------------  ------  ------------  -----------  -----  ------  -----------------  ----  --------------------------------------------------------

vmnic0  0000:02:00.0  tg3     Up            Up            1000  Full    c8:2a:14:51:f1:19  1500  Broadcom Corporation NetXtreme BCM57765 Gigabit Ethernet

 

igbn                           0.1.1.0-4vmw.670.2.48.13006603        VMW     VMwareCertified   2019-06-06

ixgben                         1.4.1-18vmw.670.2.48.13006603         VMW     VMwareCertified   2019-06-06

net-igb                        5.0.5.1.1-5vmw.670.0.0.8169922        VMW     VMwareCertified   2019-06-06

net-ixgbe                      3.7.13.7.14iov-20vmw.670.0.0.8169922  VMW     VMwareCertified   2019-06-06

 

When I try and upgrade to Esxi 7 it tells me it cannot find ethernet

 

Anyone have a workaround for this or can point me in the right direction that would be most helpful

 

Many Thanks......

Kategórie: VMware

2 monitors in remte but company admin not allowing

VMware Community - Pi, 04/24/2020 - 18:58

I work for a cmpany that does not allow 2 monitors in the remote application. is there a reason why an admninstartor would not allow such. Does that function take up to much bandwidth for multiplke users?  Is there a work around so that I can use 2 monitor at home like I do at the company's office

Kategórie: VMware

Need VCSA 7.0 Image

VMware Community - Pi, 04/24/2020 - 18:36

Anyone have VCSA 7.0 image can you please share me I need urgently . I am unable to download from VMware portal due to some access issue.

Kategórie: VMware

How to get all properties of a composite blue print using vRO worklfow

VMware Community - Pi, 04/24/2020 - 18:12

I am looking to get all properties in all these tabs using VRO 7.5 workflow.  Any one has suggestions or objects I should use.  I see VCACCAFE:CompositeBlueprint, could not sense much there are there are more objects linked and could not reach this information required.  Anyone could help?

 

Kategórie: VMware

Horizon UAG Local Network Access

VMware Community - Pi, 04/24/2020 - 17:26

I'm testing out a Horizon setup in my small business and am having an issue accessing the UAG from the FQDN within our office.

 

Here is my setup

 

Internet => Firewall => (NIC1 = 10.10.20.2) [UAG] (NIC2 = 192.168.15.205) => Connection Server (192.168.15.200)

 

Corporate network = 192.168.15.0/24

FQDN = remote.example.com (IP = 96.68.xx.xxx).

 

It resolves to the firewall (96.68.xx.xxx) and port forwards 443, 8443, and 4172 to 10.10.10.2 (the external NIC1 on the UAG).

 

When I'm on the Internet (outside of the corporate internal network 192.168.15.0/24)... I can access the UAG by using https://remote.example.com.  The service works as expected  However, when I'm in the office behind the UAG and try to access https://remote.ecample.com I get ERR_CONNECTION_TIMED_OUT. Same is true when I try https://96.68.xx.xxx from inside the corporate network.

 

I've installed a signed TLS Server Certificate on the "Internet Interface".  It works as expected from a remote location.  I can ping remote.example.com from the office and it resolves to the static IP assigned to the firewall.  So traffic is routing correctly from the internal network to the external IP of the UAG (The public static on the firewall that is port forwarded to the UAG).

 

When I try curl from inside the corporate network I get the following:

 

curl https://remote.example.com

curl: (7) Failed to connect to remote.example.com port 443: Timed out

 

When I try https://192.168.15.205 (The internal NIC2 of the UAG) from inside the corporate network I'm able to access the Horizon Login page....

 

Why in the world can't I access the Horizon login page from inside the corporate network when I use https://remote.example.com?  I've spent HOURS trouble shooting.

 

thx

Kategórie: VMware

How would one deploy a NSX-T overlay network on one host in location A, bridged with an NSX-T overlay network on a different one in location B, while they are on the same vCenter. (or alternative way)

VMware Community - Pi, 04/24/2020 - 17:14

Hi,

 

Currently the above I have not set up yet, but I'd like to know what my options are of making this work.

 

I currently have one NSX-T Manager deployed and NSX-T configured on one host, the other host is still untouched. (so the second overlay network has not been made yet.)

What would the best way be to achieve bridging two NSX-T overlay networks together that are on different hosts?

 

If anyone has ideas on how to do this, please let me know. I have left the remote host untouched and will try what the best option would be to continue with this idea.

 

The NSX-T version is 3.0 and the hosts are both vSphere 7.

Kategórie: VMware

VM missing disks

VMware Community - Pi, 04/24/2020 - 16:35

Hello,

I have a 2012 R2 server that I was doing some work on and did a reboot and received the dreaded Windows failed to start message. The virtual is running on Client version: 1.21.0

 

Client build number: 5724747

 

ESXi version: 6.5.0

 

ESXi build number: 5969303

 

So I proceeded to boot to CD and run diskpart to check the drives and received the message "no disks found". I checked BIOS and all of the drives are showing in BIOS, in the console all the drives are showing with their vmdk files for them. I have tried to research the issue but have not had luck with any of the suggestions. This is my SCCM server and it would be a tragic if we had to rebuild this machine. Any help would be grateful, thank you.

Kategórie: VMware

Device enrolled in child Organization group shown in parent one

VMware Community - Pi, 04/24/2020 - 16:20

Parent Organization group

  • enrollment type:  Corporate Owned personally enabled
  • Created AD group User_Owned and added user to it
  • "Personally Owned" Smart group created (managed by Parent organization unit)
  • Created profile for All android devices and assigned it to Personally Owned Smart group
  • Deployed profile to device, installed Intelligent hub as user added to User_Owned AD group, all deployed as it should

 

Child Organization group

 

  • enrollment type:  Work managed device
  • Default device Ownership: Corporate-Dedicated
  • Created AD group Company_Owned and added user to it
  • "Fully managed" Smart group created (managed by Child organization group) and AD group "Company owned" assigned to it.
  • Created profile for Android Samsung devices and assigned it to "Fully managed" Smart group
  • Deployed profile to device, installed Intelligent hub as user added to Company_Owned AD group, all deployed as it should

 

 

 

 

From picture can be seen that this profile is not deployed

 

 

Device is shown in parent Organization group and not in Child one with Knox 3 profile with wrong smart group,Organization group and Default device Ownership: Corporate-Shared instead of

Corporate-Dedicated

 

But in Enrollment status all appears to be fine

 

Kategórie: VMware

HoK token for accessing vRO via REST call [powershell]

VMware Community - Pi, 04/24/2020 - 16:11

Hello,

i am having difficulties sending REST query to vRO , (8.1) . On the

/vco/api/docs/index.html#!/workflow45controller/getAllWorkflowsUsingGET

it is written that:

Single Sign-On Authentication

If Orchestrator is configured with the vCenter Single Sign-On (SSO) server, you need a principal holder-of-key (HoK) token to access system objects in Orchestrator through the REST API.

The HoK token is passed as a request Authorization header element. The value must be gzip, base64
encoded string.

So in my understanding i should add the Authorization header:

    $header = @{'Content-Type'= 'application/json';'Authorization' = $encodedANDgzippedtoken }

    Invoke-WebRequest -Uri 'https://vro816.greg.labs:443/vco/api/org/{id}/workflows?maxResult=3&queryCount=false' -Headers $header

 

So  i have obtained the HoK token utilizing for this moment SDK examples :

 

 

Function ConvertTo-GZipString () {

    [CmdletBinding()]

    Param(

      [Parameter(Mandatory=$True,ValueFromPipeline=$True,ValueFromPipelinebyPropertyName=$True)]

      $String

    )

     Process {

      $String | ForEach-Object {

        $ms = New-Object System.IO.MemoryStream

        $cs = New-Object System.IO.Compression.GZipStream($ms, [System.IO.Compression.CompressionMode]::Compress)

        $sw = New-Object System.IO.StreamWriter($cs)

        $sw.Write($_)

        $sw.Close()

        [System.Convert]::ToBase64String($ms.ToArray())

      }

    }

    }

  

 

 

    Add-Type -Path 'd:\sdk67\VMware-vSphere-SDK-6.7.0-14379537\SDK\ssoclient\dotnet\cs\samples\VMware.Binding.WsTrust\bin\Debug\VMware.Binding.WsTrust.dll'

    Add-Type -Path 'd:\sdk67\VMware-vSphere-SDK-6.7.0-14379537\SDK\ssoclient\dotnet\cs\samples\VMware.Binding.WsTrust\bin\Debug\STSService.dll'

    $certificatetobeadded = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2

    $certificatetobeadded.Import('c:\vro\greg\greg3.pfx','greg3',[System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::MachineKeySet)

 

 

        [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls11 -bor [System.Net.SecurityProtocolType]::Tls12;

 

 

        [VMware.Binding.WsTrust.SamlTokenHelper]::SetupServerCertificateValidation()

 

 

        $signingCertificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2

        $signingCertificate.Import('c:\vro\greg\greg3.pfx','greg3',[System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::MachineKeySet)

 

 

        $service = [VMware.Binding.WsTrust.SamlTokenHelper]::GetSTSService('https://vc001.greg.labs:7444/sts/STSService','administrator@vsphere.local','VMware1!',$signingCertificate)

 

 

        $token = [VMware.Binding.WsTrust.SamlTokenHelper]::GetHokRequestSecurityTokenType()

        $token.SignatureAlgorithm = [vmware.sso.SignatureAlgorithmEnum]::httpwwww3org200104xmldsigmorersasha256

        $response = $service.Issue($token)

  

        $responsetoken =  $response.RequestSecurityTokenResponse.RequestedSecurityToken

        #This part has to be gziped and into base64

  

        $responsetokenInsideXML = $responsetoken.InnerXml -replace "\r?\n"

        $encodedANDgzippedtoken = ConvertTo-GZipString -String $responsetokenInsideXML

 

 

        $header = @{'Content-Type'= 'application/json';'Authorization' = $encodedANDgzippedtoken }

        Invoke-WebRequest -Uri 'https://vro816.greg.labs:443/vco/api/org/{id}/workflows?maxResult=3&queryCount=false' -Headers $header

  

    and i end up with bad request

PS C:\Users\Grzesiek>     Invoke-WebRequest -Uri 'https://vro816.greg.labs:443/vco/api/org/{id}/workflows?maxResult=3&queryCount=false' -Headers $header

Invoke-WebRequest : Created with Sketch.

401

Unauthorized

At line:1 char:5

+     Invoke-WebRequest -Uri 'https://vro816.greg.labs:443/vco/api/org/ ...

its the same if i would use curl, same 500 response.

 

my response token is:

PS C:\Users\Grzesiek> $responsetoken

 

 

 

 

saml2              : urn:oasis:names:tc:SAML:2.0:assertion

xsd                : http://www.w3.org/2001/XMLSchema

xsi                : http://www.w3.org/2001/XMLSchema-instance

ID                 : _1e9be9d7-4373-42e8-aedd-06ec641ab139

IssueInstant       : 2020-04-24T15:43:04.350Z

Version            : 2.0

Issuer             : Issuer

Signature          : Signature

Subject            : Subject

Conditions         : Conditions

AuthnStatement     : AuthnStatement

AttributeStatement : AttributeStatement

 

i am doing on it the innerxml to get its only content: so it will lose the <assertion/>

<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="_1e9be9d7-4373-42e8-aedd-06ec641ab139" IssueInstant="2020-04-24T15:43:04.350Z" Version="2.0">

 

this is how one person wrote in 2015 on communities:

vco REST API Holder of key Authirization

 

---

 

 

<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://vc001.greg.labs/websso/SAML2/Metadata/vsphere.local</saml2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /><ds:Reference URI="#_1e9be9d7-4373-42e8-aedd-06ec641ab139"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xsd xsi" /></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /><ds:DigestValue>5rhKEqFgSYVWNf/IpH7gS8wYpgrqM+SlD35J5gEJuSM=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>djyiCrb5qRO/sVuyoTY1RYXaYmVRPATGfrxEq2On3Xvy3lgJNAkL1B8xMoUJVgR+MacsUkNfsZq9

C3Xv1Bjbt33g2M/67jPdDMukacewJb+Z74aNnefpm2rfjGyTIQDleLrkNmfYKbSnjibaQD5vdFnM

Gtek0xyU0tJ9xAh62E37Lo5t/BquK937V9728XoDm4HpDtdnKbWTyCFxVyTMDYEqGCZab6EKg34/

qpG3CQGMtTmbuukBUeg/0f/TriN7J37K66iBYPmgYjVAwEXHi8+7+z0oMZVjYHc/lX0KiQoMhVrH

AZnv1Ap5nwzj70cmT7Hlm96RlJCELNPZrhPMxw==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIID4DCCAsigAwIBAgIJANdMtoAW5aUMMA0GCSqGSIb3DQEBCwUAMIGWMQswCQYDVQQDDAJDQTEX

MBUGCgmSJomT8ixkARkWB3ZzcGhlcmUxFTATBgoJkiaJk/IsZAEZFgVsb2NhbDELMAkGA1UEBhMC

VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExGDAWBgNVBAoMD3ZjMDAxLmdyZWcubGFiczEbMBkGA1UE

CwwSVk13YXJlIEVuZ2luZWVyaW5nMB4XDTIwMDQwODEzMDM0NFoXDTMwMDQwMzEzMTMyOFowGDEW

MBQGA1UEAwwNc3Nvc2VydmVyU2lnbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALsr

a6jZWSCizugfGEeN5Iz5fWgzC2vVuL6J+9ebV1BwE2Bgr3ChNvlmzus2JiDg6kDz4tZycbDA19gA

vehBS2NqSBZ0SyzgoOzJ5Bs0DE1W+ioYNfEGpy3gTCJlY8jVFBa8LcufMqG8wIpCZWFlWDvBw0e6

wJpDc9RSjRJVHkaR5y6AdywguoxDwUEr9RJ5PtJjZmmwGrATrY2vnLtyAnx0iyZGIx3UbefU9iST

/+7aeZBP6yR0uU+s3F4fwVmuz6BzMLMc81vjgmaxg7qwh5wt/YVy4VVRJYXRqwsu7E/lDpTNV3Yp

YISRzWMZbjoCin/DcxxaHrrYooIfh+CbKgECAwEAAaOBrTCBqjALBgNVHQ8EBAMCBeAwGgYDVR0R

BBMwEYIPdmMwMDEuZ3JlZy5sYWJzMB0GA1UdDgQWBBRyMwoD+dL3IoqH+N+g/B1AV227yTAfBgNV

HSMEGDAWgBS01WuusSM93H3h7isEjnHyUEA2njA/BggrBgEFBQcBAQQzMDEwLwYIKwYBBQUHMAKG

I2h0dHBzOi8vdmMwMDEuZ3JlZy5sYWJzL2FmZC92ZWNzL2NhMA0GCSqGSIb3DQEBCwUAA4IBAQBF

LekY/AP7Hiai776sbJmYDX5DGcJWkX907a3BIZRMOoZ2GeMEY4rYAKv3AAW1QnIDaQ+fd+nVHVhA

7YRBEp8KtSXtQFMevfBBZQ64s44KRD0/WkD2HGBNwXKV9mVUm+GTRjOJcTAaQPPou2+5mOq6f7y2

59gzuZM4aJ0Hy3SnhpxkkWlJ9nvGBBrP7+OEA3W9nabGDTfPdKXVDK1ggNYpPOoEPD74ENvrK+fU

MH/yUvJ6zLzK4PVtDPL5HTBLvxWRiaVgsCLefytycvNEnt0255CvzKJsDlXGbCMZO7nKlS82vZb8

htVdLIMO8x3YLvMC4Mk1qfviQPzSuWgycJl0</ds:X509Certificate><ds:X509Certificate>MIIEFzCCAv+gAwIBAgIJANH5UJnkekg0MA0GCSqGSIb3DQEBCwUAMIGWMQswCQYDVQQDDAJDQTEX

MBUGCgmSJomT8ixkARkWB3ZzcGhlcmUxFTATBgoJkiaJk/IsZAEZFgVsb2NhbDELMAkGA1UEBhMC

VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExGDAWBgNVBAoMD3ZjMDAxLmdyZWcubGFiczEbMBkGA1UE

CwwSVk13YXJlIEVuZ2luZWVyaW5nMB4XDTIwMDQwNTEzMTMyOFoXDTMwMDQwMzEzMTMyOFowgZYx

CzAJBgNVBAMMAkNBMRcwFQYKCZImiZPyLGQBGRYHdnNwaGVyZTEVMBMGCgmSJomT8ixkARkWBWxv

Y2FsMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEYMBYGA1UECgwPdmMwMDEuZ3Jl

Zy5sYWJzMRswGQYDVQQLDBJWTXdhcmUgRW5naW5lZXJpbmcwggEiMA0GCSqGSIb3DQEBAQUAA4IB

DwAwggEKAoIBAQC4TCic5/6ZmpFPKzsrYqUR6aTFn37P3ulXvyvtX+yv9xXwGPRYHDKUBwEDjPHA

u1fcpqzOfd00R4hoXroLV30WfIrVf7UGmm9E90/rMH40o8hoVjdm2nid5oaI/vV2OZkOpK7ujYIa

4B2NdnFPKAVlqowhw7i62sJxHXYYXBSvhyIFryf6KP5OSqY9k/UbEFA5nQ3b1K0sa5pm4IXxGz+d

enddYNSVrtgLXqFpVa3CR7/TPPtZiMcaiyExJlu1Rm3UK5fNFAIuZ6DZ/LxVQF1mSNXL/vXjRE5j

IhOIeqM+/MV/W8dxAKjbwuOMeU/vFOOj0p+9Dqpm/VvDj4mXy3CxAgMBAAGjZjBkMB0GA1UdDgQW

BBS01WuusSM93H3h7isEjnHyUEA2njAfBgNVHREEGDAWgQ5lbWFpbEBhY21lLmNvbYcEfwAAATAO

BgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQsFAAOCAQEAjZgx

Y4lnpKvNqKG4zF6+wLYe/nz+wCORBpc9gmwvadLAkLlKFIHGzG1dLOYqmxo4XcX4ns6ps5tVWCkX

Sv28CfydogrbI+rnQtrW0m5sBfqVfY7ZVaX6LJubHT1YLWxyX8qcly7zuOYU3B9sUNXm3rVD8yst

96A6DFTlF4kcmV7cdcW2euMTI1mL+apfk7A5nhDTyeP8AvutVP05disMiXSxl1fQ0WRHqvyfVlsj

eSgJ2txvQxh0l9yGIJxpe0HwwrEj85AF12ucsaJlaCn4PE0ws92AyqL1HTZF6t4oZPyomPZwCwXS

CEs/eampyal6zDlwRXnTIGx/EkiXW6T2Kg==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2:Subject xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><saml2:NameID Format="http://schemas.xmlsoap.org/claims/UPN">Administrator@VSPHERE.LOCAL</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"><saml2:SubjectConfirmationData xsi:type="saml2:KeyInfoConfirmationDataType" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>MIIDpjCCAo6gAwIBAgIIdDaiH1O+Y8kwDQYJKoZIhvcNAQELBQAwWzEPMA0GA1UEAwwGSG9tZUNB

MQwwCgYDVQQLDANERVYxEDAOBgNVBAoMB0hvbWVMYWIxEjAQBgNVBAcMCUFtc3RlcmRhbTEUMBIG

A1UEBhMLTmV0aGVybGFuZHMwHhcNMjAwNDIyMTAxMDU2WhcNMjIwNDIyMTAxMDU2WjBUMQ0wCwYD

VQQDDARncmVnMQwwCgYDVQQLDANERVYxETAPBgNVBAoMCEhvbWVMYWJzMRUwEwYDVQQHDAxOb29y

ZEhvbGxhbmQxCzAJBgNVBAYTAk5MMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOlH

DF+fMj8xfUgIktpGYVYQPfDZMKfMQxKXZMDKD1xRBuyb6XaoHHJfYq31w5VlwUhSMPg4KQMiOWtO

1EKV0ZUEGDa1Taztln/jBTEVu/qkgN+uRJ64YpJXB0gmsDZ/c370d/q0KBi/S69bdsUpL65vOx52

k3CmWkF+glUYySGwwbmto9i/bjiMH3GtIV5j63voW2DSbOiHJmdLknbI+czLtswFXuq1MaCaZIeT

YIkm7GEgc5CX7uxliguVfJ8IywvhLln/y0DeTmoigf94tL2ZkMzMg5cQCScbIylCU6Yez6uyABk+

mZ1+7OpwIlBT5z0+T4Kcgjb9oKIjB34YVQIDAQABo3UwczAdBgNVHQ4EFgQUDDkA4i35d4VN82ln

PY/GTkMQwCgwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBSktFaEKhbEStrCbJLH9GlcSwuJljAO

BgNVHQ8BAf8EBAMCBeAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAAXr

AeIU1mnKiZqDjHzhLqD47fE+wnZAO5VcZFDmYSDZ5UcP01s6NacWnEZpDypcpCCN882XDaQFPxZB

0QewuPG33p7Vm0beI/sOAwmRhES3LWiKXb0gxoCvWLP+Qm+pgb2xByuHx4AaBs9vmX7zzpXAcMKK

+tYaDVrW2u2f/Qqt9RwF4Qg7Pi/vhFyxNyU73EtuPntBOUFna/i2y+JHX/E+Di2mPPdigeZ1M9lB

WHudjuvTS8XtsnC7nz+2iF+RTkE59ipXIl406D0XZG3yCZYmyf0zVjJONFIkXGnSKBNXzj0nnv63

t+fe678HboyQdsQ9+P6FVZtJFjFRBeJHlVM=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></saml2:SubjectConfirmationData></saml2:SubjectConfirmation></saml2:Subject><saml2:Conditions NotBefore="2020-04-24T15:43:03.099Z" NotOnOrAfter="2020-04-24T16:53:13.099Z" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><saml2:ProxyRestriction Count="10" /><saml2:Condition xmlns:rsa="http://www.rsa.com/names/2009/12/std-ext/SAML2.0" Count="10" xsi:type="rsa:RenewRestrictionType" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" /></saml2:Conditions><saml2:AuthnStatement AuthnInstant="2020-04-24T15:43:04.348Z" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement><saml2:AttributeStatement xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><saml2:Attribute FriendlyName="Groups" Name="http://rsa.com/schemas/attr-names/2009/01/GroupIdentity" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml2:AttributeValue xsi:type="xsd:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">vsphere.local\Users</saml2:AttributeValue><saml2:AttributeValue xsi:type="xsd:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">vsphere.local\Administrators</saml2:AttributeValue><saml2:AttributeValue xsi:type="xsd:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">vsphere.local\CAAdmins</saml2:AttributeValue><saml2:AttributeValue xsi:type="xsd:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">vsphere.local\ComponentManager.Administrators</saml2:AttributeValue><saml2:AttributeValue xsi:type="xsd:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">vsphere.local\SystemConfiguration.BashShellAdministrators</saml2:AttributeValue><saml2:AttributeValue xsi:type="xsd:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">vsphere.local\SystemConfiguration.Administrators</saml2:AttributeValue><saml2:AttributeValue xsi:type="xsd:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">vsphere.local\LicenseService.Administrators</saml2:AttributeValue><saml2:AttributeValue xsi:type="xsd:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">vsphere.local\Everyone</saml2:AttributeValue></saml2:Attribute><saml2:Attribute FriendlyName="givenName" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml2:AttributeValue xsi:type="xsd:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">Administrator</saml2:AttributeValue></saml2:Attribute><saml2:Attribute FriendlyName="surname" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml2:AttributeValue xsi:type="xsd:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">vsphere.local</saml2:AttributeValue></saml2:Attribute><saml2:Attribute FriendlyName="Subject Type" Name="http://vmware.com/schemas/attr-names/2011/07/isSolution" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml2:AttributeValue xsi:type="xsd:string" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">false</saml2:AttributeValue></saml2:Attribute></saml2:AttributeStatement>

 

 

in that post he wrote :

"

Here's a snippet of perl code I use. I take everything between <saml2:Assertion> and </saml2:Assertion>, not including those tags and call that $token.

 

Then I:

 

gzip \$token => \$gzipped;

$encoded = encode_base64($gzipped);

$encoded =~ s/\n//g;

 

$restClient->addHeader('Authorization',   'SIGN token="' . $encoded . '", nonce="' . $nonce . '", signature_alg="RSA-SHA256",' . ' signature="' . $sig . '"');

"

 

so thats why i have removed this assertion  as well.

I did tests with , and without . Still the same result. Also same result if i would be removing new lines or not.

 

Can anybody point me in right direction ?

 

I also did a version like the person mentioned in his post:

not sure if thats how its supposed to be , if it is not outdated , person wrote this in 2015.

 

$response = $service.Issue($token)

 

 

$responsetoken =  $response.RequestSecurityTokenResponse.RequestedSecurityToken

#This part has to be gziped and into base64

 

 

#$responsetokenInsideXML = $responsetoken.InnerXml

$responsetokenInsideXML = $responsetoken.InnerXml -replace "\r?\n"

$sig = $responsetoken.Signature.SignatureValue.Replace("`n","")

$encodedANDgzipped = ConvertTo-GZipString -String $responsetokenInsideXML

$nonce =  '143210500:asdfsd'

#$restClient->addHeader('Authorization',   'SIGN token="' . $encoded . '", nonce="' . $nonce . '", signature_alg="RSA-SHA256",' . ' signature="' . $sig . '"');

$headervalue = 'SIGN token="{0}", nonce="{1}", signature_alg="RSA-SHA256", signature="{2}" ' -f $encodedANDgzipped,$nonce,$sig

 

$header = @{'Authorization' = $headervalue}

 

Invoke-WebRequest -Uri 'https://vro816.greg.labs:443/vco/api/org/{id}/workflows?maxResult=3&queryCount=false' -Headers $header

 

but this is also failing. as you can see i have used his format for the Authorization headers SIGN token, nonce, sig alg, sig.

 

I am really out of ideas.

When i read literally the documentation on the vro page, it does not mention to do any sign token, sig, etc ..

it is written, paste the gzipped/base64 HoK. So if i am on the same page, if the HoK is just XML that i pasted, i have to gzip it/base64, and then put this into the Authorization header, then what am i doing wrong  ?

Any ideas ?

 

Thank you all in advance for any hints.

Kategórie: VMware

Windows Share nothing cluster support on VMware vSphere

VMware Community - Pi, 04/24/2020 - 15:41

Hi

 

I have been looking for documentation to see if there are any issues with using Windows cluster to cluster replication on VMware vSphere 6.5. I have read the Microsoft documentation and there is no mention of any issue with running on a VMware cluster.

 

I can only find architecture for always on SQL cluster and that they are supported which use the same concept of replication but I just wanted to confirm or if anyone has a link to any documentation on this from VMware.

https://download3.vmware.com/vcat/vmw-vcloud-architecture-toolkit-spv1-webworks/index.html#page/Hybridity/Architecting%20a%20Hybrid%20Database%20Strategy%20with%20Microsoft%20SQL%20Server/Architecting%20a%20Hybrid%20Database%20Strategy.3.04.html

Kategórie: VMware

vSphere PowerCLI

VMware Community - Pi, 04/24/2020 - 15:37

Does the vSphere PowerCLI need to be installed on the vcenter server or can it be installed on my workstation?

Kategórie: VMware

Teams backgrounds with View and PCoIP Zero Client

VMware Community - Pi, 04/24/2020 - 15:35

Hi,

 

i have a Windows 10 VM with 16 GB, 4 vCPU of a Xeon Silver 4110 CPU and via vDGA a Nvidia Tesla P4 GPU.

 

I'm using a Fujitsu Futro L620 PCoIP Zero Client, which has a Tera 2140 with 2 monitors at 2560x1600.

 

The Horizon View Agent is the latest and i have USB Passthrough enabled.

 

At the Zero Client i have a Microsoft LifeCam HD-3000 USB cam connected, this Webcam works without problems. I see the camera directly as a USB device and the driver for this is installed in the VM.

 

For using the speaker and microphone connectors of the Zero Client i have installed the Teradici audio drivers, this is working without problems too.

 

The only problem i have: I'm not able to activate my own backgrounds in Teams. I can only use background blur.

 

Is it possible that Teams disable that feature because i'm in a VDI session?

 

Or where can be the problem?

 

Is there something else i can optimize?

 

Kind regards

Stefan

Kategórie: VMware

Can't login to orchestrator client with error "${message}"

VMware Community - Pi, 04/24/2020 - 15:28

Hello, i just deploy vRO 8.0.1 and get this error and try again with 8.1 with same result:

 

 

Validate config is perfect:

 

 

When I click "start orchestrator client", I am redirected to a page with the input of admin creds of my vCSA, after entering creds like administrator@vsphere.local with pswd, i got "${message}" in a center of page.

 

Authentication provider looks like this:

 

 

I try look at /vmware/vsphere-client/logs/ but none of logs there are registering this issue.

Also when i try open link with vmware-cip nothing happens.

Kategórie: VMware

Help Needed - Networking Configuration for simple nested lab..

VMware Community - Pi, 04/24/2020 - 15:22

Hi Folks

 

 

I am struggling with the basic network configuration for a simple nested lab environment for personal use. I am hoping someone can please point me in the right direction..

 

 

My setup is as follows:-

 

 

Single PC, 64GB ram

Workstation Pro 15.5, inside of which I have created:-

1 x Virtual esxi 6.7 install, inside of which I have created:-

1 x VM (fw appliance)

 

 

Steps so far:-

 

 

Installed VM Workstation. Added vmnet2, host-only. Configured vmnet2 nic on my pc with 192.168.10.1/24

 

 

Installed esxi 6.7 inside workstation and I have gained access to the esxi environment via the browser on my workstation (192.168.13.129). I presume I can access this IP from my workstation because the vmnet8 connection type is set to NAT?

 

 

From the esxi client browser I created the FW appliance VM and assigned a management IP of 192.168.10.100/24 during the install. When I view the network settings from esxi the default nic config is applied (Network Adapter 1, type VMXNET 2 (Enhanced)).

 

 

The issue I have is that I cannot ping 192.168.10.100 from my workstation (192.168.10.1) therefore i cannot remotely manage the fw VM via my pc browser.

 

 

 

 

I am not fully understanding what is required in network terms to allow my workstation access to the FW VM inside esxi.

Do I need to add a network adapter from within Workstation, esxi VM, or both?

 

 

Thanks, HCNUC

Kategórie: VMware

VDI VM Background Blur in Teams Meetings

VMware Community - Pi, 04/24/2020 - 15:10
Blurring Hardware for Modern PCs

Announced in July 2018 along with the free version of Teams, users can blur the background of video calls. The feature is now generally available. However, the technology to perform face recognition to identify the person and understand where the background to be blurred begins and ends only runs on reasonably recent PC equipped with Advanced Vector Extension 2 (AVX2) graphics. AVX2 is what Teams uses to blur the background after it figures out where the user is.

AVX2 is supported by PCs that have a post-Haswell chipset. Blurring works on my Surface Book 2, but doesn’t on my HP Envy 17 of 2014 vintage. Be aware that the CPU has some processing to do to locate a face and blur the background, so it can impact other work on the PC if you run a loaded system.

Background blur is supported in the Teams desktop client for Windows and Mac, but not in the Linux or browser clients.

For more information about the hardware requirements for blurring, see the note in hardware requirements for Microsoft Teams. More detailed information for Windows PC is in hardware decoder and encoder driver recommendations.

 

The optional Blur my background video effect requires a processor with Advanced Vector Extensions 2 (AVX2) support. See Hardware decoder and encoder driver recommendations for a list of unsupported decoders and encoders.

 

 

My VM users do not have the option to blur their background in Microsoft Teams is there any way to get this to work? somewhere in the VM setting? View settings?

 

Kategórie: VMware

Maximum number of monitors for Horizon Client or Agent

VMware Community - Pi, 04/24/2020 - 14:59

I have three monitors, and  I can see all three monitors in the Horizon Client and they can be selected. However, when I go back to the remote desktop the maximum I can get is two monitors.

Is there a maximum number of allowed monitors?

Could it be a setting the agent?

Kategórie: VMware

Error 1920: Verify that you have sufficient privileges to start system services

VMware Community - Pi, 04/24/2020 - 14:54

Hello I am trying to install and configure DS on our lab and Acceptance environment and I get this error when the installer try start AirWatch services.

Error 1920: Service AirWatch Entity Reconcile Service (AirWatchEntityReconcileService) failed to start. Verify that you have sufficient privileges to start the system services.

 

Happening with all the AirWatch services hence the screenshot and the error message will have different services on them.

Kategórie: VMware

VCSA v7.0 Storage Use

VMware Community - Pi, 04/24/2020 - 14:11

This is resource use from my work vCenter 6.7 server running 5 datacenters in three countries with 336 VM's.

 

 

This is from my vCenter homelab that I updated to from 6.7 to 7.0 last night running 5 small Linux vms on a single host.

 

Why does this require half of my 1TB datastore? Is there anything I can do to reduce this massive chunk of storage?

Kategórie: VMware
Syndikovať obsah