Posted on

Error when adding vmware vcenter server to virtual machine manager

When adding a vCenter server to virtual machine manager you might encounter the error “Could not retrieve a certificate from the FQDN server because of the error: The underlying connection was closed: An unexpected error occurred on a send.”

The root cause is a TLS incompatibility. The VMM server cannot connect using older TLS protocols and ciphers. To fix, make the following reg changes after taking a full backup of course:

$NetRegistryPath = “HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319”
New-ItemProperty -Path $NetRegistryPath -Name “SchUseStrongCrypto” -Value “1” -PropertyType DWORD -Force | Out-Null

$NetRegistryPath = “HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319”
New-ItemProperty -Path $NetRegistryPath -Name “SchUseStrongCrypto” -Value “1” -PropertyType DWORD -Force | Out-Null

Then restart the virtual machine manager server. You should now be able to add the vCenter server. Other errors could be related to missing updates. The latest vCenter versions are only supported with 2019 Update rollup 2 or later.

Posted on

log rotate and archive with windows

I support a few applications which run on windows and there isn’t really any great way of rotating the logs like there is with linux. While the logs are all configured to go to off host log solutions such as Azure logs or elasticsearch I like to keep the local logs around for a period of time as well. Depending on your rules some fidelity or information may be lost when the logs are ingested into these solutions. I have tried using some of the built-in compression functionality with windows but some of the log files are so large they generate out of memory errors. I have found 7zip to be the best tool for these large files. The compression rate and performance is better.

One such application where I want to compress all logs older than 7 days and then keep for 90 days is bitvise.

You must install 7zip on the computer first, but then you can run the script below on demand or on a schedule. e.g. every night or weekend.

#Get all log files older than 7 days and compress to archive then delete source
cd “C:\Program Files\Bitvise SSH Server\Logs”
foreach ($file in Get-ChildItem -Filter *.log -Path “C:\Program Files\Bitvise SSH Server\Logs” | Where-Object { $_.LastWriteTime -lt (get-date).AddDays(-7)})
{
& “C:\Program Files\7-Zip\7z.exe” -sdel -mx=5 a “$file`.7z” “$file”
}

#Get all old 7zip archives and delete when older than 90 days
Get-ChildItem -Filter *.7z -Path “C:\Program Files\Bitvise SSH Server\Logs” | Where-Object { $_.LastWriteTime -lt (get-date).AddDays(-90)} | Remove-Item -Force -Verbose

Posted on

how to grow a Hyper-V cluster shared volume CSV

how to grow a Hyper-V cluster shared volume, this can be run live and online.

1. You need to grow the parent disk. Normally this will be on a SAN. I wont put detailed steps here since it varies depending on your hardware but normally this is a simple process. Please note if your volume has 4k sectors you wont be able to grow larger than 16TB.

2. Load failover cluster manager and find out which node owns the disk. The disk probably already shows the larger size but the volume itself will still be the smaller size. Connect to the CSV owner.

3. Start an admin CMD window and run diskpart.

4. type “List volume” to list all volumes and find the one you want to grow:

DISKPART> list volume

Volume ### Ltr Label Fs Type Size Status Info
———- — ———– —– ———- ——- ——— ——–
Volume 0 System Rese NTFS Partition 350 MB Healthy System
Volume 1 C NTFS Partition 110 GB Healthy Boot
Volume 2 CSVFS Partition 4095 GB Healthy
C:\ClusterStorage\Volume4\
Volume 3 CSVFS Partition 5119 GB Healthy
C:\ClusterStorage\Volume5\
Volume 4 CSVFS Partition 5119 GB Healthy
C:\ClusterStorage\Volume6\
Volume 5 CSVFS Partition 9 TB Healthy
C:\ClusterStorage\Volume1\
5. type “Select volume x” where x is the volume you want to grow. in our case this is volume 5.
DISKPART> select volume 5

Volume 5 is the selected volume.
6. Type “extend” and press enter to grow the volume. You can then list the volumes again to check the size or verify in failover cluster manager.
DISKPART> extend

DiskPart successfully extended the volume.

DISKPART> list volume

Volume ### Ltr Label Fs Type Size Status Info
———- — ———– —– ———- ——- ——— ——–
Volume 0 System Rese NTFS Partition 350 MB Healthy System
Volume 1 C NTFS Partition 110 GB Healthy Boot
Volume 2 CSVFS Partition 4095 GB Healthy
C:\ClusterStorage\Volume4\
Volume 3 CSVFS Partition 5119 GB Healthy
C:\ClusterStorage\Volume5\
Volume 4 CSVFS Partition 5119 GB Healthy
C:\ClusterStorage\Volume6\
* Volume 5 CSVFS Partition 14 TB Healthy
C:\ClusterStorage\Volume1\

DISKPART>
7. Enjoy all the extra space.

Posted on

DPM Azure restores fail with error

Any Azure restore from DPM fails with the error “The recovery destination selected for one or more of the files to be recovered is invalid. (ID 100070)”

This one is a bit misleading as it often makes you think the issue is with the location you have selected for the restore when in fact it indicates a problem with the Azure staging location. You must make sure it is an NTFS formatted drive with sufficient space and permissions for the agent to edit files.

In my case I saw this error when using a ReFS formatted volume. What makes this error strange is that this same drive used to be OK.

To change the location to a different drive with an NTFS file system and enough free space.
Open the DPM Administration console -> Management -> click on “online” -> Configure > Recovery Folder settings.

You will need to know the original passphrase used or be prepared to change it. You will need access into Azure to generate a new recovery vault pin to save the settings. Once the staging folder is in the right location restores should work again.

Posted on

How to make a windows CA stop issueing SHA1 and start using SHA256

You might think the place to make the change would be in a certificate template but that is not the case. It looks like the default hash algorithm is stored in the registry and can be changed with certutil.

Run this directly on your CA as administrator:

certutil -setreg ca\csp\CNGHashAlgorithm SHA256

Then restart your Certificate service:

net stop CertSvc
net start CertSvc

Freshly issues certificates should now have a SHA256 hash instead of an old depricated SHA1.

Posted on

Redirecting traffic with Apache

There are two main types of redirection. The first is where you want to change a domain or server but you want to preserve the pages and URLs. For example, a company changes name from company1 to company2 and you want to redirect everyone from http://company1.com/ to http://company2.com/ while keeping all of the pages. For example, you would want a visitor clicking a link to http://company1.com/pages/page.html to be redirected to http://company2.com/pages/page.html

This is easy to accomplish with a simple redirect in the virtual host. For example:


ServerName company1
ServerAlias company1.com
Redirect “/” “https://company2.com/”


ServerName company1.com
SSLEngine On
SSLCertificateFile /etc/ssl/apache/company1-com.pem
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
Redirect “/” “https://company2.com/”

Another scenario is that perhaps company1 has stopped trading or maybe the site is down for maintenance and you want to send all traffic to a static page. In this example, we redirect to a complete URL which could be hosted elsewhere or on the same server.


ServerName company1
ServerAlias company1.com
RewriteEngine On
RewriteRule ^.*$ https://company2.com/maintenance.html


ServerName company1.com
SSLEngine On
SSLCertificateFile /etc/ssl/apache/company1-com.pem
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
RewriteEngine On
RewriteRule ^.*$ https://company2.com/maintenance.html

Please note that if you want to redirect to a page on the same server or domain you will need an additional line before each “rewriterule” preventing the redirect from kicking in on that page. If you don’t you will have an endless redirect loop.

e.g.

RewriteCond %{REQUEST_FILENAME} !/maintenance.html

Posted on

Ubuntu /boot partition keeps filling up – move /boot to the root partition

Many of the ubuntu computers I look after were setup with a reasonable (at the time) 200MB /boot – in fact I think this was one of the default options in the Ubuntu setup. The default behaviour of the unattended updates package appears to install new kernels and not remove old ones. Combine this with the fact that the kernels are getting larger and 200mb is just not enough to maintain a few versions any more.

Rather then messing about with partition resizing or building a new machine out we can just move /boot onto the much larger root drive.

Make sure to either run these as sudo (or switch to root with sudo -s)

1. Take a backup of your server.

2. Copy the contents of boot over, remove the old one and rename.

cp -a /boot /boot2
umount /boot
rmdir /boot
mv /boot2 /boot

3. Now comment the /boot entry in /etc/fstab (Just add a # infront of the line that mounts boot):

vim /etc/fstab

4. Update grub and make sure everything is correct:

update-grub

5. Now reboot the computer and check everything is working – if not use the advanced options and try and alternate kernel version. Failing that restore from your backup.

Posted on

Remove landscape client service from ubuntu

You may have your reasons, as I did for removing this client from a server. The process is very simple.

If you have the full GUI install:

sudo apt-get remove landscape-client landscape-client-ui landscape-client-ui-install landscape-common

If you have a cli only install:

sudo apt-get remove landscape-client landscape-common

Posted on

Add virtual machine host fails with error 20408

I recently had a problem adding a host to a VMM server – all the obvious things had been checked. WinRM was enabled, firewall rules were in place. Service account had admin rights and DNS was correct.

Still, every time I attempted to add the host an error occurred:

“Error (20408) VMM could not get the specified instance Microsoft:{668f165d-4dae-bcb6-5007ff1fc2e8} of class http://schemas.microsoft.com/wbem/wsman/1/wmi/root/standardcimv2/MSFT_NetAdapterRssSettingData on the server server.fqdn. The operation failed with error NO_PARAM”

In this instance, the server was a 2016 one which has been upgraded from 2012 R2. The fix was bizarre. Save all VMs and remove the vswitches so that only normal physical adapters remain and then recreate the vswitches. The config was identical but clearly, something behind the scenes was wrong and recreating the vswitches worked. Retrying the same job on VMM resulted in success and the host was added to VMM.

Posted on

WSUSpool keeps stopping and console shows reset node

I recently found myself in a situation where WSUS would only work for a few minutes or even seconds at a time. A restart or IISReset could bring it back for a few minutes but it would soon stop again. The Configuration manager console didn’t show any errors but it also could not see any new updates.

The event log contained this message:

The WSUS administration console was unable to connect to the WSUS Server via the remote API.

Eventually the fix was to increase the amount of memory avaliable to the app pool from the default 1843200 KB – you could set this to 0 so there is no limit or to a higher sensible limit. After doing this and running an IISRESET the app pool remained running and I was able to syncronize new updates as well as service updates to clients.

To do this open up IIS and click the plus by your servername, then on “Application pools”. Next right click on WsusPool and then left click on “Advanced Settings”, then scroll down and locate the “Private Memory limit (KB)” near the bottom and edit this value to 0 or something higher.