Wednesday, 18 April 2018

Add net framework 3.5 to server 2016

Mount server 2016 iso

Open command prompt with administrator

Run command

DISM.EXE /Online /Add-Package /PackagePath:"D:\sources\sxs\Microsoft-Windows-NetFx3-OnDemand-Package.cab"

 The D in the path would be whatever your mapped location is

Tuesday, 26 September 2017

Update ESXI host using command line/putty


esxcli software vib update -d "/vmfs/volumes/Datastore/DirectoryName/PatchName.zip"


Tuesday, 4 July 2017

PowerCLI Script to Backup all VMX files to Local Disk (2017)

Requirements:
Windows Server/Windows Machine with Powershell.
PowerCLI from Vmware.

Open PowerCLI with administrator rights and type the below commands.

connect-VISERVER nameofhostorvcenter

cd vmstore:\datacenter\nameofdatastore

Copy-DatastoreItem -Item *\.vmx -Destination S:\nameoflocaldrive

To copy the files back

Copy-DatastoreItem -Item S:\nameoflocaldrive\*.vmx -Destination vmstore:\datacenter\nameofdatastore

Wednesday, 7 June 2017

Find hostname of ip address

Such an easy one! I couldn't remember how to find the hostname of a ip address, I guess I hadn't had my coffee yet.

Anyways open up command prompt.

Type in "nslookup 0.0.0.0"

0.0.0.0 is the ip address and that's it!

easy peasy.


Wednesday, 24 May 2017

Install NetFramework 3.5 offline


I faced a problem at a customer site last week when I tried to install the .NET Framework 3.5 – a prerequisite for installing SQL Server 2012 on a Windows Server 2012 R2. I opened the Server Manager and then navigated to the Manage, Add Roles and Features section:
b2ap3_thumbnail_pic01.jpg
I selected the .NET Framework 3.5 Features option:
b2ap3_thumbnail_pic02.jpg
I specified an alternate source path:
b2ap3_thumbnail_pic03.jpg
… and surprise! Even though an ISO of Windows Server 2012 R2 was mapped to my D: drive, the installation failed with this strange error: “The source file could not be found…”
After some investigations, I found that this problem is quite common and that Microsoft has published a fix … which unfortunately does not work for me!
I tried the same installation with different ways: command prompt, PowerShel l… but absolutely NO RESULT.
I finally decided to open a PowerShell console to check the Windows Features available on my server with the cmdlet Get-WindowsFeature:
b2ap3_thumbnail_Pic1.jpg
Strangely, the status of the .NET Framework 3.5 is not showing “Available”, but “Removed”!
b2ap3_thumbnail_Pic2.jpg
So, how do I change this state from removed to available?
After some investigations and after having tried some fixes provided by persons who faced to the same problem as me, I finally found the Standalone Offline Installer tool that solved my problem by enabling the .NET Framework 3.5 (many thanks to Abbodi1406).
I downloaded this exe file and executed it on my server.
An installer screen appeared:
b2ap3_thumbnail_pic4.jpg
After clicking on the Next button, a command prompt screen appeared which showed the completion state of the process.
pic6.jpg
As soon as the process was finished, I went back to my PowerShell screen to check if my .NET Framework 3.5 is now available – by running my PowerShell cmdlet Get-WindowsFeature:
b2ap3_thumbnail_pic10.jpg
The .NET Framework 3.5 now was available and I as able to restart the installation process from the beginning by navigating to the server manager, selecting the concerned feature and giving the alternate source path.
pic8.jpg
I finally succeded in installing my .NET Framework 3.5!

credit:https://blog.dbi-services.com/winows-server-2012-r2-failed-to-install-net-framework-35/

Tuesday, 16 May 2017

Update ESXI via putty (SSH) and vSphere client. 6.0 Update 3

https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2008939

To patch an ESXi 5.x/6.x host from the command line:

  1. Patches for VMware products can be obtained from the VMware patch portal. Select ESXi (Embedded and Installable) in the product dropdown and click Search.
  2. Click the Download link below the patch Release Name to download the patch to your system.
  3. Upload the patch to a datastore on your ESXi 5.x/6.x host using the Datastore Browser from vCenter Server or a direct connection to the ESXi 5.x/6.x host using the vSphere Web client.

    Note: VMware recommends creating a new directory on the datastore and uploading the patch file to this directory.
  4. Log in to the local Tech Support Mode console of the ESXi 5.x/6.x host. For more information, see Using Tech Support Mode in ESXi 4.1 and ESXi 5.x (1017910).
  5. Migrate or power off the virtual machines running on the host and put the host into maintenance mode. The host can be put into maintenance mode by running this command:

    # vim-cmd hostsvc/maintenance_mode_enter
  6. Navigate to the directory on the datastore where the patch file was uploaded to and verify that the file exists by running these commands:

    # cd /vmfs/volumes/Datastore/DirectoryName
    # ls


    Where Datastore is the datastore name where the patch file was uploaded to, and DirectoryName is the directory you created on the datastore.
  7. Install or update a patch on the host using these esxcli commands:

    Notes:

    • To install or update a .zip file, use the -d option. To install or update a .vib file use the -v option.
    • Using the update command is the recommended method for patch application. Using this command applies all of the newer contents in a patch, including all security fixes. Contents of the patch that are a lower revision than the existing packages on the system are not applied.
    • Using the install command overwrites the existing packages in the system with contents of the patch you are installing, including installing new packages and removing old packages. The install command may downgrade packages on the system and should be used with caution. If required, the install command can be used to downgrade a system (only for image profiles) when the --allow-downgrade flag is set.
    Caution: The install method has the possibility of overwriting existing drivers. If you are using third-party ESXi images, VMware recommends using the update method to prevent an unbootable state.
    To Install:

    • Using local setup:

      # esxcli software vib install -d "/vmfs/volumes/Datastore/DirectoryName/PatchName.zip"

      Where PatchName.zip is the name of the patch file you uploaded to the datastore.

      Note: Alternatively, you can use the datastore's UUID instead of the DirectoryName .

      For example:

      # esxcli software vib install -d "/vmfs/volumes/datastore1/patch-directory/ESXi500-201111001.zip"

      or

      # esxcli software vib install -d "/vmfs/volumes/a2bb3e7c-ca10571c-cec6-e5a60cc0e7d0/patch-directory/ESXi500-201111001.zip"
    • Using http setup:

      # esxcli software vib install -v viburl

      Where viburl is the URL to the http depot where VIB packages reside.

      For example:

      # esxcli software vib install -v https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/esx/vmw/vib20/tools-light/VMware_locker_tools-light_5.0.0-0.7.515841.vib
    To Update:

    • Using local setup:

      # esxcli software vib update -d "/vmfs/volumes/Datastore/DirectoryName/PatchName.zip"

      Where PatchName.zip is the name of the patch file you uploaded to the datastore.

      Note: Alternatively, you can use the datastore's UUID instead of the DirectoryName .

      For example:

      # esxcli software vib update -d "/vmfs/volumes/datastore1/patch-directory/ESXi500-201111001.zip"

      or

      # esxcli software vib update -d "/vmfs/volumes/ a2bb3e7c-ca10571c-cec6-e5a60cc0e7d0 /patch-directory/ESXi500-201111001.zip"
    • Using http setup:

      # esxcli software vib update -v viburl

      Where viburl is the URL to the http depot where VIB packages reside.

      For example:

      # esxcli software vib update -v https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/esx/vmw/vib20/tools-light/VMware_locker_tools-light_5.0.0-0.7.515841.vib
  8. Verify that the VIBs are installed on your ESXi host:

    # esxcli software vib list

    For example:

    # esxcli software vib list

    Name              Version                     Vendor Acceptance Level Install Date
    ----------------- --------------------------- ------ ---------------- ------------
    ata-pata-amd      0.3.10-3vmw.500.0.0.469512  VMware VMwareCertified  2012-05-04
    ata-pata-atiixp   0.4.6-3vmw.500.0.0.469512   VMware VMwareCertified  2012-05-04
    ata-pata-cmd64x   0.2.5-3vmw.500.0.0.469512   VMware VMwareCertified  2012-05-04
    ata-pata-hpt3x2n  0.3.4-3vmw.500.0.0.469512   VMware VMwareCertified  2012-05-04

  9. After the patch has been installed, reboot the ESX host:

    # reboot
  10. After the host has finished booting, exit maintenance mode and power on the virtual machines:

    # vim-cmd hostsvc/maintenance_mode_exit 

Thursday, 11 May 2017

Using AD signed certificates with vCenter Server Appliance 6

Creating signed certs for vCenter has never been easy, with the new release of 6.0 though this has changed somewhat, there is a built in certificate manager that allows you to import a CA (say Microsoft AD) cert and key to have VMCA sign it’s own certs with and make them trusted.
First thing, we need to set up an AD cert template for vSphere 6.0, that’s in my article here.
Next, log in to your vCenter Server Appliance as root and enter:
shell.set --enabled True
shell
This will get us access to the VCSA underlying OS CLI
Create a directory to store our csr and key:
mkdir /root/SSLCerts
Next we will need to launch the certificate manager, execute:
/usr/lib/vmware-vmca/bin/certificate-manager
You will see a display like so:
 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
|                                                                     |
|      *** Welcome to the vSphere 6.0 Certificate Manager  ***        |
|                                                                     |
|                   -- Select Operation --                            |
|                                                                     |
|      1. Replace Machine SSL certificate with Custom Certificate     |
|                                                                     |
|      2. Replace VMCA Root certificate with Custom Signing           |
|         Certificate and replace all Certificates                    |
|                                                                     |
|      3. Replace Machine SSL certificate with VMCA Certificate       |
|                                                                     |
|      4. Regenerate a new VMCA Root Certificate and                  |
|         replace all certificates                                    |
|                                                                     |
|      5. Replace Solution user certificates with                     |
|         Custom Certificate                                          |
|                                                                     |
|      6. Replace Solution user certificates with VMCA certificates   |
|                                                                     |
|      7. Revert last performed operation by re-publishing old        |
|         certificates                                                |
|                                                                     |
|      8. Reset all Certificates                                      |
|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|
We are going to use option 1 to replace the machine_ssl cert an AD signed one.
You will now be prompted for your SSO user password (usually administrator@vsphere.local unless you’ve changed it during setup like me), so enter it.
No you’re going to be asked:
     1. Generate Certificate Signing Request(s) and Key(s) for Machine SSL certificate

     2. Import custom certificate(s) and key(s) to replace existing Machine SSL certificate

Option [1 or 2]: 1
We want to choose option 1 to generate the csr for signing by AD.
Choose an output directory (/root/SSLCerts created earlier).
Please provide a directory location to write the CSR(s) and PrivateKey(s) to: 
Output directory path: /root/SSLCerts
2015-07-19T18:48:25.878Z   Running command: ['/usr/lib/vmware-vmca/bin/certool', '--genkey', '--privkey', '/root/SSLCerts/machine_ssl.key', '--pubkey', '/tmp/pubkey.pub']
2015-07-19T18:48:26.144Z   Done running command
2015-07-19T18:48:26.145Z   Running command: ['/usr/lib/vmware-vmca/bin/certool', '--gencsrfromcert', '--privkey', '/root/SSLCerts/machine_ssl.key', '--cert', '/tmp/vecs_crt.crt', '--csrfile', '/root/SSLCerts/machine_ssl.csr']
2015-07-19T18:48:26.245Z   Done running command

CSR generated at: /root/SSLCerts/machine_ssl.csr
As you can see the .csr was generated at: /root/SSLCerts/machine_ssl.csr so we will cat the output file (open another ssh session to the vc) to get the csr:
cd /root/SSLCerts/
cat machine_ssl.csr
Output will be in standard csr format:
vc1:~/SSLCerts # cat machine_ssl.csr 
-----BEGIN CERTIFICATE REQUEST-----
{CSR HERE}
-----END CERTIFICATE REQUEST-----
Load up AD CertSvc (usually at: https://{DCnameorIP}/CertSrv/en-US/) and follow this procedure:
  • Request Certificate
  • Advanced Certificate Request
  • Certificate Template: vSphere 6.0
  • Paste the csr in and click submit.
CSR Request
Next, download the certificate as Base 64 encoded (not the chain!).
Open the cert with notepad/sublime text or such and paste the content into a new file on the vcsa:
vi /root/SSLCerts/machine_ssl.cer
Put vi into insert mode:
i
Paste in the contents of the cer file, then hit Esc, write and quit the file:
:wq
Download the CA root certificate in Base 64 also and add it to another file, as above, called ca.cer.
You should now have 4 files in /root/SSLCerts/:
  • ca.cer
  • machine_ssl.cer
  • machine_ssl.csr
  • machine_ssl.key
Back in the first ssh session where certificate manager is running enter option 1 and enter the requested signed cert file paths:
     1. Continue to importing Custom certificate(s) and key(s) for Machine SSL certificate

     2. Exit certificate-manager 

Option [1 or 2]: 1

Please provide valid custom certificate for Machine SSL.
File : /root/SSLCerts/machine_ssl.cer

Please provide valid custom key for Machine SSL.
File : /root/SSLCerts/machine_ssl.key

Please provide the signing certificate of the Machine SSL certificate
File : /root/SSLCerts/ca.cer

You are going to replace Machine SSL cert using custom cert
Continue operation : Option[Y/N] ? : y
Status : 100% Completed [All tasks completed successfully] 
And we’re done!
Valid cert on vCenter 6.0 Web Client
References:
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2111571&src=vmw_so_vex_mgray_1080
http://blogs.vmware.com/vsphere/2015/07/custom-certificate-on-the-outside-vmware-ca-vmca-on-the-inside-replacing-vcenter-6-0s-ssl-certificate.html?src=vmw_so_vex_mgray_1080
http://kb.vmware.com/selfservice/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=2097936&src=vmw_so_vex_mgray_1080




credit:https://blah.cloud/security/using-ad-signed-certificates-with-vcenter-server-appliance-6/