Search This Blog

Hold Off Upgrading ESXi 5.5 with VSAN to ESXi 6.0

If you are running ESXi 5.5 with VSAN, DO NOT upgrade the ESXi host from 5.5 to 6.0. When mixing ESXi 5.5 and 6.0 in the VSAN cluster during the host upgrade, it can cause permanent data loss. See this VMware KB2139969 for more information. As December 25, 2015, no fix is available yet.

If you have to upgrade to ESXi 6.0 now, the safe approach is to migrate the VMs on the VSAN to other non-VSAN storage prior to the upgrade.

Windows Server Message Block (SMB) Protocol

Versions

There are several different versions of SMB used by Windows operating systems:

SMB Version

Operating System

Note

CIFS Windows NT superseded by SMB1
SMB 1.0 (or SMB1) Windows 2000, XP, Server 2003,
Server 2003 R2
SMB 2.0 (or SMB2) Windows Vista (SP1 or later),
Server 2008
SMB 2.1 (or SMB2.1) Windows 7, Server 2008 R2
SMB 3.0 (or SMB3) Windows 8, Server 2012
SMB 3.02 (or SMB3) Windows 8.1, Server 2012 R2 In Windows 8.1 and Server 2012 R2, the option to completely disable CIFS/SMB1 support is introduced. It is not the default configuration.
SMB 3.1.1 Widnows 10, Server 2016

Negotiated Versions

Here’s a table to help you understand what version you will end up using, depending on what Windows version is running as the SMB client and what version of Windows is running as the SMB server:

OS Windows 8.1
WS 2012 R2
Windows 8
WS 2012
Windows 7
WS 2008 R2
Windows Vista
WS 2008
Previous Version
Windows 8.1
WS 2012 R2
SMB 3.02 SMB 3.0 SMB 2.1 SMB 2.0 SMB 1.0
Windows 8
WS 2012
SMB 3.0 SMB 3.0 SMB 2.1 SMB 2.0 SMB 1.0
Windows 7
WS 2008 R2
SMB 2.1 SMB 2.1 SMB 2.1 SMB 2.0 SMB 1.0
Windows Vista
WS 2008
SMB 2.0 SMB 2.0 SMB 2.0 SMB 2.0 SMB 1.0
Previous Version SMB 1.0 SMB 1.0 SMB 1.0 SMB 1.0 SMB 1.0

* WS = Windows Server

Check SMB Version

In Windows 8 or Windows Server 2012 or later, a new PowerShell cmdlet can easily tell what version of SMB the client has negotiated with the File Server. For Windows version prior to Windows 8, there is not an easy way – need to use Network Monitor, Message Analyzer (recommended) or Wireshark to capture and look into the packets.

To check the negotiated SMB version between the client and file server

  1. Access a remote file server (or create a new mapping to it)
  2. Use Get-SmbConnection

To check the SMB version on the local computer

  1. dir \\localhost\c$
  2. Get-SmbConnection –ServerName localhost
    • run the Get-SmbConnection cmdlet within 10 seconds after the dir command
    • the SMB client will tear down the connctions if there is no activity

ps_getsmbconnection

Recommendation

Microsoft strongly encourage to update to the latest of SMB. However, be aware of compatibility with the older Windows operating systems and third-party application implementation.

  • VMware
    • vCenter Server Appliance 5.5.x / 6.0.x and vRealize Automation 6.2.x support SMB1 only (KB2134063)

Source

Microsoft Jose Barroeto’s Blog

Blogger Editor - Open Live Writer Update 2

Today, my Open Live Writer is updated to build 0.5.1.4. The feature I wanted in my Update 1 post is here – support Blogger label.

The label can be entered in the new box under the tool bar; multiple labels can be separated by comma. Even the “Refresh List” feature (the two arrows on the right of label box) does not work, I am very thankful for the development team continuing to add new features in a short time.

olw_label.box

Check eDellRoot Certificate and Rogue Certificate

The eDellRoot certificate was a hot topic back in November 2015. This post just summarizes the tools to use check this and other rogue certificate on your computer.

Detection

Steps to check if your computer (mainly the Dell laptop) is vulnerable by the eDellRoot certificate

  1. Use Internet Explorer or Chrome (Firefox has its own certificate store, so this test site doesn’t work).
  2. Go to https://edell.tlsfun.de/

Removal

If the bad eDellRoot certificate is found on your computer, use the Dell’s official remover to remove it.

Audit the root CA stores

Furthermore, you can scan and audit the trusted root CA stores – both Microsoft (using by IE and Chrome) and Mozillla (using by Firefox), with the following tools:

  • RCC from http://trax.x10.mx/apps.html
  • the upcoming version of Sigcheck from Mark Russinovish at Microsoft
    • Mark Russinovich announced this on Twitter
    • As 12/22/2015, this version of Sigcheck is still in beta. Not yet available. I will post an update when the final version is available in public.

Recommended Topologies for VMware vSphere 6.0.x

VMware has a KB (KB2108548) that summarizes the recommended topologies for vSphere 6.0.x deployment on the Platform Services Controller (PSC) and vCenter Server. I’s a good read.

My pick will be one of the following topologies in most of the deployment – simple configuration with sufficient redudance.

2015-12-21_10-41-22

2015-12-21_10-42-49

Blogger Editor - Open Live Writer Update 1

In my recent post, I was glad that Open Live Writer is available, but it had a problem with Blogger authenticate. Today I found this in its issue tracker.

Following the instruction posted in the issue tracker, I opened Open Live Writer and closed, and then reopened. A new option “Google Blogger” is avaialble in the blog type. After entering the my Blooger URL and authrorizing the access, I am writing this post in Open Live Writer!!! The version is 0.5.1.2. Thank you for the great work!

2015-12-21_09-08-15

The next feature I want is to support “Labels”, like many people requested. The good news is that they are working on it. I will keep an eye on this and post on the next update when it’s available.

Use WinSCP to Transfer Files in vCSA 6.7

This is a quick update on my previous post “ Use WinSCP to Transfer Files in vCSA 6.5 ”. When I try the same SFTP server setting in vCSA 6.7...