Search This Blog

Exclude Virtual Machine Hard Disk from Snapshot

A virtual machine hard disk in vSphere v.5 or v.6 can be configured in three different modes:

  • Dependent: the default disk mode. The disk is included in snapshot.
  • Independent – Persistent: Changes to the disk are immediately and permanently written to disk. The disk is not included in snapshot.
  • Independent – Nonpersistent: Changes to the disk are discarded when power off. The disk is included in snapshot.

To change a VM hard disk to Independent – Persistent mode in vSphere v.6 Web Client:

  • Power off the VM
  • Delete any snapshots that currently exist
  • Right-click the VM and click Edit Settings
  • Under Virtual Hardware tab, expand the hard disk
  • In Disk Mode, select Independent – Persistent
  • Click OK

VM.Harddisk.Mode

To verify a VM hard disk excluded from snapshot:

  • Take a snapshot of the VM
  • Right-click on the datastore storing the VM and click Browse Files
  • Browse to the VM folder
  • If the disk is not set to Independent – Persistent mode, a VM-00001.vmdk file is created for the disk
  • If the disk is set to Independent – Persistent mode, this file will not be created

How to Save Windows 10 Lockscreen Image

  1. Open Run dialog
  2. Browse to %localappdata%\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets
  3. Copy all the files to a temporary folder
  4. Rename all the files with the JPG extension by entering “ren *.* *.jpg” in command prompt

Update: 01/18/2016

An app, SpotBright, in Windows Store makes even easier to download these images.

ESXi VMkernel Port “Management traffic” Checkbox

Here is the screenshot of the services that can be enabled on an ESXi v.6 VMkernel NIC port.2015-12-28_13-38-49

All these services look very self-explanatory, until I am doing some research on the ESXi management redudancy and discovering this post.

Here is the quick summary of the post, plus others I learned about the VMkernel port.

  • The “Management traffic” checkbox does nothing but enabling that VMkernel NIC for HA hearbeat traffic.
  • It has nothing to deal with the management of the ESXi host. When the checkbox is not checked, you still can manage the ESXi host via vCenter Server or SSH to the ESXi host via the IP address associated with the VMkernel port.
  • Why isn’t there a checkbox for iSCSI or NFS traffic?
    • Answer: any VMkernel port can talk to iSCSI or NFS storage. There is no need to enable the service.
  • Prior to vSphere 6, only one default gateway is defined for the ESXi host in the GUI (ESXi 5.5 allows to add additional TCP/IP stack, including default gateway & DNS, in CLI). All VMkernel ports use the same default gateway for the traffic that is not local to each VMkernel port subnet.
  • Here is the sceenshot in vSphere 5.5, only one Default TCP/IP stack

2015-12-28_14-56-47

  • Here is the screenshot in vSphere 6, three TCP/IP stacks by default. Each can have different deffault gateway. Additional custom TCP/IP stack still needs to be created by CLI.

2015-12-28_14-58-57

Hold Off Upgrading ESXi 5.5 with VSAN to ESXi 6.0

If you are running ESXi 5.5 with VSAN, DO NOT upgrade the ESXi host from 5.5 to 6.0. When mixing ESXi 5.5 and 6.0 in the VSAN cluster during the host upgrade, it can cause permanent data loss. See this VMware KB2139969 for more information. As December 25, 2015, no fix is available yet.

If you have to upgrade to ESXi 6.0 now, the safe approach is to migrate the VMs on the VSAN to other non-VSAN storage prior to the upgrade.

Windows Server Message Block (SMB) Protocol

Versions

There are several different versions of SMB used by Windows operating systems:

SMB Version

Operating System

Note

CIFS Windows NT superseded by SMB1
SMB 1.0 (or SMB1) Windows 2000, XP, Server 2003,
Server 2003 R2
SMB 2.0 (or SMB2) Windows Vista (SP1 or later),
Server 2008
SMB 2.1 (or SMB2.1) Windows 7, Server 2008 R2
SMB 3.0 (or SMB3) Windows 8, Server 2012
SMB 3.02 (or SMB3) Windows 8.1, Server 2012 R2 In Windows 8.1 and Server 2012 R2, the option to completely disable CIFS/SMB1 support is introduced. It is not the default configuration.
SMB 3.1.1 Widnows 10, Server 2016

Negotiated Versions

Here’s a table to help you understand what version you will end up using, depending on what Windows version is running as the SMB client and what version of Windows is running as the SMB server:

OS Windows 8.1
WS 2012 R2
Windows 8
WS 2012
Windows 7
WS 2008 R2
Windows Vista
WS 2008
Previous Version
Windows 8.1
WS 2012 R2
SMB 3.02 SMB 3.0 SMB 2.1 SMB 2.0 SMB 1.0
Windows 8
WS 2012
SMB 3.0 SMB 3.0 SMB 2.1 SMB 2.0 SMB 1.0
Windows 7
WS 2008 R2
SMB 2.1 SMB 2.1 SMB 2.1 SMB 2.0 SMB 1.0
Windows Vista
WS 2008
SMB 2.0 SMB 2.0 SMB 2.0 SMB 2.0 SMB 1.0
Previous Version SMB 1.0 SMB 1.0 SMB 1.0 SMB 1.0 SMB 1.0

* WS = Windows Server

Check SMB Version

In Windows 8 or Windows Server 2012 or later, a new PowerShell cmdlet can easily tell what version of SMB the client has negotiated with the File Server. For Windows version prior to Windows 8, there is not an easy way – need to use Network Monitor, Message Analyzer (recommended) or Wireshark to capture and look into the packets.

To check the negotiated SMB version between the client and file server

  1. Access a remote file server (or create a new mapping to it)
  2. Use Get-SmbConnection

To check the SMB version on the local computer

  1. dir \\localhost\c$
  2. Get-SmbConnection –ServerName localhost
    • run the Get-SmbConnection cmdlet within 10 seconds after the dir command
    • the SMB client will tear down the connctions if there is no activity

ps_getsmbconnection

Recommendation

Microsoft strongly encourage to update to the latest of SMB. However, be aware of compatibility with the older Windows operating systems and third-party application implementation.

  • VMware
    • vCenter Server Appliance 5.5.x / 6.0.x and vRealize Automation 6.2.x support SMB1 only (KB2134063)

Source

Microsoft Jose Barroeto’s Blog

Blogger Editor - Open Live Writer Update 2

Today, my Open Live Writer is updated to build 0.5.1.4. The feature I wanted in my Update 1 post is here – support Blogger label.

The label can be entered in the new box under the tool bar; multiple labels can be separated by comma. Even the “Refresh List” feature (the two arrows on the right of label box) does not work, I am very thankful for the development team continuing to add new features in a short time.

olw_label.box

Check eDellRoot Certificate and Rogue Certificate

The eDellRoot certificate was a hot topic back in November 2015. This post just summarizes the tools to use check this and other rogue certificate on your computer.

Detection

Steps to check if your computer (mainly the Dell laptop) is vulnerable by the eDellRoot certificate

  1. Use Internet Explorer or Chrome (Firefox has its own certificate store, so this test site doesn’t work).
  2. Go to https://edell.tlsfun.de/

Removal

If the bad eDellRoot certificate is found on your computer, use the Dell’s official remover to remove it.

Audit the root CA stores

Furthermore, you can scan and audit the trusted root CA stores – both Microsoft (using by IE and Chrome) and Mozillla (using by Firefox), with the following tools:

  • RCC from http://trax.x10.mx/apps.html
  • the upcoming version of Sigcheck from Mark Russinovish at Microsoft
    • Mark Russinovich announced this on Twitter
    • As 12/22/2015, this version of Sigcheck is still in beta. Not yet available. I will post an update when the final version is available in public.

Use WinSCP to Transfer Files in vCSA 6.7

This is a quick update on my previous post “ Use WinSCP to Transfer Files in vCSA 6.5 ”. When I try the same SFTP server setting in vCSA 6.7...