vSphere 6 Lockdown Mode Access Summary

The Lockdown mode in vSphere v.6 is different comparing with the previous version (v.5).
vSphere 6 introduces a couple of new concepts:

·         Normal Lockdown Mode

·         Strict Lockdown Mode

·         Exception Users

The following table summarizes the access method in each Lockdown Mode.

Access Method	Lockdown Mode Disabled	Normal Lockdown Mode	Strict Lockdown Mode
vCenter	Yes	Yes	Yes
Direct Console access (DCUI) with root	Yes	Yes	No
Direct Console access (DCUI) with account (local account only) defined in DCUI.Access advanced option for the host	Yes	Yes	No
Direct Console access (DCUI) with accounts in Exception User for lockdown mode & administrative privilege on the host (if the ESXi host is joined an AD domain, only AD account; if the ESXi host is not joined an AD domain, local account)	N/A	Yes	No
vSphere Client directly to ESXi with root	Yes	No	No
vSphere Client directly to ESXi with account (local account only) defined in DCUI.Access advanced option for the host	No	No	No
vSphere Client directly to ESXi with accounts in Exception User for lockdown mode & administrative privilege on the host (if the ESXi host is joined an AD domain, only AD account; if the ESXi host is not joined an AD domain, local account)	N/A	Yes	Yes
PowerCLI / CLI to ESXi with root	Yes	No	No
PowerCLI / CLI to ESXi with account (local account only) defined in DCUI.Access advanced option for the host	No	No	No
PowerCLI / CLI to ESXi with accounts in Exception User for lockdown mode & administrative privilege on the host (if the ESXi host is joined an AD domain, only AD account; if the ESXi host is not joined an AD domain, local account)	N/A	Yes	Yes

 

How to fix Print Screen hotkey registration failure

I like to use a third party screen capture utility, e.g. ShareX or Greenshot, etc, instead of the Windows built-in Snipping Tool. I configure the utility to load at the startup and set the print screen key to capture the region and copy the image to clipboard, so I can easily paste the screen shot into a document.

After installing November 10, 2015 Windows Update on my Windows 10 laptop (PS. my Windows 8 laptop does not have this issue with the update.), I got the following message after the system reboot.

I make sure I don't have any other screen capture utilities running the background. I tried uninstalling and reinstalling ShareX, no lucky. Then I installed another screen capture utility - Greenshot, I got the similar message.

I double checked no two screen capture utilities running at the same time.

To figure out which program is registered the Screen Print hotkey, I installed the Windows Hotkey Explorer tool (http://hkcmdr.anymania.com). However, it reported no program is using the Screen Print hotkey.

When searching on the web, some one mentioned Dropbox or OneDrive application may configure to automatically upload screenshots to their cloud storage. I don't have Dropbox installed. I have OneDrive, but the screenshot upload to OneDrive is turned off.

Solution:

• Right click on the OneDrive icon on the task bar, and select Settings

• Check the checkbox "Automatically save screenshot I capture to OneDrive", then click OK

• When prompting to choose the folder to save the screenshot, click Cancel

• Open OneDrive's Settings again to verify the checkbox is unchecked

• After "resetting" this OneDrive setting, the screen capture utility is loaded successfully and the print screen hotkey is working as it is configured in the application.

Lunch Hour Workout

New Year resolution, but no time to work out? Try a lunch hour workout. Keep the following in mind.

• Everything counts. Don't have to take place at a gym. Walking (e.g. 30 minutes) around the office counts.
• According to the fitness experts, eat after, not before, the workout
• Do some in-office stretch, bends, push-ups.

Windows 8 Tools

• Classic Shell for Windows 8 (free): brings back the Start menu and button (and more) on Windows 8.
• Virtual Router Plus (free): turns any Windows 7 and Windows 8 computer into a Wifi Hot Spot.

vCenter “Hardware monitoring service on this host is not responding or not available” in Hardware Status tab

 

Fix: In vCenter, select the VM host, Configuration, Security Profile (under Software), Firewall Properties, CIM Server, Options, Restart.

After restarting the CIM Server service, it can take a few minutes before the hardware status is updated.

Tested in ESXi 5.0

Reference: http://communities.vmware.com/thread/219556?start=15&tstart=0

Watt and Volt-Amp (VA) Rating Notes

1. Definition and Purpose

• Watt is the real power drawn by the equipment.  The Watt rating to determine the actual power purchased from the utility company and the heat loading generated by the equipment.
• The VA rating is used for sizing wiring and circuit breakers.

2. IT Equipment Switching Power Supply Types

• Power Factor Corrected supply (PFC)
• Capacitor Input supply

3. Computer Equipment Watt and VA Rating

• Large computer equipment such as routers, switches, arrays, and servers made after 1996 use the PFC supply. Watt rating = VA rating
• PCs, small hubs, PC accessories, and larger computer equipment made prior to 1996 typically use Capacitor Input supply. Watt rating = 0.55 ~ 0.75 * VA rating

4. UPS Watt an VA Rating

• Small UPS: Watt rating = 60% * VA rating (a de-facto standard in the industry)
• Larger UPS: Watt rating = VA rating

5. Conclusion

• Neither the Watt nor the VA rating of a UPS may be exceeded
• Sizing the VA rating of a load to be no greater than 60% of the VA rating of the UPS ensures the Watt rating of a load not to exceed the Watt rating of the UPS.  This conservative sizing approach will typically oversize the UPS and provide additional run time.

Source: APC White Paper #15 “Watts and Volt-Amps: Powerful Confusion”

Troubleshoot PEAP Authentication

Environment:

Wireless PEAP with Windows Active Directory domain authentication is configured. (see http://www.techrepublic.com/article/ultimate-wireless-security-guide-an-introduction-to-peap-authentication/6148543 for the setup detail).

Windows Server 2003 with a self-signed digital certificate as the RADIUS server.

Wireless access managed by the Active Directory “WiFi Users” security group.

Access Point: Cisco WAP4410N with firmware 2.0.5.3

Access Point Configuration:

• Discovery (By Bonjour): Enabled
• Wireless Security Mode: WPA2-Enterprise Mixed (WPA Algorithm: TKIP or AES)
• Primary RADIUS Server: Windows Server 2003 RADIUS server IP address
• Primary RADIUS Server Port: 1812
• Wireless Connection Control (MAC address filter): Disabled

Problem:

The users in the Active Directory “WiFi Users” security group were able to authenticate and access the wireless with the wireless devices (iPhone, iPad, Windows Phone 7.5, Windows XP with SP3, Windows 7, MAC OS X, etc) configured with the PEAP authentication. One day in August 2012, the Windows Server 2003 RADIUS server was updated with the latest Microsoft security updates. Then, only iOS devices (maybe MAC OS X too) can authenticate and access the wireless; all Windows based devices keep getting the connection failure even the configuration and authentication are correct.

Troubleshoot:

The RADIUS server System log shows a warning from source IAS, event ID 2. The user was denied access; Reason-Code = 266; Reason = The message received was unexpected or badly formatted.

Solution:

The scenario 2 in the KB article (http://support.microsoft.com/kb/933430) matches this issue. Use method 3 in the KB article resolved the problem.