Windows 10 Update KB 3122947 Error 0x80070643 Fix

One of my Windows 10 computers received the 0x80070643 error when installing KB 3122947 update. Here is the fix.

• Open Command Prompt (Admin)
• run dism /online /add-package /packagepath:C:\Windows\SoftwareDistribution\Download\b0a5da1b24245bc4237166e09bae92da\windows10.0-kb3122947-x86.cab
  or dism /online /add-package /packagepath:C:\Windows\SoftwareDistribution\Download\c4a1b8896ce9fbfea96c1ee6890d52a5\windows10.0-kb3122947-x64.cab
• Reboot

For more info see Mysterious Windows 10 version 1511 patch KB 3122947 fails to install

ESXi Inbox and Async Driver

Definition

• An inbox driver is one that is delivered and installed with ESXi software.
• An async driver is the third-party vendor driver certified by VMware. It does not come bundled with ESXi software and is usually downloaded from VMware.

Why we care

• When inbox and async drivers are present, they are both displayed as installed. However, only one is loaded
• The inbox driver is not removed when an async driver is installed, which results in multiple drivers for the same device being installed
• Multiple drivers can be installed but one is loaded and used.

Determine which drivers are installed

• esxcli software vib list | less
• esxcli software vib list | egrep <driver_string>
  • If the system has an inbox and async driver installed, the above egrep command displays more than one output

Determine which driver is actively being used

• esxcfg-info | less
  • Look at the Version under the module
• The name and the version of the storage driver corresponds with the second drive in the output of the esxupdate query command
• For network drivers
  • ethtool -i vmnicX
• Identify the vmnic # of the associated NIC
  • esxcfg-nics -l
  • esxcli network nic get -n vmnicX

Windows Server 2016 Licensing Change

Here are the short summary of the changes in Windows Server 2016 licensing comparing with Windows Server 2012.

• Windows Server 2016 licensing is based on CPU core, not CPU socket. One license pack covers 2 CPU cores.
• Windows Server 2016 licensing has a minimum of 8 cores (4 packs) per processor, and a minimum of 16 cores (8 packs) per system. If a server has a single CPU with 4 cores, it still requires buying 16 cores (8 packs) license to run Windows Server 2016.
• Windows Server 2016 Standard and Datacenter edition are functional differences. For example, the following are only available in the Datacenter edition
  • Storage Space Direct (S2D)
  • Storage Replica
  • Shielded Virtual Machines / Host Guardian Service
  • Network Controller
• Windows Server 2016 Software Assurance licensing allows portable to Azure

Citrix NetScaler Inject Client IP to HTTP Header

In the previous post, I mentioned that injecting the client source IP to the HTTP header as an alternative to pass the client IP to the web server without enabling “Use Source IP”. Here are the steps to do that.

• Configuration, System, Settings, Change HTTP parameters
• Check the Enable checkbox under Client IP Insertion
• Enter the header name

Citrix NetScaler Source IP Mode - "Use Source IP"

By default, NetScaler load balancing traffic flow is
Source IP (client) --> Virtual Server IP — NetScaler — SNIP —> Web Server

The web server sees the NetScaler’s SNIP as the source IP of the traffic. To let the web server sees the client IP address, enable “Use Source IP” under System, Settings, Configure Modes, check Use Source IP.

However, some issues should be noted when enabling “Use Source IP”

• TCP multiplexing will be disabled
  • TCP multiplexing allows the NetScaler appliance to have one connection to the webserver for all clients traffic
  • Eliminate the web server to manage the open & close connection
• The default gateway on the web servers should be set to the NetScaler’s SNIP
  • When the web servers see the client source IP, they will look at their default routing table for the return traffic, instead of returning the traffic to the NetScaler
  • When the web servers try to connect to a TCP connection with the client, the connection will be dropped by the client
• Alternative to enable Use Source IP
  • In general, I would recommend not to use USIP
  • Use inject HTTP header option to allow the NetScaler to inject the source IP header into the HTTP request (more information will be provided in the future post.)

What is SHA1

SHA1 (Secure Hashing Algorithm 1) is a hashing algorithm to generate the digital signature (hash) of a document. The signature verifies who created the document (the signer) and that the document wasn’t altered. SHA1 is not an encryption algorithm. Examples of encryption algorithm are AES, DES, RC4, etc.

SHA1 is phasing out by the web browsers (Microsoft, Mozilla, Google) starting on January 1, 2016. The SSL certificate signed by SHA1 should be replaced with a new one signed by SHA2.

To check the SSL certificate on a web server, use

• http://sha1affected.com
• https://www.ssllabs.com/ssltest/

NetApp "HA GROUP ERROR: DISK/SHELF COUNT MISMATCH ERROR" Troubleshoot

We received an alert “HA GROUP ERROR: DISK/SHELF COUNT MISMATCH ERROR” from the NetApp filer (Model V3240, OS Version 8.1.2 [7-Mode]), one from each node in the NteApp cluster . The alert does not include much information which node has the problem or what goes wrong. It turns out that a disk in one of the nodes start failing. Here are some steps to help to identify the failing disk.

• Option 1: Search CF-Monitor.txt (inside body.7z file attached in the alert) for “Mismatched disk”, and run disk show <disk_device_id>
• Option 2: run disk show -v and look for “FAILED” disk
• Option 3: run sysconfig -d and look for “Not available” under Disk Vital Product Information column
• Option 4: run aggr status -r (or vol status -r) and look for “Maintenance disks”