VMware vSphere and templates

I just converted one of my (old) templates, as I wanted to refresh the updates and the virus scanner. After converting, I was asked about the UUID (no clue why), and expected to be done with it. But after looking at the console, I got the following, completely cryptic message:

Unable to connect to MKS
Unable to connect to MKS

After digging a bit deeper (that is looking at the vmware.log of the virtual machine, since the message of the GUI is *real* cryptic), I’m a bit wiser:

After softly shutting the VM down, and the powering the VM back up everything is back to working order.

IBM TS7530 and the Virtualization Engine for Tape Console

I just had yet another support call with IBM, concerning the Tape Console (or VE console, courtesy of Falconstor). My basic problem was/is, that I, as a german person, do have a german Windows Server 2003 installation. Now, if you do have german decimal number format selected in the regional settings, the display is gonna be kinda impaired and you’re gonna see something like this:

VE console with german decimal number format

And now compared to the english decimal number format:

VE console with english decimal number format

This time, the IBM support was quite fast in answering to my ESC, more or less to my satisfaction. Basic statement from IBM is: The VTL console isn’t supported on any german Windows OS. It’s only supported on a english Windows OS.

IBM RSA II adapter and Java RE

Today, after a short break (you can call it break, I think), I sat down and looked at the IBM RSA II adapter’s remote management GUI and it’s trouble with JRE versions. Ever since the last Java updates, I was unable to access the RSA console because Java would throw an error like this:

In the end, I downloaded every version since JRE (that is 20 different versions :!:), as wittnessed by Michael Ellerbeck that the last working version for him was JRE, and gave each one a try (since I want to report the issue to IBM, so that they gonna release a fix sometime soon).

So here’s the list of what Java JRE version works with an RSA II adapter running Firmware 1.10 (GGEP36B):

  • Java JRE 1.50 U11 ……… works
  • Java JRE 1.50 U12 ……… works¹
  • Java JRE 1.50 U13 ……… works
  • Java JRE 1.50 U14 ……… works
  • Java JRE 1.50 U15 ……… works
  • Java JRE 1.50 U16 ……… works
  • Java JRE 1.50 U17 ……… works
  • Java JRE 1.50 U18 ……… works
  • Java JRE 1.60        ……… works
  • Java JRE 1.60 U01 ……… works
  • Java JRE 1.60 U02 ……… works
  • Java JRE 1.60 U03 ……… works
  • Java JRE 1.60 U04 ……… works
  • Java JRE 1.60 U05 ……… works
  • Java JRE 1.60 U06 ……… works
  • Java JRE 1.60 U07 ……… works
  • Java JRE 1.60 U12 ……… not working (see above)
  • Java JRE 1.60 U13 ……… not working (see above)
  • Java JRE 1.60 U14 ……… not working (see above)

1: This version presents some small annoyances (garbled video output)

Update: IBM already knows about the problem, but says it’s presumably a Java problem since it stopped working mid-version in between U11 and U12.

Praxisbuch Nagios by Tobias Scherbaum

Tobi recently finished writing yet another book, which he also talked about in a blog post. Shortly after, I asked him a rather curious question. What exactly is the plant or animal on the cover of the book ? He was kind enough to send a voucher copy of the book my way.

Praxisbuch Nagios
Praxisbuch Nagios

He actually mentions it in the credits at the beginning of the book. Turns out it is an animal, a sea pen or sea feather (I’m guessing at Pennatula aculeata).

Now as for the content of the book itself, I do have to admit that I haven’t read the whole book. I just picked a few topics (SNMP-Traps with Nagios, notifications) which I did find rather well written. My (soon ex-) trainee, Michel, however already bugged Tobias about some errors in the book itself, or rather some changes which happened after 3.0.3 (that’s the Nagios version the book is based on).

All in all, I guess I can congratulate Tobias on yet another good written book!

Exclude a directory from tar

Damn tar is kinda weird .. usually, you specifiy excludes in the manner of –exclude=”/path/to/exclude”. But tar needs to do things differently.

Custom certificates in VMware vSphere

Finally, after about 6 months (I last talked about that on February 25th, when Virtual Center 2.5U4 was released) our troubles with our “custom” certificates seems to be resolved! As it turns out, it really was our fault and not VMware’s.

When generating the pfx from the signed certificate and the key-file, you need to supply a password, otherwise the vCenter service is unable to utilize the private key of the pfx, since it’s unable to access the PFX with the default password (testpassword is the default for Virtual Center as well as vSphere).

As noted in the Replacing VirtualCenter Server Certificates document for Virtual Infrastructure 3, as well as through our Customer support, you need to specify the password when exporting the signed crt/Private key into the pfx:

After successfully doing so, you just need to replace the original files (hopefully move them away beforehand) with the ones generated. And afterwards, you should be able to utilize your new certificates! When you now try to clone a template and customize it using an existing customization spec, you’re gonna see this:

vCenter: Cannot decrypt password
vCenter: Cannot decrypt password

After clicking on “OK“, you’re gonna get the normal customization specification edit frame, where you should be able to skip ahead to “Workgroup or Domain“, where you’re gonna have to reenter the domain administrator password.

Windows XP(e) refusing to connect to a terminal server

Today a error message reappeared I thought I wouldn’t see again. We use Wyse Thin Clients and 2X running on two terminal servers, to provide the thin clients with applications. Now, once a while one of the thin clients (not all at once, just a single one) refuse to connect to the terminal server jabbing about this:

The error message you get from the 2X client ain’t the slightest bit more helpful.

I remember the solution being not so trivial with the thin clients. As it turns out, Microsoft does have a solution for that kind of problem.

Simply” open up the registry, and clean out HKEY_LOCAL_MACHINESOFTWAREMicrosoftMSLicensing. That is the place where the remote desktop client saves the obtained terminal server licensing key.

Burning CD/DVDs as unprivileged user

After the last reinstallation of Windows (both at home and at work), I decided that from this day forth, I’d be working as unprivileged user (ie not as local administrator). Now, working as unprivileged user is some kind of relief (since not every program is able to wreak havoc within your computer), but also somewhat of a burden.

Up until now, I had serious troubles burning CDs and/or DVDs as unprivileged user. Basically InfraRecorder refused to work at all. Only way that I had left, was copying the ISO to my local disk and then use runas in conjunction with InfraRecorder, to execute as Administrator.

Yesterday, I sat down and searched the Net for any kind of information. After a short while, I stumbled upon this:

Execute secpol.msc as Administrator. You can configure this security setting by opening the appropriate policy and expanding the console tree as such: “Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity Options“. Toggle “Devices: Restrict CD-ROM access to locally logged-on user only” to enabled. After logging of and logging back on, you should be allowed to use the CD-drive as unprivileged user.

Setting up a OpenVPN server with DD-WRT

In the past I had toyed with the thought of setting up a VPN-Server at home, so that I could do stuff from elsewhere. Now, I finally got around doing so. First obstacle ? How exactly would I be doing that ?

  1. Get the DD-WRT VPN flavor of course!
  2. Configure the VPN server

Now, the second part seems to be a bit harder. There is a wiki article on how to configure OpenVPN in the DD-WRT wiki, but not for v24 SP1. Lucky me, someone already made himself the work of writing somewhat of a guide down. But, guess according to Murphy’s law, things ain’t ever gonna be easy. As I’m running Ubuntu Karmic on my workbook, the commands ain’t matching the current openvpn package being delivered with Karmic. So here is, intended only as a guide, the list of steps one has to do in order to get the certs …

That’s it … all that’s remaining, is copy & pasting those certs into the Web GUI of your OpenVPN router and setting up your client according to the OpenVPN documentation.

My neverending lighttpd troubles

Well, after a day or so my lighttpd troubles reappeared. But this time, the lighttpd process would simply put out this:

And as the message says, PHP (or rather mod_fastcgi?) would simply stop to process requests. In the end, I tuned some of the lighttpd/mod_fastcgi parameters.

Up till now (I made the change on July 14th), these changes seem to have fixed the issue, guess I’m still hoping (with the saying “Hope dies last” in mind) it’s gonna fix my problems once and for all.