WinSCP – Elevate to root

I was using WinSCP to transfer logs from a VMware CloudBuilder appliance to troubleshoot a failed lab deployment, however the files wouldn’t transfer as the user account to be used had to have root access. For this appliance, you need to elevate to root after login.

Good news, WinSCP can elevate to root after login, In your connection settings pane;

  1. Click Advanced
  2. Under “Environment” select “SCP/Shell”
  3. For the shell value, enter your command to elevate
  4. Save the configuration

When you next connect to your appliances, the command will be sent after login.

The official pages are here.

Regards

Dean

VMware Horizon Blast – Failed to Connect to Connection Server

After deploying my latest horizon lab, I hit an issue where I could not hit the login page to authenticate for a Horizon desktop using BLAST, I would be greeted by the following message:

Failed to Connect to Connection Server

I pulled my hair out for a few minutes, before I realised I’ve hit this issue before, and the fix is quite simple.

If the locked.properties file doesn’t exist in the directory C:\Program Files\VMware\VMware View\Server\sslgateway\conf then you must create it!

 
Regards

Dean

VDI Cleanup script I use before sealing any golden image before deployment

Below is the VDI Cleanup script that I’ve been using over the years. I thought I’d post this after setting up a Horizon Lab environment. I shared it earlier in the year on Reddit, and had some good suggestions which I used to update the script. The script has been taken from other blogs over the years and just edited further and further for my own/customers needs.

Optimizations to any master are done using the VMware OS Optimization Tool.

I personally just run this as bat file to clean up and shut down the master template as a final step each time I make an update.

You can find the script on Github here, or below.

REM ************************************************
REM Stopping and disabling Windows Telemetry service
REM ************************************************
sc stop DiagTrack
sc config DiagTrack start= disabled
sc stop dmwappushservice
sc config dmwappushservice start= disabled
REM *********************
REM Stop and disable Windows update service
REM *********************
sc stop wuauserv
sc config wuauserv start= disabled
REM *********************
REM Delete any existing shadow copies
REM *********************
vssadmin delete shadows /All /Quiet
REM *********************
REM delete files in c:\Windows\SoftwareDistribution\Download\
REM *********************
del c:\Windows\SoftwareDistribution\Download\*.* /f /s /q
REM *********************
REM delete hidden install files
REM *********************
del %windir%\$NT* /f /s /q /a:h
REM *********************
REM delete prefetch files
REM *********************
del c:\Windows\Prefetch\*.* /f /s /q
REM *********************
REM Update OEM Information with Build Date
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OEMInformation /v Model /d "Build %DATE%" /t REG_EXPAND_SZ /f
REM *********************
REM Run Disk Cleanup to remove temp files, empty recycle bin
REM and remove other unneeded files
REM Note: Makes sure to run c:\windows\system32\cleanmgr /sageset:1 command 
REM       on your initially created parent image and check all the boxes 
REM       of items you want to delete 
REM *********************
c:\windows\system32\cleanmgr /sagerun:1
REM ********************
REM Defragment the VM disk
REM ********************
sc config defragsvc start= auto
net start defragsvc
defrag c: /U /V
net stop defragsvc
sc config defragsvc start = disabled
REM *********************
REM Clear all event logs
REM *********************
wevtutil el 1>cleaneventlog.txt
for /f %%x in (cleaneventlog.txt) do wevtutil cl %%x
del cleaneventlog.txt
REM *********************
REM release IP address
REM *********************
ipconfig /release
REM *********************
REM Flush DNS
REM *********************
ipconfig /flushdns
REM *********************
REM Shutdown VM
REM *********************
shutdown /s /t 0

Regards

Dean

vRealize Automation 8.0 – Wildcard SSL certificate support and deployment issues – LCMVRAVACONFIG590003

Ok, so I’m just going to call it out straight away, when using wildcard SSL certificates with vRealize Automation 8.0, read the release notes.

I did not, and caused myself quite a few headaches with the deployment, which you can read about further in this post.

Cannot set wildcard certs for certain domain names, specifically those not using a Public Suffix.

vRealize Automation 8.0 supports setting a wildcard certificate only for DNS names that match the content of the Public Suffix List ([https://publicsuffix.org/]) 

For example, a valid wildcard certificate: you can use a wildcard certificate with DNS name like "*.myorg.com". This is supported because "com" is part of the Public Suffix List. 

An invalid wildcard certificate example: you cannot use a wildcard certificate with DNS name like "*.myorg.local".This is not supported because "local" is not part of Public Suffix List. 

Workaround: Only use domain names in the Public Suffix List.

The issues caused by using an unsupported wildcard SSL

When deploying vRA 8.0 via vRSLCM, either as part of the easy installer or as part of an existing vRSLCM setup, you will asked to provide an SSL certificate.

This does not validate your certificate is supported for use with the vRA 8.0 deployment. vRSLCM will do some checking on the SSL selected, but is only to ensure the SSL certificate is not about to expire, you will see a Green tick and “healthy” status as below.

Once you hit deploy, you will find your vRA appliance finally stood up, however the initialization tasks will stall.

Error Code: LCMVRAVACONFIG590003
Cluster Initialization failed on VRA.

vRA Initialize Cluster failed on vRA VA - ***Hostname***. Please login to the vRA and check /var/log/deploy.log file for more information on failure.

Continue reading vRealize Automation 8.0 – Wildcard SSL certificate support and deployment issues – LCMVRAVACONFIG590003

vRSLCM 8.0 – vROPs 7.5 upgrade fails due to Admin password expiry

When the vRealize 8 products dropped, I was like a kid in a sweet shop, upgrading everything as quick as possible before my customers tried to, so I could encounter any issues first, but also the new features, so I could show them off.

The issue

During the upgrade of vROPs, I hit an issue that my Local Admin account in vROPs had expired, but I received no warning when using the vROPs 7.5 instance and logged into the interface using the Admin account.

Before I found the issue;

During the upgrade in vRSLCM, my upgrade task failed with “vROPS upgrade failure”, Error Code: LCMVROPSYSTEM25008, Upgrade.pak_pre_apply_validate_failed.

Continue reading vRSLCM 8.0 – vROPs 7.5 upgrade fails due to Admin password expiry