How to Update vCenter Server Appliance to 6.5 Update 1d

Constantin Ghioc Leave a comment

VMware recently released vCenter Server 6.5 Update 1d (Build 7312210). You can read more details about this release in my previous article: “New Release – VMware vCenter Server 6.5 Update 1d”. In another article, I showed how to update vCenter Server Appliance using VAMI (vCenter Server Management Interface). The article covers the update to version 6.5 Update 1b, but there is no change in procedure to go to the latest Update 1d.

In this article I will show a different way to update vCenter Server Appliance. I will update vCSA using the appliance shell. This process is as simple as updating through VAMI, but instead of clicking through the user interface, I will execute few commands in remote console.

Note: If you look for VCSA installation instructions, check this article: How to Install VCSA 6.5 (VMware vCenter Server Appliance).

Read More

New Release – VMware vCenter Server 6.5 Update 1d

Constantin Ghioc Leave a comment

VMware released vCenter Server 6.5 Update 1d (Build 7312210) to update few third party packages and to fix plenty of bugs. This release also brings a new icon for vSAN witness appliances.

You can already download the update from my.vmware.com site (login is required).

vCenter Server 6.5 Update 1d

Note: If you look for VCSA installation instructions, check this article: How to Install VCSA 6.5 (VMware vCenter Server Appliance). If you need update instructions check these articles: Update vCSA using VAMI and Update vCSA using Appliance Shell.

Issues resolved in vCenter Server 6.5 Update 1d

In vCenter 6.5 Update 1d, VMware updated multiple packages:

  • Oracle (Sun) JRE 1.8.0_141
  • Spring Framework 4.3.9
  • OpenSSL 1.0.2l
  • Tomcat 8.5.15
  • Apache Struts 2.5.13
  • Eclipse Jetty 9.2.22

Read More

VMware Security Advisory

VMware Security Advisory VMSA-2017-0021

Constantin Ghioc Leave a comment

VMware has released a new security advisory: “VMSA-2017-0021 – VMware ESXi, vCenter Server Appliance, Workstation and Fusion updates address multiple security vulnerabilities”.

Among affected products, we find vCenter Server Appliance 6.5, ESXi (5.5, 6.0, and 6.5), Workstation 12.x, and Fusion 8.x.

VMSA-2017-0021 – ESXi, Workstation, and Fusion stack overflow via authenticated VNC session

CVE-2017-4941 – VMware ESXi, Workstation, and Fusion contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. A successful exploitation will result in remote code execution in a virtual machine via the authenticated VNC session. As prerequisites for a successful exploit, VNC must be manually enabled in a virtual machine’s .vmx configuration file and ESXi must be configured to allow VNC traffic through the firewall.

Affected products and versions:

  • ESXi 5.5 and 6.0 (install patches ESXi550-201709101-SG or ESXi600-201711101-SG)
  • Workstation 12.x (upgrade to version 12.5.8)
  • Fusion 8.x (upgrade to version 8.5.9)

Read More

vCenter Converter Standalone 6.2

New Release – VMware vCenter Converter Standalone 6.2

Constantin Ghioc 2 Comments

vCenter Converter Standalone is a handy tool used to convert Windows or Linux computers to different types of VMware virtual machines. You can convert physical or virtual machines, and even AWS or Azure instances. VMware released few days ago vCenter Converter Standalone 6.2, a version which supports VMware vSphere 6.5 Update 1.

vCenter Converter Standalone New Features

  • Support for vSphere 6.5 Update 1 endpoints.
  • Support for new guest operating systems: Windows Server 2016 and Ubuntu 16.
  • New configuration option for Linux migrations. You can provide a path for the temporary files of vmware-sysinfo to be extracted and executed.
  • New configuration option to change the default destination provisioning disk type from thick to thin.

You can opt to install the Convertor on a variety of operating systems, ranging from Windows Vista SP2 to Windows 10 and from Windows Server 2008 SP2 to the latest Windows Server 2016.

Read More

VMware Security Advisory

VMware Security Advisory VMSA-2017-0020

Constantin Ghioc Leave a comment

VMware has released a new security advisory: “VMSA-2017-0020 – VMware AirWatch Console updates address Broken Access Control vulnerability”.

VMware AirWatch Console has a Broken Access Control vulnerability. Successful exploitation of this issue could result in end-user device details being disclosed to an unauthorized administrator.

Common Vulnerabilities and Exposures project has assigned the identifier CVE-2017-4942 to this issue.

The vulnerability consists of two distinct issues which, together, could allow a tenant to accidentally come into contact with another tenant’s device details. The first issue occurs as the result of a UI issue present under certain conditions, which may lead to the display of an incorrect device’s details. The second issue occurs when the device details are incorrectly displayed to the unauthorized administrator, which results from a missing access control check performed on the request.

AirWatch Console 9.2.2 (released on 5th December) resolved the issue. For more details on this version you can check KB115015625647 (please note you need to login) and the release notes.

For shared SaaS environments, no action is required as all shared SaaS environments have been patched for this vulnerability. For dedicated SaaS and On-Premises, patches have been made available for all AirWatch Console versions 9.0.1 and up.

VMware has also released a workaround for customers who are unable to immediately apply the patch. You can check it in KB115015676547.

You can check reports on other VMware vulnerabilities in my page dedicated to Security Advisories.

Install Active Directory

How to Install Active Directory on Windows Server 2012 R2

Constantin Ghioc Leave a comment

There may be cases when you need to install Active Directory in your home lab. As an example, I can specify the installation of VMware vRealize Automation, for which you require a domain. In this article I will show how to install Active Directory on Windows Server 2012 R2. I chose Windows Server 2012 R2 over the newest Windows Server 2016 because in my experience 2016 requires more hardware resources compared with 2012, hardware resources which are scarce in a lab environment.

As a prerequisite for this installation, you need to prepare in advance a Windows Server 2012 R2 Standard Edition virtual machine preferable with all the normal goodies (latest hardware version, latest VMware Tools, vmxnet3 network adapter, paravirtual SCSI adapter). Install the latest security patches. You do not need the installation kit for Windows Server 2012 R2.

Read More

How to Update ESXi 6.5 with Command Line

Constantin Ghioc 1 Comment

In a previous post I wrote about how to easily update ESXi 6.5 using Update Manager. This time I will show another method of updating ESXi, more specific I will update ESXi 6.5 with the command line tool (esxcli). This method works either the ESXi server is standalone or added to a vCenter Server (I will use no component of vCenter Server).

When is this method better than using the Update Manager? The simplest use case is when you have no vCenter Server (because Update Manager is a component of vCenter Server). In other cases, you may be more familiar running scripts than clicking into a user interface 🙂

As a prerequisite, I placed the ESXi server in maintenance mode. Let’s start!

Read More

Update vSphere HTML5 Web Client Fling - Dashboard

How to Update vSphere HTML5 Web Client Fling

Constantin Ghioc Leave a comment

In an earlier post I showed how to install vSphere HTML5 Web Client Fling. The biggest difference between fling version and the vCenter 6.5 supported version is that the fling gets updated more often. In this post I will show how easy it is to update vSphere HTML5 Web Client Fling.

I will start from the base version 3.27.0 build 7055108. My target is to update the fling to version 3.29.0 build 7157335. Even if only 2 weeks passed since 3.27.0 release, there are few new features available:

  • Configure advanced CPU Identification Mask
  • Select PVRDMA adapter type for a VM network
  • Configure traffic filtering and marking rules on distributed port groups
  • Export and import distributed switches and distributed port groups

See the full change log in the official fling repository.

Read More

PowerCLI 6.5.4

New Release – VMware PowerCLI 6.5.4

Constantin Ghioc Leave a comment

Although VMware released PowerCLI 6.5.3 a little over a month ago, here comes a pleasant surprise: few days ago VMware made available the shiny new version PowerCLI 6.5.4! The new version brings us improvements in two areas:

  • new module for VMware Cloud on AWS
  • new cmdlets for storage module

Read More

News from AWS

News from AWS

Constantin Ghioc Leave a comment

Amazon Simple Email Service (SES) introduces two new features that can help to protect your sender reputation: email pausing and reputation metrics. You can use API operations to automatically pause email sending when reputation metrics cross certain thresholds. These features are now available in the following AWS Regions: US West (Oregon), US East (N. Virginia), and EU (Ireland). Read more on the new SES features.

Amazon Route 53 releases API to view service limits: hosted zones, health checks, reusable delegation sets, traffic policies, and traffic policy instances. You can watch your usage and compare it against your current limits, so you can ask for an increase well before reaching a limit.

Amazon EC2 is announcing an increase to the monthly service commitment in the EC2 Service Level Agreement, for both EC2 and EBS, to 99.99%. This change is effective immediately in all regions, and is available to all EC2 customers.

Read More