If your like me you have an Anti-Virus (I chose Kaspersky), and run virtual machines (I chose VMWare Fusion) on your Mac (OSX) laptop/desktop. I ran into a weird issue where i could not connect to a console session within VMware vSphere Client. I kept receivng this error “ssl verification failure for “192.168.1.250” due to a host thumbprint mismatch”
The VMware vSphere Client was running in a virtual machine that was hosted in VMWare Fusion and was running Windows 2008 R2 x64. I was using this VM to use VMware vSphere Client to connect to some ESXi(vShphere) servers.
There seemed to be an issue with the ssl certificate. So i used IE to take a look at the SSL cert that the VMWare server was using. The Screenshot below shows a Kaspersky certificate in the certificate chain for some reason. And as you can see its not trusted.
I was a bit surprised to see this. So i turned off the Kaspersky Anti-Virus, and console sessions started working. I then decited to look at the SSL cert and found it had changed.
So the morral of the story is to Trust the Kaspersky Anti-Virus SSL cert in your virtual machine or disable the Kaspersky Anti-Virus temporally. Good Luck!
Trust Relationship Between Workstation and Domain Fails after you restore to a previous snapshot for either VMware or Hyper. This is because by default every 30 days the Active Directory(AD) server will change the machine key for each of its members. In a development environment where security is not important. This can cause a headache, causing you to unjoin then rejoin servers back to the domain. The other option is to disable this function.
- On the Domain Controller : Launch Group Policy Management -> Control PanelSystem and SecurityAdministrative ToolsGroup Policy Management
- Edit the default group policy or edit the GPO of your choice.
- Edit “Domain member: Maximum machine account password age” = 999 Located -> Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity Options
- Edit “Domain member: Disable machine account password changes” = Enabled Located -> Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity Options
- Edit “Domain controller: Refuse machine account password changes” = Enabled Located -> Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity Options
- Lastly run “gpupdate /force” on all servers that need this change.