Archive for the ‘VMWare’ Category

If your like me you have an Anti-Virus (I chose Kaspersky), and run virtual machines (I chose VMWare Fusion) on your Mac (OSX) laptop/desktop. I ran into a weird issue where i  could not connect to a console session within VMware vSphere Client. I kept receivng this error “ssl verification failure for “192.168.1.250″ due to a host thumbprint mismatch”

 

The VMware vSphere Client was running in a virtual machine that was hosted in VMWare Fusion and was running Windows 2008 R2 x64. I was using this VM to use VMware vSphere Client to connect to some ESXi(vShphere) servers.

There seemed to be an issue with the ssl certificate. So i used IE to take a look at the SSL cert that the VMWare server was using. The Screenshot below shows a Kaspersky certificate in the certificate chain for some reason. And as you can see its not trusted.

 

I was a bit surprised to see this. So i turned off the Kaspersky Anti-Virus, and console sessions started working. I then decited to look at the SSL cert and found it had changed.

So the morral of the story is to Trust the Kaspersky Anti-Virus SSL cert in your virtual machine or disable the Kaspersky Anti-Virus temporally. Good Luck!

 

Trust Relationship Between Workstation and Domain Fails after you restore to a previous snapshot for either VMware or Hyper. This is because by default every 30 days the Active Directory(AD) server will change the machine key for each of its members. In a development environment where security is not important. This can cause a headache, causing you to unjoin then rejoin servers back to the domain. The other option is to disable this function.

  1. On the Domain Controller : Launch Group Policy Management -> Control PanelSystem and SecurityAdministrative ToolsGroup Policy Management
  2. Edit the default group policy or edit the GPO of your choice.
  3. Edit “Domain member: Maximum machine account password age” = 999   Located -> Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity Options
  4. Edit “Domain member: Disable machine account password changes” = Enabled   Located -> Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity Options
  5. Edit “Domain controller: Refuse machine account password changes” = Enabled   Located -> Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity Options
  6. Lastly run “gpupdate /force” on all servers that need this change.

Resource links:

http://technet.microsoft.com/en-us/library/cc781050(WS.10).aspx

http://technet.microsoft.com/en-us/library/cc785826(WS.10).aspx

http://technet.microsoft.com/en-us/library/cc781050(WS.10).aspx

  • Tags

  • Subscribe
  • Pages

  • More

  • Disclaimer…

    This is my personal weblog. The opinions expressed herein are my own and are not representative of any 3rd party influence. The owner of this blog reserves the right to edit or delete any comments submitted to this blog without notice if they are deemed to be spam, offensive or otherwise inappropriate. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information.


    Lastly, I do my best to document my sources if the article is not of my own creation. If I have missed or forgotten to source your work. I would love feedback via the comments section. Thank you.