Mike's Realm chown -R us ./base


PowerBroker Identity Services (PBIS): Restrict Login by Security Groups

PowerBroker changed how this is done from previous versions (when it was called LikeWise), now you configure this via the PBIS config command:

sudo /opt/pbis/bin/config RequireMembershipOf DOMAIN\\domain^admins DOMAIN\\server^admins

Some things to note:

  • If you require multiple groups simply put a space between each group
  • This command overwrites the previously set value each time it is run, so take care that you re-enter any groups previously set that you want to retain when adding another group
  • Remember to escape the slash between the domain & group name with a slash (double slash)
  • Replace spaces with ^ (as shown above)
  • Obviously replace DOMAIN with your domain
  • If it still doesn't work, try dropping case on the group names



Cobblebot 3D Printer: Making the LCD Bracket Fit

If you have a Cobblebot and noticed the LCD Controller knob binds up and the bracket really doesn't fit correctly here are a couple of tricks to make it better.


Howto install Realtek 8168 Drivers on an existing ESXi 6.0 host

I was recently updating my home lab and ran into an issue with my NICs as VMware no longer has the Realtek 8168 drivers embedded in the ESXi installer for 5.5/6.0.  I tried the old method of injecting the driver into the ISO and that proved unsuccessful since the driver is blacklisted -- with the release of vSphere 6.0 VMware has implemented a driver blacklisting feature.  Fortunately you can bypass this feature to get your home lab up and running:


McAfee Removal Script

Just a quick post on a script I whipped up to remove McAfee VirusScan Enterprise, McAfee Agent, and their Anti-Spyware Module.  Works great as a shutdown script via GP 🙂
There is a shutdown line at the end that is REM'd out -- you will need a reboot to complete the uninstall.



VMware Auto Deploy IP Change

So you changed the IP for your auto deploy server and re-registered it with vCenter but still having problems connecting with your vSphere Client?  You'll see in the error message it has the old IP:



What you need to do is update the auto deploy config XML file, to find this file run the following command:

reg.exe QUERY "HKLM\SOFTWARE\WOW6432Node\VMware, Inc.\VMware vSphere Auto Deploy" /v DataPath

Then navigate to that path and find the vmconfig-autodeploy.xml file, pop it open in your favorite text editor and update the IP address in the <serviceAddress> declaration (highlighted below)



Save the file and restart the Auto Deploy service and you'll be cooking once again!



vShield Manager 5.5 Upgrade Fails: Invalid file

So your kicking off your vSphere 5.5 upgrade and your starting off with vShield Manager and what should be a real easy upgrade you instantly get this error when you upload the Upgrade Bundle:

vshield failure


Fortunately the fix is super simple, just rename to ensure the file extension is .tar.gz e.g.:

Downloaded file: VMware-vShield-Manager-upgrade-bundle-5.5.0-1317534.gz
Renamed file: VMware-vShield-Manager-upgrade-bundle-5.5.0-1317534.tar.gz

It's worth noting that this was also an issue with vShield Manager 5.1 as well if you were performing an upgrade...


List/Export Installed Windows Updates Including Windows Server 2012

Previously I had written about this for Windows Server 2008 and prior versions.  I just wanted to mention that this works on Windows Server 2012 via wmic as well.

So if your running Windows Server 2012 and want to export a list of updates use WMIs Command-line interface (WMIC) to generate the list.

Launch a command prompt and type:

Also note that instead of a csv you can use these other format options:

LIST is Tab Delimited



Orchestrator: Error: Not published webview error The webview ‘weboperator’ is not published.

Working with vCenter Orchestrator and getting "Error: Not published webview error The webview 'weboperator' is not published." when you try to approve a user interaction in your workflow?

Navigate to Web Views and right click weboperator and ensure it's published!


vCenter Orchestrator Plugin Updates!

These updates were posted on the vCenter Orchestrator forums recently, if you aren't keeping tabs over there you should be.

Links for each plugins release notes can be found on the thread @ http://communities.vmware.com/thread/405928?tstart=0


Cook your own VMware AppBlast

Wrote this article almost 6 months ago...finally got around to finishing it--Let me know what you think!

"Project AppBlast will provide the universal delivery of any application, including Windows-based applications, to any off-the-shelf browser or device supporting HTML 5, enabling instant remote access to non-HTML based applications."

We discussed this at work the other day and we were excited at the possibilities with AppBlast, but since it's not here now we'll have to wait for a released product.  One of my co-workers Chad Wintzer said well why wait?  We dug around and came up with a working solution--and a damn good one after a few evenings grinding away at this.  Having a fair amount of RDS experience already this is what we came up with:


The backend infrastructure is provided by Microsoft's Remote Desktop Services: RemoteApp.  This feature was introduced in Windows Server 2008 and was improved upon even more in the R2 release.  What RemoteApp allows you to do is run applications on backend RDS (TS) servers, and establish an RDP session from a user to just that app.  The user is presented with a window over their local desktop and functions just about as if it was actually installed and running off the local desktop.  Users can run multiple applications in parallel and so long as the app behaves well in a RDS environment you can host 1 installation with multiple users.  The servers that run RemoteApps are called RD Session Hosts, to scale you can simply throw a bunch of RD Session Hosts together and strap a load balancer on top, however you will want to use RD Connection Broker(s) in place of a traditional load balancer to keep track of user sessions.  The Connection Broker(s) manage session information such as RD Session Host server, session state, session ID, and the user associated with the aforementioned bits.  For the security junkies it's worth noting that RemoteApp is AD integrated so you can restrict access to various apps via Security Groups.  This was something added in R2 I believe as many folks were complaining about this when RemoteApp first came out.

If you don't want to go that route you can look at Citrix's XenApp offering, but we found RDS: RemoteApp performed exactly as we needed it to.