The HPE iLO Amplifier Integration into the vSphere Lifecycle Manager is an easy way to update your ESXi hosts not only with updates, but also with the latest firmware. Despite the fact that HPE has discontinued HPE ILO Amplifier, the product is widly used. The final version is 2.22, the final version for the HPE iLO Amplifier HSM Provider for VMware vSphere is version 1.5.0.
A recurring problem is an error message during the compliance scan:
Sometimes you need to decomission services, and move them to new servers. Sometimes this requires the change of the IP address. This is no big deal as long as accessing clients use DNS, or until you can change the IP address to connect to the services using a central mechanism. DNS and LDAP are two of these services. They come often as part of Microsoft Active Directory Domain Controllers. Sometimes customers use the IP address of a DC and put this IP address hard coded into other IT systems or config files.
We all know the e-mail disclamer and “EXTERNAL” tags in subject lines that should make clear, that a specific e-mail is coming from external sender. Mostly this is done to make sure nobody clicks on links in external e-mails that might look like an external e-mail.
This can easily be done by creating a transport rule in Exchange or Exchange Online that matches senders outside the organization. This rule adds something to the beginning of the subject line, and usually a preamble is added to the mail body.
After a routine update of a 6-node Nutanix cluster, a Nutanix Cluster Check (NCC) warning popped up indicating a problem with the SAS cabling. Running the check on the CLI offered some more details.
Running : health_checks hardware_checks disk_checks hpe_hba_cabling_check [==================================================] 100% /health_checks/hardware_checks/disk_checks/hpe_hba_cabling_check [ WARN ] -----------------------------------------------------------------------------------------------------------------------------------------------------------+ Detailed information for hpe_hba_cabling_check: Node 10.99.1.205: WARN: Disk cabling for disk(s) S6GLNG0T610113 are detected at incorrect location(s) 3:251:8 respectively where each value in the location corresponds to box:bay Node 10.
The Certificate Enrollment Policy Web Service (CEP) and the Certificate Enrollment Web Service (CES) were introduced with Windows Server 2008 R2 in order to simplify the request for certificates, especially for devices that were not member of a Active Directory domain.
The “classic” way of requesting a certificate from a Active Directory Enterprise CA involves LDAP and RPC/ DCOM, which was okay in the early days of Active Directory, but today, with a CA as a tier 0 asset, this is some kind of a problem.
By default, credentials such as RADIUS or TACACS authentication keys, are stored separately from the switch configuration, and are not shown when saved or running configurations are displayed or copied using TFTP or SSH. You can change this behavior using the include-credentials command. This clearly seems to be a security issue, because the displays credentials are unencrypted. You can check the current status using show include-credentials.
HP Switch(config)# show include-credentials Stored in Configuration : Yes Enabled in Active Configuration : Yes Include ClearPass Keys : No If you want to encrypt these credentials, you can use the encrypt-credentials command.
Some weeks ago I decided to move my notes from Microsoft OneNote to Joplin. Microsoft OneNote is a great tool for taking notes collaborative, but sometimes it drives me insane and I wanted a more portable form at for my notes.
Markdown is a perfect portable format, and it is widly adopted. I really like the idea behind Markdown, and I even supported a Microsoft User Voice to add native Markdown support into OneNote.
Many of you might know Pi-hole and use it for blocking ADs. I also used it for a long time in my homenetwork, running it on a Raspberry Pi. A customer of mine then drew my attention to dnsforge.de.
What is dnsforge.de?
dnsforge.de is a censorship-free, secure and redundant DNS resolver without logging, but with an ad blocker.
The server are hosted in Germany. dnsforge.de also offers clean.dnsforge.de, which offers parental control blocklists and Safe Search for search engines and YouTube.
This is a quick one. Sometimes you need to evacuate VMs from a host, do some maintenance, and redistribute the VMs to the originating host. This can be annoying, especially if you don’t have a vSphere Enterprise Plus license with DRS, DRS groups etc. These few PowerShell lines may help you.
,
In May 2022, Broadcom announced that it will buy VMware for outstanding $69 billion USD. 18 months later, in November 2023, China finally approved the merger. Chinese regulators were the latest in a long line of authorities to approve the takeover. VMware was gone. It was no “by Broadcom”. And not only the name changed.
There were already countless rumors in the 18 months before the takeover. Broadcoms CEO, Hock Tan, was known for trimming companies for profit.