hpe_hba_cabling_check falsely issues a warning

After a routine update of a 6-node Nutanix cluster, a Nutanix Cluster Check (NCC) warning popped up indicating a problem with the SAS cabling. Running the check on the CLI offered some more details. Running : health_checks hardware_checks disk_checks hpe_hba_cabling_check [==================================================] 100% /health_checks/hardware_checks/disk_checks/hpe_hba_cabling_check [ WARN ] -----------------------------------------------------------------------------------------------------------------------------------------------------------+ Detailed information for hpe_hba_cabling_check: Node 10.99.1.205: WARN: Disk cabling for disk(s) S6GLNG0T610113 are detected at incorrect location(s) 3:251:8 respectively where each value in the location corresponds to box:bay Node 10.

Deploying CEP/ CES using a gMSA

The Certificate Enrollment Policy Web Service (CEP) and the Certificate Enrollment Web Service (CES) were introduced with Windows Server 2008 R2 in order to simplify the request for certificates, especially for devices that were not member of a Active Directory domain. The “classic” way of requesting a certificate from a Active Directory Enterprise CA involves LDAP and RPC/ DCOM, which was okay in the early days of Active Directory, but today, with a CA as a tier 0 asset, this is some kind of a problem.

ArubaOS: Encrypt credentials in config files

By default, credentials such as RADIUS or TACACS authentication keys, are stored separately from the switch configuration, and are not shown when saved or running configurations are displayed or copied using TFTP or SSH. You can change this behavior using the include-credentials command. This clearly seems to be a security issue, because the displays credentials are unencrypted. You can check the current status using show include-credentials. HP Switch(config)# show include-credentials Stored in Configuration : Yes Enabled in Active Configuration : Yes Include ClearPass Keys : No If you want to encrypt these credentials, you can use the encrypt-credentials command.

Deploying Joplin Server on Docker

Some weeks ago I decided to move my notes from Microsoft OneNote to Joplin. Microsoft OneNote is a great tool for taking notes collaborative, but sometimes it drives me insane and I wanted a more portable form at for my notes. Markdown is a perfect portable format, and it is widly adopted. I really like the idea behind Markdown, and I even supported a Microsoft User Voice to add native Markdown support into OneNote.

Using dnsforge.de on your homenetwork

Many of you might know Pi-hole and use it for blocking ADs. I also used it for a long time in my homenetwork, running it on a Raspberry Pi. A customer of mine then drew my attention to dnsforge.de. What is dnsforge.de? dnsforge.de is a censorship-free, secure and redundant DNS resolver without logging, but with an ad blocker. The server are hosted in Germany. dnsforge.de also offers clean.dnsforge.de, which offers parental control blocklists and Safe Search for search engines and YouTube.

Redistribute VMs according to a stored mapping

This is a quick one. Sometimes you need to evacuate VMs from a host, do some maintenance, and redistribute the VMs to the originating host. This can be annoying, especially if you don’t have a vSphere Enterprise Plus license with DRS, DRS groups etc. These few PowerShell lines may help you. ,

VMware is now Broadcom - time to move on

In May 2022, Broadcom announced that it will buy VMware for outstanding $69 billion USD. 18 months later, in November 2023, China finally approved the merger. Chinese regulators were the latest in a long line of authorities to approve the takeover. VMware was gone. It was no “by Broadcom”. And not only the name changed. There were already countless rumors in the 18 months before the takeover. Broadcoms CEO, Hock Tan, was known for trimming companies for profit.

From Wordpress to Hugo in three days

This blog will mark its 10th anniversary in January 2024. A decade ago, I embarked on a new blogging journey with the domain vcloudnine.de. Some of you might have known my former blog before I made the switch to vcloudnine.de. I’d been running blazilla.de for over 7 years. However, by the end of 2013, I grew weary of Serendipity, a PHP-powered weblog engine. I craved a shift to Wordpress, but back then, a seamless migration path wasn’t available.

Failed to connect to IKEv2 VPN using iPhone USB tethering

Usually I tend to use the iPhone WiFi hotspot feature. But lately, I had to switch to USB tethering, because I had to work a whole workday using the hotspot feature. USB tethering saves battery and the connection was more reliable for me. Please note, that you need to install iTunes to use USB tethering, because the necessary Ethernet driver is only available with iTunes. Without this driver, Windows won’t recorgnize the iPhone as an Ethernet connection.

Why you should change your KRBTGT password prior disabling RC4

While chilling on my couch, I stumbled over this pretty interesting Reddit thread: Story Time - How I blew up my company’s AD for 24 hours and fixed it : sysadmin (reddit.com) Long story short: A poor guy applied some STIG hardening and his Active Directory blew up. Root cause was disabling RC4, which caused Kerberos failures, primarily documented by errors like “The encryption type requested is not supported by the KDC.