How-To

Windows Server 2016 Core Configuration, with SCONFIG

Windows Server 2016 Core has a built-in configuration tool named Sconfig.  This tool is used to configure and manage several aspects of Server Core installations. This simplifies tasks such as changing settings such as network, remote desktop, hostname and domain memberships, etc.

To use the Server Configuration Tool

  1. Log into the console of your Windows Server 2016 Core System
    You need to log in as an administrator and should arrive at a command prompt
  2. Enter the command Sconfig and press enter
    The Server Configuration tool interface should be displayed

 

Note: You can use Server Configuration Tool in 2016 Server Core and 2016 Server with Desktop Experience installations.

Install VMware Tools Windows Server 2016 Core

I just completed my install of Windows Server 2016 Core as a guest in my VMware Lab. Now that this has been completed the next step is for me to install the VMware tools so that I can take advantage of various features; specifically, template deployment with customization options

About:VMware:Tools: VMware software tools enhance the performance of the guest operating system and improve the management of the virtual machine guests operating systems.

How to install:

  1. Select your VM from vCenter and select ‘Guest OS > Install VMware Tools
    This mounts the VMware CD Image containing the installation files
  2. Inside the guest machine type ‘powershell’
    This will drop you from the command shell to powershell prompt
  3. Next type the command Get-PSDrive
    This will return the drives attached to the system
  4. Change to the drive that the VMware tools are currently mounted
    In my case, this was drive letter “D”
  5. Issue the command .\setup64.exe to start the install process

    Note: issuing just setup.exe or setup64.exe will end in an error as Windows poweshell does not load commands such as this by default 
  6. Follow the steps of the VMware tools installer and restart when completed.

 

Ref: http://jermsmit.com/howto-install-vmware-tools-on-windows-server-2102-r2-server-core/

vSphere 6.5: OVF Import – The provided manifest file is invalid

Importing a template from vSphere 5.5 and importing to vSphere 6.5 the following error was encountered: The provided manifest file is invalidInvalid OVF checksum algorithm: SHA1

To get fix this error the following steps were taken:

Step 1 – is to extract your ova template (after all its only a zip)

You will notice 3 files once extracted

*.vmdk – is your disk containing all your data

*.ovf – is the configuration (also the file that we will edit)

*.mf – is a manifest containing a reference to the vmdk and ovf, also holding a SHA1 hash which ESXi will check for validation. This file needs to be deleted as we are making a change to the ovf and this will surely break that hash.

Example of what the contents of the .mf file looks like:

SHA1(template.ovf)= 908e804f140ffa58083b8bd154dace330b440c78
SHA1(template-disk1.vmdk)= 29c2d44d908d0207005360dabb58967f01a1

Step 2 – Delete the file with the *.mf extension. If this exists ESXi will attempt to validate and throw an error about the templates integrity being invalid. Once this has been deleted you can deploy your OVF Template.

Ref: http://jermsmit.com/unmount-local-iso-before-making-it-an-ovf-template/

Happy Importing

ISP Redundancy Link Interface Cannot Be Created

While setting up ISP Redundancy on a Check Point cluster I ran into an issue preventing me from proceeding with my configuration.  I was eventually able to resolve this and felt that I would share with you and my future self the steps taken.

 

What is ISP Redundancy

ISP Redundancy enables reliable Internet connectivity by allowing a single or clustered Check Point Security Gateway to connect to the Internet via redundant Internet service provider (ISP) connections. If both links are active, connections pass through one link, or both links, depending on the operating mode. If one of the link fails, new connections are handled by the second link.

 

Configuration Steps

  1. Open the network object properties of the Security Gateway or cluster.
  2. Click Other > ISP Redundancy.
  3. Select Support ISP Redundancy.
  4. Select Load Sharing or Primary/Backup.
  5. Configure Links – Primary and Backup Connections
  6. Set tacking mode for Link failure and recovery
  7. Click OK — This is when I encounter my error

 

Error: Check Point SmartDashboard

At least one of your ISP Links lack a next hop IP Address configuration.
Note: next hop IP Address is also used to automatically monitor the ISP Link^s availability.

Error: Check Point SmartDashboard

ISP Redundancy configuration on clusters requires that the interfaces which lead to your ISPs, have the same names as the corresponding physical interfaces on the cluster^s members.

 

Resolution Steps Taken:

Discovered that the the interfaces in the topology tab did not have the same name on the vip (Virtual IP), so I changed to name so that all interfaces were matching.

After introducing the changes to the interface name of the vip, I retried the setup for ISP Redundancy and the issue resolved.

 

Check Point: SmartDashboard crashes when editing Management server object

I recently had an annoying issue with my Check Point Smart Dashboard.

Each time I connected to the Management with SmartConsole and editing the Security Management server object it causes an application crash. The crash would start with a UAC popup from the Windows registry:

Followed by the Check Point SmartSashboard application crash itself with the following message:

—————————
Check Point SmartDashboard
—————————
Check Point SmartDashboard has experienced a serious problem and must close immediately. Technical information will be saved in ‘C:\Program Files (x86)\CheckPoint\SmartConsole\R77.30\PROGRAM\data\crash_report\FwPolicy.exe_990180413_1516652973.zip’.
If problem persists contact technical support or consult sk97988 to check whether solution exists.

 

To correct this problem I attempted the following solutions
Please note:  The solution which worked is at the bottom of this blog post (skip away, if you wish).

From sk100507:

I attempted to resolve the problem,  by cleaning the SmartConsole cache on the Security Management server.

To do so, I had deleted the C:\Program Files (x86)\CheckPoint\SmartConsole\R7x.xx\PROGRAM\data\CPMICache\ <machine name>

This did not work.

 

From sk100507:

I followed the procedure for deleting the GUI cache from the management server itself via the following steps:

Connect to the command line on Security Management server (over SSH, or console).

  1. Log in to the Expert mode.
  2. Stop Check Point services:
    [Expert@HostName]# cpstop
  3. Backup and remove the current cache files:
    [Expert@HostName]# mkdir -v /var/log/GUI_cache_bkp
    [Expert@HostName]# mv $FWDIR/conf/applications.C* /var/log/GUI_cache_bkp/
    [Expert@HostName]# mv $FWDIR/conf/CPMILinksMgr.db* /var/log/GUI_cache_bkp/
  4. Start Check Point services:
    [Expert@HostName]# cpstart
  5. Wait for 5-10 minutes for the cache to rebuild.
  6. Connect with SmartDashboard to Security Management Server.

This did not work.

 

And.. Finally a solution that did resolve this issue
From sk110712 – SmartConsole / SmartDashboard crashes when editing Management server object

Symptoms:

Connecting to Management R77.30 or R77.30.X with SmartConsole R77.30 and editing the Security Management server object causes an application crash.

Resolution:  By Using the GuiDBEdit Tool

 

  1. Close all SmartConsole windows.
  2. Connect to Security Management Server with GuiDBedit Tool.
  3. Navigate to Network Objects -> network_objects -> <Security Management object> -> portals
  4. Right-click and reset the portals.
  5. Save the changes: go to ‘File’ menu – click on ‘Save All’.
  6. Close the GuiDBedit Tool.
  7. Connect to Security Management Server / Domain Management Server with SmartDashboard.

 

This worked and problem now resolved