Software

Veeam, vSphere 6.5, Restore job failed Error: A specified parameter was not correct: spec.vmProfile

Just a tech short on how to get past the following error: Restore job failed Error: A specified parameter was not correct: spec.vmProfile. This was encountered when testing backups via the Veeam console

This error could also be seen in vCenter

 

After some digging around I was able to get a better understanding of why it was occurring. Each time this failure would occur I would see a message “Failed to set story profile VM Encryption Policy …

But I am not using encryption policies!

This is new in vSphere 6.5 and allows for the encryption of storage where the VM would reside.
To work around this I needed to browse my datastore tree for the intended datastore rather than searching by name; What I had been previously doing.

You may see this as ‘Default policy’ container.  Select the datastore and continue as normal and you should have a successful restore.

Best of luck to you.

 

Check Point Firewall: Disconnect VPN or Mobile Access Clients

If you have a need to disconnect a user from the firewall forcibly. There are a few ways I am aware of that will force users off the VPN.

Installing Security Policy (link)-  clears the cached authentication of the remote user, although this doesn’t seem to disconnect them it prompts them to re-enter credentials.

Expire the user with SmartDashboard or change the user’s password and then push the Security Policy.

Logging into the console of the firewall and using the vpn tu command to disconnect users.
(link) – VPN Commands:  (link)

My favorite method is to SmartVire Monitor:

Open SmartView Monitor > Users > click on any of the options: Users by Gateway, Users by Name, All Users, CheckPoint Mobile Users and after finding the user you want to disconnect, right click on it and Reset Tunnel.

Removing a Orphaned Virtual Machine from vRealize Automation

**** ATTENTION !!! ****
**** Please be sure to BACKUP any related databases

 

The following steps provide information on removing virtual machines from VMWare vRealize Automation (vRA).

These steps are to be used when the following conditions exist:

  • A virtual machine that is being managed without being deleted from the endpoint.
  • You want to manually remove the machine from the endpoint.

 

vRA Application Steps:

Log into vRA – https://vcac.yourdomain.tld using your-domain\*your-user-id*

  1. Click the Infrastructure Tab
  2. Click Machines > Reserved Machines
  3. Search for Service Name (e.g. VRA-FAQ360)
  4. Delete the associated service

SQL Database Steps:

  1. Connect to SQL Database Server: VRA-SQL
  2. In “Object Explorer” window, Locate database vCAC
  3. Backup the vCAC database
  4. Expand the vCAC database
  5. Under Programmability > Stored Procedures, locate ‘dbo.usp_RemoveVMFromVCAC’
  6. Execute Procedure and apply ID of the Multi-Machine Service (e.g. VRA-FAQ360)
  7. Repeat this step for each instance

Notes:

The store procedure may look like the following:

USE [vCAC]
GO

DECLARE @return_value int

EXEC @return_value = [dbo].[usp_RemoveVMFromVCAC]
@MachineName = N’VRA-FAQ360′

SELECT ‘Return Value’ = @return_value

GO

How to: Disable the Windows Store

 

One of the features of Windows 10, is the Windows Store.  The Windows Store is a digital distribution platform for Microsoft Windows. It started as an app store for Windows 8 and Windows Server 2012 as the primary means of distributing Universal Windows Platform apps.

Ref: https://en.wikipedia.org/wiki/Microsoft_Store_(digital)

As system configurators and administrators, this may be problematic as it introduces new configuration that was not expected or supported by the IT Staff.  To mitigate this the following steps can be used to disable the Windows Store.

This can be disabled via local group policy or via active directory domain services group policy.

Type gpedit in the search bar to find and start Group Policy Editor.

In the console tree of the snap-in, click Computer Configuration, click Administrative Templates, click Windows Components, and then click Store.

In the Setting pane, click Turn off Store application and then click Edit policy setting.

On the Turn off Store application setting page, click Enabled, and then click OK.

 

Considerations:

These policies are applicable to users of the Enterprise and Education editions only. ref: https://support.microsoft.com/en-us/help/3135657/can-t-disable-windows-store-in-windows-10-pro-through-group-policy

 

Blocking Internet Advertisements, and more with Pi-hole

The challenge is to mitigate exposure to the advertisements spammed all over the internet with the same approach as fighting against virus and malware threats.

I recently upgrade my Pi-hole® to take on not only the task of blocking Internet advertisements, but malware, and adult sites.

Here is my list on pastebin: https://pastebin.com/eV3cUnjy

Installing Pi-hole

Pi-hole makes it as easy as possible to download and get running with a one-line script that starts up a menu-based installer. Simply enter: curl -sSL https://install.pi-hole.net | bash

More on setup here

Whitelisting

There was a fair amount of whitelisting that needed to be applied to allow some social media sites to work as desired. You will want to monitor what’s blocked to determine what you are willing to allow.

Mobile Protection

I started using the Pi-hole® to protect my mobile device from these threats by leveraging the same blocking I am using on my home network.  This not only cuts back on the data use but also add layers of privacy and security protection to my device while on untrusted networks.

 

A simple solution to use is OpenVPN. Fore more info on setup please visit: https://openvpn.net/

DNSSEC

But what about my ISP who can see my upstream DNS requests.  Well for that, we could trust them, or trust in a 3rd party who uses DNSSEC technology to protect your privacy. Use Google, Norton, DNS.WATCH or Quad9 DNS servers.

And with that you get some decent statistics about your network.