Software

Removing a Orphaned Virtual Machine from vRealize Automation

**** ATTENTION !!! ****
**** Please be sure to BACKUP any related databases

 

The following steps provide information on removing virtual machines from VMWare vRealize Automation (vRA).

These steps are to be used when the following conditions exist:

  • A virtual machine that is being managed without being deleted from the endpoint.
  • You want to manually remove the machine from the endpoint.

 

vRA Application Steps:

Log into vRA – https://vcac.yourdomain.tld using your-domain\*your-user-id*

  1. Click the Infrastructure Tab
  2. Click Machines > Reserved Machines
  3. Search for Service Name (e.g. VRA-FAQ360)
  4. Delete the associated service

SQL Database Steps:

  1. Connect to SQL Database Server: VRA-SQL
  2. In “Object Explorer” window, Locate database vCAC
  3. Backup the vCAC database
  4. Expand the vCAC database
  5. Under Programmability > Stored Procedures, locate ‘dbo.usp_RemoveVMFromVCAC’
  6. Execute Procedure and apply ID of the Multi-Machine Service (e.g. VRA-FAQ360)
  7. Repeat this step for each instance

Notes:

The store procedure may look like the following:

USE [vCAC]
GO

DECLARE @return_value int

EXEC @return_value = [dbo].[usp_RemoveVMFromVCAC]
@MachineName = N’VRA-FAQ360′

SELECT ‘Return Value’ = @return_value

GO

How to: Disable the Windows Store

 

One of the features of Windows 10, is the Windows Store.  The Windows Store is a digital distribution platform for Microsoft Windows. It started as an app store for Windows 8 and Windows Server 2012 as the primary means of distributing Universal Windows Platform apps.

Ref: https://en.wikipedia.org/wiki/Microsoft_Store_(digital)

As system configurators and administrators, this may be problematic as it introduces new configuration that was not expected or supported by the IT Staff.  To mitigate this the following steps can be used to disable the Windows Store.

This can be disabled via local group policy or via active directory domain services group policy.

Type gpedit in the search bar to find and start Group Policy Editor.

In the console tree of the snap-in, click Computer Configuration, click Administrative Templates, click Windows Components, and then click Store.

In the Setting pane, click Turn off Store application and then click Edit policy setting.

On the Turn off Store application setting page, click Enabled, and then click OK.

 

Considerations:

These policies are applicable to users of the Enterprise and Education editions only. ref: https://support.microsoft.com/en-us/help/3135657/can-t-disable-windows-store-in-windows-10-pro-through-group-policy

 

Blocking Internet Advertisements, and more with Pi-hole

The challenge is to mitigate exposure to the advertisements spammed all over the internet with the same approach as fighting against virus and malware threats.

I recently upgrade my Pi-hole® to take on not only the task of blocking Internet advertisements, but malware, and adult sites.

Here is my list on pastebin: https://pastebin.com/eV3cUnjy

Installing Pi-hole

Pi-hole makes it as easy as possible to download and get running with a one-line script that starts up a menu-based installer. Simply enter: curl -sSL https://install.pi-hole.net | bash

More on setup here

Whitelisting

There was a fair amount of whitelisting that needed to be applied to allow some social media sites to work as desired. You will want to monitor what’s blocked to determine what you are willing to allow.

Mobile Protection

I started using the Pi-hole® to protect my mobile device from these threats by leveraging the same blocking I am using on my home network.  This not only cuts back on the data use but also add layers of privacy and security protection to my device while on untrusted networks.

 

A simple solution to use is OpenVPN. Fore more info on setup please visit: https://openvpn.net/

DNSSEC

But what about my ISP who can see my upstream DNS requests.  Well for that, we could trust them, or trust in a 3rd party who uses DNSSEC technology to protect your privacy. Use Google, Norton, DNS.WATCH or Quad9 DNS servers.

And with that you get some decent statistics about your network.

 

 

 

 

 

 

 

 

 

 

VMware Guest Customization Specification, Configure Domain Joining

I recently worked to correct an outstanding support issue of VMware Guest Customization Specification not joining guests to Active Directory Domains. I thought I’d share my setup so it might help others facing similar issues.

Log into the vSphere console, navigate to the Home page section

From the Home page click the Customization Specification Manager

Once in the Customization Specification Manager Click on “+” symbol to create VMware Guest Customization Specification.

Select the operating system either Windows or Linux from the drop-down on target VM operating system and Specify the name for the Customization Specification. Enter the description of the customization specification. Click on Next.

Provide your registration information and click Next.

I use the computer name of guest OS as same as the virtual machine name. It simplifies the identification of the virtual machine in the vCenter inventory. Select “Use the virtual machine name” to use the computer name as same as virtual machine name and click Next.

Enter the windows licensing information for this copy of the guest operating system; if you are using a KMS server for activation you don’t have to type a key here.

Specify the administrator password and auto-login option for the administrator account of Windows operating system. Click Next.

Select your time zone and continue.

If you need to run some commands on the first log on, put them here and when your done click Next.

On the Configure Network, you can specify the network settings for the guest operating system. Either you can use DHCP or specify the custom network settings.

To specify the custom network settings, Click on Edit “Pencil Icon”… In this section is where I specify the DNS suffix to add to the Windows operating system. Click on OK.

This allows me to communicate to a specific Active Directory Domain Service (ADDS), and include the domain suffix. Once Network settings are specified in customization specification. Click on Next.

Under Set Workgroup or Domain, choose “Windows Server Domain”, specify FQDN and specify the user account and credentials information that has permission to add a computer to the domain.
The user account is in the format of user@domain.tld
Click on Next.

Select the checkbox “Generate New Security ID (SID)” to generate a new security identity for the windows virtual machine. This option is important to generate the new SID from the source machine. Click Next.

Finally, review all the settings specified in VMware customization specification and click on Finish

Now you can Deploy Templates Using VMware Guest Customization Specification, and join the guest to your Active Directory Domain without issue.

VMware, Windows 10 Customization Specification Not Completing

Here are details of my setup – in fact, I started over from scratch to document my steps.
This seems to be a new problem occurring with Windows 10, version 1709

 

Install of new VMware guest for the purpose of being a template

  1. Create new VM, named it windows_10_enterprise_version_1703
  2. Remove floppy drive
  3. Uncheck networking (for install)
  4. Mount ISO and enable, click OK to save settings

Install of OS on the guest virtual machine

  1. Boot newly created VM (windows_10_enterprise_version_1703)
  2. Step through the installation until completion
  3. Complete language settings to arrive at Windows desktop
  4. Enable the ‘Administrator’ account as its disabled by default
  5. Log out of installation user (the account I named ‘install’)
  6. Log into the ‘Administrator’ account
  7. Enter control panel, user and delete the ‘install’ user account.
  8. Install VMWare tools, Reboot once
  9. Shutdown

 

Prepare VM to be a template

  1. Edit the VM settings
  2. Connect networking
  3. Disconnect CD Drive
  4. Click OK
  5. Convert VM to a Template

 

Customization Specification Setup

  1. Create new specification, (I named mine Windows Desktop – DHCP)
  2. Applied registration information
  3. Computer Name – Use the virtual machine name
  4. Windows License – Left this blank (unchecked include server licensing information)
  5. Administrator Password – Set password, choose the option to automatically login as Administrator
  6. Time Zone – Set my desired time zone
  7. Run Once – Left this blank (blank for now, later intend on applying KMS details)
  8. Network – Use standard network setting (DHCP)
  9. Workgroup or Domain – For now just Workgroup and left workgroup name as ‘WORKGROUP’
  10. Operating System Options – Generate New Security ID (SID)
  11. Ready to complete – Clicked OK

Deploying template

  1. Right-click on the template – New VM from the template
  2. Gave a simple name – TEST01
  3. Selected Datacenter, Selected Cluster
  4. Selected Storage
  5. Selected Options (Customize VM) and (Power on the virtual machine after creation)
  6. Selected ‘Windows Desktop – DHCP’ from customized guest OS options
  7. Clicked Next, then Finish and wait …

 

Where things get stuck

  1. After the first boot, the guest gets an IP address from the network
  2. Customization starts in the background and system reboots
  3. When the system resumes I arrive at the following screen
  4. The system customization never completes, and I find my VM’s stuck at the “Let’s start with region …” screen

And, I’ll update this as soon as I find a solution, but for now…  I’m stuck

Log Shared via Pastebin:  https://pastebin.com/ETpuLX3U

 

Update: March 18, 2018

I’ve had others also test this using the latest ISO for Windows 10 – en_windows_10_enterprise_version_1703_updated_march_2017_x86_dvd, they too now encounter this same issue.  So the problem seems to be with the build of Windows 10 that was released.

I am going to download another build from MSDN and see if there is a change.

 

Update: March 19, 2018

I was able to get this working by way of reinstalling Windows 10 using the following ISO build: en_windows_10_multi-edition_vl_version_1709_updated_sept_2017_x64_dvd

Was even able to apply Windows updates and redeploy without error.