Unable to import Infoblox 7 OVA into vSphere 6.5

The other day I was tasked with deploying a Infoblox OVA in our Lab environment. I was under the impression that this was going to be a simple task however I found out from my Coworkers that about 3 people had already tired to deploy it an all had failed. After spending WAY too much time on this task I eventually figured it out. Here are the steps I took to get this working in my lab.


First I started out by just trying to install the .OVA the normal way using the Deploy OVF Template Wizard hoping that my colleagues were just having permissions issues. Then I was greeted with this  screen below.

I then thought maybe something was wrong with the .OVA so I researched how to convert a .OVA to a .OVF and manually import it that way. It turns out all you need to use is use a product called 7zip and use it to extract the files from inside the .OVA.

Once you go into the new directory you just created you will see that the .OVA is made up of 3 files

I then tried to import those files and got the same result. Yay for consistency!!!

I then did some more reading and found that the issue may have been caused by a checksum error of the .ovf file so I found a PowerShell command that will tell me what the checksum of the .ovf file was

$(Get-FileHash .\vmname.ovf -Algorithm SHA1 | Select -ExpandProperty Hash).ToLower()

You then take the value that Powershell kicks back and put it into the vmname.MF file. You can open this file with any text editor. You should take care when pasting the checksum hash value into the .MF file that you only use lower case letters.


After that was all done I tried to import the .OVF which means you have to include all 3 files. I still had the same result. Then I reread the error message and found that the .MF file was referencing a file that did not exist is the .OVA.

nios-7.3.17-358620-2017-07-14-00-21-09-160G-1410-xen.ovf

So I went back into the .MF file and deleted the value that was not needed and tried the import again.
This time I was met with a different message

Issues detected with selected template. Details: – 17:3:SECTION_RESTRICTION: Section Product Section (Information about the installed software) not allowed on envelope.

After banging my head against my desk and cursing out by boss for a while I went back to the Google to find out what this error message means. 

It turns out that this is in fact a know issue with Infoblox and they are planning on fixing it in version 8.2. However to get past this they recommend connecting directly to the virtual host and deploying it that way. You can read more about it on this blog that I found while searching for a fix.

So I connected directly to my virtual host and attempted to deploy it from there when I get this message

“The host is currently being managed by the vCenter Server with IP Address xx.xx.xx.xx. Changes to this host during the session may not be reflected in the vSphere Client sessions currently viewing the vCenter Server.”

I then discovered I would need to disconnect my ESXi host from vCenter to make this work. Fortunately I discovered that by connecting to my ESXi Host using SSH I could stop the services necessary for communication with vCenter.

So I connected to the host via SSH and ran the following commands
/etc/init.d/vpxa stop
/etc/init.d/hostd restart

I attempted to deploy it again and it was successful. I then ran /etc/init.d/vpxa start to set everything back to normal, did a few refreshes in vCenter and we were good to go. 

I hope this helps someone out there with the same issue. 

How to use IKEA TRADFRI with a Samsung Smartthings

So as you may or may not know one of my hobbies as of late has been Home Automation. My favorite platform is Home Assistant as it allows me to connect a whole plethora of products together and use them in a giant mesh throughout my house. 

I recently setup IKEA Tradfri bulbs in my Master Bedroom and the Daughters room and I was able to connect them into Home Assistant with mixed reviews. The integration with the IKEA Tradfri lights is already part of the standard build for Home Assistant, however I have to admit that it is not always reliable for me and I find myself using either the Tradfri app or the remote controls that I purchased for them. 

This weekend my Son asked if I could do the same for him so he could be cool like his sisters. So I went to IKEA and purchased a new Light bulb. Now one of the things that I have noticed from being a user of the system that no one mentions is that if you desire to use a remote for the lights, you will need to purchase one for each room your are setting up as there is no way to switch between light groups on the remote. So not only and I purchasing an $11 light bulb (because I am cheap) but I have to purchase a $20 Remote!!

I had done some research online and found that the IKEA Tradfri bulbs are actually using a form of ZigBee to communicate and that it might be possible to use it with a Samsung Smartthings Hub. 

So when I got home from IKEA I opened up my laptop and searched for a Guide and I found one listed below which I was able to follow with great ease considering I had already done a lot of this work when setting up the MQTT Bridge with Smartthings. 

https://smarterhomelife.com/everything/2017/8/11/pairing-ikea-tradfri-smart-lights-with-smartthings-how-to

SSL Certificate Template not showing up on Active Directory Certificate Services web page

In a previous Post I mentioned an issue that I had with a Certificate template on my Internal Enterprise CA not showing up when I tried to request a certificate.

After doing some digging I discovered that I had it set the template to "Build from this Active Directory information" when it should have been "Supply in the request" to make it show up in the list. 

So what you need to do is open the Certificate Template Console on your CA, and double click on the template that you need to have show up. Go to the "Subject Name" tab you will see this

Select Supply in the request and click OK.

If the template is already being served on your CA you will need to Delete it from the Certificate Template folder and re-add it in the same folder. 

Lync 2013 - Internal Certificate issue.

Over the last week I have been working on a certificate issue with Lync 2013. This has effected mobile clients and remote Windows and Apple machines. After Checking the event log on my Lync Front End Server I discovered that I was getting event log errors like this:

And as you can tell from the next picture they were showing up pretty regularly.

So I started googling and I found a few articles online and discovered that this is a known issue that MS Support is aware of but has not permanent fix. They are only offering workarounds at this time. The first one that I found said that the problem is caused by .NET Framework 4.6 and 4.6.1 being installed at the same time and required adding a registry key of the Front End Server which looked like this:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319]
"RequireCertificateEKUs"=dword:00000000

This actually made things worse as it doubled the amount of errors I was getting in the event log.

So I moved on to this lovely technet article I found which worked for me and after reading it I discovered why the first method did not work.

https://blogs.technet.microsoft.com/uclobby/2017/05/24/lyncsfb-server-event-41026-ls-data-mcu-after-may-2017-net-framework-update/

 You see because I did not install Lync in the standard location (meaning the C: Drive) the registry key fix would not work. I actually ended up having to regenerate my internal certificates and modify my CA to issue a new certificate template which merges the Webserver Client and Server template.

I am not going to go into further detail on this as the above URL fixed my issue and has very good step by step instructions. I will however probably do a follow post on what happened when I tried to issue a certificate with that template the first time and what I had to do to fix that issue.

How to add vMA to Windows AD Domain

While working in my lab at work I wanted to see about adding my vSphere Management Assistant (vMA) to our lab Active Directory so it would be easier for me to connect to resources. After going through the process I decided to make a guide on the steps I took to get it working.

Just an FYI I was working with vSphere Management Assistant version 5.5.0.4 at the time of taking these screenshots so I am sure things may have changed in later versions... or not.

First you will need to get to the console of the machine.

Select the option to login

and log in using the vi-admin account

Once you are logged in you are presented with a command prompt. You will need to use the following command to add your appliance to a Windows domain.

Sudo domainjoin-cli join <domain.name> <Domain User Name>

You will then be prompted for the vi-admin password

Once your Appliance is added to the domain you will see a screen like this.

Once the reboot has been completed you will can verify that you are on the domain by running this command:

sudo domainjoin-cli query

and you will be presented with a response something line this

Now your appliance is on the domain and you will now have an easier time connecting to resources in your VMware environment.  

Exchange 2016 - Powershell Virtual Directory not working

So one of the projects that I have been working on lately is to setup a Mobile Device Management (MDM) solution for my company. One of the requirement to get email to Sync for the mobile devices was to connect the MDM server to our internal Exchange 2016 server using PowerShell.

One of the issues that I had been running into for a few days was that the MDM was not able to authenticate to our Exchange Server. I went through everything I could think of to fix this issue and to get it working (Check Firewall ports, SSL Certificates, User Permissions) but nothing was working. Then I remembered back to an post I did on here before about Active Sync and how I had to use a PowerShell command to recreate the Virtual Directory with the correct URL at the time of creation otherwise it will cause PowerShell to fail when you try to connect to it externally.

Well the funny thing about this whole situation is that during my troubleshooting I had to remove the PowerShell virtual directory in order to recreate it. Well... It turns out when you remove the PowerShell directory it also disconnects your PowerShell session to the Exchange server. Now fortunately I have a second Exchange server on the same Domain so I was able to run the command to create a new PowerShell Virtual Directory on that server and after turning off the Require SSL check box I was able to connect to the server again. Also my connection to the MDM Server was working as well!!!

Here is the command s that I should have used to create the PowerShell Virtual Directory.

To Remove the PowerShell Virtual Directory:

Remove-PowerShellVirtualDirectory “Powershell (Default Web Site)”



To Create the New Virtual Directory:

New-PowerShellVirtualDirectory -Name Powershell -RequireSSL:$False



To Reset IIS

IISRESET /noforce

Smartthings to Home Assistant using MQTT

I have been away for a while, but in my absence I have been playing with a Home Automation System called Home Assistant. You can find out more about it here on their website: https://home-assistant.io/ 

One of my Father's Day Gifts from my Wife and Kids was a SmarThing Hub with a Arrival sensor. Now Home Assistant has literally hundreds of pre-built integrations however SmartThings is not one of them. To make it work with Home Assistant you will have to use a protocol called MQTT which is very versatile and can be used to create your own Automations.  (Find out more about it here.)

Now my Home Assistant instance is running on a Rasberry Pi 3 (also a Father's Day Gift) however it also runs on a Raspberry Pi 2. I am also running HASSbain which is a Raspian image created by Home Assistant. As for MQTT there are a few products out there that you can use, I prefer Mosquitto as there seems to be more guides out there on how to configure and manage it.

Start off by checking for and installing updates for Raspian:

sudo apt-get update

sudo apt-get upgrade

this could take a while depending on your setup.

Next you will need to setup the smarthings-mqtt-bridge via npm
sudo apt-get install npm

sudo npm install -g smartthings-mqtt-bridge

Then you will need to setup pm2 to run the processes
sudo npm install pm2 -g

Once installed you will need to create and edit smartthings-mqtt-bridge config
sudo cp /usr/local/lib/node_modules/smartthings-mqtt-bridge/_config.yml ~/config.yml

sudo nano ~/config.yml
Here is what the mqtt-bridge-configuration ~/config.yml file should look like if all is configured correctly.
mqtt:
  # Specify your MQTT Broker's hostname or IP address here
  host: mqtt://localhost
  # Preface for the topics $PREFACE/$DEVICE_NAME/$PROPERTY
  preface: smartthings

  # Suffix for the state topics $PREFACE/$DEVICE_NAME/$PROPERTY/$STATE_SUFFIX
  # state_suffix: state
  # Suffix for the command topics $PREFACE/$DEVICE_NAME/$PROPERTY/$COMMAND_SUFFIX
  # command_suffix: cmd

  # Other optional settings from https://www.npmjs.com/package/mqtt#mqttclientstreambuilder-options
  username: pi
  password: mqttpass

  # Port number to listen on
  port: 8080

Now that all of the local configurations have been completed you need to configure the SmartThings Device handler, Device, and SmartApp using steps outlined in https://github.com/stjohnjohnson/smartthings-mqtt-bridge150

Device Settings
IP: raspberry pi IP
MAC: Raspberry pi MAC
Port: 8080

Next you will need to add mqtt to HomeAssistant config configuration.yaml
mqtt:
  broker: localhost
  port: 1883
  client_id: home-assistant-1
  username: pi
  password: mqttpass

Now you will need to add your devices to their own file, or configuration.yaml
Since I am using mine for presence detection mine looks something like this

device_tracker:
  - platform: mqtt
    name: "MQTT Presense Detection"
    devices: 
      Friendly Name: smartthings/device name/presence
      Friendly Name1: smartthings/device name/presence
     
Now you will need to start the bridge

sudo ln -s "$(which nodejs)" /usr/local/bin/node
pm2 restart smartthings-mqtt-bridge

restart Home Assistant
sudo systemctl restart home-assistant.service

That should do it. You may want to sudo reboot


In the future I may do more of these as I have learned at lot from it, including beginning to dabble with Docker.

Outlook for Mac user unable to see shared Calendars

One of my users came to me with an issue regarding his Outlook for Mac Client. He said he was able to see a persons calendar but when he opened them up they were blank.

Most of our users are using Outlook 2013 on either Windows 7/8/10 and are not having this issue. After about an hour of searching online and digging through message boards I discovered that someone has suggested changing the permissions that the user is granting to Full Details. The default setting is Availability only.


Although this is not something I discovered on my own I figured I would share it anyway as it may help someone down the line.

Scenario 004 - Issue with connecting to NETAPP OnCommand System Manager

It has been a while since I did one of these posts do I figured I would try to get back to it. 

Today I was working at a client site and I had to make some changes to one of their VMs to increase storage. While working on their management host I attempted to connect to their NetApp OnCommand System Manager when I was presented with this:

Having seen this so many times I figured I would share the solution. The error message above is telling you that the file SystemManager.ks is corrupt. This file can be renamed and is located here:

C:\Users\<username>\NetApp\SystemManager\

Once you rename the file all you have to do it close you IE window and try again.