Misc: Starbucks teams with Spotify

A very interesting new feature. The obvious feature of finding out what is playing in your local Starbucks is useful, but the fact that they could use your Spotify data to influence the playlist store's playlist is pretty cool.


NetApp VSC 4.2.2 HTTP Error 500 VSphereAuthenticationFilter only support jetty requests



NetApp KB ID 2026327 only states error 503, but the fix listed in the article will also fix this error 500 problem too.

It seems to only affect vCenters running 5.5 U3b or higher.  Anyway, probably far and few between dealing w/ this, but hopefully this helps someone looking for a solution.  Long story short, the KB details certain conf files that need to be modified.

Perform the following steps to resolve the issue:
  1. Open %Programfiles%\Netapp\Virtual Storage Console\smvi\server\etc\wrapper.conf
  2. Locate the wrapper.java.additional.X lines (should be 4)
  3. Add the following line:
    wrapper.java.additional.5=-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2
  4. Open %Programfiles%\Netapp\Virtual Storage Console\wrapper\wrapper.conf
  5. Locate the wrapper.java.additional.X lines (should be 7)
  6. Add the following additional line:
    wrapper.java.additional.8=-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2
  7. Restart both VSC services, or reboot.


vSphere: Security Vulnerability w/ "Shared Folders" Feature


Since this appears to be making the rounds, I figured I'd post a little Powershell code on how to figure out if a guest's VMware tools is affected.  It only appears to affect Window's so this little bit of code can help you determine whether the "Shared Folders" feature is installed.  I posted this to communities too.

$VM = Get-VM NameofVM
 
$Reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $vm.extensiondata.summary.guest.hostname)
$RegKey= $Reg.OpenSubKey("System\CurrentControlSet\Control\NetworkProvider\Order")
$RegKeyValue = $RegKey.GetValue("ProviderOrder")
If($RegKeyValue -match "hgfs|hgs"){Write-Host ("$($VM.Name) might be affected by VMSA-2016-0001." + "  String Values hgfs, vmhgs, and/or vmhgfs need to be removed and VM rebooted.  ESXi Host should be patched prior.  RegistryPath: $($RegKey.Name), ProviderOrderKeyStringValue: $($RegKeyValue)") -ForegroundColor:Red}
Else(Write-Host "$($VM.Name) not affected by VMSA-2016-0001" -ForegroundColor:Green)


Caveats to this is that once you find those that have the HGFS/HFS, the ESXi host needs to be patched, the string values removed from the registry, and VM needs to be rebooted for change to take effect.
Also note:

  1. This only escalates privileges within the Guest OS. This does not escalate rights into the ESXi host.
  2. Just because those values are there, doesn't necessarily mean the function is actually in use.

The other half is that you will need to patch your ESXi hosts:
http://www.vmware.com/security/advisories/VMSA-2016-0001

vSphere: SFCB configuration has changed

Was getting this error when applying a host profile.  It happened after I changed the DVS/vDS 'NAME'.  I updated it in the host profile too.  It's a nondescript error that I couldn't figure a way around.  So what did I do?  Deleted the profile and created a new host profile based on a host I knew was configured correctly.  Voila, SFCB configuration has changed error/noncompliant host profile state GONE!

Resolve by simply deleting and recreating host profile.

vSphere: no coredump target has been configured (fix it w/ powershell)


Was able to fix the above error by following steps outlined here:
http://blog.ukotic.net/2015/05/31/no-vmkcore-disk-partition-is-available/

So that inspired me to write how you can do this against multiple hosts via a scripted method.  I started by simply exporting a list of servers via PowerCLI:
Get-Cluster myCluster | get-vmhost | select name | out-file -FilePath D:\scripts\Output\clusterlist.txt -Encoding ascii


I opened the txt file, removed the 'name' header, then ran the following:

for server in $(cat ~/Desktop/clusterlist.txt);

do ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@$server 'esxcli system coredump partition set -u; esxcli system coredump partition set --enable true --smart'

done

A better way to do this would be to use plink, above was a quick and dirty way for me.  So here is a way to do it all from Powershell only that quite frankly would've saved me the trouble of pasting the password in 20 times:

$Creds = get-credential
#Echo "n" because I don't want or care for putty/plink to record the server ssh/rsa key.
$ClusterHosts = Get-Cluster myCluster | get-vmhost
Foreach ($ClusterHost in $ClusterHosts)
{
$ClusterHost| Get-VMHostService | Where { $_.Key -eq "TSM-SSH"} | Start-VMHostService
echo n | C:\someplace\plink.exe $ClusterHost.Name -l $creds.username -pw $creds.GetNetworkCredential().password "esxcli system coredump partition set -u; esxcli system coredump partition set --enabled true --smart"

$ClusterHost| Get-VMHostService | Where { $_.Key -eq "TSM-SSH"} | Stop-VMHostService -confirm:$false
}

Alan wrote a little snippet awhile back where you can insert it so that it'll download plink automatically for you.  It's also how I remember the little echo trick.

[Update: Just realized that this needs SSH service turned on and that I really didn't include loop statement.  Snippets inserted above]

Even better way:
$ClusterHosts = Get-Cluster myCluster | get-vmhost | get-esxcli
Foreach ($ClusterHost in $ClusterHosts)
{
$ClusterHost.system.coredump.partition.set($null,$null,$null,$true)
$ClusterHost.system.coredump.partition.set($true,$null,$true,$false)
}