tag:blogger.com,1999:blog-58345913494363140892024-03-03T19:25:55.434-05:00Zsoldier's Tech BlogTrying to help the technically challenged... so mainly myself.
日本語訳が必要な方は、コメントをください。Zsoldierhttp://www.blogger.com/profile/11268515960384934875noreply@blogger.comBlogger302125tag:blogger.com,1999:blog-5834591349436314089.post-40767153236384743662024-01-21T23:57:00.000-05:002024-01-21T23:57:52.038-05:00NSX-T: Release associated invalid node ID from certificate<p><b><u><br /><a href="https://imgflip.com/i/7rjyr6"><img src="https://i.imgflip.com/7rjyr6.jpg" title="made at imgflip.com" /></a></u></b></p><div><b><u></u></b></div><p></p><p><b><u>Summary:</u></b></p><p>Basically had an expiring certificate registered in NSX-T that was associated to a node_id that is no longer valid. Long story short, there wasn't anything obvious in API to delete or disassociate a certificate from a node_id for 3.2.2. Not sure how things got in this state, but annotating for future reference. This may change in future revisions, so always check API for latest.</p><p><b><u>Details:</u></b></p><p><span style="font-family: inherit;">Effectively had a stale node associated w/ a certificate that was expiring. Could not delete certificate until that node was disassociated from the certificate.</span></p><p></p><p></p><p></p><ul style="text-align: left;"><li><span style="font-family: inherit;">To get certificate details and associated node_id's, you can use the following curl call (UI works too):</span></li><ul><li><span style="background-color: white; caret-color: rgb(29, 29, 29); color: #1d1d1d;"><i><span style="font-family: inherit;">curl -k -X GET -H "Content-Type: application/json" -u admin https://<manager ip>/api/v1/trust-management/certificates/<cert UUID></span></i></span></li><li><span style="background-color: white; caret-color: rgb(29, 29, 29); color: #1d1d1d;"><span style="font-family: inherit;">Above will return something like this:</span></span></li></ul></ul><p></p><p><span style="background-color: white; caret-color: rgb(29, 29, 29); color: #1d1d1d; font-size: 14.6667px;"><span style="font-family: inherit;"><i></i></span></span></p><div class="separator" style="clear: both; text-align: center;"><i><span style="font-family: inherit;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEh0lddTUwg9_J7ygCTgHZDF3-yliKejI-8TMbL84at7JUvEtKua_loLRvFnnmUJjh4eKbpSX4oe66xeyHy1m63UfqCfMNmCgyBf4oVD9au8NCjLrSJBQvkNGf-4xj2ZP0-hKhUU0wFIp6oMBRJH8GaIwuvQT2NzEw7c9Wsw8gRa8Vuuuur_TcutE1Em1ty8" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="814" data-original-width="2634" height="99" src="https://blogger.googleusercontent.com/img/a/AVvXsEh0lddTUwg9_J7ygCTgHZDF3-yliKejI-8TMbL84at7JUvEtKua_loLRvFnnmUJjh4eKbpSX4oe66xeyHy1m63UfqCfMNmCgyBf4oVD9au8NCjLrSJBQvkNGf-4xj2ZP0-hKhUU0wFIp6oMBRJH8GaIwuvQT2NzEw7c9Wsw8gRa8Vuuuur_TcutE1Em1ty8" width="320" /></a></span></i></div><i><span style="font-family: inherit;"><br /></span></i><p></p><ul style="text-align: left;"><li>Below must be run from one of the manager nodes via elevation to root:</li><li><b>ONLY RUN THIS IF YOU ARE ABSOLUTELY SURE OF WHAT YOU ARE DOING!</b></li><ul><li><i><span style="font-family: inherit;"><span style="background-color: white; caret-color: rgb(29, 29, 29); color: #1d1d1d;">curl -v -H 'x-nsx-username: admin' -k -H "Content-Type: application/json" -X POST "</span><span style="background-color: red;">http</span>://<span style="background-color: red;">127.0.0.1</span>:7440/nsxapi/api/v1/trust-management/certificates/<cert<span style="background-color: white; caret-color: rgb(29, 29, 29); color: #1d1d1d;"><span class="Apple-converted-space"> </span>UUID>?action=release" -d '{"node_id": "node"}'</span></span></i></li></ul></ul><div><span style="color: #1d1d1d;"><span style="font-family: inherit;">Above call is not </span>publicly<span style="font-family: inherit;"> documented from what I was able to find, so use at your own risk.</span></span></div><p></p>Zsoldierhttp://www.blogger.com/profile/11268515960384934875noreply@blogger.com0tag:blogger.com,1999:blog-5834591349436314089.post-79398831184790285132024-01-21T23:20:00.002-05:002024-01-21T23:20:30.605-05:00iOS: Sleep Focus activating on wrong time zone<p><b><u></u></b></p><div class="separator" style="clear: both; text-align: center;"><b><u><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjwp7OOBblqhWC1w0gpxk4PFZARFqTYOAZd_e447JfWiPODOBd3_CtlHh_QkJwCzPiLvr0g_LI6iIRLoXcWyBKgLOww28D2ovjZUw29aPCjvlepXQ2jJTjGk5EULylGnPs9u6sgs5efxSE2q6KBLZdmnecOloEjIeF2bFv0oJeXhkpCBkOG4G8zBHxTnXmt" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="914" data-original-width="1300" height="1" src="https://blogger.googleusercontent.com/img/a/AVvXsEjwp7OOBblqhWC1w0gpxk4PFZARFqTYOAZd_e447JfWiPODOBd3_CtlHh_QkJwCzPiLvr0g_LI6iIRLoXcWyBKgLOww28D2ovjZUw29aPCjvlepXQ2jJTjGk5EULylGnPs9u6sgs5efxSE2q6KBLZdmnecOloEjIeF2bFv0oJeXhkpCBkOG4G8zBHxTnXmt" width="1" /></a></u></b></div><b><u><br /><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibxpPvDQxEGYUB1jmeV1vQNY7GEVuCPMFg4cy9yUcHTJIaWhlcaDordUTpTpuhwFtnRmUJevC2-Ej9tCGO9d22XA5zTH1zCf8FkSCBSXfl3OwH-grzo0pvzLHm1XHSL_pXOBTZ0_3H0ttGmFWT697BLXgVvLCKTRgjAJkoYe5Y8vuZA5Ao4584ErFfiocR/s1300/dolorean_time_-_Search_Images.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img alt="Time is Relative" border="0" data-original-height="914" data-original-width="1300" height="450" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibxpPvDQxEGYUB1jmeV1vQNY7GEVuCPMFg4cy9yUcHTJIaWhlcaDordUTpTpuhwFtnRmUJevC2-Ej9tCGO9d22XA5zTH1zCf8FkSCBSXfl3OwH-grzo0pvzLHm1XHSL_pXOBTZ0_3H0ttGmFWT697BLXgVvLCKTRgjAJkoYe5Y8vuZA5Ao4584ErFfiocR/w640-h450/dolorean_time_-_Search_Images.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Time is Relative</td></tr></tbody></table><div class="separator" style="clear: both; text-align: center;"><br /></div></u></b><p></p><p><b><u>Summary:</u></b></p><p>For some strange reason, my sleep focus, was activating based upon my home timezone of EST while traveling to Japan and Australia. My phone's timezone was correct as was my apple watch that is set to mirror my iPhone.</p><p><b><u>Resolution:</u></b></p><p></p><ol style="text-align: left;"><li>Settings --> Privacy & Security --> Location Services</li><li>Turn off Location Services</li><li>Turn on Location Services</li></ol><p></p><p>For a quick test, you can edit your sleep schedule in Apple Health to a time window the same as your original timezone to see it reactivates again immediately. </p><p>For example:</p><p>9:30 pm EST = 12:30pm Brisbane</p><p>So if you set your sleep schedule to 9:30pm while it is currently 12:30pm in Brisbane, sleep focus should activate immediately if above location services reset was not done.</p><p>For some strange reason, I was not able to fix this by restarting iPhone. Anyway, just thought I'd post since I'm likely to forget trying this.</p>Zsoldierhttp://www.blogger.com/profile/11268515960384934875noreply@blogger.com0tag:blogger.com,1999:blog-5834591349436314089.post-76689164907999507102023-11-13T15:57:00.003-05:002023-11-15T12:08:38.209-05:00Azure VMware Solution: NSX-T Active/Active T0 Edges...but<p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEgNKF6qC8Be6h3BDjmqfIRXK27-EnPOHk9syI1SSrR2sStUBTMvuWgM95onOOvvAwrSoZmtp4moGnaq-xhr6Sp454XTDZnhVv37GRsshIu8hW7fkeOPE3PSWoWI19l4sWdXd4fJBWk9J9SOBqQPBt7-tUG53PbKyzVImFxtzIit9zzh2RKDfDx6ePNwQA" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="467" data-original-width="534" height="240" src="https://blogger.googleusercontent.com/img/a/AVvXsEgNKF6qC8Be6h3BDjmqfIRXK27-EnPOHk9syI1SSrR2sStUBTMvuWgM95onOOvvAwrSoZmtp4moGnaq-xhr6Sp454XTDZnhVv37GRsshIu8hW7fkeOPE3PSWoWI19l4sWdXd4fJBWk9J9SOBqQPBt7-tUG53PbKyzVImFxtzIit9zzh2RKDfDx6ePNwQA" width="274"></a></div><br><b><u>Summary:</u></b><p></p><p>Azure VMware Solution (AVS) delivers by default w/ a pair of redundant Large NSX-T Edge VM's each running a T0 in active/active mode. So why is my traffic only going out one Edge VM?</p><p><b><u>Short answer:</u></b></p><p>The default T1 that is delivered w/ AVS is an active/passive T1 where you connect your workloads to. So while it could technically take either T0, it's always going to go out the closest T0 to the active "SR" T1. Where do the SR's live? You guessed it, on the Edge VM's. As you can imagine, this can lead to a bottleneck if you try to shove all your traffic through a single Edge VM.</p><p><b><u>Simple Diagram:</u></b></p><p><b style="text-decoration-line: underline;"></b></p><div class="separator" style="clear: both; text-align: center;"><b style="text-decoration-line: underline;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjsL_kUa0sg-dhfW-Ix91ExKTxameYPgD9FSHAaKO0qEzq2JQOlbhtshEckwaRYJ7Huvg7_BlRggFJPHwIJxXQCwluROTfS8I2oWB2JDIYlYfrDstLRUzUYAZAjMIBwkHnq3aPl4lJ_nzPMVM4WGx5fRv9274TnD0FYmvrNcJtAKtJM8Igv-ofTiy-_7O8m/s851/Default%20AVS%20DataFlow.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="733" data-original-width="851" height="552" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjsL_kUa0sg-dhfW-Ix91ExKTxameYPgD9FSHAaKO0qEzq2JQOlbhtshEckwaRYJ7Huvg7_BlRggFJPHwIJxXQCwluROTfS8I2oWB2JDIYlYfrDstLRUzUYAZAjMIBwkHnq3aPl4lJ_nzPMVM4WGx5fRv9274TnD0FYmvrNcJtAKtJM8Igv-ofTiy-_7O8m/w640-h552/Default%20AVS%20DataFlow.jpg" width="640"></a></b></div><b style="text-decoration-line: underline;"><b><u>Longer answer with Options:</u></b></b><div><b><span></span></b></div><a href="http://tech.zsoldier.com/2023/11/azure-vmware-solution-nsx-t.html#more">Read more »</a>Zsoldierhttp://www.blogger.com/profile/11268515960384934875noreply@blogger.com0tag:blogger.com,1999:blog-5834591349436314089.post-88290959977466346662022-10-11T13:53:00.005-04:002022-10-11T13:54:11.922-04:00vCenter: Cluster Skip Quickstart Workflow via API<div class="separator" style="clear: both; text-align: center;"><a href="https://imgflip.com/i/6wj7xi" style="margin-left: 1em; margin-right: 1em;"><img src="https://i.imgflip.com/6wj7xi.jpg" title="made at imgflip.com" /></a></div><b><u><br /></u></b><p></p><p><b><u>Summary:</u></b></p><p>Basically, whenever you reset vCenter, you might end up w/ a warning on a cluster running vSAN that's just annoying. To circumvent, this from alerting, you need to disable quickstart. Easy enough via UI, but API is a little weird here.</p><p><b><u>Details:</u></b></p><p>For one, code capture doesn't seem to understand this. So no help there unfortunately. Secondly, nothing named "quickstart" is in the API, so made this somewhat annoying to try and find. <a href="https://communities.vmware.com/t5/VMware-vSAN-Discussions/Disable-Quickstart-for-existing-cluster/m-p/2304325/highlight/false#M10111">Seems like someone had this question on the VMware communities forum 2 years ago w/ no answer.</a> Someone asked me internally, so I had to dig into it.</p><p>Basically, two things:</p><p></p><ol style="text-align: left;"><li>You can create a cluster w/ quick start disabled from the get go by passing a false boolean to a parameter named: "InHciWorkflow" via API/PowerCLI call</li><li>Secondly, to "skip QuickStart" on an already created cluster, you can call a method called:</li><ul><li>"AbandonHciWorkflow"</li></ul></ol><div>So yeah, you can see how "quickstart" and "HCIWorkflow" SCREAM the same thing...</div><div><br /></div><div><b><u>Code Sample:</u></b></div><div><b><u><br /></u></b><script src="https://gist.github.com/Zsoldier/1174e2b4f5bdd7657a79fa9fa9c4712d.js"></script></div><p></p>Zsoldierhttp://www.blogger.com/profile/11268515960384934875noreply@blogger.com6tag:blogger.com,1999:blog-5834591349436314089.post-12697305435292856752022-10-06T21:21:00.003-04:002022-10-06T21:21:55.838-04:00NSX-T: Find and Delete Orphaned Ports<div class="separator" style="clear: both; text-align: center;"><a href="https://imgflip.com/i/6w13be" style="margin-left: 1em; margin-right: 1em;"><img src="https://i.imgflip.com/6w13be.jpg" /></a></div><p></p><div><a href="https://imgflip.com/memegenerator"></a></div><br /><p></p><p><b><u>Summary:</u></b></p><p>Basically had a bunch of orphaned ports (65000+), don't know why or how it happened (hypothetically NTP related), but needed to clean them up. Doing it via UI was obviously not an option as it would only return 50 ports per page at a time. Oh and it wouldn't refresh after every delete.</p><p><b><u>Details:</u></b></p><p>I'm saying 'orphaned', but in reality I'm only keying off the idea that the port is reporting "Operationally Down". This could simply be a powered off VM, but there is little harm in deleting these type of ports as they will simply be recreated if that VM were to be powered up. </p><p>This may not apply in all situations, so use this with caution.</p><p><b><u>Powershell Example(s):</u></b></p><p><script src="https://gist.github.com/Zsoldier/eff448c3f177c6045ffbff73d1258262.js"></script></p><p><b><u><br /></u></b></p><p><b><u>References:</u></b></p><p><a href="https://www.virten.net/2021/03/error-when-connecting-virtual-machine-to-nsx-t-segments/">https://www.virten.net/2021/03/error-when-connecting-virtual-machine-to-nsx-t-segments/</a></p>Zsoldierhttp://www.blogger.com/profile/11268515960384934875noreply@blogger.com0tag:blogger.com,1999:blog-5834591349436314089.post-56417152639211500612022-01-20T14:11:00.000-05:002022-01-20T14:11:43.147-05:00vSAN: The cascade scenario that vSAN stretch cluster has issues with...<p><b></b></p><div class="separator" style="clear: both; text-align: center;"><b><a href="https://blogger.googleusercontent.com/img/a/AVvXsEgK_ksQ3HlZRih191Hs6z3wP5aRzft8PPdGyexVmzTXV04cSur9PhL1GrKmRJNRNs1iVlMLFoNtf9rGWzv_cwt39SXYgyvhXSmd5c92J_2rAZaOALozgXYkC_tdj3Ol395PHN0b5j0DHv1Wwt5BxObQv-cs51CzwRlmwUeDRVWIf31fV1B0pBsnMDIfyw=s142" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="116" data-original-width="142" height="116" src="https://blogger.googleusercontent.com/img/a/AVvXsEgK_ksQ3HlZRih191Hs6z3wP5aRzft8PPdGyexVmzTXV04cSur9PhL1GrKmRJNRNs1iVlMLFoNtf9rGWzv_cwt39SXYgyvhXSmd5c92J_2rAZaOALozgXYkC_tdj3Ol395PHN0b5j0DHv1Wwt5BxObQv-cs51CzwRlmwUeDRVWIf31fV1B0pBsnMDIfyw" width="142" /></a></b></div><b><u>Summary:</u></b><p></p><p>Basically while testing stretch cluster, we ran into strange failover behavior. The fact that it was not simply occuring. During this testing, we found a dirty little secret about stretch cluster failovers. One that makes me rethink if stretch clusters really is worth doing.</p><p><a href="https://core.vmware.com/resource/vsan-stretched-cluster-guide#sec7373-sub1">Documented Failure Scenarios</a></p><p><b><u>Details:</u></b></p><p>All documented scenarios effectively deal w/ a 'single' type of failure. The problem is disasters/failures can be multi-faceted and cascading in some instances. Taking the <b>Secondary Site Failure or Partitioned scenario</b> and adding the 'cascading failure' to it and you end up in a whole world of trouble depending on the next 'failure'.</p><p>Below effectively depicts the failure of the interconnect between the two sites. The problem this fails to take into account is that there are typically 3 things involved to this. </p><p></p><ol style="text-align: left;"><li>The networking between the two sites</li><li>The preferred site routers</li><li>The secondary site routers</li></ol><p></p><p><span style="background-color: white; color: #565656;"><span style="font-family: inherit;"></span></span></p><div style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhTC_WF8y29tCo3ouWxaMFuuNFuvqYKI8zpdN6qL96RuS0kSc9pFiAqjOzr2X7XtggOeue2AhSZlEgNES26Cb3k5MTDQpZoMTGX2e-k2pCVbzPyut_F5PnJwW5plySKiO3TJ7vxujfPRzup/"><img alt="" data-original-height="749" data-original-width="988" height="303" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhTC_WF8y29tCo3ouWxaMFuuNFuvqYKI8zpdN6qL96RuS0kSc9pFiAqjOzr2X7XtggOeue2AhSZlEgNES26Cb3k5MTDQpZoMTGX2e-k2pCVbzPyut_F5PnJwW5plySKiO3TJ7vxujfPRzup/w400-h303/Secondary+Site+Failure+or+Partitioned.png" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"><span style="font-family: inherit;"></span></div><span style="font-family: inherit;"><br /><span style="font-family: inherit;">So here is a slightly more involved diagram to highlight a case where the primary site routers link to the secondary site fails FIRST in a cascading failure scenario.</span></span><p></p><p><span style="background-color: white; color: #565656;"><span style="font-family: inherit;"></span></span></p><div class="separator" style="clear: both; text-align: center;"><span style="font-family: inherit;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_eDU_KfxHtGUmT1SnUL2_uFGStNz-QwsDj3IkoZXHumjMLcoTqe3R6RloQoXiNaUkdvnzaKJ0n7TNIRI_sE8F_WX37ri54Ah8STIhRRi9MIXgSoyloHGnwFjHT14_9urLkkY8RQeZVtIq/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="344" data-original-width="616" height="358" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_eDU_KfxHtGUmT1SnUL2_uFGStNz-QwsDj3IkoZXHumjMLcoTqe3R6RloQoXiNaUkdvnzaKJ0n7TNIRI_sE8F_WX37ri54Ah8STIhRRi9MIXgSoyloHGnwFjHT14_9urLkkY8RQeZVtIq/w640-h358/Stretch+Cluster+Disaster+Scenario.drawio+%25282%2529.png" width="640" /></a></span></div><ol style="text-align: left;"><li>VMs in Secondary Site are HA powered off</li><li>VMs in Secondary Site are powered on in Preferred Site.</li></ol>This is fine, but 'what if' the primary site routers link to secondary was simply a signal to a greater disaster of preferred site going completely offline? What happens to your VMs? Do they failover to secondary site? Short answer is no. The reason?<div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhFWaWL6reHQNpuOETCxSWm1kIzLoW71pgWTxgMLcNvVglWGdOgZr-HgAuvbEj3b4u_aiLXOEtpzdsifr1ThiQr_RUcVzVp4URQ516bXMWkvGSqIk76GT2DbW1Iko0DkjyRO3r3s43PHEmxoOeW-G9UryVw1CPbDabSgBIlTv6vNHTNJDQjG1KCfko_bA=s674" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="367" data-original-width="674" height="348" src="https://blogger.googleusercontent.com/img/a/AVvXsEhFWaWL6reHQNpuOETCxSWm1kIzLoW71pgWTxgMLcNvVglWGdOgZr-HgAuvbEj3b4u_aiLXOEtpzdsifr1ThiQr_RUcVzVp4URQ516bXMWkvGSqIk76GT2DbW1Iko0DkjyRO3r3s43PHEmxoOeW-G9UryVw1CPbDabSgBIlTv6vNHTNJDQjG1KCfko_bA=w640-h348" width="640" /></a></div>The problem w/ this cascading failure scenario is that witness detected secondary site cannot communicate w/ primary and has already declared HA to failover to preferred site. EVEN though, the witness can still communicate w/ secondary site systems.<br /><br />Witness cannot send preferred site a signal to HA event because it does not know its actual status to start systems on secondary site. The data on secondary site has also been declared stale at this point because the link between preferred and secondary was broken first. This is not an issue if secondary site were the one to fail.</div><div><span style="color: #565656;"><br /></span></div><b>So what can you do in this case? </b><div><ul style="text-align: left;"><li>Restore from backup</li><li>Contact VMware for the black magic voodoo to force a failover to secondary site.</li></ul><b>What can VMware do to improve this? ¯\_(ツ)_/¯ </b></div><div>All roads point to using storage policies and defining data locality (preferred only or secondary only), but at that point, you're working to make your applications above redundant. I would like to be able to define a dual mirroring policy w/ a way to state who my actual 'preferred' site is, but unsure if that really gains me anything.<br /><br /><b>Release the black magic voodoo so that you can force failover to your secondary site? </b></div><div>This is not without risk though, because remember, the data on the secondary site is stale and there may have been new data written while systems were up in preferred site that secondary site never received data for.<br /><br />It's somewhat of an edge case, but in a DR scenario, anything is possible.<br /><br /><b>Is vSAN stretch cluster worth it? </b><br />I'd argue probably not, knowing the behavior above. I'd be more likely to lean toward DR tools like SRM (even though it wouldn't be real time replication). Or rely on application level replication tech. However, I'm sure there are use cases where vSAN stretch cluster would make sense, but the very real failure scenario above definitely gives me pause.</div><p></p>Zsoldierhttp://www.blogger.com/profile/11268515960384934875noreply@blogger.com0tag:blogger.com,1999:blog-5834591349436314089.post-8964477664118695112022-01-14T16:15:00.003-05:002022-01-14T16:15:26.546-05:00NSX-T: Deleting route advertisement filters via API<p> </p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjUsU_xUlKfeZazzoareHyW6HAX7y_joA6Dn089hrzmyIHxLXsK51FRJ4m9DcY8C1X2BpJQ7IhthMOR_cBbv0ssKG3XDp5uHxhwndz_ncJbnTMkmCPXch46_7I3rUctchROi0NrBTaZVNrPLjQSX-ssEkWnUst0iz13tKHcLfc1DHLBRp3KiexIW3PdAw=s576" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="324" data-original-width="576" height="180" src="https://blogger.googleusercontent.com/img/a/AVvXsEjUsU_xUlKfeZazzoareHyW6HAX7y_joA6Dn089hrzmyIHxLXsK51FRJ4m9DcY8C1X2BpJQ7IhthMOR_cBbv0ssKG3XDp5uHxhwndz_ncJbnTMkmCPXch46_7I3rUctchROi0NrBTaZVNrPLjQSX-ssEkWnUst0iz13tKHcLfc1DHLBRp3KiexIW3PdAw=s320" width="320" /></a></div><b><u>Summary:</u></b><p></p><p>When creating a DHCP server in NSX-T, a route advertisement filter is automatically created for you. This is so that the DHCP server is prevented from advertising DHCP addresses outside of your fabric. This is fine for the most part, but there are occasions where the DHCP subnet you allocated may overlap a DNS forwarder IP that you may have setup before.</p><p>Honestly, this feels like a logic bug to where it shouldn't allow this, but oh well. </p><p><b><u>Detailed Steps</u></b></p><p>Anyway, all you have to do is delete the DHCP server in question, but in some cases, the route filter may not be deleted along with it.</p><p>In that case, you can delete the route filter itself via the Manager UI:</p><p></p><ol style="text-align: left;"><li>Select Manager > Networking > Tier-1 Logical Routers > T1 in question > Routing > Route Advertisement > Select DHCPServerRouteFilter > Delete.</li><li><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjpZmZdn6OE33YbuiB8kNlbLItJ16KDKTPtkBfLAc8AZ2mhDiTInHGCAFgmts_h8-vCqsOrb53EIGt4hs2VkXi55Q216kJTEsLnD28RPRMRje9RER9QYWLEFregksc8cWBn6tL885nEQrMM/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="782" data-original-width="1315" height="380" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjpZmZdn6OE33YbuiB8kNlbLItJ16KDKTPtkBfLAc8AZ2mhDiTInHGCAFgmts_h8-vCqsOrb53EIGt4hs2VkXi55Q216kJTEsLnD28RPRMRje9RER9QYWLEFregksc8cWBn6tL885nEQrMM/w640-h380/DHCPServerRouteFilter.png" width="640" /></a></div></li></ol>In the case where the delete option is greyed out, you can use the below curl code to clear it out. This is the last ditch effort, so only do it if you absolutely know what you are doing:<p></p><script src="https://gist.github.com/Zsoldier/0b6f6187948f889890713eb75ff610c0.js"></script>Zsoldierhttp://www.blogger.com/profile/11268515960384934875noreply@blogger.com0tag:blogger.com,1999:blog-5834591349436314089.post-35342320627205308452022-01-14T15:56:00.000-05:002022-01-14T15:56:04.519-05:00NSX-T: Create CSR's with SAN entries, self sign, and apply them<p><b></b></p><div class="separator" style="clear: both; text-align: center;"><b><a href="https://blogger.googleusercontent.com/img/a/AVvXsEj2njE9xgSZp1jzrzS4AEiEGxfXUFwDu9wEPhwX5TkyM25BvD6PMP1vS8XLYbACiOaj1mIu_IgBrr-vJKN_RUAtIPmlfwSbpw3RpD0xyaFhrTcAo8DIrGhSSFRJPsngD2eojEVF5PUPjdMOnZDbNZ9-Oy0dT50SkqGhQ8D1v3YBRhrxnVBTzuFUfATLHQ=s576" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="324" data-original-width="576" height="180" src="https://blogger.googleusercontent.com/img/a/AVvXsEj2njE9xgSZp1jzrzS4AEiEGxfXUFwDu9wEPhwX5TkyM25BvD6PMP1vS8XLYbACiOaj1mIu_IgBrr-vJKN_RUAtIPmlfwSbpw3RpD0xyaFhrTcAo8DIrGhSSFRJPsngD2eojEVF5PUPjdMOnZDbNZ9-Oy0dT50SkqGhQ8D1v3YBRhrxnVBTzuFUfATLHQ=s320" width="320" /></a></b></div><b><br /><u><br /></u></b><p></p><p><b><u>Summary:</u></b></p><p>This utilizes an <i><span style="color: red;">experimental</span></i> API endpoint in NSX-T, but I've found it to work without issues. Be warned though, the endpoint may not function the same in newer releases. This has worked in 3.1.2.</p><p><b><u>Details:</u></b></p><p></p><ol style="text-align: left;"><li>The variables at the beginning of this shell script must be defined for your environment.</li><li>Your DNS names should resolve to your appliances.</li><li>This does work w/ 3.1.2, but may not in future revisions.</li></ol><p></p><p><b><u>Example Code:</u></b></p><p><b><u></u></b></p><script src="https://gist.github.com/Zsoldier/ba4de13127325cc2dffe12d37ef85168.js"></script>Zsoldierhttp://www.blogger.com/profile/11268515960384934875noreply@blogger.com0tag:blogger.com,1999:blog-5834591349436314089.post-19371234189484632952021-12-02T10:01:00.003-05:002022-11-15T11:22:53.253-05:00MacOS: Remove password requirement policies originally applied by MDM's<p><b></b></p><div class="separator" style="clear: both; text-align: center;"><b><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfQ_L4Km_WyzdZ4_ZEX0YP_YYeJ_D-sz_LMnPMes6YELcEP9un_8SF2UNlYCk4YjXlXj1ba7I12QupJnGtL0rhjc0m6gUcAYjsFTwE_ZC7CXB6DsxQnYVBo8tYlhtZj-Ge8dOhDYkjdgRA/s400/AppleLockLogo.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="400" data-original-width="400" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfQ_L4Km_WyzdZ4_ZEX0YP_YYeJ_D-sz_LMnPMes6YELcEP9un_8SF2UNlYCk4YjXlXj1ba7I12QupJnGtL0rhjc0m6gUcAYjsFTwE_ZC7CXB6DsxQnYVBo8tYlhtZj-Ge8dOhDYkjdgRA/s320/AppleLockLogo.png" width="320" /></a></b></div><b><u>Summary:</u></b><p></p><p>Occasionally, a system no longer managed by an MDM will leave garbage behind. One of those 'things' is password policies. You can use a tool in terminal to get rid of the password policy. </p><p><b><u>Solution:</u></b></p><p><i>sudo pwpolicy -clearaccountpolicies</i></p><p><b><u>Note:</u></b></p><p>* If you use above on a still managed system, the above solution will only be temporary. I recommend following your MDM providers policies as they are in place to protect you and your company. Regardless of how annoying they might be be.</p><p><b><u>Reference:</u></b></p><p>If you want to keep just some things related to the policy, you create your own using the referenced script below:</p><p><br /></p><script src="https://gist.github.com/Zsoldier/a7924bd88a10083cc43e0ea5b596271c.js"></script>Zsoldierhttp://www.blogger.com/profile/11268515960384934875noreply@blogger.com0tag:blogger.com,1999:blog-5834591349436314089.post-33530680393963170692021-08-26T11:28:00.005-04:002021-08-26T11:28:24.219-04:00Powershell: Unable to install modules due to missing nuget package provider, cannot install nuget<b><u>Summary:</u></b><div>Had this issue in Windows 2016 on a system that I know has internet. Basically came down to enabling tls12 in order to enable powershell to download and install nuget package provider and modules from powershell gallery.</div><div><br /></div><div><b><u>Example Errors:</u></b></div><div><div><i><span style="color: #fcff01;">WARNING: Unable to download from URI 'https://go.microsoft.com/fwlink/?LinkID=627338&clcid=0x409</span></i></div><div><i><span style="color: #fcff01;">WARNING: Unable to download the list of available providers. Check your internet connection.</span></i></div></div><div><div><span style="color: red;"><i>PackageManagement\Install-PackageProvider : No match was found for the specified search criteria for the provider</i></span></div><div><span style="color: red;"><i>'NuGet'. The package provider requires 'PackageManagement' and 'Provider' tags. Please check if the specified package</i></span></div><div><span style="color: red;"><i>has the tags.</i></span></div><div><span style="color: red;"><i>At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7405 char:21</i></span></div><div><span style="color: red;"><i>+ ... $null = PackageManagement\Install-PackageProvider -Name $script:N ...</i></span></div><div><span style="color: red;"><i>+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</i></span></div><div><span style="color: red;"><i> + CategoryInfo : InvalidArgument: (Microsoft.Power...PackageProvider:InstallPackageProvider) [Install-Pac</i></span></div><div><span style="color: red;"><i> kageProvider], Exception</i></span></div><div><span style="color: red;"><i> + FullyQualifiedErrorId : NoMatchFoundForProvider,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackagePro</i></span></div><div><span style="color: red;"><i> vider</i></span></div><div><span style="color: red;"><i><br /></i></span></div><div><span style="color: red;"><i>PackageManagement\Import-PackageProvider : No match was found for the specified search criteria and provider name</i></span></div><div><span style="color: red;"><i>'NuGet'. Try 'Get-PackageProvider -ListAvailable' to see if the provider exists on the system.</i></span></div><div><span style="color: red;"><i>At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7411 char:21</i></span></div><div><span style="color: red;"><i>+ ... $null = PackageManagement\Import-PackageProvider -Name $script:Nu ...</i></span></div><div><span style="color: red;"><i>+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</i></span></div><div><span style="color: red;"><i> + CategoryInfo : InvalidData: (NuGet:String) [Import-PackageProvider], Exception</i></span></div><div><span style="color: red;"><i> + FullyQualifiedErrorId : NoMatchFoundForCriteria,Microsoft.PowerShell.PackageManagement.Cmdlets.ImportPackageProv</i></span></div><div><span style="color: red;"><i> ider</i></span></div></div><div><span style="color: red;"><i><br /></i></span></div><div><span style="color: red;"><i><div>Install-PackageProvider : No match was found for the specified search criteria for the provider 'NuGet'. The package</div><div>provider requires 'PackageManagement' and 'Provider' tags. Please check if the specified package has the tags.</div><div>At line:1 char:1</div><div>+ Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force</div><div>+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</div><div> + CategoryInfo : InvalidArgument: (Microsoft.Power...PackageProvider:InstallPackageProvider) [Install-Pac</div><div> kageProvider], Exception</div><div> + FullyQualifiedErrorId : NoMatchFoundForProvider,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackagePro</div><div> vider</div></i></span></div><div><b><u><br /></u></b></div><div><b><u>Workaround:</u></b></div><div>Run the following in Powershell to workaround it. This won't solve issue if internet is blocked elsewhere.</div><div><ol style="text-align: left;"><li><i>[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12</i></li><li><i>Install-PackageProvider -Name NuGet</i></li><li><i>Install-Module SomethingfromPowershellGalleryshouldnowwork</i></li></ol><div><b><u>References:</u></b></div></div><div><a href="https://stackoverflow.com/questions/63856516/unable-to-install-nuget-package-provider-in-powershell-core-on-linux">Unable to install NuGet package provider in PowerShell Core on Linux - Stack Overflow</a></div><div><i><br /></i></div>Zsoldierhttp://www.blogger.com/profile/11268515960384934875noreply@blogger.com0tag:blogger.com,1999:blog-5834591349436314089.post-81968489017893922142021-08-18T20:44:00.003-04:002021-08-18T20:44:30.739-04:00Misc: Installed some new tail lights from Hansshow on my Tesla Model 3<p><b><u><br /></u></b></p><p><b></b></p><div class="separator" style="clear: both; text-align: center;"><b><iframe allowfullscreen='allowfullscreen' webkitallowfullscreen='webkitallowfullscreen' mozallowfullscreen='mozallowfullscreen' width='549' height='266' src='https://www.blogger.com/video.g?token=AD6v5dw7EebYP8NHDXYe_ukUjTIC9ssMU1hKpG9bSh3H5peHp3Rb2XaV3XfrUV0R58w2m8_ymmz4x5rWMcnd-jvAgg' class='b-hbp-video b-uploaded' frameborder='0'></iframe></b></div><p></p><p><b><u>Summary:</u></b></p><p>As a little treat for myself, I bought some real cool aftermarket tail lights from <a href="https://www.hautopart.com/product/model-3-y-eagle-eye-style-tail-light/">Hansshow</a> as you can see from the video above. Use coupon code "SARHANSSHOW" for 15% off. I don't get a cut of any kind, but I like sharing. Anyway, here is a wiring diagram I drew up to show how everything logically needs to be wired. </p><p>If you want to support me and posts like this, you can order <a href="http://denki3.com">Tesla products via my referral link</a>. Honestly, their referral program these days is kinda lame in my opinion, but hey, you get something and I get something out of it.</p><p><b><u>Notes:</u></b></p><p>For euro spec may be slightly different and 2021 models would use a 4-pin Adapter instead of a 3-pin adapter which is US specific and applies for 2020 models and older. Basically, if you have a red turn signal, chances are that you have a 3-pin setup.</p><p>The only downside to these lights in older models is that the turn signal indicators light up in addition to a separate red brake light on these (Amber and Red). Not a deal breaker for me, but something to keep in mind. Otherwise, they work perfectly.</p><p><a href="https://www.reddit.com/r/TeslaModel3/comments/p5s3ng/new_tail_lights_installed_loving_how_these_look/">New Tail lights installed. Loving how these look. : TeslaModel3 (reddit.com)</a> < Reddit Post where lots of good questions are answered.</p><p><b><u>Diagram:</u></b></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiw6kNgJBPYSjwoCKi-JBdiQD73r1q1OrFG2PpiLnTvR5XZ6inM7UTCXA_xWgr1KnLQGo2oYKz-aBiSdFe2kEE-1qG6hE9ZipjIW-RHMFD3GfaJGxun-lSm2TgMQ2H5UcFF2mk7s3qFisoO/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="591" data-original-width="731" height="517" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiw6kNgJBPYSjwoCKi-JBdiQD73r1q1OrFG2PpiLnTvR5XZ6inM7UTCXA_xWgr1KnLQGo2oYKz-aBiSdFe2kEE-1qG6hE9ZipjIW-RHMFD3GfaJGxun-lSm2TgMQ2H5UcFF2mk7s3qFisoO/w640-h517/Tesla+Tail+light+Wiring.png" width="640" /></a></div><br /><br /><p></p>Zsoldierhttp://www.blogger.com/profile/11268515960384934875noreply@blogger.com0tag:blogger.com,1999:blog-5834591349436314089.post-74070201782638168462021-07-12T11:51:00.006-04:002021-07-12T11:53:38.764-04:00NSX-T: Finding Tagless NSX-T VMs with Powershell Core<div style="text-align: center;"><a href="https://memeguy.com/photo/392233/tag-less-shirts-arent-so-tag-less"><img alt="" src="https://memeguy.com/photos/images/tag-less-shirts-arent-so-tag-less-392233.jpg" title="Tag less shirts arent so tag less" /></a></div><p><b><u>Summary:</u></b></p><p><a href="https://communities.vmware.com/t5/VMware-PowerCLI-Discussions/Report-For-Tagless-VMs-with-NSX-T/m-p/2856941#M102331">Someone asked how you can find NSX-T 'tagless' VM's</a>. Seemed pretty straight forward and something I could answer w/o the shadow of LucD bot picking and answering while I'm still noodling on it.</p><p>Anyway here is how it can be done and via <a href="https://github.com/PowerShell/PowerShell/releases/tag/v7.1.3">Powershell Core</a> (does not work as written in Powershell classic). No PowerCLI module needed:</p><p><br /></p><script src="https://gist.github.com/Zsoldier/9eda954f0c972d17c124040d7759054a.js"></script>Zsoldierhttp://www.blogger.com/profile/11268515960384934875noreply@blogger.com0tag:blogger.com,1999:blog-5834591349436314089.post-16659085085456802402021-03-31T15:19:00.001-04:002021-03-31T15:19:12.634-04:00Misc: Workaround to silence Outlook for MacOS notification sounds while Do Not Disturb enabled.<p><b><u><br /></u></b></p><p><b><u></u></b></p><div class="separator" style="clear: both; text-align: center;"><b><u><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5W-9K8l05_dsm54WlD_w29630TQRXMnEvOSVZxsq6qbtMyuk5d_6wupQRoXYOl8elXHGTIPwVT0DpE7nZgg8QGVmG8hjE8zfmk2CEk4cZhm-yf5_ptYNLoSFUrCgnWyfMdaJAmTaMP5W9/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="588" data-original-width="567" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5W-9K8l05_dsm54WlD_w29630TQRXMnEvOSVZxsq6qbtMyuk5d_6wupQRoXYOl8elXHGTIPwVT0DpE7nZgg8QGVmG8hjE8zfmk2CEk4cZhm-yf5_ptYNLoSFUrCgnWyfMdaJAmTaMP5W9/s16000/Applications.png" /></a></u></b></div><b><u>Summary:</u></b><p></p><p>Work from home doesn't mean you should be on 24/7, which is why MacOS's "Do Not Disturb" function is great. What's not great is that not all apps on MacOS respect it. Microsoft Outlook for MacOS is one of them. I've put in a bug/feature request for it to natively respect MacOS do not disturb. In the meantime, you can make use of MacOS Automator silence your system based on a calendar trigger.</p><p>It's no fun having anything that isn't muted going off in the middle of the night. Below can be used to basically mute your system. You can also have Automator close Outlook, but I've found that muting the system instead will catch any other application offenders that do not respect MacOS's do not disturb function. Not to mention the dreaded, "Would you like to save this?" message that prevents the app from closing.</p><p><b><u>Workaround:</u></b></p><p></p><ol style="text-align: left;"><li>Launch MacOS Automator, you can find it in your Applications Folder.<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjT76XZIycZRNBhn_5RHeZ5HmQlEaP44Ld5-nM6HT_vLchdIBycF027CwAIrd9KDFpO9tZ6O_KEbW58-emFnw0u37uO_Zpx4bGuTGluxICXCLl08lT91AgFlbBRHERSJhlbbJnwPIe6cMnT/" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img alt="" data-original-height="409" data-original-width="902" height="181" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjT76XZIycZRNBhn_5RHeZ5HmQlEaP44Ld5-nM6HT_vLchdIBycF027CwAIrd9KDFpO9tZ6O_KEbW58-emFnw0u37uO_Zpx4bGuTGluxICXCLl08lT91AgFlbBRHERSJhlbbJnwPIe6cMnT/w400-h181/AutomatorIcon.png" width="400" /></a></li><li>Create your Automator task type by selecting Calendar Alarm<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIwWx5BeZhHYp2nn7Oxtdy_qxT-nRtu50dsagaRDDV3koKIIsvMTBnzPe-W9vxVq-p-5z-5NDXavRAGPO5rGB9B5AnpOvJ00Y1qp-76rAdCX6MN2BjYdgfDsM-UlM8RVV1JE9xv7l1PKMW/" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img alt="" data-original-height="617" data-original-width="891" height="278" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIwWx5BeZhHYp2nn7Oxtdy_qxT-nRtu50dsagaRDDV3koKIIsvMTBnzPe-W9vxVq-p-5z-5NDXavRAGPO5rGB9B5AnpOvJ00Y1qp-76rAdCX6MN2BjYdgfDsM-UlM8RVV1JE9xv7l1PKMW/w400-h278/AutomatorType.png" width="400" /></a></li><li>Create your workflow by searching for 'sound', then drag and drop the "Set Computer Sound" action into the right pane. Save it, and click run to test. This will also create an iCal Event.<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjkfThK7NjZLKwIe8kXCY9nlvEOCCDkIns5dg4QYe9RH4S5TP5uEkBbbVjHOHAC3IS8znQkr_hxD78nCYodFefv02UPNX60meSQ34JxA0Rn0DqjY-ZclKArbQa7DbDpspdk98rdNFOMIARk/" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img alt="" data-original-height="621" data-original-width="898" height="276" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjkfThK7NjZLKwIe8kXCY9nlvEOCCDkIns5dg4QYe9RH4S5TP5uEkBbbVjHOHAC3IS8znQkr_hxD78nCYodFefv02UPNX60meSQ34JxA0Rn0DqjY-ZclKArbQa7DbDpspdk98rdNFOMIARk/w400-h276/Silence_MS_Outlook__Calendar_Alarm_.png" width="400" /></a></li><li>An iCal Event will be created at the time you click run. You can then modify this iCal Event just like any other calendar event. I've set mine to repeat everyday at the same time.<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiaLZIZ-UaJJ4ihs7znaN_VHXrhLTZqDd-Nb37HfhLygodyGoCqumcXHJmFF5LD5VJ_cPI00mh7StGYiAJ6dTxOISH3klfUtRmeA4jGyEScFvl_Nu5IXHKjXHNN1FHtz7Of6Pmm3Pt8DCd5/" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img alt="" data-original-height="563" data-original-width="901" height="250" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiaLZIZ-UaJJ4ihs7znaN_VHXrhLTZqDd-Nb37HfhLygodyGoCqumcXHJmFF5LD5VJ_cPI00mh7StGYiAJ6dTxOISH3klfUtRmeA4jGyEScFvl_Nu5IXHKjXHNN1FHtz7Of6Pmm3Pt8DCd5/w400-h250/iCalAutomator.png" width="400" /></a></li><li>That's it, now my system mutes itself at 8pm every night. You can repeat the above steps to create another task to unmute your system for the morning (on weekdays only).</li></ol><div><b><u>Side Notes:</u></b></div><div>If you want this workflow to follow you around on several mac systems, you can sync your automator workflows into iCloud or your file sync service of choice.</div><div>Automator saves, by default, your workflows to ~/Library/Workflows/Applications/Calendar/</div><div><br /></div><div>You would copy these workflows to an iCloud sync'd directory, like Documents, and move or create new calendar items in your iCloud calendar to open the file located in your sync'd directory.</div><div><br /></div><div>By default, automator creates a calendar local to your mac, so it is important that you create new event or move the event to an iCloud based calendar. It will only work if you've placed the automator workflow apps in a directory that all Macs will be able to access. </div><p></p>Zsoldierhttp://www.blogger.com/profile/11268515960384934875noreply@blogger.com0tag:blogger.com,1999:blog-5834591349436314089.post-82954115584801724392021-03-09T22:01:00.009-05:002021-03-24T10:52:04.427-04:00NSX-T: Get BGP Route Table from T0 via Powershell/Curl<p><b></b></p><div class="separator" style="clear: both; text-align: center;"><b><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg32a1m-HJ6VzdMJ5HD3jRCXCEF5ndT12JIF7IlapUK9OmV1llrI0XCqPDxRsKB344xmiXUsvJtUBCrHAs7ZH-n5GEzytF6_YgydXL5CDzr2KYNmnafVi3n2dND1-DnMmvYJLQZoId5OYwc/s700/NSX-T.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="312" data-original-width="700" height="179" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg32a1m-HJ6VzdMJ5HD3jRCXCEF5ndT12JIF7IlapUK9OmV1llrI0XCqPDxRsKB344xmiXUsvJtUBCrHAs7ZH-n5GEzytF6_YgydXL5CDzr2KYNmnafVi3n2dND1-DnMmvYJLQZoId5OYwc/w400-h179/NSX-T.png" width="400" /></a></b></div><p></p><p><b><u>Summary:</u></b></p><p><a href="https://azure.microsoft.com/en-us/services/azure-vmware/" target="_blank">Azure VMware Solution</a> doesn't currently allow CLI/SSH access to your Edge VMs. So typical CLI way to find information is not possible. If you need to get things like a route table from your T0, you need to do it through API methods since <strike>the UI still doesn't provide this.</strike> <b>[Update: I lied, you can download route table via UI. But imagine how much cooler you would be using powershell. ;)]</b></p><p><b><u>UI Method:</u></b></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnyCIJwMPqXOuBvYCUjvxAL_hM-xpZeBXEIG-NYZW6p4w6Wm3Sj0mO82WLXadasE3M7Qi5zNxzLavg0H6_dbcRQrqRY1zIk-bYH08G3b17LHScg9xf807wOHzhSAGkF7rBrkqMVaHo0DPR/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="534" data-original-width="985" height="346" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnyCIJwMPqXOuBvYCUjvxAL_hM-xpZeBXEIG-NYZW6p4w6Wm3Sj0mO82WLXadasE3M7Qi5zNxzLavg0H6_dbcRQrqRY1zIk-bYH08G3b17LHScg9xf807wOHzhSAGkF7rBrkqMVaHo0DPR/w640-h346/NSX.png" width="640" /></a></div><br /><br /><p></p><p><b><u>Powershell Method:</u></b></p><script src="https://gist.github.com/Zsoldier/9b99bb6df3bcdb4a86273da8905f9461.js"></script><br /><div><b><u>Curl Method:</u></b></div><div><br /></div><script src="https://gist.github.com/Zsoldier/4a99dc07e267e8782ec1d95bb94fef77.js"></script>Zsoldierhttp://www.blogger.com/profile/11268515960384934875noreply@blogger.com0tag:blogger.com,1999:blog-5834591349436314089.post-14699052712715127902021-02-19T17:33:00.008-05:002021-02-25T12:39:48.110-05:00NSX-T: Clear NSX-T DNS Forwarder Cache<p><b></b></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJ9bHXIda_Tz7ObdEb45Kf-vxKBsdUAjZ9bZYvBLbTXBgrFSF8preHrx6emwvMgxqmuP_aGOkzL5CB8Y6ZENUv1ugBzrrrEF_feEs2pn4L09JoovaC-_kmRBhaITIPgKCf1hHhf2ZwGab6/s846/NSX-T+DNS+Cache.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="732" data-original-width="846" height="554" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJ9bHXIda_Tz7ObdEb45Kf-vxKBsdUAjZ9bZYvBLbTXBgrFSF8preHrx6emwvMgxqmuP_aGOkzL5CB8Y6ZENUv1ugBzrrrEF_feEs2pn4L09JoovaC-_kmRBhaITIPgKCf1hHhf2ZwGab6/w640-h554/NSX-T+DNS+Cache.jpg" width="640" /></a></div><br /><div class="separator" style="clear: both; text-align: left;"><b>[</b><b>Update: NSX-T ingests negative SOA TTL from myDNS server in this example. Microsoft DNS defaults this to 1 hour. So NSX-T will cache the negative result for an hour.</b></div><div class="separator" style="clear: both; text-align: left;"><b>To combat this behavior, you can set your source DNS server to a lower TTL so that cache in NSX-T clear quicker. Valid records in this setup will still cache for 1 hour or whatever you have your DNS server set to.]</b></div><div class="separator" style="clear: both; text-align: left;"><div class="separator" style="clear: both; font-weight: bold; text-align: center; text-decoration-line: underline;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEilVYqeNkgg536z1qLCxo8QMzwEy4jVt_Jvtnr6zFoFjrOdI-z8TcZXqeE8aIpM3i2MxzCJe8UvTSu52P4umXevix7Kh6udGniX9xLHhL3GqK_-Cs0oP5HOk9ux7Qf6fWBvPb11TLJoZXHI/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="490" data-original-width="406" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEilVYqeNkgg536z1qLCxo8QMzwEy4jVt_Jvtnr6zFoFjrOdI-z8TcZXqeE8aIpM3i2MxzCJe8UvTSu52P4umXevix7Kh6udGniX9xLHhL3GqK_-Cs0oP5HOk9ux7Qf6fWBvPb11TLJoZXHI/" width="199" /></a></div><div class="separator" style="clear: both; text-align: center;"><div class="separator" style="clear: both;">To determine TTL value for the negative record:</div><div class="separator" style="clear: both;"><span style="background-color: #fcff01;">nslookup -type=a -nosearch -d2 brokenaka.ninja.corp</span></div><div class="separator" style="clear: both;"><span style="background-color: #fcff01;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiwXfOpnHZeiBuFayiPtyfYjzv14eXT0RgwYepodDD4OFA5o7kDcDt-wNwujYPEgU8Kq7Ym63HyuN9B9Al-5ui7A8nRdaXESrakk0nXJ33vSpaSXS3MGMB08ebwUFX_G0TpzK3rvmS0x8i-/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="290" data-original-width="607" height="153" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiwXfOpnHZeiBuFayiPtyfYjzv14eXT0RgwYepodDD4OFA5o7kDcDt-wNwujYPEgU8Kq7Ym63HyuN9B9Al-5ui7A8nRdaXESrakk0nXJ33vSpaSXS3MGMB08ebwUFX_G0TpzK3rvmS0x8i-/" width="320" /></a></div><br /></span></div></div></div><div class="separator" style="clear: both; text-align: left;"><b><u>Summary:</u></b></div><p>Ran into an interesting behavior w/ NSX-T's DNS forwarder service. Basically, if I queried for an invalid DNS name, NSX-T's DNS caching appears to capture that invalid query for an undetermined amount of time.</p><p>So what does this do? Basically, if I queried for ninja.naka.corp w/o creating the entry on my DNS server, NSX-T caches that invalid record. If I then registered ninja.naka.corp on my DNS server, NSX-T will continue to tell me that the record is invalid even though does now exist in my DNS server.</p><p>Verified this behavior occurs w/ NSX-T 2.5.2. It 'might' occur in 3.x, but unsure. What I am aware of is that there still does not appear to be a UI method to flush this service's cache.</p><p><b><u>Workaround:</u></b></p><p>The only way around this problem appears to either wait for the cache to time out or force flushing of cache via API. Below are curl and powershell examples of how to do this:</p><p>Curl Method:</p><script src="https://gist.github.com/Zsoldier/27aa935168e54efd02d18c8808f5a604.js"></script><br /><p>Powershell Method:</p> <script src="https://gist.github.com/Zsoldier/7031e679af2c1b34d6483e1ce1d26942.js"></script>Zsoldierhttp://www.blogger.com/profile/11268515960384934875noreply@blogger.com0tag:blogger.com,1999:blog-5834591349436314089.post-81825921772339204592021-01-14T13:27:00.002-05:002021-01-14T13:27:55.495-05:00Powershell: Azure submitting JIT Request via Powershell<p><b><u></u></b></p><div class="separator" style="clear: both; text-align: center;"><div class="separator" style="clear: both; text-align: center;"><b><u><img alt="" data-original-height="899" data-original-width="1702" height="169" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhsOGBJe7l6MpeycC-BbHK5DgP92WNaszDIGARt5ks1tBivOzsnKEqZgtMREFyH3sO_gJXPaTSmP9fxHYmS9jqFTOxB3b49FP_PUq7wx3Pz3T7QOwcSfLNYkvZSjp1crqQRCLsluCIkZzhR/" width="320" /></u></b></div></div><b><div style="text-align: left;"><b><u>Summary:</u></b></div></b><p></p><p>If you make use of <a href="https://azure.microsoft.com/en-us/services/security-center/?OCID=AID2100131_SEM_f1bcf1bb90ee15fe50db91bb1bb604b8:G:s&ef_id=f1bcf1bb90ee15fe50db91bb1bb604b8:G:s&msclkid=f1bcf1bb90ee15fe50db91bb1bb604b8#security">Azure Security Center</a> w/ your VM's, you can enable <a href="https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time?tabs=jit-config-asc%2Cjit-request-asc">Just in Time VM Access (JIT)</a>. This allows you to open up ports for a finite period of time to access your VM via its public IP. I make use of this a lot working in my environments to <a href="https://github.com/sshuttle/sshuttle">sshuttle</a> in. Connection will stay active as long as I maintain it, otherwise I get disconnected and have to go through <a href="https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time?tabs=jit-config-asc%2Cjit-request-asc">JIT</a> process again.</p><p>Anyway, going through the portal can get very cumbersome requesting this access, so you can use the below powershell example to automate opening ports, setting time frame, and setting an allowed public IP address source.</p><script src="https://gist.github.com/Zsoldier/8d3a7beb580cc5380ed4000f7b3839fc.js"></script>Zsoldierhttp://www.blogger.com/profile/11268515960384934875noreply@blogger.com2tag:blogger.com,1999:blog-5834591349436314089.post-82183248905102943462021-01-14T12:45:00.003-05:002021-01-19T08:48:51.934-05:00PowerCLI: Getting HCL DID, VID, and SVID information.<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpsCiRqi9tnG3FW5CdhmLfTWMVi5R2VLSZrl7DpaEBCjvZlAJsAx0RKFn9sCiMhioB5Cj53-WP9eHH4OhzLhUmOaT-K5bgTqO3Y_aB3j3r2YEq4pf_dGSUA9jNdeu0SAt5v9DTc1QnlG79/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="492" data-original-width="1047" height="301" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpsCiRqi9tnG3FW5CdhmLfTWMVi5R2VLSZrl7DpaEBCjvZlAJsAx0RKFn9sCiMhioB5Cj53-WP9eHH4OhzLhUmOaT-K5bgTqO3Y_aB3j3r2YEq4pf_dGSUA9jNdeu0SAt5v9DTc1QnlG79/w640-h301/VMware_Compatibility_Guide_-_I_O_Device_Search.png" width="640" /></a></div><p><b><u>Summary:</u></b></p><p>Searching for IO devices on <a href="https://www.vmware.com/resources/compatibility/search.php?deviceCategory=io">VMware's HCL list</a> is easier, if you have data like DID, VID, and SVID. Thought I posted on this awhile back, but apparently forgot to do so. Below is a script that you can run on an ESXi host to get those values needed for the PCI devices you are trying to look up.</p>
<script src="https://gist.github.com/Zsoldier/be6e38350fd468daed06455cda5e6288.js"></script>Zsoldierhttp://www.blogger.com/profile/11268515960384934875noreply@blogger.com0tag:blogger.com,1999:blog-5834591349436314089.post-80351901613395744662020-07-22T14:32:00.002-04:002020-07-22T14:32:38.638-04:00Misc: Technology industry new terminology initiative<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgejCrv6le66ESX4-oX-Jzlpfv8MNV09aBbSTiYAQtyMEMERhkVVpmFHOGa34iypZIThnbg7I3o68-iRjei2W33xo4fadxwQK1Qu3RjyCgJuLRgjKr6jzm3eD28_z5cH-4ra_6zyz6Txn6u/s600/im-learning.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="600" data-original-width="600" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgejCrv6le66ESX4-oX-Jzlpfv8MNV09aBbSTiYAQtyMEMERhkVVpmFHOGa34iypZIThnbg7I3o68-iRjei2W33xo4fadxwQK1Qu3RjyCgJuLRgjKr6jzm3eD28_z5cH-4ra_6zyz6Txn6u/s320/im-learning.jpg" /></a></div><div><br /></div><b><u>Summary:</u></b><div>I've been working in technology for about 20+ years now, so it'll be difficult for me to break old habits w/ terminology, but I'm posting this here in the hopes that I can continue to adjust to new dynamics.</div><div><br /></div><div>Nothing really technical here, but if you happen to commit/modify code anywhere, here is a good starting point to adjust the terms you use in your code. Also, a reference point to adjust your spoken vernacular to be inclusive to all those around you.</div><div><br /></div><div>Information shared from the <a href="https://twitter.com/vExpert">VMware vExpert program</a>.</div><div><br /></div><div><table border="0" cellpadding="0" cellspacing="0" style="background-color: white; border-collapse: collapse; color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"><tbody><tr><td style="background: rgb(222, 235, 255); border: 1pt solid rgb(193, 199, 208); font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><b><span style="color: black; font-size: 10.5pt;">Words</span></b><b><span style="color: #5e6c84; font-size: 10.5pt;"><u></u><u></u></span></b></p></td><td style="background: rgb(222, 235, 255); border-bottom: 1pt solid rgb(193, 199, 208); border-image: initial; border-left: none; border-right: 1pt solid rgb(193, 199, 208); border-top: 1pt solid rgb(193, 199, 208); font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><b><span style="color: black; font-size: 10.5pt;">Recommended Alternate</span></b><b><span style="color: #5e6c84; font-size: 10.5pt;"><u></u><u></u></span></b></p></td><td style="background: rgb(222, 235, 255); border-bottom: 1pt solid rgb(193, 199, 208); border-image: initial; border-left: none; border-right: 1pt solid rgb(193, 199, 208); border-top: 1pt solid rgb(193, 199, 208); font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><b><span style="color: black; font-size: 11pt;">Other Situational Alternates if Recommended Alternate does not work</span></b><span style="font-size: 11pt;"><u></u><u></u></span></p></td></tr><tr><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-image: initial; border-left: 1pt solid rgb(193, 199, 208); border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="color: black; font-size: 11pt;">abort</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-left: none; border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="color: black; font-size: 11pt;">stop</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-left: none; border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px 0px 0px 0in;"><u></u><span style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><u></u><span style="color: black; font-size: 11pt;">cancel</span><span style="font-size: 11pt;"><u></u><u></u></span></p><p class="MsoNormal" style="margin: 0px 0px 0px 0in;"><u></u><span style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><u></u><span style="color: black; font-size: 11pt;">halt prematurely</span><span style="font-size: 11pt;"><u></u><u></u></span></p><p class="MsoNormal" style="margin: 0px 0px 0px 0in;"><u></u><span style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><u></u><span style="color: black; font-size: 11pt;">end prematurely</span><span style="font-size: 11pt;"><u></u><u></u></span></p><p class="MsoNormal" style="margin: 0px 0px 0px 0in;"><u></u><span style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><u></u><span style="color: black; font-size: 11pt;">stop prematurely</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td></tr><tr><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-image: initial; border-left: 1pt solid rgb(193, 199, 208); border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="color: black; font-size: 11pt;">blacklist</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-left: none; border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px 0px 0px 0in;"><u></u><span style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><u></u><span style="color: black; font-size: 11pt;">denylist (n)</span><span style="font-size: 11pt;"><u></u><u></u></span></p><p class="MsoNormal" style="margin: 0px 0px 0px 0in;"><u></u><span style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><u></u><span style="color: black; font-size: 11pt;">block (v)</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-left: none; border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="font-size: 11pt;">deny (v)<u></u><u></u></span></p></td></tr><tr><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-image: initial; border-left: 1pt solid rgb(193, 199, 208); border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="color: black; font-size: 11pt;">blackout</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-left: none; border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px 0px 0px 0in;"><u></u><span style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><u></u><span style="color: black; font-size: 11pt;">restrict (v)</span><span style="font-size: 11pt;"><u></u><u></u></span></p><p class="MsoNormal" style="margin: 0px 0px 0px 0in;"><u></u><span style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><u></u><span style="color: black; font-size: 11pt;">restriction (n)</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-left: none; border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="color: black; font-size: 11pt;">outage (n)</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td></tr><tr><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-image: initial; border-left: 1pt solid rgb(193, 199, 208); border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="color: black; font-size: 11pt;">kill</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-left: none; border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="color: black; font-size: 11pt;">stop</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-left: none; border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="color: black; font-size: 11pt;">halt</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td></tr><tr><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-image: initial; border-left: 1pt solid rgb(193, 199, 208); border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="color: black; font-size: 11pt;">master</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-left: none; border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="color: black; font-size: 11pt;">primary</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-left: none; border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px 0px 0px 0in;"><u></u><span style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><u></u><span style="color: black; font-size: 11pt;">main</span><span style="font-size: 11pt;"><u></u><u></u></span></p><p class="MsoNormal" style="margin: 0px 0px 0px 0in;"><u></u><span style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><u></u><span style="color: black; font-size: 11pt;">original</span><span style="font-size: 11pt;"><u></u><u></u></span></p><p class="MsoNormal" style="margin: 0px 0px 0px 0in;"><u></u><span style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><u></u><span style="color: black; font-size: 11pt;">control plane / control plane node in Kubernetes context</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td></tr><tr><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-image: initial; border-left: 1pt solid rgb(193, 199, 208); border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="color: black; font-size: 11pt;">rule of thumb</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-left: none; border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="color: black; font-size: 11pt;">rule</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-left: none; border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="color: black; font-size: 11pt;">guideline</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td></tr><tr><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-image: initial; border-left: 1pt solid rgb(193, 199, 208); border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="color: black; font-size: 11pt;">segregate/segregation</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-left: none; border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px 0px 0px 0in;"><u></u><span style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><u></u><span style="color: black; font-size: 11pt;">separate</span><span style="font-size: 11pt;"><u></u><u></u></span></p><p class="MsoNormal" style="margin: 0px 0px 0px 0in;"><u></u><span style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><u></u><span style="color: black; font-size: 11pt;">separation</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-left: none; border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"></td></tr><tr><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-image: initial; border-left: 1pt solid rgb(193, 199, 208); border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="color: black; font-size: 11pt;">slave</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-left: none; border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="color: black; font-size: 11pt;">secondary</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-left: none; border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="color: black; font-size: 11pt;">replica</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td></tr><tr><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-image: initial; border-left: 1pt solid rgb(193, 199, 208); border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="color: black; font-size: 11pt;">whitelist</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-left: none; border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px 0px 0px 0in;"><u></u><span style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><u></u><span style="color: black; font-size: 11pt;">allowlist (n)</span><span style="font-size: 11pt;"><u></u><u></u></span></p><p class="MsoNormal" style="margin: 0px 0px 0px 0in;"><u></u><span style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><u></u><span style="color: black; font-size: 11pt;">allow (v)</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-left: none; border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px 0px 0px 0in;"><u></u><span style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><u></u><span style="font-size: 11pt;">safelist (n)<u></u><u></u></span></p><p class="MsoNormal" style="margin: 0px 0px 0px 0in;"><u></u><span style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><u></u><span style="font-size: 11pt;">acceptlist (n)<u></u><u></u></span></p></td></tr></tbody></table><p class="MsoNormal" style="background: white; color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small; margin: 22.5pt 0px 0px;"><span style="color: #172b4d; font-family: "Helvetica Neue"; font-size: 18pt; letter-spacing: -0.1pt;">Other Terminology Recommendations<u></u><u></u></span></p><table border="0" cellpadding="0" cellspacing="0" style="background-color: white; border-collapse: collapse; color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: small;"><tbody><tr><td colspan="2" style="background: rgb(222, 235, 255); border: 1pt solid rgb(193, 199, 208); font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p align="center" class="MsoNormal" style="margin: 0px; text-align: center;"><b><span style="color: black; font-size: 10.5pt;">Terminology changes/guidelines going forward (no legacy changes)</span></b><b><span style="color: #5e6c84; font-size: 10.5pt;"><u></u><u></u></span></b></p></td><td style="background: rgb(222, 235, 255); border-bottom: 1pt solid rgb(193, 199, 208); border-image: initial; border-left: none; border-right: 1pt solid rgb(193, 199, 208); border-top: 1pt solid rgb(193, 199, 208); font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p align="center" class="MsoNormal" style="margin: 0px; text-align: center;"><b><span style="color: black; font-size: 10.5pt;">No change needed</span></b><b><span style="color: #5e6c84; font-size: 10.5pt;"><u></u><u></u></span></b></p></td></tr><tr><td style="background: rgb(227, 252, 239); border-bottom: 1pt solid rgb(193, 199, 208); border-image: initial; border-left: 1pt solid rgb(193, 199, 208); border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p align="center" class="MsoNormal" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; margin: 0px; text-align: center;"><b><span style="color: black; font-size: 11pt;">Words</span></b><b><span style="color: #172b4d; font-size: 11pt;"><u></u><u></u></span></b></p></td><td style="background: rgb(227, 252, 239); border-bottom: 1pt solid rgb(193, 199, 208); border-left: none; border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p align="center" class="MsoNormal" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; margin: 0px; text-align: center;"><b><span style="color: black; font-size: 11pt;">Alternates</span></b><b><span style="color: #172b4d; font-size: 11pt;"><u></u><u></u></span></b></p></td><td style="background: rgb(227, 252, 239); border-bottom: 1pt solid rgb(193, 199, 208); border-left: none; border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p align="center" class="MsoNormal" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; margin: 0px; text-align: center;"><b><span style="color: black; font-size: 11pt;">Words</span></b><b><span style="color: #172b4d; font-size: 11pt;"><u></u><u></u></span></b></p></td></tr><tr><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-image: initial; border-left: 1pt solid rgb(193, 199, 208); border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="color: black; font-size: 11pt;">black hat</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-left: none; border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="color: black; font-size: 11pt;">unethical</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td><td rowspan="12" style="border-bottom: 1pt solid rgb(193, 199, 208); border-left: none; border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px 0px 0px 0in;"><u></u><span style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><u></u><span style="color: black; font-size: 11pt;">bind/binding</span><span style="font-size: 11pt;"><u></u><u></u></span></p><p class="MsoNormal" style="margin: 0px 0px 0px 0in;"><u></u><span style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><u></u><span style="color: black; font-size: 11pt;">black box</span><span style="font-size: 11pt;"><u></u><u></u></span></p><p class="MsoNormal" style="margin: 0px 0px 0px 0in;"><u></u><span style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><u></u><span style="color: black; font-size: 11pt;">black hole</span><span style="font-size: 11pt;"><u></u><u></u></span></p><p class="MsoNormal" style="margin: 0px 0px 0px 0in;"><u></u><span style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><u></u><span style="color: black; font-size: 11pt;">black screen</span><span style="font-size: 11pt;"><u></u><u></u></span></p><p class="MsoNormal" style="margin: 0px 0px 0px 0in;"><u></u><span style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><u></u><span style="color: black; font-size: 11pt;">invalid (adj)</span><span style="font-size: 11pt;"><u></u><u></u></span></p><p class="MsoNormal" style="margin: 0px 0px 0px 0in;"><u></u><span style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><u></u><span style="color: black; font-size: 11pt;">masterful</span><span style="font-size: 11pt;"><u></u><u></u></span></p><p class="MsoNormal" style="margin: 0px 0px 0px 0in;"><u></u><span style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><u></u><span style="color: black; font-size: 11pt;">mastermind (n, v)</span><span style="font-size: 11pt;"><u></u><u></u></span></p><p class="MsoNormal" style="margin: 0px 0px 0px 0in;"><u></u><span style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><u></u><span style="color: black; font-size: 11pt;">masterpiece</span><span style="font-size: 11pt;"><u></u><u></u></span></p><p class="MsoNormal" style="margin: 0px 0px 0px 0in;"><u></u><span style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><u></u><span style="color: black; font-size: 11pt;">master plan</span><span style="font-size: 11pt;"><u></u><u></u></span></p><p class="MsoNormal" style="margin: 0px 0px 0px 0in;"><u></u><span style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><u></u><span style="color: black; font-size: 11pt;">masterstroke</span><span style="font-size: 11pt;"><u></u><u></u></span></p><p class="MsoNormal" style="margin: 0px 0px 0px 0in;"><u></u><span style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><u></u><span style="color: black; font-size: 11pt;">simple</span><span style="font-size: 11pt;"><u></u><u></u></span></p><p class="MsoNormal" style="margin: 0px 0px 0px 0in;"><u></u><span style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><u></u><span style="color: black; font-size: 11pt;">white board</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td></tr><tr><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-image: initial; border-left: 1pt solid rgb(193, 199, 208); border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="color: black; font-size: 11pt;">female</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-left: none; border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px 0px 0px 0in;"><u></u><span style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><u></u><span style="color: black; font-size: 11pt;">jack (n)</span><span style="font-size: 11pt;"><u></u><u></u></span></p><p class="MsoNormal" style="margin: 0px 0px 0px 0in;"><u></u><span style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><u></u><span style="color: black; font-size: 11pt;">socket (n)<br /><br /></span><span style="font-size: 11pt;"><u></u><u></u></span></p></td></tr><tr><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-image: initial; border-left: 1pt solid rgb(193, 199, 208); border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="color: black; font-size: 11pt;">he ***</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-left: none; border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="color: black; font-size: 11pt;">they</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td></tr><tr><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-image: initial; border-left: 1pt solid rgb(193, 199, 208); border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="color: black; font-size: 11pt;">eviction</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-left: none; border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="color: black; font-size: 11pt;">alternate usage depends on the situation</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td></tr><tr><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-image: initial; border-left: 1pt solid rgb(193, 199, 208); border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="color: black; font-size: 11pt;">execute</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-left: none; border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="color: black; font-size: 11pt;">run</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td></tr><tr><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-image: initial; border-left: 1pt solid rgb(193, 199, 208); border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="color: black; font-size: 11pt;">ghetto</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-left: none; border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="color: black; font-size: 11pt;">TBD</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td></tr><tr><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-image: initial; border-left: 1pt solid rgb(193, 199, 208); border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="color: black; font-size: 11pt;">kill switch</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-left: none; border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="color: black; font-size: 11pt;">TBD</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td></tr><tr><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-image: initial; border-left: 1pt solid rgb(193, 199, 208); border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="color: black; font-size: 11pt;">male</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-left: none; border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="color: black; font-size: 11pt;">plug</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td></tr><tr><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-image: initial; border-left: 1pt solid rgb(193, 199, 208); border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="color: black; font-size: 11pt;">she ***</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-left: none; border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="color: black; font-size: 11pt;">they</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td></tr><tr><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-image: initial; border-left: 1pt solid rgb(193, 199, 208); border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="color: black; font-size: 11pt;">suffer **</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-left: none; border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="color: black; font-size: 11pt;">alternate usage depends on what's being described; alternates can include:</span><span style="font-size: 11pt;"><u></u><u></u></span></p><p class="MsoNormal" style="margin: 0px 0px 0px 0in;"><u></u><span style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><u></u><span style="color: black; font-size: 11pt;">decrease, lessen, shrink</span><span style="font-size: 11pt;"><u></u><u></u></span></p><p class="MsoNormal" style="margin: 0px 0px 0px 0in;"><u></u><span style="font-family: Symbol; font-size: 10pt;">·<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><u></u><span style="color: black; font-size: 11pt;">increase, grow</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td></tr><tr><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-image: initial; border-left: 1pt solid rgb(193, 199, 208); border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="color: black; font-size: 11pt;">taint</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-left: none; border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="color: black; font-size: 11pt;">TBD</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td></tr><tr><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-image: initial; border-left: 1pt solid rgb(193, 199, 208); border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="color: black; font-size: 11pt;">white hat *</span><span style="font-size: 11pt;"><u></u><u></u></span></p></td><td style="border-bottom: 1pt solid rgb(193, 199, 208); border-left: none; border-right: 1pt solid rgb(193, 199, 208); border-top: none; font-family: Roboto, RobotoDraft, Helvetica, Arial, sans-serif; margin: 0px; padding: 5.25pt 7.5pt;" valign="top"><p class="MsoNormal" style="margin: 0px;"><span style="color: black; font-size: 11pt;">ethical</span></p></td></tr></tbody></table></div><div><br /></div>Zsoldierhttp://www.blogger.com/profile/11268515960384934875noreply@blogger.com0tag:blogger.com,1999:blog-5834591349436314089.post-84453784879828243812020-05-29T00:01:00.001-04:002020-05-29T12:27:10.749-04:00Powershell: Changing NSX-T Segment Profiles enmasse.<b><u><br /></u></b>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-pgqD9OWgVvQKBCHikDy2wEE5fqimj-D1El6IzsWsQ3UNbYI66OcOIr7xm_MCKpR0DivWFdQIe5uxPvyVCDdt3E6w8i51ug19dYovdWdgxXEQMLzZmh23WQ_h-6gjjYyWnfzPljtCtNQE/s1600/NSX.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="208" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-pgqD9OWgVvQKBCHikDy2wEE5fqimj-D1El6IzsWsQ3UNbYI66OcOIr7xm_MCKpR0DivWFdQIe5uxPvyVCDdt3E6w8i51ug19dYovdWdgxXEQMLzZmh23WQ_h-6gjjYyWnfzPljtCtNQE/s640/NSX.png" width="640" /></a></div>
<b><u></u></b><br />
<b><u>Summary:</u></b><br />
Note to self, cut back on the <a href="https://www.reddit.com/r/VMwareNSX/comments/gs9i4i/changing_segment_profiles_with_api_or_powershell/">reddit</a>. It's a time suck and VMware questions are popping up that I have time to answer w/o the shadow of a retired <a href="https://www.lucd.info/">LucD</a> bot lurking. Anyway, someone asked if you could update segment profiles, so I got curious and followed the rabbit.<br />
<br />
Here is the example I came up with. It's straight powershell core, so no special modules needed, not even vmware.powercli. GASP!<br />
<br />
<script src="https://gist.github.com/Zsoldier/0e0cf1a1e3d18cd29417be0fe1934ca7.js"></script>Zsoldierhttp://www.blogger.com/profile/11268515960384934875noreply@blogger.com2tag:blogger.com,1999:blog-5834591349436314089.post-31326674044709754072020-05-22T18:27:00.005-04:002020-06-12T13:42:16.622-04:00Powershell: Clearing a bad route advertisement rule from NSX-T logical router/gateway created via policy API.<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAmQQxheG3Yai6JrxTv5A1WKPx6Hw9kVUd9CwaZoi92zrC0RE2idLthP1NJuqyL6AHDIn0_eoGSkeDSj0W123LzDnC-lT08xNKjCIGpfphgfG3-S6UFmr1AsFcLPJ0ONZS2WHYctUyfebJ/s1600/NSX.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="354" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAmQQxheG3Yai6JrxTv5A1WKPx6Hw9kVUd9CwaZoi92zrC0RE2idLthP1NJuqyL6AHDIn0_eoGSkeDSj0W123LzDnC-lT08xNKjCIGpfphgfG3-S6UFmr1AsFcLPJ0ONZS2WHYctUyfebJ/s640/NSX.png" width="640" /></a></div>
<br />
<b><u>Summary:</u></b><br />
Basically ran into a weird issue where a T1 was not advertising a very specific subnet when configured on segment. Come to find out when looking at the advanced networking section of that T1, there was a route advertisement rule that denied that subnet from being advertised up. Since the T1 was created via the policy API, you cannot simply delete it via UI.<br />
<br />
Have no idea how that route advertisement rule even got there, but something tells me a bug exists. Unfortunately have no idea how to reproduce it.<div><b>[<u>Update:</u></b> I have a hypothesis on how it got there now. When you instantiate a DHCP server via the policy engine, whatever network you place on and attach to a T1 shows up here. This is likely why the network was here. What seems to have happened is that deletion of the DHCP server did not happen cleanly and left that artifact there.<b>]</b><br />
<br />
<b><u>Workaround:</u></b><br />
Long story short, you have to call the API to do so. Here is a powershell snippet to be able to do so.<br />
<br />
<script src="https://gist.github.com/Zsoldier/9f1a4dd708d8ea26221713191ca46111.js"></script></div>Zsoldierhttp://www.blogger.com/profile/11268515960384934875noreply@blogger.com0tag:blogger.com,1999:blog-5834591349436314089.post-19065514663573189632020-05-06T18:01:00.000-04:002020-05-06T18:01:02.413-04:00PowerCLI: New-HCXMobilityGroup - A parameter cannot be found that matches parameter name 'source'<b><u>Summary:</u></b><br />
Running the above cmdlet and passing what is apparently the only required parameter of name, results in the above obscure error. It refers to a parameter that doesn't appear to exist for the cmdlet. There is also the -migration parameter that looks for a <HCXMobilityGroupMigration[]> object array that no other HCX cmdlet provides.<br />
<br />
Long story short, informed VMware, they are going to fix the cmdlets and their documentation. In the meantime, here are some examples that VMware's GSS shared to be able to use the New-HCXMobilityGroup cmdlet.<br />
<br />
Here is the code:<br />
<script src="https://gist.github.com/Zsoldier/feef3ca5d8d221bc5c469363ddbaf7e3.js"></script>
Zsoldierhttp://www.blogger.com/profile/11268515960384934875noreply@blogger.com0tag:blogger.com,1999:blog-5834591349436314089.post-88170995785769467222020-04-24T23:46:00.001-04:002020-04-27T21:49:29.200-04:00Powershell: NSX-V Edge Service Gateway (ESG) Firewall Rules Output<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjRgaJpS_VdCciDKP0qCB_IvyLwf5M2CVUL4HzxyfWxYJc8MQqv6TxoexWG61jSNZMyt5dAQY4e4l0qj0069RcLN71wlj2m3Hc5gPPIGDZqQ8epTZCgUOIDAN8Nn4iN-8btESGn5xqEBBPB/s1600/test.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="83" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjRgaJpS_VdCciDKP0qCB_IvyLwf5M2CVUL4HzxyfWxYJc8MQqv6TxoexWG61jSNZMyt5dAQY4e4l0qj0069RcLN71wlj2m3Hc5gPPIGDZqQ8epTZCgUOIDAN8Nn4iN-8btESGn5xqEBBPB/s400/test.png" width="400" /></a></div>
<br />
<br />
<u><b>Summary:</b></u><br />
Basically had a script to output Distributed Firewall, but not individual ESG based firewall rules. Turns out, I could re-use some of what I had made for <a href="https://tech.zsoldier.com/2018/01/vmware-nsx-using-powerclipowernsx-to.html">DFW</a>, but had to rewrite ALOT surprisingly. So here is an ESG based version. The script was written and run using Powershell 7 Core, latest PowerCLI and PowerNSX.<br />
<br />
It might work on other revisions, but I'm too lazy to back test. You can export to CSV as well.<br />
<script src="https://gist.github.com/Zsoldier/351c2ef7b1242ae10b8d364d76db662d.js"></script>Zsoldierhttp://www.blogger.com/profile/11268515960384934875noreply@blogger.com1tag:blogger.com,1999:blog-5834591349436314089.post-27452208205591201272020-04-24T09:42:00.002-04:002020-04-24T09:42:50.412-04:00MacOS: Names not showing up in Messages/iMessages.<div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3fsiV_oTFGemwkFpvflVMQtKdCjIfjeooKh0q0Z_JkM5DwIu-1GrPgYVDJe1hKhyphenhyphenMB-kPwUYDGep9NMWywK-LHoUIUR9dl3bcHfMPYWILlfOKR6ZoftY0J59tGDrSbhVfOh5N5RMulwpZ/s1600/Screenshot_4_24_20__9_04_AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="242" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3fsiV_oTFGemwkFpvflVMQtKdCjIfjeooKh0q0Z_JkM5DwIu-1GrPgYVDJe1hKhyphenhyphenMB-kPwUYDGep9NMWywK-LHoUIUR9dl3bcHfMPYWILlfOKR6ZoftY0J59tGDrSbhVfOh5N5RMulwpZ/s320/Screenshot_4_24_20__9_04_AM.png" width="320" /></a></div>
</div>
<b><u></u></b><br />
<div>
<b><u><b><u><br /></u></b></u></b></div>
<b><u>Summary:</u></b><br />
<div>
I'm usually texting via my Mac most of the time. So when I receive a text from a known number and it's not translated/associated to a name, it raises questions for me. Why? Long story short, one of my accounts (gmail) in this case where most of my contacts are stored wasn't syncing properly. Don't know why, but here is what you can look for to resolve the issue.</div>
<div>
<br /></div>
<div>
<b><u>Things to Check:</u></b></div>
<div>
<ol style="text-align: left;">
<li>Launch the Contacts App</li>
<ul>
<li>Preferences > Accounts</li>
<li>Make sure all accounts are enabled</li>
</ul>
<ol><ul>
<li>In my case, one gmail account showed enabled, but this "fetch" dropdown was missing. I had to re-enable this particular account in systems preferences for it to 'wake-up'. See Step 2.</li>
<li><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCMJ7wkQqEB4LNHlrsWkVMbV32JbWgCYNi_BhUOM280r-G9YL_lzvVobw_SX1NsocU7-PnxZRxqNWnLuaM8scnM7kLn1Egm70iiVMKLR9DdB50RPvKi2c3_KDmswPfx6yjz-BvCPqvzDif/s1600/Accounts.png" imageanchor="1"><img border="0" height="282" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCMJ7wkQqEB4LNHlrsWkVMbV32JbWgCYNi_BhUOM280r-G9YL_lzvVobw_SX1NsocU7-PnxZRxqNWnLuaM8scnM7kLn1Egm70iiVMKLR9DdB50RPvKi2c3_KDmswPfx6yjz-BvCPqvzDif/s320/Accounts.png" width="320" /></a></li>
<li><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8K7lgan0HPRmLP7iN7VJdmEWguVbivqasnYMU2yTUlOMijqHhlWLZjzz9klVLcw0DeK1SguVothOxWF4KU01lGWKtiyt5DZEy20_3-xVSIhvd8WtIH7PYuZ_AXa6ANQjE7KudZSRtrk4w/s1600/Post__Edit.png" imageanchor="1"><img border="0" height="147" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8K7lgan0HPRmLP7iN7VJdmEWguVbivqasnYMU2yTUlOMijqHhlWLZjzz9klVLcw0DeK1SguVothOxWF4KU01lGWKtiyt5DZEy20_3-xVSIhvd8WtIH7PYuZ_AXa6ANQjE7KudZSRtrk4w/s320/Post__Edit.png" width="320" /></a></li>
</ul>
</ol>
<li>Launch System Preferences</li>
<ul>
<li>Select Internet Accounts</li>
<li>Make certain all accounts have "Contacts" selected</li>
<ul>
<li>If they are, as they were in my case, toggle the checkbox off, then back on.</li>
<li><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiieMxibxqViXbOxWQjIPMG_gR0ovqsWjM7LBMM3q9fHmf6dz5pzXbWmYipNdu4EepM3l7NsntxwrXmwk4QEnuRhUbM-sf-0mL2RZFl2LA_O8azcRsPtrCm-6ixXxdmykTfczgvo-URA0PR/s1600/Internet_Accounts.png" imageanchor="1"><img border="0" height="231" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiieMxibxqViXbOxWQjIPMG_gR0ovqsWjM7LBMM3q9fHmf6dz5pzXbWmYipNdu4EepM3l7NsntxwrXmwk4QEnuRhUbM-sf-0mL2RZFl2LA_O8azcRsPtrCm-6ixXxdmykTfczgvo-URA0PR/s320/Internet_Accounts.png" width="320" /></a></li>
</ul>
</ul>
</ol>
After fixing this, everything started syncing properly. Unsure what caused the problem, but figure I'd post this since Google didn't really forward me to a properly solution.</div>
Zsoldierhttp://www.blogger.com/profile/11268515960384934875noreply@blogger.com0tag:blogger.com,1999:blog-5834591349436314089.post-47798676196980016972020-03-30T14:15:00.006-04:002020-06-12T15:46:46.421-04:00MacOS: AnyConnect VPN client was unable to successfully verify the IP forwarding table modifications.<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiP11Hstuqvi3Vq5MDrxLl0TcxTnGWDsFvASP8zIfHVWeQQHgl07QPE0BE-_KjUDdO_vvoBYwztIOdb4Nivevq3KgcGvGMCtdSq9taW2zWX0eAxDe7bgb8TMfo912cpBQ5JnRTZ6QXym7dc/s1600/Screenshot_1_13_20__11_16_AM.png" style="margin-left: auto; margin-right: auto;"><span style="font-family: arial; font-size: medium;"><img border="0" data-original-height="396" data-original-width="850" height="297" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiP11Hstuqvi3Vq5MDrxLl0TcxTnGWDsFvASP8zIfHVWeQQHgl07QPE0BE-_KjUDdO_vvoBYwztIOdb4Nivevq3KgcGvGMCtdSq9taW2zWX0eAxDe7bgb8TMfo912cpBQ5JnRTZ6QXym7dc/s640/Screenshot_1_13_20__11_16_AM.png" width="640" /></span></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><span style="font-family: arial; font-size: small;">The VPN client was unable to successfully verify the IP forwarding table modification. A VPN connection will not be established.</span></td></tr>
</tbody></table>
<font size="4"><span style="font-family: arial;"><u><b><span style="font-size: medium;">Summary:</span></b></u><br /><span style="font-size: medium;">
I started running into issue utilizing Cisco AnyConnect on my Mac basically complaining about not able to overwrite IP forwarding tables. This was on 4.6.x. Since my VPN endpoints were not providing me w/ an updated client and w/ no access to Cisco Anyconnect downloads, my only option was to try openconnect. It was totally worth it, here is why and how to set it up.</span><br />
<br />
<u><b><span style="font-size: medium;">PreReqs:</span></b></u></span><br />
</font><ul>
<li><a href="https://brew.sh/"><span style="font-family: arial; font-size: medium;"><font size="4">Homebrew</font></span></a></li>
</ul>
<font size="4"><span style="font-family: arial;"><u><b><span style="font-size: medium;">Installing OpenConnect:</span></b></u></span><br />
</font><ul>
<li><span style="font-family: arial; font-size: medium;"><font size="4">Launch MacOS Terminal </font></span></li>
<li><span style="font-family: arial; font-size: medium;"><font size="4">brew install openconnect</font></span></li>
</ul>
<font size="4"><span style="font-family: arial;"><u><b><span style="font-size: medium;">Getting VPN IP's/DNS Endpoints from AnyConnect:</span></b></u><br /><span style="font-size: medium;">
The information is typically located in your profile xml files located here:</span><br /><span style="font-size: medium;">
/opt/cisco/anyconnect/profile/somethingsomething.xml</span><br />
<br /><span style="font-size: medium;">
In the xml file, you are looking for "<HostAddress>typicallyaDNSName.com</HostAddress>" entry. These are your VPN endpoints that you would need to pass to openconnect.</span><br />
<br />
<u><b><span style="font-size: medium;">Using OpenConnect:</span></b></u><br /><span style="font-size: medium;">
For the sake of simplicity right now, you would now just type in your MacOS Terminal:</span></span><br />
</font><ul>
<li><span style="font-family: arial; font-size: medium;"><font size="4">openconnect https://typicallyaDNSName.com</font></span></li>
</ul>
<font size="4"><span style="font-family: arial;"><span style="font-size: medium;">
Depending upon the VPN setup, you would be prompted for a multitude of things, but this behavior should be no different from the Cisco AnyConnect client minus the GUI aspect. There is an openconnect-gui version too if you REALLY want a GUI. I personally prefer the cli version since there are some interesting fancy things, that are obvious to me, that I can do.</span><br />
<span style="font-size: medium;"><br />
<b><u>Optional/Alternative OpenConnect:</u></b></span></span><br />
</font><ul>
<li><span style="font-family: arial; font-size: medium;"><font size="4">brew cask install openconnect-gui</font></span></li>
</ul>
<font size="4"><span style="font-family: arial;"><span style="font-size: medium;"><u><b>Extras:</b></u><br />
<a href="https://github.com/cernekee/stoken/blob/master/README.md"><b>Stoken</b></a> </span><br /><span style="font-size: medium;">
Some extra interesting things you can do w/ openconnect is integrate it w/ you RSA token using a tool called </span><a href="https://github.com/cernekee/stoken" style="font-size: medium;">stoken</a><span style="font-size: medium;">. To install, use brew once again.</span><br />
</span><br />
</font><ul>
<li><span style="font-family: arial; font-size: medium;"><font size="4">brew install stoken</font></span></li>
</ul>
<font size="4"><span style="font-family: arial;"><span style="font-size: medium;">
Stoken integrates nicely w/ Openconnect. If a token is detected by openconnect via stoken, it will simply prompt you for your PIN and username. To import your RSA token, it must be software based, specific instructions on how to do so is here: </span><a href="https://github.com/cernekee/stoken#usage" style="font-size: medium;">https://github.com/cernekee/stoken#usage</a><br />
<br />
<b><span style="font-size: medium;">OpenConnect sudo bypass</span></b><br /><span style="font-size: medium;">
OpenConnect requires elevated privileges to run. You can bypass this requirement by augmenting your sudoers configuration. To do this safely, recommend you use visudo to create your customizations. I created two config files. One for an alias and one granting my account the ability to run that alias w/o a password.</span></span><br />
</font><ul>
<li><span style="font-family: arial; font-size: medium;"><font size="4">sudo visudo /etc/sudoers.d/openconnect </font></span></li>
<ul>
<li><span style="font-family: arial; font-size: medium;"><font size="4">Cmnd_Alias OPENCONNECT = /usr/local/bin/openconnect</font></span></li>
<ul>
<li><span style="font-family: arial; font-size: medium;"><font size="4">Above assumes you installed via brew. Path would be different if it was installed by other means. </font></span></li>
</ul>
</ul>
<li><span style="font-family: arial; font-size: medium;"><font size="4">sudo visudo /etc/sudoers.d/sudouser</font></span></li>
<ul>
<li><span style="font-family: arial; font-size: medium;"><font size="4">yourusername <span style="font-size: medium;"><span style="font-family: inherit;">ALL=(ALL:ALL) NOPASSWD: OPENCONNECT</span></span></font></span></li>
</ul>
</ul>
<font size="4"><span style="font-family: arial;"><span style="font-size: medium;"><span style="font-family: inherit;">Once you save and write these files, you will be able to call openconnect w/o being prompted for password elevation. You can do these same steps for any command you want to run elevated automatically and just append to your sudouser file the additional alias.</span></span><br />
<span style="font-size: medium;"><br />
<a href="https://github.com/dlenski/vpn-slice"><b>VPN-SLICE</b></a></span><br />
<span style="font-size: medium;"><span style="font-family: inherit;">This is a niche tool, but is useful if you happen to connect to different VPNs or sshuttle connections throughout the day. </span></span></span><br />
</font><ul>
<li><span style="font-size: medium;"><span style="font-family: inherit;"><span style="font-family: arial; font-size: medium;"><font size="4">brew install vpn-slice</font></span></span></span></li>
</ul>
<font size="4"><span style="font-family: arial; font-size: medium;"><span style="font-size: medium;"><span style="font-family: inherit;">With vpn-slice, you can do things like redirect specific URL calls through your VPN while keeping all your other traffic over things like sshuttle or plain internet. The one downside is that you still have to be somewhat specific in your calls. Like you couldn't just do a base domain name. This is how it looks w/ openconnect:</span></span></span><br />
</font><ul>
<li><span style="font-size: medium;"><span style="font-family: inherit;"><span style="font-family: arial; font-size: medium;"><font size="4">openconnect https://yourvpnserverEndpoint -s 'vpn-slice my.intranet.local another.intranet.local'</font></span></span></span></li>
</ul>
<span style="font-size: medium;"><span style="font-family: inherit;"><span style="font-family: arial; font-size: medium;"><font size="4">More examples for vpn-slice can be found here: <a href="https://github.com/dlenski/vpn-slice#usage">https://github.com/dlenski/vpn-slice#usage</a></font></span> </span></span>Zsoldierhttp://www.blogger.com/profile/11268515960384934875noreply@blogger.com0tag:blogger.com,1999:blog-5834591349436314089.post-26422625806532718612020-03-24T16:24:00.001-04:002020-03-24T16:24:30.620-04:00NSX-T: vCenter and NSX-T Inventory out of Sync (Hosts in vSphere not showing up in NSX-T)<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0DGyks-6HS9t6jLzg60SAvOYZ-hw4T6ENwVbWbYu-iGf13XeBO8QKZiArcARBqa8Uq7Bc-sX8DlWsqBtTFsHwebok0LqXF1W1LASxiaZsnNKHPoiAf6fRWnyxc3cBTDsEXGdUTtFVcZRu/s1600/NSX_png_and_vSphere_-_Cluster-1_-_Permissions_png.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="107" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0DGyks-6HS9t6jLzg60SAvOYZ-hw4T6ENwVbWbYu-iGf13XeBO8QKZiArcARBqa8Uq7Bc-sX8DlWsqBtTFsHwebok0LqXF1W1LASxiaZsnNKHPoiAf6fRWnyxc3cBTDsEXGdUTtFVcZRu/s400/NSX_png_and_vSphere_-_Cluster-1_-_Permissions_png.png" width="400" /></a></div>
<br />
<u><b>Summary:</b></u><br />
NSX-T loses synch w/ vCenter inventory, but statuses don't appear to show an issue. Basically, you add a host to a vCenter cluster, NSX-T bits should start to automatically installing on new host. Assuming you've created a Transport Node Profile and associated w/ the cluster. The problem is that NSX-T doesn't see the new host and its link to the compute manager (vCenter) looks fine.<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEintjEuhICK8BrFtK_iDjF7_9RSY8hBuXOF7b7zaVVfZ-u0hfA6JoraqbNj7IDlytML7BAlv-gfzuaDgekK59kHTXEtyIcQma6EuOrggMmobPWpaDfm4SOAwqzkBl9E9nzBaJZDnuYL42x6/s1600/NSX-2.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="55" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEintjEuhICK8BrFtK_iDjF7_9RSY8hBuXOF7b7zaVVfZ-u0hfA6JoraqbNj7IDlytML7BAlv-gfzuaDgekK59kHTXEtyIcQma6EuOrggMmobPWpaDfm4SOAwqzkBl9E9nzBaJZDnuYL42x6/s400/NSX-2.png" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Looks fine, Y U NO WORK!?</td></tr>
</tbody></table>
<br />
So what's going on here? <br />
This appears to affect NSX-T 2.5 and 2.5.1. Cause is unknown.<br />
<br />
<b><u>Workaround:</u></b><br />
Restart the cm-inventory service on each NSX-T mgmt/controller node using API or CLI.<br />
<br />
<br />
<u><b>Details: </b></u><br />
If you were to query the status of the cm-inventory via API or CLI, you could query all 3 manager/controller nodes and get a status of running. Even if the primary node associated w/ the VIP, if configured, is not necessarily in charge of inventory. So you could restart the cm-inventory service till you are blue in the face and get nowhere because another node is actually responsible for maintaining the sync. <br />
<br />
Even so, with this particular problem, they would all look healthy. You'd have to dig into the logs to find the issue. Thankfully <a href="https://www.linkedin.com/in/nathanpyle/">Nathan Pyle</a> from VMware helped us find the issue and provided us w/ a workaround solution until the bug is addressed in a future version.<br />
<br />
<u><b>API Method:</b></u><br />
<i>GET <span lang="en-US">/api/v1/node/services/cm-inventory/status</span></i><br />
<i><span lang="en-US">POST /api/v1/node/services/cm-inventory?action=restart</span></i><br />
<br />
<u><b><span lang="en-US">CLI Method:</span></b></u><br />
<i><span lang="en-US"><span lang="en-US">get service cm-inventory</span></span></i><br />
<span lang="en-US"><i><span lang="en-US"><span lang="en-US">restart service cm-inventory</span> </span></i> </span>Zsoldierhttp://www.blogger.com/profile/11268515960384934875noreply@blogger.com0