Category Archives: Misc.

Not sure it's possible to update via alternate link in vCenter/Esxi

Id like to update vCenter and ESXI without having a gateway on my Management Network as denoted in vCenter. Instead I would like to update using the second nic connected to vCenter which does have a gateway and allows only vCenter updates though.


My lab is air gapped. I dont want to expose management services to the public internet. I will only use this other NIC1 as the update NIC, using vCenter as a ?proxy? tot he ESXI hosts.


If I need to I can put a VMK on the ESXI hosts to reach the public as well, but would rather not put Management services on that VMK. This would allow my system to be connected from the Public Network, defeating the idea of Air Gapped – I will only use this second connection while updating vCenter and ESXi hosts.


NIC0 – Management Network – No Gateway

NIC1 – DHCP with access to Internet (no management services assigned)


Is this possible? Am I missing something?


Maybe I should just make a soft proxy vm or something.





NSXY-T limited export version issue

Hi Community, we are facing the following problem: We downloaded a NSX-T Evaluation Version from VMWare und tested our planned deployment.


After successful tests we decided to use this already working setup as productive deployment.


Now we stumbled across the issue, that in the eval-version there is no IPSec and L2TP available due to export restrictions, it is a “limited export” version.


Now here is my question: can we backup the manager node configurations, install the regular NSX-T version from VMWare and restore the backup to the manager nodes without issues in regards to the limited export limitations? Do we need to redeploy edge nodes or reinstall  NSXT agents on the hosts? Maybe somebody has done this before? 


An answer would be highly appreciated!

Thanks to all of you!



VMware Fusion Networking completely screwed up in macOS Big Sur Beta 10

This post was originally published on this site

Hi everybody,


I have a problem with VMware Fusion 12 and macOS Big Sur Beta 10 (I’m not sure, if it occurred on earlier Betas or macOS Catalina, but I can tell that Fusion 11.5 and Catalina worked well with the same setup).


The problem is, when I choose “Autodetect” or “Wi-Fi” as Network setting in vm preferences, I can’t do various internet-base operations anymore in the vms. For example, I cannot install snap packages or I cannot pull docker images. I tested on various Linux distribution guests like Ubuntu, Fedora or CentOS. I always get the error “tls: bad record MAC”, depending on the tested tool the error message is a little bit difference but comes to the same.


Searching for this error message in the web told me that this issue only occurs when the Network is screwed up, it’s not fixable from Linux itself. It actually only occurs with VMware VMs, I don’t have those problems with “real” computers…


Could you please have a look at this?


It’s also possible, Apple screwed something up there in the latest beta, like I said, I don’t know exactly when it occurred for the first time. At the moment macOS is still at beta phase but Apple will release it soon and then we should have a working VMware.


Does anybody have the same problem or some advises how I can solve this?


How to avoid VPN on host and only connect to LAN on host?

So I’ve got this work computer… yes it has too many group policies preventing me from what I want to do so I installed a VM using Player trying to set up my own stuff in the VM. I’m struggling to set up the VM’s network so it bypasses work VPN on the host and only acts as another computer on my LAN. Is this possible?


The VPN is Citrix Gateway, the network connection for the VPN is on Citrix Virtual Adapter network adapter. Windows 10 Enterprise.


In addition, the PC has cellular capability. But I don’t think it’s possible to bridge the VM to the cellular adapter? It’s a DW5820e Intel 7360 LTE-A cellular adapter.


I could set up a proxy server on my LAN and just use the proxy server. Citrix Gateway is letting me have access to my LAN. But I want to explore if it’s possible to have the VM completely separate from the VPN connection and only use my LAN connection, wired or wireless.

vRealize Automation 8.1 Patch 2

This post was originally published on this site



Has anyone had any luck deploying 8.1 Patch 2. We’ve had a number of cracks at getting this to function without success. The task gets to V.raVaWait4UpgradeExec and then never gets any further. The K8 pods are all still running throughout the process and nothing appears to get patched at all.


There are also 2 bundles available….





Both appear the same and can be mapped in vRSLCM, although the ovabundle patch has a newer date. Not sure which we should be using, neither appear to do anything though!



YARA’s XOR Modifier, (Mon, Oct 14th)

YARA searches for strings inside files. Strings to search for are defined with YARA rules.

With the release of YARA 3.8.0, support for searching for XOR encoded strings was introduced. By adding the modifier xor to the definition of a string, YARA 3.8.0 would search for strings that were XOR encoded, with a single-byte key, ranging from 1 to 255.

Here is an example of a string with xor modifier.

    rule xor_test {
            $a = “” xor

This YARA version’s xor modifier would not match unencoded strings.

Apparently, that was not the purpose, and this was fixed with version 3.10.0.

The same rule would now also match unencoded strings.

With the latest version of YARA, 3.11.0, a YARA rule developer has now control over which XOR key range is used by modifier xor.

This is done by specifing an optional minimum-key – maximum-key range after the xor modifier, like this: xor(min-max).

The following rule has an xor modifier with key range 0x01-0xFF (minimum/maximum keys can be specified with decimal or hexadecimal values).

    rule xor_test {
            $a = “” xor(0x01-0xFF)

This rule will not match unencoded strings.


Didier Stevens
Senior handler
Microsoft MVP

(c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.

WARNING: LRO: 977: cannot aggr pkt from port 0x5000002 as lro session port is 0x5000004

We have started receiving the warning: “WARNING: LRO: 977: cannot aggr pkt from port 0x5000002 as lro session port is 0x5000004″.  The esx hosts are running 6.5 build 10884925.  I searched through VMware’s knowledge base, without success.  AS of yet I do not see any indications of a problem.  Any information around the error would greatly be appreciated.  We are using a nimble array with HP Proliant DL 380 G10, usiing