Category Archives: VMware

“HSTS Missing From HTTPS Server” TCP/IP issue

This post was originally published on this site

Hello,

 

My Nessus scanner returned me 3 new vulnerabilities for my vCenter 6.7 (Windows version) =>

 

9443/tcpHSTS Missing From HTTPS Server

Description: The remote HTTPS server does not send the HTTP “Strict-Transport-Security” header.

7444/tcpHSTS Missing From HTTPS Server

Description: The remote HTTPS server does not send the HTTP “Strict-Transport-Security” header.

5443/tcpHSTS Missing From HTTPS Server

Description: The remote HTTPS server does not send the HTTP “Strict-Transport-Security” header.

 

I’m looking for a way to fix that.

i didn’t find any information into the Vmware KB.

 

Port 9443 =>  vSphere Web client HTTPS

Port 7444 => vCenter Single-Signe On

Port 5443 => vCenter Server graphical user interface internal

 

I already tried to modify the Web.xml (C:ProgramDataVMwarevCenterServerruntimevsphere-clientserverconfigurationconf) where i have found a section related to enable HSTS but after these changes my vCenter Web client (Flash) didn’t start at all.

I have added in the “Filter definitions” section =>

    <filter>
        <filter-name>httpHeaderSecurity</filter-name>
        <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
        <async-supported>true</async-supported>
        <init-param>
            <param-name>hstsEnabled</param-name>
            <param-value>true</param-value>
        </init-param>
        <init-param>
            <param-name>hstsMaxAgeSeconds</param-name>
            <param-value>30758400</param-value>
        </init-param>
        <init-param>
            <param-name>hstsIncludeSubDomains</param-name>
            <param-value>true</param-value>
        </init-param>
        <init-param>
            <param-name>antiClickJackingEnabled</param-name>
            <param-value>false</param-value>
        </init-param>
        <init-param>
            <param-name>blockContentTypeSniffingEnabled</param-name>
            <param-value>false</param-value>
        </init-param>
    </filter>

 

And in the “Filter Mappings” section =>

    <filter-mapping>
        <filter-name>httpHeaderSecurity</filter-name>
        <url-pattern>/*</url-pattern>
        <url-pattern>*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
    </filter-mapping>

 

In my company, all TCP issues have to be fixed or justified if not possible … not always easy.

 

Do you have an idea ???

New VLAN not communicating with Cisco

This post was originally published on this site

So, brand new to VSphere and having an issue. I’m usually the cisco guy but just getting into VMware.

 

I built out a new VLAN on a catalyst switch and got it up and running. After the issue started I even opened up a cisco TAC case so they could verify my design and build.

 

Issue is the switch is sending out arp requests but vsphere is not responding. In Vsphere the IP is set on the new server with correct IP and subnet and gateway. Connected the host with the correct VLAN. Only indication of a problem is the physical adapter does not see the VLAN or subnet…well and the server shows no internet connection.

Bug in ESXi 6.? when handling VMDKs created by Workstation

This post was originally published on this site

Some versions of ESXi 6 do not treat VMDKs created by Workstation correctly.

To be precise this is about the format

createType=”twoGbMaxExtentSparse”

 

That format when it is accepted by ESXi comes with a text descriptorfile plus one large file typically named name-s001.vmdk

 

Warning: this format will prevent automatic backuptools from doing their job and it also prevents you from merging snapshots back into the basedisk.

The behaviour is inconsistent !

ESXi should either (preferably) deny using this format in the first place – which is the intented behaviour – or it should be able to handle it correctly : including the function of merging snapshots.

 

Most probable reason why you may have this vmdk-type at all on ESXi is manual imported VMs from Workstation or Fusion when the admin is not aware of the inconsistent treatment of this vmdk-type.

 

According to the VMware documentation this should not happen !

 

Ulli

Broker Session TimeOut after 10 hours. Registry changing isn’t work.

This post was originally published on this site

Hello!

Active session closes after 10 hours with table”Broker Session TimeOut”

I changed setting in registry and policy. But it is not work.

HKLMSoftwareVMware, Inc.VMware VDMAgentConfigurationXMLAPI key SessionTimeout

As well as “userIdleTimeout” key and other.

In console “Forcibly disconnect users: Never”

Horizon 7, agents 7.1

 

Please tell me where to look for the problem?

suspend (freeze) a machine in RAM instead of creating memory dump into hard disk

This post was originally published on this site

I know there is no such an option, but it is possible to request such an option?

 

leaving the machine on is not a good idea cause the VM sometimes will start tasks on IDLE (esp windows) and that will slow down the host,

 

And I am using SSD, creating 16GB memory dump every time I want to suspend my machine will kill my SSD

 

Is it possible to add an option to mimic virtual box “pause” option will just pause the machine in RAM?

 

thanks,

Why did JMP get discontinued?

This post was originally published on this site

I’m having difficulties as to why the JMP(Just in time platform) is no longer in use in Horizon 8. Anyone know why?

 

I found it quite nice to be able to manage and maintain departments one by one. But since Jump is just a bundle of.xml configuration files. Will i be able to utilize them somewhere else? For example DEM?

 

What products are similar to JMP?

 

Am i maybe misunderstanding the statement?

 

 

Error connecting remote USB device

This post was originally published on this site

I have a Windows host and a remote Kali Linux guest (via vSphere, the reason I put this question to the Workstation section is described below). The remote guest is accessed via VMWare Workstation Pro 15.5.6 build-16341506.

 

 

My problem is: I want to connect my Google Pixel to the remote Kali guest.

 

 

The remote USB connection always works on the first connection, but when I unplug the Pixel or restart my host or the guest and then try to connect the Pixel to the remote Kali guest again (VM -> Removable Devices -> Google Pixel -> Connect (Disconnect From Host) ), I always get the following error:

 

 

Error connecting remote USB device: The device “Google Pixel” disconnected: a connection error occured.

 

 

 

 

Why i suspect this to be a Workstation issue:

I already figured out that when I run the Workstation 15.6 installation EXE, choose “Repair”, let the repair finish and then restart my host, the problem disappears and I can connect the Pixel to the remote guest — however again, it only works until I either disconnect the Pixel or restart either my host or my guest system.

 

 

 

 

How do I get rid of this problem? Is there a better way to than to Repair the Workstation installation every morning?

 

 

Thank you for your advices.

Linux Multiuser on Physical Server

This post was originally published on this site

Hullo,

 

can I user the linux agent on a physical server to create a multiuser desktop pool?

 

BTW, is the the correct syntax for installing in multiuser mode this one if you have a stand alone VM/server?

 

./install_viewagent.sh -A yes -M no -b connection-server.fqdn -u adajoinuser -d domain -n machinename  -k domain-controller.fqdn –multiple-session

 

Thanks

 

Cristiano

Unable to access vCD portal

This post was originally published on this site

It is a new standalone vCD 9.7.0.4 instance with SQLExpress 2017 database. I am aware SQL Express is unsupported however I am using it for development purpose. vCD service is running and I could see the application started successfully from cell.log. Attached the log bundle.

cell.log:

=========

Application Initialization: ‘com.vmware.vcloud.common.core’ 95% complete. Subsystem ‘com.vmware.vcloud.jax-rs-servlet’ started

Application Initialization: ‘com.vmware.vcloud.common.core’ 100% complete. Subsystem ‘com.vmware.vcloud.ui-vcloud-webapp’ started

Application Initialization: ‘com.vmware.vcloud.common.core’ complete.

Successfully handled all queued events.

Successfully verified transfer spooling area: /opt/vmware/vcloud-director/data/transfer

Cell startup completed in 0m 48s

 

# service vmware-vcd status

vmware-vcd-watchdog is running

vmware-vcd-cell is running