ESX 6.0 – The operation is not allowed in the current connection state of the host.

UPDATE:

The things in the posting did NOT work. According to IBM’s website, the fix is by removing a package:

esxcli software vib remove -n intel-cdmv2-provider

I got this message when trying to power on a vm, trying to deploy a template, and something else.

So I read this
https://communities.vmware.com/thread/331857?start=0&tstart=0
and then I go to the host and try restarting hostd (/etc/init.d/hostd restart) and it will no longer restart.

Looking into /var/log/hostd.log, it appears that /tmp is full:

2016-02-09T06:01:01.648Z info hostd[79EC2B70] [Originator@6876 sub=Vimsvc.ha-eventmgr] Event 620 : The ramdisk ‘tmp’ is full.
As a result, the file /tmp/auto-backup.6942719/local.tgz could not be written.

So I look into the /tmp directory and find a file that’s 256MB – cimple_log_err_messages

cat cimple_log_err_messages
2016/02/09 23:28:57:LOG FILE ERROR: log.cpp(610) : No CIMPLE_HOME env var defined. Looking for CIMPLE_HOME
2016/02/09 23:28:57:LOG FILE ERROR: log.cpp(610) : No CIMPLE_HOME env var defined. Looking for CIMPLE_HOME

The first thing I do is to clear up the file – just run:
> cimple_log_err_messages

Then I’m able to start hostd, but how do I stop the file from filling up again?

I find this kb: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2094441

Not that it helps! It’s for 5.x. I go to the IBM url and it just leaves me more confused.

I look into disabling CIM. I find instructions here: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1025757

ummm it’s for 5.x again. 🙁
Run the instructions and the sfcb watchdog just restarts by itself!

Finally, I poke around in the vSphere client and notice in the profile that there is some CIM stuff there. For the heck of it, I try disallowing communication with IBMIMM.

Screen Shot 2016-02-10 at 11.45.09 AM

I believe the log messages continued after disabling it, so I continued to disable CIM as well. After disabling CIM, the log messages stopped.

Screen Shot 2016-02-29 at 12.14.11 PM

 

Linux self-service firewall with Apache, Perl, IPtables, and UFW

I was recently in a situation where I was offering DNS service to some people. There just happened to be some records that were different from their ISPs DNS servers so I set up the server on my public IP address. I did not want to offer DNS to the world because last time I tried that, I got queries from all kinds of places for all kinds of records. I was initially opening up IP tables when people asked for the service and give me their IP address. After getting about 10 texts, I quickly got tired of collecting the IP addresses, so I made a webpage and with the perl script to write them to a list. With that, I would have a cron jobs go through the list and use UFW to update the IPTables to allow them access.

Here are the files inside of the directory where I’m creating the list.
dnsauth.tar

There’s a simple index.html file in the directory. It’s basically a form that asks for:
Name – who the person is. duh!
IP address – I want them to enter the IP address they want to authorize just in case they’re submitting someone else’s IP address.
Password – I don’t want just anyone to come in and get access to my DNS server.

The addip.cgi basically just writes all of those inputs and the IP address they’re coming in from into /tmp/iplist.txt in CSV format. I record the IP address they’re coming in from $ENV{‘REMOTE_ADDR’} just in case I get abuse or something.

The root user then has a cron job that runs through the iplist.txt file every 10 minutes. Here’s my file:

#!/bin/sh
if [ -f /tmp/iplist.txt ]; then
DATE=$(date +%Y%m%d)
cp /tmp/iplist.txt /home/alton/dnsservice/iplist.txt.$DATE
for i in `grep rice /tmp/iplist.txt | cut -f1 -d','`; do /usr/sbin/ufw insert 1 allow proto udp from $i to any port 53; done
grep rice /tmp/iplist.txt >> /home/alton/dnsservice/authorized_dns_ips.txt
grep -v rice /tmp/iplist.txt >> /home/alton/dnsservice/cheaters.txt
rm -rf /tmp/iplist.txt
sync
fi

Obviously, rice was my password. I just looped through the file and authorized anyone that used the right password. I also logged anyone that used the wrong password in /home/alton/dnsservice/cheaters.txt.

Hope this was useful! I welcome any comments. Obviously, this was quick and dirty. I’m sure there is a more secure way of doing this, but this is what came easy to me. Would love to hear your thoughts!

Getting VMware PowerCLI 6 to work on Windows 10

UPDATE: PowerCLI 6.3R1 has been released and fully supports  Windows 10, so there’s no need to do the hack anymore!

 

PowerCLI 6 is not supported on Windows 10 yet, but I just thought I would give it a try anyway. Upon installation of PowerCLI 6 on Windows 10, I was greeted with this unwelcome screen:

powercli6

Luckily and very quickly, I found this link: https://communities.vmware.com/thread/504866?start=0&tstart=0

Just an environment variable. Need to add PSModulePath with “C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI\Modules” as the value and reboot.

Screen Shot 2016-02-18 at 12.31.24 PM

Lenovo T400 blank screen issue on Windows 10

Someone who owns a very well SEO company came to me with a freshly installed Windows 10 OS on a Lenovo T400 and showed me that he would get a black screen at start up. He would suspend the machine (close the lid), and it would come back to normal. He would reboot, and the same problem would reproduce again.

This didn’t happen when he first installed the OS. Only happened after the OS was installed and Windows update was run. I was suspicious that it might be a driver issue, but Lenovo’s website didn’t show much.

Then looked into the device manager and saw this:

2016-02-01

What’s interesting here is that the laptop actually has 2 video cards. I think it’s for power savings. I took a gamble and disabled the Intel video card. The problem went away!

Update: Booted into the BIOS and under video settings, found that the Lenovo could install a Switchable graphics driver along with their power management software so that it could save power. So, my hunch was correct. So, no need to disable the Intel card. Just boot into the BIOS and set it to discrete or the other one, whatever it is. I just set mine to discrete.