I got it working, Installed JetPack on my WordPress site to integrate WordPress with FaceBook. – And Google+
Server’s Certificate cannot be Checked
When your Administration dashboard in VMware Horizon View 5.3 reports the error: Server’s certificate cannot be checked
View Administration dashboard displays Connection Server in red status.
View Administration dashboard displays Security Server in red status.
Clicking Connection Server in View Administration displays this error:
Connection Server certificate is not trusted
Clicking Security Server in View Administration displays this error:
Server’s certificate cannot be checked
You are able to connect externally through the Security Server.
The certificates on the server are valid.
This issue occurs if the Certificate Revocation List (CRL) includes a URL that cannot be accessed from the Connection Server paired to the Security Server.
Resolution
To resolve this issue, ensure that the Connection Servers that are paired with Security Servers are able to check the URL in the Certificate Revocation List (CRL), if your environment includes a proxy server that controls Internet access.
To work around this issue, create a CertificateRevocationCheckType registry string in Windows Registry.
Note: This procedure modifies the Windows registry. Before making any registry modifications, ensure that you have a current and valid backup of the registry and the virtual machine. For more information on backing up and restoring the registry, see the Microsoft article 136393.
To create a CertificateRevocationCheckType registry string in Windows Registry:
Note: If you are using multiple connection servers, you need to make this registry modification on all Connection Servers.
- Navigate to HKEY_LOCAL_MACHINESoftwareVMware, Inc.VMware VDMSecurity in the View Connection Server. Caution: Ensure that you make changes in the Connection Server and not the Security Server.
- Create the CertificateRevocationCheckType registry string (REG_SZ) and set its value to 1.
Configuring Kiosk Mode on Your Windows XP Computer
I know this is really, really old – but, I was asked this question the other day and wanted to bookmark it on my site for future reference.
Problem:
When I boot my Windows XP computer, I would like to always boot into a specific user account and I would like that user account to run an executable other than Windows Explorer (explorer.exe), such as a LabVIEW executable, otherwise known as Kiosk Mode. How can I accomplish this?
Solution:
Kiosk Mode is useful when you want to have a dedicated computer or user account to boot directly into a specific executable other than Windows Explorer (explorer.exe). This restricts the user’s access to other aspects of the computer.
To configure the computer to automatically log into a specific user account, you will need to modify the Windows Registry. Do this carefully by following these steps:
Click Start»Run.
Type the command regedit. Click OK.
Browse to the following registry key:HKEY_LOCAL_MACHINE»Software»Microsoft»Windows NT»CurrentVersion»Winlogon.
Double-click the DefaultUserName entry and enter in the name of the user account that you want to automatically log into. Click OK.
Double-click the DefaultPassword entry and enter in the password for the user account that you want to log into. Click OKIf there is not a DefaultPassword entry, create the value using the following steps:
Go to Edit»New»String Value.
Name the new value DefaultPassword and press Enter.
Double-click the newly created entry and enter in the password for the user account that you want to log into. Click OK.
NOTE: If no DefaultPassword string is specified, Windows XP automatically changes the value of the AutoAdminLogon registry key from 1 (true) to 0 (false) to turn off the AutoAdminLogonfeature.
Double click the AutoAdminLogon entry and enter in 1 for its Value Data. Click OK.If there is not an AutoAdminLogon entry, create the value using the following steps:
Go to Edit»New»String Value.
Name the new value AutoAdminLogon and press Enter.
Double-click the newly created entry and enter in 1 for its Value Data. Click OK.
Close the Registry Editor by going to File»Exit or by clicking the red X in the top right corner of the window.
Restart the computer by going to Start»Shutdown and then select Restart.
To configure a specific account to boot into Kiosk Mode, you will need to modify the Windows Registry. Do this carefully by following these steps:
Log into the user account that you wish to boot into Kiosk Mode.
Click Start»Run.
Type the command regedit. Click OK.
Browse toHKEY_CURRENT_USER»Software»Microsoft»Windows NT»CurrentVersion»Winlogon.
Add a new string value to this registry by going to Edit»New»String Value and name it Shell.
Double-click on this new string value and enter in the path to the executable you want to run instead of explorer.exe (e.g. C:LV StartupMyLabVIEWVI.exe).
Log out of the user account and log back in.
By combining these two configurations, you can set up your Windows XP machine to automatically bypass the user logon screen and boot into a specific user account that will run any executable you build instead of Windows Explorer (explorer.exe). You may want to customize the appearance of the executable by modifying its VI Properties. For example, you can have the executable maximize to fill the entire screen by changing the Position option is set to Maximized in the Window Run-Time Position category. You can also customize the Windows Appearance category so that user cannot close or resize the executable.
TIP: If you want to change the executable that is being run for a specific account, but are having trouble getting back to the Registry Editor because there is no longer a Start Menu, you can press Ctrl-Alt-Delete and select to run the Task Manager (if it not already running). Then select File»New Task (Run…) and type regedit in the box that pops up and click OK. This will run the Registry Editor.
Setting Up a New CRM Service, SuiteCRM
PHP Notice: Undefined index: custom in /var/www/html/themes/Suite7/css/colourSelector.php on line 95, referer:
PHP Notice: Undefined index: modlink in /var/www/html/themes/Suite7/css/colourSelector.php on line 70, referer:
I was getting these errors in my apache log, I am sure due to fact I changed colors in the theme, which I think is a real neat way of modifying the theme or this also happens when you use standard theme colors, which it probably does.
To get rid of this, i added to /var/www/html/config_override.php the following two lines:
$sugar_config['colourselector']['modlink'] = 'EEEEEE';
$sugar_config['colourselector']['custom'] = 'EEEEEE';
Why Doesn’t Storage vMotion Rename Files?
Storage vMotion does not rename files by default. In order to get the renaming behavior you will have to set an advanced setting within vCenter.. This is how you do it:
- Go to “Administration”
- Click on “vCenter Server Settings”
- Click “Advanced Settings”
- Add the key “provisioning.relocate.enableRename” with value “true” and click “add”
Restart vCenter service or vCenter Server
Now the renaming of the files during the SvMotion process should work again!
All of you who need this functionality, please make sure to add this advanced setting.
vmWare View Workstation Errors During Daily Maintenance
Today I was getting errors in my vCenter task bar complaining about Wipe an Flex-SE Virtual disk:
Wipe an Flex-SE virtual disk vmPC-019 A general system error occurred:
Wipe Disk failed: Failed to complete wipe operation.
Turns out vRanger Backup Solution had enabled Change Block Tracking for these VMs and vmWare doesn’t like that! Right click and disable change block tracking for the View VMs and you will no longer get the errors.
I used http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2039907 to help me figure out what was going on.
Automatically Distributing Proxy Settings To Clients with Astaro Security Gateway
When using a standard mode proxy, it can be difficult to easily distribute proxy settings to your users browsers. If you have more than a workgroup worth of computers, then manually changing each machine is likely not possible. Also, there are some instances where this can be problematic. For instance, laptop users must enable proxy settings within the office, but disable it when travelling. Also, some websites may not display properly when proxied, or you may want to skip proxying internal websites entirely. These problems call for a more dynamic solution.
What To Do
Using Web Proxy Auto-discovery Protocol (wpad.dat / proxy.pac)
This method has been widely tested, and all major browsers used today can take advantage of method. The web proxy autodiscovery protocol was designed to allow administrators to push out dynamic proxy configuration policies to their users. The core of this protocol is a configuration script commonly called a proxy.pac or wpad.dat file. This file contains a single Javascript function called FindProxyForURL. This function is called by the browser each time a URL is requested, and it returns instructions on whether or not a proxy should be used for a site, or from a network location.
Here is a sample script, which can be customized for your network. It meets two basic requirements of most customers. Proxy settings can be specified that will only be used when a machine is in a given location, and certain URLs can be specified that will be skipped from proxying. The lines beginning with // are only comments, and are not necessary for the script to function, but are useful in understanding how to customize this example.
//-----------------------------------------------------------------------
function FindProxyForURL(url, host)
{
//The following URLs will not be proxied
if ( dnsDomainIs(host, "domain.com")
|| dnsDomainIs(host, "company.com")
|| dnsDomainIs(host, "intranet.mycompany.com")
// Add new domains by customizing the line below,
// and removing the ‘//’ comment markers: //
|| dnsDomainIs(host, "your.domain.here")
)
return "DIRECT" ;
else {
// If the client is in one of the following networks
// set the proxy server they will use if (isInNet(myIpAddress(), "192.168.0.0", "255.255.0.0"))
return "PROXY 192.168.0.1:8080" ;
if (isInNet(myIpAddress(), "10.0.0.0", "255.0.0.0"))
return "PROXY 192.168.0.1:8080" ;
// Add new networks by customizing the lines below
// and removing the ‘//’ comment markers
// if (isInNet(myIpAddress(), "172.16.1.0", "255.255.255.0"))
// return "PROXY 10.92.168.0.1:8080" ;
// If the client is not in one of the above networks
// No proxy will be used
return "DIRECT" ;}}
//-----------------------------------------------------------------------
The above script can be saved to a file named proxy.pac, or wpad.dat, and will need to be hosted on a web server accessible by all of your workstations. Google provides a useful tool for testing auto-configuration scripts, called “pactester”. If you have problems with your script, this program may be useful. It can be found at http://code.google.com/p/pactester/ along with instructions on its use.
Creating the script is only the first step. In order to make use of this script, your browsers must know how to find it. There are several ways to do this. Most major browsers offer two options for automatically setting proxy configurations. Either can be used.
a) Automatic proxy configuration URL (FF), Use Automatic Configuration Script (IE) This option is the simplest. All that is needed is to put the full URL of where you placed the configuration script in the field next to this option in the browsers settings. For example: http://www.mydomain.com/proxy.pac When the browser is launched, it will download the file, and use it to configure proxy settings.
b) Auto-detect proxy settings for this network (FF), Automatically detect settings (IE) There are two ways that a browser can automatically discover the proxy configuration. The first, and most common method, is to create a dns record for the default domain that your client machines are in, called wpad. This hostname should point to the IP of a webserver, that contains your script named wpad.dat, in the root path of that server. For example, if the default domain name given to your workstations is internal.mydomain.com, then with the above option selected, browsers will try to download the following url: http://wpad.internal.mydomain.com/wpad.dat
If the supplied URL exists, then your browsers will use this option to configure their proxy settings.
The second option is to provide the auto configuration URL through DHCP. This is less commonly used, and may not be possible for all DHCP servers. To use this method, your DHCP server must be capable of configuring additional option values, and you must configure option 252 as a text option. This option will then contain the URL of your autoconfig script, which will be distributed to clients when they receive a DHCP assigned address on the network.
Regardless of which method you choose, you may need to have changes made in each user’s browser.
To do this, there are a number of methods we recommend.
1) Ask users to make the change In an organization where users are not restricted from configuring such settings themselves, this option can work surprisingly well. A clear set of instructions sent to users can be easy to follow, even for non technical users. “Dear user, Two weeks from today, we will be making changes to our firewall, which will require a setting changed in your browser. Without this change, you will not be able to surf the web after the cutoff; however, you can make this change at any time before then. Please follow these simple instructions:”
2) Active Directory group policy Active Directory network admins have a simple method to push proxy settings out to all IE browsers running on Windows machines that are part of their domain. A group policy option can be set in Active Directory to set proxy autoconfiguration settings on users browsers from a central group policy for users, OUs or entire domains. Similar features are also available for firefox running on windows workstations, using a variety of third party tools. Two free projects which provide group policy support for firefox are FirefoxAdm(http://sourceforge.net/projects/firefoxadm and Wetdog(http://wetdog.sourceforge.net/). Both provide group policy adm templates to allow policies to be set in active directory. Implementation of those policies is done through scripts in the case of firefoxadm or an exe in the case of wetdog that must be referenced in users login scripts. An additional commercial option is Frontmotion(http://www.frontmotion.com/Firefox/index.htm) who provides customizable MSI packages of firefox that will read and apply group policy settings.
3) Login Scripts This method can be used in other environments such as Novell eDirectory. For IE, configuration settings can be distributed in the form of a registry file. You can either push out hard set proxy settings, or the autoconfiguration URL. Here is an example of a .reg file.
Not all lines are needed, depending on what you want to set.
//-----------------------------------------------------------------------
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings]
"ProxyEnable"=dword:00000001
"ProxyServer"="10.129.0.1:8080"
"ProxyOverride"="*.local;<local>"
"AutoConfigURL"="http://192.168.0.1/wpad.dat"
//-----------------------------------------------------------------------
The above file should be saved as proxy.reg, and can be merged to the registry from a login script as follows:
regedit.exe /s proxy.reg
Bitlocker GPO Settings
POLICY | SETTING | COMMENT |
---|---|---|
Removable Disks: Deny write access | Disabled |
POLICY | SETTING | COMMENT | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Turn on TPM backup to Active Directory Domain Services | Enabled | |||||||||||||||
|
POLICY | SETTING | COMMENT | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Choose default folder for recovery password | Enabled | |||||||||||||||||
|
||||||||||||||||||
POLICY | SETTING | COMMENT | ||||||||||||||||
Choose drive encryption method and cipher strength | Enabled | |||||||||||||||||
|
||||||||||||||||||
POLICY | SETTING | COMMENT | ||||||||||||||||
Choose how users can recover BitLocker-protected drives (Windows Server 2008 and Windows Vista) | Enabled | |||||||||||||||||
|
||||||||||||||||||
POLICY | SETTING | COMMENT | ||||||||||||||||
Prevent memory overwrite on restart | Disabled | |||||||||||||||||
Provide the unique identifiers for your organization | Enabled | |||||||||||||||||
|
||||||||||||||||||
POLICY | SETTING | COMMENT | ||||||||||||||||
Store BitLocker recovery information in Active Directory Domain Services(Windows Server 2008 and Windows Vista) | Enabled | |||||||||||||||||
|
POLICY | SETTING | COMMENT | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Allow access to BitLocker-protected fixed data drives from earlier versions of Windows | Enabled | |||||||||||||||||
|
||||||||||||||||||
POLICY | SETTING | COMMENT | ||||||||||||||||
Choose how BitLocker-protected fixed drives can be recovered | Enabled | |||||||||||||||||
|
||||||||||||||||||
POLICY | SETTING | COMMENT | ||||||||||||||||
Configure use of passwords for fixed data drives | Enabled | |||||||||||||||||
|
||||||||||||||||||
POLICY | SETTING | COMMENT | ||||||||||||||||
Deny write access to fixed drives not protected by BitLocker | Enabled |
POLICY | SETTING | COMMENT | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Allow enhanced PINs for startup | Enabled | |||||||||||||||||
Choose how BitLocker-protected operating system drives can be recovered | Enabled | |||||||||||||||||
|
||||||||||||||||||
POLICY | SETTING | COMMENT | ||||||||||||||||
Configure minimum PIN length for startup | Enabled | |||||||||||||||||
|
||||||||||||||||||
POLICY | SETTING | COMMENT | ||||||||||||||||
Require additional authentication at startup | Enabled | |||||||||||||||||
|
||||||||||||||||||
POLICY | SETTING | COMMENT | ||||||||||||||||
Require additional authentication at startup (Windows Server 2008 and Windows Vista) | Enabled | |||||||||||||||||
|
POLICY | SETTING | COMMENT | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Allow access to BitLocker-protected removable data drives from earlier versions of Windows | Enabled | |||||||||||||||||
|
||||||||||||||||||
POLICY | SETTING | COMMENT | ||||||||||||||||
Choose how BitLocker-protected removable drives can be recovered | Enabled | |||||||||||||||||
|
||||||||||||||||||
POLICY | SETTING | COMMENT | ||||||||||||||||
Configure use of passwords for removable data drives | Enabled | |||||||||||||||||
|
||||||||||||||||||
POLICY | SETTING | COMMENT | ||||||||||||||||
Control use of BitLocker on removable drives | Enabled | |||||||||||||||||
|
||||||||||||||||||
POLICY | SETTING | COMMENT | ||||||||||||||||
Deny write access to removable drives not protected by BitLocker | Disabled |
Determining which replica disk is used for a linked clone virtual machine
Purpose
Resolution
- Log into the ESX host as root. In ESXi connect to the console, press Alt + F1 and type unsupported.
- Run the command:
find /vmfs/volumes/ ( -size -1500c ) -name *.vmdk -exec grep replica {} -H ; | grep ‘parentFileNameHint=’ > replicalist.txt - Run the command:sed s/:/’–>>’/ < replicalist.txt >replicalist2.txt
- Run the command:less replicalist2.txtThe output is similar to:/vmfs/volumes/4cceb02c-6fba721c-a0ff-001e0b1f4ca2/test-2/test-2.vmdk–>>parentFileNameHint=”/vmfs/volumes/4cceb02c-6
fba721c-a0ff-001e0b1f4ca2/replica-8581f32c-a851-448e-8ea8-/replica-8581f32c-a851-448e-8ea8-.vmdk”
/vmfs/volumes/4cceb02c-6fba721c-a0ff-001e0b1f4ca2/test-1/test-1.vmdk–>>parentFileNameHint=”/vmfs/volumes/4cceb02c-6
fba721c-a0ff-001e0b1f4ca2/replica-8581f32c-a851-448e-8ea8-/replica-8581f32c-a851-448e-8ea8-.vmdk”The Linked Clone virtual machines and the replicas are separated by –>>. The Linked Clone desktops are to the left and the replica is to the right. In addition to Pool Desktops, other virtual machines are also listed.
The replica name shown in vCenter Server is longer than the folder name and .vmdk name in the datastore.
For example:
-
- vCenter Server name – replica-ae5923a9-4991-41e7-ba03-07c61429d839
- vmdk name – replica-ae5923a9-4991-41e7-ba03-.vmdk
Use LAN Only When Connected to Wired and Wireless
This step assumes Windows 2003/2008 is your DHCP server for your Wireless network. Raising the wireless gateway metric to a value greater than your LAN metric will force traffic to use the lower metric.
a) Right click Scope Options on your wireless scope and choose “Configure Options”.
b) Click “Advanced” tab.
c) For Vendor Class, choose “Microsoft Windows 2000 Options”
d) Put a check in “003 Microsoft Default Router Metric Base”
e) Set a value fit for your situation. I use 0x1f4 which gives it a metric of 525, which is higher than all other network metrics we use.
You can repeat the above steps for all your WIRED scopes, giving them a value of 0 for the metric. This is the BASE VALUE of 10. This is only needed IF your base value is greater than 10 (you can see the value by running “route print” from the command line).
For more information, see http://technet.microsoft.com/en-us/library/cc782411%28WS.10%29.aspx, do a search on page for “default router metric base”.