Tag: Security

NSX-T Traffic Analysis Traceflow fails

So you are trying to do a traceflow to see where the traffic is going, but as it turns out it is not working. If this is the case, and if you are running NSX-T 3.2, and the segment that your VMs belong to is VLAN backed. Then I might have a solutions for you.

ERROR

Traceflow request failed. The request might be cancelled because it took more time than normal. Please retry.Error Message: Error: Traceflow intent /infra/traceflows/<guid> realized on enforcement point /infra/sites/default/enforcement-points/default with error Traceflow on VLAN logical port LogicalPort/<guid> requires INT (In-band Network Telemetry) to be enabled (Error code: 500060)

PowerCLI Script: Check if you have VMs with USB contollers

I light of many serious vulnerabilities in vSphere ESXi revolve around the USB controller, here is a script that will list the virtual machines that have an USB controller attached.

Requirements:

You need to have the VMware.PowerCLI module installed. This can be done with the commands:

VMware PowerCLI on Powershell Core

I recently installed Powershell Core om Ubuntu 18.04, and after installing the PowerCLI module. I ran into an error.

The error is not an uncommon one, but on Windows the error message makes a lot more sense, so I just wanted to let you know what this error actually means.

The error you might get when you try to connect to your vCenter server using the connect-viserver is the following:

Connect-VIServer : 9/27/18 10:41:37 AM	Connect-VIServer		The SSL connection could not be established, see inner exception.	
At line:1 char:1
+ Connect-VIServer <servername>
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : NotSpecified: (:) [Connect-VIServer], ViError
+ FullyQualifiedErrorId : Client20_ConnectivityServiceImpl_Reconnect_SoapException,VMware.VimAutomation.ViCore.Cmdlets.Commands.ConnectVIServer

The only hint here is “The SSL connection could not be established…”

This actually means that you do not have a valid certificate. And if you want to connect to vCenter without a valid certificate, you have to allow this.

You can either change you vCenter certificate to a trusted one, which is the correct solutions or you can ignore invalid certificates, which circumvents all security, but makes it work right now.

Set-PowerCLIConfiguration -InvalidCertificateAction:ignore

Please comment if this was helpful.

Enable SSL on Apache2 (Self-Signed)

Quick guide to getting a self signed certificate configured for Apache on Ubuntu 16.04.

All credits go to Justin Ellingwood. There is a link to his article at the bottom of this page. This is just a quick summery of what needs to be done to get SSL working, based on his article.

I do not recommend using self-signed certificates in production, as it does not provide any security what so ever! Deploy a signed certificate from your internal 2-Tier PKI infrastructure. If you do not have an internal PKI infrastructure, your need to get one!

Continue reading Enable SSL on Apache2 (Self-Signed)