Enable Virtualization-based Security on a Virtual Machine on Nested ESXi Server in VMware Workstation

First Step Shutdown ESXi Server enable Encryption
Graphical user interface, application

Description automatically generated

Second Add vTPM

Graphical user interface, application, Word

Description automatically generated

Boot ESXi Server(s)

Configure Key Providers (Add Native Key Provider)

Graphical user interface, text, application, website

Description automatically generated

A screenshot of a computer

Description automatically generated

Now you can add vTPM to you VM
Don’t forget to enable VBS

Graphical user interface, application

Description automatically generated

Create GPO SRV 2022 – Virtualization Based Security and I did Apply only to my Server 2022 Lab Environment
Graphical user interface, application

Description automatically generated

System Information on my Server 2022 Lab Server
A screenshot of a computer

Description automatically generated with medium confidence

How to setup a remote PowerShell-session with Exchange 2013

Now I want to manage my Exchange 2013 environment from the Windows 8 workstation, no Exchange tools are installed on the Windows 8 laptop. In a few simple steps you can open a remote PowerShell session to one of the Exchange Servers.

Logon to the Windows 8 machine and start the ‘Windows PowerShell ISE

 

$RemoteEx2013Session = New-PSSession -ConfigurationName Microsoft.Exchange `
                                     -ConnectionUri http://servername/PowerShell/ `
                                     -Authentication Kerberos -Credential (Get-credential)
Import-PSSession $RemoteEx2013Session

Save this to Remote Exchange 2013 Powershell.ps1

Don’t forget setting your Powershell to unrestricted with: set-executionpolicy unrestricted

Part 1: Running XPEnology under Hyper-V

Some times you find a cool feature on the internet.

XPEnology is an operating system based on Synology DiskStation Manager (DSM). This is possible because Synology DSM has developed under the GPL license . As a result, it is free to use and adapt by third parties. The advantage of XPEnology is that it is compatible with many different hardware and so you almost any old PC / server can use as a NAS. Also you can also XPEnology as a virtual machine (VM) running on ESXi for example, Hyper-V, VirtualBox.

With this flexibility, functionality and ease XPEnology offers a good alternative to a Synology NAS or other NAS solutions.

On XPenology.nl you will find great articles how to run the Software on Hyper-V, ESXi, Workstation and on dedictad hardware.

So i followed this guide: http://www.xpenology.nl/hyper-v-installatie/

image

image

image

Awesome!!! Open-mouthed smile Open-mouthed smileOpen-mouthed smile

Things to do:
1. Hyper-V Harddisk Pass Through
2. Install & Config SABnzbd
3. Install  &Config Sickbeard
4. Install & Config Couchpotato
5. Config my Diskstation with DNLA to my TV

Keep you posted!!!

VMware Workstation 10

VMware Workstation takes virtualization to the next level:

  • Support for the latest Guest OS’es like Microsoft Windows 8.1 and various Linux distributions.
  • The new hardware version 10 introduces even bigger and better Virtual Machines
    Up to 16 vCPUs
    64GB of vRAM
    8TB disks.
    vSATA support has been added
    Up to 20 networks can be defined.
    Various USB improvements (usb3 stream support, among other things)
    SSD pass through makes for better support of the underlying hardware platform.
  • New Virtual Appliances created with the Workstation team to quickly run various cloud stacks like Pivotal, Puppet Labs and Vagrant.

The team has included various smaller improvements in the product as well:

  • Better multi-monitor support for up to 4 screens
  • Unity mode has been enhanced to seamlessly work with Windows 8.1 UI changes
  • An updated version of VMware Converter has been built in and adds support for P2V’ing a Windows 8.1 machine
  • New option to display the VM console using VMware-KVM, a ‘screen-only’ window without any bells or whistles.

Immidio releases new version of Flex+ with Support of Windows 8 & Server 2012 & APP-V 5.0

Today, Immidio releases an updated version of its flagship product Flex+. With the Immidio Flex+ workspace virtualization solution, end users get a personalized and dynamic Windows desktop that adapts to their specific situation based on aspects like role, device and location.

Modern workforces expect flexibility from their employers; users need to have the capability to work anywhere with multiple devices and a high degree of self-service. With Flex+ workspace virtualization, Immidio enables such a flexible workstyle in a simple, scalable, extensible and affordable manner, without introducing additional complexity. Immidio Flex+ uses the existing Windows infrastructure, ensuring a low total cost of ownership.

Next to many small improvements, the latest version of Immidio Flex+ contains new features that were mostly developed based on feedback from Immidio’s partners and customers. The focus of this release is to support the latest Windows versions and application virtualization technologies, providing users with an even more dynamic desktop experience and improving the administration of Flex+ in enterprise environments.

Flex+ multi-tenancy support for IT departments
Immidio Flex+ has always supported multi-tenant environments, and this release introduces much improved management of scenarios with multiple environments, such as different customers, DTAP, or separately managed organizational divisions, for instance.

Such setups can now be managed from within a single instance of the Flex+ management console, making it possible for the IT department to switch between these environments and also export configuration items from one environment to another.

An even more dynamic desktop experience
In the initial release of Flex+, Immidio introduced many capabilities for managing the user environment. Flex+ support for shortcuts, file type associations and printers is now even more powerful thanks to the new UEM Refresh feature, which during a Windows session reapplies these user environment settings, dynamically re-evaluating conditions.

Another new feature is Triggered Tasks which executes a custom or built-in task (like UEM Refresh) when a certain trigger occurs. The triggers that Flex+ supports are the lock/unlock of a workstation and disconnect/reconnect of a remote session in VDI and RDS environments.

To improve the dynamic adaption of the Windows user environment, based on role, device and location, this release extends the conditions available in Flex+. The new battery condition makes it easier to detect laptops and tablet devices. The new “Computer or User in Active Directory” condition helps determine the role of the user within the organization and the place of the currently used device within the IT infrastructure.

Support of latest technologies
Immidio Flex+ now supports personalization for Microsoft App-V 5.0, in addition to the existing App-V 4.x integration. Platform support has been extended with Windows 8 and Server 2012.

Other improvements
Many other improvements have been made to the Flex+ management console and client component. These are all documented in the Administrator’s Guide of this Flex+ release.

Issue with Windows Management Framework 3.0 on Exchange 2007 and Exchange 2010

Recently, Windows Update began offering the Windows Management Framework 3.0 as an Optional update. This includes all forms of update distribution, such as Microsoft Update, WSUS, System Center Configuration Manager and other mechanisms. The key bit here is that the Windows Management Framework 3.0 includes PowerShell 3.0.

Windows Management Framework 3.0 is being distributed as KB2506146 and KB2506143 (which one is offered depends on which server version you are running – 2008 Sp2 or 2008 R2 Sp1).

What does that mean to you?

Windows Management Framework 3.0 (specifically PowerShell 3.0) is not yet supported on any version of Exchange except Exchange Server 2013 (which requires it). If you install Windows Management Framework 3.0 on a server running Exchange 2007 or Exchange 2010, you will encounter problems, such as Rollups that will not install, or the Exchange Management Shell may not run properly.

We have seen rollups not installing with the following symptoms:

  • If rollup is installed through Microsoft Update, the installation might error with error code of 80070643
  • If rollup is installed from a download, the error displayed is “Setup ended prematurely because of an error.”
  • In both cases, event log might show the error with an error code of “1603”

Exchange Team adviced that Windows Management Framework 3.0 should not be deployed on servers running Exchange 2007 or Exchange 2010, or on workstations with the Exchange Management Tools for either version installed. If you have already deployed this update, it should be removed. Once the update is removed, functionality should be restored.

VMware Workstation 9.0.1

In this “maintenance” release we can see that few OS support has been added and some bug fixes has been issued as well. This release comes only after two and half months, where VMware Workstation 9 has been released.

What’s new in the Version 9.0.1 – Build Number:894247

  • Support for Ubuntu 12.10 as a host and guest.
  • Solaris 11 has been added to guest OS list

Fixes:

  • When powering on a virtual machine with Binary Translation on a SMEP-capable CPU, Workstation no longer causes the host to reset. If you run Windows 8 hosts on Ivy Bridge processors, VMware strongly recommends that you update your installation of Workstation.
  • Several security vulnerabilities have been addressed, including updating third party libraries.
  • The Workstation plug-in for Visual Studio has been updated to work with Visual Studio 2012.
  • For host systems with more than 4GB of memory, Workstation will use more of the available memory to run virtual machines.
  • The ability to mount a .vmdk file as a drive by right-clicking the file in File Explorer has been restored.
  • Streaming a virtual machines has been fixed.
  • Occasionally, certain elements in the Windows 8 user interface were incorrectly displayed. This has been fixed.
  • After disconnecting certain USB devices from a virtual machine, Workstation would prevent devices from being reconnected without restarting the virtual machine. A more comprehensive error handling code has been added to prevent this problem from occurring.
  • To improve application startup performance, the data being collected as part of the optional User Experience Improvement Program will no longer be aggregated on every launch of Workstation.
  • Remotely retrieving the IP address of an Ubuntu virtual machine with an IPv6 address assigned failed unless an IPv4 address was also assigned to the virtual machine. This no longer occures.
  • With IPv6 disabled on the host, the Linux version of Workstation is now able to share virtual machines.
  • When you import an OVA file of a virtual machine running the Datacenter version of Windows Server, the network adapter failed to be configured correctly. This is now fixed.
  • Closing Workstation in the middle of a cut and paste operation no longer causes the Workstation user interface to crash.
  • After unsharing a virtual machine configured to use client-side devices, you can now reconfigure the device settings to use local devices.
  • Easy Install on the Linux version of Workstation now recognize all compatible operating systems.
  • The VMware monitor has been updated to work with Linux kernel 3.5.
  • On the Linux version of Workstation, entering a permanent license key after using an evaluation key now removes the days remaining evaluation indicator.
  • The network adapter configuration screen now correctly preserves the Custom network settings.
  • You can now remove a Network if network settings changes are pending.
  • The Use physical drive radio button for a floppy device was disabled when connecting to a shared virtual machine or remote virtual machine a on host without a physical floppy device. This is now fixed.
  • Animated cursors are now displayed correctly in a virtual machine.

Source: VMware Workstation 9.0.1 Relese Notes Release notes

Windows Assessment and Deployment Kit (ADK) and vSphere 4 does not work together

When you using vSphere 4 and and using MDT 2012 update1 with Windows Assessment and Deployment Kit you run in de following error. Same thing wil also with Workstation 8.clip_image001

Solution 1: Do not install Windows Assessment and Deployment Kit on your MDT Server. You can still using MDT 2012 Update 1 with waik 3.5 if not deploying Windows 8 or Windows 2012 right now.

Solution 2: Upgrading you vSphere server to the latest version (5.1) or Upgrade Workstation to latest version (Version 9).

VMware Workstation 9

Windows 8

Workstation 9 has been designed to run on Windows 8 and run Windows 8 virtual machines. Easy Install has been enhanced to recognize Windows 8. Workstation 9 has been enhanced to support the Windows 8 user interface (formerly known as Metro). Toggling between Metro and the Windows Desktop can be done by simply pressing the Windows key on the keyboard and Unity intelligently handles the Metro interface. Workstation 9 also includes multi-touch support for driving the Windows 8 Metro interface running in Workstation on a Windows 8 tablet.

Graphics Improvements

VMware has made substantial changes to Workstation 9 graphics virtualization infrastructure. The enhancements include a display-only graphics driver that can render 3D in Windows 8 without hardware acceleration, improvements to make graphics applications like AutoCAD and SolidWorks render more quickly and accurately, an improved Windows XP graphics driver and fundamental changes to improve performance and enable more advanced graphics capabilities in the future.

OpenGL for Linux Guests

VMware has developed an OpenGL graphics driver and up-streamed it to X.Org. This allows VMware’s customers to use the new graphics capabilities in current Linux distributions without needing to install VMware Tools. The version of X.Org that includes the driver is being shipped in Ubuntu 12.04 among other Linux new distributions. Workstation 9 includes enhancements to the virtual graphics device to improve the overall speed and accuracy of rendering OpenGL graphics in Linux virtual machines.

Restricted Virtual Machines

This new capability allows the author of an encrypted virtual machine to require users to enter an additional password to change their virtual machine settings. This feature enables IT professionals and educational institutions to create virtual machines to be used by their employees and students that prevent these users from enabling shared folders, dragging and dropping files, attaching USB devices, and overcommitting system resources. Restricted virtual machines can be run in VMware Workstation 9, VMware Player 5, and VMware Fusion 5 on Windows, Linux or Mac PCs.

WSX

WSX is a prototype of a new VMware Workstation web interface that enables users to access their Shared virtual machines via a web browser on a tablet, smart phone or PC without installing any additional applications or browser plug-ins. This service renders an HTML5 web page that can connect to your Workstation hosts, enumerate the available Shared virtual machines and allow you to power them on and interact with the desktop. Both the Windows .msi and Linux .bundle installations are available for download along with VMware Workstation 9.0

WSX is currently not supported for production environments. The number of devices and browsers available on the market make it extremely difficult to test this feature thoroughly to ensure it works well everywhere.

This feature requires a very modern browser that supports HTML5 with WebSockets. VMware recommends using the Google Chrome 17 browser on PCs and the Apple Safari 5 browser on Mac OS hosts and iPads. Currently there are issues using this feature with Microsoft Internet Explorer 10. WSX may work with other browsers and on Android tablets running Ice Cream Sandwich with the latest version of Google Chrome installed, but more testing is required.

Downloading Virtual Machines from vSphere

Workstation 8 enabled customers to upload virtual machines to vSphere. Workstation 9 now enables downloading virtual machines from vSphere by dragging them from the remote host to the My Computer section of the Virtual Machine Library.

USB 3.0

Workstation 9 supports attaching USB 3.0 devices to Windows 8 virtual machines. The latest portable devices use USB 3 (SuperSpeed) to achieve faster transfer rates for data. USB 3.0 devices such as portable storage devices and video equipment can be connected directly to Windows 8 and Linux virtual machines that contain in-box drivers USB 3.0 controllers.

Nested Virtualization

Workstation 9 improves the implementation of virtual Intel VT-x/EPT or AMD-V/RVI extensions. This allows users to run ESX as a guest OS and run a 64-bit operating system nested in ESX using less system resources.

Note: If you enabled the virtualization extensions in a virtual machine running on Workstation 8, you might need to disable the extensions, upgrade the virtual machine to the latest virtual hardware version (compatible with Workstation 9), and then re-enable the extensions.

Hyper-V

Hyper-V has been added to the Workstation 9 guest operating system list. This enables customers to run Windows 8 with Hyper-V enabled, or install Hyper-V Server. This can be used for educational purposes or for building prototype Hybrid Clouds. This feature is NOT SUPPORTED and probably never will be. Microsoft does not support nesting of their hypervisor which makes it extremely difficult – if not impossible for VMware to fix issues that may occur in this configuration. For this reason, this capability has been implemented purely to see if we could do it!

CAUTION: DO NOT ATTEMPT TO RUN HYPER-V ON A VIRTUAL MACHINE IN PRODUCTION.

Virtual Performance Counters

VMware virtual processors now include the capability to enable virtual performance counters which will allow developers to run profiling applications, such as Intel’s vTune, in a virtual machine.

Remoting Improvements

The experience when remotely connecting to a virtual machine running in Workstation 9 with a VNC client or interacting with the desktop of a virtual machine running on vSphere from within Workstation has been significantly improved.

Disk Cleanup

Virtual machines consume a large amount of space on your hard drive. Workstation 9 includes a new management option to easily recover disk space.

Quick Switch II

Previous versions of VMware Workstation included a view mode called "Quick Switch" that displayed tabs along the top of the screen to easily switch between running virtual machines. We removed this functionality in Workstation 8. The feedback we received has encouraged us to introduce a similar feature. On Windows, hosts tabs have been included in the full screen toolbar.

Thumbnail Actions

Views of your virtual machine on the task bar now include controls to change the power state.

Saved Filters

Workstation 9 automatically saves recent virtual machine library searches as filters to easily apply them the next time you run Workstation.

Download Licensed Copy

TMG2010: Server Configuration does not match the stored configuration

Issue: Not Synced Server Configuration does not match with stored configuration

image4

Cause: FF TMG 2010 Array certificates expired.

Solutions: The following steps will fix the issue. Please note that I am explaining the situation where my TMG 2010 enterprise Array is deployed in workgroup.

Step1: Run ISA BPA on TMG 2010 Array Member

image1

Step2: Verify certificate expiry date

1. From the Start menu, click Run. Type MMC, and then click OK.

2. In MMC, click File, and then click Add/Remove Snap-in.

3. Click Add to open the Add Standalone Snap-in dialog box.

4. From the list of snap-ins, select Certificates, and then click Add.

5. Select the service account and click Next.

6. Click Next.

7. Select ISASTGCTRL and click Finish.

8. Browse to ADAM_ISASTGCTRL\Personal > Certificates.

9. Open the certificate to see if it is expired.

Step3: Create a Request.inf file. Open notepad and copy the following and paste into notepad. modify CN and domain details as per your own requirement. rename the file as request.inf. An example of the inf file is:

[Version]

Signature=”$Windows NT$

[NewRequest]

Subject = “CN=myTMG.mydomain.com”

EncipherOnly = FALSE

Exportable = TRUE  

KeyLength = 1024

KeySpec = 1 ; Key Exchange

KeyUsage = 0xA0 ; Digital Signature, Key Encipherment

MachineKeySet = True

ProviderName = “Microsoft RSA SChannel Cryptographic Provider”

ProviderType = 12

RequestType = CMC

; Omit entire section if CA is an enterprise CA

[EnhancedKeyUsageExtension]

OID=1.3.6.1.5.5.7.3.1 ; Server Authentication

[RequestAttributes]

CertificateTemplate = WebServer

Step4: request Certificate to the Root/Subordinate CA

Open a elevated command prompt. At the command prompt, type the following command, and then press ENTER:

certreq -new –f request.inf certnew.req

Important! This command uses the information in the Request.inf file to create a request in the format that is specified by the RequestType value in the .inf file. When the request is created, the public and private key pair is automatically generated and then put in a request object in the enrollment requests store on the local computer.

Step5:Submit the request and obtain certificate

Open a elevated command prompt. At the command prompt, type the following command, and then press ENTER:

certreq -submit certnew.req certnew.cer

Important! certnew.req is generated in the previous command. certnew.cer is the certificate you are looking for.

An alternative way of submitting certificate to CA

  1. Open Certificate Authority
  2. Right Click on CA Server>All Task>Submit a New request
  3. Point to the location of certnew.req file
  4. Save Certificate As certnew.CER file into the preferred location

Step6:Convert certificate into .pfx format

Import the certificate certnew.cer into a server or an admin workstation

1. On the head node, click Start, click Run, and then type mmc to start the Microsoft Management Console.

2. On the File menu, click Add/Remove Snap-in. The Add or Remove Snap-ins dialog box appears.

3. In Available snap-ins, click Certificates, and then click Add.

4. Select Computer account, and then click Next.

5. Select Local computer, and then click Finish.

6. If you have no more snap-ins to add to the console, click OK.

7. In the Microsoft Management Console, in the console tree, expand Certificates, and then expand Personal.

8. In the details pane, click the certificate you want to manage.

9. On the Action menu, point to All Tasks, and then click Import. The Certificate Export Wizard appears. Click Next.

10. Browse to location of certnew.cer file

11. Import Certificate

To export a certificate in PFX format using the Certificates snap-in

1. On the head node, click Start, click Run, and then type mmc to start the Microsoft Management Console.

2. On the File menu, click Add/Remove Snap-in. The Add or Remove Snap-ins dialog box appears.

3. In Available snap-ins, click Certificates, and then click Add.

4. Select Computer account, and then click Next.

5. Select Local computer, and then click Finish.

6. If you have no more snap-ins to add to the console, click OK.

7. In the Microsoft Management Console, in the console tree, expand Certificates, and then expand Personal.

8. In the details pane, click the certificate you want to manage.

9. On the Action menu, point to All Tasks, and then click Export. The Certificate Export Wizard appears. Click Next.

10. On the Export Private Key page, click Yes, export the private key. Click Next.

11. On the Export File Format page, select Personal Information Exchange – PKCS #12 (.PFX). Click Next.

12. On the Password page, type and confirm the password that is used to encrypt the private key. Click Next.

13. Follow the pages of the wizard to export the certificate in PFX format.

Step7: Import Certificate into TMG Array

Log on to the TMG Server

Open FF TMG 2010 Console

Click on System>Click Server that is one of the array member>Click Import Server Certificate from the task pan>Browse location of the certificate import certnew.PFX format certificate

Click Ok.

Click refresh on the systems

Step8: Repeat the entire steps into all array members

Step9: Refresh Array members and check system

image2

Check TMG related services.

image3

Special thanks to Raihan Al-Beruni

Translate »