Skip to main content

Posts

Which vSphere version is my VM running on?

Several years ago, I created a list of ESXi versions with matching VM BIOS identifiers. The list is now complete up to vSphere 7.
Your Linux runs on a VMware VM, but on which ESXi version? Even without access to the host nor vCenter, you can see for yourself: run "dmidecode" and look at lines 10, 11 and 12. The BIOS release date, the address and the size are unique for each ESXi version. Look up your result in the following table:
ESXi version  BIOS release date  Address  SizeESX 2.504/21/20040xE848097152 bytesESX 3.004/17/20060xE7C7099216 bytesESX 3.501/30/20080xE7910100080 bytesESX 408/15/20080xEA6C088384 bytesESX 4U109/22/20090xEA55088752 bytesESX 4.110/13/20090xEA2E089376 bytesESXi 501/07/20110xE72C0101696 bytesESXi 5.106/22/20120xEA0C089920 bytesESXi 5.507/30/20130xEA05090032 bytesESXi 609/30/20140xE9A4091584 bytesESXi 6.504/05/20160xEA58088704 bytesESXi 6.707/03/20180xEA52088800 bytesESXi 6.7 U212/12/20180xEA49088944 bytesESXi 7.012/09/20190xEA48088960 bytes NB These DM…
Recent posts

Reset lost root password on vSphere ESXi 6.7

VMware's solution to a lost or forgotten root password for ESXi is simple: go to https://kb.vmware.com/s/article/1317898?lang=en_US and you'll find that "Reinstalling the ESXi host is the only supported way to reset a password on ESXi".

If your host is still connected to vCenter, you may be able to use Host Profiles to reset the root password, or alternatively you can join ESXi in Active Directory via vCenter, and log in with a user in the "ESX Admins" AD group.

If your host is no longer connected to vCenter, those options are closed. Can you avoid reinstallation? Fortunately, you can. You will need to reset and reboot your ESXi though. If you're ready for an unsupported deep dive into the bowels of ESXi, follow these steps:

Create a bootable Linux USB-drive (or something else you can boot your server with). I used a CentOS 7 installation USB-drive that I could use to boot into rescue mode.Reset your ESXi and boot from the Linux medium.Identify your ESXi…

Lego Boost candy sorter

Our project for the 2018 Coderdojo Belgium Coolest Projects exhibition was a candy sorter, built in Lego and driven by Lego Boost. I took pictures and wrote building instructions while disassembling the robot afterwards, so you can now easily build a Skittle sorter in Lego yourself!


http://bert.debruijn.be/Lego_Boost_candy_sorter_building_instructions.pdf

Updating VCSA on a private network

Updating the VCSA is easy when it has internet access or if you can mount the update iso. On a private network, VMware assumes you have a webserver that can serve up the updaterepo files. In this article, we'll look at how to proceed when VCSA is on a private network where internet access is blocked, and there's no webserver available. The VCSA and PSC contain their own webserver that can be used for an HTTP based update. This procedure was tested on PSC/VCSA 6.0.

Follow these steps:


First, download the update repo zip (e.g. for 6.0 U3A, the filename is VMware-vCenter-Server-Appliance-6.0.0.30100-5202501-updaterepo.zip ) Transfer the updaterepo zip to a PSC or VCSA that will be used as the server. You can use Putty's pscp.exe on Windows or scp on Mac/Linux, but you'd have to run "chsh -s /bin/bash root" in the CLI shell before using pscp.exe/scp if your PSC/VCSA is set up with the appliancesh. chsh -s /bin/bash root"c:\program files (x86)\putty\pscp.exe&q…

which vSphere version is my VM running on?

I did not yet update my older post when vSphere 6.7 was released. The list now complete up to vSphere 6.7. Your Linux runs on a VMware VM, but which on which ESXi version? You can see for yourself: run "dmidecode" and look at lines 10, 11 and 12.
ESX 2.5 - BIOS Release Date: 04/21/2004 - Address 0xE8480 - Size 97152 bytes ESX 3.0 - BIOS Release Date: 04/17/2006 - Address 0xE7C70 - Size 99216 bytes ESX 3.5 - BIOS Release Date: 01/30/2008 - Address 0xE7910 - Size 100080 bytes ESX 4 - BIOS Release Date: 08/15/2008 - Address 0xEA6C0 - Size 88384 bytes ESX 4U1 - BIOS Release Date: 09/22/2009 - Address 0xEA550 - Size 88752 bytes ESX 4.1 - BIOS Release Date: 10/13/2009 - Address 0xEA2E0 - Size 89376 bytes ESXi 5 - BIOS Release Date: 01/07/2011 - Address 0xE72C0 - Size 101696 bytes ESXi 5.1 - BIOS Release Date: 06/22/2012 - Address: 0xEA0C0 - Size: 89920 bytes ESXi 5.5 - BIOS Release Date: 07/30/2013 - Address: 0xEA050 - Size: 90032 bytes ESXi 6 - BIOS Release Date: 09/30/2014 - Ad…

How VMware appliances update themselves

Most VMware appliances (vCenter Appliance, VMware Support Appliance, vRealize Orchestrator) have the so called VAMI: the VMware Appliance Management Interface, generally served via https on port 5480. VAMI offers a variety of functions, including "check updates" and "install updates". Some appliances offer to check/install updates from a connected CD iso, but the default is always to check online. How does that work?
VMware uses a dedicated website to serve the updates: vapp-updates.vmware.com. Each appliance is configured with a repository URL: https://vapp-updates.vmware.com/vai-catalog/valm/vmw/PRODUCT-ID/VERSION-ID . The PRODUCT-ID is a hexadecimal code specific for the product. vRealize Orchestrator uses 00642c69-abe2-4b0c-a9e3-77a6e54bffd9, VMware Support Appliance uses 92f44311-2508-49c0-b41d-e5383282b153, vCenter Server Appliance uses 647ee3fc-e6c6-4b06-9dc2-f295d12d135c. The VERSION-ID contains the current appliance version and appends ".latest":…

VPN gateway setup for Android 5, iOS 9, and Mac OS X 10.10

I recently configured an IKEv1 L2TP/IPSec VPN for a customer. They needed support for a mix of Android 5, iOS 9, and Mac OS X 10.10 clients. During testing and going through debug logs on the VPN gateway, I found that these devices announce support for several authentication hashes, and encryption protocols:
OSauthenticationencryptionAndroid 5SHA256-128, SHA1-96, MD5-96AES256, AES128, 3DES, DESiOS 9SHA1-96, MD5-96AES256, AES128, 3DESMac OS X 10.10SHA1-96, MD5-96AES256, AES128, 3DES
The working configurations I found were:
authenticationencryptionSHA13DESSHA1AES128SHA1AES256
and I settled on the last combo as AES256 is the strongest CBC from that list.

PS for DH key exchange, only so-called Group 2 1024modp was in the list on all three devices, so there was no other choice available, and no further testing was done.
PS2 I tried SHA256 authentication with the Android device, but no successful connection could be set up with the VPN gateway. It looks like there was some kind of incompatibi…