Enable SSH

• Enable SSH service from web UI

SSH into host

• SSH into ESXi Host

Check for Network configuration

Check for VMKernel connection

vmkping -I vmk1 192.168.1.1
# where 
# - vmk1 is vmkernel which is used for storage network
# - 192.168.1.1 is destination server, usually iSCSI server

vmkping -I vmk1 192.168.1.1 -d -s 8972
# Test jumbo frame

Verify MTU size for ESXi

esxcfg-nics -l
# List down available NICs and their configuration

esxcfg-vmknic -l
# List down configured VMKernel adapter and their configuration

Check Storage Health

Check Readable VMFS

esxcli storage vmfs extent list

List down available disks

ls -ltrh /vmfs/devices/disks

Check for issue

voma -m vmfs -f check -d /vmfs/devices/disks/naa.60030480253909f12d5ff9c9fab9c1f6

Fixing Issue

Unable to fix VMFS6

voma -m vmfs -f fix -d /vmfs/devices/disks/naa.60030480253909f12d5ff9c9fab9c1f6

During upgrade of unifi controller on Ubuntu 18.04, we encountered this error

The following information may help to resolve the situation:

The following packages have unmet dependencies:
 mongodb-org : Conflicts: mongodb-clients but 1:3.6.3-0ubuntu1.4 is to be installed
               Conflicts: mongodb-server but 1:3.6.3-0ubuntu1.4 is to be installed
 mongodb-org-mongos : Conflicts: mongodb-clients but 1:3.6.3-0ubuntu1.4 is to be installed
                      Conflicts: mongodb-server but 1:3.6.3-0ubuntu1.4 is to be installed
 mongodb-org-server : Conflicts: mongodb-clients but 1:3.6.3-0ubuntu1.4 is to be installed
                      Conflicts: mongodb-server but 1:3.6.3-0ubuntu1.4 is to be installed
 mongodb-org-shell : Conflicts: mongodb-clients but 1:3.6.3-0ubuntu1.4 is to be installed
                     Conflicts: mongodb-server but 1:3.6.3-0ubuntu1.4 is to be installed
 mongodb-org-tools : Conflicts: mongodb-clients but 1:3.6.3-0ubuntu1.4 is to be installed
                     Conflicts: mongodb-server but 1:3.6.3-0ubuntu1.4 is to be installed
E: Broken packages

Solution

Resource: Install MongoDB Community Edition on Ubuntu — MongoDB Manual

# Install curl
sudo apt-get install gnupg curl

# Update GPG key
curl -fsSL https://pgp.mongodb.com/server-7.0.asc | \
   sudo gpg -o /usr/share/keyrings/mongodb-server-7.0.gpg \
   --dearmor

# Create list file
echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-7.0.gpg ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/7.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-7.0.list

# Reload apt
sudo apt update

# Upgrade
sudo apt upgrade -y

VM stuttering when booting up.

Resources

• Disable Hyper-V to run virtualization software – Windows Client | Microsoft Learn
• “VMware Workstation and Device/Credential Guard are not compatible” error in VMware Workstation on Windows 10 host (2146361)
• i7-12700K Only using E-Cores – VMware Workstation : r/vmware (reddit.com)
• VMware workstation 17 Windows Performance Optimiza… – VMware Technology Network VMTN
• Solved: VMware Workstation 16 very slow on Windows 11 – VMware Technology Network VMTN

Fixes

Turning Off Hyper-V

Check if Hyper-V hypervisor is running

1. Run msinfo32
2. Select System Summary
3. In the detail window, locate the following entry

A hypervisor has been detected. Features required for Hyper-V will not be displayed.

Disabling

Disable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V-Hypervisor

BCDEdit

Checking

Run the following command and look for hypervisorlaunchtype

#RunAs Administrator
bcdedit /enum

Disabling

bcdedit /set hypervisorlaunchtype off

Turn off Windows Memory Isolation

Fix

1. Open Windows Settings
2. Go to Privacy & Security > Windows Security
3. Open Windows Security
4. Go to Device Security > Core Isolation details
5. Turn off Memory Integrity

E-Core

Fix

If your computer has e-core, append the following lines in config.ini file available in %ProgramData%\VMware\VMware Workstation

The sample code below are for 4 hyper-threaded P-core and 8 E-core, where Proc0 to Proc7 is hyperthreaded core for P-cores

Processor0.use = "TRUE"
Processor1.use = "TRUE"
Processor2.use = "TRUE"
Processor3.use = "TRUE"
Processor4.use = "TRUE"
Processor5.use = "TRUE"
Processor6.use = "TRUE"
Processor7.use = "TRUE"
Processor8.use = "FALSE"
Processor9.use = "FALSE"
Processor10.use = "FALSE"
Processor11.use = "FALSE"
Processor12.use = "FALSE"
Processor13.use = "FALSE"
Processor14.use = "FALSE"
Processor15.use = "FALSE"

Opening Outlook in “normal” mode when being offline is frustrating. I am making this script so that I have the liberty to choose which mode to open Outlook in.

Credits

• Start Outlook in Offline Mode (without opening it first) | Mike Crowley’s Whiteboard
• How to Get, Edit, Create and Delete Registry Keys with PowerShell (netwrix.com)
• Build Interactive PowerShell Menus (adamtheautomator.com)
• Hide the Windows Terminal console window with PowerShell – Stack Overflow

The Script

Save the following code as open-Outlook.ps1, and link it with shortcut. The next time you open Outlook, use the short cut whenever you want to open Outlook

$outlookPath = "C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE"
$outlookRegPath = "HKCU:\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046"
$outlookRegProp = "00030398"

$online = New-Object System.Management.Automation.Host.ChoiceDescription 'O&nline', 'Open Outlook (online mode)'
$offline = New-Object System.Management.Automation.Host.ChoiceDescription 'O&ffline', 'Open Outlook (offline mode)'

$options = [System.Management.Automation.Host.ChoiceDescription[]]($online, $offline)

$title = 'Open-Outlook.ps1'
$message = 'Which mode do you want to open in?'

Clear-Host

# The $WindowStates hashtable had two entries for 'MAXIMIZE' and 'SHOWMAXIMIZED' with the same value. Since the ValidateSet attribute ensures that only valid strings are used as keys, and the hashtable is used to map these strings to their corresponding integer values, the duplicate entry is unnecessary and has been removed.
# The Set-Alias command was moved to the BEGIN block to keep the alias definition close to the function definition, which is a common practice for better script organization and readability.

function Hide-ConsoleWindow() {
  $ShowWindowAsyncCode = '[DllImport("user32.dll")] public static extern bool ShowWindowAsync(IntPtr hWnd, int nCmdShow);'
  $ShowWindowAsync = Add-Type -MemberDefinition $ShowWindowAsyncCode -name Win32ShowWindowAsync -namespace Win32Functions -PassThru

  $hwnd = (Get-Process -PID $pid).MainWindowHandle
  if ($hwnd -ne [System.IntPtr]::Zero) {
    # When you got HWND of the console window:
    # (It would appear that Windows Console Host is the default terminal application)
    $ShowWindowAsync::ShowWindowAsync($hwnd, 0)
  } else {
    # When you failed to get HWND of the console window:
    # (It would appear that Windows Terminal is the default terminal application)

    # Mark the current console window with a unique string.
    $UniqueWindowTitle = New-Guid
    $Host.UI.RawUI.WindowTitle = $UniqueWindowTitle
    $StringBuilder = New-Object System.Text.StringBuilder 1024

    # Search the process that has the window title generated above.
    $TerminalProcess = (Get-Process | Where-Object { $_.MainWindowTitle -eq $UniqueWindowTitle })
    # Get the window handle of the terminal process.
    # Note that GetConsoleWindow() in Win32 API returns the HWND of
    # powershell.exe itself rather than the terminal process.
    # When you call ShowWindowAsync(HWND, 0) with the HWND from GetConsoleWindow(),
    # the Windows Terminal window will be just minimized rather than hidden.
    $hwnd = $TerminalProcess.MainWindowHandle
    if ($hwnd -ne [System.IntPtr]::Zero) {
      $ShowWindowAsync::ShowWindowAsync($hwnd, 0)
    } else {
      Write-Host "Failed to hide the console window."
    }
  }
}

switch ($host.ui.PromptForChoice($title, $message, $options, 0))
{
    # Open Outlook online mode
    0 {
        Write-Host "Reverting to online mode..."
        Set-ItemProperty $outlookRegPath -name $outlookRegProp -Value ([byte[]](0x02,0x00,0x00,0x00))
        Write-Host "Opening Outlook..."
        start-process $outlookPath
    }

    # Open Outlook offline mode
    1 {
        Write-Host "Setting offline mode..."
        Set-ItemProperty $outlookRegPath -name $outlookRegProp -Value ([byte[]](0x01,0x00,0x00,0x00))
        Hide-ConsoleWindow
        Write-Host "Opening Outlook and wait..."
        start-process $outlookPath -Wait
        Write-Host "Reverting to online mode..."
        Set-ItemProperty $outlookRegPath -name $outlookRegProp -Value ([byte[]](0x02,0x00,0x00,0x00))
    }
}

During re-installation of software, sometimes we encounter the message “Please reboot before installing any more programs”.

If we are sure that there’s no need to reboot computer, proceed with the workaround below.

Resource: Message “Please reboot before installing any more programs” – ID: 8861819 – Industry Support Siemens

Workaround

Registry Editor

Open the registry editor by starting regedit application.

Check whether there’s any value in the following path:

• HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager and key PendingFileRenameOperations
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Command

%SystemRoot%\System32\reg.exe add "HKLM\System\CurrentControlSet\Control\Session Manager" /v PendingFileRenameOperations /t REG_MULTI_SZ /d "" /f

Registry Explanation

The entries in this key are to be interpreted as follows: Windows generates two lines for each file concerned.

Deletion of file

If the even line of the key is empty, it means that the file has been registered to be deleted.

Rename of file

If there is an entry in the even lines, that is the new name for the file in the line before.

Resource: PowerShell Gallery | ExchangeOnlineManagement 3.1.0

# run as admin
Install-Module -Name ExchangeOnlineManagement -RequiredVersion 3.1.0

Configure Resource Schedule

Connect-ExchangeOnline
# Login with MS account with administrative privileges

# Fix resource working hours
# Add all available resource mailboxes into a variable   
$rooms = Get-Mailbox -RecipientTypeDetails RoomMailbox  
  
# Set mailbox Timezone, Language and Date & Time formats to UK  
$rooms | ForEach-Object {Set-MailboxRegionalConfiguration $_.alias -TimeZone 'Asia/Singapore' -language 'en-GB' -DateFormat 'dd/MM/yyyy' -TimeFormat 'HH:mm'}  
  
# Update the calendar's working hours start & end time and timezone to our UK corp standard  
$rooms | ForEach-Object {Set-MailboxCalendarConfiguration $_.alias -WorkingHoursTimeZone 'Asia/Singapore' -WorkingHoursStartTime '08:00:00' -WorkingHoursEndTime '18:00:00'}

Configure Resource Subject

Teams meeting room is configured to replace meeting subject with username. Making it less informative.

Resource: Display shows organizer’s name instead of subject | Meeting Room 365 Support

Connect-ExchangeOnline
# Login with MS account with administrative privileges

$rooms = Get-Mailbox -RecipientTypeDetails RoomMailbox

$rooms | ForEach-Object {Set-CalendarProcessing -DeleteSubject $False -AddOrganizerToSubject $False}

certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2

net stop certsvc
net start certsvc

Steps

• Go to https://you-ca/certsrv
• Request for web server certificate
• Paste in your certificate signing request
• In the additional attributes, use the following syntax

SAN:DNS=<Name1>[&DNS=<name2>...][&IPAddress=<IP1>...]

Resource

Adding Subject Alternate Name (SAN) into Additional Attributes (encryptionconsulting.com)

windows server 2008 r2 – Subject Alternative Name not added to certificate – Server Fault

• Unifi Controller running on Linux
• Windows Certificate Authority
• Keystore Explorer
• SSH Client
• WinSCP

Windows CA

Certificate Template

Run certtmpl.msc to open certificate template management console

I am using customized template with the following settings:

• General
  • Name: Custom Application
  • Template Name: CustomApplication
  • Validity: 2 years. This number is configurable
  • Renewal period: 6 weeks
  • Do NOT publish certificate in Active Directory
• Compatibility
  • CA: 2008R2
  • Recipient: XP/2003
• Request Handling
  • Purpose: Signature and Encryption
  • Allow private key to be exported
• Cryptography
  • Algo: Determined by CSP
  • Min key size: 2048
  • Crypto provider: One of the following providers:
    • MS RSA SChannel
    • MS DH SChannel
• Extension:
  • Application Policies
  • Basic Constraints
  • Certificate Template Information
  • Issuance Policies
  • Key Usage
    • Digital Signature
    • Signature is proof of origin
    • Allow key exchange only with key encryption
    • Make this extension critical
• Security
  • As required

Request Certificate

Credit: Installing a custom SSL certificate on a UniFi Controller – Blinky’s Blog (cracknells.co.uk)

1. Open Manage Computer Certificate management console
2. In Personal > Certificate, make a request to abovementioned template
3. Fill in with the following:
   • CN=unifi.example.org
   • OU=Dept
   • O=ExampleCompany
   • L=Town
   • S=State
   • C=SG
   • DNS
     • unifi.example.org
     • 172.16.0.2
   • IP (v4) = 172.16.0.2
4. Once requested, Export the new certificate:
   • With private key
   • .PFX
     • Include all certificates in the certification path if possible
   • Encryption: TripeDES-SHA1
   • Set password as aircontrolenterprise
5. From this point onwards, this cert will be called unifi_new_cert.pfx

Unifi Controller

Credit: Ubiquiti Unifi Controller SSL Certificate creation process – Tielen Consultancy (jeroentielen.nl)

Getting keystore file

1. SSH into server ( in this case, we are using user1 )
2. Login with su (root)
3. Run the commands below
4. Afterwards, copy this file using WinSCP

# Change to data folder
cd /usr/lib/unifi/data

# Make a backup copy
cp keystore keystore.bak

# Copy to home directory
cp keystore ~/keystore

# Change owner
chown user1:user1 ~/keystore

Opening keystore file

1. On Windows machine, use KeyStore Explorer
2. Open keystore file copied from section above
3. Delete the existing key pair
4. Click on Tools > Import key pair > PKCS12
5. Locate the unifi_new_cert.pfx
6. Enter password from section above (aircontrolenterprise)
7. Key pair alias must be unifi
8. Provide a new password (aircontrolenterprise)
9. Save the keystore file

Upload keystore file

1. Using WinSCP, copy the file back to server
2. Run the following command (with root)

# change owner
chown unifi:unifi ~/keystore

# copy file
cp ~/keystore /usr/lib/unifi/data/keystore

reboot

sudo nano /etc/dhcpcd.conf
# Change the line `domain_name_servers=`

sudo service dhcpcd restart

sudo apt-get install --no-install-recommends xserver-xorg x11-xserver-utils xinit openbox xdg-utils -y

sudo apt install freerdp2-x11

sudo apt install snapd -y
sudo reboot -h now

sudo snap install core

sudo snap install remmina

nano .profile
# Copy from the `Configuration/.profile file` section below and append to end of file

sudo nano /etc/X11/xinit/xinitrc
# Comment out the line in `Configuration/xinitrc file` section below

sudo nano /etc/xdg/openbox/autostart
# Add the line from `Configuration/AutoStart file` section below

sudo nano /etc/xdg/openbox/menu.xml

sudo raspi-config
# To-Do
# - (1/S5/B2) Enable Auto-Login
# - Reboot

Configuration

.profile file

[[ -z $DISPLAY && $XDG_VTNR -eq 1 ]] && startx

xintirc file

#. /etc/X11/xsession # Comment out this line
# Add the following line
exec openbox-session 

AutoStart file

xset s off
xset s noblank
xset -dpms
remmina ## add --kiosk after configuration