VMware: Install PowerCLI
KB ID 0001606 Problem There was a time you had to go to VMware and download PowerCLI then install it, that’s no longer the case, any machine with a, (reasonably new) version of PowerShell can simply pull the commandlets down from a repository and you are ready to go. Solution Firstly if you have the ‘old version’ of PowerCLI you can uninstall it from Add/Remove programs (appwiz.exe). Before installing, you need to be...
VMware Unified Access Gateway: Horizon Deployment
KB ID 0001605 Problem With older versions of Horizon View, we simply deployed another Connection server and called it a Security Server. The drawback of that is, it requires another Windows licence. You can now deploy VMware UAG (Unified Access Gateway), try to think of it as a ‘Netscaler for VMware’, and like other VMware solutions it’s a small appliance built on VMware’s ‘Photon’ Linux. Below is...
Bring up a VPN Tunnel From the ASA
KB ID 0001604 Problem A colleague was doing a firewall migration yesterday and I offered to sit in, in case he had any problems, one of the tasks was a VPN tunnel getting migrated, this is usually painless, (if you have control of both ends!) But in this case we didn’t, and it’s usually the case, when there’s VPN problems, the people at the {ahem} ‘less experienced,’ end of the tunnel tend to blame the...
PowerCLI: Connect-VIServer Certificate Errors
KB ID 0001603 Problem When attempting to connect to a vCenter or ESXi host, you see the following error; Connect-VIServer : {Date} {Time} Connect-VIServer Error: Invalid server certificate. Use Set-PowerCLIConfiguration to set the value for the InvalidCertificateAction option to Prompt if you’d like to connect once or to add a permanent exception for this server. Additional Information: Could not establish trust relationship...
Group Policy Preferences and Client Side Extensions
KB ID 0000389 Problem Group Policy Preferences (GPP) first came in with Server 2008 and were enhanced for Server 2008 R2, To be able to apply them to older Windows clients, you need to install the “Client side Extensions” (CSE), You can either script this, deploy with a group policy, or if you have WSUS you can send out the update that way. OS Download Link Client side extensions for Windows XP (x86) link Client side...
Cisco ASA Site to Site IKEv2 VPN Static to Dynamic
KB ID 0001602 Problem Site to Site VPNs are easy enough, define some interesting traffic, tie that to a crypto map, that decides where to send the traffic, create some phase 1 and phase 2 policies, wrap the whole lot up in a tunnel-group, and you’re done! But there needs to be a ‘peer address’ in the crypto map, and if one end of the VPN is on DHCP that address is likely to change, so you cant supply that? The...