People are always ‘a bit twitchy‘ about upgrading their backup software. Mines on my test network so I’m a little more cavalier about diving in and clicking next. So when you want to Upgrade Veeam 10 to Veeam 11, peoples main concerns are;
Will I lose my backup / replication jobs?
Will I need to rescan backup repositories?
Remember Veeam keeps all its data in a database, so your configs should remain unaffected but just to prove it.
Can I Upgrade Veeam 10 to Veeam 11 – Yes
Obviously close any Veeam management windows (in all logged in profiles) before starting.
When the ASA 5506-X appeared there was much grumbling, “This is not a replacement for the ASA 5505, I need to buy a switch as well!” and “I have six ports on the firewall I cant use” etc.
While I understand that, and if truth be told the ASA 5505, was SUPPOSED to be used in SOHO environments where an all in one device, (with PoE) was a great fit. The problem was, people started throwing them in everywhere, I’ve seen them in large businesses, and in data centres. Because it’s easier to sell a firewall that cost less than 500 quid, than it is to sell a firewall that fits the network requirements!
To ‘fix’ the problem would probably mean changing hardware, so Cisco gave us a BVI, Bridge Virtual Interface instead (with version 9.7). Well not strictly true, Cisco ASA has had BVI interfaces in ‘transparent mode‘ for some time. So on the ASA 5506-X with a default configuration, it ‘Bridges’ interfaces Ge0/2 to Ge0/8, into one interface which you can call the inside interface an give it an IP address.
Oh Great! So Just Like an ASA5505 Then? Well no sorry, I don’t like it because it needs an access-group/ACL for each bridged interface, and a NAT statement for each bridged interface. Unless you have a very simple network that can get very complicated, very quickly! Also note, the same holds true for remote management via SSH/ADSM etc.
Changes to ASA for BVI Interface
I’ll shorten the default firewall config and show you the ‘added commands’ that are used for this configuration.
Yes I’m not making it up, that’s the added default config for a new 5506-X firewall, (post version 9.7) if you issue a configure factory-default, that’s what you will get! (Don’t panic: If you upgrade a firewall it wont add this in!)
Is That What You Wanted?
Well if you are a small business and make very little changes to the firewall then this may be fine, (if a little cumbersome to setup). But to be honest I think its pretty bobbins! So I’ll be ripping it out of every 5506-X I deploy.
ASA 5506-X Remove the BVI Interface From CLI
First you have to remove the bridge group from the physical interfaces, but first you need to remove the interface name, or it will error. Obviously connect via the console cable, or from the outside interface, (because you’re about to remove the configured inside interface, until we recreate it again).
[box]
!
interface GigabitEthernet1/2
no nameif
no bridge-group 1
interface GigabitEthernet1/3
no nameif
no bridge-group 1
interface GigabitEthernet1/4
no nameif
no bridge-group 1
interface GigabitEthernet1/5
no nameif
no bridge-group 1
interface GigabitEthernet1/6
no nameif
no bridge-group 1
interface GigabitEthernet1/7
no nameif
no bridge-group 1
interface GigabitEthernet1/8
no nameif
no bridge-group 1
!
[/box]
Only now can you remove the BVI interface.
[box]
clear configure interface BVI1
WARNING: DHCPD bindings cleared on interface 'inside', address pool removed
WARNING: BVI interface 1 is in use.
[/box]
Note: The BVI1 interface will now disappear from the config, (if you’re used to working on routers it’s a bit like removing a loopback interface). Now Remove the ‘defunct’ object groups that were being used for NAT.
[box]
no object network obj_any1
no object network obj_any2
no object network obj_any3
no object network obj_any4
no object network obj_any5
no object network obj_any6
no object network obj_any7
[/box]
Assuming your outside Interface (GigabitEthernet0/1) is still up and connected, (by default it will be set to DHCP and also set to get its outside automatically). You would then need to configure an ‘inside’ interface (I’ll use GigabitEthernet0/2) and specify a NAT/PAT rule to allow traffic out.
For most people that’s fine, but if you have a lot of FirePOWER devices to manage that does not scale well. In those cases you should use theFMC (FirePOWER Management Center). Here ‘Im going to use the Vmware virtual appliance, (at time of writing there is no Hyper-V version).
This lets you create policies centrally and then deploy them to your devices in bulk.
Solution
Deploy the FirePOWER Management Center Appliance
Obviously before you start you need to have VMware (ESX or vCenter). With 250GB of storage free, (you can deploy it thin provisioned). You will also need to allocate 8GB of RAM and 4 virtual CPUs. Whichever network (or VMware port Group) you connect the appliance to it needs to have IP connectivity to the devices you intend to manage.
Download the FMC Appliance: Be aware it downloads in tar.gz format so on a Windows machine you will need something like 7Zip to uncompress the files. You WONT find the file under the firewalls, they are listed under;
You will need to accept the EULA, then set the admin password, and some basic IP settings.
I’ve got IPv6 disabled, if you want to address the appliance with IPv6 enter the details here.
Even after the appliance has been imported and powered on it can take 20-30 minutes before you can log on. At this point I would go and do something else. If you really must, then open a ‘console’ session and wait until the logon prompt is shown. You can then logon to the web portal.
Go to System > Updates > Download and install any updates > Visit both the ‘Rule Updates’ and the ‘Geolocation Updates’ tabs and set a time to download them.
Don’t Install the licences Just Yet! Add your devices to the FMC first, then if there’s a problem and you need to rebuild/redeploy, you don’t have to go cap in hand to Cisco licensing to get the licences re-armed. To add the SFR devices see the following article;
Network Discovery: Older version of the FMC used to only look for RFC 1918 IP ranges, This was changed at some point to 0.0.0.0/0 so you couldn’t misconfigure the system by having a private address space internally for example. This was a good idea but Ive seen some firewalls fall over trying to run discovery on every IP address they see! So lets manually add in our subnets. Objects > Object Management > Add Network > Add Object > Add one for you internal network(s).
Policies > Network Discovery > Remove the 0.0.0.0 Rule.
Create a new discovery rule using just your subnet(s).
Adding Licences To FirePOWER Management Center
You used to have to licence the appliance itself, after version 6 you don’t need to do that, if you have a licence and you try and apply it nothing happens and you just see this message;
Note: FireSIGHT is the old name for FirePOWER Management Center.
What Licences do I need to Add? Your Next Generation Firewalls now come with a ‘CONTROL LICENSE‘ in the box, it is in a large white card envelope, you don’t need to open it the number you need is on the front of the envelope. You add a control licence for every device you want to manage (they do not expire).
System > Licences > Classic Licenses > You need to take a note of the ‘Licence Key’, (which is the MAC address of the appliance with a 66 in front of it). This is the serial number you need to enter on the Cisco licensing portal.
When you get the licence back, if you open it in a text editor, it will look like this (its essentially a digital certificate). Copy everything from ‘— BEGIN‘ to ‘License —‘
Paste in the text > Submit License.
Repeat for each licence (IDS, AMP, URL Filtering ,etc)
You will also need to allocate the licenses to devices. Devices > Device Management Select the Device in question > Edit.
To use an intrusion policy the devices each need a ‘Protection‘ licence. Note: You get a protection licence now automatically when you add a CONTROL licence, but you still need to pay a subscription to legally obtain the updates.
Policies > Access control > Intrusion > Create Policy.
Give the policy a recognisable name > Create and Edit policy.
The policy it creates is based on the ‘Balances Security and Connectivity’ Template. You might want to add a few extra rules > Rules > Blacklist > Select All.
Rule State > Drop and Generate Events.
Repeat for ‘Malware’. Note: This does NOT require and AMP licence@
Repeat for PUA (Probably Unwanted Applications).
Repeat for ‘Indicator Compromise‘.
Repeat for ‘Exploit Kit‘.
Search for ‘1201’ and locate the ‘INDICATOR-COMPROMISE 403 Forbidden’ rule and DISABLE IT.
Policy Information > Commit Changes > OK.
Note: To be used, the Intrusion policy needs to be declared in an Access control policy (or set as a Default Action).
Also in the Access Policy set the logging to ‘Log at the end of connection‘.
As mentioned above you can also set it as the ‘Default Action‘.
Configuring FirePOWER AMP and File Policy
You need an AMP, (subscription based licence) to enable the ‘Malware Cloud Lookup, or Block Malware‘ Actions, but you can have a file policy and block specific file types.
Polices > Access Control > Malware and File > New File Policy.
Give the policy a name you will remember > Save.
Action = Malware Cloud lookup > Add in the files you want to scan > Below I’ve set it to store unknown files > Save.
Then create another rule below that that detects all files.
As above the file policy wont be applied to anything unless you specify it in an access policy.
In the rule also set the logging to ‘log at the end of connection’.
Configuring FirePOWER URL Filtering Policy
You need to have a URL filtering licence allocated to the devices you want to use this policy on.
Unlike File policies and Intrusion policies, URL filtering is configured directly on your Access Control policy > Add Rule.
Here’s an example of blocking some categories you don’t want viable in tour organisation.
In a rule that only has URL filtering set the login to ‘Log at the beginning of the conneciton‘.
When done, don’t forget to ‘Deploy‘ the new policy to your managed devices. Deploy > Select Devices > Deploy.
hen Related Articles, References, Credits, or External Links
You can stack Cisco 3750-X Switches in groups of up to 9 switches, and they can then be managed as one switch. Here I’ve got 2 switches.
Solution
Removing 3750-X Switches Stack Configuration
One of my switches had already been in a stack, so I needed to remove its stack configuration. It thought it was switch 4 in the stack so I issued the following commands;
[box]
Switch(config)# no switch 4 provision
Switch(config)# wr mem
[/box]
Cisco 3750-X Configure Stacking
Don’t connect any stacking cables yet, decide which switch is going to the the ‘master’ and log onto that switch, and issue the following commands;
[box]
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#switch 1 priority 15
Changing the Switch Priority of Switch Number 1 to 15
Do you want to continue?[confirm] {Enter}
New Priority has been set successfully
Switch(config)#do write mem
Building configuration...
[OK]
Switch(config)#do reload
Proceed with reload? [confirm] {Enter}
[/box]
When the switch reloads you will see.
[box]
Waiting for Stack Master Election...
SM: Waiting for other switches in stack to boot...
###############################################################
[/box]
At this point you can connect the stack cables and power on the second switch. With multiple switches connect each stack port one, to the switch below’s stack port two. Then on the last switch connect its stack port one back to stack port two on the top switch, (so there is a ‘ring’.)
If you have more than two switches you can set their priority (as you did above) priority 15 will always win the ‘elections’ and be the master switch, number the rest accordingly. The default is ‘1’ so if you don’t then it works out the order based on MAC addresses, (which is not good!).
When all the switches are booted, check all is well;
[box]
Switch#show switch
Switch/Stack Mac Address : 74a2.e69a.0c00
H/W Current
Switch# Role Mac Address Priority Version State
----------------------------------------------------------
*1 Master 74a2.e69a.0c00 15 3 Ready
2 Member 204c.9e5f.4000 1 3 Ready
Switch#show ip int brief
Interface IP-Address OK? Method Status Protocol
Vlan1 unassigned YES NVRAM administratively down down
FastEthernet0 unassigned YES NVRAM administratively down down
GigabitEthernet1/0/1 unassigned YES unset down down
GigabitEthernet1/0/2 unassigned YES unset down down
GigabitEthernet1/0/3 unassigned YES unset down down
GigabitEthernet1/0/4 unassigned YES unset down down
{----------------Output Removed For the Sake of Brevity---------------------}
GigabitEthernet1/1/1 unassigned YES unset down down
GigabitEthernet1/1/2 unassigned YES unset down down
GigabitEthernet1/1/3 unassigned YES unset down down
GigabitEthernet1/1/4 unassigned YES unset down down
Te1/1/1 unassigned YES unset down down
Te1/1/2 unassigned YES unset down down
GigabitEthernet2/0/1 unassigned YES unset down down
GigabitEthernet2/0/2 unassigned YES unset down down
GigabitEthernet2/0/3 unassigned YES unset down down
{----------------Output Removed For the Sake of Brevity---------------------}
GigabitEthernet2/1/1 unassigned YES unset down down
GigabitEthernet2/1/2 unassigned YES unset down down
GigabitEthernet2/1/3 unassigned YES unset down down
GigabitEthernet2/1/4 unassigned YES unset down down
Te2/1/1 unassigned YES unset down down
Te2/1/2 unassigned YES unset down down
Switch#
[/box]
Make sure your stack cabling is OK;
[box]
Switch# show switch stack-ports summary
Switch#/ Stack Neighbor Cable Link Link Sync # In
Port# Port Length OK Active OK Changes Loopback
Status To LinkOK
-------- ------ -------- -------- ---- ------ ---- --------- --------
1/1 OK 2 50 cm Yes Yes Yes 1 No
1/2 OK 2 50 cm Yes Yes Yes 1 No
2/1 OK 1 50 cm Yes Yes Yes 1 No
2/2 OK 1 50 cm Yes Yes Yes 1 No
Switch# show switch stack-ring speed
Stack Ring Speed : 32G
Stack Ring Configuration: Full
Stack Ring Protocol : StackWisePlus
Switch#
[/box]
If you are also using XPS redundant power cables remember that’s only supported for up to four switches, (without an extra XPS-2200 rack power unit). I power off the switches before I fit these.
Why do they have green and yellow ends: If you look on the switch you will see the ‘socket’ is marked with a yellow and a green ‘semi-circle’. that means a green end or a yellow end can be plugged into that socket.
That makes no sense, so anything can plug into anything, why colour code them? That’s because there is a different cable that has a ‘red’ end on it for plugging into an XPS-2200 rack power supply, like this;
Then to test your XPS Power Cables.
[box]
Switch>show env power all
SW PID Serial# Status Sys Pwr PoE Pwr Watts
--- ------------------ ---------- --------------- ------- ------- -----
1A C3KX-PWR-350WAC LIT18410MD4 OK Good Good 350/0
1B Not Present
2A C3KX-PWR-350WAC LIT18410JJ3 OK Good Good 350/0
2B Not Present
Switch#show stack-power neighbors
Power Stack Stack Stack Total Rsvd Alloc Unused Num Num
Name Mode Topolgy Pwr(W) Pwr(W) Pwr(W) Pwr(W) SW PS
-------------------- ------ ------- ------ ------ ------ ------ --- ---
Powerstack-2 SP-PSS Ring 700 320 380 0 2 2
Power Stack Port 1 Port 1 Port 2 Port 2
SW Name Status Neighbor SW:MAC Status Neighbor SW:MAC
-- -------------------- ------ ---------------- ------ ----------------
1 Powerstack-2 Conn 2:204c.9e5f.4000 Conn 2:204c.9e5f.4000
2 Powerstack-2 Conn 1:74a2.e69a.0c00 Conn 1:74a2.e69a.0c00
[/box]
Stack Power Profiles (Setting Up)
Stack Power Modes
Default (Power sharing Mode): All the power from all the power supplies, is aggregated together, and no power is reserved – if a power supply failed there is a chance that there might not be enough power.
Redundant Mode: The power supplied by the largest power supply in the stack, is taken away from the total power output in case there is an outage.
Stand Alone Mode: Stops a switch participating in a power stack completely.
Each mode can be configured to run strict, or non-strict, (with the exception of a stand alone mode).
Strict: If actual power drops below budgeted power, things may get powered down. Non Strict: Actual power can run above budgeted power, if that extra power is available.
Here we are dealing with the older IPSEC VPN method of remote VPNs, NOT AnyConnect. There is/was a VPN client for Mac OSX which you can still download. But modern versions of OSX have the Cisco IPSec VPN client built into them.
I’m assuming you have already configured the firewall, if not see the article below;
Open your network preferences and add in a new connection > Interface = VPN > VPN Type = Cisco IPSec > Service Name = A sensible name you will recognise, (like connection to work, or home etc.)
Server address is the public IP, (or name if you have DNS setup*) of your Cisco Firewall > Enter your VPN username > I don’t put in the password, so I will have to type in in manually > Click Authentication Settings.
*For DNS you will need a static public IP, and a registered domain name. The ASA DOES NOT support DNS updates to online services like DynDNS or No-IP etc. It does support DDNS but means the server that leases you your public address is supposed to update your DNS for you, and unless you are your own ISP, and you host your own public DNS records, this wont work!
Here you need to supply the ‘shared secret’ for the VPN tunnel, and the Group Name. Your firewall admin should give these to you. If they don’t know, tell them to run ‘more system:running-config’ on the firewall and give you the shared secret and ‘group-policy’/’tunnel-group’ name for this remote VPN > OK.
Nearly every time you use DHCP, the firewall with either lease you an address from a ‘pool’ of VPN addresses, or broker the connection, and use your internal DHCP server.
Now to connect the VPN, select the icon shown, and click your Cisco VPN, (in the picture I have two).
If you didn’t put your password in during setup, you will be prompted to enter it to continue.
It does not work?
With all things Cisco, if there’s a problem your easiest way to a solution, is to run a ‘debug’ on the firewall. Execute the following two commands on the firewall, and attempt to connect again, this should point you in the right direction.
[box]
debug crypto isakmp 127
debug crypto ipsec 127
[/box]
Related Articles, References, Credits, or External Links
In Part 3 we ran through manual pools, if you want to deploy automated pools using ‘Linked Clones’, then you will need VMware Composer. Composer installs on your Virtual Center Server. It also requires a database, the following is a step by step guide to installing SQL Server 2008 R2 and configuring it for Composer.
VMware View 5 Suppored Database Platforms
When you have your databse platform installed and configured, on the Virtual center server create an ODBC connection to the database and install VMware Composer. Finally you will need to enable composer in the VMware View Administrator Console.
Solution
VMware View – Installing SQL 2008 R2 and Configuring for Composer
1. Let the SQL DVD auto-run and choose Installation > New installation > OK > Product Key > Next > Accept the EULA > Next > Install the setup files.
2. Take note of any warnings, here it’s complaining that I’m on a domain controller (in a test environment this is OK, don’t do this in production!). And it’s giving me a firewall warning. I’m going to disable the firewall as I’m behind a corporate firewall, BUT if you want to create an exception for TCP port 1433, or run the following command. That would be the correct way to address the warning.
[box] netsh advfirewall firewall add rule name = SQLPort dir = in protocol = tcp action = allow localport = 1433 remoteip = localsubnet profile = DOMAIN [/box]
3. You only need the “Database Engine Services” and the “Management Tools” , or you can simply install everything > Next > Next > Select Default Instance* > Next > Next.
*Unless you specifically want a named instance.
4. I set the services to run under the ‘System’ account, if you want to use the domain admin, or another domain service account use that instead. You can use the “Use same account button for all” to save typing > Next.
5. We will need SQL authentication, type in a suitable complex password (You can add the current user of the domain administrator as well) > Next > If your installing Analysis services you can add an account here > Next.
6. Install the native mode default configuration > Next > Next > Next > Install > Close > Exit the SQL installer.
7. Launch the SQL Management Studio > Log in (for servername simply type in localhost) > Right click Databases > New Database..
8. Give the Database a name > Select the ‘Options’ Settings.
9. Change the recovery model to ‘Simple’ > OK.
10. Expand Security > Logins > Create a new login.
13. Give the new user/login a name, select SQL authentication > Set a complex password > Untick Enforce password expiration > Select the user mappping section (on the left).
14. Select the database you have just created and give this new user the “db_owner” role > OK > Exit the management studio
VMware View – Configure ODBC Settings on the Virtual Center Server
15. On the vCenter Server > Start > Administrative Tools > Data Sources (ODBC).
16. System DSN > Add > SQL Server Native Client > Finish,
17. Add in the Database name and the server you installed SQL on > Next.
18. Supply the details for the user you created and the password you set > Next.
19. Change the default database from ‘master’ to the one you created > Next > accept all the defaults > Finish.
20. Click ‘Test Data Source’ and it should say TEST COMLPETED SUCESSFULLY > OK > OK > OK.
VMware View – Installing VMware Composer
Note: Composer MUST be installed on your VMware virtual Center (vCenter) Server.
21. Run the installer > Next > Next > Accept the EULA > Next > Next > Enter the ODBC details and login you created earlier > Next.
22. Next > Install > Finish.
VMware View – Add Composer to VMware View Administrator Console
23. Connect to, and log into the VMware View Administrator Console > View Configuration > Servers > If you already have a vCenter server select Edit > If not select Add.
24. On the vCenter Server settings tab ensure ‘Enable View Composer’ is ticked and add in a domain user (with rights to create, and delete computer objects in the domain) > OK.
25. You will know if the operation was successful as the vCenter logo will change, it will now have a gold/yellow box around it.
Related Articles, References, Credits, or External Links
It’s been a while since I wrote Part 4, so it’s time to wrap this up. Now we have Composer installed on the Virtual Center, we can start to deploy our linked clone desktops.
Solution
VMware View – Prepare your Source Machine
1. I’ve already covered how to prepare your Windows 7 client machine to be a View client here. Once that’s done, release its IP address (ipconfig /release) and shut it down.
2. With your source machine shut down, take a snapshot of the machine.
VMware View – Create an Automated Linked Clone Pool
3. Log into your VMware View Administrator console > Inventory > Pools > Add.
4. Automated > Next.
5. Dedicated > Next (unless you want a floating user assignment, the description of each is on this page).
6. View Composer linked clones > Next (ensure your vCenter is listed, and has “Yes” in the View Composer section).
7. Give the pool an ID, name, and description. (Note: If you use folders for your VM’s, you can also select those here).
8. I tend to stick with the defaults, except I let the users reset their desktops > Next.
9. I’m not redirecting any disposable files or profiles > Next.
10. Expand Security > Logins > Create a new login.
11. For the default Image, browse to your source machine, then select the snapshot. Set the Folder, Host/Cluster, and Resource pool as applicable. Then browse for a datastore.
12. Here I’ve selected to store my disks on different datastores. If you can, put your replica disk on the FASTEST storage, as this gets the most “Read” traffic > OK > Next.
13. The domain should auto populate > Pick an OU to place the new machines into, then select either to use quickprep (the VMware one), or Sysprep (the Microsoft one). > Next.
Note: You can also use a customization specification (yes Americans are worse at spelling than me!), you set these up in the VI client on the home screen under ‘Customization Specifications Manager’.
14. Review the information > Finish.
15. Now you have you pool, you need to allow your users to connect to it, with it selected press ‘Entitlements’.
16. Add in the users and/or groups you want to grant access to > OK.
17. It can take a while for the replica to be created then all the linked clones to become ‘Available’ watch progress under ‘Inventory > Desktops’.
18. When available you should be able to connect to them using the VMware View Client.
19. And finally get your new Windows 7 linked clone desktop.
Related Articles, References, Credits, or External Links
You have a ZyXEL router (In my case a P-600R-D1) and you want to put a device behind it with a public IP.
Note: I’m assuming you have agreed with your ISP that you will receive a range of public IP addresses. With some ASDL packages the first IP in the range usually gets allocated to the router, confirm this with your ISP.
BT Business Broadband Note: If you are a BT Business customer, your setup will be slightly different, I’ll point that out as we go along.
Solution
1. Connect up to the router, and you should get an IP address from it, open your web browser and proceed to http://192.168.1.1 the default password is “1234”
2. You will be prompted to change the default password, do so, then select the option to go to ‘Advanced Setup’.
3. Expand Network > WAN > Enter the ADSL details provided by your ISP (i.e. ADSL username and ADSL password). If you are having a static IP on the outside of the router you can also set that here.
Note: If you have only been given TWO IP addresses you may need to set BOTH the WAN and LAN IP address to the SAME IP (and disable NAT).
BT Business Broadband Note: Even if you have been allocated a range of public IP addresses, you LEAVE the routers outside IP address option set to, ‘Obtain an IP address automatically’
4. Disable NATONLY IF YOU ARE SETTING THE LAN AND WAN TO THE SAME IP: Select NAT > General > Un-tick “Active Network Address Translation (NAT)” > Apply.
4. Disable DHCP: Select LAN > DHCP Setup > Change DHCP to “None” > Apply.
5. Set the inside IP: Set this to the IP address allocated to your Router – (Note: this may be the SAME as the address allocated to the outside IP, don’t panic it will not conflict (NAT is disabled).
BT Business Broadband Note: This is typically the highest IP address in the range, BT have given you.
6. You can now connect your internal device/firewall (Note: You may need to reboot the device AND the router as the MAC address may have changed if you have been testing from your laptop/PC.) Or simply allocate another public IP address to device, then make its default route, (or default gateway) the IP address you set on the LAN port of the ZyXEL, (in our example above 123.123.123.124).
Factory Reset ZyXEL Router
If things break and you want to reset the router,
1. Power off the router.
2. Depress the reset button on the rear of the router.
3. Power on the device until the ethernet light, flashes amber.
4. Now DHCP will be turned on and the router will use 192.168.1.1 internally and the default password will be reset to 1234.
Related Articles, References, Credits, or External Links
The very fist time I tried this was on ESXi 4.1, if you try and install Windows 8 Server on that platform, you will see the following.
Your computer ran into a problem and needs to restart. If you’d like to know more, you can search online later for this code: HAL_INITIALIZATION_FAILED It’s collecting error info and will restart in: x seconds
Note: You will also see this in VMware player, and VMware workstation 7.
Solution
Some internet searching told me that as far as VMware was concerned, I needed to be running VMware Workstation version 8, so I installed Workstation 8 and, accepting the fact I got the same install error that the windows 8 consumer preview gives you, (the fix is the same). It works flawlessly (unless you install the VMware tools).
Running Windows “8” Server in ESXi
I knew that the developer preview worked on ESXi 5, And VMware Workstation 8 uses VMware hardware version 8. So I guessed that it would run under ESXi 5. I set the machine type to “Windows 7 x64”, and it installed it, to my surprise it ran straight away.
And Installing VMware tools went smoothly as well.
Related Articles, References, Credits, or External Links