VMware – Cannot Cut, Copy, or Paste to VM’s

KB ID 0000515

Problem

Ever since ESX 4.1 this feature has been disabled and you have been unable to paste to VM, VMware say in their own documentation:

Source (Page 215 – ESX Configuration Guide ESX 4.1 vCenter Server 4.1).

To turn this feature back ON you have a few choices.

Please be aware: We are talking about copy and pasting TEXT to and from a guest VM NOT files and folders.

Solution

ESX Option 1 (Enable Copy and Paste to VM an individual Guest machine)

Using vSphere 8 or Above

Firstly, you need to shut the virtual machine down > Right Click it > Edit Settings >  Advanced > Add the following TWO attributes and values.

Add in the following two;
Attribute: isolation.tools.copy.disable, Value: false
Attribute: isolation.tools.paste.disable, Value: false

Click OK >  Power the VM back on.

Using HML5 Web Client (Enable Copy and Paste to VM)

Firstly, you need to shut the virtual machine down > Right Click it > Edit Settings > VM Options > Advanced  > Scroll down.

 

Edit configuration > Add configuration params;

Add in the following two parameters then click OK

Name: isolation.tools.copy.disable, Value: false
Name: isolation.tools.paste.disable, Value: false

Using Flash Web Client.

Firstly, you need to shut the virtual machine down > Right Click it > Edit Settings > VMware Option Tab > Advanced > Edit configuration > Add in the following;

Name: isolation.tools.copy.disable, Value: false
Name: isolation.tools.paste.disable, Value: false

 

OK > OK > Power on VM

Using VMware Client (Enable Copy and Paste to VM)

1. Firstly, you need to shut the virtual machine down > Right Click it > Edit Settings > Option Tab > Advanced > General > Configuration Parameters.

2. Select “Add Row” and add the following two options:

[box]isolation.tools.copy.disable

isolation.tools.paste.disable [/box]

Set both these values to FALSE > OK > OK > Power the VM back on again.

Note: Even without these values set, if a VM is vMotioned to an ESX host that has the copy.paste options set in it’s config file (see below) then these features are automatically enabled.

Option 2 (Enable Copy and Paste to VM on an individual Guest machine)

1. You can also achieve the same as above by directly editing the .vmx file for the virtual machine, Add the following two values as shown below:

[box]isolation.tools.copy.disable=”FALSE”

isolation.tools.paste.disable=”FALSE” [/box]

Note: Even without these values set, if a VM is vMotioned to an ESX host that has the copy.paste options set in it’s config file (see below) then these features are automatically enabled.

Option 3 (Enable Copy and Paste on the ESX host for all the VM’s on that host)

Note: This procedure will be removed/reset after an ESX upgrade. (You will need to carry out this procedure again post upgrade).

1. Connect to your ESX server, either directly on the console, or via SSH. and execute the following command:

[box]vi /etc/vmware/config[/box]

 

2. Press i to insert text and paste in the following two lines:

[box]isolation.tools.copy.disable=”FALSE”

isolation.tools.paste.disable=”FALSE” [/box]

Press Escape > then type :wq to save the changes.

Additional Steps for Linux / Ubuntu to allow Copy and Paste to VM

1. Assuming you have the VMware tools installed in your Linux guest VM, if not execute the following command:

[box]sudo apt-get install open-vm-toolbox[/box]

To enable copy paste on the guest execute the following command:

[box]vmware-toolbox &[/box]

One the VMware tools properties page pops up you will be able to copy and paste.

Enabling Copy and Paste in VMware Workstation

Out of the box, this functionality is switched on. However if you lose it then open the virtual machines settings > Options tab > Guest Isolation > Enable the Copy and paste option.

Related Articles, References, Credits, or External Links

NA

VMware vSphere Adding vTPM

vTPM KB ID 0001875

Problem

I’ve been asked about this a couple of times in the past, back then my test bench was running a mix of ESX 6.7 and 6.5 so I could not test and document the process. Now Everything is running ESX 8.x I can test the procedure in anger. The reason is because I was met with this today.

TPM 2.0 must be supported and enabled on this PC

So what’s a TPM, and a vTPM and why is that important?

Trusted Platform Module (TPM): A hardware component that enhances security by providing cryptographic functions and secure storage of cryptographic keys. It is used for tasks such as device authentication, secure boot, and encryption.

Virtual TPM (vTPM): A virtualised version of a TPM that provides the same functionality as a physical TPM but is implemented in software within a virtualised environment. It allows virtual machines (VMs) to use TPM features without requiring a physical TPM chip in the underlying hardware.

Key Functions of vTPM:

  • Secure Boot: Ensures that a system boots using only software that is trusted by the manufacturer.
  • Device Authentication: Verifies the integrity of the device and its software before it is allowed to connect to the network or perform sensitive operations.
  • Encryption Key Storage: Stores cryptographic keys securely, preventing unauthorized access even if the VM is compromised.

Use Cases:

  • Cloud Computing: Provides security features for VMs in cloud environments, ensuring that each VM can have its own isolated and secure TPM instance.
  • Virtualization Platforms: Enhances security in environments using hypervisors such as VMware, Microsoft Hyper-V, or KVM.

Implementation:

  • Software-Based: Implemented as part of the virtualization software stack.
  • Isolation: Each vTPM instance is isolated from others, ensuring that the security properties of TPM are maintained even in a multi-tenant environment.

Advantages:

  • Scalability: Easily scalable across many VMs without the need for physical TPM hardware.
  • Flexibility: Can be deployed in various virtualized environments and cloud infrastructures.

To summarise, vTPM provides the security benefits of TPM in virtualised and cloud environments, enabling secure operations and cryptographic functions for virtual machine

Solution: VMware vTPM

vTPM Prerequisites

To install and configure a vTPM (Virtual Trusted Platform Module) on VMware ESXi, certain prerequisites must be met to ensure compatibility and proper functionality. Here are the main prerequisites:

  • VMware ESXi Version: vTPM is supported on ESXi 6.7 and later versions. (If you have 1x older host then you will NOT be able to utilise vTPM).
  • VM Hardware Version: The virtual machine (VM) must be configured with hardware version 14 or higher. This ensures that the VM can support the vTPM functionality.
  • vSphere: vSphere 6.7 or later is required. This includes both vCenter Server and the ESXi hosts.
  • UEFI Firmware: The VM must be configured to use UEFI (Unified Extensible Firmware Interface) firmware instead of BIOS. vTPM is not supported with legacy BIOS firmware.
  • Key Management Server (KMS): A Key Management Server must be configured and accessible. VMware vSphere requires a KMS to manage the encryption keys used for VM encryption and vTPM. This cannot be done with the ‘built in’ Native Key Provider.
  • Virtual Machine Compatibility: Ensure that the guest operating system of the VM supports TPM. Most modern operating systems, including Windows 10, Windows Server 2016/2019, and certain Linux distributions, support TPM.
  • Permissions: Appropriate permissions are required to configure vTPM. Ensure that you have the necessary administrative privileges in vCenter Server to configure VM options and encryption settings.

vTPM: Adding VMware Native Key Provider

With you vCenter selected > Configure > Key Providers > Add > Give the Key Provider a sensible name > Untick “Use Key provider only with TPM protected ESXi Hosts  (Recommended)* > Add Key Provider.

*Note: Each ESXi server DOES NOT need to have its own physical TPM chip unticking this option lets you deploy vTPM to a VM on ANY host regardless of whether it has a TPM chip or not.

Before it can be used you have to back it up > Select you Key Provider > Backup > Tick ‘Protect this Native Key Provider with a password (Recommended) > Supply and conform a password > Tick “I have saved the password in a secure place” > Backup Key Provider.

Adding vTPM to a Virtual Machine

Right click the VM in question  > Edit Settings.

Add New Device > Trusted Platform Module > OK.

I Dont See Trusted Platform Module?

Yeah, I knew all my pre-requisites had been met, but if you’ve read from the start you will know this VM came from a 6.7/6.5 environment, so not being able to add a vTPM was probably a hardware version problem, to save you googling Hardware version 14 is ESX 6.7 compatibility, so you have to change the compatibility, like so.

 
Right click the VM > Compatibility > Upgrade VM Compatibility > Yes > Select a version that 6.7 or newer > OK.

Note: If you cannot perform this procedure, you can bypass the check for both a TPM and an unsupported CPU by following the procedure in the following article.

Windows 11 Unsupported CPU

Related Articles, References, Credits, or External Links

NA

ESX: This PC Can’t Run Windows 11

KB ID 0001763

Problem: This PC Can’t Run windows 11 

When attempting to install Windows 11 on ESX (in this example vSphere 6.7) you will receive the following error;

Windows Setup
This PC can’t run Windows 11
This PC doesn’t meet the minimum system requirements to install this version of Windows. For more information, visit https://aka.ms.WindowsSysReq

The reason you are seeing this is probably not because you don’t have the RAM,  CPU, or storage requirements, it’s probably because setup can’t see a TPM 2.0 chip. So you can either bypass this requirement or install a virtual TPM 2 chip. (I could not do this, as I’ve still got ESX 6.5 in my test cluster and all the hosts need to be 6.7 or above).

VMware Fusion Note: Be aware to run Windows 11 on VMware Fusion,  you need to set the HDD to 64GB (or greater) and the RAM to 4096 GB or this error will persist.

VMware ESX Note: MAKE SURE you change the boot options to EFI and enable secure boot, in the VM properties.

Windows 11: Bypass the TPM 2.0 Requirement

Press SHIFT+F10 (or Fn+Shift+F10 on a mac) this will open a command window > type ‘regedit’ {Enter} > the registry editor will open > Navigate to;

[box]

HKEY_LOCAL_MACHINE > SYSTEM > Setup

[/box]

Create a NEW KEY called LabConfig.

Note: There is a newer version of this fix you can find here

In the new key, create a new 32 Bit DWORD object.

Call the new object ByPassTPMCheck and give it a value of 1.

Close the registry editor, type exit to close the command window. Then close the error window, (as shown below).

You will be asked to confirm that you want to exit, do so, and setup will restart, and then progress normally.

 

Note: If you are in a VMwar environment, you can also (with some caveats) install a vTPM

VMware vSphere Adding vTPM

Or if upgrading, you can bypass the TPM and CPU checks.

Windows 11 Unsupported CPU

Related Articles, References, Credits, or External Links

NA

VMware ESX – Sockets and Cores (Logical Processors)

KB ID 0001124 

Problem

While explaining to a client the difference between Sockets, Cores, Logical processors, I had to revisit this post today, so I updated it for vSphere7

Calculating Sockets and Cores

 Essentially;

A: Processor Sockets: The Physical amount of CPUs on the motherboard.

B: Cores Per Socket: For a dual core processor this would be 2, triple core=3, quad core = 4, hex core = 6, octa core=8, deca core=12, etc.

C: Logical Processors: This is the amount of sockets, multiplied by the cores, and if Hyperthreading is enabled on the processors (see above), then that figure is doubled.

Related Articles, References, Credits, or External Links

NA

vSphere: Get ESX Server Serial Numbers

KB ID 0001670

Problem

A few weeks ago I needed to sort out some extended warranty for a customers servers. To do that  I needed the serial numbers of those servers, (a mixture of IBM/Lenovo and Dell Servers).

As I didn’t fancy a drive to two different datacenters, I wanted to try and get them programatically.

Solution

After some searching I came across a post by one of my old EE buddies LucD with exactly what I needed. I’m assuming you have PowerCLI setup before beginning.

Connect to your Virtual infrastructure;

[box]

Connect-VIServer {vCenter-server-FQDN}

[/box]

Then, (assuming you have a folder called C:\Temp that you can write to).

[box]

Get-VMHost | Select Name, @{N='Serial';E={(Get-EsxCli -VMHost $_).hardware.platform.get().SerialNumber}} | Export-Csv c:\temp\serial.csv -NoTypeInformation -UseCulture

[/box]

Then  open your C:\Temp\SerialNumber.csv file, and there’s your serial numbers.

 

Related Articles, References, Credits, or External Links

NA

VMware vSphere – How to Import and Export OVF and OVA Files

KB ID 0000562

Problem

I prefer to think of OVF Templates as “Zip” files for Virtual Machines and Virtual Appliances. Where as the OVA file is the complete appliance pre packaged. There are two things you will want to do with an OVF Template;

1. Export a VM to an OVF Template

2. Import an OVF Template (Note: VMware call this “Deploy an OVF Template”)

Note: There are tools for OVF templates for other VMware virtualisation products, this is just for vSphere / ESX.

Tech Note: I find it a lot simpler to do this from PowerCLI now, see the article below;

VMware: Export a VM to OVA With PowerCLI

Solution

Export a Virtual Machine to OVF (vSphere v6)

Note: Machine must be Powered Off and have No Snapshots!

Select the VM > Templates > Export OVF Template.

Change the name, annotation as required > OK.

Your files will be downloaded, (the location will depend on your browser settings!)

 

Export a Virtual Machine to OVF (vSphere v3, v4 and v5)

Note: Machine must be Powered Off and have No Snapshots!

1. Connect to your host with the VI client > With your virtual machine powered off > Select it > File > Export > Export to OVF Template.

2. Select a location to save the files to > OK.

3. Depending on the size of the VM this can take a while.

4. It will give you the following message when it’s finished.

5. Here are the files that it has created.

Import / Deploy an OVF Template to a Virtual Machine

HTML5 Web Client: You can select Deploy OVF Template from either the Cluster or Host Level.

Flash Web Client: If importing OVA or OVF files into vSphere via the vSphere Web client, you can import them at the vCenter, Host, or Cluster Level.

 

From this point forward: The procedure is the same for both Flash and HTML5 clients, Ill show the process using the HTML5 client.

Choose Files > Navigate to and select ALL the applicable files > Next.

  

Give the new VM a name, and, (if applicable) select a folder to put it into > Next > Select a host to deploy to > Next.

Review details > Next > Choose the storage, (and optionally disk format) > Next.

Select the Port Group you want to connect the new VM to > Next > Again review the details > Finish.

 

Import / Deploy an OVF Template to a Virtual Machine (vSphere v3, v4 and v5)

1. To create a VM from an OVF template, connect to your host with the VI client > File > Deploy OVF Template.

2. Browse to the location that the .ovf file is stored > Next.

3. Read the details > Next.

4. Give the new VM a name > Next.

5. Select the disk format (Thick or Thin) you want the new VM to use.

What does Lazy Zeroed and Eager Zeroed Mean?

Data on disks is stored as a 1 (one) or a 0 (zero), so if all the blocks on the disk are set to zero, when you put data on the disk, it only has half the work to do (i.e. write the ones). Eager Zeroed, puts zeros on all the blocks on the disks straight away, Lazy Zeroed puts all zeroes in a block the first time the block is read.

6. Read the summary, and if you want to power on the VM on completion, tick the box > Finish.

7. Depending upon the amount of data this can take a while.

8. It will give you the following message when it’s finished.

9. And here is your VM, imported, powered up, and working.

Related Articles, References, Credits, or External Links

Original Article Written 26/01/12

Virtualising Hyper-V ‘Validation Fails’

KB ID 0001580

Problem

Normally if you saw this error, it would mean that you didn’t have the advanced virtual extensions turned on, in the physical machine’s BIOS. But here I’m installing on Hyper-V in a vSphere/ESX environment;

Validation Results
The validation process found problems on the server which you want to install features. The selected features are not compatible with the current configuration of your selected server. Click OK to select different features.

Hyper-V cannot be installed: The processor does not have required virtualisation capabilities.

Solution

The VM in question needs to be ‘Powered Off’. Then edit its settings > VM Options > Expand CPU > Hardware virtualisation > Tick “Expose hardware assisted virtualisation to the guest” > OK.

Power on the VM, and then install the Hyper-V role.

Virtualising Hyper-V on Hyper-V

You need to expose the underlying virtualisation extensions on Hyper-V as well, with the following command;

[box]

Set-VMProcessor -VMName “server-name” -ExposeVirtualizationExtensions $true

[/box]

You also need to enable ‘MAC Spoofing’ on the advanced settings of the network card of the VM.

Related Articles, References, Credits, or External Links

NA

Veeam Virtual Labs & SureBackup

KB ID 0001572

Problem

If you require a ‘Virtual Lab’ for testing patches or config changes, on copies of your live servers, or simply want to test the ‘integrity‘ of your backups, then this is the post for you!

Licence Requirements: SureBackup and On Demand Sandbox require Enterprise Plus Veeam Licensing.

Host Licences: Hosts that are only used for SureBackup  / On Demand Sandbox DO NOT NEED Licences, (in Veeam,) only hosts that you back up FROM need licences.

SureBackup and Virtual labs are built on vPower, which allows you to power on your ‘backup files’ in a test/sandbox environment. It’s actually the same technology that Veeam use for U-AIR recovery.

Three components make up a virtual lab;

1. Application Group: This is a group of VMs, and the ‘Order’ they need to be powered on, e.g. for Exchange server you would also need a DC (global catalog server,) and maybe your mail filter appliance to be in the same group.

2. Virtual Lab: Requires a ‘Host’, and a DataStore, (for redo logs only), this only needs to be 10% of the size of the VMs that are being powered on in the lab.

3. SureBackup: This is the process that ‘Tests backups‘, it will bring your backed up machines online, and perform some tests on them, some are simple like ‘ping’ tests others are specific to particular server roles, like additional tests for Domain Controllers, Exchange servers etc.

Solution

Veeam Backup and Recovery Download

Here’s how it all ‘hangs together’. We are backing up a Domain Controller, and an Exchange Server, and we are going to use those backup files to power on a copy of the servers in our ‘Test-Lab’.

Note: I’m using VMware ESX, you can also use Microsoft Hyper-V.

These are presented though a ‘Veeam Proxy Appliance’, which presents them to the VEEAM server with a changed ‘octet’ in their IP address. (So by default any other machine needs a static mapping, {see below}).

Create a Veeam SureBackup Application Group

As mentioned above, make sure you have ‘Enterprise Plus‘ licences.

It should go without saying, but you will also need a ‘good’ backup of your servers.

Backup Infrastructure > SureBackup > Application Group > Add App Group > VMware.

Give the app group a name > Next > Add VM > From Backup > Select the VMs for the Lab > Add Next.

 

Put the server(s) in the correct order, i.e. the domain controllers at the top.

If you are just going to use SureBackup to check backups, then ‘Edit’ the servers, and change their ‘role’ so the correct tests get performed on them. If you are just wanting a Virtual Lab, don’t bother as you will be interacting with them directly anyway. Here are the settings for a Domain Controller.

And here for Exchange.

Next > Finish.

Create a Veeam SureBackup Virtual Lab

Backup Infrastructure > SureBackup > Virtual Labs > Add Virtual Lab > VMware.

Give the lab a name > Next > Choose > Select the ‘Target’ ESX Server to use > OK > Next > Choose > Select a datastore for the ‘redo’ logs, remember this needs to be about 10% of the size of the restored VMs. > OK > Next.

Next > ‘Advanced Single Host’ > Next > Add > Browse to the ‘Port Group’ your production VMs are in > Add > OK > Next.

Note: If you need to have your lab network on its own VLAN, this is where you need to specify that traffic to be ‘tagged’ accordingly.

Add > Specify the IP for the ‘inside’ of your Veeam Proxy Appliance, this MUST BE the same as the default gateway on the live network. Then select a sensible masquerade network address > OK > Next.

Veeam: What’s a Masquerade Address?

The proxy server basically will perform NAT from the test lab to the live network, (their actual IP addresses never change, that’s why the proxy appliance had the same IP as the default gateway on the live network. The Masquerade addresses simply change one ‘octet’ of the IP address so the Veeam server can speak directly to each sand-boxed, (Test lab) VM.

If required, Add a ‘Static Mapping‘ i.e if you want to be able to ‘speak’ to a test lab VM from the live network.

How Do Veeam Virtual Lab ‘Static Mappings’ Work?

Using the example, I used above, here if someone on the live network speaks to 192.168.100.21, they are actually talking to 192.168.100.196 in the test lab.

Apply > Finish.

Create a Veeam SureBackup Job

There are two ways of doing this, if you want to create a SureBackup job that just checks your backups, then you would schedule the job, and connect it to your backups, or if you just wanted to do some lab testing, you would create a ‘one off’ SureBackup job and leave the VMs powered on (I’ll point this out below).

Home > SureBackup Job > VMware > Give the job a name > Next.

Select the lab you created above > Next > Select the App Group you created above. (NOTE: If you want to leave your machines ‘powered on’ after the job, i.e. for performing upgrades, patch tests etc, then TICK the option indicated).

Link this job to the backup job for the VMs in question > Add > Select the backup Job > OK.

Note: The option at the bottom, specifies how many VMs are tested at a time in a standard SureBackup Job.

Next > Next.

Schedule the job (if required) > Apply > If you didn’t schedule, then you can click ‘Run the job when I click Finish‘ for ‘one-off’ jobs > Finish.

If you selected the option to leave the machines powered on, then there will ‘always’ be a job running and the job will stop at 99%. (You will need to manually stop the job to remove the test VMs). If you do continuous backups this will be a familiar sight anyway!

There’s my test VMs powered on, that I can interact with, update, patch, and change configurations, without it affecting my live servers.

Related Articles, References, Credits, or External Links

NA

vSphere: Cannot Change the Host Configuration

KB ID 0001565

Problem

There’s always one! I had a single ESX host that refused to add a datastore?

Failed to create VFMS Datastore {Name} – Cannot change the host configuration.

Solution

I already half suspected what the problem was, because I’d had a similar problem earlier on this week presenting disks to a Windows VM, there’s a GPT partition table on the dive/array.

But without waiting an hour for the HP RAID software to security erase the drives, (and a reboot,) how would I do the same with ESX?

First take note of the drive device name.

Enable SSH on your ESX host.

Connect with an SSH client, and list the device names with the following commands;

[box]

cd /dev/disks
ls

[/box]

Copy the device name to the clipboard, and execute the following command;

[box]

partedUtil mklabel /dev/disks/{device-id} msdos

[/box]

Then try to add the datastore again.

Related Articles, References, Credits, or External Links

NA

vSphere: Presenting Physical Disks to a VM

KB ID 0001563

Problem

I’m doing some work presenting StarWind vSAN into VMware ESX. Because we also want ‘disk tiering’ it has to be ran from Microsoft Windows with Storage Spaces*. To do that I needed to present the physical disks in the ESX hosts, (HP DL380 Gen 10s) to the Windows Virtual Machines that StarWind will be running on.

*Note: At present, ‘tiering’ cannot be done from the StarWind Linux appliance.

Solution

I approached this problem ‘assuming‘ I needed to give the VM the physical RAID controller in the physical server (of which there are two, one for the SSDs and one for the HDDs. But that’s not the case at all, I realised this when I needed to create a datastore on the host itself, and could see all the individual disks.

Shut Down, then edit the settings of the VM > ADD NEW DEVICE > RDM Disk.

Select and add each Physical disk one at a time.

With all the disks presented you can power on the virtual machine.

You will see all the disk(s) listed under the VMs summary hardware section.

The disk should be available within Windows, to add to a storage pool.

Note: If some of the drives cannot be added, see the following article;

Windows Disks ‘CanPool’ set False?

Related Articles, References, Credits, or External Links

NA