VMware – Cannot Cut, Copy, or Paste to VM’s

KB ID 0000515

Problem

Ever since ESX 4.1 this feature has been disabled and you have been unable to paste to VM, VMware say in their own documentation:

Source (Page 215 – ESX Configuration Guide ESX 4.1 vCenter Server 4.1).

To turn this feature back ON you have a few choices.

Please be aware: We are talking about copy and pasting TEXT to and from a guest VM NOT files and folders.

Solution

ESX Option 1 (Enable Copy and Paste to VM an individual Guest machine)

Using vSphere 8 or Above

Firstly, you need to shut the virtual machine down > Right Click it > Edit Settings >  Advanced > Add the following TWO attributes and values.

Add in the following two;
Attribute: isolation.tools.copy.disable, Value: false
Attribute: isolation.tools.paste.disable, Value: false

Click OK >  Power the VM back on.

Using HML5 Web Client (Enable Copy and Paste to VM)

Firstly, you need to shut the virtual machine down > Right Click it > Edit Settings > VM Options > Advanced  > Scroll down.

 

Edit configuration > Add configuration params;

Add in the following two parameters then click OK

Name: isolation.tools.copy.disable, Value: false
Name: isolation.tools.paste.disable, Value: false

Using Flash Web Client.

Firstly, you need to shut the virtual machine down > Right Click it > Edit Settings > VMware Option Tab > Advanced > Edit configuration > Add in the following;

Name: isolation.tools.copy.disable, Value: false
Name: isolation.tools.paste.disable, Value: false

 

OK > OK > Power on VM

Using VMware Client (Enable Copy and Paste to VM)

1. Firstly, you need to shut the virtual machine down > Right Click it > Edit Settings > Option Tab > Advanced > General > Configuration Parameters.

2. Select “Add Row” and add the following two options:

[box]isolation.tools.copy.disable

isolation.tools.paste.disable [/box]

Set both these values to FALSE > OK > OK > Power the VM back on again.

Note: Even without these values set, if a VM is vMotioned to an ESX host that has the copy.paste options set in it’s config file (see below) then these features are automatically enabled.

Option 2 (Enable Copy and Paste to VM on an individual Guest machine)

1. You can also achieve the same as above by directly editing the .vmx file for the virtual machine, Add the following two values as shown below:

[box]isolation.tools.copy.disable=”FALSE”

isolation.tools.paste.disable=”FALSE” [/box]

Note: Even without these values set, if a VM is vMotioned to an ESX host that has the copy.paste options set in it’s config file (see below) then these features are automatically enabled.

Option 3 (Enable Copy and Paste on the ESX host for all the VM’s on that host)

Note: This procedure will be removed/reset after an ESX upgrade. (You will need to carry out this procedure again post upgrade).

1. Connect to your ESX server, either directly on the console, or via SSH. and execute the following command:

[box]vi /etc/vmware/config[/box]

 

2. Press i to insert text and paste in the following two lines:

[box]isolation.tools.copy.disable=”FALSE”

isolation.tools.paste.disable=”FALSE” [/box]

Press Escape > then type :wq to save the changes.

Additional Steps for Linux / Ubuntu to allow Copy and Paste to VM

1. Assuming you have the VMware tools installed in your Linux guest VM, if not execute the following command:

[box]sudo apt-get install open-vm-toolbox[/box]

To enable copy paste on the guest execute the following command:

[box]vmware-toolbox &[/box]

One the VMware tools properties page pops up you will be able to copy and paste.

Enabling Copy and Paste in VMware Workstation

Out of the box, this functionality is switched on. However if you lose it then open the virtual machines settings > Options tab > Guest Isolation > Enable the Copy and paste option.

Related Articles, References, Credits, or External Links

NA

VMware vSphere Adding vTPM

vTPM KB ID 0001875

Problem

I’ve been asked about this a couple of times in the past, back then my test bench was running a mix of ESX 6.7 and 6.5 so I could not test and document the process. Now Everything is running ESX 8.x I can test the procedure in anger. The reason is because I was met with this today.

TPM 2.0 must be supported and enabled on this PC

So what’s a TPM, and a vTPM and why is that important?

Trusted Platform Module (TPM): A hardware component that enhances security by providing cryptographic functions and secure storage of cryptographic keys. It is used for tasks such as device authentication, secure boot, and encryption.

Virtual TPM (vTPM): A virtualised version of a TPM that provides the same functionality as a physical TPM but is implemented in software within a virtualised environment. It allows virtual machines (VMs) to use TPM features without requiring a physical TPM chip in the underlying hardware.

Key Functions of vTPM:

  • Secure Boot: Ensures that a system boots using only software that is trusted by the manufacturer.
  • Device Authentication: Verifies the integrity of the device and its software before it is allowed to connect to the network or perform sensitive operations.
  • Encryption Key Storage: Stores cryptographic keys securely, preventing unauthorized access even if the VM is compromised.

Use Cases:

  • Cloud Computing: Provides security features for VMs in cloud environments, ensuring that each VM can have its own isolated and secure TPM instance.
  • Virtualization Platforms: Enhances security in environments using hypervisors such as VMware, Microsoft Hyper-V, or KVM.

Implementation:

  • Software-Based: Implemented as part of the virtualization software stack.
  • Isolation: Each vTPM instance is isolated from others, ensuring that the security properties of TPM are maintained even in a multi-tenant environment.

Advantages:

  • Scalability: Easily scalable across many VMs without the need for physical TPM hardware.
  • Flexibility: Can be deployed in various virtualized environments and cloud infrastructures.

To summarise, vTPM provides the security benefits of TPM in virtualised and cloud environments, enabling secure operations and cryptographic functions for virtual machine

Solution: VMware vTPM

vTPM Prerequisites

To install and configure a vTPM (Virtual Trusted Platform Module) on VMware ESXi, certain prerequisites must be met to ensure compatibility and proper functionality. Here are the main prerequisites:

  • VMware ESXi Version: vTPM is supported on ESXi 6.7 and later versions. (If you have 1x older host then you will NOT be able to utilise vTPM).
  • VM Hardware Version: The virtual machine (VM) must be configured with hardware version 14 or higher. This ensures that the VM can support the vTPM functionality.
  • vSphere: vSphere 6.7 or later is required. This includes both vCenter Server and the ESXi hosts.
  • UEFI Firmware: The VM must be configured to use UEFI (Unified Extensible Firmware Interface) firmware instead of BIOS. vTPM is not supported with legacy BIOS firmware.
  • Key Management Server (KMS): A Key Management Server must be configured and accessible. VMware vSphere requires a KMS to manage the encryption keys used for VM encryption and vTPM. This cannot be done with the ‘built in’ Native Key Provider.
  • Virtual Machine Compatibility: Ensure that the guest operating system of the VM supports TPM. Most modern operating systems, including Windows 10, Windows Server 2016/2019, and certain Linux distributions, support TPM.
  • Permissions: Appropriate permissions are required to configure vTPM. Ensure that you have the necessary administrative privileges in vCenter Server to configure VM options and encryption settings.

vTPM: Adding VMware Native Key Provider

With you vCenter selected > Configure > Key Providers > Add > Give the Key Provider a sensible name > Untick “Use Key provider only with TPM protected ESXi Hosts  (Recommended)* > Add Key Provider.

*Note: Each ESXi server DOES NOT need to have its own physical TPM chip unticking this option lets you deploy vTPM to a VM on ANY host regardless of whether it has a TPM chip or not.

Before it can be used you have to back it up > Select you Key Provider > Backup > Tick ‘Protect this Native Key Provider with a password (Recommended) > Supply and conform a password > Tick “I have saved the password in a secure place” > Backup Key Provider.

Adding vTPM to a Virtual Machine

Right click the VM in question  > Edit Settings.

Add New Device > Trusted Platform Module > OK.

I Dont See Trusted Platform Module?

Yeah, I knew all my pre-requisites had been met, but if you’ve read from the start you will know this VM came from a 6.7/6.5 environment, so not being able to add a vTPM was probably a hardware version problem, to save you googling Hardware version 14 is ESX 6.7 compatibility, so you have to change the compatibility, like so.

 
Right click the VM > Compatibility > Upgrade VM Compatibility > Yes > Select a version that 6.7 or newer > OK.

Note: If you cannot perform this procedure, you can bypass the check for both a TPM and an unsupported CPU by following the procedure in the following article.

Windows 11 Unsupported CPU

Related Articles, References, Credits, or External Links

NA

VMware Enable SSH (vSphere ESX)

 

VMware Enable SSH KB ID 0000299 

Problem

Should you wish to get SSH (remote secure console) access to your ESX  hosts, you need to do the following.

ESX Version 8 and Newer

ESX Version 6.5 and Newer

ESX version 5 and Newer

ESX version 4.1.0

ESX version 4.0.0 and earlier

ESX version 4.0.0 and earlier

Solution

VMware Enable SSH ESX 8.0

Directly on an ESX Host: If you have a stand-alone ESX Server running version 8.x, Log in via the web console >  Select ‘Host’ > Actions > Services > Enable Secure Shell (SSH).

Via vSphere/vCenter: If you want to enable SSH on an ESX host through the vCenter Web client then, from the ‘hosts and datacentres’ view > Select the Host  > Configure > Services > Locate SSH > Start.

Enable SSH Permanently: Some people don’t want this enabled for security reasons, and in production that makes sense, but on my test network I always have SSH enabled. from the same screen as above with SSH selected > Edit Start-up Policy > Select ‘Start an stop with host” > OK.

VMware Enable SSH 6.5

If you have a stand-alone ESX Server running version 6.5, it’s a lot easier to enable ESX access. Select ‘Host’ > Actions > Service > Enable Secure Shell (SSH). Note: You can also enable the direct console access here.

If you want to enable SSH on an ESX host through the vCenter Web client then, from the ‘hosts and datacenters’ view > Select the Host  > Configure > Security Profile > Scroll down to ‘Services’ > Edit.

Locate ‘SSH > Start > OK.

Once enabled you will see the following warning on the hosts summary page, however, in version 6.5 you can suppress this error.

VMware Enable SSH ESX 5

ESX 5 has a built in firewall, which can have SSH opened in the VI clients, or just as with version 4.1.0 you can enable SSH Locally from the console from troubleshooting options.

Enable Remotely

1. Log into the host with the VI client > Select the host > Configuration > Security Profile > Properties.

2. Locate SSH Server > Tick it > Options > You can either manually start it or set it to start automatically.

3. You will see the following warning to “retrieve” the firewall settings (because you have just changed them) > Select Yes.

Note: Having it running will still cause the “Configuration Issues – SSH for the host has been enabled” nag screen on the summary tab of the host.

VMware Enable SSH ESX 4.0.1

Starting with version 4.0.1 you can enable SSH access from the server console.

1. Go to the normal ESX console > Press F2 > Log in >Troubleshooting Options.

2. Select “Enable Remote Tech support” toggle on and off with {enter} if you want to SSH in the server remotely using PuTTy for example > If you want to log on directly at the console choose “Enable Local Tech Support”.

3. Note: Having it running will still cause the “Configuration Issues – Remote Tech support Mode (SSH) for the host {hostname} has been enabled” nag screen on the summary tab of the host.

Grant SSH Access to ESX 4.0.0 and earlier

1. Go to the normal ESXi console.

2. Press ALT+F1 > the screen will change > Type unsupported {enter} > Note: Nothing will appear on the screen till you hit {enter} > Type in the root password and press {enter}.

3. You now need to edit a config file, the only editor we have is vi (sorry) issue the following command,

[box]vi /etc/inetd.conf[/box]

4. The vi editor will open the file, use the arrow keys to move down to the line that says,

[box]#ssh stream tcp nowait root…[/box]

Press I on the keyboard (that puts the vi editor into insert mode) and delete the hash “#” mark from the beginning of the line.

5 Then, to save the changes press {Esc} > type in :wq {Enter} (that’s write the changes and quit if you’re interested).

6. Enter the following command.

[box]

cat /var/run/inetd.pid

[/box]

It will provide you with a number, (in the example below its 4983, yours will be different).

7. Issue the following command.

[box]

kill -HUP {the number you got from above}

[/box]

8. To get back to the usual ESXi screen and exit command line press ALT+F2.

9. You can now connect with an SSH client like Putty.

 

Related Articles, References, Credits, or External Links

Original Article written: 07/12/11

ESX4 – Grant Root User SSH Access

Thanks to Dave Corrasa for the feedback.

ESX: This PC Can’t Run Windows 11

KB ID 0001763

Problem: This PC Can’t Run windows 11 

When attempting to install Windows 11 on ESX (in this example vSphere 6.7) you will receive the following error;

Windows Setup
This PC can’t run Windows 11
This PC doesn’t meet the minimum system requirements to install this version of Windows. For more information, visit https://aka.ms.WindowsSysReq

The reason you are seeing this is probably not because you don’t have the RAM,  CPU, or storage requirements, it’s probably because setup can’t see a TPM 2.0 chip. So you can either bypass this requirement or install a virtual TPM 2 chip. (I could not do this, as I’ve still got ESX 6.5 in my test cluster and all the hosts need to be 6.7 or above).

VMware Fusion Note: Be aware to run Windows 11 on VMware Fusion,  you need to set the HDD to 64GB (or greater) and the RAM to 4096 GB or this error will persist.

VMware ESX Note: MAKE SURE you change the boot options to EFI and enable secure boot, in the VM properties.

Windows 11: Bypass the TPM 2.0 Requirement

Press SHIFT+F10 (or Fn+Shift+F10 on a mac) this will open a command window > type ‘regedit’ {Enter} > the registry editor will open > Navigate to;

[box]

HKEY_LOCAL_MACHINE > SYSTEM > Setup

[/box]

Create a NEW KEY called LabConfig.

Note: There is a newer version of this fix you can find here

In the new key, create a new 32 Bit DWORD object.

Call the new object ByPassTPMCheck and give it a value of 1.

Close the registry editor, type exit to close the command window. Then close the error window, (as shown below).

You will be asked to confirm that you want to exit, do so, and setup will restart, and then progress normally.

 

Note: If you are in a VMwar environment, you can also (with some caveats) install a vTPM

VMware vSphere Adding vTPM

Or if upgrading, you can bypass the TPM and CPU checks.

Windows 11 Unsupported CPU

Related Articles, References, Credits, or External Links

NA

ESX SD Card?

KB ID 0001785

Problem

For a while it’s been common knowledge that running ESX 7.x from a server that boots with an SD-Card is a no no. VMware themselves said (originally) that they would not support it. Then they said they would ‘sort of‘ support it, if there was additional persistent storage. Then in the past week they’ve said,

VMware will continue supporting USB/SD card as a boot device through the vSphere next product release, including the update releases. Both installs and upgrades will be supported on USB/SD cards.

But, it’s not a complete ‘Back peddle’ because they also say;

The upgrade or install workflows for vSphere will ensure that the OSData partition is relocated away from USB/SD card into a persistent device. There will be an automatic fallback to use a VMFS datastore, or a RAMDisk if such a device is not available. Preferably, the SD cards should be replaced with an SSD or another local persistent device as the standalone boot option.

Reference

ESX SD Card 

So best to err on the side of caution and NOT install anything (or upgrade to anything) newer than 7.0 on an SD Card. I’ve got a client running 6.7 looking to upgrade so I needed to find out if their hosts (a mix of Dells and IBMs) were on the HCL, and more importantly were they booting from SD-Cards?

A quick Google search revealed someone had written PowerCLI Script to do this, problem was the clients management server would need a reboot to get the PowerCLI installed (with the management agents). So I had to grow a ginger pony tail, don my socks and sandals, and do some Linux.

Connect to your EXIi via SSH, First ascertain where you’re booting from (bootbank)

[box]

ls -la /bootbank

[/box]

As you can see in the example below, this will return the VFMS volume tat we need (in this case /vmfs/volumes/dcb33778-ff2797db-9624-0bfeb9391a11) change your command to match the name of yours.

[box]

vmkfstools -P /vmfs/volumes/dcb33778-ff2797db-9624-0bfeb9391a11

[/box]

This time look for Partitions spanned (on “disks”) in the example below, mine’s called naa.600605b00a6913d01e22c30c056436ac (Note: ignore any colons ‘:’ and anything to the right of them).

Then use the disk name in the following command.

[box]

esxcli storage core device list |grep -A27 ^naa.600605b00a6913d01e22c30c056436ac

[/box]

From the output you should be able to tell what the boot device is, for example my client IBM servers gave me this (so I knew they were booting from internal disks).

But the Dell servers, although on the VMware HCL for version 7, were booting from SD Cards (see the following output).

Knowing the servers concerned (Dell R630 PowerEdges) I know they need a particular RAID card (yes I know you can get a cheap 330 model, but not for production hosts!) Then, a specific cable, and the the cost of the drives, to get them for a server this old, Dell will try to charge me a fortune, it’s probably easier to replace those hosts.

Get ESX SD Card Boot Info From PowerCLI

I mentioned earlier that this avenue was not open to me, so I gave it a shot on my test network.

SD-Card-Check is what I used (Note: I do not claim credit for this, Credit to Ivo Bereens.)

Related Articles, References, Credits, or External Links

NA

Upload Files to VMware Datastore Fails

KB ID 0001777

Problem

Whilst attempting to upload an ISO into a VMware datastore this morning, I got this error;

The operation failed for an undetermined reason. Typically this problem occurs due to certificates that the browser does not trust. If you are using self-signed or custom certificates, open the URL below in a new browser tab and accept the certificate, then retry the operation.

Solution

I’ve encountered this exact problem once before here: VMware: ISO Upload or Deploy OVA Fails ‘Undetermined Reason’ It happens because you do not trust the CA that signed the certificate that vSphere is using. Go back to the initial logon page and click ‘Download Trusted Root CA Certificates‘. Note: if you have a stupid browser that tries to open the file (I’m looking at you Microsoft Edge!) Then choose ‘Save target as’ and save the zip file containing the root CA Certificates.

Open the Zip file and choose the Windows or Mac version and locate the file that has the CRT extension, (the other file is a certificate revocation list, and you don’t need this). Double click the certificate and choose ‘Install Certificate‘.

Select ‘Local Machine‘.

Select the option to choose which store to use and put it in ‘Trusted Root Certification Authorities‘  > Then complete the import wizard, (and ensure it says import successful). Then restart your browser, log back into vSphere and try again.

Related Articles, References, Credits, or External Links

NA

VMware ESX – Sockets and Cores (Logical Processors)

KB ID 0001124 

Problem

While explaining to a client the difference between Sockets, Cores, Logical processors, I had to revisit this post today, so I updated it for vSphere7

Calculating Sockets and Cores

 Essentially;

A: Processor Sockets: The Physical amount of CPUs on the motherboard.

B: Cores Per Socket: For a dual core processor this would be 2, triple core=3, quad core = 4, hex core = 6, octa core=8, deca core=12, etc.

C: Logical Processors: This is the amount of sockets, multiplied by the cores, and if Hyperthreading is enabled on the processors (see above), then that figure is doubled.

Related Articles, References, Credits, or External Links

NA

VMware Fusion: Not Enough Physical Memory

KB ID 0001715

Problem

I upgraded to macOS Big Sur this week, and was surprised everything still worked! That was until I tried to start up my Windows 1o Virtual machine.

“Not enough physical memory is available to power on this virtual machine with its configured settings.”

Solution

Though it took me a while to ‘fix’, the fix is quite straight forward, I was running version 11 (see Below).

As soon as I upgraded to version 12.

Everything worked correctly. Only version 12 is fully supported on macOS Big Sur.

Related Articles, References, Credits, or External Links

NA

OVA / OVF Deployment Gets Stuck ‘Validating’

KB ID 0001664

Problem

I had this problem (on sphere 6.7) the other day when trying to deploy some OVA files on my test network.

Solution

Well as stated elsewhere I tried reconnecting to my vCenter using its FQDN, this didn’t solve the problem, using Flash or HTML5 didn’t cure the problem either. What did cure the problem was using a different browser! I switched from IE to Chrome and it worked fine.

Update: I Also cured this problem by using Microsoft Edge (The new chromium based one).

Related Articles, References, Credits, or External Links

VMware vSphere – How to Import and Export OVF and OVA Files

VMware: Export a VM to OVA With PowerCLI

VMware: ISO Upload or Deploy OVA Fails ‘Undetermined Reason’