6.5u1 SMB1 issue with causes the AD authentication issue.

We had the AD authentication issue from the ESXi 6.5 U1 and tried various method mentioned in my previous blog but it got failed with all the options.

Below is the error while trying to connect the host from the domainjoin-cl cmd.


Finally VMware engineering team has confirmed that the issue is because  of certain limitations in software that are affecting in the process of joining hosts to Domain.

Basically, smb1 must be enabled in DC in order to connect ESXi hosts to domain.
According to release notes for 6.5U1, SMB2 is supported.

Yes, SMB2 is supported from 6.5u1 onward but the initial SMB packet negotiation
request always happen over SMB1 packet. If SMB2 is enabled on both AD and the
host, then the negotiation switches to SMB2 otherwise it negotiates through SMB
packets only.
So if SMB1 is disabled on the domain controller then it would prevent the
initial packet negotiation, thus causing SMB packet drops and eventually domain
join failure with error ERROR_GEN_FAILURE.

From 6.7u2, we'll be supporting initial packet negotiation with SMB2 by default
instead of SMB1, thus disabling SMB1 completely.

We have also tried the option by selecting the preferred AD server option which is already enabled with  SMB1 , still we were not able to join in domain and got the update from the VMware as below..

"preferred server" option does not specifically imply that the connection will go through the server specified, but it's just a reference in case it is under the servers reported.
It seems like our only option would be enable SMB1 on the AD servers,

So, basically we cant be able to join these hosts to AD domain unless SMBv1 is enabled. Otherwise, we need to Wait for 6.7 U2 release.

Posted in ESXi issue, Vcenter Appliance, vCSA 6.0, VCSA6.5, VMware | Tagged , , , , , , | 1 Comment

2018 – Blogs which helped me to gain knowledge.

Below is the list of the blogs which helped me to gain knowledge on some new technologies in 2018.




































Docker on Windows 10, are containers for me?



Posted in AWS, VMware | Tagged , | Leave a comment

Tips to edit the .vmdk (descriptor file)

We are in the situation to change the scsi adapter detail in the disk vmdk (descriptor file) and the count of the VM list is very high so used the below steps to change it on the multiples VMs.

Log-in to the SSH of the ESXi

Check what all vmdk having lsisas1068

 grep lsisas1068 /vmfs/volumes/storage/*/????????????????????????????????.vmdk

Based on the VM Name count ( ???????????????????????????????? )

Copy the vmdk file to /tmp/backup

 cp/vmfs/volumes/storage/*/????????????????????????????????.vmdk /tmp/backup/

Check and Apply the Changes

 sed ‘s/lsisas1068/lsilogic/’ /vmfs/volumes/storage/*/????????????????????????????????.vmdk

sed -i ‘s/lsisas1068/lsilogic/’ /vmfs/volumes/storage/i-2358-666282-VM/????????????????????????????????.vmdk

Verify the changes

diff /tmp/filename /vmfs/volumes/storage/i-2358-666282-VM/????????????????????????????????.vmdk

grep lsisas1068 /vmfs/volumes/storage/*/????????????????????????????????.vmdk

Posted in ESX command, ESXi issue, VMware | Tagged , | Leave a comment

Tips to update the certificate request with SANs (subject alternative names)

When we deploy our custom certificate in the https://<vrops>/admin UI, vROps will take care of distribute that same certificate to all vROps nodes.

Because vROps uses one certificate for all nodes, we must have every nodes’ IP address and FQDN (and short name, if your systems support short names) as Subject Alternate Names in the one certificate.On top of that we need to add the alias name to the master node to the SAN so that when we accessing the like with URL it will come with the certificate.

I have found the below two links which helped to achieve the same.

https://geekflare.com/san-ssl-certificate/ https://gist.github.com/croxton/ebfb5f3ac143cd86542788f972434c96





Posted in Certificate, VMware, vROPs | Tagged , , , | Leave a comment

Inactive VMs in SRM recovery.

We were testing the SRM recovery and noticed few VMs are skipped during the testing without any error and when we generated the logs ,skipped  VMs were showing as inactive.

Screen Shot 2018-09-30 at 3.37.44 PM

After few investigation we have noticed that the Guest OS was selected in the VM level as other , while the VMs which is recovered without any issue was in proper OS family.Issue got resolved and able to recover once we edited the  VM to the proper OS.

Screen Shot 2018-09-30 at 3.59.29 PM

Interesting part is same VMs were success during our last year DR-Test and it was running VC6.0u3\SRM6.1.1 and upgraded now to VC6.5u2\SRM6.5.I think something might have changed in the 6.5 version which required Guest-OS details to be placed properly ..

Posted in SRM, VMware | Tagged , , , , | Leave a comment

Steps to identify the EC2 instance AWS account information

We have lot of accounts for each application in AWS  and few we will have rights and others restricted . Few cases like we have access to the SSH of the EC2 instance but not aware of  which AWS account the instance belongs.

Easy way to identify the account details , follow the below steps.

  1. curl

We will get the MAC output( example ) 1a:2b:3c:4d:5:6f 

2.‘mac’/owner-id /owner-id

We will get the corresponding AWS account number as the output.

Posted in AWS | Tagged , | Leave a comment

July MS patch issue and fix

We were encountered  few issue after the July month Microsoft patch KB4338814\KB4338815. After applying the patch users have reported about the DHCP issue and SQL fail-over cluster issue.On few servers we were not able to open the DHCP \ MS Fail-over console also and it has been fixed once we un-installed the above mentioned patches.

Microsoft has released new patches to address the same.

Follow the below MS Links to understand the issue and to fix it.




If you are getting “access denied,” “class not registered,” or “internal failure occurred for unknown reasons” errors then it is because of the problematic .NET July security patches and below link will help to fix the same.


Posted in Windows | Tagged , , , , | Leave a comment

Bug in some vSAN code that Logic Monitoring is polling

As per the below link  if we are using the Logic Monitoring for VSphere environment, It looks like due to a change in the server-side API behavior of VMware 6.5, could trigger host instability, or possibly a crash of an ESXi 6.5 host.



To ensure the stability of your VMware environment, we highly recommend upgrading to version 2 of VMware_vSphere_HostPerformance from the repository. You alternatively use this locator: 99EKKN

Please note that this version is not backwards compatible with the version 1 series, so history will be lost upon upgrade. You can avoid this by renaming and then disabling the current version of the DataSource in your account before upgrading. This will ensure you don’t lose the historical data from version 1. If you’re unsure, please reach out to Support and they can help walk you through upgrading.

Posted in ESXi issue, VCSA6.5, VMware | Tagged , | Leave a comment

Adding the AWS Account in to the Trend DSM – Part 2

Add your AWS account to Deep Security. This imports all your Amazon EC2 instances into Deep Security Manager. Your EC2 instances appear on the left under Computers > your_AWS_account > your_region > your_VPC > your_subnet.

From there, you can manage them like any other computer.

If you previously added Amazon EC2 instances as individual computers, and they are part of your AWS account, after importing the account.

There are several ways to add AWS accounts to Deep Security Manager:

  • Add your AWS account using the quick setup option. This is the easiest way to add an account because it uses an AWS CloudFormation template to automate the setup. You can run through the quick setup several times to add multiple AWS accounts. The quick setup is the automated way of adding your account using a cross account role, which is described next.
    This method is available with this deployment method:

Deep Security as a Service

This AWS CloudFormation stack creates access privileges that will allow the Trend Micro Deep Security service (https://app.deepsecurity.trendmicro.com/) to monitor your AWS instances. The stack will automatically update your Trend Micro Deep Security account with your AWS account information. You can delete this stack after it completes and the Deep Security service will keep working. To revoke access, go to the Identity and Account Management console and delete the role named ‘DeepSecurity’ .**WARNING** This template creates an Amazon EC2 instance that runs for a very short period and then terminates itself. You will be billed for the very small amount of AWS resources used if you create a stack from this template.


Add your AWS account using the quick setup option

Applies to Deep Security as a Service only.

  1. In the Deep Security Manager, go to the Computers page and click Add > Add AWS Account.

Select Quick

Screen Shot 2018-05-31 at 11.03.09 PM

Click Next.

A page appears that describes what happens during the setup process with a URL. The URL is valid for one hour.

Screen Shot 2018-05-31 at 11.05.27 PM

Click Next.

If you have not already signed into your AWS account you are prompted to do so.

Click Next on the Select Template page to accept the defaults.

Screen Shot 2018-05-31 at 11.06.30 PM

If your organization uses tags, you can add them on the Options page.

Screen Shot 2018-05-31 at 11.07.53 PM.png

Screen Shot 2018-05-31 at 11.08.50 PM.png

Click Next.

On the Review page, select the check box next to I acknowledge that this template might cause AWS CloudFormation to create IAM resources.


Screen Shot 2018-05-31 at 11.10.00 PM.png

Screen Shot 2018-05-31 at 11.10.40 PM

Click Create.

When AWS CloudFormation finishes setting up a cross account role, the Deep Security Manager wizard displays a success message. You can close the screen before the success message is displayed. The account is added to Deep Security immediately after the cross account role is set up.

Screen Shot 2018-05-31 at 11.12.21 PM.png


Screen Shot 2018-05-31 at 11.14.32 PM.png

Screen Shot 2018-05-31 at 11.15.31 PM_censored (1)

Posted in AWS, Trend Micro Deep Security | Tagged , , , | Leave a comment

Trend Deep security Protection on AWS – Part 1

Enable agility with security built for Amazon EC2. Trend Micro’s instance-based  protection, deep API integration and AWS CloudFormation templates help you automate security and accelerate compliance. Together Trend Micro and AWS deliver proactive cloud security that Security trusts and DevOps likes. With AWS Marketplaceas a service or software deployment options and pay-as-you-go pricing options, you can seamlessly integrate security into your environment, whether you’re all in the cloud or still supporting hybrid infrastructures.

Same like old blog series on Trend DSM , we can see the new blog series on the below topics to enable the EC2 instance with Trend DSM as a service.

  1. Login setup
  2. Adding the AWS Account in to the Trend DSM
  3. How to use deployment scripts to add and protect computers
  4. Activating the Trend Agent
  5. Bake the agent into your AMI


  1. Login setup

Login to the below link and create the free account for the testing.


Create the own account and login , We can see the Trend Deep security Manager dashboard.

Posted in AWS, Trend Deep Security Manager - ( DSM ), Trend Micro Deep Security | Tagged , , , , | Leave a comment