Category Archives: Uncategorized

iDRAC6 Virtual Console Java – (Connection Failed)

Here is a quick fix to connect to an iDrac Console session using Java, if you are getting the “Connection Failed” error. You simply need to re-enable SSLv3 support in Java temporarily.

  1. Browse to the Java Security File (C:\Program Files (x86)\Java\jre1.x.x\lib\security)
  2. Edit the file. (May need to open Notepad as Admin first)
  3. Comment out the following line “jdk.tls.disabledAlgorithms=SSLv3“.

That should allow you to connect without any errors. For security purposes, you should uncomment that file line when you are finished to disable SSLv3 again.

Disable “Send Read Receipts” via OWA

Believe it or not, disabling Read Receipts in Outlook does not disable this feature from your mobile device. In fact, Send Read Receipts is enabled out of the box, and it has to be disabled via OWA. Big thanks to Gostev from Veeam for pointing this out!

Disabling it is easy, and I can’t think of many scenarios in which someone would NOT want to disable this. It can be disabled by logging into OWA from a computer (or a mobile browser that will disable the mobile view) and go to the following:
Settings -> General -> Mobile Devices -> and make sure to check the “Don’t send read receipts for messages read on devices that use Exchange Active Sync” checkbox.

Sophos XG Firewall Review

Sophos has been climbing the Security leaderboard of the Magic Quadrant for some time now, and we have utilized their amazing Endpoint protection within our company and with our customers. I was excited to get my hands on their XG Firewalls and takes notes of my experience with the initial deployment, configuration, and ongoing feedback.
Note- this review is based off a week or so of usage, and does not incorporate feedback over time, which is where most issues with any product usually creep up.

Aesthetics – Initial impressions of the nuts/bolts

The XG135w is a desktop form factor unit, that has the ability to be rack-mounted (mounting kit not included). It has a nice clean shell, three large omni-directional antennas, with the ability to add two additional antennas with an add-on module. It has 8 x 1GbE ports plus an additional 1GbE SFP port, which when in use, takes the place of Port 5. It has an HDMI port which I haven’t had time to try out, two USB ports and one Micro USB for console access. It feels like they have taken a really nice gaming motherboard and converted it to an awesome firewall. Its rare that you see SFP, HDMI, and Micro USB ports on a firewall, but it’s what makes the XG so unique. The expansion bay allows you to add any one of the following: SFP DSL Module, 3G/4G module, additional Wifi Radio, or additional SFP ports.
The DC power plug threw me off a little bit though, as it is a 12v banana plug that goes into the firewall itself, while the other end requires an adapter to convert it to a US or European power socket. Not a bad thing, but not what you would expect. (There are two DC ports for dual power supplies). 

White Gloss Shell

Banana Plug DC Power



Deployment was very easy, with a Setup Wizard that takes you through everything. From Power-On to Management login. It ships with default IP of, so you will need to give your laptop an IP on that subnet and then hit that IP through a web browser. You can probably take most of the defaults throughout the 5 page wizard, but the only real decisions you will need to make during setup is a New Admin Password, and whether you want to use the firewall in Route Mode or Bridge Mode. 5 min deployment couldnt be easier.


GUI and Management

Sophos has always been very good at “simplicity of management”, and the Sophos Firewall OS keeps to that style. There are basically four areas of management with the XG-
Monitor and AnalyzeOverview, Alerts, Reports
Protect: Policies, Rules, Security Features
Configure: Network Routing, VPN, etc
System: Device related management

Control Center – Overview


Do not mistake the simplistic design as a lack of features and security granularity. The XG has a LOT of pre-built policy and rule templates, as well as the ability to create your own.

Built-in Web Policies

Application Profiles


Little Gotchas and Thing to Improve

There are a few things that were confusing and more complex than they should be, which I will briefly describe.

Using LAN Ports as Switch Access Ports:
I spent an hour or so at least trying to figure out how to use Ports 3-8 on the same subnet as my LAN traffic. After much trial/error, and even reaching out to Sophos Support, it was finally resolved by a local Sophos SE (Thanks Joe!who has ran into this before. Not only do you have to bridge the interfaces together, you also need to create a LAN to LAN firewall rule allowing the traffic. I guess in hindsight you could say this is just an extra step to maintain security more than it is a software issue, but if so, they should at least document this or train their support staff on how to properly set this up.

Bridge the LAN interfaces then apply the following firewall rule

LAN to LAN Firewall Rule

Default Security Policies:
This could also be considered an extra layer of security, but many multimedia websites/services were semi-broken with the default policies of the XG. For example, NetFlix and Amazon Video would allow you to browse content, but would error out when you attempt to play the content. This also caused some issues in company website hosting services. The solution here was to use the “Allow All” web policy for all Outgoing Traffic. I am sure there is a more granular policy to use here, but with the limited testing I have had with this, that was the quick and dirty fix.


Final Thoughts

I have been VERY happy with what I have seen so far and am excited to continue digging into more. I wish I had another XG to test HA failover, and I would love to test out some of their wireless access points. I didn’t do much Wireless testing with the XG itself, since it usually doesn’t make sense to have the wireless enabled in the data center or server room, but I am very interested to see if their Access Points can replace some of the broader brands. In general, the XG is worthy of replacing most legacy vendors in the data center. The hardware is great, the security features are even better!

“Your computer can’t connect to the Remote Desktop Gateway server” error

A customer gave me access to their Remote Desktop Gateway server to do some after-hour consulting. Every time I attempted to connect from my Microsoft Surface Book, I got the following error:

Your computer can’t connect to the Remote Desktop Gateway server. Contact you network administrator for assistance.

I assumed my account was not setup correctly, but the customer was able to successfully connect with the account they assigned me. When I attempted to connect from my Desktop PC (same Windows 10 build as my Surface Book), I was able to connect successfully. The following registry edit fixed the issue for me, although I am still baffled as to why it is needed, since it doesn’t exist on my Desktop PC registry which worked from the start.

  • Open Regedit
  • Go to HKCU\Software\Microsoft\Terminal Server Client\
  • Create a new DWORD (32-bit) called: RDGClientTransport
  • Give it a Value of: 1

As soon as I added that entry, I was able to connect. No reboot required.

SmartThings Home Automation – Laundry Alerting

I have tried to create a fully automated “Smart Home” using many technologies with integrated workflows and automation. Alerting when the Washer and Dryer have finished their cycles has been one of the most convenient automation feature for my wife and I. I can’t tell you how many times we have started the laundry, forgot about it, and had to rewash the sour wet clothes. Here is how we do it.

First, and explanation of how this works.

I have my Washing Machine and Dryer, each plugged into their own Z-Wave Power Metering Switch/Plug. This give me insight into how much energy each are using, when they are powered on vs off. I use these plugs specifically: Zooz Zen15

When we start a load of laundry (Washer or Dryer), these Zooz Power Switches sense the energy being used, and SmartThings Hub assumes (correctly) that the laundry is being ran. Since there will always be a tiny bit of power being used, even when the laundry isn’t used, it only assumes the laundry is on when power usage exceeds 10 Watts. This power usage fluctuates during the cycle, especially for the Washing Machine. So the rule I have set in place is to monitor the usage and alert my phone when the Laundry is done. It knows when the laundry is finished when the power usage drops below 8 Watts for 4 mins. BOOM! Perfect solution, and it works every time.

Here is what you will need to pull it off, and I assume if you are reading this, you are already a SmartThings user and have some idea of how the IDE works.

After you have added the “Better Laundry Monitor” device type in your SmartThings IDE, go into your SmartThings app, Marketplace, Smart Apps, and scroll down to My Apps.
See Video Below


Update Plex Plugin on FreeNAS 11

If you are rocking your own FreeNAS storage at home or office, you’ll know that FreeNAS’ built-in plugins are hardly up to date. Updating the Plex plugin is fairly straightforward.

1. SSH to your FreeNAS
2. type: jls
3. Take the note of the Jail # of your Plex plugin
4. type:  jexec # csh (where # is the number of the jail noted in last step)
5. type:  fetch -o
5. type:  chmod 755
6. type:  ./ -u PlexPass_User -p PlexPass_password -a


vSphere Web Client Integration Plugin Not Working

When trying to manage your vSphere environment using the web client (or forced to in 6.5+), the Web Client Integration plugin is required to make use of many features the web client has to offer, like remote console, enhanced authentication, and deploying OVF appliances.

If you have downloaded and installed the plugin, but IE, Chrome, or Firefox do not activate the plugin, it can most likely be resolved by doing one of the following:

  1. Add the vCenter FQDN to the trusted site list:
    For vSphere 6.0-6.5: https://vCenter_FQDN
    For vSphere 5.5: https://vCenter_FQDN:9443
  2. Add the vCenter FQDN to the Local Intranet list (IE & Chrome)
  3. Uninstall Plugin, Clear Cache/Cookies, Reinstall Plugin, and Repeat option 1


HPE Proliant G7 Servers and vSphere 6.5 Purple Screen of Death

Upgrading VMware to ESXi 6.5 on HP G7 Servers will crash and cause you to scream and will require you to waste your time building a custom ISO that HPE could have easily done.
Best practice is to use the vendor’s custom ISO’s that have the hardware drivers integrated, so I used HPE’s latest Custom ISO.

HPE G7 Server support is being dropped by both HPE and VMware. In fact, vSphere 6.5 is supposedly the last version that will support the G7s. Knowing this info, I assumed upgrading from ESXi 6.0 to 6.5 on G7 would work, but I found out quickly that after the upgrade the hosts would “Purple Screen of Death” (PSOD) right after boot.

The Error: “PF Exception 14 in world 67667:sfcb-smx IP 0x0 addr 0x0″

The Issue: There are incompatible driver(s) in the customized ISO from HPE. Yes, there are more than one driver with issues.

The Workarounds: There are various workarounds that I have personally found to work, while others have been resolutions I have read about after I dealt with this, so I was not able to verify that they do indeed work, but I will list them nevertheless. Upgrading the firmware, BIOS, etc did not resolve the issue.
Note: All these workaround require a fresh install of ESXi. Running an Upgrade does not remove the incompatible drivers, and the host doesn’t stay alive long enough before crashing to manually remove them via SSH.

Solution 1: Use VMware’s Standard ISO Media
While this goes against many best practices, VMware doesnt offer too many vendor drivers in their ISO builds, so the offending drivers do not get installed and crash the system. While you can certainly use this method, you will want to follow-up and manually install the appropriate driver VIBs from HPE.

Solution 2: Build your own Custom ISO
This takes a bit more work, but is probably the most comprehensive path to resolution. You will basically need to remove drivers from the HPE Customized 6.5 ISO and inject those from the 6.0 ISO. The following are instructions on doing this.

Create Custom VMware ESXi Media



  • Launch vSphere PowerCLI

  • Add the HP ESXi 6.5 image bundle
    Add-EsxSoftwareDepot -DepotUrl C:\ESXi\

  • Check the Profile

  • Copy the Profile
    New-EsxImageProfile -CloneProfile HPE-ESXi-6.5.0-OS-Release-6* -Name “G7-ESXi”

    Use “HPE Custom” for Vendor

  • Check the Profile

  • Remove the driver from the image
    Remove-EsxSoftwarePackage G7-ESXi hpe-smx-provider

  • Add the HP ESXi 6.0 image bundle
    Add-EsxSoftwareDepot -DepotUrl C:\ESXi\
  • Check the Profile

  • View both drivers in the two bundles
    Get-EsxSoftwarePackage | findstr smx

  • Add the necessary driver into the custom build
    add-esxsoftwarepackage -imageprofile G7-ESXi -softwarepackage “hpe-smx-provider 600.”

  • Convert your custom bundle to ISO
    Export-EsxImageProfile -ImageProfile G7-ESXi -ExportToIso -filepath “C:\ESXi\G7-ESXi.iso”

  • Now take that ISO file that was created and use it to do a FRESH INSTALL. (Remember, upgrade will not work).

Find Unknown Wireless Password for Aruba Wireless SSID

If you don’t remember what password you or another Administrator set for a particular SSID on an Aruba Wireless Access Controller (or Instant Access Point), you can find this by connecting to any Access Point via SSH, Telnet or Console, and running the following commands:

show run no-encrypt

Scroll up until you get to the wlan ssid-profile section, and the password will be listed next to wpa-passphrase

If you had just ran a show run without the “no-encrypt“, you would have see a random hash like this:


vSphere 6.5 – Transport (VMDB) error -45: Failed to connect to peer process

While upgrading some Cisco UCS B200 M3 Servers from vSphere 6.0 to 6.5, I ran into an error that I could not figure out. After upgrading the first Cisco Blade to 6.5, I could not vMotion any VMs from the older 6.0 host to the newly upgraded 6.5 host. I would get the following error:

Transport (VMDB) error -45: Failed to connect to peer process

I was able to vMotion a powered off VM to the new host, but when I attempted to power on the VM, I got the same error: Transport (VMDB) error -45: Failed to connect to peer process

After poking around for awhile, I decided to turn to the VMware community, where I most mostly seeing this error with people using Workstation and Fusion products, but there wasn’t much going on with ESXi environments. I made sure to use the ESXi 6.5 Cisco Media for the original installs and this upgrade, and I assumed there had to be a driver/component issue with all of this. I tried updating by booting into the ISO and running the upgrade from there. After attempting to manually upgrade drivers and firmware, the solution that worked for me was the following:

Reinstall the freaking host from scratch! 

There you have it. Such a simple solution 🙂
Honestly, I have no idea why the reinstall was necessary. I ran into the same issue again when trying to upgrade that second host, and I even tried upgrading it using the an alternative method (Using ESXCLI and Update Manager), but no luck.

I did not call VMware Support on this, but I did submit the bug report. I would love to hear from someone who figured out the root cause and workaround.