vSphere web client - failed to connect to VMware lookup service

Yesterday, I installed the vCenter 5.1 vCenter Virtual Appliance in my home lab. It went fairly smooth, however, I couldn't connect to the vSphere web client. I received the following error:

Failed to connect to VMware Lookup Service - https://localhost:7444/lookupservice/sdk

I found a VMware KB indicating that there could be something wrong with the SSL certificate - because I had changed the FQDN of the appliance after initial setup.

That seemed a little overkill as the appliance should work or at least you should be able to reconfigure it.

The solution was to log into the administration web interface, https://vcenter-server-name:5480, and re-run the  configuration wizard with default settings. That fixed the problem and it didn't delete the cluster and folder settings that I had already configured for this given vCenter server. The vSphere web client can be reached at the following address: https://vcenter-server-name:9443/vsphere-client/#

Btw: the deafult login for the vCenter 5.1 virtual appliance is user: root and password: vmware

Read More

Activating and using VMware PSO credits

For the second time, in my company, we've negotiated a rather large ELA agreement with VMware (ultimately via a reseller) which includes buying a bunch of new licenses and then renewing SnS for the existing ones. With this ELA, there are quite a lot of PSO (Professional Services Organisation) credits that come with the agreement. First time it took us a while to figure out what to use them for, and now the second time it still creates confusion in regards to activating and using them.

After entering into the ELA, we received an activation email to an email address that we had specified (we had just told it to the VMware sales guys). Once the credits were activated, we received a confirmation email that they were indeed activated.

From here on, it is possible to buy different products and services with the credits.

To use the PSO credits, log in to:

https://mylearnssl.vmware.com

Use the email address that the license activation mail was sent to. If there's no account associated with this email address, then create one.

Once logged in, you can add multiple users so that they can log in with their own account and book training courses on their own: Home -> Services -> VMware Training -> myPaymentAccounts -> Edit (or go to My account -> myPaymentAccounts). Here you can also see how many points you have available and what you have used your points for.

From the mylearn site it's fairly easy to browse for course training and then paying with the credits. But the credits can also be used for other things such as paying for your VMworld ticket, for consulting services (PSO), and to pay for the VCP exam.

To pay for the VCP exam you need to retrieve a voucher first on the mylearn portal: Home -> Services -> VMware Training -> VMware Consulting and Training Credits -> Continue. Or go directly to this link. Going through this process will generate a voucher code which costs some credits. When you book the exam at Pearson VUE (requires a seperate account) you can use your voucher code to pay for the exam.

Read More

How to block flash videos using Squid proxy Server

One popular example is to block flash video, used by sites such as Youtube.
The MIME type for such content is "video/x-flv". Creating an ACL to block this is easy.

First, create an ACL which matches the MIME type in question:

acl deny_rep_mime_flashvideo rep_mime_type video/x-flv

Then create a HTTP Reply ACL which denies any replies with that MIME type:

http_reply_access deny deny_rep_mime_flashvideo

This has been verified to block Youtube flash video content.

If the content is blocked the following similar line will be seen in access.log:

1282485682.146    903 127.0.0.1 TCP_DENIED_REPLY/403 3143 GET http://tc.v15.cache3.c.youtube.com/videoplayback? - DIRECT/208.117.252.163 text/html

And on browser, you can see ...

Read More

HowTo Allow windows updates through squid

Add the following to your squid.conf, It 'MUST' be added near the top before any ACL that require authentication.

acl windowsupdate dstdomain windowsupdate.microsoft.com
acl windowsupdate dstdomain .update.microsoft.com
acl windowsupdate dstdomain download.windowsupdate.com
acl windowsupdate dstdomain redir.metaservices.microsoft.com
acl windowsupdate dstdomain images.metaservices.microsoft.com
acl windowsupdate dstdomain c.microsoft.com
acl windowsupdate dstdomain www.download.windowsupdate.com
acl windowsupdate dstdomain wustat.windows.com
acl windowsupdate dstdomain crl.microsoft.com

acl CONNECT method CONNECT
acl wuCONNECT dstdomain www.update.microsoft.com

http_access allow CONNECT wuCONNECT localnet
http_access allow windowsupdate localnet

The above config is also useful for other automatic update sites such as Anti-Virus vendors, just add their domains to the acl.

Read More

Block mp3, mpg, mpeg, exe files using Squid proxy server

First open squid.conf file /etc/squid/squid.conf:

# vi /etc/squid/squid.conf

Now add following lines to your squid ACL section:

acl blockfiles urlpath_regex “/etc/squid/multimedia.files.acl”

Now create the the file

# vi /etc/squid/multimedia.files.acl

\.[Ee][Xx][Ee]$
\.[Aa][Vv][Ii]$
\.[Mm][Pp][Gg]$
\.[Mm][Pp][Ee][Gg]$
\.[Mm][Pp]3$

Save and close the file and Restart Squid:

# /etc/init.d/squid restart

Read More

HowTo Clean and Re-build Squid cache

First, Check you squid.conf file
and locate the location of you cache directory, you should have line starting with "cache_dir"

1) Shutdown your squid server
squid -k shutdown

2) Remove the cache directory
rm -r /squid/cache/*

3) Re-Create the squid cache directory
squid -z

4) Start the squid

Read More

squid configuration : ACL's based on MAC address

There are many times that client are having dynamic ip address (assigned by DHCP server) and in this cases it's hard to set any rules on bases of ip address as, you would not know what ip address the client machine be getting, in such case we could use mac based ACL's to set up any rules on that particular machine.

 # vi /etc/squid/squid.conf 

Look for acl section and append ACL as follows:

acl mac1 arp 00:11:22:70:44:90 

acl mac2 arp 00:11:22:33:44:55 

http_access allow mac1 

http_access allow mac2 

http_access deny all 

Save and close the file.

Restart squid server:

# /etc/init.d/squid restart

Read More