Create Windows 11 Virtual Appliance using Tiny…

Create Windows 11 Virtual Appliance using Tiny…

I recently came to learn about a really cool project called Tiny 11 which is a stripped down version of Windows 11 Pro 22H2 that can run with just 2GB of memory and 8GB of storage. While you would probably not use this for production workloads, it could be interesting for those with homelabs and […]


VMware Social Media Advocacy

“SECUREBOOT: Image DENIED.” – Linux VMs created with Hardware version 20 will fail to start installation when Secure Boot is enabled (88737)

Reference “SECUREBOOT: Image DENIED.” for Windows Server 2022
How ESXi Uses UEFI Secure Boot

Important 88737 Symptoms

The installation of the Operating System image will be denied and “SECUREBOOT: Image DENIED.” will be reported in vmware.log.

Below goes the list of the impacted Linux Operating Systems.

  • RHEL 8.0~8.4, 7.x 
  • CentOS 8.0~8.5, 7.x
  • Oracle Linux 8.0~8.3, 7.x
  • AlmaLinux 8.4    
  • Rocky Linux 8.4    
  • Photon OS 4.0GA, 3.0 GA & Rev 2 & Rev 3, 2.0    
  • Ubuntu LTS 20.04~20.04.4, 18.04~18.04.5 and earlier
  • Ubuntu Non-LTS 21.04, 20.10, 19.10, 19.04, 18.10 and earlier     
  • Debian 10.9 and earlier     
  • SLE 12SP0~SP5, 15SP0-SP2

Cause

This is caused due to the Secure Boot deny list (dbx) is updated to prevent vulnerable bootloaders from being used. For more information, refer to VMware response to GRUB2 security vulnerability CVE-2020-10713 (80181)

Resolution

  1. Create the SecureBoot Virtual Machine with Hardware version 19 (or earlier).
  2. After the installation is completed, update the vulnerable bootloader of the VM to a newer and fixed version, refer to VMware response to GRUB2 security vulnerability CVE-2020-10713 (80181)
  3. Upgrade the Virtual Machine’s Hardware version to 20.

Workaround

Create the Virtual Machine with Secureboot disabled instead.

Automated ESXi Installation with a USB Network…

Automated ESXi Installation with a USB Network…

I have been working with the Project Keswick team for quite some time now, which is an OCTO project is lead by my good friend Alan Renouf, who is doing some really innovative work with ESXi at the edge and application deployment using a desired state engine. Recently I had met with the team to […]


VMware Social Media Advocacy

2023 NSX Ninja Program For Customers

2023 NSX Ninja Program For Customers

The 5 day VMware NSX Software-Defined Networking (SDN) Ninja program provides in depth coverage of networking use cases. This program is a comprehensive look at NSX architecture and components that support switching, routing, VPN, load balancing, container networking, and multi-site networking [..]


VMware Social Media Advocacy

VMware ESXI and Intel Optane NVMe – intelmas firmware update

How to install intelmas tool

[~] esxcli software component apply -d /vmfs/volumes/SSD/_ISO/intel-mas-tool_2.2.18-1OEM.700.0.0.15843807_20956742.zip
Installation Result
   Components Installed: intel-mas-tool_2.2.18-1OEM.700.0.0.15843807
   Components Removed:
   Components Skipped:
   Message: Operation finished successfully.
   Reboot Required: false

Common information about the disc

[~] /opt/intel/intelmas/intelmas show -intelssd 1

- 1 Intel(R) Optane(TM) SSD 905P Series PHMB839000LW280IGN -

Bootloader : EB3B0416
Capacity : 260.83 GB (280,065,171,456 bytes)
DevicePath : nvmeMgmt-nvmhba5
DeviceStatus : Healthy
Firmware : E201HPS2
FirmwareUpdateAvailable : The selected drive contains current firmware as of this tool release.
Index : 1
MaximumLBA : 547002287
ModelNumber : INTEL SSDPED1D280GAH
NamespaceId : 1
PercentOverProvisioned : 0.00
ProductFamily : Intel(R) Optane(TM) SSD 905P Series
SMARTEnabled : True
SectorDataSize : 512
SerialNumber : PHMB839000LW280IGN

S.M.A.R.T information

[~] /opt/intel/intelmas/intelmas show -nvmelog SmartHealthInfo -intelssd 1

-  PHMB839000LW280IGN -

- NVMeLog SMART and Health Information -

Volatile memory backup device has failed : False
Temperature has exceeded a critical threshold : False
Temperature - Celsius : 30
Media is in a read-only mode : False
Power On Hours : 0x0100
Power Cycles : 0x03
Number of Error Info Log Entries : 0x0
Controller Busy Time : 0x0
Available Spare Space has fallen below the threshold : False
Percentage Used : 0
Critical Warnings : 0
Data Units Read : 0x02
Available Spare Threshold Percentage : 0
Data Units Written : 0x0
Unsafe Shutdowns : 0x0
Host Write Commands : 0x0
Device reliability has degraded : False
Available Spare Normalized percentage of the remaining spare capacity available : 100
Media Errors : 0x0
Host Read Commands : 0x017F

Show all the SMART properties for the Intel® SSD at index 1

[~] /opt/intel/intelmas/intelmas show  -intelssd 1 -smart

- SMART Attributes PHMB839000LW280IGN -

- B8 -

Action : Pass
Description : End-to-End Error Detection Count
ID : B8
Normalized : 100
Raw : 0

- C7 -

Action : Pass
Description : CRC Error Count
ID : C7
Normalized : 100
Raw : 0

- E2 -

Action : Pass
Description : Timed Workload - Media Wear
ID : E2
Normalized : 100
Raw : 0

- E3 -

Action : Pass
Description : Timed Workload - Host Read/Write Ratio
ID : E3
Normalized : 100
Raw : 0

- E4 -

Action : Pass
Description : Timed Workload Timer
ID : E4
Normalized : 100
Raw : 0

- EA -

Action : Pass
Description : Thermal Throttle Status
ID : EA
Normalized : 100
Raw : 0
ThrottleStatus : 0 %
ThrottlingEventCount : 0

- F0 -

Action : Pass
Description : Retry Buffer Overflow Count
ID : F0
Normalized : 100
Raw : 0

- F3 -

Action : Pass
Description : PLI Lock Loss Count
ID : F3
Normalized : 100
Raw : 0

- F5 -

Action : Pass
Description : Host Bytes Written
ID : F5
Normalized : 100
Raw : 0
Raw (Bytes) : 0

- F6 -

Action : Pass
Description : System Area Life Remaining
ID : F6
Normalized : 100
Raw : 0

Disk firmware update

[~] /opt/intel/intelmas/intelmas load -intelssd 1
WARNING! You have selected to update the drives firmware!
Proceed with the update? (Y|N): Y
Checking for firmware update...

- Intel(R) Optane(TM) SSD 905P Series PHMB839000LW280IGN -

Status : The selected drive contains current firmware as of this tool release.

📆 Save the Date | VMware Explore 2023

📆 Save the Date | VMware Explore 2023

We’re excited to announce the next event dates and locations for VMware Explore 2023! August 21 – 24, 2023: The Venetian Convention and Expo Center in Las Vegas, Nevada. November 6 – 9, 2023: Fira Gran Via in Barcelona, Spain. Download the calendar invite and block your schedule off now!


VMware Social Media Advocacy

How to Maxtang’s NX 6412 NUC add to vDS? Fix script /etc/rc.local.d/local.sh

How to fix network after adding to vDS. When you add NX6412 to vDS and reboot ESXi. I don’t have uplink for vDS. You could check it with:

# esxcfg-vswitch -l
DVS Name         Num Ports   Used Ports  Configured Ports  MTU     Uplinks
vDS              2560        6           512               9000    vusb0
--cut
  DVPort ID                               In Use      Client
  468                                     0           
  469                                     0
  470                                     0
  471                                     0

We will have to note DVPort ID 468 – example. vDS is name of your vDS switch.

esxcfg-vswitch -P vusb0 -V 468 vDS

It is necessary add it to /etc/rc.local.d/local.sh before exit 0. You could have similar script from source Persisting USB NIC Bindings

vusb0_status=$(esxcli network nic get -n vusb0 | grep 'Link Status' | awk '{print $NF}')
count=0
while [[ $count -lt 20 && "${vusb0_status}" != "Up" ]]
do
    sleep 10
    count=$(( $count + 1 ))
    vusb0_status=$(esxcli network nic get -n vusb0 | grep 'Link Status' | awk '{print $NF}')
done

esxcfg-vswitch -R
esxcfg-vswitch -P vusb0 -V 468 vDS

exit 0