VMware Unified Access Gateway 3.3.1 Fails to Start Blast Services in FIPS Mode

A bug exists in the FIPS version of the VMware Unified Access Gateway 3.3.1 appliance that causes the local Blast services to fail to properly initialize due to a cipher suite mismatch between local services on the appliance. The issue appears to be exclusive to the 3.3.1 release, as the issue did not exist in 3.3.0 and is said to be patched in 3.4.0.

To resolve the issue, a single line needs to be edited in a configuration file on the appliance.

Open the following file in an editor:
/opt/vmware/gateway/lib/bsg/absg.properties

Locate the line for ‘localHttpsCipherSpec’ and replace it with the following:
localHttpsCipherSpec=!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES

Save the file. Disable and enable the Blast service in the web administration UI. Restart the appliance.

VMware vRealize Operations Manager Returns Keyfile is not Valid when Updating a Certificate

VMware vRealize Operations Manager 6.6.1 may return an error stating “Keyfile is not valid” when attempting to install a new SSL certificate. The appliance does not properly convert timezone data on the “valid from” attribute of a certificate and may believe the certificate is outside it’s validity period.

The solution was to try again the following day.

DHCP Traffic Blocked under Windows 10, KB2344959

We’re now rolling through week four of the Windows 10 migration at DWR with only a few disruptions. One particular issue though popped up rather suddenly during wave two and strongly in wave three. We found a growing number of computers with networking issues. Specifically they were all failing to obtain DHCP leases both on startup or through manual renewal.

Continue reading

Sysprep Failing after Updating Windows 8.1 Apps

This week I’ve been making the final updates to the reference image for laptops to the library’s educational program involving Minecraft and other games for kids. However after laying in the last set of Windows updates and other applications, Sysprep failed and logged the error Package was installed for a user, but not provisioned for all users.

From the error log, it appeared that a Store app was causing a blocking failure. This was odd, because I hadn’t once launched the Store nor side-loaded any apps. Further, all the work was done on the builtin account with which the Store cannot even be used.

Continue reading

Skipping the Classic Shell Welcome Screen

Here’s a short guide that was a bit too much to fit into the reference materials section.

Logo-ClassicShell-AlphaI had been asked to install Classic Shell on some laptops and tablets for deployment. As part of the deployment process, I went ahead a built in into the reference image that would be used. In order to prevent the Classic Shell welcome screen from appearing at first logon I added the configuration registry keys to the default registry hive.

The below script will mount the default registry hive, insert the keys, and unmount the hive for you.

Continue reading