WilliamLam.com

New sponsor: Train Signal

by // Leave a Comment

We would like welcome Train Signal as our latest blog sponsor. Train Signal offers a wide range of computer training packages covering Microsoft, Cisco, CompTIA, VMware, and Citrix. In addition to its Windows Server 2008, Exchange Server 2010, and SQL Server 2008 courses, Train Signal offers training for over fifty different training courses including: VMware vSphere training, Cisco CCNA training, Windows 7 training, and more. 
Last year I was privileged to receive a copy of the vSphere Training Video Vol. 2 which includes videos by well known virtualization members: David Davis, Sean Clark, Eric Siebert and Hal Rottenberg. The videos were very well done and include information that are applicable to both beginners and intermediate users of VMware vSphere. I would recommend these training videos for those studying for either the VMware VCP and/or VCAP certifications. Please check out their website for more details.

If you are interested in advertising with us, please contact us at admin[at]virtuallyghetto[dot]com

New sponsor: Opvizor

by // Leave a Comment

virtuallyGhetto would like to welcome Opvizor as our latest blog sponsor. Opvizor is a SaaS based application that detects issues that may affect your virtualized IT environment before they cause instability and impact performance. The analysis is done by uploading your host or virtual machine logs to Opvizor, in which they can be processed by their intelligent rule-set or shared amongst your peers and trusted third party vendors. You can easily get started with their free entry level version by registering at opvizor.com.

If you are interested in advertising with us, please contact us at admin[at]virtuallyghetto[dot]com

Potential ESX(i) 4.1 Update 1 upgrade caveat

by // Leave a Comment

If you are planing on upgrading to the recent release of ESX(i) 4.1 Update 1 from ESX(i) 4.1, you may want to verify that you will not be impacted by a previous security/password bug found in ESX(i)4.1. The security bug that was identified with ESX(i) 4.1 was the encryption algorithm which changed from default MD5 as previous releases of ESX(i) to legacy DES.

This bug has since been resolved and a VMware KB article (KB1024500) was released with a temporary fix by adding the keyword "md5" to system-auth PAM configuration entry. This fix also required the user to update the root password afterwards, as the previous password was encrypted using DES.

The potential caveat is if you did not apply the fix as mentioned from the above VMware KB article prior to upgrade, after the ESX(i) 4.1 Update 1 upgrade, you will continue to run into the same problem. The fix is to reset your root password after the upgrade of ESX(i) 4.1 Update 1, this will ensure that the new password will be encrypted using the MD5 algorithm. Though the fix is simple, it can be tedious and manual for users who do not regularly rotate their root passwords or have an automated password management system.

To check whether this will impact your upgrade, login to ESXi Tech Support Mode or classic ESX Service Console and check whether the root password was encrypted using MD5 or DES. To do so, you will cat out the contents of /etc/shadow

If the root password was encrypted using MD5 algorithm, you should see root hash start with "$1$"

If the root password was encrypted using DES algorithm, the root hash will not start with "$1$"

If it is the latter, you will need to either apply the fix and update the root password before upgrading or reset the password after your upgrade. To change the root password, you need to login to either the Serivce Console for ESX or Tech Support Mode for ESXi and run the passwd utility to change your password.

It is probably quicker to rebuild than to login to each host an update the root password, especially if you have an automated kickstart environment. This will ensure that that all hosts will be consistent and no manual fixes will be required. IMHO, this is something that VMware should have clearly pointed out in their release notes as not everyone may be aware of the VMware KB article and implemented the fix prior to upgrade.