Killing SSLv3 Tip

This week brought another unusual problem. We have a multi-domain environment that includes 2 different active directory forests with a trust. Like most of the world we have disabled SSLv3 on desktops as well as servers to prevent SSLv3 connections but this was only done completely in our main active directory domain. Everything has been working fine until this week.   Over the weekend a new change was introduced to the environment in the form of a new sha2 certificate for domain controllers in the other active directory domain. Once this change was implemented user accounts from the other domain would no longer authenticate for our Horizon View vCenter.

Settings were checked and the LDAPs identity source was identical on both our vCenters in our main domain but one did not work. Certificate stores were checked and they both had the relevant certificates.  After digging further there was one difference between the 2 vcenter servers concerning SSL.

Look under vCenter Server Settings.

SSLv3-SS1

There is a setting located under Advanced Settings called SSL.Version.

SSLv3-SS2

Choose TLSv1 to completely stop vCenter from trying to communicate over SSLv3.

SSLv3-SS3

 

 

 

Advertisements

Do Work Politics and VMware Ignorance Rule Your Datacenter?

ServerDiagnosis  Do you ever find that as a VMware admin that you have to defend your choices when it comes to virtual machine sizing? We’ve all been there when our customers (i.e. internal I.T. analysts) or even your co-workers on your team question why you didn’t give their vm as much cpu or memory as originally requested.
How do you deal with it? Often it is easy to just declare I am the VMware admin and I obviously know more than you so just accept what I am saying. Besides, you are just an ignorant newb when it comes to VMware. The other response is to elevate the conversation and educate the ignorati.
I like to think that I choose the latter but I sometimes fantasize about the former.
In that vein I choose to highlight some basic troubleshooting methods that VMware recommends to determine if indeed that vm is worthy of a bump in cpu, memory, or even diagnose storage or network issues. A great knowledge base article to start with is Troubleshooting ESX/ESXi virtual machine performance issues (2001003) .

Hopefully this is a good start in troubleshooting ESXI performance issues and hopefully your political and ignorance issues are few and far between.  I’d love to hear from you about your experiences!