Think IPM

Thursday, April 24, 2014

Just because you can, doesn’t mean you should – Custom VMware Update Manager Depots

That’s the gist of the lesson I learned today – :) Again.
A while back, I read about custom depots for VMware Update Manager.  I love VMware Update Manager.  It really does deliver when it comes to keeping the vSphere ESX hosts sparkly and new with the latest patches and fixes officially released by the mothership.  But what about the other vendors parts in the stack? (Specifically Hardware)
Sometimes when working with Dell Servers, I end up going the Dell OEM Route for vSphere Media.  How great would it be if DELL had an online depot that delivered patches via VMware’s Update Manager.  On the internet, I found out you could!  Read all about adding Dell, Cisco, Brocade and others @ PerfectCloud.
Fast forward to today – I am scanning my hosts for updates and am getting a strange error back in vCenter from VUM.  Error 99 :Check the logs.
Logs on the vCenter host are complaining about ‘Cannot merge VIBS”.  Ugh…  Off to the internet again. 
vCrumbs to the rescue. An excellent post with my error exactly.  (and more importantly – a detailed resolution!)
Long story short – The imported patches from one of the custom depots I added brought down a patch that created the issue.  As the article points out, once a patch is imported into VUM, there is no way to remove it.  All I could do was wipe the database and redownload the patches.  Seems extreme but way better than a uninstalling and reinstalling vCenter Update Manager.
No more Custom Depots for me.
Click Here to Continue Reading >>

Tuesday, April 22, 2014

PSA: vSphere 5.5 Update 1 and NFS

Just a quick post for those that may not have heard about this VMware Alert.

If you are running vSphere 5.5 and have NFS datastores, it is advised NOT to upgrade or patch to Update 1.  NFS disconnections have been reported after upgrading and can lead to freezes and crashes on Virtual Machines located on the NFS datastores.

You can read a good write up on the issue by Michael Webster on

The official KB from VMware is here: 
KB 2076392 - Frequent NFS APDs after upgrading ESXi to 5.5 U1

Click Here to Continue Reading >>

Monday, April 21, 2014

Office and IE custom dictionaries -- New IPM utility: SyncMyDICs

Great new utility by Jacques Bensimon:

Juvenile name aside, this one is actually quite useful: (Grab it here)

As you know, as of Office 2007, your custom dictionary entries are stored as a plain Unicode text file, by default %AppData%\Microsoft\UProof\CUSTOM.DIC.  Any time you use “Add to Dictionary” on a word, the dictionary file is updated and re-sorted using the strange AaBbCcDd… collating sequence, which means all the capital “A” words come before the lower-case “a” words, then the “B” words, then “b”, etc. – but the Office apps don’t really care and are just as happy with a normally sorted file (as long as it’s a proper Unicode text file starting with the 0xFF 0xFE signature and containing one word per line).

What you may or may not know is that, as of Windows 8 / 2012 (and in Windows 7 / 2008 R2 with IE 10 or 11 as well), a new *Windows* API for spellchecking has been introduced for use by any app that wants to take advantage of it (as IE 10 and 11 do – you didn’t think that was your WebApp correcting your spelling, did you? :)).  And of course, since there’s still no love lost between the Office and Windows teams, the two spell-check engines are completely distinct and separate (though I’m sure that, if asked, Microsoft would explain that not everybody has Office installed ;)).  One consequence of this is that your custom dictionary for Windows/IE is separate from your Microsoft Office custom dictionary, although happily its format is essentially the same (Unicode text file, one word per line, no sorting imposed at all).  Your default Windows/IE custom dictionary, since you’re all good Yankees (right?), is %AppData%\Microsoft\Spelling\en-us\default.dic.

Which of course is where the new utility comes in:  after backing up the originals, it will merge any two such custom dictionary files (sorting and removing duplicates in the process) and will replace the originals with the merged copy.  As you can read in the screenshot, it will accept full paths to the two files you want to merge & replace but, for simplicity, will assume you mean the two previously mentioned (Office and IE) custom dictionaries if you don’t specify any files.  Run it at logon, or logoff, or whenever and however you like, and you’ll only need to add words once to have them available on both platforms.  (Of course, given how it works, the utility also can be used to combine Office custom dictionaries from your profiles on two different machines, or from two different user accounts, etc.).


And of course you know what word just made it to both my dictionaries, right?  You guessed it, SyncMyDICs! =]


Click Here to Continue Reading >>

Wednesday, April 9, 2014

In NYC? Join us for a PernixData/IPM Breakfast!

Here’s a quick plug for my company IPM who is organizing a great breakfast event on April 17th for Virtualization Enthusiasts.  The event is sponsored by PernixData and will feature guest speaker Frank Denneman.   I’ll be there and am looking forward to hearing Frank’s presentation.

Frank is among the foremost authorities in the world in regard to running optimized VMware environments. He co-wrote with Duncan Epping the authoritative book on VMware HA and DRS. He edits one of the top VMware blogs in the world that is available at

He will be in NYC for one day to talk about

  • Pros and cons of various flash deployment methodologies
  • Best practices for using flash to accelerate storage performance
  • How to measure results and ROI

Frank was a principal architect at VMware and now works for PernixData. They offer a great product that highly impacts the performance of the VMware hypervisor by implementing low cost SSD in an incredibly cost effective fashion. Clients can leverage this VMware approved reference architecture to optimize their virtualized environments and greatly increase IOPS delivery.

The event will be at the Innovation Loft  @ 151 West 30th Street.

You can register for the event here: Register Here

Click Here to Continue Reading >>

Citrix Netscalers and Heartbleed Bug

Heartbleed logoIf you haven’t heard about the 2 year old OpenSSL security flaw named Heartbleed, check out the official site for information :  Sadly, it was just ‘discovered’ by the good guys a couple days ago.

In a nutshell, it is a vulnerability in some versions of OpenSSL that allows hackers and script kiddies to steal protected information through normal interactions without detection.   It has to do with the heartbeat/handshake process that happens between the server and the client.  The easiest high level explanation I have read is that during the handshaking process, a client normally send 64kb of information to the server that the server then in turn echoes back to the client.  To exploit the vulnerability, a malicious client can send an abnormal 1kb package instead during the handshaking process and then the server will echo that 1k back but fill the rest with server memory (63kb) to make a complete package.  This server memory can contain other user sessions data including usernames, passwords, encryption keys and other privileged information.  Fortunately, it is a simple coding mistake that can be easily rectified through a patch.  Unfortunately, it has been out there for around 2 years and is/was affecting a large part of the internet.

Sam Jacobs opened up a case with Citrix to find out if the Citrix Netscalers that handle SSL VPNs are affected by this bug and was pleased to find out that they are not.  The Netscalers use an older version of OpenSSL that is not vulnerable to this type of attack.  The Netscalers use OpenSSL 0.9.7 and affected versions are 1.0.1 and 1.0.2 versions.

You can check the open ssl version on the Netscaler by following the below steps:

Login to the netscaler using putty.
Go to the shell prompt.
type the command: openssl, press enter.
type the command: version -a, press enter.

This will give detail info about the OpenSSLl version on the Netscaler.

The Netscalers do not support the ‘TLS heartbeat’ extension in the SSL engine that is affected by the Heartbeat Bug.

You can also use the following site to check other web sites for the vulnerability here:

I’ve tested some View Security Servers and some older CSGs using the tester above and they also come back clean.

Update: Citrix has an official link here:

Click Here to Continue Reading >>