VMware – Reset Root Password on a VCSA 6.5

So I needed to patch our vCenter 6.5 appliance due to a security flaw in our current version. When I tried to log in using the root password I was unable to do so. I know I had the correct password. Turns out I forgot the default expiration period which I had changed myself (should have set up a calendar reminder). The default I believe is 90 days as you can see here I set it to 365.

2018-12-06_11-04-36

So now that my root password was expired, I was forced to change it. Luckily the steps are pretty simple.

  1. Log onto the ESXi box where your vCenter is homed, then console ino your vCenter.
  2. From there hard restart your vCenter box.
  3. When the Photon OS begins to initialize press the e key to enter the GNU GRUB editor
  4.  Append the following to the 3rd line of code – rw init=/bin/bash

2018-12-06_11-10-57

5. Press F10 to reboot

6. At the prompt type passwd – enter the new root password

7. Then unmount the file system umount / or reboot

 

The VMware KB arrticle can be found here for reference –  https://kb.vmware.com/s/article/2147144

 

 

SQL – Reporting Services Error – Keyset does not exist

Recently while working with an third party vendor we came across and issue where the SQL Reporting Services displayed the error below when attempting to browse to the ReportServer:

The report server was unable to validate the integrity of the encrypted data in the database. (rsCannotValidateEncryptedData) Keyset does not exist (Exception from HRESULT: 0x80090016)

2018-11-27_11-33-50

I first attempted to delete the encryption keys from the Reporting Services Configuration Manager but I was unable to do so. This wasn’t really ideal but since the server was not 100% in production now would be the time to take such a measure.

Below was the error:

2018-11-26_11-50-06

I then recalled that when I initially set up SSRS I had used a different service account for the Reporting Service. It was changed at the vendor’s request.  Once I had changed back the login account to the previous setup account the error was resolved.

Moving forward though I believe if I where to use a new account then the encryption keys would need to be deleted and SSRS would need to be reconfigured with that new account.

Windows Server 2016 – Windows Update Settings stuck on Custom setting

Ran into an issue today where we were unable to change Windows Update from Custom to Manual or any other setting.

2018-11-12_15-04-30 In order to resolve this issue you need to create the following keys in the Registry using Regedit. They just need to exist in the registry in order for the change to take place within sconfig.

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU

2018-11-12_15-06-04

 

Exchange – How to disable Journaling for Voicemails and Missed call notifications

If you are sending emails to a Journaling connector and do not wish to journal voicemail messages for legal or business purposes you can disable this feature with the following command.

Set-TransportConfig -VoicemailJournalingEnabled $false 

SQL – How to transfer logins and passwords between SQL servers

When migrating databases to another server it is important to transfer the login information as well, otherwise it will have to be recreated which may cause issues if the database password is hardcoded somewhere in an application .ini or .config file.  Transferring also helps when the IT team that installed that third party database is no longer around and did not document the password information.

In order to implement this run the following script on your source SQL server.

USE master
GO
IF OBJECT_ID (‘sp_hexadecimal’) IS NOT NULL
DROP PROCEDURE sp_hexadecimal
GO
CREATE PROCEDURE sp_hexadecimal
@binvalue varbinary(256),
@hexvalue varchar (514) OUTPUT
AS
DECLARE @charvalue varchar (514)
DECLARE @i int
DECLARE @length int
DECLARE @hexstring char(16)
SELECT @charvalue = ‘0x’
SELECT @i = 1
SELECT @length = DATALENGTH (@binvalue)
SELECT @hexstring = ‘0123456789ABCDEF’
WHILE (@i <= @length)
BEGIN
DECLARE @tempint int
DECLARE @firstint int
DECLARE @secondint int
SELECT @tempint = CONVERT(int, SUBSTRING(@binvalue,@i,1))
SELECT @firstint = FLOOR(@tempint/16)
SELECT @secondint = @tempint – (@firstint*16)
SELECT @charvalue = @charvalue +
SUBSTRING(@hexstring, @firstint+1, 1) +
SUBSTRING(@hexstring, @secondint+1, 1)
SELECT @i = @i + 1
END

SELECT @hexvalue = @charvalue
GO

IF OBJECT_ID (‘sp_help_revlogin’) IS NOT NULL
DROP PROCEDURE sp_help_revlogin
GO
CREATE PROCEDURE sp_help_revlogin @login_name sysname = NULL AS
DECLARE @name sysname
DECLARE @type varchar (1)
DECLARE @hasaccess int
DECLARE @denylogin int
DECLARE @is_disabled int
DECLARE @PWD_varbinary varbinary (256)
DECLARE @PWD_string varchar (514)
DECLARE @SID_varbinary varbinary (85)
DECLARE @SID_string varchar (514)
DECLARE @tmpstr varchar (1024)
DECLARE @is_policy_checked varchar (3)
DECLARE @is_expiration_checked varchar (3)

DECLARE @defaultdb sysname

IF (@login_name IS NULL)
DECLARE login_curs CURSOR FOR

SELECT p.sid, p.name, p.type, p.is_disabled, p.default_database_name, l.hasaccess, l.denylogin FROM
sys.server_principals p LEFT JOIN sys.syslogins l
ON ( l.name = p.name ) WHERE p.type IN ( ‘S’, ‘G’, ‘U’ ) AND p.name <> ‘sa’
ELSE
DECLARE login_curs CURSOR FOR
SELECT p.sid, p.name, p.type, p.is_disabled, p.default_database_name, l.hasaccess, l.denylogin FROM
sys.server_principals p LEFT JOIN sys.syslogins l
ON ( l.name = p.name ) WHERE p.type IN ( ‘S’, ‘G’, ‘U’ ) AND p.name = @login_name
OPEN login_curs

FETCH NEXT FROM login_curs INTO @SID_varbinary, @name, @type, @is_disabled, @defaultdb, @hasaccess, @denylogin
IF (@@fetch_status = -1)
BEGIN
PRINT ‘No login(s) found.’
CLOSE login_curs
DEALLOCATE login_curs
RETURN -1
END
SET @tmpstr = ‘/* sp_help_revlogin script ‘
PRINT @tmpstr
SET @tmpstr = ‘** Generated ‘ + CONVERT (varchar, GETDATE()) + ‘ on ‘ + @@SERVERNAME + ‘ */’
PRINT @tmpstr
PRINT ”
WHILE (@@fetch_status <> -1)
BEGIN
IF (@@fetch_status <> -2)
BEGIN
PRINT ”
SET @tmpstr = ‘– Login: ‘ + @name
PRINT @tmpstr
IF (@type IN ( ‘G’, ‘U’))
BEGIN — NT authenticated account/group

SET @tmpstr = ‘CREATE LOGIN ‘ + QUOTENAME( @name ) + ‘ FROM WINDOWS WITH DEFAULT_DATABASE = [‘ + @defaultdb + ‘]’
END
ELSE BEGIN — SQL Server authentication
— obtain password and sid
SET @PWD_varbinary = CAST( LOGINPROPERTY( @name, ‘PasswordHash’ ) AS varbinary (256) )
EXEC sp_hexadecimal @PWD_varbinary, @PWD_string OUT
EXEC sp_hexadecimal @SID_varbinary,@SID_string OUT

— obtain password policy state
SELECT @is_policy_checked = CASE is_policy_checked WHEN 1 THEN ‘ON’ WHEN 0 THEN ‘OFF’ ELSE NULL END FROM sys.sql_logins WHERE name = @name
SELECT @is_expiration_checked = CASE is_expiration_checked WHEN 1 THEN ‘ON’ WHEN 0 THEN ‘OFF’ ELSE NULL END FROM sys.sql_logins WHERE name = @name

SET @tmpstr = ‘CREATE LOGIN ‘ + QUOTENAME( @name ) + ‘ WITH PASSWORD = ‘ + @PWD_string + ‘ HASHED, SID = ‘ + @SID_string + ‘, DEFAULT_DATABASE = [‘ + @defaultdb + ‘]’

IF ( @is_policy_checked IS NOT NULL )
BEGIN
SET @tmpstr = @tmpstr + ‘, CHECK_POLICY = ‘ + @is_policy_checked
END
IF ( @is_expiration_checked IS NOT NULL )
BEGIN
SET @tmpstr = @tmpstr + ‘, CHECK_EXPIRATION = ‘ + @is_expiration_checked
END
END
IF (@denylogin = 1)
BEGIN — login is denied access
SET @tmpstr = @tmpstr + ‘; DENY CONNECT SQL TO ‘ + QUOTENAME( @name )
END
ELSE IF (@hasaccess = 0)
BEGIN — login exists but does not have access
SET @tmpstr = @tmpstr + ‘; REVOKE CONNECT SQL TO ‘ + QUOTENAME( @name )
END
IF (@is_disabled = 1)
BEGIN — login is disabled
SET @tmpstr = @tmpstr + ‘; ALTER LOGIN ‘ + QUOTENAME( @name ) + ‘ DISABLE’
END
PRINT @tmpstr
END

FETCH NEXT FROM login_curs INTO @SID_varbinary, @name, @type, @is_disabled, @defaultdb, @hasaccess, @denylogin
END
CLOSE login_curs
DEALLOCATE login_curs
RETURN 0
GO

Once that is complete then run the following command.

exec sp_help_revlogin ‘username’

This will generate output which you then copy and run on the destination SQL server.

All this can also be done more elegantly with Powershell. Check out this link below:

https://blog.netnerds.net/2016/06/its-2016-why-is-sp_help_revlogin-a-thing/

 

Exchange 2016 -Adjusting Retention for Calendar and Tasks

A client recently asked to have a retention for mail items but to leave calendar and tasks untouched. When in the ECP the option to create a specific retention tag for calendar items or tasks is missing. You must do this through Powershell.

Below is the command I used for both Calendar items and Tasks

New-RetentionPolicyTag “Name of Retention Policy Tag” -Type Calendar -RetentionEnabled $false -RetentionAction DeleteAllowRecovery

Do the same for Tasks replacing Calendar for Tasks in the Type field. Once run you can then add these Retention Policy Tags to your Retention Policy.

vSphere 6.x- Unable to use Customization Template

Today I ran into an issue with an old template which I hadn’t used in quite some time. A vendor requested that we spin up a Windows Server 2012 R2 server for testing purposes.  Upon provisioning the server I came across this error message when the old template was selected.

The public key in the specification does not match the vCenter public key. You have to renter the password in order to proceed.

To resolve this issue open vCenter using the vSphere Web client. Select Policies and Profile find your template and select Edit.

2018-09-20_8-57-29

Select Administrator Password and reenter the password.

2018-09-20_8-59-49

The VMware KB article can be found here:

https://kb.vmware.com/s/article/2111495