Category Archives: VMware

Server 2012R2 in place upgrade to Server 2019 on VMware

I’m personally not a fan of in place Microsoft Server upgrades but I suppose they have their time and place.

Since many of our 2012R2 servers are from the 5.1 and 5.5 days of VMware many of them are still running Virtual Hardware v9. This hardware version needs to be upgraded to perform the OS upgrade.

I was able to successfully re-create the issue with an upgrade of a clean 2012R2 install on v9 hardware. After the first reboot you will get stuck at the black screen with blue window, with no circle running underneath. I let this run for two full days (48 hours) before cancelling it.

After cancelling it and resetting the VM, you will be given the following error message:

We couldn’t install Windows Server 2019

We’ve set your PC back to the way it was right before you started installing Windows Server 2019.

0xC1900101 – 0x20017

The installation failed in the SAFE_OS phase with an error during BOOT operation

VMware generally states that you shouldn’t upgrade the VM hardware version unless there is a need. In this case there is a need.

My recommendations would be to do the following:

  1. Shut down the VM you want to perform an in place upgrade on
  2. Take a snapshot with the VM off
  3. Upgrade the Virtual Machine hardware version (We went to v15)
  4. Power on the VM, mount the ISO, run the upgrade

This process seems to be working for us, and although this may be a no-brainer, I’m putting it out there for the search engines to index in case it does help someone.

Kali Linux on Intel Macbook Pro 16″ with VMware Fusion 12.1.2

I have been struggling to figure out why Kali Linux would not update after a fresh install on VMware Fusion, virtualized on my Intel Macbook Pro 16″ laptop.

I was either receiving one of these error messages when trying to perform a “sudo apt update” on a fresh install:

The following signatures were invalid: BADSIG ED444FF07D8D0BF6 Kali Linux Repository <devel@kali.org>

OR:

apt-get updateGet:1 http://kali.mirror.garr.it/mirrors/kalikali-rolling InRelease [30.5 kB]Get:2 http://kali.mirror.garr.it/mirrors/kalikali-rolling/contribSources [66.1 kB]Get:3 http://kali.mirror.garr.it/mirrors/kalikali-rolling/non-freeSources [124 kBGet:4 http://kali.mirror.garr.it/mirrors/kalikali-rolling/mainSources [11.0 MB]Get:4 http://kali.mirror.garr.it/mirrors/kalikali-rolling/mainSources [11.0 MB]Err:4 http://kali.mirror.garr.it/mirrors/kalikali-rolling/mainSources

Hash Sum mismatchHashes of expected file:- Filesize:11015732 [weak]- SHA256:b20b6264d4bd5200e6e3cf319df56bd7fea9b2ff5c9dbd44f3e7e530a6e6b9e0- SHA1:2d8b15ab8109d678fe1810800e0be8ce3be87201 [weak]- MD5Sum:d0b5f94ba474b31f00f8911ac78258ec [weak]

Hashes of received file:- SHA256:a7b9ca82fc1a400b2e81b2ebc938542abfdbfa5aecdfa8744f60571746ec967b- SHA1:5d870530aa87398dcb11ecb07e6a25ca0746985f [weak]- MD5Sum:9a4824220c0a5fa6cb74390851116b73 [weak]- Filesize:9828918 [weak]

There seems to be an issue within VMware Fusion with the network management, trying to share a WiFi connection. I’ve read on some forums that people have had luck with sharing the connection instead of bridging it. If I try to share the connection I lose internet on my Kali VM.

The only way I can keep a connection is to bridge the connection, which gives me an IP off my wireless and lets me browse the Internet but something is being done to the traffic when trying to update which causes some security issues.

My current work around was to plug in another USB WiFI adapter and pass it through to the VM and let the VM use it to connect to my wireless in order to get out.

This only appears to be an issue when installing or updating software and I’m not quite sure what the network stack is doing underneath. When I have more time I hope to dig into this further..

VMware vCenter 6.7 Certificate Status Error

After rebooting our vCenter appliance we noticed an error on vCenter regarding “Certificate Status”

After going to the Administration snap-in and clicking on “Certificate Management” and logging in to verify certificates we saw nothing out of order. All the VMware provided certificates were fine. I decided to keep digging.

I started googling and found the following command listed on Reddit by zwamkat.
https://www.reddit.com/r/vmware/comments/it4dmq/vcsa_certificate_status_alarm_triggered/

for i in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list); do echo STORE $i; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $i --text | egrep "Alias|Not After"; done

This provided the output necessary to see all certificates on the vCenter appliance, including third-party certificates. We noticed that we still had a thirty party certificate listed in vCenter with an expiration date coming up even though we already replaced it.

We are following up with the third-party vendor to get to a resolution.