How to fix “Mysql Server has gone away”?

ScheissITLeave a comment

The MySQL server has gone away (error 2006) has two main causes and solutions:

  • Server timed out and closed the connection. To fix, check that wait_timeout mysql variable in your my.cnf configuration file is large enough, eg wait_timeout = 28800
  • You may also need to increase the innodb_log_file_size mysql variable in your my.cnf configuration to for example innodb_log_file_size = 128MB or higher.
  • Server dropped an incorrect or too large packet. If mysqld gets a packet that is too large or incorrect, it assumes that something has gone wrong with the client and closes the connection. To fix, you can increase the maximal packet size limit max_allowed_packet in my.cnf file, eg. set max_allowed_packet = 128M, then restart your MySQL server: sudo /etc/init.d/mysql restart
  • Database server ran out of space. This can occur when performing an update to the Matomo database that requires DB Schema changes (Especially for large databases).

Once you’ve made these changes, and restarted your MySQL or MariaDB server, the issue should be fixed and no more error triggered. If not, try increase the 128M values to 256M for example. In websites with a lot of traffic and data, you might even need to increase the value to 1024M.

Unable to log in to MS Teams desktop client

ScheissITLeave a comment

So, I was facing the same problem with MS Teams desktop client. I didn’t try your solution of disabling all filters. I was digging the internet for the solution and found one on this. I am copying the solution here too (credits: SAHAM). Let me tell you one thing, this solution makes no sense at all but it worked for me. I hope it works for you as well.

  1. Right click on the MS Team app -> properties -> “compatibility” tab -> “compatibility mode” section -> Tick the “Run this program in compatibility mode for” -> windows 7 -> Apply -> Ok
  2. Right click on the MS Team app -> Run as administrator -> close it (without sign in)
  3. Right click on the MS Team app -> properties -> “compatibility” tab -> “compatibility mode” section -> Remove tick the “Run this program in compatibility mode for” -> Apply -> Ok
  4. Open the MS Team app and sign in.

How to upgrade IOS AP from ROMMON

ScheissITLeave a comment

Press the ESC button during AP startup to enter ROMMON mode. Then use the following command to upgrade the IOS AP.

ap: ether_init

ap: flash_init

ap: tftp_init

ap: set IP_ADDR

ap: set NETMASK

ap: set DEFAULT_ROUTER

ap: tar -xtract tftp://< server ip address >/< image name > flash:

ap: boot flash:/< image dir >/< image name >

The following is the upgrade process, I used an AIR-CAP3602I-A-K9.

1. Set the IP address

ap: set IP_ADDR 10.106.32.40

ap: set NETMASK 255.255.255.0

ap: set DEFAULT_ROUTER 10.106.32.1

2. Initialize TFTP and Ethernet

ap: ether_init

Initializing ethernet port 0…

Ethernet speed is 1000 Mb – FULL Duplex

ap: tftp_init

tftp_init success: You can now use tftp file system!

ap: flash_init

Initializing Flash…

…The flash is already initialized.

3. Load image

ap: tar -xtract tftp://10.76.76.160/haifengli/image/ap3g2-k9w8-tar.153-3.JF10.tar flash:

DPAA Set for Independent Mode

tide_boot_speed = 1000

DPAA_INIT = 0x0

extracting info (291 bytes)

ap3g2-k9w8-mx.153-3.JF10/ (directory) 0 (bytes)

extracting ap3g2-k9w8-mx.153-3.JF10/ap3g2-k9w8-mx.153-3.JF10 (230262 bytes)…………………………………………..

extracting ap3g2-k9w8-mx.153-3.JF10/ap3g2-k9w8-tx.153-3.JF10 (73 bytes)

extracting ap3g2-k9w8-mx.153-3.JF10/ap3g2-bl-2600 (190140 bytes)…………………………………..

4. Boot from new image

We can use the dir command to confirm the directory and filename in the flash before starting with the boot command. I deleted some content here.

ap: dir flash:

Directory of flash:/

28 -rwx 291 <date> info

126 drwx 2496 <date> ap3g2-k9w8-mx.153-3.JF10

ap: dir flash:/ap3g2-k9w8-mx.153-3.JF10

Directory of flash:/ap3g2-k9w8-mx.153-3.JF10/

127 -rwx 230262 <date> ap3g2-k9w8-mx.153-3.JF10

128 -rwx 73 <date> ap3g2-k9w8-tx.153-3.JF10

129 -rwx 190140 <date> ap3g2-bl-2600

ap: boot flash:/ap3g2-k9w8-mx.153-3.JF10/ap3g2-k9w8-mx.153-3.JF10/

Rebooting system to reset DPAA…

IOS Bootloader – Starting system.

flash is writable

FLASH CHIP: Numonyx Mirrorbit (0089)

Xmodem file system is available.

flashfs[0]: 127 files, 15 directories</date></date></date></date></date>

Another way is to use the following command.

ap: set BOOT flash:/< image dir >/< image name >

ap: boot

5. Verification

AP2c54.2d9c.xxxx>ena

Password:

AP2c54.2d9c.xxxx#

AP2c54.2d9c.xxxx#show version

Cisco IOS Software, C3600 Software (AP3G2-K9W8-M), Version 15.3(3)JF10, RELEASE SOFTWARE (fc3)

source: https://lihaifeng.net/?p=216

How to perform a factory reset on a Palo Alto Networks device

ScheissITLeave a comment

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CldXCAS

Resolution

  1. Connect the Console cable, which is provided by Palo Alto Networks, from the “Console” port to a computer, and use a terminal program (9600,8,n,1) to connect to the Palo Alto Networks device.

NOTE: A USB-to-serial port will have to be used if the computer does not have a 9-pin serial port.

  1. Power on to reboot the device.
  2. During the boot sequence, the screen should look like this
    1. Screenshot for Welcome to the PanOS Bootloader
  3. Enter Maint mode 

For PAN-OS 10.0 and above

  • Select PANOS (maint-sysroot1) from the options below. The options below will show for 5 seconds only 

PANOS (maint-sysroot0) PANOS (maint-sysroot1) PANOS (sysroot0) PANOS (sysroot1)

For PAN-OS 9.1 and below

  1. Type maint and hit Enter to enter maintenance mode
    1. Screenshot of Entry in Bootloader
  2. you will see a “CHOOSE PANOS” screen with the following options: PANOS (maint-other)PANOS (maint) or PANOS (sysroot0). Please choose PANOS (maint). Press enter to continue.
    1. Screenshot of Choose PAN-OS with highlighted PANOS (maint)

PAN-OS 7.1 GNU GRUB boot menu.

  1. Once in maintenance mode, the following is displayed, please press enter to continue
    1. Screenshot of Welcome to the Maintenance Recovery Tool with Continue highlighted
  2. Arrow down to Factory Reset and press Enter to display the menu
    1. Screenshot of Welcome to the Maintenance Recovery Tool with Factory Reset highlighted
  3. You will see the Image that will be used to perform the factory reset. Select Factory Reset and press Enter again:
    1. Screenshot of Factory Reset page
  4. Once complete, select the option to Reboot if presented. Some older devices/software may reboot automaticlly when complete. Please be aware that it may take several minutes before the autocommit to complete and allow the admin/admin login to work properly.

How to uninstall Microsoft Edge

ScheissITLeave a comment

https://github.com/AveYo/fox/blob/main/Edge_Removal.bat

@(set "0=%~f0"^)#) & powershell -nop -c iex([io.file]::ReadAllText($env:0)) & exit /b
#:: double-click to run or just copy-paste into powershell - it's a standalone hybrid script
sp 'HKCU:\Volatile Environment' 'Edge_Removal' @'

$also_remove_webview = 1

$host.ui.RawUI.WindowTitle = 'Edge Removal - AveYo, 2023.07.08'
## targets
$remove_win32 = @("Microsoft Edge","Microsoft Edge Update"); $remove_appx = @("MicrosoftEdge")
if ($also_remove_webview -eq 1) {$remove_win32 += "Microsoft EdgeWebView"; $remove_appx += "Win32WebViewHost"}
## enable admin privileges
$D1=[uri].module.gettype('System.Diagnostics.Process')."GetM`ethods"(42) |where {$_.Name -eq 'SetPrivilege'} #`:no-ev-warn
'SeSecurityPrivilege','SeTakeOwnershipPrivilege','SeBackupPrivilege','SeRestorePrivilege'|foreach {$D1.Invoke($null, @("$_",2))}
## set useless policies
foreach ($p in 'HKLM\SOFTWARE\Policies','HKLM\SOFTWARE','HKLM\SOFTWARE\WOW6432Node') {
  cmd /c "reg add ""$p\Microsoft\EdgeUpdate"" /f /v InstallDefault /d 0 /t reg_dword >nul 2>nul"
  cmd /c "reg add ""$p\Microsoft\EdgeUpdate"" /f /v Install{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062} /d 0 /t reg_dword >nul 2>nul"
  cmd /c "reg add ""$p\Microsoft\EdgeUpdate"" /f /v Install{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5} /d 1 /t reg_dword >nul 2>nul"
  cmd /c "reg add ""$p\Microsoft\EdgeUpdate"" /f /v DoNotUpdateToEdgeWithChromium /d 1 /t reg_dword >nul 2>nul"
}
$edgeupdate='Microsoft\EdgeUpdate\Clients\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}'
foreach ($p in 'HKLM\SOFTWARE','HKLM\SOFTWARE\Wow6432Node') {
  cmd /c "reg add ""$p\$edgeupdate\Commands\on-logon-autolaunch"" /f /v CommandLine /d systray.exe >nul 2>nul"
  cmd /c "reg add ""$p\$edgeupdate\Commands\on-logon-startup-boost"" /f /v CommandLine /d systray.exe >nul 2>nul"
  cmd /c "reg add ""$p\$edgeupdate\Commands\on-os-upgrade"" /f /v CommandLine /d systray.exe >nul 2>nul"
}
## clear win32 uninstall block
foreach ($hk in 'HKCU','HKLM') {foreach ($wow in '','\Wow6432Node') {foreach ($i in $remove_win32) {
  cmd /c "reg delete ""$hk\SOFTWARE${wow}\Microsoft\Windows\CurrentVersion\Uninstall\$i"" /f /v NoRemove >nul 2>nul"
  cmd /c "reg add ""$hk\SOFTWARE${wow}\Microsoft\EdgeUpdateDev"" /f /v AllowUninstall /d 1 /t reg_dword >nul 2>nul"
}}}

## find all Edge setup.exe and gather BHO paths
$setup = @(); $bho = @(); $bho += "$env:ProgramData\ie_to_edge_stub.exe"; $bho += "$env:Public\ie_to_edge_stub.exe"
"LocalApplicationData","ProgramFilesX86","ProgramFiles" |foreach {
  $setup += dir $($([Environment]::GetFolderPath($_)) + '\Microsoft\Edge*\setup.exe') -rec -ea 0
  $bho += dir $($([Environment]::GetFolderPath($_)) + '\Microsoft\Edge*\ie_to_edge_stub.exe') -rec -ea 0
}
## shut edge down
foreach ($p in 'MicrosoftEdgeUpdate','chredge','msedge','edge','msedgewebview2','Widgets') { kill -name $p -force -ea 0 }
## use dedicated C:\Scripts path due to Sigma rules FUD
$DIR = "$env:SystemDrive\Scripts"; $null = mkdir $DIR -ea 0
## export OpenWebSearch innovative redirector
foreach ($b in $bho) { if (test-path $b) { try {copy $b "$DIR\ie_to_edge_stub.exe" -force -ea 0} catch{} } }
## clear appx uninstall block and remove
$provisioned = get-appxprovisionedpackage -online; $appxpackage = get-appxpackage -allusers
$store = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore'; $store_reg = $store.replace(':','')
$users = @('S-1-5-18'); if (test-path $store) {$users += $((dir $store |where {$_ -like '*S-1-5-21*'}).PSChildName)}
foreach ($choice in $remove_appx) { if ('' -eq $choice.Trim()) {continue}
  foreach ($appx in $($provisioned |where {$_.PackageName -like "*$choice*"})) {
    $PackageFamilyName = ($appxpackage |where {$_.Name -eq $appx.DisplayName}).PackageFamilyName; $PackageFamilyName
    cmd /c "reg add ""$store_reg\Deprovisioned\$PackageFamilyName"" /f >nul 2>nul"
    cmd /c "dism /online /remove-provisionedappxpackage /packagename:$($appx.PackageName) >nul 2>nul"
    #powershell -nop -c remove-appxprovisionedpackage -packagename "'$($appx.PackageName)'" -online 2>&1 >''
  }
  foreach ($appx in $($appxpackage |where {$_.PackageFullName -like "*$choice*"})) {
    $inbox = (gp "$store\InboxApplications\*$($appx.Name)*" Path).PSChildName
    $PackageFamilyName = $appx.PackageFamilyName; $PackageFullName = $appx.PackageFullName; $PackageFullName
    foreach ($app in $inbox) {cmd /c "reg delete ""$store_reg\InboxApplications\$app"" /f >nul 2>nul" }
    cmd /c "reg add ""$store_reg\Deprovisioned\$PackageFamilyName"" /f >nul 2>nul"
    foreach ($sid in $users) {cmd /c "reg add ""$store_reg\EndOfLife\$sid\$PackageFullName"" /f >nul 2>nul"}
    cmd /c "dism /online /set-nonremovableapppolicy /packagefamily:$PackageFamilyName /nonremovable:0 >nul 2>nul"
    powershell -nop -c "remove-appxpackage -package '$PackageFullName' -AllUsers" 2>&1 >''
    foreach ($sid in $users) {cmd /c "reg delete ""$store_reg\EndOfLife\$sid\$PackageFullName"" /f >nul 2>nul"}
  }
}

## remove OpenWebSearch before running edge setup
$IFEO = 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options'
$MSEP = ($env:ProgramFiles,${env:ProgramFiles(x86)})[[Environment]::Is64BitOperatingSystem] + '\Microsoft\Edge\Application'
cmd /c "reg delete HKCR\microsoft-edge /f /v ""NoOpenWith"" >nul 2>nul"
cmd /c "reg add HKCR\microsoft-edge\shell\open\command /f /ve /d ""\""$MSEP\msedge.exe\"" --single-argument %%1"" >nul"
cmd /c "reg delete HKCR\MSEdgeHTM /f /v ""NoOpenWith"" >nul 2>nul"
cmd /c "reg add HKCR\MSEdgeHTM\shell\open\command /f /ve /d ""\""$MSEP\msedge.exe\"" --single-argument %%1"" >nul"
cmd /c "reg delete ""$IFEO\ie_to_edge_stub.exe"" /f >nul 2>nul"
cmd /c "reg delete ""$IFEO\msedge.exe"" /f >nul 2>nul"

## shut edge down, again
foreach ($p in 'MicrosoftEdgeUpdate','chredge','msedge','edge','msedgewebview2','Widgets') { kill -name $p -force -ea 0 }
## brute-run found Edge setup.exe with uninstall args
$purge = '--uninstall --force-uninstall --system-level' # --delete-old-versions --channel=stable
if ($also_remove_webview -eq 1) { foreach ($s in $setup) { try{ start -wait $s -args "--msedgewebview $purge" } catch{} } }
foreach ($s in $setup) { try{ start -wait $s -args "--msedge $purge" } catch{} }

## prevent latest cumulative update (LCU) failing due to non-matching EndOfLife Edge entries
foreach ($i in $remove_appx) {
  dir "$store\EndOfLife" -rec -ea 0 |where {$_ -like "*${i}*"} |foreach {cmd /c "reg delete ""$($_.Name)"" /f >nul 2>nul"}
  dir "$store\Deleted\EndOfLife" -rec -ea 0 |where {$_ -like "*${i}*"} |foreach {cmd /c "reg delete ""$($_.Name)"" /f >nul 2>nul"}
}
## extra cleanup
$desktop = $([Environment]::GetFolderPath('Desktop')); $appdata = $([Environment]::GetFolderPath('ApplicationData'))
del "$appdata\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Tombstones\Microsoft Edge.lnk" -force -ea 0
del "$appdata\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk" -force -ea 0
del "$desktop\Microsoft Edge.lnk" -force -ea 0
#del "$env:ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk" -force -ea 0
#pushd "${env:ProgramFiles(x86)}\Microsoft"
#rmdir -LiteralPath 'Edge','EdgeCore','EdgeUpdate' -recurse -force -ea 0

## add OpenWebSearch to redirect microsoft-edge: anti-competitive links to the default browser
$IFEO = 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options'
$MSEP = ($env:ProgramFiles,${env:ProgramFiles(x86)})[[Environment]::Is64BitOperatingSystem] + '\Microsoft\Edge\Application'
$MIN = ('--headless','--width 1 --height 1')[([environment]::OSVersion.Version.Build) -gt 25179]
$CMD = "$env:systemroot\system32\conhost.exe $MIN" # AveYo: minimize prompt - see Terminal issue #13914
cmd /c "reg add HKCR\microsoft-edge /f /ve /d URL:microsoft-edge >nul"
cmd /c "reg add HKCR\microsoft-edge /f /v ""URL Protocol"" /d """" >nul"
cmd /c "reg add HKCR\microsoft-edge /f /v NoOpenWith /d """" >nul"
cmd /c "reg add HKCR\microsoft-edge\shell\open\command /f /ve /d ""$DIR\ie_to_edge_stub.exe %1"" >nul"
cmd /c "reg add HKCR\MSEdgeHTM /f /v NoOpenWith /d """" >nul"
cmd /c "reg add HKCR\MSEdgeHTM\shell\open\command /f /ve /d ""$DIR\ie_to_edge_stub.exe %1"" >nul"
cmd /c "reg add ""$IFEO\ie_to_edge_stub.exe"" /f /v UseFilter /d 1 /t reg_dword >nul >nul"
cmd /c "reg add ""$IFEO\ie_to_edge_stub.exe\0"" /f /v FilterFullPath /d ""$DIR\ie_to_edge_stub.exe"" >nul"
cmd /c "reg add ""$IFEO\ie_to_edge_stub.exe\0"" /f /v Debugger /d ""$CMD $DIR\OpenWebSearch.cmd"" >nul"
cmd /c "reg add ""$IFEO\msedge.exe"" /f /v UseFilter /d 1 /t reg_dword >nul"
cmd /c "reg add ""$IFEO\msedge.exe\0"" /f /v FilterFullPath /d ""$MSEP\msedge.exe"" >nul"
cmd /c "reg add ""$IFEO\msedge.exe\0"" /f /v Debugger /d ""$CMD $DIR\OpenWebSearch.cmd"" >nul"

$OpenWebSearch = @$
@title OpenWebSearch Redux & echo off & set ?= open start menu web search, widgets links or help in your chosen browser - by AveYo
for /f %%E in ('"prompt $E$S& for %%e in (1) do rem"') do echo;%%E[2t 2>nul & rem AveYo: minimize prompt
call :reg_var "HKCU\SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice" ProgID ProgID
if /i "%ProgID%" equ "MSEdgeHTM" echo;Default browser is set to Edge! Change it or remove OpenWebSearch script. & pause & exit /b
call :reg_var "HKCR\%ProgID%\shell\open\command" "" Browser
set Choice=& for %%. in (%Browser%) do if not defined Choice set "Choice=%%~."
call :reg_var "HKCR\MSEdgeMHT\shell\open\command" "" FallBack
set "Edge=" & for %%. in (%FallBack%) do if not defined Edge set "Edge=%%~."
set "URI=" & set "URL=" & set "NOOP=" & set "PassTrough=%Edge:msedge=edge%"
set "CLI=%CMDCMDLINE:"=``% "
if defined CLI set "CLI=%CLI:*ie_to_edge_stub.exe`` =%"
if defined CLI set "CLI=%CLI:*ie_to_edge_stub.exe =%"
if defined CLI set "CLI=%CLI:*msedge.exe`` =%"
if defined CLI set "CLI=%CLI:*msedge.exe =%"
set "FIX=%CLI:~-1%"
if defined CLI if "%FIX%"==" " set "CLI=%CLI:~0,-1%"
if defined CLI set "RED=%CLI:microsoft-edge=%"
if defined CLI set "URL=%CLI:http=%"
if defined CLI set "ARG=%CLI:``="%"
if "%CLI%" equ "%RED%" (set NOOP=1) else if "%CLI%" equ "%URL%" (set NOOP=1)
if defined NOOP if exist "%PassTrough%" start "" "%PassTrough%" %ARG%
if defined NOOP exit /b
set "URL=%CLI:*microsoft-edge=%"
set "URL=http%URL:*http=%"
set "FIX=%URL:~-2%"
if defined URL if "%FIX%"=="``" set "URL=%URL:~0,-2%"
call :dec_url
start "" "%Choice%" "%URL%"
exit

:reg_var [USAGE] call :reg_var "HKCU\Volatile Environment" value-or-"" variable [extra options]
set {var}=& set {reg}=reg query "%~1" /v %2 /z /se "," /f /e& if %2=="" set {reg}=reg query "%~1" /ve /z /se "," /f /e
for /f "skip=2 tokens=* delims=" %%V in ('%{reg}% %4 %5 %6 %7 %8 %9 2^>nul') do if not defined {var} set "{var}=%%V"
if not defined {var} (set {reg}=& set "%~3="& exit /b) else if %2=="" set "{var}=%{var}:*)    =%"& rem AveYo: v3
if not defined {var} (set {reg}=& set "%~3="& exit /b) else set {reg}=& set "%~3=%{var}:*)    =%"& set {var}=& exit /b

:dec_url brute url percent decoding by AveYo
set ".=%URL:!=}%"&setlocal enabledelayedexpansion& rem brute url percent decoding
set ".=!.:%%={!" &set ".=!.:{3A=:!" &set ".=!.:{2F=/!" &set ".=!.:{3F=?!" &set ".=!.:{23=#!" &set ".=!.:{5B=[!" &set ".=!.:{5D=]!"
set ".=!.:{40=@!"&set ".=!.:{21=}!" &set ".=!.:{24=$!" &set ".=!.:{26=&!" &set ".=!.:{27='!" &set ".=!.:{28=(!" &set ".=!.:{29=)!"
set ".=!.:{2A=*!"&set ".=!.:{2B=+!" &set ".=!.:{2C=,!" &set ".=!.:{3B=;!" &set ".=!.:{3D==!" &set ".=!.:{25=%%!"&set ".=!.:{20= !"
set ".=!.:{=%%!" &rem set ",=!.:%%=!" & if "!,!" neq "!.!" endlocal& set "URL=%.:}=!%" & call :dec_url
endlocal& set "URL=%.:}=!%" & exit /b
rem done

$@
[io.file]::WriteAllText("$DIR\OpenWebSearch.cmd", $OpenWebSearch) >''
## cleanup
$cleanup = gp 'Registry::HKEY_Users\S-1-5-21*\Volatile*' Edge_Removal -ea 0
if ($cleanup) {rp $cleanup.PSPath Edge_Removal -force -ea 0}

function global:getfirefox {
  $ffsetup='https://download.mozilla.org/?product=firefox-latest&os=win';
  $firefox="$([Environment]::GetFolderPath('Desktop'))\FirefoxSetup.exe";
  Invoke-WebRequest $ffsetup -OutFile $firefox; start $firefox
}
$getfirefox = "$([char]27)[38;2;255;165;0m getfirefox "
write-host -nonew -fore green -back black "`n EDGE REMOVED! NEED ANOTHER BROWSER? ENTER:"; write-host -back black "$getfirefox"

## ask to run script as admin
'@.replace("$@","'@").replace("@$","@'") -force -ea 0;
$A = '-nop -noe -c & {iex((gp ''Registry::HKEY_Users\S-1-5-21*\Volatile*'' Edge_Removal -ea 0)[0].Edge_Removal)}'
start powershell -args $A -verb runas
$_Press_Enter
#::

VMware – TPM 2.0 device detected but a connection cannot be established on DELL EMC PowerEdge

ScheissITLeave a comment

i just upgraded DELL EMC PowerEdge R740xd from vSphere 6.7 to 7.0.3 i got error message TPM 2.0 device detected but a connection cannot be established – how resolve it ? 

  • TPM2 Algorithm Selection to SHA256
  • Turn on Intel(R) TXT 
  • Enable Secure Boot

This settings SHOULD NOT impact the ESXi installation, but there is a chance… that your machine will be unbootable ! 

Place the host into maitenance mode, reboot it and boot to System Setup > System BIOS. 

then go to the System Security

go to the TPM Advanced Settings

and enable SHA256 algorithm selection and go back to System Security

Intel(R) TXT – On 

and enable Secure Boot

save settings and reboot esx node, secure boot policy has been changed to enabled. 

Once it’s back in vCenter, you can go to the host and clear out the “Host TPM attestation alarm” alert by clicking Reset to Green, then exit Maintenance Mode.

Source: https://tomaskalabis.com/wordpress/vmware-tpm-2-0-device-detected-but-a-connection-cannot-be-established-on-dell-emc-poweredge/

Extracting the certificate and keys from a .pfx file

ScheissITLeave a comment

The .pfx file, which is in a PKCS#12 format, contains the SSL certificate (public keys) and the corresponding private keys. Sometimes, you might have to import the certificate and private keys separately in an unencrypted plain text format to use it on another system. This topic provides instructions on how to convert the .pfx file to .crt and .key files.

Extract .crt and .key files from .pfx file

PREREQUISITE: Ensure OpenSSL is installed in the server that contains the SSL certificate.

  1. Start OpenSSL from the OpenSSL\bin folder.
  2. Open the command prompt and go to the folder that contains your .pfx file.
  3. Run the following command to extract the private key:openssl pkcs12 -in [yourfile.pfx] -nocerts -out [drlive.key]You will be prompted to type the import password. Type the password that you used to protect your keypair when you created the .pfx file. You will be prompted again to provide a new password to protect the .key file that you are creating. Store the password to your key file in a secure place to avoid misuse.
  4. Run the following command to extract the certificate:openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [drlive.crt]
  5. Run the following command to decrypt the private key:openssl rsa -in [drlive.key] -out [drlive-decrypted.key]Type the password that you created to protect the private key file in the previous step.The .crt file and the decrypted and encrypted .key files are available in the path, where you started OpenSSL.

Convert .pfx file to .pem format

There might be instances where you might have to convert the .pfx file into .pem format. Run the following command to convert it into PEM format.

openssl rsa -in [keyfile-encrypted.key] -outform PEM -out [keyfile-encrypted-pem.key]

Note: Ensure that the name of the certificate file is drlive.crt and the private key file is named drlive.key. The renamed drlive.crt and drlive.key files must be updated for all three servers:

  • liveAuthServer: <live-install-folder>\liveAuthServer\lib_server\config
  • liveHomeServer: <live-install-folder>\liveHomeServer\lib_server\config
  • liveRoomServer: <live-install-folder>\liveRoomServer\lib_server\config

Source: https://www.ibm.com/docs/en/arl/9.7?topic=certification-extracting-certificate-keys-from-pfx-file