Ubuntu Guest VM Random Freezing Lockups on ESXi 6.5

Ubuntu Server 17.10 was randomly freezing / locking up after periods of time, even if left idle.  The solution for this VM was to change the type of network adapter assigned to the guest. By default, ESXi 6.5 will assign an adapter type of VMXNET 3 for a new guest VM. Switching it to E1000 in the VM settings seems to have resolved the problem.

If running Ubuntu Server you may need to perform the following steps to enable the new adapter after changing the adapter type for the VM:

First get a list of all adapters currently detected. Make note of the interface name (e.g., abc12)

Then enable the interface using the interface name recorded above

Then enable DHCP client for the interface

You can now check if the system has obtained an IP address by using the following command:

To make this change permanent so that it persists with every reboot follow these steps:

Edit the following file:
/etc/network/interfaces

Then add the following lines. They may already be present referencing the old adapter name so you can simply update the name of the adapter.

 

Steps to Downgrade MongoDB on Ubuntu (for UniFi Controller)

This is an example for downgrading from MongoDB version 3.6 to version 3.4 in Ubuntu 18.04 LTS, but it can be adapted for any combination of versions.

Remove old versions. Since this was done for a compatibility issue with UniFI Controller, the first step is optional

Install MongoDB v3.4 Community Edition using the guide below. They also provide guides specific to other versions that you may need.
https://docs.mongodb.com/v3.4/tutorial/install-mongodb-on-ubuntu/

If you are doing this for UniFi Controller (optional), download latest controller package for Ubuntu
https://www.ubnt.com/download/unifi#

Install it (optional)

Fix any broken packages

 

 

Restore Default Certificate Deployment Level for RemoteApp (Windows Server 2012 R2)

This guide details how to change the certificate deployment level of a Windows Server 2012 R2 RD system from “Trusted” back to the default configuration of “Not Configured.”    The main problem is that the Windows GUI does not allow you to simply delete the trusted certificate and reset it back to the default “Not Configured” state for the deployment certificate level. Instead the GUI will only let you choose a different certificate (whether trusted or self signed). The steps below will get around this limitation and allow you to reset the deployment level.

First set of steps are to delete any existing Remote Desktop certificates and have Windows generate a new one automatically:

  1. Launch mmc.exe on the 2012 R2 server
  2. Choose File-Add/Remove Snap in
  3. Add Certificates -> choose Computer account -> then Local computer. Click OK.
  4. On left hand side browse to Remote Desktop folder -> Certificates folder
  5. Delete all certificates
  6. Launch services.msc
  7. Restart Remote Desktop Configuration service
  8. In Event Viewer – System, you should see a notification that a new self signed certificate was created
  9. Go back to mmc.exe and at the top choose Action-Refresh.
  10. Confirm new certificate is shown in Remote Desktop folder -> Certificates folder
  11. Close mmc.exe. Choose No if it prompts to save.

The next set of steps are to change the deployment level:

There is one registry key that needs to be modified:

fHasCertificate – REG_DWORD set to a value of 0

Under this same key there is also a CertificateHash – REG_BINARY that contains thumbprint of the old certificate. It can probably be deleted but I have left it in place until it causes a problem.

There is a second key at the following location

with a key titled CertExpiryTracking and under it a key with a title equal to the old certificate thumbprint with a LastPeriodLogged REG_DWORD decimal value of 15.  The entire CertExpiryTracking key can probably be deleted but I have left it in place until it causes a problem.

Now you will need to connect to the Windows Internal Database:

  1. Download and install Microsoft SQL Server Management Studio (SSMS) v17 or higher
  2. Launch SSMS
  3. Connect to internal database using this server name:
    \\.\pipe\MICROSOFT##WID\tsql\query
  4. Navigate to Databases -> RDCms -> and select rds.DeploymentSetting
  5. Right click on it then choose Edit Top 200 Rows
  6. Rename the following items:
    1. RedirectorCertificate – > RedirectorCertificate.bak
    2. PublishingCertificate -> PublishingCertificate.bak
    3. DeploymentCertificateHash -> DeploymentCertificateHash.bak
    4. WebAccessCertificate -> WebAccessCertificate.bak
  7. Close SSMS
  8. Close and reopen any Server Manager windows. Then go back and check that deployment certificate level is now showing as Not Configured.

Also if you were using a trusted certificate in IIS you may need to change the certificate for RDWeb by following these steps:

  1. Launch IIS Manager
  2. Right click Default Web Site, choose Edit Bindings
  3. Select https, click Edit
  4. Choose the appropriate SSL certificate in the dropdown list
  5. Restart IIS

Inject Drivers into a Windows 7 PE Image

One scenario – booting a system using a USB Windows PE flash drive, the same flash drive then could not be read within Windows PE. This was because the PE image had no USB 3.0 drivers. The solution was to inject USB 3.0 drivers into the standard Windows 7 PE image.

  1. Download the desired drivers
  2. Extract the folder that contains the .cat, .inf, etc. files for the drivers (e.g., files can be extracted from a .exe using 7zip). Place them in a temporary folder (C:\x64)
  3. Create a mount point folder on your local drive (e.g., C:\mount)
  4. Open elevated command prompt
  5. Get the name of the Windows PE system by pointing dism to the wim file (which could be on a portable media or your local drive). For example:
  6. Mount it. In this example the name determined from previous step was “Microsoft Windows PE (x64)”
  7. Inject the drivers:
  8. Unmount

Create a Windows 7 PE Bootable USB Flash Drive (32 bit and 64 bit)

  1. Download Windows 7 AIK ISO file
    https://www.microsoft.com/en-us/download/details.aspx?id=5753
  2. Burn the ISO or extract it to a folder (e.g., using 7zip)
  3. Run StartCD.exe
  4. Choose the “Windows AIK Setup” option
  5. When complete, navigate to Start->all programs -> Microsoft Windows AIK -> Deployment Tools Command Prompt
  6. In the Deployment Tools Command Prompt window, issue the following commands.
    Note: if needing a 32-bit version of Windows PE, replace “amd64 with “x86”
  7. Insert your flash drive
  8. Launch diskpart (Start button-> then type diskpart)
  9. Locate your flash drive with this commandlist disk
  10. Select it, format it and make it bootable (in this case the flash drive was disk 1) using these commands:
  11. Determine what drive letter has been assigned to your flash drive
  12. The last step is to copy files to flash drive (in this case drive letter of the flash drive was F:
  13. If you want to create an ISO to use later:

Flash Dell PERC H310 to LSI 9211-8i IT Mode Using Legacy (DOS) and UEFI Method (HBA Firmware + BIOS)

This procedure is a combination of using the Legacy (DOS) + UEFI methods to flash a PERC H310 to an LSI 9211-8i in IT mode.  This method will flash both the firmware and also the BIOS of the card, which many guides omit.

  1. Create a bootable USB flash drive using Rufus.
    1. Choose partition scheme: MBR for BIOS or UEFI
    2. Bootable disk using FreeDOS
  2. Download the latest zip file from LSI/Broadcom that has the BIOS and firmware for the 9211 HBA card. At the time of this guide the latest is P20.  There are three files you need from the zip file:
    1. Firmware (IT mode) file for 8i model, it will have file extension *.bin (typical file name 2118it.bin)
    2. BIOS file, it will have file extension *.rom (typical file name mptsas2.rom)
  3. Place these three files on the root of the flash drive
  4. Also download and extract some support files to the root of this drive. These files are needed to prepare the card for updating. Download here.
  5. Install the HBA card in the system and boot from the flash drive using Legacy/DOS mode (not UEFI mode). This will get you into FreeDOS.
  6. Determine what the current SAS Address is of the card using the command below. Make a record of it because we will need to re-program this same address later.  Note – the output of this command is several pages long.
  7. Now wipe the firmware of the card using this command:
  8. Followed by
  9. Once complete, reboot the system. However this time boot the system to your UEFI Shell (not the flash drive).
  10. At the UEFI command prompt, find out what device number has been assigned to your flash drive using this command
  11. Then type the device number followed by a colon symbol to get to the root of your flash drive in UEFI mode. For example, if you determine your flash drive is fs0 then you type:
  12. This gets you to the root of the drive. Now it is time to flash a Dell firmware using this command. Say Yes if it asks if you want to flash.
  13. Once complete it is time to program the SAS address using the following command. Replace the X with the values you recorded earlier.
  14. After it completes, reboot the system again to UEFI shell and get to the flash drive root as described previously.
  15. Now flash the firmware of the card to the latest 9211-8i firmware:
  16. Once complete, update the BIOS of the card:
  17. Once complete, reboot and you should now have a card that has the latest firmware (IT mode) and also the latest BIOS.

Unable to log in to Windows because “The Group Policy Client service failed the logon. Access is denied.”

When trying to log in to Windows (in this case Windows 7 using a domain account) you may receive the following error

This particular situation occurred after a reboot following the installation of the latest Windows updates.

There are several suggestions out there to solve this problem, some more drastic than others. The most common root cause seems to be a problem with a corrupt registry. Specifically, several guides have you log in to the system with a separate local administrator account and then check and modify registry settings located at these locations:

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gpsvc
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SVCHOST

In this case there were no problems with these registry settings, so a different solution was needed.

It was discovered that the user account had both a ntuser.man file and a ntuser.dat file, located in the root of the affected users profile folder (C:\Users\username).  Depending on the account type, there should only be one or the other.  It is most common to have a .dat rather than a .man which was true for this specific user account. The ntuser.man file was also very small compared to the ntuser.dat file.

The solution was to log in with a separate local administrator account and then move/rename the ntuser.man file while leaving the ntuser.dat file untouched.

That allowed the user to log in again with no loss of data or Windows settings.

How to Factory Wipe Settings and Data for Asus MeMo Pad

I could not find a reliable procedure for performing a factory reset / restore on these devices, so I have put one together. The official procedure from Asus did not work for me.

This has been tested specifically with the MeMo Pad 8 Model K011 (ME181C), but it should also work for the MeMo Pad 7 (ME176C).

Here are the steps:

  1. Power off the tablet
  2. Press and hold the volume up button. While holding it down, press and hold the power button.
  3. Release both when you see the Asus logo appear.
  4. The tablet should then boot into the Droidboot interface (shown below).
  5. Scroll down and execute Recovery.
  6. The tablet should then reboot into the recovery screen that has the robot tipped over with the message No Command (shown below).
  7. Now press and hold the volume down key. While still holding it, press and release the volume up key.  You can now release the volume down key.
  8. You should then be presented with the Android system recovery options that will allow you to do a factory reset.
  9. It takes a while so be patient. Once done simply choose the option for Reboot system now.

Start Menu Doesn’t Work After Windows 10 Fall Creators Update (Build 1709)

After installing this update you may find that you are no longer ble to launch your Start Menu. When clicking on the Windows logo button, it is animated but the Start Menu doesn’t appear.

Try the following:

  1. Press Control-Alt-Delete
  2. Launch Task Manager
  3. Click File-Run New Task
  4. Type control panel and press enter
  5. Choose User Accounts
  6. Click the option for Make changes to my account in PC settings
  7. If the window comes up but gets stuck with the gear icon, try right clicking on your Start Menu button a few times
  8. When the settings window appears, Choose Sign-in options, located on the left
  9. Find the option for Use my sign-in info to automatically finish setting up my device after an update or restart.  Having this option enabled seems to be the root cause of breaking the Start Menu
  10. Disable this option then reboot.
    Note: an alternative way of safely rebooting without a working Start Menu is to use the command line. Start a new task cmd using Task Manager in similar fashion like steps 1-4 above. When the command window appears, type the command: shutdown -r and press enter.

Upgrade PHP on CentOS (CentOS version 6 or 7)

You may find that you need to upgrade PHP on your CentOS install in order to meet dependencies for an application. For example, a WordPress plugin:

CentOS by nature maintains the same package version throughout the life cycle of its release, so for CentOS 7 you end up with PHP version 5.4 (e.g., 5.4.17).

The good news is that you can upgrade PHP using the IUS Community project repositories without breaking your CentOS install.

Here are the steps, which need to be run with sudo permissions:

With the last step you may receive the following warning:

For this procedure the warning is typical, so hit Yes

You will then be presented with a transaction summary as follows:

Verify that all of the packages being removed are being replaced with equivalent packages of the newer version. Then hit Yes.

Once complete, restart all services that use PHP or reboot the server.  Typically this is Apache, so to restart it issue the following command: