I just built a new environment and was greeted by this error. This fix will likely work on other Dell servers, and the settings may apply to other vendors.
High level is you need to set TPM2 Algorithm Selection to SHA256 in the BIOS. You MIGHT have to turn on Intel TXT, and then enable Secure Boot. This SHOULD NOT impact the ESXi installation, but there is a chance it might. Enabling Secure Boot on a machine with modified or unsigned files carries with it the risk of rendering your machine unbootable with the current ESXi installation.
This post is long over due. I’ve been playing with Windows Server 2012 without the GUI (aka Core) for a while and one thing that irks me is that without the Graphical Management Tools, you’re really stuck using old school “net user” commands. Sure, you can use another GUI 2012 server’s Server Manager to connect and manage your core server, but what if you only have one core server you’re testing? Or, what if you simply want to do things the hard PowerShell way?
I had some ideas, since 2012 Core has the SConfig thing, I decided to do something similar and create a user-management script specifically for this scenario.
So what does it do? Some pretty basic tasks: create & delete users, create & delete groups, as well as edit users. Editing users includes changing the password, enable & disable, and adding & removing group membership. All done from a nice little PowerShell window!
I’m working on importing drivers for Dell’s new 12G servers into our SCCM server for OSD. I got everything imported yesterday, added them to my boot image, created a new boot iso for use in non-PXE enabled networks, and went home for the day.
I get to work today and boot from my ISO I created yesterday and am greeted with the error 80004005, and some nondescript text stating it couldn’t pull a list of tasks. You know, the typical error that you have no idea what it actually means.
I googled it and found 80004005 is “Failed to get client identity”, and some pointed out the time being off may be the cause. I rebooted, BIOS time was maybe 30s off, so I tried again, but exported the smsts.log located in X:\windows\temp\smstslog\ via net use to my workstation. I opened that in SMS Trace, and here’s what I found:
SCCM 80004005
Right there in RED is my error, plain as day, but what wasn’t shown to me in WinPE was the “signature varification failed”. I think it’s worthwhile to note Microsoft misspelled vErification, yup, that’s an A in theirs.
Now, if you google that, I found This Post stating they saw the error after moving their SCCM server to new hardware. We didn’t move to new hardware, we actually went from hardware to virtual, in that we P2V’d our SCCM server last night, which indeed changed the signature of the server.
I updated the boot image’s distribution point, which rebuilds it, then did a refresh for posterity. When that was 100% complete, I recreated the task sequence media boot ISO and all is well again.
A few years ago, we were one of the first/early adopters of UCS. At that time, it was clearly in it’s infancy and not ready for prime time, our local Cisco guys didn’t even know anything about it. If you care to read those previous posts, they can be found here: Part 1, Part 2, and Part 3. I was fairly bitter when I wrote those, but with good reason. I ‘wasted’ a lot of time (read weeks or months) jacking with it and had nothing but problems.
This is an update to my original get-WWN script using Get-View. Get-VMHostHba was pointed out to me by Robert van den Nieuwendijk, vExpert 2012, so I wanted to provide an update to my original post HERE. I attached the ps1 file at the end.
With the addition of get-vmhosthba in PowerCLI, you can get this information somewhat easier. At line 46
I’m getting ready to upgrade a ton of our ESXi hosts to 5 and wanted a quick way to join all of them to AD after. I could probably do a fresh install and incorporate this into my ESXi Config Script, that’s a consideration, but for the time being, a script that targets clusters, folders, vDCs, etc, will work. The script can also target individual ESXi hosts, they do not have to be joined to vCenter.
Ever wonder how many users grant full control to Everyone on shares they created? This opens a huge risk, as any virus/worm can write itself to these shares, given the NTFS permissions allow them as well. At any rate, I don’t think it’s a good idea, so I scripted it out and found something like 470 shares where Everyone was granted FullControl access in my environment. OUCH!
I built 38 new servers and needed to add a domain group to the local administrator group of all of them. Instead of using computer management (compmgmt.msc) to connect to each one, or a GPO, I decided to use PowerShell, and found it’s actually pretty simple to do.
