We use cookies on this page to better serve you. You can find more information about cookies here.

Latest posts

Install VMware vCenter Certificate in Windows
by

The VMware vCenter root certificate is an essential part of vCenter. When you install vCenter, it also installs the VMCA (VMware Certificate Authority) in your vCenter. The VMCA is a barebones CA for vCenter that issues certificates to the various elements of vCenter as needed.

You should install the VMCA root certificate on your system because not all web browsers trust it. After installing the root certificate, your web browsers will trust the certificates on your ESXi hosts in your vCenter, as they use certificates issued by the VMCA on your vCenter.

Installing the VMware vCenter certificate will help prevent errors. Such as the invalid certificate error NET::ERR_CERT_AUTHORITY_INVALID.

The operation failed error is another one that can present itself when uploading files to a datastore.

Another error is the invalid server certificate error in PowerCLI.

Connect-VIServer

Error: Invalid server certificate.

Use Set-PowerCLIConfiguration to set the value for the InvalidCertificateAction option to Prompt if you'd like to connect once or to add a permanent exception for this server.

Additional Information: Could not establish trust relationship for the SSL/TLS secure channel with authority 'vcenter'.

At line:1 char:1
+ Connect-VIServer -Server "vcenter"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : SecurityError: (:) [Connect-VIServer], ViSecurityNegotiationException
+ FullyQualifiedErrorId :
Client20_ConnectivityServiceImpl_Reconnect_CertificateError, VMware.VimAutomation.ViCore.Cmdlets.Commands.ConnectVIServerCode language: plaintext (plaintext)

In this post, I will show you step-by-step how to install the VMware vCenter root certificate in Microsoft Windows.

The Process

  • Go to the URL of your vCenter.
  • Off to the right, there’s a link that says Download trusted root CA certificates.
Read more
IT
CertificatesFixHow ToPowerCLIVCSAVMwareWindows

Install PFX Certificate in Windows
by

Once you have exported your certificate, the next step is installing the certificate PFX on other servers as needed.

In this post, I will show you step-by-step how to install an exported PFX certificate file on a Microsoft Windows system.

Prerequisites

The Process

  • Copy the exported certificate PFX file to the server on which you need to install the certificate.
  • Right-click on the PFX file and select Install PFX.
  • Select Local Machine and click Next.
Read more
IT
CertificatesHow ToSSLWindows

Omnissa Unified Access Gateway Certificate Install
by

Installing your own certificate is one of the first things you’ll need to do when setting up the Omnissa Unified Access Gateway appliance (formerly the VMware Unified Access Gateway appliance).

In this post, I will detail step-by-step how to install a certificate on the VMware UAG.

Prerequisites

The Process

  • Login to the UAG
  • Select Configure Manually.
  • Under Advanced Settings, click on TLS Server Certificate Settings.
Read more
IT
CertificatesHow ToOmnissaOmnissa HorizonUnified Access GatewayVMwareVMware Horizon

Export a Certificate with MMC
by

If you work with wild card certificates, it’s common to need to deploy them to more than one server. You will need to export the certificate to install it on other systems.

In this post, I will show you step-by-step how to export a certificate using MMC (Microsoft Management Console).

The Process

  • Connect to the system that has the certificate you want to export.
  • Open MMC.
  • Add theĀ CertificatesĀ Snap-in.
  • Select Computer account and click Next.
  • Select Local computer and click Finish.
  • Click OK to close the Add or Remove Snap-ins window.
  • Right-click on the Certificate you want to export and click Export.
Read more
IT
CertificatesHow ToMicrosoft Management ConsoleSSLWindows

Complete a CSR
by

When you create a CSR and provide it to your certificate vendor or CA (Certificate Authority), you must complete the CSR (Certificate Signing Request).

In this post, I will show you step-by-step how to complete a CSR.

Prerequisites

  • CSR generated on a system that you want to complete the CSR on. If you don’t know how my post Generate CSR with MMC details all the steps.

You can check which system has the pending certificate by checking the Certificate Enrollment Requests in MMC (Microsoft Management Console).

Certificate Pending completion of CSR

The Process

  • Connect to the system you used to generate the CSR.
  • Download the certificate files from your certificate vendor or CA.
  • Right-click on the certificate file and select Install Certificate.
Read more
IT
CertificatesHow ToMicrosoft Management ConsoleSSLWindows

Omnissa Horizon Desktop Pool without vCenter
by

You usually want to connect Omnissa Horizon (formerly VMware Horizon) directly to VMware vCenter, but it can make sense to leave them disconnected from each other in some situations.

In this post, I’ll show you step-by-step how to install the VMware Horizon Agent without using the VMware vCenter integration. You can do this on persistent VDIs and Physical Machines.

The Process

The configuration will be divided into two sections. The first section covers the steps needed on the system that you will install the VMware Horizon agent on, and the second section covers the steps needed on the VMware Horizon Connection Server.

VMware Horizon Agent

  • Launch the VMware Horizon agent install with the command line argument /v VDM_VC_MANAGED_AGENT=0
  • Click Next
  • Agree to the general terms and click Next.
  • Select IPv4 and click Next.
Read more
IT
EUCHow ToOmnissaOmnissa HorizonVCSAVDIVMwareVMware Horizon

Microsoft 365 Sign-in Page Branding
by

A custom-themed Microsoft 365 sign-in page can augment the user experience by making it easier to tell if it is a phishing sign-in page, as it will help users recognize whether the login page is legitimate or not. It also adds a nice custom tweak to your Microsoft 365 tenant.

Microsoft 365 Sign-in Page before and after Company Branding

In this post, I will show you step-by-step how to customize your Microsoft 365 sign-in page.

The Process

  • Log in to the Microsoft Entra admin center
  • Click on User Experiences > Company branding
  • Under Default sign-in experience, click on Customize
  • Upload a Favicon that is 32 x 32 pixels and less than 5 KB in size.
  • Upload a Background image that is 1920 x 1080 pixels and less than 300 KB in size.

The background image will be darkened by a black overlay with an opacity of 0.5.

Read more
IT
Azure ADCustomizeEntra IDEUCHow ToMicrosoftMicrosoft 365

Cloudflare Access IdP with Entra ID
by

Cloudflare Access is a wonderful tool that can add MFA (Multi-Factor Authentication) to applications that don’t support it.

I’ve previously covered Setting Up Cloudflare Access using email OTP (One-time PIN). What I didn’t cover in that post was how to set up Cloudflare Access with an IdP (Identity Provider).

In this post, I will show step-by-step how to set up Cloudflare Access to use Microsoft Entra ID (formerly Microsoft Azure Active Directory) as the IdP and use Microsoft 365 SSO (Single sign-on) to make everything very transparent to the user.

Prerequisites

  • DNS for the web application in Cloudflare with Cloudflare Proxy enabled on the DNS record. (or a Cloudflare Tunnel)

The Process

  • Click on Custom Pages.
  • Make a note of your Team domain.

For this example, I will be using the team domain test.cloudflareaccess.com

Microsoft Entra ID Configuration

  • Login to Microsoft Entra admin center.
  • Click on Applications > App registrations.
  • Click on New registration.
  • Name your application. I will use the name Cloudflare Access.
  • Select Accounts in this organizational directory only (Single tenant)
  • Set the Redirect URI platform to Web.
  • Set the Redirect URI to the URL of the Team domain you noted down earlier. Add https:// to the front of it and add /cdn-cgi/access/callback to the end of it.
Read more
IT
Azure ADCloudflareCloudflare AccessEntra IDHow ToIdPMFAMicrosoftMicrosoft 365SSO

Palo Alto Private Data Reset with HA (Active/Passive)
by

Sometimes, you need to do a quick factory reset on a Palo Alto Networks firewall. If you aren’t decommissioning the firewall, a Private Data Reset can be a faster way to accomplish similar results as a factory reset and can be done via CLI directly and could technically be done remotely with some coordination.

In this post, I will show you step-by-step instructions on how to perform a private data reset on a primary Palo Alto Networks firewall in an Active/Passive High Availability Pair using the GUI and the CLI.

The Process

HA Election Settings

If the HA election settings are set to preemptive, we need to disable that.

HA Election Settings GUI

  • On the Primary firewall, click on Device.
  • Click on High Availability
  • Uncheck Preemptive (if it isn’t selected, you don’t need to do anything)
  • Commit the changes

HA Election Settings CLI

  • SSH into the Primary firewall
  • Enter the configuration mode by running the command configure
  • Run the following command to output your HA election settings show deviceconfig high-availability group election-option

If preemptive is set to yes, make a note of that (if it isn’t selected, you don’t need to do anything)

Read more
IT
FirewallHigh AvailabilityHow ToNetworkingPalo Alto NetworksPAN-OSResetsecurity

Intune Deploy Windows 10 Default Start Menu
by

I recently discovered that I caused an unintended side effect on Windows 10 when deploying a default taskbar for all users.

In my post Intune Deploy Default Taskbar I inadvertently introduced a bug to the Windows 10 Start Menu making it so users can’t customize anything.

The bug is that users can pin programs to the taskbar but they can’t pin anything to the Start Menu and they also can’t change anything in the Start Menu.

Can’t pin Microsoft Access to the Start Menu on Windows 10

The issue does not impact Windows 11 as the way the Windows 11 Start Menu layout uses JSON and the Windows 10 Start Menu layout uses XML, the same XML file that is used for the default taskbar.

I am happy to allow users to customize their Start Menu as much as they want but I do want a consistent user experience for all. Most users likely won’t change anything, but the ones that do want to customize their Start Menu would be blocked.

In this post, I will show you step-by-step how to fix the bug and how to deploy a partial custom Start Menu for Windows 10 using Microsoft Intune.

The Process

  • On a source system configure an application group in your start menu and pin the applications in the order you want.

The application group name will also be deployed. I named my application group Company Name for this example but you can make it whatever you want.

I don’t want the custom Start Menu application group to be very intrusive so I will use 1×1 icons for all the common Microsoft applications and I will use 2×2 icon for Company Portal as Company Portal is still new for a lot of people.

Source Windows 10 Start Menu application group
  • Export the Start Menu layout by running the following PowerShell command Export-StartLayout -UseDesktopApplicationID -path C:\temp\start-menu.xml
  • Open the Start Menu XML file as we will need to make changes to it.
Read more
IT
CustomizeEUCFixHow ToIntuneMicrosoftMicrosoft Endpoint ManagerStart MenuTaskbarWindowsWindows 10
theDXT on GitHub
theDXT on X (Twitter)
theDXT on YouTube