# Story

## The Precursor

I did NOT want to write this blog post. This post comes from the fact that VMware is not perfect and I’m here to air some dirty laundry…. Let’s get started.

UPDATE* Read on if you want to get into the nitty gritty, otherwise go to the Summary section, for me rebooting the VCSA resolved the issue.

## The Intro

OK, I’ll keep this short. 1 vCenter, 2 hosts, 1 cluster. 1 host started to act “weird”; Random power off,   Boots normal but USB controller not working.

Now this was annoying … A LOT, so I decided I would install ESXi on the local RAID array instead of USB.

Step 1) Make a backup of the ESXi config.

Step 2) Re-install ESXi. When I went to re-install ESXi it stated all data in the exiting datastore would be deleted. Whoops lets move all data first.

Step 2a) I removed all data from the datastore

Step 2b) Delete the Datastore, , and THIS IS THE STEP THAT CAUSED ME ALL FUTURE GRIEF IN THIS BLOG POST! DO NOT FORGET TO DO THIS STEP! IF YOU DO YOU WILL HAVE TO DO EVERYTHING ELSE THIS POST IS TALKING ABOUT!

Unmount, and delete the datastore. YOU HAVE BEEN WARNED!

*during my testing I found this was not always the case. I was however able to replicate the issue in my lab after a couple of attempts.

Step 3) Re-install ESXi

Step 4) Reload saved Config file, and all is done.

This is when my heart sunk.

## The Assumptions

I had the following wrong assumptions during this terrible mistake:

1. Datastore names are saved in the backup config.
INCORRECT – Datastore names are literally volume labels and stay with the volume in which they were created on.
UUID is stored on the device FS SuperBlock.
2. Removing an orphaned Object in vCenter would be easy.
3. Renaming a Datastore would be easy.
4. Installing on USB drive defaults all install mount points on the USB drive.
INCORRECT – There’s magic involved.

Every one of these assumptions burnt me hard.

## The Problem

So it wasn’t until I clicked on the datastore section of vCenter when my heart sunk. The old datastore was listed attempting to right click and delete the orphaned datastore shot me with another surprise…. the options were greyed out, I went to google to see if I was alone. It turns out I was not alone, but the blog source I found also did not seem very promising… How to easily kill a zombie datastore in your VMware vSphere lab | (tinkertry.com)

Now this blog post title is very misleading, one can say the solution he did was “easy” but guess what … it’s not support by VMware. As he even states “Warning: this is a bit of a hack, suited for labs only”. Alright so this is no good so far.

There was one other notable source. This one mentioned looking out for related objects that might still be linked to the Datastore, in this case there was none. It was purely orphaned.

Talking to other in #VMware on libera chat, told me it might be possibly linked to a scratch location which is probably the reason for the option being greyed out, while this might be a reasonable case for a host, for vCenter in which the scratch location is dependent on a host itself, not vCenter, it should have the ability to clear the datastore, as the ESXi host itself will determine where the scratch location is stored (foreshadowing, this causes me more grief).

In my situation, unlike tinkertry’s situation, I knew exactly what caused the problem, I did not rename the datastore accordingly. Since the datastore name was not named appropriately after being re-created, it was mounted and shown as a new datastore.

## The Plan

It’s one thing to fuck up, it another to fess up, and it’s yet another to have a plan. If you can fix your mistake, it’s prime evidence of learning and growing as you live life. One must always perceiver. Here’s my plan.

Since building the host new and restoring the config with a wrong datastore, I figured I’d I did the same but with the proper datastore in place, I should be able to remove it by bringing it back up.

I had a couple issues to overcome. First one was my 3rd assumption: That renaming a datastore was easy. Which, usually, it is, however… in this case attempting to rename it the same as the missing datastore simply told me the datastore already exists. Sooo poop, you can’t do it directly from a ESXi host unless it’s not managed by vCenter. So as you can tell a catch22, the only way to get past this was to do my plan, which was the same as how I got in this mess to being with. But sadly I didn’t know how bad a hole I had created.

So after installing brand new on another USB stick, I went to create the new datastore with the old name, overwriting the partition table ESXi install created… and you guessed it. Failed to create VMFS datastore. Cannot change host configuration. – Zewwy’s Info Tech Talks

Obviously I had gone through this before, but this time was different. it turned out attempting to clear the GPT partition table and replace it with msdos(MBR) based one failed telling me it was a read-only disk. Huh?

Googling this, I found this thread which seemed to be the root cause… Yeap my 4th assumption: “Installing on USB drive defaults all install mount points on the USB drive.”

so doing a “ls -l”, and “esxcli storage filesystem list” then “vmkfstools -P MOUNTPOINT” I was veriy esay to discover that the scratch and coredump were pointing to the local RAID logical volume I created which overwrote the initial datastore when ESXi was installed. Talk about a major annoyance, like I get why it did what it did, but in this case it is  major hindrance as I can’t clear the logical disk partition to create a new one which will be hold the datastore I need to have mounted there… mhmmm

So I kept trying to change the core dump location and the scratch location and the host on reboot kept picking the old location which was on the local RAID logical volume that kept preventing me from moving forward. Regardless if I did it via the GUI or if I did it via the backend cmd “vim-cmd hostsvc/advopt/update ScratchConfig.ConfiguredScratchLocation string /tmp/scratch” even though VMware KB mentions to create this path path first with mkdir what I found was the creation of this path was not persistent, and it would seem that since it doesn’t exist at boot ESXi changes it via it’s usual “Magic”:

“ESXi selects one of these scratch locations during startup in this order of preference:
The location configured in the /etc/vmware/locker.conf configuration file, set by the ScratchConfig.ConfiguredScratchLocation configuration option, as in this article.
A Fat16 filesystem of at least 4 GB on the Local Boot device.
A Fat16 filesystem of at least 4 GB on a Local device.
A VMFS datastore on a Local device, in a .locker/ directory.
A ramdisk at /tmp/scratch/.”

So in this case, I found this post around a similar issue, and turns out setting the scratch location to just /tmp, worked.

When I attempted to wipe the drive partitions I was again greeted by read-only, however this time it was right back to the coredump location issues, which I verified by running:

esxcli system coredump partition get

which showed me the drive, so I used the unmounted final partition of the USB stick in it’s place:

esxcli system coredump partition set -p USBDriveNAA:PartNum

Which sure enough worked, and I was able to set the logical drive to have a msdos based partition, yay I can finally re-create the datastore and restore the config!

So when the OP in that one VMware thread post said congrats you found 50% of the problem I guess he was right it goes like this.

1. Scratch
2. Coredump

Fix these and you can reuse the logical drive for a datastore. Let’s re-create that datastore…

This is hen my heart sunk yet again…

So I created the datastore successfully however… I had to learn about those peskey UUID’s…

The UUID is comprised of four components. Lets understand this by taking example of one of the vmfs volume’s UUID : 591ac3ec-cc6af9a9-47c5-0050560346b9

System Time (591ac3ec)
CPU Timestamp (cc6af9a9)
Random Number (47c5)
MAC Address – Management Port uplink of the host used to re-signature or create the datastore (0050560346b9)

FFS… I can never be able to reproduce that… and sure enough thats why my UUIDs not longer aligned:

I figured maybe I could make the file, and create a custom symlink to that new file with the same name, but nope “operation not permitted”:

Fuck! well now I don’t know if i can fix this, or if restoring the config with the same datastore name but different UUID will fix it or make things worse…. fuck me man…. not sure I want to try this… might have to do this on my home lab first…

Alright I finally was able to reproduce the problem in my home lab!

Let’s see if my idea above will work…

Step 1) Make config Backup of ESXi host. (should have one before mess up but will use current)

Step 2) Reload host to factory defaults.

Step 3) rename datastore

poop… I was afraid of that…

ok i even tried, disconnecting host from vcenter after deleting the datstore  I could, recreate with same name and it always attaches with appending (1) cause the datastore exists as far as vCenter thinks, since the UUID can never be recovered… I heard a vCenter reboot may help let’s see…

But first I want to go down a rabbit hole…. the Datastore UUID, in this case the ACTUAL datastore UUID, not the one listed in a VM’s config file (.vmx), not the one listed in the vCenter DB’s (that we are trying to fix), but the one actually associated with the Datastore… after much searching…  it seems it is saved in the File Systems “SuperBlock“, in most other File Systems there’s some command to edit the UUID if you really need to. However, for VMFS all I could find was re-signaturing for cloned volumes

So it would seem if I simply would have saved the first 4MB of the logical disk, or partition, not 100% sure which at this time, but I could have in theory done a DD to replace it and recovered the original UUID and then connect the host back to vCenter.

I guess I’ll try a reboot here see what happens….

Well look at that.. it worked…

# Summary

1. Try a reboot
2. If reboot does not Fix it call VMware Support.
3. If you don’t have support, You can try to much the with backend DB (do so at your own risk).

## Installing TWRP on a LG v30

PLEASE NOTE *At the end of this process I did have a fully rooted phone, but I was unable to get TWRP to boot natively and somehow managed to break fastboot ability. I hope to resolve these issues in a future post. The idea of this post was to install TWRP, but the final result wasn’t a working TWRP recovery, but was successful in rooting. I’m more than confident this can be recovered.

Source I used.

What you need:

1. A windows computer with a USB port. (Very Common)
1. If your copy of windows is 32 bit, edit the SetDev.bat script. (Step 1) Part 2.D
2. A USB Cable. Ensure you are using a reliable USB cable (If computer isn’t picking up a device when your phone is plugged in, but you phone is charging you maybe using just a charge cable, again use a known good reliable USB cable).
3. LG v30 with an Unlocked Bootloader

Technically you can go right to installing TWRP from unlocking the bootloader, but much like the source I followed Just taking extra step to make backups.

Step 1) Flash H933 Oreo KDZ – H93320H_00_OPEN_CA_OP_1123.kdz
If you already have a DUMP from H933 firmware, move to Step 3

1. Connect phone to patched LGUP
2. Select Partition DL, Select All, Yes
4. Start
5. Once Complete; Close LGUP and disconnect phone

You should have mobile data again however no TWRP and no root.

Step 2) DUMP partitions

2. Open LGUP
3. Select DUMP
4. Start, select all then select a folder for the files to be dumped to
5. Once Complete; Close LGUP and disconnect phone

This should take about an hour with all partitions selected. Only 9 are needed however, it may be useful in the future to have all of them.
The 9 that are needed are OP, modem, modemst1, modemst2, misc, persist, ftm, pstore, recovery.

Remove “_COMX” and add “.bin” to the 9 files.

Step 3) Flash US998 Nougat KDZ – US99810C_03_1216.kdz

2. Open LGUP
3. Select PARTITION DL

Start, Select All, Yes to partition changes window
When its done it will attempt to boot and you’ll get flashes of an image, perform Master Reset.

Step 4) Flash TWRP

Enable USB Debugging, USB Photo mode.

In Command Prompt ->

adb reboot bootloader

Once rebooted ->

fastboot flash recovery path/to/twrp.img

Once completed ->

fastboot boot twrp.img

Cancel on Password Request for data decrypt
Swipe to allow modifications
Wipe -> Format Data -> yes
Wipe -> Factory Reset
Reboot -> Recovery
Unplug the cable
Reboot -> Power Off

Step 5) Flash H933 Oreo KDZ – H93320H_00_OPEN_CA_OP_1123.kdz again.

2. Open LGUP
3. Select PARTITION DL

Start, Select All, UNSELECT Recovery, Yes to partition changes window

Your phone should reboot to TWRP when finished.

Step 6) Fix Partitions
Swipe to allow modifications
Wipe -> Format Data -> yes
Wipe -> Factory Reset
Reboot -> Recovery
Code:

adb push path\to\Magisk-v18.0.zip /sdcard/
adb push path\to\lg-rctd-disabler-1.0.zip /sdcard/

then Install them in that order: On phone, in TWRP Install, each zip
If you copied the 9 .bin files then Advanced -> File Manager
Copy each .bin to /sdcard/
Otherwise
Code:

adb push path\to\OP.bin /sdcard/
adb push path\to\pstore.bin /sdcard/

Command Prompt ->

adb shell
dd if=/sdcard/OP.bin of=/dev/block/bootdevice/by-name/OP
dd if=/sdcard/modem.bin of=/dev/block/bootdevice/by-name/modem
dd if=/sdcard/modemst1.bin of=/dev/block/bootdevice/by-name/modemst1
dd if=/sdcard/modemst2.bin of=/dev/block/bootdevice/by-name/modemst2
dd if=/sdcard/misc.bin of=/dev/block/bootdevice/by-name/misc
dd if=/sdcard/persist.bin of=/dev/block/bootdevice/by-name/persist
dd if=/sdcard/ftm.bin of=/dev/block/bootdevice/by-name/ftm
dd if=/sdcard/pstore.bin of=/dev/block/bootdevice/by-name/pstore
dd if=/sdcard/recovery.bin of=/dev/block/bootdevice/by-name/recovery

Unplug phone
Reboot -> Power Off
Power On
Should briefly see the same erasing circle from Master Reset

You should now have mobile data again.

Step 7) Clean Up

Get through setup screens
Plug in
In Command Prompt ->

adb push path\to\twrp.img /sdcard/
dd if=/sdcard/twrp.img of=/dev/block/bootdevice/by-name/recovery

Install Magisk Manager (it always needed a reboot after installing manager app to finish installing)
STOP HERE if you want a stock H933 ROM with unlocked bootloader, custom recovery, and root

IF YOU WANT TO FLASH A PIE ROM go to Settings -> Network -> Mobile network -> Advanced -> Access point names
Take a screenshot or write down every filed for every APN there, make sure to copy the screenshots off the device or at least to an external SD card.

Well This is where this post ends. I did manage to root the phone, and I guess TWRP is on there somewhere, but I can’t boot into it at this moment. It seems any attempt to boot into fastboot, either via ADB commands or hardware button sequences all seem to have the phone boot into the normal Android. I can however get back into flash mode, and I guess I might have to go through a lot of this process again to get TWRP properly working. But I’ll leave that for a future post.

# Unlocking the Bootloader on a LG v30

## Pre Story

In this post I’m going to go over unlocking the bootloader on a LG v30. In my previous post I attempted the same thing and realized I soft locked myself out of the phone by forgetting the account to which I created as a throw away, and they were entangled.

I remember about being able to recover a device owned with proof, when something happens to the person in which it was connected with. Happens in these rare situation. In this case I contacted the place in which it was purchased from and they operate a cell repair store.

I discussed what I had done, sure enough they managed to get past the Google lockout, I wasn’t able to get the exact details as they would have been great for this post, but I understand they don’t want to release all their secrets.

So Let’s get started again.

## All Steps

### Step 0) Factory Reset.

This step ensures you have full control of the device and it is not locked to a specific Google account. If you happen to be in the same situation as me contact the place where you bought the phone, or a cell repair store, in my case I got lucky and there was a way to recover.

To do a normal factory reset when you know the device pin, and Google account.

Settings icon > General tab > scroll to and select Restart & reset > select Factory data reset.

Welcome (Green Arrow right).
Insert SIM (Skip)
Network (LTE off, WiFi Off; Next, No Internet, Skip Anyway) [This is only available if the factory reset was done, if flashed to a different firmware before this was done, then the device will be locked out, and you are expected to connect to a network at this step]
Set Date n Time (Next)
Turn off Tracking, Turn off Diagnostics Data sending (Next)
EULA (Agree)

Welcome to your Factory reset phone, no pin no account tied.

### Step 1) Verify Firmware.

Swipe down from the Notification bar and tap Settings.
Tap Software info. If the Android, Baseband, and Software versions don’t match the current update; perform additional updates until they do.

Now if you read my last post you probably already know but, if you are on exactly US998 Oreo, you can move to Step x. Otherwise you will need to flash your phone to this firmware version. Which is exactly what we are going to be doing next.

as you can see from the source phone. It’s a Canadian version H933, that’s OK we’ll get it to where it needs to be.

### Step 3) Flash the required Firmware.

What you will need:

1. A windows computer with a USB port. (Very Common)
1. If your copy of windows is 32 bit, edit the SetDev.bat script. (Step 1) Part 2.D
2. A USB Cable. Ensure you are using a reliable USB cable (If computer isn’t picking up a device when your phone is plugged in, but you phone is charging you maybe using just a charge cable, again use a known good reliable USB cable).
2. Download LGMobileDriver v4.4.2 (You need this, even if device shows up fine in Device Manger)

If you are wondering why two different firmware’s, cause this is required to “convert to the right firmware type” “Frankenstein Method”

Anyway, once you have all the required files.. Let’s succeeed this time!

#### Step 3 B) With the phone power on, plug it into the computer using your supplied USB cable.

though this what a good connection looks like, the cable in this case was not good and I was getting USB alerts from windows using it.

So I changed cables and now my setup doesn’t look at tidy, but it is working 100%

Once you see the above and the device shows up under device manager as a portable device. You can unplug the phone, and power it off as we prepare the phone to be flashed.

#### Step 3 D) Ensure LGUP is running in Dev mode (after running setDev.bat).

Now if the USB cable is good, the device is in Download Mode, and LGUP is in Dev mode, and the required DLLs were placed in the proper paths, LGUP should open up and you should see the following:

Select Partition DL, BIN File, and select the kdz file downloaded from above.

Flash US99810d_01_0411.kdz

Once done, your phone will softlock, with a small dead Android Character on screen, As expected a boot loop. So…

#### Step 3 E) Master Reset — using buttons:

A. Unplug phone and turn it OFF.
B. Press and hold the Power and Volume down buttons.
C. When the LG logo appears, quickly release the Power button only — then immediately press Power button again, while STILL pressing the Volume down button until you see the screen to select Yes to erase and reset everything.
D. Release both buttons so you can make your choices.

*This took me a couple tries to get, once I got it showed a cool  animation and then phone booted.

Then go through the out of box experience (OOBE), and go and check the software version.

Look at that… from Android 9, back to Android 7, going back in time!

However Morty we went back too far in time, we need to get back to Android 8! Didn’t anyone tell you what happened to Android 8?!

### Step 4) Flash US99820a_04_0330.kdz

So the exact same steps we just did above, we have to do them again for US998 Oreo. Do it again.

Ooooo there it is US99820a… sweeet.

This time cause the device was unlocked there wasn’t even an OOBE, it went right into the main area…. time to enable dev options!! I couldn’t do this last time… sweeet!

### Step 5) Confirm you’re in developer mode.

If Settings doesn’t show Developer Options, go to Settings/About Phone/Software Info, click Build number 7 times.

Enable OEM Unlock, and USB Debugging.

Installing the ADB tools is nothing more then extracting to a path on your Windows machine. On this PC, copy the new_unlock.bin you downloaded into this directory “platform-tools”.

### Step 6) Connect to USB and switch to Photo Transfer Mode.

(If you’re a normal user, you probably default to USB. You need Photo.) A prompt will appear on your phone to ask you to accept this PC to be authorized for USB Debugging.

I didn’t get this prompt till I attempted to send commands and it reported the device was not authorized to do so…

### Step 7) Using ADB commands to set Fastboot.

Open a CMD prompt as an admin, inside that command window, run (type and hit enter):

adb devices

To ensure the device (and only the device) is listed. If it’s not listed, verify that Photo Transfer mode. Sometimes you will need to do this step again, to ensure it eventually shows your device.

Reboot phone into Fastboot mode:

adb reboot bootloader

You should hear the Windows sounds of USB devices going and coming. And the phone has an odd screen.

From the same directory (Android tools),

### Step 8) Using fastboot command to flash unlocker bin.

fastboot flash unlock new_unlock.bin

For me I was getting stuck with fastboot stating “waiting for devices”, I followed this stackoverflow suggestion, and found the Device was in Device Manager as a new device that Windows didn’t recognize. I checked online for software/driver updates, and it managed to install the device.

That was fast…. Sweeet That’s it! That’s how you unlock the bootloader on a LG v30 H933! Cheers!

In the next Blog post we will be covering installing TWRP! Stay Tuned!

## Rooting a LG V30 (Or how to Brick one)

*NOTE* HUGE MASSIVE NOTE, RESET THE DEVICE TO FACORY BEFORE STARTING, FLASHING THE DEVICE BEFORE DOING SO WILL STILL MAKE THE DEVICE CALL HOME TO GOOGLE TO VEIFY IT HAS BEEN ‘RELEAESED’. IF YOU DON’T KNOW THE ACCOUNT PASSWORD ASSOCAITED WITH THE GOOGLE ACCOUNT THE DEVICE IS TIED TO THIS PROCESS IS USELESS!

AKA I just Soft bricked my LG v30 cause I forgot the password to the google account I temp created to play around with it. If you Did the above you can read the below on how to Root a Canadian based LG v30.

1. Download LGMobileDriver v4.4.2 (You need this, even if device shows up fine in Device Manger)
2. Download LGUP. by technightA. Uninstall any prior LGUP you have. Uninstall anything like Uppercut, which no longer works and causes conflicts with this Dev Patched LGUP.B. Extract LGUP_DualMode.zip to a folder on your PC.C. Browse into the folder and launch LGUP_Store_Frame_Ver_1_14_3.msi.
Follow the prompts to complete the install.

D. In that folder, right click and select “Run as Administrator” on “SetDev.bat” to set LGUP to developer mode.
-This is where I got super…. super, SUPER, annoyed. Read below…

E. Launch LGUP using the desktop shortcut, NOT the Install folder shortcut.
-Now you might bet an error “LGUP can’t load the model[C:\ProgramFiles(x86)\LG Electronics\LGUP\model\com”, You might Google this error... Probably find this guy who asks and gets no helpNot until this thread you might get a hint… I was really annoyed when I got saw the maintainers response here, like if so why isn’t it working? Then I decided to look at the bat script as mentioned in step 3. and lo and behold the answer hit me in the face. The SetDev,bat is written assuming a x64 based machine, thus assuming the system variable “%programfiles(x86)%” is defined, I was using a x86 aka a 32bit machine, and a 32bit version of windows doesn’t have that system variable. I changed the script to remove all (x86) from the system variable, re-ran the script and sure enough LGUP finally loaded successfully! Wooooo, does that feel good!

Choose Process : PARTITION DL (all partitions) or REFURBISH

3. Download US99820a_04_0330.kdz select this, and it fails, cause these fucking fucks can’t write a half decent fucking guide…. apparently….
“Read that Frankenstein post carefully; you have to flash to Nougat US998 first, THEN to Oreo US998. You should NOT avoid those steps. That post is my documentation for converting LS998 V30+ to US998 V30+. Adapt to your model.”Actually Download US99810d_01_0411.kdz (Partition DL, Select All)As expected a boot loop. So…

Master Reset — using buttons:
A. Unplug phone and turn it OFF.
B. Press and hold the Power and Volume down buttons.
C. When the LG logo appears, quickly release the Power button only — then immediately press Power button again, while STILL pressing the Volume down button until you see the screen to select Yes to erase and reset everything.
D. Release both buttons so you can make your choices.

*This took me a couple tries to get, once I got it showed a cool  animation and then phone booted.

K Now let’s install Version US998-20a…

I got the exact same error this time… reading  a bit further… man are you serious… ughh….

“NOTE: For Canadian H933 to convert to US998, @cre4per says you have to use DL Partition for both stages (Nougat and Oreo KDZ):

cre4per said:
That is what I tried but after the reset when i went back into lgup it would recognize phone as h933 and when trying to upgrade to oreo would say error cross flash h933 to us998, so i used DL Partition again instead of upgrade and it worked perfectly”

Not sure, if it was even required, but I guess it was a good thing I did cause I guess this is the process to unlock the bootloader on a Canadian version. What a freakin’ mess should be one firmware all regions, redic stuff.

Sure enough so far it’s working. K Finally! we are on the exploitable version of firmware, and we hopefully have all the drivers we need, so it should just come down to needing the ADB software and running the commands, I’ll first start with the minimal setup.

4. Download ADB Tools. We need this to run the commands to exploit this firmware we are now on, yippy.and this is where my heart sunk…. a month ago I reset this device, and I created a phoney toss away account to sign up for google. I did not set up secondary email, or tie it to a phone number. I also apparently forgot the password, also (a sad and hard lesson learnt here) Android/Google do what Apple does and tie devices to accounts, and if the device is factory reset calls home to ensure the device is removed from the account first before it can be used.Here’s the other sad part, I need to able USB debugging in order for the device to show up to use ADB commands, in order to unlock the bootloader…

I can’t reset my google account tied to the device, since I forgot the password, I can’t reset the account cause I never tied additional email or phone to the account, and it’s all AI driven so can’t even call in to get the account reset, and the only device I’d be able to reset it from, I factory wiped, which is this v30.

Only thing I can think of is I’d need to find someone who could get me the factory version of the exploitable firmware but with USB debugging somehow already on…

I’m so sad right now, I was so close to victory just to be burned by one stupid step and not realizing that Android does what Apple does now, if I had known I would have done things differently. I would have:

2. Wrote down all the credential information to the throw away account.

3. Tied the account to some other secondary email or number.

4. Factory wiped the device before flashing it.

These are the hard lessons learnt. Sigh…. I gotta grow stronger through embracing failures.

Well I can now add a nice v30 to my pile of e-waste, like the Blackberry Playbook I factory wiped and now can’t get past the OOBE, two OOBE soft bricked paper weights!

*Update* See my next post, I was able to get a local cell repair company to get past the Google Lockout, unfortunately I was unable to get the juicy bits to do so again in the future… this mistake costed me $40. 🙁 But I’m back down to one e-waste item… the Playbook. ## Azure AD and the ADConnect Here’s what I did, I found this MS doc for reference: 1. I followed this to guide me to make the “primary” tenant. no, I did not check either checkbox, **** em! 2. I read this content to understand the tenant hierarchy. 3. I added a custom domain (zewwy.ca), it said, sure no problem no federation issues, just verify. (Create a TXT record on the registrar to verify you own domain.) *refresh the page and the status will update accordingly. 4. I proceeded to download the Azure AD Connect msi file via the provided link after adding the custom domain. 5. Install: (This was on Server 2016 Core) 2015.. interesting… Click Accept Next. Enter the Credentials from Step 1 (or enter the credentials provided by your MSP/CSP/VAR. Enter the credentials of the local domain, enterprise admin account. If you wish to do a hybrid Exchange setup check the second checkbox, Not sure how to configure this later but I’m sure there is a way. At this time that was not part of this post’s goals. There was one snippet I missed, it appears to install a SQL express on the DC. Then it appears to install a dedicated service. This is Ground Control to Major Tom… This is Major Tom to Ground Control… You’ve really made the grade! They got all my passwords! wait … it worked…. like what? No Errors?… No Service account creations? It actually just worked?… Goto azure portal login, use my on prem credentials… and it logged me in…. I’m kind of mind blown right now. Well Guess on the next post can cover possibly playing with M365 services. Stay tuned. 😀 ## How to vMotion a VM without vCenter Well here I am… again… In short, you figure… “Ummm just vMotion the VM in vCenter” and for the most part I would agree, however what do you do if you need to move a VM, for example vCenter, and it just so happens to be on an ESXi host that is not within a cluster with other similar ESXi hosts, or in a cluster without EVC? (In most cases rare, sure) However I happened to be just in that situation recently. First thing I thought I’d just copy the files via ESXi console, using the CP command, and it for the most part it seemed to work for one smaller VM. However when I went to do it against vCenter. It seemed to be going longer then I had expected. After nearly an hour… I decided to see what was going on… but since I was just using CP command how do I find out the processes time? i.e stat -c “%s” /bin/ls” Oh neat, so when I went to check the source was 28.5 Gigs…. and the target was 94 Gigs… wait wait what??? I can only assume something messed up with the copying cause the files were thin provisioned… not sure stopped the process and deleted the files… Now I began to Google search and I wasn’t searching properly and found useless results such as this: Moving virtual machines with Storage vMotion (1005544) (vmware.com) then I got my act together and found exactly what I was looking for from here: How to move VMware ESXi VM to new datastore using vmkfstools | Alessandro Arrichiello (alezzandro.com) So basically I liked this, and it was what I needed, I was just slightly annoyed that 1) there wasn’t a nice way to do multiple VMDKs via his examples, just for all the other files, so I took the one liner from the other files trick, and found out how to get the path I need from the files in question. Low and behold here’s how to do the magic! 1) This assumes a shared datastore between hosts (if you need to move files between hosts without a shared datastore, follow this guide from VMware arena.) (I’m not sure but I think you can leave the VM’s registered, but they have to be powered down, and that there are no snapshots.) 2) Ensure you make the directory you wish to move the VM files to. mkdir /vmfs/volumes/DatastoreTarget/VMData 3) Copy/Clone VMDK files to target. find "/vmfs/volumes/DatastoreSource/VMData" -maxdepth 1 -type f | grep ".vmdk" | grep -v "flat" | while read file; do vmkfstools -i$file -d thin /vmfs/volumes/DatastoreTarget/VMData/${file##*/}; done 4) Copy remain files to target. find "/vmfs/volumes/DatastoreSource/VMData/" -maxdepth 1 -type f | grep -v ".vmdk" | while read file; do cp "$file" "/vmfs/volumes/DatastoreTarget/VMData/"; done

Once done cloning and copying all necessary files, add the VM from the new datastore back to inventory.

In the vSphere client go to: Configuration->Storage->Data Browser, right click the destination datastore which you moved your VM to and click “Browse datastore”.

Browse to your VM and right click the .vmx file, then click “Add to inventory”

Boot up the VM to see if it works, when asked whether you copied or moved it, just answer that you moved it. In this case it all depends on if you want the VM DI to stay the same as it is known within vCenter. As long as you properly delete the old files and removed it from the host inventory, this will complete the VM migration. If you don’t plan on deleting the old VM, or do not care about VM IDs or backups, then select “I copied it”.

Hope this helps someone.

## Failed to create VMFS datastore. Cannot change host configuration.

Quick one here. Create a new logical disk via RAID5, after an old logical unit failed from only a single bad disk.

No issues deleting the old logical disk, and creating a new one via HP storage controller commands.

However was greeted with this nice error.

I had the same problem and in order to fix it I had to run three commands through an SSH connection. From what I have seen and found this error comes from having disks that were part of different arrays and contain some data on them. When I ran the commands I was then able to connect the data stores with no issues.

1. Show connected disks.

ls -lha /vmfs/devices/disks/

(Verify the disk is seen. You will probably see your disk ID then :1. This is a partition on the disk. We only need to work about the main disk ID.)

2. Show the error on disk.

partedUtil getptbl /vmfs/devices/disks/(disk ID)

(It will probably indicate that the GPT is located beyond the end of the disk.)

3. Wipe disk and rewrite with a basic MSDOS partion.

partedUtil setptbl /vmfs/devices/disks/(disk ID) msdos

(The output from this should be similar to msdos and the next line will be o o o o)

I hope this helps you out.”

Looks like it worked… Thanks Cookie04!

## Disable Automatic Detect Settings via GPO

Hello everyone,

If you found this blog post, chances are you are trying to disable this setting:

Well let me tell you, it was not as easy as I thought.

*Expectations* go into GPMC, create a GPO, find a predefined option to deploy and done.

*Reality*… Try Again.

First off, a huge shout out to the IT Bros for some help in understanding some nitty gritty’s

In short:

• They use GPP or IEAK11 to set the setting, and define the properties.
-In this blog post I do too, but I do it differently, for reasons you’ll see.
• The Proxy Setting is usually a user defined setting, but there is a GPO option to change it to machine based setting.
-Computer Configuration > Administrative Templates > Windows Components > Internet Explorer. Enable the policy Make proxy settings per-machine (rather than per user).
-It was not described how to set the proxy setting, or define the proxy server address after setting this option. (If you know the answer, leave a comment.)
• The green underscore for the IE parameter means this setting is enabled and will be applied through Group Policy. Red underlining means the setting is configured, but disabled. To enable all settings on the current tab, press F5. To disable all policies on this tab use the F8 key.
-This is relevant when making IE option changes via the built in GPP for IE options.
-I found the F5/F8 to enable/disable options was global, all or nothing, and only worked on some of the tabs, not all of them.
-Defining IE options this way felt more like a profile or multiple options, and not granular enough to define just a single option. (This is the main reason for this blog post.)

All super helpful, but I didn’t want to do it this way as I only wanted to make a change to the one and only setting, I was hoping to do it without having to figure out the complexity of the IE options GPP “profile”.

I eventually stumbled upon the TechNet thread that ultimately had the answer I needed. A couple things to note from this thread, which is also covered by the IT Bros.

• The initial “Marked as Answer” is actually just the option to lock down the changing of the IE LAN Settings, Automatically Detect Settings. It does not disable it.
• The setting is enabled by default ON a non configured machine, or non-hardened domain joined machine.
• The actual answer is simple a Reg Key that defines the setting. (Thanks Mon Laq)
• The Reg Key in question is volatile (It disappears after setting it, there seems to be no official answer as to why, if you know please a comment).

Which leads to why do this in the first place if it appears to be such a hassle to set? Well for that it came down to answer by “raphidae” on this TechNet thread, which lead to this POC of a possible attack vectore, which apparently allows credential stealing even from any locked machine.

I unfortunately haven’t been able to test it, I don’t have the devices mentioned in the blog, but maybe any laptop can do the same just less conspicuous.

Anyway…. Long story short, to achieve the goal will have to be done in two parts.

1. Deploy a User based GPO (GPP to be exact) that will push the required registry key.
2. Deploy a GPO to lock down the changing of that setting.
*NOTE* From testing the end user has the ability to write/change the keys that the GPP pushes down to the end machine user settings to. The GPO simply greys out the options under the IE options area. It does not prevent the changing or creating of the registry DWORD. (I wonder if changing to machine settings could lock this down? Leave a comment if you know.)

So creating the GPO (Assuming a pre-created GPO, or create a new dedicated one):

In the GPO navigate to: User Configuration -> Preferences -> Windows Settings -> Registry.

Right click and Add new Registry Item, Ensure you pick the HKCU class.
Ensure Path = SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Type = DWORD
Value Name = AutoDetect
Value Data = 0

In the end it should look like this:

Given the GPO is configured in an OU that contains all your users, it should apply to the machine and you should see the checkbox for “Automatically Detect Settings” be turned off.

The second step now requires making another setting change, since this one is machine based I deploy it (link it) to an OU that contains all the end users workstations. (Again if I could figure out how to change this setting making it a machine based setting instead of user, you could simply the deployment to be all targeted at machines and not both users and machines.)

Anyway the second GPO:

This time drill down to: Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Internet Explorer -> Disable changing Automatic Configuration settings. Enable

Ensure machine are in the OU in question, and gpupdate /force on the end machines. The final result will be like the first picture in this blog post. Again this option really only greys out the UI, it does not in fact prevent users from adding the required key in regedit and having the option change anyway.

Hope this post helps someone.

*FOLLOW UP UPDATE* This alone did not stop the WPAD DNS queries from the machine. Another mention was to stop/disable the WinHTTPProxySrv. When checking this service via Services.msc it appeared to be enabled by default and greyed out to change the startup type or even to stop it. I found this spiceworks post with a workaround.

To test on a single workstation edit the following registry key:

HKLM\System\CurrentControlSet\Services\WinHttpAutoProxySvc

“Start” DWORD

Value = 4 (Disabled)

Sure enough rebooting the machine the service shows to be off and not running. So far checking packets via Wireshark shows the WPAD queries have indeed stopped.

*Another Update* I am unaware if these changes actually prevents the exploit from working as I’m unsure if option 252 for DHCP still allows for the exploit to run. This requires further follow-up, validation.

## vMotion – Not Allowed in the Current State

First things first, I vMotioned the vm to another host and that worked fine, so the issue appeared to be target related. I also found this post, which states to restart the mgmt and vpxa services:

/etc/init.d/hostd restart

/etc/init.d/vpxa restart

doing this on the source ESXi did nothing, again seeming the issue is on the target. Did the same tasks on the target and it still failed.

I then disconnected the target esxi, put it in maintenance mode, rebooted it, took it out of maintenance mode, reconnected to vCenter, and this time the vMotino worked.

Hope this helps someone.

## ESXi 6.x Datastore Not Mounted

Quick post here, I had to recover from a flooded basement. Sorry for the day outage. I had to put my disc in another server and load FreeNAS, and import my ZFS volumes, recreate the iSCSI targets, and then I added them to my ESXi hosts, and rescanning the HBAs shows the disks…

but the datastores were not visible…

so I googled and found this VMware thread with some helpful commands to try. (I do kind of agree with the OP, that its annoying they removed the front end UI for import that could handle this)

esxcli storage vmfs snapshot list

esxcfg-volume -M UUID

Ehh it worked!

Hope this helps someone. If this doesn’t work you might have some other underling issue?