VMware VCSA 6.0 Won't Boot, password is expired and out of disk space

You decide to reboot your VMware VCSA 6.0 and discover it won't start.  Further, you can't log into it.  A fun easter egg VMware built in is that the root password expires after 90 days and log files tend to fill up the server.

To reset the root password-

Boot FULLY into the vcenter appliance.  It will take like 45 minutes.

Reboot, when the GRUB Menu comes up hit Space.  Then hit "P", the password is either your root password or "vmware".

Make sure "kernel" is highlighted, press "e".

Add a space at the end and add "init=/bin/bash", press "b" to boot.

To clear the password history, type echo "" > /etc/security/opasswd

Use the same root password as before so the database starts, to change the root password, type passwd root

To mount the file system, type mount

Type df to check the dispace, if it is at 100% do the following-

cd /var/log/audit

rm -rf auto.log.*

unmount /

mkfifo /dev/initct fi

reboot -f

Unable to backup workgroup servers with Veeam

You are attempting to back up workgroup servers with veeam with application aware processing, however Veeam fails not being able to access the ADMIN$ share.

To disable UAC remote restrictions, follow these steps:    

 - Click Start, click Run, type regedit, and then press ENTER.

 - Navigate to the following registry subkey: 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

 - Create a new DWORD 32-Bit Value called LocalAccountTokenFilterPolicy

 - Set the value to 1.

In my experience, you do not have to reboot.

Best Software to Recover Deleted Files on a Workstation

These are the programs I've had the best luck with-

Stellar Phoenix is great, but they are very proud of it $$$$$$ (Their Exchange recovery tools are good as well!)

EaseUS

Recuvah

Wondershare Data Recovery

How to prevent an RDS (Terminal Services) Server from prompting you for credentials before logging in.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\SecurityLayer value from 1 to 0 does indeed allow the user to change their expired password on Windows Server 2012 R2. I also found that, as an alternative, leaving the SecurityLayer value set to 1 but changing the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\MinEncryptionLevel value from 3 or 2 to 1 also allows the user to change their expired password.

How to mount a VMDK in Linux Mint / Ubuntu

This took way too much googleing.  This is what worked-

sudo su
losetup /dev/loop0 <vmdk file>
kpartx -av /dev/loop0
mkdir /mnt/vmdk
mount /dev/mapper/loop0p1 /mnt/vmdk

If loop0 comes back as busy, use another one like loop5.

How to configure Exchange 2013 to Rest the Out of Office to send an email every day instead of once-

Here is how you set up Exchange 2013 to send an Out of Office Response Daily instead of just once-

1) Create a folder on your Exchange server.  For Example, C:\ExchangeOOOReset.

2) Open Notepad and enter the following-
$enabled = get-mailbox -resultsize unlimited |get-mailboxautoreplyconfiguration | where {$_.autoreplystate -eq "enabled"} | select identity,autoreplystate

$enabled | foreach-object {
 set-mailboxautoreplyconfiguration $_.identity -autoreplystate "Disabled"
 set-mailboxautoreplyconfiguration $_.identity  -autoreplystate $_.autoreplystate
 }

3) Save the file as OOOReset.ps1, save it in C:\ExchangeOOOReset.  Make sure you select "All Files" so it doesn't add .txt to the files.

4) Open Task Scheduler, click Create Basic Task.

5) Name it, ExchangeOOO, click Next, Next, select the time of day it should reset, Next, Start a Program.

6) Under Program/Script-

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

7) Under Add Arguements-

-NonInteractive -WindowStyle Hidden -command ". 'C:\Program Files\Microsoft\Exchange Server\V15\bin\RemoteExchange.ps1'; Connect-ExchangeServer -auto; C:\ExchangeOOReset\oooreset.ps1"

That's it!

How to Secure ECP on a Single Exchange 2013/2016 Server

You do not want ECP accessible from the internet.  Here is an easy way to resolve this.  Note, if you do not have a wildcard cert you will get an SSL error.  Do not create an EXTERNAL dns record for this or you will re-enable ECP to the internet.

In my example-
Server Name- ExchSRV1
Default web site- Default Web Site
New ECP Site- InternalECP
Domain Name- contoso.com
New ECP URL- ecp.contoso.com

1) Go into IIS, right click on Sites, Add Website.  

Name- "InternalECP"
Physical Path- "C:\inetpub\wwwroot2"
Binding, Type- https
IP address- All Unassigned,
Port- 443 (Feel free to use another port for added security.)
Host Name- "ecp.contoso.com"

2) On your DNS servers, make a DNS A record for "ecp.contoso.com" pointing to your exchange server IP address.

3) Open the Exchange Management Console and enter the following commands-

New-EcpVirtualDirectory -Server "ExchSRV1" -WebSiteName "InternalECP" -InternalUrl "https://ecp.contoso.com/owa"

New-OWAVirtualDirectory -Server "ExchSRV1" -WebSiteName "InternalECP" -InternalUrl "https://ecp.contoso.com/owa"

4) Test that you can log into the new url and get into ECP.

5) Enter the following to disable ECP on the main site-

Set-EcpVirtualDirectory -identity "ecp (Default Web Site)" -AdminEnabled $false