Posts from category "2021"

Windows 10 legacy BIOS boot change UEFI - without OS reinstall

If you are, like me, using Win10 with legacy BOOT option and would like to start playing with newest Windows 11 version - first problem probably will be TPM (Trusted Platform Module) chip... which can be easily added to VM - if it runs UEFI based boot firmware. Change, without proper existing disk preparation, could went wrong in terms of non-bootable machine etc.

Summary - it can be done without OS reinstall and here are proposed steps that worked for me:

- of course - some kind of backup/snapshot should be there, just in case ;)

- run command "Get-Disk" which should give you output that Partition style is MBR;

- before actual conversion you can run validation with command "MBR2GPT.exe /validate /allowFullOS" - using variable "allowFullOS" inside running VM;

- after successful validation - actual conversion is done by using command "MBR2GPT.exe /convert /allowFullOS";

- shut down VM after conversion is done and change to UEFI boot option - Fusion example below:

VMware Fusion change VM UEFI settings

- after change and powering VM up - "Get-Disk" should show GPT as Partition style like this:

Disk Partition style as GPT

- at the end you can easily add new device - TPM module to VM - again with shut downed Win10 environment :)

NSX Advanced Load Balancer (ex AVI Networks) Lets Encrypt script integration

I would like to share very useful setup for VMware NSX ALB (ex Avi solution) in terms of usage freely available Lets Encrypt certificate management solution. Basically, provided script gives you automation inside NSX ALB environment, without the need for some external tools or systems. Putting it summary these are the required steps:

- create appropriate virtual service (VS) which you will use for SSL setup with Lets Encrypt cert - this can be standalone service or SNI (Service Name Identifier) based (Parent/Child) if needed. Initially you can select "System-Default" SSL cert during the VS setup;

- create appropriate DNS records for new service in place - out of scope of NSX ALB most of the times. NSX ALB Controllers should have access to Lets Encrypt public servers for successfull ACME based HTTP-01 certificate generation/renewal;

- Download required script from HERE

- Follow rest of required configuration steps on this NSX-ALB-Lets-Encrypt-SETUP - in terms of user creation/script adding/CSR...

- I would like to give you an special attention in case you have split DNS scenario from VS and Controller perspective - last step during certificate generate/renewal process with script is verification of received Token using ACME HTTP-01 check, which will FAIL in case you have this type of DNS scenario (ie "Error from certificate management service: Wrote file, but Avi couldn't verify token at http://<URL>/.well-known/acme-challenge/<token-code>..."). Bellow image gives you an option to resolve this type of setup by using special, script integrated, variable:

NSX ALB Lets Encrypt split DNS verification bypass variable

After successfull certificate generation - you just need it to assign it to appropriate virtual service (created at beginning or existing one) and after that renewal process will be automated per default NSX ALB (Avi) policy on 30, 7 and 1 day before expiration.