Cambium cnMaestro on XenServer - Welcome to emergency mode! [SOLVED]

I had to work on deploying cnMaestro On-Premises v2.1.0 on XenServer.

I was given OVA file cnmaestro-on-premises_2.1.0-r22_amd64.ova. Please don’t be confused by amd64 suffix in the file name, it simply means that it is 64bit (amd architecture based but not limited to amd processors).

After deploying OVA file on XenServer the VM started, but Ubuntu 16.04.5 (OS the product is built on) got stuck and went to “emergency mode”:

Welcome to emergency mode! After logging in, type "journalctl -xb" to view
system logs, "systemctl reboot" to reboot, "systemctl default" or ^D to
ty again to boot into default mode.
Press Enter for maintenance
(or press Control-D to continue):

After pressing Enter (it gives you root CLI) and executing “journalctl -xb” I figured that system was not able to mount sdb1 partition:

... systemd[1]: dev-sdb1.device: Job dev-sdb1.device/start timed out.
... systemd[1]: Timed out waiting for device dev-sdb1.device.

It’s worth to mention that according to “cnMaestro On-Premises Quick Start Guide” OVA supports VMware and Oracle VirtualBox, but NOT XenServer. As you might know, block device assignment is different between VMware and XenServer. In VMware environment you would see /dev/sdX for SCSI disks, in XenServer you would expect /dev/xvdX. You can see devices by executing “fdisk -l” command.

Checking /etc/fstab file I noticed an entry for /dev/sdb1. One of the easiest and straightforward workarounds is to modify /etc/fstab to replace /dev/sdb1 with /dev/xvdb1 which I did and it fixed the issue.

Keep in mind after VM started you should wait for few more seconds until UI if fully ready. Otherwise you will see “Service Temporarily Unavailable” page.

Good luck!

VMware - The OVF package is invalid and cannot be deployed. [SOLVED]

Quick note on the error I got when I tried to deploy OVA file to VMware ESXi 5.5.

The OVF package is invalid and cannot be deployed.
The following manifest file entry (line 1) is invalid: SHA245(example.ovf)=…

VMware KB 2151537 explains it:

This issue occurs because the vSphere Client does not support the SHA256 hashing algorithm.
You can convert the OVA from the Cryptographic Hash Algorithm SHA256 to SHA1. To do this, you can use OVFTool which is available on all OS at:

To do the conversion, run this command:

ovftool.exe --shaAlgorithm=SHA1 /path/to/the/original/ova_file.ova /path/to/the/new/ova/file-SHA1.ova

This is exactly what happened. I tried to deploy OVA file designed for VMware ESXi 6.0 on older ESXi 5.5. After downloading and installing VMware OVF Tool 4.3.0 I converted OVA file to use SHA1 and imported it to ESXi 5.5 successfully.

Good luck!

pfSense ESXi VM lost connectivity after reconfiguring Hypervisor’s vSwitch.

This is something new to me. I was needed to reconfigure VM Network in ESXi 6.0 using vSphere client and pfSense VM lost connectivity after I made changes. I checked the status of interface from Shell and got “no carrier”:

em0: flags=8843 metric 0 mtu 1500
        ether 00:0c:29:b9:e9:8a
        inet6 fe80::20c:29ff:feb9:e98a%em0 prefixlen 64 scopeid 0x1
        inet netmask 0xffffff00 broadcast
        nd6 options=21
        media: Ethernet autoselect (1000baseT )
        status: no carrier

After rebooting the VM connectivity restored. Oh boy...

DELL PowerEdge 1950 II as ESXi Server. [TESTED]

Yesterday my colleague was so kind and provided me DELL PowerEdge 1950 II (ST is 874P1D1) for FREE. It’s just a chassis with one slowest CPU, NO CMOS Battery, NO DRAM, NO HDD, NO DRAC, but it’s FREE right?

Well, I’ve ordered some parts to get it ready to install VMware ESXi and use it as a part of my home lab. Here is the list of hardware:
• Dell DRAC5 (Part Number: WW126 or G8593) - $10.
• Cables to connect DRAC5 and PE 1950 mother board - Dell DRAC Kit (Part Number: JJ379 or JC624 or PC033) - Two cables (50 pin and 44 pin) 1.5 Inches long each - $5.
• 32GB (8x 4GB) PC2-5300F - $100.
• 4 x Caddy for 2.5 SAS/SATA HDD - $10 each.
• Heatsink for Dell 1950 - $10.
• 2 x X5365 - $50 each. I used the following links: PowerEdge 1950 II and III max CPU upgrade + Intel® Xeon® Processor 5300 Series.
• 4 x SAS or SATA HDDs (price depends of drive that you want to order).


• Power it on and reset BIOS setting to the factory default.
Upgrade BIOS FW to the latest one version.
Upgrade SAS5 (PERC5i) FW version.
• Reset DRAC5 configuration to the factory default: Reboot the server, then press Ctrl+E to get DRAC configuration then you can find this option.
Upgrade DRAC5 firmware.

BIOS Settings

• Memory Information > System Memory Testing > Disabled (for fast boot because, testing 32GB RAM takes ~2 minutes)
• Memory Information > Low Power Mode > Disabled (by default)
• CPU Information > Virtualization Technology > Enabled (Disabled by default)

ESXi 5.5u2 Installation

This part is very simple. Download ISO file from, then burn CD, next, next, next, reboot, connect via vSphere Client and configure license key.

As I said, ordinary VMware image does work 100%, but if I would follow official way you probably might be interested in the following links:

Dell Customized Image of VMware ESXi 5.5 A00
Knowledge Base > ESX/ESXi Installation

Cisco ACS 5.3 - Installation process. [TESTED on VMware ESXi]

Tested with VMware ESXi 5.5u2 and ACS 5.3.

• Download ACS_v5.3.0.40.iso, upload it to ESXi via VMware vSphere Client (DataStore Browser).
• New Virtual Machine > Typical > Type the desired name of virtual machine > Choose datastore > Linux (Other Linux (32-bit)) > NIC config (not important) > Virtual disk size: 60GB, Thin Provision (to save datastore size) > Edit the virtual mechine settings before completion > Memory 4GB > CPU 2 (not important) > Cd/DVD - Datastore ISO File, Choose ACS_v5.3.0.40.iso, Connect at power on > Finish.
• Open a Console > Power On.
• Choose boot option “[1] Cisco Secure ACS 5.3 Installation (Keyboard/Monitor)”.
• Wait until installation process is completed, issue ’setup’ command and do initial configuration:

Please type 'setup' to configure the applicance
localhost login: setup

• Wait VM booted up after reboot, login via HTTPS using acsadmin/default credential, upload license file.
• Finished!


I still do not understand what’s going on with CCIE Security Lab exam, what ACS version does it have. It should be ACS 5.3 with the latest patch, BUT after upgrading to “AAA Reports” stop working at all!

Useful links

Secure Access Control System (ACS 5.x and later) Troubleshooting

Admin area