VMware - The OVF package is invalid and cannot be deployed. [SOLVED]

Quick note on the error I got when I tried to deploy OVA file to VMware ESXi 5.5.

Error
The OVF package is invalid and cannot be deployed.
The following manifest file entry (line 1) is invalid: SHA245(example.ovf)=…

VMware KB 2151537 explains it:

This issue occurs because the vSphere Client does not support the SHA256 hashing algorithm.
You can convert the OVA from the Cryptographic Hash Algorithm SHA256 to SHA1. To do this, you can use OVFTool which is available on all OS at: https://www.vmware.com/support/developer/ovf/.

To do the conversion, run this command:

ovftool.exe --shaAlgorithm=SHA1 /path/to/the/original/ova_file.ova /path/to/the/new/ova/file-SHA1.ova

This is exactly what happened. I tried to deploy OVA file designed for VMware ESXi 6.0 on older ESXi 5.5. After downloading and installing VMware OVF Tool 4.3.0 I converted OVA file to use SHA1 and imported it to ESXi 5.5 successfully.

Good luck!

pfSense ESXi VM lost connectivity after reconfiguring Hypervisor’s vSwitch.

This is something new to me. I was needed to reconfigure VM Network in ESXi 6.0 using vSphere client and pfSense VM lost connectivity after I made changes. I checked the status of interface from Shell and got “no carrier”:

[2.2.4-RELEASE][admin@pfsense-01]/root:
em0: flags=8843 metric 0 mtu 1500
        options=9b
        ether 00:0c:29:b9:e9:8a
        inet6 fe80::20c:29ff:feb9:e98a%em0 prefixlen 64 scopeid 0x1
        inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
        nd6 options=21
        media: Ethernet autoselect (1000baseT )
        status: no carrier

After rebooting the VM connectivity restored. Oh boy...

DELL PowerEdge 1950 II as ESXi Server. [TESTED]

Yesterday my colleague was so kind and provided me DELL PowerEdge 1950 II (ST is 874P1D1) for FREE. It’s just a chassis with one slowest CPU, NO CMOS Battery, NO DRAM, NO HDD, NO DRAC, but it’s FREE right?

Well, I’ve ordered some parts to get it ready to install VMware ESXi and use it as a part of my home lab. Here is the list of hardware:
• Dell DRAC5 (Part Number: WW126 or G8593) - $10.
• Cables to connect DRAC5 and PE 1950 mother board - Dell DRAC Kit (Part Number: JJ379 or JC624 or PC033) - Two cables (50 pin and 44 pin) 1.5 Inches long each - $5.
• 32GB (8x 4GB) PC2-5300F - $100.
• 4 x Caddy for 2.5 SAS/SATA HDD - $10 each.
• Heatsink for Dell 1950 - $10.
• 2 x X5365 - $50 each. I used the following links: PowerEdge 1950 II and III max CPU upgrade + Intel® Xeon® Processor 5300 Series.
• 4 x SAS or SATA HDDs (price depends of drive that you want to order).

Preparation

• Power it on and reset BIOS setting to the factory default.
Upgrade BIOS FW to the latest one version.
Upgrade SAS5 (PERC5i) FW version.
• Reset DRAC5 configuration to the factory default: Reboot the server, then press Ctrl+E to get DRAC configuration then you can find this option.
Upgrade DRAC5 firmware.

BIOS Settings

• Memory Information > System Memory Testing > Disabled (for fast boot because, testing 32GB RAM takes ~2 minutes)
• Memory Information > Low Power Mode > Disabled (by default)
• CPU Information > Virtualization Technology > Enabled (Disabled by default)

ESXi 5.5u2 Installation

This part is very simple. Download ISO file from Vmware.com, then burn CD, next, next, next, reboot, connect via vSphere Client and configure license key.

As I said, ordinary VMware image does work 100%, but if I would follow official way you probably might be interested in the following links:

Dell Customized Image of VMware ESXi 5.5 A00
Knowledge Base > ESX/ESXi Installation

Cisco ACS 5.3 - Installation process. [TESTED on VMware ESXi]

Tested with VMware ESXi 5.5u2 and ACS 5.3.

• Download ACS_v5.3.0.40.iso, upload it to ESXi via VMware vSphere Client (DataStore Browser).
• New Virtual Machine > Typical > Type the desired name of virtual machine > Choose datastore > Linux (Other Linux (32-bit)) > NIC config (not important) > Virtual disk size: 60GB, Thin Provision (to save datastore size) > Edit the virtual mechine settings before completion > Memory 4GB > CPU 2 (not important) > Cd/DVD - Datastore ISO File, Choose ACS_v5.3.0.40.iso, Connect at power on > Finish.
• Open a Console > Power On.
• Choose boot option “[1] Cisco Secure ACS 5.3 Installation (Keyboard/Monitor)”.
• Wait until installation process is completed, issue ’setup’ command and do initial configuration:

***********************************************
Please type 'setup' to configure the applicance
***********************************************
localhost login: setup

• Wait VM booted up after reboot, login via HTTPS using acsadmin/default credential, upload license file.
• Finished!

Update

I still do not understand what’s going on with CCIE Security Lab exam, what ACS version does it have. It should be ACS 5.3 with the latest patch, BUT after upgrading to 5.3.0.40.10 “AAA Reports” stop working at all!

Useful links

Secure Access Control System (ACS 5.x and later) Troubleshooting

Admin area