Synology DSM 5.2-5644 fixes several vulnerabilities and improves stability


Synology has released DSM 5.2-5644 which upgrades PHP to version 5.5.30 that patches several vulnerabilities found in the older version of PHP. In addition DSM 5.2-5644 also improves stability across many different functions such as Btrfs file system, FTP connections, NTP service. DSM 5.2-5644 also takes care of the issue where a DSM critical patch could not be manually uploaded when the system was in a Hybrid HA cluster.

Read More “Synology DSM 5.2-5644 fixes several vulnerabilities and improves stability”

Secure Public WiFi using Synology VPN Server

Public WiFi is something many of use enjoy while we’re at the coffee shop, hotels, airports, libraries and so on, but one thing everyone should or needs to know is that public WiFi is NOT secure. In fact it’s so easy for people to eavesdrop and hack a public WiFi that even a 7 year old girl can do it, in under 11 minutes!

The solution would be to use a VPN which will encrypt your traffic between you and the VPN server. So even if someone is attempting to hack the public WiFi, your traffic becomes useless to them and thus your emails, chats, web browsing and file transfers are now secure and out of other peoples sight.

There are plenty of VPN services available such as NordVPN (which I also use), but you can also setup your own VPN server on your Synology NAS.

Read More “Secure Public WiFi using Synology VPN Server”

How to unlock vRealize Orchestrator default account

vrealize orchestrator account locked out

Earlier this month I posted how on how to fix the weak ephemeral Diffie-Hellman key issue in VMware vRealize Orchestrator 6.0.2 appliance. Another issue I’ve ran into is how to unlock vRealize Orchestrator default account. It seems you can lock the account after to many failed attempts but once locked the account does not seem to unlock… or at least for me after waiting more than a couple hours.

Luckily unlocking the vRealize Orchestrator default account is pretty straight forward.

Read More “How to unlock vRealize Orchestrator default account”

VMware vSphere 6.0 Update 1 available

VMware has released vSphere 6.0 Update 1, ESXi 6.0 U1 and updates for several other VMware products:

Read More “VMware vSphere 6.0 Update 1 available”

How to fix vRealize Orchestrator 6 appliance, weak ephemeral Diffie-Hellman key

vrealize orchestrator chrome error

I’ve recently deployed the vRealize Orchestrator appliance (6.0.2) and noticed right away that my default browser Firefox, would not load the Orchestrator appliance web panel. Firefox always complained about a weak Diffie-Hellman key.

An error occurred during a connection to ip-address:8281. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)

At the time I simply ignored it and just tried Google Chrome which it worked fine. That was until the latest release also broke with the same type of error message:

Server has a weak ephemeral Diffie-Hellman public key“.

I now had a problem and contacted VMware support, below is the very easy fix to make vCO 6 work in both the latest version of Firefox and Chrome!

Read More “How to fix vRealize Orchestrator 6 appliance, weak ephemeral Diffie-Hellman key”

VMware Workstation 12 Pro Released

VMware has just released a new version of Workstation in VMware Workstation 12 Pro. Workstation 12 Pro provides full support for Windows 10, including features such as Cortana and universal applications. As well as even larger virtual machines with up to 16 vCPU’s and 64GB of memory. Workstation 12 Pro even supports 4K displays and DirectX 10 and OpenGL 3.3

You can even seamlessly drag and drop virtual machines between your PC and your internal cloud running vSphere, ESXi or another instance of Workstation. In addition, easily connect to vCloud Air and upload, run, and view virtual machines right from the Workstation 12 Pro interface.

Read More “VMware Workstation 12 Pro Released”

How to easily add an ESXi SSH login message banner

ESXi issues message

Preparing for some upcoming audits, I noticed one of the checkpoints was to ensure each ESXi host was configured with a warning banner stating the machine is being monitored and audited when someone logs into the ESXi host via SSH. This type of message is something you see on most any company or government computer before you login.

There are two message types that can be used to achieve this, the first being login banner (/etc/issue) and MOTD (/etc/motd). The difference between the two are where they are shown. The login banner is shown between the username and password inputs during login, while the MOTD is displayed after a user has successfully logged into SSH.

Read More “How to easily add an ESXi SSH login message banner”