Author's details

Name: Mike Foley
Date registered: January 4, 2011
URL: http://www.yelof.com
AIM: foleymik
Jabber / Google Talk: mike@yelof.com
Yahoo! IM: mikiefoley


Husband, Dad, Geek Virtualization Evangelist @RSA, the Security Division of EMC. Disclaimer: I might talk favorably about EMC/RSA/Iomega/VMware products #ad

Latest posts

  1. A general error occurred — September 14, 2015
  2. Recommended vSphere-focused Security Sessions at VMworld 2015 — August 6, 2015
  3. Custom certificate on the outside, VMware CA (VMCA) on the inside – Replacing vCenter 6.0’s SSL Certificate — July 15, 2015
  4. Creating a Microsoft Certificate Authority Template for SSL certificate creation in vSphere 6.0 — June 30, 2015
  5. vSphere Hardening Guide GA now available — June 15, 2015

Author's posts listings

Sep 14

A general error occurred

I’m not a fan of obtuse error messages. VMware’s not alone in this by any stretch. When I was an OpenVMS system manager (get off my lawn!) I would get an error message like this:

This would cause me to yell “But I AM the system manager dammit!!!”

Bottom line, stuff happens. It’s happened before and will happen again. We all learn from these things and we work to make things better. I’m writing this blog article so that when you search for “A general error occurred” and “vcenter” you’ll find the solution. I’ll also work with my VMware support colleagues to get that error message in the KB’s as well.

So, some background. I ran into a small problem the other day while building out my lab. It’s been fun for me lately because the past couple of years I’ve been so focused on vSphere security stuff that getting stick time in the lab has been understandably hard to get.

The lab environment is pretty simple. Four servers configured with VSAN and an NFS share. I had the domain controller and VCSA installed and was about to deploy a couple of OVA’s. The first one was Log Insight and then NSX Manager.

When I went to deploy Log Insight, I went through the normal “Deploy OVF Template…” workflow

After I selected the storage and clicked on Next I was presented with a strange error message. “A general error occurred”


Needless to say, this was puzzling. After trying a number of different options I posted this on our internal Socialcast site. I mentioned that I had tried numerous browsers, etc.. I got lots of great feedback and ideas from many of my colleagues. Of course, William Lam always answers these things first and he asked stuff like “Have you checked DNS resolution everywhere?” and “I’ve also seen CIP get weird at times and uninstalling/re-installing as helped in the past”. I tried all those things and more. Flushing DNS caches, etc.. William was on the right track with the CIP issue.

It was another colleague, Hany Michael, who had the solution. In a nutshell, it was an issue with CIP, the Client Integration Plugin. In Hany’s case, he had installed Update 1 and installed the latest CIP over the existing installation. In my case, I’m not entirely sure how I got into this situation but the solution was easy.

  1. Uninstall the existing CIP
  2. Reboot the system the CIP is installed on
  3. Install the U1 CIP (build 3279)

Here are the locations of the U1 CIP  (thanks William!).

Client Integration Plugin for Windows:

Client Integration Plugin for Mac OS X

By updating to this version of the CIP you’ll also sort out issues with Chrome and the NPAPI issues. See more at this VMware KB article written up by Blair. As always, the KB is the most up-to-date so always review it before committing.

When that’s all done you should be good to go. After I did it I was able to deploy OVA’s from my jumpbox in the lab. I did that someplace over the Midwest as I was winging my way to Las Vegas to catch my flight to San Francisco. Isn’t WiFi on a plane a wonderful thing?

I hope this helps.


Aug 06

Recommended vSphere-focused Security Sessions at VMworld 2015

Hi everyone,

Here’s a quick blog post for you as you’re going through the VMworld Schedule Builder for VMworld 2015. Below is a list of security sessions that are primarily focused on vSphere Security. The NSX guys have a whole other laundry list of awesome sessions but for now, we’re going to focus on vSphere. Let’s get started!

I’m going to group these by their presenters.

Mike Foley

INF4758 – vSphere 6 Security Update Tuesday at 12:30pm
Get updated on what’s new in vSphere from a security perspective. You’ll get an overview of things like the new Lockdown Mode, an introduction to the big changes in vSphere security certificate management and the big changes that were made to the vSphere Hardening Guide.

INF5177 – vSphere Security: Fact .vs. Fiction (A 2014 repeat, back by popular demand!) Wednesday at 4pm
Is your security guy on your case about vSphere Security and thinks “VM Escape” is the primary threat? Learn the facts vs the fiction about security threats and come away feeling empowered to have “that” discussion with your security guy. Better yet, bring him along!

INF5539 – Infrastructure Security Panel Discussion Wednesday at 10am
Industry IT and Security experts get together and talk about the challenges, concerns and goings-on in virtualization and cloud security. The panel consists of folks from Financial and Heathcare, Federal government, Enterprise security and auditing and yours truly. Come prepared to ask questions!

INF6396-GD Platform Security with Mike Foley Wednesday at 11am
This is a group discussion where YOU are the content! No death by PowerPoint, just me facilitating a rountable discussion of you and your peers. We’ll talk about vSphere security and share tips and tricks.

EXPERTSMFO – Meet the Experts with Mike Foley Tuesday at 3pm
Here’s your chance for some one on one time! In my opinion this is one of the most under-utilized opportunities at VMworld. Take advantage of it! Book some time and let’s talk! If you’re looking for a discussion on network security and NSX however, please book time with those folks. Book this and other Meet The Experts sessions when you get to VMworld. It’s usually at the top of the first escalator in Moscone West.

Yuecel Karabulut

INF5339 – Protect your VM data with VM Encryption for vSphere and vCloud Air
I can’t say anymore than “Get up early and get to this session”. Seriously, I can’t say anymore!

Ryan Johnson and Adam Eckerle

INF4529 – VMware Certificate Management for Mere Mortals
Take two talented IT guys with TONS of real-world customer experience and toss them together with the new vSphere 6 certificate story and you get a great discussion on certs for the everyday IT guy.

Johnny Ferguson

INF4946 – vSphere 6 Security Deep Dive: Certificates and Identity
You asked for it and you’re getting it. This is the session for deep diving into vSphere certificate management and identities. Johnny is the Product Manager for Identity Management, SSO and certificate managament.

Bob Wehrfritz

SDDC6404-QT – The future of Trust and Security
VMware customers range from small to HUGE. All of them (I would hope!) have concerns about security. Some of these concerns can be addressed in some of the sessions listed here. When you need to go even further and dive into the nitty-gritty and bits and bytes, VMware’s Security Group is now there with a new program just for you. Check out what Bob has to share and visit the VMTA folks in the VMware booth!

Hands On Labs!

Check out both HOL-SDC-1610 and HOL-SDC-1620 to check out some security features as part of the vSphere HOL and get hands on with different security features of vSphere. For more information, visit the VMworld 2015 Hands On Labs site.

There you have it.. It’s GREAT to see how much security on the vSphere platform itself has grown and continues to grow. As you’re building out your personal catalog of sessions and want to learn the soup to nuts on certificates, start with my session INF4758, then check out Ryan and Adam’s session INF4529 and wrap it up with Johnny’s mind-blowing session INF4946.

Enjoy and see YOU at VMworld 2015!

Jul 15

Custom certificate on the outside, VMware CA (VMCA) on the inside – Replacing vCenter 6.0’s SSL Certificate

A customer recently asked me “How do I replace the “external” SSL certificate of vCenter but still use VMCA in default mode?” Ever curious, I asked “Why?”. His security team required that any “externally” facing management web pages needed to have a custom certificate that chained up to the corporate PKI. But behind that, they were totally cool with using VMCA in default mode (with the self-generated root certificate) for things like ESXi servers and solution users.

Read the rest of this entry »

Older posts «