A common error that VCF admins may encounter is the reject HostKey error. This indicates a mismatch or incorrect SSH Host Key entry stored in the SDDC Manager's known_host file(s). In this post, we'll walkthrough the process of addressing and resolving this issue.

Caused by: com.jcraft.jsch.JSchException: reject HostKey: 127.0.0.1
    at com.jcraft.jsch.Session.checkHost(Session.java:799)
    at com.jcraft.jsch.Session.connect(Session.java:345)
    at com.jcraft.jsch.Session.connect(Session.java:183)

SDDC Manager uses the jsch library, which is a pure Java implementation of SSH2. jsch allows you to connect to a sshd server and use port forwarding, file transfer, scp, sftp etc

The reject HostKey error indicates a discrepancy between the expected Host Key and the one presented during an SSH connection attempt. This can occur due to various reasons, such as system restores, upgrades, manual key changes, manual re-installs etc, leading to authentication failures. These authentication failures can affect operations and workflows throughout the VCF environment.

VMware just announced VMSA-2023-0023 with a maximum CVSSv3 base score of 9.8 - which basically implies DANGER! Here is everything you need to know about this for your VCF Environments.

VMSA-2023-0023 includes two CVEs: CVE-2023-34048, CVE-2023-34056 - The severity of these issues has been evaluated to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

This VMSA affects all versions of vCenter Server, and is only limited to vCenter, not ESXi.

vCenter does not have an in-built mechanism to export and import Global Permissions.
In this post, I will describe a script that I have written - globalPermissionManager.py - that performs this export/import operations for Global Permissions.

What is globalPermissionManager.py ?

The script is available on my GitHub here.

The script is used to export ALL Global Permissions from a vCenter Server Appliance to an object file, and then re-import them as needed. The primary use case for this, that I use it for is : Cross Domain Repoints to a new SSO.

William Lam has a PowerCLI script which contains two functions New-GlobalPermission and Remove-GlobalPermission, if we need to interact with global permissions using PowerCLI : https://williamlam.com/2017/03/automating-vsphere-global-permissions-with-powercli.html

However, in my experience, having a python script that just handles everything for you and requires no input for individual users or groups, is a lot more convenient. The script uses the same underlying API as the PowerCLI script created by William Lam.

This post is going to be a little different - a different type of technical - not so much electronic, more on the woodworking front. Here, I am going to talk about how I built my own server rack for under a $100.

I will preface that the $100 is the cost of the actual materials - not the tools required to build said server rack.

Here is everything I used for this project:

• 7x 8ft 2x4 Wood Planks
• 2x 8ft 1x4 Wood Planks
• Circular Saw
• Drill/Impact Driver
• Pocket Hole Jig
• Wood Screws
• Sander
• Wood Stain
• Server Rack Rails

To start off, I first cut the 2x4 pieces pieces to the required length (for me - I wanted a ~40U rack) and made the "frame" for the front and back of the rack. I used pocket holes for the joints. The width of the frame has to be exactly 19" - as most server equipment is sized for 19" racks.