Jul 28, 2019

VMWare : Clonning from Physical to Virtual

Recently I've encounter some problems of converting a CentOS v.5.0 into VMWare ESXi v.6.7, this is particularly due to the tool (vCenter Converter Standalone) doesn't support CentOS v.5.0

So, instead of installing a brand new CentOS v.7.0 and migrate all the Oracle database into the new VM (Virtual Machine) manually, I proceeded to "clone" the physical machine.

There are some considerations before proceeding, the physical server's hardware specifications. How much RAM was installed, how many "Logical Array" is using. This will impact the creation of the VM, as such the ESXi server (host) must have sufficient hardware to support such a move.

The process is relatively easy, as this is done through "Direct Console Login", I was not able to provide the screenshots due to security issues. But nonetheless this are the steps I've taken and was successful.

Assumption :

a) The existing physical server (CentOS 5) hardware is 2 x NICs, 8GB RAM, 300GB x 2 RAID1, 300GB x 2 RAID1, 600GB x 2 RAID1.

(Note : a total of Three (3) logical drives was present, this part is important at the later stage).

b) External USB 2TB or more HDD.


The Steps-by-Steps :

1. Download the latest version of CloneZilla. At time of writing, the latest stable version v.2.6.2-15 and the edition I've downloaded is (i686, ISO) which is compatible with the server's hardware.

2. Using your preferred ISO burner, burn a bootable CDROM disc and you might want to label it for easy references.

3. Shutdown the CentOS 5 server by running command : shutdown now -h

4. Insert the CloneZilla bootable CDROM disc and plugin the External USB HDD into the CentOS 5 server.

5. Power-up the server and Press --> [F12] key.
* Note : Your server might have different key for invoking the "Boot Menu".

6. Select booting from the CDROM drive and wait for CloneZilla to boot automatically.

7. Follow the on-screen instructions, like language & keyboard selection.

8. Next is to select --> device-image option.

9. Then select --> local_dev option, then it will prompt you to press [ENTER] key to continue.

10. At the next screen, you will be shown a list of all the local drives & external USB drives detected. Just press [CTRL] + [C] to continue. You need to ensure the external USB HDD is detected correctly.

11. Next screen is to select "Home/PartImg" location, which in this case is the external USB HDD drive.

12. Next screen when prompt, just select --> OK button to continue, then it will prompt you what is the task you wanted to perform, in this case we select --> save_disk option.

13. Next it will prompt you for the image's filename, put a name that is simple & easy to remember (eg. svr_centos5_28Jul19), next is to ensure the image file size is unlimited, type --> 1000000 to ensure Clonezilla will not split the file according to 4GB limitation.

14. Leave the compression as default at either Z0 or Z1, of course you can have higher compressions but since I have a 2TB drive... so not a problems.

15. Next is the encryption prompt, this all depends on you. But as I'm the only 1 person in-charge & I do not need to keep the image after restoring, I will not encrypt the image files.

16. When prompted, just press --> [Y] to start the clonning process, this may takes a few hours (mine took me 14 hours) and select --> Shutdown when completed.

Note : More information can be found at Clonezilla website, please do visit their website.


17. Once all is completed, we will be moving the VMWare server. First we need to create VM and all the configurations must match exactly as the CentOS 5 server, such 2 x NICs, 3 x Drives & 8GB RAM.

18. For the selection of Guest OS, I've selected --> CentOS 4/5 64-bit version.

19. Also I've configured the CDROM to use an ISO image file instead of the host's drive. I need it to boot into CloneZilla for the image restoration.

20. Next is plugged in the external USB HDD into the host server and add a "USB Device" in the VM, this is to ensure the drive is detected properly.

21. The following is boot the VM into CloneZilla and start restoring "restore_disk" process, leave everything as default will do.

Oh, you might want to select --> "Skip checking source image" option & "Shutdown" after complete.

22. Before power-on the VM, you need to remove the external USB HDD from the settings and also the ISO file.

23. Just power-on the VM like normal & look out for any irregular warnings or critical messages. But thus far I've didn't encounter any error messages or similar and everything just works as it was supposed to.


!!! HAPPY COMPUTING !!!

VMWare : ESXI v.6.7 - Change Hostname

A step-by-step on changing the VMWare ESXi v.6.7 hostname, no not the virtual machine's hostname but the Hypervisor's hostname.

1. Login to the Web Client interface.

2. Browse to --> Networking menu.



3. Select --> TCP/IP Stack menu (or tab).



4. At the --> Actions button, select --> Edit settings.



5. Click on the --> Edit the [Host name], [Domain name] and any other settings you've wanted.



6. Once completed, just click --> Save button.


!!! HAPPY COMPUTING !!!

Jul 5, 2019

VMWare : vCenter Converter Standalone (P2V)

I was doing a migration from Physical server to Virtual server, specifically in VMWare ESXi Hypervisor v.6.7

Luckily VMWare does have a FREE tools called VMWare vCenter Converter Standalone, download here. As of writing the latest version is v.6.2.0

The installation is very simple and straightforward, you just need to ensure the following ports is open at the firewall.

(A) Server Ports.

1. TCP = 443, 445, 139, 9089, 9090
2. UDP = 137, 138

(B) Client Ports.

1. TCP = 443

The above ports need to be enabled at the Firewall and I've only done the P2V from Windows Server 2008 R2 to ESXi v.6.7 Hypervisor. I've yet to try the Linux OS thus unsure how it will works.

Take note that the "Source" server must also have the Converter installed as "Agent", then from the "Server" Converter connect to the "Source" to perform the conversion.

!!! HAPPY COMPUTING !!!

Jul 1, 2019

Notebook : HP Beats 15-p016AU (Disassembly)

This is another example of bad design of notebook, you need to disassemble almost all the parts just for a simple HDD and RAM upgrades.

Let's start shall we....

1. Remove all the screws as shown.


2. You need to remove the black cover to reveal another hidden screws.



3. Next turn over the notebook with the keyboard facing you and slowly open the entire bezel, becareful on the keyboard & touchpad's ribbon cables.


4. After removing the bezel, you can now see the mainboard as shown below. If you have noticed, the RAM slots are not visible.


5. Disconnect all ribbon cables and cables and remove the screws as shown below.


6. Slowly remove the mainboard, as always do not force it out. Once the mainboard is removed, turn it over and now you can see the RAM slots (as shown below).


You know I don't really understand by manufacturer decided not to grant easy access to these components... I really don't... anyway I hope these will help others.

!!! HAPPY COMPUTING !!!

Ransomware : HORON (Recovering Encrypted Files)

Last week, a friend of a friend was very unlucky and got infected with Ransomware "HORON", all his files was encrypted or held ransom. He have asked his friend to assist but he only managed to clear the virus but not recovering his files, he also tried sending it to the nearest computer shop for help but they also can't assist further.

Lastly he seeks help from his friend and this friend so happens to knows me, well at first they did not told me it was ransomware, he told some kind of virus only. So I was like why there are no anti-virus installed in the first place ?

It seems that he's not very familiar on the terms of computer, all he knows is using it.... Duh!...

After some studies and checking on the ransomware, it was infected with "HORON" which it encrypts all the files such as Word, Excel, PDF, JPG, BMP etc. It will leave behind a text file demanding for ransom "_readme.txt" in each of the infected folders.

So I did some searching and studies on the internet and this ransomware is kinda old and was a known infections, luckily someone took the efforts to developed a tool to decrypt it ... bravo guys !!!

NOTE : I do not take credits on this, as the tools was not created by me, I just summarized the steps on recovering the files and removing the ransomware entirely.


1. On the infected computer, boot Windows into "Safe Mode". This can be done in 2 ways :

     a) Boot the computer normally, then search for "msconfig", goto "Boot" tab and enabled "Safe boot" option with "Minimal" setting. Save and restart the computer.

     b) During the POST screen (before the Windows loading screen), press [F8] key repeatedly to invoke the boot selection. Select "Start Windows in Safe Mode" option (the words may not be exact depending on which Windows you are running on).

2. Once boot-up, open Control Panel --> Folder Options. Under "View" tab, enabled "Show hidden files, folders and drive" option.

3. Now browse to --> C:\Windows\System32\drivers\etc folder and look for a file named "hosts", edit the file using "Notepad". Ensure there are no DNS entry in the file, if it exist just delete all entries and save the file.

Example of an empty "hosts" file should look like :

4. Next is to ensure there are not program started automatically, goto --> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp folder, delete all applications in the folder just to be sure.

5. Next is to ensure there are no entry in the registry, open "regedit" and browse to the following entry :

     a) HKEY_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Run --> Remove all entries just to be sure or if you know that is the drivers loading then leave as those entries as is, only remove entries that are suspicious or in doubt.

     b) HKEY_Current_User\Software\Microsoft\Windows\CurrentVersion\Run --> Do the same as above.

     c) Then search for "%temp%" folder, remove all entries also.

6. Once done, you can open back "msconfig" and disabled the "Safe Boot" option or if you press [F8] key then just simply restart the computer normally.


7. On a good/clean computer, download the following tools from the link below (note that some anti-virus may report these tools as virus and may blocked it from downloading, thus you need to temporarily disabled your anti-virus program before doing so).

     a) Download FileLocater Lite (aka AgentRansack), link here. This is an exe file, download and installed it on the infected computer.

     b) Download the "STOPDecrypter" latest version here. This is a zip file, download and extract on the infected computer.

8. Once both the tools is copied/installed on the infected computer, run the "STOPDecrypter" tool (run as admin), select "Yes" when prompted to continue.


9. Next is to select the infected folder by clicking on "Select Directory" button, note that the tool also works with sub-folders, thus only select the root folder. But beware that selecting the entire root folder will results slow response of the computer.


Once the folder is selected, click on the "Decrypt" button to start the process, this may take some times depending on the file sizes and quantity of the files. Some file types takes longer to decrypt such as .MP4 or video files.

As such it is important to decrypt only data files and not programs like .apk or .dbf or similar.

10. As the process only decrypt the files, the existing *.HORON files are still intact, thus if the decrypt is successful, you need to manually delete those files to avoid your HDD space running out. Use the "FileLocator Lite" tool to do this at more easy and convenient way.

     a) Click --> "Folder" icon (next to "Look in" field).
     b) Type --> *.horon (in "File name" field).
     c) Click --> Start button.

Example screenshot of the tool below :

Once the search completed, simply select all the files and press the [DELETE] key, next is to empty the "Recycle Bin" when you confirmed all data files is decrypted successfully.

NOTE : Be careful when doing this step, if you wrongly select the folder you may accidentally delete files that are yet to be decrypted.

11. Once all the files have been decrypted, you may want to transfer (Copy & Paste) to an external HDD or flash drive. Then you may want to reformat & reinstall the computer, just to be sure but this steps is of course optional but highly recommended.

Hope this will help others and do yourself a favour and install at least some kind of anti-virus like Microsoft Defender or better.

!!! HAPPY COMPUTING !!!