Installing 64 bit guests in nested ESXi 5

Holy Cow! Getting this to work by piecing together valuable information from various sources took forever.

If you are having trouble getting this to work and you know your CPU supports VT-x and Intel EPT this is what you need to do…

  • Add a line to the PHYSICAL host config. To do this you will need to SSH(putty) into your physical host. Make sure you enable SSH in the Host first using vmware client. Select the physical host, go to the configuration tab, go to the Security Profile settings link in the software window on the left side. Click on the Properties link for Services up at the top, select and highlight SSH and go to the options button, then click on Start.
  • Once SSHed in, put in your login and password then type the following… echo ‘vhv.allow = “true” ‘ >> /etc/vmware/config
  • Reboot the physical ESXi server you just modified. Note, although I have read you don’t have to reboot after making this change I would anyway. Also, after you restart the physical host SSH will by default turn back off.

Now you are ready to create the ESXi virtual guests.

  • Create a new VM
  • Select as the guest OS, Linux and in the Version drop down Red Hat Enterprise Linux 6 (64-bit). (This might not be necessary as selecting Other and Other 64 bit will probably also work)
  • Change Network Adapter to E1000
  • Select 2GB as the Virtual Disk Size and Thick Provision (This is an IMHO as long as you have a decent amount of space)
  • Select Finish as we need to complete the creation before changing a few necessary settings.
  • Now go into Edit settings for the newly created VM
  • Change the SCSI controller 0 type to LSI Logic Parallel
  • Select your network label (You will most likely want to create a new vSwitch and enable Promiscuous on the Physical host to make sure the virtualized ESXi guests operate correctly in the network)
  • Go to the options tab
  • Select and highlight General Options and off to the right change the Guest OS. Click on Other radio button and then use the drop down to select VMware ESXi 5.x. If this option is not there the you are editing the vm to soon or you didn’t select the Other radio button. If you try and do this step while initially creating the VM and instead of hitting finish you selected to manually edit the VM before it was created the option won’t be there.
  • Select and highlight CPU/MMU Virtualization and off to the right select the radio button for the last option Use Intel VT-x/AMD-V and Intel EPT/AMD RVI for MMU (not writing out the whole thing)

At this point I would keep this as a template for creating multiple ESXi virtual guests.

Open the VM in console and power it up. You should see it trying to boot from the network. Click the CD ROM picture with the wrench on it and attach the VM to either a stored .iso or a local .iso or a local CD ROM that has the ESXi hypervisor installation. Restart the VM by sending ctrl-alt-del to the VM.

If everything is working correctly you should not get the dreaded “<hardware virtualization warning: Hardware virtualization is not a feature of the cpu or is not enabled in the bios>”

If you do get that message when installing ESXi then check back over the previous steps. I think the 3 Key ingredients to this working (making sure the CPU has VT-x and EPT of course) are as follows:

  1. You must add the vhv.allow = “TRUE” to the config file on the Physical Host.
  2. You must have the OS of the virtual guest you are installing ESXi on selected as VMware ESXi 5.x
  3. You must select that last option for CPU/MMU Virtualization

Updates are your friend!

Not a day goes by that I don’t work on a home PC removing spyware or viruses that is missing all the current updates for Microsoft Windows, Java, and Adobe Acrobat.

Folks, if there is one thing you can do to minimize the cost of keeping your PC running well it is to keep up with the updates recommended for your PC by the software companies. Please take a look in your system tray… that is the area all the way on the right side of your toolbar (if it is on the bottom of your screen of course). There you will find little icons for programs that are either running or updates that are waiting to be installed. Click on the icons to look for updates. Java is an orange square, Microsoft is the Windows logo, and Adobe will usually be the Adobe logo in red. On some systems you might need to click an up arrow to see them all.


  1. Always install Microsoft Updates
  2. Always install Java Updates
  3. Always install Adobe Updates

The majority of risk to your PC is from viruses and spyware that take advantage of security holes in these products that are patched up by these updates. Run them whenever you see them and save yourself a lot of future hassle.

Can’t Print from Internet Explorer

Just some advice if you find yourself unable to print from Internet Explorer…

1.      Click Start, please type “inetcpl.cpl” (without quotation marks) in the Start Search bar and press Enter to open the Internet options window.
2.      Switch to the Advanced tab.
3.      Click the Reset Internet Explorer Settings button. (uncheck “delete personal settings”)
4.      Click Reset to confirm the operation.
5.      Click Close when the resetting process finished.
6.      Uncheck Enable third-party browser extensions option in the Settings box. (The scrollable window in the middle, it’s one of the many lines of settings)
7.      Click Apply, click OK.

9/10 times following these instructions will also fix other issues with Internet Explorer. Do note it deletes quite a bit of history information as well including cookies and stored passwords etc IF YOU HAVE “DELETE PERSONAL SETTINGS” CHECKED. So make sure it is unchecked unless you truly want to start IE from a clean slate.

Symantec Endpoint Protection won’t install

For those of you that have trouble installing Symantec Endpoint Protection on your clients I found these instructions to do the trick when I keep experiencing a roll back and the inability to install.

After uninstalling SEP or confirming it is not installed.

1. Delete C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\    (Windows XP, 2003)
2. Delete C:\ProgramData\Symantec\LiveUpdate\    (Windows Vista, 7, 2008)

Solution A) Invalid folder redirections
Windows 7 makes use of internal links and redirections that may not be understood by legacy installations and legacy software. To accommodate this, please check the settings that Windows 7 uses to determine certain folder locations within the operating system itself. Confirm that the settings are pointing to actual physical folders.

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData:
– Change the value=%APPDATA% to value=%USERPROFILE%\AppData\Roaming

Check any registry entries located in the key  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\ pointing to a folder has %USERPROFILE% as part of the value.

(Note: Verify the physical folder or folders exists, \Users\Default\AppData\Roaming, before finishing the renaming process. In addition, verify the value of the other keys located within the AppData folder, they all should be alike.)

4. Right-Click ‘Run as Administrator’ and run Setup.exe

Transfer files faster.

A quick post about a few inexpensive things you can do to avoid long wait times when transferring files.

If you find yourself backing up a lot of files to a portable drive or transferring a lot of files between your computers at home take a look at the following items…

Click the switch above and it will take you directly to the CompUSA page for the item. This is a Gig switch and will allow for faster transfer of your data across your home network. To make sure it will actually speed up your traffic you need to confirm the following…

  • Your computers support gigabit Ethernet – Check your model at the companies website and check under the network specs. All computers should be set at auto negotiate which means it will use the faster speed automatically.
  • You are not connected using wireless – For example this will not speed up traffic to and from your wireless laptop or wireless devices.
  • Your wiring – If your home is wired for CAT5 you need to be careful of wall jacks that have both a PC connection and a phone connection. There is a good chance the builder or installer cut corners and used a single cable for both connections which would not let you use gigabit, it would fall back to 100. To confirm just remove the wall plate and make sure 2 separate cables were used.

This will not speed up your internet, just transferring files to and from the computers within your home. So if you copy movies, music, or pictures to other computers in your network and all the devices are connected back to a central point (router, hub, or switch) this will make that process go MUCH faster.

To install you would connect the switch to your modem or router with a CAT5 cable and then connect all your home devices into the new switch.

Click the card above and it will take you directly to the CompUSA page for the item. This is a SuperSpeed USB 3.0 PCI Express x1 Expansion Card. This will give your PC the ability to use USB 3.0 to an external drive. You can use this if your PC is currently limited to USB 2.0 speeds (again, check your PC manufacture website for product details but chances are if your PC is over 1 year old it does not have USB 3.0).

Make sure your PC also has a free (open) PCIe slot. If the PC is only a few years old it should, but check on the manufactures website for your model to make sure.

For this to be worth while you will need either a USB flash drive or portable drive. Keep in mind that if you put files on a 3.0 device but later connect them to USB 2.0 at the office only your transfering at home will go faster (unless of course you add this card to your work PC or your work PC has USB 3.0 already.)

Here are the devices you could get for USB 3.0…


Again, you can click the images to go directly to where they are sold.

That is all for today.

What to do when you have Spyware.

I often get friends, family, and coworkers looking to fix their computers when they have spyware or viruses.

Before you take your PC to somewhere like CompUSA or Best Buy try the following to clean up your PC of stubborn spyware. Use another PC in your house or have a neighbor download and put these on a CD, USB Flash Drive, or Portable Hard Drive for you.

Malwarebytes – Free for home use and will take care of most Spyware related problems.
SuperAntiSpyware – Another free for home use program and should get rid of the rest.
Dr.Web CureIt! – Free and gets rid of the real stubborn spyware. If the first 2 don’t work try running this one in safe mode.

To enter safe mode, something you should do when scanning and cleaning spyware and viruses, restart your PC and hit F8 before the Windows start-up splash screen. I am not positive but I believe all 3 of these programs will work and install in safe mode (Cureit does not install it just runs). You might want to select the option of Safe Mode with Networking as the first two programs will need updating over the internet. If that still gives you problems restart and select just Safe Mode.

If you use these and still can’t access the internet or still have spyware/virus issues let me know and I can lend a hand. Friends and family I clean computers for free, referrals I do for $40. (Disclaimer, sometimes spyware/viruses are not the root of a slow PC and the culprit is typically a bad or failing hard drive).

After you clean up the PC of spyware and viruses use CCleaner from Piriform to remove unwanted registry entries that might be left over.

Sometime people get spyware and viruses because their Antivirus Software has expired and has not updated in some time. Either update your antivirus subscription or consider installing a new antivirus program.

If you are on Bright House I believe you can get CA Internet Security Suite for free (At least for a little while). If you have Verizon they have a monthly pay option for Verizon Internet Security Suite.

A completely free option that is pretty respected is AVG Free.

No matter what if you are running a Windows operating System you really do need to have an up to date antivirus program running.

The other option (which I have employed for a few family members that found it difficult to stay off sites loaded with Spyware) is to run a Linux based OS and avoid spyware altogether. An expensive way is to buy a new Apple Computer. The free way is to visit Ubuntu and download their OS for free. It is perfect for people that mostly just surf the web, chat, and e-mail. There is even a free software suite for opening and editing Microsoft office documents.

Any and all software that you need for things like movie editing, sound editing, photo editing, burning CD’s, etc is completely free as well and can be downloaded online through the OS very easily (Think Droid or IPhone app stores but with no charge for the software).

The operating system runs faster than Windows and is virtually impervious to Spyware and Viruses. The only downside is gaming and programs that are for Windows only. There is a way to even get these to work but it might be a little too technical and gaming performance will be effected. It’s a program called Wine, feel free to check it out if you want.

Network Troubleshooting

Today I saw some limited action (after spending the morning looking over a NAS proposal, a story for another day) looking into why our building across the parking lot lost internet connectivity.

The building is connected to Bright House back in my building through the use of a couple of routers and media converters (fiber to cat). Each floor has their own router.

First step as I headed in was the simplest. Reboot a PC. Sure there are a number of other things I could have done first but one thing I have always found is do the simplest things first and work toward the more advanced. I had already verified that the internet was available in my building so instantly an issue with the Bright House modem was ruled out.

A restart of the PC still left me with no internet available. Next was to go into the command prompt (type CMD in search from the windows icon in the toolbar or found in accessories).

Type ipconfig /all

This gives the IP address of the PC network adapter. I was looking for 192.168.x.y but alas I had a private IP. (169.254.x.y)

That immediately let me know that the DHCP of one of my 3 routers was not communicating to the PC (There is a more technical way to put this but I plan on my blog to be fairly layman in explanation). To refresh my memory, just in case the logical was not true, I entered into the config of both routers in the building to confirm DHCP was not enabled (To do this I set a static IP address in my network so I could communicate to the local routers). It was not, which meant there was an issue with communicating to the main router in my building connected to the Bright House modem (I has assumed that this router was handling DHCP requests). Since DHCP had not failed in my building it pointed to the fiber connection or media converters (which happen to be notorious for failing on me for some reason).

I moved the fiber from one converter to another and it instantly restored the connection between the 2 buildings. Problem solved. I made sure to mark the failed media converter for testing at a later date so we wouldn’t blindly use it thinking it was functional down the road.

Fun stuff, tomorrow I will post about a change I had to make to a run once script in Windows 7 and the mistake I made.

Tying Blog Posts to Facebook

Now that I have a shiny new Droid phone I plan on updating my blog more frequently detailing my daily trial and tribulations in the government IT world. I have linked my blog to my Facebook account so my posts should start showing up on my wall.

Hopefully some of the tricks and tips I run across might be useful.

Also, If it works correctly people should now be able to Facebook “like” my posts as well as leave comments using their Facebook accounts. Lets see how it works, if it succeeds I hope to add the same functionality to my wife’s scrapbooking blog.

display: none; is your friend.

You just have to know where in your style.ccs to put it for hiding things you do not want to see on your blog.

Windows Print Spooler service errors and stops

Had a user that could not access any of his printers or print because his print spooler would error and stop the minute it tried to start.

Solution from HERE

  1. Make sure the print spooler is stopped.
  2. Next, open the C:\Windows\System32\Spool\Printers folder. (Here, we are assuming that your Windows is installed in the default C:\Windows folder)
    Delete all the .SHD and SPL files from this folder.
  3. Restart the spooler and you should be good to go now.

You could also write a script to do the same action…

  • @echo off
    net stop spooler
    del %windir%\system32\spool\printers\*.* /q
    net start spooler

In this particular case a picture embeded in a Powerpoint slide seemed to be the culprit. I converted the slide to an Adobe Acrobat document and it solved the printing issue.

About Me

  • John Leto
  • Technical Lead

  • Microsoft Certified (MCSE)
  • CompTIA A+ and Security+ Certified
  • Dell Certified
  • Over 11 years of IT experience.

    Remote Help

    I use TeamViewer for remote support. Just click the icon to download the client software to your PC.