Welcome to my ramblings about Microsoft technology (mainly cloud related) and personal hobby projects. 🙂
Welcome to my ramblings about Microsoft technology (mainly cloud related) and personal hobby projects. 🙂
Hardware (why the Qotom device?)
For quite some time I’ve been looking for a power efficient home server that could run OPNsense together with some other services. These are the options I looked at:
This is the machine I bought:
Network setup
This particular machine comes with 4 network ports but in this guide just 2 ports will be used.
Port 1: WAN with MAC: 1A:1A:1A:1A:1A:1A:
Port 4: LAN with MAC: 4D:4D:4D:4D:4D:4D
Port 1 will be directly connected to the OPNsense virtual using PCI passthrough.
Port 4 will be connected to the default bridge created by Proxmox VE.
Our internal network will be 192.168.1.0/24
OPNsense will be configured on 192.168.1.1
Proxmox will be configured on 192.168.1.10
The MAC and IP addresses will be different in your situation, make sure to make a note of your MAC Addresses.
Install Proxmox VE
Let’s start by installing Proxmox VE:
Add the OPNsense image to Proxmox
The Proxmox management console will show 2 types of storage:
Let’s upload the OPNsense ISO:
Create the OPNsense virtual machine
The “VirtIO SCSI” is the fastest according to the Proxmox VE Admin guide:
“A SCSI controller of type VirtIO SCSI is the recommended setting if you aim for performance and is automatically selected for newly created Linux VMs since Proxmox VE 4.3. Linux distributions have support for this controller since 2012, and FreeBSD since 2014.”
Proxmox VE Admin guide states: “In short, if you care about live migration and moving VMs between nodes, leave the kvm64 default. If you don’t care about live migration or have a homogeneous cluster where all nodes have the same CPU, set the CPU type to host, as in theory this will give your guests maximum performance.”
Proxmox VE Admin guide states: “the VirtIO paravirtualized NIC should be used if you aim for maximum performance. Like all VirtIO devices, the guest OS should have the proper driver installed.”
You’ve now created the OPNsense virtual, don’t start it yet, first we need to configure the VM to also use network adapter 1.
Configure PCI passthrough for network adapter 1
Now we’re going to implement PCI passthrough for network adapter 1.
First let’s show the number of network interfaces in Proxmox VE by opening a terminal session and running “ip addr”
You should now be able to see the devices like enp1s0, enp2s0, enp3s0, enp4s0.
In my case “enp1s0” is network adapter 1. Next step is to determine the PCI card address by running “lspci”
On my machine the network adapter is located on address “01:00.0”
01:00.0 Ethernet controller: Intel Corporation I211 Gigabit Network Connection (rev 03)
Make a note of your specific PCI address.
Before PCI passthrough is available in Proxmox several settings will need to be configured:
This is only applicable for a machine with an Intel CPU!
Configuration for AMD CPU’s is explained in the Proxmox PCI passthrough article.
Now we need to open the configuration file of the virtual machine and add the PCI address:
That’s it!
Install OPNsense
Let’s install the OPNsense virtual.
Extra: validate Network Adapter 1 is not available to Proxmox VE
Once the virtual machine with PCI passthrough has been started, the network device isn’t available to Proxmox VE anymore. By running “ip addr” you will notice only devices enp2s0, enp3s0 and enp4s0 are shown.
Alternatively, you can take a look at the hardware in the VM by running:
Sources:
https://www.reddit.com/r/homelab/comments/7bs6so/any_good_guides_out_there_on_how_to_pass_through/
https://pve.proxmox.com/wiki/Pci_passthrough
https://en.wikipedia.org/wiki/Input%E2%80%93output_memory_management_unit
https://www.netgate.com/docs/pfsense/virtualization/virtualizing-pfsense-with-proxmox.html
One of our customers reported issues when opening documents from their local SharePoint 2010 environment using Windows 10.
On a freshly deployed Windows 10 machine, when an Excel document is opened
from SharePoint 2010 the following dialog pops up:
However, on several test machines, instead of the dialog, SharePoint 2010 opened Excel Online.
Whenever we pressed the “Open in Excel” button the error message stating “To open this workbook, your computer must have a version of Microsoft Excel installed …” appeared.
I checked for the SharePoint plugin (interceptor.dll) in Internet Explorer:
This seemed to be working fine…
And as (almost) always, after several Google searches, I wasn’t the only one with the issue.
The previous post leads to this blogpost.
https://blogs.technet.microsoft.com/office_integration__sharepoint/2014/10/15/office-365-click-to-run-and-app-v-5-sp2-edit-document-requires-a-microsoft-sharepoint-foundation-compatible-application-and-web-browser-error-when-opening-documents-from-sharepoint/
To verify we had the same problem, we stopped the App-V Client service.
Restarted the browser, opened SharePoint… and yes, the plugin was working again.
The reason why we had this issue to appear on just some of our workstations was related to App-V package installations, we activate the service just before the first App-V registration.
On a freshly deployed workstation I was testing an application package.
Whenever I’d like to validate the installation I run this from a command prompt with SYSTEM privileges (like Configuration Manager does).
To open a command prompt with these privileges I use:
psexec /s /i cmd
In this occasion, psexec returned:
Error establishing communication with PsExec service on [HOSTNAME]:
Access is denied.
Googling led me to:
https://stackoverflow.com/questions/828432/psexec-access-denied-errors
This thread offers a bunch of possible solutions; however, none was working for me (maybe it is useful for you?).
In my case the issue was created by the security hardening of the workstation, the following local policy caused the “Access is denied” error message:
“Microsoft network server: Server SPN target name validation level”.
On my machine it was set to “Accept if provided by client”. The Windows 10 standard setting is “Not configured” which defaults to “None”.
If the setting is enabled it can be found in the registry at:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters]
“SmbServerNameHardeningLevel”=dword:00000001