VMWare Hardware Virtualization is not a feature of the CPU HP Proliant Microserver Gen10 Plus v2

For a while I’ve been postponing enabling Virtualization on my new microserver. But this weekend my wife was visiting her parents and I already watched all the series I wanted to, so no more procrastination!

Yet when I started, my HP Proliant Microserver showed this warning during the installation of VMWare ESXi VSphere:

<HARDWARE_VIRTUALIZATION WARNING: Hardware Virtualization is not a feature of the CPU, or is not enabled in the BIOS>

I ignored it, hoping for the best, but when I tried to power on a VM a similar message popped up:

Failed – This host supports Intel VT-x, but Intel VT-x is restricted. Intel VT-x might be restricted because ‘trusted execution’ has been enabled in the BIOS/firmware settings or because the host has not been power-cycled since changing this setting.

FIX: disable trusted execution (Intel TXT) in the Microserver BIOS

Follow these steps:

  1. Enter BIOS (F9 during boot)
  2. Enter menu option System Configuration

  3. Enter BIOS/Platform Configuration (RBSU)

  4. Enter Server Security
  5. Disable Microsoft (R) Secured-core Support
  6. Enter Intel Security Options and disable Intel(R) TXT Support
  7. Enter Virtualization Options and make sure Intel(R) Virtualization Technology, Intel(R) VT-d and Access Control Service are enabled

Disclaimer

Now you should know I just enabled and disabled these option based on reddit and Stackoverflow posts, and since nothing production like is running on this node I’m fine if I might have missed some steps or perhaps enabled too much. Basically I’m saying; You are responsible for your own server πŸ™‚ Check with a professional if your node is running more important tasks.

Yet if I made a booboo somewhere, I would appreciate if you would please let me know and I’ll update the post accordingly.

Simple http API backend for testing purpose using docker/kubernetes

At work we are responsible for an API Gateway offering. Testing of that API gateway is often done by using an API backend. This post shows how to create a static API backend to which you can easily add responses.

While looking for solutions I did not want to maintain another image, so I tried using an existing image and add config to mold it into something we can use.

I’m going to show both docker-compose and kubernetes yaml, as I’ve used both for testing.

Note: Create a local directory html for static files. These files contain the ‘responses’ for the backend.

Big thanks to my colleague Mahesh, who showed me a lot of cool tricks with K8s and OpenShift! Not only that, he helps me a lot with my simple questions and it’s been a lot of fun to figure out our (work related) challenges!
If you’d like then take a look at his blog over here: Mahesh Chinthaka – Medium

Setup

First up is the docker compose file which we can use for testing our backend locally. This file was the basis forwhat I converted to the k8s yamls.

Docker compose

version: '3.8'

services:
  nginxbackend:
    image: nginxinc/nginx-unprivileged
    container_name: nginxapibackend

    ports:
      - "8080:8080/tcp"
    volumes:
      - ./html:/usr/share/nginx/html
    restart: unless-stopped

Run docker compose up -d to start the nginx backend.

You can test the backend by opening this endpoint in your browser:

http://localhost:8080/yourfile.json

Note that yourfile.json should be present in the html directory

Kubernetes

Note: I’m not going to expose the NGINX backend outside of our namespace as I only want it accessible from the API Gateway, which resides in the same namespace.

If you want to test the backend, use docker or change the service to your liking.

The setup changes slightly because I don’t want to use local storage in my kubernetes cluster. In this setup I am using configmaps for the static response files.

K8s step 1: Create the configmap

kubectl create configmap nginxhtml --from-file=./html/

In the next steps we’ll mount the configmap for use in the pod.

K8s step 2: Create the deployment

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginxapibackend
  name: nginxapibackend
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginxapibackend
  strategy: {}
  template:
    metadata:
      labels:
        app: nginxapibackend
    spec:
      containers:
      - image: nginxinc/nginx-unprivileged
        name: nginx
        volumeMounts:
          - name: nginxhtml
            mountPath: /usr/share/nginx/html
        ports:
          - containerPort: 8080
      volumes:
        - name: nginxhtml
          configMap:
            name: nginxhtml

Create the service

apiVersion: v1
kind: Service
metadata:
  name: nginxapibackend-service
  namespace: apim-dev
spec:
  selector:
    app: nginxapibackend
  ports:
    - protocol: TCP
      port: 8080
      targetPort: 8080

Extra; Update the HTML configmap in kubernetes

You cannot update a configmap, so delete the current one and create a new one. Then recreate your pod so it uses the updated html directory.

kubectl delete configmap nginxhtml
kubectl create configmap nginxhtml --from-file=./html/
kubectl delete pod nginxapibackend-abcdefghij-abcde

Run a quick interactive shell in kubernetes for testing purposes

Today I wanted to check some stuff on a pod running in my local kubernetes cluster. I’m still getting used to Kubernetes, thus didn’t want something ugly like exposing that pod.

The easiest way of doing it for me has been to spin up a temporary pod using Ubuntu;

kubectl run myshell --rm -i --tty --image ubuntu -- /bin/bash

Now you can do whatever you want in the pod and when you log out of myshell, it’ll be removed immediately and we’re back to square one! <3

Citrix Workspace (ICAClient) no sound/audio in Microsoft Teams

Since last week I am working with a virtual desktop (VDI) through Citrix Workspace (ICAClient) and noticed I can not use Teams to call or join meetings.

This message is displayed in Microsoft Teams:

There’s a problem with your connection.
Still connecting to remote devices. Calling isn’t available yet.

Cause: HDX Optimized audio does not work

If you want to skip straigt to the solution, click here: Solution: Change MSTeamsRedirSupport to zero

How to diagnose if the cause is the same as what I encountered

Log in to your VDI, play some sounds AND talk into your microphone to make sure your audio is actually working. Check this via the sound mixer, that’ll show a moving bar if it’s receiving sound by your microphone. Speakers should work when you watch a random youtube movie.

Next; Open MS Teams and click the “Three dots” settings menu, choose About, then Version. When your Workspace and Teams are expecting HDX to work but it didn’t, you will see this message: Citrix HDX Not Connected

MS Teams, Settings – About – Version: “Citrix HDX Not Connected”

Note: If it would be working, you would have seen Citrix HDX Connected

The third option is if Teams does not expect Citrix HDX to work, then it simply doesn’t show anything about Citrix HDX and tunnels sound over the regular sound channels. This is what we want to accomplish in the next chapter.

There is a registry entry MSTeamsReditSupport, which is set every time you connect to your VDI with Citrix Workspace. From what I understand; Citrix Workspace communicates to your VDI that it is capable to receive HDX optimized audio streams. Next to that MS Teams checks that registry setting when it is started to use/not use HDX optimized audio.

Solution: Change MSTeamsRedirSupport to zero

Change MSTeamsRedirSupport to 0 (zero) in registry. The exact location of this registry entry is here:
HKEY_CURRENT_USER\SOFTWARE\Citrix\HDXMediaStream\MSTeamsRedirSupport

It’s a bit tedious to open Registry Editor every time, so you can also create a registry entry file MSTeamsRedir.reg
In this file you can paste this content:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Citrix\HDXMediaStream]
"MSTeamsRedirSupport"=dword:00000000

Remember; You should run MSTeamsRedir.reg every time you connect to the machine or when you restart MS Teams.

Why is this a problem?

I do not know exactly, but I know that the HDX optimized socket on my laptop can not be reached contact the VDI and I tried searching for a solution for a couple of hours. I then became fed up with HDX optimized sockets and thought about buying a macbook to just make the damn thing work. After that short existential crisis I kept searching for a possible solution and was happy to find this registry setting.

My emotions with Linux after figuring stupid things out which simply work on other OS’s

What I’ve tried and did not work:

1.) Run Citrix supplied hdxcheck.sh and see if you have all the libs installed, I tried installing all libs manually and in the end still had no HDX optimized sound in my VDI. You can run this command via the following path:
/opt/Citrix/ICAClient/util/hdxcheck.sh

2.) Install older version of Citrix Workspace, which didn’t use the HDX optimization and thus sound worked in all applications. I did encounter some bugs with full-screen not working properly on a bigger monitor. The version I used is linked below:
Download icaclient_19.12.0.19_amd64.deb via https://www.citrix.com/downloads/workspace-app/
Direct link to the download: https://www.citrix.com/downloads/workspace-app/legacy-workspace-app-for-linux/workspace-app-for-linux-1912.html

Sources:

Citrix.com: Enable optimization of Microsoft Teams

Citrix.com: How to collect Logs for Citrix Workspace app for Linux?

Update HP Proliant Microserver BIOS without Windows

I wanted to update my MicroServer Gen8 bios to the latest version but the download site on HPE only showed .EXE files. Since I’m only running Linux on my machines it was not possible to execute that file.

You can however update the BIOS via ILO (Integrated Lights Out) if you extract the BIOS file from the executable.

First download the .EXE from the HPE site: https://support.hpe.com/hpsc/swd/public/detail?swItemId=MTX_e9bfdf20809a426cb16ef9cd81

(Currently the latest version is SP99427.exe. If you want to be sure you’re using the latest BIOS then click the tab “Revision History” to see if there are newer BIOS files available)

Extract the contents of the executable. Have a look at the directory structure below and extract the file marked "CPQJ06xx.xxx"(where “x” might change depending on versions)

.
β”œβ”€β”€ How to Use.txt
β”œβ”€β”€ logo.gif
β”œβ”€β”€ README.1ST
β”œβ”€β”€ rev_hist.txt
β”œβ”€β”€ ROMPaq Flat Files
β”‚   β”œβ”€β”€ CPQJ0613.684
β”‚   β”œβ”€β”€ CPQSRVR2.CPU
β”‚   β”œβ”€β”€ README.1ST
β”‚   β”œβ”€β”€ Readme.txt
β”‚   └── ROMPAQ.EXE
β”œβ”€β”€ ROMPaq USB Key
β”‚   β”œβ”€β”€ CPQJ0613.684
β”‚   β”œβ”€β”€ CPQSRVR2.CPU
β”‚   β”œβ”€β”€ HPEUSB.exe
β”‚   β”œβ”€β”€ Readme.txt
β”‚   └── ROMPAQ.EXE
β”œβ”€β”€ Start_files
β”‚   β”œβ”€β”€ colorschememapping.xml
β”‚   β”œβ”€β”€ filelist.xml
β”‚   └── themedata.thmx
└── Start.htm
3 directories, 18 files

Then log in to ILO and navigate to the page “Firmware” via the Menu Option “Administrator”

At the bottom of the page select “Browse” to select the CPQJ06 file and then click Upload.

Let the upload complete and reboot your Microserver. When you start the microserver it displays the BIOS version and date in the first line.

You can also see the version in the ILO overview page.