VMWare: ESX Microsoft Visual C++ Runtime Library Error When Using Converter Plugin

This error message is displayed during import or export of a machine under vCenter Converter plugin and sometimes with the standalone converter.

If a user environment has versions of VI Client 2.5 Update 1, Update 2, Update 3, or Update 4 that coexist with vSphere Client 4.0, and you install the vCenter Converter 4.1.0 client plug-in, when you start the vCenter Converter Import or Export wizard, the vSphere Client session is terminated abruptly. An OpenSSL DLL conflict between the VI Client versions and the vCenter Converter 4.1.0 client plug-in causes this problem.
Workaround: Go to the Launcher folder in the VI Client install directory, for example, C:\Program Files\VMware\Infrastructure\Virtual Infrastructure Client\Launcher, and delete the following DLL files from that location:

  • libeay32.dll
  • ssleay32.dll

For this workaround to function correctly, you also need to ensure that no additional copies of OpenSSL DLL files with different versions exist in the system path.

Also, make sure that the %TEMP% path does not have any non-english characters in it e.g. if you are using French / German / Spanish Windows OS. If you are, create the C:\TEMP directory and update your environment variables to point here.

Note for ESX users: if the fixes above do not work for you, try uninstalling all your VMWare clients, reboot and install the vCenter client from your vCenter’s https page. Now try and access your host using the vCenter client – you will connect and be prompted to download and install the Infrastructure client – if you do it this way then you shouldn’t have any issues.

CheckPoint: ISP Redundancy Limitations

When using ISP redundancy with load-balancing, there are a number of limitations where routing comes in to play, I’ll try to bullet point a few rules:

* In general, traffic responses will be routed back through the pipe the requests went out on. (you can force it to do otherwise but then you are into asymmetrical routing and you will be lucky to get your responses.)

* Anything with a static NAT will be forced out through the 1st link

* You can force certain services to go through your first link but you cannot force anything to go through your 2nd link – see here for instructions.

* You cannot use hide NAT to force anything to go through one link or the other – Checkpoint per se does not support source-based routing (policy-based routing)

* You can in theory force one particular machine to route through the 1st link by statically NATing it to a free public address on your subnet but you will need to have 1 routable IP per machine for which this is to be done. You cannot  force any traffic / services through your 2nd link.

If you really need the flexibility to route your traffic based on services and/or source IPs then you can:
* install a router in fron of your firewall which does policy-based routing

* if you are running on linux or SecurePlatform then you can configure the iproute2 daemon (this will NOT be supported by Checkpoint)

* if you are running on Nokia IPSO boxes then Policy-based routing functionality is built in from IPSO 4.2 build 069 onwards.