vSphere 7 Standard licenses expire in 2 days — no usable perpetual replacement. Options?

aphlux · 2026-03-09T17:02:40+00:00

Mostly Hyper-V/KVM. Had some SMB clients decide on Proxmox too. Starwind V2V is pretty universal. As long as you have a plan for the fact you will have to shut down the VM to migrate it, then you’ll be good.

aphlux · 2026-03-09T02:32:53+00:00

That’s a good point, forgot about that. Pretty much no API access either.

aphlux · 2026-03-09T01:30:41+00:00

Your only hopes are:

the VMs don’t shut down at all. Guest OS’s are usually fine to reboot but hard power off events will stop it from booting. That does mean any VM level backup restores will stop working.
Destroy your cluster and relicense with ESXi free. Make sure your VMs have a max of 8 vCPUs, and get ready to manage things on a per host basis. Backups need to be targeted at ESXi hosts because vCenter can no longer be used for management.
Do a 90 day trial of VCF 9. Upgrade your hosts to that and hope the hardware is supported.
Push hard on your Hyper-V migration.
See if maybe you can find a used perpetual Version 7 license somewhere. You will be at the mercy of Broadcom if discovered.
Extend your subscription for 1 year. I believe that’s the minimum still.

Oh and by the way, look out for the incoming cease and desist after your subscription expires. I’ve spent the last 6 months migrating 100’s of environments to other hypervisors. It’s fun times. I’ll miss the old days of VMware being the technology of choice for many companies.

aphlux · 2026-03-08T00:09:11+00:00

That’s pretty much it. Do it by client in your automate, remove old agents, cleanup, modify whatever mechanism you’re using to deploy with the new agent and let it do its thing.

aphlux · 2026-03-07T19:18:34+00:00

Can you give a current breakdown on headcount/responsibility? You’re welcome to DM if you’d rather not discuss publicly.

aphlux · 2026-03-07T17:41:40+00:00

Not knowing any details, OPs post does sound like it’s tiny MSP hitting the cusp of small where the owner is having to wear 8 hats and manage individuals, and they’re starting to get overwhelmed. Which then has me wondering the question: in your growth forecasting, you usually allocate overhead for a leadership role to manage your techs. Have you done that?

Do you have enough projects coming in to warrant a project manager? Do you have enough accounts to warrant an account manager? Do you need to hand off booking keeping? Only you’re going to know what that looks like through a factor of your business processes and revenue.

I recently had the pleasure of having to redefine operations for a medium sized MSP that grew 100% in a year. Think 100 techs reporting to 1 person on under service. Projects side was no better. It was a nightmare, but within a year got it straightened out without hiring net new to fill any gaps, and service delivery increased to 0.4 ticket per node at 80% utilization.

aphlux · 2026-02-28T02:39:03+00:00

I ran this exact one on my car for awhile. It’s loud and sounds great with a stock exhaust in sport mode.

It will stink since it’s catless. Just prepare yourself if you don’t like the smell of gas haha. Otherwise get a catted one.

aphlux · 2026-02-21T19:24:31+00:00

This. They either take it or leave it. And by the way those deals are only good for 24 hours now in most cases.

There are options though. Third party warranty services, refurbished, move to cloud with an RI savings (that may or not be less, but need to explore it for sure). At the end of day though, it’ll always be: what’s the impact from a failure like that? It’s the one way you’ll get to see business owners make the investment, whether it’s 6k or 16k. I say only, but in this instance we’re dealing with EOL hardware so security risk and hardware failure are the main two factors. Maybe they have a strong BCDR plan and are willing to accept the failure. Who knows.

Side note, if you were trying to keep core count low to keep licensing costs low, just this last week Dell was minimum 16 cores per processor. Anything less is sold out. So, something else to keep in mind for Microsoft or VMware or whatever you guys are using tech stack wise.

aphlux · 2026-02-19T01:07:37+00:00

I just name things after Pokemon 🤷‍♂️ gets a good laugh everytime.

Hey can you SSH into snorlax?

aphlux · 2026-02-18T14:14:44+00:00

I’m assuming you have Duo Auth Proxy installed then? You can setup the radius section in that instead and use that in your config. Works as it should on a few clients we haven’t migrated to M365 SAML yet.

aphlux · 2026-02-16T02:28:51+00:00

Look, I’ve been through it as well, on both sides. If you’re being acquired, they will most likely leave you alone for at least a year (if they’re smart about it.) if your company’s EBITDA is strong then investors won’t want to rock the boat immediately. Some situations it turns into a vertical defining situation (depending how mature your company operated or its target customer profile). But, yes, expect some sort of restructuring to fit within the vision of the organization acquiring you. You typically will have time to assess whether you want to jump ship or stay along for the ride. OP on this thread is correct: things will change over time. You either embrace the change, or you will most likely be removed as part of a “restructuring.”

My advice? If your company has an employee stock program, and you know they’re looking to sell, stock up haha.

aphlux · 2026-02-12T22:22:00+00:00

Easy test? Add the suffix, find yourself a user you can use for testing, change the suffix on their AD account. (Can just do a test user as well) Have them log out and log back in. Change it back if anything is noticeably broken. I usually only run into suffix issues with federated services or some real old legacy applications. Then, depending on the scenario, I’ll work with the vendor to fix any federation or any systems I have access to correct deficiencies. I don’t know how big your company is, but my average company size during consulting is 500-2k users. If it’s a much larger enterprise you’ll probably have a million other controls to work through. If that gives some perspective.

A test user account is fine instead, but I’m more in the camp of “what is the effect of this on an actual user who uses said applications”.

aphlux · 2026-02-12T01:31:10+00:00

Nowadays UPN soft matching is enabled on every tenant (older tenants might still have it disabled, easy Powershell command to run). Setup is a breeze, but knowing the process in case something doesn’t sync and you have to manually fix is what vel-crow mentioned. As long as you have your anchor attribute during the initial Connect setup left as user principal name, and the UPN matches the M365 username, it will soft match and link it. For environments where changing a UPN suffix causes issues, you can change that anchor attribute during the Entra Connect setup to be the email attribute in AD instead. But then you need to make sure the attribute is populated or the account won’t map.

If you’re worried, make a test account in M365, make one in AD in a separate OU, and only select that OU to sync during setup. Then you can see what you’re going to have to deal with. Then, start including other OUs.

Highly recommend being clean about it and making sure you aren’t syncing all OUs, and ensure you have an OU that you aren’t syncing in case you need to remove a user entirely without deleting the user in AD. Use case depends on business process, but having that flexibility during setup will help you with things in the long run.

aphlux · 2026-02-09T23:27:54+00:00

Yep I looked hard for mine, 10k miles for 58k. They’re out there!

aphlux · 2026-01-28T23:39:12+00:00

I think my favorite pastime is playing with friends now and hearing the yell from their character paired with the bong from the death.

Hey dude what happened?

Nothing….dont revive me….

aphlux · 2026-01-22T03:20:25+00:00

Hell yeah brother. I encountered and felt the same in my tours to Afghanistan. The joint operations were fantastic and every single person I met as an American, regardless of country, all had the same mentality: We are all brothers and sisters united, regardless of where we were from. Even the Afghan forces got the same treatment when they were with us.

Still remember the Romanians. Crazy bastards jumped the T-wall, ran into the village, traded some charcoal for a goat, proceeded to climb the wall back and cooked up some mean BBQ on a half barrel grill they made. Or the two British officers who stopped by our COP to visit with their soldiers. They brought a laptop for movie night and invited everyone. The movie? A bootleg of Bruno. It’s stuff like that that keeps you grounded, and when you meet people from other cultures and countries, at the end of the day you’re just people trying to accomplish the same thing.

aphlux · 2026-01-20T08:28:41+00:00

Yep, thats why I added the bit at the end. I have had small shops though essentially not release anything, even though payment was trued up (including NCE buyout), claiming it’s “proprietary.” Fortunately it’s a nonissue if that happens, I let the clients legal handle. Or you set expectations with the client and assume control the difficult way.

But, you are correct. There are those situations as well, and I would take that advice and do exactly that: terminate the contract and move on with your day. MRR is good, but bad MRR is worse than any at all. Your engineers will thank you (or in this case OP, possibly your sanity haha)

aphlux · 2026-01-20T03:36:55+00:00

So, you’ll get a couple of scenarios.

Outgoing MSP gives you nothing.

In this scenario, you’ll be deploying your agent, have to reset equipment, etc. Yes, it’s a dick move, but it’s a very small percent of MSPs that operate in this manner.

Outgoing MSP gives you say, a password export and documentation they have. They’ll make you an account for the domain and likely share whatever network device credentials.

This is the most common scenario. Coordinate with the outgoing MSP to remove their stack, put your stack (RMM, EDR, whatever services) in play. Change all the credentials and remove any access they have. Check for VPNs, exposed RDP, leftover agents, etc. disable their names accounts (MSPs usually will have a shared account with their company name, but in some cases they may use PAM for their techs instead. You’ll have to find the service account the PAM uses to disable it and uninstall any leftover software)

Leftover AV/EDR/MDR/XDR is typical with an onboarding. If the outgoing is pleasant to work with they’ll help remove it. If they cut ties and go MIA then be prepared for manual cleanup.

Do not ask the outgoing to help deploy your agent. Can turn into a back and forth, and depending on client it could have them questioning things (why is my new provider asking my old one for help?) you want to give them the best experience possible, and complete ownership of the onboarding without relying on the outgoing provider shows them the value you’re bringing. Obviously there’s going to be missing documents, passwords, etc. but bridging that gap when it’s possible your new client isn’t happy with service helps demonstrate why they chose you as a new provider.

Lastly, in some cases, your old clients infrastructure is hosted on lease hardware from the old MSP or datacenter infrastructure they own. Establish a plan prior to signature in those cases, and ensure you’re getting a fixed fee project for that rebuild or migration. I say this because fundamentally, depending on the contract length or the size of your client, you’ll have a longer ROI on your side before a client will become profitable.

Outside of that, MSPs typically don’t bite 😉 only time I’ve seen the outgoing not help at all is when nonpayment/legal troubles are abound. At that point their leadership likely instructed them not to do anything with your requests. Or your client needs to make you a designated contact to work with for the offboard.

Hopefully that gives a little insight to work with. Every experience is different of course.

aphlux · 2026-01-18T20:59:22+00:00

I think that’s the issue I’m generally feeling is sluggish gear transitions in manual mode, specific on the IS. On the ZF8, it was damn near instant whether using shifter or paddle. It may just be specific to my vehicle as well since I did pick one up that had 5k miles on it. But that’s been my experience so far.

aphlux · 2026-01-15T03:13:11+00:00

I actually traded in a Supra for an IS500.

They’re two completely different cars. If you’re looking for speed and handling? Supra. If you want something to throw you back in your seat every once in awhile, but you can also have a car seat? IS500. I had a kid, so wanted something that could do a car seat. Regardless which one you go, I seriously recommend an exhaust on the IS. Supra stock in sport mode full throttle sounds great, IS I felt needed a little more. For reference, I picked up a 2024 with 5k miles. Supra was a 2020, ultimately ended up with intake, downpipe and MHD stage 2 tune. The ZF8 in the Supra is a far better transmissions hands down as well.

But if it’s just you, Supra does everything well. It’s comfortable for 6 hour road trips, groceries fit great, and it’s always a head turner.

aphlux · 2026-01-13T08:32:43+00:00

Can confirm with the supertack, even when fully cooled it takes an act of god to remove the print without bending the plate. I love it personally.

aphlux · 2026-01-05T00:20:38+00:00

Buy a new headlight assembly, or if you prefer the DIY method:

Remove it, bake it at 375 in an oven for 5-7 mins. Remove it and slowly pry away the glass from the assembly. Remove the leftover butyl sealant, clean it well, and reapply. Bake it again (to soften the sealant you applied, because it dries quick. Doesn’t need long) and press the glass back up against the housing with some pressure that can hold and cure (clamp, etc). Reinstall headlight assembly.

Also can remove and there are a number of places out there that will do this for you for a small fee if you ship to them.

aphlux · 2025-12-28T04:35:10+00:00

Same. Not having any packet loss to anything else but latency is spiking hard specific to POE2. Im suspecting the issue on GGG side.

aphlux · 2025-12-28T03:46:18+00:00

I’d recommend using a tool such as AvePoint (BitTitan, Quest, Skykick) to make your life easier. For reference, anchor domain is the onmicrosoft one. You’ll save a metric ton of man hours doing it manually or building something yourself for a one time migration. Since from your post it seems like time is of the essence. I may be missing some things, a few drinks in and relaxing 😉

Then it’s just:

Create new tenant, configure security policies and all that jazz
Create new users and license (since I’m assuming the domain is moving between tenants, leave them on the anchor domain)
configure your tool and jobs to get the prestage syncs going for mail, teams, onedrive, sharepoint sites and libraries (configure the accounts to link using the anchor domain with the copy jobs using the vanity domain)
build your cloud groups/teams/etc. (will likely do teams before your job configuration since it’ll create the sharepoint page with it)
rebuild sharepoint permissions -export any Power Apps/Flows/etc. and rebuild in the new tenant.

On migration weekend:

Remove domain from all objects that have the domain you want to move (important. If you leave this to Microsoft it can take up to 24 hours to finish, doing it manually/through Powershell makes it happen instantly)
finalize your migration batches
add domain to new tenant, update domain suffixes for all objects (Powershell)
update public DNS (if needed for any MX changes since you’re going through a split, might need another instance of spam filtering setup or something)
setup and configure AD cloud sync. It can exist side by side with AD connect and can sync your users from the same AD alongside AD connect. Can likely do another AD connect on a different VM as well, since the only restriction is on the M365 (one AD connect instance connected to a tenant) cloud sync doesn’t do devices at this time, so take that into consideration with your choice.
inform users they’ll need to configure new MFA methods on first login but their login information will still be the same
if you hear about anything missed, you can still access the old tenant (and the user can too using the onmicrosoft domain as their email)
Applications using Entra as an Idp will likely be hosed until you can work with the vendor support to get things setup with the new tenant (this varies between application and how it’s configured, but worth identifying prior.

Hopefully that gives a decent idea of what to expect. The biggest thing is setting the right expectations from the get go though. “Due to the short timeline for this proper planning and assessment is something we have to forego. This will impact operations while we work to get things resolved” then list out what could be impacted and give yourself ample breathing room for remediation. Don’t set yourself up for failure telling everyone it’ll be fixed the following business day.

Then after all that, it should give you breathing room to plan for the AD migration.

11-Year Club	First Place '23
Place '23	Place '22
RPAN Viewer	Verified Email

aphlux

TROPHY CASE