VMware vExpert 2016!

Written by Suhas Savkoor

So VMware announced the 2016 vExpert results on February 5 2016 and I am honoured to say that I have been awarded this title. A year and half into VMware and the work has certainly paid off. Congratulations to everyone who were awarded this award again and to those who were selected for the first time. 

What is VMware vExpert?

The VMware vExpert program is VMware's global evangelism and advocacy program. The program is designed to put VMware's marketing resources towards your advocacy efforts. Promotion of your articles, exposure at our global events, co-op advertising, traffic analysis, and early access to beta programs and VMware's roadmap. VMware will provide you with a unique vExpert ID that will allow insights into analytic to help understand customer trends to assist you and keep your advocacy activities on track.

Thank you VMware and cannot wait for 2017!

Click this link here for the list of all 2016 VMware vExperts. Ctrl+F away to find your name!

Cheers!

Upgrade: VCSA 6.0 External PSC to 6.0 U1

Written by Suhas Savkoor

In the previous article, we saw how to deploy a vCenter appliance 6.0 with an external PSC. 

In this article, a simple one, we will see how to upgrade this 6.0 GA appliance with external PSC to 6.0 U1. Since, 6.0 GA appliance does not have the Web GUI page for management, the patching and upgrading has to be done via command line. 

The upgrade process is very simple and similar to upgrading 6.0 appliance with embedded PSC.

I will not be attaching any screenshot to this, since it does not require any. 

Step 1:

Now, with an external PSC, you will have two virtual machines. One virtual machine is for a PSC (Platform Services Controller) and the other virtual machine is for vCenter Server. 

Now you have to mount the ISO on the vCenter Server virtual machine. If you try to mount the ISO on the PSC machine and run the upgrade command, it is going to fail.

Step 2:

Once the ISO is mounted to the vCenter machine, open a SSH (Putty) to this vCenter machine and login with root credentials. 

There is no requirement to open the bash shell. 

Once logged in to SSH simply run the below command to directly apply the patches to the appliance:

Command> software-packages install --iso --acceptEulas

This will apply the patches and once done, you need to reboot the appliance using the below command:

Command> ​shutdown reboot -r “Updated to vCenter Server 6.0 Update 1”

Step 3:

If you do not want to directly apply the patches (Step 2), but stage the patches first and then apply it, then there will be a different route that will be followed:

First, you need to stage patches using the below command:

Command> software-packages stage --iso --acceptEulas

Then you can review the staged patches:

Command> software-packages list --staged

Then you will have to apply these staged patches:

Command> software-packages install --staged

Finally, you will have to reboot the vCenter appliance:

Command> ​shutdown reboot -r “Updated to vCenter Server 6.0 Update 1”

Step 4:
Verify the update. 

From the SSH of the vCenter server enabled bash shell and then run the below command:

# vpxd -v

This will give you the build number of the appliance. Correlate this build number to the release version using this KB article.

Also, you can verify this by opening a browser and going to https://<vcenter_IP>:5480
Since this is 6.0 U1 you will now have access to VAMI page (Web GUI management page)
Simple!

Installing vCenter Appliance 6.0 With External PSC

Written by Suhas Savkoor

Previously, we had seen how to install Appliance 6.0 with embedded PSC. In this article, we will deploy an appliance 6.0 with external PSC. Where the platform service controller resides as one virtual machine and the vCenter node resides as another virtual machine.

Pre-requisites:

• As always, ensure the DNS entry is set up for the virtual machines in forward and reverse lookup zones. 
• There will be two virtual machines deployed, one for PSC and the other one for vCenter node. They both have their own IP address and own FQDN, and the forward and reverse lookup must be configured for each one of them prior to proceeding with the deployment. 
• A windows machine that acts as a mount point for the ISO.

Deploying Platform Services Controller:

Step 1:

Mount the vCenter 6.0 appliance ISO on a Windows machine and install the client integration plugin from the " vcsa "  folder.

Once the client integration plugin is installed go to root directory of the ISO and open the vcsa-setup.html file (preferably using IE/Firefox) You will come across the below screen.

Click the Install option to begin the setup wizard.

Step 2:

Accept the EULA terms and conditions and proceed Next

Step 3:

• Provide the details of the ESXi host on which you want to deploy the PSC node. 
• FQDN or IP address of the ESXi host; root user and its password. 

Step 4:

• Give a short name to this appliance, this name can be anything. However, I prefer to keep this name same as the short name that I added in the DNS record. 
• Provide a new password for the root user of the appliance.

Step 5:

• You will come across the deployment type screen. Since this is an external deployment, we will go with the second part. And since PSC contains the SSO, certificates, lciesing and other services, this node has to be deployed first. 
• Select Install Platform Services Controller

Step 6:

• This is the first node that we are deploying, hence select the Create a new SSO domain option.
• Enter a new password for the SSO user of the appliance.
• SSO domain name: This has to be a unique domain name. It can be anything, here I am using the "vsphere.local" as my SSO domain. The SSO user then would beadministrator@vsphere.local
• SSO site name: Any site name that is required.

*Note* If you have an existing domain in your active directory, say, xyz.com, DO NOT use this domain as your SSO domain. This will prevent you from adding users under to xyz.com domain to the vCenter for management. 

Step 7:

Select a datastore where the PSC node should reside.

Step 8:

• Fill out the Network Settings for the PSC node
• Network label: Where the appliance should reside on your vSwitch/DVswitch port-group
• IP address of the appliance and FQDN of the appliance. Again, this has to be reflected in the DNS entry.
• Subnet, gateway and DNS server entry. Enabled SSH if required at the very last.

Proceed Next and begin the installation. Once the installation is complete, you will be asked to manually start the vCenter Server install. 

Deploying vCenter Server Node:

Step 1:

Click the Install button on the web page and begin the installation again.

*Step 1 to 4 remain the same*

Step 2:

In the Deployment Type select the Install  vCenter Server option and proceed Next

Step 3:

• We need to join this vCenter to previously deployed PSC node. 
• Enter the PSC node's FQDN (Preferred than IP address)
• vCenter SSO password that was configured in the previous steps for authentication
• Leave the port at 443

Step 4:

Select the size of the appliance depending on the inventory size of your environment. 

Step 5:

Select a datastore on which the vCenter node should reside.

Step 6:

Select the type of database for vCenter. vPostgres would be an express database for the appliance unless you have an external Oracle database. SQL DB is not yet supported for appliance.

Step 7:

Enter the vCenter node's network details

Proceed Next and begin the installation. 

Once the deployment is complete, login to vCenter using Windows Client or Web Client and verify it is working good. Since I have deployed a GA version of the appliance you do not have the Web GUI management page for the appliance. This is only available from 6.0 Update 1 onward.

View ESXi Logs From The Web Page

Written by Suhas Savkoor

Short article for how to view ESXi logs from a browser than opening a Putty to the host. One method, is to use the Embedded Host Client. If not, then:

1. Open a browser
2. Enter:

https://<ESXi_IP>/host

3. When asked for credentials, enter root and the password.
4. You will see the below page for logs:

*Note: This is not a real time logging, and needs to be refereshed for any recent changes*
SSH all the way, but why not something on the side!

Connecting A ESXi 5.5 U3b Host To A vCenter With A Lower Version.

Written by Suhas Savkoor

Lately, I have been seeing more and more cases with VMware Support regarding, "Unable to connect an ESXi host to a vCenter after upgrading it to 5.5 U3b" The common error you get when you try adding this host to a vCenter is

" Cannot contact the specified host. The host may not be available on the network, a network configuration problem may exist, or the management service on this host is not responding "

This is because, with 5.5 U3b SSLv3 is disabled, however, on a vCenter that is on a version lower than 5.5 U3b has SSLv3 enabled.
To resolve this, the best method would be to upgrade your vCenter to 5.5 U3b.

If you do not want to upgrade vCenter, then you can enable SSLv3 on that upgraded ESXi host. However, this is not a best practice and is not recommended by VMware, because it defeats the purpose of the upgrade. However, if you want to, then you can proceed with the below steps:

There are two parts were you need to enable SSLv3:

A) Enabling SSLv3 for Hostd - Port 443
1. Open a SSH to this ESXi host.
2. Browse to this location using the below command:

# cd /etc/vmware/rhttpproxy

3. Backup the config file:

# cp config.xml config.xml.bak

4. Edit the file using the below command (Press i to begin edit)

# vi config.xml

Locate the <vmacore>, then locate the <ssl> Under <ssl> add the following entry:

<sslOptions>16924672</sslOptions>

5.Save the file by pressing Esc and then typing :wq!

B) Enabling SSLv3 for Port 902 (Required to connect to vCenter)
1. From the same SSH of the host, run the below command:

# esxcli system settings advanced set -o /UserVars/VMAuthdDisabledProtocols -s ""

Restart the rhhtpproxy using the below command:

# /etc/init.d/rhttpproxy restart

That's it, now you can connect this ESXi 5.5 U3b host to a lower version of vCenter. However, again, this would not be a recommended practice as this will expose the host to SSLv3 POODLE vulnerability.

Configuring Serial Port As A Loop-back COM Port For The Same Virtual Machine.

Written by Suhas Savkoor

If you have missed out on "How to configure COM ports between two virtual machines" video, here is the link to it.

In this article, we will see how to configure COM port on the same virtual machine. This is used in a scenario like; You have an application that monitors a set of readings in your environment. When the readings cross a particular threshold, then it has to generate a signal or send some information to an alerting system using a COM port.

Now, in Windows, when you go to device manager and expand the Ports option, you can see that there are two COM ports; COM1 and COM2. These are always there irrespective of whether you have configured serial port or not for that specific virtual machine.

Configuring serial port for the same machine:

1. Power OFF the virtual machine for which you are trying to configure this COM port.
2. Go to Edit Settings and Click Add. Here select Serial Port and click Next. 
3. Select Output to named pipe and click Next
4. The pipe name should be of the format: \\.\pipe\<pipe_name>
5. Near End: Server; Far End: A process
6. Create another COM port for this same virtual machine. Click Add. Select Serial Port and Output to named pipe option again.
7. Here the pipe name should be the same as the one with first serial port.
8. Configuration for second serial port; Near End: Client; Far End: A process
9. Click OK

Testing COM port setup:

1. Power ON the virtual machine and open CMD in administrative mode, and open Putty to COM1 in serial.
2. Type the following command in CMD:

echo text > COM2

3. In the Putty you can see the message "text" being echoed.
4. The Putty is on COM2 and CMD on COM1. Hence the Putty is listening for incoming traffic on COM1 and the CMD is sending the message to COM2, which is why Putty is opened in COM1 serial.

Simple, isn't it?

Update Manager Service Crashes During A Scan Operation On An ESXi Host

Written by Suhas Savkoor

Today, I came across an issue with Update Manager while working on a support request. The environment, comprised of two vCenter in linked mode and each of them having their own Update Manager server. The update manager was installed on a machine of their own. The second vCenter was running well and good, however, on the first vCenter there was an issue with the "Scan" operation.

Whenever a baseline was attached to any of the hosts under this vCenter, and a scan operation was performed, the progress would go to 10 percent, stop there for few minutes and then the vSphere Update Manager service used to stop and crash causing the VUM to lose connectivity with the vCenter.

Upon on reviewing the logs for the failure, vmware-vum-server-log4cpp.log, I noticed the following:

Error accessing stagepath C:/ProgramData/VMware/VMware Update Manager/Data/host_upgrade_packages/esxi-upgrade-ryvdmfvtoz type 1 error 0/The operation completed

This means that the patch store and the DB are not in-sync

When I browse C:\ProgramData\VMware\VMware Update Manager\Data, I do not see the host_upgrade_packages folder, and the scan is failing because it is unable to find this folder.
The install directory may vary depending on your installation settings.

What can be done?

1. If you have your old update manager (Rarely happens), then you can copy paste this folder into this directory and the scan will work good!

If not, then we will have to re-initialize the update manager database.
**Re-initializing the database will clear out the database for update manager, which means, if you had any custom baselines and patches downloaded, they will be lost**

Steps to Re-initialize the VUM database:

1. First Login to SQL management studio hosting this update manager database. Expand Database > Right click the VUM database > All Tasks > Backup. Back this database to a disk.
2. Stop the Update Manager service from services.msc
3. Open a command prompt in elevated permission mode (Administrative mode) change the drive to the VUM installed disk drive and run the below command:

cd "C:\Program Files (x86)\VMware\Infrastructure\Update Manager\" 

4. Then run the below command to re-initialize the database:

vciInstallUtils.exe -O dbcreate -C . -L . 

(Both . should be used)

5. Once command has executed restart the Update Manager service.
6. Login to vCenter > Select ESXi host > Update Manager > Admin View
7. Under Configuration tab select Download Settings and download the patches again. If you want to add your custom baselines, then you can go ahead and do so
8. Go back to Compliance View and Attach and Scan, and this time the operation should succeed!