Tuesday, 15 March 2016

Client Integration Plugin 6.0 Not Working With IE 11 / Chrome 45 and above

Suhas Savkoor March 15, 2016 Home, Troubleshooting No comments

Written by Suhas Savkoor

There are always issues regarding Client Integration Plugin not working as expected is logged with VMware. At least, I handle one on a weekly basis.

The main thing what happens here is, you download and install CIP from the download option you see at the bottom when you open a Web Client session. Once the installation wizard starts, you close out all the browser sessions and complete the install. After the installation, you open up a browser and you still see the download CIP message and the Use Windows Session Credentials is grayed out, always!

There are couple of steps that we take into account before we proceed with the troubleshooting. Go through and validate all the steps. (If I find any more workarounds, I will update this article)

Since, CIP is based on each workstation where web client is accessed from, this has to be checked on each of the machines

1. If there is UAC enabled on the Windows machine from where you are accessing web client, disable it

2. Check if the below entry is there in host file on the same machine.

127.0.0.1 vmware-localhost

::1 vmware-localhost

3. Open the task manager, if you find vmware-csd.exe, kill this process and continue with Step 4

4. Uninstall Client Integration Plugin from Control Panel.

5. Re-install by using the download link from this KB article here

Once the plugin is reinstalled, follow the below steps:

1. On the required browser, clear the cache/cookies

2. In Chrome / IE 11 add the https://vcenter_FQDN:9443 (Web Client URL) in the trusted site list.

3. Refresh the browser and open web client again.

If the Client integration plugin still does not work, then:

1. In IE 11 change the trusted site exception to Local Intranet (For the same vCenter FQDN)

2. In Chrome add the exception to the Plugin as well (All options are in settings and advanced settings of chrome)

3. Refresh the browser and load the web client again

If it still fails, then implement the above 2 sections (adding exception and clearing browser cache) with vCenter IP as well along with FQDN.

Even after all this, if it still fails, please contact VMware Support, and maybe me or someone else will get to further troubleshooting.

Cheers!

Friday, 11 March 2016

Changing Logging Location For vCenter 6.0

Suhas Savkoor March 11, 2016 Home, How To No comments

Written by Suhas Savkoor

By default your vCenter 6.0 logs are in the install directory.

C:\ProgramData\VMware\vCenterServer\logs\vmware-vpx

Now, if you do not want to have this location for logging, but a custom location, then you will have to make a few changes.

Perform the below steps:

1. Navigate to the below directory:

C:\ProgramData\VMware\vCenterServer\cfg\vmware-vpx

2. Make a copy of the vpxd.cfg file so that you can quickly restore if something goes wrong.
3. Stop VMware Virtual Center service from services.msc
4. Open the vpxd.cfg file using a notepad/wordpad

5. There are two "<log> </log>" tags that are available. Add the below line between <log> and </log> [<log> represents the start of the xml code of log function and </log> determines the end]

<directory>[Directory:\Name\configured]</directory>

**Make sure that this is added under both <log></log> tags**

6.Save the vpxd.cfg file
7. Start the VMware Virtual Center service.

Your new logging will take place in the custom directory that was defined.

Wednesday, 2 March 2016

Customize Web Client Login Page

Suhas Savkoor March 02, 2016 Home, How To No comments

Written by Suhas Savkoor

Bored of the same blue screen login for vSphere Web Client? Well, don't be bored any more. If you are running 6.0 VMware, then there's a bunch of good news. You can have your own welcome screen for Web Client. Yes, you heard me right!

Web Client login page for 6.0, is designed using HTML and CSS, and when you have this, you can tweak around a little to customize your own page. With the help of William Lam's article, I was able to tweak my Web Client Appearance.

This is how it looks now!

So, here is the bigger story of how to get this done:

>> The first thing is, you need to be on 6.x vCenter, this is not going to work with any other versions of vCenter.
>> There are three files to be altered: the img file, the login.css file and the unpentry.jsp file

Location of these files:

Windows vCenter:

C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\websso\WEB-INF\views\unpentry.jsp
C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\websso\resources\css\login.css
C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\webapps\websso\resources\img

VCSA 6.0

/usr/lib/vmware-sso/vmware-sts/webapps/websso/WEB-INF/views/unpentry.jsp
/usr/lib/vmware-sso/vmware-sts/webapps/websso/resources/css/login.css
/usr/lib/vmware-sso/vmware-sts/webapps/websso/resources/img

>> This has to be modified on the machine where your Platform Services Controller is installed. If it is an embedded installation, then you can find it all in one machine. If it is an external PSC deployment, then all these file locations are on the PSC machine.

>> I am using a 6.0 vCenter Appliance with External PSC, so I used WinSCP to transfer files from my desktop to the appliance.

>> If you are using appliance with WinSCP, then you need to set the bash shell to be opened as default. To do this, you can use this article here

**Have a backup of all these three above files before you make any changes**

The procedure:

>> Download a required image and save it as "AppBgPattern.png" (PNG format), as this naming convention would eliminate editing certain lines in the CSS/JSP file.

>> Login to WinSCP and browse to the "img" directory as mentioned above and paste this copied image

This takes care of the background image for the Web Client.

Now, you will have to edit the unpentry.jsp file to reflect the text message.

>> Once the backup of unpentry.jsp file is made from it's location, open the file and copy paste the below text into it:

<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>

<%@ page session="false" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"

"http://www.w3.org/TR/html4/strict.dtd">

<!--[if lte IE 8]>

<![endif]-->

<head>

<title>Login</title>

// copying JSP variables to JS

var tenant_brandname="${tenant_brandname}";

var searchString ="${searchstring}";

var replaceString ='${replacestring}';

var error = '${error}';

var errorSSPI = '${errorSSPI}'

</script>

</head>

<body>

// regex to check for internet explorer 11 and below

var isInternetExplorer = /MSIE (\d+\.\d+);/.test(navigator.userAgent) || /Trident\/(\d+\.\d+);.*rv:(\d+\.\d+)/.test(navigator.userAgent);

if (!isVCLogin()) {

document.write('<link rel="stylesheet" type="text/css" href="../../resources/css/login_generic.css">');

}

else {

document.write('<link rel="stylesheet" type="text/css" href="../../resources/css/login.css">');

}

</script>

//createProbes();

//createVmrcPluginObject();

//var _cspId = createCspPluginObject();

if (isVCLogin()) {

//document.write("<img id=\"topSplash\" src=\"../../resources/img/AppBgPattern.png\"/>");

document.write("<img id=\"brand\" src=\"../../resources/img/vmwareLogoBigger.png\" />");

}

else {

document.write("<p id=\"tenantBrand\">"+tenant_brandname+"</p>");

}

</script>

<span class="loginLabel">${username}:</span>

</p>

<span class="loginLabel">${password}:</span>

</p>

<label id="checkboxLabel"><input id="sspiCheckbox" disabled="true" type="checkbox" onchange='enableSspi(this);'/>${winSession}</label>

</p>

</p>

</div>

Welcome To South Park</br></br>

if (isVCLogin()) {

document.write("<img id=\"VCSSO-Title\" src=\"../../resources/img/VCSSO-title.png\" />");

}

</script>

</br></br>

</div>

<a id="downloadCIPlink" target="_blank">${downloadCIP}</a>

</span>

</div>

<span class="validation-message-text">${unsupportedBrowserWarning}</span>

</div>

if (isVCLogin() && !isBrowserSupportedVC()) {

$(".browser-validation-banner").css("visibility","visible");

}

</script>

</body>

</html>

The text highlighted in "Red" can be edited to display the required message.

>> Save this file

Next, we will have to edit the CSS file to apply colors and font size to this field or any other field as per requirement:

>> Go to the directory where the CSS file is and simply paste the below code:

@charset "utf-8";

/* CSS Document Login.css */

.base-app-style {

min-width: 1024px;

min-height: 612px;

position: relative;

height: 100%;

width: 100%;

}

body {

background: #3075ab; /* Old browsers */

background: -moz-linear-gradient(top, #3a8dc8 0%, #183a62 100%); /* FF3.6+ */

background: -webkit-gradient(linear, left top, left bottom, color-stop(0%,#3a8dc8), color-stop(100%,#183a62)); /* Chrome,Safari4+ */

background: -webkit-linear-gradient(top, #3a8dc8 0%,#183a62 100%); /* Chrome10+,Safari5.1+ */

background: -o-linear-gradient(top, #3a8dc8 0%,#183a62 100%); /* Opera 11.10+ */

background: -ms-linear-gradient(top, #3a8dc8 0%,#183a62 100%); /* IE10+ */

background: linear-gradient(to bottom, #3a8dc8 0%,#183a62 100%); /* W3C */

filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#3a8dc8', endColorstr='#183a62',GradientType=0 ); /* IE6-9 */

background-image: url(../../resources/img/AppBgPattern.png);

background-repeat:no-repeat;

margin: 0;

font-size:12px;

font-family:Arial, Helvetica, sans-serif;

color: #87ceff;

}

.browser-validation-banner {

padding: 6px 12px 6px 10px;

margin: 0px;

position: absolute;

line-height: 20px;

top: 0px;

left: 0px;

right: 0px;

z-index: 100;

background-color: #ffffcc;

border: 1px solid #efe69b;

border-top-style: none;

border-radius: 0 0 5px 5px;

color: #333333;

box-shadow: 0 3px 3px rgba(0, 0, 0, 0.15);

}

.validation-message-text {

margin-left: 25px;

display: block;

font-weight: bold;

font-size: 11px;

}

#topSplash {

position: absolute;

top:0;

left:0;

z-index:1;

}

#brand {

position: absolute;

top: 55px;

left: 120px;

z-index:2;

}

#loginForm {

position: absolute;

top: 320px;

width: 405px;

padding-left: 44px;

z-index:3;

background-image:url(../img/divider.png);

background-position:right;

background-repeat:repeat-y;

}

.margeTextInput {

float:right;

margin-right: 44px;

width:200px;

}

.loginLabel {

font-weight:bold;

color: #FFFFFF;

text-align:left;

display:block;

padding-top:4px;

float:left;

}

.loginRow {

display:block;

padding-top:20px;

}

#sessionID {

clear:both;

float:right;

width:248px;

text-align:left;

margin-top:8px;

}

#checkboxLabel {

display: block;

padding-left: 20px;

text-indent: -20px;

}

#sspiCheckbox {

width: 13px;

height: 13px;

padding: 0;

margin:0;

margin-right:10px;

vertical-align: bottom;

position: relative;

top: -1px;

left: 5px;

*overflow: hidden;

}

#loginButtonRow {

clear: both;

float:right;

margin-right:40px;

margin-top:0px;

}

.button {

display: inline-block;

zoom: 1; /* zoom and *display = ie7 hack for display:inline-block */

*display: inline;

vertical-align: baseline;

margin: 0 2px;

outline: none;

cursor: pointer;

text-align: center;

text-decoration: none;

padding: 0px 30px;

height:24px;

font-size:12px;

}

.button:hover {

text-decoration: none;

}

.button:active {

position: relative;

top: 1px;

}

.blue {

color: #fff;

border: solid 2px #1d4772;

background: #0095cd;

background: -webkit-gradient(linear, left top, left bottom, from(#0c6fb9), to(#014781));

background: -moz-linear-gradient(top, #0c6fb9, #014781);

filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#0c6fb9', endColorstr='#014781');

}

.blue:hover {

background: #007ead;

background: -webkit-gradient(linear, left top, left bottom, from(#0d84dc), to(#004d88));

background: -moz-linear-gradient(top, #0d84dc, #004d88);

filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#0d84dc', endColorstr='#004d88');

}

.blue:active {

color: #fff;

background: -webkit-gradient(linear, left top, left bottom, from(#035a9d), to(#086fba));

background: -moz-linear-gradient(top, #035a9d, #086fba);

filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#035a9d', endColorstr='#086fba');

}

#username:disabled,

#password:disabled,

#submit:disabled,

#sspiCheckbox:disabled {

opacity:0.3;

filter:alpha(opacity=30); /* For IE8 and earlier */

}

#productName {

position: absolute;

top: 345px;

left:499px;

color:#F88017;

font-size:23px;

}

#response {

background:url(../../resources/img/error.png) left center no-repeat;

margin-top: 20px;

font-size: 12.5px;

padding-left: 20px;

color: #87CEFF;

}

#rolo {

font-weight: bold;

margin-top: 20px;

font-size: 16px;

padding-left: 10px;

color: #FF3333;

}

#progressBar {

display: none;

}

.footer {

background-color: black;

position: absolute;

left: 0px;

right: 0px;

bottom: 0px;

font-weight: bold;

padding: 10px;

color: #7B7E81;

padding-left: 44px

}

.footer a {

color : #7B7E81;

text-decoration: none;

}

.footer a:hover{

text-decoration: underline;

}

.info-icon {

display: inline-block;

width: 16px;

height: 16px;

line-height: 16px;

vertical-align: middle;

background-repeat: no-repeat;

margin: 0px 4px 0;

position: relative;

background-image: url(../../resources/img/infoOver.png);

cursor: pointer;

}

The text highlighted in red, is the part to Edit the Product area text. if you want to change the colors of the remaining sections, find the appropriate ones in the CSS file and change them.

>> Save this file as well.

>> Reload your Web Client

And that's it, you have your own custom Web Client Login Page.

You can find more samples on GitHub, click here

Enjoy!

WinSCP with a 6.x vCenter Appliance

Suhas Savkoor March 02, 2016 Home No comments

Written by Suhas Savkoor

With 6.x you have two shells. Appliance shell and the bash shell. When you take a SSH session to the appliance, you will enter the appliance shell and you will have to enable the bash shell manually by running two commands that is displayed during the session.

Now, with this setup, if you try to use the WinSCP then the login will fail, as it will not be able to open the bash shell.
So here, we need to set the appliance to open with bash shell as default. To do this, login to the appliance with bash shell access and run the below command:

# chsh -s "/bin/bash" root

You will see the output

Changing login shell for root.
Shell changed.

Now you can WinSCP into your appliance machine.

Monday, 22 February 2016

vCenter Appliance upgrade to 6.0 fails with "Internal error occurs during VMware vCenter Server Database pre-upgrade checks"

Suhas Savkoor February 22, 2016 Troubleshooting No comments

Written by Suhas Savkoor

Today while upgrading vCenter appliance from 5.1 U3 to 6.0, it failed with the error:

Error: Internal error occurs during VMware vCenter Server Database pre-upgrade checks

Upon checking the log file, CollectRequirements_com.vmware.vcdb_date.log file, this is what I came across:

2016-02-20T19:37:44.353Z INFO vcdb Retrieving DB type...
2016-02-20T19:37:44.353Z INFO vcdb DB type retrieved: PostgreSQL
2016-02-20T19:37:44.366Z INFO vcdb Retrieving DB user...
2016-02-20T19:37:44.395Z INFO vcdb DB user retrieved: vc
2016-02-20T19:37:44.407Z INFO vcdb Retrieving DB password...
2016-02-20T19:37:44.433Z INFO vcdb DB password retrieved: ****
2016-02-20T19:37:44.456Z INFO vcdb Validating source embedded schema...
2016-02-20T19:38:00.481Z INFO vcdb Souce embedded schema validation completed.
2016-02-20T19:38:00.498Z WARNING transport.local BAD REQUEST: Cannot execute ['/opt/vmware/vpostgres/1.0/bin/psql', '-U', 'postgres', '-d', 'VCDB', '-t', '-c', "\n SELECT ceil(sum(pg_relation_size(C.oid)) / (1024*1024)) as disk_size\n FROM pg_class C\n LEFT JOIN pg_namespace N\n ON N.oid = C.relnamespace\n WHERE nspname IN ('vc', 'vpx') and relkind in ('r', 't')\n \n AND relname NOT LIKE 'vpx_hist_stat%'\n AND relname NOT LIKE 'vpx_sample_time%'\n AND relname NOT LIKE 'vpx_event%'\n AND relname NOT LIKE 'vpx_task%'\n AND relname NOT LIKE 'vpx_property_bulletin%'\n "]. Error: [Errno 2] No such file or directory
2016-02-20T19:38:00.498Z ERROR __main__ Upgrade Phase 'vcdb:CollectRequirements' failed. Exception: Traceback (most recent call last): File "/var/tmp/vmware-upgrade-requirements/cis-upgrade-runner/payload/componentPhaseLauncher.py", line 379, in main executionResult = systemExtension(exeContext)

The reference it makes to while saying, Cannot execute is /opt/vmware/vpostgres/1.0/bin/psql

Now, when you run:

ls -l /opt/vmware/vpostgres/1.0/

You see:
total 8
drwxr-xr-x 2 root root 4096 Jan 4 2016 lib
drwxr-xr-x 5 root root 4096 Jan 4 2016 shar

There is no directory called bin under 1.0

When you run:

ls -l /opt/vmware/vpostgres/

You see:
drwxr-xr-x 4 root root 4096 Jan 4 2016 1.0
drwxr-xr-x 7 root root 4096 Jan 4 2016 9.0
lrwxrwxrwx 1 root root 3 Jan 4 2016 current -> 9.0

So, the execution python script is calling a wrong path causing a failure in the upgrade. VMware should fix this call in their python script.

You can address this by creating a symbolic link to the correct path by running the below command:

"ln -s /opt/vmware/vpostgres/current/bin /opt/vmware/vpostgres/1.0/bin"

Run the upgrade again and this time there should be no issues.

Cheers!

Wednesday, 17 February 2016

Safely Remove Hardware For Virtual Machine?

Suhas Savkoor February 17, 2016 Home No comments

Written by Suhas Savkoor

When you have a hard disk given to a virtual machine with a SCSI controller, or a Network Interface Card provided to it, and when you login to this virtual machine, you will see our old friend, "Safely Remove Hardware" When you click this, your SCSI controller, your network card, and USB if mounted, will be displayed. Now, if you click the remove button by some mistake, the respective device will be unmounted and removed from the virtual machine. Too bad of a scenario eh? Well, not to worry, virtual machine advanced settings will always come to the rescue.

1. Power OFF the virtual machine on which you want to disable the Safely Remove Hardware option.

2. Right click the machine and click Edit Settings

3. Click Options, select General and click Configuration Parameters.

4. Click Add Row and under Name: devices.hotplug Under Value: false

5. Click OK.

Now power ON the virtual machine and this time the safely remove hardware option is no longer present. There was one more question that was asked:

"If I have CPU and memory hot-add option enabled will this parameter affect that operation? Also will I have issues adding disk and network card to the virtual machine once this parameter is set?"

The answer is, No. The add devices, and CPU/Memory hot-add (if enabled) will not be affected by this parameter.

So, unplug those at your will. Life is too short for safely remove hardware!

Cheers!

Tuesday, 16 February 2016

Certificate Status Alarm Triggered After Upgrading vCenter To 6.0

Suhas Savkoor February 16, 2016 Troubleshooting No comments

Written by Suhas Savkoor

So, recently I have received a handful of cases, where the certificate status alarm is triggered, when the existing 5.x environment is upgraded to 6.x. You can acknowledge and clear out the alarm, however after certain days, this alert is triggered back. When this alert is triggered, the vCenter health service enters a warning state.

When you login to Web Client, click the certificate in the address bar and view certificate information, then you will notice that the there is quite some time for the certificate to expire.

However, when checking the the vpxd logs for the vCenter:

vCenter Server vpxd log location:

C:\Program Data\VMware\vCenter Server\logs\vmware-vpx

You will see the below logging:

2015-07-17T09:05:18.767+02:00 warning vpxd[05124] [Originator@6876 sub=Main opID=CheckCertificateExpiry-312b91e5] [Vpxd::VecsUtil::CheckCertificatesFromStore] Certificate [Subject: CN=SMS-120924141331507,O=VMware] from store SMS will expire on 2014-09-24 12:13:31.000. 


2015-07-17T09:48:15.592+02:00 warning vpxd[03620] [Originator@6876 sub=[SSO][GroupcheckAdapter] opID=7413e525] [FindAllParentGroups] Maybe SSO Groupcheck is expired, trying to re-login. Exception: class Sso::Fault::NotAuthenticated::Exception(sso.fault.NotAuthenticated)

Here the Storage Monitoring Service (SMS) 5.5 certificate is still in the VECS (VMware Endpoint Certificate Store) and has expired. This certificate is no longer used in version vCenter Server 6.0.

How to remove it?

1. Login to the vCenter machine and open a command prompt in Administrative mode
2. Change the directory to:

cd "C:\Program Files\VMware\vCenter Server\vmafdd"

3. Run the below command to display the cert for SMS service.

vecs-cli entry list --store SMS --text | more

The output is something like below:

Alias : sms_self_signed
Entry type : Private Key
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:37:e2:a8:83:a9
Signature Algorithm: sha1WithRSAEncryption
Issuer: O=VMware, CN=SMS-120612174523625
Validity
Not Before: Jun 12 21:45:23 2011 GMT
Not After : Jun 12 21:45:23 2014 GMT
Subject: O=VMware, CN=SMS-120612174523625
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:d0:f9:5b:15:83:cc:5e:d9:cd:f1:05:1d:1b:54:
24:da:93:0f:2e:cb:d6:98:55:68:a3:ec:80:dc:1a:
0a:3a:c8:a0:96:bf:70:61:5a:50:3a:c1:a2:b8:6c:
4a:69:90:9f:eb:2c:ae:8c:6f:a7:63:c0:8d:60:a7:
41:85:04:23:67:5a:b8:50:d4:60:36:3f:a6:85:08:
56:ba:2c:be:38:ea:be:a1:49:0b:c5:7e:cd:4f:19:

Here the alias is: sms_self_signed

4. Make a note of the cert alias and run the below command to remove the cert:

vecs-cli entry delete --store SMS --alias <certificate_alias>

5. Restart the Web Client service. If there is an alert triggered prior to this procedure, clear it and monitor your environment if the alert re-appears.

99.99 percent, you are in the green zone sergeant!!

virtuallyPeculiar

Tuesday, 15 March 2016

Client Integration Plugin 6.0 Not Working With IE 11 / Chrome 45 and above

Written by Suhas Savkoor

Friday, 11 March 2016

Changing Logging Location For vCenter 6.0

Written by Suhas Savkoor

Wednesday, 2 March 2016

Customize Web Client Login Page

Written by Suhas Savkoor

WinSCP with a 6.x vCenter Appliance

Written by Suhas Savkoor

Monday, 22 February 2016

vCenter Appliance upgrade to 6.0 fails with "Internal error occurs during VMware vCenter Server Database pre-upgrade checks"

Written by Suhas Savkoor

Wednesday, 17 February 2016

Safely Remove Hardware For Virtual Machine?

Written by Suhas Savkoor

Tuesday, 16 February 2016

Certificate Status Alarm Triggered After Upgrading vCenter To 6.0

Written by Suhas Savkoor

Total Pageviews

Blog Archive

Certified

Popular Posts