Installing vCenter Appliance 6.0 With External PSC

Written by Suhas Savkoor

Previously, we had seen how to install Appliance 6.0 with embedded PSC. In this article, we will deploy an appliance 6.0 with external PSC. Where the platform service controller resides as one virtual machine and the vCenter node resides as another virtual machine.

Pre-requisites:

• As always, ensure the DNS entry is set up for the virtual machines in forward and reverse lookup zones. 
• There will be two virtual machines deployed, one for PSC and the other one for vCenter node. They both have their own IP address and own FQDN, and the forward and reverse lookup must be configured for each one of them prior to proceeding with the deployment. 
• A windows machine that acts as a mount point for the ISO.

Deploying Platform Services Controller:

Step 1:

Mount the vCenter 6.0 appliance ISO on a Windows machine and install the client integration plugin from the " vcsa "  folder.

Once the client integration plugin is installed go to root directory of the ISO and open the vcsa-setup.html file (preferably using IE/Firefox) You will come across the below screen.

Click the Install option to begin the setup wizard.

Step 2:

Accept the EULA terms and conditions and proceed Next

Step 3:

• Provide the details of the ESXi host on which you want to deploy the PSC node. 
• FQDN or IP address of the ESXi host; root user and its password. 

Step 4:

• Give a short name to this appliance, this name can be anything. However, I prefer to keep this name same as the short name that I added in the DNS record. 
• Provide a new password for the root user of the appliance.

Step 5:

• You will come across the deployment type screen. Since this is an external deployment, we will go with the second part. And since PSC contains the SSO, certificates, lciesing and other services, this node has to be deployed first. 
• Select Install Platform Services Controller

Step 6:

• This is the first node that we are deploying, hence select the Create a new SSO domain option.
• Enter a new password for the SSO user of the appliance.
• SSO domain name: This has to be a unique domain name. It can be anything, here I am using the "vsphere.local" as my SSO domain. The SSO user then would beadministrator@vsphere.local
• SSO site name: Any site name that is required.

*Note* If you have an existing domain in your active directory, say, xyz.com, DO NOT use this domain as your SSO domain. This will prevent you from adding users under to xyz.com domain to the vCenter for management. 

Step 7:

Select a datastore where the PSC node should reside.

Step 8:

• Fill out the Network Settings for the PSC node
• Network label: Where the appliance should reside on your vSwitch/DVswitch port-group
• IP address of the appliance and FQDN of the appliance. Again, this has to be reflected in the DNS entry.
• Subnet, gateway and DNS server entry. Enabled SSH if required at the very last.

Proceed Next and begin the installation. Once the installation is complete, you will be asked to manually start the vCenter Server install. 

Deploying vCenter Server Node:

Step 1:

Click the Install button on the web page and begin the installation again.

*Step 1 to 4 remain the same*

Step 2:

In the Deployment Type select the Install  vCenter Server option and proceed Next

Step 3:

• We need to join this vCenter to previously deployed PSC node. 
• Enter the PSC node's FQDN (Preferred than IP address)
• vCenter SSO password that was configured in the previous steps for authentication
• Leave the port at 443

Step 4:

Select the size of the appliance depending on the inventory size of your environment. 

Step 5:

Select a datastore on which the vCenter node should reside.

Step 6:

Select the type of database for vCenter. vPostgres would be an express database for the appliance unless you have an external Oracle database. SQL DB is not yet supported for appliance.

Step 7:

Enter the vCenter node's network details

Proceed Next and begin the installation. 

Once the deployment is complete, login to vCenter using Windows Client or Web Client and verify it is working good. Since I have deployed a GA version of the appliance you do not have the Web GUI management page for the appliance. This is only available from 6.0 Update 1 onward.

View ESXi Logs From The Web Page

Written by Suhas Savkoor

Short article for how to view ESXi logs from a browser than opening a Putty to the host. One method, is to use the Embedded Host Client. If not, then:

1. Open a browser
2. Enter:

https://<ESXi_IP>/host

3. When asked for credentials, enter root and the password.
4. You will see the below page for logs:

*Note: This is not a real time logging, and needs to be refereshed for any recent changes*
SSH all the way, but why not something on the side!

Connecting A ESXi 5.5 U3b Host To A vCenter With A Lower Version.

Written by Suhas Savkoor

Lately, I have been seeing more and more cases with VMware Support regarding, "Unable to connect an ESXi host to a vCenter after upgrading it to 5.5 U3b" The common error you get when you try adding this host to a vCenter is

" Cannot contact the specified host. The host may not be available on the network, a network configuration problem may exist, or the management service on this host is not responding "

This is because, with 5.5 U3b SSLv3 is disabled, however, on a vCenter that is on a version lower than 5.5 U3b has SSLv3 enabled.
To resolve this, the best method would be to upgrade your vCenter to 5.5 U3b.

If you do not want to upgrade vCenter, then you can enable SSLv3 on that upgraded ESXi host. However, this is not a best practice and is not recommended by VMware, because it defeats the purpose of the upgrade. However, if you want to, then you can proceed with the below steps:

There are two parts were you need to enable SSLv3:

A) Enabling SSLv3 for Hostd - Port 443
1. Open a SSH to this ESXi host.
2. Browse to this location using the below command:

# cd /etc/vmware/rhttpproxy

3. Backup the config file:

# cp config.xml config.xml.bak

4. Edit the file using the below command (Press i to begin edit)

# vi config.xml

Locate the <vmacore>, then locate the <ssl> Under <ssl> add the following entry:

<sslOptions>16924672</sslOptions>

5.Save the file by pressing Esc and then typing :wq!

B) Enabling SSLv3 for Port 902 (Required to connect to vCenter)
1. From the same SSH of the host, run the below command:

# esxcli system settings advanced set -o /UserVars/VMAuthdDisabledProtocols -s ""

Restart the rhhtpproxy using the below command:

# /etc/init.d/rhttpproxy restart

That's it, now you can connect this ESXi 5.5 U3b host to a lower version of vCenter. However, again, this would not be a recommended practice as this will expose the host to SSLv3 POODLE vulnerability.

Configuring Serial Port As A Loop-back COM Port For The Same Virtual Machine.

Written by Suhas Savkoor

If you have missed out on "How to configure COM ports between two virtual machines" video, here is the link to it.

In this article, we will see how to configure COM port on the same virtual machine. This is used in a scenario like; You have an application that monitors a set of readings in your environment. When the readings cross a particular threshold, then it has to generate a signal or send some information to an alerting system using a COM port.

Now, in Windows, when you go to device manager and expand the Ports option, you can see that there are two COM ports; COM1 and COM2. These are always there irrespective of whether you have configured serial port or not for that specific virtual machine.

Configuring serial port for the same machine:

1. Power OFF the virtual machine for which you are trying to configure this COM port.
2. Go to Edit Settings and Click Add. Here select Serial Port and click Next. 
3. Select Output to named pipe and click Next
4. The pipe name should be of the format: \\.\pipe\<pipe_name>
5. Near End: Server; Far End: A process
6. Create another COM port for this same virtual machine. Click Add. Select Serial Port and Output to named pipe option again.
7. Here the pipe name should be the same as the one with first serial port.
8. Configuration for second serial port; Near End: Client; Far End: A process
9. Click OK

Testing COM port setup:

1. Power ON the virtual machine and open CMD in administrative mode, and open Putty to COM1 in serial.
2. Type the following command in CMD:

echo text > COM2

3. In the Putty you can see the message "text" being echoed.
4. The Putty is on COM2 and CMD on COM1. Hence the Putty is listening for incoming traffic on COM1 and the CMD is sending the message to COM2, which is why Putty is opened in COM1 serial.

Simple, isn't it?

Update Manager Service Crashes During A Scan Operation On An ESXi Host

Written by Suhas Savkoor

Today, I came across an issue with Update Manager while working on a support request. The environment, comprised of two vCenter in linked mode and each of them having their own Update Manager server. The update manager was installed on a machine of their own. The second vCenter was running well and good, however, on the first vCenter there was an issue with the "Scan" operation.

Whenever a baseline was attached to any of the hosts under this vCenter, and a scan operation was performed, the progress would go to 10 percent, stop there for few minutes and then the vSphere Update Manager service used to stop and crash causing the VUM to lose connectivity with the vCenter.

Upon on reviewing the logs for the failure, vmware-vum-server-log4cpp.log, I noticed the following:

Error accessing stagepath C:/ProgramData/VMware/VMware Update Manager/Data/host_upgrade_packages/esxi-upgrade-ryvdmfvtoz type 1 error 0/The operation completed

This means that the patch store and the DB are not in-sync

When I browse C:\ProgramData\VMware\VMware Update Manager\Data, I do not see the host_upgrade_packages folder, and the scan is failing because it is unable to find this folder.
The install directory may vary depending on your installation settings.

What can be done?

1. If you have your old update manager (Rarely happens), then you can copy paste this folder into this directory and the scan will work good!

If not, then we will have to re-initialize the update manager database.
**Re-initializing the database will clear out the database for update manager, which means, if you had any custom baselines and patches downloaded, they will be lost**

Steps to Re-initialize the VUM database:

1. First Login to SQL management studio hosting this update manager database. Expand Database > Right click the VUM database > All Tasks > Backup. Back this database to a disk.
2. Stop the Update Manager service from services.msc
3. Open a command prompt in elevated permission mode (Administrative mode) change the drive to the VUM installed disk drive and run the below command:

cd "C:\Program Files (x86)\VMware\Infrastructure\Update Manager\" 

4. Then run the below command to re-initialize the database:

vciInstallUtils.exe -O dbcreate -C . -L . 

(Both . should be used)

5. Once command has executed restart the Update Manager service.
6. Login to vCenter > Select ESXi host > Update Manager > Admin View
7. Under Configuration tab select Download Settings and download the patches again. If you want to add your custom baselines, then you can go ahead and do so
8. Go back to Compliance View and Attach and Scan, and this time the operation should succeed!

"No Network Adapters Found" For Nested ESXi 6.0 Host

Written by Suhas Savkoor

While setting up a nested ESXi 6.0 host, you will come across the following error during the installation:

Now, it says no network adapter found for this virtual machine on where I am trying to install the ESXi 6.0. Funny, because during creation of the virtual machine I have specified one network card of the e1000 type.

Now, if I SSH to the actual ESXi hosting this virtual ESXi, I see that there is a network adapter "e1000" listed in the .vmx file of the virtual machine. And this virtual machine resides on the appropriate network.

Now the funny thing about this is, the virtual machine that I created for this ESXi was allocated with 2GB of RAM. The minimum memory requirement for a 6.0 ESXi host is a 4GB RAM. I did not receive a warning during the installation, which is quite weird. However, upon changing the memory to 4GB I was able to proceed with the installation successfully.

Well, there you go!

Changing The Network Adapter Type of A Virtual Machine Without Removing The NIC

Written by Suhas Savkoor

If we have a virtual machine with the NIC given to it as E1000 and we want to change this NIC to VMXNET3, then from the Edit Settings on the virtual machine we will select the Network adapter. Here you will notice that you do not have an option to change the Adapter Type.
The classic step we would follow is to login to the virtual machine and make a note of the network settings. We then, remove the Network adapter from the Edit Settings of the virtual machine. Once the NIC is removed, we will go ahead and a new NIC, and while adding a new adapter, we get the choice of choosing the adapter type. Once the adapter is added, we login back to the VM and re-populate the network settings.
This all works good, however, removing the NIC and adding a new one will change the MAC address of the device. Every network adapter will have a MAC address which will be listed under the adapter type option in the Edit Settings of the virtual machine. If an application is dependent on the MAC address, for example a VM hosting telephone IVR operation, this might break as it uses the MAC address of the device. In scenarios like this, we will have to reconfigure the application.

The other way to change the network adapter type is:

1. Power OFF the required virtual machine.
2. Take a SSH (Putty) to the host where this virtual machine resides. Change the directory to the virtual machine's directory.
3. Open the virtual machine's .vmx file using the vi editor

# vi <vm_name>.vmx

4. Locate the following line

ethernet0.virtualDev = "e1000"

Press " i " to begin edit and change the e1000 to vmxnet3 (Retain the quotes and text is case sensitive). Press Esc and type :wq! to save and exit the file.

5. Remove the virtual machine from Inventory.
6. Browse the datastore where this VM resides and right click the .vmx file and add this vmx file of the virtual machine to the inventory.
7. Go back to Edit Settings of the virtual machine, select the network adapter and you will see the updated adapter type with the same MAC address.

You just saved a MAC address!