Leave a reply

Troubleshooting VM with nVidia GPU

So I was troubleshooting a VM that had a nVidia GPU. The issue with the VM was that it was not reachable, multiple reboots yielded the same results. To troubleshoot, I needed to get into the VM, so I powered it off, and removed the GPU in the VM’s settings, saved it, and powered it back on. Got into Windows and saw that the Windows Firewall was not running, but was set to automatic. As soon as I started the service, I was able to ping the VM.

So I reversed what I did, added the card back in, saved, powered on, but nothing. Removed the GPU again, logged in and saw that the service was running. Very odd what was happening.

Ran into a post that suggested going into low resolution mode. To get into low resolution mode, reboot the VM, press F8 and select “Enable low resolution mode – 640×480”. Once I got back into the VM using the remote console, I did see that the Window Firewall service was not running. Once I started it I was able to ping the VM. Rebooted the VM, and was able to ping it all the way through to the desktop coming up.

Bit of pain trying to sort out this issue. But going into low resolution mode, saves a few steps in troubleshooting.

Leave a reply

No Sound on Windows 10

If you’re still running vSphere 6.0 like I am, Windows 10 VMs will not have any sound. To fix this, you’ll need to edit the vmx file and add the following lines:

sound.allowGuestConnectionControl = "true"
sound.autoDetect = "true"
sound.virtualDev = "hdaudio"
sound.present = "TRUE"
sound.fileName = "-1"

Once added, you sounded should be working.

FYI, this works for Server 2019 as well.

Given the above, should really upgrade to 6.5 or 6.7 as 6.0 will be EOL on March 12, 2020

Leave a reply

Removing vmnic from vDS from esxi host

Early this morning, I had to reboot my vCenter, as there were some issues with it where I had to reboot it. However, after it came back up it was no longer reachable. Rebooted a second time and still got the same results. So I connected to the host client, and disconnected the network.

Big mistake….

Didn’t realize that when a VM is on a vDS, you can’t connect the VM back to the network. And without any standard switches, I was in a bind. After some searching, I found that I could reconfigure the vDS on the host that the vCenter resides on. This pretty much entailed removing a vmnic from the vDS and then reattaching it to a vSwitch. Below are the commands that I used to do this.

To get a list and note down the port ID and switch name

esxcli network vswitch dvs vmware list

This removes the vmnic from the vDS\vSwitch

esxcfg-vswitch -Q vmnicXX -V <port_id> <name_of_vswitch>

Now, if haven’t create a standard vSwitch, and add the vmnic to the vSwitch

esxcli network vswitch standard uplink add --uplink-name=vmnicXX --vswitch-name=<name_of_vSwitch>

Now, modify the VM to connect to vSwitch and now you should be back up and running. Now, you can revert those changes back if you need to.

In my case, I may redesign my virtual network to have a my VCSA on a vSwitch rather than distributed, just in case this happens again.

Leave a reply

Finally Migrated to 6.5U3

So in my last post, I was struggling with updating VCSA 6.0 to VCSA 6.5U3. I opened up an SR, and the initial call had me to restore the Machine SSL to use the VMCA. Feeling confident that would work, the tech ended the call mid way through the update.

Two days later, after examining logs, and looking. through the certificate store, I noticed that there were 2 certs had aliases of my cert servers. Before I removed those two certs, I stood up a new 6.0 VCSA just to see if it would update to 6.5. I imported the cert chain, created a custom machine ssl and it updated without out issue.

Back to the original VCSA, I removed the 2 certs and added the cert chain. After the VCSA saw the 2 certs, I proceeded with the update.

Happy to say after about 3 days, my vCenter is now on 6.5U3.

If you happen to get failing to start vpxd when updating, check the following logs in


Leave a reply

FAIL: VCSA 6.0U3 upgrade to 6.5U3

So I’ve been fighting an VCSA upgrade from 6.0U3 to 6.5U3. Everything goes smoothly until trying to start vCenter services. After about 5 minutes, I get an error “An error occurred while starting service ‘vpxd'”

Digging into the logs I keep seeing the following errors:

PeerThumbprint: <removed thumbprint>
--> ExpectedThumbprint:
--> ExpectedPeerName: localhost
--> The remote host certificate has these problems:
--> * Host name does not match the subject name(s) in certificate.)
--> [context]zKq7AVECAAAAAH6z1gANdnB4ZAAAoPMqbGlidm1hY29yZS5zbwAAiCAbAC6ZGABeMyIAKWQiANs3IgCTPCIA+ZQjADFiIwD6ZCMAXUkrAdRzAGxpYnB0aHJlYWQuc28uMAACvY4ObGliYy5zby42AA==[/context]
2019-10-15T14:24:29.590Z error vpxd[19950] [Originator@6876 sub=AuthzStorageProvider] [AuthzStorageProvider::CreateAuthzMgr] Failed to connect to IS: <N5Vmomi5Fault17HostCommunication9ExceptionE(Fault cause: vmodl.fault.HostCommunication

I’ve reset all certs, regenerated new ones, and I still get the above. I have an open call with VMware support, so I’ll see what they say.

Leave a reply

Checking ESXi NTP

So i just happen to check the time on one of my ESXi hosts, and noticed that the time was way off, by like hours. I checked the NTP service on the host, and it was not running. So updated and stated to check the other hosts. However, I didn’t feel like logging into each one. So I found a few one liners that helped me check all the hosts in my environment, and updated where necessary.

First, connect to the appropriate vcenter
then run the following to get the time and service status on all hosts on that vCenter

Get-VMHost | Sort-Object Name |  Select Name, @{N=";NTPServer";;E={$_ |Get-VMHostNtpServer}}, Timezone, @{N=";CurrentTime";;E={(Get-View $_.ExtensionData.ConfigManager.DateTimeSystem) | Foreach {$_.QueryDateTime().ToLocalTime()}}}, @{N=";ServiceRunning";;E={(Get-VmHostService -VMHost $_ | Where-Object {$_.key -eq "ntpd";}).Running}} ` | Format-Table -AutoSize 

If you need to update your ntp server
First, remove the old NTP Server

Remove-VMHostNTPSserver -NTPServer <NTP Server> -vmhost (Get-VMHost) -confirm

Second, add the new one

Get-VMHost | Add-VMHostNtpServer -NtpServer

If you need start and stop the NTP Service and set to automatic

Get-VMHost| Get-VMHostService| Where-Object{$_.key -eq"ntpd"} | Start-VMHostServiceGet-VMHost

Get-VMHostService| Where-Object{$_.key -eq"ntpd"} | Set-VMHostService-policy "automatic"

That should get the host back on the same time

On a side note, I did this all with PowerShell Core on Ubuntu, with the VMWare Core powershell modules loaded. I noticed, that if you use Sort, rather than Sort-Object pwsh does not recognize it.

Leave a reply

Certificates for vCenter and HTML 5 Appliance – Part 1

So I pretty much lost a day and half trying to sort out certificates for one of my vCenter clusters.  I’ve read through many VMware KB’s different blogs and articles on how to have a valid certificate for my vCenter servers, but didn’t quite find a definitive one.  So I’m hoping that what I did early in the week will be helpful.  It will also serve as a reminder for me on how I did this.

As of March 7, 2019 I am running VCSA 6.0 Build 9291058, I also have Microsoft CA to generate and issue certificates.

From the VCSA, I logged in as root and ran the following command


This will bring up the vSphere 6.0 Certificate Manager


Select Option 1 to replace machine ssl certificate with custom certificate.

Follow the prompts to enter credentials for the SSO and vCenter server.

After a successful login, select option 1 to generate certificate signing request(s) and key(s) for machine SSL certificate


You’ll then be prompted for a location to save the CSR(s) and Private Key(s).  Enter a desired location and select whether or not to reconfigure certool.cfg.  If you already have one configured, you can select no, to save some time.  Otherwise select Y and enter the appropriate values.


After the csr is generated, select Option 2 to exit the certificate manager


Next up, you’ll need to go to your Microsoft CA to request a certificate.


Open the CSR in a text editor and copy it into the field, add any attributes if neccesary:



After you submit the request, open the .cer in a text editor and copy that into a text editor on your VSCA.  Save the file with a meaningful name, ie; hostname.cer

Next, you’ll need to create a signed chained cert.

You’ll need the cer that was just created, as well as any intermediate CA certs and the root cert.

For my purposes, I exported the certs from the built-in windows certificate management console.  Selected the intemediate and root certs, and exported them. Be sure to download the cert in Base64 format


After you have all the certs, copy it to your vCenter, and then you’ll need to create a signed chained cert in this order: <generated CA cert> <intermediate cert> <root cert>

cat certnew.cer intermediateCA.cer RootCA.cer > name_of_signing_chain.cer

After creating the chained cert, run the certificate manger again


Select Option 1


Enter credentials for SSO and select Option 2 to import certs.

Provide the location of the generated cert, the private as well as the chain cert.

This will take a minute or two.  After the certs are successfully imported, you’ll valid SSL cert for you vCenter.

Leave a reply

MS Products Coming Up on End of Life

Just a n FYI that the following Microsoft products will be end of life “relatively soon”

July 9, 2019 – MS SQL Server 2008/ 2008 R2 – July 9, 2019
January 14, 2020 – MS Windows Server 2008 / 2008 R2

After these dates, extended support will end and the affected products will no longer have security or reliability patches.

You will probably be able to still run them, but I would not suggest it.

Leave a reply

PDQ and Windows Updates

Last year introduced PDQ as way to easily deploy applications to desktops. In the past, applications were either installed in the master clone, thinapp’d or manually installed by remotely connecting to the VM and installing it locally.

This is where I did a POC and proved that this was a time saver and pretty much fool proof.

In the last few months I started looking at using PDQ to install Windows patches. Preliminary tests showed that it worked well. I did look at WSUS, but was limited in terms of scheduling, and without using something like SCCM or SCOM, it would be very hard to manage. I also did not want to put up infrastructure just for patching.

PDQ pushes out Windows patches just like any other application, connects to the target, installs, and reboots, if you choose to. DONE.

However, there was no easy way to snapshot the VM. I came up with a PowerCLI script attached as a Pre-Step, however, I soon discovered that the PowerCLI script also ran on the target computer, and not on the source. One solution presented was installing PowerCLI on all server VMs. Tossed that idea out quickly as I didn’t want to install PowerCLI on all VMs, and with how the script worked, a snapshots of all VMs would occur on all VMs. So if I had 10 VMs in the script, the script would run on all 10 VMs, give me 100 snaps in total.

After some brainstorming, I decided to have the script run as scheduled task. If I had the patching occur at 2AM, I could have the script run at 1:58AM. Early testing showed that this worked just as expected. BINGO!

Only thing I need to make sure of, is to update the server list, so the VMs scheduled for patching gets snapped.

So essentially, have a scheduled task run the script 2 minutes before patch time, and then have the patch schedule run.

Hope this helps other people facing the same or similar problem

Leave a reply


The other day, I was asked how to change the NTP Server on a Windows Server 2008 R2 VM.  I responded with a dumbfounded look, and replied with, “You don’t, the Server talks back with an AD server that with PDC Emulator role and syncs with that server…”  Of course, my storage guy only asked me because his Unisphere VM was almost 2 minutes off.  So naturally I took a look and discovered, that it was not syncing at all. 

Query the current time settings always pointed back to

Local CMOS Clock

which is not a good thing.

Further investigation showed that the registry settings for W32time was incorrectly modified.

So after much Googling, I ended up resetting the Windows Time:

net stop w32time
W32tm /unregister
w32tm /register
net start w32time

Then for good measure, I configured Windows Time is use the forest time hierarchy:

w32tm /config /syncfromflags:domhier /update /reliable:no
w32tm /resync /rediscover
net stop w32time && net start w32time

After a few minutes, the Windows Time was now sync’d up with the AD Server.

%d bloggers like this: