Category: VMWare

Leave a reply

No Sound on Windows 10

If you’re still running vSphere 6.0 like I am, Windows 10 VMs will not have any sound. To fix this, you’ll need to edit the vmx file and add the following lines:

sound.allowGuestConnectionControl = "true"
sound.autoDetect = "true"
sound.virtualDev = "hdaudio"
sound.present = "TRUE"
sound.fileName = "-1"

Once added, you sounded should be working.

FYI, this works for Server 2019 as well.

Given the above, should really upgrade to 6.5 or 6.7 as 6.0 will be EOL on March 12, 2020


Leave a reply

Removing vmnic from vDS from esxi host

Early this morning, I had to reboot my vCenter, as there were some issues with it where I had to reboot it. However, after it came back up it was no longer reachable. Rebooted a second time and still got the same results. So I connected to the host client, and disconnected the network.

Big mistake….

Didn’t realize that when a VM is on a vDS, you can’t connect the VM back to the network. And without any standard switches, I was in a bind. After some searching, I found that I could reconfigure the vDS on the host that the vCenter resides on. This pretty much entailed removing a vmnic from the vDS and then reattaching it to a vSwitch. Below are the commands that I used to do this.

To get a list and note down the port ID and switch name

esxcli network vswitch dvs vmware list

This removes the vmnic from the vDS\vSwitch

esxcfg-vswitch -Q vmnicXX -V <port_id> <name_of_vswitch>

Now, if haven’t create a standard vSwitch, and add the vmnic to the vSwitch

esxcli network vswitch standard uplink add --uplink-name=vmnicXX --vswitch-name=<name_of_vSwitch>

Now, modify the VM to connect to vSwitch and now you should be back up and running. Now, you can revert those changes back if you need to.

In my case, I may redesign my virtual network to have a my VCSA on a vSwitch rather than distributed, just in case this happens again.


Leave a reply

Finally Migrated to 6.5U3

So in my last post, I was struggling with updating VCSA 6.0 to VCSA 6.5U3. I opened up an SR, and the initial call had me to restore the Machine SSL to use the VMCA. Feeling confident that would work, the tech ended the call mid way through the update.

Two days later, after examining logs, and looking. through the certificate store, I noticed that there were 2 certs had aliases of my cert servers. Before I removed those two certs, I stood up a new 6.0 VCSA just to see if it would update to 6.5. I imported the cert chain, created a custom machine ssl and it updated without out issue.

Back to the original VCSA, I removed the 2 certs and added the cert chain. After the VCSA saw the 2 certs, I proceeded with the update.

Happy to say after about 3 days, my vCenter is now on 6.5U3.

If you happen to get failing to start vpxd when updating, check the following logs in

/var/log/vmware/vpxd


Leave a reply

FAIL: VCSA 6.0U3 upgrade to 6.5U3

So I’ve been fighting an VCSA upgrade from 6.0U3 to 6.5U3. Everything goes smoothly until trying to start vCenter services. After about 5 minutes, I get an error “An error occurred while starting service ‘vpxd'”

Digging into the logs I keep seeing the following errors:

PeerThumbprint: <removed thumbprint>
--> ExpectedThumbprint:
--> ExpectedPeerName: localhost
--> The remote host certificate has these problems:
-->
--> * Host name does not match the subject name(s) in certificate.)
--> [context]zKq7AVECAAAAAH6z1gANdnB4ZAAAoPMqbGlidm1hY29yZS5zbwAAiCAbAC6ZGABeMyIAKWQiANs3IgCTPCIA+ZQjADFiIwD6ZCMAXUkrAdRzAGxpYnB0aHJlYWQuc28uMAACvY4ObGliYy5zby42AA==[/context]
2019-10-15T14:24:29.590Z error vpxd[19950] [Originator@6876 sub=AuthzStorageProvider] [AuthzStorageProvider::CreateAuthzMgr] Failed to connect to IS: <N5Vmomi5Fault17HostCommunication9ExceptionE(Fault cause: vmodl.fault.HostCommunication

I’ve reset all certs, regenerated new ones, and I still get the above. I have an open call with VMware support, so I’ll see what they say.


Leave a reply

Checking ESXi NTP

So i just happen to check the time on one of my ESXi hosts, and noticed that the time was way off, by like hours. I checked the NTP service on the host, and it was not running. So updated and stated to check the other hosts. However, I didn’t feel like logging into each one. So I found a few one liners that helped me check all the hosts in my environment, and updated where necessary.

First, connect to the appropriate vcenter
then run the following to get the time and service status on all hosts on that vCenter

Get-VMHost | Sort-Object Name |  Select Name, @{N=";NTPServer";;E={$_ |Get-VMHostNtpServer}}, Timezone, @{N=";CurrentTime";;E={(Get-View $_.ExtensionData.ConfigManager.DateTimeSystem) | Foreach {$_.QueryDateTime().ToLocalTime()}}}, @{N=";ServiceRunning";;E={(Get-VmHostService -VMHost $_ | Where-Object {$_.key -eq "ntpd";}).Running}} ` | Format-Table -AutoSize 

If you need to update your ntp server
First, remove the old NTP Server

Remove-VMHostNTPSserver -NTPServer <NTP Server> -vmhost (Get-VMHost) -confirm

Second, add the new one

Get-VMHost | Add-VMHostNtpServer -NtpServer 172.16.4.53

If you need start and stop the NTP Service and set to automatic

Get-VMHost| Get-VMHostService| Where-Object{$_.key -eq"ntpd"} | Start-VMHostServiceGet-VMHost

Get-VMHostService| Where-Object{$_.key -eq"ntpd"} | Set-VMHostService-policy "automatic"

That should get the host back on the same time

On a side note, I did this all with PowerShell Core on Ubuntu, with the VMWare Core powershell modules loaded. I noticed, that if you use Sort, rather than Sort-Object pwsh does not recognize it.


Leave a reply

Certificates for vCenter and HTML 5 Appliance – Part 1

So I pretty much lost a day and half trying to sort out certificates for one of my vCenter clusters.  I’ve read through many VMware KB’s different blogs and articles on how to have a valid certificate for my vCenter servers, but didn’t quite find a definitive one.  So I’m hoping that what I did early in the week will be helpful.  It will also serve as a reminder for me on how I did this.

As of March 7, 2019 I am running VCSA 6.0 Build 9291058, I also have Microsoft CA to generate and issue certificates.

From the VCSA, I logged in as root and ran the following command

/usr/lib/vmware-vmca/bin/certificate-manager

This will bring up the vSphere 6.0 Certificate Manager

certman

Select Option 1 to replace machine ssl certificate with custom certificate.

Follow the prompts to enter credentials for the SSO and vCenter server.

After a successful login, select option 1 to generate certificate signing request(s) and key(s) for machine SSL certificate

genssl

You’ll then be prompted for a location to save the CSR(s) and Private Key(s).  Enter a desired location and select whether or not to reconfigure certool.cfg.  If you already have one configured, you can select no, to save some time.  Otherwise select Y and enter the appropriate values.

certool2

After the csr is generated, select Option 2 to exit the certificate manager

certool_complete

Next up, you’ll need to go to your Microsoft CA to request a certificate.

req_cert

Open the CSR in a text editor and copy it into the field, add any attributes if neccesary:

SAN:DNS=<FQDN>&DNS=<hostname>&DNS=<IP_Address>&IPADDRESS=<IP_Address>

submt_csr

After you submit the request, open the .cer in a text editor and copy that into a text editor on your VSCA.  Save the file with a meaningful name, ie; hostname.cer

Next, you’ll need to create a signed chained cert.

You’ll need the cer that was just created, as well as any intermediate CA certs and the root cert.

For my purposes, I exported the certs from the built-in windows certificate management console.  Selected the intemediate and root certs, and exported them. Be sure to download the cert in Base64 format

req_cert_base64

After you have all the certs, copy it to your vCenter, and then you’ll need to create a signed chained cert in this order: <generated CA cert> <intermediate cert> <root cert>

cat certnew.cer intermediateCA.cer RootCA.cer > name_of_signing_chain.cer

After creating the chained cert, run the certificate manger again

/usr/lib/vmware-vmca/bin/certificate-manager

Select Option 1

certman

Enter credentials for SSO and select Option 2 to import certs.
genssl

Provide the location of the generated cert, the private as well as the chain cert.

This will take a minute or two.  After the certs are successfully imported, you’ll valid SSL cert for you vCenter.


Leave a reply

PDQ and Windows Updates

Last year introduced PDQ as way to easily deploy applications to desktops. In the past, applications were either installed in the master clone, thinapp’d or manually installed by remotely connecting to the VM and installing it locally.

This is where I did a POC and proved that this was a time saver and pretty much fool proof.

In the last few months I started looking at using PDQ to install Windows patches. Preliminary tests showed that it worked well. I did look at WSUS, but was limited in terms of scheduling, and without using something like SCCM or SCOM, it would be very hard to manage. I also did not want to put up infrastructure just for patching.

PDQ pushes out Windows patches just like any other application, connects to the target, installs, and reboots, if you choose to. DONE.

However, there was no easy way to snapshot the VM. I came up with a PowerCLI script attached as a Pre-Step, however, I soon discovered that the PowerCLI script also ran on the target computer, and not on the source. One solution presented was installing PowerCLI on all server VMs. Tossed that idea out quickly as I didn’t want to install PowerCLI on all VMs, and with how the script worked, a snapshots of all VMs would occur on all VMs. So if I had 10 VMs in the script, the script would run on all 10 VMs, give me 100 snaps in total.

After some brainstorming, I decided to have the script run as scheduled task. If I had the patching occur at 2AM, I could have the script run at 1:58AM. Early testing showed that this worked just as expected. BINGO!

Only thing I need to make sure of, is to update the server list, so the VMs scheduled for patching gets snapped.

So essentially, have a scheduled task run the script 2 minutes before patch time, and then have the patch schedule run.

Hope this helps other people facing the same or similar problem


Leave a reply

Guest OS reporting error during quiescing

My storage engineer recently approached me about a couple of VMs that were failing to backup because it could not quiesce.  We were seeing:

 

My storage engineer recently approached me about a couple of VMs that were failing to backup because it could not quiesce.  We were seeing:

“An error occurred while saving the snapshot: Failed to quiesce the virtual machine.”

An open call to EMC said to run an extended Snapshot, however, that is only available starting with vSphere 6.5.  Despite that, running a manual snapshot using the vCenter MOB was successful.

Running scheduled and unscheduled backups failed with the same message.

However, after digging into the logs, I saw a very specific error message:

The guest OS has reported an error during quiescing. The error code was: 5 The error message was: ‘VssSyncStart’ operation failed: IDispatch error #8472 (0x80042318)

A quick search shows that this can be resolved by a number of ways, re-registering the VSS Components and re-configure VMTools.

for my purposes, re-registering the VSS Components did the trick.  Instead of running each of the following commands separately, I put them into a batch script.

cd /d %windir%\system32
net stop vss
net stop swprv
regsvr32 /s ole32.dll
regsvr32 /s oleaut32.dll
regsvr32 /s vss_ps.dll
vssvc /register
regsvr32 /s /i swprv.dll
regsvr32 /s /i eventcls.dll
regsvr32 /s es.dll
regsvr32 /s stdprov.dll
regsvr32 /s vssui.dll
regsvr32 /s msxml.dll
regsvr32 /s msxml3.dll
regsvr32 /s msxml4.dll
vssvc /register
net start swprv
net start vss

Leave a reply

Reusing Computer Names in a Full Clone Pool

For the few of us using Full Clones in their Horizon View environment, we’ve always run into the issue of not being able to reuse computer names like you can in a Linked Clone pool.

However, I came across a VMWare KB that explains how to do this.  I’d advise you fully read the KB as it involves modifying the ADAM database.  I don’t have to tell you what can potentially happen if that get’s corrupted.  So backup and/ or snapshot before making changes.

So basically, you need to modify the following value in the ADAM database for the pool in question.

pae-VMNameReuseAllowed = 1

You would need to remote onto one of you connection servers, and  open up ADSI Edit from Administrative Tools, select the ADAM Database, go to OU=Server Groups, right click the pool in question and find the above attribute and change it to 1.

Have fun!

For reference here is the KB:

https://kb.vmware.com/s/article/2138714

 

 


Leave a reply

ending the week on a high note

nothing like ending the week on a high note. Been running RecoverPoint for VM for the past few weeks with lack luster results with the same level of support. Replication was painfully slow along with a UI that was severely lacking in features. However, after setting up Zerto, which took about 15 minutes or so, I was already replicating a 9.4TB VPG, with an ETA of 20h.  This same VPG in RP4VM nearly took 2 weeks to replicate.  Even after increasing the RPA resources to 8vCPU and 16GB RAM, we only ever got 11MB/sec at best.  With Zerto I’m seeing 112MB/sec constant.

 

Next week, I’ll have enough information to make the case to go with Zerto and drop RP4VM

 


%d bloggers like this:
Bitnami