I am trying to chage y identity source to ad over ldap using ldaps to my dc but I keep geting the error
Check the network settings and make sure you have netwok access to the idenity source
any idea?
↧
unable to change Identity source to ldaps
↧
Patching vCenter 6.7u1b to 6.7u2 successful but version not updated
Hi everyone,
I am trying to patch one of out vCenters, version 6.7u1b to 6.7u2 or 6.7u2a. Both had the same issues.
At first I've tried using VAMI to update, but it keeps failing without any explanation given, it only tells us to refer to the logs.
/etc/applmgmt/appliance/software_update_state.conf only contains the following lines.
{
"state": "INSTALL_FAILED",
"latest_query_time": "2019-07-08T14:01:00Z",
"version": "6.7.0.31000"
}
Next, I tried to use CLI to update using the software-packages install --iso --acceptEulas command.
Command> software-packages install --iso --acceptEulas
[2019-07-08T14:04:31.189] : ISO mounted successfully
[2019-07-08T14:04:31.189] : Evaluating packages to stage...
[2019-07-08T14:04:31.189] : Verifying staging area
[2019-07-08T14:04:31.189] : ISO unmounted successfully
[2019-07-08T14:04:32.189] : Validating software update payload
[2019-07-08T14:04:32.189] : Validation successful
[2019-07-08 14:04:32,330] : Copying software packages
[2019-07-08T14:04:32.189] : ISO mounted successfully 126/126
[2019-07-08T14:04:49.189] : ISO unmounted successfully
[2019-07-08 14:04:49,735] : Running test transaction ....
[2019-07-08 14:04:50,762] : Running pre-install script.....
[2019-07-08 14:06:01,876] : Upgrading software packages ....
[2019-07-08T14:08:27.189] : Setting appliance version to 6.7.0.31000 build 13643870
[2019-07-08T14:08:27.189] : Got exception while trying to save metadata to a file: Unexpected content in /etc/issue file. Data: ""
[2019-07-08 14:08:27,137] : Running pre-patch script.....
[2019-07-08 14:08:28,142] : Running post-patch script.....
[2019-07-08T14:09:14.189] : Packages upgraded successfully, Reboot is required to complete the installation.
After reboot, vpxd -v shows VMware VirtualCenter 6.7.0 build-13639324 which is correct, but VAMI is still showing the old version. The summary page for vCenter is also showing the old version.
We have another vCenter with the same versions but it was able to be patched successfully without issues.
↧
↧
How to change the SSL Cert on vCenter Server Appliance Manager portal (https://fqdn:5480)?
I implemented the "Replacing vSphere 6.0 certificates using VMCA as a Subordinate CA" procedure, and most all of the certificates now reflect "valid" with our Windows CA chain, except the web portal to the Appliance Manager (ala- https://fqdn:5480). This certificate remains self-signed, and IE/Chrome don't allow exceptions (Firefox does).
So how does one get this certificate replaced with VMCA (or a Windows CA) issued certificate?
↧
Not enough memory?
Good Morning,
Has anyone ran into a problem like this when installing vCenter Server 6 (embedded) on a physical machine (see screenshot)? The server has 8 GB of RAM installed so I'm not sure why VMWare's install process is being so picky about the exact detected memory. I did open a case with VMWare but I thought I'd check with the community as well to see if anyone has encountered this and has a quick solution. Thanks.
↧
Accidently change "VSPHERE.LOCAL\Administrators" to "None" for a Resource Pool
Hi,
When tweaking the security of a newly defined Resource Pool of vCenter Server 6, we have accidently change the "VSPHERE.LOCAL\Administrators" from "Administrator" to "None".
In this way, we are not able to view / edit that Resources Pool and VMs in that pool.
Is there any way we can recover from this error ?
We have attempted to connect to the ESXi Host as "root" but could not move any VM from that Resource Pool - It is managed by the vCenter Server.
Your advice is sought.
↧
↧
Getting VM to boot to USB drive for vCenter install
Any idea of why a VM based on the Linux template would be usb greyed out on existing usb drive or even if I add a new one so I cannot start the install of vcenter ? I went to another VM and enabled the usb and it did not pick up anything plugged into the server. Yes usb is attached to the front of the server box. I'm asking about this because the bootup will not see the usb drive or prompt anything on doing the install start up.
Thanks
↧
VCSA 6.5 Update 1 - VUM Service will not start
After migrating from Windows 5.5 vCenter to VCSA 6.5 Update1 (intermediate step to 6.7) everything was working well. After the migration the vcenter machine cert was soon to be expired so I replaced it, though I did notice https://vc.domain.com:7444 was still using the old cert. I didn't worry about this as the old cert was not expired. A month or so passes by with vcenter being very stable. Completed host upgrades to 6.5U1 using VUM over the weekend - In the mean time the cert bound to 7444 expired, which caused problems with the Migration wizard to 6.7. Also, VUM service had stopped and wouldn't start (perhaps it was ok until I rebooted the VCSA and now VUM wont start)
With the help of VMWare support we fixed this by replacing the cert in the STS_INTERNAL_SSL_CERT. This fixed the expired cert for 7444 but did not help with the VUM issues. I'm pretty well stuck, I am just waiting on VMWare support to help. In the mean time I thought I'd post here in case someone could possible help.
Regards
I get the following errors in the SSH session when executing service-control --start vmware-updatemgr:
Error executing start on service updatemgr. Details {
"resolution": null,
"detail": [
{
"args": [
"updatemgr"
],
"id": "install.ciscommon.service.failstart",
"localized": "An error occurred while starting service 'updatemgr'",
"translatable": "An error occurred while starting service '%(0)s'"
}
],
"componentKey": null,
"problemId": null
}
Service-control failed. Error {
"resolution": null,
"detail": [
{
"args": [
"updatemgr"
],
"id": "install.ciscommon.service.failstart",
"localized": "An error occurred while starting service 'updatemgr'",
"translatable": "An error occurred while starting service '%(0)s'"
}
],
"componentKey": null,
"problemId": null
}
tail -f updatemgr-utility.log give this:
[2018-10-10 23:29:10,255 INFO] Install Key store for Jetty
[2018-10-10 23:29:11,579 INFO] Keystore installed successfully.
[2018-10-10 23:29:11,953 INFO] Updating VUM extension with VC
[2018-10-10 23:29:12,236 INFO] Updating CM service info
[2018-10-10 23:29:12,402 ERROR] CM ReRegisterService failure. Exception is (cis.cm.fault.ComponentManagerFault) {
dynamicType = <unset>,
dynamicProperty = (vmodl.DynamicProperty) [],
msg = '',
faultCause = <unset>,
faultMessage = (vmodl.LocalizableMessage) [],
errorCode = 0,
errorMessage = 'UNKNOWN'
}
[2018-10-10 23:29:12,402 ERROR] Unable to update CM service info
Tail on cm.log give me this while starting service:
2018-10-10T23:24:35.847Z [pool-2-thread-1 [] WARN com.vmware.cis.services.cm.service.impl.LsVmomiSiteStore (f15657f3-ac72-40f0-8c90-3e948201000c)] Call to lookup service failed; uri:https://VCENTER.DoMain.int/lookupservice/sdk [(vmodl.fault.InvalidArgument) {
faultCause = null,
faultMessage = null,
invalidProperty = Invalid certificate
}]
2018-10-10T23:24:35.847Z [pool-2-thread-1 [] ERROR com.vmware.cis.services.cm.service.ServiceManagerImplTemplate (f15657f3-ac72-40f0-8c90-3e948201000c)] reRegisterService v1: Failed to re-register c39131ca-cda5-446d-a6ac-44b51348c107 (vpxd-extension-a6f84462-5ea2-11e6-ada6-0050569777b5@vsphere.local, com.vmware.vcIntegrity/vcIntegrity 6.5.0)
com.vmware.vim.binding.vmodl.fault.InvalidArgument: null
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:1.8.0_141]
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:1.8.0_141]
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:1.8.0_141]
at java.lang.reflect.Constructor.newInstance(Constructor.java:423) ~[?:1.8.0_141]
at java.lang.Class.newInstance(Class.java:442) ~[?:1.8.0_141]
at com.vmware.vim.vmomi.core.types.impl.ComplexTypeImpl.newInstance(ComplexTypeImpl.java:174) ~[vlsi-core.jar:?]
at com.vmware.vim.vmomi.core.types.impl.DefaultDataObjectFactory.newDataObject(DefaultDataObjectFactory.java:25) ~[vlsi-core.jar:?]
at com.vmware.vim.vmomi.core.soap.impl.unmarshaller.ComplexStackContext.<init>(ComplexStackContext.java:30) ~[vlsi-core.jar:?]
at com.vmware.vim.vmomi.core.soap.impl.unmarshaller.UnmarshallerImpl$UnmarshallSoapFaultContext.parse(UnmarshallerImpl.java:150) ~[vlsi-core.jar:?]
at com.vmware.vim.vmomi.core.soap.impl.unmarshaller.UnmarshallerImpl$UnmarshallSoapFaultContext.unmarshall(UnmarshallerImpl.java:101) ~[vlsi-core.jar:?]
at com.vmware.vim.vmomi.core.soap.impl.unmarshaller.UnmarshallerImpl.unmarshalSoapFault(UnmarshallerImpl.java:88) ~[vlsi-core.jar:?]
at com.vmware.vim.vmomi.core.soap.impl.unmarshaller.UnmarshallerImpl.unmarshalSoapFault(UnmarshallerImpl.java:83) ~[vlsi-core.jar:?]
at com.vmware.vim.vmomi.client.common.impl.SoapFaultStackContext.setValue(SoapFaultStackContext.java:40) ~[vlsi-client.jar:?]
at com.vmware.vim.vmomi.client.common.impl.ResponseUnmarshaller.processNextElement(ResponseUnmarshaller.java:127) ~[vlsi-client.jar:?]
at com.vmware.vim.vmomi.client.common.impl.ResponseUnmarshaller.unmarshal(ResponseUnmarshaller.java:70) ~[vlsi-client.jar:?]
at com.vmware.vim.vmomi.client.common.impl.ResponseImpl.unmarshalResponse(ResponseImpl.java:274) ~[vlsi-client.jar:?]
at com.vmware.vim.vmomi.client.common.impl.ResponseImpl.setResponse(ResponseImpl.java:230) ~[vlsi-client.jar:?]
at com.vmware.vim.vmomi.client.http.impl.HttpExchangeBase.parseResponse(HttpExchangeBase.java:150) ~[vlsi-client.jar:?]
at com.vmware.vim.vmomi.client.http.impl.HttpExchange.run(HttpExchange.java:48) ~[vlsi-client.jar:?]
at com.vmware.vim.vmomi.client.http.impl.HttpProtocolBindingBase.executeRunnable(HttpProtocolBindingBase.java:226) ~[vlsi-client.jar:?]
at com.vmware.vim.vmomi.client.http.impl.HttpProtocolBindingImpl.send(HttpProtocolBindingImpl.java:110) ~[vlsi-client.jar:?]
at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl$CallExecutor.sendCall(MethodInvocationHandlerImpl.java:613) ~[vlsi-client.jar:?]
at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl$CallExecutor.executeCall(MethodInvocationHandlerImpl.java:594) ~[vlsi-client.jar:?]
at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.completeCall(MethodInvocationHandlerImpl.java:345) ~[vlsi-client.jar:?]
at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.invokeOperation(MethodInvocationHandlerImpl.java:305) ~[vlsi-client.jar:?]
at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.invoke(MethodInvocationHandlerImpl.java:179) ~[vlsi-client.jar:?]
at com.sun.proxy.$Proxy101.set(Unknown Source) ~[?:?]
at com.vmware.cis.services.cm.service.impl.LsVmomiSiteStore$LsVmomiWrapper$3.execute(LsVmomiSiteStore.java:229) ~[service-cm.jar:?]
at com.vmware.cis.services.cm.service.impl.LsVmomiSiteStore$LsVmomiWrapper$3.execute(LsVmomiSiteStore.java:226) ~[service-cm.jar:?]
at com.vmware.cis.services.cm.service.impl.LsVmomiSiteStore$LsVmomiWrapper.callLs(LsVmomiSiteStore.java:302) ~[service-cm.jar:?]
at com.vmware.cis.services.cm.service.impl.LsVmomiSiteStore$LsVmomiWrapper.set(LsVmomiSiteStore.java:224) ~[service-cm.jar:?]
at com.vmware.cis.services.cm.service.impl.LsVmomiSiteStore.updateService(LsVmomiSiteStore.java:622) ~[service-cm.jar:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_141]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_141]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_141]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_141]
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333) ~[spring-aop-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190) ~[spring-aop-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) ~[spring-aop-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at com.vmware.cis.services.common.perfmon.PerfmonInterceptor.invoke(PerfmonInterceptor.java:31) ~[service-common.jar:?]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92) ~[spring-aop-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) ~[spring-aop-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213) ~[spring-aop-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at com.sun.proxy.$Proxy67.updateService(Unknown Source) ~[?:?]
at com.vmware.cis.services.cm.service.ServiceManagerImplTemplate.reRegisterService(ServiceManagerImplTemplate.java:306) [service-cm.jar:?]
at com.vmware.cis.services.cm.service.ServiceManagerImpl.reRegisterService(ServiceManagerImpl.java:291) [service-cm.jar:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_141]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_141]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_141]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_141]
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333) [spring-aop-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190) [spring-aop-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) [spring-aop-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at com.vmware.cis.services.common.perfmon.PerfmonInterceptor.invoke(PerfmonInterceptor.java:31) [service-common.jar:?]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) [spring-aop-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92) [spring-aop-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) [spring-aop-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213) [spring-aop-4.3.9.RELEASE.jar:4.3.9.RELEASE]
at com.sun.proxy.$Proxy68.reRegisterService(Unknown Source) [?:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_141]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_141]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_141]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_141]
at com.vmware.vim.vmomi.server.impl.InvocationTask.run(InvocationTask.java:65) [vlsi-server.jar:?]
at com.vmware.vim.vmomi.server.common.impl.RunnableWrapper$1.run(RunnableWrapper.java:47) [vlsi-server.jar:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_141]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_141]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_141]
tcpdump on lo gives:
Request
POST /lookupservice/sdk HTTP/1.1
Content-Type: text/xml; charset=utf-8
SOAPAction: urn:lookup/2.0
Content-Length: 21474
Host: https://VCENTER.DoMain.int/lookupservice/sdk
Connection: Keep-Alive
User-Agent: VMware vim-java 1.0
Cookie: vmware_soap_session=a7600162-79b1-4797-9e7f-4b885dde550b
Accept-Encoding: gzip,deflate
X-Forwarded-For: 127.0.0.1
X-Forwarded-Proto: https
....CERT HASH in XML stream.........
Request
HTTP/1.1 500
Set-Cookie: vmware_soap_session=a7600162-79b1-4797-9e7f-4b885dde550b; HttpOnly
Content-Type: text/xml;charset=utf-8
Content-Length: 558
Date: Wed, 10 Oct 2018 01:45:27 GMT
Connection: close
<?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Body><soapenv:Fault><faultcode>ServerFaultCode</faultcode><faultstring/><detail><RuntimeFaultFault xsi:type="InvalidArgument" xmlns="urn:lookup"><invalidProperty>Invalid certificate</invalidProperty></RuntimeFaultFault></detail></soapenv:Fault></soapenv:Body></soapenv:Envelope>
↧
CAC Authentication and PSC Certificate Export
With regard to the title, my problem is CAC authentication, my question is "is it possible to export certificates from a known-good PSC?"
Recently, we have been unable to authenticate into a few of our vCenters. Initially, I thought it might be a certificate issue, so I wanted to find out if it's possible to export certificates from a known-good vCenter/PSC so that I can import them into the problem vCenters. I am also having our AD team look at it from a DC perspective, as they did DC upgrades around the same time we lost the capability to CAC authenticate.
Ultimately, I'd like to know if the second part of my issue is possible, but feel free to chime in on the CAC authentication issue.
Here is what I can tell you:
The vCenters in question are all 6.5
All have had the reverse proxy configured, and all have Machine SSL certs.
All on the classified network have identical certs applied to the PSC.
On the unclassified side, I took measures to get almost all the certs to be identical, but the one missing cert (as compared to the known-good), I've been advised, is a non-issue.
These vCenters are run off Cisco appliances as opposed to Windows Servers.
This is a vCenter Web Client issue.
I do hope I've configured my inquiry correctly and respectfully. I have done my due diligence, and I've only come across information on importing/applying certificates...not exporting them. Any help would be appreciated.
↧
Not able to Login to VxRail
Hi,
I am not able to login to VxRail Vcenter. Getting the following error message after trying to login:
[400] An error occurred while processing the authentication response from the vCenter Single Sign-On server. Details: Status: urn:oasis:names:tc:SAML:2.0:status:Requester, sub status: null.Back to login screen.
Any clue to fix this issue.
Abdul Kareem
↧
↧
vCenter's SDK is stating invalid credentials
Unsure why but I see this message alot in the Horizon 7 error log yet the password still works for me to get into the vsphere client. When I try to go to the url (https://url:443/sdk) it provides an error on unknown site. Horizon details state service is not working and certificate is untrusted but thumprint for certificate is accepted. Horizon VM is talking and seems to be working with the vCenter Server appliance with no error when I bring open screens.
↧
PSC and vCenter upgrade to 6.7u3 from 6.5u3
Heya folks
I have an environment which is running 6.5u3, we have 3 external PSC's and each of those is connected to a vCenter. These are connected over high bw links, across a couple of states.
My understanding is that when upgrading from 6.5u3 with ext PSC's, that you need to upgrade all of the PSC's before upgrading the vCenters. Once upgraded, i can then convert them to Embedded PSCs.
Upgrading the vCenter Server Appliance and Platform Services Controller Appliance
The reason i'm attempting to pose this as a question, is because i'm being asked to do this upgrade in parts, basically one site at a time. Upgrade 1 psc and 1 connected vcenter at a time. Then a couple days later, go ahead and do the next site, and the next site.
Thoughts?
Thanks
David S
↧
best way to manage 2 vcenters?
HI, someone can help me to clarify doubt i have. I need to know the best practice on how to manage 2 sites with the same vcenter
for example in the 1st site i have the VLAN 782
on the 2nd i have the VLAN 783
- should I extend the VLAN 782
- or make a routing between VLANs
- or created a new VLAN
What is the best option for vcenter to see both sites? i hope you can help me or advice me a little bit
↧
What is the best way to move the VCSA to a new host cluster?
We have servers (ESXi host machines) that have reached end of life and also an older storage system that was connected to those hosts that we are transitioning from and will eventually power off and remove from this vSphere instance. We now have added replacements for the hosts which are using Intel CPUs in place of AMDs, the new storage is also set up with those hosts, networking has been linked for the new hosts to the same distributed switch used on the old cluster, and we've tested migrating the VMs with the following configuration as described:
vCenter: VCSA 6.7 (currently operating in the old host 6.5 cluster)
Cluster 1 (old):
5x AMD ESXi 6.5 hosts
Fiber attached SAN A
distributed switch uplink set A (vDS-1)
Cluster 2 (new):
5x Intel ESXi 6.7 hosts
Fiber attached SAN B
distributed switch uplink set B (vDS-1)
We've been warned that, since the new ESXi hosts are Intel (not AMD, like the old hosts), we would need to power off the VMs before moving them to the new Intel 6.7 cluster, so a live migration/vMotion to the new cluster would not work. We did that and had success with a few test VMs (both storage and compute resources). We will repeat with the remaining VMs. However, we have one VCSA managing this entire environment among those VMs, and vCenter is what manages the vMotion, correct? So, if we must shut that appliance VM down, like the other VMs to move it to the new cluster, what is the best procedure to do this safely without negative impacts?
↧
↧
"Analytics Service registration with Component Manager failed" when upgrading from 6.5 to 6.7
I've attempted this upgrade several times and have seen this error consistently after trying a few different things to resolve it. The other threads with this same error seem to be related to SSO and bad passwords, but my signature is a little different. I did change the SSO domain from the default vsphere.local. I'm running the latest 6.5 on the source vCenter and VMware-VCSA-all-6.7.0-14836122.iso for the upgrade. The source and desitnation vCenter are on the same ESXi host, time is correct, NTP is configured, there's no "\" in the password. Can anyone point me in the right direction?
Here's the stack trace:
root@vcenter [ /var/log/firstboot ]# cat analytics_firstboot.py_28307_stderr.log
INFO:root:Register service with LS.
ERROR:root:Security error: (vmodl.fault.SecurityError) {
dynamicType = <unset>,
dynamicProperty = (vmodl.DynamicProperty) [],
msg = '',
faultCause = <unset>,
faultMessage = (vmodl.LocalizableMessage) []
}
2020-01-07T17:49:56.542Z Failed to register Analytics Service with Component Manager: generator didn't stop after throw()
2020-01-07T17:49:56.544Z Traceback (most recent call last):
File "/usr/lib/vmware/site-packages/cis/cisreglib.py", line 242, in securityctx_modifier
yield
File "/usr/lib/vmware/site-packages/cis/cisreglib.py", line 341, in add_securityctx_to_requests
return req_method(self, *args, **kargs)
File "/usr/lib/vmware/site-packages/cis/cisreglib.py", line 351, in register_service
svc_create_spec)
File "/usr/lib/vmware/site-packages/pyVmomi/VmomiSupport.py", line 557, in <lambda>
self.f(*(self.args + (obj,) + args), **kwargs)
File "/usr/lib/vmware/site-packages/pyVmomi/VmomiSupport.py", line 363, in _InvokeMethod
return self._stub.InvokeMethod(self, info, args)
File "/usr/lib/vmware/site-packages/pyVmomi/SoapAdapter.py", line 1418, in InvokeMethod
raise obj # pylint: disable-msg=E0702
pyVmomi.VmomiSupport.vmodl.fault.SecurityError: (vmodl.fault.SecurityError) {
dynamicType = <unset>,
dynamicProperty = (vmodl.DynamicProperty) [],
msg = '',
faultCause = <unset>,
faultMessage = (vmodl.LocalizableMessage) []
}
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/vmware-analytics/firstboot/analytics_firstboot.py", line 214, in register_with_cm
cloudvm_sso_cm_register(keystore, cisreg_spec, key_alias, dyn_vars, isPatch=is_patch)
File "/usr/lib/vmware-cm/bin/cloudvmcisreg.py", line 706, in cloudvm_sso_cm_register
serviceId = do_lsauthz_operation(cisreg_opts_dict)
File "/usr/lib/vmware/site-packages/cis/cisreglib.py", line 1053, in do_lsauthz_operation
ls_obj.register_service(svc_id, svc_create_spec)
File "/usr/lib/vmware/site-packages/cis/cisreglib.py", line 341, in add_securityctx_to_requests
return req_method(self, *args, **kargs)
File "/usr/lib/python3.5/contextlib.py", line 104, in __exit__
raise RuntimeError("generator didn't stop after throw()")
RuntimeError: generator didn't stop after throw()
2020-01-07T17:49:56.544Z Exception: Traceback (most recent call last):
File "/usr/lib/vmware/site-packages/cis/cisreglib.py", line 242, in securityctx_modifier
yield
File "/usr/lib/vmware/site-packages/cis/cisreglib.py", line 341, in add_securityctx_to_requests
return req_method(self, *args, **kargs)
File "/usr/lib/vmware/site-packages/cis/cisreglib.py", line 351, in register_service
svc_create_spec)
File "/usr/lib/vmware/site-packages/pyVmomi/VmomiSupport.py", line 557, in <lambda>
self.f(*(self.args + (obj,) + args), **kwargs)
File "/usr/lib/vmware/site-packages/pyVmomi/VmomiSupport.py", line 363, in _InvokeMethod
return self._stub.InvokeMethod(self, info, args)
File "/usr/lib/vmware/site-packages/pyVmomi/SoapAdapter.py", line 1418, in InvokeMethod
raise obj # pylint: disable-msg=E0702
pyVmomi.VmomiSupport.vmodl.fault.SecurityError: (vmodl.fault.SecurityError) {
dynamicType = <unset>,
dynamicProperty = (vmodl.DynamicProperty) [],
msg = '',
faultCause = <unset>,
faultMessage = (vmodl.LocalizableMessage) []
}
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/vmware-analytics/firstboot/analytics_firstboot.py", line 214, in register_with_cm
cloudvm_sso_cm_register(keystore, cisreg_spec, key_alias, dyn_vars, isPatch=is_patch)
File "/usr/lib/vmware-cm/bin/cloudvmcisreg.py", line 706, in cloudvm_sso_cm_register
serviceId = do_lsauthz_operation(cisreg_opts_dict)
File "/usr/lib/vmware/site-packages/cis/cisreglib.py", line 1053, in do_lsauthz_operation
ls_obj.register_service(svc_id, svc_create_spec)
File "/usr/lib/vmware/site-packages/cis/cisreglib.py", line 341, in add_securityctx_to_requests
return req_method(self, *args, **kargs)
File "/usr/lib/python3.5/contextlib.py", line 104, in __exit__
raise RuntimeError("generator didn't stop after throw()")
RuntimeError: generator didn't stop after throw()
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/vmware-analytics/firstboot/analytics_firstboot.py", line 314, in main
fb.register_with_cm(analytics_int_http, is_patch)
File "/usr/lib/vmware-analytics/firstboot/analytics_firstboot.py", line 225, in register_with_cm
problem_id='install.analytics.cmregistration.failed')
cis.baseCISException.BaseInstallException: {
"componentKey": "analytics",
"problemId": "install.analytics.cmregistration.failed",
"resolution": {
"id": "install.analytics.cmregistration.failed.res",
"translatable": "Please search for these symptoms in the VMware Knowledge Base for any known issues and possible resolutions. If none can be found, collect a support bundle and open a support request.",
"localized": "Please search for these symptoms in the VMware Knowledge Base for any known issues and possible resolutions. If none can be found, collect a support bundle and open a support request."
},
"detail": [
{
"id": "install.analytics.cmregistration.failed",
"translatable": "Analytics Service registration with Component Manager failed.",
"localized": "Analytics Service registration with Component Manager failed."
}
]
}
2020-01-07T17:49:56.545Z VMware Analytics Service firstboot failed
↧
PSC 6.5 SSL custom cert replacement rolls back at last stage
Replacing external PSC 6.5 U1 with Microsoft CA certs - they comprise of an Intermediate and Root CA.
All goes well until the very last stage where Services can't start successfully.
Console error will say:
Status : 85% Completed [starting services...]
Error while starting services, please see log for more details
Status : 0% Completed [Operation failed, performing automatic rollback]
Error while replacing Machine SSL Cert, please see /var/log/vmware/vmcad/certificate-manager.log for more information.
Performing rollback of Machine SSL Cert...
Checking the certificate-manager.log, I find that there are services that fail to start due to a timeout:
2017-10-05T05:33:28.195Z INFO certificate-manager Running command :- service-control --start --all
2017-10-05T05:33:28.196Z INFO certificate-manager please see service-control.log for service status
Service-control failed. Error Failed to start vmon services.vmon-cli RC=1, stderr=Failed to start sca, cm, vapi-endpoint services. Error: Operation timed out
2017-10-05T05:41:26.324Z ERROR certificate-manager None
2017-10-05T05:41:26.325Z ERROR certificate-manager Error while starting services, please see log for more details
2017-10-05T05:41:26.325Z ERROR certificate-manager Error while replacing Machine SSL Cert, please see /var/log/vmware/vmcad/certificate-manager.log for more information.
2017-10-05T05:41:26.325Z ERROR certificate-manager {
"resolution": null,
"detail": [
{
"args": [
"None"
],
"id": "install.ciscommon.command.errinvoke",
"localized": "An error occurred while invoking external command : 'None'",
"translatable": "An error occurred while invoking external command : '%(0)s'"
},
"Error while starting services, please see log for more details"
],
"componentKey": null,
"problemId": null
}
2017-10-05T05:41:26.326Z INFO certificate-manager Performing rollback of Machine SSL Cert...
There was a KB with something similar but this isn't an error while publishing cert using dir-cli.
Anyone seen this before?
↧
vCenter Server 6.0 Installation Fails (Installation of component VCSServiceManager failed with error code '1603')
Hello,
I'm relatively new to using vSphere/vCenter and was attempting to install vCenter 6.0 with embedded PSC. Here is my configuration:
It gets to this point and fails with the following errors:
I tried installing .NET 3.5 as a potential fix with no success.
I also have no idea where these logs are stored. The zipped file contains a bunch of log files and I'm not sure which one is the correct one to review the issue.
Does anyone know a workaround/fix for this issue or any general start to try to resolve?
Thanks.
↧
Custom attributes
hi Folks - I have been poking around trying to determine if Custom attributes are lost when vCenter is upgraded, vCenter 6.0 to 6,7.
I have been unable to find any posts about this, and this is most likely is because there is nothing to worry about unless you are migrating to a new vCenter instance that would require some basic scripting to collect the attributes then re-apply them to the destination vCenter, something we have already done and are aware of.
Our test instance of the VCSA 6.0 was already upgraded to 6.7 but that test instance unfortunately didn't have any custom attributes defined, so I am in the dark as to whether they will stick around after an upgrade to vCenter.
Could someone please advise as to whether an upgrade from VCSA 6.0 to 6.7 would kill our custom attributes? If yes, no problem to run the same script we have already leveraged for this when we migrated to a new instance.
Thanks
↧
↧
domain user unable to login after integration of AD and vCenter
i'm using vSphere 6.7U3 in my lab environment and has created a windows AD to integrate with the vCenter,
however, after i configured the following three settings, the AD domain user still can't login to the vCenter:
1. join the vCenter to AD and reboot
2. set the domain as default identity source
3. set the roles and "VM user" global permission to the domain users
4. verified that the AD server's time/time zone is same as vCenter appliance's time/time zone and has rebooted the VCSA
i'm sure i typed in the correct domain user account name and password but can't access the vCenter client webpage.
(this domain account is able to access servers and workstations which are controlled by AD domain, and the password is correct.)
by the way, i followed the instructions in this link to check the problem in vCSA but i couldn't figure out and doubt whether this is necessary to troubleshoot my case or not.
can anyone help?
↧
Need help removing vCenter from SSO domain
I've inherited an old vCenter Server 5.5 deployment with three vCenters - let's call them vCenterA, B & C - at three different cities. These are physical servers running Windows Server 2012 R2.
The datacenter where vCenterA is located was recently decommissioned. However, due to poor organization/communication, that server was simply shut down and moved out to cold storage, rather than properly decommissioned and removed from the SSO domain, etc. As a result, the following error now appears in the web client when logging in to either vCenterB or vCenterC:
Could not connect to one or more vCenter Server systems:
So, how can I remove this vCenter from the SSO domain?
All the info I've found regarding this involves removing a server that you can still access. I haven't been able to find anything for this scenario, where the server is gone and no longer accessible. (At least, nothing for a Windows-based, vCenter 5.5 deployment, anyway.)
↧
How do I remove the snapshot?
My VM be backed-up via Avamar, but recently it occurs the error.
I find the reason which is snapshot does not be removed automatically.
To solve the issue, the snapshot should be removed manually.
The question is: I can not click "delete" or "delete all" button. (Please check the simulation photo below)
Does anyone know how I should remove the snapshot correctly?
vCenter version: 4.0
↧