I am New to CHEF automation integration to VMware vcenter 6.7.
Can you try to guide me some on the right path. I need to test CHEF on my On-Prime environment . Below are the my requirement's.
Installation
Integration
Test
implement on Production
Regards,
Vikram
Hi,
Can anyone please advise how I view/manage the STS certificates in vCenter Server v7.0?
In v6.x this could be done via the Web Client (Flash Client) by following the path "Administrator > Single Sign-On > Configuration > Certificates > STS Signing"
However the Flash Client is not available in v7.0 and there is no STS Signing option in the HTML5 Client. I have found specific reference to "Note: The STS certificate cannot be viewed from the HTML5 client" in https://kb.vmware.com/s/article/79248
I have downloaded the checksts.py python script that is mentioned in KB79248 and I can see the STS certificate SHA-1 thumbprints (and only that); but that is all it does.
I generated & refreshed new STS signing certs based on my VMCA signed certificate chain, and now I need to delete the old STS leaf & root certificates (highlighted).
I know it is against VMware's recommendation to replace these internal/self-signed STS certificates, but in some environments this is not acceptable.
Is there a CLI command to manage them, as the HTML5 client is clearly not 'feature parity' with the Web Client in this respect. :-(
As always, any help or advice will be welcomed.
Thanks
M
Hi. We are getting ready to move from v6.5U2 to U3, we were stuck on U2 for awhile due to old NSX dependencies.
I remember last time I patched I got bit by that bug where disconnecting the CDROM iso hung the box. I actually have never patched through the VAMI, because up until recently our vCenters were in HA mode and we could not patch via the VAMI.
Is the VAMI patching reliable? I have seen some threads where the screen goes blank and your left wondering when to reboot. But I am fearful of that cd connect bug again.
So just looking for some comments. Thanks,,,
Hello folks,
I have two installations with vCenter installed on them that are both doing something that seems peculiar. They send DNS queries from the vCenter IP address to the assigned DNS servers. Roughly 15% of the time, they will generate a query the same second with the same source port to both the primary and secondary DNS servers. When this happens, the firewall logs that the vCenter server responds to the secondary DNS server's answer with an ICMP type 3 code 3 (port unreachable). This clearly shouldn't be happening (the query to the secondary DNS server probably shouldn't even be happening). Any ideas on why this would occur?
vCenter Server with an embedded Platform Services Controller
v6.7.0.30000
Build 13010631
Example firewall log entries:
access-list vm_interface_access_in permitted udp vm-interface/10.1.1.5(33201) -> dc_interface/10.1.3.1(53)
access-list vm_interface_access_in permitted udp vm-interface/10.1.1.5(33201) -> dc_interface/10.1.3.2(53)
No matching connection for ICMP error message: icmp src vm_interface:10.1.1.5 dst dc_interface:10.1.3.2 (type 3, code 3) on vm_interface. Original IP payload: udp src 10.1.3.2/53 dst 10.1.1.5/33201.
Thank you!
Can I re-use an existing cert issued by our local AD Cert authority when re-installing a new vcsa (same hostname etc) from scratch again?
I have the original .csr file, the original vmca_issued_key.key, and the cert of course, is there any way that can be re-used on the replacement vcsa install?
Thanks! Sorry for the dumb question.
Hi,
We are using Public/Private key pair to authenticate from our ansible to esxi hosts per KB VMware Knowledge Base
Is it possible to use the same authentication method to connect to vcenter?
Edit:
Found authorized_keys under /root/.ssh/
Could someone confirm this? in order for the ansible to connect I think I need to switch the appliance to go to the BASH Shell instead of the Appliance shell by default
Thanks
just checked the installation guide https://docs.vmware.com/en/VMware-vSphere/7.0/vsphere-vcenter-server-70-installation-guide.pdf
https://docs.vmware.com/en/VMware-vSphere/7.0/vsphere-vcenter-server-70-installation-guide.pdf
i discovered that the tiny environment requires 415GB default storage size and my question is:
if i use a storage which size is smaller than 415GB (e.g. a 300GB HDD) to load the VCSA, will the deployment of tiny vCenter server 7.0 fail for sure?
or this deployment will be working just fine but the database cannot expand in the future?
thanks in advance~!
I'm trying to reset the administrator@vsphere.local password but it fails every time...
I'm using this document : VMware KB: Cannot change the administrator@vsphere.local password after upgrading from vCenter Server 5.1 to 5.5
But everytime I try it fails with code 9100:
Here is my log:
==================
Please select:
0. exit
1. Test LDAP connectivity
2. Force start replication cycle
3. Reset account password
4. Set log level and mask
5. Set vmdir state
==================
3
Account DN: cd=administrator,cn=users,dc=vsphere,dc=local
VmDirForceResetPassword failed (9100)
Anyone know how to fix this ??
I am almost sure I have the syntax wrong, but cant seem to find an example of the correct usage.
What is the correct syntax to specify the datacenter name for the vmware_guest_info module?
I also get the same error if I use datacenter: "{{ Datacenter }}" as shown in the playbook example
Thanks
Rebooted VCSA because it was behaving strangely with getting hosts into maintenance mode and it came back up but can't access web interface, I get "No healthy upstream" error. So, I can SSH in and I checked the vxpd.log file and it complains about expired certificates, etc... I want to launch the certificate tool in the command line to just reset all certs and see if that fixes the vxpd service not loading at all so I use /usr/lib/vmware-vmca/bin/certificate-manager and choose option 8 to reset all certs but I get "Certificate Manager tool do not support vCenter HA systems" which makes no sense because I don't and never did have HA enabled for VCSA itself.
How can I fix this so I can reset certs and hopefully get the appliance working again. Right now my only access is via SSH or appliance management webpage. Regular vCenter UI is down I am guessing because vpxd service won't start.
Running VCenter 7.0 and I am trying to add an ESXi-7.0.0-15843807-standard host. I enter all the correct credentials and addition process starts but then abruptly ends with:
A specified parameter was not correct: info.productVersion
Anybody seen this and know why this is occurring and a possible fix?
Hi,
I get this message from web browser, while I try to connect to vCenter:
And I have this image from shell that shows which services have started:
There are like many solutions online, but I do not know where to start...
I appreciate your time trying to help me,
Frank
As soon as I upgraded to vCenter 7 it already started me nagging there was an update available on the first login. The button it appeared there for precheck didn't work. I ignored it and focused on the rest of the infrastructure and only when I finished I went to the management console and staged the update.
Now the button work and got a message everything was alright and took me back to Management. I ran the update and it got stuck on starting (0%) for hours. I left it alone even more hours and when I came back I got this:
Trying to nudge it out of it I opened vCSA's virtual console and restarted it with the F12 key. It was responsive and rebooted just fine. I'm still able to access vCSA but not Management. It's going on for almost 2 days now.
It seems it's just a softlock:
How can I get it out of it?
It was set to back up daily before and after upgrade, that's fine when it's stable. Even weekly backups are fine. But a lot of changes took place in a single day because I was upgrading a lot of things that go with vSphere 7 and I'm not sure how big of a damage it would do if I revert a single day.
Thanks for you help.
Hello,
i just patched to the latest 6.5 my vcenter, i.e to build VMware VirtualCenter 6.5.0 build-16275158 and now i would like to update to 6.7 and as i have seen in
the only available to perform such procedure is 6.7.u3h - 16275304
However, when i go to download it in the download section, as latest i only find 6.7u3g , i.e. one patch before. Any ideas what is the issue?
Regards,
Stamatis
Hi,
I am looking for some help understanding and issue I am having trying to add my test VCA appliance to a different domain. This is a test appliance and I need to understand this as I will need to do something similar in our production environment. Here is the scenario:
Appliance name: appliance.apples.com
Successfully added via cli to the apples.com domain
I successfully removed appliance.apples.domain.com from the apples.com domain and rebooted the appliance
I created a DNS record for the appliance on the bananas.com domain
I created a computer object in AD on the bananas.com domain
Via the cli, I renamed the host to appliance.bananas.com, I rebooted the appliance
VIA the cli, I attempted to join the appliance to the bananas.com domain
When I attempt to join the domain, I get the following error:
ERROR: lw_error_ldap_constraint_violation [code 0x00009dtb]
The account I am using is a domain admin on the bananas.com domain.
Thanks!
Hi,
I am having vSphere Client version 6.7.0.42000. Now unable to replace certificate also it's not a wild certificate.
I am also not able to find certificate-manager.log file.
BR
Sachchidanand
I will have two sites both sites are identical (2 Host with a SAN), the 1st site is the production site & the 2nd site is for replicating to it (Site to Site Replication), the sites will have different IP addresses of course. What I can't seem to get is a definite answer on is if I need to have vCenter Server Std. on both sites. I have vCenter Server on the production site but not sure about the replication site any in site on this would be great.
I upgraded from vCenter Server Appliance 6.7 to 7.0 (specifically 7.0.0a build 16189094) and when I go to Administration > Certificate Management in the vSphere client, I get the following error:
Is anyone else seeing this issue? Does anyone know of a fix?
Thanks
Hello everyone,
My vCenter 6.5 Windows cannot starting and when i start all service, it shows below:
Service-control failed. Error Failed to start vmon services.vmon-cli RC=2, stderr=Failed to start cm, sca services. Error: Service crashed while starting.
Please help to solve this issue. Thanks!
Hi Team,
Is there any API or power cli command to set vCenter Single Sign-On Token Policy configuration parameters ?
Edit the vCenter Single Sign-On Token Policy
Regrads,
Deblina