Quantcast
Channel: VMware Communities : All Content - vCenter™ Server
Viewing all 5185 articles
Browse latest View live

VCSA 6.7u3 install in empty environment fails

August 6, 2020, 7:33 am
$
0
0

So, I was handed new vlans last week.  Need to spin up the first infrastructure vcenter on them in order to run services.

 

Currently, I have no routing, no dns, no dhcp, no ntp.  Just a host, a datastore, a mgmt network, a switch, and my laptop directly connected to the switch.

Set up the host running ESXi6.7u2.

Trying to install VCSA 6.7u3, via the win32 gui from the installer ISO.

I don't put in a FQDN as it's optional - I've tried with a FQDN, and with it's IP as FQDN, doesn't work either.

Stage 1 installs fine.

Stage 2 takes 4 hours to get about 50% of the way through, very slowly starting up the services. At 50%, it's at starting vcenter service.

Then it times out and the installer quits. Sometimes it gives the 'internal error 2' before quitting, sometimes it just quits.

 

I *know* that the 'right' way is to have DNS & NTP functional.  But there has to be a way to install it in a new environment that has no network services at all, so you can spin up said network services.

 

I've verified that /etc/hosts has the IP pointing to photon-machine ie default hostname if no FQDN is installed.

 

I vaguely remember reading about a timeout setting for the installer, and setting it longer, but cannot find that information (if it was more than just a fever dream).

 

Any and all suggestions welcome.

Search

Upgrade to VCSA 7.0b or c?

August 6, 2020, 9:57 am
$
0
0

Hi,

 

Seen a few posts which show update c is having CPU issues, can anyone confirm and suggest which one to upgrade to from 6.7?

 

 

Thanks

VCenter Server Certificate Change

August 6, 2020, 11:43 am
$
0
0

Hi All,

I hope everyone in the community is keeping safe during these changing times.

 

I am currently experiencing an issue with my VCenter Server 7.0 that I have deploy in my Environment. I am attempting to change the Machine_Cert with one that is signed by my internal certificate auth. Every time I attempt to change the certificate I get the following error 'Error occurred while fetching tls: Exception found (Invalid input certificate : DNS in Subject Alternative Name is not correct. DNS Name must contain machine FQDN.).

I have made sure that I am including the vcenter server hostname in the Subject Alternative Name so should all be working as expected.

 

CN = 172.16.0.30

Subject Alternatives that are included

DNS = vcserver.domain.local

DNS = vcserver

 

When I run the following command I get the output of 172.26.0.30 from my server.

'root@vcserver [ ~ ]# /usr/lib/vmware-vmafd/bin/vmafd-cli get-pnid --server-name localhost'    

172.26.0.30

 

I have also compared the currently used Subject Alternatives to what is in my new certificate and these are the same. Has anyone seen this issue before or able to help out with fixing the issue?

 

Any suggestions would be appreciated.

 

Regards,

Tom

vCenter 7.0 Appliance Could not Connect Error

August 6, 2020, 11:39 am
$
0
0

Hello,

 

I have a vCenter 7 appliance, standalone, that is giving the error Could not connect to one or more vCenter Server systems:https://vcenterappliancename:443/sdk . At first, the appliance was in emergency mode. I ran a filesystem command to check and repair any issues. After a reboot the appliance came up properly, but am now having this error. Any suggestions how to correct this? Thanks.

 

 

The VAPI health url vapiendpoint/health shows the following errors:

 

com.vmware.vapi.endpoint.failedToConnectToVApiProvider"defaultMessage="Failed to connect to 73330f61-dfb9-45e1-a79a-6dcee801fd89\com.vmware.vstats.vapi vAPI provider.

Error occurred while starting service 'vpxd-svcs' -vSphere 6.7 Installer

April 2, 2020, 5:13 pm
$
0
0

"The appliance cannot be used or prepared because a failure was encountered. An error occurred while starting service 'vpxd-svcs'.

 

I have created a domain controller, and given VCSA a DNS record within said DC. After stage 1, I am not able to proceed with stage 2 because of this issue. I am also unable to access any log output because it's all in Chinese-looking gibberish. I have also put in a reverse lookup zone. I have talked with the networkers and they have said the IPs for VCSA, the management laptop, and our hosts were all correct. Is there anything I am missing?

Was the issue with the applmgmt service not starting in vCenter 6.7 U3h resolved in vCenter 6.7 U3i?

August 7, 2020, 11:44 am

How to solve a duplicateServiceRegistrationFound

August 7, 2020, 8:30 pm
$
0
0

In vCenter 7 Server Management the vAPI Endpoint has a warning:

Incorrect service registration found in Lookup Service. Multiple services registered on same URL - http://localhost:10098/topologysvc.

The Health XML shows:

<healthStatus schemaVersion="1.0">

<status>YELLOW</status>

<message messageKey="com.vmware.vapi.endpoint.duplicateServiceRegistrationFound" defaultMessage="Incorrect service registration found in Lookup Service. Multiple services registered on same URL - http://localhost:10098/topologysvc.">

<param xsi:type="xs:string">http://localhost:10098/topologysvc</param>

</message>

<message messageKey="com.vmware.vapi.endpoint.duplicateServiceRegistrationFound" defaultMessage="Incorrect service registration found in Lookup Service. Multiple services registered on same URL - http://localhost:10098/topologysvc.">

<param xsi:type="xs:string">http://localhost:10098/topologysvc</param>

</message>

<message messageKey="com.vmware.vapi.endpoint.healthStatusProducedTimes" defaultMessage="Current vApi Endpoint health status is created between 2020-08-08T01:55:37UTC and 2020-08-08T01:55:38UTC.">

<param xsi:type="xs:string">2020-08-08T01:55:37UTC</param>

<param xsi:type="xs:string">2020-08-08T01:55:38UTC</param>

</message>

</healthStatus>

 

How can I resolve this warning?

modify configuration file via host profile

August 8, 2020, 5:44 pm
$
0
0

is is possible to modify a confioguration file via a host profile from a autodeploy bootup image?

Search

vcenter ha state out of sync

August 12, 2020, 1:44 am
$
0
0

1、The reason for this problem is that I upgraded vcenter 6.7u1b directly to 6.7u3g, and I did the upgrade without any awareness to check the upgrade compatibility document.

2、The manifestation of this problem is that every time I log in to vcenter, there will be an out of sync and automatic failover error message in the vcenter ha configuration interface.

So I logged in to the vcenter appliance and copied the log locally and found the problem. Every time I log in to vcenter, the com.vmware.vcIntegrity.vcIntegrity:6.7.0.xxxx plug-in will continuously delete the replication synchronization between the active and passive nodes.

3、Finally I found the location of the name. It is not a file but a folder. I set a chattr +i attribute to all the files in this folder. The problem was solved and it took three months. No problem was found in the time, except that sometimes the taskbar at the bottom disappears, you need to click the bottom at the moment of refresh to make the taskbar appear.

 

chattr +i -R /etc/vmware/vsphere-ui/cm-service-packages/com.vmware.cis.vsphereclient.plugin/com.vmware.vcIntegrity.vcIntegrity:6.7.0.xxxx

未命名图片1.png

未命名图片2.png

未命名图片.png

Every time you log in to vcenter, you are prompted to deploy the plug-in com.vmware.vcIntegrity.vcIntegrity: 6.7.0.xxxx

August 12, 2020, 2:04 am
$
0
0

1、Every time I log in to vcenter, the recent task at the bottom will prompt to deploy the plug-in com.vmware.vcIntegrity.vcIntegrity: 6.7.0.xxxx. I found that this problem is from 6.7u2 to the latest 6.7u3g. The latest 7.0 has no such plug-in.

2、I found that the method also solved this problem when solving vcenter ha out of sync.After this setting, the bottom task bar sometimes disappears. You need to click the bottom task bar when refreshing the page. I'm not sure if it is caused by this. Even I don't want to see the prompt to deploy the plug-in every time I log in.

 

chattr +i -R /etc/vmware/vsphere-ui/cm-service-packages/com.vmware.cis.vsphereclient.plugin/com.vmware.vcIntegrity.vcIntegrity:6.7.0.xxxx

 

 

未命名图片.png

VCSA 6.0U3 SSL woes

August 12, 2020, 12:15 pm
$
0
0

Hello everyone,

 

Yesterday I started having trouble signing in to the VCSA 6.0U3 Flash ("flex") client, seemingly out of nowhere. Yes, I would like to upgrade to 6.5, but we have no support contract for two years...

 

The Windows "fat" client lets me log in, and if I SSH in and restart all services, my FIRST login succeeds. After that if I attempt to login again or from another machine I get the blue screen and spinning clock indefinitely.

 

The most promising error messages I can are from websso.log:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

 

ssoAdmin:

com.vmware.identity.admin.server.ims.ServerConfigurationException: Failed to get issuers certificates

 

and STS:

2020-08-11T17:16:09.961-04:00 | ERROR| opId-8d5efa48-949b-47ed-8c13-5dd383b74896 | vdcs-background-executor-4 | StsTrustChainImpl          | Error retrieving trusted root certificates.

java.lang.NullPointerException

    at com.vmware.provider.VecsKeyStoreEngine.engineAliases(VecsKeyStoreEngine.java:71)
    at java.security.KeyStore.aliases(Unknown Source)
    at com.vmware.vcde.common.services.sso.impl.StsTrustChainImpl.refresh(StsTrustChainImpl.java:56)
    at com.vmware.vcde.common.services.sso.impl.StsTrustChainImpl.access$0(StsTrustChainImpl.java:51)
    at com.vmware.vcde.common.services.sso.impl.StsTrustChainImpl$1.run(StsTrustChainImpl.java:46)


I haven't made any modifications to the certs, and things were working prior to yesterday afternoon. All the certs I can find are valid through 2024 or 2025. I've poked through the management interface, through the PSC, manually verified the certs on the VCSA with openssl. My suspicion is that some cert expired but I can't find any that are expired.

 

I did reboot the VCSA, and when it came back up it wiped out eam.properties so I did rebuild that and have verified that vmware-eam is running, and that the vapi endpoint health check returns okay.

 

This is so strange because, once I rebooted and/or restart all services, the first login succeeds in the web interface, but I only get one. The fat client works. The PSC lets me log in.

 

Has anyone seen this before?

 

Thank you,

Don

Error downloading plug-in. Make sure that the URL is reachable and the registered thumbprint is correct.

August 12, 2020, 5:43 pm
$
0
0

vcenter6.0(Linux version) 503 error

August 12, 2020, 8:59 pm
$
0
0

Vcenter 6.0 Service reported 503 error, unable to use SSH remote. Check that the vCenter space is full, SSH can be used after clearing part of the logs, and some services still cannot be started after using service-Control --start --all.Even after a single start, as long as you run vCenter, it will stop immediately.The following services will stop automatically:

     vmware-invsvc (VMware Inventory Service) vmware-mbcs (VMware Message Bus Configuration Service) vmware-netdumper (VMware vSphere ESXi Dump Collector) vmware-rbd-watchdog (VMware vSphere Auto Deploy Waiter) vmware-sca (VMware Service Control Agent)vmware-vdcs (VMware Content Library Service) vmware-vpostgres (VMware Postgres) vmware-vpx-workflow (VMware vCenter Workflow Manager) vsphere-client ()

 

vcenter

 

thanks!

CVE-2020-1938 and vCenter Server 6.0

August 12, 2020, 9:06 pm
$
0
0

The CVE Code Description:

When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.

(Link:CVE -CVE-2020-1938 )

 

 

微信截图_20200813115732.png

 

 

But in the latest version vCenter 6.0u3j:

微信截图_20200813120047.png

 

So how to solve this problem in vCenter 6.0?

vCEnter Server 7 without DNS

August 12, 2020, 10:02 pm
$
0
0

Hi ,

 

Is it true VMware has obsoleted windows vCenter 7?

does any body have tried to deploy VCSA7 without FQDN or DNS Resolution ., if yes , the how did it bcoz i tried , its faild on 4% on Stage 2 .

 

Thanks

Search

fix for missing ExecReload of rsyslog.service

August 13, 2020, 4:00 am
$
0
0

"ExecReload=/usr/bin/kill -HUP $MAINPID" should be part of the shipped rsyslog.service and if vmware only would read the logs they could know

/usr/lib/systemd/system/getty@tty2.service.d/dcui_override.conf has wrong permissions BTW

2020-08-12T13:00:01.566324+00:00 vcenter logrotate: Failed to reload syslog.service: Job type reload is not applicable for unit rsyslog.service.

2020-08-13T00:00:03.552688+00:00 vcenter logrotate: Failed to reload syslog.service: Job type reload is not applicable for unit rsyslog.service.

2020-08-12T13:00:01.566435+00:00 vcenter logrotate: error: error running shared postrotate script for '/var/log/lastlog '

2020-08-13T00:00:03.553029+00:00 vcenter logrotate: error: error running shared postrotate script for '/var/log/lastlog '

 

[root@vcenter:~]$ cat /etc/systemd/system/rsyslog.service.d/reload.conf

[Service]

ExecReload=/usr/bin/kill -HUP $MAINPID

 

[root@vcenter:~]$ systemctl status rsyslog

● rsyslog.service - System Logging Service

   Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)

  Drop-In: /etc/systemd/system/rsyslog.service.d

           └─reload.conf

 

2020-08-13T10:56:21.404519+00:00 vcenter systemd[1]: Reloading.

2020-08-13T10:56:22.471532+00:00 vcenter systemd[1]: Configuration file /usr/lib/systemd/system/getty@tty2.service.d/dcui_override.conf is marked executable. Please remove executable permission bits. Proceeding anyway.

2020-08-13T10:57:16.644834+00:00 vcenter systemd[1]: Reloading System Logging Service.

2020-08-13T10:57:16.686632+00:00 vcenter systemd[1]: Reloaded System Logging Service.

[root@vcenter:~]$ chmod 644 /usr/lib/systemd/system/getty@tty2.service.d/dcui_override.conf

Service VCSA 6.5 vs 7

August 13, 2020, 2:08 am
$
0
0

Hello,

 

I have a vcenter 6.5 in production and i monitor this vmware services.

 

I setup a new vcenter in version 7.0 in order to test it.

 

But there some services which had changed / disapear ? :

 

In 6.5  :

"vmware-cm" = VMware_Component_Manager

"vmware-sts-idmd" = VMware_Identity_Management_Service

"vsphere-client" = VMware_Web_Client

 

I can't find this inforamtion cleary in the documenation, can you give some guidance ?

 

Regards.

Do I risk any VM performance issues during vCenter VCSA upgrade from v6.5 to v6.7 on vSAN cluster?

August 14, 2020, 8:10 am
$
0
0

Do I risk any VM performance issues during vCenter VCSA upgrade from v6.5 to v6.7 on vSAN cluster?  From my experience the only caveat of performing a vCenter upgrade is not being able to access the vCenter GUI for a limited time, but  VM's should continue to function during vCenter upgrade.  Just want to confirm this with the community.  If there is a high risk of affecting any CPU/MEM/Network/IO VM performance, I will opt to perform the upgrade during off-peak hours. 

 

Feedback appreciated.

 

regards...

vcenter linux 503

August 14, 2020, 11:24 pm
$
0
0

503 Service Unavailable (Failed to connect to endpoint: [N7Vmacore4Http20NamedPipeServiceSpecE:0x00005610d7151960] _serverNamespace = / action = Allow _pipeName =/var/run/vmware/vpxd-webserver-pipe)

 

Perform start operation. vmon_profile=None, svc_names=['vmware-mbcs'], include_coreossvcs=False, include_leafossvcs=False

2020-08-15T01:18:58.541Z   Service mbcs state STOPPED

 

 

 

 

 

 

Error executing start on service mbcs. Details {

    "resolution": null,

    "detail": [

        {

            "args": [

                "mbcs"

            ],

            "id": "install.ciscommon.service.failstart",

            "localized": "An error occurred while starting service 'mbcs'",

            "translatable": "An error occurred while starting service '%(0)s'"

        }

    ],

    "componentKey": null,

    "problemId": null

}

Service-control failed. Error {

    "resolution": null,

    "detail": [

        {

            "args": [

                "mbcs"

            ],

            "id": "install.ciscommon.service.failstart",

            "localized": "An error occurred while starting service 'mbcs'",

            "translatable": "An error occurred while starting service '%(0)s'"

        }

    ],

    "componentKey": null,

    "problemId": null

}

VMWare vCenter cannor run power-on script successfully

August 14, 2020, 2:29 pm
$
0
0

Hello,
I cannot login to our vCenter 6.0 with Internet Explorer and I receive an error. I tried to upgrade the VMWare Tools with the following steps:

1. Inventory

2. Virtual Machine

3. Guest

4. Install / Upgrade VMWare Tools

 

I restarted the vCenter VM but the VM Tools were not upgraded. I received and error in the Events Log which you can see on the attached
screenshot. Then I setup the VM Tools to be upgraded automatically during the VM restart with the below steps:

 

1. Edit virtual machine settings

2. Options

3. VMWare Tools

4. Check and upgrade Tools during power cycling - selected

5. OK

 

I power off and then power on the vCenter virtual machine but the tools again were not updated. Then I tried to login with SSH client to this
vCenter VM. When I login there I received the message "Error connecting to the server". I was not able to execute any Linux commands.
The log files are attached to this post. Can you please help me to fix our vCenter 6.0 virtual machine ?

Viewing all 5185 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>