Tag: vcsa

Categories
Virtualization Vmware

How to unlock and reset SSO password in vSphere 6.x (2146224)

So I have a bit of a embarrassing confession to make. I forgot to record the Administrator password for my VCSA Appliance. Total disclosure, I was freaking out and I really thought I was going to have to start from scratch. I did some research I was surprised to find out that you can actually reset the Administrator account on a VCSA appliance as long as you have the root password for the appliance and you have access to the VCSA Console. Below are a list of the links to the KB Articles from VMware.

Resetting SSO Administrator Password
https://kb.vmware.com/s/article/2034608
Resetting SSO Administrator – VCSA 6.x

Below is the PUTTY session as an example.

[email protected]:~$ ssh [email protected]
ssh: Could not resolve hostname devvcsa01.xxx.xxxxx: Name or service not known
[email protected]:~$ ssh [email protected]
The authenticity of host ‘172.26.44.18 (172.26.44.18)’ can’t be established.
ECDSA key fingerprint is SHA256:7E4K1HVpg2ExWz+vEkkRdJ0M5jUYftb3HZw6OSDKFEICSOEPWWKYERe4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘172.26.44.18’ (ECDSA) to the list of known hosts.

VMware vCenter Server Appliance 6.5.0.21000

Type: vCenter Server with an embedded Platform Services Controller

Password:
Connected to service

    * List APIs: “help api list”
    * List Plugins: “help pi list”
    * Launch BASH: “shell”

Command> shell.set –enabled true
Command> shell
Shell access is granted to root
[email protected] [ ~ ]# /usr/lib/vmware-vmdir/bin/vdcadmintool

==================
Please select:
0. exit
1. Test LDAP connectivity
2. Force start replication cycle
3. Reset account password
4. Set log level and mask
5. Set vmdir state
6. Get vmdir state
7. Get vmdir log level and mask
==================

3
  Please enter account UPN : [email protected]
New password is –
/a+p|8M?vRl`%”p4*+oZ

==================
Please select:
0. exit
1. Test LDAP connectivity
2. Force start replication cycle
3. Reset account password
4. Set log level and mask
5. Set vmdir state
6. Get vmdir state
7. Get vmdir log level and mask
==================

Once you go through all these steps you are now able to log into VCSA with that temporary password that you are given and you are also able to reset it as well.

I hope you find this post helpful, and if you do please share it out to your friends.

Categories
PowerCLI Virtualization Vmware

Getting past Certificate issue in Power CLI

So I recently started working more with PowerCLI. After my time at VMWorld 2019 (which I will cover in another post) I realized how powerful that PowerCLI actually is (pun not intended). In starting to work with PowerCLI I came across the following message whil: trying to connect to my vCenter

Connect-vIServer : xx-x-xxxx xx:xx:xx Connect-VIServer Error: Invalid server certificate. Use Set-PowerCLIConfiguration to set the value for the InvalidCertificateAction option to Prompt if you’d like to connect once or to add a permanent exception for this server.

I did some googling and I found this article,so shout out to Ivo Beerens for his article.

https://www.ivobeerens.nl/2018/07/18/quick-tip-powercli-invalid-server-certificate-error/

In his article he goes on to share this command

Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false

After putting that into PowerShell and pressing enter you will no longer get the Invalid Certificate message.

I hope you found this post helpful, I will be posting about some of the scripts that I have been posting on my Github. Please share with your friends if you found this helpful. 
Categories
PowerCLI Virtualization Vmware

Power off entire Virtual Environment using a PowerShell Script and PowerCLI

So I have a lab that I manage where we have had several scheduled power outages in the last few months. So it is my job to make sure that we power off the lab so none of our equipment have issues when we bring it back up.

I would estimate that our lab is comprised of about 90% VMware ESXi Hosts, and after going through the exercise of powering off the whole lab 1 or 2 times, it became it bit of a pain.

So I created a PowerShell Script using PowerCLI to not only power off all the Virtual Machine, but also the Virtual Hosts, and the VCSA appliance itself.

I have posted the script to my Github which you an check out here:

https://github.com/kenbshinn/Poweroff_VirtualEnvironment

Feel free to check it out and let me know what you think.

I hope you found this post helpful, and if so, please share it with your friends.

Categories
Virtualization Vmware

All vCenters not showing up after adding a new one to an SSO Domain

As I have mentioned before, the company I work for had a disaster event that took place almost a year ago and because of that we have had  some of our infrastructure duct taped together.

Today I am proud to say that I had the opportunity to rip off another piece of that duct tape and actually move our Virtual Infrastructure forward.

You see, Pre-Disaster we had a single vCenter appliance which managed 3 sites. (Yes I know… yuck)

But, because of the disaster we had to move all of our services from the 1 site to the other 2. In the middle of the DR event I had to create 2 VCSA appliances to be able to manage the 2 sites, and due to a lack of sufficient network connectivity at the time, they were just islands. I even set them up a separate SSO Domains.

Fast forward to today, and I have now consolidated these 2 SSO Domains down to 1 and I must say it is pretty slick.

I did however run into a bit of an anomaly, which is the purpose of my post today. You see on the VCSA appliance that was added to the existing SSO domain, I discovered that I could see the first VCSA Appliance in the vSphere Web Client as well as it’s inventory which was awesome!

However on the vSphere Web Client of the Original VCSA Appliance, I can only see the 1 VCSA Appliance.

I consulted Dr. Google but found nothing at first, until I came across this post on the IBM Cloud for VMware Solutions site.

It turns out that you need to restart the vSphere Web Client in order for the new vCenter server to appear.

Just encase the link dies I will post the resolution here:

This is a known VMware 6.5 issue.

To resolve the problem, you must restart the vSphere Web Client:

Using the root account, connect over ssh to the vCenter VM (virtual machine) of the previously ordered instance.
Type shell to enter the bash shell.
Enter service-control –stop vsphere-client to stop the client.
Enter service-control –start vsphere-client to restart the client.
After the vSphere Web Client of the previously ordered instance is restarted, confirm that the vCenter Server system for the newly added secondary instance is visible in the vSphere Web Client.

NOTE: Rebooting the VCSA Appliance will also resolve your issue.

I hope you found this helpful, and if so please let me know and share with your friends.

Categories
Virtualization Vmware

Unable to log into a new VCSA Appliance added to an SSO Domain

So today I ran into an interesting issue. I was adding a new VCSA appliance to an preexisting SSO domain for a post that will come out in the coming weeks and I discovered a few things.

First of all, I learned that there are not many blogs covering this so I figured I would make a post just encase I get hit with a brick and forget.

So I ran through the install of the new VCSA appliance and selected all the settings as you would normally do. However when the installation completed it said everything was fine and I should be able to log in at the new URL.

I opened the URL and tried to log in…. and It failed. This being the first time I have tried this I was not sure what to expect, and here is what I mean:

The Platform Services Controller (or PSC) is responsible for authentication to vSphere. That being said I figured I might be able to log in with my Domain credential…. I was wrong.

So I then tried logging in with the Administrator Credentials for the SSO Domain…. that too did not work.

I then logged into the vSphere Web Client for the First VCSA to see if I could see what is going on over there. It turns out, from an SSO Perspective, everything was running great. I went to see if I could reset the Administrator password and discovered that I must not have had enough coffee this morning. You see, because vSphere is based on some form of Linux Kernel, I forgot to take into account that THE USER NAME IS CASE SENSITIVE!!!!!

So I went back to the login screen and logged in with the correct credentials and IT WORKED!!

Now to figure out why AD Authentication was not working…..

Well it turns out that that lack of coffee I mentioned earlier came back to bite me yet again <face palm>

Although the SSO component was working and showed my AD domain as a valid and default authentication source, it doesn’t mean squat if the server is not a member of the Active Directory Domain. A quick add to AD and a reboot later and we were in business.

Lesson Learned:

1. Don’t skip out on Coffee
2. Linux based credentials are Case Sensitive
3. Drink more Coffee
4. Make sure that host is added to AD before you try to authenticate.

I hope you found this helpful and if I ever get around to it I will add screen shots for a more TL:DR experience.

Categories
Tools Virtualization Vmware

Tools Discussion – VMWare Converter Standalone

Today I wanted to talk about VMware Converter Standalone which has been a constant in my bag of tricks for a long time. VMware Converter is a tool that allows you to convert a Physical Machine to a Virtual Machine which can run on a VMware ESXi host or VMware Workstation / Player. You can also use VMware Converter to resize Virtual machines or even convert them from Thick Provisioned virtual disks to thin.

Before VMware Converter was a free Standalone product, it was an add-on to vCenter (version 3-4.1 if my memory was correct) that was licensed by VMware. It enabled you (much like it does now) to convert a physical machine and turn it into a Virtual Machine. Pretty Sweet huh?!

Somewhere between vSphere 4 and 5 they decided to remove it from vCenter as an add on and make it a a separate product and best of all made it free!

During the installation process you are now asked to decide if you are doing a standalone installation or a Client Server install. I will probably do an install guide for this later so I can discuss further as both have their merits.

If you are interested in getting a copy of VMware Converter Standalone you can follow this link. It will also be available on the Tools page once this post goes live.

I hope you found this post helpful and please check back later for more articles.

Categories
Virtualization Vmware

How to convert VMDK from Thick to Thin Provision

As I have stated in a previous post, I have been trying to help out on the VMware Community Forum. One of the threads that I was able to help out on was how to convert a VMDK from thick to thin.

I have had the opportunity to do this several times in the past, but I have never needed to document. I was able to do a step by step procedure from memory for the thread, but I figured doing an actual guide might be helpful to someone else. 
The first thing that you need to realize is that the VM you want to change from Thick Provision to Thin MUST be powered off before you can convert it. 
Launch the VMware vCenter Converter Standalone Client software.
Click on the Convert Machine button.

That will launch the Converter wizard

By Default  the Source machine will be set to Powered on VM. You will need to select the Powered off radio button which will give you to option to select VMware Virtual Machine. 
Enter the Server Name or IP address, Username, and Password for the Source system and click Next

This will cause the Wizard to do a check against the Source machine to make sure that the credentials are able to access the vCenter server. 

Once you are logged in, will see the your vCenter server and ESXi hosts. Click on the vCenter server, or ESXi Host to see all the VMs that are available. 

Select the Powered off VM you wish to convert to thin provisioned and click Next. 

Next you will need to enter the Server Name, User name and Password for the destination host. Before you ask, yes the source and destination host can be the same server, however the Virtual Machine name will need to be different. 
Click Next to Continue

As I mentioned above, you will need to give the Virtual Machine a unique name, otherwise vCenter gets pretty mad. 
Select the Data Center you would like to put the VM on and click Next. 

Select the Host, Datastore, Virtual Hardware Version, and click Next.
NOTE: You should probably pick a different datastore that the one you used before, just to make sure that you don’t run out of space. 

This will take you to the Options screen which is where you are allowed to change the Virtual Disk from Thick to Thin. 

Click Edit as seen in the screen below.

This will bring up the disk configuration for this Virtual Machine.

Click on the drop down under Type and change it from Thick to Thin and then click Next.

You will then be presented with the Summary screen which you can review, and then click Finish to start the conversion. 

 As you can see the Job gets submitted and will run until it completes successfully

Once it completes you will see in vCenter that there is a new Virtual Machine and if you check the settings of that Virtual Machine the VMDK will be Thin Provisioned. 
Thank you for stopping by, and I hope you found this post helpful and please check back later for more updates. 
Categories
Virtualization Vmware

Adding an IDE Storage Adapter for an OVF that is supposed to run in vSphere? What were you thinking???

A few weeks ago I had the misfortune of having to deal with a .OVF that was sent by a support team to one of our engineers so we can run a Virtual Machine in our lab environment.

That seems pretty cut and dry, except when I go to import the .OVF and I get this message when the import gets to the Validating Step.
I had never seen this message before, but after seeing the part of the message that says DiskControllerReference, I automatically assumed that there was an issue with the .VMX file on the VM. Well because this is not a VM, but an .OVF I decided to open the .OVF file in Notepad ++ and found this.
I do not know why the person who created this .OVF selected a IDE controller for the HDD., but here we are.
I informed my Engineer of the issue, and he said that they told him to use VMware Converter to change it into an acceptable VM image. 
Giving them the benefit of the doubt, I downloaded the lastest copy of VMware Converter Standalone (which took me a day, because VMware’s Download site was not working) and tried to convert it.
Guess what, It didn’t work!!
This is also not the first time I have run into this issue with this particular vendor (who shall remain nameless). Their .OVA files will give you the same error message.  So needless to say anytime I run into this vendor, I immediately tell my Engineers to get me an .ISO and I will build them a VM from Scratch. 
I hope you find this post helpful, and if you would like to know more information about this, please feel free to DM me on one of my social media accounts. 
Thanks for reading, and check back soon for more articles. 
Categories
Virtualization Vmware

VMware Home Lab 1.0

GREAT DAY IN THE MORNING!!!!!

Alright I had to find a different way to start this post, so I decided to borrow Pierre Roberts Catch phrase. I don’t think it worked so he can have it back. 
I wanted to take the time to talk about my home lab that I am currently using. As I mentioned in a previous post I have a Razer Blade 2018 which I will be using to run my lab for now. 
Stock the laptop comes with:
  • 8th Gen Intel Core i7 – 8750H Processor 6 Cores/12 threads up to 4.1 GHz
  • 1 TB M.2 SSD
  • 16 GB of RAM. 
I have been wanting to upgrade it to 32 GB of RAM since I purchased it, however $400 for 32 GB of RAM was just too much for me to swallow at the time. 
I had been watching the price of RAM (particularly for this laptop) for the last few months and saw that it was steadily declining. I finally decided to pull the trigger when it was down to 49% off on Amazon. 
The RAM Arrived a few days ago, and I installed it in the laptop, and I have to say it is awesome. I have never seen a laptop run this good. 
I installed VMWare Workstation Professional 15 (Thank you VMUG Advantage) and I will have a install guide out for that soon. 
I am also beginning to Spec out my VMware Home Lab 2.0 which will also be a Nested Solution. I will probably leverage my Kit.com account to show my parts list once I get it running. 
I hope you find this post helpful and stay tuned for updates.

I didn’t know this was even possible…. SSL Certificate weirdness

 So I was working on the post about how to resolve the SSL Certificate error message that you get if you do not have the Root certificate for the ESXi host installed on your machine. Well in the process of taking screen shots for that post I discovered something that I have never seen before.  Rather than starting from the beginning, lets pick up at the end of the last post.

So right after you finish installing the Root CA on your machine, you have closed out of your web browser and reopened it and go to the URL and you get this message.

On first glance it looks like the certificate install failed, but it didn’t, Upon closer inspection of the message you will see that there is an issue with the CN is invalid. 
For those who do not know CN means Common Name which is usually the FQDN or Host name of the server. So I went back to check the CN of the Certificate of the ESXi host and I found what you see below.  This is where things get crazy….

So according to the image above, the SAN or Subject Alternate Name (AKA a list of CN’s, usually up to 5 on one Certificate) is an IP Address!!! How the heck is it an IP address? 
So what I tried next was typing in https://172.26.96.44 in my web browser and I was immediately presented with the image below. 


So wait, it worked like it should using the IP address instead of the name. How did that certificate get issues at all.

WELL….. It would appear that one of my co-workers added this host to vCenter with the IP address instead of the name.

Needless to say I am very disappointed in my Co-Worker for not following our naming convention.  But if I had to guess it looks like VMCA (VMWare Certificate Authority) which is included in the PSC (Platform Services Controller) and issues Certificate to hosts when they are added to vCenter must have issues the certificate to the IP address because he added it using the IP. Having dealt with several different Certificate Authorities in my time, this is crazy to see. 
Anyway this is just a heads up just encase you run into something like this in your travels.