Categories
Virtualization Vmware

How to remove a plug-in from vCenter with the MOB

I recently ran into an issue with being unable to remove a plug-in from vCenter. When looking in vCenter under Administration > Client Plugins I found the pluging was failing to install and was continually attempting to restart the installation.The option to remove or disable the plug-in was greyed out.

I opened a case with VMware support and was directed to their KB article on how to remove plug-ins via the MOB.

Here is the a excerpt from the KB Article on how to remove the plug-ins:

To remove unwanted plug-ins from the available plug-in list:

  1. In a web browser, navigate to https://vCenter_Server_name_or_IP/mob.

    Where vCenter_Server_name_or_IP/mob is the name of your vCenter Server or its IP address. Log in with your vCenter SSO admin credentials.
     
  2. Click Content.
  3. Click ExtensionManager.
  4. Select and copy the name of the plug-in you want to remove from the list of values under Properties. For a list of default plug-ins, see the Additional Information section of this article.
  5. Click UnregisterExtension. A new window appears.
  6. Paste the key of the plug-in and click Invoke Method. This removes the plug-in and results in void.
  7. Close the window.
  8. Refresh the Managed Object Type:ManagedObjectReference:ExtensionManager window to verify that the plug-in is removed successfully.

Note: If the plug-in still appears, you may have to restart the vSphere Client.

To disable the plugin through the Client Plug-In manager within the vSphere Web Client 5.1 and later:

  1. Log in to the vSphere Web Client with an vCenter Server Administrative user.
  2. When the error appears, click No.
  3. Navigate to Administration > Client Plug-Ins.
  4. Locate the client plug-in you want to disable.
  5. Right-click this entry and select Disable.
  6. Click Yes on the pop-up box for disabling the plugin.

I followed the above guide however I did run into something that is not in the guide. In the:

Click UnregisterExtension. A new window appears.

The popup message actually looks like an error and doesn’t indicate that it actually does anything.

However, once it is done you can go back to the plug-ins section and either the plug-in will be deleted or it will not be attempting to install anymore so you can click remove to get rid of it.

I hope that you found this post helpful and if so please feel free to share it with others. Also be sure to check out some of my other posts on Virtualization topics.

Categories
Virtualization Vmware

vCenter 7.0: No healthy Upstream Server

I was doing some maintenance on several vCenters last week. I discovered that when a vCenter gets powered off and back on the webpage will display No Healthy Upstream Server.

What happened

Part of our process when working on a vCenter is do to an offline snapshot prior to making any changes. After the snapshot was completed, I powered up the appliance. We power the VCSA appliance up and are presented with that message when going to the vCenter URL.

I was able to get to the VAMI webpage, by going to https://vcenterserver.domain.local:5840. But I was not able to log in with AD credentials. I needed to use the root credentials for the vCenter appliance to log in.

I checked the services tab in the VAMI interface and found that most the the services that were stopped.

This is also the reason why I couldn’t login with my AD Credentials. THis is because the service responsible for it is stopped.

Reason

After opening a case with VMware support, it has been determined that it is a known issue / bug in vCenter 7.0. The work around for the solution is to stop all the services in vCenter via the Command line and start all the services to bring everything back up.

You might think that starting the services manually will solve the issue. However just as with most modern systems, there is alway a proper startup order. While you might get lucky in turning them on, it is best to let the system handle it on it’s own.

The Workaround

As mentioned above the solution is simple. You need to SSH into your vCenter and log in as root. If for some reason your vCenter has SSH disabled, you will need to enable it from the VAMI > Access > SSH login.

Once you are logged in type the following

shell

to enter into the BASH prompt.

cd /bin

To change directory to the /bin directory

service-control --stop --all

This will stop all services which is necessary to make sure all the services are stopped and can be started in the right order. The process cannot be stopped so you will need to be patient

service-control --start --all

This will start all the services in the correct order. This process also cannot be stopped so you need to be patient.

Once completed you should be able to refresh your web browser for the vCenter screen and the login screen will appear.

You can read more about restarting services here.

Closing

I hope you found this post helpful and I hope to update if when/if I get an update that the issue is resovled. Please share this post with others if you found this helpful. Also check out some of my other articles about Virtualization.

Categories
Virtualization Vmware

ESXi 7.0 u3g – Host unresponsive issue

I recently ran into an issue where our ESXi hosts runing ESXi 7.0 u3g connected to a vCenter Server running 7.0 u3g would go into a state of not responding. The Virtual Machines (VMs) would continue run on the host, but if you tried log into the host from the Direct Console User Interface (DCUI) the screen would freeze at the login screen.

If you are so unfortunate as to run into this issue, just be patient and the login will complete. It could take between 5 to 45 minutes for the login to complete but it will eventually get there.

After it loads you will need to restart the managment agent on the host by going to Troubleshooting > Restart Managment Agent. After restarting the services the host should report back into vCenter on it’s own.

To fully resolve the issue you should consider upgrading your vCenter to at least 7.0u3j which will resolve the issue.

I know this is a short post, but I really hope it helps someone out there. Please feel free to share this around to others who may need it.

Categories
Virtualization Vmware

vCenter – Migrate is greyed out

Intro

Recently I was working on an issue where the option to migrate was greyed out inside of VMware vCenter. At the time we were not sure how this issue started, but we eventually figured it out. We were using a snapshot based backup solution which had an issue.

Allow me to explan the process. We learned that when a VM gets snapshotted, the VM gets locked by vCenter. This is to prevent the VM from moving while the snapshot is being created. I was never sure how this “lock” actually worked, but I learned that the VM id gets added to the VPX_Disabled_Methods table. Once the Snapshot get created, vCenter is supposed to remove the id from the table which will then allow you to perform migrations.

In our case, what happened was the backup created the snapshot, but never told vCenter to remove the lock. So after a bunch of calls with VMware we learnd about the VPX_Disabled_Methods table.

Warning

NOTE: Do not run this command unless you know what you are doing!!! However, running a select command should not cause any issues….

How to fix the issue

First you will need to log into the vCenter appliance console using SSH as root.

You will then need to run the following command to access the VCDB (vCenter Database)

sudo /opt/vmware/vpostgres/1.0/bin/psql -d VCDB

To see if you have any VMs that are impacted you can run the following command.

select * from VPX_DISABLED_METHODS;

If any VMs are impacted then you should see something in the list. If you do, you can take that vm-id and look them against vCenter which will probably be having the migration issue.

In order to resolve the issue you will need to delete the VM ID from the table. To do this you should run a command like this

select * from VPX_DISABLED_METHODS WHERE ENTITY_MO_ID_VAL = 'vm-xxx;

Or if you are like me, and don’t want any of your VMs to be locked, you can be like me and do the sledge hammer approach

delete * from VPX_DISABLED_METHODS;

This will clear all of the entries from the table.

Closing

I hope you found this post helpful, and if so please share with your friends.

Categories
Uncategorized Virtualization Vmware

vCenter – Unable to login with WinSCP

Hey all it has certainly been a while since I have posted anything, but I am back now and I have quite a few things in the pipeline including a walk through of my new home lab!! For now lets get down to business with being unable to login with WinSCP.

Today I wanted to cover an issue that has been plaguing me quite a bit the last few months. As I am sure you are all aware, VMware vSphere and ESX 6.7 has been out of support since October 2022. Back in August of 2022, my team members at the company I work for worked dilligently to upgrade all of the vCenters and ESXi hosts in out environment.

If you are not aware, upgrading a VCSA appliance from 6.7 to 7.0 involves deploying a new 7.0 appliance and migrating your settings from one to another. Our Friends at VMware have done an amazing job with building a wizard that does most of the work for you. Perhaps as part of my new lab I will try do a guide on the upgrade process as I am sure there are many companies out there who have yet to do the upgrade. In fact I might even go as far as upgrading to 8.0!! Tune in for more.

Back to the matter at hand, When you deploy a new vCenter one of the issues you may run into is not being able to log in with WinSCP. For those of you that do not know, WinSCP is a free application (donations are accepted and appreacated) that allows you to transfer files using the SCP protocol (among others) on a Windows PC and it gives you a nice graphical user interface. You can download a copy of WinSCP here. You can also download it using Chocolatey if that is your thing.

When you try to connect to vCenter using WinSCP you may get this message:

Host is not communicating for more than 15 seconds. If the problem repeats, try turning off ‘Optimize connection buffer size’.

This can be particularly annoying when you need to add or remove a file from vCenter and because like me you probably don’t add or remove files from vCenter all that often so most times you forget that this could be an issue.

To solve the issue you will need to log into vCenter using SSH as root and run this command:

chsh -s /bin/bash root

and press enter.

Once you have done this you can then retry connecting via WinSCP and the issue should be resolved. If you don’t have the root credentals, please check out this article to find out how you can get around that.

Categories
Uncategorized Virtualization Vmware

How to enable BASH shell on vCenter 6.0

According to VMware’s KB articles they claim that this settings change is no longer needed when logging into VCSA Appliances in 6.5 – 7.0. However I am not 100% certain that that is true as, to be honest I always log in as root and have never had to do it. Do have some collegues who claim that they need to do this when they are using their AD Authenticated credentials.

While logged into vCenter as you not root account you will need to type (or copy and paste) this into your SSH session:

shell.set –enable True

In reality, you could also just log into the VAMI and start the BASH service there which I think is what I normally do anyway and thus why I have never had to run this command.

Categories
PowerCLI Virtualization Vmware

PowerCLI – Datastore Report

I recently was working in an environment where they are still running vSphere 6.0. While doing some storage expansions I discovered that the Flash Client and the C# Client were not reporting the same size on the Datastore. This can be very frustrating as you are not sure which one you can trust. So as a tie breaker I decided to turn to my good friend PowerCLI.

It turns out that the PowerCLI and the C# client were reporting the same thing. So I decided to create a PowerCLI Script to assist me in my work. You can find the script there on my Github:

https://github.com/kenbshinn/PowerCLI-Scripts/blob/master/VM_Datastore_Report.ps1

I hope you found this post helpful and will share it with your friends.

Categories
Virtualization Vmware

How to unlock and reset SSO password in vSphere 6.x (2146224)

So I have a bit of a embarrassing confession to make. I forgot to record the Administrator password for my VCSA Appliance. Total disclosure, I was freaking out and I really thought I was going to have to start from scratch. I did some research I was surprised to find out that you can actually reset the Administrator account on a VCSA appliance as long as you have the root password for the appliance and you have access to the VCSA Console. Below are a list of the links to the KB Articles from VMware.

Resetting SSO Administrator Password
https://kb.vmware.com/s/article/2034608
Resetting SSO Administrator – VCSA 6.x

Below is the PUTTY session as an example.

shinnk@Computer:~$ ssh [email protected]
ssh: Could not resolve hostname devvcsa01.xxx.xxxxx: Name or service not known
shinnk@Computer:~$ ssh [email protected]
The authenticity of host ‘172.26.44.18 (172.26.44.18)’ can’t be established.
ECDSA key fingerprint is SHA256:7E4K1HVpg2ExWz+vEkkRdJ0M5jUYftb3HZw6OSDKFEICSOEPWWKYERe4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘172.26.44.18’ (ECDSA) to the list of known hosts.

VMware vCenter Server Appliance 6.5.0.21000

Type: vCenter Server with an embedded Platform Services Controller

Password:
Connected to service

    * List APIs: “help api list”
    * List Plugins: “help pi list”
    * Launch BASH: “shell”

Command> shell.set –enabled true
Command> shell
Shell access is granted to root
root@devvcsa01 [ ~ ]# /usr/lib/vmware-vmdir/bin/vdcadmintool

==================
Please select:
0. exit
1. Test LDAP connectivity
2. Force start replication cycle
3. Reset account password
4. Set log level and mask
5. Set vmdir state
6. Get vmdir state
7. Get vmdir log level and mask
==================

3
  Please enter account UPN : [email protected]
New password is –
/a+p|8M?vRl`%”p4*+oZ

==================
Please select:
0. exit
1. Test LDAP connectivity
2. Force start replication cycle
3. Reset account password
4. Set log level and mask
5. Set vmdir state
6. Get vmdir state
7. Get vmdir log level and mask
==================

Once you go through all these steps you are now able to log into VCSA with that temporary password that you are given and you are also able to reset it as well.

I hope you find this post helpful, and if you do please share it out to your friends.

Categories
PowerCLI Virtualization Vmware

Power off entire Virtual Environment using a PowerShell Script and PowerCLI

So I have a lab that I manage where we have had several scheduled power outages in the last few months. So it is my job to make sure that we power off the lab so none of our equipment have issues when we bring it back up.

I would estimate that our lab is comprised of about 90% VMware ESXi Hosts, and after going through the exercise of powering off the whole lab 1 or 2 times, it became it bit of a pain.

So I created a PowerShell Script using PowerCLI to not only power off all the Virtual Machine, but also the Virtual Hosts, and the VCSA appliance itself.

I have posted the script to my Github which you an check out here:

https://github.com/kenbshinn/Poweroff_VirtualEnvironment

Feel free to check it out and let me know what you think.

I hope you found this post helpful, and if so, please share it with your friends.

Categories
Virtualization Vmware

All vCenters not showing up after adding a new one to an SSO Domain

As I have mentioned before, the company I work for had a disaster event that took place almost a year ago and because of that we have had  some of our infrastructure duct taped together.

Today I am proud to say that I had the opportunity to rip off another piece of that duct tape and actually move our Virtual Infrastructure forward.

You see, Pre-Disaster we had a single vCenter appliance which managed 3 sites. (Yes I know… yuck)

But, because of the disaster we had to move all of our services from the 1 site to the other 2. In the middle of the DR event I had to create 2 VCSA appliances to be able to manage the 2 sites, and due to a lack of sufficient network connectivity at the time, they were just islands. I even set them up a separate SSO Domains.

Fast forward to today, and I have now consolidated these 2 SSO Domains down to 1 and I must say it is pretty slick.

I did however run into a bit of an anomaly, which is the purpose of my post today. You see on the VCSA appliance that was added to the existing SSO domain, I discovered that I could see the first VCSA Appliance in the vSphere Web Client as well as it’s inventory which was awesome!

However on the vSphere Web Client of the Original VCSA Appliance, I can only see the 1 VCSA Appliance.

I consulted Dr. Google but found nothing at first, until I came across this post on the IBM Cloud for VMware Solutions site.

It turns out that you need to restart the vSphere Web Client in order for the new vCenter server to appear.

Just encase the link dies I will post the resolution here:

This is a known VMware 6.5 issue.

To resolve the problem, you must restart the vSphere Web Client:

Using the root account, connect over ssh to the vCenter VM (virtual machine) of the previously ordered instance.
Type shell to enter the bash shell.
Enter service-control –stop vsphere-client to stop the client.
Enter service-control –start vsphere-client to restart the client.
After the vSphere Web Client of the previously ordered instance is restarted, confirm that the vCenter Server system for the newly added secondary instance is visible in the vSphere Web Client.

NOTE: Rebooting the VCSA Appliance will also resolve your issue.

I hope you found this helpful, and if so please let me know and share with your friends.