DHCP problems after Ubiquiti EdgeRouter firmware upgrade

In my homelab I use a Ubiquiti EdgeRouter Lite 3-port and UniFi AC Access Points for some time now. After upgrading the Ubiquiti EdgeRouter to the latest firmware (EdgeOS 1.10.1) my WIFI devices where unable to get an IP address. I have different VLANs defined on the EdgeRouter for the WIFI networks. Each VLAN has it’s own DHCP scope configured.

In the EdgeRouter GUI I didn’t find any clue why the WIFI devices didn’t get an IP address anymore, so I opened a SSH session to the EdgeRouter and start troubleshooting. First I tried to start the DHCP service by using this command.

 
sudo service dhcpd start

The following error is displayed:

[….] Cannot start the DHCP server because configuration file /opt/vyatta/etc/d [FAILconf is absent. … failed!

The DHCP service cannot be started, that’s the problem why the WIFI devices didn’t get an IP address anymore. Then i looked in the following log files:

  • cat /var/log/messages
  • cat /var/log/vyatta/vyatta-commit.log

In the vyatta-commit.log the following error is displayed under the [service dhcp-server] section:

[ service dhcp-server ]
Static DHCP lease IP ‘192.168.249.11’ under static mapping ‘Chromecast’
under shared network name ‘WIFI’ is already is in by static-mapping ”.
DHCP server configuration commit aborted due to error(s).

In the DHCP scope for the WIFI VLAN there was a static IP mapping called “Chromecast”. I removing the “Chromecast” static IP mapping in the GUI of the EdgeRouter. In the SSH session tried to start the DHCP service by using the following command.

 
sudo service dhcpd start

Starting DHCP server daemon…

The DHCP service is started.  In the vyatta-commit.log no new errors are displayed and the WIFI devices were able to get an IP address.  Removing the “Chromecast” static mapping cleared the duplicate static IP error.

Top vCenter Server Appliance (VCSA) troubleshooting commands

During the configuration and troubleshooting of vCenter Server Appliances (VCSA) I maintain a list of commands that I frequently use. This list contains my top configuration and troubleshooting VCSA commands:

  • Enable access the Bash shell:
shell.set --enabled true
  • Permanently configure the default Shell to BASH for Root:
chsh -s /bin/bash root
  • Log location of the VCSA:
/var/log/vmware/vsphere-client/logs/
  • VCSA service management:
Check status
service-control --status --all
List services
service-control --list
Stop all services
service-control --stop --all
Start all services
service-control --start --all
  • Join the AD domain from PSC:
/opt/likewise/bin/domainjoin-cli join domain.nl aduser password

After the AD domain join reboot the appliance

  • Check the AD domain join status:
/opt/likewise/bin/domainjoin-cli query
  • Leave AD domain join:
/opt/likewise/bin/domainjoin-cli leave

After the AD domain leave reboot the appliance

  • Certificate Manager location:
/usr/lib/vmware-vmca/bin/certificate-manager
  • Test port connectivity from the VCSA:
curl -v telnet://target ip address:port
Example:
curl –v telnet://mypsc.domain.local:443
  • Identity which PSC the VCSA is pointing to:
/usr/lib/vmware-vmafd/bin/vmafd-cli get-ls-location --server-name localhost
  • Repoint the VCSA to another PSC:
cmsso-util repoint --repoint-psc "PSC01"
  • Check the PSC replication partner:
/usr/lib/vmware-vmdir/bin/vdcrepadmin -f showpartners -h localhost -u administrator -w password
  • Check the PSC replication status:
/usr/lib/vmware-vmdir/bin/vdcrepadmin -f showpartnerstatus -h localhost -u administrator -w password

Output:

Partner: psc02
Host available: Yes
Status available: Yes
My last change number: 4274
Partner has seen my change number: 4274
Partner is 0 changes behind.
  • VDC Admin tool test LDAP and force replication
/usr/lib/vmware-vmdir/bin/vdcadmintool

Proactively manage your vSphere environment with Runecast Analyzer

I’ve got the opportunity to test Runecast Analyzer. Runecast Analyzer Proactively use VMware KBs, best practices and security hardening guidelines to identify problems in your VMware environment. In this blogpost you find my experience of testing Runecast Analyzer.

Deployment

The deployment of Runecast Analyzer is easy. It’s an on-premises deployment on you’re vSphere environment. Within a couple of minutes the Runecast is up and running. First download and deploy the virtual appliance OVA in an existing vSphere 5 or higher environment. During the deployment 3 appliance configuration sizes options are available:

DeploymentvCPUMemory (GB)Storage (GB)Network
Small2490100Mbit=>
Medium4890100Mbit=>
Large83290100Mbit=>
After choosing the appliance size and set the IP address you’re ready to access the appliance using a web browser.
Updating
After the appliance is deployed, the updating of the KB definitions, updates, application and OS updates can be configured in the VA admin interface of the appliance. When using the automatic updating you’re always up-to-date.
When the appliance has no internet connection, offlines updates are available on the RuneCast website.
Scan the vSphere environment
Add one ore more vCenter Server(s) and you’re ready to fire you’re first scan of the VMware environment. The scan can be manually performed of scheduled.
After the scan of the environment the issues are displayed in a dashboard.  The issues are categorized in critical, major and medium.

Version 1.7 adds a new dashboard called “issues by layer”. This dashboard categories the issues in 5 main layers: Management, VM, Compute, Network and Storage.

The detected issues are added in the five layers. This dashboard is interactive. By selecting the layer and issue you can drill-down and find the affected component and root cause.

It is possible to integrate RuneCast in the vSphere Web client. The plugin displays all issues detected by RuneCast Analyzer with the details and their root causes.

The vSphere Web Client HTML5 page looks awesome.

Meltdown and Spectre

Runecast is continuously monitoring the VMware KB articles and is able to detect Spectre and Meltdown issues. The great thing is that when VMware is updating or adding a Spectre or Meltdown KB issue, Runecast monitors that and alert you when the vSphere environment is affected. In the following example the Spectre/Meltdown issues are found.

You can drill down to see what hosts are effected.

Log Analytics

Runecast Analyzer includes log analytics. Runecast collects the syslogs from the ESXi hosts and do a smart analytics to discover possible problems found in KBs.

Hardening

Runecast Analyzer uses VMware Security checks (https://www.vmware.com/security/hardening-guides.html) and DISA STIG 6 to check the compliance of the vSphere environment. The results are reports in a dashboard.

vSAN support

Version 1.7 adds support for VMware vSAN environments. It scans vSAN clusters and test their configurations against VMware KB articles and best practices. When issues are found guides are added how to fix them.

For example in a customer vSAN environment Runcast Analyzer found the following vSAN problem:

When drilling down the guide tells me that this issue is fixed in ESXi 6.5 Update 1 (vSAN 6.6.1). After patching  the issue was solved without occurring in the vSAN environment. This is what you called “proactive management”.

Conclusion

With Runecast Analyzer every VMware vSphere admin can proactively identify possible (security) problems in there vSphere environment. The installation is easy and fast. As VMware consultant I use Runecast on frequently basis which gives me a great overview of the state of the vSphere environment i’m working with.

Every new release has great features are added such as vSAN and vSphere Web Client HTML5 support .

In my opinion Runecast Analyzer is a must have tool for every VMware vSphere admin to proactively monitor there environment.

Wanna try?

There is a 14-day free trial available from this link.