Patch a vCenter Server High Availability (VCHA) environment

Last week I tried to patch a vCenter Server High Availability (VCHA) 7 cluster environment. I read the documentation and the procedure described looks still the same as in version 6.x. First patch the witness node, then the passive node, failover the active node, and patch the passive node using the software-packages tool. The whole process is described in this link.

When I tried to stage the ISO on the witness node the following error occurred:

You can not patch a vCenter Server appliance in a vCenter HA cluster. resolution: You must remove the vCenter HA configuration, apply patches to vCenter Server appliance, and then reconfigure your vCenter HA deployment.

So I removed the vCenter Server HA cluster configuration and patched the single vCenter Server Appliance.

After the patching of the single VCSA, I redeployed the VCHA cluster again.

Conclusion: The vCenter Server HA cluster documentation still has the VCHA 6 update procedure documented that does not work anymore. I will update this blog article if there is more information available.

Adding a static route to a vCenter Server with multiple Network Interface Cards (NICs)

For a Disaster Recovery (DR) site, I designed a separate isolated VMware Horizon environment. The Center Server has an external (eth0) and internal (eth1) IP address. The external connection is for management and restoring production VMs to the DR environment. The internal connection is for Horizon infrastructure components that need to accesst to the vCenter Server such as a VMware Horizon Server and VMware App Volumes. |This looks simplified as follows:

There must be a static route to the Horizon subnet because the Horizon Connection Servers and VMware App Volumes integrate with the vCenter Server.

Here are the steps outlined to create such an environment:

  • The first thing after deploying a new vCenter Server is adding an extra NIC (VMXNET3). The steps are explained in the following article: KB2147155
  • Add the NIC to the correct internal PortGroup
  • Open the VAMI interface (https://<IP_Address>:5480) of the vCenter Server and add the IP configuration of eth1 (NIC1).

  • Enable SSH in the VAMI interface (Access – Edit – Enable SSH login)
  • Make an SSH session to vCenter Server and log-in with root and the correct password
  • Enter “shell” to launch the BASH shell
  • Browse to the following location:
cd /etc/systemd/network
  • There are two files available (10-eth0.network and 10-eth1.network). The 10-eth0.network represents eth0 and looks like:
[Match]
Name=eth0

[Network]
Gateway=10.2.145.249
Address=10.2.145.202/24
DHCP=no

[DHCP]
UseDNS=false
  • The 10-eth1.network file represents eth1 and looks like this.
[Match]
Name=eth1
[Network]
Address=192.168.0.102/24
DHCP=no
[DHCP]
UseDNS=false
  • Add a static route by adding the [Route] section of this file.
[Match]
Name=eth1
[Network]
Address=192.168.0.102/24
DHCP=no
[DHCP]
UseDNS=false

[Route]
Gateway=192.168.0.1
Destination=10.21.9.0/24
  • Restart the network services
systemctl restart systemd-networkd.service
  • Check if the route is added with the route -n command:
root@vcdr01 [ /etc/systemd/network ]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.2.145.249 0.0.0.0 UG 0 0 0 eth0
10.2.145.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.21.9.0 192.168.0.1 255.255.255.0 UG 0 0 0 eth1
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
  • Test with the ping command from the vCenter Server if you can reach the Horizon infra components in the subnet.

 

Blue circle in the vSphere client after upgrading to vCenter Server 6.7 Update 2

After upgrading the vCenter Server Appliance (VCSA) to version 6.7 Update 2, I tried to log in using the vSphere Client. After entering the credentials an endless blue running circle appears.

In the VAMI interface (https://vcsa-fqdn:5480) of the VCSA, the health statistics of all the components are green (okay) so I decided to reboot the VCSA.

After the VCSA reboot I encountered the same blue running circle when trying to log in using the vSphere Client. I tried Firefox and Google and the Internet Explorer browser. The only browser that worked was Internet Explorer. I never used  Internet Explorer before so I tried to clear the cache of Google Chrome and Firefox using the following methods:

Clear cache, cookies and history of Google Chrome:

  • Open Chrome.
  • At the top right, click More More
  • Click More tools and then Clear browsing data
  • Time range: All time
  • Select Browser history, cookies and cache images and files
  • Click Clear data

Clear cache and cookies of Firefox browser:

  • Open firefox
  • In the address bar enter: about:preferences
  • Click Privacy & Security
  • Under Cookies and Site Data select Clear Data
  • Check Cookies and Site Data and Cached Web Content
  • Click Clear and select Clear Now

After clearing the cache I was able to log in using the vSphere Client without the endless blue circle. So make sure to clear the cache of the browser(s) when experiencing the circle problem.