Deploy an OVA/OVF fails with certificate error

When trying to deploy an OVA/OVF with the vSphere Web Client the following error is displayed:

The operation failed for an undetermined reason. Typically this problem occurs due to certificates that the browser does not trust. If you are using self-signed or custom certificates, open the URL below in a new browser tab and accept the certificate, then retry the operation.

This error occurs with vSphere 6.5 because the certificates are not trusted. The self-signed certificates are used and are not added to the trusted root certification store.

To deploy a OVF/OVA to the vCenter Server appliance trusted root CA must be added to the certificate store. The following steps will work with Chrome and Internet Explorer:

  • Open the vCenter URL: https://vcenter-FQDN

  • Select the “Download trusted root CA certificates” and save the archive(ZIP) file
  • Extract the archive (ZIP)

  • Start – Run – MMC
  • File – Add Snap-ins – Certificates – Computer Account – Local  computer
  • Open Trusted Root Certification Authories – Certificates
  • Import the two *.crt certificates

  • Close the browser and re-open the browser and navigate to the vCenter Server using the FQDN.
  • Now the URL is marked as secure (green lock) and you’re able to import the OVA/OVF

 

Update the vCenter Server Appliance (VCSA) without internet

In this blog post I highlight how to patch or update a single vCenter Server Appliance (VCSA) without having an internet connection. The patch will be stored on a temporarily web server that is installed on a Windows machine. In this example we update the vCenter Server Appliance version from 6.0 Update 2 to 6.0 Update 3 build 5050593.

Here are the main steps:

1. On a Windows machine install a temporarily web server to host the VCSA patch.  As web server “Posh Server” (link) will be used. This is a small PowerShell web server. Download the Posh Server and install it on a Windows box. After the installation (use the default settings) open PowerShell (As Administrator) and execute the following commands:

Set-Executionpolicy unrestricted

Type “y” to confirm. Go to the “C:\Program Files\PoSHServer” folder.

Import-Module PoSHServer
Start-PoshServer -Port 9000

The Posh web server is started and listens on port 9000

2. Download the patch (zip file)  from the VMware website.

Extract the patch on the Windows machine in the web server folder under “C:\Program Files\PoSHServer\webroot\http\update“. Besides the patch file(ZIP), two folders are extracted (manifest and package-pool).

2. Before upgrading make sure you have a backup copy of the VCSA!

3. Open the vCenter Server Appliance web interface (https://VSCA-IP:5480). Go to the update tab and click settings, select use “Specified Repository”. Enter as location of the web server and update folder. In this example we use:

http://IP-web-server:9000/update

Click OK, check updates and use the “Check Repository” option. (tip: make sure to disable the proxy configuration in the VCSA)

The update displayed in available updates. Install the update.

When the update is finished, click OK and reboot the appliance.

5. After the reboot check the version and build version of the new patch.

vCenter Server 6 and the vPostgres database

In vCenter Server 5.x the embedded SQL Express database supports a maximum of 5 hosts and 50 Virtual Machines. With vCenter Server 6 the embedded database is changes from SQL Express to a vPostgress database. The vPostgres database supports a maximum of 20 hosts and 200 VMs. In comparison the vPostgres database on the vCenter Server Appliance (VCSA) 6 supports 1000 hosts and 10000. When upgrading or fresh installing  vCenter Server 6 make sure to note the following items:

  • When upgrading to vCenter Server 6.0, the Microsoft SQL Express database is migrated to a vPostgres database.
  • Oracle, SQL Standard and Enterprise database editions will not be migrated to vPostgres.
  • It is possible to upgrade without migrating the SQL database to vPostgres. Make sure you have a supported SQL database before upgrading. More information can be found here, link.
  • When uninstalling vCenter Server 6 the  embedded VMware vPostgres database will be removed with all the data!  More information can be found here, link.
  • How to backup and restore the vPostgres database there is a Python script available. This script can be found here, link.
  • VMware vSphere Update Manager can’t use the embedded vPostgres database! For VMware vSphere Update Manager you need a Microsoft SQL (Express) database.  When combining the vCenter Server, PSC and VUM on one server, two different databases engines are used. This looks like this:

vcenter-vpostgres