vcsa Archives - ivobeerens.nl

Blue circle in the vSphere client after upgrading to vCenter Server 6.7 Update 2

April 24, 2019

After upgrading the vCenter Server Appliance (VCSA) to version 6.7 Update 2, I tried to log in using the vSphere Client. After entering the credentials an endless blue running circle appears.

In the VAMI interface (https://vcsa-fqdn:5480) of the VCSA, the health statistics of all the components are green (okay) so I decided to reboot the VCSA.

After the VCSA reboot I encountered the same blue running circle when trying to log in using the vSphere Client. I tried Firefox and Google and the Internet Explorer browser. The only browser that worked was Internet Explorer. I never used Internet Explorer before so I tried to clear the cache of Google Chrome and Firefox using the following methods:

Clear cache, cookies and history of Google Chrome:

Open Chrome.
At the top right, click More
Click More tools and then Clear browsing data
Time range: All time
Select Browser history, cookies and cache images and files
Click Clear data

Clear cache and cookies of Firefox browser:

Open firefox
In the address bar enter: about:preferences
Click Privacy & Security
Under Cookies and Site Data select Clear Data
Check Cookies and Site Data and Cached Web Content
Click Clear and select Clear Now

After clearing the cache I was able to log in using the vSphere Client without the endless blue circle. So make sure to clear the cache of the browser(s) when experiencing the circle problem.

vCenter Server Appliance (vCSA) automated/unattended deployment

September 12, 2018August 20, 2018

Installing the vCenter Server Aplliance (vCSA) automatically using an unattended scripted deployment can be done by command line (CLI) in combination with a JSON config file. In this example an embedded vCenter Server Appliance with the Platform Service Controller (PSC) and vCenter Server role will be deployed.

Prerequisites:

This example is based on a Windows Operating System. Using a Linux or MAC OS is also possible but not highlighted in this blog.
Make sure the FQDN of the vCSA is resolvable by a DNS server and check if reverse lookup works.

Steps to perform:

Download the vCenter Server Appiance (VCSA) ISO (version 6.5 or 6.7)
Mount the ISO
The CLI installer for Windows requires a Microsoft Visual C++ Redistributable version 14.0. This requirement can be checked with the following command:

\vcsa-cli-installer\win32\check_windows_vc_redist.bat

Navigate to the JSON templates. The vCSA ISO contains template JSON files that can be used for deploying the vCSA. The templates can be found on the ISO in the following map:

 \vcsa-cli-installer\templates\install

The types of templates are avalable:

           embedded_vCSA_on_*.json: Platform Services Controller (PSC) and vCSA
                                     together on one system
            PSC_on_*.json:           Only a PSC
            vCSA_on_*.json:          Only a vCSA
            *_on_ESXi.json:          Install onto the ESXi host specified in the JSON
                                     file
            *_on_VC.json:            Install onto a host managed by the vCenter
                                     instance specified in the JSON file

Edit a template “embedded_vCSA_on_ESXi.json“ or use the example below with you’re favorite editor (I use Notepad ++) and save it to a writable location (in the CLI syntax you need to point to this modified JSON file). The template contains the minimal parameters needed to deploy the embedded vCSA. The vCSA will deployed as tiny (2 vCPU, 10 GB memory, 300 GB storage). An overview of all parameters that can be used are found here, link.

Example JSON file to deploy an embedded vCenter Server Appliance with the PSC and vCenter components:

{
    "__version": "2.13.0",
    "__comments": "Sample template to deploy a vCenter Server Appliance with an embedded Platform Services Controller on an ESXi host.",
    "new_vcsa": {
        "esxi": {
            "hostname": "192.168.11.10",
            "username": "root",
            "password": "VMwaaare01!",
            "deployment_network": "vlan13-srv",
            "datastore": "SSD-M2-01"
        },
        "appliance": {
            "__comments": [
                "You must provide the 'deployment_option' key with a value, which will affect the VCSA's configuration parameters, such as the VCSA's number of vCPUs, the memory size, the storage size, and the maximum numbers of ESXi hosts and VMs which can be managed. For a list of acceptable values, run the supported deployment sizes help, i.e. vcsa-deploy --supported-deployment-sizes"
            ],
            "thin_disk_mode": true,
            "deployment_option": "tiny",
            "name": "vcsa03.lab.local"
        },
        "network": {
            "ip_family": "ipv4",
            "mode": "static",
            "ip": "192.168.13.13",
            "dns_servers": [
                "192.168.13.101"
            ],
            "prefix": "24",
            "gateway": "192.168.13.254",
            "system_name": "vcsa03.lab.local"
        },
        "os": {
            "password": "VMware01!",
            "ntp_servers": "pool.ntp.org",
            "ssh_enable": true
        },
        "sso": {
            "password": "VMware01!",
            "domain_name": "vsphere.local"
        }
    },
    "ceip": {
        "description": {
            "__comments": [
                "++++VMware Customer Experience Improvement Program (CEIP)++++",
                "VMware's Customer Experience Improvement Program (CEIP) ",
                "provides VMware with information that enables VMware to ",
                "improve its products and services, to fix problems, ",
                "and to advise you on how best to deploy and use our ",
                "products. As part of CEIP, VMware collects technical ",
                "information about your organization's use of VMware ",
                "products and services on a regular basis in association ",
                "with your organization's VMware license key(s). This ",
                "information does not personally identify any individual. ",
                "",
                "Additional information regarding the data collected ",
                "through CEIP and the purposes for which it is used by ",
                "VMware is set forth in the Trust &amp;amp;amp;amp;amp; Assurance Center at ",
                "http://www.vmware.com/trustvmware/ceip.html . If you ",
                "prefer not to participate in VMware's CEIP for this ",
                "product, you should disable CEIP by setting ",
                "'ceip_enabled': false. You may join or leave VMware's ",
                "CEIP for this product at any time. Please confirm your ",
                "acknowledgement by passing in the parameter ",
                "--acknowledge-ceip in the command line.",
                "++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++"
            ]
        },
        "settings": {
            "ceip_enabled": true
        }
    }
}

The first deployments failed when using the FQDN ESXi hostname in the JSON file, with the following error:

OVF Tool: Transfer Failed

OVF Tool: Error: Failed to send http data

Deployment failed. OVF Tool return error code: 1

I checked the logs but didn’t find any clue. The FQDN of the ESXi host was revolvable by DNS but after changing the ESXi FQDN to the IP address of the ESXi host in the JSON file the deployment finished without errors.

Perform a template JSON verification without installing:

vcsa-deploy install --accept-eula --verify-template-only <JSON file path>

Perform the actually deployment

vcsa-deploy.exe install --accept-eula --acknowledge-ceip --terse --no-ssl-certificate-verification <JSON file path>

When the unattended deployment finished, an embedded vCenter Server Appliance with the Platform Service Controller (PSC) and vCenter Server role is ready to rumble.

I created a GitHub repository for the deployment and parameters, link.

VMware documentation about the CLI deployment can be found here, link.

Top vCenter Server Appliance (VCSA) troubleshooting commands

March 6, 2018

During the configuration and troubleshooting of vCenter Server Appliances (VCSA) I maintain a list of commands that I frequently use. This list contains my top configuration and troubleshooting VCSA commands:

Enable access the Bash shell:

shell.set --enabled true

Permanently configure the default Shell to BASH for Root:

chsh -s /bin/bash root

Log location of the VCSA:

/var/log/vmware/vsphere-client/logs/

VCSA service management:

Check status
service-control --status --all
List services
service-control --list
Stop all services
service-control --stop --all
Start all services
service-control --start --all

Join the AD domain from PSC:

/opt/likewise/bin/domainjoin-cli join domain.nl aduser password

After the AD domain join reboot the appliance

Check the AD domain join status:

/opt/likewise/bin/domainjoin-cli query

Leave AD domain join:

/opt/likewise/bin/domainjoin-cli leave

After the AD domain leave reboot the appliance

Certificate Manager location:

/usr/lib/vmware-vmca/bin/certificate-manager

Test port connectivity from the VCSA:

curl -v telnet://target ip address:port
Example:
curl –v telnet://mypsc.domain.local:443

Identity which PSC the VCSA is pointing to:

/usr/lib/vmware-vmafd/bin/vmafd-cli get-ls-location --server-name localhost

Repoint the VCSA to another PSC:

cmsso-util repoint --repoint-psc "PSC01"

Check the PSC replication partner:

/usr/lib/vmware-vmdir/bin/vdcrepadmin -f showpartners -h localhost -u administrator -w password

Check the PSC replication status:

/usr/lib/vmware-vmdir/bin/vdcrepadmin -f showpartnerstatus -h localhost -u administrator -w password

Output:

Partner: psc02
Host available: Yes
Status available: Yes
My last change number: 4274
Partner has seen my change number: 4274
Partner is 0 changes behind.

VDC Admin tool test LDAP and force replication

/usr/lib/vmware-vmdir/bin/vdcadmintool