Allow only specific hosts to log to vRealize Log Insight

Today a college of mine was asked by a customer if it would be possible to only allow specific host to send logs to VMware vRealize Log Insight (vRLI).

And as it is running on a Linux platform iptables is built in, so I figured why not?

iptables is a in kernel firewall built in to almost any Linux distribution.

Why would you limit who can send logs to your vRLI. This is not something that I hear many customers ask for, but I can certainly understand why you would not want any host or user without permission to spam you logs. And even though the filtering in vRLI is very good, you could potentially run out of disk space, and miss log that you actually wanted. Also it would be possible for an attacker to disguise his whereabouts with generated false logs. This would not be a foolproof method to avoid this, as I can easily think of a couple of ways to accomplish this anyway. Continue reading Allow only specific hosts to log to vRealize Log Insight

Things to know about upgrading vCSA 6.0 to vCSA 6.5

Here is a list of things that you might want to do before you upgrade your vCenter from vCSA 6.0 to vCSA 6.5.

Postgres table owner

First check you postgres database. For some reason the table owner is often wrong. Thanks to black88mx6 There is a way to check this, and also to fix it. Remember that anything you see here is executed at your own risk. An important step to perform before upgrading is taking a backup/snapshot of your vCenter VM, and any related components, so that you will be able to recover from a failed upgrade. Continue reading Things to know about upgrading vCSA 6.0 to vCSA 6.5

vCenter Recent Tasks Descriptions and Names are broken after VCSA Upgrade

After upgrading VCSA from version 6.5 to 6.5 Update 1 you might experience a problem with Task Names and object Descriptions. Names are not “resolved” to its human understandable name, but instead they are written as a API object name.

For instance a host profile compliance check would normally be “Compliance check” but is instead written as “profile.ComplianceManager.check.label” or a VMotion is written as “Drm.ExecuteVMotionLRO.label”

Continue reading vCenter Recent Tasks Descriptions and Names are broken after VCSA Upgrade

ESXi 6.5 Update 1 PSOD on HPE 460c Gen9 after Ixgben driver update

Today I upgraded a customer to ESXi 6.5 Update 1, but unfortunately some of them ended up purple screening at reboot after they were updated.

Affected Servers so far

  • HPE BL460c Gen9
  • HPE DL360p Gen8 (Reported by anonymous user)
  • HPE DL380 Gen9 (Reported by Bernhard)
  • HPE DL380 Gen8 (Reported by Ralf)
  • HPE DL380p Gen9 (Reported by Victor)

PSOD Error

PSOD: #PF Exception 14 in world 68297:sfcb-intelcim IP 0x41801b704d8f addr 0x443919649c000

Continue reading ESXi 6.5 Update 1 PSOD on HPE 460c Gen9 after Ixgben driver update

Migrate folder structure from old to new vSphere vCenter

Sometimes I find it easier to create a new vCenter server then migrate the old one, and it is a perfectly good solution in many cases.

But annoyingly there is a lot of manual work involved.

One problem is the VM’s and Templates folders. They do not follow the host, so you have to create the folder structure manually and move each VM into the correct folder. Well I am way to lazy to do that by hand, so it’s time to Automate!

Continue reading Migrate folder structure from old to new vSphere vCenter

FCoE Adapters and datastores missing after vSphere ESXi 6.5 Install

Today I upgraded some HP BL460c Gen9 Blade Servers from ESXi 6.0 to ESXi 6.5. I always reinstall when going from 5.5 to 6.0 or 6.0 to 6.5, so After the server was done installing I found that the FCoE adapters and datastores was missing.

The servers are connected to some HP 3PAR storage using HP FlexFabric 10Gb 2-port 536FLB Adapters.

To regain access to your storage you need to enable the FCoE adapters using the esxcli command.

Continue reading FCoE Adapters and datastores missing after vSphere ESXi 6.5 Install

VMware vCenter VCSA 6.5 Upgrade “Error: queryAaaa ENODATA”

During an upgrade I got the following error: “A problem occurred  while getting data from the source vCenter Server”

And the install log has the following information. Continue reading VMware vCenter VCSA 6.5 Upgrade “Error: queryAaaa ENODATA”

Storage Optimization for VMware vSphere

This is meant as a dynamic article for looking up best practice settings for different storage arrays when adding them to VMware.

Why modify the default settings?

When datastores are added to an ESXi host, there are multiple ways that ESXi can leverage the storage. In some cases ESXi will use Most Recently Used path (Active/Standby or MRU) by default, which means that you only leverage one path at the time. This could result in a bottleneck in your storage infrastructure. Many arrays are able to handle Round Robin (Multi path Active/Active or RR) By enabling this will distribute your storage traffic onto multiple adapters, provided that you have multiple adapters.

Other settings can involve how many I/O ESXi should send to a path before switching to another path, or advanced settings that alters the way ESXi handles the storage.

Getting these settings correct will most often result in better performance, but can also help you stay out of trouble that can lead to breakdowns. Continue reading Storage Optimization for VMware vSphere

Cross SSO and vCenter VMotion using PowerCLI

http://cloudmaniac.net/using-powercli-to-vmotion-vm-between-different-sso-domains-vcenters/

Roman Decker wrote an article about how to move virtual machine between vCenters that are not part of the same SSO domain, using PowerCLI.

I felt like it needed some adjustments to be more dynamic and interactive, so many of the hard coded bits I decided to make the script ask for at runtime.

Continue reading Cross SSO and vCenter VMotion using PowerCLI