When upgrading to vSphere 7 or any other version, you might choose to create a brand new vCenter instead of migrating the old one. But what about folder structure, tags, distributed switches and so on.
Here I will demonstrate how you can easily migrate your tags from one vCenter to another using VMware PowerCLI.
Continue reading Migrate Tags from one vCenter to another
After upgrading a 3 vCenter Enhanced Link Mode environment a customer experienced the following error:
Server is at a higher functional level (1) than partner (<partner vCenter server>)(0) and cannot perform at a lower level.
When checking the domain functional level of each of the three servers, they all state that they are at level 1. The other server are starting like normal.
One server is not starting the vmdir service and it is also that service that is reporting the error. Most of the other services on a vCenter is dependant on this the vmdir.
I do not have a solution as of now. I might have a reason for the issue, and I might have a workaround. VMware is currently trying to figure out how to fix this.
Continue reading vCenter services not starting after 6.7 Update 3f upgrade
So VMware released a security advisory (VMSA-2019-0009) about vulnerable VMware Tools.
In short it is recommended to upgrade all VMware Tools to at least version 10.3.10 (Build 10346) which is the newest at the time of writing.
After patching ESXi to the latest build, you might realize that the VMware tools you are left with, after upgrading the tools, in a VM, is 10.3.5 (build 10341) Continue reading How to upgrade to VMware Tools 10.3.10
I have found that, when working with VMware vSphere, there are many benefits of running Linux on your workstation.
Things like tight integration with SSH, ISO files, API’s, Python are all things that make your life easier not only on Linux, but also when working with VMware.
Continue reading VMware vCenter Appliance Installer on Ubuntu Linux
I recently installed Powershell Core om Ubuntu 18.04, and after installing the PowerCLI module. I ran into an error.
The error is not an uncommon one, but on Windows the error message makes a lot more sense, so I just wanted to let you know what this error actually means.
The error you might get when you try to connect to your vCenter server using the connect-viserver is the following:
Connect-VIServer : 9/27/18 10:41:37 AM Connect-VIServer The SSL connection could not be established, see inner exception.
At line:1 char:1
+ Connect-VIServer <servername>
+ CategoryInfo : NotSpecified: (:) [Connect-VIServer], ViError
+ FullyQualifiedErrorId : Client20_ConnectivityServiceImpl_Reconnect_SoapException,VMware.VimAutomation.ViCore.Cmdlets.Commands.ConnectVIServer
The only hint here is “The SSL connection could not be established…”
This actually means that you do not have a valid certificate. And if you want to connect to vCenter without a valid certificate, you have to allow this.
You can either change you vCenter certificate to a trusted one, which is the correct solutions or you can ignore invalid certificates, which circumvents all security, but makes it work right now.
Please comment if this was helpful.
Issue with nic driver on HPE servers after updating HPE drivers on ESXi 6.5 and 6.7
I ran into an issue the other day with a vCenter Server Appliance filling up one of its partitions. The partition that was filling up was the /storage/seat partition. This partition holds the postgres SQL database, so the vCenter server was in trouble.
After some digging around I realized that the root cause was a new event error from all ESXi hosts, that was coming at a rapid pace. The errors had started during the last driver and base updates, and only the HPE servers was affected. Continue reading 10fb does not support flow control autoneg
Just had an odd issue today.
A customer had created a Virtual Distributed Switch, but was unable to add his ESXi hosts to the vDS. It said that: “Host is not compatible with the VDS version.”
He was only able to join his version 6.5 ESXi host to a 5.5 vDS. If it was upgraded to version 6.0 or 6.5 it did not work.
There are multiple reports of this online related to upgraded hosts and vCenters. I suspect that it is an issue that you only run into if you do major upgrades without reinstalling ESXi, and since I never do that I have not had that problem before.
The quick solution to this problem is: Continue reading Host xxx.xxx.xxx.xxx is not compatible with the VDS version
I have had an annoying issues at two customer sites now, and I want to share the solution with you.
The problem is that you cannot VMotion VMs to a newly installed ESXi 6.5 hosts running on Lenovo SR650 hardware. The CPU used in the new host is Intel Xeon Gold 6154 Processor, and the old hosts are using Intel Xeon Processor E7-4880 v2. I do not think that the source CPU model is relevant to the issue it could be any supported Intel CPU in the same cpu family.
When trying to VMotion the following error is displayed:
The virtual machine requires hardware features that are unsupported or disabled on the target host:
"""""""""""""* General incompatibilities
If possible, use a cluster with Enhanced vMotion Compatibility (EVC) enabled; see KB article 1003212.
CPUID details: incompatibility at level 0x1 register 'ecx'.
Host bits: 0110:0010:1101:1000:0011:0010:0000:0011
If you then try to enable EVC in the cluster it complains that the new hosts has an issue, and returns this error:
The host's CPU hardware should support the cluster's current Enhanced vMotion Compatibility mode, but some of the necessary CPU features are missing from the host. Check the host's BIOS configuration to ensure that no necessary features are disabled (such as XD, VT, AES, or PCLMULQDQ for Intel, or NX for AMD). For more information, see KB article 1003212.
Continue reading Unable to VMotion to new Lenovo SR650 Host
Had an annoying error today. Was updating an ESXi image for use with AutoDeploy. When I reinstalled the hosts they would not join vCenter. My workflow removes them from vCenter in the process, but they were unable to rejoin, and I could not add them manually either.
I got two error:
When selected the license in the add host wizard I got this error:
Cannot decode the licensed features on the host before it is added to vCenter Server. You might be unable to assign the selected license, because of unsupported features in use or some features might become unavailable after you assign the license.
I pushed through, but when the task reaches 100% it gave another error:
License file download from <servername> to vCenter Server failed due to exception: vmodl.fault.SecurityError.
Well to cut a long story short it turned out to be a time issue. Some of the serveres was not allowed to talk to the NTP servers. and their time had drifted. vCenter was located on one of these serveres, and its time was 5-6 minutes behind the ESXi servers that I was trying to join.
The NTP connection issue was corrected. Time was checked on all servers.
Hope this helps someone.
Often when I do health checks on vSphere environments I come across VMs that have multiple vNics. That can be a serious security risk if these vNics are connected to different security zones. A VM that is connected both to a DMZ and to a Administration network could allow a hacker easy access to more privileged networks. Sometimes this configuration is acceptable if the operating system is designed to handle it, if for instance we are dealing with a firewall.
I often find VMs that have a configuration where one of the network adapters is disconnected. Sometimes the second vNic was forgotten, and other times it is connected from vCenter when access to the secondary network is wanted for some kind of maintenance.
There is a settings on the virtual network adapter called “allowGuestControl”, and I was wondering if this setting could be a security issue. Could a hacker enable the disconnected network adapter from within the guest operating system, and thereby gain access to a privileged network? Continue reading VMs with multiple vNics could be a security risk