Virtualisation

I have been testing out Runecast Analyzer ↗ in my lab recently - it’s pretty badass, you can set it up to scan your virtual infrastructure at a vCenter level and will scan your vC, VMs and hosts looking for KBs that may apply, security compliance and best practises. As you can see my lab isn’t exactly a model config when it comes to any of these things: It’s really very cool, syslogging is also built in, if you add it as a syslog target to your hosts (RCA can do this automatically too) it will monitor the syslogs incoming and search the KB database for any matching problems - I actually found that some of my iSCSI paths weren’t coming up after failover due to this!...

I have been working with VSAN in the lab recently and had the need to get some deeper stats on the inner operations. I had upgraded the lab to ESXi 6.0 U1 and vCenter 6.0 U1 and for the life of me couldn’t get the RVC console in the VCSA to work per the VMware KB ↗. In particular it just wouldn’t log in with this line, even with the correct password:...

While doing some research for NSX setups I found the urge to delve deeper into the calculations of some of ESXi’s load-balancing and teaming types that are available, below I have outlined the scenarios, calculations (where appropriate) and recommendations when it comes to choosing a NIC load balancing and teaming type. Virtual Port ID Your VMs all have single vNICs, You have multiple physical switches, the pNICs from the servers are striped across them, the switches aren’t stacked/don’t have an awareness of each other/are from different vendors (point here, completely different, no collaboration between equipment - any brownfield environment)....

If you’ve been reading my other posts of late, you will have gathered I’ve been building a new lab. I say “new”, the last one was a single R710 with a ReadyNas Ultra 6 attached. So essentially, this is my first REAL lab. It’s mostly based on Dell hardware; it’s cheap on eBay, I like their management tools and in the past i’ve only really had good experiences with them, granted it’s no Cisco UCS, HP Bladesystem or Dell M1000e - I think with the addition of OpenManage, and in particular OMIVV it makes it almost as manageable as those environments when you get the foundations laid down nice and solid....

I recently rebuilt my lab and added 2x new ESXi hosts, I re-used my old single host in the process which I upgraded from ESXi 5.5 to 6.0 and patched to the same level as the new hosts. Everything was working as expected until it came for the time to enable HA. My old host claimed the master roll and thus the other boxes had to connect to it as slaves, however, these failed with “HA Agent Unreachable” and “Operation Timed Out” errors....

If you’ve just spun up a new vCenter 6.0 appliance, have joined it to the domain and added a new identity source but have found that your integrated windows auth (the handy checkbox you use for SSO) isn’t working with this error: A General System error occurred: Cannot get user info Then it’s because the nsswitch.conf file is missing the lsass parameter, to remedy this: SSH as root to your vCenter server appliance....

Creating signed certs for vCenter has never been easy, with the new release of 6.0 though this has changed somewhat, there is a built in certificate manager that allows you to import a CA (say Microsoft AD) cert and key to have VMCA sign it’s own certs with and make them trusted. First thing, we need to set up an AD cert template for vSphere 6.0, that’s in my article here....

Signing certs for VMware has always been a pain in the ass, it’s gotten a lot better in v6 but there are a few caveats, what we’re going to do here is set up a certificate template in Active Directory from which we will sign our vCenter certificates. Load up your AD-CA box and run: certtmpl.msc Next right click on Web Server and click Duplicate Template: If you use an encryption level higher than sha1 choose Windows Server 2008 as the Certification Authority....

Just a quick note today, more of a reference than anything else. I had the requirement recently to convert a load of VMs that had thin VMDKs to thick provisioned, however the client was not licensed for live Storage vMotion. In an effort to minimise downtime I decided the best thing to do was use the “Inflate” option in the datastore for that VMDK - this requires the VM to be powered off....

I have come across a number of environments where mystery “snapshot” files exist - they are not seen in snapshot manager, running a consolidation them doesn’t help, creating a snapshot (with memory, or guest OS quiescing) then running “Delete All” doesn’t resolve it, but some applications still think a snapshot is there. To take care of these is quite a manual process after you have followed all the VMware KB advice:...