I ran into an issue recently where we were unable to remove a PSC in preparation for a 6.5 upgrade. A call to VMware resulted in finding out that it was due to a semi-colon in the local admin password (said password has been in place for a couple of years at this customer, and never any other issues, so I am skeptical). I am planning on changing the password to test, and have been looking about for guidance on best practices. The only thing I can find in the VMware docs is this:

vCenter Server Password Requirements and Lockout Behavior

which states

The password for administrator@vsphere.local must meet the following requirements:

• At least 8 characters
• At least one lowercase character
• At least one numeric character
• At least one special character

 

The password for administrator@vsphere.local cannot be more than 20 characters long. Only visible ASCII characters are allowed. That means, for example, that you cannot use the space character.

So A: it mentions nothing about a semi-colon causing issues, and B) it concerns me as we go to plan a new password. Having a security background, I tend toward pass-phrases more than passwords, so I would do something along the lines of vSphere Let Me In1! but now I am concerned about the spaces. Does anyone know of any other KBs or docs that shed more light on this?

Hi,

I am new to VMware in the last 2 months or so I have a mini datacentre with two ESXi hosts and 1 VCenter Server to manage both hosts.

not sure if you are allowed to or not but am I able to sell VM online, i.e someone could configure one and pay as they use it, they can connect to it over the internet via remote desktop with the external ip address? or would it have to be something very expensive and complicated to do to have it done properly?

Matt

hi,

I am trying to replace the root certificate of the VMCA with a subca certificate of our Microsoft Windows CA.

Using the certificate manager on our vcenter server appliance (PSC is embedded):

• /usr/lib/vmware-vmca/bin/certificate-manager
• choose option 2 (Replace VMCA Root Certificate...)
• Using configuration file: Yes

Then it starts asking me for detail information like country, company name and so on. I enter all the information and let it generate the request.

The problem is that it doesn't care what I enter. It always creates a request with the default values:

CN = CA

OU = VMware

O = %hostname%

S = California

DC = local

DC = vsphere

C = US

The only thing it actually changes is the hostname and the resulting certificate obviously also contains the wrong data.

I tried modifying the configuration file and restarting the process. It showed me the correct presets from the config file (country, company name etc were all displayed correctly) but the resulting request still looked like the one above.

What's my mistake?

We are running vSphere 6.5 Update 1.

Thanks,

Steffen

vROps Community Members:

Blue Medora is currently developing a new VMware vRealize Operations Management Pack for Microsoft's Hyper-V hypervisor.

If vROps integration with Microsoft Hyper-V is something that is relevant to you, our product management team is very interested in talking to you about what aspects of Hyper-V management / monitoring you like to see surfaced in vROps, which specific Hyper-V versions your organization most commonly leverages, as well as any specific troubleshooting / diagnostic use cases you have around Hyper-V.

Please drop us a line at beta@bluemedora.comif you'd like to participate in a pre-release program for the vROps MP for Microsoft Hyper-V.

Hi all,

Wondering if anyone is aware of a solution to the following issue I am having in my lab; when attempting to deploy an OVA in vCenter Web Client 6.50 Build 5318154 (vSphere 6.5d) I am getting the following:

This version of vCenter Server does not support Deploy OVF Templates using this version of vSphere Web Client. To deploy OVF Template, login with version 6.5.0.0 of vSphere Web Client

My environment:

• vCSA Version 6.5.0.5500 Build 5318154 (vCenter Web Client 6.50 Build 5318154 and vCenter Server at the same build level)
  
• vSphere 6.5 Build 5310538

This was built as a greenfield vSphere 6.5 lab so I don't believe that the issue described in https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2148007 is at play (an inconsistency in the SSO token signer certificate for environments upgraded from 5.1 or earlier.). Have a workaround just looking to see if anyone has experienced this or had any guidance from support before I go down this route.

Cheers,

Adrian

Hi all,

Recently worked on an upload issue and figured it was worth posting here in case anyone else ever encounters something similar.

Environment:

• vCenter 6.5 build 5973321
• ESXi 6.5 build 5310538 (image profile ESXi-6.5.0-4564106-standard)
• The web browser used to upload files
  • has the vCenter plugins installed (see Upgrading VMware Client Integration Plug-in to the latest version (2145066))
  • must trust the certificate of the VMware Cip Message Proxy Service (https://vmware-plugin:8094/)
  • must trust the certificate of all ESXi hosts that are mounting the datastore where files will be uploaded
• The vCenter account of the user who will be uploading files already has
  • A role containing the privileges "Datastore > Browse datastore" and "Datastore > Low level file operations" applied to the datastore where files will be uploaded
  • The "Read-Only" role applied to the host objects (propagating to children or not) that are mounting the datastore where files will be uploaded

Symptoms:

• The user can create folders in the datastore browser
• In the vSphere Web Client (Flex UI) after choosing a file to upload, the UI refreshes but the file is not uploaded
• In the vSphere Client (HTML5) attempting to upload a file errors with the message "Failed to transfer data. For more information check out the logs."
• In the vCenter web client log (/var/log/vmware/vsphere-client/logs/vsphere_client_virgo.log) entries similar to the following appear
  • [<date>] [ERROR] data-service-pool-786        70005481 100911 200867 com.vmware.vsphere.client.storage.impl.DatastorePropertyProvider  Not able to acquire generic service ticket for the purpose of file transfer com.vmware.vim.binding.vim.fault.NoPermission: Permission to perform this operation was denied.
  • [<date>] [ERROR] http-bio-9090-exec-3         70005482 100912 200867 com.vmware.vise.vim.http.transport.FileUploadRequestHandler       Failed to transfer data to url: https://<esxi_fqdn>/folder/<folder_name>/<file_being_uploaded_name>?dcPath=ha-datacenter&dsName=<datastore_name> java.io.IOException: Error writing request body to server

(apparent) Cause:

• In order to transfer files to a datastore via a host, the user apparently requires the privilege "Host > Configuration > System Management" applied to the hosts mounting the datastore, NOT the "Read Only" role. The role containing the privilege "Host > Configuration > System Management" for the user does not need to propagate to the children of the host object. Hat tip to petermie and Mincho Tonev in the post User with Administrator role can't upload files to datastores for finding that.

Hope this helps someone down the line.

We upgraded our vCenter 6.0 VCSA to vCenter 6.5 Update 1 VCSA. In the web client, we right click a powered off VM and try to Export to OVF we get this message

If we try via the HTML5 client we get this error:

OperationNotFound (com.vmware.vapi.std.errors.operation_not_found) => {

messages = [LocalizableMessage (com.vmware.vapi.std.localizable_message) => {

id = vapi.method.input.invalid.interface,

defaultMessage = Cannot find service 'com.vmware.vcenter.ovf.export_session'.,

args = [com.vmware.vcenter.ovf.export_session]

}],

data = <null>

}

Help!

I'm using the versioning with resource elements and it doesn't appear to allow me to revert to a previous version.  I've never really versioned my resource elements but I'm doing some work where I am heavily using them now and want to have previous versions to fall back to.  Since I haven't used versioning here I couldn't say at what version this ever worked but this seems like a bug.

I am a bit confused as to how task scheduler functions when appliance is set to UTC but client uses a different time zone (ET in my case). Everything in the client is indicative that it will use local time but the job that's set to reoccur weekly on certain days would kick off on UTC time.

However, if I use no re-occurrence the job initiates on my local time.

hello all

I migrated my VCSA from 6.0 to 6.5 and now and i have a strange message when i try to deploy an OVA : This version of vcenter server does not support Deploy OVF template using this version of vsphere web client.To deploy OVF template, login with version 6.5.0.0 of vsphere web client.

Of course i already use a 6.5 version like i am connected to vCenter 6.5.

I tryed to to remove stored data, clear cache, change brower, remove CIP 5.5 et 6.0, reboot VCSA and finely change PC.

I tryed with root and administrator@vsphere.local.

Always the same message (popup)

is anybody have a new idea ?

Thierry MARIET.

VMware consultant

I am testing vSphere 6.5 with the following setup:

I have a Windows 10 laptop with VMware Workstation 12 Pro installed. I have create a virtual machine in Workstation running Windows Server 2012 R2. I have set up AD and DNS on it. This server has an IP address of 192.168.59.129 and its FQDN is win2012.ad.example.com. I can ping the machine and DNS is working correctly. I have successfully also set up an ESXi host in another virtual machine and they can ping each other.

I am now trying to install vCenter Server Appliance 6.5, so far with no success. I am trying to use the OVA file: VMware-vCenter-Server-Appliance-6.5.0.5200-4944578_OVF10.ova located in the ISO. I understand after reading several articles that I first need to configure the .vmx file before booting my machine. I think the main reason is that I am not fully understanding the settings that should be placed in the file, specifically the vmdir settings. I have tried a number of different variations on the settings and still nothing seems to be working. My most recent configuration looks like this:

    guestinfo.cis.deployment.node.type = "embedded"

    guestinfo.cis.appliance.net.addr.family = "ipv4"

    guestinfo.cis.appliance.net.mode = "static"

    guestinfo.cis.appliance.net.pnid = "vc.ad.example.com"

    guestinfo.cis.appliance.net.addr = "192.168.59.194"

    guestinfo.cis.appliance.net.prefix = "24"

    guestinfo.cis.appliance.net.gateway = "192.168.59.129"

    guestinfo.cis.appliance.net.dns.servers = "192.168.59.129"

    guestinfo.cis.appliance.root.passwd = "Password#1"

    guestinfo.cis.appliance.ssh.enabled = "True"

    guestinfo.cis.deployment.autoconfig = "True"

    guestinfo.cis.appliance.ntp.servers = "pool.ntp.org"

    guestinfo.cis.vmdir.password = "Password#1"

    guestinfo.cis.vmdir.site-name = "mysite"

    guestinfo.cis.vmdir.domain-name = "vsphere.local"

    guestinfo.cis.ceip_enabled = "False"

I have also made sure that vc.ad.example.com is mapped correctly to 192.168.59.194 on the DNS server, including reverse DNS (PTR) entries.

After the server begins its initialization routine, I eventually get this error on the screen:

    Failed to start services. Firstboot Error.

I am unable to ping the machine or connect through a web browser.

What am I doing wrong here?

As a side note, I should also point out that on boot up I am also getting the following errors which I am not sure if they are related or not, or if they can be safely ignored:

sd 2:0:0:0: [sda] Assuming drive cache: write through (I am getting this line for all 12 drives sda through sdl)

A start job is running for dev-swap_vg-swap1.device (... / 1min 30s)

[TIME] Timed out waiting for device dev-swap_vg-swap1.device.

[DEPEND] Dependency failed for /dev/swap_vg/swap1.

[DEPEND] Dependency failed for Swap.

[FAILED] Failed to start LSB: Lightning fast webserver with light system requirements.

Are these errors safe to ignore, or are they the reason that I am getting the Firstboot Error?

Thank you for your help!

We have two vCenters in enhanced linked mode (6.0) .  I ran through the process in the link below.  Services are started up, and I can see the icon in vSphere C# client.  I rebooted vCenter and restarted services however I do not see the Auto deploy icon within the web client.  Any ideas?  Do I need to perform any actions on the PSCs?

https://esxsi.com/2016/07/19/auto-deploy-install/

Pretty much the question is as the subject states.

For the life of me I've been trying to get this particular call to work from the vCenter MOB.  The goal is to just test and see if a set of credentials are valid in the Guest before passing them into some code that will use the same call later on.  Just to validate if the password has expired or someone fat fingered it.

Any attempt to use the MOB is met with 'vim.vault.NotSupported'.

vCenter is the lasted build of 5.5, along with ESXi 5.5 (current build), test Windows 2012 with current VMware Tools.

This walks a thin line between being an API Forum Question and a vCenter question, but I'm trying to do this without using an SDK.  Heck, I'd even take a cURL command line for testing over the MOB of that's possible.

I just need to know if it should work, and an example payload to go with it (I can't find that either).

Hello,

I want to increase root partition ( / ) in VCSA 6.0. Its format is ext3 but it's not an LVM volume so vpxd_servicecfg storage lvm autogrow not working for me.

I've found couple articles about increasing it's size by running fdisk /dev/sda and then remove partition 3, recreate it, set it and at the end (after reboot of the server) use resize2fs /dev/sda3.

I have situation when vpxd_servicecfg storage lvm autogrow extends all lvms and rescan storage for all devices, so I can see that device /dev/sda has 5GB unallocated. Can I use only resize2fs /dev/sda3 to extend partition size with no downtime of the server?

Or maybe there is another way? And is it even supported by vmware to extend root partition?

Articles that I've found:

Increasing the disk space for the VMware vCenter Server Appliance in vSphere 6.0 (2126276) | VMware KB

https://content.pivotal.io/blog/increasing-the-size-of-a-vcsa-root-filesystem

Thanks in advance,

Lukasz

I'm making a fairly simple workflow in vRO that will simply take an input of the 'context' field, connect via the REST API, and query for all events that have that value in the context field, to output the logs associated with provisioning a system in vRA. The idea being I can either email the results on a failure, publish to a dashboard, whatever.

I'm using VLI 4.0.0 currently, and I'm referencing the documentation at Log Insight API documentation

I can easily do the GET query to get events and set the limit parameter to whatever I want, e.g :

GET /api/v1/events?limit=1000&timeout=15000

But, when I go add the constraints that I mentioned above, and attempt to add the limit argument, it's throwing errors.

https://[host]/api/v1/events/context/CONTAINS%20[context value]/product/vra/product/vro/timestamp/%3E0

This works, but only returns 100 entries, and I know there are more. If I try to do either of these whether URL encoded or not, it errors out:

https://[host]/api/v1/events/context/CONTAINS%20[context value]/product/vra/product/vro/timestamp/%3E0?limit=1000

{"errorMessage":"invalid_constraints: timestamp GT [0?limit=1000]"}

https://[host]/api/v1/events/context/CONTAINS%20[context value]/product/vra/product/vro/timestamp/%3E0/?limit=1000

{"errorMessage":"missing_argument: ?limit=1000"}

https://[host]/api/v1/events?limit=1000/context/CONTAINS%20[context value]/product/vra/product/vro/timestamp/%3E0

{"errorMessage":"Handler not found for request GET /api/v1/events%3Flimit%3D1000/context/CONTAINS%20SaU96w79/product/vra/product/vro/timestamp/%3E0"}

Is anyone aware of if it is possible to query with constraints and the limit argument in a single go?

I would hate to have to query a pile of stuff and then parse it by the context field afterward.

I've two vCenters joined to same platform services controller. When I'm logged in using administrator@vsphere.local, there's no issue and I'm able to do everything within Site Recovery Manager.. I've an AD Integrated authentication setup in and my account is a member of Administrators@vsphere.local group. It was a member before installation of SRM as I read in VMware documentations that if it's not a member before, then you need to manually provide permissions.. So It seems my AD domain account has all the rights required but I'm unable to connect to sites when I'm logged in using domain\username.

So now I'm logged in with administrator@vsphere.local account and I can see that all the permissions are fine.

In addition to this, I've restarted SRM and Web Client services on both vCenters.. Any help would be much appreciated..

The weird thing is SRM is not even prompting me for credentials which it should be and I do have Client Integration Plugin installed and working in my browser..

Hi,

I recently upgraded my vCenter 6.5 virtual appliance from v6.5 to v6.5 U1 (5969303). After the upgrade, I noticed that the CPU and Memory as well as the Database statistics stopped updating (these statistics reside under the virtual appliance’s management interface). Does anyone have any ideas on how to resolve this issue?

Thanks

Hello, All,

I have an interesting challenge which requires to merge few different SSO domains (with a same domain and site name).

Infrastructure looks like next:

We have few VCSA 6u2 with the embedded PSC.

We deployed 2 external PSCs with the same domain 'vsphere.local' and site 'Default-First-Site' name (during the installation they weren't added to the exist domain on the VCSA02 , but configured like a new domain and site).

Idea is to repoint that all old VCSA to one external PSC (one from group of 2 new servers).

I have made an agreement between servers now VCSA02<>PSC01, but servers don't want to start sync.

Here is partner's status on the PSC01

# /usr/lib/vmware-vmdir/bin/vdcrepadmin -f showpartnerstatus -h localhost -u administrator -w <pass>

Partner: PSC02.blablabla.local

Host available:   Yes

Status available: Yes

My last change number:             799

Partner has seen my change number: 799

Partner is 0 changes behind.

Partner: VCSA02.blablabla.local

Host available:   Yes

Status available: No

Main questions are:

-is this possible to do?

-[if yes] is it supported by VMWare?

Thank you so much on advance

vRO needs to provision an Infoblox/DNS entry for the Database Name (oracle.db_name) pointing to the primary address of the VM being provisioned.

The Infoblox entry should be associated with the vRA deployment such that when the deployment is deleted, the Infoblox entry is also deleted.