Cross SSO vMotion Between vCenters

This week I am sharing a very helpful PowerCLI script to vMotion a vm from one SSO domain to another SSO domain.  I shamelessly borrowed this script from Romain Decker’s site Cloud Maniac. The original script was very good and functioned well.  I just took it a step further and added some functions to customize it for our environment.  These functions are:  Get-SourcevCenter, Get-DestvCenter, Ask-VMNameForMigration, Ask-DCForMigration, Ask-ClusterForMigration, Choose-StorageForVMMigration.  The names of each function should explain their use.   Essentially you will need to edit the script to customize some of these functions for your environment. 

I have used it dozens of times and it works flawlessly with one exception.  If your EVC modes don’t quite match between vCenters there may be some vms that cannot be vMotioned while powered on.  Just arrange for a downtime and try again with the vm powered off.  It will work well.  This sure beats downloading a vm to your desktop and then uploading it to the new vCenter environment.  If you need any explanation or help with modifying this code to fit your environment please feel free to comment.

( If you like this please check out some of my other PowerCLI posts like PowerCLI Get-vCenter Function )

Caution: Like all code you download from the internet, please understand and modify the code accordingly to prevent unforeseen production problems.  Also known as career-altering events. 

Cross SSO vMotion PowerCLI Code: 

Photo by bruce mars from Pexels
Thinking equals coding

 

 

Advertisements

PowerCLI Get-vCenter Function

Since I work in a multiple vCenter environment, it is nice to have a function that allows for a connection choice when running a PowerCLI script.  The Get-vCenter function has an array of all the vCenters I potentially might connect with to run a PowerCLI script.  This array is presented in a numbered format that allows the script user to choose the vCenter they want to use for the rest of the script. You can make the array as large or small as you want.  It will dynamically create a numbered choice next to each vCenter.  It is simple but comes in very handy.

Caution: Like all code you download from the internet, please understand and modify the code accordingly to prevent unforeseen production problems.  Also known as career-altering events. 

PowerCLI Code:

vami_config_net To Change VCSA Hostname

After reading the title of this article I’m sure you’re saying, ‘You can’t change VCSA hostname.  You have to redeploy.’  That is what I was told and all the documentation I have read says you have to redeploy.  Well it is not true.  With that said here is your warning about mucking with the VCSA configuration.  Don’t do it!  Unless you are working in your test environment and you came across a ‘workaround’ that you wanted to try.  I still wouldn’t recommend using this ‘workaround’ in your production environment without extensive testing and upon recommendation from VMware Support.

Why did I need to change the hostname in my test lab?  I applied 6.5 U1 to the VCSA in my test lab.  I then checked the VCSA and saw that the hostname was changed to ‘localhost’ and AD authentication was broken.  It also broke ssl certificates.  I was getting ready to redeploy the VCSA when I came across this ‘workaround’ and I gave it a try.  It worked great.

Change VCSA 6.5 U1 Hostname with vami_config_net

The ‘workaround’ is  really a built in utility called vami_config_net. The full name of this utility is configure-network command-line utility. Here is what the utility looks like in use with relevant configuration names blacked out.  

Shows vami_config_net command
vami_config_net
shows Main Menu for vami_config_net
vami_config_net Main Menu
show Current Configuration in vami_config_net
vami_config_net Current Configuration
shows Hostname vami_config_net
vami_config_net Hostname

Option # 3 will prompt with ‘New hostname’ and show the current hostname.  I made this change in my test lab and it did not require a reboot to start working.  However, I made this change after the VCSA had lost domain trust.  I had to take the VCSA completely out of the domain, delete the computer object, and join it to the domain again.  The VCSA is working wonderfully once more.

If I had tried to change the ip address it would have failed without changing the dns to reflect this before making the change.  In this very limited use case vami_config_net worked because I changed the hostname back to the original name. I would not have faith in using this utility to just to change from one hostname to a completely different hostname until I have tested further.

More info on vami_config_net

Allocate a static IP address to the VMware vCenter Server Appliance (VCSA)

How to “fix” VCSA IP settings from command line.

Automating VCSA Network Configurations For Greenfield Deployments

Let me know if this article helps you.  Please share your experiences with vami_config_net.  I look forward to hearing from you!

shows silhouette with working gears for a brain

 

Changing vCenter Default Domain

One of the less annoying things I encounter on a daily basis is the wrong default domain on my vCenter appliance. Changing the vCenter default domain is necessary in my environment because the empty-root domain is default. Our main domain where all of our user accounts reside is a sub-domain of the empty-root domain. That means that you can’t just login with your normal credentials without using the domain\username or username@domain.com formats. This isn’t a large problem but anything that speeds up my day is always appreciated.

It turns out that this is a known problem for users in a child domain where the vCenter has been upgraded from version 5.5.0 to 5.5.0b or later.  In my case the users can login still if they put the domain prefix as part of their login.  I just don’t want to have to worry about that especially for those in our enterprise that can’t figure out how to login by using a domain prefix.

Resolution

To change the behavior of the identity source, the default domain can be changed on the Single Sign-On (SSO) server from the domain that was created during the upgrade.

Windows-based Single Sign-On (SSO)

Connect to the machine that is running the SSO instance.
Create the defaultdomain.ldif file containing this information using a plain text editor:

dn: cn=vsphere.local,cn=Tenants,cn=IdentityManager,cn=Services,dc=vsphere,dc=local
changetype: modify
replace: vmwSTSDefaultIdentityProvider
vmwSTSDefaultIdentityProvider: example.com

Note: Replace example.com with the desired default domain from your environment. Contents of .ldif file should be terminated with “-” .

As an Administrator, click Start > Run, type cmd and then click OK.
Run C:\>ldifde command to confirm that the ldifde tool is available. This list returns a list of available commands.
If the tool is not present, install it by running this command:

C:\>ServerManagerCmd -i RSAT-ADDS-Tools

For Windows 2012 run this powershell command:

Install-WindowsFeature RSAT-ADDS

Run this command to update the default domain:

C:\>ldifde -i -f filepath\defaultdomain.ldif -s localhost -t 11711 -a “cn=Administrator,cn=Users,dc=vsphere,dc=local” *

 

When prompted, enter the Administrator@vsphere.local Single Sign-On (SSO) password.
The command should complete successfully.

VMware vCenter Server Appliance with local Single Sign-On (SSO)

Connect to the machine that is running the SSO instance.
Create the defaultdomain.ldif file containing this information using a plain text editor:

dn: cn=vsphere.local,cn=Tenants,cn=IdentityManager,cn=Services,dc=vsphere,dc=local
changetype: modify
replace: vmwSTSDefaultIdentityProvider
vmwSTSDefaultIdentityProvider: example.com

Note: Replace example.com with the desired default domain from your environment. Contents of .ldif file should be terminated with “-” .

Open a console to the vCenter Server Appliance.
Run this command to update the default domain:

/opt/likewise/bin/ldapmodify -f filepath/defaultdomain.ldif -h localhost -p 11711 -D “cn=Administrator,cn=Users,dc=vsphere,dc=local” -W

 

Enter the Administrator@vsphere.local SSO password.
The command should complete successfully.

 

Here is the link to kb2070433  if you would like to read the full article for yourself. It is a trivial change to fix a trivial problem but I am glad to say it works like a charm.

VMworld Sessions Now Available

Thanks to William Lam over at virtuallyGhetto for creating an easy way to directly playback all of the VMworld Sessions from VMworld Europe and VMworld U.S.

I will be spending the next couple of months catching up on all the sessions I missed.  Head over to virtuallyGhetto to see all the other awesome things William Lam posts.

Go Away Irma

This week has been non-stop worrying about Hurricane Irma.  All I can say is ‘Go Away Irma’.  You’re cramping my style! Apparently it was not necessary to plan for disaster recovery until a week before the strongest hurricane in recorded Atlantic ocean history is going to hit.  All that other planning can just be thrown away.  Let the fire chiefs take over and ring the alarms.  I could use more drama in my life. (Extreme SARCASM).  At this point I still don’t know if I will be working this weekend or not.  

Challenges

I would love to hear from you if you’re having some interesting challenges in regards to disaster recovery.  On a positive note, I am so glad we have VEEAM.  I can’t imagine facing a hurricane and having to use our old backup software. for needed restores.  VEEAM’s byline was ‘It Just Works’ and there has never been more truth in advertizing. 

There will be lots of prayers over the next week and I will be among those praying for safety and for rescue for all people affected by hurricanes this season.  Here’s hoping that we can get back to the normal workplace dysfunction I am used to on a daily basis.

Finally – VMware Cloud on Amazon Web Services

Amazon Web Services and VMware have finally launched their much anticipated VMware Cloud on Amazon Web Services. What does this mean for traditional VMware shops?  In my opinion it means that the ease of exploring the cloud for enterprises has become much more likely to happen. In other words this will accelerate the move to the cloud for vSphere deployments everywhere. 

VMware Cloud on AWS Key feature

The ability to manage applications across your private-on-premises cloud and AWS becomes seamless. The ability to see your Amazon vSphere clusters in your vCenter just like any other cluster is awesome.  This is what I have been clamoring for and I can’t wait to try this.

Hurdles to overcome using VMware Cloud on AWS

I hope that this will also mean that I can go out and purchase Amazon Web Services through VMware which is already a trusted partner for our enterprise.  At my enterprise we have been exploring the possibility of moving some services to the cloud but we are running into issues with our legal team and the Amazon Web Services contract.  Amazon has been very resistant to changing any of the legal language that our lawyers are insisting upon.  The result has been that we are stuck in limbo.  I hope to explore this further in the coming months and will update here what I find.

 

 

PowerShell SSL Certificate Script

Do you have to generate more than a few ssl certificates as part of your day-to-day job? Would you like to script it? I have a script for you.  This PowerShell script has proven itself very indispensable when we had to replace all of our sha1 certificates. (Thanks Google!)  I hope you find this script useful and if you do, please leave feedback.  

 PowerShell Code:

Note: You can always modify the script to accept a list of fully qualified domain names if you need to produce a large quantity of certificates.

vCenter Server 6.5.0e Is Out

If you are experiencing the following issue your fix is available with the 6.5.0e release. Even if you are not experiencing this issue it is recommended to go ahead and apply this patch according to my VMware TAM.

vCenter Server 6.5 might fail with an error of the type ERROR: duplicate key value violates unique constraint “pk_vpx_guest_disk”
The vpxd service on vCenter Server 6.5 might intermittently fail with the following error stack in the log files:

YYYY-MM-DDT00:01:24.342Z error vpxd[7F8DD228C700] [Originator@6876 sub=Default opID=HB-host-476@72123-38e1cc31] [VdbStatement] >SQLError was thrown: “ODBC error: (23505) – ERROR: duplicate key value violates unique constraint “pk_vpx_guest_disk”;

–> Error while executing the query” is returned when executing SQL statement “INSERT INTO VPX_GUEST_DISK (VM_ID, PATH, CAPACITY, >FREE_SPACE) VALUES (?, ?, ?, ?)”

The VMware vCenter Server 6.5 vpxd log files are located in the %ALLUSERSPROFILE%\VMWare\vCenterServer\logs\vmware-vpx folder.

The VMware vCenter Server Appliance vpxd 6.5 log files are located in the /var/log/vmware/vmware-vpx folder.

The error occurs because of a database key violation for the GuestDisks updates, causing duplicate entries in the table.

This issue is fixed in this release.

 

Source: VMware vCenter Server 6.5.0e Release Notes

Journey to VCAP6-DCV Deploy Certification

Procrastination can be a wonderful thing when it comes to getting nowhere.But I really want to get somewhere with my journey to obtain VCAP6-DCV Deploy I vow to stop my procrastination journey to nowhere. As part of this vow I have started collecting resources to be successful in obtaining the VCAP6-DCV Deploy.

studying

Like 99% of the people in the world I Googled That Stuff (GTS) and here is the resource list I came up with:

VCAP6-DCV Deploy Exam Info and Blueprint

VCAP6-DCV Google+ Community

VCAP Study Sheet

Great way to make the perfect study sheet

 

Pluralsight VCP6-DCV Learning Path

My favorite way to learn online

VCAP6-DCV Deploy Exam Simulator – Free

VCAP Forum on VMTN

THESAFFAGEEK VCAP6-Deploy & Design

Various Study Guides in no particular order:

TheVirtualPaddy

vCallaway

vJenner

vPentathalon

I hope these will be helpful to you and of course to myself on this journey.