vami_config_net To Change VCSA Hostname

After reading the title of this article I’m sure you’re saying, ‘You can’t change VCSA hostname.  You have to redeploy.’  That is what I was told and all the documentation I have read says you have to redeploy.  Well it is not true.  With that said here is your warning about mucking with the VCSA configuration.  Don’t do it!  Unless you are working in your test environment and you came across a ‘workaround’ that you wanted to try.  I still wouldn’t recommend using this ‘workaround’ in your production environment without extensive testing and upon recommendation from VMware Support.

Why did I need to change the hostname in my test lab?  I applied 6.5 U1 to the VCSA in my test lab.  I then checked the VCSA and saw that the hostname was changed to ‘localhost’ and AD authentication was broken.  It also broke ssl certificates.  I was getting ready to redeploy the VCSA when I came across this ‘workaround’ and I gave it a try.  It worked great.

Change VCSA 6.5 U1 Hostname with vami_config_net

The ‘workaround’ is  really a built in utility called vami_config_net. The full name of this utility is configure-network command-line utility. Here is what the utility looks like in use with relevant configuration names blacked out.  

Shows vami_config_net command
shows Main Menu for vami_config_net
vami_config_net Main Menu
show Current Configuration in vami_config_net
vami_config_net Current Configuration
shows Hostname vami_config_net
vami_config_net Hostname

Option # 3 will prompt with ‘New hostname’ and show the current hostname.  I made this change in my test lab and it did not require a reboot to start working.  However, I made this change after the VCSA had lost domain trust.  I had to take the VCSA completely out of the domain, delete the computer object, and join it to the domain again.  The VCSA is working wonderfully once more.

If I had tried to change the ip address it would have failed without changing the dns to reflect this before making the change.  In this very limited use case vami_config_net worked because I changed the hostname back to the original name. I would not have faith in using this utility to just to change from one hostname to a completely different hostname until I have tested further.

More info on vami_config_net

Allocate a static IP address to the VMware vCenter Server Appliance (VCSA)

How to “fix” VCSA IP settings from command line.

Automating VCSA Network Configurations For Greenfield Deployments

Let me know if this article helps you.  Please share your experiences with vami_config_net.  I look forward to hearing from you!

shows silhouette with working gears for a brain


Changing vCenter Default Domain

One of the less annoying things I encounter on a daily basis is the wrong default domain on my vCenter appliance. Changing the vCenter default domain is necessary in my environment because the empty-root domain is default. Our main domain where all of our user accounts reside is a sub-domain of the empty-root domain. That means that you can’t just login with your normal credentials without using the domain\username or formats. This isn’t a large problem but anything that speeds up my day is always appreciated.

It turns out that this is a known problem for users in a child domain where the vCenter has been upgraded from version 5.5.0 to 5.5.0b or later.  In my case the users can login still if they put the domain prefix as part of their login.  I just don’t want to have to worry about that especially for those in our enterprise that can’t figure out how to login by using a domain prefix.


To change the behavior of the identity source, the default domain can be changed on the Single Sign-On (SSO) server from the domain that was created during the upgrade.

Windows-based Single Sign-On (SSO)

Connect to the machine that is running the SSO instance.
Create the defaultdomain.ldif file containing this information using a plain text editor:

dn: cn=vsphere.local,cn=Tenants,cn=IdentityManager,cn=Services,dc=vsphere,dc=local
changetype: modify
replace: vmwSTSDefaultIdentityProvider

Note: Replace with the desired default domain from your environment. Contents of .ldif file should be terminated with “-” .

As an Administrator, click Start > Run, type cmd and then click OK.
Run C:\>ldifde command to confirm that the ldifde tool is available. This list returns a list of available commands.
If the tool is not present, install it by running this command:

C:\>ServerManagerCmd -i RSAT-ADDS-Tools

For Windows 2012 run this powershell command:

Install-WindowsFeature RSAT-ADDS

Run this command to update the default domain:

C:\>ldifde -i -f filepath\defaultdomain.ldif -s localhost -t 11711 -a “cn=Administrator,cn=Users,dc=vsphere,dc=local” *


When prompted, enter the Administrator@vsphere.local Single Sign-On (SSO) password.
The command should complete successfully.

VMware vCenter Server Appliance with local Single Sign-On (SSO)

Connect to the machine that is running the SSO instance.
Create the defaultdomain.ldif file containing this information using a plain text editor:

dn: cn=vsphere.local,cn=Tenants,cn=IdentityManager,cn=Services,dc=vsphere,dc=local
changetype: modify
replace: vmwSTSDefaultIdentityProvider

Note: Replace with the desired default domain from your environment. Contents of .ldif file should be terminated with “-” .

Open a console to the vCenter Server Appliance.
Run this command to update the default domain:

/opt/likewise/bin/ldapmodify -f filepath/defaultdomain.ldif -h localhost -p 11711 -D “cn=Administrator,cn=Users,dc=vsphere,dc=local” -W


Enter the Administrator@vsphere.local SSO password.
The command should complete successfully.


Here is the link to kb2070433  if you would like to read the full article for yourself. It is a trivial change to fix a trivial problem but I am glad to say it works like a charm.

VMworld Sessions Now Available

Thanks to William Lam over at virtuallyGhetto for creating an easy way to directly playback all of the VMworld Sessions from VMworld Europe and VMworld U.S.

I will be spending the next couple of months catching up on all the sessions I missed.  Head over to virtuallyGhetto to see all the other awesome things William Lam posts.

Go Away Irma

This week has been non-stop worrying about Hurricane Irma.  All I can say is ‘Go Away Irma’.  You’re cramping my style! Apparently it was not necessary to plan for disaster recovery until a week before the strongest hurricane in recorded Atlantic ocean history is going to hit.  All that other planning can just be thrown away.  Let the fire chiefs take over and ring the alarms.  I could use more drama in my life. (Extreme SARCASM).  At this point I still don’t know if I will be working this weekend or not.  


I would love to hear from you if you’re having some interesting challenges in regards to disaster recovery.  On a positive note, I am so glad we have VEEAM.  I can’t imagine facing a hurricane and having to use our old backup software. for needed restores.  VEEAM’s byline was ‘It Just Works’ and there has never been more truth in advertizing. 

There will be lots of prayers over the next week and I will be among those praying for safety and for rescue for all people affected by hurricanes this season.  Here’s hoping that we can get back to the normal workplace dysfunction I am used to on a daily basis.

Finally – VMware Cloud on Amazon Web Services

Amazon Web Services and VMware have finally launched their much anticipated VMware Cloud on Amazon Web Services. What does this mean for traditional VMware shops?  In my opinion it means that the ease of exploring the cloud for enterprises has become much more likely to happen. In other words this will accelerate the move to the cloud for vSphere deployments everywhere. 

VMware Cloud on AWS Key feature

The ability to manage applications across your private-on-premises cloud and AWS becomes seamless. The ability to see your Amazon vSphere clusters in your vCenter just like any other cluster is awesome.  This is what I have been clamoring for and I can’t wait to try this.

Hurdles to overcome using VMware Cloud on AWS

I hope that this will also mean that I can go out and purchase Amazon Web Services through VMware which is already a trusted partner for our enterprise.  At my enterprise we have been exploring the possibility of moving some services to the cloud but we are running into issues with our legal team and the Amazon Web Services contract.  Amazon has been very resistant to changing any of the legal language that our lawyers are insisting upon.  The result has been that we are stuck in limbo.  I hope to explore this further in the coming months and will update here what I find.



PowerShell SSL Certificate Script

Do you have to generate more than a few ssl certificates as part of your day-to-day job? Would you like to script it? I have a script for you.  This PowerShell script has proven itself very indispensable when we had to replace all of our sha1 certificates. (Thanks Google!)  I hope you find this script useful and if you do, please leave feedback.  

 PowerShell Code:

Note: You can always modify the script to accept a list of fully qualified domain names if you need to produce a large quantity of certificates.

vCenter Server 6.5.0e Is Out

If you are experiencing the following issue your fix is available with the 6.5.0e release. Even if you are not experiencing this issue it is recommended to go ahead and apply this patch according to my VMware TAM.

vCenter Server 6.5 might fail with an error of the type ERROR: duplicate key value violates unique constraint “pk_vpx_guest_disk”
The vpxd service on vCenter Server 6.5 might intermittently fail with the following error stack in the log files:

YYYY-MM-DDT00:01:24.342Z error vpxd[7F8DD228C700] [Originator@6876 sub=Default opID=HB-host-476@72123-38e1cc31] [VdbStatement] >SQLError was thrown: “ODBC error: (23505) – ERROR: duplicate key value violates unique constraint “pk_vpx_guest_disk”;

–> Error while executing the query” is returned when executing SQL statement “INSERT INTO VPX_GUEST_DISK (VM_ID, PATH, CAPACITY, >FREE_SPACE) VALUES (?, ?, ?, ?)”

The VMware vCenter Server 6.5 vpxd log files are located in the %ALLUSERSPROFILE%\VMWare\vCenterServer\logs\vmware-vpx folder.

The VMware vCenter Server Appliance vpxd 6.5 log files are located in the /var/log/vmware/vmware-vpx folder.

The error occurs because of a database key violation for the GuestDisks updates, causing duplicate entries in the table.

This issue is fixed in this release.


Source: VMware vCenter Server 6.5.0e Release Notes