vami_config_net To Change VCSA Hostname

After reading the title of this article I’m sure you’re saying, ‘You can’t change VCSA hostname.  You have to redeploy.’  That is what I was told and all the documentation I have read says you have to redeploy.  Well it is not true.  With that said here is your warning about mucking with the VCSA configuration.  Don’t do it!  Unless you are working in your test environment and you came across a ‘workaround’ that you wanted to try.  I still wouldn’t recommend using this ‘workaround’ in your production environment without extensive testing and upon recommendation from VMware Support.

Why did I need to change the hostname in my test lab?  I applied 6.5 U1 to the VCSA in my test lab.  I then checked the VCSA and saw that the hostname was changed to ‘localhost’ and AD authentication was broken.  It also broke ssl certificates.  I was getting ready to redeploy the VCSA when I came across this ‘workaround’ and I gave it a try.  It worked great.

Change VCSA 6.5 U1 Hostname with vami_config_net

The ‘workaround’ is  really a built in utility called vami_config_net. The full name of this utility is configure-network command-line utility. Here is what the utility looks like in use with relevant configuration names blacked out.  

Shows vami_config_net command
vami_config_net
shows Main Menu for vami_config_net
vami_config_net Main Menu
show Current Configuration in vami_config_net
vami_config_net Current Configuration
shows Hostname vami_config_net
vami_config_net Hostname

Option # 3 will prompt with ‘New hostname’ and show the current hostname.  I made this change in my test lab and it did not require a reboot to start working.  However, I made this change after the VCSA had lost domain trust.  I had to take the VCSA completely out of the domain, delete the computer object, and join it to the domain again.  The VCSA is working wonderfully once more.

If I had tried to change the ip address it would have failed without changing the dns to reflect this before making the change.  In this very limited use case vami_config_net worked because I changed the hostname back to the original name. I would not have faith in using this utility to just to change from one hostname to a completely different hostname until I have tested further.

More info on vami_config_net

Allocate a static IP address to the VMware vCenter Server Appliance (VCSA)

How to “fix” VCSA IP settings from command line.

Automating VCSA Network Configurations For Greenfield Deployments

Let me know if this article helps you.  Please share your experiences with vami_config_net.  I look forward to hearing from you!

shows silhouette with working gears for a brain

 

Changing vCenter Default Domain

One of the less annoying things I encounter on a daily basis is the wrong default domain on my vCenter appliance. Changing the vCenter default domain is necessary in my environment because the empty-root domain is default. Our main domain where all of our user accounts reside is a sub-domain of the empty-root domain. That means that you can’t just login with your normal credentials without using the domain\username or username@domain.com formats. This isn’t a large problem but anything that speeds up my day is always appreciated.

It turns out that this is a known problem for users in a child domain where the vCenter has been upgraded from version 5.5.0 to 5.5.0b or later.  In my case the users can login still if they put the domain prefix as part of their login.  I just don’t want to have to worry about that especially for those in our enterprise that can’t figure out how to login by using a domain prefix.

Resolution

To change the behavior of the identity source, the default domain can be changed on the Single Sign-On (SSO) server from the domain that was created during the upgrade.

Windows-based Single Sign-On (SSO)

Connect to the machine that is running the SSO instance.
Create the defaultdomain.ldif file containing this information using a plain text editor:

dn: cn=vsphere.local,cn=Tenants,cn=IdentityManager,cn=Services,dc=vsphere,dc=local
changetype: modify
replace: vmwSTSDefaultIdentityProvider
vmwSTSDefaultIdentityProvider: example.com

Note: Replace example.com with the desired default domain from your environment. Contents of .ldif file should be terminated with “-” .

As an Administrator, click Start > Run, type cmd and then click OK.
Run C:\>ldifde command to confirm that the ldifde tool is available. This list returns a list of available commands.
If the tool is not present, install it by running this command:

C:\>ServerManagerCmd -i RSAT-ADDS-Tools

For Windows 2012 run this powershell command:

Install-WindowsFeature RSAT-ADDS

Run this command to update the default domain:

C:\>ldifde -i -f filepath\defaultdomain.ldif -s localhost -t 11711 -a “cn=Administrator,cn=Users,dc=vsphere,dc=local” *

 

When prompted, enter the Administrator@vsphere.local Single Sign-On (SSO) password.
The command should complete successfully.

VMware vCenter Server Appliance with local Single Sign-On (SSO)

Connect to the machine that is running the SSO instance.
Create the defaultdomain.ldif file containing this information using a plain text editor:

dn: cn=vsphere.local,cn=Tenants,cn=IdentityManager,cn=Services,dc=vsphere,dc=local
changetype: modify
replace: vmwSTSDefaultIdentityProvider
vmwSTSDefaultIdentityProvider: example.com

Note: Replace example.com with the desired default domain from your environment. Contents of .ldif file should be terminated with “-” .

Open a console to the vCenter Server Appliance.
Run this command to update the default domain:

/opt/likewise/bin/ldapmodify -f filepath/defaultdomain.ldif -h localhost -p 11711 -D “cn=Administrator,cn=Users,dc=vsphere,dc=local” -W

 

Enter the Administrator@vsphere.local SSO password.
The command should complete successfully.

 

Here is the link to kb2070433  if you would like to read the full article for yourself. It is a trivial change to fix a trivial problem but I am glad to say it works like a charm.

VMworld Sessions Now Available

Thanks to William Lam over at virtuallyGhetto for creating an easy way to directly playback all of the VMworld Sessions from VMworld Europe and VMworld U.S.

I will be spending the next couple of months catching up on all the sessions I missed.  Head over to virtuallyGhetto to see all the other awesome things William Lam posts.

Go Away Irma

This week has been non-stop worrying about Hurricane Irma.  All I can say is ‘Go Away Irma’.  You’re cramping my style! Apparently it was not necessary to plan for disaster recovery until a week before the strongest hurricane in recorded Atlantic ocean history is going to hit.  All that other planning can just be thrown away.  Let the fire chiefs take over and ring the alarms.  I could use more drama in my life. (Extreme SARCASM).  At this point I still don’t know if I will be working this weekend or not.  

Challenges

I would love to hear from you if you’re having some interesting challenges in regards to disaster recovery.  On a positive note, I am so glad we have VEEAM.  I can’t imagine facing a hurricane and having to use our old backup software. for needed restores.  VEEAM’s byline was ‘It Just Works’ and there has never been more truth in advertizing. 

There will be lots of prayers over the next week and I will be among those praying for safety and for rescue for all people affected by hurricanes this season.  Here’s hoping that we can get back to the normal workplace dysfunction I am used to on a daily basis.

Finally – VMware Cloud on Amazon Web Services

Amazon Web Services and VMware have finally launched their much anticipated VMware Cloud on Amazon Web Services. What does this mean for traditional VMware shops?  In my opinion it means that the ease of exploring the cloud for enterprises has become much more likely to happen. In other words this will accelerate the move to the cloud for vSphere deployments everywhere. 

VMware Cloud on AWS Key feature

The ability to manage applications across your private-on-premises cloud and AWS becomes seamless. The ability to see your Amazon vSphere clusters in your vCenter just like any other cluster is awesome.  This is what I have been clamoring for and I can’t wait to try this.

Hurdles to overcome using VMware Cloud on AWS

I hope that this will also mean that I can go out and purchase Amazon Web Services through VMware which is already a trusted partner for our enterprise.  At my enterprise we have been exploring the possibility of moving some services to the cloud but we are running into issues with our legal team and the Amazon Web Services contract.  Amazon has been very resistant to changing any of the legal language that our lawyers are insisting upon.  The result has been that we are stuck in limbo.  I hope to explore this further in the coming months and will update here what I find.

 

 

PowerShell SSL Certificate Script

Do you have to generate more than a few ssl certificates as part of your day-to-day job? Would you like to script it? I have a script for you.  This PowerShell script has proven itself very indispensable when we had to replace all of our sha1 certificates. (Thanks Google!)  I hope you find this script useful and if you do, please leave feedback.  

 PowerShell Code:

Note: You can always modify the script to accept a list of fully qualified domain names if you need to produce a large quantity of certificates.

vCenter Server 6.5.0e Is Out

If you are experiencing the following issue your fix is available with the 6.5.0e release. Even if you are not experiencing this issue it is recommended to go ahead and apply this patch according to my VMware TAM.

vCenter Server 6.5 might fail with an error of the type ERROR: duplicate key value violates unique constraint “pk_vpx_guest_disk”
The vpxd service on vCenter Server 6.5 might intermittently fail with the following error stack in the log files:

YYYY-MM-DDT00:01:24.342Z error vpxd[7F8DD228C700] [Originator@6876 sub=Default opID=HB-host-476@72123-38e1cc31] [VdbStatement] >SQLError was thrown: “ODBC error: (23505) – ERROR: duplicate key value violates unique constraint “pk_vpx_guest_disk”;

–> Error while executing the query” is returned when executing SQL statement “INSERT INTO VPX_GUEST_DISK (VM_ID, PATH, CAPACITY, >FREE_SPACE) VALUES (?, ?, ?, ?)”

The VMware vCenter Server 6.5 vpxd log files are located in the %ALLUSERSPROFILE%\VMWare\vCenterServer\logs\vmware-vpx folder.

The VMware vCenter Server Appliance vpxd 6.5 log files are located in the /var/log/vmware/vmware-vpx folder.

The error occurs because of a database key violation for the GuestDisks updates, causing duplicate entries in the table.

This issue is fixed in this release.

 

Source: VMware vCenter Server 6.5.0e Release Notes

Journey to VCAP6-DCV Deploy Certification

Procrastination can be a wonderful thing when it comes to getting nowhere.But I really want to get somewhere with my journey to obtain VCAP6-DCV Deploy I vow to stop my procrastination journey to nowhere. As part of this vow I have started collecting resources to be successful in obtaining the VCAP6-DCV Deploy.

studying

Like 99% of the people in the world I Googled That Stuff (GTS) and here is the resource list I came up with:

VCAP6-DCV Deploy Exam Info and Blueprint

VCAP6-DCV Google+ Community

VCAP Study Sheet

Great way to make the perfect study sheet

 

Pluralsight VCP6-DCV Learning Path

My favorite way to learn online

VCAP6-DCV Deploy Exam Simulator – Free

VCAP Forum on VMTN

THESAFFAGEEK VCAP6-Deploy & Design

Various Study Guides in no particular order:

TheVirtualPaddy

vCallaway

vJenner

vPentathalon

I hope these will be helpful to you and of course to myself on this journey.

Review of VMware vSphere: Optimize and Scale 6.5

I had the opportunity a few months ago to take the VMware vSphere: Optimize and Scale [6.5] class. The class was held at MicroTek Atlanta Training. The facility was very nice and not far from the hotel I stayed at for the week. The instructor was Brian Perry who is the Managing Partner with VUmbrella. He is a member of a very exclusive club VMworld Alumni Elite. Alumni Elite members (21) have attended every VMworld event and now have been given a free pass for life as long as they continue to go to each VMworld event and do not miss one.

The course is broken down into 11 sections. (You can get the outline from the course link above in the first paragraph) Going into this class after reading the outline I was worried that there wouldn’t be enough new material to justify taking this class in the first place. For experienced VMware admins this class is great because it allowed me to test drive many of the new feature of vSphere 6.5 before implementing in my lab.  In my case, whether intentional or not, I had been exposed to many of the more advanced parts of this class through VMware Support requests.  (Just a little training tidbit: If you can’t get your organization to pay for advanced VMware training, use VMware Support to get educated when you invariably have issues in your environment.  Most of the techs are more than happy to explain to you the why behind the what.  The other excellent resource is VMware Hands-On Labs which is free to everyone. If you need some free resources please refer to my previous article Top 13 Free VMware Training Resources)

Training2

Out of the 11 different sections the 4 sections on Optimization and the vCenter Server Availability and Performance were the best for me.  The Optimization sections cover CPU, Memory, Storage, and Network.  They especially get into the use of esxtop to troubleshoot and analyze your environment.  Setting up vCenter HA in the class was a great experience and within a couple of weeks after attending this class it was setup in my production environment.  Great Stuff!

The bottom line is that this class was great especially the instructor Brian Perry. After talking with Brian I think I found my next VMware training class.  VMware vSphere: Troubleshooting Workshop .  His description was that the instructor runs scripts to break various parts of vSphere and you have to fix it.  What better way to learn is there?

Using PowerCLI to Patch ESXi Hosts

I have been looking to automate more processes at work and patching ESXi hosts was definitely in my top 5 PowerCLI projects.  I really like the simplicity of Ben Liebowitz’s script over at The Lowercase w.  I will use this as a starting point for my own script. (Not that it needs too much tweaking.  Good job Ben!)

Please follow the link below to see the script.

Source: Patching VMware ESXi Hosts via PowerCLI! « The Lowercase w