Posts tagged VMware

Update ESXi standalone to 6.5


To update your standalone lab box to the latest ESXi version, first enable SSH. Then put all the VM’s into maintenance mode and log in via SSH. Use the esxcli command to update to the latest version (mind the build numbers) by using your internet connection. So no hassle with packages, downloads, etc.

Open the firewall if needed:

esxcli network firewall ruleset set -e true -r httpClient

Update the box (this will take 5-10 minutes if using slow USB stick as storage)

esxcli software profile update -p ESXi-6.5.0-4564106-standard -d

Reboot the box, get coffee and login afterwards. You’re box is updated to latest-and-greatest. Don’t forget to update VMware Tools on the guests if needed.

VMware Certified Associate


I haven’t update my VCP since version 3.5 Last week I noticed you could take the VMware Certified Associate exam for free with online delivery. Without learning I passed. Guess after building all the clusters, including updates to v5.5, the knowledge level is still okay.


Debugging VMware vSphere host profiles


Last weeks I’ve built a new VMware vSphere 5.1 cluster based on diskless Dell M710HD blades. When creating a host-profile to push configurations to all members (servers) of the cluster to keep consistency I’ve noticed two out of 16 blades did not comply with the created profile, showing these error messages:

  • Host state doesn’t match specification: device mpx.vmhbaXX parameters need to be reset
  • Host state doesn’t match specification: device mpx.vmhbaXX Path Selection Policy needs to be set to default for claiming SATP

Googling around brought me to VMware KB2002488 but unfortunately this didn’t solve the compliance issue either. Debugging further and comparing a compliant and non-compliant server brought me to the Dell iDRAC-interface. The non-compliant server had the virtual media drive (forced) attached. To solve this issue, log in via iDRAC, select the Virtual Console/Media tab, sub Configuration and choose Auto-attach in the Virtual Media drop down menu. Now rescan the host profile and your server should be compliant.

iDRAC virtual media causes problems with VMware host profiles compliance

iDRAC virtual media causes problems with host profiles compliance

Enable SSH and SNMP on ESXi 5.1


This is a short tutorial on how to enable SNMP om your ESXi (v5.1) box the easy way, so you can add it in your favorite monitoring tools like Zabbix, Observium, PRTG, etc. You can do this on the console, but if your server is located in the data center and you don’t have KVM-access this will help you. First of all enable SSH on your box.

Enabling SSH on ESXi

  1. Connect with the vSphere client to your node
  2. Go to the configuration tab, then select Security Profile
  3. Select Properties with Services, then select SSH Server
  4. Click Options and select Start and Stop with host
  5. Click the Start button once to start the service for now

Opening the firewall to allow SSH connections

  1. Connect with the vSphere client to your node
  2. Go to the configuration tab, then select Security Profile
  3. Select Properties with Firewall, then select SSH Server
  4. Click SSH Server, select Firewall and allow an IP-range

You’ll get an annoying alert on the Summary tab of the vSphere client. To suppress this warning, go back to the Configuration tab and select Advanced Settings. Select UserVars and find UserVars.SuppressShellWarning. Set this value to 1. You’re done enabling SSH remotely. Now let’s configure SNMP.

To enable SNMP, SSH to your ESXi box. Windows users can use PuttY, Linux and Mac users the native Terminal. Log in as root@your.hostname.tld and enter the password. Paste these commands to the command-line of your ESXi box:

esxcli system snmp set -c public
esxcli system snmp set -l warning
esxcli system snmp set -e yes

That’s it. Both SSH and SNMP are enabled now.

VMware vSphere 5.1 Single Sign On (SSO) and SQL 2012


When installing or upgrading to VMware vCenter 5.1 you need to run a script on your existing database if you don’t go for the bundles Express Edition of Microsoft SQL Server 2008R2 Express. In my case I’ve used a dedicated Microsoft SQL 2012 Standard Edition server.

VMware wants you to run an SQL query located on E:\Single Sign On\DBScripts\SSOServer\schema\mssql called rsaIMSLiteMSSQLSetupTablespaces. Unfortunately this script used SQL syntax that isn’t supported by SQL server 2012. And with not supported I mean the Stored Procedures in the end of the script. Replace these lines in the bottom of the script with the ones below

EXEC SP_DBOPTION 'RSA', 'trunc. log on chkpt.', true
EXEC SP_DBOPTION 'RSA', 'trunc. log on chkpt.', true

There you go. The query should run without errors on SQL Server 2012.


Changing vSphere Web Client certificate


So, you upgrades to VMware vSphere 5 and installed the Web Client. Welcome to the club. Now it’s time to change the SSL certificate from self-signed to something recognized as trusted by your browser. In my case there is already a valid wildcard certificate for *.domain.tld so let’s use this one.

First, find your private key, the certificate file and the chain-certificate. I’m using Linux myself, but openssl is available for windows to. Let’s copy them together in a working directory.

mba:demo randy$ ls -lha
total 24
drwxr-xr-x 5 rtenhave staff 170B Aug 20 13:05 .
drwxr-xr-x 6 rtenhave staff 204B Aug 20 13:04 ..
-rw-r--r-- 1 rtenhave staff 3.8K Aug 20 13:04 DigiCertCA.crt
-rw-r--r-- 1 rtenhave staff 2.4K Aug 20 13:04 star_domain.tld.crt
-rwxr-xr-x 1 rtenhave staff 1.6K Aug 20 13:04 star_domain.tld.key

As you can see we have three files. Let’s create one file that can be used on Windows by the Tomcat Java server that’s being used by the vSphere Web Client. We need to create a so-called PCKS#12 certificate bundle that will include the private key, the certificate and the chain-file. We use OpenSSL to achieve this.

openssl pkcs12 -export -out star_domain.tld.pfx -inkey star_domain.tld.key -in star_domain.tld.crt -certfile DigiCertCA.crt

The application will ask for a passphrase. The default passphrase in use by Tomcat is testpassword. You can find that one on your vCenter server in the file tomcat-server.xml located in the folder C:\Program Files\VMware\Infrastructure\vSphereWebClient\DMServer\config. You can change it or leaf it. That’s up to you. Since the Tomcat configuration file is readable by all users and the password is stored in plain-tekst changing it does not really make sense. I’ll skip the security part and why they (VMware) should use the keyring for that. Maybe another time…

Now transfer the files to your vCenter server and place them in the folder C:\Program Files\VMware\Infrastructure\vSphereWebClient\DMServer\config\ssl. I’d suggest to take a back-up of the old certificated first.

New restart the services and your new certificate is available.



vSphere 5: The eagle has landed


VMware today released the new version of ESX: vSphere 5. As a VMware minded person I immediately started to download the packages. First things first: Read the manual Upgrade vCenter Server to the new version. This process was quite straight forward. First you update the vCenter server itself, then the vCenter Client, then the Update Manager and finally you install the new Web services.

After installing all vCenter Services it’s time to rock. I noticed a few things: The new vCenter Web services only supports Windows and Linux. The basic stuff works, but I was not able to connect to a console from my iMac running OSX Lion 10.7. That’s really a shame VMware, since you do support Firefox on Linux. The main problem here is that there is no native desktop version available to manage vSphere from your Mac so I really hoped the new Web Services where able to fill this gap. Unfortunately it didn’t, which was quite disappointing.

The second problem I faced was updating my two nodes running ESXi 4.1 to ESXi 5 using the Update Manager. The ESX-nodes where running a Dell ESXi-image so the Update Manager was not able to perform an upgrade using the ESXi5 image from VMware itself due to driver incompatibility. Not a real issue for me. Just burn the ISO to a disk and walk up the stairs to my lab, inserting CD’s and perform the upgrade manually. Although my Dell PowerEdge 840 desktops where not listed on VMware’s hardware list, ESXi 5 runs smooth on these servers.

LAB environment:
Like said, my home lab contains one cluster build on two Dell PowerEdge 840 desktop servers. Both servers have a PERC 5i RAID-controller with 2x 146 Gbyte SAS and 2x 160 Gbyte SATA disks. Both servers have 8 Gbyte of RAM, which is the maximum the server supports. A dual core Intel Xeon 3040 is used as a processor. The only issue I have is that the servers only have 1 Network Card on-board. Though it’s a Gbit port, more NIC’s would be nice to use more features typically done in a lab environment. I have some PCI-e NIC’s available, so when I’m in a good mood I’ll install ESXi on an USB-stick and replace the RAID-controller with the new network cards.

Network storage is provided by an Synology DiskStation DS211 which has 2 iSCSI targets, 512 Gbyte each. Since the unit is running a 2 TByte raid-array build on SATA-disks, this is not really a fast solution but it still performs running 12 Virtual Machines, more than enough for lab purposes.

VSP5 binnen. Nu vSphere 5 nog


[X] VSP5
[  ] VSTP5
[  ] VCP5

Gratis ESXi High Availlability


Soms wil je een hoge beschikbaarheid bouwen voor servers maar heb je een klein budget. Nu kun je met allerlei open source software gaan knutselen en rommelen en daarbij gemakshalve vergeten hoeveel uren je hiermee bezig bent om het maar goedkoop te laten lijken. In het verleden heb ik voor een klant wel eens een High Availlability (HA) set-up gemaakt op basis van twee Dell R200 servers met ESXi 3.5 (update 2) en een Linksys NAS. De investering voor hardware was amper 2000 euro voor deze omgeving, het aantal uren om alles werkend te krijgen was 4, inclusief testen en documentatie.

Om te beginnen zal ik zeggen dat HA in een klein aantal gevallen voordelen zal bieden. Het zal je namelijk enkel beschermen tegen uitval aan hardware. Met moderne hardware is de kans op storingen echter minimaal, de meeste fouten (>90%) kent nog steeds een menselijke oorzaak. Dat gezegd hebbende: let’s rock!

Op beide servers installeer je VMware ESXi. Destijds heb ik het met versie 3.5 (update 2) gedaan. Of het met vSphere danwel ESXi4 nog steeds werkt: geen idee. Installeer de storage, (iSCSI heeft de voorkeur boven NFS) en zorg dat beide servers bij dezelfde storage pool kunnen komen.

Vanuit beide nodes gaan we een heartbeat doen, dan wil zeggen kijken of de andere server nog beschikbaar is. Wanneer dit gedurende 15 pings niet zo is (dit is een relatief korte tijd, maar wachten tijdens testen is vervelend omdat systeembeheerders altijd ongeduldig zijn) dan zal hij de virtuele servers gaan opstarten op de andere node. We maken hiervoor een script met de naam en zetten deze in de /usr/bin. Zorg er wel voor dat het script uitvoerbaar is.

if ! ping -c 14 > /dev/null; then
for $i in `cat /etc/other_host` ; do vmware-cmd -s register $i  && vmware-cmd $i start ; done
sleep 16
if ! ping -c 14 > /dev/null; then
for $i in `cat /etc/other_host` ; do vmware-cmd -s register $i  && vmware-cmd $i start ; done

Vervolgens moeten we een lijst van alle virtual machines hebben. Dat doen we met het onderstaande commando. Voer deze op beide ESXi hosts uit en SCP deze dan naar de andere ESXi node toe in de /etc directory. In het bestanbd komt een lijst met alle geregistreerde VM’s. Deze kun je nog bewerken omdat er mogelijk machines in staan die je geen HA wil geven. Ook de volgorde is belangrijk, omdat de bovenste VM als eerste opgestart gaat worden bij een storing. De sleep 16 waarde geeft de tijd tussen het opstarten weer.

vmware-cmd -l | sed ’s/\ /\\ /g’ > /root/other_host

Wat we nu nog moeten doen is een crontab aanmaken die elke minuut zal draaien om te kijken of de andere host nog leeft. Nu snap je ook waarom het eerste script eigenlijk dubbel uitgevoerd is. We kunnen een cron namelijk enkel eens per minuut laten lopen. Met de sleep 16 waarde zetten we de lopende cron in de wacht. Tel hier de (2x) 14 pingpogingen bij en je zult precies op 60 seconden uitkomen. Onderstaande kun je in je /etc/crontab zetten op ESXi hosts.

* * * * * /usr/bin/

Bovenstaande is natuurlijk verre van een nette oplossing voor bedrijfskritische toepassingen maar wel een leuk voorbeeld om in een lab uit te voeren. Probeer zelf te achterhalen wat ieder commando doet en ga niet klakkeloos lopen copy/pasten omdat je anders de werking ervan niet gaat snappen.

Another certificate: VMware Technical Sales Professional


Since I’ve already done VSP (Sales Professional) 3.5, done the Virtual  Infrastructure specification and updated my VSP to version 4.0, it was time for me to train for VMware Technical Sales Professional (VTSP). Another exam (5 actualy) and another certificate is here.


Enough VMware for now. Next training will be ehm… Citrix CCA for Xenserver?


Go to Top