vBuffer http://vbuffer.com I shall either find a way or make one Tue, 05 Jun 2018 08:12:28 +0000 en-US hourly 1 https://wordpress.org/?v=4.9.7 79156048 VCAP6.5-DCV Design Prep-Guide http://vbuffer.com/vcap6-5-dcv-design-prep-guide/ http://vbuffer.com/vcap6-5-dcv-design-prep-guide/#respond Tue, 05 Jun 2018 08:12:28 +0000 http://vbuffer.com/?p=639 I’ve been on VCAP6.5-DCV Design in end of April and I passed. The exam wasn’t easy. First of all, the best practices, white papers, books and other documents that I’d to go thru to be successful is tremendous. While, I’ve used many of those in my daily job, one way or another, it would take […]

The post VCAP6.5-DCV Design Prep-Guide appeared first on vBuffer.

]]>
I’ve been on VCAP6.5-DCV Design in end of April and I passed. The exam wasn’t easy. First of all, the best practices, white papers, books and other documents that I’d to go thru to be successful is tremendous. While, I’ve used many of those in my daily job, one way or another, it would take far longer to prepare If haven’t read any of them. Therefore, plan ahead and make sure you would have enough time to prepare, especially if you have no experience in architecture at all. Personally, the time took me to prepare was more than I anticipated.

Exam Interface

Exam interface and format has been completely re-done, and there aren’t any Visio-like questions. The feeling I’ve got was that I’m on VCP6.5 exam rather then VCAP6.5-DCV. Also, there is an option to mark questions for review of you would like to revise them in the end.

Questions

Questions are better defined and not that vague, which mean that you will definitely get what has been asked and what is the right answer. The format used in the exam is “multiple choice” and “drag and drop questions”, but a vast majority is multiple choice questions.

Comparison to the old versions of the DCV-Design exam

By far, VCAP6.5-DCV is the most refined and understandable exam of all previous design version I’ve sat on. In my opinion, there is plenty of time go over the questions, even if you mark some of them for later review.

Preparation

It’s important to differentiate having experience as an Architect and just want to validate your knowledge, or you decide it’s time to do next step in your career. The reason behind this is simple; Being an engineer you might find yourself lacking certain skills or rather find it difficult working with design methodology used in the exam. However, bellow I’d try to summarize what I have read to prepare for the exam, even those I already knew but decided to refresh my memory.

Note: Some of the resources can be quite old, nevertheless design methodology is same and mostly relevant.

Must Read

Network

Storage

Performance Best Practices

Availability Guides

Recoverability Guides

Business Critical Applications

Practice Exams

Additional Reading

Good luck to everyone!

The post VCAP6.5-DCV Design Prep-Guide appeared first on vBuffer.

]]>
http://vbuffer.com/vcap6-5-dcv-design-prep-guide/feed/ 0 639
NutanixCE – Cluster Installation and Configuration http://vbuffer.com/nutanixce-cluster-install-config/ http://vbuffer.com/nutanixce-cluster-install-config/#respond Mon, 20 Jun 2016 08:32:09 +0000 http://vbuffer.com/?p=549 In previous article I walked you through vSphere preparation for deploying NutanixCE. We enabled SSD option on disk/LUN, installed ESXi Mac Learning dvFilter and created virtual machines. Seems like everything is set up, and we can start installation. Before I begin, I ‘d like to remind that I’ll be deploying 3 node cluster, so you can […]

The post NutanixCE – Cluster Installation and Configuration appeared first on vBuffer.

]]>
In previous article I walked you through vSphere preparation for deploying NutanixCE. We enabled SSD option on disk/LUN, installed ESXi Mac Learning dvFilter and created virtual machines. Seems like everything is set up, and we can start installation. Before I begin, I ‘d like to remind that I’ll be deploying 3 node cluster, so you can clone already created virtual machine as many times needed; Depends on how many nodes you want to have. Having everything ready let’s,

Start the Installation

Power on first virtual machine. Wait until boots up to login screen and login with credentials:

  • user : root
  • pass : nutanix/4u

Before actual installation I would do some adjustments. First I will change default values such as vMem and vCPU which installer would use for creating controller VM. It works in the way it will check hardware and based on predefined values  CVM will be created; if you don’t fit in those models, it will create VM with defaults. There is no big deal to run installer now and make those changes later on but in my opinion is way less work. Edit installer values execute following line:

cd /home/install/phx_iso/phoenix && sudo nano sysUtil.py

Now, here you can see options to change vMem and vCPU settings and also adjust read and write IOPS. I would only change control VM default model; My nested VMs will have 24GB of memory and allocating 16GB for CVM wouldn’t make much sense; After all I’d like to run few VMs on the Nutanix Cluster I’m preparing. However, read/write IOPS is a bit different story and all depends on what you have in your environment. I don’t have physical solid state disks but performance I get from back-end Xpenology is fairly satisfactory. Feel free to experiment here. Values I’ve in mind are 8GB vMem and 2 vCPUs.

VBD-ACP-016_on_vbd-esx-01_vbuffer_info

Once ready with changes, save and exit to login screen and type install

VBD-ACP-016_on_vbd-esx-01_vbuffer_info

Alright.  Now when you hit “Enter” disk initializing and performance test will start.

2

When process is completed installation “wizard” will give you an option to select keyboard layout

1

Choose whatever suits here and select proceed. Here comes part to configure IP addresses for your Acropolis hypervisor and CVM/SVM. Bare in mind that prerequisite is to keep both in the same network segment/network. Nutanix recommends static IPs but DHCP would work as well.

3

Alright, read and accept license agreement, hit “Enter“. Now is the magic moment to go grab some coffee. Installation will take 10-15min depending on hardware you have.

4

Whenever installation is done you should see messages like this above. So far everything is set, repeat this steps for all 3 Virtual Machines. Those are the things you need to get done before we can continue with.

Creating Nutanix Cluster

This is fairly simple, just verify connectivity between CVM to be on the save side. If everything looks fine let’s create the cluster. There is two possibilities to do that:

  • Web Interface – Open web browser and type http://ip_of_one_CVM:2100/cluster_init.html. Scroll down to Discovered Nodes. If you’re able to see all your nodes, fill up all details like Cluster Name, DNS, NTP, etc and click create on the bottom of the page.
  • Command Line – of course there is command line magic you can do . You will need to login to CVM over ssh or from VM console. One thing to keep in mind that if you use VM console you will first login to Acropolis hypervisor and then SSH to CVM on 192.168.5.2. Reason for that is when you deploying NutanixCE it installs Acropolis, deploys CVM and creates virtual switch for communication between CVM and hypervisor. Type following in CVM shell:

cluster -s CVM1_IP,CVM2_IP,CVM3_IP create

 

5

Last but not least you can add DNS server/s and maybe external IP over shell or do that with Prism. Using command line you can do that with:

ncli cluster add-to-name-servers servers=<dns server>,<dns server>

 

Alright, Cluster has been is installed. Now go to http://CVM_IP_Addess:9440/console/#login and login to Prism with credentials user: admin and password: admin. You will be prompted to change password on first login and provide NEXT credentials.

7

 

Well, pretty much that’s it. You’re ready to Rock ‘n’ Roll. Nothing extremely complicated but there were few specifics in installation on nested environment I tried to touch on in that article. In next article I will show you how you can to deploy Prism Central and do basic network configuration of your Cluster.

 

The post NutanixCE – Cluster Installation and Configuration appeared first on vBuffer.

]]>
http://vbuffer.com/nutanixce-cluster-install-config/feed/ 0 549
NutanixCE – Getting Started http://vbuffer.com/nutanixce-getting-started/ http://vbuffer.com/nutanixce-getting-started/#respond Mon, 13 Jun 2016 08:12:49 +0000 http://vbuffer.com/?p=527 NutanixCE is out there for some time now, and I’ve decided it’s time to give it a try. It took me while to go through some documentation and blog posts, and I was ready to deploy it in my lab. Understanding how Nutanix works might be confusing to some extend but I’ve found that actually […]

The post NutanixCE – Getting Started appeared first on vBuffer.

]]>
NutanixCE is out there for some time now, and I’ve decided it’s time to give it a try. It took me while to go through some documentation and blog posts, and I was ready to deploy it in my lab. Understanding how Nutanix works might be confusing to some extend but I’ve found that actually it’s very well documented and some reading won’t harm. Good starting point would be

To obtain files you will need  Nutanix CE registration. Before moving on,  I wanted to highlight  few components of the community edition.

  • Prism – monitoring and management console; It can manage single cluster
  • Prism Central – can manage multiple Clusters
  • Nutanix on ESXi – Community edition can use, at this point, only Acropolis as underlying hypervisor. If you want to utilize your ESXi hosts you will need Nutanix Foundation which is currently available only for Partners, Customers and Nutanix employees.

Get your environment ready

That’s being said, two steps would be required to install NutanixCE  in your vSphere environment and get some adequate performance for testing.If you went through documentation, you already know that, Nutanix leverages auto tiering and use 3 tiers of Storage:

  • Hot – In Memory
  • Warm – Solid State Drives
  • Cold – Spinning Drives

Well, in this case flash storage will need to be either physically present or you should “make” one; of course enabling SSD works only for Block storage or DAS (Directly Attached Storage). KB2013188 describes in great detail how to enable SSD option on disk/LUN. Follow instructions and make all necessary changes, just bare in mind this operation requires ESXi reboot.

Next step is to install ESXi Mac Learning dvFilter. This packet would help you improve network and CPU performance by providing MAC-learning mechanism for your nested environment.

….applications like running nested ESX, i.e. ESX as a guest-VM on ESX, the situation is different. As an ESX VM may emit packets for a multitude of different MAC addresses, it currently requires the vswitch port to be put in “promiscuous mode”. That however will lead to too many packets delivered into the ESX VM, as it leads to all packets on the vswitch being seen by all ESX VMs. When running several ESX VMs, this can lead to very significant CPU overhead and noticeable degradation in network throughput.

When ready with installation of VIB to your ESXi hosts we can start with

Creating your VMs

Although cluster with single node can be created, I personally prefer to stick to at least minimum configuration. To create Nutanix Cluster which can tolerate two failures minimum of 3 nodes are needed, where five were recommended as far I remember. In our case we will create three node cluster with following configuration:

VM AttributeValueComment
OS TypeCent OS 4/5/6/7 (64Bit)
vCPU8
vMemory24GB
Storage ControllerPVSCSI
Disk (0:0)Boot Image Image downloaded from Nutanix
Disk (0:1)300GB SSD
Disk (0:2)600GB
Network Controller 0Intel E1000
Network Controller 1Intel E1000
ethernet0.filter4.namedvfilter-maclearnAdvanced VM Options
ethernet0.filter4.onFailure failOpenAdvanced VM Options
ethernet1.filter4.namedvfilter-maclearnAdvanced VM Options
ethernet1.filter4.onFailure failOpenAdvanced VM Options

When you have one VM ready you can simply clone it.There isn’t no need to repeat this operation for each VM.

Final word I’d say, overall preparation is more time consuming than actual deployment.However, in next article I’ll go through installation and basic configuration of Nutanix Cluster.

 

The post NutanixCE – Getting Started appeared first on vBuffer.

]]>
http://vbuffer.com/nutanixce-getting-started/feed/ 0 527
Top vBlog Voting Results went out http://vbuffer.com/top-vblog-voting-results/ http://vbuffer.com/top-vblog-voting-results/#respond Fri, 03 Apr 2015 09:30:06 +0000 http://vbuffer.com/?p=477 Full Top vBlog voting results went out on April 1. Pretty awesome day they have selected 😆  .However I assume this was considered as  fool day joke to someone dissatisfied with overall ranking. However, vBuffer made it to 123 place, thanks to the support of you , the readers and followers ! I would like […]

The post Top vBlog Voting Results went out appeared first on vBuffer.

]]>
Full Top vBlog voting results went out on April 1. Pretty awesome day they have selected 😆  .However I assume this was considered as  fool day joke to someone dissatisfied with overall ranking.

However, vBuffer made it to 123 place, thanks to the support of you , the readers and followers ! I would like to express my gratitude and appreciation to everybody, who dedicate time and decide to give a vote for vbuffer.com .Thank you .

In other hand as I already committed, and I’ll try to publish interesting ideas and challenges I’m dealing in my daily work .

Stay tuned for more !

The post Top vBlog Voting Results went out appeared first on vBuffer.

]]>
http://vbuffer.com/top-vblog-voting-results/feed/ 0 477
Top vBlog 2015 Voting !!! http://vbuffer.com/top-vblog-2015/ http://vbuffer.com/top-vblog-2015/#respond Wed, 04 Mar 2015 11:19:33 +0000 http://vbuffer.com/?p=460 Like in beginning of every year  Top vBlog 2015 Voting  started.This is time of the year when your readers, followers, colleagues, lads etc. evaluate your work and vote for your blog. Although vbuffer.com is only few months old, with only few articles and readers, I decided to give it try and run for niche in category […]

The post Top vBlog 2015 Voting !!! appeared first on vBuffer.

]]>
topvblog20151smallestLike in beginning of every year  Top vBlog 2015 Voting  started.This is time of the year when your readers, followers, colleagues, lads etc. evaluate your work and vote for your blog.

Although vbuffer.com is only few months old, with only few articles and readers, I decided to give it try and run for niche in category “New Blogger” .I would be happy and appreciate if you support me and give a vote for my blog  :-D. In other hand, I commit to deliver more interesting and quality content for upcoming year .

Likewise , as one of the  Co-Founders, here is good place to mention about my dear fellows TheVirtualists. Over the past year they proof that  can create really strong relationship with their readers and provide interesting quality articles. I strongly encourage you to give your vote and help for  @TheVirtualist  blogging platform and help them get to fair place in overall blog ranking.

Give your support for vBuffer.com and TheVirtualist.org . Vote on official voting page

The post Top vBlog 2015 Voting !!! appeared first on vBuffer.

]]>
http://vbuffer.com/top-vblog-2015/feed/ 0 460
vCenter Self-Signed Certificates – Part 2 http://vbuffer.com/vcenter-self-signed-certificates-part-2/ http://vbuffer.com/vcenter-self-signed-certificates-part-2/#respond Mon, 09 Feb 2015 09:00:18 +0000 http://vbuffer.com/?p=307 Well, It’s been quite some time since I wrote Part 1. I wanted to focus on different topics and then come back to certificates but Christmas holidays came and also I’ve been involved in few interesting and quite demanding projects and could not dedicate much on vCenter Self-Signed Certificates Part 2. Although I wrote most […]

The post vCenter Self-Signed Certificates – Part 2 appeared first on vBuffer.

]]>
Well, It’s been quite some time since I wrote Part 1. I wanted to focus on different topics and then come back to certificates but Christmas holidays came and also I’ve been involved in few interesting and quite demanding projects and could not dedicate much on vCenter Self-Signed Certificates Part 2. Although I wrote most of  the”painful” portion of the process, I still think that Microsoft CA way requires proper attention.In this part should to be much shorter than Part 1 but let’s see how it goes.

So first things first. To go ahead in process we will need to go through couple of steps :

  • Creating the OpenSSL configuration files
  • Creating the certificate requests
  • Obtaining the certificates
  • Implementing the certificates

Looks familiar, isn’t it ? Some of those steps we have done in Part 1, and of course we going to reuse what  we already have. Before going ahead let’s make check point of what we need and what we have .

  • Version we talk about here is vSphere 5.5
  • All components for which you will be installing certificates has been pre-installed
  • Microsoft Active Directory Certificate services are running on your Domain Controller or other Server in your environment
  • You have reviewed the Key Usage Extensions for the VMwareCertificate (Web Server) template on your Certificate Authority server and made sure it has digitalSignature,  keyEncipherment, and dataEncipherment enabled for certificate generation.If you do not have this one, follow this article to set-it up.
  •  OpenSSL v0.9.8 has been has been installed. I personally would use OpenSSL which come with vCenter  “C:\Program Files\VMware\Infrastructure\Inventory Service\bin“. If you’re not sure that it is the version you need, just open it in terminal and write “openssl.exe  version” 
  • You are not using wild card certificates. Each certificate needs to be unique in vSphere 5.x and as a result wild card certificates are not supported.

vCenter has six components  components that utilize certificates to encrypt communication.They can be installed on same server or separate server but I’m going to follow “all-in-one” model. Let’s begin, following chronologically steps I wrote few lines above

Creating the OpenSSL configuration files

OpenSSL config file creation is relatively easy. I have decried this in great detail in Part 1 but here I have to highlight specific value which will apply for particular  component /service. When you have file created make sure you have specify correct organizationalUnitName. This should be unique for components

organizationalUnitNamevCenterUniqueServer
vCenterInventoryService
vCenterSSO
vCenterServer
vCenterWebClient
vCenterLogBrowser
VMwareUpdateManager
vSphereAutoDeploy

Creating the certificate requests

Now, since I have configured OpenSSL , I need to generate a certificate request for each  component. Folders for all components has been created with component SSL config files .Generation is easy, open Command Prompt get to OpenSSL folder and use bellow commands for each service.

#Certificate request to export the private key ### Make sure you have proper D:\temp\<component> directory
openssl req -new -nodes -out d:\temp\vCenterInventoryService\rui.csr -keyout d:\temp\vCenterInventoryService\rui-orig.key -config d:\temp\vCenterInventoryService\InventoryService.cfg
#Merge key to the proper RSA format###Make sure you have proper D:\temp\<component> directory
openssl rsa -in d:\temp\vCenterInventoryService\rui-orig.key -out d:\temp\vCenterInventoryService\rui.key

Selection_034

Obtaining the certificates

Here comes the interesting part. Steps bellow need to be executed for all services.

Login to your Microsoft CA Web Interface.It should be something like this http://servername/CertSrv

Selection_035

Click “Request Certificate” and then “Advanced Certificate Request”

Selection_036

Click here “Submit a `certificate request by using  base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7

Selection_036

Open rui.csr, generated in previous steps, in text editor and paste it everything in “Saved Request” .Select “VMware Certificate” certificate template from drop down list or the template you have prepared .Once ready “Submit” it .

Selection_042

Select “Base 64 encoded ” and download certificate .Save it as rui.crt in same directory where rest of files for this service are, in this case D:\temp\<service>

Selection_040Before continue  we let’s verify certificate key usages . Open rui.crt file go to Details  >Key Usage. Do you see digitalSignature,keyEncipherment,and dataEncipherment?

Selection_043

Alright, seems all fine. Let’s go ahead and download certificate chain, so select “Download a CA certificate, certificate chain or CR

Selection_052

Select “Base 64 ” and “Download CA Certificate chain” and save the file to folder where  certificates are D:\temp\

Selection_053

Double click on saved certificate chain and go to “Certificates” and Right-click the certificate listed and click All Actions > Export.

Selection_054

Select Base-64 encoded X.509 (.CER) click “Next” and save file in D:\temp\Root64.cer

Selection_045

So far so good , next step  is to generate PKCS#12 PFX for use with each one of the services.Creation is relatively easy  and require execution of only one line command in Command Prompt.Make sure you adjust all necessary parameters  for each service.

# Certificate password must be testpassword .Do not change this parameter
openssl pkcs12 -export -in d:\temp\vCenterInventoryService\rui.crt -inkey d:\temp\vCenterInventoryService\rui.key -certfile d:\temp\vCenterInventoryService\Root64.cer -name "rui" -passout pass:testpassword -out d:\temp\vCenterInventoryService\rui.pfx

 

#SSO service is special so following command should do the magic.Don't change certificate store password "changeme" and the key alias must be "ssoserver"
openssl pkcs12 -export -in d:\temp\sso\rui.crt -inkey d:\temp\sso\rui.key -certfile d:\temp\sso\Root64.cer -name "ssoserver" -passout pass:changeme -out d:\temp\sso\ssoserver.p12

 

If you really want you can check encoding with

openssl pkcs12 -in c:\certs\service\rui.pfx -info

Alright, we have got everything we need for implementing custom Microsft CA certificates. Now if you have your vCenter components on one server you can keep certificates in same folder or wherever you store them, but in case your vCenter components are installed across few servers, copy required files to each server. For the implementation we going to use same tools and steps as in Part 1. Key moment here is to verify sequence by creating a plan for implementation for each service with   SSL Automation Tool . Awesome functionality  😀 .

That’s it, pretty much. Path seems not quite short but at least exists and I hope it will save some of your time.

Got a question ? Write it in comments bellow.

The post vCenter Self-Signed Certificates – Part 2 appeared first on vBuffer.

]]>
http://vbuffer.com/vcenter-self-signed-certificates-part-2/feed/ 0 307
vExpert 2015 – Announcements http://vbuffer.com/vexpert2015/ http://vbuffer.com/vexpert2015/#respond Fri, 06 Feb 2015 08:51:10 +0000 http://vbuffer.com/?p=377 Yesterday evening  vExpert2015 was announced. I’m proud to be among 1028 announced virtualization enthusiast worldwide sharing same passion and contribute back to community. Maybe you already know,  vExpert it’s none technical award  for people demonstrated significant contributions to the community and a willingness to share their expertise with others.Where contribution might in many different ways […]

The post vExpert 2015 – Announcements appeared first on vBuffer.

]]>
Yesterday evening  vExpert2015 was announced. I’m proud to be among 1028 announced virtualization enthusiast worldwide sharing same passion and contribute back to community. Maybe you already know,  vExpert it’s none technical award  for people demonstrated significant contributions to the community and a willingness to share their expertise with others.Where contribution might in many different ways including but not limited to

  • public speakers
  • book authors
  • script writers
  • VMUG leaders
  • VMTN community moderators

Here I would like to take this opportunity and congratulate my dear fellows @TheVirtualists  and wish them same successful year and keep on going with your contribution ! Here are some of the names

I hope I did not forget anyone.

Well done lads, keep on doing great job with TheVirtualist !

The post vExpert 2015 – Announcements appeared first on vBuffer.

]]>
http://vbuffer.com/vexpert2015/feed/ 0 377
vCenter 5.5 service fails to start http://vbuffer.com/vcenter-5-5-service-fails-to-start/ http://vbuffer.com/vcenter-5-5-service-fails-to-start/#comments Tue, 30 Dec 2014 09:30:10 +0000 http://vbuffer.com/?p=170 Few days ago when I was preparing vSphere Self-Signed certificates article I found out that vCenter is down. I notice that vCenter 5.5 service fails to start with very “interesting” general error message which did not say much. I haven’t actually used my lab for while and I suspected that something went wrong with my […]

The post vCenter 5.5 service fails to start appeared first on vBuffer.

]]>
Few days ago when I was preparing vSphere Self-Signed certificates article I found out that vCenter is down. I notice that vCenter 5.5 service fails to start with very “interesting” general error message which did not say much. I haven’t actually used my lab for while and I suspected that something went wrong with my Database. However, I checked all components, Databases, users, passwords and so on but I did not found anything. Only place, I haven’t looked yet was vCenter logs. In order to have fresh generated log and avoid searching in bunch of files I attempt to start service again with of course expected result, failure.

So logs were pretty clear indicating few error messages which looks like cause the problem.

[06788 error 'win32vpxLdap_win32'] [LDAP Client] Failed to add LDAP entry CN=CN=1D6A02A3-9D81-4E8F-8170-12C37015819E,OU=ComponentSpecs,OU=Health,dc=virtualcenter,dc=vmware,dc=int: 0x68 (The object already exists.)
[06788 error 'win32vpxLdap_win32'] [LDAP Client] Failed to add LDAP entry CN=CN=1D6A02A3-9D81-4E8F-8170-12C37015819E.vpxd,CN=CN=1D6A02A3-9D81-4E8F-8170-12C37015819E,OU=ComponentSpecs,OU=Health,dc=virtualcenter,dc=vmware,dc=int: 0x68 (The object already exists.)
[06788 info 'vpxdvpxdMoDiagnosticManager'] [DiagnosticManagerMo] Running support script located at C:\Program Files\VMware\Infrastructure\VirtualCenter Server\scripts\vc-support.wsf
[06788 error 'profileprofileUtil'] [Vpxd::Prof::Util::DeserializeFromFile] reading failed: FileIO error: Could not find file  : C:\ProgramData\VMware\VMware VirtualCenter\hpMetadataCache.xml

Frankly, I haven’t seen such error before but thankfully, I found KB article which partially helped me to solve the problem

VMware vCenter Server 5.x fails to start with the error: Failed to add LDAP entry KB2044680

It seems like cause of this was stale ADAM entry. So far so good, before actually start editing ADAM database I would recommend you to take backup, especially if this is production server. Taking backup is relatively easy, you can do it in many different ways, which I’m not going to describe here. I did it old fashion way, with Command Prompt.

Selection_030

When you’re done with backup we can start with removing stale entries. Open ADSI Edit and at the root level and click “Connect to”

Selection_031

Once connected, browse to OU which was specified in vCenter log.

[06788 error ‘win32vpxLdap_win32’] [LDAP Client] Failed to add LDAP entry CN=CN=1D6A02A3-9D81-4E8F-8170-12C37015819E,OU=ComponentSpecs,OU=Health,dc=virtualcenter,dc=vmware,dc=int: 0x68 (The object already exists.)

According to KB2044680 I posted above, when you locate CN under OU=Instances it suppose to be empty, but in my case it contained two records and also error message in vCenter log specified that problematic record is under OU=ComponentSpecs,OU=Health.

Selection_032

Following resolution from VMware Knowledge Base didn’t do the magic, so I had to remove problematic CN from both OUs (OU=Instances and OU=ComponentSpecs,OU=Health ). When I’ve done cleaning ADAM database I checked whether IIS is installed and running on machine, as part of problem resolution from VMware, I did not find it installed.

After all was done, magic moment came and I attempted to start vCenter service .It came online beautifully, with no errors or whatsoever.

In case you don’t manage to fix your vCenter and still having troubles other option I found is to simply uninstall and then install it from scratch. I personally prefer to troubleshoot the problem rather than reinstall it but this is matter of personal preferences .

Good Luck 🙂

The post vCenter 5.5 service fails to start appeared first on vBuffer.

]]>
http://vbuffer.com/vcenter-5-5-service-fails-to-start/feed/ 4 170
vCenter Self-Signed Certificates – Part 1 http://vbuffer.com/vcenter-selfsigned-certificates/ http://vbuffer.com/vcenter-selfsigned-certificates/#comments Sun, 07 Dec 2014 17:13:39 +0000 http://vbuffer.com/?p=108 A month ago I had to upgrade one of our customers vCenter from 5.0 to 5.5. We were suppose to run pilot project and upgrade was part of the requirements. However, upgrade was pretty smooth with no unexpected issues or whatsoever. Of course, when I had all components installed I decided to do quick check, […]

The post vCenter Self-Signed Certificates – Part 1 appeared first on vBuffer.

]]>
A month ago I had to upgrade one of our customers vCenter from 5.0 to 5.5. We were suppose to run pilot project and upgrade was part of the requirements. However, upgrade was pretty smooth with no unexpected issues or whatsoever. Of course, when I had all components installed I decided to do quick check, though. Login with C# client did not indicate any unusual behavior or possible error, but when open Web Client I saw error message that Web Client could not connect vCenter.

image_thumb

Digging around the log files, I found out that VMware self-signed certificate is 512bits rather than supported 1024/2048bits. Environment was upgraded few times in the past and seems like vCenter installer did not check whether this certificate  meets new version requirements.

Selection_001

With finding the cause first logical step was to search for VMware KB , and of course, I found few

After upgrading to vCenter Server 5.5 Update 1, logging in to vCenter Server reports the error: Failed to verify the SSL certificateKB2074942
Configuring CA signed certificates for vCenter Server 5.5 KB2061973
Configuring CA signed SSL certificates for vSphere Update Manager in vCenter Server 5.1 and 5.5KB2037581
Implementing CA signed SSL certificates with vSphere 5.xKB2034833
Creating certificate requests and certificates for vCenter Server 5.5 componentsKB2061934
Configuring CA signed SSL certificates for the Inventory service in vCenter Server 5.5 KB2061953
Configuring CA signed certificates for vCenter Server 5.5 KB2061973
Implementing CA signed SSL certificates with vSphere 5.xKB2034833
Configuring CA signed SSL certificates for the Inventory service in vCenter Server 5.5KB2061953

So, in order to get this resolved, I had simply to regenerate self-signed certificates and re-register all vCenter components. Pretty easy, isn’t :D. Bellow are the steps I took to fix vCenter self-signed certificates.

Before you start bear in mind following :

  • Certain vCenter Services will be unavailable during process.
  • Replacing the vCenter Server certificate may result in ESXi Hosts becoming disconnected from vCenter Server. You might need to reconnect manually some of the hosts.
  • Plug-in components such as Update Manager, Site Recovery Manager, vCloud Director, Horizon View, etc, may need to be re-registered with vCenter Server.
  • Do not stop vCenter nor any of the it’s components services yourself,SSL Certificate Automation Tool will do that for you during the process.
  • Important: Ensure that you are using OpenSSL Version 0.9.8. If you are using a different version, the SSL implementation would fail.

As first step, we need custom cfg file. In Notepad create new file and call it openssl_config.cfg and add the following lines:

[ req ]
 default_bits = 2048
 default_keyfile = rui.key
 distinguished_name = req_distinguished_name
 encrypt_key = no
 prompt = no
 string_mask = nombstr
 req_extensions = v3_req
[ v3_req ]
 basicConstraints = CA:FALSE
 keyUsage = digitalSignature, keyEncipherment, dataEncipherment
 extendedKeyUsage = serverAuth, clientAuth
 subjectAltName = DNS: hostname, IP:X.x.x.X, DNS:hostname.domain.com

[ req_distinguished_name ]
 countryName = US
 stateOrProvinceName = NY
 localityName = New York
 0.organizationName = VMWare
 organizationalUnitName = vCenterServer
 commonName = hostname.domain.com

 

Once, you’re ready save the file and lets begin with certificate generation. Open Command Prompt and go to OpenSSLfolder, located in “C:\Program Files\VMware\Infrastructure\Inventory Service\bin“.

 

openssl req -new -nodes -out d:\temp\rui.csr -keyout d:\temp\rui-orig.key -config d:\temp\openssl_config.cfg
openssl rsa -in d:\temp\rui-orig.key -out d:\temp\rui.key
openssl req -text -noout -in d:\temp\rui.csr
openssl x509 -req -days 7300 -sha256 -in d:\temp\rui.csr -signkey d:\temp\rui.key -out d:\temp\rui.crt -extensions v3_req -extfile d:\temp\openssl_config.cfg
openssl.exe pkcs12 -export -in d:\temp\rui.crt -inkey d:\temp\rui.key -name rui -passout pass:testpassword -out d:\temp\rui.pfx
openssl pkcs12 -in d:\temp\rui.pfx -info
openssl x509 -text -noout -in d:\temp\rui.crt

Once the certificates and keys are created, you will need to create a PEM certificate chain. Open Notepad and create new file name it chain.pem save it in same location where certificates and keys are. Open rui.crt and copy content to chaim.pem and save it.

Now we are ready for the fun part. Locate SSL Certificate Automation Tool, unzip it and go to folder. In order to save some time and don’t type multiple times same things, we will need to edit ssl-environment.bat file. Open file in Notepad or any other editor and change following lines:

###Parameters for updating the vCenter Server SSL Certificate
set vc_private_key=d:\temp\rui.key   
set vc_cert_chain=d:\temp\chain.pem

###Common parameters
set sso_admin_user=administrator@vsphere.local
set vc_username=DOMAIN\User  ###Add here your credentials###

Save the file and run ssl-updater.bat as Administrator.

On “Main Menu”  select  1.Plan Your Steps to upgrade SSL certificates to get detailed plan how to implement generated certificates.

Selection_009

Now we have the plan for re-establishing the trust between vCenter and it’s components.Let’s start with first step Update the vCenter Server SSL certificate.

Go to Main Menu > Update the vCenter Server > Update the vCenter Server SSL certificate  and follow the wizard.

Selection_014

Note: If you’re using SQL Express your Database password would be your domain admin or local admin password .Microsoft SQL Express support only Windows Authentication.

If you see error ERROR: The leaf certificate doesn’t have any CN or subjectAltName that matches the public address of the current machine. Rejecting the chain. To skip this

check, set the `ssl_tool_no_cert_san_check’ environment variable to 1.

Add following  “set ssl_tool_no_cert_san_check=1″ to lines 680 and 759 and re-open ssl-updater.bat

 

Next step is to re-establish the trust between vCenter and Inventory service. From Main Menu > Update the vCenter Server SSL certificate > Update vCenter Server trust to Inventory Service

Selection_015

Next step is to re-establish the trust between Inventory Service and vCenter. From Main Menu > Update Inventory Service > Update the Inventory Service trust to vCenter Server.

Selection_016

Next step is to re-establish the trust between vCenter and vCenter Orchestrator. From Main Menu > From Main Menu > Update vCenter Orchestrator > Update vCenter Orchestrator trust to vCenter Server

Selection_017

Next step is to re-establish the trust between vCenter and WebClient. From Main Menu > Update vSphere Web Client and Log Browser > Update vSphere Web Client trust to vCenter Server

Selection_018

Last step in the process is VUM .From Main Menu > Update vSphere Update Manager > Update vSphere Update Manager trust to vCenter Server

Selection_019

After you complete all steps, login to VMware Web Client and enjoy !

The whole procedure is time consuming,complicated and not well documented. If you want to change certificates for each one of vCenter components you can follow same steps.In next part I will describe how to work with CA certificates.

The post vCenter Self-Signed Certificates – Part 1 appeared first on vBuffer.

]]>
http://vbuffer.com/vcenter-selfsigned-certificates/feed/ 14 108
Hello world! http://vbuffer.com/hello-world/ http://vbuffer.com/hello-world/#respond Wed, 12 Nov 2014 20:43:38 +0000 http://vbuffer.com/?p=1 Today new blog was born 😀 .I’m going to post ideas, thoughts and knowledge I think might be interesting. Beside VMware posts, you can expect as well, articles for open source products, Microsoft, Amazon, Google and so on. Stay tuned for more.

The post Hello world! appeared first on vBuffer.

]]>
Today new blog was born 😀 .I’m going to post ideas, thoughts and knowledge I think might be interesting.

Beside VMware posts, you can expect as well, articles for open source products, Microsoft, Amazon, Google and so on.

Stay tuned for more.

The post Hello world! appeared first on vBuffer.

]]>
http://vbuffer.com/hello-world/feed/ 0 1