How we can change vCenter’s (VCSA) name or IP address

Hi, Today I plan to change vCenter7’s hostname, domain name and IP address.

Note:

Please take a backup from your vCenter and unregistered your plugins (such as monitoring, backup) from vCenter server.

Make sure that the new FQDN/Hostname is resolvable to the IP address (DNS A records). Make sure that the resolution works in both directions.

First, Connect to vCenter VAMI interface, The address is :

https://your_vCenter_ip_address or FQDN :5480/

Then go to Networking> end click Edit

In this wizard will select a network adapter that you would like to edit.

On the next screen, we can change the hostname, IP address and a DNS setting.

On this screen, we just need to fill in our Single Sign-On (SSO) credentials.

On this screen, select the checkbox, if you have made a backup of your vCenter Server and unregistered extensions.

Network update in progress

Process Completed.

Finish ūüôā

ESXi 7.0 u3 Not Registering Name With DHCP Server

Hi, Today I set ESXi 7.0 update 3 servers to get an IP address from DHCP server, the host got an IP address, but it didn’t register name with DHCP.

 What is the solution? 

You must open this file in a text editor.

/etc/dhclient-vmk0.conf

Add this line:

send host-name "yourservername";

For Example:

 send host-name "Host-24";

Exit and save the file and reboot the host.

Note: The ; at the end of line is very important, Don’t forget that.

Finish ūüôā

How to unlock root account in vRealize Operations 8.X

Hi, In this post I showed you, how you can reset the root password. Now, I would like to show you, how you can unlock the root account in vRealize Operation 8.x.

  1. Log into the vRealize Operations admin UI as the local admin user. 
  2. Select the desired node and click Take Node Offline/Online.

Note: If using a single node cluster, click Take Offline under Cluster Status.

  1. In the vSphere Client, open the console of the desired node.
  2. With the console open, restart or power on the virtual machine.
  3. Type the letter e to go to the GNU GRUB edit menu.
  4. When the GRUB loader menu appears, immediately use the up and down arrow keys to navigate to the end of the line that starts with Photon OS or linux for new 8.x deployments.
  1. Add a space, then type rw init=/bin/bash which adds another option to the line.

8. Press F10.

Note: The virtual appliance starts in single-user mode.

9. To unlock the root account, open /etc/pam.d/system-auth in a text editor.

Comment out the following line by adding a # in front of it:

auth    required    pam_tally2.so onerr=fail deny=3 unlock_time=900 root_unlock_time=900 file=/var/log/tallylog

Example:

 #auth    required    pam_tally2.so onerr=fail deny=3 unlock_time=900 root_unlock_time=900 file=/var/log/tallylog
  • 10. Save and close the file.
  • 11. Type¬†sync¬†and press Enter to flush the data to disk.
  • 12. Type¬†umount /¬†and press Enter.
  • 13. Type¬†reboot¬†-f¬†and press Enter.

Note: If the reboot command fails, restart the Virtual Machine through vSphere.

  • 14. In the vSphere Client, reopen the console of the desired node and login using root.
  • 15. Run the following command:
pam_tally2 -u root --reset

Note: This command may need to be run twice.

  1. Open /etc/pam.d/system-auth in a text editor.
  2. Uncomment the line from step 10 by removing the # in front of it.

Example: 

auth    required    pam_tally2.so onerr=fail deny=3 unlock_time=900 root_unlock_time=900 file=/var/log/tallylog
  1. Save and close the file.
  2. Log into the vRealize Operations admin UI as the local admin user. 
  3. Select the desired node and click Take Node Offline/Online

Main Resource:

https://kb.vmware.com/s/article/2001476

Finish ūüôā

How to set a proxy for ESXi 6.7?

Hi, If you set a proxy for your vCenter version 6.7.0.46000 , and it is not working, this post is fit for you.

Today I configured a proxy from UI for vCenter version 6.7.0.46000, but it is not working.

1- login to VAMI.

Https://vcenter-ip-address:5480

Login as a root user.

2- Networking –> Proxy Settings

{This configured not working}.

What is a solution?

It has a trick.

3- Login to VAMI with SSH client like putty.

4- vi this file

/etc/wgetrc

5- Put your proxy address in this file

# You can set the default proxies for Wget to use for http, https, and ftp.
# They will override the value in the environment.
https_proxy = https://proxy_address:port/
http_proxy = http://proxy_address:port/

Finish ūüôā

Workaround instructions to address CVE-2021-44228 and CVE-2021-45046 in vRealize Operations 8.x (87076)

Hi, Today I used this workaround for solving my vRops 8.5. If you upgrade your vRops to 8.6.2, You don’t need to read this blog post.

To apply the workaround for CVE-2021-44228 and CVE-2021-45046 to vRealize Operations, perform the following steps:

For Analytic (Primary, Replica, Data), Remote Collector and Witness nodes:

  1. Log into the vRealize Operations Manager Admin UI as the local admin user.
  2. Click Take Offline under Cluster Status.

Note: Wait for Cluster Status to show as Offline.

  1. Copy the attached data-rc-witness-log4j-fix.sh and vrops-log4j-fix.sh files to the /tmp directory on all Analytic, Remote Collector and Witness nodes in the cluster using an SCP utility.
  2. Log into each Analytic, Remote Collector and Witness node as root via SSH or Console, pressing ALT+F1 in a Console to log in.
  3. Change to the /tmp directory on all nodes
cd /tmp
  1. Run the following command on all nodes to make the data-rc-witness-log4j-fix.sh script executable:
chmod +x data-rc-witness-log4j-fix.sh
  1. Run the following command on all nodes to make the vrops-log4j-fix.sh script executable:
chmod +x vrops-log4j-fix.sh
  1. Run te following command on all nodes to execute the data-rc-witness-log4j-fix.sh script:
./data-rc-witness-log4j-fix.sh


Note: Ensure there are no ERROR messages in the script output.

  1. Run the following command on all nodes to execute the vrops-log4j-fix.sh script:
./vrops-log4j-fix.sh


Note: Ensure there are no ERROR messages in the script output.

  1. Run the following command on all nodes to restart the CaSA service:
service vmware-casa restart
  1. Log into the vRealize Operations Manager Admin UI as the local admin user.
  2. Click Bring Online under Cluster Status.

Note: Wait for Cluster Status to show as Online.

Reference:

https://kb.vmware.com/s/article/87076

Finish ūüôā

How to reset the root password in vRealize Operations 8.X

Hi, I have a vRops 8.5, and I would like to show you how we can reset the root password.

  1. Log into the vRealize Operations admin UI as the local admin user. 
  2. Select the desired node and click Take Node Offline/Online.

Note: If using a single node cluster, click Take Offline under Cluster Status.

  1. In the vSphere Client, open the console of the desired node.
  2. With the console open, restart or power on the virtual machine.
  3. Type the letter e to go to the GNU GRUB edit menu.
  4. When the GRUB loader menu appears, immediately use the up and down arrow keys to navigate to the end of the line that starts with Photon OS or linux for new 8.x deployments.
  1. Add a space, then type rw init=/bin/bash which adds another option to the line.

8. Press F10.

Note: The virtual appliance starts in single-user mode.

  1. Type passwd root and follow the prompts to create a new root password.

Note: If the above command fails, try running sudo passwd root instead.

10. reboot your server.

Main Resource:

https://kb.vmware.com/s/article/2001476

Finish ūüôā

How to enable SNMP v3 manually on ESXi 7.0

Hi, I want to enable SNMP v3 manually on my ESXi 7.0.

In ESXi 5.1 and later releases, the SNMP agent adds support for version 3 of the SNMP protocol, offering increased security and improved functionality, including the ability to send informs.

As an alternative to configuring SNMP manually using esxcli commands, you can use host profiles to configure SNMP for an ESXi host. 

By default, the embedded SNMP agent listens on UDP port 161 for polling requests from management systems. You can use the esxcli system snmp set command with the –port option to configure an alternative port. To avoid conflicting with other services, use a UDP port that is not defined in /etc/services.

Procedure

1- (Optional) If you want to change the default port, you could use this command:

esxcli system snmp set --port port

2- Every SNMP v3 agent has an engine ID which serves as a unique identifier for the agent. The engine ID is used with a hashing function to generate keys for authentication and encryption of SNMP v3 messages.
If you do not specify an engine ID, when you enable the SNMP agent, an engine ID is automatically generated.

esxcli system snmp set --engineid id

Here, id is the engine ID and it must be a hexadecimal string between 5 and 32 characters long.

esxcli system snmp set --engineid 80001ADC05876457531638093177

3- SNMPv3 optionally supports authentication and privacy protocols.

Authentication is used to ensure the identity of users. Privacy allows for encryption of SNMP v3 messages to ensure confidentiality of data. These protocols provide a higher level of security than is available in SNMPv1 and SNMPv2c, which use community strings for security.

Both authentication and privacy are optional. However, you must enable authentication to enable privacy.

esxcli system snmp set --authentication protocol

Here, protocol must be either none (for no authentication), SHA1, or MD5.

esxcli system snmp set --privacy protocol

Here, protocol must be either none (for no privacy) or AES128.

esxcli system snmp set -a SHA1 -x AES128

4- You can configure up to 5 users who can access SNMP v3 information. User names must be no more than 32 characters long.

While configuring a user, you generate authentication and privacy hash values based on the user’s authentication and privacy passwords and the SNMP agent’s engine ID. If you change the engine ID, the authentication protocol, or the privacy protocol after configuring users, the users are no longer valid and must be reconfigured.

esxcli system snmp hash --auth-hash secret1 --priv-hash secret2

The produced output might be the following:

Authhash: 08248c6eb8b333e75a29ca0af06b224faa7d22d6

Privhash: 232ba5cbe8c55b8f979455d3c9ca8b48812adb97

esxcli system snmp hash -r -A password1 -X password2


Authhash: 08248c6eb8b333e75a29ca0af06b224faa7d22d6
Privhash: 232ba5cbe8c55b8f979455d3c9ca8b48812adb97 

5- Configure the user

esxcli system snmp set --user userid/authhash/privhash/security
esxcli system snmp set --users user1/08248c6eb8b333e75a29ca0af06b224faa7d22d6/232ba5cbe8c55b8f979455d3c9ca8b48812adb97/priv
ParameterDescription
useridThe user name.
authhashThe authentication hash value.
privhashThe privacy hash value.
securityThe level of security enabled for that user, which can be auth (for authentication only), priv (for authentication and privacy), or none (for no authentication or privacy).

6- (Optional) If the ESXi SNMP agent is not enabled, run the following command:

esxcli system snmp set --enable true

7- (Optional) Send a test notification to verify that the agent is configured correctly.

esxcli system snmp test
Finish :-)

Reference:

https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.monitoring.doc/GUID-2E4B0F2A-11D8-4649-AC6C-99F89CE93026.html

ESXi 7 System Storage Changes

Overview

We‚Äôve reviewed and changed the lay-out for ESXi system storage partitions on its boot device. This is done to be more flexible, and to support other VMware, and 3rd party solutions. Prior to vSphere 7, the ESXi system storage lay-out had several limitations. The partition sizes were fixed and the partition numbers were static, limiting partition management. This effectively restricts the support for large modules, debugging functionality and possible third-party components.

That is why we changed the ESXi system storage partition layout. We have increased the boot bank sizes, and consolidated the system partitions and made them expandable. This article details these changes introduced with vSphere 7 and how that reflects on the boot media requirements to run vSphere 7.

The partition sizes in vSphere 6.x are fixed, with an exception for the scratch partition and the optional VMFS datastore. These are created depending on the used boot media and its capacity.

Consolidated Partition Layout in vSphere 7

To overcome the challenges presented by using this configuration, the boot partitions in vSphere 7 are consolidated.

The ESXi 7 System Storage lay-out only consists of four partitions.

  • System boot
    • Stores boot loader and EFI modules.
    • Type: FAT16
  • Boot-banks (x2)
    • System space to¬†store¬†ESXi boot modules
    • Type: FAT16
  • ESX-OSData
    • Acts as the unified¬†location¬†to store extra (nonboot) modules, system configuration and state, and system virtual machines
    • Type: VMFS-L
    • Should be created on high-endurance storage¬†devices

The OSData partition is divided into two high-level categories of data called ROM-data and RAM-data. Frequently written data, for example, logs, VMFS global traces, vSAN EPD and traces, and live databases are referred to as RAM-data. ROM-data is data written infrequently, for example, VMtools ISOs, configurations, and core dumps.

ESXi 7 System Storage Sizes

Depending the boot media used and if its a fresh installation or upgrade, the capacity used for each partition varies. The only constant here is the system boot partition. If the boot media is larger than 128GB, a VMFS datastore is created automatically to use for storing virtual machine data.

For storage media such as USB or SD devices, the ESX-OSData partition is created on a high-endurance storage device such as an HDD or SSD. When a secondary high-endurance storage device is not available, VMFS-L Locker partition is created on USB or SD devices, but this partition is used only to store ROM-data. RAM-data is stored on a RAM disk.

ESXi 7 System Storage Contents

The sub-systems that require access to the ESXi partitions, access these partitions using the symbolic links. For example: /bootbank and /altbootbank symbolic links are used for accessing the active bootbank and alternative bootbank. The /var/core symbolic link is used to access the core-dumps.

Review the System Storage Lay-out

When examining the partition details in the vSphere Client, you’ll notice the partition lay-out as described in the previous chapters. Use this information to review your boot media capacity and the automatic sizing as configured by the ESXi installer.

A similar view can be found in the CLI of an ESXi host. You’ll notice the partitions being labeled as BOOTBANK1/2 and OSDATA.

You might notice the OSDATA partition being formatted as the Virtual Flash File System (VFFS). When the OSDATA partition is placed on a SDD or NVMe device, VMFS-L is labeled as VFSS.

Boot Media

vSphere supports a wide variety of boot media with a strong recommendation to use high-endurance storage media devices like HDD, SSD and NVMe, or boot from a SAN LUN. To install ESXi 7, these are the recommendations for choosing boot media:

  • 32GB for other boot devices like hard disks, or flash media like SSD or NVMe devices.
  • A boot device must not be shared between ESXi hosts.

Upgrading to from ESXi 6.x to ESXi 7.0 requires a boot device that is a minimum of 4 GB. Review the full vSphere ESXi hardware requirements here. As always, the VMware Compatibility Guide is the source of truth for supported hardware devices.

Legacy SD and USB devices are supported with some limitations listed below, more information in this FAQ.

  • To chose a proper SD or USB boot device, see¬†Knowledge Base article 82515.You must provide an additional VMFS volume of at least 32 GB to store the ESX-OSData volume and required VMFS datastore. If the boot device is larger than 138 GB, the ESXi installer creates a VMFS volume automatically. Delete the VMFS datastore on USB and SD devices immediately after installation to prevent data corruption. For more information how to configure a persistent scratch partition, see¬†Knowledge Base article 1033696.
  • If the VMware Tools partition is stored locally, you must redirect it to the RAM disk. For more information, see¬†Knowledge Base article 83376.
  • You must use an SD flash device that is approved by the server¬†vendor¬†for the particular server model on which you want to install ESXi on an SD flash storage device.

Main Resource

https://core.vmware.com/resource/esxi-system-storage-changes

Import or Clone a Virtual Machine with Advanced Cross vCenter vMotion

Today, my boss told me we need to move 2 virtual machines from vCenter 6.7 to vCenter 7. And we need to move 1 virtual machine from vCenter 7 to vCenter 6.7. VMware has a solution for these scenarios.

Now, for vSphere 7.0 Update 3, the feature is further enhanced to support bulk clone operation! In addition, there are some quality improvements such as a new enhanced vCenter Server connection form and a new icon.

Prerequisites

  1. Obtain the credentials for the administrator account of the vCenter Server instance from which you want to import or clone virtual machines.
  2. Verify that the source vCenter Server instances are version 6.5 or later.
  3. Verify that the target vCenter Server instance is version 7.0 Update 1c or later if you want to import virtual machines to another vCenter Server instance.
  4. Verify that the target vCenter Server instance is version 7.0 Update 3 if you want to clone virtual machines to another vCenter Server instance.

Scenario1:

Import Workflow:

In order to clone several virtual workloads from another vCenter Server to the current one, right-click on the destination host/cluster and select the ‚ÄúImport VMs‚ÄĚ action.

After that, enter the credentials of the source vCenter Server in the import connection form.

On the next screen, select the workloads that should be cloned.

When you complete the wizard, the workloads will be cloned to the destination vCenter Server.

Scenario2:

Export Workflow:

Select the virtual workloads that should be cloned to a foreign vCenter Server and click on ‚ÄúMigrate‚Ķ‚ÄĚ

On the next screen, make sure to select ‚ÄúCross vCenter Server export‚ÄĚ option.

Then, select the destination vCenter Server and, when you complete the wizard, all workloads will be cloned there.

With the enhancements to the XVM in vSphere 7.0 Update 3, users are able to perform a bulk workload clone operation between different vCenter Servers. This makes the feature more versatile and suits a variety of use cases, some of which are:

  1. Migrating/cloning VMs from an on-premise to a cloud (VMware Cloud) environment
  2. Quicker adoption of the new vSphere versions by migrating/cloning the workloads from the old vCenter Server

For a more detailed information of the usage and requirements, please see the official documentation.

Finish ūüôā

Step by Step Enable vSAN 7.0 FileService

Hi, Today i decided enable vSAN 7.0 File Service.

vSAN file service allows a vSphere admin to provision a file share from their vSAN cluster. The file share can be accessed using NFS or SMB.

1- Click on your Cluster –> Configure TAB¬† –>¬† vSAN –> Services –> File service –> Enable

2- Checklist

The following information is needed to configure file service.

  • Static IP address, subnet masks and gateway for file servers
  • DNS name for each IP address or allow the system to do a reverse DNS lookup.

For SMB share and NFS share with Kerberos Security, the following information is needed.

  • AD domain, organizational unit (optional), and a user account with sufficient delegated permissions.

I configure DNS name for each IP address

3- You can download manually or automatically File service agent, i downlload it and Manually import it. Click Browse

Select your files and Next.

4- Enter your Domain informations.

5- Enter your Networking information.

It is important configure Security setting before add it to File Service.

Go to Ntework Tab –> Select your port group or create new port group –> Advanced –> Custumize default polices configuration

Promiscuous mode and Forged transmits –> Accept

6- Choose your distributed port group name and location

7- Enter your ips and DNS names

8- Click on Finish button

Finish ūüôā