DefinIT Because if IT were easy, everyone would do it…


vCenter 5.1 – Configuring vCenter Linked Mode

Posted by Sam McGeown

One thing we have been meaning to do for a while but haven't got round to is getting our Virtual Center Servers into "Linked" mode - essentially to provide a single pane of glass view of our entire virtual estate. One vCenter resides on the other side of our DMZ and manages hosts isolated for security purposes. I've created an IPSec server-to-server connection and allowed that through the firewall to secure traffic between the DMZ VC and LAN VC.

For the purposes of this, let's call them and DefinIT-VC02.definit.test.


Converting vSphere Custom Attributes to Categories and Tags

Posted by Sam McGeown

In vSphere 5.1 "Tags" replace the old custom attributes to provide a way of adding metadata to vSphere objects. The "Tags" are organised into categories to "define how the tags can be applied to inventory objects". The easiest way to think of the difference is that custom attributes are "free text" and the tags are statically defined properties.

There is a wizard for converting custom attributes to tags, but it can get a bit confusing and is pretty poor - let me explain. We use four custom attributes in my current environment: CreatedBy, CreatedOn, Owner and ServiceType. CreatedBy contains the user ID of the person who created the VM, CreatedOn is the timestamp of when the VM was created, Owner is the Business Unit who own the server and ServiceType is the type of service - e.g. Active Directory, or SQL.


Site to Site VPN Tunnel traffic flow problems

Posted by Simon Eady

Firewalls being used – Sonicwall 3500 & Cisco 506e

Several months ago we relocated and it was then necessary to setup a Site to Site VPN tunnel with another network. (In this instance the other network was not directly managed by us)

Upon the creation of the tunnel and after successful traffic tests all looked well. However after several hours or less in some cases traffic stopped flowing yet both firewalls reported the tunnel as “up”. We reviewed the first and second phase settings and tweaked the Sonicwall VPN settings to hopefully remedy.

Options on the Sonicwall such as “Enable IKE Dead Peer Detection” & “Enable Keep Alive” were enabled and disabled to try and find a fix for the VPN traffic flow problem.

What was interesting during the troubleshooting process, we found that if we manually restarted the VPN tunnel it would resume with no issue, but obviously this was hardly a practical fix for our issues.

Liaising with the other site we also experimented with Phase 1 and Phase 2 Life Time settings with no success.

It was then we had a small eureka moment, we decided to check the time servers each firewall referenced. It transpired the Time Server being referenced by the Cisco Firewall was out of sync (it was an internally hosted NTS)

After the offending NTS had been re-sync’d we decided to completely recreate the VPN tunnel double checking the settings as we went along. The VPN Tunnel came up with no issues and has been stable ever since.

I would add if we encounter a problem like this again I would simply point both Firewalls to the same NTS but as one of the firewalls in this case was managed by a third party this was not an option.


vSphere HA agent for host [Host's Name] has an error in [Cluster's Name] in [Datacenter's Name]: vSphere HA agent cannot be correctly installed or configured

Posted by Sam McGeown

Here's a lesson in checking the basics! I added new ESXi 5 host to a cluster today and spent a good couple of hours troubleshooting the error:

vSphere HA agent for host [Host's Name] has an error in [Cluster's Name] in [Datacenter's Name]: vSphere HA agent cannot be correctly installed or configured

After a few basic checks, migrating the host in and out of the cluster and rebooting, I headed off to google and began troubleshooting.

Cannot install the vSphere HA (FDM) agent on an ESXi host - this article suggests that the host is in lockdown mode. This is unlikely since we don't use lockdown mode, but I checked anyway:

Get-vmhost | select Name,@{N="LockDown";E={$_.Extensiondata.Config.adminDisabled}} | ft -auto Name,LockDown

This returned false - no lockdown.

To exit lockdown mode, you can use:

(get-vmhost | get-view).ExitLockdownMode()

I spent a good amount of time going through the list on Troubleshooting VMware High Availability (HA) in vSphere which isn't entirely ESXi relevant but has some good pointers nonetheless.

I finally got to Reconfiguring HA (FDM) on a cluster fails with the error: Operation timed out, with the following gem of info:

 This issue occurs if the vSphere High Availability Agent service on the ESXi host is stopped.    

*Facepalm* - I checked the services and set the service to start and stop automatically. HA is now happily configured.

No matter how much you know, you gotta check the basics!



vMA 5: Cannot initialize property ‘ vami.DNS0.vSphere_Management_Assistant_(vMA)’

Posted by Sam McGeown

Just a quick post regarding the vSphere Management Assistant 5 - when deploying the vMA with a static IP address, you might see the following error:

vMA Error

Power On virtual machine <VM name> Cannot initialize property ' vami.DNS0.vSphere_Man- agement_Assistant_(vMA)' , since network '<network name>' has no associated IP pool configuration.

Edit the vMA virtual machine's properties and go to Options, vApp Options and select disable. Acknowledge the warning and click OK to close the VM properties.

Disable vApp Options

The vMA booted fine after that - the solution comes from this vmware communities post.


Tagged as: , , , , No Comments
Page 15 of 41« First...10...1314151617...203040...Last »