VMware vCenter Linked Mode not supported through firewalls
This article originally started off life as a record of how I managed to get this working, as a lot of my posts do, but this time it appears I am foiled.
Last week, I had 3 vCenter Servers that appeared to be happily talking to each other in Linked Mode sharing a singe Multi-site SSO domain without any real issues. I had a single-pane-of-glass view of all 3 and I could manage them all from the one client. The reason for the 3 vCenter servers was segregation of LAN and DMZ networks: vCenter001 was in the LAN, vCenter002 sat in DMZ1 and vCenter003 sat in DMZ2.
VM Power On fails with error: cpuid.coresPerSocket must be a number between 1 and 8
Had a strange one after deploying an XP VM from a template today - the VM would not power on and threw the following error:
An error was received from the ESX host while powering on VM [VM name].
cpuid.coresPerSocket must be a number between 1 and 8
Digging around on google the error seemed to be related to over-allocating vCPUs (e.g. assigning 8 vCPUs on a VM with 4 physical CPU cores). This was a single vCPU machine on a 12 processor host, so not likely to be that! It did give me the idea that maybe the VMX had an error, so I edited the VM hardware and added an extra CPU and saved the config. I then edited it back to a single CPU and powered on the machine - it worked!
Examining the vmx showed that the coresPerSocket was set to zero which is incorrect:
cpuid.coresPerSocket = "0"
And after the change, the numvcpus setting was added and coresPerSocket updated:
cpuid.coresPerSocket = "1" numvcpus = "1"
Fortunately, it's a simple fix and once I'd updated the template, not something that will bother me again!
Installing the VMware Support Assistant
So VMware's Support Assistant is pretty awesome and it's free! I thought I'd do a quick run through of the installation and set up for anyone who was interested, it's fairly straightforward and if you raise a lot of calls or have multiple calls on the go it's a time saver!
VMware's official page for the Support Assistant is here - https://www.vmware.com/products/datacenter-virtualization/vcenter-support-assistant/overview.html
vCenter 5.1 Single Sign On Multi-Site error: User credentials are incorrect or empty
While adding an additional vCenter Server to our Multi-Site Single Sign On instance I encountered a problem as I entered the details of the existing SSO.
The error thrown was:
User credentials are incorrect or empty. Provide correct credentials.
After a couple of hours online with VMware support I took a guess at the problem. On the existing Single Sign On Configuration I have added the Active Directory domain DefinIT and in order to enable integrated authentication from the vSphere Client I moved it to the top of the list - this meant that System-Domain is no longer the default authentication domain. The SSO admin account (admin@System-Domain) is a part of that domain and so my guess is that the installer tries to authenticate using admin@definit.local rather than System-Domain, which of course failed.
Moving System-Domain back to the top of the list allowed me to install correctly, and once finished I could drop it back down to allow integrated authentication again.
DataStore conflicts with an existing DataStore in the DataCenter – Manually disabling Storage I/O Control
I ran into this issue yesterday while reconnecting hosts in our vCenter Server following a complete reinstall - the reasons for which are a long story, but suffice to say that there were new certificates and the host passwords were encrypted with the old ones.
The LUNs had been unpresented at the hardware level by the storage team, but had not been unmounted or removed from vCenter. This is *not* the way to remove storage - let me re-iterate: remove storage properly. Unfortunately in this case the storage was removed badly - doing this can lead to a condition called "All Paths Down" or APD which is best explained by Cormac Hogan (@vmwarestorage) in the article Handling the All Paths Down (APD) condition.
vSphere HA agent for host [Host's Name] has an error in [Cluster's Name] in [Datacenter's Name]: vSphere HA agent cannot be correctly installed or configured
Here's a lesson in checking the basics! I added new ESXi 5 host to a cluster today and spent a good couple of hours troubleshooting the error:
vSphere HA agent for host [Host's Name] has an error in [Cluster's Name] in [Datacenter's Name]: vSphere HA agent cannot be correctly installed or configured
After a few basic checks, migrating the host in and out of the cluster and rebooting, I headed off to google and began troubleshooting.
Cannot install the vSphere HA (FDM) agent on an ESXi host - this article suggests that the host is in lockdown mode. This is unlikely since we don't use lockdown mode, but I checked anyway:
Get-vmhost esxi001.definit.co.uk | select Name,@{N="LockDown";E={$_.Extensiondata.Config.adminDisabled}} | ft -auto Name,LockDown
This returned false - no lockdown.
To exit lockdown mode, you can use:
(get-vmhost esx001.definit.co.uk | get-view).ExitLockdownMode()
I spent a good amount of time going through the list on Troubleshooting VMware High Availability (HA) in vSphere which isn't entirely ESXi relevant but has some good pointers nonetheless.
I finally got to Reconfiguring HA (FDM) on a cluster fails with the error: Operation timed out, with the following gem of info:
This issue occurs if the vSphere High Availability Agent service on the ESXi host is stopped.
*Facepalm* - I checked the services and set the service to start and stop automatically. HA is now happily configured.
No matter how much you know, you gotta check the basics!
vMA 5: Cannot initialize property ‘ vami.DNS0.vSphere_Management_Assistant_(vMA)’
Just a quick post regarding the vSphere Management Assistant 5 - when deploying the vMA with a static IP address, you might see the following error:
Power On virtual machine <VM name> Cannot initialize property ' vami.DNS0.vSphere_Man- agement_Assistant_(vMA)' , since network '<network name>' has no associated IP pool configuration.
Edit the vMA virtual machine's properties and go to Options, vApp Options and select disable. Acknowledge the warning and click OK to close the VM properties.
The vMA booted fine after that - the solution comes from this vmware communities post.
VMware ESXi Maximum paths includes local storage
If you are close to the VMware ESXi storage path limit of 1024 paths per host, you may want to consider the following: local storage, including CD-ROMs, are counted in your total paths.
Simply because of the size and age of the environment, some of our production clusters have now reached the limit (including local paths) - you see this message in the logs
[2012-08-20 01:48:52.256 77C3DB90 info 'ha-eventmgr'] Event 2003 : The maximum number of supported paths of 1024 has been reached. Path vmhba3:C0:T4:L0 could not be added.
Upgrading to ESXi 5.0 Update 1 using VMware Update Manager
I'm currently updating a very small 4-host cluster built for a specific application within our datacentre, the hosts are IBM HS22 blades. Since we have the VMware Update Manager infrastructure in place already, I downloaded the IBM ESXi 5.0 Update 2 ISO and imported it into Update Manager, created a baseline and then applied it to the cluster. I scanned the cluster with the baseline and was issued this warning for each host:
That's fine - there is an option to remove those modules when you remediate the host.
VMware PowerCLI – Set Path Selection Policy on all LUNs for a host
Just a quick script to set the Path Selection Policy on any LUNs on a host that do not have your target policy enabled. The script sets the server to Maintenance mode first, evacuating any VMs if you are in a full DRS automated environment. While this is not strictly necessary, it was required for my production environment just to be safe.
param( [string] $vCenterServer = $(Read-Host -prompt "Enter vCenter Server Name"),
[string] $TargetPolicy = $(Read-Host -Prompt "Enter target policy (RoundRobin, Fixed or MostRecentlyUsed)"),
[string] $TargetHost = $(Read-Host -Prompt "Enter target Host"),
[switch] $WhatIf)
# Add the VI-Snapin if it isn't loaded already
if ((Get-PSSnapin -Name "VMware.VimAutomation.Core" -ErrorAction SilentlyContinue) -eq $null ) {Add-PSSnapin -Name "VMware.VimAutomation.Core"}
Connect-VIServer $vCenterServer | out-null
Write-Host "Connected to: " $vCenterServer -ForegroundColor Green
Write-Host "Target PSP: " $TargetPolicy -ForegroundColor Yellow
Write-Host
switch ($TargetPolicy) {
RoundRobin { $DisplayPolicy = "VMW_PSP_RR"; }
MostRecentlyUsed { $DisplayPolicy = "VMW_PSP_MRU"; }
Fixed { $DisplayPolicy = "VMW_PSP_FIXED"; }
default { Write-Warning "Unknown PSP selected! Please consult the help and try again."; exit }
}
Write-Host "Setting Policy to"$TargetPolicy" on "$TargetHost -ForegroundColor Green
if($WhatIf) {
$vHost = Get-VMHost -Name $TargetHost
$vHost | Set-VMHost -State Maintenance -Evacuate -WhatIf
$vHost | Get-ScsiLun -LunType "disk" -ErrorAction SilentlyContinue | where {$_.IsLocal -eq $false -and $_.MultipathPolicy -ne $TargetPolicy} | Set-ScsiLun -MultipathPolicy $TargetPolicy -WhatIf
$vHost | Set-VMHost -State Connected -WhatIf
} else {
$vHost = Get-VMHost -Name $TargetHost
Write-Host "Setting "$TargetHost" to Maintenance Mode" -ForegroundColor White
$vHost | Set-VMHost -State Maintenance -Evacuate
$vHost | Get-ScsiLun -LunType "disk" -ErrorAction SilentlyContinue | where {$_.IsLocal -eq $false -and $_.MultipathPolicy -ne $TargetPolicy} | Set-ScsiLun -MultipathPolicy $TargetPolicy
Write-Host "Exiting Maintenance mode on"$TargetHost -ForegroundColor White
$vHost | Set-VMHost -State Connected
}
Recent Comments
- Sam McGeown on PowerCLI Script to set RDM LUNs to Perennially Reserved – Fixes Slow Boot of ESXi 5.1 with MSCS RDMs
- Stu on PowerCLI Script to set RDM LUNs to Perennially Reserved – Fixes Slow Boot of ESXi 5.1 with MSCS RDMs
- ScottM on Powershell script to zip all .bak files in a folder structure, then delete the .bak
- Why secure your vSphere environment with valid SSL certificates? « DefinIT on Using the VMware SSL Certificate Automation Tool with a Microsoft Certificate Authority
- John Wiersma on PowerCLI Script to set RDM LUNs to Perennially Reserved – Fixes Slow Boot of ESXi 5.1 with MSCS RDMs
Top Posts & Pages
- Installing and Configuring OTRS 3.0.9 on Windows Server 2008 R2
- PowerShell: Recursively taking ownership of files and folders and adding permissions without removing existing permissions
- Unable to access admin shares (c$, d$, ADMIN$, IPC$) on Windows Server 2008 in a Workgroup
- Configuring a Guest wireless network with restricted access to Production VLANs
- vCenter 5.1 - Configuring vCenter Linked Mode
Categories
Qualifications
_1084_1085_thumb.jpg "MCITP Logo")
Archives
- May 2013 (2)
- April 2013 (2)
- March 2013 (2)
- February 2013 (4)
- January 2013 (1)
- December 2012 (2)
- November 2012 (3)
- October 2012 (4)
- September 2012 (1)
- August 2012 (4)
- July 2012 (1)
- June 2012 (1)
- May 2012 (1)
- February 2012 (1)
- January 2012 (4)
- October 2011 (2)
- August 2011 (1)
- July 2011 (1)
- June 2011 (2)
- April 2011 (1)
- March 2011 (7)
- February 2011 (4)
- January 2011 (1)
- December 2010 (1)
- November 2010 (3)
- October 2010 (1)
- September 2010 (5)
- August 2010 (3)
- July 2010 (5)
- June 2010 (4)
- May 2010 (2)
- April 2010 (3)
- March 2010 (6)
- February 2010 (5)
- January 2010 (1)
- December 2009 (2)
- November 2009 (1)
- October 2009 (3)
- September 2009 (3)
- July 2009 (3)
- May 2009 (1)
- April 2009 (2)
- February 2009 (2)
- January 2009 (4)
- December 2008 (2)
- November 2008 (1)
- October 2008 (3)
- September 2008 (5)
- August 2008 (1)
- July 2008 (6)
- May 2008 (8)
- April 2008 (2)
- March 2008 (1)
- February 2008 (1)
- January 2008 (1)
- November 2007 (1)
- October 2007 (1)
- July 2007 (1)
- June 2007 (6)
- May 2007 (2)