vSphere 6 Lab Upgrade – vCenter Server Appliance
I tested vSphere 6 quite intensively when it was in beta, but I didn’t ever upgrade my lab – basically because I need a stable environment to work on and I wasn’t sure that I could maintain that with the beta.
Slow or failed logon to VCSA 5.5 with vCOps in the environment
Recently I encountered this problem in a customer site whereby the logon to VCSA 5.5 would either time out, or take 3-5 minutes to actually log on.
Running a netstat on the VCSA during the attempt to logon showed there was a SYN packet sent to the vCOps appliance on port 443 that never established a connection. Another check was attempting to connect using curl https://<vCOpsIP> –k – this would time out.
Ensuring connectivity to the vCOps appliance over port 443 fixed the logon timeout issue – presumably a the connection attempt holds up the logon process (single threaded?!) which causes a timeout in the logon process.
VCSA 5.5 Web Client fails to log on with “SSL certificate verification failed”
This had me scratching my head, what seemed to be a common problem wasn’t fixed by the common solution. It was actually my fault – too familiar with the product and setting things up too quickly to test.
I installed a VCSA 5.5 instance in my lab as a secondary site for some testing and during the process found I couldn’t log on to the web client – it failed with the error:
Failed to connect to VMware Lookup Service https://vCVA_IP_address:7444/lookupservice/sdk – SSL certificate verification failed.
I had a closer look at the certificate being generated and noticed that the Subject Name was malformed “CN=vc-02.definit.loca” – that led me to the network config of the VCSA. I’d entered the FQDN into the “host name” field, which was in turn being passed to the certificate generation, truncated and throwing the SSL error. Changing the FQDN back to the host name “VC-02” and regenerating the certificate resolved the issue.
If you do have to follow that process, remember to disable the SSL certificate regeneration after it’s fixed – otherwise you’ll suffer slow boot times!
I’ll put that one down to over-familiarity with the product!
vCSA 5.5 won’t join AD Domain
Just a quick post on something that was not immediately obvious when it happened to me.
When deploying vCSA 5.5 and trying to add it to the domain, I was presented with the following error.
I immediately did all the all the usual checks, making sure it had a static IP and correct DNS servers etc..
The one thing missing however was a FQDN for the hostname (in the network tab).
All I had was “vCSAname”
But what was required to join a domain was “vCSAname.domain.local”
After I applied this change the vCSA connected to the domain without a problem.
As always with these niggles its simple when you know how!