I tested vSphere 6 quite intensively when it was in beta, but I didn’t ever upgrade my lab – basically because I need a stable environment to work on and I wasn’t sure that I could maintain that with the beta.

(more…)

Recently I encountered this problem in a customer site whereby the logon to VCSA 5.5 would either time out, or take 3-5 minutes to actually log on.

Running a netstat on the VCSA during the attempt to logon showed there was a SYN packet sent to the vCOps appliance on port 443 that never established a connection. Another check was attempting to connect using curl https://<vCOpsIP> –k  – this would time out.

Ensuring connectivity to the vCOps appliance over port 443 fixed the logon timeout issue – presumably a the connection attempt holds up the logon process (single threaded?!) which causes a timeout in the logon process.

This had me scratching my head, what seemed to be a common problem wasn’t fixed by the common solution. It was actually my fault – too familiar with the product and setting things up too quickly to test.

I installed a VCSA 5.5 instance in my lab as a secondary site for some testing and during the process found I couldn’t log on to the web client – it failed with the error:

Failed to connect to VMware Lookup Service https://vCVA_IP_address:7444/lookupservice/sdk – SSL certificate verification failed.

There are several VMware KB articles about this (2033338 and 2058430) which point to regenerating the SSL certificate as the solution to this – unfortunately in my case it didn’t seem to work.

I had a closer look at the certificate being generated and noticed that the Subject Name was malformed “CN=vc-02.definit.loca” – that led me to the network config of the VCSA. I’d entered the FQDN into the “host name” field, which was in turn being passed to the certificate generation, truncated and throwing the SSL error. Changing the FQDN back to the host name “VC-02” and regenerating the certificate resolved the issue.

If you do have to follow that process, remember to disable the SSL certificate regeneration after it’s fixed – otherwise you’ll suffer slow boot times!

I’ll put that one down to over-familiarity with the product!

Just a quick post on something that was not immediately obvious when it happened to me.

When deploying  vCSA 5.5 and trying to add it to the domain, I was presented with the following error.

I immediately did all the all the usual checks, making sure it had a static IP and correct DNS servers etc..

The one thing missing however was a FQDN for the hostname (in the network tab).

All I had was “vCSAname”

But what was required to join a domain was “vCSAname.domain.local”

After I applied this change the vCSA connected to the domain without a problem.

As always with these niggles its simple when you know how!