VMworld 2014 Session Public Voting

So it has been a minute since my last post and I hate that this is my newest one…OK…so maybe I don’t hate it!  Anyway, the session voting is open for the public for VMworld 2014.  So in an effort to continue my last three years, here are the sessions that I have submitted, along with people like Joerg Lew (vcoportal.de) and Mike Preston (mwpreston.net):

vmworld-jbSo be sure to go vote for the above sessions so you can be one of the people I thank for making it possible for yet another year.  You can vote by going to http://www.vmworld.com/voting.jspa and casting your vote by clicking on the “Thumbs Up”.  If you don’t have an account on the VMworld site then sign up for one…it’s free! :)

I look forward to seeing some of you there!!!

ESXi 5.5, Cisco B440 M2 with 1TB+, and Cisco VIC 1280 Bug

The other day we noticed some odd behavior from some blades in a somewhat large environment.  The environment is a mix of B200 M3 and B440 M2 blades.  The oddity was random and intermittent disconnections from storage and/or full unresponsiveness in vCenter.  Something that caught my eye was the fact that it was specific to the B440 blades in the environment.  In all actuality, it was spread between multiple sites as well which lead us to believe that it was related to ESXi or the B440 blades.  We ruled out anything with storage and networking because the effects would be more widespread if that were the case.

Me being the VMware guy, I proceeded to look at it from my side of the fence.  Jumping into the logs I found a numerous amount of odd errors on the B440 blades in the vmkernel.log.  Here is a snippet of those errors:

Read More…

vCNS Manager Users and vCenter Group Authentication

Figured I would post this since it didn’t seem that this was documented anywhere.  This is in regards to utilizing a vCenter Group for authentication into the vCNS Manager UI.  Most of the time, with AD credentials, we tend to use the shortname.  For instance, VSENTIAL\james or VSENTIAL\vCNS Admins, is what we would assume would be proper for use.  When adding a vCenter User to the vCNS Manager Users it works with the shortname.  Alas, when using the same method for vCenter Group it doesn’t allow anyone to login who is part of that group.  Come to find out you need to use the FQDN in the group string.  For example, vsential.lab\vCNS Admins.

Just figured I would document this since it isn’t stated in the vCNS 5.5 documentation or anywhere else I could find.  Hope this saves someone from frustration and wasting time!  Enjoy!

SSO High-Availability Single Site and vCenter Linked-Mode

I came across an interesting bug today when deploying a linked-mode vCenter and SSO in High-Availability mode.  The installation of SSO, Inventory Service, and vCenter all went as planned…initially.  During my deployment I decided to reboot the secondary vCenter server.  Once the server came back online the VMware VirtualCenter Service failed to start along with the Management Webservices service.  OMG!  Are you serious????

So being the good engineer I went and looked at the logs to find out why.  Looking at the vpxd.log file I found the following:

2013-11-15T14:16:04.657-08:00 [05048 error 'HttpConnectionPool-000001'] [ConnectComplete] Connect failed to ; cnx: (null), error: class Vmacore::Ssl::SSLVerifyException(SSL Exception: Verification parameters:
–> PeerThumbprint: 12:03:EF:EE:17:10:29:2B:A7:14:20:8E:4E:F6:D3:88:A7:09:5F:19
–> ExpectedThumbprint:
–> ExpectedPeerName: dcamgmtvc.diginsite.net
–> The remote host certificate has these problems:
–>
–> * A certificate in the host’s chain is based on an untrusted root.
–>
–> * self signed certificate in certificate chain)
2013-11-15T14:16:04.657-08:00 [01956 error '[SSO][SsoFactory_CreateFacade]‘] Unable to create SSO facade: SSL Exception: Verification parameters:
–> PeerThumbprint: 12:03:EF:EE:17:10:29:2B:A7:14:20:8E:4E:F6:D3:88:A7:09:5F:19
–> ExpectedThumbprint:
–> ExpectedPeerName: dcamgmtvc.diginsite.net
–> The remote host certificate has these problems:
–>
–> * A certificate in the host’s chain is based on an untrusted root.
–>
–> * self signed certificate in certificate chain.
2013-11-15T14:16:04.657-08:00 [01956 error 'vpxdvpxdMain'] [Vpxd::ServerApp::Init] Init failed: Vpx::Common::Sso::SsoFactory_CreateFacade(sslContext, ssoFacadeConstPtr)
–> Backtrace:
–> backtrace[00] rip 000000018018cd7a
–> backtrace[01] rip 0000000180106c48
–> backtrace[02] rip 000000018010803e
–> backtrace[03] rip 00000001800907f8
–> backtrace[04] rip 00000000006f5bac
–> backtrace[05] rip 0000000000716722
–> backtrace[06] rip 000007f6c0cbddfa
–> backtrace[07] rip 000007f6c0cb795c
–> backtrace[08] rip 000007f6c0ee80ab
–> backtrace[09] rip 000007fb6f3cbaa1
–> backtrace[10] rip 000007fb6f0e1832
–> backtrace[11] rip 000007fb6fb2d609
–>
2013-11-15T14:16:04.658-08:00 [01956 error 'Default'] Failed to intialize VMware VirtualCenter. Shutting down…

As we can see above, it is apparent that there is some type of certificate failure.  Checking the standard things for certificate troubleshooting, I decided to verify a couple of things first.  Have a look at your vpxd.cfg and check the section of the config file.  Make sure it is pointing to the appropriate primary SSO server.  Make sure that your DNS resolution is working both forwards and reverse.  Once you have verified this, do the following:

  1. Go to C:\ProgramData\VMware\SSL
  2. Rename the ca-certificates.crt to ca-certificates.crt.old
  3. Copy the ca-certificates.crt file from the primary SSO server to this folder.  (You will find the file in the same location on your primary SSO server’s filesystem.)
  4. Restart the Inventory Service
  5. Attempt to start the VMware VirtualCenter and VMware VirtualCenter Management Webservices services

If everything was done appropriately, you should see your services come back online.  Come to find out this is a known bug with vCenter 5.5 SSO High-Availability deployments.  Basicly, the certificate that gets put in that directory is not the same certificate as the one from the primary where it should be coming from.  Hope this helps out!

1 2 3 25  Scroll to top