vToolbelt – August 2022

byArron King 08.18.2022 vToolBelt

Hot Topics

  • A few security advisories have been released recently for VMware products.  If you operate any of these please take a few moments to review the information to see if it is applicable to your environment:
  • Sphere 6.5 and 6.7 are heading into End of General Support in just a few months – October 15th, 2022.  If your environment is still running these versions – now is the time to plan your upgrade.  Check out this Upgrade Planning Guide to help you get started.

Upcoming Events

VMware Explore
August 29 – September 1, 2022
In-Person at the Moscone Center
San Francisco, California

Same event – new name!  VMworld has become VMware Explore!

There are a variety of ways to pay for a pass.  You can use PSO Credits (24 credits per pass).  These can be purchased via OARnet.  You can also pay with a credit card and there are 2 early bird discount periods. Please refer to the link below for details.

Check out the Content Catalog to start planning your sessions!

Important Date

  • July 19th – Breakout Session scheduling begins

Learn more and Register

Continue reading “vToolbelt – August 2022”

vCenter Server Backup – Failed to create backup directory on Backup Server

byArron King 08.15.2022 VCSA

I noticed an alarm in vCenter that indicated the vCenter Server Appliance (VCSA) was having trouble backing up.  I logged into the VCSA Appliance Management interface (vCenter URL with :5480) to investigate.  When I logged in, I found the following error:

Failed to create backup directory on Backup Server

vcsa backup - failed to create directory

Thinking there was something wrong on my SFTP server, I checked the username and password, file system permissions; but could find nothing wrong. I connected to the VCSA using root on SSH, and checked the log file at /var/log/vmware/applmgmt/backup.log.  This provided some additional detail on the issue and showed the backup process was unable to authenticate to the SFTP server.

VCSA backup.log - failed to authenticate

 

 

 

I tried the SFTP command manually and found the core of the issue:

VCSA - SFTP command requires acceptance of SSH key

 

 

 

For some reason, the SSH key has changed and needs to be updated in the local SSH Known Hosts file.  Once I accepted this new key, the backup was able to complete successfully.

VCSA Backup Completed

 

 

 

 

I am not sure what would have changed the SSH key.  The only thing I can think of is that I had updated vCenter from 7.0 U3f to 7.0 U3g recently.  I have verified the host is correct.

vToolbelt – July 2022

byArron King 07.08.2022 vToolBelt

Hot Topics

  • vSphere 6.5 and 6.7 are heading into End of General Support in just a few months – October 15th, 2022.  If your environment is still running these versions – now is the time to plan your upgrade.  Check out this Upgrade Planning Guide to help you get started.

Upcoming Events

VMware Explore
August 29 – September 1, 2022
In-Person at the Moscone Center
San Francisco, California

Same event – new name!  VMworld has become VMware Explore!

Check out the Content Catalog to start planning your sessions!

Important Date

  • July 19th – Breakout Session scheduling begins

Learn more and Register

Product Support Watch

The following products are nearing the End of General Support.  You can find the full list on the VMware Lifecycle Product Matrix.

vSphere – vCenter and ESXi

  • 6.5 – 10/15/22
  • 6.7 – 10/15/22

vSAN

  • 6.5, 6.6, 6.7 – 10/15/22

NSX 

  • NSX-V (all versions) – General Support ended January 16, 2022 – Customers should migrate to NSX-T

Continue reading “vToolbelt – July 2022”

DRS in Maintenance Mode feature not supported by license

byArron King 06.17.2022 vSphere

I was helping a customer with a question they ran into after upgrading from vSphere 6.7 to 7.0 U3.  Their VMware vSphere environment upgrade was complete. They had just upgraded their licenses in the VMware Customer Connect portal.  When they applied these license keys to their vSphere hosts

DRS in Maintenance Mode License Validation Warning

they received a warning that the DRS in Maintenance Mode feature was not supported with their vSphere Enterprise Plus license.

This made me dig into my memory banks a bit and I wanted to document it so I would remember.  Maybe it will help a few others along the way…

vSphere License Keys and Upgrades

vSphere upgrades from 6.5 to 6.7 or 7.0 to 7.0 U3 are considered “point upgrades” and do not require license key upgrades

Major upgrades (from 6.x to 7.x) do require license key upgrades.

Major Upgrades and VMware Licenses

When you perform a major upgrade in vSphere, the installer triggers a short Evaluation mode that provides customers time to login to the Customer Connect portal and update license keys.

These Evaluation mode licenses include every feature available.  When a new license key is applied, and there are features that will not be supported by the license,  a prompt appears informing customers of any features that will not be available when the new license key is applied.

DRS in Maintenance Mode

DRS in Maintenance Mode refers to a feature released in vSphere 6.7 U2 for the ROBO Enterprise edition of vSphere.  This feature:

  • Automatically migrates VMs to other hosts when it enters maintenance mode
  • Creates VM-Host affinity rules.  These rules are used to automatically move the VMs back to the original host when it exits maintenance mode

vSphere Enterprise Plus licenses include the DRS and Maintenance mode capabilities.  DRS in Maintenance Mode is a separate feature entirely and this prompt can be safely ignored.

 

vToolbelt – May 2022

byArron King 05.10.2022 vToolBelt

Hot Topics

  • vSphere 6.5 and 6.7 are heading into End of General Support in just a few months – October 15th, 2022.  If your environment is still running these versions – now is the time to plan your upgrade.  Check out this Upgrade Planning Guide to help you get started.
  • VMware Explore (VMworld renamed) is now open for registration.  Learn more and Register

Upcoming Events

May VMware TAM Customer Webinar – Project Ensemble
Date: Thursday,  May 12, 2022
Time: 11am EST

Project Ensemble, announced at VMworld in 2021, will seek to unify and simplify cloud management services and data into a common data model and add intelligent and actionable business insights focused on application centric views and customized for personas who support those applications. In this webinar you will get an overview of the platform with live demonstrations of the UI and API.
Guest speaker:
John Dias – Senior Staff Technical Marketing Architect

Register

Missed a recent TAM Webinar?  You can view the last 3 webinars in the archive

Indianapolis VMUG UserCon
June 29th, 2022

The Indianapolis VMUG/UserCon is one of the largest VMware events outside of VMworld/VMware Explore. For 2022 – this event is back live and in-person!  For those in the western half of Ohio – or anyone looking to get to a live event  – make sure you check this out!

Learn more and Register

Continue reading “vToolbelt – May 2022”

Support ending for vSphere 6.5 and 6.7 in Six Months

byArron King 04.15.2022 vSphere

It may be hard to read; but the end of the road is coming for vSphere 6.5 and 6.7 in terms of General Support. These versions were released in 2016 and 2018.  vSphere 6.5 and 6.7 will run into End of General Support on 10/15/2022.  You can search for end of support dates for any VMware product on the VMware Product Lifecycle Matrix. ?

What does this mean?

vSphere is a term that generally refers to the combination of vCenter Server and the ESXi Hypervisor.  After 10/15/22, these products will transition from General Support to Technical Guidance.  In this state, support for VMware products centers around web-only support that focuses on providing links to known workarounds for less critical issues.  Phone and Zoom-based support are not available.  For the more information, refer to the VMware Product Lifecycle Policies.

If you haven’t already started planning the upgrade of your environment – now is the time to do so.  Continue reading for a few helpful tips!

Continue reading “Support ending for vSphere 6.5 and 6.7 in Six Months”

vToolbelt – April 2020

byArron King 04.06.2022 vToolBelt

Spring weather greetings from Ohio!   Anyone who lives in a climate that shifts significantly in seasons will relate – we have had 70 degree days and snow in the same week!

A lot of our schools are on spring break so the news this month is light.

Product Support Watch

The following products are nearing the End of General Support.  You can find the full list on the VMware Lifecycle Product Matrix.

  • Dynamic Environment Manager 10/2006 – 8/11/22
  • App Volumes 4 – 7/9/22
  • App Volumes 2.18 – 9/16/22
  • Identity Manager 3.3.3 – 5/11/22
  • Identity Manager 3.3.4 – 8/4/22
  • Workspace ONE UEM Console 2010 (SaaS Only) – 4/14/22
  • Workspace ONE UEM Console 2011 – 7/15/22
  • Workspace ONE Access 20.10 – 5/2/22
  • Workspace ONE UEM Console 2101 (SaaS Only) – 7/22/22
  • vRealize Automation 7.6 – 9/1/22
  • vRealize Orchestrator 7.6 – 9/1/22
  • vRealize Operations 8.1.1 – 7/9/22

 

Notes from the Field

If you are looking to get started with NSX – Check out the NSX-T Easy Adoption Guide.

Continue reading “vToolbelt – April 2020”

vToolbelt – March 2022

byArron King 03.01.2022 vToolBelt

Welcome to March everyone!  For those of us in the mid-western US, this is the moment we start looking forward to nice weather!  It’s also a time when all VMware products have LOG4J patchesavailable.  VMworld’s call for papers will be coming soon and there is generally a need and a feeling for a fresh start!

Hot topics

Product Support Watch

The following products are nearing the End of General Support.  You can find the full list on the VMware Lifecycle Product Matrix.

Horizon View / Workspace ONE

  • Dynamic Environment Manager 9.9 – 3/17/22
  • Dynamic Environment Manager 9.11 – 3/17/22
  • Dynamic Environment Manager 10/2006 – 8/11/22
  • App Volumes 4 – 7/9/22
  • Horizon 7.10 ESB – 3/17/22
  • Identity Manager 3.3.3 – 5/11/22
  • Identity Manager 3.3.4 – 8/4/22
  • Workspace ONE UEM Console 2008 – 3/15/22
  • Workspace ONE UEM Console 2010 (SaaS Only) – 4/14/22
  • Workspace ONE UEM Console 2011 – 7/15/22
  • Workspace ONE Access 20.10 – 5/2/22
  • vRealize Automation 7.6 – 9/1/22
  • vRealize Operations 8.1.1 – 7/9/22

 

Notes from the Field

The VMware Communities forum has been redesigned to provide a better experience- check it out today at  communities.vmware.com.

New version of RVTools is available – If you have never used this free tool, you should check it out.  It can be used to gather a quick inventory of your environment with some very good detail.  It also provides a quick health check tab that calls out information about long running snapshots, VMs that were removed from inventory but not from disk.  The 20 minutes it would take for you to use this tool (from download to run to review) could save you quite a bit of time and help tidy up your environment.

Continue reading “vToolbelt – March 2022”

Using OpenSSL to create certificate signing request with Subject Alternative Names

byArron King 02.28.2022 Before I Forget Certificates

Now that I had replaced the self-signed certificates in my vSphere environment, I started to wonder what other parts of my homelab could use the same treatment. While I worked on this, I learned how to use OpenSSL to generate a certificate signing request with Subject Alternative Names – and solved a problem.  Read on for the details!

LIke most homelabs, I had a number of applications and devices

  • vSphere
  • VMware Skyline
  • Realize Suite
  • Synology NAS
  • Ubiquiti Manager
  • Webmin

The vSphere environment was already done.  I was able to figure out the vRealize Suite fairly easily.    Next up was one of the NAS devices I had, and this is where I ran into trouble.  I was able to use the tools built into the Synology to generate a CSR and request a certificate from the Microsoft CA I had setup. The new certificate seemed to install fine; but the site was still showing as not trusted in my browser.  I kept seeing the error : NET::ERR_CERT_COMMON_NAME_INVALID – even though the certificate was showing up as valid.

Continue reading “Using OpenSSL to create certificate signing request with Subject Alternative Names”

Setup vCenter as Subordinate CA and Replace Host Certificates

byArron King 02.24.2022 Certificates VCSA

Updated – 3/23/22:   Added some notes to regarding Certificate Chain Ordering after working working with a customer using a certificate exported directly from the Microsoft Certificate Management Console.

I was trying to replace the self-signed certificates in my vSphere environment – for both the vCenter Server Appliance and the ESXi hosts.  The VCSA includes a Certificate Authority (VMCA) to helpSecured by SSL automate this process for larger VMware environments.

I had trouble getting it to work until I found Adrian Costea’s writings on the topic.  His blog helped clarify the process of configuring the VCSA as a subordinate CA.  Through a bit of trial and error, I was able to learn how to get vCenter to replace the certificates on ESX hosts using the newly configured CA in vCenter.

Note:  The steps listed here were performed against the VCSA using  vCenter Server 6.7 U3 with an Embedded PSC.  It was also tested against vCenter 7.0 U3.

Before you begin

It’s always a good idea to take a snapshot of vCenter before making significant changes like this.  Make sure you are taking a snapshot of vCenter the right way.  While you are at it – take a few moments and configure your vCenter Server Backup.

Continue reading “Setup vCenter as Subordinate CA and Replace Host Certificates”