VMware Documents

Syndikovať obsah
Latest Documents in VMware Communities
Aktualizácie: pred 38 týždňov 22 hod

Unable to configure the network printer when AppStack attached with App Volumes 4.0

Ne, 04/19/2020 - 23:49

Problem description:

 

With Appstack 4.0 attached in the remote desktop, if the user tries to configure any network printer it fails with an error

"Windows Cannot connect to the printer. Operation failed with error 0x00000006"

 

On the same remote desktop, if the no appstack is attached, user is able to configure the network printer.

 

Product:

 

VMware AppVolumes 4.0

 

 

Workaround:

 

Note: First implement the action plan on a test pool or test machine before moving it to production.

 

  • Power on master VM.
  • Navigate to C:\Program Files(x86)\CloudVolumes\Agent\Config.
  • Create a new folder called "Custom"
  • Then create two folders called "app"
  • Create a notepad file, open the file and below lines:

 

exclude_registry=\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider

exclude_path=%SystemRoot%\System32\DriverStore\FileRepository
exclude_path=%SystemRoot%\INF
exclude_registry=\REGISTRY\MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers
exclude_registry=\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Printers

 

  • Save the file as snapvol.cfg. Make sure file extension is correctly set to '.cfg' not '.cfg.txt'.
  • Reboot the VM, Shutdown the VM and take a snapshot and recompose/publish the pool with this snapshot.
  • Login to the VM and you should be able to map network printers now.

 

PS: For further details or information please contact VMware App Volumes support team.

Kategórie: VMware

Tips and notes about Vmware HA

So, 04/18/2020 - 08:30

As you know one of the most important component in VMware Vsphere is HA(High Availability).

But if you want to run HA in your Datacenter, before it you must know some tips about HA, how to implement and how to configure it, in this article we wont describe how to implement HA in your cluster or how to add a host step by step, but in this article we want to say something important than "How to implement HA Component!" and you must know it before every change in your activated HA Datacenter.

First tip is about VSAN(Virtual SAN), as you know this is Vmware solution for Shared storage, and its one of an amazing features in Vmware Vsphere , but you must know some tips about it when you want run this service or component in your datacenter with HA , for example if you have a Cluster without VSAN feature, HA transfer its all data by Management Vmkernel NIC and when you enable VSAN in the cluster, HA redirect its own traffic via which vmkernel have VSAN enabled.

Another tips about VSAN and HA is, you can not enable VSAN when HA is Active, you must disable HA then enable VSAN and then re-enable HA.

Next tip is about NIC Configuration when you have VSAN and HA as a active component in your cluster, as before we say about HA traffic transfer method in the clusters with VSAN enable state, you know HA send and receive its traffic via VSAN enable NIC, but once of the important tip about this condition is "you can not edit your NIC setting as a usual " ! you can change anything of your VSAN NIC setting, but its not work properly, cause HA Agent not configured(and its not suited for such situations) to pick up new setting from VSAN NIC you newly configure it. After VSAN enabled in your cluster you must perform this step for any little change in your NIC settings:

1- Disable Host Monitoring for your cluster

2- Mack VSAN Network NIC change

3- Right click on each host in your cluster and select Reconfigure for Vsphere HA

4- Re-Enable Vsphere HA Monitoring

Next tip is about IP v6, if you want use IPv6 in your Datacenter you must know every host in your Cluster must have IPv6, you can not have a cluster with 2 host with IPv6 and 5 Host with IPv4.

Another tip about IPv6 is if you use IPv6 for your HA network, you can not set IPv4 as a Isolation Address.

To upgrade your Datacenter from IPv4 to IPv6 you must before any change in IP Address configuration, set your HA into disable state and after changes, re-enable HA.

Kategórie: VMware

NSX-T 3.0 Security Configuration Guide

So, 04/18/2020 - 01:13

  This is the VMware® NSX-T 3.0 Security Configuration Guide.This guide provides prescriptive guidance for customers on how to deploy and operate VMware® NSX-T in a secure manner.

 

Guide is provided in an easy to consume spreadsheet format, with rich metadata (i.e. similar to existing NSX for vSphere & VMware vSphere Security Configuration Guides) to allow for guideline classification and risk assessment.

 

Feedback and Comments to the Authors and the NSX Solution Team can be posted as comments to this community Post (Note: users must login on vmware communities before posting a comment).

 

Other related NSX Security Guide can be found @ https://communities.vmware.com/docs/DOC-37726

 

--The VMware NSX PM/TPM Team

Kategórie: VMware

Backing & Restoring NSX-T L2 VPN Autonomous Client Config

Pi, 04/17/2020 - 08:01

This document talks about backing & restoring NSX-T L2 VPN autonomous client configuration.

 

 

We assume you have a working NSX-T L2 VPN Autonomous Client with vlans extended to VMC SDDC.

 

 

 

To backup the configuration, login to VPN client via UI and navigate to backup/restore tab. Click on backup post entering pass phrase. It will take close to a minute and you will prompted to save backup.tar file.

 

 

 

 

Taking an assumption, the L2 VPN VM has crashed and you do not have Image backup. We need to deploy new L2 VPN and restore the configuration.

We need to make sure the old L2 VM is powered off and the new VM has correct vNic mappings

 

 

Login to the L2 VPN client via UI and click on backup/restore tab. Browse the config file, enter the credentials and hit the restore button. It will ~one minute to restore the config.

You should see a similar screenshot like below.

 

 

The connectivity should be back to Cloud VM's (on extended networks) from OnPrem.

If the new L2 VPN VM has a different management IP as compared to old L2 VPN VM ; then post reboot new L2 VPN VM will fall back to management IP as old client.

Kategórie: VMware

Migrate Skyline from My VMware to VMware Cloud Services

St, 04/15/2020 - 20:07

A large majority of customer's today access Skyline through VMware Cloud Services. VMware Cloud Services allows customers to have complete control over who can access Skyline Advisor, as well as organize data in a way that makes the most sense for their business, organization, or team. However, some of our earliest of adopters of Skyline did so before Skyline Advisor was available on VMware Cloud Services. These customers access Skyline Advisor through My VMware.

 

VMware will be disabling access to Skyline Advisor through My VMware in the near future. This article will assist customers who still access Skyline Advisor through My VMware in migrating their Skyline implementation to Cloud Services.

 

At a high-level, what's involved with migrating from My VMware to VMware Cloud Services?

 

  • You will create a Cloud Services Organization on VMware Cloud Services.
  • You will associate your support entitlement with this Cloud Services Organization. This is performed automatically, based upon the support entitlement's associated the My VMware account used to create the Cloud Services Organization.
  • You will migrate your Skyline Collectors from My VMware, to this Cloud Services Organization. This again, is performed automatically.
  • Within this Cloud Services Organization, the Skyline Advisor service will be available to you.

 

Follow these steps to migrate from My VMware to VMware Cloud Services.

 

YOU ONLY NEED TO COMPLETE THESE STEPS IF YOU ACCESS SKYLINE ADVISOR TODAY THROUGH MY VMWARE. IF YOU ARE ACCESSING SKYLINE ADVISOR THROUGH CLOUD SERVICES, WITHIN A CLOUD SERVICES ORGANIZATION, YOU DO NOT NEED TO COMPLETE THESE STEPS!

 

1. Open a web-browser, and go to https://skyline.vmware.com/get-started

 

 

 

2. Click on the Get Started button.

 

3. Log in to Cloud Services using your existing My VMware email address & password combination.

 

There are a couple of points regarding the My VMware account used to create your Cloud Services Organization. Use an account that has an active VMware support entitlement assigned to it. Skyline requires an active Production, or Premier Support contract. On that point, for customer's who have purchased Premier Support, be sure to use a My VMware account that is associated with your Premier Support contract.

 

Additionally, Skyline Advisor will display Support Requests opened under all EAs associated with the Cloud Services Organization. Therefore, use a My VMware account that is associated with all necessary EAs, for which a Support Request could be opened under.

 

See VMware KB 2011009 for more details regarding My VMware account information.

 

4. Click Create Your First Organization to create a Cloud Services Organization. If you are a member of an existing Cloud Services Organization, you can choose to migrate Skyline to an existing Cloud Services Organization. If this option is available to you, choose the Organization Name that you want to migrate Skyline to.

 

 

5. Enter the following details for your Cloud Services Organization:

 

Organization Name - Name your Organization something meaningful to both you, and VMware. This Organization name will be utilized by both you, as well as VMware, when assisting you with both proactive and reactive support.

 

The Address of your Organization.

 

During this step, your country currency, and possibly a Tax ID, will be displayed. I want to reiterate that there is no additional charge for Skyline, and the displaying of the country currency and Taxi ID is a construct of VMware Cloud Services. You can ignore both of these for the purposes of Skyline.

 

 

6. Within the Skyline Organization wizard, for Step 1 - Associate Support Entitlement; click Associate Support Entitlement. This will associate the highest tier of support entitlement for the logged-in My VMware user with your Cloud Services Organization. Click Proceed to Next Step.

 

 

7. You can skip Steps 2, 3, and 4, unless you need to deploy a new Skyline Collector.

 

8. For Step 5 - Manage existing Collectors; your already deployed Skyline Collectors should appear, with the Action to MIGRATE available to you. Click MIGRATE to migrate your Skyline Collectors from My VMware to your Cloud Services Organization. If your Skyline Collectors do not appear within Step 5 - Migrate existing Collectors, please start a discussion within the Skyline Community, and a Skyline team member will assist you with migrating your Collectors to Cloud Services.

 

 

9. At this point, as long as everything went as expected, the migration is complete, and you can begin accessing Skyline Advisor through Cloud Services, or directly by going to https://skyline.vmware.com/advisor.

Post-Migration Recommendations

Add additional individuals to your Cloud Services Organization, and to Skyline Advisor. This will allow additional individuals to view findings and recommendations, and use Log Assist for both transferring, and approving the transfer of support bundles to VMware GSS.

 

See the following resources for assistance with adding users to Cloud Services.

Kategórie: VMware

Upgrade failed: SQL Server Agent Jobs errors

Ut, 04/14/2020 - 16:29

Upgrade failed: SQL Server Agent Jobs

 

If you are upgrading your Workspace ONE UEM and then installer fails with the below errors, it might be caused by the SQL Server Agent jobs.

 

In the installer logs you might see an error as shown below: "an error occurred while the batch was being executed":

 

 

 

 

 

To solve the problem, check the properties of all SQL Server Agent jobs, and make sure that the job owner is assigned to the SQL user that runs the installer.

 

 

Restore your DB from the Backup and re-run the installer.

Kategórie: VMware

Chrome OS Troubleshooting Guide

Ut, 04/14/2020 - 03:18
Kategórie: VMware

Generating Support bundle for NSX-T L2 VPN Autonomous Client via command line

Ut, 04/14/2020 - 02:27

This document talks about generating support bundle for NSX-T L2 VPN autonomous client via command line.

 

 

SSH to L2 appliance as root and switch over to admin

 

 

To generate log bundle run below command

 

 

To view the log bundle file, exit from admin prompt and navigate to below directory. You should see the log bundle. You can now connect to L2 VPN appliance via WINSCP and copy the file.

Kategórie: VMware

Troubleshoot ESXI network with Shell

St, 04/08/2020 - 05:54

Hi everyone

 

At this little article writes about what can do Virtualization(VMware) Admins when they docent have access to GUI configuration or in the worse situations, when ESXI Network can't work properly, for example you have one NIC for Management a ESXI Server and cause any unexpected failure, NIC can't up and VSPhere web client is unreachable, and when VCenter want to control and solve this problem, Operation see an BIG-Error about Management connection to the ESXI Server xxxx lost. Maybe first think any sysadmin can do it is change the Physical NIC assigned to Management PortGroup and everything can work properly again like before fault, but when ESXI joined to a VCenter and All of other physical ports assigned to VDS Switches as a UP-Link we can't get them back in the console and assign them to the any other switch or any management change to them. In fact it is a one of situation can be occurring and sysadmins need to configure ESXI network from shell, command-line, console.

 

If anyone have this situation and he/she don't know how to manage ESXI network via console, then he/she must reinstall ESXI, restore backup and so many other solution they need to restart host or change OS reconfigure it and in the end we have so many wast time.

 

In this little Article we try to show you how to configure ESXI Networking VSwitch via console and how to use [ esxcfg-vswitch ] command.

First, for you get access to your ESXI-Shell press ALT+F1 to prompt user and password, input a user like root user and confirm to access shell.

In the next step we need to see how is the Networking map, use the [esxcfg-vswitch -l] to view V-Switches configuration and diagram in the text mode, in my lab I have one ESXI and two UP-Link or physical link and I have this output:

Switch Name: vSwitch0(Default name of ESXI first standard vSwitch ) , in this situation we haven't VCenter and we don't see any other switches like Distributed Switches or any other standard vSwitch, if we created standard switch in the ESXI Networking, there name was here.

 

Ok, and the next field is 'Num Ports' its default switch port number its 2560, in the maximum standard switches port number in a host is 4096 and 1016 Active port.

used port from 128 port is 6. And some other info like MTU and Important section for this troubleshooting is Uplink section and we have two NIC "vmnic0 , vmnic1 ".ESXI Management network need one of this physical port to work properly.

 

 

In the next step we need to delete vmnic0 from vSwitch0:

esxcfg-vswitch -U vmnic0 vSwitch0

Output:

Now ESXI have only one vmnic1 as a Active Up-Link.

 

 

create another vSwitch , of course if you have Management network in the another Vswitch and it is a Standard vSwitch, you don't need create another vSwitch and scape this step :

esxcfg-vswith -a [VSwitchName]

(for example in this lab environment I create a vSwitch mng_svsw)

esxcfg-vswitch -l:

in the next step to access Management network or ping successfully Management IP address, we need to link vmnic0 to Which switch name that exist for management purpose:

esxcfg-vswitch -L vmnic0 mng_svsw

at the last step we assign vmnic0 to Switch mng_svsw as a Up-Link.

The Uplink added successfully, just if you have vLan configuration on your switches you can set vLan on the new switch and PortGroup:

esxcfg-vswitch [switchName] -v [VLan Number] -p [PortGroupName]Example:esxcfg-vswitch mng_svsw -v 200 -p Management

Before:

VLAN ID is 0.

 

 

After VLAN Assignment:

 

 

 

VLAN ID is 200 and if your physical port on the ethernet switch is in the VLAN 200, now you must can Ping or can connect to it.

 

 

 

Set esxcfg-vswitch [Switchname] -m [MTU] #set MTU for Switch for example enable Jumbo Frame and set 9000 Byte.

esxcfg-vswitch have some other parameter can be useful to have better troubleshoot, like:

esxcfg-vswitch -c [SwitchName] #Check switch sexist or not

esxcfg-vswitch -C [PortGroupName] #Check PortGroup exist or not

Kategórie: VMware

.vmdk file cannot be opened

Ut, 04/07/2020 - 12:24

Hello,

 

I have moved from Virtualbox to VMware. My problem right now is that I don't want to create a new VM but instead move the system from VB to VMware. The system is saved as a .vmdk file. Thing is that I can add a new hard disk but apparently not a .vmdk file. I got 2 of them: "name of Virtualbox system".vmdk and "name of Virtualbox system"-flat.vmdk. It accepts the normal .vmdk file but unfortunately not the -flat.vmdk. The "flat" file is needed because that is the real VM file (since it's 100GB and that's the actual size of my system)

 

I do hope that someone can help me out. Thanks in advance!

Kategórie: VMware

DNS resolution error during SRM site pairing

Ut, 04/07/2020 - 07:13

During SRM Site pairing from OnPrem to VMC SDDC, below error might be seen

 

This document assumes that you have fresh deployment of OnPrem SRM and it has not been configured/paired with any site. If you have an existing configured/paired production/development/test OnPrem SRM instance, please contact support and do not proceed.

In the above screenshot you should have registered OnPrem vSphere Replication appliance as well however this document focuses on SRM DNS error.

 

Cloud SRM reaches out to OnPrem PSC and checks for OnPrem SRM url, to setup site pairing with.

If the OnPrem SRM is registered with hostname and not FQDN, above error might come up.

 

High level steps that we need to follow

  • Verify OnPrem SRM is registered with OnPrem PSC via hostname.
  • Unregister OnPrem SRM with OnPrem PSC
  • Change the OnPrem hostname to fqdn
  • Generate new self signed cert for OnPrem SRM
  • Register OnPrem SRM with OnPrem PSC via FQDN
  • Complete SRM site pairing operation

 

 

 

 

To verify if the OnPrem SRM is registered with hostname and not with FQDN ; navigate to OnPrem PSC by editing below url

https://vcsa11.home.local/lookupservice/mob?moid=ServiceRegistration&method=List

Change the value field as below and click on Invoke method

Try to search via OnPrem SRM hostname, FQDN registration is not seen.

 

 

 

 

 

 

Now we need to unregister OnPrem SRM from PSC. Login to SRM VAMI page >> summary tab and click on unregister

Check all the options and click on unregister

When it completes, you should see similar screen

 

 

 

 

 

 

We now need to change OnPrem SRM hostname to FQDN. Navigate to networking tab on SRM VAMI portal and click edit >> enter FQDN and hit save.

You should see new hostname on portal.

 

 

 

 

 

 

To generate new self signed OnPrem SRM cert, navigate to access tab on SRM VAMI portal and click on cert change.

Make sure SRM FQDN is seen with FQDN and right IP. Enter the organization details and click on change

Post changing the default cert, we need to refresh the browser and accept new cert. On the browser we should now see cert with FQDN.

 

 

 

 

 

Let's proceed registering OnPrem SRM with PSC. Click on the summary tab on SRM VAMI portal and click on configure appliance.

Enter OnPrem PSC details and hit next. Enter the details for name/extension ; make sure that hostname comes as FQDN and finish the wizard

We can verify now if the SRM registration on PSC comes up with FQDN

 

SRM site pairing now should not return initial error message and would go through.

Kategórie: VMware

6 Reasons Why Customers Choose Horizon 7 on VMware Cloud on AWS

Po, 04/06/2020 - 08:59

New Blog Published.

 

Many a times this questions is being asked by clients. Please refer to below blog for your perusal

6 Reasons Why Customers Choose Horizon 7 on VMware Cloud on AWS

Kategórie: VMware

Key Resources for Installing the Horizon Client

Pi, 03/27/2020 - 15:04

Below are some important links for admins and end-users on installing the Horizon Client on various devices.

 

For Admins

https://docs.vmware.com/en/VMware-Horizon-Client/index.html

 

For End-Users

Download the VMware Horizon Clients for Windows, Mac, iOS, Linux, Chrome and Android

Instructions for Installing the Horizon Client on Windows

Instructions for Installing the Horizon Client on Mac

 

After installing Horizon Client on your device and launching it, you will need to provide organization-specific information in order to connect to a remote desktop or application. This information (name of server and your organization credentials) can only be provided by your organization.

Kategórie: VMware

26 March 2020 release notes: What's New in VMware Learning Platform

Pi, 03/27/2020 - 10:00
  • PDF Lab Manuals
    VMware Learning Platform now supports the PDF document format for student lab manuals. This feature enables content creators to use external authoring tools to develop lab manuals for use in VMware Learning Platform. In addition, it provides customers who have preexisting content an additional import option. Go to Lab Management > Lab Resources > Create Lab Resource.

 

  • Detailed Billing
    The new billing dashboard provides granular usage metering of on-demand service usage. This dashboard enables Tenant Administrators to optimize usage of the service to help control cost. The new billing dashboard is available in the Tenant Management module > Billing.

 

  • Lab Replication
    With replicas, a Tenant Administrator can easily and reliably replicate vApp Lab Templates within the same region or to other geographical regions throughout the cloud. This feature helps enable several key use cases including distributing templates for high availability, remote backups, and improving performance for students by providing labs in-region.

 

  • Create User during Entitlement Creation
    This functionality introduces the ability to create a user during the entitlement creation process, without the need for the user to register for or create an account in VMware Learning Platform. This feature can be useful in one-time lab use situations, or to provide a quick hands-on demo without having the user go through the standard registration process.

 

  • Class Self-Registration
    Instructors now have the capability to enable a class for student self-registration. This feature is advantageous in scenarios where an instructor may not have the student roster well in advance of a scheduled class. During class creation the instructor simply configures the number of seats the class is intended to support, and then provides their students with a self-registration URL. No account creation is required beforehand.

Remember to keep a lookout for the new Admin User Interface if you aren’t already using it, as the old UI will be deprecated within the next few weeks!

Reference link: What's New in VMware Learning Platform

Kategórie: VMware

VMware SRM & VRM SSL Certificate Generation.pdf

Št, 03/26/2020 - 13:03
Kategórie: VMware

vm.jpeg

Št, 03/19/2020 - 13:01
Kategórie: VMware

SourceHandle of NetBufferList is set to NULL by vmxnet3.sys, which causes abnormal behavior..

Po, 03/16/2020 - 04:40

Please understand that my English is not good before starting...

 

I installed Windows 2019 server on VMWare Workstation.

And I found that there is an critical issue(maybe..?) where the network function is malfunctioning.

 

The cause is VMWare's vmxnet3.sys driver.

 

 

Look at the picture below..

 

The current state of the WFP layer is FWPM_LAYER_INBOUND_MAC_FRAME_ETHERNET.

The SourceHandle in NBL is NULL.

 

That is, the NIC information of the packet received from vmxnet3.sys cannot be obtained.

 

So I am requesting a review of the fix for this bug.

 

Thanks

Kategórie: VMware

pdf manual support with VLP

Pi, 03/13/2020 - 11:43

We are happy to introduce pdf manual support with VMware learning Platform. A manual in VLP can be created using screen-steps, Microsoft word import and a raw pdf.

 

Steps to enable pdf manual:

  1. Upload a pdf to lab resources in tenant admin
  2. Select the pdf resource in the lab (Make sure there is no manual attached to lab)
  3. Start the lab and the pdf will be rendered within the manual itself.

 

Kategórie: VMware

What's New in SRM and vSphere Replication 8.3

Ut, 03/10/2020 - 17:50

Hi All,

 

A new blog post has just been released, I found it really informative, so I thought I would share.

 

Please see the link below:

 

What's New in SRM and vSphere Replication 8.3 | VMware vSAN

 

--

Fouad

Kategórie: VMware

VMware vCenter 6.0 Migrate from Windows to Linux (VCSA 6.7) and to embedded PSC

Št, 03/05/2020 - 12:05

This is the procedure how to upgrade/migrate your Windows vCenter server 6.0U3 to Linux (VCSA) appliance 6.7U1. The setup in question has one External Platform Service Controller (PSC) with two vCenters connected to it.

Short overview:
1. Upgrade and Migrate the External PSC 6.0U3 to VMware linux appliance 6.7U1

2. Upgrade and Migrate the Windows vCenter server 6.0U3 to a VCSA 6.7U1
3. Migrate the External VMware PSC appliance 6.7U1 to embedded one in each VCSA

 

General prerequisites

0. Prerequisites (Create snapshot of the vCenter server, PSC server, vCloud Director cells and the Oracle DB):

0.0. Check the compatibility with the following products: ChargeBack Manager, NSX, Usage Meter, vCloud Director, vRealize Orchestrator, Operations Manager;

 

I. (PSC upgrade and migration to 6.7U1)

Prerequisites:

0.1. Check if the network adapter have default gateway (not persistent route); if not - add it;

0.2. Check if port 9123 is open between the vCenter server and the other server;

0.3. Ensure that there is more than 12 GB of free space on the vCenter server (where it's installed; typically in C drive);

0.4. Login locally to the host on which the vCenter server VM resides (esx01 and esx02);

0.5. Ensure DNS resolution is working on the PSCs and VCs (e.g. nslookup yourvcenter01)

0.6. Check the SSL certificate configuration (if needed change/renew the certificate with the FQDN):

0.6.1. Two ways:

0.6.1.1. Using VECS-CLI (https://kb.vmware.com/s/article/2111411)

"%VMWARE_CIS_HOME%"\vmafdd\vecs-cli entry getcert --store MACHINE_SSL_CERT --alias __MACHINE_CERT --output c:\certificates\machine_ssl.crt

0.6.1.2. Open a browser to "yourpsc.local" and open the certificate > Details tab > Copy to File... > save to desired location

0.6.1. Identify which ESXi hosts are running all of the PSC(s) and vCenter Server(s) in the SSO domain, and verify we can log into all of these ESXi hosts directly with the vSphere Client and root

0.7.2. Shutdown all PSCs and vCenter Servers in the SSO domain

0.7.3. Create backups & snapshots of these servers

0.7.4. Power on all PSC(s) & vCenter Server(s) in the SSO domain

0.7.5. Verify all services are working as expected

0.7.6. Use the certificate-manager utility on the PSC(s) and replace the Machine SSL certificate with a certificate signed by the VMCA, where the FQDN is in the Subject Alternative Name (SAN); D:\Program Files\VMware\vCenter Server\vmcad > certificate-manager > option 3 for self-signed certificates > username > password > Country (leave default) > Enter > leave default > leave default > leave default > leave default > leave default > Enter > leave default > FQDN (e.g. yourpsc.local) > Short name (e.g. yourpsc) > Y

Enter proper value for 'Country' [Default value : US] : leave default

Enter proper value for 'Name' [Default value : CA] : leave default

Enter proper value for 'Organization' [Default value : VMware] : leave default

Enter proper value for 'OrgUnit' [Default value : VMware] : leave default

Enter proper value for 'State' [Default value : California] : leave default

Enter proper value for 'Locality' [Default value : Palo Alto] : leave default

Enter proper value for 'IPAddress' (Provide comma separated values for multiple IP addresses) [optional] : leave default

Enter proper value for 'Email' [Default value : email@acme.com] : leave default

Enter proper value for 'Hostname' (Provide comma separated values for multiple Hostname entries) [Enter valid Fully Qualified Doma

in Name(FQDN), For Example : example.domain.com] :  yourpsc.local

Enter proper value for VMCA 'Name' : yourpsc

You are going to regenerate Machine SSL cert using VMCA

Continue operation : Option[Y/N] ? : Y

https://kb.vmware.com/s/article/2097936

0.7.7. Perform restart operation on the vCenter Server/s by using 'service-control --stop --all' and 'service-control --start --all'

0.7.8. Verify all services are working as expected

0.7.9. Repoint the NSX Managers (MGMT and RES; https://nsxmanager01 and https://nsxmanager02) to the PSC with the new certificate

0.7.10. Confirm the connection in Usage Meter (Edit vCenter > unselect and then select PSC); accept all new thumbprints;

0.8. Check the exclusion list of the NSX manager and see if all VMware infrastructure VMs are in the list (PSC, VCM, VCR, etc.)

0.9. Disconnect all other users before the migration and stop all unnessary services (e.g. browsers, vSphere Clients, etc.)

0.10. Add the domain user to the Enterprise Admin group

 

 

Actual Upgrade:

0. Stop the PSC and vCenter servers and create snapshot of the VMs (psc01, vcenterresource01, vcentermanagement01) and backup of the Oracle DBs

1. Mount the VCSA 6.7U1 ISO file on the vCenter server (During the next steps simultaniously steps 7-15 can be executed)

2. Go to "migration-assistant" > VMware-Migration-Assistant.exe

3. Enter the SSO credentials in the new window

4. Enter the credentials for service account

5. Enter the IP network which will be primary for the vCenter server

6. After the prechecks the wizard will stop on "Waiting for migration to start…"

7. Mount the VCSA 6.7U1 ISO file on another Windows machine (not the vCenter server) utilityserver01 > go to "vcsa-ui-installer" > win32 > installer.exe > Migrate

8. Always specify the IP not the FQDN for the vCenter server

9. In Stage 1 the new appliance will be deployed:

10. Specify in the wizard all necessary information about the source vCenter server;

11. Specify IP of the destination host on which the new VM will be deployed;

12. Specify the size of the setup (Tiny, Large, etc.);

13. Select the datastore on which the appliance will be deployed;

14. Select the appropriate network port group;

15. Enter the information about the new server appliance (name: psca01, network (temporary): PROD: 10.10.10.10, 255.255.252.0, Gateway: 10.10.10.254; DNS servers: 10.10.10.20,10.10.10.21; etc.);

16. Add the new VM (Linux appliance) to the exclusion list inside the Management NSX (NSX > Firewall Settings > Exclusion List > Add > Select the new object > arrow > OK)

17. Stage II - Copy the data and finish the process by automatically shut down the source vCenter server:

18. Enter service account credentials for Ad;

19. Select Configuration and historical data (Events);

20. Deselect "Join the VMware's Customer Experience Imprevement Program";

21. Select "I have backed up the source vCenter server and all the required data from the database";

22. Click "Finish" > OK (after the migration the source (Windows vCenter server) will shut down);

23. Check the status of the new PSC Appliance server.

24. Re-register the PSC and the vCenter server in Usage Meter, vCloud Director, vRO, NSX Manager (Using web Interface)

25. Rename the old vCenter server VM and disconnect the network adapters

26. Rename the new Linux Appliance to the original VM's name

27. Billing team to check the integration of ChargeBack

28. Setup the FTP backup through the VAMI interface

29. Check if all services are working: (vCenter server (if you can login using the Web Console with domain credentials), ChargeBack Manager, NSX (check the status in the Web console of NSX manager and also in vCenter server), Usage Meter (re-establish the connection with PSC and vCenter servers), vCloud Director (refresh the connection with the vCenter server), vRealize Orchestrator, Operations Manager)

 

II. (vCenter Upgrade and migration to VCSA 6.7U1)

Prerequisites:

0.1. Check if in "Local Security Policy" > Local Policies > User Rights Assignment > Replace a process level (token) Assignment > Add User or Group (add the service account);

0.2. Check if the network adapter have default gateway (not persistent route); if not - add it;

0.3. Check if the OOB address of the utility server has DNS record in SDI; if not: submit request to SDI;

0.4. Check if port 9123 is open between the vCenter server and the other server;

0.5. Prepare the future monitoring change;

0.6. Prepare FTP server for backup of the vCenter server;

0.7. Ensure that there is more than 12 GB of free space on the vCenter server (where it's installed; tipically in C drive);

0.8. Ensure no 5.5 objects still exist. This includes ESXi hosts, Host profiles, DVS, and any vmfs3 volumes. Upgrade or remove them beforehand if they do;

0.9. Login locally to the host on which the vCenter server VM resides (esx01 and esx02);

0.10. Stop and unregister the Update Manager: https://communities.vmware.com/thread/592318

0.10.1. Stop Update manager service & disable the UM plugin

0.10.2. Remove the UM extension from vCenter MOB page by following below VMware KB article https://kb.vmware.com/s/article/1025360

0.10.3. Extension for UM: com.vmware.vcIntegrity;

0.11. Unregister the VSC (NetApp plugin) and SnapCenter plugin; com.netapp.nvpf and com.netapp.nvpf.webclient and com.zerto.plugin

0.12. Ensure DNS resolution is working on the PSCs and VCs (e.g. nslookup vcentermanagement01)

0.13. Make sure that every component (VCs, PSCs, Source/Destination ESXi hosts) are in time sync:

0.13.1. Windows cmd: w32tm /query /configuration

0.13.2. Windows cmd: w32tm /query /status

0.13.3. Windows cmd: Time /T

0.13.4. VMware ESXi: check the time servers entered in the config: Configuration > Time Configuration > Properties

0.14. Set DRS automation to manual on the cluster the new appliance will be created.

0.15. vSphere Client (6.0U3) should be installed on the UTL server before the migration (in this way we can access locally the ESXi hosts)

0.16. Check the exclusion list of the NSX manager and see if all VMware infrastructure VMs are in the list (PSC, VCM, VCR, etc.)

0.17. Enable TLS 1.2 for Windows Server 2008 R2.1.

0.17.1. Navigate to the registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols

0.17.2. Create a new folder (New Key) and label it TLS 1.2.

0.17.3. Create two new keys with the TLS 1.2 folder, and name the keys Client and Server.

0.17.4. Under the Client key, create two DWORD (32-bit) values, and name them "DisabledByDefault" and "Enabled".

0.17.5. Under the Server key, create two DWORD (32-bit) values, and name them "DisabledByDefault" and "Enabled".

0.17.6. Ensure that the Value field is set to 0 and that the Base is Hexadecimal for "DisabledByDefault".

0.17.7. Ensure that the Value field is set to 1 and that the Base is Hexadecimal for "Enabled".

0.17.8. Reboot the Windows Server 2008 R2 computer.

0.18. Disconnect all other users before the migration and stop all unnessary services (e.g. browsers, vSphere Clients, etc.)

0.19. Deploy a new Edge Gateway and configure NAT rule for OOB IP address

 

 

Upgrade:

0. Stop the vCenter Servers and vCDs (Create snapshot of the vCenter server, PSC server, vCloud Director cells and the Oracle DB)

1. Mount the VCSA 6.7U1 ISO file on the vCenter server

2. Go to "migration-assistant" > VMware-Migration-Assistant.exe

3. Enter the SSO credentials in the new window

4. Enter the credentials for service account

5. Enter the IP network which will be primary for the vCenter server

6. After the prechecks the wizard will stop on "Waiting for migration to start…"

7. Mount the VCSA 6.7U1 ISO file on another Windows machine (not the vCenter server) utilityserver01 > go to "vcsa-ui-installer" > win32 > installer.exe > Migrate

8. Always specify the IP not the FQDN for the vCenter server

9. In Stage 1 the new appliance will be deployed:

10. Specify in the wizard all necessary information about the source vCenter server;

11. Specify IP of the destination host on which the new VM will be deployed;

12. Specify the size of the setup (Tiny, Large, etc.);

13. Select the datastore on which the appliance will be deployed;

14. Select the appropriate network port group;

15. Enter the information about the new server appliance (name: vcsa01, network (temporary): PROD: 10.10.10.10, 255.255.252.0, Gateway: 10.10.10.254; DNS servers: 10.10.10.20,10.10.10.21; etc.);

16. Add the new VM (Linux appliance) to the exclusion list inside the Management NSX (NSX > Firewall Settings > Exclusion List > Add > Select the new object > arrow > OK)

17. Stage II - Copy the data and finish the process by automatically shut down the source vCenter server:

18. Enter service account credentials for Ad;

19. Select Configuration and historical data (Events);

20. Deselect "Join the VMware's Customer Experience Imprevement Program";

21. Select "I have backed up the source vCenter server and all the required data from the database";

22. Click "Finish" > OK (after the migration the source (Windows vCenter server) will shut down);

23. Check the status of the new vCenter Appliance server.

24. Re-register the PSC and the vCenter server in Usage Meter, vCloud Director, vRO, NSX Manager (Using web Interface)

25. Rename the old vCenter server VM and disconnect the network adapters

26. Rename the new Linux Appliance to the original VM's name

27. Billing team to check the integration of ChargeBack

28. Setup the FTP backup through the VAMI interface (e.g. https://vcentermanagement01.local:5480)

29. Check if all services are working: (ChargeBack Manager, NSX (check the status in the Web console of NSX manager and also in vCenter server), Usage Meter (re-establish the connection with PSC and vCenter servers), vCloud Director (enable the integration (only Resource vCenter server); refresh the connection with the vCenter server), vRealize Orchestrator, Operations Manager)

30. Register vRealize Orchestrator plugin using this article: https://docs.vmware.com/en/vRealize-Orchestrator/7.2/com.vmware.vrealize.orchestrator-install-config.doc/GUID-2E89186B-E44F-4124-8848-82002BA6BBA6.html

31. Check if the NSX agents on the hosts are up and running properly (and if they are up-to-date version 6.4.4)

 

https://vspherecentral.vmware.com/t/vcenter-server/vcenter-lifecycle-install-upgrade-and-migrate-3/windows-vcenter-server-6-5-external-migration-to-vcsa-6-7

 

 

Rollback: https://kb.vmware.com/s/article/2146453

1. Power off the new Platform Service Controller Appliance.

2. Power back the PSC (SSM server); Rejoin the server to the domain;

3. Verify that all Single Sign-On services are up and running.

4. Power off the vCenter Server Appliance.

5. Ensure the vCenter database is available if using an external database.

6. Power back the vCenter server.

7. Wait for all vCenter Server services to start and log in to the vSphere Web Client to verify your vSphere inventory.

 

 

III. Migrate External PSC to Embedded one

Prerequisites:

0.0. Login locally to the ESXi hosts in the management vCenter server.

0.1. Stop/change the VAMI backup of the VCM, VCR and SSM linux appliances using disable option: https://yourvcenter.local and https://vcentermanagement01.local and https://yourpsc01.local

 

 

1. From Usage Meter (https://usagemeter01.local:8443/um) products > Delete vCenter yourvcenter.local, vcentermanagement01.**.local

2. Put suppression in Monitoring system

3. Disable vCenter in the respective for the environment vCloud Director.

4. Shutdown vCenter servers vcenterresource01, vcentermanagement01 and the PSC psc01 from the ESXi hosts;

5. Create new series of snapshots for vcenterresource01, vcentermanagement01, psc01.

6. Power ON psc01. After several minutes power on vcenterresource01

7. Copy the converge tool from the ISO file VMware-VCSA-all-6.7.0-11726888.iso\vcsa-converge-cli\ to utility Windows server

8. Copy the template (vcsa-converge-cli/templates/) to the folder where vcsa-util resides

• converge.json

9. Edit the converge.json:

{

    "__version": "2.11.0",

    "__comments": "Template for VCSA with external Platform Services Controller converge",

        "vcenter": {

            "description": {

               "__comments": [

                       "PR",

                    "vcentermanagement01, vcenterresource01 and psc01"

                ]

            },

            "managing_esxi_or_vc": {

                "hostname": "esx01.local",

                "username": "root",

                "password": "pass"

            },

            "vc_appliance": {

                "hostname": "vcentermanagement01",

                "username": "administrator@vsphere.local",

                "password": "pass",

                "root_password": "pass"

            },

            "ad_domain_info": {

                "__comments": [

                    "Important Note: This section is needed only when PSC (Platform Services Controller) appliance is joined to a domain.",

                    "Remove this section if PSC appliance is not joined to a domain.",

                    "Keeping this section without valid values results in JSON validation errors."

                ],

                "domain_name": "pr.local",

                "username": "user",

                "password": "pass"

            }

        }

}

 

 

10. Go to \vcsa-converge-cli\win32

11. Run "vcsa-util.exe converge --no-ssl-certificate-verification --backup-taken --verbose D:\Support\converge.json"

12. When the procedure has been completed, type y to reboot the appliance. After rebooting the vCSA, the converge process has been completed

!Hint: on successful converge after login to the VAMI interface of vCenter you should see "Type: vCenter Server with an embedded Platform Services Controller"

13. Configure the backup of the VCSA using the VAMI interface:

14. Reconfigure the NSX Manager configuration: https://10.10.10.30/home.html#/manage/components/vshield > Manage vCenter Registration > Edit > Repoint to the new embedded PSC (yourvcenter.local)

15. Reconfigure the Usage Meter: https://usagemeter01.local:8443/um/ > Products > Show Inactive vCenter Servers > Activate vcentermanagement01.local > Un-check External PSC > Save.

16. Repeat the steps above for VCR

17. Shut down the PSC machine and disconnect the virtual adapters

18. Enable vCenter in vCloud Director.

 

https://kb.vmware.com/s/article/59508

https://kb.vmware.com/s/article/59907

https://kb.vmware.com/s/article/68052

https://kb.vmware.com/s/article/68086

https://kb.vmware.com/s/article/68159

https://kb.vmware.com/s/article/70420

https://kb.vmware.com/s/article/70781

https://kb.vmware.com/s/article/74678

Kategórie: VMware