dellboy
Enthusiast
Enthusiast

vCenter server FQDN too long

Hi

I have a customer with a production vCenter 2.5u4 and ESX 3.5u4 environment. They want to install SRM, however during installation, I get the following error

Failed to generate cert: Error: Invalid Argument DR_CERT_SERVER cerfificate field is too long > 32

The FQDN for vCenter and ESX Hosts comes to 34 characters

I found VMware KB 1007458 which recommends changing the DNS record for vCenter with 32 characters or less, however I want to find out what the potential implications may be...

  • Do I have to change the computername, or just add a 32 character DNS record pointing to the 'unchanged' vCenter?

  • If I have to rename vCenter, what should I look out for, as far as potential issues (e.g. impact on other services; licensing; vCenter database; ESX Host etc)

  • If I have to rename vCenter, will i have to rename the ESX Hosts too?

Additionally, I found VMware KB 1008390 which discusses requirements for using trusted certificates with SRM, however it only talks about installing them on vCenter.

  • Would we run into the same problem during SRM install, if we kept the long FQDN, and used Windows CA certificates?

  • If we use Windows CA certificates, what do we have to generate them for (i.e. vCenter only, or for each ESX Host too)

  • Would we have to install certificates on any other hosts (ESX, VCB etc)

Lots of questions, I know, but I'm looking for a solution which will have the least impact on the customer

Thanks

Tags (2)
0 Kudos
5 Replies
Smoggy
VMware Employee
VMware Employee

Hi

first bit of info is that this 32 char limitation will be lifted in the next SRM update due later this year. to the questions:

  • Do I have to change the computername, or just add a 32 character DNS record pointing to the 'unchanged' vCenter?

Ans: if the current FQDN is > 32 char it needs to be less than this. how many characters are in the computername?

  • If I have to rename vCenter, what should I look out for, as far as
    potential issues (e.g. impact on other services; licensing; vCenter
    database; ESX Host etc)

Ans: you will need to rename some of the windows services to reflect the correct computername. this can be done by editing the ODBC DSN

  • If I have to rename vCenter, will i have to rename the ESX Hosts too?

Ans: no

  • Would we run into the same problem during SRM install, if we kept the long FQDN, and used Windows CA certificates?

Ans: you mean following process outlined in this KB article http://kb.vmware.com/kb/1008390 then yes. If your VC servers use your own signed certs then SRM must also use your own certs. The process for the SRM side is covered in this document http://viops.vmware.com/home/docs/DOC-1261

  • If we use Windows CA certificates, what do we have to generate them for (i.e. vCenter only, or for each ESX Host too)

Ans: vCenter and SRM servers. Refer to the viops site doc for example on creating the SRM certificates. also search on this forum for other useful posts on this

  • Would we have to install certificates on any other hosts (ESX, VCB etc)

Ans: no

best regards,

Lee Dilworth

dellboy
Enthusiast
Enthusiast

Hey Lee

Thanks very much for your response.

The computername is 12 characters long, and the FQDN comes to 34 characters, so it sounds like the simplest solution is to shorten the vCenter computername to 10 characters or less (note, the plan is to install SRM on the same server).

All the VMware databases are installed on a dedicated SQL server, so I won't have to reconfigure the DSNs Smiley Happy

Matt

0 Kudos
depping
Leadership
Leadership

I wouldn't run SRM on the same server as vCenter. SRM puts a lot of stress on the Server... will it be a VM or a physical host?

Duncan

VMware Communities User Moderator

-


Blogging:

Twitter:

If you find this information useful, please award points for "correct" or "helpful".

dellboy
Enthusiast
Enthusiast

Hi Duncan

It's a Dell M605 blade (2 x quad 2.4GHz 4GB RAM), looking after 6 x M605 ESX Hosts (2 x quad 2.4GHz 32GB RAM) and 15 low to medium utilised VMs.

Same setup at the other site, so the plan is for 2-way SRM on EqualLogic PS5000XV's

0 Kudos
dellboy
Enthusiast
Enthusiast

... Finally have a chance to respond

Thanks Lee for your comments - we ended up just shortening the hostname of our vCenter servers

  1. Back up the VMware databases

  2. Rename the vCenter server (WS2K3 R2) and reboot.

Much easier than implementing certificates, and required no downtime to running VMs, as would have been the case if we followed the entire process of installing vCenter certificates beforehand, as discussed in the whitepaper Replacing VirtualCenter Server Certificates

Matt

0 Kudos