Solved: Re: VCSA 6.5 Encripted vGuest will not start autom...

mprazeres183 · ‎10-26-2017

Hi Guys.
I hope that somebody of you had already worked with encription storage policy.
We do have an issue as when we deploy and then select it to be on the encription storage policy, the vGuest will not autostart if it is in the Autostart Host Configuration.

Please take a look:

As you can see, here the VM Encription Policy is active, and this Host did not Autostart.

As you see here it's not on any encription policy and this vGuests started.

So we see that we have 3 vGuests off with the Encripted drives, and we have 1 vGuest who is running without any encription.

I hope somebody can help us.

Best regards,

Marco

Check my blog, and if my answere resolved the issue, please provide a feedback. Marco Frias - VMware is my World www.vmtn.blog

jameseydoyle · ‎10-26-2017

I have never tested this functionality, but I have worked extensively with VM Encryption at VMware.

From what I understand, the VMs with the Encryption policy do not start up with the host. I suspect that this will be caused by the fact that the keys required by the host for encryption/decryption are stored in memory only and are lost when the power is removed from the host and these keys must be pushed down by vCenter first. When the host starts, the VM power-on operation takes place quite quickly, most likely before the host even connects to vCenter.

I would suggest putting a delay on the startup operation for your Encrypted VMs. Start with 60 second delay and reduce it or increase as required to get your VMs started up without issue.

View solution in original post

jameseydoyle · ‎10-26-2017

I have never tested this functionality, but I have worked extensively with VM Encryption at VMware.

From what I understand, the VMs with the Encryption policy do not start up with the host. I suspect that this will be caused by the fact that the keys required by the host for encryption/decryption are stored in memory only and are lost when the power is removed from the host and these keys must be pushed down by vCenter first. When the host starts, the VM power-on operation takes place quite quickly, most likely before the host even connects to vCenter.

I would suggest putting a delay on the startup operation for your Encrypted VMs. Start with 60 second delay and reduce it or increase as required to get your VMs started up without issue.

mprazeres183 · ‎10-26-2017

Hi jameseydoyle thanks a lot for the reply.
I already tested that too. With 120 Seconds, alsow ith over 600 Seconds just to be sure.
But nothing worked....

I'm very frustrated on this. As this is a requirement for our Embassys and Cooperation offices all over the world, as many of them run in unstable countrys where there is not everythime enough power and the Battery maight shutdown the guests, whenver then the power is back it needs to come up autoamatically otherwise this will be a horror to do that manually everywhere...

I'll wait till friday to see if there are more ideas or things I can try otherwise I willt hen open a ticket and state here what it was, I was just thinking that maybe someone may know.

Best regards,

Marco

Check my blog, and if my answere resolved the issue, please provide a feedback. Marco Frias - VMware is my World www.vmtn.blog

jameseydoyle · ‎10-26-2017

Hi Marco,

When this happens, is the vCenter also one of the machines that needs to be restarted?

mprazeres183 · ‎10-26-2017

Hi jameseydoyle ,

No the vCenter runs from another vGuest who is not attached at all to this environment.

Best regards,
Marco

Check my blog, and if my answere resolved the issue, please provide a feedback. Marco Frias - VMware is my World www.vmtn.blog

jameseydoyle · ‎10-26-2017

Could you please ensure that both the vCenter and ESXi hosts are synchronized to the same time source and show the same times.

Then please check the Tasks&Events on both the ESXi host and the vCenter to determine how long it takes the host to connect to vCenter.

On the ESXi host, find the failed power-on task and note the time.

In vCenter, note the time that the ESXi reconnects and let me know how much of a gap there is between the two events.

mprazeres183 · ‎10-27-2017

Hi,

So today I tryied someting out. I created a vGuest with no Encription and moved that one to the first vGuest to be started with the ESX Host, But set a timer so that she only starts 120 Seconds after the host is online. And then consequently the others at about 30 seconds from each. That worked out. However, I have now the issue, that the first vGuests starts immidiatelly with the Host and does not wait for the set waiting time of 120 Seconds, I also tried to set 600 Seconds just in case that the timer starts from when the ESXi Host is starting, but the vGuest on position 1, will always start automaticlly with the Host what is nogood.

I know that this is another topic, as I already said: Correct answer found. But if anyone has a clue why the vGuest is still starting with the Host and not following the directions to wait 120 seconds or 600 seconds I would appriciate to know what to do on this occassion.

Best regards,

Marco

Check my blog, and if my answere resolved the issue, please provide a feedback. Marco Frias - VMware is my World www.vmtn.blog

jameseydoyle · ‎10-27-2017

Hi Marco,

I'm glad I could help you with the encrypted VM issue. I'm not able to speak with authority about the other topic though. I would suggest opening another thread for that question. I would appreciate it if you could mark my answer as correct if you have found it solved you issue.

EDIT: Sorry, I just noticed you did that already!! 🙂

Thanks, James

All

VCSA 6.5 Encripted vGuest will not start automaticlly