VMware Cloud Community
IvarHome
Hot Shot
Hot Shot
‎02-25-2019 09:56 AM

Why I cant move vmkernel adapter to other portgroup?

I get those errors:

-->  Network configuration change disconnected the host '192.168.12.43' from vCenter server and has been rolled back.

--> A change in the network configuration disconnected the host '192.168.12.43' from vCenter Server. The change has been rolled back.

Why its disconnected when there IS CONNECTION? VM-s have connection. This "no connection" is not true. There is some other problem. What Vmware wants?

Reply
0 Kudos
6 Replies
TheBobkin
Champion
Champion
‎02-25-2019 10:16 AM

Hello IvarHome​,

This is expected and intentional behaviour that prevents administrators from performing network changes that cause loss of availability to the Management network:

vSphere Networking Rollback

This feature can be disabled if you want and know what you are doing:

Disable Network Rollback

If it is not you intentionally making the changes to the network configuration to cause this then you should investigate whom/what is doing this (and don't disable the above or you may end up with no access when it gets changed again and doesn't rollback :smileygrin: ).

Bob

Reply
IvarHome
Hot Shot
Hot Shot
‎02-25-2019 10:35 AM

Thanx, I dont know, can I do this or not. Because I dont know why at all the connection brokes. In new portgroup, there is connection, only not through the same path, not through ESXi uplink directly, but through VM where is Mikrotik firewall in L2 mode. I tested it with some other vmkernel adapter and its moved successfully. Only there was some strange delay when ping starts working. Now I dont know how Vmware processes this. When there is some delay, then maybe move operation get some timeout and becomes between heaven and hell. When I changed VLAN in the same portgroup, it also ends with error. Not rolled back but VM-s get new VLAN but vmkernel not. When I manually synced, then this should be fixed problem and end the uncompleted operation. It wasnt doed that. How vmware at all suggest to change portgroup or vlan then. Seems vcenter isnt at all able to do this. I think its too dangerous to disable this rollback when I dont know the reason why vmware wasnt allowed me to move portgroup.......Seems only solution, I still need to set up 2 virtual firewalls in chain (probably Kerio Control, its easy to use) and use SNAT and DNAT to force vCenter to connect into second vmkernel IP and then process all needed operations.

Reply
0 Kudos
TheBobkin
Champion
Champion
‎02-25-2019 10:49 AM

Hello IvarHome​,

Provided you have DCUI access and vDS you *should* be able to manually rollback in the event that you disable rollback and your new configuration doesn't function.

So provided these are in place it is not so risky.

Resolve Errors in the Management Network Configuration on a vSphere Distributed Switch

Bob

Reply
0 Kudos
IvarHome
Hot Shot
Hot Shot
‎02-25-2019 11:02 AM

Yes, but its dirty method. I doed it 2-times before, it puts vmkernel to local switch portgroup, mover uplink to local switch and destroys all vDS info. Finally I need to restore previously saved profile, but I never dont know what can become missing.  

Reply
0 Kudos
TheBobkin
Champion
Champion
‎02-25-2019 12:23 PM

Hello IvarHome​,

This depends on what you have available - do you have any spare or redundant links that you could release so that these can be used if needed? (as opposed to stomping on configs to get out of a jam :smileygrin: )

Bob

Reply
0 Kudos
IvarHome
Hot Shot
Hot Shot
‎02-25-2019 12:36 PM

I have there also NSX with manager, controller and two edge.

>>>This depends on what you have available - do you have any spare or redundant links that you could release so that these can be used if needed? (as opposed to stomping on configs to get out of a jam )

This I dont get what you mean.

Reply
0 Kudos