All Posts

is there a way to prepopulate the password - I've tried and get PASSWORD_STR cant use passwords on the command line error Manual entry of the password seems to be the only way - 
Hi All, how to identify the Bootable LUN details of ESXI host using script for multiple ESXI HOST on Vcenter, whether they are booting from SAN Lun (3PAR)  or local disk...?? Thanks, Kumar
Hi All Query – Licencing for VMware Cross vCenter Migration. Question - Do all ESXi hosts in source vcenter and all ESXi hosts in destination vcenter require Enterprise plus licencing to hot mi... See more...
Hi All Query – Licencing for VMware Cross vCenter Migration. Question - Do all ESXi hosts in source vcenter and all ESXi hosts in destination vcenter require Enterprise plus licencing to hot migrate VMs? Or can you just licence the hosts you want to cross vcenter migrate between, such as 1 host in source and 1 host in destination?  Reference – To vMotion powered-on virtual machines with the Advanced Cross vCenter vMotion feature, you must have a vSphere Enterprise Plus license on both the source and destination vCenter Server instances To migrate powered-off virtual machines with the Advanced Cross vCenter vMotion feature, you must have a vSphere Standard license. https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-vcenter-esxi-management/GUID-DAD0C40A-7F66-44CF-B6E8-43A0153ABE81.html
We used VMware vCenter Server version 7.0.2. We regenerated STS Signing Certificate via using fixsts.sh script as showed in (https://kb.vmware.com/s/article/76719) article. Then we followed that arti... See more...
We used VMware vCenter Server version 7.0.2. We regenerated STS Signing Certificate via using fixsts.sh script as showed in (https://kb.vmware.com/s/article/76719) article. Then we followed that article (https://kb.vmware.com/s/article/2112283) for regeneration of VMCA Root Certificate, Machine Certificate and other kind of certificates. We tried option 8, then option 4 in /usr/lib/vmware-vmca/bin/certificate-manager location. Also, we tried both options seperately to get different results. After we tried to reach our vSphere Client via using web browser, we can not access. After that, we checked services that worked in that time, we faced some of services can not open even if we wait 2-3 hours more. Could you help us to solve this regeneration and services process before it is expire?
i finally got it resolved via vmware support. after 3 sessions of doing things he gave me a script to run on the vcenter with the error and it basically rebuilds and resyncs the SSO relationship wit... See more...
i finally got it resolved via vmware support. after 3 sessions of doing things he gave me a script to run on the vcenter with the error and it basically rebuilds and resyncs the SSO relationship with the other vcenter i have attached the script, use at your own risk but it worked fine for me.  recommend doing a cold snapshot of both vcenters first, boot them both up, wait for all services to be running and then run this script on the vcenter with the vmdir error he also said he is seeing more and more of this problem so it will likely get fixed in future vcenter builds - its a bug, i did not touch or modify this script that was provided via official vmware support but you can also read through it to see what it's doing. i hope this helps others!  
I'm still having this issue, I have removed the previously staged update and staged 8.0.2.00100 instead, but no difference. I noticed that I was having issues logging in even though I was fairly cer... See more...
I'm still having this issue, I have removed the previously staged update and staged 8.0.2.00100 instead, but no difference. I noticed that I was having issues logging in even though I was fairly certain I had the right password. I reset the vCenter password and set it to never expire, but this did not fix my issue. Anyone else make any progress?
Duo just released version 2.2.0 of the Duo for ADFS application that addresses this issue.  Release Notes: https://duo.com/docs/adfs-notes#version-2.2.0-november-8,-2023
@slavonac Thank you!!
Thank you for sharing.  The IP worked for me too! 
vSphere : 7.0.3.01400 I run a powercli to clone a template. the clone builds, reboots it waits some time logged in as the admin : I check hostname: it is named after the template host name reboo... See more...
vSphere : 7.0.3.01400 I run a powercli to clone a template. the clone builds, reboots it waits some time logged in as the admin : I check hostname: it is named after the template host name reboots looks something like sysprep... check hostname : random letters and numbers Correct hostname is not supplied     Name and target OS   Rename OS   Generate SID   RunOnce Script Target OS   Windows   Generate SID Computer name   Use the virtual machine name Admin Pass   auto logon: 1 Commands to run once: "%SystemRoot%\\System32\\WindowsPowerShell" -command "c:\\RunOnce\\VMCustomizationScript.ps1"  
Hi everyone. We use the CLI to upgrade VCenter from 8.0.1 to 8.0.2a, but it failed in the post install stage. The CLI output is: Command> software-packages install --staged update is already stage... See more...
Hi everyone. We use the CLI to upgrade VCenter from 8.0.1 to 8.0.2a, but it failed in the post install stage. The CLI output is: Command> software-packages install --staged update is already staged. Proceeding to install. Installing version: 8.0.2.00100 Running precheck .... Validating user input .... Set vmdir maintenance mode .... Taking LVM Snapshot based vCenter backup .... Preparing system for update .... Stopping services .... Setting up appliance-photon repo and installing RPMS. .... Installing containers .... Converting data as part of post install .... Installation failed. Retry to resume from the current state. Or please collect the VC support bundle. Mismatch: summary: Internal error occurs during execution of update process. resolution: Send upgrade log files to VMware technical support team for further assistance. The PatchRunner Log shows this: I NFO service_manager The service vmware-vpxd has been already started vtsdb:Patch INFO vmware_b2b.patching.utils.reporting_utils Setting global ReportingFactory with identifier - vtsdb:Patch vtsdb:Patch INFO extensions Found patch hook <module 'vtsdb' from '/storage/updatemgr/software-updateqxe7sa2t/stage/scripts/patches/payload/components-script/vtsdb/__init__.py'>:Patch' vtsdb:Patch INFO extensions Executing patch hook '<module 'vtsdb' from '/storage/updatemgr/software- ]updateqxe7sa2t/stage/scripts/patches/payload/components-script/vtsdb/__init__.py'>:Patch' with context <patch_specs.PatchContext object at 0x7fa6aac33ca0>. vtsdb:Patch INFO vtsdb.utils Running ['/opt/vmware/vpostgres/current/bin/psql', '--version'] vtsdb:Patch INFO vtsdb.utils Current major version: 14 vtsdb:Patch INFO vtsdb Check if additional disks are available for vtsdb and vtsdb_log vtsdb:Patch INFO vtsdb Command return code: 0 vtsdb:Patch INFO vtsdb Disk count is: 2 vtsdb:Patch INFO vtsdb Check if pg_upgrade is required vtsdb:Patch INFO vtsdb.utils Checking if in place pg_upgrade is required vtsdb:Patch INFO vtsdb In place PG Upgrade is required vtsdb:Patch INFO vtsdb.utils Initialize new data directory using initdb vtsdb:Patch ERROR vmware_b2b.patching.executor.hook_executor Patch hook 'vtsdb:Patch' failed. Traceback (most recent call last): File "/storage/updatemgr/software-updateqxe7sa2t/stage/scripts/patches/py/vmware_b2b/patching/executor/hook_executor.py", line 74, in executeHook executionResult = systemExtension(args) File "/storage/updatemgr/software-updateqxe7sa2t/stage/scripts/patches/libs/sdk/extensions.py", line 106, in __call__ result = self.extension(*args) File "/storage/updatemgr/software-updateqxe7sa2t/stage/scripts/patches/libs/sdk/extensions.py", line 123, in _func return func(*args) File "/storage/updatemgr/software-updateqxe7sa2t/stage/scripts/patches/payload/components-script/vtsdb/__init__.py", line 135, in patch raise Exception('Inplace pg_upgrade failed') Exception: Inplace pg_upgrade failed ERROR vmware_b2b.patching.phases.patcher Patch hook Patch got ComponentWrapperError. Traceback (most recent call last): File "/storage/updatemgr/software-updateqxe7sa2t/stage/scripts/patches/py/vmware_b2b/patching/phases/patcher.py", line 208, in patch _patchComponents(ctx, userData, statusAggregator.reportingQueue) File "/storage/updatemgr/software-updateqxe7sa2t/stage/scripts/patches/py/vmware_b2b/patching/phases/patcher.py", line 90, in _patchComponents executeComponentHook(Hook.Patch, ctx, c, userData, reportingQueue) File "/storage/updatemgr/software-updateqxe7sa2t/stage/scripts/patches/py/vmware_b2b/patching/executor/execution_facade.py", line 97, in executeComponentHook result = executeHook(c.patchScript, hook, args, File "/storage/updatemgr/software-updateqxe7sa2t/stage/scripts/patches/py/vmware_b2b/patching/executor/execution_facade.py", line 53, in executeHook result = executor.executeHook(scriptFile, hook, args, reportQueue, reportIdentifier) File "/storage/updatemgr/software-updateqxe7sa2t/stage/scripts/patches/py/vmware_b2b/patching/executor/hook_executor_process.py", line 119, in executeHook raise ex patch_errors.ComponentError WARNING root stopping status aggregation... ERROR __main__ Patch vCSA failed Thanks for any suggestion in advance.
Hi I need to shutdown all the hosts in a DRS/HA cluster but I'm not able to enable MAINTENACE mode because the vCLS VMs are powerd on. How can I do?  
my case is that I cloned esxi host in vmware workstation, and the clone has the same mac, so the vCenter on one of the esxi host cannot add the other esxi host...
  The problem happened when I was trying to install stage 2. It ended up at 53% every time I try. It says : A problem occurred while - Starting Service Account Management Service... Encountered a... See more...
  The problem happened when I was trying to install stage 2. It ended up at 53% every time I try. It says : A problem occurred while - Starting Service Account Management Service... Encountered an internal error. Traceback (most recent call last): File "/usr/lib/vmware/site-packages/cis/cisreglib.py", line 249, in securityctx_modifier yield File "/usr/lib/vmware/site-packages/cis/cisreglib.py", line 588, in _doLogin ds_sessionmgr.LoginBySamlToken() File "/usr/lib/vmware/site-packages/pyVmomi/VmomiSupport.py", line 556, in <lambda> self.f(*(self.args + (obj,) + args), **kwargs) File "/usr/lib/vmware/site-packages/pyVmomi/VmomiSupport.py", line 368, in _InvokeMethod return self._stub.InvokeMethod(self, info, args) File "/usr/lib/vmware/site-packages/pyVmomi/SoapAdapter.py", line 1481, in InvokeMethod raise obj # pylint: disable-msg=E0702 pyVmomi.VmomiSupport.vmodl.fault.SecurityError: (vmodl.fault.SecurityError) { dynamicType = <unset>, dynamicProperty = (vmodl.DynamicProperty) [], msg = '', faultCause = <unset>, faultMessage = (vmodl.LocalizableMessage) [] } During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/lib/vmidentity/firstboot/svcaccountmgmt-firstboot.py", line 64, in registerSvcAccountMgmtWithLookupService dynVars=dynVars) File "/usr/lib/vmware-cm/bin/cloudvmcisreg.py", line 710, in cloudvm_sso_cm_register serviceId = do_lsauthz_operation(cisreg_opts_dict) File "/usr/lib/vmware/site-packages/cis/cisreglib.py", line 1149, in do_lsauthz_operation authz_client.load_privs(privs_obj_list) File "/usr/lib/vmware/site-packages/cis/cisreglib.py", line 667, in load_privs self._authz_intservice.AddOrUpdatePrivileges(priv_obj_list) File "/usr/lib/vmware/site-packages/pyVmomi/VmomiSupport.py", line 556, in <lambda> self.f(*(self.args + (obj,) + args), **kwargs) File "/usr/lib/vmware/site-packages/pyVmomi/VmomiSupport.py", line 368, in _InvokeMethod return self._stub.InvokeMethod(self, info, args) File "/usr/lib/vmware/site-packages/pyVmomi/SoapAdapter.py", line 1710, in InvokeMethod self._CallLoginMethod() File "/usr/lib/vmware/site-packages/pyVmomi/SoapAdapter.py", line 1771, in _CallLoginMethod self.loginMethod(self.soapStub) File "/usr/lib/vmware/site-packages/cis/cisreglib.py", line 588, in _doLogin ds_sessionmgr.LoginBySamlToken() File "/usr/lib/python3.7/contextlib.py", line 161, in __exit__ raise RuntimeError("generator didn't stop after throw()") RuntimeError: generator didn't stop after throw() During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/lib/vmidentity/firstboot/svcaccountmgmt-firstboot.py", line 116, in main svcAccountMgmtFb.firstbootAction() File "/usr/lib/vmidentity/firstboot/svcaccountmgmt-firstboot.py", line 43, in firstbootAction self.startService() File "/usr/lib/vmidentity/firstboot/svcaccountmgmt-firstboot.py", line 38, in startService self.registerSvcAccountMgmtWithLookupService() File "/usr/lib/vmidentity/firstboot/svcaccountmgmt-firstboot.py", line 73, in registerSvcAccountMgmtWithLookupService traceback.format_exc()))) File "/usr/lib/vmware/site-packages/cis/l10n.py", line 75, in localizedString l10nMsg = L10nMessage(msgMeta, args) File "/usr/lib/vmware/site-packages/cis/msgL10n.py", line 214, in __init__ raise ValueError("Invalid L10nMessage metadata %s", msgMeta) ValueError: ('Invalid L10nMessage metadata %s', (<cis.msgL10n.MessageMetadata object at 0x7ff75273ffd0>,)) Resolution: This is an unrecoverable error, please retry install. If you encounter this error again, please search for these symptoms in the VMware Knowledge Base for any known issues and possible resolutions. If none can be found, collect a support bundle and open a support request.    
Hello, I'm sorry but I don't agree, there is no real need to bother with an infrastructure centered around the "Active Directory" services to provide DNS, DHCP and NTP services, this can be achiev... See more...
Hello, I'm sorry but I don't agree, there is no real need to bother with an infrastructure centered around the "Active Directory" services to provide DNS, DHCP and NTP services, this can be achieved by using a LINUX distribution set up for that one and only purpose and/or the capabilities of many barely decent network devices. This is without prejudice to the fact that, as others have pointed out, moreover explained in a BLOG, it is possible to deploy a vCenter object in a context where DNS and NTP services are unavailable. Regards, Ferdinando
I have assigned the administrator role to my VMAdmins AD group however it does not appear that those users are able to perform all activities that I would deem as administrative.  Can someone please ... See more...
I have assigned the administrator role to my VMAdmins AD group however it does not appear that those users are able to perform all activities that I would deem as administrative.  Can someone please let me know if the following behaviour is expected or is something wrong? 1) Recent Tasks were not updating (I did a migrate and did not see anything change in the recent task list).  When I went to tasks it looked like the task was frozen as "Performing pre-checks" and I was unable to cancel the task (mouse cursor changed to a red icon when I moused over the x). a) I also noticed that there was a recent task stuck at "queued" for reconfiguration of a vCLS..... VM and when I clicked on it to see what was going on I was presented with a message stating that I did not have access to see this (see attached). b) When I logged off of my admin AD user and back on as the admin@vsphere.local user I saw that the migrate was actually at 30% so I believe it was progressing even though the AD Admin user was not seeing any progress. 2) Unable to do any configuration in the SSO Administration page ("You have no privileges to view this object"). 3) Unable to see Deployment->System Configuration Thank you for any help.
Hello, The issue is a little more complex than simply evaluating how a version 8.x vCenter object behaves because you have to consider the relationships/iterations that exist with other products f... See more...
Hello, The issue is a little more complex than simply evaluating how a version 8.x vCenter object behaves because you have to consider the relationships/iterations that exist with other products from both VMware and any third parties. Before embarking on the undertaking it is always advisable to consult the available compatibility matrices first, it can help you avoid many potential problems from the start. From my very personal point of view, if you have adequate time and means, the only way to gain confidence in such a case is to try to build an IT laboratory which, albeit within certain limits, reproduces the specifics of your vSphere infrastructure as faithfully as possible. Regards, Ferdinando
Our production environment is happily humming along; we have a single VCSA (Version: 7.0.3 Build: 22357613), multiple datacenters, a couple hundred VMs.  I'd like to install and mess around with VCS... See more...
Our production environment is happily humming along; we have a single VCSA (Version: 7.0.3 Build: 22357613), multiple datacenters, a couple hundred VMs.  I'd like to install and mess around with VCSA version 8.x to get to know it and understand what (if anything) will change in our environment if I upgrade our current VCSA.  I'm at a loss to figure out how to do this without messing with or upgrading our current installation....suggestions? Thanks!
When trying to stage the critical updates to my host I am getting this error message - The following additional patches are included to resolve a conflict for installation on car-ent-esxi-01.us.teru... See more...
When trying to stage the critical updates to my host I am getting this error message - The following additional patches are included to resolve a conflict for installation on car-ent-esxi-01.us.terumo.com: VMware_bootbank_esx-xserver_7.0.3-0.20.19193900. Has anyone seen this before?   
Well, that is a challenge for sure.  I would have gone the route that Bishop went too..... IF it's a locked down environment, and you have to build within that...the next best step I can think of is... See more...
Well, that is a challenge for sure.  I would have gone the route that Bishop went too..... IF it's a locked down environment, and you have to build within that...the next best step I can think of is working with the networking team to install in a sub-domain that isn't routed, set up an isolated VLAN that only allows a route to/from the DNS (and is not routed anywhere else).   I think the only other question I can think of right now is: what is the purpose of a stand-alone vCSA within a production environment? Is it to prep for a migration?   That's the only other reason I could think to start then in a sub-domain - if the idea is to eventually have this vCSA servicing the production environment, it would get promoted to the core domain in the forest.  But that seems like a lot of trouble. Another option would be to build this outside the production environment, take an OVF snapshot and 'sneaker-net' it into production (assuming all the core security scans and configs were applied of course).