cyberpaul's Posts

cyberpaul · ‎05-15-2018

Hi all, it seems that VDDK 6.7.0 cannot cope with vCenter Server / VCSA with self-signed SSL certificates. It does connect to the host, but any attempt to open a virtual disk using NBDSSL tran...

Hi all, it seems that VDDK 6.7.0 cannot cope with vCenter Server / VCSA with self-signed SSL certificates. It does connect to the host, but any attempt to open a virtual disk using NBDSSL transport method fails with the following: Debug: SSL Error: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed Warning: [NFC ERROR] NfcNewAuthdConnectionEx: Failed to connect to peer. Error: The remote host certificate has these problems: Warning: Warning: * self signed certificate in certificate chain Warning: SSL: Unknown SSL Error Error: You do not have access rights to this file Here we go again: why on earth is this forced? Is VMware trying to increase security? What if the vCenter is not managed by me, I just need my application to work? Well, the obvious workaround is to switch to NBD transport mode, which in turn decreases security significantly. Job well done. Have I missed a config option somewhere? Or is this just an annoying feature that will disappear in the following releases? Sigh.

cyberpaul · ‎04-11-2018

Hi, I turned one of my older scripts into another tutorial. This time it will be about querying and obtaining performance data using the Perl SDK. https://www.vmware-vcli.com/2018/04/tutori...

Hi, I turned one of my older scripts into another tutorial. This time it will be about querying and obtaining performance data using the Perl SDK. https://www.vmware-vcli.com/2018/04/tutorial-get-vm-performance-data.html Hope someone finds it useful! Regards, Pavel

cyberpaul · ‎04-06-2018

Hi everyone, I wrote a short tutorial on obtaining vSphere inventory items in a tree-like structure using Perl SDK. It's not difficult, however I hadn't been able to find one so I felt like...

Hi everyone, I wrote a short tutorial on obtaining vSphere inventory items in a tree-like structure using Perl SDK. It's not difficult, however I hadn't been able to find one so I felt like sharing it. https://www.vmware-vcli.com/2018/04/tutorial-build-vsphere-inventory-tree.html Enjoy, Pavel PS: English is my second language but I did my best

cyberpaul · ‎02-17-2018

Resolved in VDDK 6.5.2. Cloning function no longer requires valid host certificates.

cyberpaul · ‎02-17-2018

Hi daphnissov, thanks for pointing me to the right direction. It does work with VDDK 6.5.2! I was determined to stick with 5.5, because when I'd been testing the original 6.5.0, the VixDisk...

Hi daphnissov, thanks for pointing me to the right direction. It does work with VDDK 6.5.2! I was determined to stick with 5.5, because when I'd been testing the original 6.5.0, the VixDiskLib_clone function had required valid host certificates. With 6.5.2 this issue is fixed and everything works as a charm. All I really needed to do was to download VDDK 6.5.2 and change VixDiskLib_InitEx to use it I really have no idea how and where you find all the time and knowledge to be so helpful on this forum! Best regards, Pavel

cyberpaul · ‎02-15-2018

Hi all, I ran into an error when trying to access a virtual disk on an ESXi 6.5 with Essentials license (please note - plain Essentials, not Essentials Plus). I'm using VDDK 5.5.5 to connect t...

Hi all, I ran into an error when trying to access a virtual disk on an ESXi 6.5 with Essentials license (please note - plain Essentials, not Essentials Plus). I'm using VDDK 5.5.5 to connect to the host directly, the host is not managed by vCenter. When trying to "VixDiskLib_Open", I get this: Debug: VixDiskLibVim: Failed to load license manager. Info: Remote connection established. Supported transport modes: file:san:hotadd:nbdssl:nbd Debug: VixDiskLib: VixDiskLib_OpenEx: Open a disk. Debug: VixDiskLibVim: VixDiskLibVim_GetNfcTicket: Get NFC ticket for [Local SATA 1T] DSL test/DSL test.vmdk. Warning: VixDiskLibVim: Unacceptable server edition esx.essentials.cpuPackage Debug: VixDiskLibVim: ESX/ESXi host is not licensed to use this feature. Debug: VixDiskLib: Error occurred when obtaining NFC ticket for: [Local SATA 1T] DSL test/DSL test.vmdk. Error 16064 at 1456. Error: The host is not licensed for this feature It seems that the server edition is properly detected (esx.essentials.cpuPackage) but I'm not able to obtain NFC ticket anyway. When I update the host license to ESXi standard, everything works. AFAIK it should be possible to use VDDK with Essentials edition. Is this correct? Any suggestions? Thx in advance!

cyberpaul · ‎12-22-2017

Hi, you already know the proper function, where is the problem? my $auth_mgr = Vim::get_view(mo_ref =>Vim::get_service_content()->authorizationManager); $auth_mgr->RemoveEntityPermissions(en...

Hi, you already know the proper function, where is the problem? my $auth_mgr = Vim::get_view(mo_ref =>Vim::get_service_content()->authorizationManager); $auth_mgr->RemoveEntityPermissions(entity => $vm, user => $user, isGroup => 0); Cheers, Pavel

cyberpaul · ‎10-16-2017

Hi, definitely use the SSL thumbprint parameter as WanHaiTao suggested and switch to VDDK 5.5.5U3. There's a few TLS related fixes in that release. Cheers, Pavel

cyberpaul · ‎03-01-2017

Heck, I'll just answer to myself... Futher investigation shows that VixDiskLib_Clone establishes connection not with vCenter (which has been already established by ConnectEx at this point), bu...

Heck, I'll just answer to myself... Futher investigation shows that VixDiskLib_Clone establishes connection not with vCenter (which has been already established by ConnectEx at this point), but rather with ESXi hosting selected VM. It is the Client -> ESXi connection that is failing, not a Client -> vCenter one. AFAIK there is no way how to pass ESXi's SSL thumbPrint to VixDiskLib_Clone() so in VDDK 6.0 and newer the Clone() function will work only with valid host certificates. Obvious workaround would be to avoid vCenter entirely and use VDDK to connect directly to ESXi using SSL thumbPrint of the ESXi. I tried that and it's working, but impractical - one would need credentials for every ESXi. I reverted to VDDK 5.5.4 and use the "verifyCertificates=0" option. I regret the time I spent with VDDK 6.5 and I regret wasting a day with this SSL nonsense. Who the hell uses valid certificates on ESXi hosts? Pavel

cyberpaul · ‎03-01-2017

Hi Manick, on Linux you can use the openssl command to obtain the thumbprint: openssl s_client -showcerts -connect HOSTNAME:443 < /dev/null 2> /dev/null | openssl x509 -fingerprint -noout...

Hi Manick, on Linux you can use the openssl command to obtain the thumbprint: openssl s_client -showcerts -connect HOSTNAME:443 < /dev/null 2> /dev/null | openssl x509 -fingerprint -noout Cheers, Pavel

cyberpaul · ‎03-01-2017

A bit late, but here's an example of a complete command: ./vix-disklib-sample -clone virtdisk.vmdk -host esx3i -user root -password secret vmfsdisk.vmdk Under the hood it looks like thi...

A bit late, but here's an example of a complete command: ./vix-disklib-sample -clone virtdisk.vmdk -host esx3i -user root -password secret vmfsdisk.vmdk Under the hood it looks like this: VixDiskLibCreateParams createParams; createParams.adapterType = appGlobals.adapterType; createParams.capacity = appGlobals.mbSize * 2048; createParams.diskType = VIXDISKLIB_DISK_MONOLITHIC_SPARSE; createParams.hwVersion = VIXDISKLIB_HWVERSION_WORKSTATION_5; vixError = VixDiskLib_Clone(targetConnection, targetDiskPath, srcConnection, srcDiskPath, &createParams, // disk creation params, this parameter is ignored when connecting to a remote host CloneProgressFunc, // function to watch progress with NULL, // client data, typically null TRUE); // overwrite if target exists The VixDiskLib_Clone functions creates an additional connection which can be a source of problems. Several people have reported the example itself not working with some versions of VDDK Cheers, Pavel

cyberpaul · ‎02-28-2017

Hi everyone, I am using VDDK 6.5 and thanks to VixDiskLibConnectParams.thumbPrint I am able to connect to vCenter even when there are some certificate errors (in my lab there are several). ...

Hi everyone, I am using VDDK 6.5 and thanks to VixDiskLibConnectParams.thumbPrint I am able to connect to vCenter even when there are some certificate errors (in my lab there are several). I can vixDiskLib_Read, Write etc. However when I call vixDiskLib_Clone, I get errors even with thumbPrint set: Warning: SSL: Unknown SSL Error Warning: SSL: connect failed (1) Warning: [NFC ERROR] NfcNewAuthdConnectionEx: Failed to connect to peer. Error: The remote host certificate has these problems: Warning: * Host name does not match the subject name(s) in certificate. Warning: * unable to get local issuer certificate Is there a way to bypass these errors? I do not understand why the should the cloning function connect to peer anyway - the connection has already been made in vixDiskLibConnect, hasn't it? Thanks in advance for your ideas! Pavel

All

cyberpaul's Posts

VDDK 6.7 self-signed SSL certificate issue

Tutorial: Get VM performance data using vSphere SDK for Perl

Tutorial: Create inventory tree using vSphere SDK for Perl

Re: SSL verification in vixDiskLib_Clone

Re: vSphere Essentials and VDDK

vSphere Essentials and VDDK

Re: How to remove permission for vm with perl script?

Re: VDDK can't connect to ESXi 6.5

Re: SSL verification in vixDiskLib_Clone

Re: Not able to get SSLthumbprint of a Vcenter

Re: How to use DoClone?

SSL verification in vixDiskLib_Clone