Andr3201110141's Posts

The script is started without any input so you can just download and launch it. Although the main aim was to create certificates on the VCSA, it can also be used to create just a CA or other cert... See more...
The script is started without any input so you can just download and launch it. Although the main aim was to create certificates on the VCSA, it can also be used to create just a CA or other certificates for your web servers. Refer to my blog for detail on how the script works. http://vmwarenotes.blogspot.com/
I realized that there are a number of things that I missed, so I wrote a script to automate the entire process. Testers wanted! Andre's VMware Notes: Certificator Andre Combrinck
Just some more information about where the issue seems to be. None of the below made a difference but I add it for the record. Going through the 02-inventoryservice script, it reaches a point... See more...
Just some more information about where the issue seems to be. None of the below made a difference but I add it for the record. Going through the 02-inventoryservice script, it reaches a point where it calls the vi_regtool, which is a Java application. When you get the message "Initializing registration provider" and "Getting SSL certificates for https://...", it is within in this Java application. More precisely, it is when it runs the command 'exec -a vi_regtool $JAVA_BIN "$LOG4J_CONF" $JAVA_OPTS -jar "$VI_REGTOOL_JAR" "$@"'. Since Java has its own certificate store, I added my self-signed certificate into the Java cacerts store. I even created an intermediate CA to sign the server certs with and added this cert into the store too. On vCSA the Java JRE home is at /usr/java/jre-vmware. To add the CA to the Java store, run this command while withing the JRE HOME folder: bin/keytool -import -trustcacerts -alias MyRootCA -file RootCA.crt -keystore lib/security/cacerts. This adds the cert successfully, and even after rebooting the appliance, I still cannot run 02-inventoryservice to completion. I get: server certificate assertion not verified and thumbprint not matched. Return code is: SSLHandshakeFailed. Andre
As it always goes, I made progress right after my last post. After getting the error, it seems that the certificate is put in place, because if you browse to https://vcenter:7444/lookupservice... See more...
As it always goes, I made progress right after my last post. After getting the error, it seems that the certificate is put in place, because if you browse to https://vcenter:7444/lookupservice/sdk, the correct certificate does appear. I then ran OpenSSL s_client to verify that the certificate is valid and this is what I got: vCenter55:/ # openssl s_client -connect 192.168.33.128:7444 -status ### The command I ran the first time CONNECTED(00000003) OCSP response: no response sent depth=1 /C=ZA/ST=Gauteng/L=Pretoria/O=company/OU=Certificate Authority/CN=company Root CA verify error:num=19:self signed certificate in certificate chain ### Seems the appliance doesn't like the self-signed certificate verify return:0 --- Certificate chain 0 s:/C=ZA/ST=Gauteng/O=company/OU=VMware vCenter Service Certificate/CN=vCenter55.company.co.za    i:/C=ZA/ST=Gauteng/L=Pretoria/O=company/OU=Certificate Authority/CN=company Root CA 1 s:/C=ZA/ST=Gauteng/L=Pretoria/O=company/OU=Certificate Authority/CN=company Root CA    i:/C=ZA/ST=Gauteng/L=Pretoria/O=company/OU=Certificate Authority/CN=company Root CA --- Server certificate -----BEGIN CERTIFICATE----- MIID9jCCAt6gAwIBAgICAS.......FBQAwfjELMAkGA1UEBhMCWkEx -----END CERTIFICATE----- subject=/C=ZA/ST=Gauteng/O=company/OU=VMware vCenter Service Certificate/CN=vCenter55.company.co.za issuer=/C=ZA/ST=Gauteng/L=Pretoria/O=company/OU=Certificate Authority/CN=company Root CA --- No client certificate CA names sent --- SSL handshake has read 2309 bytes and written 441 bytes --- New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session:     Protocol  : TLSv1     Cipher    : AES256-SHA     Session-ID: 540771BD58058D6BD2F7C0B673A0D5740FC964C9179DC83DDA9EDA0BCAEB06C7     Session-ID-ctx:     Master-Key: 8BDD035D2FCB5645DECF21B5BB26B6C46C6A964DBD8B5E54EA4CEF1893B75E2D2C2C904E1162B808BA7BBD5CFDDEE22E     Key-Arg   : None     Start Time: 1409774013     Timeout   : 300 (sec)     Verify return code: 19 (self signed certificate in certificate chain) ### The return code 19, as seen above, is and error --- vCenter55:/ # openssl s_client -connect 192.168.33.128:7444 -CApath /etc/ssl/certs ### This time I ran it while specifying the folder where my root CA is kept CONNECTED(00000003) depth=1 /C=ZA/ST=Gauteng/L=Pretoria/O=company/OU=Certificate Authority/CN=company Root CA verify return:1 ### No error this time. depth=0 /C=ZA/ST=Gauteng/O=company/OU=VMware vCenter Service Certificate/CN=vCenter55.company.co.za verify return:1 --- Certificate chain 0 s:/C=ZA/ST=Gauteng/O=company/OU=VMware vCenter Service Certificate/CN=vCenter55.company.co.za    i:/C=ZA/ST=Gauteng/L=Pretoria/O=company/OU=Certificate Authority/CN=company Root CA 1 s:/C=ZA/ST=Gauteng/L=Pretoria/O=company/OU=Certificate Authority/CN=company Root CA    i:/C=ZA/ST=Gauteng/L=Pretoria/O=company/OU=Certificate Authority/CN=company Root CA --- Server certificate -----BEGIN CERTIFICATE----- MIID9jCCAt6gAwIBAgI......wfjELMAkGA1UEBhMCWkEx -----END CERTIFICATE----- subject=/C=ZA/ST=Gauteng/O=company/OU=VMware vCenter Service Certificate/CN=vCenter55.company.co.za issuer=/C=ZA/ST=Gauteng/L=Pretoria/O=company/OU=Certificate Authority/CN=company Root CA --- No client certificate CA names sent --- SSL handshake has read 2309 bytes and written 465 bytes --- New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session:     Protocol  : TLSv1     Cipher    : AES256-SHA     Session-ID: 54077230E37AC53541373C907E213A8ED19EA02DF5EAFA47C28BF114DA3D68E1     Session-ID-ctx:     Master-Key: F8226AA2B758500D90B0137632F14752FB617E749577C7B4826CD541B1DE6D8BA8F4C3FA24CE59F734E8D5176D1F43AB     Key-Arg   : None     Start Time: 1409774128     Timeout   : 300 (sec)     Verify return code: 0 (ok) ### This time the cert is OK Turning my attention to the 02-inventoryservice script...
I am in the same boat as you are. I even posted a question to the editor of the article that after following the steps, I get the same issue. I have to be honest here that I didn't use a Microsof... See more...
I am in the same boat as you are. I even posted a question to the editor of the article that after following the steps, I get the same issue. I have to be honest here that I didn't use a Microsoft CA nor a public CA, and ran all the OpenSSL commands directly on the appliance. So, I started by creating a root CA with the key, then I generate the CSRs etc from the appliance. To ensure that the root CA that I created was valid, I copied it to /etc/ssl/certs and ran c_rehash /etc/ssl/certs, which then lists my new CA.
I finally phoned License support and got it solved. I had to downgrade the 6 vCenter Operations Manager licenses in order to see them. My hosts are all on ESX 5.1. The downgrade is done from my.v... See more...
I finally phoned License support and got it solved. I had to downgrade the 6 vCenter Operations Manager licenses in order to see them. My hosts are all on ESX 5.1. The downgrade is done from my.vmware.com --> License Keys --> I want to: Downgrade Licenses. It worked as expected after that.
Thanks for the replies, @Gradinka, thanks for the screenshot. I know where to go for the licensing, but... @markdjones82 ...yes, the problem is that I don't have the option to choose one of t... See more...
Thanks for the replies, @Gradinka, thanks for the screenshot. I know where to go for the licensing, but... @markdjones82 ...yes, the problem is that I don't have the option to choose one of the 6 licenses when licensing a host. And yes, the licenses are a mixture of both since we started with the acceleration kit, which came with vCenter Operations Manager and then we topped it up with 12 Standard licenses. I used up the Standard licenses first and now want to start using the other 6. @markj Thanks for the post. I removed the license that was available from the download site and instead assigned the license with the 6 CPUs to the vCenter Operations Manager. This is where I am at: As you can see, the 6 CPU licenses for vCenter Operations Manager are now showing. Any more ideas? Andre
Hi All, How in the world do I allocate VMware vSphere with Operations Management 5.5 Standard licenses to a host? The implementation was green field so we bought the acceleration kit for vCent... See more...
Hi All, How in the world do I allocate VMware vSphere with Operations Management 5.5 Standard licenses to a host? The implementation was green field so we bought the acceleration kit for vCenter server that comes with 6 licenses of vSphere with Operation Management. I've got Ops Manager working well and itself is licensed and can see all the hosts. We also bought 12 further licenses to have 18 in total, and I can see the other 12 and allocate them to hosts, but cannot see the original 6. I never could. Any help appreciated. Andre
FC SANs don't use an MTU so you don't need to take that into consideration. MTU and Jumbo Frames are Ethernet concepts. A Jumbo Frame is just frames that are greater than the conventional frames ... See more...
FC SANs don't use an MTU so you don't need to take that into consideration. MTU and Jumbo Frames are Ethernet concepts. A Jumbo Frame is just frames that are greater than the conventional frames of 1500. As algreco81 said, it is better to have a higher MTU for performance reasons, but it is not a requirement for migrations to work. It only improves VM migrations (copying the running instance of a VM and its active RAM to from one host to another). The storage stays in place.
Are you expecting that the server auto joins the domain? I see that you are using a static IP address on the VM. Unfortunately, due to the order in which the customization happens, the static IP ... See more...
Are you expecting that the server auto joins the domain? I see that you are using a static IP address on the VM. Unfortunately, due to the order in which the customization happens, the static IP address is only applied after a second reboot. To autojoin the domain, you would need to use a DHCP server to make sure the machine already has an IP address at the time the domain join procedure happens.
I would recommend the following: Get-OSCustomizationNicMapping $s.name | Set-OSCustomizationNicMapping -IpMode UseStaticIP -IpAddress $s.IPAddress -SubnetMask 255.255.255.0 -DefaultGateway 1.1... See more...
I would recommend the following: Get-OSCustomizationNicMapping $s.name | Set-OSCustomizationNicMapping -IpMode UseStaticIP -IpAddress $s.IPAddress -SubnetMask 255.255.255.0 -DefaultGateway 1.1.2.1 -Dns $dns1,$dns2 I'm a bit late, but I hope this helps. Andre
Hi Arne, ESXi is a good starting point and relatively simple to get started and to manage afterwards. What you would end up with is the host standing on its own running some VMs and a client m... See more...
Hi Arne, ESXi is a good starting point and relatively simple to get started and to manage afterwards. What you would end up with is the host standing on its own running some VMs and a client machine on the other end with the vSphere client installed on it. The vSphere client allows you to manage the VMs on the host. Following on from the previous post, make sure the server you are using has all the required hardware and that the hardware is compatible. http://www.vmware.com/resources/compatibility/search.php?rct=j&q=&esrc=s&frm=1&source=web&cd=1&ved=0CFEQFjAA&url=http://www.vmware.com/go/hcl/&ei=qjH5T6LvG5SChQf-qKXoBg&usg=AFQjCNEFF21anzH7ZKOahz2fqtWZZLQOAw&sig2=EiXLiWgkz77uAo5kQSRLGQ Andre
Have a look at this article. Hope it helps http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=4309499