Hocshop's Posts

I think I have found the answers. 1) "In the IP address for incoming storage traffic", you enter the IP address of the VMKernel adaptor that you have configured for vSphere Replication traffic on th... See more...
I think I have found the answers. 1) "In the IP address for incoming storage traffic", you enter the IP address of the VMKernel adaptor that you have configured for vSphere Replication traffic on that appliance 2) "When adding a static route on the source VR appliances, you enter the default gateway that the network needs to use to go to the target site": On the VR appliance you enter the following section in the VR traffic eth1 adaptor file (10-eth1.network): [Route] Gateway=<gateway for the VR traffic subnet> Destination=<ip subnet range of vr-traffic subnet at DR site> in CIDR format e.g. 192.168.0.1/24 FYI it seems to be better to fully separate the traffic rather than just the VR traffic so you would need to add 2 NICs to the VR appliance (one for VR traffic - inbound traffic - and one for VR NFC traffic - outbound traffic). If you add 2 NICs then the network directory on the VR appliance will have 3 files like this: 10-eth0.network     for the mgmt traffic 10-eth1.network     for the VR inbound traffic 10-eth2network     for the VR NFC outbound traffic. 3) As already mentioned it seems to be more recommended to separate all traffic so you would use 2 port groups with 2 VMKernel adaptors instead of 1 VMkernel adaptor with both types of traffic enabled. Also don´t forget that you actually need to add static routes (if required) to both the ESXi hosts AND the VR appliances.  -> a static route in 2 places.   I hope this info helps someone. Cheers
Hi all, I am trying to isolate the VR traffic in my lab but I have 3 doubts over the setup: 1) In the "IP address for incoming storage traffic" is it correct that you need to enter the IP address o... See more...
Hi all, I am trying to isolate the VR traffic in my lab but I have 3 doubts over the setup: 1) In the "IP address for incoming storage traffic" is it correct that you need to enter the IP address of the new network adaptor that you added for separating the VR traffic. e.g. if you create a new VMkernel adaptor for VR traffic with an IP of 10.10.10.10 and connect that port group to the VR appliance, that is the IP you would put in that field. I believe that you are basically telling the VR appliance to accept all VR traffic through that VMkernel instead of the mgmt kernel, correct?   2) When adding a static route on the source VR appliances, you enter the default gateway that the network needs to use to go to the target site. Is that correct? Also you enter the target network IP address subnet as well.   3) In the documentation it says in one place that you should only put 1 service on a single VMkernel adaptor but in another place that you can enable both services (VR and VR NFC) on 1 adaptor. Can you enable both services on a single adaptor without having any problems or being unsupported?   Can anyone confirm my 3 doubts please? Cheers
Hi all,   I need to do an upgrade of an environment that is running ESXi 6.5U1 with VSAN 6.6.1 Also the currently installed firmware and driver versions are not supported in 7.0U1 I have been inv... See more...
Hi all,   I need to do an upgrade of an environment that is running ESXi 6.5U1 with VSAN 6.6.1 Also the currently installed firmware and driver versions are not supported in 7.0U1 I have been investigating what my upgrade path should be and I have some doubts.   First I see in the console that there is a critical update patch required for the VSAN cluster to be healthy. That patch is to upgrade the ESXi to version 6.5U3 First doubt: Can I just upgrade the vCenter directly to version 7.0U1 then upgrade the ESXi hosts to 6.5U3? Second doubt: After upgrading the ESXi hosts to version 6.5U3, I can then immediately upgrade them to 7.0U1, correct? Third doubt: I believe that after upgrading to ESXi 7.0U1, I can use the VSAN Build Recommendations tab to automatically create baselines and download the updates for the drivers that I will need, correct?  Fourth doubt: The updated firmware versions need to be downloaded from the manufacturer´s website or does the Build Recommendation tab also do that?   Lastly I think that the following will be my plan for the upgrade, can someone please confirm if it looks ok? 1) Upgrade vCenter from 6.5U1 to 7.0U1 2) Upgrade ESXi hosts from 6.5U1 to 6.5U3 3) Upgrade ESXi hosts from 6.5U3 to 7.0U1 4) Use the VSAN Build Recommendations tab to create the required baselines for driver/firmware updates and apply them 5) Upgrade the online disk format version from 5 to 11   Thanks in advance
Hi all, I have been asked if I can save the metrics about application usage in vROPs for Horizon. However I have a doubt as they have a combination of RDSH published apps and also locally i... See more...
Hi all, I have been asked if I can save the metrics about application usage in vROPs for Horizon. However I have a doubt as they have a combination of RDSH published apps and also locally installed (in the template/parent VM) apps. I believe that vROPs for Horizon will only monitor app usage (logon time, session duration etc) when the apps are RDSH or AppVolumes published. That is, if an app is installed directly on a template machine, vROPs for Horizon will not know when that app is opened, closed etc. The problem here (that I have been told) is that some particular apps require installation directly on the template machines i.e. they cannot be published by RDSH or AppVol. Can anyone confirm if what I understand is correct or give me a heads-up on where I can find more info please? When I get access to the environment I will try to see if those apps really can only be installed that way or not but for now I just want to confirm if I understand correctly above so I am ready. Thanks in advance Mark
Update, I think I found the source of the problem. I just found out that the domain functional level that they are using is at Win 2008 level. That is not compatible with vCenter 7.0 and i... See more...
Update, I think I found the source of the problem. I just found out that the domain functional level that they are using is at Win 2008 level. That is not compatible with vCenter 7.0 and is not even supported by Microsoft anymore. Here is the AD compatibility matrix just in case anyone else needs to find it: VMware Knowledge Base I hope that helps someone else. Regards
Hi Lalegre Thanks for the reply. I had doubts about the user account too. What I am going to try is the following: 1) Add the identity source again but this time as AD over LDAP instead o... See more...
Hi Lalegre Thanks for the reply. I had doubts about the user account too. What I am going to try is the following: 1) Add the identity source again but this time as AD over LDAP instead of IWA (I read that VMware is moving away from IWA in future releases anyway) 2) Try a different user account or move the existing user account to another OU. I will also take into account what you mentioned. Regards
Hi all, I am seeing a strange issue that I feel is easy to solve but I don´t recall how to do it. vCenter 7.0 latest build I have added the vCenter to an AD domain Then I added the Identi... See more...
Hi all, I am seeing a strange issue that I feel is easy to solve but I don´t recall how to do it. vCenter 7.0 latest build I have added the vCenter to an AD domain Then I added the Identity Source as IWA Now when I try to add a permission and I select the domain name (in the dropdown box), when I type in the name of an AD user group, it does not resolve. I have tried with various group names and user accounts and they do not resolve either. Has anyone seen this behavior before and can tell me how to resolve it (maybe not using IWA)? I already tried removing the identity source and leaving the domain then redoing it again but same result. Regards
Thanks very much sjesse, Very useful information. Regards
HI all, As I understand it, vROPs can be installed and running in your environment and it will collect statistics of all VMs that have VMware Tools installed. On top of that, if you install... See more...
HI all, As I understand it, vROPs can be installed and running in your environment and it will collect statistics of all VMs that have VMware Tools installed. On top of that, if you install vROPs for Horizon, then all VMs with the vRealize for Horizon component of the Horizon agent installed, will also display extra statistics related to the EUC environment. What are the extra statistics exactly that the vRealize for Horizon component is going to permit vROPs to see? I.e. what additional statistics can you see in the vROPs console that a normal, non-virtual desktop without Horizon agent installed would see? Do we have a KB that lists these statistics? Somebody asked me this because they wanted to compare what statistics they would miss out on if they didn´t install the vROPs for Horizon agent on their virtual desktops. Regards Mark
Excellent MikeStoica, Thanks very much. That helps a lot and now I understand how the Update Mgr part works. In my case then I just need to select the option Migrate instead of Upgrade to ... See more...
Excellent MikeStoica, Thanks very much. That helps a lot and now I understand how the Update Mgr part works. In my case then I just need to select the option Migrate instead of Upgrade to migrate from the Windows vCenter 6.0 to the VCSA 6.7 Regards Mark
Hi all, I am researching how to do an upgrade of a Windows vCenter (with embedded PSC) and an external Windows Update Manager server. I understand that you must first run the Migration Assi... See more...
Hi all, I am researching how to do an upgrade of a Windows vCenter (with embedded PSC) and an external Windows Update Manager server. I understand that you must first run the Migration Assistant on the Update Manager Server then you run the 6.7 vCenter installer on the Windows vCenter server and select Migrate. Or do you actually run the Migration Assistant then run the vCenter 6.7 installation setup afterwards on the same Update Manager server? I don´t understand what running the Migration Assistant actually does regarding the Update Mgr, does it export the configuration to a file that you then need to import into the VCSA or how does it work? What actually happens when you run the Migration Assistant on the Update Manager server as the VCSA 6.7 does not yet exist in that moment? Ideally I am trying to create a step-by-step list of each step required to do the Update from Windows to VCSA when the Update Manager is external as well. Can anyone point me in the right direction or give me any hints as how I can get the steps? Thanks in advance. Mark
Hi all, I just found this old post and wanted to update it as the info that I was originally given was incorrect. It IS possible to install a PSC HA if other PSCs already exist. The best me... See more...
Hi all, I just found this old post and wanted to update it as the info that I was originally given was incorrect. It IS possible to install a PSC HA if other PSCs already exist. The best method to do what I was looking for at that time would actually be to deploy the first PSC as integrated with the vCenter appliance. Then deploy the additional PSCs and do the repoint to the PSC HA afterwards. When you do the repoint, that automatically destroys the embedded PSC in the vCenter. FYI after a lot of troubleshooting and analysis, I eventually found that my problem existed because the NSX Load balancer had not been configured correctly. Therefor when I ran the command that goes to the Load balanced IP address of the PSCs, it was not finding the PSC services and hence failing. When the NSX NLB had been configured correctly, the commands finished without problems. I hope that helps someone. Regards
Hi all, I eventually raised a case with GSS and they told me that it is not possible to install a PSC HA on 2 PSCs if another PSC already exists in the SSO site. That implies that it is only ... See more...
Hi all, I eventually raised a case with GSS and they told me that it is not possible to install a PSC HA on 2 PSCs if another PSC already exists in the SSO site. That implies that it is only possible to install a PSC HA NLB from zero i.e. without NSX. Also in vSphere 6.5 it is again not possible to repoint a vCenter to another PSC in a different SSO site (it was possible in vSphere 6.0). So it isn´t an option to move the temporary PSC to another site either. The support rep could not tell me why it is not possible to run the command in my type of environment nor could he point me to the official KB or a well known blog that mentions that point neither. Also if you check the official KB for VMware on how to configure a NSX NLB for the PSC HA, there is a small note that says that it is assumed that NSX is already installed and configured. All this points to the fact that in vSphere 6.5 you cannot deploy a PSC HA, using an NSX NLB, from zero. It is because of the classic chicken and egg syndrome: You need a vCenter to install the NSX software but you need the PSC HA to install the vCenter and NSX. That leads me to believe that the only way to get to the ideal configuration (and what VMware officially support) is to use a third party NLB like NetScaler first, install the PSC HA using the 3rd party NLB and then deploy the vCenter by pointing it to the VIP of the 3rd party NLB. Then when the NSX is deployed, configure the NLB component of NSX with the same information as the 3rd party NLB and then simply turn off the 3rd party NLB leaving just the NSX NLB servicing the PSC HA. I feel a little bit hard done by because of the lack of documentation regarding this limitation of PSC HA and now I will have to destroy my vCenter and the temporary PSC to be able to run the above mentioned process. Its worth mentioning also that in the blogs and KBs regarding the configuration of PSC HA with NSX, the key file that you need (to be able to import the certificate into NSX) does not come in the correct format. You need to run the openssl command with the rsa parameter. Here is an example of that command: openssl rsa -in lb.key -out rsalb.key I hope that VMware put this limitation in writing so as to not have anyone else fall into the same trap. Hopefully this helps someone. Regards
Hi all, I am configuring PSC HA in a 6.5 environment. All appliances are at the 6.5 express patch 3 version level. (I copied and replaced the updateSSOConfig.py and UpdateLsEndpoint.py scri... See more...
Hi all, I am configuring PSC HA in a 6.5 environment. All appliances are at the 6.5 express patch 3 version level. (I copied and replaced the updateSSOConfig.py and UpdateLsEndpoint.py scripts from a GA version of a PSC due to the known issue) What I have is the following: vCenter 6.5 connected to an external temporary PSC 2 extra PSCs in the same SSO domain and site as the temporary PSC (all 3 PSCs are in the same SSO domain and site) NLB configured in NSX. I am trying to configure these 2 extra PSCs in a NLB to be able to repoint the vCenter from the temporary PSC to the NLB PSCs. I have created the certificate and imported it to both extra PSCs. Then I have successfully run the "python updateSSOConfig.py --lb-fqdn=xxx.xxx.xxx" command on both PSCs. However when I run the "python UpdateLsEndpoint.py --lb-fqdn=nlb_fqdn --user=administrator@vsphere.local" command I am getting an error message and it doesn´t complete correctly. The endpoints don´t update. The error message is attached. I see the following in the error message: Invalid value of command option ´--site´, value:´ ´ That implies to me that the command is expecting a different site-name than the current site-name i.e. the site-name cannot be null? If I try adding the --site parameter to the command it fails saying that that is not how to run the command correctly. Has anyone seen this message before or do you know what is happening here? I tested everything in a lab however, I used Netscaler in my lab and also I only had the 2 PSCs to play with (no vCenter connected to a temp PSC). Anybody?? Regards Mark
Excellent, thank you very much. Regards
Thank you so much LucD. That was perfect. I am now just tweaking it for this environment. Also I am analyzing it to try and understand each step you put. Could you send me any recommended... See more...
Thank you so much LucD. That was perfect. I am now just tweaking it for this environment. Also I am analyzing it to try and understand each step you put. Could you send me any recommended URLs to help me to learn more please? Regards Mark
Hi all, I am very new to PowerCLI and have been trying to create a script to do the following: Get all powered off VMs in a particular cluster then check them to see if certain advanced set... See more...
Hi all, I am very new to PowerCLI and have been trying to create a script to do the following: Get all powered off VMs in a particular cluster then check them to see if certain advanced settings exist. (the VM has to be powered off to add the setting and the client cannot powere off all VMs at the same time so most probably the same script will be used multiple times in their clusters) If the setting exists write to screen that it already exists. If it does not exist, write to screen that it doesn't exist and create it. (even better would be to export all screen output to a file so as not to clutter the screen) I attach the script up to now below and if anyone could point me in the right direction it would be most welcome. Also if anyone knows of a really good resource(s) to help me learn more, could they share it with me please? The parts that are confusing me are the part where I need to check if the advanced setting already exists, and the part where I tell it that if it doesn't exist, create it. I have read about using the condition part in brackets with .Value afterwards and various other things but I am missing the experience to know where to go. Anyone have any ideas please over my script and the resources where I can learn more? Thanks in advance Mark $clustername = Get-Cluster 'Management Cluster' $poweredoffvmsincluster = $clustername | Get-VM | Where-Object {$_.powerstate -eq "poweredoff"} $copydisable = Get-AdvancedSetting -Name "isolation.tools.copy.disable" $dnddisable = Get-AdvancedSetting -Name "isolation.tools.dnd.disable" $setGUIOptionsenable = Get-AdvancedSetting -Name "isolation.tools.setGUIOptions.enable" $pastedisable = Get-AdvancedSetting -Name "isolation.tools.paste.disable" $diskShrinkdisable = Get-AdvancedSetting -Name "isolation.tools.diskShrink.disable" $diskWiperdisable = Get-AdvancedSetting -Name "isolation.tools.diskWiper.disable" $toolssetinfo = Get-AdvancedSetting -Name "tools.setInfo.sizeLimit" $remotevncenabled = Get-AdvancedSetting -Name "RemoteDisplay.vnc.enabled" ForEach($VM in $poweredoffvmsincluster) { If ($copydisable) {Write-Host "isolation.tools.copy.disable key already exists} else {New-AdvancedSetting -Name "isolation.tools.copy.disable" -value $true -Confirm:$false} If ($dnddisable) {Write-Host "isolation.tools.dnd.disable key already exists} else {New-AdvancedSetting -Name "isolation.tools.dnd.disable" -value $true -Confirm:$false} If ($setGUIOptionsenable) {Write-Host "isolation.tools.setGUIOptions.enable key already exists} else {New-AdvancedSetting -Name "isolation.tools.setGUIOptions.enable" -value $false -Confirm:$false} If ($pastedisable) {Write-Host "isolation.tools.paste.disable key already exists} else {New-AdvancedSetting -Name "isolation.tools.paste.disable" -value $true -Confirm:$false} If ($diskShrinkdisable) {Write-Host "isolation.tools.diskShrink.disable key already exists} else {New-AdvancedSetting -Name "isolation.tools.diskShrink.disable" -value $true -Confirm:$false} If ($diskWiperdisable) {Write-Host "isolation.tools.diskWiper.disable key already exists} else {New-AdvancedSetting -Name "isolation.tools.diskWiper.disable" -value $true -Confirm:$false} If ($toolssetinfo) {Write-Host "tools.setInfo.sizeLimit key already exists} else {New-AdvancedSetting -Name "tools.setInfo.sizeLimit" -value 1048576 -Confirm:$false} If ($remotevncenabled) {Write-Host "RemoteDisplay.vnc.enabled key already exists} else {New-AdvancedSetting -Name "RemoteDisplay.vnc.enabled" -value $false -Confirm:$false} }
I should add another note.... I configured everything using the following URL: VMware vSphere 6.5 – Platform Service Controller HA lab using BIG IP Load Balancer | SDDC Online All scripts ... See more...
I should add another note.... I configured everything using the following URL: VMware vSphere 6.5 – Platform Service Controller HA lab using BIG IP Load Balancer | SDDC Online All scripts said they completed successfully but when I run the validation commands as shown in this URL (https://haveyoutriedreinstalling.com/psc-ha-6-5-1-introduction/psc-ha-6-5-2-prepare-a-load-balancer/psc-ha-6-5-3-prepari… ) they don´t show what should be shown. However even though I didn´t see expected results, I tried to use the PSC HA load balanced IP to do some tests and it appears that it is working correctly. So all in all a very confusing configuration for me. Good luck for anyone else trying it. Regards
Hi all, The answer to this question would appear to be YES. You do need to have the NLB working BEFORE you run the scripts. I installed an evaluation version of Netscaler and after configurin... See more...
Hi all, The answer to this question would appear to be YES. You do need to have the NLB working BEFORE you run the scripts. I installed an evaluation version of Netscaler and after configuring it, the scripts ran better. Well, definitely the second script (UpdateLsEndpoint.py) anyway however I would do it before you run both. In my case, I am seeing 2 strange things happen: 1) The UpdateSSOconfig.py script runs and finishes but generally I see an error that the vmon service crashed and didn´t want to start. So I restarted the PSC and continued. 2) The UpdateLsEndpoint.py script appears to run correctly however when I validate the URLs they do not change. I was running my tests with the GA version of 6.5 because I read that there was a known bug with the other versions. However, because of the problems I have encountered, I have not been able to configure PSC HA in 6.5 I don´t understand if they have brought in the great new feature of vCenter HA, why they haven´t improved the PSC HA. Anyway, I hope what I found is useful to anyone out there. Regards
Hi all, Is it required to have the VIP of the NLB already configured and operating BEFORE the final command to configure PSC HA is run (UpdateLsEndpoint)? i.e. Before you run the last command... See more...
Hi all, Is it required to have the VIP of the NLB already configured and operating BEFORE the final command to configure PSC HA is run (UpdateLsEndpoint)? i.e. Before you run the last command for the PSC HA, the actual NLB VIP is already configured and functioning? I ask this as I need to deploy a vCenter/PSC before I deploy NSX and I wanted to use the NLB function of NSX to allow me to protect the PSCs with HA/NLB. So, in the interest of saving a few minutes, I was thinking that I might be able to install 2 extra PSCs in the environment in parallel and configure them as much as possible for PSC HA. Then deploy the NSX and NLB and configure the VIP for the PSC NLB. Then finally just repoint the vCenter to the PSC NLB. However trying all that in my test lab, I am seeing that the last command is failing and I saw the words "No route to host (Host unreachable)" in the output. So I suspect that the command is somehow trying to reach the PSCs through the NLB IP and, as I don´t yet have that configured, is failing. Does that sound right? If it is correct it isn´t a big deal as I will just leave that last command until the NSX and NLB is 100% ready. I just wanted to check if that was indeed the case to confirm my suspicions. By the way I deployed the PSCs using the ISO for vCenter appliance 6.5 GA Thanks in advance Mark