vaibhavt's Posts

This document talks about backing & restoring NSX-T L2 VPN autonomous client configuration. We assume you have a working NSX-T L2 VPN Autonomous Client with vlans extended to VMC SDDC. To backup the configuration, login to VPN client via UI and navigate to backup/restore tab. Click on backup post entering pass phrase. It will take close to a minute and you will prompted to save backup.tar file. Taking an assumption, the L2 VPN VM has crashed and you do not have Image backup. We need to deploy new L2 VPN and restore the configuration. We need to make sure the old L2 VM is powered off and the new VM has correct vNic mappings Login to the L2 VPN client via UI and click on backup/restore tab. Browse the config file, enter the credentials and hit the restore button. It will ~one minute to restore the config. You should see a similar screenshot like below. The connectivity should be back to Cloud VM's (on extended networks) from OnPrem. If the new L2 VPN VM has a different management IP as compared to old L2 VPN VM ; then post reboot new L2 VPN VM will fall back to management IP as old client.

This document talks about generating support bundle for NSX-T L2 VPN autonomous client via command line. SSH to L2 appliance as root and switch over to admin To generate log bundle run below command To view the log bundle file, exit from admin prompt and navigate to below directory. You should see the log bundle. You can now connect to L2 VPN appliance via WINSCP and copy the file.

During SRM Site pairing from OnPrem to VMC SDDC, below error might be seen This document assumes that you have fresh deployment of OnPrem SRM and it has not been configured/paired with any site. If you have an existing configured/paired production/development/test OnPrem SRM instance, please contact support and do not proceed. In the above screenshot you should have registered OnPrem vSphere Replication appliance as well however this document focuses on SRM DNS error. Cloud SRM reaches out to OnPrem PSC and checks for OnPrem SRM url, to setup site pairing with. If the OnPrem SRM is registered with hostname and not FQDN, above error might come up. High level steps that we need to follow Verify OnPrem SRM is registered with OnPrem PSC via hostname. Unregister OnPrem SRM with OnPrem PSC Change the OnPrem hostname to fqdn Generate new self signed cert for OnPrem SRM Register OnPrem SRM with OnPrem PSC via FQDN Complete SRM site pairing operation To verify if the OnPrem SRM is registered with hostname and not with FQDN ; navigate to OnPrem PSC by editing below url https://vcsa11.home.local/lookupservice/mob?moid=ServiceRegistration&method=List Change the value field as below and click on Invoke method Try to search via OnPrem SRM hostname, FQDN registration is not seen. Now we need to unregister OnPrem SRM from PSC. Login to SRM VAMI page >> summary tab and click on unregister Check all the options and click on unregister When it completes, you should see similar screen We now need to change OnPrem SRM hostname to FQDN. Navigate to networking tab on SRM VAMI portal and click edit >> enter FQDN and hit save. You should see new hostname on portal. To generate new self signed OnPrem SRM cert, navigate to access tab on SRM VAMI portal and click on cert change. Make sure SRM FQDN is seen with FQDN and right IP. Enter the organization details and click on change Post changing the default cert, we need to refresh the browser and accept new cert. On the browser we should now see cert with FQDN. Let's proceed registering OnPrem SRM with PSC. Click on the summary tab on SRM VAMI portal and click on configure appliance. Enter OnPrem PSC details and hit next. Enter the details for name/extension ; make sure that hostname comes as FQDN and finish the wizard We can verify now if the SRM registration on PSC comes up with FQDN SRM site pairing now should not return initial error message and would go through.

Post deploying NSX-T Autonomous Edge client, specified password (during wizard) does not work and below error is seen on console. This document talks about resetting the password without redeploying the appliance. Login with root and enter default password vmware ; you will be prompted to enter the current password followed by new password. In my example password was VMware@12345 Post entering the password, it will auto-login. Let's change the admin password and then reboot the appliance. To reset password for admin account we need to run below command and enter new password. Now reboot the appliance. The password notification should not come up and you will be able to login with new credentials.

This document talks about removing HCX from OnPrem. Below are the steps that we need to follow for the same Place Cloud VM’s to routed networks on VMC vCenter, which are connected to extended networks Unstretch all networks Stop any ongoing migrations and ongoing disaster recovery protections Remove the IX / NE and WANOPT appliances Delete the service mesh Remove Site pairing Delete HCX Manager OnPrem Remove HCX plugin from OnPrem vCenter , following below steps a) Navigate to vCenter mob via https://<vcenter_fqdn>/mob and go to extension manager through content -->ExtensionManager b) Here extensionList shows all registered plugin's. Click on more to see all of them c) All 7 plug ins starting with com.vmware.hybridity.* needs to be unregistered d) Click on UnregisterExtension from Methods section and provide extensionKey as com.vmware.hybridity. e) Click on invoke method from same window. f) wait for its completion and repeat the same for all 7 plug ins. Verify that HCX plug in has disappeared by logging into vSphere web client once. If not then restart vSphere UI and Web Client services. This should have removed HCX plugin from OnPrem vCenter

This document talks about connecting AWS Services from VMware Cloud on AWS Compute VM’s We have created feature walk through's that show the procedure Accessing S3 over xENI from VMware Cloud on AWS Compute VM ; click here Connecting VMware Cloud on AWS Windows VM with Amazon FSx ; click here

This document talks about setting up IPSEC VPN from VMware Cloud on AWS to Native AWS. We have created feature walk through's that show the procedure To setup Route based IPSEC VPN from VMware Cloud on AWS SDDC to AWS Transit Gateway click here To setup Route based IPSEC VPN between VMware Cloud on AWS and non-linked AWS VPC click here

This document talks about resolving on premises FQDN from VMC Compute VM. Pre requisite to achieve it is IPSEC VPN or Direct Connect. I have setup IPSEC VPN from on prem lab to SDDC From the compute network (( 10.250.10.0/24 )) I will try resolve on prem FQDN (( on network 172.16.29.0/24 )) If I try to resolve on prem vCenter (( IP 172.16.29.15 )) url from Compute VM , it does not resolve however ping connectivity is successful. Compute VM has IP 10.250.10.11. Now I need to add on prem DNS Zone for Compute Gateway for FQDN resolution Post clearing DNS cache from SDDC Compute VM, it now works well

This document talks about accessing VM Remote Console for VM’s created/migrated on VMC NSX-T SDDC. Here we have taken two scenario’s to access VM Remote Console from on prem environment VM’s residing on SDDC To access VMRC console from on-prem data center we have a couple of pre-requisites IPSEC or Direct Connect connectivity (( please refer to attached screenshot )) Management Gateway firewall rule allowing incoming traffic for port 902 on ESXi (( please refer to attached screenshot )) To access VM Remote Console from VM’s residing on SDDC, we only need to allow firewall rule on VMC SDDC. To download VM Remote Console, please refer to https://my.vmware.com/en/web/vmware/details?downloadGroup=VMRC1004&productId=742