SQL Connectivity Issue with vRA 7.4

Hello Peeps, Recently I was configuring vRA 7.4 at a customer’s place and came across an issue where the vRA appliance tries to talk to the external SQL server and fails with an error.

Here is the error:

SQL_Config_Issue01

After digging into the logs on both vRA and on the SQL server, here is what was determined as the issue

The SQL server has TLS 1.0 disabled and the vRA appliance was trying to communicate to the SQL server using TLS 1.0 instead of TLS 1.2 as the client has disabled TLS 1.0 on all its windows servers.

SQL_Config_Issue02

Troubleshooting steps tried:

Tried enabling TLS 1.0 and its Ciphers on the SQL server with no success

Checked with the Firewall team and they said that there is no firewall between the vRA appliance and the SQL server

Tried this in a different environment and it worked fine, just doesn’t work in this particular environment.

Conclusion:

 

Looks like the issue was with the SQL server and its Service Pack. SQL Server 2012 needs SP3 or higher to accept TLS 1.2 protocol. As soon as I upgraded my SQL server to SQL 2012 SP4, the communication worked fine and the vRA appliance was able to talk to the SQL server!!

Hope this helps in case you come across this issue.

Advertisements

Add External PSC 6.0 U2 to Active Directory Domain

I have been thinking of writing this post for a while and here you go…

In vSphere 6.0 U2, you can have an External PSC or an Embedded PSC. The below process is to add an External PSC to the Active Directory Domain.

Login into the vCenter server, go to Administration tab, go to System Configuration –> Nodes and click on the PSC node you want to add to the domain.

psc01_Domain_setting
Click on the node, go to Manage tab, click on Active Directory and click on Join button
psc01_domain_join01
Provide the Domain name and its credentials (It could be a read-only service account in the domain) to join the PSC to the domain

psc01_domain_join02

once credentials are provided, click OK to proceed.

Note that the only way for you to know that this process is complete is that you get no error and there is no entry in the recent tasks tab in the vSphere web client. If that is the case then the domain add is successful.

Now, you will need to reboot the PSC

psc01_domain_after_psc01_reboot
Once the PSC is rebooted, you can go back into the vCenter server and to the node and you can see that this node (PSC) is now added to the domain.

In a similar way, you can add the remaining PSC’s to the domain and finally, you will need to add the Identity source to the vCenter server itself under single sign-on

 

Install and Configure vSphere Data Protection (VDP) 6.1.8

In this post, I will be installing and configuring vSphere Data Protection 6.1.8 in vCenter 6.5 Environment

first, login into the vCenter 6.5 web client (flash) and Deploy the ova template and select the VDP.ova file to deploy.

select_vdp_ova_file

ova_template_install_01

ova_template_install_02

ova_template_install_03

ova_template_install_04

ova_template_install_05
Select the Storage (Datastore) you want to deploy this appliance in and click Next
ova_template_install_06
Select the Network where you want to Deploy this appliance and click Next
ova_template_install_07
Provide the Network details such as DNS servers, IP address, Subnet mask, the default gateway of the appliance and click Next

Check all the information entered and click finish for the VM to be deployed in the environment.

Once the appliance is deployed, power in ON

configure_vdp_01

Once the appliance is powered on, go to the web browser to https://Appliance_IP_Address_or_FQDN:8543/vdp-configure to start the configuration of VDP

configure_vdp_02
In the Web UI, login as root and the default password is changeme , login into the web UI and change the root password

configure_vdp_03

configure_vdp_04
Check the Network settings as these settings will be automatically populated from the values you set while deploying the appliance

configure_vdp_05

configure_vdp_06
Provide a new root password for the VDP appliance
vdp_vcenter_registration_01
Once you enter the details of the External PSC under SSO FQDN you can hit ‘Test Connection’

vdp_vcenter_registration_02

configure_vdp_07
We now create new storage as this is the first VDP appliance being deployed

configure_vdp_08

configure_vdp_09

configure_vdp_10

configure_vdp_11
Click Yes to start the configuration
configure_vdp_12
Once the process completes, the appliance will restart and you can get into the main Web UI
vdp_main_page_URL
Use this URL to get into the VDP Configuration Web UI

vdp_main_page

vdp_main_UI_vCenter_Home
This is the UI you see when you login into the vCenter Web Client and click on VDP menu item

SSO Server test failed when Configuring VDP 6.1.8 during vCenter Registration

Recently, I came across an issue while configuring a new instance of VDP 6.1.8 appliance while performing vCenter Registration to the vCenter appliance 6.5 with an external Platform Services Controller.

below is the error message I have been getting

vdp_error_vcenter_registration

I have provided the administrator account user credentials to the VCSA (vCenter server) with the default ports but still received the error.

Upon some deep troubleshooting, found out that the SSO server is the Platform Services Controller (PSC) since my environment had an external PSC and here is how you resolve this issue:

De-select the checkbox “Use vCenter for SSO authentication”, and add the Platform Services Controller hostname/IP in the new SSO entry line.

vdp_vcenter_registration_01

Now, you can test the connection and it will be a success

vdp_vcenter_registration_02

This is how the issue was resolved. Hope it helps someone out there.

This is with VDP version 6.1.8 connecting to VCSA 6.5 with External PSC

PSC’s fail to join Domain after Upgrade from vSphere 6.0 U2 to 6.0 U2b or 6.0U3b

Recently, I have come across an issue with the PSC’s not joining to the domain (They disconnected from the domain automatically) after upgrading the vCenter components (PSC01, PSC02 and vCenter windows server) from 6.0 Update 2 build 3634791 to 6.0 Update 2a build 4632154 or to 6.0 Update 3b build 5326079. This issue occurred as the windows domain controller was 2012 R2 and SMB 2 was the communication protocol to the domain controller. we have to enable SMB 2 on the PSC’s for them to communicate to the domain after the Upgrade.

here is the process to enable SMB2 on the PSC’s —

login to PSC01 and run the following command to check the values

/opt/likewise/bin/lwregshell list_values '[HKEY_THIS_MACHINE\Services\lwio\Parameters\Drivers\rdr]'

check the value of “Smb2Enabled”, this value will be 0, we will need to change it to 1 to enable it.

change SMB2 to be Enabled

/opt/likewise/bin/lwregshell set_value '[HKEY_THIS_MACHINE\Services\lwio\Parameters\Drivers\rdr]' Smb2Enabled 1

Once enabled, we need to restart the service lwio

/opt/likewise/bin/lwsm restart lwio

Check the values again —

/opt/likewise/bin/lwregshell list_values '[HKEY_THIS_MACHINE\Services\lwio\Parameters\Drivers\rdr]'

This time the value of “Smb2Enabled” will be 1.

This process is repeated for PSC02 as well and once this is done on both the PSC’s, you can go ahead and add the PSC’s to the domain and the function works !!

The process to change the SMB value on ESXi 6.0 is a little different and here are the commands —

Check values —

/usr/lib/vmware/likewise/bin/lwregshell list_values ‘[HKEY_THIS_MACHINE\Services\lwio\Parameters\Drivers\rdr]’

Change SMB2 to be enabled

/usr/lib/vmware/likewise/bin/lwregshell set_value ‘[HKEY_THIS_MACHINE\Services\lwio\Parameters\Drivers\rdr]’ SMB2Enabled 1

Restart lwio service

/usr/lib/vmware/likewise/bin/lwsm restart lwio

 

Reset root password on vCenter PSC 6.0 U2

Resetting the root password on a Platform Services Controller (PSC) 6.0 U2 is taken from the following link —

Link to Reset PSC root Password

The above website clearly mentions on how to use the SUSE Linux Rescue CD to create a new root password and update it in the /etc/shadow file on the PSC itself and after reboot you will be able to get into the PSC with the new password.

Hope this helps !!

Recovery Plan Steps in SRM 6.1 are skipped when the plan is initiated

Recently I came across an issue where SRM 6.1 skipped few steps during a Recovery Plan failover from Recovery site to Protected Site. I had to dig into the SRM settings to find out why and I found that I didn’t configure the Custom IP network rules on the Recovery site so the recovery plan skipped customizing IP address on the recovered VMs back in Protected Site.

here is the message as shown:

SRM_Recoveryplan_Error_Skipped

Explanation —

I have Two sites

Protected Site — NC

Recovery Site — Dallas

I have failed over from NC to Dallas fine because I put in the Network IP rules in the site NC under SRM –> Sites –> NC –> Manage –> Network Mappings, settings as shown:

Site_Network_Mappings_1

As shown above, I have created the network IP Customization rule in Site_NC but forgot to do it in Site_Dallas. That is the reason why when the failback from Dallas to NC was initiated it skipped the IP customization of the VMs during the Recovery process.

NOTE: Make sure that you configure the Network IP rules on both the Protected and Recovery sites so that the IP customization is applied on the VMs at both the sites.

Peer Client db version is lower than local – UCS FI cluster error

My colleagues have been facing this particular error recently when working on the Converged Infrastructure (Vblock, VxBlock etc) that when trying to check the FI Cluster state, it gives an error ” Peer Client db version is lower than local, self version: 3, peer version: 1″ when SSH into the FI Cluster IP address. The screen shot is as shown below:

ucs_ha_error

There are at least two resolutions which have worked so far with this kind of error on the FI Cluster

Resolutions

  1. Reboot the Peer FI (In the above case it was FI B (Subordinate)) so the database on FI B sync up with the FI A, Once FI B comes up, it will be in sync with FI A and the cluster state will be HA ready.
  2. SSH to the cluster IP, connect local-mgmt A (whichever is the primary), then do Cluster lead B (or whichever is subordinate), This will Failover the UCS Management service from Primary to Subordinate. This is a less Impactful method than the first method.
  3. restart pmon service on the peer FI (A/B) and this could fix the issue

Let me know if you come across any solutions to this issue.

vSphere 6.5 and What’s New?

Looks like VMware finally got around to have a public statement on the release of vSphere 6.5 and here are some of its main NEW features

vCenter Server Appliance

  1. vCenter server appliance now has integrated Update Manager
  2. vCenter server appliance now has its native High Availability
  3. vCenter server appliance has better appliance management
  4. vCenter server appliance now has native Backup/Restore
  • HTML-5 based vSphere web client

Security

  1. VM-level disk encryption capability designed to protect against unauthorized access to data. (This is done using the vSphere storage policy framework)
  2. Encrypted vMotion capability
  3. vSphere 6.5 adds a secure boot to the hypervisor to protect both the hypervisor and guest operating system
  4. Enhanced audit-quality logging capability to provide more information about user actions like who did what, when and where if you need to investigate your environment

Host Resource management

  1. Enhanced Host profiles (updated graphical editor that is part of the vSphere Web Client now has an easy-to-use search function in addition to a new ability to mark individual configuration elements as favorites for quick access, Administrators now have the means to create a hierarchy of host profiles by taking advantage of the new ability to copy settings from one profile to one or many others)
  2. Auto Deploy (Easier to manage in vSphere 6.5 with the introduction of a full-featured graphical interface.  Administrators no longer need to use PowerCLI to create and manage deploy rules or custom ESXi images)
  3. Proactive HA ( Proactive HA will detect hardware conditions of a host and allow you to evacuate the VMs before the issue causes an outage.  Working in conjunction with participating hardware vendors, vCenter will plug into the hardware monitoring solution to receive the health status of the monitored components such as fans, memory, and power supplies.  vSphere can then be configured to respond according to the failure)
  4. vSphere HA Orchestrated Restart (vSphere 6.5 now allows creating dependency chains using VM-to-VM rules.  These dependency rules are enforced if when vSphere HA is used to restart VMs from failed hosts.  This is great for multi-tier applications that do not recover successfully unless they are restarted in a particular order.  A common example to this is a database, app, and web server)
  5. Additional Restart priority levels in HA (vSphere 6.5 adds two additional restart priority levels named Highest and Lowest providing five total.  This provides even greater control when planning the recovery of virtual machines managed by vSphere HA)
  6. Simplified vSphere HA Admission Control ( First major change is that the administrator simply needs to define the number of host failures to tolerate (FTT).  Once the numbers of hosts are configured, vSphere HA will automatically calculate a percentage of resources to set aside by applying the “Percentage of Cluster Resources” admission control policy.  As hosts are added or removed from the cluster, the percentage will be automatically recalculated, Additionally, the vSphere Web Client will issue a warning if vSphere HA detects a host failure would cause a reduction in VM performance based on the actual resource consumption, not only based on the configured reservations)
  7. Fault Tolerance (FT)  (vSphere 6.5 FT has more integration with DRS which will help make better placement decisions by ranking the hosts based on the available network bandwidth as well as recommending which datastore to place the secondary vmdk files, FT networks can now be configured to use multiple NICs to increase the overall bandwidth available for FT logging traffic)
  8. DRS Advanced options (VM Distribution, Memory Metric for Load Balancing, CPU over-commitment have their own check boxes in DRS)
  9. Network-Aware DRS (DRS now considers network utilization, DRS observes the Tx and Rx rates of the connected physical uplinks and avoids placing VMs on hosts that are greater than 80% utilized. DRS will not reactively balance the hosts solely based on network utilization, rather, it will use network utilization as an additional check to determine whether the currently selected host is suitable for the VM)

 

These are some of the main improvements in vSphere 6.5.

All this data has been taken from

http://blogs.vmware.com/vsphere/2016/10/whats-new-in-vsphere-6-5-host-resource-management-and-operations.html

http://blogs.vmware.com/vsphere/2016/10/introducing-vsphere-6-5.html