I have been thinking of writing this post for a while and here you go…
In vSphere 6.0 U2, you can have an External PSC or an Embedded PSC. The below process is to add an External PSC to the Active Directory Domain.
Login into the vCenter server, go to Administration tab, go to System Configuration –> Nodes and click on the PSC node you want to add to the domain.
once credentials are provided, click OK to proceed.
Note that the only way for you to know that this process is complete is that you get no error and there is no entry in the recent tasks tab in the vSphere web client. If that is the case then the domain add is successful.
Now, you will need to reboot the PSC
In a similar way, you can add the remaining PSC’s to the domain and finally, you will need to add the Identity source to the vCenter server itself under single sign-on
Recently, I came across an issue while configuring a new instance of VDP 6.1.8 appliance while performing vCenter Registration to the vCenter appliance 6.5 with an external Platform Services Controller.
below is the error message I have been getting
I have provided the administrator account user credentials to the VCSA (vCenter server) with the default ports but still received the error.
Upon some deep troubleshooting, found out that the SSO server is the Platform Services Controller (PSC) since my environment had an external PSC and here is how you resolve this issue:
De-select the checkbox “Use vCenter for SSO authentication”, and add the Platform Services Controller hostname/IP in the new SSO entry line.
Now, you can test the connection and it will be a success
This is how the issue was resolved. Hope it helps someone out there.
This is with VDP version 6.1.8 connecting to VCSA 6.5 with External PSC
Recently, I have come across an issue with the PSC’s not joining to the domain (They disconnected from the domain automatically) after upgrading the vCenter components (PSC01, PSC02 and vCenter windows server) from 6.0 Update 2 build 3634791 to 6.0 Update 2a build 4632154 or to 6.0 Update 3b build 5326079. This issue occurred as the windows domain controller was 2012 R2 and SMB 2 was the communication protocol to the domain controller. we have to enable SMB 2 on the PSC’s for them to communicate to the domain after the Upgrade.
here is the process to enable SMB2 on the PSC’s —
login to PSC01 and run the following command to check the values
The above website clearly mentions on how to use the SUSE Linux Rescue CD to create a new root password and update it in the /etc/shadow file on the PSC itself and after reboot you will be able to get into the PSC with the new password.
To harden your ESXi 6.0 hosts, we disable the MOB service so that any attacker can’t get to the web browser and access the MOB of the ESXi host (ex: https://esxi01.lab.com/mob), this setting will disable one of the attack vectors of theESXi hosts in the environment.
to do this, you SSH into the ESXi host where you want to disable the mob service and perform the following commands
to verify if the mob service has been removed from the ESXi host, use the following command
esxi01# vim-cmd proxysvc/service_list
the above command will list all the services on the ESXi host, look for the service “/mob”, if you don’t see this service, then it has been removed. if it is still there, then you will have to perform the first command and reboot the ESXi host to disable the mob service from the host.
Recently, I was working on an UCS blade firmware upgrade along with esxi upgrade from esxi 5.5 to 6.0 and came across this error where the esxi host became unresponsive with an error “can’t fork” on its DCUI.
here is a little background on this story, this particular blade was B240 blade which was being used as SAP HANA blade by the customer and the firmware upgrade and esxi upgrade went fine and two days later the host became unresponsive and we couldn’t connect to it using SSH, DCUI, etc, connecting to the kvm console revealed the below screen when we went to its Alt+F1 command interface
we had to bounce the box and we had to reduce the linux vm memory which was hosting SAP HANA on it to be 10% less than the memory of the esxi host.
Conclusion: The HANA VM (linux) on the esxi host should have 10% less memory than the overall memory of the esxi host to avoid this problem.
Recently, I had to install the Cisco vem module onto an esxi 6 host as it was not installed and i couldn’t join the esxi host to the cisco nexus 1000v distributed switch. here is the process on how to first check if the vem module is installed on the esxi host.
SSH into the esxi host and run the following commands to check if the VEM module is installed
host# esxcli software vib list | grep -i vem
the above command will display the cisco vem module installed on the esxi host, if nothing is displayed then you will have to install the vem module by downloading the vem vib from the nexus 1kv in the environment.
i did it by going to https://nexus1kv_hostname in a web browser which will display you the vibs which you can download from nexus 1000v, download the vem vib associated with your environment and run the following command to install the vib onto the esxi host
upload the vem vib file onto a datastore on the host
SSH into the esxi host where you want to install the vem module
Recently I had to restart the web-client service in vcsa 6.0 U1 appliance and found out that the web client service is called differently than in the windows vCenter. the web client service in the vcsa is called vSphere-client
here are the commands to start, stop and restart any services in the vcsa appliance.
To restart a vCenter Server and/or Platform Services Controller service using the command-line:
Log in as root through an SSH or console session on the vCenter Server Appliance.
Run this command to enable the shell:
shell.set --enabled true
Run this command to launch the shell:
Run this command to change directories to /bin:
Run this command to list the vCenter Server Appliance services:
Run this command to stop a specific service:
service-control --stop servicename
You may also stop all services by typing the command:
service-control --stop --all
Run this command to start a specific service:
service-control --start servicename
You may also start all services by typing the command:
service-control --start --all
Here are all the services in the vCenter server appliance –>
I was pretty surprised to see that there are very few posts on the internet detailing the process of upgrading vCenter 5.5 to vCenter 6.0 with an External PSC. so here is my recent experience on how I did it
vCenter server 5.5 (Windows)
vCenter SSO 5.5 (Windows)
SQL Server 2012 (Windows)
Take snapshots of the vCenter server, vCenter SSO server and SQL server
take a backup of the vCenter database in the SQL server
mount the “VMware-VIMSetup-all-6.0.0-2562643.iso” to the Windows vCenter SSO 5.5 server
Go ahead and run the autorun program and run the vCenter setup program
The program will automatically detect the SSO 5.5 in the server and let you know that it will be upgraded to PSC 6.0
Click next to continue to go ahead and upgrade the SSO 5.5 to PSC 6.0
This will complete the upgrade process of SSO 5.5 to PSC 6.0
Once this process is complete, we can go ahead and upgrade the vCenter 5.5 to vCenter 6.0 as the SSO 5.5 is upgraded to PSC 6.0
This concludes the way in which we can upgrade the vCenter 5.5 to 6.0 using external PSC if there is already an SSO 5.5 server available in the environment.