Resetting the root password on a Platform Services Controller (PSC) 6.0 U2 is taken from the following link —
Link to Reset PSC root Password
The above website clearly mentions on how to use the SUSE Linux Rescue CD to create a new root password and update it in the /etc/shadow file on the PSC itself and after reboot you will be able to get into the PSC with the new password.
Hope this helps !!
To harden your ESXi 6.0 hosts, we disable the MOB service so that any attacker can’t get to the web browser and access the MOB of the ESXi host (ex: https://esxi01.lab.com/mob), this setting will disable one of the attack vectors of theESXi hosts in the environment.
to do this, you SSH into the ESXi host where you want to disable the mob service and perform the following commands
esxi01# vim-cmd proxysvc/remove_service "/mob" "httpsWithRedirect"
to verify if the mob service has been removed from the ESXi host, use the following command
esxi01# vim-cmd proxysvc/service_list
the above command will list all the services on the ESXi host, look for the service “/mob”, if you don’t see this service, then it has been removed. if it is still there, then you will have to perform the first command and reboot the ESXi host to disable the mob service from the host.
Recently, I was working on an UCS blade firmware upgrade along with esxi upgrade from esxi 5.5 to 6.0 and came across this error where the esxi host became unresponsive with an error “can’t fork” on its DCUI.
here is a little background on this story, this particular blade was B240 blade which was being used as SAP HANA blade by the customer and the firmware upgrade and esxi upgrade went fine and two days later the host became unresponsive and we couldn’t connect to it using SSH, DCUI, etc, connecting to the kvm console revealed the below screen when we went to its Alt+F1 command interface
we had to bounce the box and we had to reduce the linux vm memory which was hosting SAP HANA on it to be 10% less than the memory of the esxi host.
Conclusion: The HANA VM (linux) on the esxi host should have 10% less memory than the overall memory of the esxi host to avoid this problem.
Recently, I had to install the Cisco vem module onto an esxi 6 host as it was not installed and i couldn’t join the esxi host to the cisco nexus 1000v distributed switch. here is the process on how to first check if the vem module is installed on the esxi host.
SSH into the esxi host and run the following commands to check if the VEM module is installed
host# esxcli software vib list | grep -i vem
the above command will display the cisco vem module installed on the esxi host, if nothing is displayed then you will have to install the vem module by downloading the vem vib from the nexus 1kv in the environment.
i did it by going to https://nexus1kv_hostname in a web browser which will display you the vibs which you can download from nexus 1000v, download the vem vib associated with your environment and run the following command to install the vib onto the esxi host
upload the vem vib file onto a datastore on the host
SSH into the esxi host where you want to install the vem module
host# esxcli software vib install -v /vmfs/volumes/<directory_path>/cross_cisco-vem-version_x.x.x.x.x.vib
NOTE: directory_path in the above command is the place where the cisco vem vib is stored. (name of the datastore/volume)
Once the vib is installed you can check the status of the vem by using the command
host# vem status
The above command will display that the VEM agent (vemdpa) is running
Recently I had to restart the web-client service in vcsa 6.0 U1 appliance and found out that the web client service is called differently than in the windows vCenter. the web client service in the vcsa is called vSphere-client
here are the commands to start, stop and restart any services in the vcsa appliance.
To restart a vCenter Server and/or Platform Services Controller service using the command-line:
Log in as root through an SSH or console session on the vCenter Server Appliance.
Run this command to enable the shell:
shell.set --enabled true
Run this command to launch the shell:
Run this command to change directories to /bin:
Run this command to list the vCenter Server Appliance services:
Run this command to stop a specific service:
service-control --stop servicename
You may also stop all services by typing the command:
service-control --stop --all
Run this command to start a specific service:
service-control --start servicename
You may also start all services by typing the command:
service-control --start --all
Here are all the services in the vCenter server appliance –>
vCenter Server Appliance services:
||VMware Appliance Management Service
||VMware License Service
||VMware Component Manager
||VMware ESX Agent Manager
||VMware Identity Management Service
||VMware Inventory Service
||VMware Message Bus Configuration Service
||VMware vSphere ESXi Dump Collector
||VMware Performance Charts
||VMware vSphere Auto Deploy Waiter
||VMware HTTP Reverse Proxy
||VMware Service Control Agent
||VMware vSphere Profile-Driven Storage Service
||VMware Security Token Service
||VMware Common Logging Service
||VMware Syslog Health Service
||VMware vAPI Endpoint
||VMware Content Library Service
||VMware Authentication Framework
||VMware Certificate Service
||VMware Directory Service
||VMware vCenter Workflow Manager
||VMware vCenter Server
||VMware vService Manager
||vSphere Web Client
||VMware System and Hardware Health Manager
||VMware Virtual SAN Health Service
I was pretty surprised to see that there are very few posts on the internet detailing the process of upgrading vCenter 5.5 to vCenter 6.0 with an External PSC. so here is my recent experience on how I did it
vCenter server 5.5 (Windows)
vCenter SSO 5.5 (Windows)
SQL Server 2012 (Windows)
- Take snapshots of the vCenter server, vCenter SSO server and SQL server
- take a backup of the vCenter database in the SQL server
- mount the “VMware-VIMSetup-all-6.0.0-2562643.iso” to the Windows vCenter SSO 5.5 server
- Go ahead and run the autorun program and run the vCenter setup program
- The program will automatically detect the SSO 5.5 in the server and let you know that it will be upgraded to PSC 6.0
- Click next to continue to go ahead and upgrade the SSO 5.5 to PSC 6.0
This will complete the upgrade process of SSO 5.5 to PSC 6.0
Once this process is complete, we can go ahead and upgrade the vCenter 5.5 to vCenter 6.0 as the SSO 5.5 is upgraded to PSC 6.0
This concludes the way in which we can upgrade the vCenter 5.5 to 6.0 using external PSC if there is already an SSO 5.5 server available in the environment.
Today, I had to patch an external PSC controllers at a customer site, and here is the process I followed:
- First, take a snapshot of the platform controllers (PSC01 and PSC02)
- Enable SSH on the platform controllers (SSH), I did this by logging in from the DCUI of the PSC appliance and enable SSH
- Use a client like Putty to SSH into PSC01
- Before doing anything, go ahead and mount the iso, in my case it was “VMware-vCenter-Server-Appliance-6.0.0.xxxxx-36xxxxx-patch.iso” to the PSC01 virtual machine
- After logging into the PSC01 using SSH, login to PSC01 and perform the following commands
Command> software-packages stage --iso --acceptEulas
- The above command will stage the code in the appliance
- Once the staging is complete, we do the following
Command>software-packages install --staged
- This will start the installation of the staged code in the PSC
- we repeat the same steps for PSC01
here is the screen of the commands:
PS: I have observed that the installation process takes quite a while to complete.
Here is the error I have come across when upgrading the PSC:
NOTE: I have received an error “specified group ‘Ip’ unknown” while upgrading the PSC and the solution is to enable IPv6 on the PSC before starting the upgrade. This solution was taken from the release notes here
EDIT: I have observed that even if you enable IPv6 on the appliance, you still get the message “Specified group ‘Ip’ unknown”, however the upgrade process fine and completes the upgrade.
EDIT: You could also use the following command if you don’t want to stage the code
Command>software-packages install --iso --acceptEulas