Reset root password on vCenter PSC 6.0 U2

Resetting the root password on a Platform Services Controller (PSC) 6.0 U2 is taken from the following link —

Link to Reset PSC root Password

The above website clearly mentions on how to use the SUSE Linux Rescue CD to create a new root password and update it in the /etc/shadow file on the PSC itself and after reboot you will be able to get into the PSC with the new password.

Hope this helps !!

Disable vSphere Managed Object Browser (MOB)

To harden your ESXi 6.0 hosts, we disable the MOB service so that any attacker can’t get to the web browser and access the MOB of the ESXi host (ex: https://esxi01.lab.com/mob), this setting will disable one of the attack vectors of theESXi hosts in the environment.

to do this, you SSH into the ESXi host where you want to disable the mob service and perform the following commands

esxi01# vim-cmd proxysvc/remove_service "/mob" "httpsWithRedirect"

to verify if the mob service has been removed from the ESXi host, use the following command

esxi01# vim-cmd proxysvc/service_list

the above command will list all the services on the ESXi host, look for the service “/mob”, if you don’t see this service, then it has been removed. if it is still there, then you will have to perform the first command and reboot the ESXi host to disable the mob service from the host.

 

 

Can’t fork error on ESi 6 host on UCS Blade

Recently, I was working on an UCS blade firmware upgrade along with esxi upgrade from esxi 5.5 to 6.0 and came across this error where the esxi host became unresponsive with an error “can’t fork” on its DCUI.

here is a little background on this story, this particular blade was B240 blade which was being used as SAP HANA blade by the customer and the firmware upgrade and esxi upgrade went fine and two days later the host became unresponsive and we couldn’t connect to it using SSH, DCUI, etc, connecting to the kvm console revealed the below screen when we went to its Alt+F1 command interface

Esxi_Cant_fork_error

we had to bounce the box and we had to reduce the linux vm memory which was hosting SAP HANA on it to be 10% less than the memory of the esxi host.

Conclusion: The HANA VM (linux) on the esxi host should have 10% less memory than the overall memory of the esxi host to avoid this problem.

How to Install Cisco VEM vib on an ESXi 6 host

Recently, I had to install the Cisco vem module onto an esxi 6 host as it was not installed and i couldn’t join the esxi host to the cisco nexus 1000v distributed switch. here is the process on how to first check if the vem module is installed on the esxi host.

SSH into the esxi host and run the following commands to check if the VEM module is installed

host# esxcli software vib list | grep -i vem

the above command will display the cisco vem module installed on the esxi host, if nothing is displayed then you will have to install the vem module by downloading the vem vib from the nexus 1kv in the environment.

i did it by going to https://nexus1kv_hostname    in a web browser which will display you the vibs which you can download from nexus 1000v, download the vem vib associated with your environment and run the following command to install the vib onto the esxi host

upload the vem vib file onto a datastore on the host

SSH into the esxi host where you want to install the vem module

host# esxcli software vib install -v /vmfs/volumes/<directory_path>/cross_cisco-vem-version_x.x.x.x.x.vib

NOTE: directory_path in the above command is the place where the cisco vem vib is stored. (name of the datastore/volume)

Once the vib is installed you can check the status of the vem by using the command

host# vem status

The above command will display that the VEM agent (vemdpa) is running

Restart the services in VCSA 6.0

Recently I had to restart the web-client service in vcsa 6.0 U1 appliance and found out that the web client service is called differently than in the windows vCenter. the web client service in the vcsa is called vSphere-client

here are the commands to start, stop and restart any services in the vcsa appliance.

To restart a vCenter Server and/or Platform Services Controller service using the command-line:
Log in as root through an SSH or console session on the vCenter Server Appliance.
Run this command to enable the shell:

shell.set --enabled true

Run this command to launch the shell:

shell

Run this command to change directories to /bin:

cd /bin

Run this command to list the vCenter Server Appliance services:

service-control --list

Run this command to stop a specific service:

service-control --stop servicename

You may also stop all services by typing the command:

service-control --stop --all

Run this command to start a specific service:

service-control --start servicename

You may also start all services by typing the command:

service-control --start --all

Here are all the services in the vCenter server appliance –>

vCenter Server Appliance services:

Service Name Description
applmgmt VMware Appliance Management Service
vmware-cis-license VMware License Service
vmware-cm VMware Component Manager
vmware-eam VMware ESX Agent Manager
vmware-sts-idmd VMware Identity Management Service
vmware-invsvc VMware Inventory Service
vmware-mbcs VMware Message Bus Configuration Service
vmware-netdumper VMware vSphere ESXi Dump Collector
vmware-perfcharts VMware Performance Charts
vmware-rbd-watchdog VMware vSphere Auto Deploy Waiter
vmware-rhttpproxy VMware HTTP Reverse Proxy
vmware-sca VMware Service Control Agent
vmware-sps VMware vSphere Profile-Driven Storage Service
vmware-stsd VMware Security Token Service
vmware-syslog VMware Common Logging Service
vmware-syslog-health VMware Syslog Health Service
vmware-vapi-endpoint VMware vAPI Endpoint
vmware-vdcs VMware Content Library Service
vmafdd VMware Authentication Framework
vmcad VMware Certificate Service
vmdird VMware Directory Service
vmware-vpostgres VMware Postgres
vmware-vpx-workflow VMware vCenter Workflow Manager
vmware-vpxd VMware vCenter Server
vmware-vsm VMware vService Manager
vsphere-client vSphere Web Client
vmware-vws VMware System and Hardware Health Manager
vmware-vsan-health VMware Virtual SAN Health Service

Reference: VMware_KB_Article

Upgrade of vCenter 5.5 to vCenter 6.0 with External PSC

I was pretty surprised to see that there are very few posts on the internet detailing the process of upgrading vCenter 5.5 to vCenter 6.0 with an External PSC. so here is my recent experience on how I did it

Environment:

vCenter server 5.5 (Windows)

vCenter SSO 5.5 (Windows)

SQL Server 2012 (Windows)

  1. Take snapshots of the vCenter server, vCenter SSO server and SQL server
  2. take a backup of the vCenter database in the SQL server
  3. mount the “VMware-VIMSetup-all-6.0.0-2562643.iso” to the Windows vCenter SSO 5.5 server
  4. Go ahead and run the autorun program and run the vCenter setup program
  5. The program will automatically detect the SSO 5.5 in the server and let you know that it will be upgraded to PSC 6.0
  6. Click next to continue to go ahead and upgrade the SSO 5.5 to PSC 6.0

This will complete the upgrade process of SSO 5.5 to PSC 6.0

Once this process is complete, we can go ahead and upgrade the vCenter 5.5 to vCenter 6.0 as the SSO 5.5 is upgraded to PSC 6.0

This concludes the way in which we can upgrade the vCenter 5.5 to 6.0 using external PSC if there is already an SSO 5.5 server available in the environment.

Upgrade or Patch An External PSC (Platform Services Controller) vCenter 6.0

Today, I had to patch an external PSC controllers at a customer site, and here is the process I followed:

  1. First, take a snapshot of the platform controllers (PSC01 and PSC02)
  2. Enable SSH on the platform controllers (SSH), I did this by logging in from the DCUI of the PSC appliance and enable SSH
  3. Use a client like Putty to SSH into PSC01
  4. Before doing anything, go ahead and mount the iso, in my case it was “VMware-vCenter-Server-Appliance-6.0.0.xxxxx-36xxxxx-patch.iso” to the PSC01 virtual machine
  5. After logging into the PSC01 using SSH, login to PSC01 and perform the following commands
  6. Command> software-packages stage --iso --acceptEulas
  7. The above command will stage the code in the appliance
  8. Once the staging is complete, we do the following
  9. Command>software-packages install --staged
  10. This will start the installation of the staged code in the PSC
  11. we repeat the same steps for PSC01

here is the screen of the commands:

Patching_External_PSC_controller

PS: I have observed that the installation process takes quite a while to complete.

Here is the error I have come across when upgrading the PSC:

Error_while_upgrading_PSC

NOTE: I have received an error “specified group ‘Ip’ unknown” while upgrading the PSC and the solution is to enable IPv6 on the PSC before starting the upgrade. This solution was taken from the release notes here

EDIT: I have observed that even if you enable IPv6 on the appliance, you still get the message “Specified group ‘Ip’ unknown”, however the upgrade process fine and completes the upgrade.

 

EDIT: You could also use the following command if you don’t want to stage the code

Command>software-packages install --iso --acceptEulas