I recently changed from Windows based VMware Update Manager (VUM) to Update Manager which is embedded in to the appliance of vCenter. In old VUM I had increased host reboot timeouts to allow host firmware patching during reboot without timing out remediation job. In appliance the vci-integrity.xml file located in “/usr/lib/vmware-updatemgr/bin”. You need to restart VUM service or appliance after the change.
Lines which need to be change are following:
Changed the values to:
This change allows me to patch ESXi host and install new firmware’s with a same reboot and with as least operations as possible.
I was installing a new ESXi and after some steps I got an error “Illegal OpCode” while booting. It happened after ESXi patching with VUM. After some debugging I found the issue.
The server had local storage where I created a VMFS datastore before patching. In BIOS boot order was CD/DVD ROM, Hard Disk and USB. ESXi was installed onto USB. The error happened when server tried to boot from disk which contained VMFS datastore. After I moved USB before Hard Disk in boot order server booted correctly.
I saw an article in The Register that Dell EMC will discontinue the software-only version of ScaleIO and you can only get it if you buy it together with hardware (VxRack Flex). Today I tried searching Dell EMC website for ScaleIO downloads but all the links redirected to Dell EMC’s Converged Infrastructure homepage. Seems Dell EMC has removed the possibility download ScaleIO from their website.
ScaleIO is a software-defined storage product. It converts direct-attached storage into shared block storage over LAN.
More info: wikipedia
I got a question about using Windows Defender Credential Guard in VMware virtual machines. I did some digging and found following things:
Info from https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-requirements
Windows Defender Credential Guard requires:
- Support for Virtualization-based security (required)
- Secure boot (required)
- TPM 2.0 either discrete or firmware (preferred – provides binding to hardware)
- UEFI lock (preferred – prevents attacker from disabling with a simple registry key change)
The Virtualization-based security requires:
- 64-bit CPU
- CPU virtualization extensions plus extended page tables
- Windows hypervisor
As of today only VMware Workstation 14 has option to enable Virtualization-based security. I created a case to VMWare where I inquired about support for Virtualization-based security in vSphere and answer I got that it will be available in the future version.
Recently we had a case where we tried to restore a VM and it failed. Although all backups finished successfully. We also noticed that single file recovery from that VM was not available. After taking another look at the backup jobs we noticed that the affected VM had only backed up 5 files instead of thousands of files which is normal when “Enable file recovery from VM backup” is enabled.
After some investigation together with Veritas we discovered that Changed Block Tracking (CBT) file was corrupted. We deleted the cbt files from VM directory when VM was powered off. After VM was powered on again new cbt files were created. After that everything started to work correctly.
VMWare KB article about enabling/disabling Changed Block Tracking (CBT) – https://kb.vmware.com/s/article/1031873
Recently I saw couple of VMs which were giving me a warning – “Number of cores per socket cannot be greater than number of virtual CPUs”
This happens when number of vcpu-s is set to smaller number than cores per socket. In my case developer used API to set number of vcpu-s to 2 and number of cores per socket to 4. He made a mistake of thinking that number of vcpu-s was actually number of sockets. After correcting the value on number of vcpu-s to 8 the warning disappeared.
I discovered an issue with my vSphere 6.5 (build 5973321) when trying to delegate permissions via new HTML5 UI – when I try to search for a Active Directory group nothing is found. Same operation in old Flash based UI successfully found the group. I also tried with latest vSphere build 7119157 – the issue exists in that version as well. Authentication source Active Directory is configured as “Active Directory (Windows Integrated Authentication).
As the old UI works I’ll be opening a support case sometimes in the new year to confirm the issue with VMWare.
05.01.2018 Update: According to VMWare support HTML5 GUI is not fully supported and this type of issues may occur. It will be fixed when HTML5 GUI will be fully supported.