I recently tried to patch my vCenter 6.7 to latest patch level and it failed with a weird message on the appliance console – “Update failed. Fix and reset banner.”
Tried to update from console using “software-package” tool – same result. I took a look into software-packages.log file in /var/log/vmware/applmgmt folder and noticed a line “You are required to change your password immediately (root enforced)”. Used passwd to change the root password and restarted the upgrade – Success!.
This warning may appear after installing patches contained in release ESXi650-201808001 (14 Aug 2018) and you have not updated your vCenter Server. After upgrade of vCenter Server you will see a following warning – “This host is potentially vulnerable to issues described in CVE-2018-3646, please refer to https://kb.vmware.com/s/article/55636 for details and VMware recommendations.”
Link to KB55636
Link to CVE-2018-3646
The correct order to apply these patches is:
1) vCenter patches
2) ESXi patches
3) Evaluate and set “VMkernel.Boot.hyperthreadingMitigation” to “true” if you want to enable the patch.
Some more links to check: KB55806
Recently we encountered an issue when we tried to deploy VMs from templates it crashed vCenter Server. VM deployment got stuck between 70%-95% and after a few minutes vCenter Web Clients were not responding and we had to restart vCenter services to get it back up and running.
It seems that templates were missing some info – check https://kb.vmware.com/s/article/20565429. After converting templates back to VMs and again back to templates the deployments were successful and vCenter Server no longer crashed.
Update (13.07.2018) – Same issue affects Veritas NetBackup to get an inventory from a vCenter Server – error “Validation constraint violation”. More info – https://www.veritas.com/support/en_US/article.100033934
After migration from vSphere 5.5 to vSphere 6.5 U2 we had issues with custom certificates and Site Recovery Manager – see the previous post.
Now I have discovered another error – when using both HTML5 or Flex client on one the vCenter servers and trying to perform a cross site vMotion we are getting validation error: “Cannot complete login due to an incorrect user name or password.”. The error does not appear when we use clients on another vCenter Server.
We have opened a case in VMWare but currently no solution yet. They have scanned through the logs and found an error that indicates still issues with certificates – “com.vmware.vim.vmomi.client.http.impl.ThumbprintTrustManager Server certificate chain is not trusted but thumbprint matches”
I will update the blog post as things progress with this issue.
Recently during upgrade we stumbled on a issue with SRM not been able to work with vSphere vCenter 6.5 U2 which was migrated from vSphere 5.5. SRM 8.1 went into error loop after creating a site pair. Looking into different SRM log files we discovered error in the dr.log in “C:\ProgramData\VMware\VMware vCenter Site Recovery Manager\runtime\srm-client\logs” folder. Error was – com.vmware.vim.vmomi.client.exception.SslException: Failed to connect to Lookup Service at https://<vcenterhostname>/lookupservice/sdk. Reason: com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate chain is not trusted and thumbprint verification is not configured
After few days and no usable help from VMWare support we decided to try process described in couple of blog posts and KB articles:
Before we did anything we created snapshots from vCenter servers while they were both turned off at the same time.
After determining that we had issues with one cert which was not updated we performed the fix against both vCenters and in one them 7 services were updated by ls_update_certs.py. After that SRM worked correctly.
I tried to remove RDM disk from VM but it failed with an error “invalid configuration for device 0”. I have usually seen this message related with vNIC but this time it was the disk.
After some searching I found a solution – I changed SCSI ID from 0:1 to 0:2 for the disk I wanted to remove. After that remove operation worked.
I’ve recently extended my home lab with additional capacity. In addition to my Windows Server + VMware Workstation (info here) I’ve added refurbished HPE DL380 G7 server with following configuration:
1 x Intel Xeon Processor X5650 2.66Ghz
will add SSD in the future
The added server is running VMWare ESXi 6.7. It hosts vCenter 6.7 appliance and also few virtual ESXi 6.7 instances. HPE G7 series servers are not officially supported by VMWare to run ESXi 6.7 but it seems to be working for now.
I found my refurbished HPE G7 server from Ebay.