Stuff I'm Up To

Technical Ramblings

VMWare Restart Guest from Command Line — August 16, 2017

VMWare Restart Guest from Command Line

We don’t have to do this so often. So when we do I always forget the syntax.

Login as root on the host of the guest OS. Find the numeric VMID of the guest and issue a power off/on command.

# vim-cmd vmsvc/getallvms | grep -i "[GUESTNAME]"
Vmid                   Name                                                             File                                                   Guest OS          Version                                                                                                      Annotation                                                                                                   
114    PaymentsTest                            [Datastore-1] PaymentsTest/PaymentsTest.vmx                                               windows8Server64Guest   vmx-10

# vim-cmd vmsvc/power.getstate 114
Retrieved runtime info
Powered on

# vim-cmd vmsvc/power.off 114
Powering off VM:

# vim-cmd vmsvc/power.getstate 114
Retrieved runtime info
Powered off

# vim-cmd vmsvc/power.on 114
Powering on VM:

 

References: https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1038043

Advertisements
VCSA 6.0 U3b to 6.5 U1 — August 10, 2017

VCSA 6.0 U3b to 6.5 U1

So far this upgrade seems to frustrating straight out of the box! We already run a VCSA (vCenter Server Appliance) and the process should be to automatically deploy a new VCSA and migrate the data from the old to the new and then power down the old. All from the Windows GUI installer.

But it fails to deploy with an unknown error.

If you save and view the installer log it becomes abundantly clear what the failure is. The installer is trying to issue a ‘date’ command at the current VCSA’s command line, and fails because it’s expecting a BASH shell and instead it is getting the default vCenter shell where the BASH shell is disabled.

2017-08-10T07:56:13.446Z - info: VM Identifier for Source VC: 78
2017-08-10T07:56:13.570Z - debug: initiateFileTransferFromGuest error: ServerFaultCode: A general system error occurred: Unknown error
2017-08-10T07:56:13.573Z - debug: Failed to get fileTransferInfo:ServerFaultCode: A general system error occurred: Unknown error
2017-08-10T07:56:13.573Z - debug: Failed to get url of file in guest vm:ServerFaultCode: A general system error occurred: Unknown error
2017-08-10T07:56:13.573Z - error: Error in getting fileData for nodeType. Error: ServerFaultCode: A general system error occurred: Unknown error
2017-08-10T07:56:13.573Z - error: Failed to read the nodetype, Error: A general system error occurred: Unknown error
2017-08-10T07:56:13.574Z - info: Checking if password expired
2017-08-10T07:56:14.994Z - info: Banner from server, 
VMware vCenter Server Appliance 6.0.0.30200

Type: vCenter Server with an embedded Platform Services Controller


2017-08-10T07:56:14.995Z - info: Connection ready
2017-08-10T07:56:15.008Z - info: STDOUT: Last login: Thu Aug 10 07:55:37 UTC 2017 from pc8501.domain.local on pts/0

2017-08-10T07:56:15.008Z - info: STDOUT: Last login: Thu Aug 10 07:56:15 2017 from pc8766.domain.local

2017-08-10T07:56:15.010Z - info: STDOUT: date
exit

2017-08-10T07:56:15.246Z - info: STDOUT: Connected to service

2017-08-10T07:56:15.255Z - info: STDOUT: [?1034h
    * List APIs: "help api list"
    * List Plugins: "help pi list"
    * Enable BASH access: "shell.set --enabled True"
    * Launch BASH: "shell"


2017-08-10T07:56:15.255Z - info: STDOUT: Command> d
2017-08-10T07:56:15.256Z - info: STDOUT: ate

2017-08-10T07:56:15.270Z - info: STDOUT: Unknown command: `date'
Command> exit

2017-08-10T07:56:15.305Z - info: Stream :: close
2017-08-10T07:56:15.306Z - info: Password not expired
2017-08-10T07:56:15.308Z - error: sourcePrecheck: error in getting source Info: ServerFaultCode: A general system error occurred: Unknown error

In order to address the issue you need to change the default shell for the root user. It’s very easy to do, but will also require a password change.

Logon to the current VCSA using ssh as the root user. Enable the BASH shell and start the shell using:

shell.set --enabled True
shell

Now change the root users default shell using

# chsh -s /bin/bash root

Now the installer should at least proceed through that part to deploy the image to the specified server.

References: https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2100508

VMware Horizon Client on Debian Stretch — July 17, 2017

VMware Horizon Client on Debian Stretch

In order to install the client on Debian 9 (stretch) I’ve had to get libpng12-0 installed from Jessie here:

https://packages.debian.org/en/jessie/amd64/libpng12-0/download

Then had to create symbolic link for libffi.so.5 to the newer version that’s installed.

$ sudo ln -s /usr/lib/x86_64-linux-gnu/libffi.so.5 /usr/lib/x86_64-linux-gnu/libffi.so.6

 

References: https://communities.vmware.com/thread/545364

How to use vSphere 6.x Certificate Manager — March 10, 2017
Guidelines for Microsoft Clustering on vSphere — March 9, 2017

Guidelines for Microsoft Clustering on vSphere

This article provides links to a subset of articles that provide guidelines and support status for running various Microsoft clustering solutions and configurations on VMware vSphere.

VMware provides customers additional flexibility and choice in architecting high-availability solutions. Microsoft has clear support statements for its clustering solutions on VMware.

Additionally, VMware provides guidelines in terms of storage protocols and number of nodes supported by VMware on vSphere, particularly for specific clustering solutions that access shared storage. Other clustering solutions that do not access shared storage, such as Exchange Cluster Continuous Replication (CCR) and Database Availability Group (DAG), can be implemented on VMware vSphere just like on physical systems without any additional considerations.

https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1037959

Horizon SSL/TLS Ciphers — February 25, 2017

Horizon SSL/TLS Ciphers

After running an SSL scan on our external facing Horizon Security Server, using Qualys’ SSLTest and receiving an A- rating, I wanted to fix that by getting at least an A. But in order to do that I needed to understand what was required to get it to an A.

The problem I faced was that I was being marked down for not supporting Perfect Forward Secrecy (PFS).

The server does not support Forward Secrecy with the reference browsers. Grade reduced to A-

Continue reading

Horizon Updating Certificates — February 24, 2017

Horizon Updating Certificates

Updating certificates on the Windows hosts for Connection and Security Servers.

Import the signed SSL server certificate into the Windows local computer certificate store on the Windows Server host.

In the Certificate snap-in, import the server certificate into the Certificates (Local Computer) > Personal > Certificates folder.

Select Mark this key as exportable.

Click Next and click Finish.

For View Connection Server or Security server, add the certificate Friendly name, ‘vdm’, to the new certificate that is replacing the previous certificate. You should only have one certificate with the friendly name vdm, so make sure it’s only the most current certificate.

Right-click the new certificate and click Properties

On the General tab, in the Friendly name field, type vdm.

Click Apply and click OK.

Continue reading

VCSA /storage/log Full — February 1, 2017
Blank Dialog when Managing Connection Server — January 27, 2017
View Composer Certificate —
VMware Horizon Infrastructure Upgrade — January 4, 2017

VMware Horizon Infrastructure Upgrade

Upgrading VMware Horizon is going to be a fun task for the weekend. It means upgrading 3 connection servers, a security server, the vcenter server and the composer server. This is all so we can disable SSLv3 on the ESXi hosts they all run on.

Migration was originally planned from 5.3 to 6.2, as this is the earliest version that resolves the SSLv3 problem. But if we’re going to have to upgrade, why not go all the way to v7?

Continue reading

VMWare View 5.3 & vSphere 5.5 — October 25, 2016

VMWare View 5.3 & vSphere 5.5

As part of our patching process we applied security patches to one of the vSphere ESXi servers. All seemed to go well until we tried to compose systems onto it. We ended up with VDI clients being added to the server, but they’d never start up.

Clearly this was something to do with the patches that were applied.

Checking the log bundle we produced it was certainly an SSL related issue. Those damned certificates again! Well not quite.

Reading through the vmware-vdicomposer.log I picked up on a few of these messages:

Machine Name: VDICOMPOSER, Timestamp: 24/10/2016 15:01:52, App Domain Name: SviWebService.exe, Thread Identity: , Windows Identity: NT AUTHORITY\SYSTEM, OS Version: Microsoft Windows NT 6.1.7601 Service Pack 1, reason: ServiceUnreachable access host: vdiesx01.domain.local access port: 902 disk datastore path: [vdiesx01_fio] VDITestNew_1/VDITestNew_11-internal.vmdk expected certificate thumbprint:

Very strange, a blank thumbprint. Checking the VDI database table dbo.VPX_HOSTS we compared the expected thumbprint to the actual thumbprint on the vSphere server and all looked good. But something couldn’t be right.

Continue reading