Author Archives: admin

Enable Copy and Paste in the vSphere Client Console

Leave a reply

One of the most annoying things about the vSphere Thick Client, is the fact that you cannot copy and paste things between your local computer and the VM by default. I know that VMware is pushing us to use the Web Client, but let’s face it, 95% of their customers are still using the Windows Client that they have become accustomed to.
For those customers, this one’s for you!

In order to enable Copy and Paste through the console, you will need add a custom config to EACH VM. (This is not a global setting).

  1. Edit the Settings of a VM using vSphere Thick or Web Client
  2. Select the Options > Advanced > General > Configuration Parameters
  3. Click Add Row for each of the following settings

    Name: isolation.tools.copy.disable 
    Value: false

    Name: isolation.tools.paste.disable
    Value: false

  4. Click OK and reboot VM (or if set while VM is off, boot VM)

VMware Horizon View Error: SSL Session Negotiation Failed or The Zero Client may not be compatible with the host session negotiation cipher settings.

Leave a reply

I just did a Horizon View Upgrade from 5.2 to Horizon 7 for a large customer who uses Zero Clients for every employee. The customer is using Dell Wise P25 Zero Clients for most employees, but still have the older P20 for a select few. Both the P20 and P25 uses chipsets from Teradici, but the firmware on each is slightly different.
After the upgrade, employees using the older P20 Zero Clients would get the following error when trying to connect to their View session:

SSL Session Negotiation Failed or The Zero Client may not be compatible with the host session negotiation cipher settings.

After much research, I found a few KBs and Posts with the apparent “fix”, but none of them worked as they claimed – at least not in this environment. After spending many hours trying to resolve this, I found a solution that worked for this client. I hope this helps someone else.

This issue affects Horizon View 6.2 and 7.0. The root cause of this is due to VMware disabling support for the less secure TLS 1.0 protocol. The P25 Zero Clients need the latest 4.8 Firmware, which addresses the problem, but the P20 Zero Client’s only support firmware up to 4.5, which does not address this issue, so a workaround is needed. After following some blogs about importing a Group Policy, I found it to be a waste of time.  So here is what actually works.

On each virtual desktop (or gold image), you’ll need to add the following Registry Key:

HKLM\Software\Teradici\PCoIP\pcoip_admin
Name: pcoip.ssl_protocol
Type: REG_SZ
Value: TLS1.0:TLS1.1:TLS1.2

Or download and import this .reg file I created with these settings: Regedit File Download
This allows TLS 1.0 connections via the installed agent.

On the Connection Server, edit the Connection Server Settings and uncheck Secure Tunnel
View Configuration – Servers – Connection Servers – Edit

This will allow connections to Authenticate through the Connection Server and then connect directly to the Virtual Desktop.

This fixed the issue for the customer until they can replace their older Zero Clients.

 

Deploy vSphere HTML5 Web Client

Leave a reply

My last post had a link to a VMware Fling for the HTML5 Web Client for vSphere, but I thought I would follow-up with a step-by-step guide on deploying it (since it is an appliance). These guides seem to get the most traffic, so I assume they are the most helpful. Here we go.

First lets grab the HTML5 Appliance .OVA file and we will also need a .bat file (assuming you are using vCenter on Windows). You can grab those here.

Always use the regular Web Client to deploy and configure your VMs. More and more features are being removed from the thick client. If you try to deploy this appliance using the thick client, you will need to setup and IP pool. (This is not required if you are using the web client).
vSphere HTML5 Web Client IP Pools

Appliance Deployment

Through the existing Web Client, deploy a new OVF Template. Select the downloaded .ova file, accept the agreements, choose your storage, networks, and deploy.

 

Configure vSphere HTML5 appliance with vCenter for Windows

  1. Open Command Prompt as Administrator and Run the “Server-Configure.bat” script we downloaded from VMware’s fling page earlier on the Windows server where vCenter is installed. This must be ran as Administrator, and must be run from Command Prompt, and not just RIght-Clicked and Ran from Explorer
    (The script assumes vCenter was installed using the default path. If it was not, you will need to modify the script).

  2. SSH into the HTML5 appliance (username = root , password = demova) and create the following directories for the config files.
    –  mkdir /etc/vmware/vsphere-client/
    –  mkdir /etc/vmware/vsphere-client/config/
    –  mkdir /etc/vmware/vsphere-client/vsphere-client/

  3. Using WinSCP or another file transfer method, copy the generated files from the “Server-Configure.bat” script to the directories we just created on the appliance. See below:
    –   /etc/vmware/vsphere-client/store.jks
    –  /etc/vmware/vsphere-client/config/ds.properties
    –  /etc/vmware/vsphere-client/vsphere-client/webclient.properties

  4. Keeping time sync between the HTML5 Web Client and vCenter is critical. You should add an NTP entry to the appliance. This can be done by going to https://appliance_ip:5480 and login with rootdemova , or add an NTP server via CLI in the appliance:
    –  /etc/init.d/vsphere-client configure ntp_servers <IP address of NTP Server(s)>
    vSphere HTML5 Web Client Windows Fig 7

  5. Start the Web Client services
    –  /etc/init.d/vsphere-client start

Now you can use the HTML5 Web Client by hitting its URL at https://IP_of_appliance:9443/ui

vSphere HTML5 Web Client is available… Kind of

Leave a reply

VMware has released the vSphere Web Client in HTML5 flavor as a “Fling”. Not all web client features are available through the fling yet, but it’s just a preview into their progression in getting away from Flash, something they probably should have done in vSphere 5 and definitely should have done at vSphere 6 launch in my opinion. You can access the fling here.

https://labs.vmware.com/flings/vsphere-html5-web-client

Queue the Angels rejoicing soundtrack in the background-

vROps – Monitor Windows Processes and Resources with Guest VM

Leave a reply

I recently ran a hands-on-lab with my fellow IT Peers on vRealize Operations Manager, and one of the (many) items I did not cover but was asked about, was if vROps had the ability to “peer” into the guest VM itself and monitor and manage resources and processes. I told users I would send a whitepaper to the group on this, but thought a post might illustrate it better.

VMware uses the Hyperic Monitoring agent and is able to hook it right into the VM, Windows or Linux. The first step is to head over to myvmware.com and download the EndPoint Agents for vRealize Operations Manager and Run as Administrator (always best practice)

Enter vROps Server Address

Now we need the Certificate Thumbprint of the vROps server. (Doesn’t matter if its registered or self-signed). To get this, in a browser, go to
http://[your-FQDN-vROps]/admin
and login

Click the cert icon in top right-hand corner

Copy the thumbprint

Note: Unless you replaced the original certificate with a custom certificate, the second thumbprint in the list is the correct one. If you did upload a custom certificate, the first thumbprint in the list is the correct one.

Now paste that thumbprint in the installer window

Login with local vROps credentials

Take defaults and install.

 

After the install, it may take 5-10 mins before the EP agent checks in with vROps, but when it does, you should be able to see it under
EnvironmentOperating SystemsOperating Systems WorldWindows

Active Directory Integration Enterprise Manager

Leave a reply

If I had to list the top 10 questions asked from new Compellent customers after a deployment, if the ability to login via Active Directory credentials is available would certainly be one. The answer is yes. And luckily nowadays, it’s an easy yes. In the past, it would have been easy to lie and say it’s not possible due to the complexity of the setup requirements, but now it is super straightforward. If you are looking to for AD authentication, here we go..

Prereqs
– Each Controller should have a FQDN
– Each Controller should have an A Record in DNS
– Each Controller’s A Record should have Reverse Lookup and PRT

I am assuming most can do the basic DNS prereqs which is why I am not outlining those, but I may add those to the step-by-step guide in the future.

Step 1 – Make Sure each Controller has DNS entries to your internal AD DNS Server

Open Storage Center

Expand Controllers

Right Click on Controller and select Properties

Click IP Tab and go to DNS – Make sure your internal DNS servers are entered there

Repeat this step for the other controller

Step 2 – Configure AD Authentication Services

In Storage Center, go to Storage ManagementSystem – AccessConfigure Authentication

Enable External Directory Services and enter the FQDN of each controller, separated by spaces

  • In the Directory Type dropdown, choose Active Directory.
  • In the URI field, make sure the FQDN name of the AD Domain Server(s) are entered. Each FQDN should be prefaced by “ldap://” and names should be separated by spaces. i.e.: “ldap://JS24.EXLab.local ldap://JS25.EXLab.local” Note: Storage Center AD Integration is not site aware, meaning it cannot automatically detect a domain and associated domain controllers To use a specific domain controller it must be defined in the URI field. Storage Center will try to authenticate to domain controllers in the order they are defined in this field. If a domain controller becomes inaccessible, Storage Center will try the next domain controller in the list.
  • Note: Storage Center AD Integration supports authentication against a ReadOnly Domain Controller (RODC).
  • In the Server Connection Timeout field enter 30
  • In the Base DN field enter the canonical name of the domain. For example, if your domain is EXLab.local, the canonical name is “dc=EXLab,dc=local”.
  • (Optional) In the Relative Base field enter the canonical location of where the Storage Center Active Directory object should be created. Default is CN=Computers.
  • In the Storage Center Hostname field enter the Storage Center name followed by the domain name. This will be the FQDN of the Storage Center (i.e. SC22.EXLab.local).
  • In the LDAP Domain field enter the name of the domain (i.e. EXLab.local).
  • In the Auth Bind Username field enter the AD service account with rights to search the directory created prior to setup. The format of this field is username@domain (i.e. User_SrchOnly@EXLab.local).
  • In the Auth Bind Password field enter service account password.

Test – If test fails, troubleshoot DNS, the Continue

Configure Kerberos Authentication
The values displayed will be the default values, and in most cases, can be left as is. If the defaults are modified, all values should be entered in UPPERCASE.

  • In the Domain Realms field enter the domain name (i.e. EXLAB.LOCAL)
  • In the KDC Hostname field specify a Kerberos server (this is usually a domain controller).
  • In the Password Renew Rate (Days) field leave the value at 15
  • Continue

Enter credentials for a domain user that has rights to join objects to the domain. This one-time operation does not require a service account

Click Join Now and then Finish Now

VisualExtop Fling from VMware

Leave a reply

EXTOP is a wonderful tool to see Host, VM, Storage, and a whole slew of other useful statistical information on what is going on in your environment. It is the raw data that vROps and vSphere Performance Tabs use to generate performance data and alerting and errors. Accessing this info is as easy as SSHing into the host and running extop

There are hundreds of switch commands you can run to find specific information, but no matter how you cut it, you are looking at a CLI based output.

If you are looking for something a little more modern and much easier to navigate, VMware has released a FLING (basically an unsupported side-project) that gives EXTOP a GUI with some tabs. I have found this useful to access needed info, quicker.

You still don’t get the amazing analytics and recommendations from vROps, but it is still no doubt a very valuable tool to have in your toolbox.

You can grab the latest VisualEXtop Fling here: https://labs.vmware.com/flings/visualesxtop

 

vSphere 6 Upgrade Fails – “The Upgrade contains the following set of conflicting VIBs:”

Leave a reply

I was upgrading an ESXi 5.5 host for a client and ran into some “Incompatibility” errors. They had a mix of Dell server hosts, but three of them were Dell R715’s and all three were getting upgrade errors. I first tried the update using VMware Update Manager (VUM), and made sure I was using the Dell Customized ISO, which includes Dell specific drivers. (You can download the ISO here: http://goo.gl/3UOeNV ).

After adding the ISO to a new upgrade baseline and scanning the host for updates, I was the following errors:
Compliance State: Incompatible
The upgrade contains the following set of conflicting VIBs:
Mellanox_bootbank_net-mlx4-en_1.9.9.0-1OEM.550.0.0.1331820
Remove the conflicting VIBs or use Image Builder to create a custom upgrade ISO image that contains the newer versions of the conflicting VIBs, and try to upgrade again.

Attempt to continue the upgrade and dismiss the errors, resulted in upgrade failure. Any attempt to upgrade via the CLI also failed.

So what is the problem and how do you fix it?

The problem is with incompatible drivers that are currently on the host. Drivers that aren’t supported by ESXi 6, and drivers that aren’t included in either VMware’s or Dell’s ISO.
This particular VIB is a Mellanox Infiniband HBA, which probably most of us seeing this error do not use.

To remedy this issue and proceed, we need to remove those drivers from the host.

First, enable SSH on the host that has the issue
Next, SSH into the host and run the following commands:

~ # esxcli software vib list | grep Mel
~ # esxcli software vib remove -n net-mlx4-en
~ # esxcli software vib remove -n net-mlx4-core
~ # reboot

It may take a min or so after running commands two and three, but it should complete successfully. After rebooting the host, proceed to upgrade via Update Manager or CLI.

After I completed the above instructions and scanned my host again with Update Manager, it found one more incompatible VIB that I had to remove on all three servers.

Compliance State: Incompatible
The upgrade contains the following set of conflicting VIBs:
VMware_bootbank_xhci-xhci_1.0-3vmw.550.3.78.3248547
Remove the conflicting VIBs or use Image Builder to create a custom upgrade ISO image that contains the newer versions of the conflicting VIBs, and try to upgrade again.

I was able to fix this in the same manner I did the previous VIB:

~ # esxcli software vib list | grep Mel
~ # esxcli software vib remove -n xhci-xhci
~ # reboot

Upgrade VMTools on Linux Appliances and OS

Upgrading VMTools on a Linux OS isn’t as convenient as the Auto-Upgrade for Windows. Each flavor of Linux has their own CLI commands for upgrading VMTools. I have listed a few Distros along with their corresponding CLI Commands.
One note to remember- Most Appliance based VMs have VMTools baked in, and are usually out of date. Upgrading VMTools (or Virtual Hardware for that matter) on these appliances may “break” the VM. I recommend checking with your appliance vendor to see if they have any updates for the appliance, or to verify that VMTools can infact be upgraded.

SUSE LINUX 11

  1. Mount VMTools installer on VM (Right Click VM and choose Guest – Install VMware Tools)
  2. Launch YaST | Software | Software Management
  3. Change Filter to Patterns, and make sure c++ compiler is installed.
  4. Right-click the VMWare guest in the VMWare client, and click Install VMWare tools
    • This may also be under a Guest tab after right-clicking on the guest VMWare
  5. Close YaST
  6. Type mount /dev/cdrom /media
  7. Type cp /media/*.tar.gz /tmp
  8. Type cd /tmp
  9. Type tar -zxvf VM*.tar.gz
  10. Type /tmp/vmware-tools-distrib/vmware-install.pl –default
  11. Type init 6 to restart the server
  12. Type /etc/init.d/vmware-tools status to make sure it is running
    1. Right Click VM – Guest – End VMware Tools Install

 

REDHAT/CentOS

  1. Mount VMTools installer on VM (Right Click VM and choose Guest – Install VMware Tools)
  2. $ yum -y install kernel-devel gcc dracut make perl eject
  3. $ mount /dev/cdrom /media
  4. $ tar -zxf /media/VMwareTools-*.tar.gz -C /tmp
  5. $ /tmp/vmware-tools-distrib/vmware-install.pl –default
  6. $ rm -rf /tmp/vmware-tools-distrib
  7. Right Click VM – Guest – End VMware Tools Install

 

Ubuntu

  1. Mount VMTools installer on VM (Right Click VM and choose Guest – Install VMware Tools)
  2. sudo mkdir /mnt/cdrom
  3. sudo mount /dev/cdrom /mnt/cdrom or sudo mount /dev/sr0 /mnt/cdrom
  4. ls /mnt/cdrom
  5. tar xzvf /mnt/cdrom/VMwareTools-x.x.x-xxxx.tar.gz -C /tmp/
  6. cd /tmp/vmware-tools-distrib/
  7. sudo ./vmware-install.pl -d
  8. sudo reboot
  9. Right Click VM – Guest – End VMware Tools Install

Dell DPACK 2.0

For those not familiar with the “Dell Performance Analysis Collection Kit” (DPACK), it is a pretty incredible tool that allows you to visualize the current storage and server workloads from the perspective of the host. It is a great tool for planning Capacity and I/O requirements, and can even be used to troubleshoot problems with your storage and storage network. DPACK measures the following:
– Disk I/0
– Throughput (Which is more important than I/O when we’re talking FLASH)
– Capacity
– Memory Consumption on your Servers
– CPU Utilization on your Servers
– Network Traffic
-Queue Depths

Version 2.0 allows real-time analysis statistics that you can view, instead of having to wait the 24 hrs you were required to wait and let it run previously. Version 2.0 gives you better views into your data for additional insight, and presents this data in a form that Executives can appreciate when you go to them with a PO Request.

Some other things to know about DPACK 2.0 are:
– Uses HTML 5 for viewing real-time data in a browser
– Generate PDFs of data collected to present to management
– DPACK compresses analyzed data and transmits to server every 5 mins
– Uses secure SSL on port 443
– DPACK will continue to run and collect data in the event it loses ability to upload
– DPACK isn’t performance impacting and can be (and should be) run during business hrs

So how do you get started with DPACK 2.0? Its best to call up your local Dell Storage Team and discuss DPACK. Netwize, is a great resource for any Dell Data Center needs, helps customers run DPACK all the time and are a great resource for you to reach out to. I work for Netwize so please feel free to reach out to us and we will get you set up.