vCenter 5.1 SSO upgrade to update 1

While upgrading from vCenter 5.1 to vCenter 5.1 Update 1 everything went fine (at least the installer). But when trying to logon in vCenter after half an hour I noticed it was only possible to login with a local account and not with a “domain” account.

While searching trough the SSO logs I saw some strange things like:

java.net.ConnectException: Connection timed out: connect

Troubleshooting VMware Single Sign-On configuration and installation issues in a Windows server (2033880)

When logging in to the Webclient and watching the SSO settings, all the domains where tested successfully. So there is a connection, but I guess something during the upgrade or a change in the domains caused it to fail.

I used the command below to do a rediscover of the domains, 2 new domain resources where added. Unfortunately it still not worked properly. But this didn’t change the default domains.
Now I removed all the domains listed in the SSO and did another rediscover.

C:\Program Files\VMware\Infrastructure\SSOServer\utils>ssocli.cmd configure-riat -a discover-is -u admin -p masterPassword

Now I noticed that the log files changed and a lot of other information came trough the logs.
I normally use Baretail to follow tails in Windows log files.

When I saw a lot of “Success” logins in the logfiles I had a good feeling it was working again.

Testing…

Login works fine now !

After 24 hours, it seemed to be failing again, now I removed everything again, waited a few minutes to be sure the DB has time to cleanup. Then I re-added the domains, according to the log files everything should be working again. But when I try to login I now received an error message that I don’t have any authorization. I noticed when I logged in locally the permissions are missing. So I needed to re-add them to the folders etc.

So be warned that permissions can be removed when waiting to long !

Resources:
Logging in to vSphere Client 5.1 fails with the error: The server took too long to respond (2038918)
Updating the vCenter Single Sign On server database configuration (2045528)

Snapshots and a twoGbMaxExtentSparse VMDK

While converting some machines from KVM to ESX, we suddenly noticed that a scheduled VEAAM backup job, killed the VM and prevented it starting. We got messages like this. Somehow we have a lot of other Linux machines which work flawlessly including backups.

Power On virtual machine
LINUX
File [Datastore]
LINUX/LINUX_rootvg-000001.vmdk
was not found
View details...

Consolidate virtual machine disk files
LINUX
File [] was not found

The strange thing I noticed when I logged in with SSH I saw  a lot of -S001,vmdk disks. Mmm…does me reming to another post I made earlier:  See last part of this post, I didn’t write about the details but I noticed that the imported machines where twoGbMaxExtentSparse format.

With the storage vMotion or vmkfstools inflate it is converted to a normal single VMDK.

Mmm….should this cause the snapshot to fail and let the VM think it’s disk is lost ?

What I did is remove the disks from the VM, re-added them to the VM and directly after that svMotioned them to another datastore so the disk will be inflated. After that the machine starts flawlessly. Now I will need to do a little research to see if the snapshot operation caused the VM to crash.

It’s also possible to use the vmkfstools -i to inflate the disk of course.

Extra resources:

Recreating a missing virtual machine disk (VMDK) descriptor file (1002511)
Recreating a missing virtual disk (VMDK) descriptor file for disks split into 2GB files (1026266)
Cannot power on a virtual machine because the virtual disk cannot be opened (1004232)

 

 

 

PowerCLI function to grab WWPN’s

PowerCLI function to grab WWPN’s

Why?

As speaking with our storage administrators they sometimes ask for the exact WWPN so they are sure to remove the right LUNs etc. Because it’s a few mouseclicks to find the WWPN and it’s hard to copy, I managed to get it done by a little PowerCLI function below.

Function


function Get-WWN{
<#
.SYNOPSIS
Get WWN name from ESX hosts
.DESCRIPTION
This scripts gathers the WWN portname from ESX hosts
.NOTES
Authors: Patrick Heijmann
.PARAMETER VMhosts
Specify the VMhosts To gather the ports from
.EXAMPLE
PS> get-wwn -VMhosts ESXhost001
.EXAMPLE
PS> Get-Cluster -Name *|get-vmhost|Get-WWN
.EXAMPLE
PS> Get-vmhost *|Get-WWN
#>
Param (
[Parameter(
Valuefrompipeline = $true,
ParameterSetName = "VMhosts",
Mandatory = $true,
HelpMessage = "Enter Host name")]
[String[]]$VMhosts)

process
{foreach ($vmhost in $vmhosts){Write-Host -foregroundcolor green "Server: " $vmhost
$hbas = Get-VMHostHba -vmhost $vmhost -Type FibreChannel
foreach ($hba in $hbas){$wwpn = "{0:x}" -f $hba.PortWorldWideName
Write-Host -foregroundcolor green `t "World Wide Port Name:" $wwpn}
}
}
}

VMWare 5.1 Security Hardening Guide 5.1

According to the VMWare hardening guide for vSphere 5.1, I had some time to edit all the templates with the desired settings.
http://www.vmware.com/files/xls/hardeningguide-vsphere5-1-ga-release-public.xlsx

I created a list of VM’s which will be edited in D:\template.txt, with a simple loop all the settings will be applied.


foreach ($VM in gc D:\template.txt){
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.copy.disable" -value $true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.dnd.disable" -value $true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.setGUIOptions.enable" -value $false -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.paste.disable" -value $true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.diskShrink.disable" -value $true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.diskWiper.disable" -value $true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.hgfsServerSet.disable" -value $true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "vmci0.unrestricted" -value $false -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.ghi.autologon.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.bios.bbs.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.getCreds.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.ghi.launchmenu.change" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.memSchedFakeSampleStats.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.ghi.protocolhandler.info.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.ghi.host.shellAction.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.dispTopoRequest.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.trashFolderState.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.ghi.trayicon.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.unity.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.unityInterlockOperation.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.unity.taskbar.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.unityActive.disable" -value $True -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.unity.windowContents.disable" -value $True -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.unity.push.update.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.vmxDnDVersionGet.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.guestDnDVersionSet.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "RemoteDisplay.maxConnections" -value 2 -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "log.keepOld" -value "10" -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "log.rotateSize" -value "100000" -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "tools.setInfo.sizeLimit" -value 1048576 -Force:$true -confirm:$false
}

07-04-2014 Removed:

Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.autoInstall.disable" -value $true -confirm:$false

This setting disabled “VMware tools installation from the vCenter console”. It still was possible to do it manually, but not anymore by right clicking  “Upgrade VMware tools”

 

Convert Linux KVM machines to VMware ESXi5.x

We are preparing a migration from some KVM VM’s to our ESXi5.1 farm. We came up with the procedure below to be the fastest and most reliable way to convert these VM’s. Somehow VMware converter didn’t work properly with the linux disk formats or something.

1 Preparations

1.1 Preparing the ESX Host

1.1.1 Create a local user account to be used by the Linux administrators

– Log in directly on the ESX host which will be used as a port to connect to the datastore.
– Select “Local Users and groups”
– Rightclick and choose  “add new user” – Create a new user; for example “User = Linux”

1.1.2 Permissions

– Go to the tab “Permissions”
– Select the right user and add it to the group “Administrator”

1.1.3 Connect storage

– Configure some datastore which will be used to upload the Linux disks to and to be used to connect to the VM

1.1.4 Enable SSH

– Enable SSH so your Linux administrators can access it directly and upload the the correct datastore

1.1.5 Locate VMFS location

-Connect to the ESX host trough SSH (you could use the ‘linux’ user to test if this works)
– Use  ls –l  /vmfs/volumes to see your datastores. For example you see :
ECA12331_M1_001 -> 51837959-2748d5fb-9914-001cc4dfb348
The path which will be used by your Linux adminstrators for uploading will be:
/vmfs/volumes/51837959-2748d5fb-9914-001cc4dfb348/<VM Name>

1.2 VM Preparations

– Create a VM on the correct datastore using a previously build Linux Template and the right specifications (CPU/Memory/NICS)
– When creating this VM, a folder will be created on the datastore according to the VM name like the example below.

~ # ls -l /vmfs/volumes/51837959-2748d5fb-9914-001cc4dfb348
drwxr-xr-x    1 root     root           560 May  3 08:57 ISO for Xenapp6
drwxr-xr-x    1 root     root          3080 Jun 23 10:26 VM262

2 Implementation

2.1 Finding/converting Linux Disks

Check RHEV manager to locate the host which is running your VM. Log in to that host.

ps -ef | grep <VM>

This will return a long line

-drive file=/rhev/data-center/2c4c4629-df2c-46f5-9ea7-72279d5f97b1/46e85862-1f1d-4adc-9e21-d3ad2831e212/images/dd8b57b7-efb5-4c3e-8562-418fb6ed63fc/fa524f99-6567-40aa-ba78-b88be26793bb

These are the disks mounted to the VM, if a VM has more disks, more entries will be shown. The last part of the line contains the LV, this can be checked on the Linux machine

[root@lin ~]# lvs | grep fa524f99-6567-40aa-ba78-b88be26793bb fa524f99-6567-40aa-ba78-b88be26793bb 46e85862-1f1d-4adc-9e21-d3ad2831e212 -wi-ao--- 15.00g

This contains a 15.00G disk (rootvg), because the VM is still running this logical volume is in use (-wi-ao—).To be sure we have the correct VM we will change the state of the LV when the VM is powered off.

[root@lin~]# lvs | grep fa524f99-6567-40aa-ba78-b88be26793bb fa524f99-6567-40aa-ba78-b88be26793bb 46e85862-1f1d-4adc-9e21-d3ad2831e212 -wi------ 15.00g

This LV isn’t active anymore and can be converted, make sure to check if there is enough space available.

Manually activate the logical volume:

lvchange -ay /dev/a8f28fa5-28ca-40af-a841-50ad69f37594/17ee3415-1d68-44fa-ae5a-4e92b08c1700

Then start the conversion, we used QEMU-IMG for this

qemu-img convert -f raw -O vmdk -o compat6 /rhev/data-center/2c4c4629-df2c-46f5-9ea7-72279d5f97b1/a8f28fa5-28ca-40af-a841-50ad69f37594/images/2c6ce7e2-ae16-49b3-9785-028c23158a39/17ee3415-1d68-44fa-ae5a-4e92b08c1700 /var/lib/libvirt/qemu/<VM>_rootvg.vmdk

After the conversion the Logical volume needs to be set to inactive using the command below:

lvchange -an /dev/a8f28fa5-28ca-40af-a841-50ad69f37594/17ee3415-1d68-44fa-ae5a-4e92b08c1700

2.2 Upload Linux disk to datastore

Upload the newly created VMDK using SCP

scp <VM>_rootvg.vmdk your_username@remotehost.esx:/vmfs/volumes/51837959-2748d5fb-9914-001cc4dfb348/<VM Name>

2.3 Connect VM to VMDK

– Go to “edit settings” at the VM
– Choose “add” -> “Hard Disk” -> “Use an existing virtual disk” -> “Browse”
Now browse to the datastore where the VMDK’s are uploaded and select the right disk to connect it to the VM. Repeat this for all the disks you want to add.

2.4 Power on the  VM

Check if the VM powers on fine and starts.
If you receive disk errors, it’s possible something didn’t go right with the disks, probably a wrong format. You could use the command below (directly on the ESXi host) to inflate the disk to a proper ESXi format.

vmkfstools -i originaldisk.vmdk -d zeroedthick targetdisk.vmdk

I noticed that the disks I added are in  a 2GB Sparse format, so a disk will be little chunks of 2 GB you can use the command above or a storage vMotion to make it to a single disk file.

2.5 vMotion to the right destination

You also can use a storage vMotion to let VMware inflate the disk

VMware vCenter Log Insight: A new approach to analyzing unstructured machine data

At the moment I’m using Kiwi syslog for remote logging, since the announcement below, I will give the BETA test a try.

Announced on 11 June 2013

A new log analytics and management solution. vCenter Log Insight helps customers quickly search and analyze all their IT log data, providing them with meaningful, actionable operational insights.

Get more information:

VMware vCenter Log Insight: A new approach to analyzing unstructured machine data

Or see the Log Insight Datasheet

More related documents:

Log Analytics: Critical for Effective IT Operations
VMware vCenter Log Insight Delivers Immediate Value
End Your Data Center Logging Chaos with VMware vCenter Log Insight

CDP settings ESXi host

On an ESX host you could use the command below to display the CDP setting on a switch


<strong>esxcfg-vswitch</strong> [options] [vswitch[:ports]]

#Removed the settings that don't mention the ESXi settings.
-B|--set-cdp                Set the CDP status for a given virtual switch.
To set pass one of "down", "listen", "advertise", "both".
-b|--get-cdp                Print the current CDP setting for this switch.
-h|--help                   Show this message.

~ #
-b|--get-cdp                Print the current CDP setting for this switch.
~ #  esxcfg-vswitch -b vsw-vms01
listen
~ #  Setting the CDP settings to "Down"
~ #  esxcfg-vswitch -B down vsw-vms01
~ #  esxcfg-vswitch -b vsw-vms01
down

 

With Powershell you could instead make this function and use this like:

get-cdp -vmhost “MyHost”


function get-cdp {
<#
.SYNOPSIS
Grab CDP info from NIC's who are connected
.DESCRIPTION
This function greps some CDP info from the switch
.NOTES
Source:  Internet
Authors: XXX
.PARAMETER VMHost
An array of entity names. Only clusters, datacenters or
ESX hosts are allowed.
Wildcards are supported. (mutually exclusive with -dsName)
.PARAMETER whatif
When set, the function will only list output to the console
and not register the found vmx files
.EXAMPLE
PS> get-cdp -vmhost "MyHost"
#>
param($VMHost)
$vmh = Get-VMHost $VMHost
If ($vmh.State -ne "Connected") {
Write-Output "Host $($vmh) state is not connected, skipping."
}
Else {
Get-View $vmh.ID | `
% { $esxname = $_.Name; Get-View $_.ConfigManager.NetworkSystem} | `
% { foreach ($physnic in $_.NetworkInfo.Pnic) {
$pnicInfo = $_.QueryNetworkHint($physnic.Device)
foreach( $hint in $pnicInfo ){
# Write-Host $esxname $physnic.Device
if ( $hint.ConnectedSwitchPort ) {
$hint.ConnectedSwitchPort | select @{n="VMHost";e={$esxname}},@{n="VMNic";e={$physnic.Device}},DevId,Address,PortId
}
else {
}
}
}
}
}
}

SSO password policies

For a security baseline I found something about SSO password policies and lockout settings in the VMware Hardening Guide:

Check SSO passwords for expiration The default SSO password policy has a password lifetime of 365 days. After 365 days, the password is expired and the ability to log is compromised. The applies to ALL SSO accounts, both Administrative and User. (there is not separate policy for both groups). Ensure the admin accounts are not about to expire
Ensure SSO Password policy conforms to local policy The default SSO password policy has a password lifetime of 365 days. After 365 days, the password is expired and the ability to log is compromised. The applies to ALL SSO accounts, both Administrative and User. (there is not separate policy for both groups). Ensure the policies in SSO match local policies for password management and complexity

Hmm.. so if you don’t set it to “Never Expire” and forget to change the password before the 365 days pass, you might have a challenge. To configure the policies use the document below.

Configuring and troubleshooting vCenter Single Sign On password and lockout policies for accounts (2033823)

Edit a vCenter Single Sign On Password Policy

Having problems with the SSO account you might take a look at the article below


Unlocking and resetting the vCenter Single Sign On (SSO) administrator password (2034608)

This is the place to edit your settings:PPO

 

 

ESXi5.1 KS.Conf for HP DL380p Gen8

Because I noticed some searches on ESXi5.1, Gen8 and KS.conf I have an example of what I use. I will try to do a bit more explanation later

I didn’t comment all the actions, but some are pretty clear.


# +-----------------------------------+
# | Begin default ESXi 5.1 install    |
# +-----------------------------------+
# VMWare License options accepting EULA
vmaccepteula
# Partitioning
install --firstdisk=usb-storage,hpsa,local --overwritevmfs --novmfsondisk
# root Password
rootpw --iscrypted <password>

# Network install type
network --device=vmnic0 --bootproto=static --ip=[HOSTIP] --netmask=<subnet> --gateway=<gateway> --nameserver=<nameserver> --hostname=[HOSTNAME] --addvmportgroup=0
%post --interpreter=busybox
Echo Installing ESXi5.1
#Reboot after copying image to disk
reboot
%firstboot --interpreter=busybox
# +---------------------------------------------------------------------------+
# | Creating management network                                     |
# +---------------------------------------------------------------------------+
# Remove vSwitch0
sleep 30
esxcli network ip interface remove -i vmk0
esxcli network vswitch standard portgroup remove -p 'Management Network' -v vSwitch0
esxcli network vswitch standard remove -v vSwitch0
# Create management switch
esxcli network vswitch standard add -v vsw-management
# Add nics to management switch
esxcli network vswitch standard uplink add -u vmnic0 -v vsw-management
esxcli network vswitch standard uplink add -u vmnic7 -v vsw-management
# Add portgroups to management switch
esxcli network vswitch standard portgroup add -p 'Management Network' -v vsw-management
# Configure vmkNIC
esxcli network ip interface add -i vmk0 -p 'Management Network'
# Set IP Settings [HOSTIP] is dynamic resolved from the template
esxcli network ip interface ipv4 set --interface-name=vmk0 --ipv4=[HOSTIP] -N <subnet> -t static
# Set default gateway
esxcfg-route -a default <gateway>
# Put management nics to active
esxcli network vswitch standard policy failover set --active-uplinks vmnic0,vmnic7 --vswitch-name vsw-management
# Setting the Network NIC Speed
esxcli network nic set -n vmnic0 -S 1000 -D full
esxcli network nic set -n vmnic1 -S 1000 -D full
esxcli network nic set -n vmnic2 -S 1000 -D full
esxcli network nic set -n vmnic3 -S 1000 -D full
esxcli network nic set -n vmnic4 -S 1000 -D full
esxcli network nic set -n vmnic5 -S 1000 -D full
esxcli network nic set -n vmnic6 -S 1000 -D full
esxcli network nic set -n vmnic7 -S 1000 -D full
esxcli network nic set -n vmnic8 -S 1000 -D full
esxcli network nic set -n vmnic9 -S 1000 -D full
echo Create VMotion netwerk
# +---------------------------------------------------------------------+
# | Creating vMotion Netwerk                                        |
# +---------------------------------------------------------------------+
# Create vMotion vSwitch
esxcli network vswitch standard add -v vsw-vmotion
# Add nics to vsw-vmotion
esxcli network vswitch standard uplink add -u vmnic2 -v vsw-vmotion
esxcli network vswitch standard uplink add -u vmnic5 -v vsw-vmotion
# Add portgroups to vsw-vmotion
esxcli network vswitch standard portgroup add -p 'vmotion' -v vsw-vmotion
# Configure vmkNIC
esxcli network ip interface add -i vmk1 -p 'vmotion'
esxcli network ip interface ipv4 set --interface-name=vmk1 --ipv4=[VMOTIONIP] --netmask=<subnet> --type=static
# Put management nics to active
esxcli network vswitch standard policy failover set --active-uplinks vmnic2,vmnic5 --vswitch-name vsw-vmotion

echo Create Virtual Machine netwerk
# +-------------------------------------------------------------------+
# | Create alle Virtual Machine VLANs                               |
# +-------------------------------------------------------------------+
# Create 256 port switch instead of default 64
esxcfg-vswitch -a vsw-vms01:256
# Add nics to vsw-vms01
esxcfg-vswitch -L vmnic1 vsw-vms01
esxcfg-vswitch -L vmnic3 vsw-vms01
esxcfg-vswitch -L vmnic4 vsw-vms01
esxcfg-vswitch -L vmnic6 vsw-vms01
# Add portgroups.
# Download vsw-vms01-<esxcl>.sh script for the portgroup settings
wget http://<httpserver>/esx51rep/scripts/vsw-vms01-[CLUSTER].sh -O /tmp/vsw-vms01-[CLUSTER].sh
chmod a+x /tmp/vsw-vms01-[CLUSTER].sh
/tmp/vsw-vms01-[CLUSTER].sh > /tmp/vsw-vms01-[CLUSTER].log 2>&1
# Set DNS and hostname
esxcli system hostname set --fqdn=[HOSTNAME]
esxcli network ip dns server add --server=<nameserver>
esxcli network ip dns server add --server=145.70.12.203
#echo add DNS configuration
echo search domain.corp.net  > /etc/resolv.conf
echo nameserver <nameserver>  >> /etc/resolv.conf
echo nameserver <nameserver> >> /etc/resolv.conf

echo Configure NTP
# +--------------------------------------------------------------------+
# | Add NTP Settings                                                   |
# +--------------------------------------------------------------------+
# Backup
mv /etc/ntp.conf /etc/ntp.conf.bak
# ntp.conf creation
cat > /etc/ntp.conf << __NTP_CONFIG__
restrict default kod nomodify notrap noquerynopeer
restrict 127.0.0.1
server <NTP Server>
__NTP_CONFIG__
/sbin/chkconfig --level 345 ntpd on
echo "driftfile /etc/ntp.drift" >> /etc/ntp.conf

echo Configure Syslog
# +--------------------------------------------------------------------+
# | Add syslog confiuration to ESX host                                   |
# +--------------------------------------------------------------------+
vim-cmd hostsvc/advopt/update Syslog.Remote.Hostname string <Syslog Server>
#Disable MOB
vim-cmd proxysvc/remove_service "/mob" "httpsWithRedirect"
# +--------------------------------------------------------------------+
# | SNMP Trap                                                            |
# +--------------------------------------------------------------------+
#echo "<config><snmpSettings><enable>true</enable><communities>patrol</communities><port>161</port><targets>snmp1.fqdn@162 patrol;snmp2.fqdn@162 patrol</targets></snmpSettings></config>" > /etc/vmware/snmp.xml

echo Rename local datastore
# +---------------------------------------------------------------------------+
# | Rename local datastore if --novmfsondisk is not used                      |
# +---------------------------------------------------------------------------+
vim-cmd hostsvc/datastore/rename datastore1 "[SUBTEMPLATE]-local"

# +---------------------------------------------------------------------------+
# |Create SSH Banner                                                          |
# +---------------------------------------------------------------------------+
/bin/cat > /etc/banner.new <<SSHEOF
${INDENTATION:-}<Company>
${INDENTATION:-}ESXi 5.1
${INDENTATION:-}=========================================
${INDENTATION:-}WARNING: UNAUTHORIZED USE IS PROHIBITED
${INDENTATION:-}-----------------------------------------
${INDENTATION:-}Property of <Company> Groep, and should only
${INDENTATION:-}be accessed by authorized <Company> employees.
${INDENTATION:-}Do not attempt to login unless you are an
${INDENTATION:-}authorized user.

${INDENTATION:-}Any authorized or unauthorized access and use,
${INDENTATION:-}will be monitored and anyone using this system
${INDENTATION:-}expressly consents to such monitoring. If such
${INDENTATION:-}monitoring reveals possible envidence of criminal
${INDENTATION:-}activity, such evidence will be provided to law
${INDENTATION:-}enforcement personnel and can result in criminal
${INDENTATION:-}or civil prosecution under applicable law of
${INDENTATION:-}<country>.

${INDENTATION:-}This system is restricted to authorized users.
${INDENTATION:-}Individuals attempting unauthorized access
${INDENTATION:-}will be prosecuted. If unauthorized,
${INDENTATION:-}terminate access now!
${INDENTATION:-}By logging in you indicate your acceptance of
${INDENTATION:-}the information above.
${INDENTATION:-}-----------------------------------------
SSHEOF
# copy new banner file to overwrite /etc/issue (esxi 5 store it's banner file here)
cp /etc/banner.new /etc/issue

# +---------------------------------------------------------------------------+
# | enable VMotion                                          |
# +---------------------------------------------------------------------------+
vim-cmd hostsvc/vmotion/vnic_set vmk1
vim-cmd internalsvc/refresh_network

# Set Multipatch Policies
for i in `esxcli storage nmp device list | grep -E naa.\{33\}$` ; do
esxcli storage nmp device set --device $i --psp "VMW_PSP_RR";
esxcli storage nmp psp roundrobin deviceconfig set --device $i --type "iops" --iops=1;
done
esxcli storage nmp satp set --default-psp "VMW_PSP_RR" --satp "VMW_SATP_SVC"

# backup ESXi configuration to persist changes
/sbin/auto-backup.sh

#enter maintenance mode
esxcli system maintenanceMode set -e true

#Removing iSCSI driver and CD-ROM driver
esxcli software vib remove -n scsi-bnx2i
esxcli software vib remove -n ata-pata-amd

#Removing iSCSI initiator
esxcli iscsi software set -e false

# Needed for configuration changes that could not be performed in esxcli
esxcli system shutdown reboot -d 60 -r "Rebooting after host configurations"

VM import Failed to open disk scsi0:0

VM import Failed to open disk scsi0:0: Unsupported and/or invalid disk type 7. Did you forget to import the disk first?Unable to create virtual SCSI device for scsi0:0, Module DevicePowerOn power on failed.

I noticed this issue after we tried to import a VM created in VMware View in our ESXi 5.1 environment. When we tried to power on the machine the error message below appeared. This has something to do with the disk format.

Error_Disk

In this example a disk of 100GB was created for the VM in VMware View. After enabling SSH on the ESXi host and looking on the datastore you’ll notice a vmdk of 27 GB.

/vmfs/volumes/4dc3d515-66b8d17d-49db-00237d54cab0/Windows 7 x64_1 # ls –l
<b>-rw-------    1 root     root     28533391360 May  8 12:58 Windows 7 x64_1-0-s001.vmdk</b>
-rw-------    1 root     root           537 May  8 13:56 Windows 7 x64_1-0.vmdk
-rw-------    1 root     root          8684 May  8 12:58 Windows 7 x64_1.nvram
-rw-------    1 root     root             0 May  8 12:58 Windows 7 x64_1.vmsd
-rw-------    1 root     root          2842 May 13 07:19 Windows 7 x64_1.vmx
-rw-------    1 root     root          3049 May 13 07:18 Windows 7 x64_1.vmxf
-rw-r--r--    1 root     root         42582 May 13 07:19 vmware.log
-rw-------    1 root     root         25730 May  8 12:00 vprintproxy.log

To resolve this, we need to re-import the disk with the right format (Zeroed Thick).
To convert the disk to zerothicked, use vmkfstools. See the example below.

/Windows 7 x64_I-work1 # <i>vmkfstools -i  "Windows 7 x64_I-work1-0.vmdk" -d zeroedthick "Windows 7 x64_I-work1.vmdk"

 

With this command we make a clone of the existing disk (Windows 7 x64_1-0.vmdk) to a new disk (Windows 7 x64_1.vmdk) with the proper diskformat (-d –diskformat [zeroedthick|thin|eagerzeroedthick]).

After the cloning is completed, you could re-import the newly created disk in your VM and start it. (Don’t forget to remove the old one :))

 

 

1 2 3 4