Let Us GO Virtual

How to, Videos, discussions about Virtualization

This content shows Simple View


Author Archives kabuataya

Update to vSphere vCenter Server, version 5.1.0A released

VMware Has released a huge number of upgrades and Minor Fixes to some of its cloud products platform just about 3 days ago. In this post i will be discussing the update related to vCenter with Version 5.1.0A Release

  • vCenter Server Services fail on startup after upgrade to vCenter Server 5.1
    After you upgrade to vCenter Server 5.1, the vCenter Server services fail to start up and generate vpxd dumps. This issue occurs if old certificates are removed during upgrade of vCenter Server or if you attempt to perform a fresh install of vCenter Server with an already upgraded vCenter Server 5.1 database.

    This issue is resolved in this release. If you have encountered this issue in the past, upgrading to vCenter Server 5.1.0a will resolve the issue.

  • Users unable to log in to vCenter Server after upgrading to vCenter Server 5.1
    After upgrading to vCenter Server 5.1, you might be unable to log in with the user or group administrator privileges provided by the vCenter Server installer during the upgrade process. This issue can occur if vCenter Server finds a vCenter Server Administrator user or group that can be authenticated against vCenter Single Sign On while searching the vCenter Server database.

    This issue is resolved in this release.

  • Invalid solution certificate. Certificate already expired. error message occurs when upgrading to vCenter Server 5.1 and registering the vCenter Server instance to vCenter Single Sign On 
    The vCenter Server installer does not allow upgrade if the certificate is invalid or already expired. To regenerate expired SSL certificates, see KB 1009092: Regenerating expired SSL certificates.

    This issue is resolved in this release.

  • vCenter Server takes an unusually long time to start and the vSphere Client might time out
    When a large number of permissions are assigned to objects in the vCenter Server inventory, the vCenter Server service does not start as quickly as expected as vCenter Server verifies that the users and groups exist in the identity source. Also, the connection to the vSphere Client might time out when you log in with Windows session credentials.

    The following messages appear in the vCenter Server logs while the service is starting:

    [SSO] [SsoAdminFacadeImpl] [FindGroup]
    [UserDirectorySso] GetUserInfo (DOMAIN\ *USER OR GROUP*, true) res: DOMAIN\ *USER OR GROUP*
    [UserDirectorySso] NormalizeUserName (DOMAIN\ *USER OR GROUP*, false) re: DOMAIN\ *USER OR GROUP*

    This issue is resolved in this release.

  • Upgrading to vCenter Server 5.1 might fail with error 29107 even though the service or solution user is already registered
    Attempts to upgrade vCenter Server 5.1 might fail with the following error message:

    Error 29107. The service or solution user is already registered. Check VM_ssoreg.log in system, temporary folder for details.

    This issue is resolved in this release.

  • Installing or upgrading vCenter Server 5.1 fails with the error: Could not contact Lookup Service
    vCenter Simple Install might fail with the following error if the Fully Qualified Domain Name (FQDN) contains the string port during the installation:

    Error 29102 . Could not contact Lookup Service. Please check VM_ssoreg.log in system temporary folder for details.

    This issue is resolved in this release.

  • Installing vCenter Single Sign On fails with the error: Unable to create database users: Password validation failed
    When you attempt to install vCenter Single Sign On using an existing database or the bundled SQL Express database, the installation fails with the following error:

    Error 29114. Cannot connect to DB

    This issue is resolved in this release.

  • Unable to log in to the vSphere Web Client due to incorrect proxy settings
    Slow network speeds caused by incorrect proxy settings might result in delay during the interaction between the vSphere Web Client, domain controller, and external vCenter Single Sign On. You might encounter the following issues due to this delay:

    • Attempts to log into the vSphere Web Client fail with the following error:The vSphere Web Client cannot connect to the vCenter Single Sign On server.
    • A delay in excess of 20 minutes to list all domain users
    • A delay in excess of 20 minutes to load the whole vCenter Server inventory after domain use login

    This issue is resolved with this release.

  • Unable to access the cross-host Storage vMotion feature from the vSphere Web Client with an Essentials Plus license
    If you start the migration wizard for a powered on virtual machine with an Essentials Plus license, the Change both host and datastore option in the migration wizard is disabled, and the following error message is displayed:

    Storage vMotion is not licensed on this host.
    To perform this migration without a license, power off the virtual machine.

    This issue is resolved in this release.

 



Configuring vCenter Single Sign On for High Availability

Since the release of vSphere 5.1 and all of the new changes that took place specially in the vCenter components. where inventory service can now be seperated from the vCenter installation on a separate server and also the SSO service that will dramatically add lots of enhancement and integration functionality between all VMware cloud products  in the 5.1 release now and also in later releases. high availability options for vCenter has been considered in so many different ways by customers for vCenter and all of its components.

 

for that same reason, I am highlighting a new KB that was released from VMware recently on how to make you SSO Server Highly available. there are some notes that you might want to consider when implementing this solution, Please find them below.

1- All the Nodes will use the same database, use the same user data and have the same user stores.

2- Using this option, you will not be able to use windows authentication because it will not be able to leverage the local operating system users as a user store.

3- you need to follow the procedure mentioned in the KB article before installing the remaining services, this includes the inventory service, vCenter server, vSphere Web Client.

Now, To set up SSO for HA:

Step 1 – Prepare the Systems

  1. Create two virtual machines running a Windows guest operating system. These will be the nodes configured for SSO.
  2. Create a DNS entry for each virtual machine.
  3. (Optional) If you use Active Directory and want it to be discovered automatically by SSO:
    1. Put both virtual machines in the same Active Directory domain.
    2. Assign administrative permissions on both machines to the Active Directory domain user running the installation.

Step 2 – Configure SSO on the Master Node

Install vCenter SSO on the machine that will become the master node. When prompted, select these options:

  • Deployment type: Create Primary node for a new vCenter Single Sign On installation.
  • Node type: Create the primary node for a new vCenter Single Sign On installation.

Step 3 – Update ssolscli.jar

A SSO .jar file needs to be replaced for HA functionality to be set up.
In C:\Program Files\VMware\Infrastructure\SSOServer\ssolscli, replace ssolscli.jar with the solscli.jar.gz file attached to this article.

Step 4 – Configure SSO on the Backup Node

Install vCenter SSO on the machine that will become the backup node. When prompted, select these options:

  • Deployment type: Join an existing vCenter Single Sign On installation.
  • Node type: High availability.
  • Enter the host, port, and the password for admin@System-Domain for the master node installed in Step 2.

    Note: The default port is 7444.

Step 5 – Define the Session Configuration on Each Single Sign On Node

On each SSO node, modify the session configuration.

  1. In a text editor, open SingleSignOn_install_dir\conf\server.xml.
  2. Locate the line:

    <Engine defaultHost="localhost" name="Catalina">

  3. Change it to:

    <Engine defaultHost="localhost" name="Catalina" jvmRoute="routeID">

    If you are installing Apache HTTPD as your load balancing software, for each SSO node, the value specified for the routeID must be the same as the one that is specified in the corresponding BalancerMember directive in the configuration file. For the first node, enter node1. For the second node, enter node2.
  4. Restart vCenter Single Sign On service.

Step 6 – Configure Load Balancing

Configure the load balancing software of your choice. One popularly recommended choice is the Apache server with the mod_proxy and mod_proxy_balancer modules. Because sensitive information is sent to and from SSO, the load balancing software should be configured for SSL. The requirements for load balancing software configuration include:

  • Node affinity for the machine on which the primary node is installed.
  • Entries for these SSO services:
    • Groupcheck: map /groupcheck to /sso-adminserver to both SSO HA nodes.
    • LookupService: map /lookupservice to both SSO HA nodes.
    • Security Token Service: map /ims to both SSO HA nodes.
    • Admin server: map /sso-adminserver to /sso-adminserver on the primary node only.

Note: Because Groupcheck is present on both of the nodes but Admin server is only present on the primary node, do not use the same path for Groupcheck and Admin server.

For more information about the recommended configuration when using Apache as a load balancing software for Single Sign On, see Setting up Apache load balancing software with vCenter Single Sign On (2034157).

Step 7 – Update the Lookup Service Records

  1. Copy the root certificate of the certificate chain that issued the SSL certificate for the load balancing software to the machine on which SSO node1 is installed. For example, copy it to C:/updateInfo/.
  2. From a terminal window, on each of the systems where Single Sign On is installed:
    1. Set the JAVA_HOME variable. Using the default location in which VMware products install JRE, run:

      set JAVA_HOME=C:\Program Files\VMware\Infrastructure\jre

    2. Make sure connections to the load balancing software are possible. Check your firewall settings.
    3. List the services. For example:

      Switch to the directory of SSO was installed:

      cd /d C:\Program Files\VMware\Infrastructure\SSOServer\ssolscli

      Run this command:

      ssolscli listServices https://primary_node_hostname:7444/lookupservice/sdk

  3. Locate the Group Check, SSO Admin, and Security Token Service (STS) services. Use Type to identify these services:
    • Group Check type: urn:sso:groupcheck
    • Single Sign On Admin type: urn:sso:admin
    • Security Token Service type: urn:sso:sts
  4. Use a text editor to create three properties files, one for each of the three services. Name the files sts.properties, gc.properties, and admin.properties. The location in which you store these files is not important. For this example, save these files to C:\UpdateInfo. Reference the output of the listServices command in Step 7-2.

    Example: The contents of the sts.properties file might look similar to:

    [service]
    friendlyName=STS for Single Sign On
    version=1.0
    ownerId=
    type=urn:sso:sts
    description=The Security Token Service of the Single Sign On server

    [endpoint0]
    uri=https://location_of_your_load_balancer:<configured port>
    /ims/STSService?wsdl
    ssl=C:\UpdateInfo\cacert.pem
    protocol=wsTrust

    Example: The contents of the admin.properties file might look similar to:

    [service]
    friendlyName=The administrative interface of the SSO server
    version=1.0
    ownerId=
    type=urn:sso:admin
    description=The Security Token Service of the Single Sign On server

    [endpoint0]
    uri=https://location_of_your_load_balancer:
    <configured port>/sso-adminserver/sdk
    ssl=C:\UpdateInfo\cacert.pem
    protocol=vmomi

    Example: The contents of the gc.properties file might look similar to:

    [service]
    friendlyName=The group check interface of the SSO server
    version=1.0
    ownerId=
    type=urn:sso:groupcheck
    description=The group check interface of the SSO server

    [endpoint0]
    uri=https://location_of_your_load_balancer:
    <configured port>/sso-adminserver/sdk
    ssl=C:\UpdateInfo\cacert.pem
    protocol=vmomi

  5. Locate the serviceId for each of the three services. The service ID is located in serviceId on the list of services you created earlier.
  6. Open a text editor and create a separate service ID file for each of the three services. For this example, create three files (sts_id, gc_id, admin_id) and save them to C:\UpdateInfo. The service ID file (sts_id) contains only the service ID. The file must not contain any other data.

    Example:

    This is an example of the contents of the admin_id file:
    {D46D4BFD-CC5B-4AE7-87DC-5CD63A97B194}:1

    This is an example of the contents of the sts_id file:
    {D46D4BFD-CC5B-4AE7-87DC-5CD63A97B194}:2

    This is an example of the contents of the gc_id file:
    {D46D4BFD-CC5B-4AE7-87DC-5CD63A97B194}:3

  7. For each of the three services, run this command:
    <SingleSignOn install dir>\ssolscli\ssolscli updateService -d <Lookup Service URL> -u sso <administrator> -p <sso administrator password> -si <serviceid_file> -ip <service.properties>

    Where, for each of the three services:

    • service.properties is the file created in step 4 of this procedure
    • serviceid_file is the file created in Step 6 of this procedure

Example: Using the sts_id file:

C:\Program Files\VMware\Infrastructure\SSOServer\ssolscli\ssolscli updateService -d https://<primary sso node>:<configured port>/lookupservice/sdk -u admin@System-Domain -p VMware123 -si sts_id -ip sts.properties

You have now completed the Single Sign On configuration for high availability.

During the installation of vCenter Server, vSphere Web Client, and the Inventory service, you must provide the address of the new load balanced hostname for Lookup Service. The address should be in the form https://<load balancer fqdn>:<configured port>/<configured path>.

 

Source of information and all attachments can be found in the following Link



vSphere 5.1, Auto Deploy Overview Video.

With the release of vSphere 5.1. Auto Deploy feature has received its piece of the upgrade cake with tremendous new features which has allowed VMware Administrators to deploy it in 3 different ways. These New features include the addition of Statless caching and stateful install during the auto deploy implementation process. in this blog post, I will be showing 3 Videos created by VMware showing each of these deployment scenarios and how they work.

 

1- Auto Deploy Stateless

 

2- Auto Deploy Stateless Caching

 

 

3- Auto Deploy Stateful install



vSphere 5.1, VDS New Features Evaluation Videos.

With the new release of VMware vSphere Version 5.1, new features related to the distributed switch has been added. this include features like LACP, Network Health Check ,Roll-Back and recovery, as well as Backup and Restore.

 

VMware has create 3 Different Videos showing some of these features and how they works with vSphere. Please enjoy watching these videos.

1- VMware Distributed Switch Health Check

 

2- Networking Backup and recovery.

 

3- Networking Config Backup & Recovery

 



VMware vCloud Director 5.1.1 Released.

On 25h October, VMware Released a Minor update to vCloud Director software. this update has a number of fixes to various issues encountered in version 5.1 including.

 

  • The vCD Appliance now has sets net.ipv4.conf.all.rp.filter = 0 in the /etc/sysctl.conf file.  This fixes an issue with a loss of network connectivity that was observed with the 5.1 release.
  • Snapshots were unnecessarily created.  This occurred when fast provisioning was enabled and a copy of a vApp template across datastores was performed.
  • An exception would be generated in cases where an external network was created without any available DVportgroups.  The exception returned would look similar to:

HTTP ERROR 500
Problem accessing /cloud/. Reason: could not load an entity:

  • Some changes were introduced into the Allocation Model with vCloud Director 5.1 to enable elastic VDCs.  With these changes, some customers had issues if they configured the vCPU to Mhz mapping too low which would result in VM performance issues for some initial VMs in the resource pool as the limit is set too low. If these same customer set the vCPU to Mhz mapping too high it would result in limiting the maximum number of VMs that can be provisioned in the pool significantly

 

Please don’t forget to check the release note here before the upgrade to identify all information needed including known issues and workarounds.

 

Happy Upgrading.



VMware View Rapid Desktop Appliances

We have all heard about the new rapid desktop program during Steve Keynotes sessions in VMWorld. as steve said, there are multiple solutions from different vendors like Pivot3, Cisco … etc.

 

I though i should point you all out to the link where you can see all of these appliances with the configurations and the software it holds. Looking around, I found this link here on VMware Compatibility list which shows them with all the configuration within the appliances in term of hardware/Software.

These appliances are really great when we want to just deploy and expand on the go. no changes nothing is required except from running some scripts to configure and provision the desktops after the connectivity completes in the data center.

 



VMware New Learning Site with over 50 Online Free instructiuonal Videos.

VMware has just launched a new site vmwarelearning.com which offers a huge library of instructional trainings and videos n Various VMware products. this videos includes trainings for products like SRM, vSphere, VSA, VCOPS and lots more.

 

I am sure this website will keep updated and more and more videos will be added toit in the near future.

 

 



How to Turbo-Charge your Video Performance in VMware View Environemnt.

This will be a very short post on blog that i have seen recently on VMware website regarding the subject matter. in brief here is what you have to do to turbo-charge the video performance of PCoIP in your environment.

1-Use VMXnet3 NIC Cards for the windows VMs.

2- change the following registry settings value to 1500

HKLM\System\CurrentControlSet\Services\Afd\ParametersFastSendDatagramThreshold

 

If there is a question of why do we need to do this then here answer.

The VMXNET3 adapter is a paravirtualized NIC designed for performance that, as of vSphere 5, supports interrupt coalescing. Virtual interrupt coalescing is similar to a physical NICs interrupt moderation and is useful in improving CPU efficiency for high throughput workloads. Unfortunately, out-of-the-box, Windows does not benefit from interrupt coalescing in many scenarios (those sending packets larger than 1024-bytes), because after sending a packet, Windows waits for a completion interrupt to be delivered before sending the next packet. By setting ParametersFastSendDatagramThreshold to the Microsoft recommended value of 1500 bytes you instruct Windows not to wait for the completion interrupt even when sending larger packets. Accordingly, you are allowing View and PCoIP (as well as other applications that send larger packets) to benefit from interrupt coalescing – reducing CPU load and improving network throughput for PCoIP  — which translates into significantly improved video playback performance.

 

The link to the original article is here. and Microsoft KB article is here



How to Alter Behavior of Printers That Roam with Roaming Profiles – Micr

In environments where users are using Roaming Profiles, By default the default printer roam with the user profile wherever they go inside the enterprise. when utilizing location based printing for example in view environment for example, this feature shouldn’t be used for the fact that the user can be somewhere and the printer is somewhere else.

 

since the default printer is part of the user registry keys. this feature can be altered easily with some changes that Microsoft has mentioned in it KB article Numbered 304767. there are 2 methods that can be used to achieve this based on the use case and the administrator requirement. the link to the article is here.

 

Please be careful when changing registry values because this could make windows unusable.

 

 

 

 

 




top