Category Archives: VMware

Configuring VMware vSphere 6.0 VMware Certificate Authority as a subordinate Certificate Authority:

  1. Launch the vSphere 6.0 Certificate Manager using:
    Windows Platform Service Controller:
    C:\Program Files\VMware\vCenter Server\vmcad\certificate-manager
  2. Select Option 2(Replace VMCA Root certificate with Custom Signing Certificate and replace all Certificates)
  3. vmca
  4. Provide the administrator@vsphere.localpassword when prompted.
  5. Provide appropriate details
  6. Select Option 1(Generate Certificate Signing Request(s) and Key(s) for VMCA Root Signing certificate)
  7. Your new CSR is in the folder you specified titled “vmca_signing_cert.csr” with its corresponding key file.
    1. Login to Windows Certificate Authority https://<CA Name>/certsrvand sign the certificate with Certificate Template
      1. Creating a new template for vSphere 6.0 to use for VMCA as a Subordinate CA
      2. Connecting to the CA server
      3. Click Start > Run, type certtmpl.msc, and click OK.
      4. In the Certificate Template Console, under Template Display Name, right-click Subordinate Certificate Authority and click Duplicate Template.
      5. In the Duplicate Template window, select Windows Server 2003 Enterprise for backward compatibility.
      6. If you have an encryption level higher than SHA1, select Windows Server 2008 Enterprise.
      7. Click the General tab.
      8. In the Template display name field, enter the name of the new template.
      9. Ensure Publish certificate in Active Directory is selected.
      10. Click the Extensions tab.
      11. Select Key Usage and click Edit.
      12. Ensure that Digital Signature, Certificate signing and CRL signing are enabled.
      13. Ensure that Make this extension critical is enabled.
      14. Click OK.
      15. Click OK to save the template.
      16. Proceed to Adding a new template to certificate templates section in the article to make the newly created certificate template available.
      17. Adding a new template to certificate templates
      18. Connecting to the CA server
      19. Click Start > Run, type certsrv.msc, and click OK.
      20. In the left pane of the Certificate Console, if collapsed, expand the node by clicking the + icon.
      21. Right-click Certificate Templates and click New > Certificate Template to Issue.
      22. Locate vSphere 6.0 or vSphere 6.0 VMCA under the Name column.
      23. Click OK.
  1. Select Base64 Encoded and download the chain.
  2. Open .p7b certificate and export both certificates as Base64.
  3. Create a chain file called root_signing_chain.cer by running the following command to concatenate the new leaf (vmca) certificate, and the root certificate.
  4. copy root_signing_cert.cer + root64.cer root_signing_chain.cer
  5. Return to the vSphere 6.0 Certificate Manager and select Option 1(Continue to importing Custom certificate(s) and key(s) for VMCA Root Signing certificate).
  6. Provide the full path to the root_signing_chain.cer and vmca_signing_cert.key.
  7. Once the import is done Login to Platfor Service Controller Web console https://<PSC Serrver>/webssoand check the certificates.

 

Advertisements

VDP Backup Failed with error: cancelled by Administrator

Continue reading

VMware ESXi 5.5 U2 / 6.0 Installation Error : Can’t have partition outside the disk

Continue reading

vCenter Server 5.5 fails to start after reboot

VMware VirtualCenter Server service unable to start after vCenter server reboot,

In the C:\ProgramData\VMware\VMware VirtualCenter\Logs\vpxd.log file you see  similar logs :
[04928 info ‘[SSO][CreateSsoFacade]’] [CreateUserDirectory] STS URI set to: https://vCenter_Server_FQDN:7444/sts/STSService/vsphere.local
[04928 info ‘[SSO][CreateSsoFacade]’] [CreateUserDirectory] Admin URI set to: https://vCenter_Server_FQDN:7444/sso-adminserver/sdk/vsphere.local
[04928 info ‘[SSO][CreateSsoFacade]’] [CreateUserDirectory] Groupcheck URI set to: https://vCenter_Server_FQDN:7444/sso-adminserver/sdk/vsphere.local
[02396 error ‘[SSO][SsoFactory_CreateFacade]’]
Unable to create SSO facade: Invalid response code: 404 Not Found.
[02396 error ‘vpxdvpxdMain’]
[Vpxd::ServerApp::Init] Init failed:
Vpx::Common::Sso::SsoFactory_CreateFacade(sslContext, ssoFacadeConstPtr)
–> Backtrace:
–> backtrace[00] rip 000000018018cd7a
–> backtrace[01] rip 0000000180106c48
–> backtrace[02] rip 000000018010803e

To work around this issue, restart the VMware Secure Token Service:
Log in as an administrator to the server that is running vCenter Server.

  1. Click Start > Run, type services.msc, and click OK. The Services window opens.
  2. Stop these services:

    VMware Secure Token Service
    VMware Identity Management Service
    VMware Certificate Service
    VMware KDC Service
    VMware Directory Service.

  3. Start these services:

    VMware Identity Management Service
    VMware Certificate Service
    VMware KDC Service
    VMware Directory Service
    VMware Secure Token Service
    VMware VirtualCenter Server

Please follow the KB 2061412 for more info.

 

Unable to connect to the requested VDP appliance

Today I came across a situation where I am unable to connect to my VDP appliance and come up with below error.

vdp-error

 

 

there is no problem connecting to VDP configuration.

  • In the /usr/local/avamar/var/vdr/server_logs/vdr-server.log file, you see an entry similar to:

    YYYY-MM-DD HH:MM:SS,MS ERROR [com.abc.vdr.server.VDRServer$1]-server.VDRServer: VDRServer.getVCenterClient cannot obtain VCenterClient  java.lang.NullPointerException: VCenterClient list is empty

  • Also in the vdr-server.log file, you may see an entry similar to:

    YYYY-MM-DD HH:MM:SS,MS INFO [http-xxxx-exec-x] -impl.X509TrustChainKeySelector: Failed to find trusted path to signing certificate. 

Resolution:

This issue occurs with the date and time doesn’t match with VDP appliance and vCenter server or ESXi host.

Check the ntp settings are configured correctly on your VC and ESXi hosts. To resolve the issue stop the MCS service on the VDP appliance and start it again .
#dpnctl stop mcs

Once stopped start it again

#dpnctl start mcs

Please follow the KB Could not connect to the requested VDP appliance

 

 

 

 

VMware VDP vdp-configure unable to access from browser

Continue reading

ESXi Host Management network inaccessible

Continue reading