vShield Host preparation: Host not reachable


Just a quick tip when you’re using vShield and want to prepare a new ESXi host. When you click on the vShield tab inside the vSphere client you might see the message “Host not reachable”.

image

So I started with some basic troubleshooting like ping from the vShield Manager to the ESXi host and from the ESXi host to the vShield Manager. This worked. The next step was the debug connection command from the vShield Manager appliance. This command completed successfully:

image

So what was the issue?? Well it’s simple the ESXi host was in Maintenance mode while trying to perform the Host preparation. This is not supported. The host needs to be in normal operation mode to be able to connect to vShield. Now I was able to prepare the ESX host:

image

Syslog gone mad after vSphere upgrade to vSphere 5.1 update 1


After upgrading a vSphere 5.0 update 2 host to vSphere 5.1 update 1 we noticed an issue with the lsassd daemon. Right after update manager finished with the upgrade the lsassd starts to write a lot of messages. Within the last 5 minutes the syslog server received 170K log messages from the upgraded host alone.

See the screenshot below:

image

The following message keeps popping up in the logs:

esxihost.domain.loc lsassd[9297]: 0x6eb11b90:Terminating on fatal IPC exception

To work around this issue you need to leave the Windows domain. Select the host – Configuration – Authentication Services – Properties. Click on Leave Domain… The excessive logging hast stopped immediately.

image

After that you can rejoin to the Windows domain again.

Import OVF/OVA: No datastore found on target in vCenter Server 5.1


I was trying to import an OVF/OVA template to one of my lab environments. But unfortunately this was not possible because of an error:

image

In this environment we are using Folders to organize the datastores. See the screenshot below:

image

This works for most of the time but when you want to import an OVF/OVA template you have to give up your folder structure to enable the OVF template. This is a small bug in vCenter Server 5.1. See KB2045635 for more details.

This is a small quote from the KB article:

This is a known issue affecting VMware vCenter Server 5.1.

Try one of the following workarounds:

  • Use vSphere Client to deploy.
    Open the vSphere Client and use it to deploy the OVA/OVF file.
  • Use Web Client to deploy.
    If the datastore is  in a folder, remove it from the folder and try to deploy.

In this case I had to move the SDRS cluster and the datastores attached to this SDRS cluster from the yellow folder to the root folder inside the Storage view of the vSphere web client.

Now I was able to deploy the OVF/OVA template.

Veeam: A file level restore gets stuck in a "stopping" state.


Today a colleague of mine was trying to perform a file level restore on one of the Veeam servers. But unfortunately the job became unresponsive and got stuck in a stopping state. See the print screen below:

image

To fix this issue, you need to run a SQL query on the Veeam database to clear the locks. I have included the solution form KB1534:

Problem:

A file level restore gets stuck in a "stopping" or "starting" state.

Cause:

This issue typically occurs when the VeeamBackup database has become out of sync with Veeam and the true state of the File Level Restore is not updated in the GUI.

Solution:

To fix this you will need to run a SQL query against the VeeamBackup Database, instructions are as shown below. 
Before running this SQL query against the “VeeamBackup” Database, please make sure that there are currently no jobs running. If you are unaware of how to run a query against a DB please read the steps below, if you are aware please disregard.
1.       Open up SQL Server Management Studio and connect to the VEEAM instance.
2.       Expand “Databases”.
3.       Right-click “VeeamBackup”>New query.
4.       Paste the query below into the query window and hit either “execute” or F5.

The query:

UPDATE [ReportRestoreSessionsAndTaskSessionsView]
   SET "state" = -1 
    WHERE "initiator_name" not like 'null'

After running the query and restarting the Veeam console. My colleague was able to perform the file level restore.

Source: http://www.veeam.com/kb1534

PowerCLI: enable SSH and configure ESXi Firewall


It’s a long time ago when I posted a new article on my blog so it’s time to write some new content. I want to start with a post about configuring SSH to start automatically, hide the Shell warning message and configure the ESXi firewall to allow the connection from a certain IP address. Of course all this is done by running a PowerCLI script.

But first I want to show you where you can change the ESXi firewall settings. Go to the configuration tab and select the Security Profile. Select the rule you want to change and click on firewall.. Select the option “Only allow connections from the following networks” and add the IP address or IP range you want to allow.

image

But like I mentioned before this is not a job do by hand when you have a large vSphere environment so I want to share the PowerCLI script below to perform this task for you. The only things you need to change are the $cluster and $ip variables. Then copy the script to your PowerCLI session and run it.

$cluster = "<clusterName>"
$ip = "192.168.1.1"

foreach($vmHost in (Get-Cluster $cluster | Get-VMHost | Sort Name)){
    write-host "Configuring SSH on host: $($vmHost.Name)" -fore Yellow
    if((Get-VMHostService -VMHost $vmHost | where {$_.Key -eq "TSM-SSH"}).Policy -ne "on"){
        Write-Host "Setting SSH service policy to automatic on $($vmHost.Name)"
        Get-VMHostService -VMHost $vmHost | where { $_.key -eq "TSM-SSH" } | Set-VMHostService -Policy "On" -Confirm:$false -ea 1 | Out-null
    }

    if((Get-VMHostService -VMHost $vmHost | where {$_.Key -eq "TSM-SSH"}).Running -ne $true){
        Write-Host "Starting SSH service on $($vmHost.Name)"
        Start-VMHostService -HostService (Get-VMHost $vmHost | Get-VMHostService | Where { $_.Key -eq "TSM-SSH"}) | Out-null
    }    
    
    $esxcli = Get-EsxCli -VMHost $vmHost
    if($esxcli -ne $null){
        if(($esxcli.network.firewall.ruleset.allowedip.list("sshServer") | select AllowedIPAddresses).AllowedIPAddresses -eq "All"){
            Write-Host "Changing the sshServer firewall configuration"        
            $esxcli.network.firewall.ruleset.set($false, $true, "sshServer")
            $esxcli.network.firewall.ruleset.allowedip.add("$ip", "sshServer")
            $esxcli.network.firewall.refresh()
        }    
    }
    
    if(($vmHost | Get-AdvancedSetting | Where {$_.Name -eq "UserVars.SuppressShellWarning"}).Value -ne "1"){
        Write-Host "Suppress the SSH warning message"
        $vmHost | Get-AdvancedSetting | Where {$_.Name -eq "UserVars.SuppressShellWarning"} | Set-AdvancedSetting -Value "1" -Confirm:$false | Out-null
    }    
}

The script checks if the SSH Service is running or not and will change the setting is necessary. This is also the case with the Firewall configuration and the part to suppress the Shell warning message.

PowerCLI: Automatic expand the available ports for a dvPortgroup


Last year William Lam wrote a blog post on the VMware vSphere Blog about automatic expand a dvPort group port. You can find his post here: http://blogs.vmware.com/vsphere/.  There is also a KB article about this subject. You can find it here: KB1022312

Just a quote from the KB article KB1022312 to explain the auto expand feature and how you can enable it without using Perl of PowerCLI scripting:

Note:  vSphere 5.0 has introduced a new advanced option for static port binding called Auto Expand. This port group property allows a port group to expand automatically by a small predefined margin whenever the port group is about to run out of ports. In vSphere 5.1, the Auto Expand feature is enabled by default.

In vSphere 5.0 Auto Expand is disabled by default. To enable it, use the vSphere 5.0 SDK via the managed object browser (MOB):

  1. In a browser, enter the address http://vc-ip-address/mob/.
  2. When prompted, enter your vCenter Server username and password.
  3. Click the Content link.
  4. In the left pane, search for the row with the word rootFolder.
  5. Open the link in the right pane of the row. The link should be similar to group-d1 (Datacenters).
  6. In the left pane, search for the row with the word childEntity. In the right pane, you see a list of datacenter links.
  7. Click the datacenter link in which the vDS is defined.
  8. In the left pane, search for the row with the word networkFolder and open the link in the right pane. The link should be similar to group-n123 (network).
  9. In the left pane, search for the row with the word childEntity. You see a list of vDS and distributed port group links in the right pane.
  10. Click the distributed port group for which you want to change this property.
  11. In the left pane, search for the row with the word config and click the link in the right pane.
  12. In the left pane, search for the row with the word autoExpand. It is usually the first row.
  13. Note the corresponding value displayed in the right pane. The value should be false by default.
  14. In the left pane, search for the row with the word configVersion. The value should be 1 if it has not been modified.
  15. Note the corresponding value displayed in the right pane as it is needed later.
  16. Go back to the distributed port group page.
  17. Click the link that reads ReconfigureDvs_Task. A new window appears.
  18. In the Spec text field, enter this text:
    <spec>
    <configVersion>1</configVersion>
    <autoExpand>true</autoExpand>
    </spec>

    where configVersion is what you recorded in step 15.
  19. Click the Invoke Method link.
  20. Close the window.
  21. Repeat Steps 10 through 14 to verify the new value for autoExpand.

If you need to change this setting for hundreds of dvPortgroups this will not be one of your favorite changes in your VMware environment. Well you know me. Let’s see if we can PowerCLI this job.

$dvPG = Get-VirtualPortGroup -Name "VM Network"
$dvPGview = get-view $dvPG
$spec = New-Object VMware.Vim.DVPortgroupConfigSpec
$spec.AutoExpand = "True"
$spec.ConfigVersion = $dvPGview.Config.ConfigVersion
$dvPGview.ReconfigureDVPortgroup_Task($spec)
$dvPGview.UpdateViewData()

if you want to change all the dvPortgroups at one. You can use the following script:

Update: Thanks to Rafael Schitz from http://www.hypervisor.fr/ for the tip to filter out the dvUplink Portgroups. I have also added a check to find out if the dvSwitch is running the correct version to enable the autoExpand feature. Copy the script below and change de $dvSwitchName variable to the name of your dvSwitch.

$dvSwitchName = "dvSwitchName"
$dvSwitch = Get-VirtualSwitch -Distributed -Name $dvSwitchName
if($dvSwitch.ExtensionData.Config.ProductInfo.Version –notmatch "4.*"){
    foreach($dvPG in (Get-View -ViewType DistributedVirtualPortgroup|?{!($_.Tag|?{$_.Key -eq "SYSTEM/DVS.UPLINKPG"}) -and !$_.Config.autoExpand})){
        $spec = New-Object VMware.Vim.DVPortgroupConfigSpec
        $spec.AutoExpand = "True"
        $spec.ConfigVersion = $dvPG.Config.ConfigVersion
        $dvPG.ReconfigureDVPortgroup_Task($spec)
        Write-Host "Enable auotExpand for dvPortgroup: $($dvPG.Name)" -ForegroundColor Yellow
        $dvPG.UpdateViewData()
    }
}
else{
    Write-Host "dvSwitch: $($dvSwitch.Name) is not configured with version 5 or higher. Please upgrade.." -ForegroundColor Red
}

If the dvPortgroup has 0 available ports and a VM wants to connect a network adapter to the dvPortgroup, The total ports variable will be automatically expand with 10 ports. After a couple of tests I can confirm that it works.

My VM Network dvPortgroup had 70 ports. When al these ports where claimed by VM’s and a new VM was deployed or an existing VM was configured with a new network adapter, the Available ports variable was expanded with 10 ports without any impact for the running VM’s.

image

Sources: KB1022312, http://blogs.vmware.com/vsphere/, http://www.hypervisor.fr/?p=4633

Veeam: Host with uuid <uuid> was not found


Today I saw a new error with Veeam Backup and Replication. The error was:

Host with uuid “<uuid>” was not found

Within the Veeam console it looks like this:

image

After a quick search in the Veeam knowledge base I found the Knowledge base article with KB1063.

To fix this issue from the GUI go to Help – License – Licensed Hosts and revoke the license of the host with the new installation.

You can also remove all the licensed hosts via a MS SQL query on the de SQL Database by running the query below:

delete from [dbo].[HostsByJobs]

The reason for this error was a rebuild of the ESXi host.

Source: http://www.veeam.com/kb1063

Follow

Get every new post delivered to your Inbox.

Join 1,172 other followers