Error 25114. Setup failed to generate the JRE SSL keys

Today I was busy with a vCenter server upgrade to vCenter 4.1 update 2. Everything went fine except the vCenter Update manager installation. I received the following error:


The solution is pretty simple this time. Just be sure to stop the vCenter Update Manager service before starting the setup. Right after stopping the service, the installation was successful and I was happy again. In the VMware Communities you’ll find that this issue is also know for the upgrade of vCenter 5 to vCenter 5 update 1. See for more info. Now let’s patch some vSphere hosts with the help of PowerCLI: powercli-update-vmhost-function/


Rescan VMFS results in a deadlock of vCenter Server 4.x

When you’re using different types of storage in your vSphere environment, you might need to use different kind of alarms. So I thought to be smart and create a lot of folders and assign different alarms to these folders.  When the folders and alarms where ready, I moved the Datastores into the folders. Everything looks perfect so far. I was able to add different alarms for each type of Datastores. This scenario is also described by Jeremy Waldrop. The setup looks like this:


So far so good.

But… when I added a new Datastore and started a rescan on a cluster ……. vCenter freezes with a deadlock!

Continue reading “Rescan VMFS results in a deadlock of vCenter Server 4.x”

vCenter Server installation error 28035

If you want to install vCenter 4.1 on Windows 2008 Server R2. You might get the following error:


This time the solution is simple. From: KB1013530:

When installing vCenter Server 4.1 on Windows 2008 Server R2, the installer completes but the installation fails.

You receive the error:
Error 28035.set up, failed to copy DSACLS.exe from system folder to %winder%\adam,folder

The solution is simple:

Some versions of Windows 2008 R2 may already have this component installed. However, it may be necessary to add the Application Server role in Server Manager or simply enable .NET Framework on Windows 2008 R2.  To verify that the .NET Framework is enabled, go to Server Manager > Add Features > .NET Framework 3.5.x Features.

Or you run the dism command line tool:

dism.exe /online /enable-feature /featurename:NetFx3

More info about dism.exe can be found here:

When you’re done installing the .Net Framework 3.5.x you are able to install vCenter 4.1 on Windows Server 2008 R2.

Oh and don’t forget to use the Native SQL client 2008 and the 32bit DSN like I mentioned in my earlier post.

How To: Configure vSphere 4.1 Active Directory Authentication

In this post I will show you how to setup Active Directory Authentication in vSphere 4.1.

What do we need tot do:

– Before you start. Please make sure that DNS and NTP are fully functional.
– Create an AD group called "ESX Admins" on a Windows Domain Controller
– Add users to that group
– Configure ESX/ESXi server’s "Directory Services"

If your ESX hosts and Active Directory Domain controllers are able to find each other via DNS, you’re ready to go to the next step of this setup. We need to create a group called “ESX Admins” and add the users with administrator permissions in vCenter to this group. When you choose a different name for the group, you will not be able to use Active Directory Authentication. I found this in the vsp_41_esx_server_config.pdf:

vCenter Server registers any selected Windows domain user or group through the process of assigning permissions. By default, all users who are members of the local Windows Administrators group on vCenter Server are granted the same access rights as any user assigned to the Administrator role. Users who are members of the Administrators group can log in as individuals and have full access.
Users who are in the Active Directory group ESX Admins are automatically assigned the Administrator role.

After creating the ESX Admins group it’s now time to join the ESX host to the Windows Domain. When you’re managing a small environment, you can do this with five a six mouse clicks per ESX host.

Continue reading “How To: Configure vSphere 4.1 Active Directory Authentication”

vSphere: vCenter shows VMName (Invalid)

After some issues with a NFS share I noticed that a couple of VM’s changed to Invalid. The VM was still fully operational but vCenter didn’t recognized the VM’s anymore.


I found the following knowledge base article: which describes the following symptoms:

•Virtual machines display as invalid in vCenter Server
•The command service mgmt-vmware restart fails to stop the management agent
•The command vmware-cmd -l returns the error:

PANIC: SyncWaitQ: The system limit on the total number of open files has been reached

•The command ps -auxwww shows a large amount of SSHD processes running

In my case the solution was to restart the management agent on the host where the VM’s where running on.

vSphere: An error occurred, please try again in another vSphere session



From KB1014213:

When trying to update host data, you may experience these symptoms:
The vCenter Service Status shows the error:

An error occurred, please try again in another vSphere session.
The Hardware Status tab shows the error:

An error occurred, please try again in another vSphere session.

From: KB1013893

The VirtualCenter Server Service Status fails with the errors:

Cannot access the health service!

Login to the query service failed

Do not have permission for this command

The solutions mentioned in both the KB articles didn’t solve the issue for me. In my case name resolution was the problem. We use another domain for our vCenter server. The clients where not able to resolve the FQDN of the vCenter server. So I added the FQDN and ip address to the hosts file. After this little change and reconnecting the vSphere client, everything worked as it should be.

PowerCLI: Document the ESX Hostname of the vCenter VM


I was reading Duncan Epping his post: about Running vCenter virtual. The most of the steps described, you only have to do once but step 5 needs to be documented once in a while

5. Write a procedure to boot the vCenter / AD / DNS / SQL manually in case of a complete power outage occurs.

Nobody likes to document this thing so we will let PowerCLI do this job for us.

First you need to now the VMs. In most cases this will be your Domain Controller, Database Server and of course the vCenter VM.

$vms =  Get-VM "DC01", "DB01", "VC01" | Sort Name
$vms | Select Name, @{N="Cluster";E={Get-Cluster -VM $_}}, `
@{N="VMHost";E={Get-VMHost -VM $_}} 

The one-liner above will return the VM name, Cluster Name and ESX Host name:


Now you are able to document where your VMs are. But you still need to put this information somewhere. So I created a simple script which will export the information displayed above to a CSV file. The script will also remove files older than 7 days.

You can change the variable if you want.

$now = Get-Date
$days = "7"
$targetFolder = "C:\vCenter"

if (Test-Path $targetFolder)
    Write-Host $targetFolder "Already exists"
    New-Item $targetFolder -type directory
    Write-Host $targetFolder "Created"

$lastWrite = $now.AddDays(-$days)
$files = get-childitem $targetFolder -include *.csv -recurse `
    | Where {$_.LastWriteTime -le "$lastWrite"} 

if (($files | Measure-Object).count -gt 0){
foreach ($file in $files)
{write-host "Deleting File $File" -foregroundcolor "Red"; `
    Remove-Item $file | out-null}

$filename = "C:\vCenter\" + (Get-Date -format  'yyyy-MM-dd hh-mm-ss') + '.csv'
$vms =  Get-VM "DC01", "DB01", "VC01" | Sort Name 
$vms | Select Name, @{N="Cluster";E={Get-Cluster -VM $_}}, `
@{N="VMHost";E={Get-VMHost -VM $_}} | `
Export-Csv -NoTypeInformation $filename

The script will generate a CSV file:


The CSV file will look like this:





You can schedule this script on a VM that runs on another cluster or maybe better, schedule the script on a physical box. If you want to know how to schedule a Powershell/CLI script, go check out this post from Alan Renouf:

Now you are able to track the most important VMs in your environment.