Cannot repoint vCenter to new PSC

VMware’s KB 2113917 for repointing vCenter to a new PSC within the same site on vSphere 6 is straightforward. Only requires one command to run on the vCenter Server. However, the repoint will not work if the proxy setting is enabled on the vCenter Server. This is a bug and hopefully will be fixed in a future patch.

Below is the error message after running the repoint command with the proxy enabled.

Validating Provided Configuration …

Failed to open connection https://FQDN_PSC:443/websso/ Error:

Please check the configuration and retry

Using curl to test the port connectivity was fine for port 443 on the PSC. I could even access the page that is in the error message. tcpdump between the vCenter Server and PSC showed information on the proxy. That is odd since the repoint shouldn’t need a proxy. The proxy is there so the vCenter Server can get out for updates.

The proxy can be disabled on the vCenter Server’s Appliance Management UI; https://:5480 Then go to Networking…Proxy Settings…Edit and uncheck ‘Use a proxy server’. Restart the vCenter Server and run the repoint command again.

Preparation for VCAP6-DCV Design Exam

I am studying for the VMware Certified Advanced Professional 6 – Data Center Virtualization Design Exam. I started to prepare for the exam this month and plan to take it in December. I had to hunt for good study material because VMware does not offer much. Only a blueprint, which is not even in a PDF. I contacted VMware education and was told the certification page with the blueprint is it. However, vMusketeers has made a spreadsheet with the blueprint. It includes the links that makes keeping track of studying easier because there are a lot of white papers to read. Also, check out the certification tab on the vMusketeers blog. There is additional information such as a practice quiz and useful links.

An absolute necessity is reading two articles on Jordan’s Roth’s blog; Scoring for VCAP6 Design Exams and VCAP6 Design Tips, Tricks and New Features. Read the comments on those two articles too. Jordan use to work for VMware on a team that created this exam. I think the information in those articles should be on VMware’s site so everyone has easy access to it. Here’s something funny Jordan said in one of his comments when someone questioned him. Jordan, “Well, since I designed the VCAP6 design exams myself, you can take my word for it or what you read somewhere else 🙂”

I highly recommend to watch the VCAP6-DCV Design Series on YouTube hosted by vBrowBag. They have a video for 11 of the 16 exam objectives. The videos are hosted by many VMware veterans and even some VCDXs. The few I watched so far have offered good, deep explanations.

There are two Google Communities to monitor; VCAP-DCD Study Group and VCAP6-DCV Design. The latter is more current. I recommend to spend as much time as possible to read every post, even if it goes back over a year ago when the VCAP6 was not yet leased. A lot of the 5.5 content is still every relevant.

Virtualtiers.net has a simulator, multiple choice questions, and drag/drop questions. I think it is based on the 5.5 objectives, but its worth going through to get a feel for the simulator and drag/drop questions. VMware has their official VCAP Datacenter Design Simulation, which is a Flash based walk through.

This should help someone get started on studying for the VCAP6-DCV Deploy exam. I will make an additional post after I take the exam. For now, I have plenty of content to keep myself busy for the next couple of months.

Transfer Latency

Dell Compellent’s Storage Manager has many tools for managing, monitoring, and reporting. I will focus on one performance metric which is transfer latency. Of course, monitoring displays the performance of many aspects of the SAN. Transfer latency monitors more than just the SAN. It measures latency from every point, which is the NIC on the host and everything in between connecting to the back end of the SAN.

Tracking the source of the transfer latency can be difficult since there are many places to check. However, somethings can be done to narrow it down. Storage Manager can drill down to many levels such as the disks to monitor latency. If the transfer latency follows directly with write latency, then the problem is most likely not with Compellent. ESXTOP can be used on the host side, but can be difficult to know exactly what is causing the latency.

Compellent has documentation that pointed me in another direction which was network switch configurations. Compellent has best practice documents available for many switches. Link level flow control needed to be enabled on each switch port the Compellent controllers are connected to on a Cisco Nexus 5548UP switch. This change can be made with no down time to VMs. Change one port’s configuration at a time as a precaution. Below is the configuration provided by one of Compellent’s documents. Transfer latency went dramatically down as soon as the ports were reconfigured.

Switch Configuration Guides for Compellent and EqualLogic SANs

switch# configure
switch(config)#interface ethernet 1/1-32
switch(config-if-range)#priority-flow-control mode off
switch(config-if-range)#flowcontrol send off
switch(config-if-range)#flowcontrol receive on
switch(config-if-range)#exit

VMware vCenter SSO 5.5 Migration to PSC 6.0 Error

I am in the process of upgrading three vCenter Servers on 5.5 to 6. SSO was embedded on all three and SSO has been recently externalized to Windows Servers. The next step is to use the vCenter Server Migration Tool to migrate each SSO 5.5 server to PSC 6 appliance.

I went through the migration wizard and the migration was on its way. The PSC was deployed and the progress bar on the migration was moving along. However, when I opened the console for the PSC, there was an error; Upgrade EXPORT failed. Then the migration never finished.

UpgradeExportFailed

I ran the migration again with VMware support since they did not know what could be causing the issue. I opened up the console for the PSC as soon as it was deployed and there was a quick message to look at UpgradeRunner.log. However, there was nothing useful in that log. Then checked out upgrade-export.log.

There were network related errors in upgrade-export.log. I knew I inputted everything correctly into the migration wizard and there was nothing that would block communication between anything involved. The IPv6 address in the log stuck out to me. The SSO Windows Server had a IPv6 address, but the wizard never asked for anything IPv6 related. I disabled IPv6 on the SSO server, ran the migration again, and everything went well.

UpgradeExportFailed_Shell2

Here’s one way to view the PSC’s logs. At the PSC’s console, hit Alt+F1. Then type the commands below.

shell.set –enabled True
shell
cd /var/log/vmware/upgrade
less upgrade-export.log

Moral of the story is to disable IPv6 on all VMware related servers before using the vCenter Server Migration Tool. Then enable it after everything is on 6. This is just to be safe in case any other of the upgrades or migrations have similar issues. VMware support said they will have a knowledge base article on this issue. When they do, I will edit this article with a link so everyone can check out the latest directly from VMware.

AWS Public Sector Summit 2017

AWSsummit2017a

I attended the AWS Public Sector Summit in Washington, DC this week. I usually do not attend so many conferences. This should be my last one for a while. I just happen to live nearby so I didn’t want to pass on the opportunity to learn more about AWS.

The keynotes were not really what a typical keynote address is at a conference. They were only a few minutes of announcements and then a few customer stories each day. The biggest announcement was GovCloud East is coming in 2018. Though, a more specific time frame would have been better received.

AWSsummit2017c

There were a lot of break sessions to choose from. There was a session on VMware Cloud on AWS. I don’t think there was any big news and sadly still no date for GA. Here’s a few things I got out of the session. Customers will purchase this service from VMware. AWS services will be billed separate from VMware by Amazon. All AWS services can be accessed from a customer’s VMware cluster, which will be hosted at a AWS data center. ESXi will boot from a EBS volume and no root access to the host for customers. The underlying storage for the VMs will be vSAN, which is a minimum of 4 hosts. Elastic DRS will be able to bring up a new host fast. I think within minutes. However, removing a host will take more time as data needs to be moved from the disks on the host.

I attended a fascinating session hosted by Kevin Murphy, Program Executive Earth Science Data Systems at NASA. He talked about and showed some of the projects NASA has been working on and how they leverage AWS. Some of NASA’s projects pull in petabytes of data ever day from satellites. The data is available for free for every person and company in the world. Kevin demonstrated one of his projects called Worldview, which I provided a description below. I highly recommend everyone to check it out. You can add an assortment of layers with various information, such as all major fires around the world and by date.

This tool from NASA’s EOSDIS provides the capability to interactively browse global, full-resolution satellite imagery and then download the underlying data. Most of the 150+ available products are updated within three hours of observation, essentially showing the entire Earth as it looks “right now”. This supports time-critical application areas such as wildfire management, air quality measurements, and flood monitoring. Arctic and Antarctic views of several products are also available for a “full globe” perspective. Browsing on tablet and smartphone devices is generally supported for mobile access to the imagery.

I’m sure Amazon will be looking to expand the event next year. I heard the attendance was at least 7,500 before Tuesday afternoon, which seemed to catch Amazon by surprise. Despite the crowds, I had a good time and learned a lot during my two days at the event .

 

My Home Setup

I think the equipment an IT professional uses in their home and the time they take at home for technology is a reflection of their dedication. Keeping up with technology is hard to do solely at work. Using various devices and software at home is one way to help broaden one’s knowledge.

The cornerstone of my home network is a box running Sophos XG Firewall Home Edition. Sophos is more than just a firewall. It can do anti-malware scanning, IPS, VPN, and many other services. I can talk a lot about my experiences with Sophos. I will write deep drive of Sophos XG Firewall in a future article.

My wired devices are connected to a 8 port gig Meraki switch, MS220-8. I use a Meraki MR33 for a 802.11ac wireless access point. Both devices are cloud managed. I was a little skeptical at first, but I can now really say that I like Meraki’s dashboard that allows management of my devices. The dashboard allows a lot of configuration to be done before a customer even receives the devices. Then the device will pull down the config once it’s connected to the network.

I do not work in networking so I enjoyed seeing a different side then I am use to at work. I am not taking advantage of all features, but I enjoy testing what I can do. A wifi guest network can be easily isolated. Also, packet capture can be easily ran from the dashboard against an AP or port of the switch.

I, of course, build my own computers and enjoy the process. Though, I’m really due for building a new one. My computer is showing it’s age with an i7 Ivy Bridge, but it still gets the job done. I use VMware workstation when I want to spin up some VMs.

Here’s a couple device a have for fun. I have a Raspberry Pi, which I currently run RetroPie on it. RetroPie is loaded with emulators and makes it easy to play some classic games. I have a Steam Link that allows me to stream games from my computer. I got it on sale for $30 and it can stream anything from my computer so even non-gamers may find a use for it.

The most odd ball set of devices I have are MoCA network adapters, ECB2500C. MoCA is fun to say and an easy way to expand a home network over existing coaxial cable. For example, I live in an apartment that already had coaxial ran to a room that I wanted a wired connection. I just added couple of the adapters to easily extend my network.

My home setup is small, but I consider it elaborate and to the point. My goal is for it to be secure and easily functional for home related devices. I am not one for having devices for the sake of having them. I like to make sure I use everything I have.

 

VeeamON 2017 – Part 3

This will be my last article on VeeamON 2017, which will be a mix of my thoughts from the event. I meant a lot of great people throughout the entire event. Everyone was eager to offer their ideas and help. Customers and partners traveled from all over the world and I saw some as far as Singapore. The Canadians were my favorite to hang out with!

Veeam had a nice lounge area filled with Veeam employees. Attendees could ask technical questions directly to the support staff at the event. If they didn’t know the answer or needed logs, they would give priority to a ticket once it was created.

0517171358cc

Above is a photo of the show floor with the vendors and dining area in the back. Does not look like many attendees around, but that is because this photo was taken in between back to back breakout sessions. The back side of each vendor you see actually has an additional company behind it. There was a good mix of vendors from big names, such as Microsoft and VMware, to smaller cloud based companies.

I couldn’t miss talking about the food and parties. Veeam made sure to keep everyone busy all day and night. If all that wasn’t enough, there was always Bourbon Street for some late night fun. A lot of the food during the event was traditional New Orleans dishes and it was delicious. There was a pub crawl Wednesday night that spanned across four venues and each venue was unique. Then the Veeam party on Thursday night was amazing. The party was filled with live music, food, and drinks at a beautiful venue called Generations Hall.

I had a blast at VeeamON and I have enjoyed looking back as I wrote these articles. I’ve always been a fan of Veeam and now I am an even bigger one. If all this talk got you excited for attending next year, then you can now start making your plans. Veeam already announced VeeamON 2018, which is scheduled for May 14-16 in Chicago.