Everyone has noticed the tiny (1CPU, 128MB memory) vCLS machines (vSphere Cluster Services) that deployed in our environments after the 7.0 U1 upgrade. I like the concept of them that remove the dependency of vCenter being up for DRS to function. I envision that VMware will add more features that no longer depend on vCenter in future releases. There’s a little quirky thing that only an admin account in vCenter can see the vCLS machines. Searching with a non-admin account will only find the vCLS tags. Not really many scerionos that someone needs to interact with them, but one is to migrate them off a datastore you don’t want them to use.
vRealize Password Trouble
Even if you document every password you created, you may still run into password related issues. Root password expirations are easy ones to miss, especially when you don’t know when the password is going to expire. Most vRealize products expire root accounts password after 365 days. I recommend disabling password expiration for root and admin passwords for vRealize products if you can. Of course, still rotate the passwords. That way you are not in a tough spot if you miss the chance to easily change it. Either way, make a reminder in your PAM to change the passwords if you have a policy to rotate passwords. Below are some tips if you cannot log in to one of your vRealize products.
For example, if you are sure you know you are using the correct password to SSH with root and it’s saying your password is wrong, start off with rebooting each node one at a time. Then SSH into each node with the current password. Hopefully, you’ll be prompted that the password expired and to change it. This also works for NSX Manager nodes. If it’s an account that was recently locked out, waiting about one hour worked for me in the past.
VMware has documentation for each vRealize product to reset the root password. It’s generally booting into single user mode when using Photon OS. It also has ways in documentation to disable the password expirations.
- vROps – root password reset
- vROps – Set root password expiration
- vRLI – root password reset
- vRA – root password reset
- vRLCM – root password reset
If you are using vRealize Lifecycle Manager, make sure to update passwords in its Locker. Your accounts will lock out if you don’t do it.
Configure SMTP for everything that has the ability and set email addresses for all accounts. Password reset links are emailed out for Log Insight. Therefore, best to have this squared away ahead of time in case a user needs their password reset.
End of Year
Saying the end of this year has been busy is the understatement of the year. The log4j vulnerbilities hit an extreme amount of products from various vendors across most enterprises. I have applied workarounds to nine VMware products to remediate Log4Shell. It has seemed almost neverending with new vulnerabilities related to log4j being discovered as the past couple of weeks have unfolded. It was nice when VMware offered scripts to do most of the work. I am happy that ESXi was not affected.
Make sure to apply the workaround to your NSX Intelligence Appliance. I think it’s an easy one to forget about. Also, KB87150 for this workaround has a small typo in step 6. Easy to miss it when copying and pasting. Will get an error message; command not found. Below is the correct syntax. I reported the typo so, hopefully, it will be fixed soon.
Step 6: dpkg -i zip_3.0-12_amd64.deb
I am glad to be a part of the vExpert program for the past four years. I have gotten a lot out of it from discussions on the private vExpert Slack to licenses for nearly every VMware product. The program has expanded every year I have been a part of it and I am excited to see what’s in store for next year.
Jumbo frames are the way to go for vSAN, iSCSI, and vMotion VMkernels for increased performance if able to support the larger MTU on all networking devices. MTU of 9000 is supported on standard switches and distributed switches. A mismatch of MTUs can happen and network traffic may seem to be fine when it’s not. vmkping can be used to help test everything is configured correctly for MTU size.
The MTU size can be changed when the VMkernel, vSS, or vDS are in use. Though, there will be a short loss of network connectivity. No worry for vMotion. Can just temporarily disable DRS so no vMotions kick off. Though, careful planning is needed for vSAN, iSCSI, and the virtual switches they are connected to. If a host is using a vSS, the host can be placed in maintenance mode. Then change the MTU for the VMkernels and vSS. However, if using a vDS, the vDS MTU change effects all hosts in the cluster. Also, the VMkernels need to be changed for each host. I tried it on a 5 host vSAN cluster and the vDS change took 72 seconds for the MTU change to apply. VMs lost connectivity during the change and then were fine when the change was fully applied. Of course, this is not recommended to do in a production environment.
My Top Picks for Sessions at VMworld 2021
VMworld is virtual for the second straight year. The event is October 5-7 and will have content around the clock to accommodate various time zones. There are two types of passes available; the general pass is free and the Tech+ Pass has a charge. Some of the sessions are only available with the Tech+ Pass. The content catalog has been released so it’s nice to get an idea of what’s happening to plan ahead. I like to focus mostly on sessions that will help me add value to the work I do today. Some sessions will be pre-recorded and some will be live via Zoom. As always, there’s a lot of sessions to choose from. I went through them all and below are my top picks.
Deep Dive: VM Performance and Best Practices [VI2158]$
Extreme Performance Series: Performance Best Practices [MCL1635]
Extreme Performance Series: vSphere Advanced Performance Boot Camp [MCL2033]$
It’s good to see sessions based on the fundamentals of vSphere and then taking those fundamentals to the next level. All three sessions sound similar and rated at the highest technical level. Both extreme performance sessions are hosted by Mark Achtemichuk and Valentin Bondzio, and one of them is free. Mark is a VCDX, and whenever a VCDX speaks, I pay attention. These sessions should deliver useful information for all VMware admins. Mark and Valentin both work for VMware so I am sure they have seen a million different problems and can help people better troubleshoot when they face these problems.
Core Storage Best Practices Deep Dive [MCL2071]$
VMware vSAN – Dynamic Volumes for Traditional and Modern Applications [MCL1084]
VMware Storage Queue Tuning [VMTN2862]
The first session I listed above will be hosted by Cody Hosterman and Jason Massae. I have watched Cody present before at a local VMUG and other events, and he always delivers. He works for Pure, but don’t let that fool you into thinking he’s there to only promote his product. He always gets to the crux of storage that applies to nearly everyone. Duncan Epping, VCDX, and Cormac Hogan are presenting the vSAN session. They will be discussing the newer vSAN File Service and more cutting edge integration with vSphere Container Storage Interface. I am very interested in what storage tips all of these rock stars will give that I can apply at my job.
The Clock is Ticking on NSX Data Center for vSphere [EDG2721]$
NSX Data Center for vSphere to NST-T Data Center – Migration Approaches [NET1211]
NSX Data Center for vSphere to NSX-T: Strategies to Make the Move [EDG1515]
NSX-V reaches end of support on January 16th, 2022 and that’s the basis of these panels. Jayson Block, VCDX, is hosting the third session linked above. If you are still using NSX-V, you have to attend at least one of these sessions. All three sessions will give good advice on developing a migration plan. Hopefully, this will help to jumpstart your planning and migrating to NSX-T before support ends.
A Field Guide to Health Check vSAN to Operate, Upgrade and Transform [MCL1825]$
A technical Review of PSC. VMDIR, Replication and Snapshots [VI2447]$
Troubleshooting with vRealize Operations and vRealize Log Insight [MCL1286]$
All three of these sessions are in the meet the expert category and will give deep dives in their respective areas. Paul McSharry, VCDX, is presenting the vSAN session. This session looks valuable for anyone using vSAN to hear from an architect that has many deployments under their belt. The PSC has come a long way, but I still feel I don’t know everything I need to know about it. I always come across some sort of problem that support needs to help with. The PSC session looks to give the deeper understanding that I have been looking for. A lot of companies have vROps and vRLI deployed, but I rarely see anyone use the two products to their full potential. Using one or both of these products together is very useful for troubleshooting. I am looking forward to fine tuning my troubleshooting skills with this session.
Solid sessions make a virtual event and VMworld delivers again. I rather it be in person. However, it being virtual has some benefits, such as there’s a free option and more accessible to a wider audience. I will be again missing out on collecting a suitcase full of swag, but there will be giveaways from VMware and vendors, even during a virtual event. I won an official VMworld backpack last year!
vExpert 2021 and VMworld
I earned vExpert status for the forth year in a row. I was selected for my blog and contributions on the VMTN forums. I will continue my mission, which is writing articles that will assist someone that is facing the same issue I had.
VMworld will be only online again this year. It will be October 5-7, 2021. Not much has been announced so far for this event. I hope it is more interactive than last year’s online event. I definitely miss attending in person VMUGs and VMworld.
VMware vSAN 6.7 Specialist 2019 Exam Preparation and Experience
I recently passed the VMware vSAN 6.7 Specialist 2019 Exam (5V0-21.19) with a scare of 440. Despite the exam’s name, I earned the VMware Specialist – vSAN 2021 badge. Fortunately, VMware is now keeping up with the names of the badges and certifications by matching it with the calendar year, even if the test wasn’t yet updated. This is a nice change because I previously took the vSAN specialist exam in 2019 and earned the 2017 badge, which immediately looked out of date.
The exam was very straight forward. A lot of it is what engineers do on a weekly or monthly basis for many of the exam objectives. I had more than enough time to finish the exam. I don’t think there was any surprises so I recommend to know the exam objectives inside and out. Some exam objectives are not deep so don’t think too much into them. For example, objective 7.5, describe the effect of maintenance mode options; only need to know the three maintenance mode options and what they do. Though, there are some questions that were not worded the best, but that shouldn’t make it or break it for anyone.
The exam is based on vSphere 6.7 and vSAN 6.7 U1. Keep that in mind as there was a lot of changes in newer versions, especially in 6.7 U3. You are probably running a newer version at work and VMware’s HOL are no longer running the exam version of vSAN from what I saw. Though, VMware still has the lab manual for their retired vSAN 6.7 HOL. I found a lot of good information and screenshots in there.
There are only two requirements for achieving the vSAN 2021 badge; pass the 5V0-21.19 exam and have one of the pre-requisite certifications. The badge page says it needs to be a current VCP. However, there are many other certifications that also count, such as VCAP and VCDX certifications. Check out your certification manager on VMware Learn and you can see more details on what’s covered. Also, I wrote about this in a previous article about the vSAN 2017 Specialist badge.
vRealize Log Insight Not Connected to vCenter Servers After Upgrade
This is just a quick article that I have been meaning to do. I upgraded my Log Insight server. After the upgrade, it wasn’t collecting logs from my vCenter Servers. I had to accept a certificate for each vCenter Server and then it worked again. The setting is in Log Insight, under administration, and vSphere. I forgot to take a screenshot when I saw the error. Below is the location to accept the certificate.