I am trying to install VMWare Sever appliance I have downloaded the iso three times.
Its applied to my VM via the CDrom datastore file. It shows as connected.
When I launch the vm it just goes to lan searching for boot then gives up. I close the vm and the CDrom now shows as diconnected.
I have tried on a variety of browsers, if I use a different ISO it works, so I am guessing the ISO, but I can only download it so many times its 4 gigs.
How do I fix this please?
Hi Everyone
I am an IT teacher i have taught vSphere 5.5 for years doing a live install with my students.
Now we want to upgrade to 6.7
I use workstation Pro and have just update it to the latest ver with licence.
I was able to install esxi 6.7 with no problems but vCenter 6.7 just gives me Operating System Not Found.
I am using vCenter Appliance VMware-VCSA-all-6.7.0-11726888.iso
I am stalled as I know my VM settings are correct.
I am use to using an ova file my understanding is this is now inside the iso file as an OVF file.
I removed my adapter as it kept going to pxe boot .
Classes have started and I am hitting my head aganist a wall.
Help
Sheila confused IT Teacher
Hello,
First of all, I would like to let you know that I am really new into VMWare and I have very little knowledge about it. I'm trying to seek for help from experts here.
Problem Description
I have two ESXi hosts which is configured as HA cluster under vCenter. Also, I have shared-storage using iSCSI between the two hosts. My problem is I unable to access to vCenter anymore, it's just suddenly showing error 503 on the web browser but I do have access via SSH. So, there are 2 solutions I could think about:
Thanks in advance.
Seyma
Hi,
I'm keep seeing the "not responding" message on VCenter randomly and I can't figure out what's going on. The VCenter seems to loose connection to the Hosts but they hosts are 100% healthy and works fine (VMs are also online and no issues).
It happens randomly and it get back to normal randomly as well without touching anything (sometime after 10seconds, sometime after 15 mins and sometimes after hrs).
I have searched through the logs on the host but I can't see anything related to this lost connection.
Any specific log file that I can check? I checked hostd.log, vpxa.log and syslog.log on the hosts.
I followed this KB (VMware Knowledge Base) but it's not an SSL Timeout issue.
Tried to restart the hostd and vpxa on the hosts with no luck.
In the VCenter the only error that I see is this but no much info to troubleshoot:
Any Idea on what could be or where I can start to look to get more information on this?
I have VMware ESXi, 6.7.0, 14320388 deployed on a bare metal server in a cloud hosting provider.
Any help or suggestions would be greatly appreciated!
So, I was handed new vlans last week. Need to spin up the first infrastructure vcenter on them in order to run services.
Currently, I have no routing, no dns, no dhcp, no ntp. Just a host, a datastore, a mgmt network, a switch, and my laptop directly connected to the switch.
Set up the host running ESXi6.7u2.
Trying to install VCSA 6.7u3, via the win32 gui from the installer ISO.
I don't put in a FQDN as it's optional - I've tried with a FQDN, and with it's IP as FQDN, doesn't work either.
Stage 1 installs fine.
Stage 2 takes 4 hours to get about 50% of the way through, very slowly starting up the services. At 50%, it's at starting vcenter service.
Then it times out and the installer quits. Sometimes it gives the 'internal error 2' before quitting, sometimes it just quits.
I *know* that the 'right' way is to have DNS & NTP functional. But there has to be a way to install it in a new environment that has no network services at all, so you can spin up said network services.
I've verified that /etc/hosts has the IP pointing to photon-machine ie default hostname if no FQDN is installed.
I vaguely remember reading about a timeout setting for the installer, and setting it longer, but cannot find that information (if it was more than just a fever dream).
Any and all suggestions welcome.
Hi,
Seen a few posts which show update c is having CPU issues, can anyone confirm and suggest which one to upgrade to from 6.7?
Thanks
Hi All,
I hope everyone in the community is keeping safe during these changing times.
I am currently experiencing an issue with my VCenter Server 7.0 that I have deploy in my Environment. I am attempting to change the Machine_Cert with one that is signed by my internal certificate auth. Every time I attempt to change the certificate I get the following error 'Error occurred while fetching tls: Exception found (Invalid input certificate : DNS in Subject Alternative Name is not correct. DNS Name must contain machine FQDN.).
I have made sure that I am including the vcenter server hostname in the Subject Alternative Name so should all be working as expected.
CN = 172.16.0.30
Subject Alternatives that are included
DNS = vcserver.domain.local
DNS = vcserver
When I run the following command I get the output of 172.26.0.30 from my server.
'root@vcserver [ ~ ]# /usr/lib/vmware-vmafd/bin/vmafd-cli get-pnid --server-name localhost'
172.26.0.30
I have also compared the currently used Subject Alternatives to what is in my new certificate and these are the same. Has anyone seen this issue before or able to help out with fixing the issue?
Any suggestions would be appreciated.
Regards,
Tom
Hello,
I have a vCenter 7 appliance, standalone, that is giving the error Could not connect to one or more vCenter Server systems:https://vcenterappliancename:443/sdk . At first, the appliance was in emergency mode. I ran a filesystem command to check and repair any issues. After a reboot the appliance came up properly, but am now having this error. Any suggestions how to correct this? Thanks.
The VAPI health url vapiendpoint/health shows the following errors:
com.vmware.vapi.endpoint.failedToConnectToVApiProvider"defaultMessage="Failed to connect to 73330f61-dfb9-45e1-a79a-6dcee801fd89\com.vmware.vstats.vapi vAPI provider.
"The appliance cannot be used or prepared because a failure was encountered. An error occurred while starting service 'vpxd-svcs'.
I have created a domain controller, and given VCSA a DNS record within said DC. After stage 1, I am not able to proceed with stage 2 because of this issue. I am also unable to access any log output because it's all in Chinese-looking gibberish. I have also put in a reverse lookup zone. I have talked with the networkers and they have said the IPs for VCSA, the management laptop, and our hosts were all correct. Is there anything I am missing?
There was an issue with vCenter 6.7 U3h where the applmgmt service timeout settings needed to be increased to 600 seconds in order for the service to start...
https://www.provirtualzone.com/after-updating-vcsa-to-6-7-u3h-applmgmt-service-did-not-start/
Has this issue been resolved in vCenter 6.7 U3i?
In vCenter 7 Server Management the vAPI Endpoint has a warning:
Incorrect service registration found in Lookup Service. Multiple services registered on same URL - http://localhost:10098/topologysvc.
The Health XML shows:
<healthStatus schemaVersion="1.0">
<status>YELLOW</status>
<message messageKey="com.vmware.vapi.endpoint.duplicateServiceRegistrationFound" defaultMessage="Incorrect service registration found in Lookup Service. Multiple services registered on same URL - http://localhost:10098/topologysvc.">
<param xsi:type="xs:string">http://localhost:10098/topologysvc</param>
</message>
<message messageKey="com.vmware.vapi.endpoint.duplicateServiceRegistrationFound" defaultMessage="Incorrect service registration found in Lookup Service. Multiple services registered on same URL - http://localhost:10098/topologysvc.">
<param xsi:type="xs:string">http://localhost:10098/topologysvc</param>
</message>
<message messageKey="com.vmware.vapi.endpoint.healthStatusProducedTimes" defaultMessage="Current vApi Endpoint health status is created between 2020-08-08T01:55:37UTC and 2020-08-08T01:55:38UTC.">
<param xsi:type="xs:string">2020-08-08T01:55:37UTC</param>
<param xsi:type="xs:string">2020-08-08T01:55:38UTC</param>
</message>
</healthStatus>
How can I resolve this warning?
is is possible to modify a confioguration file via a host profile from a autodeploy bootup image?
1、The reason for this problem is that I upgraded vcenter 6.7u1b directly to 6.7u3g, and I did the upgrade without any awareness to check the upgrade compatibility document.
2、The manifestation of this problem is that every time I log in to vcenter, there will be an out of sync and automatic failover error message in the vcenter ha configuration interface.
So I logged in to the vcenter appliance and copied the log locally and found the problem. Every time I log in to vcenter, the com.vmware.vcIntegrity.vcIntegrity:6.7.0.xxxx plug-in will continuously delete the replication synchronization between the active and passive nodes.
3、Finally I found the location of the name. It is not a file but a folder. I set a chattr +i attribute to all the files in this folder. The problem was solved and it took three months. No problem was found in the time, except that sometimes the taskbar at the bottom disappears, you need to click the bottom at the moment of refresh to make the taskbar appear.
chattr +i -R /etc/vmware/vsphere-ui/cm-service-packages/com.vmware.cis.vsphereclient.plugin/com.vmware.vcIntegrity.vcIntegrity:6.7.0.xxxx
1、Every time I log in to vcenter, the recent task at the bottom will prompt to deploy the plug-in com.vmware.vcIntegrity.vcIntegrity: 6.7.0.xxxx. I found that this problem is from 6.7u2 to the latest 6.7u3g. The latest 7.0 has no such plug-in.
2、I found that the method also solved this problem when solving vcenter ha out of sync.After this setting, the bottom task bar sometimes disappears. You need to click the bottom task bar when refreshing the page. I'm not sure if it is caused by this. Even I don't want to see the prompt to deploy the plug-in every time I log in.
chattr +i -R /etc/vmware/vsphere-ui/cm-service-packages/com.vmware.cis.vsphereclient.plugin/com.vmware.vcIntegrity.vcIntegrity:6.7.0.xxxx
Hello everyone,
Yesterday I started having trouble signing in to the VCSA 6.0U3 Flash ("flex") client, seemingly out of nowhere. Yes, I would like to upgrade to 6.5, but we have no support contract for two years...
The Windows "fat" client lets me log in, and if I SSH in and restart all services, my FIRST login succeeds. After that if I attempt to login again or from another machine I get the blue screen and spinning clock indefinitely.
The most promising error messages I can are from websso.log:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
ssoAdmin:
com.vmware.identity.admin.server.ims.ServerConfigurationException: Failed to get issuers certificates
and STS:
| 2020-08-11T17:16:09.961-04:00 | ERROR | | opId-8d5efa48-949b-47ed-8c13-5dd383b74896 | vdcs-background-executor-4 | StsTrustChainImpl | | Error retrieving trusted root certificates. |
java.lang.NullPointerException
| at com.vmware.provider.VecsKeyStoreEngine.engineAliases(VecsKeyStoreEngine.java:71) | |
| at java.security.KeyStore.aliases(Unknown Source) | |
| at com.vmware.vcde.common.services.sso.impl.StsTrustChainImpl.refresh(StsTrustChainImpl.java:56) | |
| at com.vmware.vcde.common.services.sso.impl.StsTrustChainImpl.access$0(StsTrustChainImpl.java:51) | |
| at com.vmware.vcde.common.services.sso.impl.StsTrustChainImpl$1.run(StsTrustChainImpl.java:46) |
I haven't made any modifications to the certs, and things were working prior to yesterday afternoon. All the certs I can find are valid through 2024 or 2025. I've poked through the management interface, through the PSC, manually verified the certs on the VCSA with openssl. My suspicion is that some cert expired but I can't find any that are expired.
I did reboot the VCSA, and when it came back up it wiped out eam.properties so I did rebuild that and have verified that vmware-eam is running, and that the vapi endpoint health check returns okay.
This is so strange because, once I rebooted and/or restart all services, the first login succeeds in the web interface, but I only get one. The fat client works. The PSC lets me log in.
Has anyone seen this before?
Thank you,
Don
hi all,
Am getting this error in vCenter, running vCenter 7.0. Under Administration> Client Plugins its the 'com.vmware.vrUi' causing this issue, which seems to be for vSphere replication, which was once deployed but is now gone.
Also under: https://vcenter.internal.kloudit.com.au/mob/?moid=ExtensionManager , I have the following:
Any ideas on how to resolve this?
Vcenter 6.0 Service reported 503 error, unable to use SSH remote. Check that the vCenter space is full, SSH can be used after clearing part of the logs, and some services still cannot be started after using service-Control --start --all.Even after a single start, as long as you run vCenter, it will stop immediately.The following services will stop automatically:
vmware-invsvc (VMware Inventory Service) vmware-mbcs (VMware Message Bus Configuration Service) vmware-netdumper (VMware vSphere ESXi Dump Collector) vmware-rbd-watchdog (VMware vSphere Auto Deploy Waiter) vmware-sca (VMware Service Control Agent)vmware-vdcs (VMware Content Library Service) vmware-vpostgres (VMware Postgres) vmware-vpx-workflow (VMware vCenter Workflow Manager) vsphere-client ()
vcenter
thanks!
The CVE Code Description:
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.
(Link:CVE -CVE-2020-1938 )
But in the latest version vCenter 6.0u3j:
So how to solve this problem in vCenter 6.0?
Hi ,
Is it true VMware has obsoleted windows vCenter 7?
does any body have tried to deploy VCSA7 without FQDN or DNS Resolution ., if yes , the how did it bcoz i tried , its faild on 4% on Stage 2 .
Thanks
"ExecReload=/usr/bin/kill -HUP $MAINPID" should be part of the shipped rsyslog.service and if vmware only would read the logs they could know
/usr/lib/systemd/system/getty@tty2.service.d/dcui_override.conf has wrong permissions BTW
2020-08-12T13:00:01.566324+00:00 vcenter logrotate: Failed to reload syslog.service: Job type reload is not applicable for unit rsyslog.service.
2020-08-13T00:00:03.552688+00:00 vcenter logrotate: Failed to reload syslog.service: Job type reload is not applicable for unit rsyslog.service.
2020-08-12T13:00:01.566435+00:00 vcenter logrotate: error: error running shared postrotate script for '/var/log/lastlog '
2020-08-13T00:00:03.553029+00:00 vcenter logrotate: error: error running shared postrotate script for '/var/log/lastlog '
[root@vcenter:~]$ cat /etc/systemd/system/rsyslog.service.d/reload.conf
[Service]
ExecReload=/usr/bin/kill -HUP $MAINPID
[root@vcenter:~]$ systemctl status rsyslog
● rsyslog.service - System Logging Service
Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/rsyslog.service.d
└─reload.conf
2020-08-13T10:56:21.404519+00:00 vcenter systemd[1]: Reloading.
2020-08-13T10:56:22.471532+00:00 vcenter systemd[1]: Configuration file /usr/lib/systemd/system/getty@tty2.service.d/dcui_override.conf is marked executable. Please remove executable permission bits. Proceeding anyway.
2020-08-13T10:57:16.644834+00:00 vcenter systemd[1]: Reloading System Logging Service.
2020-08-13T10:57:16.686632+00:00 vcenter systemd[1]: Reloaded System Logging Service.
[root@vcenter:~]$ chmod 644 /usr/lib/systemd/system/getty@tty2.service.d/dcui_override.conf