How to configure vCAC not to delete VMs after deployment failure

I have a customer approach me asking of how we can stop vCAC from deleting VMs after deployment has failed for debugging purposes. The default behavior of vCAC is to delete the VM after deployment failure even if that failure was just caused by Guest customization failure or by the Guest Agent execution failure. The problem when a deployment fail due to a Guest Customization failure or by Guest Agent execution failure and the VM get delete as the deployment fail, you are left with no in guest logs to trace the cause of the problem which explain the need for stopping vCAC from deleting VMs after VMs deployment failure for debugging/troubleshooting.

Luckily vCAC Proxy Agent can be configured not to delete VMs after deployment failure and send it to VRMDeleted folder instead of deleting it and it can be deleted manually after you finish your debugging. If you think you need to stop vCAC from deleting VMs from vCenter after deployment failure for troubleshooting or any other reason, then below is how to do just that.

A system administrator can modify proxy agent configuration settings, such as provisioning machine credentials and deletion policy for virtualization platforms, after installation. The proxy agent utility can be used to modify the initial configurations that are encrypted in the agent configuration file.… Read More

vCAC 6 Service Temporarily Unavailable

As I have deployed vCloud Automation Center 6.0.1 in my home lab on vSphere 5.5, the installation worked flawlessly as I have carried out the same installation several times in production for several customers before. vCAC seemed to work without any problem at all for few hours, then I started getting the following error every time I tried to access my vCAC Portal:

———————

Service Temporarily Unavailable 

The Server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

———————

Below is a screenshot of the actual error:

vCAC Service temporary unavailable

 

I was surprised to see the above error, and when checked the status of my vCAC Services under the services tab in the appliance management console of vCAC the pages was not loading although all the other tab were working just fine. I logged in through ssh to the vCAC Appliance and restarted the vCAC Service using the following command:

# service vcac-server restart

After restarting the vCAC Service and waiting for about 5 minutes, I have noticed that all the services of vCAC is now showing up on the service tab and right after that the vCAC portal started to function again. Initially I thought the service might hanged for some reason or so on, but after few hours the same issues came up, and I have noticed that I am getting the same problem repeatedly every few hours where my services stop again.… Read More

vCloud Automation Center and vCenter Appliance

Yesterday, I was asked twice if using our vCenter Server Appliance (vCSA) with vCloud Automation Center (vCAC) is a viable option. As one of the two requests came from inside our VCDX family, It seems to be not a common knowledge, not when I get asked by another VCDX about it.  I thought this seems to be a good topic to address in a blog post, as the following questions seems to come often:

  • Does vCloud Automation Center (vCAC) 6 support vCenter Server Appliance (vCSA)?
  • Do your recommend using vCSA with vCAC?
  • What’s the added benefits of using vCSA  in my vCloud setup?
  • What extra limitations does using the vCenter Server Appliance with vCloud Automation Center impose to my environment?

I am sure you either had one of these questions on your mind or had been asked one of these at least once if you are working on a vCloud Automation Center setup. I will try to address these questions in this post.

Does vCloud Automation Center (vCAC) 6 support vCenter Server Appliance (vCSA)?

vCloud Automation Center and vCenter Appliance

I guess the image above gave the answer away, but for those of you who liked it spelled out, yes vCAC 6 support vCSA. Just make sure you check the vCenter interoperability matrix to ensure you are getting a supported version of the vCenter Server Appliance with the version of vCAC you are planning to install.… Read More

vCAC 6 Missing VM Actions

This problems seems to lately surface more than not when delivery a vCAC 6 Distributed installation. After you complete your vCloud Automation Center 6 installation without a hitch and you thought everything is working perfectly, you go to your Catalog Entitlements and try to assign Actions allowed and you notice that you have only few of what you really should have. The below screenshot provide a sample of which only actions I were able to entitle to my catalog items:

vCAC 6 missing VMs Actions

 

Before you jump to a conclusion that this the same problem you are having, please ensure that you have assigned the right permissions to your blueprint and entitlements to your Catalog item. For initial testing try to give all permissions to your blueprint as in the below screenshot:

 vCAC provide permissions on Blueprints

After providing the permissions on the vCAC Blueprint then you want to ensure your Catalog entitlements are set correctly. Go to Catalog action entitlements and check which Actions could you entitle to your Catalog item. If it look like the below screenshot then you are definitely having the same problem this article is trying to address as you should have much more actions that you can entitle to your Catalog Items.… Read More

vCAC 6 Service Unreachable – Reference error REPO404

While delivering a distributed install of  vCloud Automation Center using exactly the same steps I have used for few previous engagements, & while the setup completed perfectly without any errors, accessing the infrastructure tab in vCAC has continuously reported the following error:

—————————————————————————-

Service Unreachable

A required service cannot be reached at the expected address.

Please contact your system Administrator for Assistance.

Reference error REPO404.

—————————————————————————–

vCloud Automation Center 6 repo404 error

I was quite certain I have done the certs right, as I followed my certs guide that I had followed in few other engagements previously and posted it on my blog before at: vCloud Automation Center 6 Certificates A to Z.  Just for your reference if you have not read that post all the certs was generated by Active Directory CA.

As the above error can be caused by few different causes, I have went into checking my different vCAC logs and the error that helped me identify the cause was in the vCAC IaaS Web Server Windows Event log and below is a copy of that error (I marked in red the part that gave it away)

——————————— vCAC 6 SSL/TLS secure channel Error Start ——————

Log Name:      Application

Source:        VMware GUI Administration

Date:          05/28/2014 5:36:52 PM

Event ID:      0

Task Category: None

Level:         Error

Keywords:      Classic

User:          N/A

Computer:      IAASWEB1.vt.com

Description:

Timestamp: 5/28/2014 9:36:52 PM

 

Message: Error occurred writing to the respository tracking log

System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.Read More

vCAC 5.2 to 6.x Construct Mappings

vCAC 5.x admins/architects might get surprised by vCAC 6.x construct naming and think VMware has abundant the constructs vCloud Automation Center used in the past. After a closer look though, you will notice these construct functionality is still the same as they used to be in 5.x and they were just renamed to fit the wider audience vCAC is currently address and to be better aligned with those constructs functionality. The main different is that a new Tenant Construct was introduced in vCAC 6.x which did not exist in 5.2 as vCAC 5.2 did not support  multi-tenancy.

I get asked quite often about the construct mapping between vCAC 5.2 and 6.x. Further, the longer I have been delivering just vCAC 6.x engagements, I seem to start forgetting the contruct mapping between vCloud Automation Center 5.2 and 6.x, so I decided I will document it here for a reference to myself and others looking for such info. Below is the best diagram I was able to find that highlight the construct mapping between vCAC 5.2 and vCAC 6.x:

vCAC 5.2 to vCAC 6.x Construct Mapping

Hope this help those of you familiar with vCAC 5.2 jump on 6.x with confident :).… Read More

vCloud Automation Center 6 Load Balancer configuration

Every Distributed vCloud Automation Center 6 installation involves configuring load balancing at several levels. As load balancers have historically been the responsibility of the network team, many virtualization/server admins are not comfortable with them.  Further, if your load balancing request is not clear and detailed the network team will return the request back and ask for more clarifications and any extra required details. This seems to give many Cloud/Virtualization admins a hard time when trying to complete a vCloud Automation 6 Distributed install. In a try to help the rest of us get the info they need to pass to the network team to configure the load balancing required to complete a vCAC Distributed install, I will try to provide as much details required in this post.

Let’s start by trying to figuring out where do we need to plug in our load balancers, and which components we need to load balance. How about a diagram which present where load balancers fit in a vCAC Distributed install:

vCAC Distributed install Load balancer

 Below is the required configuration for load balancing vCloud Automation Center 6 at each level:

vCloud Automation Center Appliance (VIP):

The vCAC Appliances will be setup in an Active/Active configuration with the below configuration:

  • Transport Protocol: Https (443)
  • Load balancing Method: Least Response Time
  • Enable session affinity or sticky session  (Source IP or Cookies)
  • Health Check URL: https://<Your vCAC Appliance FQDN>      Ex: https://vcacapp01.vt.com

IaaS Windows Virtual Machine (Model Manager and Web Service) – VIP:

  • Transport Protocol: Https (443)
  • Load balancing Method: Least Response Time
  • Enable session affinity or sticky session
  • Health Check URL: https://<Your IaaS Web Machine FQDN>      Ex: https://iaasweb01.vt.com

IaaS Windows Virtual Machine (Manager Service) – VIP:

  • Transport Protocol: Https (443)
  • Load balancing Method: Failover
  • Session affinity or stick session will not be setup for Manager Service as it is active passive and the passive node should have no requests sent to it at all.
Read More

Application Director unable to login to cloud provider

I was delivering an engagement lately where I had to integrate VMware Application Director with vCloud Automation Center 6.0.  I have got to the stage where I needed to connect App Director to a Cloud provider.

Although I was certain, I have entered the correct information on the New Cloud Provider screen as shown below, I kept getting the following error: “Could not connect to the Cloud Provider at https://vtvcaciaas Unable to login to cloud provider. Please verify the user credentials as well as other parameters you entered.”

vCAC fail to connect to Application Director

This error was quite frustrating, as I was sure I have provided the correct information as well verified it over a 100 time. After digging for an answer, I was surprised to know that the User Name here is case sensitive, so basically cloudadmin@vt.com is not equal to CloudAdmin@vt.com. I had to go back to my Active Directory Domain Controller, and search for the user and copy it case sensitive as is to this User Name field which in my case was “CloudAdmin@vt.com”. To my surprise this worked every time.

As most of us are used to none case sensitive user name, where every one knows by now password is case sensitive, I can see this same issue catching many others, and hope this help save you a bit of time :).… Read More

Generating Certificates for vCAC 6 IaaS Web Server & Manager Service

This post will take you through the steps you will need to generate, request, and apply the certificates for both vCloud Automation Center 6 IaaS Web Server as well the Manager Service. Please note this is the third part of a three post vCAC 6 Certificates tutorial, where the first two posts can be found at:

Step 1: Generating the Certificate Requests

To generate the appropriate configuration files:

1. Open a text editor on the system where OpenSSL is installed.

2. Paste the following text into a file, replacing the information in red with that specific to your environment.

[ req ]
default_bits = 2048
default_keyfile = rui.key
distinguished_name = req_distinguished_name
encrypt_key = no
prompt = no
string_mask = nombstr
req_extensions = v3_req
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, dataEncipherment, nonRepudiation
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = DNS: vtvcacis01, IP:192.168.2.106, DNS: vtvcacis01.vt.com, DNS: vtvcacis01a, IP: 192.168.2.107, DNS: vtvcacis01a.vt.com, DNS: vtvcacis01b, IP: 192.168.2.108, DNS: vtvcacis01b.vt.com
[ req_distinguished_name ]
countryName = CA
stateOrProvinceName = ON
localityName = Toronto
0.organizationName = Lab
organizationalUnitName = vCACIaaS
commonName = vtvcacis01.vt.com

3. Save the file as vcaciaas.cfg (I have saved my file in c:\certs\vcaciaas as you’ll note further on).… Read More

Generating Certificates for the identity Appliance/vCAC Appliance

At this post, I will go through how you Generate and import the certificates in a step by step fashion for both the Identity and vCAC Appliance. Please note this post is the second part of a three post tutorial where you can find the other two posts at:

Step 1: Generate the appropriate configuration files:

  1. Open a text editor on the system where OpenSSL is installed.
  2. Paste the following text into a file, replacing the information in red with that specific to your environment.

This one I used for Identity server:

[ req ]
default_bits = 2048
default_keyfile = rui.key
distinguished_name = req_distinguished_name
encrypt_key = no
prompt = no
string_mask = nombstr
req_extensions = v3_req
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, dataEncipherment, nonRepudiation
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = DNS:vtid01, IP:192.168.2.101, DNS:vtid01.vt.com
[ req_distinguished_name ]
countryName = CA
stateOrProvinceName = ON
localityName = Toronto
0.organizationName = Lab
organizationalUnitName = vCACSSO
commonName = vtid01.vt.com


This one I used for my vCAC Appliance:

[ req ]
default_bits = 2048
default_keyfile = rui.key
distinguished_name = req_distinguished_name
encrypt_key = no
prompt = no
string_mask = nombstr
req_extensions = v3_req
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, dataEncipherment, nonRepudiation
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = DNS:vtvcac01, IP:192.168.2.102, DNS:vtvcac01.vt.com, DNS:vtvcac01a, IP:192.168.2.103, DNS:vtvcac01a.vt.com, DNS:vtvcac01b, IP:192.168.2.104, DNS:vtvcac01b.vt.com  
[ req_distinguished_name ]
countryName = CA
stateOrProvinceName = ON
localityName = Toronto
0.organizationName = Lab
organizationalUnitName = vCACAppliance
commonName = vtvcac01.vt.com

3.… Read More

vCloud Automation Center 6 Certificates A to Z

While working on delivering vCAC 6 engagements, I have noticed that getting all the certificates required in place has always required me to jump across different information sources between VMware documentation, blogs, & other consultants work. For that I have decided to put this guide together which cover the certificates process for a new vCAC 6.x installation from A-Z to easy the process for myself and others. I start all the way from how to install your own CA and continue all the way till you assign the certificates to each component. Before I start going through the details, I have to give credits where due. This document has incorporated information from all of the below sources:

While I have used a lot of material and knowledge that I have gained from the above sources, I have incorporated these steps at different customers, and carried out the full work again in my lab to get all the screenshots being consistent across the full procedure. Hope you will find it useful.

Good to know

This section gives you some important vCloud Automation 6 certificates faqs and recommendations, that you will need to know before getting started.… Read More

How to fix: vCAC 6 AD Login is very slow

While working at a customer site with a pretty decent size Active Directory where they have implemented an Empty root structure, vCAC login through Single Sign On when using Active Directory accounts were pretty slow. It took up to 10-15 minutes at time per login attempt.

The customer had a multitiered domain in a single forest. The top domain/root domain or if you want to call it level 1 domain was empty, where all the users and where vCAC users were coming from is the level 2 domain. What was happening is when a user of the level 2 domain try to login he was facing one of the below two problems:

1- If the user does not have any group membership outside  the level 2 domain, they were allowed to login, but it took quite a bit for the login attempt to complete. (10-15 minutes)

2- If the user has any group membership or any tie outside the level 2 domain, after the log on attempt, the progress bar on the log on page will stop and nothing will happen.

At first, I thought I might be short at resources on my SSO server so I boosted that up, while it speeded things a bit it was not too noticeable of improvement and I knew there was a bit more work to do.… Read More

Warning: The current browser that you are using is not supported for use with vCAC 6.0

After setting up vCloud Automation Center 6.0.1 for one of my clients, I was able to access the vCAC portal using my Firefox browser with no problem what so ever. After I have finished the configuration of vCAC and turned the setup to the customer to try it from his machine, he did not have Firefox and their corporate policy force them to use IE8 which is by the way a supported vCAC browser and I was confident it should work there with no problem. The surprise was as soon he opened up the vCAC page in his IE8, he got the following error:

‘Warning: The current browser that you are using is not supported for use with vCAC 6.0′

vCAC 6 not supported error

This has got me in doubt if I have conveyed the wrong message to the customer of IE8 being a supported browser, so I went right a head and checked vCAC 6.0.1 supported browsers list which can be found on page 14 at: http://www.vmware.com/pdf/vcloud-automation-center-60-support-matrix.pdf

The list of supported vCloud Automation Centers as extracted from the document is copied below:

 

—————————-

Browser Support
Microsoft

  •  IE8
  •  IE9 **
  • IE10 **

Google

  • Chrome 29
  • Chrome 30

FireFox

  • Firefox 23
  • Firefox 24

** Compatibility mode for IE9 and IE10 is not supported.… Read More

VMware vCloud Hybrid Service vSphere Client Plug-in is here

VMware has just announced vCloud Hybrid Service vSphere Client Plug-in which will help VMware customers manage their VMs in VMware Hybrid Service the same way they manage their vSphere environment right from inside their vSphere Client (Only Web Client as you would guessed), which should increase administrators efficiency and reduce the time of learning a new interface as they will get to use the vSphere familiar interface to manage their VMs in the Cloud. vSphere Client will be your single pane of glass to VMs running in your datacenter and in VMware Hybrid Service. This is such a great achievement and will complement VMware Hybrid Cloud story.

vCHS vSphere Client Plug-in

vCloud Hybrid Service vSphere Client plug-in extends the familiar vSphere Web Client UI to vCloud Hybrid Service. With the vCHS plugin, from within the vSphere Client, customers can:

  • View and administer Dedicated Cloud and Virtual Private Cloud instances on vCHS
  • Browse, create and modify each cloud instance and manage its inventory of virtual data centers, gateways, and networks
  • Deploy virtual machines using catalog templates and modify existing VMs
  • Receive automatic updates on any changes made to their account via vCHS web portal

Resources:

Requirements:

  • vSphere Web Client 5.5  (No C+ Client)
  • vCloud Hybrid Service account with VPC or Dedicated cloud
  • Compatible Browsers:
    •   Windows: Firefox, Chrome and Internet Explorer
    • Mac: Chrome and Safari   (VMs Console Access does not work on Mac)
    • Linux: Firefox and Chrome

Demos:

Enjoy the new enhanced Experience of VMware vCloud Hybrid Service!

Read More

vCloud Director VM Customization joining domain fail

Joining VMs to the domain is a part of vCloud Director VMs customization process. While configuring the guest customization screen for your VMs in vCloud Director to join the domain is a straight forward & easy process, there seems to be many situations where VMs just fail to join the domain as a part of the Windows VM customization process. The below list will help you try to pin point the problem and fix it as quickly as possible.

vCD Guest Customization joining Domain

vCD Guest Customization joining Domain

- First of all make sure to use DHCP for your IP assignment rather than Static IP Pool, as DHCP is a requirement for the vCloud Director Customization to be able to join VMs to the domain. This is pointed out in the following KB: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1026326, while I agree it could have been nice if it was stated a bit more clearly.

This seems to be the most missed issue with getting VMs to join the domain using the vCloud Director Customization, the reason it does not work with Static IP Pool, is that Sysprep reset the IP of the machine before joining the domain which has forced VMware to get the customization script to inject the IP of the Static IP pool after the joining the domain step is being completed by the Sysprep.… Read More

Sponsors