How to configure vCAC not to delete VMs after deployment failure

I have a customer approach me asking of how we can stop vCAC from deleting VMs after deployment has failed for debugging purposes. The default behavior of vCAC is to delete the VM after deployment failure even if that failure was just caused by Guest customization failure or by the Guest Agent execution failure. The problem when a deployment fail due to a Guest Customization failure or by Guest Agent execution failure and the VM get delete as the deployment fail, you are left with no in guest logs to trace the cause of the problem which explain the need for stopping vCAC from deleting VMs after VMs deployment failure for debugging/troubleshooting.

Luckily vCAC Proxy Agent can be configured not to delete VMs after deployment failure and send it to VRMDeleted folder instead of deleting it and it can be deleted manually after you finish your debugging. If you think you need to stop vCAC from deleting VMs from vCenter after deployment failure for troubleshooting or any other reason, then below is how to do just that.

A system administrator can modify proxy agent configuration settings, such as provisioning machine credentials and deletion policy for virtualization platforms, after installation. The proxy agent utility can be used to modify the initial configurations that are encrypted in the agent configuration file.… Read More

vCenter Upgrade Error 28035. Setup failed to copy LDIFDE.EXE from System folder to ‘%windir%\ADAM’ folder

During the upgrade of vCenter I have faced the exact error that is documented in KB#2013675. The error was as follow:

————

Error 28035. Setup failed to copy LDIFDE.EXE from System folder to ‘%windir%\ADAM’ folder

———–

Below is an actual screenshot of the error:

vCenter upgrade error 28035 setup failed to copy LDIFDE

Further, in the vminst.log file, we found the following error:

———-

  • Unable to copy c:/Windows/ADAM/LDIFDE.EXE to C:/Windows/ADAM/LDIFDE.EXE

———

If you have read KB#2013675, then you will notice the above errors are an exact match of the errors documented in that KB. If so why, I am creating this post if a KB is out there that include the solution, because that solution alone which is shown below did not resolve my issue:

——- KB#2013675  Solution Start —-

To resolve this issue, manually install the Active Directory Lightweight Services Role for the server.
To manually install the Active Directory Lightweight Services Role for the server:
  1. Open the Server Manager for the server and click Add Role.
  2. Select the Active Directory Lightweight Directory Services option.
You should be able to install vCenter Server after the Role tasks complete

——- KB#2013675  Solution End —-

If the above solution does not work for you, just like was the case in our situation, then try the below solution after you apply the solution documented in the KB.… Read More

Upgrading vCenter with vCenter Heartbeat

I have went through the upgrade process of vCenter 5.0 to vCenter 5.1 which was protected by vCenter heartbeat(Please note same process apply for upgrade to 5.5 as well). The process end up being more of uninstalling and re-installing vCenter heartbeat rather than upgrade to avoid the undesired behavior of SSO lockdown that can be caused by the upgrade process of vCenter Hearbeat when SSO is hosted on the same VM as vCenter which was the case in my scenario. Let start by giving a summary of the upgrade process before going into a details:

a.  Uninstall vCenter Heartbeat 6.5 if installed
b.  Setup Single Sign On.
c.  Upgrade vCenter Server from to 5.0 to 5.1
d.  Upgrade Update Manager from 5.0 to 5.1
f. Install vCenter Heartbeat 6.6 (UAT & Prod).

below is the process  changes involved when upgrading vCenter that is protected by vCenter Heartbeat in more details:

1-      Preparation:

  • Make sure you have adequate backup. Maybe Image backup of your vCenter VMs?
  • Make sure to have license keys on hand.
  • Make sure All Windows Updates is disabled.
  • Write down all the IPs configurations.
  • Prepare a service account to use for heartbeat with local admin and vcenter admin privillage
  • Make sure to have a local administrator account on the machine that you know the password off.
Read More

vCenter 5.5 Upgrade fails when installing Microsoft Visual C++ Redistributable Package prerequisite with the error: Error Code 3010

While at a customer site and trying to upgrade their vCenter 5.0 to 5.5, every time we tried to run the installer it ran for a bit then gave us the follow error:

vCenter SSO Error 1722

Then the following errors appeared in a log files that was opened automatically in a notepad.

—————–  Error start —————–

Action 12:39:49: VM_InstallVCREDIST_x64. Configuring Microsoft Visual C++ Redistributable Package (x64)…
Action start 12:39:49: VM_InstallVCREDIST_x64.
CustomAction VM_InstallVCREDIST_x64 returned actual error code 3010 (note this may not be 100% accurate if translation happened inside sandbox

MSI (c) (5C:E4) [12:40:32:470]: Note: 1: 1722 2: VM_InstallVCREDIST_x64 3: F:\ 4: D:\Single Sign-On\prerequisites\vcredist_x64.exe /s /v/qn
Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action VM_InstallVCREDIST_x64, location: F:\, command: D:\Single Sign-On\prerequisites\vcredist_x64.exe /s /v/qn

MSI (c) (5C:E4) [12:42:05:103]: Product: vCenter Single Sign-On — Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action VM_InstallVCREDIST_x64, location: F:\, command: D:\Single Sign-On\prerequisites\vcredist_x64.exe /s /v/qn

Action ended 12:42:05: VM_InstallVCREDIST_x64. Return value 3.
MSI (c) (5C:E4) [12:42:05:103]: Doing action: FatalError
Action 12:42:05: FatalError.Read More

vCenter Server Appliance 5.5 SSO Issues

While rebuilding my home lab to use the latest version of vCloud Automation Center, I have decided to rebuild it from scratch with the latest vCenter Server Appliance and ESXi. After deploying the vCenter Appliance 5.5c and going through the configuration, I wanted to join the appliance to my domain and allow users from my domain to authenticate.  While I was able to join the appliance to my domain and that seemed to work just fine as in the below screen shot, I was having a problem configuring SSO for native active directory. I kept getting the following error:  ” ‘alias’ value should not be empty ”

Alias Value should not be empty

The solution for this particular problem was easy, actually it was more of Ooops I have forget to restart the vCenter Appliance after joining the appliance to my domain. Actually it tell you to do so as in the below screenshot:

You actually need to restart the appliance after configuring AD

I wanted to document this, as I am positive there will be the case where others will miss this as well and try to fight this error and thought I will save them time. This is especially true that I have seen other posts on forums and blogs that claim rebooting after this step is not required although the documentation state so.… Read More

vCenter Appliance fsck failed

While I have been working with a customer on upgrading their infrastructure to vSphere 5.5, they had a power outage during the night which got their full virtual infrastructure down including storage (Not sure what the story with their UPS/Power generator). After they have brought their virtual infrastructure backup up both their vCenter Appliance and VDP appliance and few other Linux VMs has failed the fsck check while it was booting and it was stuck at the following error:

=========================================

fsck failed.  Please repair manually and reboot.  The root
file system is currently mounted read-only.  To remount it
read-write do:

bash# mount -n -o remount,rw /

Atention:  Only CONTROL-D will reboot the system in this
maintanance mode.  shutdow or reboot will not work.

Give root password for maintenance
(or type Control-D to continue):

==========================================

Below is an actual screenshot of the error for you to compare it with what you got:

VMware vCSA fsck failed

Below is the steps I have followed to fix this on both vCSA and VDP Advanced:

  1. Stay Calm & Don’t Panic!
  2. Take a backup/snapshot in case the below steps does not work for you and you need to revert it back to the current state when you call support or call for help.
Read More

vCenter Single Sign On 5.5 Whats New

vCenter Single Sign On has a considerable amount of changes in vSphere 5.5, with few major ones. Many of these changes have went undetected or unnoticed by the Virtual Infrastructure Admins. If you have deployed vSphere 5.5 and missed these changes or planning to install vCenter SSO 5.5 and want to learn what has changed from the vSphere 5.1 days, then this post is for you:

Below is the list of the major changes introduced in vCenter Single Sign On:

 vCenter SSO Architecture Improvements:

1- Multi master: Unlike 5.1, vCenter SSO 5.5 has A built-in automatic multi-master replication architecture that ensure that all SSO instances are always kept in sync. While this sound great, most admins are not sure what it means nor how it affect the way they design SSO. To understand the value of this change, you must understand how SSO worked in 5.1. and how that changed in 5.5.

In 5.1 if you wanted to enable SSO for multiple vCenters in your environment, you needed to point all of them to the same SSO instance which made all of those vCenters dependent on that single SSO instance. This has made that single SSO instance to be crucial for the operation of all of your vCenters, as if that SSO instance goes down you will not be able to access any of your vCenters.… Read More

vCenter Server Appliance Error: failed to connect to VMware Lookup Service

While working with VMware vCenter Server Appliance 5.5, I needed to change the IP Address of the appliance as my customer were changing their IP scheme. It was quite to go to the VMware vCSA then to the network tab then Address tab and change the IP Address. After rebooting the appliance to ensure the IP change has taken affect and is working properly and consistent, I was able to login to the vCenter Server Appliance Management portal, but I was not able to connect to using the Web Client and was kept getting the following error:

“Failed to connect to VMware Lookup Service https://<vCenter Appliance IP>/lookupservice/sdk – SSL certificate verification failed”

Or as shown in the below screenshot:

Web Client Error after changing vCenter Appliance IP

 

It seems changing the IP Address of the vCenter Server Appliance does not regenerate the certificate with the new IP and you will have to configure the appliance to generate a new one manually. The good news it is pretty easy to do, and below is the instruction:

  1. Log in to the vCenter Server Appliance Web interface at https://<vCSA IP>:5480/.
  2. Click the Admin tab.
  3. Regenerate certificates:
    • vCenter Server 5.1: Select Toggle certificate setting so that the Certificate regeneration enabled displays Yes.
Read More

vCenter Server Appliance 5.5 limitations

VMware vCenter Server Appliance 5.5 has been gaining huge attraction lately, especially with many of the major limitations affecting the vCenter Appliance in previous verions have been lifted. This is including the limitation where it was only supposed to support 5 hosts and 50 VMs when using the embedded database. In fact the all shiny new VMware vCSA 5.5 support up to 100 hosts and 3000 VMs using the embedded database, which seems to be able to deliver up to the scale required by most customers.

Note: It seems a misleading assumption has been going around that 100 hosts and 3,000 VMs is the maximum supported configuration by VMware vCSA 5.5, where is that is absolutely not true. This limit only apply when using the embedded  built-in vPostgres where it actually can support up to the vCenter maximums of 1,000 hosts and 10,000 VMs when connected to an external Oracle Database. This is clearly documented on page 7 of vSphere 5.5 Maximums guide and a copy of that table is shown below. I believe this misleading belief has spread as many bloggers has mentioned the 100 hosts and 3,000 VMs limit while failing to point out it is not the actual limit of the appliance, but it only apply when using the embedded database. 

VMware vCenter Server Appliance Maximum Configurations

I have actually been using VMware vCenter Server Appliance 5.5 for most of my labs and at various customers as it deliver what they needs, as it can be deployed in fraction of the time and save them from having to build Windows and DB servers, not to mention its easier to maintain and manage.… Read More

Deploying VMware vCenter 5.5 Appliance

Lately for most of my labs and even for many customers I have been deploying the VMware vCenter 5.5 Appliance, as it is much quicker to install and give less chances for error. Further it saves customers a Windows license and not to mention being much easier to maintain, patch and upgrade. Further, with many of the earlier versions limitations being lifted it becoming much more viable option than ever before. For that I have decided to document the process of installing the VMware vCenter 5.5 Appliance in a hope to encourage more of you to try it out.

 VMware vCenter 5.5 Appliance Installation Steps:

1- Download the VMware vCenter 5.5 Appliance OVA (I rather the OVA as all you have to get and deploy is a single file)

2- Deploy the VMware vCenter 5.5 OVA into one of your hosts.

  1. Launch the vSphere Client or vSphere Web Client.
  2. Go to File > Deploy OVF Template.
  3. Browse to the location of the vCenter Server Appliance downloaded .ova or the .ovf file and click Open.
  4. In the OVF Template Details page, click Next.
  5. In Name and Location, enter the name of your vCenter Server Appliance and click Next.
Read More

Assign Domain Users vCenter Single Sign Administrator Privileges

If you have upgraded your Virtual Infrastructure to vSphere 5.1 or 5.5, you are already aware of the addition of Single Sign On. When installing Single Sign On, a default user Admin@System-Domain is created for you with a password that you have assigned to it during the vCenter Single Sign On installation. The Admin@System-Domain user is initially the only single user that have access to manage your the Single Sign On portion of your vSphere environment.

As a good practice & to be able to track who is responsible for a particular change in your SSO you might want to assign your vSphere Administration team domain accounts administrator privillages to your vCenter Single Sign On. While it is an easy task to do, the way it must be done seems to confuse many admins who is new to vCenter SSO. Below is the instruction of doing so:

Adding Domain users to SSO Administrator Group

Assigning users SSO Administrator Privillages

  1. Browse your vSphere Web Client Portal (https://<Your vCenter Machine>:9443).  (Note: SSO only can be managed using the Web Client)
  2. Browse to Administration > Access > SSO Users and Groups in the vSphere Web Client.
  3. Click on the Groups Tab
  4. Click on the desired Group (_Administrators_)
  5. Click Add Principals (The icon of a person with a plus sign next to it highlighted in the above screenshot)
  6. Select the identity source that contains the principal to add to the group (Probably your Domain)
  7. Search for the desired user
  8. Select the desired user and click Add
  9. Repeat step 6-8 to add the rest of the desired users.
Read More

vCenter 5.1 Installation(Part 5) – vSphere Web Client Step by Step

Alright now that you got your vCenter 5.1 up and running & ready to start managing it. I know vSphere Client will be the first thing to come to your mind in here, but its worth mentioning that all the new features in vSphere 5.1 is only included in the vSphere Web Client not the traditional Installable vSphere Client. Alright that should get you enough reason to install and try to get used to the new vSphere Web Client. Though the new vSphere Web Client has been improved dramatically from the one included in vSphere 5.0 that it feels it is a fully different client. It is much faster, smoother and with tons more functionality that can replace almost every functionality in the traditional vSphere Client.

While this post show you how to install the vSphere Web Client in a step by step fashion, if you have not yet setup vCenter 5.1 then you might want to look at previous posts in this series which document vCenter 5.1 installation including preparing the DBs.

vCenter 5.1 Installation(Part 1) – Preparing the Databases

vCenter 5.1 Installation(Part 2) – Single Sign On Installation

vCenter 5.1 Installation(Part 3) – vCenter 5.1 Inventory Service Installation

vCenter 5.1 Installation(Part 4) – vCenter Service Step by Step

Alright for those of you ready to install the vSphere 5.1 Web Client,  please find the promised step by step instruction below.… Read More

vCenter 5.1 Installation(Part 4) – vCenter Service Step by Step

As covered in my previous three posts, vCenter Service is the third component to be installed. As a reminder the order of installing vCenter 5.1 components is as follow:

Single Sign On ==> vCenter inventory Service ==> vCenter Service.

In this post, I will demonstrate in a step by step fashion how to install the vCenter Service though if you have not followed earlier parts in this series you will need to check them out before you install the vCenter Service. The earlier posts in this series can be found at:

vCenter 5.1 Installation(Part 1) – Preparing the Databases

vCenter 5.1 Installation(Part 2) – Single Sign On Installation

vCenter 5.1 Installation(Part 3) – vCenter 5.1 Inventory Service Installation

Alright so now that you have completed the installation of SSO and Inventory Service, you are ready to start the installation of vCenter 5.1 Service & below is a step by step instruction on how to do just that.

To install vCenter Server

1. Launch the installer using an account with administrator privileges.

2. Select vCenter Server from the VMware Product Installers menu and click Install.

vCenter 5.1 Server Installation Wizard

3. Select the setup language and click OK.

Select vCenter 5.1 Setup Language

4. Wait while the installation process begins.

Wait for VMware vCenter Server 5.1 installation process to begin

5.… Read More

vCenter 5.1 Installation(Part 3) – vCenter 5.1 Inventory Service Installation

In my previous two posts, I have demonstrated how to prepare the databases required for the different vCenter 5.1 components(SSO, vCenter Service, & Update Manager)  as well how to install vCenter Single Sign On. If you have not went through these earlier two posts, then you will need to follow them before proceeding with this one. These two posts can be found at:

vCenter 5.1 Installation(Part 1) – Preparing the Databases

vCenter 5.1 Installation(Part 2) – Single Sign On Installation


As I have mentioned in my earlier post, the next vCenter 5.1 component to install would be vCenter Inventory Service. In this post, I will demonstrate how to install the vCenter Inventory Service in a step by step fashion. It is important to note that in vCenter 5.1 you have the option to install the vCenter Inventory Service with other vCenter components or on a different server/vm. As I mentioned in my first post in the series, the main reason why sometime you want to install it on a separate VM/Server is if scalability is a concern in your organization and you are approaching the vCenter Scalability limits of 1,000 hosts and 10,000 VMs. In most organizations, where these limits are not even close then installing the vCenter Inventory Server on the same VM/Server running the vCenter Service is a no brainer.… Read More

vCenter 5.1 Installation(Part 2) – Single Sign On Installation

During the installation of vCenter 5.1, you will need to install 3 components in the following order: Single Sign On => Inventory Service => vCenter Service. In a new installation I would normally install the Web Service after installing the vCenter Service, though during an upgrade I would install the web service right after the Single Sign On service to be able to use it just in case I wanted to check on my Single Sign On configuration or want to troubleshoot. As this guide assuming a new installation we will leave the Web Client Service to the end. In this post, I will demonstrate the installation of the Single Sign On Service.

Preparing Databases for vCenter Components

Three vCenter components require a database. Single Sign On, vCenter Service, & Update Manager each of those components require its own database, where the creation of those databases have been documented at the first post in this series found at: vCenter 5.1 Installation(Part 1) – Preparing the Databases.

Alright now you have your databases ready let’s start the process of installing vCenter Components. The first component to install as mentioned earlier is the Single Sign On Service, which is documented in a step by step fashion below.… Read More

Sponsors