Here you are trying to setup vCenter Orchestrator and you get this error: SSL exception, 'SSL certificate is missing for this host'
What vCenter Orchestrator is saying is that it doesn't have the certificate installed for that host, unlike other apps/programs, Orchestrator doesn't offer an option automatically install these certificates upon inital connection. You have to first add the certs then connect to the host, to do this: (refer the screenshot at the bottom if your stuck)
- Login to your vCenter Orchestrator Configuration Webpage: (http://vCenter-Orchestrator-Hostname:8282) - default user/pass is vmware/vmware
- Select Network from the left column
- At the top you'll see a tab for SSL Certificate, click that
- You can either import the SSL certificate from a file, or from a URL--URL is the easiest as you just enter the hostname and Orchestrator installs the certificate
- In the URL box, just enter your vCenter hostname, then click Import to the right of that text box
- You'll see the certificate details displayed if everything looks alright click Import at the bottom
- Repeat this process for each vCenter you plan to use Orchestrator with
- Go back to whatever step you were trying to do when you got the error: SSL exception, 'SSL certificate is missing for this host' and try it again, this time it should work successfully
So it's been awhile since my last post on Building a Cost-Effective vSphere ESXi 5.0 Home Lab--I have been playing with this system now for a few weeks and am loving it--I've ordered parts for a 2nd system and might spring for a 3rd...Remember that the chip on this motherboard supports AMD-V, so you can do practicably everything except for VMDirectPath I/O with this system.
I've been running upwards of 7 VMs on it at once and have had no real problems. Yes ready times can get high, but I've never had them over 30% under that kind of load. Again this is a home lab, and somewhat high ready times don't effect anything except a couple extra seconds here or there when I am doing something intensive.
This little box rocks for a home lab, the key thing to remember is that it IS a home lab--run everything with 1vCPU and minimal amounts of ram assigned. (I don't have a single VM over 1Gb of RAM assigned). The biggest slow down in my experience with this system comes from swapping on local storage--not CPU contention. (I haven't connected this to my OpenFiler box yet)
If your trying to configure vCenter Orchestrator to use a local Microsoft SQL Express database and you get the error: Unknown host: Error when connecting to host localhost/127.0.0.1, port 1433: Connection refused: connect
You need to change a few options on your SQLExpress server to accept this connection.
- Launch SQL Server Configuration Manager
- Navigate to SQL Server Network Configuration->Protocols for SQLEXPRESS on the left column
- Double-Click on TCP/IP
- Ensure Enabled is set for Yes
- Ensure Listen All is set for Yes
- Click the IP Addresses Tab
- Scroll to the bottom and find IPAll
- Set TCP Port to 1433 for IPAll
- Hit Ok, and Ok to the dialog box that pops up
- Navigate to SQL Server Services on the left column
- Right-Click SQL Server (SQLEXPRESS) and select Restart
- Try again and your Orchestrator server should be able to connect to the database now
So you decided to take the plunge and buy the Dell Management Center vCenter Plugin but it's not registering with your vCenter? In my case, the virtual appliance spit out all kinds of errors--SSL errors, unknown errors, timeouts...
Well, the fix for me was simple--apparently Dell doesn't make the latest version avaliable online, you may have downloaded an older version from Dell's site and Dell expects you to simply update the appliance online after you deploy it.
To do this:
- Login to the appliance admin portal with your previously set admin password (https://[ApplianceIP]/DellAdminPortal/index.html)
- Now navigate to Appliance Management on the left column
- On this page you'll see 2 lines near the top: Current Virtual Appliance Version and Available Virtual Appliance Version, if the Available version is higher then the current, click Update Virtual Appliance to install the update
- It takes about 5-10min to complete, the virtual appliance will reboot at some point, once you get a login screen at the console it should be ready to proceed
- Go back to the appliance URL in your web browser and login (https://[ApplianceIP]/DellAdminPortal/index.html)
- From here you'll see a link to register with vCenter near the top--click that
- Enter the IP or Hostname for your vCenter server
- Provide User Credentials with admin access in vCenter & hit register
- Once registration is complete you will get a message to relaunch a vSphere Client and connect to the vCenter to access the plugin, so do that and go about configuring the rest of the plugin.
This is another updated version with more Intel removal goodness...see my previous post for more information on Automated P2V Cleanup: Remove/Uninstall Dell OpenManage & Broadcom/Intel Drivers Updated so it removes all the new Dell/Intel/Broadcom stuff released since the last update.
- Dell OpenManage Server Administrator
- Broadcom Drivers and Management Applications
- Broadcom NetXtreme II Driver Installer
- Intel(R) PROSet for Wired Connections
- Intel(R) PRO Network Connections
This post is essentially a +1 for Mike Laverick's campaign...
There is alot of buzz in the VMware Community about VMTN (VMware Technology Network) Subscriptions. These subscriptions were the equivalent of Microsoft's TechNet Subscriptions. The idea is to give IT Professionals licensed copies of "complete" Microsoft software for evaluation, testing and troubleshooting--without a time limit or feature limitations. Microsoft bundles in some E-Learning and Support Tickets, as well as betas. VMware had a similar offering a few years back but discontinued it. Well now the community has banded together to ask VMware to recreate this offering. It would be very benefitial for VMware to do, I'm sure there are many folks that are using trial software and registering multiple email accounts to get new evaluation keys just to lab something, or evaluate a new solution. VMware could make some profit by providing a paid subscription to access this software for any IT Professional to learn with.
Microsoft has basically 3 offerings when it comes to this realm:
- TechNet Subscriptions - Evaluation Licenses with no time limit - $199/yr or $349/yr (renewals cost less) depending on level purchased
- MSDN Subscriptions - Software Development & Testing licenses - Varies greatly, from $699-$11,899 depending on level purchased
- Action Pack Subscriptions - Internal-use licenses (Only for Microsoft Partners) - $299/yr
- NFR - Not-for-resale licenses - Training/Demonstration (Only for VMware Partners) - Free, but requires a specific partnership level based on revenue
- IUL - Internal-use licenses - Discounted Licenses (Only for VMware for Partners) - Costs vary based on license, discounts unknown
- Cleanup Irrelevant Data
- Don't bring over that downloads folder on every server full of drivers, hotfixes, patches, service packs, etc. Remember storage is now shared among many VMs now, try not to duplicate things like that.
- Stop transactional services during P2V
- MSSQL, mySQL, etc.
- Disable Windows Updates
- You don't want your source to reboot due to automatic updates mid-P2V
- Do not resize volumes during P2V
- Resizing volumes will increase P2V time significantly because instead of doing a block-level copy the convert would have to use file-level copy
- Set Target disks to Thin
- Take advantage of thin provisioning--make sure you have vCenter Alarms setup to alert you when datastores near capacity
- Move the Page File to a seperate volume (if it isn't already)
- If you are moving away from traditional backup methods to new vStorage methods you can't exclude the page file from backups typically--however if it's on a dedicated volume (separate vmdk) you can typically exclude it then
- Don't Team NICs
- You should build redundancy at the vSwitch level and use a single NIC for the VM (having a separate NIC connected to another vSwitch for backups, or Internal/External Interfaces is still ok)
- Get rid of all the extra software/agents physical servers require--Dell OpenManage, HP Insight, Broadcom/Intel Teaming Utilities - If your using Dell Servers use my Cleanup Script to automate the process
If your not using guest customization specifications, get going now! Some people ask why do this in a VMware Template when you can do it via Active Directory using Group Policy. We use our templates a lot for test machines which may or may not end up joined to a domain. This ensures that no unwanted updates get applied to these test machines. Works great across Windows XP, Server 2003, Vista, Server 2008 and Windows 7 (might also work on Windows 2000 but I didn't check). If you don't know what guest customization specifications are checkout my other posting explaining all about them and howto create one.
To disable Automatic Windows Updates, all you need to do is add this entry to the RUNONCE area of your customization specification:
reg add “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update” /v AUOptions /t REG_DWORD /d 1 /f
It's that simple!
So your trying to import a signed certificate that was created with the certificate signing request (CSR) you get an error in vCenter Orchestrator Configuration about the cert not being the correct format. If your using Microsoft Active Directory Certificate Services here are the exact steps:
- Export a certificate signing request from the VMware vCenter Orchestrator Configuration: Server Certificate area (goto http://vco-server:8282 then click Server Certificate on the left). If this option isn't displayed select the option to install a self signed certificate and then you will get the option to export a certificate signing request.
- Copy and paste the contents of the CSR file you downloaded from vCO Config area to your Cert Server web interface (http://CERTSERVER/certsrv).
- Select Web Server from the drop down and submit.
- Now ensure DER encoded is selected and download the certificate chain.
- Change the file extension on the file you just downloaded from .p7b to .csr
- You should now be able to upload it immediately using the "Import certificate signing request signed by CA" option inside the VMware vCenter Orchestrator Configuration: Server Certificate area (again goto http://vco-server:8282 and select Server Certificate on the left)
- You get a green bubble by Server Certificate and everything is happy.
VMware posts security advisories to notify users of any vulnerabilities or other security issues that effect their products. You can subscribe to be notified via email whenever they post a new advisory. Keeping on top of these security advisories so you can evaluate each one and understand any risks is important as a VMware Administrator.
These advisories are posted in a couple of places: