Home > Blogs > Support Insider > Category Archives: Datacenter

Category Archives: Datacenter

Top 20 ESXi articles for December 2015

  1. After upgrading an ESXi host to 5.5 Update 3b and later, the host is no longer manageable by vCenter Server
  2. Licensing ESXi 5.x and vCenter Server 5.x
  3. Licensing ESXi 6.x and vCenter Server 6.x
  4. Reverting to a previous version of ESXi
  5. Commands to monitor snapshot deletion in VMware ESXi/ESX
  6. Collecting diagnostic information for VMware ESX/ESXi
  7. Determining Network/Storage firmware and driver version in ESXi/ESX 4.x, ESXi 5.x, and ESXi 6.x
  8. VMware ESXi 5.x host experiences a purple diagnostic screen mentioning E1000PollRxRing and E1000DevRx
  9. Installing async drivers in VMware ESXi 5.x and ESXi 6.0.x
  10. Estimating the time required to consolidate snapshots for VMware ESX and VMware ESXi
  11. How to purchase and file Pay Per Incident support for VMware products
  12. Consolidating snapshots in vSphere 5.x/6.0
  13. Uploading diagnostic information for VMware using FTP
  14. Uploading diagnostic information for VMware through the Secure FTP portal
  15. Permanent Device Loss (PDL) and All-Paths-Down (APD) in vSphere 5.x and 6.x
  16. ESXi host cannot initiate vMotion or enable services and reports the error: Heap globalCartel-1 already at its maximum size.Cannot expand
  17. Making a VMware feature request
  18. Committing snapshots when there are no snapshot entries in the Snapshot Manager
  19. Using esxtop to identify storage performance issues for ESX / ESXi (multiple versions)
  20. Best practices for virtual machine snapshots in the VMware environment

What’s New in vSphere 5.5 Update 3b

noticeSSLv3 Protocol Disabled by Default

Background

Across the industry, enterprise software products and solutions are dropping use of and support for the SSLv3 protocol. The Internet Engineering Task Force (IETF) officially deprecated the SSLv3 protocol in RFC 7568 due to its obsolescence and inherent unfixability. Instead, IETF recommends the latest version of TLS.

VMware is therefore dropping support for SSLv3 on both the server side and the client side in vSphere. The release of vSphere 5.5 Update 3b from VMware disables SSLv3 by default to meet current standards and compliance.

Disabling SSLv3 by default also brings some restrictions with respect to installation, upgrading, and compatibility. This blog summarizes these limitations which are also documented in detail in the respective release notes and KB articles.

Below are some of the key aspects that you should be aware of when you upgrade to vSphere 5.5 Update 3b

  1. Upgrade sequence: As recommended in KB 2057795 you must upgrade vCenter Server to 5.5 Update 3b first and then update the hosts to ESXi 5.5 Update 3b.

Earlier releases of vCenter Server won’t be able to manage ESXi 5.5 Update 3b. As a workaround, you can re-enable SSLv3 protocol on ESXi by following the configuration described in KB 2139396. However, VMware strongly recommends against re-enabling the SSLv3 protocol.

  1. Upgrade both vCenter Server and ESXi to 5.5 Update 3b: In order to disable SSLv3 completely in your vSphere environment, we recommend that you update both vCenter Server and ESXi to vSphere 5.5 Update 3b.
  2. View Composer earlier than version 6.2 will have connection failures with ESXi 5.5 Update 3b. Refer to KB 2121021
  3. SSLv3 can be re-enabled by the configuration described in KB#2139396. Re-enablement of SSLv3 protocol has to be consistent across all ESXi and vCenter Server services and require mandatory service restart. However, VMware strongly recommends against re- enabling the SSLv3 protocol.

Note: Hostprofile will be able to capture SSLv3 protocol enablement configuration changes for all the services except Hostd service in ESXi.

Database issues when upgrading vSphere

For today’s post, we’d like to focus on issues surrounding DB validation during upgrade. Many of you are running into one of the issues when moving to vSphere 6.0

Does anything here look familiar?

Fresh vSphere 6 KB articles!

vSphere 6.0 has been out now for a few weeks and you early adopters have been busy kicking the tires. We’ve heard some very encouraging things about this release ie: the web client improvements. It’s always interesting and top of mind for us to see what issues emerge in everyone’s environments and we monitor support requests coming into support as well as social media to see what customers run into.

Here’s an fresh list of Knowledgebase articles we’ve created to address some of these inquiries. Familiarize yourself with the list and of course share with your colleagues using the buttons on this page.

Database compatibility issues during upgrade

Deprecated VMFS volume errors

Backup failures/CBT mem heap issues

Replace certificates for vSphere 6.0

Decommissioning a vCenter Server or Platform Services Controller

Using vSphere ESXi Image Builder to create an installable ISO that is not vulnerable to Heartbleed

Here is a follow-up post from Andrew Lytle, member of the VMware Mission Critical Support Team. Andrew is a Senior Support Engineer who is specializes in vCenter and ESXi related support.

VMware recently released updates to all products affected by the vulnerability dubbed “Heartbleed” (CVE-2014-0160): http://www.vmware.com/security/advisories/VMSA-2014-0004.html

As per KB article: Resolving OpenSSL Heartbleed for ESXi 5.5 – CVE-2014-0160 (2076665), the delivery method for this code change in the VMware ESXi product is through an updated ESXi vSphere Installation Bundle (VIB). VIBs are the building blocks of an ESXi image. A VIB is akin to a tarball or ZIP archive in that it’s a collection of files packaged into a single archive.

Typically a new ESXi ISO file will be made available only during major revisions of the product (Update 1, Update 2, etc). If you need an ESXi 5.5 ISO which is already protected from Heartbleed, you can make your own ISO easily using vSphere PowerCLI.

The PowerCLI ImageBuilder cmdlets are designed to make custom ESXi ISOs which have asynchronous driver releases pre-installed, but it can also be used in a situation like this to make an ISO which lines up with a Patch Release instead of a full ESXi Update Release.

In this post we will cover both the ESXi 5.5 GA branch, as well as the ESXi 5.5 Update 1 branch. Choose the set of steps which will provide the ISO branch you need for your environment.

Creating an ISO based on ESXi 5.5 GA (Pre-Update 1)

These steps are for downloading the requirements for creating an ISO which is based on the ESXi 5.5 “GA” release, which was originally released 2013-09-22.

Step 1: Download the Required Files

When creating a custom ESXi image through Image Builder, we need to start by downloading the required files:

Install PowerCLI through the Windows MSI package, and copy the zip files to a handy location. For the purposes of this example, I will copy these files to C:\Patches\

Step 2: Import the Software Depot

  • Add-EsxSoftwareDepot C:\Patches\ESXi550-201404020.zip
    1-1

Step 3: Confirm the patched version (optional)

If you wish to confirm the esx-base VIB (which includes the Heartbleed vulnerability code change) is added correctly, you can confirm the VIB has Version of 5.5.0-0.15.1746974 and the Creation Date of 4/15/2014.

  • Get-EsxSoftwarePackages –Name esx-base
    1-2

Step 4: Export the Image Profile to an ISO

  • Export-EsxImageProfile –ImageProfile ESXi-5.5.0-20140401020s-standard –ExportToISO –FilePath C:\Patches\ESXi5.5-heartbleed.iso
    1-3

Creating an ISO based on ESXi 5.5 Update 1

These steps are for creating an ISO which is based on the ESXi 5.5 “Update 1” release, which was originally released 2014-03-11.

Step 1: Download the Required Files

When creating a custom ESXi image through Image Builder, we need to start by downloading the required files:

Copy the zip files to a handy location. For the purposes of this example, I will copy it to C:\Patches\

Step 2: Import the Software Depot

  • Add-EsxSoftwareDepot C:\Patches\ESXi550-201404001.zip
    2-1

Step 3: Confirm the patched version (optional)

If you wish to confirm the esx-base VIB (which includes the Heartbleed vulnerability code change) is added correctly, you can confirm the VIB has the Version of 5.5.0-1.16.1746018 and Creation Date of 4/15/2014.

  • Get-EsxSoftwarePackages –Name esx-base
    2-2

Step 4: Export the Image Profile to an ISO

  • Export-EsxImageProfile –ImageProfile ESXi-5.5.0-20140404001-standard –ExportToISO –FilePath C:\Patches\ESXi5.5-update1-heartbleed.iso
    2-3

Installing the ESXi ISO

The ISO file which was created in this steps can be used in exactly the same manner as the normal VMware ESXi 5.5 ISO. It can be mounted in a remote management console, or burned to a CD/DVD for installation.

Why storage paths go into a Dead state

Ever wonder why your storage path goes into a “Dead” state?

Staff Engineer Nathan Small has authored a new Knowledgebase article which describes most of the scenarios that lead to this condition.

There basically three reasons your storage path can go into a “dead” state:

  1. The ESX Storage stack determines path is dead due to TEST_UNIT_READY command failing on probing
  2. The ESX Storage stack receives a Host Status of 0x1 from HBA driver:
    a. Remote array port has timed out
    b. Remote array port has dropped from the fabric (RSCN)
    c. Remote array port has closed IP connection
  3. The ESX Storage Stack marks path as dead after PDL check condition returned by Storage array

Check out Nathan’s excellent article on the topic here: Understanding how paths to a storage/LUN device are marked as Dead (2062592)

Some new ESXi patches today

Some new patches for ESXI out today you might want to be aware of:

New Network port diagram for vSphere 5.x

Over the past few weeks we have been working on constructing a brand new network diagram, depicting ports in use for vSphere 5.x

These diagrams have been very popular in the past and we hope you like this one too! We created Knowledgebase article: Network port diagram for vSphere 5.x (2054806) as a container for the pdf diagram. The pdf also lists all of the ports used in tabular format.

If you’d like to see more of these, tell us in the comments section below!

Network port diagram for vSphere 5

Alternate download location.

Note: This information provided is on a best effort basis. VMware will endeavor to update the diagram as new releases come out.

10 videos on vSphere Snapshots

Today we have compiled two lists of videos that will provide you a clear understanding of how to use vSphere snapshots effectively. The first set comes from Joe Desmond, VMware Certified Instructor. The second list comes from our VMware KBTV YouTube channel. Those videos compliment our Knowledgebase articles on the same topic.

  • vSphere Snapshots in Non Production Environments describes how to make changes in a non-production environment using vSphere snapshots, by using snapshots to compare two alternative changes to an environment.
  • vSphere Snapshot Consolidation describes how to discover and implement changes in the environment using the vSphere Snapshot Consolidation function — a function that recognizes unresolved snapshots from 3rd parties, consolidates them and cleans up the environment.
  • vSphere Snapshot Overview provides an overview of the vSphere Snapshot tool to support guest O/S administrators. Snapshots allow safe change to virtual machines without the worry of failed implementation.
  • vSphere Anatomy of Snapshots describes the snapshot process, a powerful tool that allows safe change of virtual machine states without the worry of failed implementation.
  • vSphere Powerful Tools Come with Big Warning Labels New describes the proper use of vSphere Snapshots avoiding loss of data or downtime, and allowing movement from pre-change to post-change with ease.
  • vSphere Snapshots in Action walks through two demos installing a software program using vSphere Snapshots to capture the before state and the after state.

KBTV videos discussing snapshots

SSL Certificate Automation Tool version 1.0.1

Last month we announced a new SSL Certificate Automation tool to help everyone with the implementation of custom certificates. Yesterday, we released the second version of it (version 1.0.1). This is a minor update which aims to simplify the replacement of certificates further by adding Certificate Signing Request (CSR) functionality to the tool. This functionality allows a user to quickly generate certificate requests (and consequently the private keys) for submission to the Certificate Authority.  The CSR functionality was the largest portion of manual steps, and as a result the update reduces the number of steps by over 15.

In addition, there are several minor bug fixes which were fixed which impacted tool functionality.

For further details and to download the latest version of the SSL tool see: Deploying and Using the SSL Certificate Automation Tool (2041600)

We hope these additions provide useful for everyone!