Skip to content

Author: Luciano Batalha

FC HBA storage adapter listed twice

If you have recently upgraded to the version 7, you probably noticed twice the amount of HBA ports in your ESXi.

For EMULEX HBA:

esxcli system module parameters set -m lpfc -p lpfc_enable_fc4_type=1

Reboot the host.

For QLOGIC HBA;

esxcfg-module -s ‘ql2xnvmesupport=0’ qlnativefc

Reboot the host.

Install vmtools to latest version 12.0.0

Follow this procedure.

1 – Download VMware Tools Offline VIB Bundle https://customerconnect.vmware.com/en/downloads/details?downloadGroup=VMTOOLS1200&productId=1259&rPId=85322

2 – Upload the file to a datastore.

Login to Vmware Vsphere web client, Select Esxi server or datastore, on the Configure tab / Manage tab for ESXi, Select Storage/ Datastores, right-click datastore, where you want to upload files, click Browse Files from the context menu.

3- Enable SSH on ESXi Host

4- Connect by ssh

5- Locate the file cd /vmfs/volumes and cd the datastore you upload the file and type the ls to locate the file.

6- Verify the profiles available to install change the “/vmfs/volumes/DatastoreUUID/” for the location of file and type

7 – esxcli software vib install -d “/vmfs/volumes/DatastoreUUID/VMware-Tools-12.0.0-core-offline-depot-ESXi-all-19345655.zip”

After this update the default will be VMtools 12.

Downloading RPM vsphere-ui-7.0.3.00300-9405520.noarch.rpm

To check if you need run the KB https://kb.vmware.com/s/article/87274

Open a SSH and run the command

openssl dgst -verify /var/vmware/applmgmt/fileintegrity/pub.key -signature /var/vmware/applmgmt/fileintegrity/fileintegrity_config.sig /etc/vmware/appliance/fileintegrity_config.json

If the result is Verification Failure, Follow the steps:

  • Login to VCSA through ssh using putty.
  • Download the script generate_signature.py from the attachment section to in the article.
  • Upload the script to the VCSA ” root directory” using WINSCP

Note: If you faced an error while trying to login to VCSA through WINSCP , please run the below command on VCSA (SSH):
# chsh -s /bin/bash root

  • Run the script using the command:

# python generate_signature.py

  • Run the command:

# openssl dgst -verify /var/vmware/applmgmt/fileintegrity/pub.key -signature /var/vmware/applmgmt/fileintegrity/fileintegrity_config.sig /etc/vmware/appliance/fileintegrity_config.json

This should return a “Verified OK” response.

  • Run the following commands:

service-control –stop applmgmt
rm -rf /storage/core/software-update/*
rm -rf /storage/db/patching.db
mv /storage/core/software-packages/staged-configuration.json /storage/core
mv /etc/applmgmt/appliance/software_update_state.conf /storage/core
service-control –start applmgmt

  • Retry the update.

Cannot download VIB: ”. This might be because of network issues or the specified VIB does NOT exist or does NOT have a proper ‘read’ privilege set. Please make sure the specified VIB exists and is accessible from vCenter

 

Unable to patch ESXi host. keep getting the following error:
Cannot download VIB: ”. This might be because of network issues or the specified VIB does NOT exist or does NOT have a proper ‘read’ privilege set. Please make sure the specified VIB exists and is accessible from vCenter

This issue resolves by resetting vum database and retry the updates. I would advise you to take a snapshot of the vCSA before going through this procedure.

The process to reset the database is:

Connect to vCSA via SSH

Run the shell command to switch to the BASH Shell:

shell

Stop the VMware Update Manager Service:

service-control –stop vmware-updatemgr

Run the following command to reset the VMware Update Manager Database:

/usr/lib/vmware-updatemgr/bin/updatemgr-utility.py reset-db

Run the following Command to delete the contents of the VMware Update Manager Patch Store:

rm -rf /storage/updatemgr/patch-store/*

Start the VMware Update Manager Service:

service-control –start vmware-updatemgr

Note: You may need to log out and log back into any instances of the vSphere Web Client.

Note: For vSAN environments this will also remove the vSAN default baselines. These baselines are recreated automatically when there is a configuration change to vSAN such as add/remove a host/disk or an update to the HCL DB. You can still safely update a vSAN cluster without the vSAN default baselines.

After the succesfull reset of the database, you should be able to scan, and apply critical and non-critical patches

Unable to Add ESXi Host to vCenter 6.7

When we try to add an ESXi Host to vCenter we get the following error “A general system error occurred: Unable to push CA certificates and CRLs to host XXXXXXX”

Modify the advanced configuration “Config.HostAgent.ssl.keyStore.allowSelfSigned” introduced in ESXi 6.7 Update 3 to ignore the Self Signed Certificates. 

Connect to the ESXi using Host Client
Select Manage Tab
Select Advanced Settings
Locate the option “Config.HostAgent.ssl.keyStore.allowSelfSigned”
Edit the value from false to true

Reboot the ESXi host.
Retry adding the ESXi host to vCenter Server or certificate renew operation

Alarm – Certificate expired

Sometimes we have an expired certificate error in vCenter, but in reality, the certificates are all valid, it’s time to clear BACKUP_STORE.

Sometimes we receive alerts of expired certificates and they will check and all of them are correct, it’s time to check the backup store.

1- Check Certificates

/usr/lib/vmware-vmafd/bin/vecs-cli entry list –store BACKUP_STORE –text

2- Backup certificate

/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert –store BACKUP_STORE –alias bkp_vpxd-extension –output /certificates/bkp_vpxd-extension.crt

/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert –store BACKUP_STORE –alias bkp_vpxd –output /certificates/bkp_vpxd.crt

/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert –store BACKUP_STORE –alias bkp_vsphere-webclient –output /certificates/bkp_vsphere-webclient.crt

/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert –store BACKUP_STORE –alias bkp_machine –output /certificates/bkp_machine.crt

/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert –store BACKUP_STORE –alias bkp___MACHINE_CERT –output /certificates/bkp___MACHINE_CERT.crt

3- Delete Certificates

/usr/lib/vmware-vmafd/bin/vecs-cli entry delete –store BACKUP_STORE –alias bkp_vpxd-extension -y

/usr/lib/vmware-vmafd/bin/vecs-cli entry delete –store BACKUP_STORE –alias bkp_vpxd -y

/usr/lib/vmware-vmafd/bin/vecs-cli entry delete –store BACKUP_STORE –alias bkp_vsphere-webclient -y

/usr/lib/vmware-vmafd/bin/vecs-cli entry delete –store BACKUP_STORE –alias bkp_machine -y

/usr/lib/vmware-vmafd/bin/vecs-cli entry delete –store BACKUP_STORE –alias bkp___MACHINE_CERT -y

VMware created a script to help at https://kb.vmware.com/s/article/82560

All 7.0u3 versions have been pulled.

VMware decided to remove all versions of vSphere ESXi U3 from our online and offline downloads portals.

This was due to some critical issues that were identified on the vSphere 7.0 U3 GA release, leading to two express patches.

After further review, additional resolution complexities have come to light, and VMware has now removed all versions to prevent any further impact on their customers.

This can be checked in the public FAQ at: https://kb.vmware.com/s/article/86398

This FAQ goes into more detail and also gives guidance for those who have already updated in any form.

VCSA – Certificate Status Alert triggered

Sometimes we receive alerts of expired certificates and they will check and all of them are correct, it’s time to check the backup store.

Follow the procedure:

1- Check Certificates
/usr/lib/vmware-vmafd/bin/vecs-cli entry list –store BACKUP_STORE –text

2- Backup certificate
/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert –store BACKUP_STORE –alias bkp_vpxd-extension –output /certificates/bkp_vpxd-extension.crt
/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert –store BACKUP_STORE –alias bkp_vpxd –output /certificates/bkp_vpxd.crt
/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert –store BACKUP_STORE –alias bkp_vsphere-webclient –output /certificates/bkp_vsphere-webclient.crt
/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert –store BACKUP_STORE –alias bkp_machine –output /certificates/bkp_machine.crt
/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert –store BACKUP_STORE –alias bkp___MACHINE_CERT –output /certificates/bkp___MACHINE_CERT.crt

3- Delete Certificates
/usr/lib/vmware-vmafd/bin/vecs-cli entry delete –store BACKUP_STORE –alias bkp_vpxd-extension -y
/usr/lib/vmware-vmafd/bin/vecs-cli entry delete –store BACKUP_STORE –alias bkp_vpxd -y
/usr/lib/vmware-vmafd/bin/vecs-cli entry delete –store BACKUP_STORE –alias bkp_vsphere-webclient -y
/usr/lib/vmware-vmafd/bin/vecs-cli entry delete –store BACKUP_STORE –alias bkp_machine -y
/usr/lib/vmware-vmafd/bin/vecs-cli entry delete –store BACKUP_STORE –alias bkp___MACHINE_CERT -y

VMware created a script to help at https://kb.vmware.com/s/article/82560