Author: Luciano Batalha

Cannot download VIB: ”. This might be because of network issues or the specified VIB does NOT exist or does NOT have a proper ‘read’ privilege set. Please make sure the specified VIB exists and is accessible from vCenter

Published by Luciano Batalha on January 8, 2022

Unable to patch ESXi host. keep getting the following error:
Cannot download VIB: ”. This might be because of network issues or the specified VIB does NOT exist or does NOT have a proper ‘read’ privilege set. Please make sure the specified VIB exists and is accessible from vCenter

This issue resolves by resetting vum database and retry the updates. I would advise you to take a snapshot of the vCSA before going through this procedure.

The process to reset the database is:

Connect to vCSA via SSH

Run the shell command to switch to the BASH Shell:

shell

Stop the VMware Update Manager Service:

service-control –stop vmware-updatemgr

Run the following command to reset the VMware Update Manager Database:

/usr/lib/vmware-updatemgr/bin/updatemgr-utility.py reset-db

Run the following Command to delete the contents of the VMware Update Manager Patch Store:

rm -rf /storage/updatemgr/patch-store/*

Start the VMware Update Manager Service:

service-control –start vmware-updatemgr

Note: You may need to log out and log back into any instances of the vSphere Web Client.

Note: For vSAN environments this will also remove the vSAN default baselines. These baselines are recreated automatically when there is a configuration change to vSAN such as add/remove a host/disk or an update to the HCL DB. You can still safely update a vSAN cluster without the vSAN default baselines.

After the succesfull reset of the database, you should be able to scan, and apply critical and non-critical patches

Unable to Add ESXi Host to vCenter 6.7

Published by Luciano Batalha on January 3, 2022

When we try to add an ESXi Host to vCenter we get the following error “A general system error occurred: Unable to push CA certificates and CRLs to host XXXXXXX”

Modify the advanced configuration “Config.HostAgent.ssl.keyStore.allowSelfSigned” introduced in ESXi 6.7 Update 3 to ignore the Self Signed Certificates.

Connect to the ESXi using Host Client
Select Manage Tab
Select Advanced Settings
Locate the option “Config.HostAgent.ssl.keyStore.allowSelfSigned”
Edit the value from false to true

Reboot the ESXi host.
Retry adding the ESXi host to vCenter Server or certificate renew operation

Alarm – Certificate expired

Published by Luciano Batalha on December 31, 2021

Sometimes we have an expired certificate error in vCenter, but in reality, the certificates are all valid, it’s time to clear BACKUP_STORE.

Sometimes we receive alerts of expired certificates and they will check and all of them are correct, it’s time to check the backup store.

1- Check Certificates

/usr/lib/vmware-vmafd/bin/vecs-cli entry list –store BACKUP_STORE –text

2- Backup certificate

/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert –store BACKUP_STORE –alias bkp_vpxd-extension –output /certificates/bkp_vpxd-extension.crt

/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert –store BACKUP_STORE –alias bkp_vpxd –output /certificates/bkp_vpxd.crt

/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert –store BACKUP_STORE –alias bkp_vsphere-webclient –output /certificates/bkp_vsphere-webclient.crt

/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert –store BACKUP_STORE –alias bkp_machine –output /certificates/bkp_machine.crt

/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert –store BACKUP_STORE –alias bkp___MACHINE_CERT –output /certificates/bkp___MACHINE_CERT.crt

3- Delete Certificates

/usr/lib/vmware-vmafd/bin/vecs-cli entry delete –store BACKUP_STORE –alias bkp_vpxd-extension -y

/usr/lib/vmware-vmafd/bin/vecs-cli entry delete –store BACKUP_STORE –alias bkp_vpxd -y

/usr/lib/vmware-vmafd/bin/vecs-cli entry delete –store BACKUP_STORE –alias bkp_vsphere-webclient -y

/usr/lib/vmware-vmafd/bin/vecs-cli entry delete –store BACKUP_STORE –alias bkp_machine -y

/usr/lib/vmware-vmafd/bin/vecs-cli entry delete –store BACKUP_STORE –alias bkp___MACHINE_CERT -y

VMware created a script to help at https://kb.vmware.com/s/article/82560

All 7.0u3 versions have been pulled.

Published by Luciano Batalha on December 15, 2021

VMware decided to remove all versions of vSphere ESXi U3 from our online and offline downloads portals.

This was due to some critical issues that were identified on the vSphere 7.0 U3 GA release, leading to two express patches.

After further review, additional resolution complexities have come to light, and VMware has now removed all versions to prevent any further impact on their customers.

This can be checked in the public FAQ at: https://kb.vmware.com/s/article/86398

This FAQ goes into more detail and also gives guidance for those who have already updated in any form.

vExpert 2022 Applications are Open!

Published by Luciano Batalha on December 8, 2021

vExpert 2022 Applications are Open!

vExpert 2022 Applications are Open! Don’t miss out on this opportunity, be sure to apply before January 14th, 2022. The vExpert awards will be announced on February 18th, be a part of the announcement! Current vExperts will need to apply even if you were awarded in the second half.

New Product Lifecycle Matrix from VMware

Published by Luciano Batalha on November 25, 2021

VMware has released a new Product Lifecycle Matrix website so that we can check the validity of all the software from VMware like General Availability, End of General Support, End of Availability.

You can export this information PDF or CSV, follow the link https://lifecycle.vmware.com

VCSA – Certificate Status Alert triggered

Published by Luciano Batalha on November 19, 2021

Sometimes we receive alerts of expired certificates and they will check and all of them are correct, it’s time to check the backup store.

Follow the procedure:

1- Check Certificates
/usr/lib/vmware-vmafd/bin/vecs-cli entry list –store BACKUP_STORE –text

2- Backup certificate
/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert –store BACKUP_STORE –alias bkp_vpxd-extension –output /certificates/bkp_vpxd-extension.crt
/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert –store BACKUP_STORE –alias bkp_vpxd –output /certificates/bkp_vpxd.crt
/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert –store BACKUP_STORE –alias bkp_vsphere-webclient –output /certificates/bkp_vsphere-webclient.crt
/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert –store BACKUP_STORE –alias bkp_machine –output /certificates/bkp_machine.crt
/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert –store BACKUP_STORE –alias bkp___MACHINE_CERT –output /certificates/bkp___MACHINE_CERT.crt

3- Delete Certificates
/usr/lib/vmware-vmafd/bin/vecs-cli entry delete –store BACKUP_STORE –alias bkp_vpxd-extension -y
/usr/lib/vmware-vmafd/bin/vecs-cli entry delete –store BACKUP_STORE –alias bkp_vpxd -y
/usr/lib/vmware-vmafd/bin/vecs-cli entry delete –store BACKUP_STORE –alias bkp_vsphere-webclient -y
/usr/lib/vmware-vmafd/bin/vecs-cli entry delete –store BACKUP_STORE –alias bkp_machine -y
/usr/lib/vmware-vmafd/bin/vecs-cli entry delete –store BACKUP_STORE –alias bkp___MACHINE_CERT -y

VMware created a script to help at https://kb.vmware.com/s/article/82560

Unable login to ESXi or vCenter Server Appliance by SSH

Published by Luciano Batalha on November 10, 2021

Unable login to ESXi or vCenter Server Appliance by SSH because fails with this error:

“Couldn’t agree a key exchange algorithm (available: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, diffie-hellman-group16-sha512,diffie-hellman-group18-sha512”

To resolve this issue, upgrade PuTTy to a version to 0.65 or later from http://www.putty.org/.

VMware Ports and Protocols

Published by Luciano Batalha on October 14, 2021

VMware has released a new Ports and Protocols website so that we can check the ports used in each solution, also you can download the following Network Diagrams:
Horizon
VMware Cloud Disaster Recovery
VMware HCX

Follow the website https://ports.esp.vmware.com/

How to Migrate Windows SRM to SRM Virtual appliance

Published by Luciano Batalha on September 9, 2021

1- Stop the SRM Service in the Windows SRM Server

2 – Export the SRM data from Windows SRM Server

.\export-srm-data.bat <folder-name>

Example:

.\export-srm-data.bat c:\SRM-Data

3- Deploy the Site Recovery Manager Appliance

4- Move the exported SRM data from windows SRM to SRM appliance

In Step 2, We have exported the SRM data from the SRM windows server.

Move the exported SRM data from the window SRM server to other shared folder or file share. Once the data is moved into the shared folder or another file share, Shutdown the Windows SRM Server.

Once the Windows SRM server is powered off, Power on the SRM appliance VM.

Move the exported SRM data into the /home/admin directory of VMware SRM virtual appliance using Winscp

5- Log in to the SRM virtual appliance with admin credentials. Then switch it to root using the command “su-“ and specify the root password.

CD into the directory /opt/vmware/srm/bin/

Run the below command to start importing the SRM data into SRM appliance

./import-srm-data.sh </directory of moved SRM data>

Example

./import-srm-data.sh /home/admin/srm-data

Enter the SSO administrator username and password.

Enter the password for the”admin” account specified during the SRM appliance deployment.

Enter the password to import the SRM data, which we have Set during the export process in Step 2

Migrate Windows SRM to SRM Virtual Appliance

SRM data import to SRM virtual appliance is completed successfully. If any incompatibility, it will report during the import. In our case, we don’t have any issue with the import.

6- Reconnect the SRM Pairing

Once the SRM data import is completed, we need to reconfigure the SRM pairing between the Protected and Recovery site.

Select the first site from the list. Enter the address of the Platform Services Controller for the Site Recovery Manager Server on the second site, provide the user name and password, and click Next. Select the vCenter Server and the services (Site Recovery Manager) and click Next. On the Ready to complete page, review the pairing settings, and click Finish