Skip to content

Virtual Library Posts

FC HBA storage adapter listed twice

If you have recently upgraded to the version 7, you probably noticed twice the amount of HBA ports in your ESXi.


esxcli system module parameters set -m lpfc -p lpfc_enable_fc4_type=1

Reboot the host.


esxcfg-module -s ‘ql2xnvmesupport=0’ qlnativefc

Reboot the host.

Install vmtools to latest version 12.0.0

Follow this procedure.

1 – Download VMware Tools Offline VIB Bundle

2 – Upload the file to a datastore.

Login to Vmware Vsphere web client, Select Esxi server or datastore, on the Configure tab / Manage tab for ESXi, Select Storage/ Datastores, right-click datastore, where you want to upload files, click Browse Files from the context menu.

3- Enable SSH on ESXi Host

4- Connect by ssh

5- Locate the file cd /vmfs/volumes and cd the datastore you upload the file and type the ls to locate the file.

6- Verify the profiles available to install change the “/vmfs/volumes/DatastoreUUID/” for the location of file and type

7 – esxcli software vib install -d “/vmfs/volumes/DatastoreUUID/”

After this update the default will be VMtools 12.

Access vCenter by SCP (WinSCP)


To be able to access the vCenter with WinSCP it is necessary to change the default shell to Bash

  1. Initiate an SSH connection to the vCenter Server Appliance.
  2. Provide the root user user name and password when prompted.
  3. Run the following command to enable the Bash shell:shell.set –enable True
  4. Run the following command to access the Bash shell:shell
  5. In the Bash shell, run the following command to change the default shell to Bash:chsh -s “/bin/bash” root
  6. Use WinSCP to upload the certificate files to the vCenter Server Appliance.
  7. Return to the Appliance Shell by running the following command:chsh -s /bin/appliancesh root 


    For more information:

vCenter 7 /storage/core full

Partition /core becomes full due to too many files, following the commands you needed to delete those files.

cd /storage/core/

You can use this command to check free space
df -h

For more information:

Downloading RPM vsphere-ui-

To check if you need run the KB

Open a SSH and run the command

openssl dgst -verify /var/vmware/applmgmt/fileintegrity/pub.key -signature /var/vmware/applmgmt/fileintegrity/fileintegrity_config.sig /etc/vmware/appliance/fileintegrity_config.json

If the result is Verification Failure, Follow the steps:

  • Login to VCSA through ssh using putty.
  • Download the script from the attachment section to in the article.
  • Upload the script to the VCSA ” root directory” using WINSCP

Note: If you faced an error while trying to login to VCSA through WINSCP , please run the below command on VCSA (SSH):
# chsh -s /bin/bash root

  • Run the script using the command:

# python

  • Run the command:

# openssl dgst -verify /var/vmware/applmgmt/fileintegrity/pub.key -signature /var/vmware/applmgmt/fileintegrity/fileintegrity_config.sig /etc/vmware/appliance/fileintegrity_config.json

This should return a “Verified OK” response.

  • Run the following commands:

service-control –stop applmgmt
rm -rf /storage/core/software-update/*
rm -rf /storage/db/patching.db
mv /storage/core/software-packages/staged-configuration.json /storage/core
mv /etc/applmgmt/appliance/software_update_state.conf /storage/core
service-control –start applmgmt

  • Retry the update.

Cannot download VIB: ”. This might be because of network issues or the specified VIB does NOT exist or does NOT have a proper ‘read’ privilege set. Please make sure the specified VIB exists and is accessible from vCenter


Unable to patch ESXi host. keep getting the following error:
Cannot download VIB: ”. This might be because of network issues or the specified VIB does NOT exist or does NOT have a proper ‘read’ privilege set. Please make sure the specified VIB exists and is accessible from vCenter

This issue resolves by resetting vum database and retry the updates. I would advise you to take a snapshot of the vCSA before going through this procedure.

The process to reset the database is:

Connect to vCSA via SSH

Run the shell command to switch to the BASH Shell:


Stop the VMware Update Manager Service:

service-control –stop vmware-updatemgr

Run the following command to reset the VMware Update Manager Database:

/usr/lib/vmware-updatemgr/bin/ reset-db

Run the following Command to delete the contents of the VMware Update Manager Patch Store:

rm -rf /storage/updatemgr/patch-store/*

Start the VMware Update Manager Service:

service-control –start vmware-updatemgr

Note: You may need to log out and log back into any instances of the vSphere Web Client.

Note: For vSAN environments this will also remove the vSAN default baselines. These baselines are recreated automatically when there is a configuration change to vSAN such as add/remove a host/disk or an update to the HCL DB. You can still safely update a vSAN cluster without the vSAN default baselines.

After the succesfull reset of the database, you should be able to scan, and apply critical and non-critical patches

Unable to Add ESXi Host to vCenter 6.7

When we try to add an ESXi Host to vCenter we get the following error “A general system error occurred: Unable to push CA certificates and CRLs to host XXXXXXX”

Modify the advanced configuration “Config.HostAgent.ssl.keyStore.allowSelfSigned” introduced in ESXi 6.7 Update 3 to ignore the Self Signed Certificates. 

Connect to the ESXi using Host Client
Select Manage Tab
Select Advanced Settings
Locate the option “Config.HostAgent.ssl.keyStore.allowSelfSigned”
Edit the value from false to true

Reboot the ESXi host.
Retry adding the ESXi host to vCenter Server or certificate renew operation

Alarm – Certificate expired

Sometimes we have an expired certificate error in vCenter, but in reality, the certificates are all valid, it’s time to clear BACKUP_STORE.

Sometimes we receive alerts of expired certificates and they will check and all of them are correct, it’s time to check the backup store.

1- Check Certificates

/usr/lib/vmware-vmafd/bin/vecs-cli entry list –store BACKUP_STORE –text

2- Backup certificate

/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert –store BACKUP_STORE –alias bkp_vpxd-extension –output /certificates/bkp_vpxd-extension.crt

/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert –store BACKUP_STORE –alias bkp_vpxd –output /certificates/bkp_vpxd.crt

/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert –store BACKUP_STORE –alias bkp_vsphere-webclient –output /certificates/bkp_vsphere-webclient.crt

/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert –store BACKUP_STORE –alias bkp_machine –output /certificates/bkp_machine.crt

/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert –store BACKUP_STORE –alias bkp___MACHINE_CERT –output /certificates/bkp___MACHINE_CERT.crt

3- Delete Certificates

/usr/lib/vmware-vmafd/bin/vecs-cli entry delete –store BACKUP_STORE –alias bkp_vpxd-extension -y

/usr/lib/vmware-vmafd/bin/vecs-cli entry delete –store BACKUP_STORE –alias bkp_vpxd -y

/usr/lib/vmware-vmafd/bin/vecs-cli entry delete –store BACKUP_STORE –alias bkp_vsphere-webclient -y

/usr/lib/vmware-vmafd/bin/vecs-cli entry delete –store BACKUP_STORE –alias bkp_machine -y

/usr/lib/vmware-vmafd/bin/vecs-cli entry delete –store BACKUP_STORE –alias bkp___MACHINE_CERT -y

VMware created a script to help at

All 7.0u3 versions have been pulled.

VMware decided to remove all versions of vSphere ESXi U3 from our online and offline downloads portals.

This was due to some critical issues that were identified on the vSphere 7.0 U3 GA release, leading to two express patches.

After further review, additional resolution complexities have come to light, and VMware has now removed all versions to prevent any further impact on their customers.

This can be checked in the public FAQ at:

This FAQ goes into more detail and also gives guidance for those who have already updated in any form.