Link VMware Cloud on AWS vCenter to AD in AWS
For a customer I was doing a POC where we had to link the vCenter form the VMware on AWS offering from VMware with an AD that we created in a VPC in AWS. At the moment we where doing the POC there was no really good documentian besides Configuring Hybrid Linked Mode (HLM) for VMware Cloud on AWS.This helped me but was missing steps like setting up the VPN between a VPC and VMware Cloud on AWS Management Gateway.
Following steps need to be executed.
Requirements
VMware on AWS
VPC on AWS
AD in Amazon AWS
AD account
Step by step
Steps taken on Amazon AWS
Activate AD
(https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_getting_started.html)
Create accounts in AD
Before this can be done you need to create a EC2 instance with AD features activated to access the AD and create user accounts. Detailed step by step can be found here:
https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_create_users_groups.html
Create a VPN connection on AWS
This is done in 3 steps
Customer gateway
On your VPC configuruation page you can create a Customer gateway
During the creation of this customer gateway you have to specify the public IP address you can find in your VMWare on AWS console for the vCenter in the Management Gateway
Virtual Private Gateway
Here you create a entry that points to your VPC
VPN Connection
Here you link your Customer Gateway with your Virtual Private gateway.
During the configuration of your VPN connection in AWS you need to specify the subnet of your vCenter. This can be found on the VMware on AWS console
Now you can download the configuration file. I used the Microsoft Windows format as that was for me the most readable
In this document you find the 2 public IP addresses of you AWS VPC that can be used to create redundant VPN connection to your vCenter Management Gateway on your VMware on AWS console
Also the Passphrase needed to setup on the VMware on AWS side can be found in this configuration file
Steps taken on VMware on AWS console
Create IP SEC VPN connection on the Management Gateway on VMware on AWS Console. Use the public AWS ip address and Passphrase you find in the configuration file downloaded in previous step.
If requited a second VPN can be setup with the second AWS ip address found in the configuration file for redundancy.
Steps taken on the vCenter console
Login in the vCenter console
Go to Administration
Go to Linked Domains
Before you can can add an Identity Source you need to know the Distinguished Names (DN) for the groups and users. This can be found using the AD Users and Groups tool you can find on the machine used to manage AD users and groups
Now you know the DN, you can start linking the domain using an AD over LDAP connection
The ip address of the DNS can be found on your configuration page of AD on AWS
Now just a Administrator group of the AD needs to selected and you are up and running to grant permissions on the users or groups created in your AD.
Some screenshots are taken from Configuring Hybrid Linked Mode (HLM) for VMware Cloud on AWS.
Convert RDM to VMDK
In preparation for a SRM project we had to check and migrate all RDM files to VMDK.
Check which VM has RDM using PowerCLI
Get-VM | Get-HardDisk -DiskType “RawPhysical”,”RawVirtual” | Select Parent,Name,DiskType,ScsiCanonicalName,DeviceName
Verify how RDM is connected
Edit the settings of the virtual machine in the VMware web client (while the machine is running) to verify if the RDM is connected physical or virtual.
The field compatibility tells how the RDM is connected, Physical or Virtual
-
Convert Physical RDM to VMDK
A physical connected RDM cannot be converted online to a VMDK. Before that we need to convert the Physical RDM to a Virtual RDM. (VMware KB)
- Write down the drive letter of the disk in the guest OS
- Stop the Virtual Machine by doing a shutdown of the guest OS
-
Note-down the LUN ID of the RDM by going into the multipath settings of the RMD connected to the VM
-
Remove the RDM, and check “Delete fr
-
Re-Add the RDM but change the compatibility mode to Virtual. Be sure the RDMs are connected to a separate SCSI-Controller (VM-PARAVIRTUAL). Select the same LUN ID as the LUN disconnected.
- Power on the virtual machine
-
Go into storage management and check if the disk is online. Default it will be offline, bring it back online and connect it to the correct drive letter.
- No your server is up and running with a Virtual RDM wich can be migrated online to a VMDK (see Convert Virtual RDM to VMDK)
-
Convert Virtual RDM to VMDK
A Virtual connected RDM can be migrated to a VMDK while the machine is running. (VMware KB)
-
Check if the RDM is connected virtual. Edit the VM settings and check compatibility mode of the disk
-
Start the Storage migration of the virtual machine
-
Be sure you change the disk mode to Thin or Thick provisioned.
- If you select “Same format as source” then the RMD link file will be moved and NO migration to VMDK will happen.
-
If needed you can select this setting for each disk (and VMX config file) if you go into the advanced
-
Change the setting for each individual disk and start the migration
- After the migration check the disk to see it is a VMDK and not a RDM.
Allow Virtual machines with duplicate MAC address on vSphere 5.5
In a migration project to VMware vSphere 5.5 I bumped into duplicate MAC address issue (I found out after some investigation).
Some info on the setup.
There are ESXi hosts that we are migrating from 5.0 to 5.5. Some VM’s where 2 VM’s (VM1 and VM2) share the same MAC address (production and test machine).
On ESXi 5.0 these 2 VM’s can run together on the same ESXi host.
I want to move the VM’s to an already upgraded ESXi 5.5 host, the first VM (VM1 moves without any problems. ) For the second VM (VM2) I get following error during vMotion. Same error happens when I cold migrate the VM2 to the same host (ESXi 5.5) as VM1 and try to power VM2 on.
After some Google research I came across following blog
http://jasonnash.com/2008/08/30/disabling-mac-address-checking-in-vmware/
And adding the advanced setting to VM2 fixed the problem.
Where to find VMware version information
Here some links to find version information about VMware vSphere products
http://vsphere-land.com/vinfo/release-build-info
and about VMware Tools versions
http://packages.vmware.com/tools/versions
How long can an ESXi host run?
Before starting an upgrade at a customer site I was surprised how long an ESXi host can run. Here the proof.
Upgrade VMware vCenter Appliance 5.1 to 5.5
A lot of my customers are running the vCenter Appliance version 5.1. Now they start to ask to upgrade this appliance to the newest version.
Here I will show you step by step the upgrade process. This is based on the VMware KB article 2058441
Prerequisites
- Verify the time set on the old (VMware vCenter 5.1) appliance and the new (VMware vCenter 5.5) appliances are in sync. Be aware that from version 5.5 the clock on the appliance is always set to the UTC time zone. In the older version you could select your own tome zone. (see VMware KB)
- Be sure SSO (if installed on separate machine) is on the same version of the vCenter you want to upgrade to.
- If the vCenter database is external, make backup on the Database server. For backing up the embedded database look at this KB
- Create a snapshot of the OLD vCenter appliance before you start the upgrade procedure.
Upgrade Procedure
- First step of the upgrade procedure is deploying a fresh VM of the latest vCenter Appliance.
- Next is to configure the VM so that network connectivity is possible. The only thing that needs to be configured is IP address, subnet and gateway. The Original vCenter hostname and IP settings will be configured (copied) in the NEW vCenter Appliance based on the setting of the old vCenter.
- Connect to the old and new vCenter appliance via a supported web browser. (personal experience is that IE works and Chrome not! For the upgrade process.
-
On the NEW vCenter, Accept the EULA
- Next step in the upgrade process is to specify that you want to upgrade from a previous version
- Still in the NEW appliance, copy the local appliance code to the clipboard
-
On the OLD vCenter appliance, go to the Upgrade tab and paste the clipboard content in the text box and press the import button.
-
If the import was successful you get a notice and then copy the upgrade key back to the clipboard
-
On the NEW server paste the upgrade key in the bottom text box and proceed by clicking the next button.
-
There is an option to replace the SSL certificates on the NEW with those ones from the OLD vCenter Appliance
-
Now the new SSO password must be entered for the SSO administrator account administrator@vsphere.local. (this was admin@system-domain in pre 5.5 versions)
-
Select now all the servers that need to check for compatibility with the new vCenter
-
After pressing next we see that we are ready to start the migration.
-
Pressing next will get following screen where you have to confirm that the upgrade process can proceed.
-
When you hit the start, the migration process start.
-
When you start the migration you will notice that the OLD vCenter server will be shut downed and the NEW vCenter server will have the IP configuration (hostname, IP settings) of the OLD ESX host.
After a successful upgrade you can start upgrading the ESXi hosts to the latest ESXi version.
- Can you login in the new vCenter Appliance via the Web Client and everything works fine you can remove the old vCenter Appliance from the inventory and from disk.
Remove leftovers of a vCenter plugin
During an upgrade at a customer site we removed a Dell Appliance that was connected to vCenter. We dit remove the aplliance just by powering it off and then remove it from the entry. Normally you should do an unregister from in the Dell Appliance.
Now we saw that there was a plugin that could not be loaded.
After some research on the internet I passed by on the website of William Lam (virtuallyGhetto).
He has written a nice article that describes step by step how to fix the problem we had. Look here.
Problem solved, thanks William for the good work.
Upgrade ESXi 5.0 to 5.1 via VMware Update Manager : incompatible
Today I am at customer site to upgrade en vSphere environment to the latest and greatest version of VMware vSphere 5.1.
We started the migration process by importing the VMware ESXi image we downloaded from the VMware download website.
In Update Manager we checked the server and saw that the server was not compliant with the new ESXi version so we could start the remediation.
After the remediation started we got the following message in Update Manager stating that the server was incompatible for this upgrade.
After some research on the internet I found following VMware KB 2034945 article.
As pointed out in this article the upgrade worked after a reboot of the ESX host.
Unable to expand VMFS partition
Today I was asked to expand a local datastore of a ESXi 4.1. Expanding a disk is normally no problem when you are able to increate the size of the disk. After increasing the disk size you should be able to increate the partition size.
The ESXi was managed by a vCenter 5.0. On the storage adapter I did a RESCAN data stores after the disk size was increased. Then I went into the DATASTORE properties and I saw following
This above view was via a vCenter connection. Then I found following VMware KB which told me to make a direct connection to the ESXi host. After going to into the datastore properties I found out that I could increase.
When I selected this local datastore and finished the expansion I saw following result in the vSphere Client direct to the ESXi and via vCenter.
Lucky for the customer this expansion went OK.
Hopefully if you have this problem this KB article fixes also your problem.
Success
Gert Van Gorp
Resizing a system or data disk in a virtual machine
I get a lot of questions of students and customers about resizing a virtual disk. This is the reason for this blog.
The following procedure will guide you step by step through the process of resizing (increasing) a disk of a virtual machine.
Before you make virtual hardware changes be sure you have taken a full backup of the virtual machine.
NOTE: If you do not want any troubles only increase the disk size. Decreasing can cause loss of data.
Flow
Increase Disk using diskpart
Step 1: Edit the virtual machine settings and increase the size of the disk (VMDK).
Step 2: Open the console of this virtual machine and start a command prompt.
Step 3: Start diskpart and execute following steps.
list volume
à this gives you a list of the available partitions
select volume x
à select the partition number you want to increase
extend
à this will add the empty disk space into the partition.
Now the partition has increased in size.
NOTE: On Windows 2008 this can be done via the Device Manager / Storage, but I have seen some weird things like showing incorrect partition sizes.
Increase Disk using Third Party tool
Since I have some great experiences with the Acronis Disk Director tool I will explain the steps to increase a disk using this tool. Another tool that can be used is e.g. GParted.
Step 1: Be sure you have a boot image (ISO) of the Acronis Disk Director Tool that supports your guest OS.
Step 2: Boot your virtual machine using the boot image ISO. Use the ESC button during booting your virtual machine to activate the “one time boo menu”
Step 3: Select the partition you want to increase and right mouse click on it. Then select “Resize Volume”
Step 4: Increase the disk space of the selected partitions by decreasing the unallocated space to 0
Step 5: After increasing the partition you have to commit the changes.
Step 6: Now you need to reboot your virtual machine after disconnecting the boot image.