ESXi

vSphere 6.5: OVF Import – The provided manifest file is invalid

Importing a template from vSphere 5.5 and importing to vSphere 6.5 the following error was encountered: The provided manifest file is invalidInvalid OVF checksum algorithm: SHA1

To get fix this error the following steps were taken:

Step 1 – is to extract your ova template (after all its only a zip)

You will notice 3 files once extracted

*.vmdk – is your disk containing all your data

*.ovf – is the configuration (also the file that we will edit)

*.mf – is a manifest containing a reference to the vmdk and ovf, also holding a SHA1 hash which ESXi will check for validation. This file needs to be deleted as we are making a change to the ovf and this will surely break that hash.

Example of what the contents of the .mf file looks like:

SHA1(template.ovf)= 908e804f140ffa58083b8bd154dace330b440c78
SHA1(template-disk1.vmdk)= 29c2d44d908d0207005360dabb58967f01a1

Step 2 – Delete the file with the *.mf extension. If this exists ESXi will attempt to validate and throw an error about the templates integrity being invalid. Once this has been deleted you can deploy your OVF Template.

Ref: http://jermsmit.com/unmount-local-iso-before-making-it-an-ovf-template/

Happy Importing

Cannot remediate host because it is part of HA Admission Control enabled Cluster

Recently my team and I ran into incident with and error while patching esxi servers using VMware Update Manager(VUM).  When attempting o remediate the following error message was shown:

“cannot remediate host because it is part of HA Admission Control enabled Cluster”

Cause:

vCenter Server uses admission control to ensure that sufficient resources are available in a cluster to provide failover protection and to ensure that virtual machine resource reservations are respected.

Admission control imposes constraints on resource usage and any action that would violate these constraints is not permitted. If an automated process needs to take actions, it might temporarily violate the failover constraints.

 

Solution:

Before patching of the ESXi Servers that are part of the HA Cluster, make sure you have disabled “Admission Control”. Once server has been patched you can re-enable Admission Control on the cluster.

 

Steps to disable Admission Control

  • Right-click the cluster and click Edit Settings.
  • Under Cluster Features, click VMware HA.
  • Under Admission Control, select Disable: Power on VMs that violate availability constraints.
  • Click OK

This can also be disabled in the VMware Update Manager remediation wizard. When you remediate check the option “Disable High Availability admission control if it is enabled for any of the selected clusters.

 

Tech Short: Modify vCenter Single Sign-On Password Policy

Warning:  I do not advocate that anyone to make modifications which extend outside of their organizations security policies. Doing so may put account security as risk.

By default, passwords associated with vSphere Single Sign-On expire every 90 days. As a user approaches this expiry point they will be reminded that their password is about to expire.

In my lab I wanted to avoid the need to change my password so frequently so I decided to extend the number of days required between password changes.

The steps below can be followed:

  1. Log in to the vSphere Web Client as a user with vCenter Single Sign-On administrator privileges
  2. Browse to Administration > Single Sign-On > Configuration
  3. Click the Policies tab and select Password Policies
  4. Click Edit
  5. Modify the “Maximum Lifetime”
  6. Click OK

Under the password policies you may take note of various options which can be modified based on your criteria or organization password policy.

Here are the password policy options:

 

Maximum lifetime:

Maximum number of days that a password can exist before the user must change it.

Restrict reuse:

Number of the user’s previous passwords that cannot be selected. For example, if a user cannot reuse any of the last six passwords, type 6.

Maximum length:

Maximum number of characters that are allowed in the password.

Minimum length:

Minimum number of characters required in the password. The minimum length must be no less than the combined minimum of alphabetic, numeric, and special character requirements.

Character requirements:

Minimum number of different character types that are required in the password. You can specify the number of each type of character, as follows:

  • Special: & # %
  • Alphabetic: A b c D
  • Uppercase: A B C
  • Lowercase: a b c
  • Numeric: 1 2 3

The minimum number of alphabetic characters must be no less than the combined uppercase and lowercase requirements.

In vSphere 6.0 and later, non-ASCII characters are supported in passwords. In earlier versions of vCenter Single Sign-On, limitations on supported characters exist.

Identical adjacent characters:

Maximum number of identical adjacent characters that are allowed in the password. The number must be greater than 0.

For example, if you enter 1, the following password is not allowed: p@$$word

 

Ref: ESXi and vCenter Server 5.1 Documentation > vSphere Security > vCenter Server Authentication and User Management > Configuring vCenter Single Sign On

Re: Why you should upgrade to vSphere 6.5 / ESXi 6.5

Recently I went to extend a volume on one of my guest systems and received an error requiring me to power off the system before extending the disk.

ErrorHot-extend was invoked with size (5368709120 sectors) >= 2TB. Hot-extend beyond or equal to 2TB is not supported. The disk extend operation failed: msg.disklib.INVAL

Good News – With vSphere 6.5 this is no longer a limitation.

Just one more reason why you should think about upgrading your VMware environment to the latest.

My VMware Certification Experience

I recently received my VCP6-DCV Certification from VMware by Passing the 2V0-621 Proctored Exam with Pearson VUE.

The Journey

For many years I have used VMware products. I distinctly recall getting my hands on VMware Workstation back in 2001, and it was truly an amazing tool. I could emulate Windows 3.1 and Windows 95, QNX, and even a few BSD environments, which I used to learn and troubleshoot issues.

Over the years I continued to use VMware line of products from: Workstation, ESX, GSX, and lastly the introduction of VirtualCenter.

Fast forward to now: The latest products have changed the landscape of running the data center, desktop provisioning, and the rapid deployment of test/development systems.

It was a no-brainer that I should obtain a certificate, but I never felt the need to. This changed when I was made a vExpert in 2017 this year, and that initiated my drive to do more with my knowledge and experience with the product. I now wanted to “prove” to myself, and perhaps others that I had what it takes to pass the exam and have an official recognition backing my previous and current experience levels.

VCP6-DCV Prerequisite

Obtaining the VCP6-DCV Certification requires a set of prerequisites. You need to meet all 3 requirements:

  • Attend an authorized training course
  • Pass the vSphere Foundations exam (2V0-620)
  • Pass the VCP6-DCV exam (2V0-621)

Training

The most difficult part of my path to being a vCP was finding a reputable company to train with in addition to scheduling the time to attend training. The following may sound like a plug and do I assure you that I am not being compensated for writing about them.

I choose to train with a company by the name of StormWind as they offer exceptional VMware Certified professional training which is not only budget friendly, but doesn’t require travel as training is instructor lead; Live in real time and can be done from the comfort of your home or office.

The course I enrolled in was: VMware vSphere: Install, Configure, Manage [V6], with instructor: Vince Rightley.

This was a very engaging class which allowed for attendees to not only be instructed but to participate in supplemental discussions which I personally found to be beneficial. Labs were particularly useful as they allowed for students to get hands on.

Study

vSphere Foundations exam (2V0-620)

After completion of my course I was now qualified to take the vSphere Foundations exam (2V0-620). Admittedly I rushed in to take this exam and FAILD my first attempt.

This was an eye opener that I was not fully prepared to take the test. What I discovered was that many of the resources can be found on VMware’s My Learn site. I would highly recommend following their guidance.

VCP6-DCV exam (2V0-621)

After successful passing the vSphere Foundations exam (2V0-620) it was time to start preparing myself for the VCP6-DCV exam (2V0-621)

VCP6-DCV exam Preparation

I have a few suggestions to make regarding preparation for the VCP6-DCV exam which I believe was beneficial to my success in passing.

Study the materials you obtained in your training course. Continue to leverage the study notes you made for yourself from the Foundations exam (2V0-620). Yes! You should have been keeping notes.

Seek out resources from VMware’s My Learn site. They are beneficial to your success.

Search ‘Google’ for VCP-DCV Study Guides. You will find many results many of great value

Practice Labs

I highly recommend that you gain access to a lab such as VMware’s Hands-On Labs (HOL) to get hands on to all the subject areas covered under the VCP6-DCA as you will need them. I built my own lab so I could have the full experience of building from scratch, to give me a full understanding of the environment.

Test many scenarios including areas of troubleshooting things which are broken (I had to break them, so I could fix).

Familiarizing yourself with acronyms and terms is also very helpful. Example: http://jermsmit.com/vmware-vcenter-terms-acronyms-glossary-tag-your-it/

Find yourself a practice test, and take it once a week to get yourself in accustom to taking tests; In my case it’s been a long time, and practice pays off.

Certification URL

Originally Posted on my LinkedIn

And, that’s it all folks.

–         Jermal