Académique Documents
Professionnel Documents
Culture Documents
A custom role without any assigned privileges, will have these two privileges by default:
- System.View
- System.Anonymous
In order for a user to have the ability to manage snapshots for VMs, the privilege
Datastore.Allocate Space
- is required.
To grant a user privileges that span vCenter Servers and vRealize Orchestrator within a PSC
domain
assign a Global Permission to the user
These 3 services can be enabled/disabled in the Security Profile for an ESXi host:
- CIM Server
- Direct Console UI
- Syslog Server
When Strict Lockdown Mode has been enabled on an ESXi host, to allow ESXi Shell or SSH
access for users with administrative privileges
Add the users to Exception Users and enable the service
To mitigate security risks associated with having a common root account configured for a group
of ESXi 6.x hosts:
- set a complex password for the root account and limit its use
- use ESXi Active Directory capabilities to assign users the administrator role
For VMs that are only hosted on a vSphere system, disable these advanced features:
- isolation.tools.unity.push.update.disable
- isolation.tools.ghi.launchmenu.change
- isolation.bios.bbs.disable
- isolation.tools.hgfsServerSet.disable
- isolation.tools.memSchedFakeSampleStats.disable
- isolation.tools.getCreds.disable
- isolation.tools.ghi.autologon.disable
ESXi 6.0 enforces password requirements for direct access. When you create a password, include
a mix of characters from four character classes: lowercase letters, uppercase letters, numbers,
and special characters.
VimPasswordExpirationInDays
- advanced setting for the vCenter Server to change the expiration policy of the vpxuser
password
isolation.tools.setinfo.disable = true
can be used to prevent sensitive data being written to the VMs configuration files
If users are getting Incorrect Username/Password when trying to log into the vSphere Web
Client
- Users are typing the password incorrectly
- Users are in a forest that has 1-way trust
CAAdmins
group in vsphere.local domain has administrator privileges for the VMCA
Maximum Lifetime
PSC Password Policy determines the number of days a password can exist before the user
must change it.
Milliseconds
defines the time skew tolerance between a client and the domain controller clock for an SSO
token configuration policy.
vga.vgaOnly = TRUE
Reduce Memory Overhead for Virtual machines with 3D graphics Option
128
Maximum Virtual CPUs per virtual machine (Virtual SMP)
A Subscription URL
is required in order to complete subscription when subscribing a Content Library to another
remote Content Library without authentication enabled.
Global
is the lowest level of permission hierarchy for a role, in order to grant a user access for only
creating a Content Library for a single vCenter Server.
When adding an -
Identity source type: Active Directory as an LDAP Server
- correct value for
Domain alias = The domains NetBIOS name
When changing settings on a vSphere Distributed Switch (vDS), if you get This host currently
has no management network redundancy due to misconfiguration
The host will automatically detect the communication issue and revert the change
Promiscuous
secondary Private VLAN (PVLAN) type can communicate and send packets to an isolated
PVLAN.
Configuring VMs to use WWPNs to access the storage, 2 conditions are required:
- The switches in the fabric must be N-Port ID Virtualization aware
- The VMs must be using pass-through RDM (RDMp)
A 6 node VSAN cluster, with 3 nodes in a fault domain, if a member of the fault domains fails
the remaining two fault domain members are treated as failed
vSphere Web Client > Increase Datastore Capacity > Select Device -
Capacity X GB, Expandable = Yes
- result
Datastore will grow up to X GB using the remaining free space on the device
VM activity on an ESXi 6.0 host is negatively affecting a VM on another host using the same
VMFS datastore. To mitigate the issue
Enable SIOC
To provide Load Balanced I/O for an EqualLogic Array (SATP = VMW_SATP_EQL), set the
Path Selection Policy = Round Robin (VMware)
After running
esxcli storage nmp psp roundrobin deviceconfig set --useano=0 -d
naa....
- the expected effect
I/O will rotate on all storage targets that are Active Optimized state only
Note: useano = Use Active-Non-Optimized, and the setting 0 turns it off.
If upgrading an ESXi 5.5 host to ESXi 6.x you get the following error MEMORY_SIZE
(there is) Insufficient memory on the ESXi host to complete the upgrade
Display the Installed VIBs and Profiles That Will Be Active After the Next Host Reboot
For VIBs: esxcli --server=server_name software vib list
--rebooting-image
For Profiles: esxcli --server=server_name software profile get
--rebooting-image
The installation kickstart script (ks.cfg) to upgrade an ESXi 6.x host can reside in any of these
locations:
- HTTP/HTTPS
- NFS
- USB
- FTP
- CD/DVD
boot.cfg
determines the location of the installation script during a scripted upgrade
Once you have upgraded a Distributed vCenter Server environment from 5.5 to 6.0, the next step
If vCenter Server upgrade fails at the vCenter Single Sign-On installation, to complete the
upgrade:
Verify that the VMware Directory Service can stop by manually restarting it
As part of an upgrade from a Distributed vCenter server running 5.x, the following 2 vCenter
Server services are migrated automatically as part of the upgrade:
- vSphere Web Client
- vSphere Inventory Service
Note: Also in the group of services migrated vSphere Auto Deploy, vSphere Syslog Collector,
vSphere ESXi Dump Collector.
esxcli
command line utility can be used to upgrade an ESXi host
To identify an issue which occurred during the pre-upgrade phase of a vCenter Server upgrade
process
vcdb_req.out (pre-upgrade checks)
If you create a resource pool with a Memory Limit of say 24 GB, and it has 3 VMs, with 16/6/4
GB RAM respectively (26GB)
only 2 of the 3 VMs can power on
vSphere Replication protects VMs from partial or complete site failures by replicating the VMs:
- From a source site to a target site
- From within a single site from one cluster to another
- From multiple source sites to a shared remote target site
3 parameters that should be considered when calculating the bandwidth for vSphere Replication:
- Data change rate
- Traffic rates
- Link speed
24
is the maximum number of snapshot instances in vSphere Replication that can be configured
to recover a VM at a specific point in time.
FastLZ
is the compression algorithm used by vSphere Replication to compress data at the source.
Via -
vSphere Web Client > Cluster Actions Menu > Storage option
- create a VVOL on an existing VVOL container
The hosts CPU hardware does not support the clusters current Enhanced vMotion
Compatibility mode. The host CPU lacks features required by that mode
the ESXi host CPU has the Intel No-Execute feature disabled
Example on VSAN:
If we have 5 HDD, but one is Not supported, so 4 HDD.
And 2 SSD (Flash)
2 combinations of devices which could be used to create Disk Group(s):
- One Disk Group with 1 Flash Drive and 3 HDDs
- Two Disk Groups with 1 Flash Drive and 2 HDDs each
Note: For One Disk Groups need a HDD spare
Note: For Two Disk Groups need sufficient drives
Unable to start the vCenter Server service, so check the vpxd.log file and see:
CoreDump: Unable to write minidump There is not enough space on the disk
There is insufficient space on the vCenter Server!
After deploying vSphere Platform Services Controller (PSC), you are unable to install vCenter
Server. The error is:
Could not contact Lookup Service. Please check VM_ssoreg.log
2 actions to correct this problem:
- Verify that the clocks on the host machines running the PSC, vCenter Server, and the
vSphere Web Client are synchronized
- Ensure that there is no firewall blocking port 7444 between the PSC and vCenter Server
3 ports used by the vSphere Web Client when connecting directly to an ESXi 6.x host:
- 443 TCP
- 902 TCP and UDP
- 903 TCP
vSphere Web Client use Windows Session Authentication check box requires:
- Install the vSphere Web Client Integration browser plug-in on each workstation from
where a user will sign in
- The users must be signed into Windows using Active Directory user accounts
- The administrator must create a valid Identity Source in Single Sign-On for the users
domain
3 likely causes contributing to an administrator being unable to see performance statistics for
only the Past Week performance data, with vCenter Server using Microsoft SQL Database:
- Performance statistics are turned off
- The Past Day rollup job is not present
- The stats_rollup_1_proc is not present
An ESXi 6.x host in vCenter Server Inventory has disconnected due to an APD situation. After
correcting the APD issue on the host, next action
Select Restart Management Agents from the DCUI
To change the root password for an ESXi 6.x host, 2 ways this can be accomplished:
- Use the DCUI to change the password
- Use the passwd command in the ESXi Shell
If you can manage an ESXi 6.x host connected to vCenter Server using the vSphere Web Client,
but are unable to connect to the host directly
Disable Lockdown Mode on the ESXi host through vCenter Server
If a new custom ESXi firewall rule using an XML file has been created, and it does not appear in
the vSphere Web Client
Load the new rules using esxcli network firewall refresh
In order to see two vCenter Servers within a single vSphere Web Client session, two vCenter
Server and PSC configurations that would accomplish this:
- Install a single PSC with two vCenter Servers registered to it
- Install two PSCs in the same Single Sign-On domain with one vCenter Server registered
to each PSC
If an administrator tries to connect the vSphere 5.5 Client to an ESXi 6.x host
The operation will prompt the administrator to run a script to upgrade the vSphere
Client
If a new ESXi 6.x host is Not Responding in the vSphere Web Client, this can be caused by a
network firewall blocking traffic to port
902 (UDP)
Troubleshooting network communications between the vCenter Server and the ESXi 6.x host,
review this log:
/var/log/vpxa.log
The minimum VM Hardware version required for vFlash Read Cache is:
Version 10
voma
is the command line utility that checks for VMFS5 metadata corruption
2 reasons why a local flash device would be unavailable for use with VSAN:
- it has a VMFS datastore present
- it is in use by the vFlash Read Cache feature
When attempting to remove a host from a vSphere Distributed Switch (vDS), you receive this
error -
The resource is in use
- 2 reasons why this error might be displayed:
- VMkernel network adapters on the vDS are in use
- VM network adapters are connected to the vDS
If you suspect the MTU value for a vSphere Standard Switch is misconfigured, 2 commands to
determine the value:
- esxcfg-vswitch -l
- esxcli network vswitch standard list
The command esxcli network vm list shows 4 VMs connected to a Production vSwitch, but the
vSphere Web Client shows 5 VMs, this is because
The 5th VM is currently powered off.
If after configuring a VSAN cluster, you notice the VSAN datastore is smaller than expected (i.e.
100GB instead of 300GB)
There is a network problem with the VSAN vmkernel ports
vCenter Server Appliance 6.0 does not support upgrades from 5.1 U2
After upgrading a VCSA from version 5.5 to 6.x, using DHCP to obtain hostname, and then
configuring static IP and hostname. Immediately after the change, to prevent service failures
Regenerate the SSL certificates
An administrator is unable to patch an ESXi 6.x host using VMware Update Manager, an
alternative option for patching the host
Upload the offline bundle to a datastore and execute the command esxcli software vib
install -d to apply it manually
If - for a VM the CPU usage is consistently > 90%, and CPU ready value is consistently > 20
%, and application performance is impacted; to improve the performance of the VM:
- Verify the VMware Tools is installed on every virtual machine on the host
- Increase the CPU shares assigned to the virtual machine
2 badges in vRealize Operations which would help identify possible VM resource contention
concerns:
- Health > Workload
- Risk > Stress
A VM is exhibiting symptoms:
- Memory usage: constantly high (94% +) or constantly low (24% -)
- Free Memory: consistently 6% or less
- swapping frequently occurs
3 solutions to correct:
- Verify that VMware Tools is installed on each VM
- Decrease the memory reservation setting, if much higher than active memory
- Add physical memory to the host
Note: See https://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vsphere.monitoring.doc%2FGUID-115861E6-810A-43BB-
8CDB-EE99CF8F3250.html
If concerned about possible vCPU over-commitment for an ESXi 6.x host, review these 2
Performance Counters in vSphere Web Client Performance Charts to confirm if there is
contention on the host:
- Ready
- Co-Stop
To use ESXTOP to troubleshoot CPU performance issues
in esxtop, press f and place an asterisk next to each field that should be displayed
An administrator notices that a Windows VM is using 95% CPU in Task Manager. Two actions
to resolve:
- Increase the CPU Shares on the resource pool where the VM resides
- Increase the CPU limit on the resource pool where the VM resides
High Performance
is a Host Power Management Policy for an ESXi 6.x host that will disable most hardware
power management features.
To monitor VMs on a host and send notifications when memory usage reaches 80%, create in
vCenter
a vCenter Server alarm that will monitor VM memory usage and set an action to email
the notification
fdm.log
is the name of the High Availability agent log
vSphere Standard
is the minimum licensed edition that supports VM Fault Tolerance
A datastore in a datastore cluster cannot enter maintenance mode. The Entering Maintenance
Mode status remains at 1%. Cause: One or more disks on the datastore cannot be migrated with
Storage vMotion. This condition can occur in the following instances.
- Storage DRS is disabled on the disk.
- Storage DRS rules prevent Storage DRS from making migration recommendations for the
disk.
2 likely causes for a DRS cluster to become unbalanced:
- Affinity rules are preventing VMs from being moved
- A device is mounted to a VM preventing vMotion
2 scenarios that would cause an FT enabled VM to fail to power the Secondary VM:
- The host has entered a Network Partitioned state
- vSphere HA is disabled on the host cluster
An administrator notices vSphere DRS indicates Imbalanced. vMotions are working Total
vMotion Migrations > 100, and there is plenty of resource availability on the cluster (10% CPU
utilization, 60% memory utilization). 3 potential causes of the cluster imbalance:
- A local device is mounted to one or more of the VMs
- DRS rules prevent VMs from being moved
- DRS has been configured for a conservative migration threshold
In vRealize Operations, a VM has a Workload is highest by CPU alert, and in the Risk pane it
effectively says:
Increase the number of vCPUs for the VM
Auto Deploy hosts have been configured to obtain their networking configuration via DHCP.
To renew the DHCP lease for the hosts via the DCUI
Restart Management Network
Export-EsxImageProfile
can be used to ensure Auto Deploy image profiles are preserved (exported and available)
across PowerCLI sessions.
2 valid (Auto Deploy) compliance results that indicate the need to apply a Host Profile:
- Non-compliant
- Unknown
After Auto Deploying ESXi hosts connected to a vSphere Distributed Switch, it is noticed that
LACP packets are not being sent between them. This is because
The LACP support settings do not exist in the host profile
Using VMware converter against a Windows Server that Contains one NTFS formatted
volume, the number of virtual disks that can be added to the destination VM = 0
Using VMware converter to create a VM with smaller virtual disks than the original physical
server
use VMware Converter hot cloning with volume-based cloning at the file level
To recover disk space on a previously-used thin provisioned virtual disk, and disk blocks are on a
VAAI-compliant storage array, two actions to accomplish this:
- Use VMware Converter to migrate the VM to a new datastore
- execute the esxcli storage vmfs unmap command
To set a non-default isolation address of 192.168.1.2 for HA, the advanced setting to accomplish
this is:
Das.isolationaddress0=192.168.1.2
The number of vSphere HA heartbeat datastores for this host is 1, which is less than required:
2. 2 actions to clear:
- Set the advanced High Availability parameter Das.ignoreInsufficientHbDatastore to true
- Add a shared datastore and reconfigure High Availability
120 seconds
is the VM Monitoring I/O stats interval default value in a vSphere HA cluster.
An administrator enables HA on a Virtual SAN cluster. We have four VMkernel port groups for:
Management, vMotion, Virtual SAN, and Fault Tolerance
the Virtual SAN IP address is used for (VSAN) HA traffic.
To configure a HA cluster to allow VMs a 10-minute window to shut down in the event of a Host
isolation incident:
- Set the advanced option das.isolationshutdowntimeout = 600
- Configure Host Isolation Response to Shut Down and Restart VMs
A vSphere 6 HA cluster with default settings, and 4 VMs with these restart priorities: High,
High, Medium, Low. The number of VM Overrides to be defined at cluster level to meet the
restart priorities is
2
Two settings required for VMCP to protect from APD and PDL:
- Host Monitoring
- VM Restart Priority
at 01:53 No comments:
Email ThisBlogThis!Share to TwitterShare to FacebookShare to Pinterest
Two options for changing the virtual machine swap file location...
... Store in the hosts swapfile datastore
... Always store with the virtual machine