vCenter server appliance AD integration and SSO configurations

Or, How integrate vCenter server appliance 6.0 with Active Directory?

Or, How to configure SSO on vCenter server appliance 6.0?

Or, AD Integration of vCenter server appliance

Descriptions: To be able to sign-in in vCenter server with AD account or to able to use SSO you must enable AD integration with vCenter server and enable SSO. There has been multiple articles where it’s confusing to understand what is difference between SSO and AD integration of vCenter server and what you actually need to be able to use your AD credentials for login in to the vCenter server…

Friends, so far as per my understanding, the difference between AD integration and SSO configuration is as below:

AD integration is just joining your vCenter server appliance in AD domain, as you do for windows machines (joining a workgroup windows machine in domain).

SSO (Single Sign On) configuration is adding your domain in Identify Sources section under SSO configuration of vCenter server to synchronize all AD users in vCenter Users and Group section so that you can add these AD users latter in vCenter Server’s different roles to grant them access of vCenter server.

This way, you can use your single account for login in your windows machine and vCenter server. This where the SSO requirements meets.

Steps: AD integration of vCenter server

Login to vSphere web console with administrator@vsphere.local account > Go to Systems Configurations

Click on Nodes under System Configuration> Select the vCenter Server appearing under Nodes

Click on Manage > Settings > Active Directory

Click on Join

Provide all the required details as reference shown in the below screenshot and Click OK.  As soon as you click OK, the virtual appliance will be reboot to take the changes in effect.

--------------------------------------------------------------------------------------------------------------------------

To know more what details to provide in which field, refer the below notes:

Domain : Active Directory domain name, for example, TechiesSphere.com. Do not provide an IP address in this field.

Organizational unit: The full OU LDAP FQDN, for example, OU=Engineering,DC=TechiesSphere,DC=com. Use this field only if you are familiar with LDAP.

User name: User name in User Principal Name (UPN) format, for example, domainadmin@techiessphere.com. Down-level login name format, for example, DOMAIN\UserName, is unsupported.

Password: Password of the user.

--------------------------------------------------------------------------------------------------------------------------

After reboot, when you will come back to this page again, you would be able to see your domain name, Join button is grayed out, and Leave button is available.

Steps: SSO (Single Sign On) Configuration

Login to vSphere Web Client > Go to Administration

Go to Configuration > Identity Sources > Click on + sign

Select Active Directory (Integrated Windows Authentication) > Provide other required details > OK

To verify if the configuration is completed, Go to Users and Groups > Users > Under Domain section, click on Down arrow to see if your domain name is appearing there > If its appearing there means the configurations is done successfully.

Now you can add any AD users in any vSphere Roles to enable them to login in vSphere with AD credentials.

Cheers, Please write me back if you have any query or feedback.

VMSA-2017-0006 vulnerability remediation for ESXi hosts

Or, VMware ESXi 6.0 vulnerability VMSA-2017-0006 remediation

Or, VMware ESXi vulnerability VMSA-2017-0006 remediation planning and execution

Descriptions: On Mar 28^th 2017 US-CERT notified it’s users about this vulnerability with VMware ESXi hosts. The remediation of this vulnerability is to update the ESXi hosts with the patch recommended by VMware. In my case the recommended patch was ESXi600-201703003.zip as my VMware ESXi servers are running on version 6.0 U2.

Scenario: As I am using ESXi Server version 6.0 U2, the recommended patches details are as below as per the reported vulnerability security advisory reference KB.

Security advisory reference KB: http://www.vmware.com/security/advisories/VMSA-2017-0006.html

You have to scroll down the page till the end to see these patches details as shown in the below screenshot.

Remediation Procedure/Steps:

Stage-1

As shown and explained in the above screenshot, please go to the VMware KB http://kb.vmware.com/kb/2149673 Or,

https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2149673 to verify and check the information about required patch file.

It should be containing following information as highlighted in red in the below screenshot.

Stage-2

Now download the required patch from VMware Site (in my case it’s the below one):

https://my.vmware.com/group/vmware/details?productId=491&downloadGroup=ESXI60U2

This is the same URL which was given in security advisory (can see the very first screenshot in this article for reference).

You must be logged-in in the “My VMware” portal to be able to access this patch download windows.

The download page should be looking like below:

After downloading the path file will be appearing like below in a .Zip file format.

Use this file to update the patches on all affected VMware ESXi servers. You can use either manual method of installing this patch on all affected ESXi servers or you can use the easiest method of doing it by using VMware vSphere update manager.

I am a lazy administrator so don’t expect me to do this patching activity manually. Yes, I used the easiest method of doing it by using Update manager.

I have posted all the steps in my another article How to use Update Manager for patch installation on ESXi servers? . 

You can refer this article if you want to use Update manager for installing these updates on your ESXi hosts.

Cheers, Please write me back if you have any query or feedback on this.

How to use Update Manager for patch installation on ESXi servers?

Or, How to install patches on ESXi servers using VMware vSphere update manager?

Or, Using VMware vSphere update manager for patch installation on ESXi servers

Or, Patching ESXi hosts using Update Manager

Descriptions: Patching operating systems and software is one of the common and day to day task for every administrators, no matter if you are on Windows, VMware or any other platform. Here in this article we will explore VMware vSphere update manager for installing updates/patches on VMware ESXi servers.

Using update manager is for this kind of activities is really cool and easy. Just couple of click and that’s it..

Prerequisites:

1. Already synced updates in the patch repository of update manager or manually downloaded update file. In my case I have a manually downloaded patch file.

2. Good understanding of VMware features like vMotion, HA, Maintenance Mode, Baseline, Compliance check, remediation etc..

3. Administrative privileges for performing this activity.

Steps-1: Preparing patch repository or Importing patch file in update manager’s repository

Download the required patch file from VMware site, in my case it’s the below one:

Go to Update Manager console > Click on Patch Repository Tab > Click on Import Patches

Click on Browse > Select the patch file you downloaded > Click on Next

Click in Finish

Verify if the patch imported successfully, you can search for the patch ID in the search box.

Step-2: Preparing baseline image with the newly imported patch

On the Update Manager admin console, Click on Baselines and Groups > Click on Create > Fill in the Name and Descriptions > Select Host Path under Baseline Type > Click Next

Check on Fixed > Click Next

Search for the patch ID in the search box > Select the Patch > Click on Down Arrow > Click Next

Here you can select one or multiple patches to club in the baseline you are creating.

Click on Finish

The baseline has been created. Now you are ready to go with patch deployment on all ESXi hosts one by one or all at once in sequence…your choice..

Step-3: Applying the patches remediation of each ESXi individually using baseline

Choose any one host > Put it in Maintenance Mode > Go to Update Manager tab > Click on Attach

Select the host patch Baseline and click on Attach

Click on Scan to check if the host is compliant with the Baseline or not..

Click on Remediate, as the host is not yet compliant/patched

Click on Next

Click Next

Fill the required details > Select Immediately > Click on Next

Choose the options as per your requirements and Click Next (in my case, I left these options to Default)

Click Next

Click on Finish to start the remediation

Once the remediation is completed, you will see the compliant status as green… In addition, you may notice that the build version of ESXi host also changed.

You are done with remediation of the ESXi host with the patch baseline you created. To remediate other additional hosts, you need to follow the same process. No, No, No, not all the steps... You need to follow step-3 only for rest of the hosts.

Cheers, please write me back if you have any query of feedback on this.

Removing snapshot of multiple Virtual Machines – vSphere PowerCLI

Or, Working with removing multiple virtual machine’s snapshots – vSphere PowerCLI

Or, Removing multiple virtual machine’s snapshots using vSphere PowerCLI

Or, Removing common snapshots from multiple virtual machines in one attempt

Descriptions: Fiends, in my previous article of VMware snapshots series; I explained how to take snapshot of multiple virtual machines in single attempt. Now in this Article, we will see how to remove a common snapshot from multiple virtual machines in one attempt.

This is our daily routine task when we take snapshot of VMs for some maintenance activities and then we have to remove then once the job done.

The very common scenario is “Patch Management”. If you perform patch management, you are enforced to keep a common name of the snapshot you are taking for each VMs due to patch management activity and that’s a good thing you do…Seriously... J

So if you have already taken snapshot of multiple VMs with a common name, you can easily remove those snapshots from all VMs with a single command. We are going to do the same thing in this article.

Scenario:

1. I have three test VMs – TestVM-1, TestVM-2, and TestVM-3

2. Taken a common snapshot on each VMs for a maintenance activity – snapshot name is “Test-Snapshot”

3. Want to remove snapshot “Test-Snapshot” from all these three VMs

Useful PowerCLI Commands You can explore to learn more:

PowerCLI C:\> get-help Remove-Snapshot

PowerCLI C:\> get-help Remove-Snapshot -Examples

Steps-1:  Checking for common snapshot on targeted VMs

From vSphere PowerCLI, run the below command to check if the targeted VMs are having common snapshots (Please replace VMs name with yours).

PowerCLI C:\> Get-VM TestVM-1, TestVM-2, TestVM-3 | Get-Snapshot

The Result/Output of the above command

Name                 Description                          PowerState

----                         -----------                                ----------

Test-Snapshot        TestSnapshot-dis               PoweredOff

Test-Snapshot2       TestSnapshot-dis2            PoweredOff

Test-Snapshot        TestSnapshot-dis               PoweredOff

Test-Snapshot2       TestSnapshot-dis2            PoweredOff

Test-Snapshot        TestSnapshot-dis               PoweredOff

Test-Snapshot2       TestSnapshot-dis2            PoweredOff

So, now we have two snapshots on each targeted VMs. In your case, it may be one or more. Here we have to choose the snapshot name that we want to be removed.

In my case, I am taking example snapshot name “Test-Snapshot”

Steps-2:  Verifying for selected common snapshot on targeted VMs

From vSphere PowerCLI, run the below command to verify if the targeted VMs are having selected common snapshots (Please replace VMs name with yours)

PowerCLI C:\> Get-VM TestVM-1, TestVM-2, TestVM-3 | Get-Snapshot -Name Test-Snapshot

The Result/Output of the above command

Name                     Description                        PowerState

----                              -----------                        ----------

Test-Snapshot        TestSnapshot-dis               PoweredOff

Test-Snapshot        TestSnapshot-dis               PoweredOff

Test-Snapshot        TestSnapshot-dis               PoweredOff

Now in the above result/output, we can see that the snapshot we had selected “Test-Snapshot” is present on all targeted VMs.

Let’s proceed  with the removal then…

Steps-3:  Prepare the $snapshot1 parameter

From vSphere PowerCLI, run the below command to prepare for the $snapshot1 parameter (Please replace VMs name with yours)

PowerCLI C:\> $snapshot1 = Get-VM TestVM-1, TestVM-2, TestVM-3 | Get-Snapshot -Name Test-Snapshot

Steps-4:  Removing the selected snapshot from all targeted VMs

Run the below command to execute the snapshot removal from all selected VMs

PowerCLI C:\> Remove-Snapshot -Snapshot $snapshot1 -RunAsync

The Result/Output of the above command

If prompted, select the desire option to confirm the execution. In my case, I selected “A” to confirm for all (Yes to All).

--------------------------------------------------------------------------------------------------------------------------
Confirm

Are you sure you want to perform this action?

Performing the operation "Removing snapshot." on target "VirtualMachineSnapshot-snapshot-6931".

[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): A

Name                                        State                  % Complete Start Time   Finish Time

----                           -----      ---------- ----------   -----------

RemoveSnapshot_Task            Running             0 03:26:10 PM

RemoveSnapshot_Task            Running             0 03:26:31 PM

RemoveSnapshot_Task            Running             0 03:26:34 PM

--------------------------------------------------------------------------------------------------------------------------

That’s it... Selected snapshot has been removed from all targeted VMs.

Cheers, Please write me back if you have any query of feedback on this.

Automate Virtual Machines creation using vSphere PowerCLI

Or, How to create VM automatically using vSphere PowerCLI

Or, Easiest way to automate Virtual Machines creation

Or, Automating creation of Virtual Machines in VMware

Descriptions: Being a VMware administrator this is something a routine job to create Virtual Machines. When it is one or two VM, that is easy but what if you have to create at least 10-20 VMs in next 10-15 minutes? That is not possible to achieve manually.

In this scenario, you must be having some automation in place to do this job for you, off-course in 10-15 minutes depending on your Infrastructure capabilities. There are multiple ways to automate this task depending on your requirement.

Important Note: There are many articles on the web where some people have suggested creating VM using New-VM cmdlet without using any template but my friends that is not the real VM creation. It is just a VM instance without Guest OS where you have to install Guest OS manually, which is time taking process, as you already know and this is the one pain area you want to be automated.

In this article, we will be using VM template to automate the VM creation with one click approach.

The only few things you need to do after VM creation are:

1. Change Computer/Host Name inside Guest OS

2. Assign appropriate network port group to the newly created VM

Prerequisites:

1. You must have fully patched VM template created in your VM Infra

2. Basic understanding of vSphere PowerCLI

3. vSphere PowerCLI Installed on your machine

4. Administrative privileges to complete this task

5. Following Information handy (Template Name, Datastore Name and Cluster Name)

Steps:

Open vSphere PowerCLI > Type the command below and hit enter

Connect-VIServer IPAddressOfvCenterServer

To prepare for the automation, please run below commands sequentially:

--------------------------------------------------------------------------------------------------------------------------

    $MyTemplate = Get-Template -Name MyTestTemplateVM

    $myDatastore = Get-Datastore -Name MyTestDatastore

    $myCluster = Get-Cluster -Name MyTestCluster

--------------------------------------------------------------------------------------------------------------------------

Note: Please replace MyTestTemplateVM, MyTestDatastore, and MyTestCluster with your VM Template Name, Datastore name and Cluster name respectively.

That’s it, your automation environment is ready to go… just a single command (when repeating just up arrow and one click) to create your virtual machine automatically.

Now run the below given command to start creation of your Virtual machine:

New-VM -Name NewVMName -Template $MyTemplate -Datastore $myDatastore -ResourcePool $myCluster

Note: Replace NewVMName with your VM Name.

Cheers, Please write me back if you have any query or feedback on this.

Trace deleted virtual disk in VMware

Or, Tracing deleted VMDK files in VMware

Or, How to check who deleted the virtual disk of the virtual machine in VMware?

Descriptions: First thing first, Once you have deleted the virtual disk by selecting “Delete From Disk” option, VMware cant help you to get it back as they dont have any built-in recovery solution in VMware. You may consult data recovery vendors to check for any possibility of data restoration.

In common scenario, if the disk was deleted by someone else or it was done unknowingly, an administrator is always asked to trace the logs..

At first attempt, VMware administrators prefer to check the task and events of vSphere client which is very much useful in most of the cases but not for all the cases.

For example: If someone have deleted the disk of VM, modified RAM capacity, or Modified CPU capacity, vSphere will have almost similar kind of event for all these actions (like, Reconfigure Virtual Machine). In this case, you will not be able to understand at what stage HDD or deleted and at what stage CPU was updated.

In this article, we will see some available options to trace the logs more efficiently for deleted vmdks.

Steps: How to trace the logs for deleted VMDK?

1. Check for the Tasks and Events in vSphere Client for the affected Virtual Machine and note down the “Reconfigure” event details time stamps

2. Check for the associated Datastore from which the disk was deleted

3. Check for the Host on which this Virtual Machine was running when the Modify event was occurred.

SSH the Host in Putty and run the following commands sequencially

# ls -la

# cd vmfs/volumes

# ls -la

# cd Datastore

# ls -la

# cd VMName

# ls -la

# less vmware.log | less

Search for the logs:

1. (Destroying Virtual Dev for scsix:xxx vscsi=xxxx)

2. (DISKLIB-VMFS : ‘’vmfs/volumes/xxxx-xxxxx-xxxx-xxxx-VMName/VMName-Flat.VMDK” : Closed )

Above two highlighted events gives some clue about VMDK deletion. It was started from term “Destroying” and completed at term “Closed”.

Cheers, Please write me back if you have any query or feedback..

vCenter Server running out of space, vcenter_log.ldf consuming huge disk space

Or, vcenter_log.ldf consuming huge disk space on vCenter server.

Or, How to shrink vcenter_log.ldf database in vCenter server?

Or, How to release log file or .ldf file occupied space in SQL database?

Descriptions: Friends, this is a very common task for across all SQL Databases but in this article we will be exploring it in respect of vCenter server which is running on SQL database. You can shrink logs for any other databases as well by following the same steps but there may be some pros and cons for doing it according to applications for which it is being used and you should understand the risk of doing it.

In scenario of vCenter server, I don’t see any impact of shrinking of ldf database in my case.

Scenario: Your vCenter server is using SQL database and somehow the vcenter_log.ldf database file has occupied more than 90% of disk space on your server. Now you want to release the space occupied by the log files.

Prerequisites:

Admin rights on SQL database on which you are going to perform this action.

Please take backup of your database before performing shrink task

Reference Screenshot (too large log file before shrink):

Steps: shrinking .ldf database log files

Login to your vCenter server with Administrative privilege > Login to SQL Server using SQL Management Studio to access Databases > Navigate to your vCenter Server Database > Right Click on vCenter Database > Go to Properties

Go to Options > Choose Simple under Recovery Model drop-down list > Click OK

Once more right click on your vCenter Database > Go to Tasks > Select Shrink > Select Files

In the General option, Choose Log under File Type drop-down list > Make sure filename_log is automatically populated under File Name drop-down option > Under Shrink Action, Select Release Unused Space > Click OK > Wait for Shrink action to be completed

You are done. You can check your log file size, it should be appearing small in size. Also your disk space should be healthy now.

Reference screenshot (small log file after Shrink):

Cheers, please write me back if you have any query of feedback on this.

Managing Guest OS, software or database inventory with VMware vSphere

Or, Way out to manage software inventory of Virtual Machine in VMware vSphere without any additional or third-party inventory tools

Or, Managing software inventory list of the Virtual machine without inventory tools

Description:  We understand that it is not possible or the priority for every small or mid-level company to have inventory tools to manage software inventory list of VMware infra Guest machines. Although, there are some free tools available in the market, but some companies may not be interested to have any kind of free tools even, due to security and compliance risks.

So what next? It's tough or easy, you have to manage the software inventory list of Virtual Machines.

The way out is to define Note and Folders for each virtual machines in your VMware Infrastructure, for their easy management for inventory or navigation purpose and then exporting the detailed report of all the VMs using PowerCLI.

This is a one-time job to write the Notes for each Virtual Machines and creating departmental or any relevant category based folders.

Once you have everything defined well as recommended, you would be able to see the VMs inventory report like below,

Based on my convenience, I have modified the yellowed columns manually after exporting it so that the report looks good and enough informative.

Here is the step-by-step instruction to achieve this requirement.

Let’s Prepare the VMware vSphere management console.

Step-1: Creating VMware Folders

Please create Department based or any relevant category based VM folders under your VMware Datacenter.

It may look like the below reference screenshot.

Step-2: Identifying and writing the notes for each Virtual Machines

Please Select the VMs one-by-one > go to Summary tab > Click on Edit under Annotations option > write your Software name/list in Notes section > Click OK to save the changes.

Step-3: Exporting the Virtual Machines report with VM Name, Guest OS, VM Folder, and Software Inventory Notes

Connect to your vCenter server using vSphere Power CLI > Type the command given below > Hit Enter to execute it

Get-VM | select Name, Guest, Folder, Notes | Export-CSV D:\test.csv

Updated: 24/02/2017

To add Info in the report like Datacenter etc.. you can use below command format:

Get-VM | select Name, Guest, Folder, Notes, @{N="Datacenter";E={Get-Datacenter -VM $_}} | Export-CSV D:\test.csv

Updated: 21/06/2018

To add info in the report like Guest IP address... you can use below command format

PowerCLI C:\> Get-VM | select VMHost, Name, Guest, Folder, Notes, @{N="Datacenter";E={Get-Datacenter -VM $_}}, @{N="IP Address";E={@($_.guest.IPAddress[0])}} | Export-CSV D:\test.csv

Note:  You should change the output file path from D:\test.csv to any other folder path suitable as per your scenario.

Once the command is completed, you will be able to see the report you have been looking for so far.

Cheers, please write me back if you have any query or feedback on this.