Posts tagged vCenter

Custom certificates in VMware vSphere

Jul 24th

Posted by Christian in Life

Finally, after about 6 months (I last talked about that on February 25th, when Virtual Center 2.5U4 was released) our troubles with our “custom” certificates seems to be resolved! As it turns out, it really was our fault and not VMware’s.

When generating the pfx from the signed certificate and the key-file, you need to supply a password, otherwise the vCenter service is unable to utilize the private key of the pfx, since it’s unable to access the PFX with the default password (testpassword is the default for Virtual Center as well as vSphere).

As noted in the Replacing VirtualCenter Server Certificates document for Virtual Infrastructure 3, as well as through our Customer support, you need to specify the password when exporting the signed crt/Private key into the pfx:

openssl pkcs12 -export -in rui.crt -inkey rui.key -name rui \
               -passout pass:testpassword -out rui.pfx

After successfully doing so, you just need to replace the original files (hopefully move them away beforehand) with the ones generated. And afterwards, you should be able to utilize your new certificates! When you now try to clone a template and customize it using an existing customization spec, you’re gonna see this:

vCenter: Cannot decrypt password

vCenter: Cannot decrypt password

After clicking on “OK“, you’re gonna get the normal customization specification edit frame, where you should be able to skip ahead to “Workgroup or Domain“, where you’re gonna have to reenter the domain administrator password.

, ,

VMware: New VirtualCenter 2.5 Update 4

Feb 25th

Posted by Christian in Life

As many people on the VM-Planet already blogged about this, I ain’t gonna write just about it. Let’s turn the clock back a few months, to January 2008.

As the institution I work for, is part of the DFN we took the opportunity to be a part of the “I want you to run our RA“-gang. In January 2008 we thought about changing the vCenter certificate. Now, apparently there’s a slight difference between the DFN-PCA and what VMware considers common practice.

The DFN-PCA states, that only CSR’s with a key length of 2048 bits are allowed (as outlined in 6.1.5 of the DFN-PKI Certificate Policy). Now VMware apparently didn’t actually think customers would use this “feature” (that is changing the SSL certificates).

Customization Specifications Created in Previous Releases Can Be Used in VirtualCenter 2.5 Update 4 to Clone or Deploy Virtual Machine with Customized Guest Operating Systems
This release resolves an issue where, if you clone or deploy a virtual machine using a customization specification that was created prior to upgrading the VirtualCenter, the VirtualCenter Server might display the error message The VirtualCenter server is unable to decrypt the passwords stored in the customization specification in the following scenarios:

  1. VirtualCenter Server is uninstalled first, and then re-installed and/or upgraded afterwards.
  2. Custom SSL certificate are deployed, but the instruction in http://www.vmware.com/pdf/vi_vcserver_certificates.pdf are not followed in a verbatim manner.

Well, and apparently it ain’t fixed yet. At least not for us :???:

,

VMware vCenter: <virtual machine> is not connected

Feb 4th

Posted by Christian in Life

2 comments

Well, today I once again had the case where a virtual machine (in my case a Virtual Machine Template) was kinda stuck. You couldn’t remove the template (as in the entries for “Remove from inventory” was grayed out) and you couldn’t re-add the Virtual Machine’s VMX from the datastore browser either.

VI Client - Disconnected templates

VI Client - Disconnected templates

Though, a simple putting the host into maintainance mode and rebooting helped that problem. Maybe there is a simpler solution for this, I just don’t know about it.

Thanks to Sven in #1, I now know that simple solution for my problem!

[root@esxi root]# /etc/init.d/mgmt-vmware restart
Stopping VMware ESX Server Management services:
   VMware ESX Server Host Agent Watchdog                   [  OK  ]
   VMware ESX Server Host Agent                            [  OK  ]
Starting VMware ESX Server Management services:
   VMware ESX Server Host Agent (background)               [  OK  ]
   Availability report startup (background)                [  OK  ]

Half a minute, and a heart-stopping moment later (all VM’s on that host turn grey after the first update) the VM’s are accessible again. Thanks again to Sven!

, ,

VI Client: Changing the language from the system default

Jan 14th

Posted by Christian in Life

Well, as I am in fact running a german Windows XP, the VI Client started displaying all menus and operations in German when I updated to 2.5u2. Normally, I wouldn’t have much of a problem with that, but recently it started to annoy me, since the translation is a bit off from the real meaning of much of the operations.

So today, in the morning I started looking for ways to revert the VI Client back to displaying everything in English. And guess what. There’s no way to switch the language from the VI Client itself. There’s just a workaround.

Simply rename the folder in “%ProgramFiles%\VMware\Infrastructure\Virtual Infrastructure Client\2.5“, %ProgramFiles%\VMware\Infrastructure\VIUpdate” “%ProgramFiles%\VMware\Infrastructure\Virtual Infrastructure Client\Plugins\Converter Enterprise 4.0.2” and “%ProgramFiles%\VMware\Infrastructure\Virtual Infrastructure Client\Plugins\Update Manager 1.0 Update3” named “de” to something else. Tada, your VI Client is back in English.

, , ,

More VirtualCenter troubles (fini)

Aug 7th

Posted by Christian in Life

Well, today the support request came back. Seems one of the originally linked VMTN dicussions really is the only way:

  1. Export the customization specification
  2. Edit the XML file
  3. Import it again

The related part inside the customization specification should then look like this:


<_type>vim.vm.customization.Password
true</plainText>
<value>Password01</value>
</password>
</pre>
<p>So if you ever think about switching the default VirtualCenter certificate (for whatever reason), make sure you use the above workaround. Otherwise VirtualCenter is gonna fail miserably during the customization phase of the cloning process.</p>
     </div>
      
       <div class="post-tags">
    <a href="http://blog.barfoo.org/tags/vmware-vcenter/" rel="tag" title="vCenter (7 topics)">vCenter</a>, <a href="http://blog.barfoo.org/tags/vmware-infrastructure/" rel="tag" title="VMware Infrastructure (16 topics)">VMware Infrastructure</a>    </div>
    

  </div>
  <!-- /post -->
 
      <!-- page navigation -->
      <div class="page-navigation  clear-block">

      <span class="current">1</span><a href="http://blog.barfoo.org/tags/vmware-vcenter/page/2/" title="Go to page 2">2</a><a href="http://blog.barfoo.org/tags/vmware-vcenter/page/2/" >&raquo;</a>
      </div>
      <!-- /page navigation -->
                 </div>
    </div>
    <!-- /primary content -->

    
<div id="sidebar">
 <ul class="blocks">
        <li class="block"><div class="block-widget_search clear-block" id="instance-search-3">
<!-- search form -->
<div class="search-form">
  <form method="get" id="searchform" action="http://blog.barfoo.org/" class="clear-block">
    <fieldset>
      <div id="searchfield">
       <input type="text" name="s" id="searchbox" class="text clearField" value="Search" />
      </div>
      <input type="submit" value="" class="submit" />
     </fieldset>
 </form>
</div>
<!-- /search form -->
</div></li><li class="block"><div class="block-widget_categories clear-block" id="instance-categories-4"><h3 class="title"><span>Categories</span></h3><div class="block-div"></div><div class="block-div-arrow"></div>		<ul>
	<li class="cat-item cat-item-3"><a href="http://blog.barfoo.org/categories/gentoo/" title="View all posts filed under Gentoo">Gentoo</a> (38)
</li>
	<li class="cat-item cat-item-4"><a href="http://blog.barfoo.org/categories/life/" title="View all posts filed under Life">Life</a> (300)
</li>
		</ul>
</div></li><li class="block"><div class="block-widget_calendar clear-block" id="instance-calendar-2"><h3 class="title"><span>Calendar</span></h3><div class="block-div"></div><div class="block-div-arrow"></div><div id="calendar_wrap"><table id="wp-calendar" summary="Calendar">
	<caption>September 2010</caption>
	<thead>
	<tr>
		<th scope="col" title="Sunday">S</th>
		<th scope="col" title="Monday">M</th>
		<th scope="col" title="Tuesday">T</th>
		<th scope="col" title="Wednesday">W</th>
		<th scope="col" title="Thursday">T</th>
		<th scope="col" title="Friday">F</th>
		<th scope="col" title="Saturday">S</th>
	</tr>
	</thead>

	<tfoot>
	<tr>
		<td colspan="3" id="prev"><a href="http://blog.barfoo.org/2010/08/" title="View posts for August 2010">&laquo; Aug</a></td>
		<td class="pad">&nbsp;</td>
		<td colspan="3" id="next" class="pad">&nbsp;</td>
	</tr>
	</tfoot>

	<tbody>
	<tr>
		<td colspan="3" class="pad">&nbsp;</td><td>1</td><td>2</td><td id="today">3</td><td>4</td>
	</tr>
	<tr>
		<td>5</td><td>6</td><td>7</td><td>8</td><td>9</td><td>10</td><td>11</td>
	</tr>
	<tr>
		<td>12</td><td>13</td><td>14</td><td>15</td><td>16</td><td>17</td><td>18</td>
	</tr>
	<tr>
		<td>19</td><td>20</td><td>21</td><td>22</td><td>23</td><td>24</td><td>25</td>
	</tr>
	<tr>
		<td>26</td><td>27</td><td>28</td><td>29</td><td>30</td>
		<td class="pad" colspan="2">&nbsp;</td>
	</tr>
	</tbody>
	</table></div></div></li><li class="block"><div class="block-widget_meta clear-block" id="instance-meta-2"><h3 class="title"><span>Meta</span></h3><div class="block-div"></div><div class="block-div-arrow"></div>			<ul>
						<li><a href="https://blog.barfoo.org/wp-login.php">Log in</a></li>
			<li><a href="http://blog.barfoo.org/feed/" title="Syndicate this site using RSS 2.0">Entries <abbr title="Really Simple Syndication">RSS</abbr></a></li>
			<li><a href="http://blog.barfoo.org/comments/feed/" title="The latest comments to all posts in RSS">Comments <abbr title="Really Simple Syndication">RSS</abbr></a></li>
			<li><a href="http://wordpress.org/" title="Powered by WordPress, state-of-the-art semantic personal publishing platform.">WordPress.org</a></li>
						</ul>
</div></li>     </ul>
</div>


   </div>
  </div>
  <!-- /main content -->


 
 <!-- footer -->
  <div id="footer">

 
    <div class="page-content">
    <div id="copyright">

     <span class="copyright"><span class="text">Copyright &copy;</span> <span class="the-year">2010</span> <a class="blog-title" href="http://blog.barfoo.org" title="Christian&#039;s blog">Christian&#039;s blog</a></span>
     <!--[if lte IE 6]> <script type="text/javascript"> isIE6 = true; isIE = true; </script> <![endif]-->
     <!--[if gte IE 7]> <script type="text/javascript"> isIE = true; </script> <![endif]-->

     <script type='text/javascript' src='http://blog.barfoo.org/wp-content/themes/mystique/js/jquery.mystique.js?ver=2.4.2'></script>
<script type='text/javascript' src='http://blog.barfoo.org/tags/vmware-vcenter/?mystique=jquery_init&#038;ver=2.4.2'></script>

    </div>

   </div>
  </div>
  <!-- /footer -->

 </div>
</div>
<!-- /shadow -->

    <!-- page controls -->
  <div id="pageControls"></div>
  <!-- /page controls -->
  
  <!-- 31 queries. 0.476 seconds. -->

 </div>
<!-- Piwik -->
	<script type="text/javascript">
	var pkBaseURL = (("https:" == document.location.protocol) ? "https://piwik.barfoo.org/" : "http://piwik.barfoo.org/");
	document.write(unescape("%3Cscript src='" + pkBaseURL + "piwik.js' type='text/javascript'%3E%3C/script%3E"));
	</script><script type="text/javascript">
		try {
			var piwikTracker = Piwik.getTracker(pkBaseURL + "piwik.php", 1);
			piwikTracker.trackPageView();
			piwikTracker.enableLinkTracking();
		} catch( err ) {}
			</script><noscript><p><img src="http://piwik.barfoo.org/piwik.php?idsite=1" style="border:0" alt="" /></p></noscript>
<!-- End Piwik Tag -->
</body>
</html>