Configuring the syslog to use TLS streamed over TCP for NSX ALB can only be accomplished through the console because these aren’t exposed via UI. The user interface only allows the specification of UDP. I used self-signed certificates for the AVI controller and AOL, but the process is identical when using CA-signed certificates. 1. Firstly, the certificate for the AVI (controller) needs to be added in the SSL/TLS Certificates. Additionally, the Aria Operations for Logs certificate should be added to a newly created PKI Profile, ensuring that CRL checking is disabled. SSL/TLS Profile: go to Tem ..read more

In VCF on VxRail 4.5 I found some alerts related to NSX Edge nodes displayed in NSX-T UI Home page: The VM “Edge VM” with moref id “vm-xxxxx” corresponding to the Edge Transport node “Edge Transport node id” vSphere placement parameters is found in NSX inventory but is not present in vCenter. Please check if the VM has been removed in vCenter or is present with a different VM moref id. The cause of that error is configuration sync issue between NSX-T and vCenter server. NSX-T alarm: Edge Alarms are displayed in System – Nodes – Edge Transport Nodes page. The ‘Recommended ..read more

Last week, VMware released a knowledge base article KB 95536, which includes a script for fixing the LCM service on SDDC Manager. Due to an invalid index file that was recently pushed to the VMware depot, the LCM service on SDDC Manager has downloaded several incorrect upgrade bundles. This is the reason why the LCM service crashes and is unable to recover. It’s recommended to run this script (with steps described in the KB article) even if everything appears to be fine. This issue affects all SDDC Managers connected to the VMware depot. It only takes 5 minutes to complete. Please follow the s ..read more

vSAN architecture includes critical services and mechanisms and it’s good to know and understand the key components that operates in the background. vSAN versions have changed over the years and there are newer and newer features but the architecture and core components are the same. So what happens at the lower level when we create vmdk. 1. vCenter (vpxd) translates tasks to action vpxa agent (on the hosts) 2. vpxa communicates with the ESXi host agent (hostd) translating task to action internally. QUICK REMINDER: vpxa acts as an intermediary between the vpxd and the hostd. 3. The host invok ..read more

Let’s quick remind ourselves I/O flow and how do checksum calculation and disk encryption work in conjunction with deduplication and compression on vSAN All-Flash cluster while creating/modifying new vmdk. 1. Checksum – functionality to avoid data integrity issues – is calculated before writing data (the block) to the caching tier. vSAN created 5-byte checksum for every 4kb data block and is verified to ensure that there is no any data corruption over the network. If a checksum mismatch is detected, vSAN automatically repairs the data by overwriting the incorrect data with the corre ..read more

While applying the async vCenter 7.0U3o patch to workload domain (related to VMSA-2023-0023) in VCF on VxRail 4.x, I faced an issue with VxRail prechecks in SDDC Manager: ‘VxManager HTTP Request failed with invalid status code’ If you open the Physical View of VxRail cluster in vCenter, page keeps loading or it shows ‘Unable to show physical view due to a failure of loading physical view data for the host’. The reason was an expired vxm service account password – the SSO service account used for communication between VxRail Manager and vCenter Server. To validate it login to VxRail Manager ..read more

This post describes how to perform VCF bringup via Ansible. If you need another VCF related ansible playbooks check rest of my blog posts in here. Backing to VCF bringup, my folder structure is as follow: startVcfBringup.yml /roles/ /runVcfBringup/ /defaults/ main.yml /tasks/ main.yml validateVcfBringup.yml startVcfBringup.yml startVcfBringup.yml playbook # Playbook performs validation and deployment of SDDC via CloudBuilder API --- - name: Start VCF bringup hosts: localhost gather_facts: false vars_files: - group_vars/myVars tasks: - name ..read more

If you want to disable the VMNICS_MIN_SPEED validation during bring-up in you VCF lab (because of error as below) you can just skip the validation process at all. 2023-10-20T16:23:20.023+0000 [bringup,11c0e70c474a8970,5431] DEBUG [c.v.e.s.c.v.util.ResponseUtil,pool-2-thread-19] Build validation response: {“errorCode”:”VMNICS_MIN_SPEED.error”,”arguments”:[“vmnic0″,”reg02-esx02.xxxx.xx”,”1000″],”context”:{“severity”:”ERROR”,”bundleName”:”com.vmware.evo.sddc.common.validation.errors.messages”,”validation.taskId”:”7f000001-8b4d-18c5-818b-4de5a780010f”},”message”:”The speed of vmnic0 on h ..read more

In case of any failure during VCF bring-up process, instead of redeploying the VCF from the scratch, you can update the SDDC bring-up parameters. In my case the bring-up proces failed because i provided wrong NSX license key Deployment Parameter Workbook. Update the Deployment Parameter Workbook and convert it to json file i(f not yet done); SSH to Cloud builder vm and search for last failure execution ID of the task in /var/log/vmware/vcf/bringup/vcf-bringup-debug.log. In my case it’s 9d2a7232-a0a2-4a86-8093-8142183a7f92 (use ID from last entry on the list): cat vcf-bringup-debug.log | grep ..read more

In VCF 5.x, the endpoint for modifying the input values of failed tasks in SDDC Manager is hidden/disabled by default for security purposes. NOTE: For security reasons It shouldn’t be unhidden and if you need it on your prod environment,please contact GSS In VCF 4.x this functionality it’s enabled and in one of my previous article I described How to update vSAN license key in the failed ‘Add Cluster’ workflow. Backing to VCF 5.x- if you run curl command: curl -s http://localhost/domainmanager/internal/vault/<failed_task_ID> you will get an error message: “Something went wrong. Please r ..read more