Adding ESXi to vCenter failed

10.12.19 - Reading time: ~1 minute

Symptoms:

When adding a new ESXi to vCenter the following message appears: "License not available to perform the operation."

Findings:

We had to reset BIOS Battery while Rack and Stack, because Server did not boot up. So time is not set correct. Logfiles had a time of 2001-01-01.

Resolution:

Set correct Time in BIOS and boot Server up. Then you will be able to import ESXi using Evaluation License.


Jumbo or not to Jumbo?

15.11.19 - Reading time: 2 minutes

Occasionally I spend some time in discussions with customers and co-workers about the need to use Jumbo frames or not.

In my opinion, you don't need Jumbo frames in a 10G+ world.
And here is why:

Facts

  • Jumbo frames have lower overhead since fewer packets are transmitted for a given workload
  • You need to configure every device in the transport stream for Jumbos
  • There could be some performance plus
  • Many storage vendors have Jumbos as best practice

What I see in daily business

  • With modern NICs and and Switches you can transfer way enough packets to saturate a 10G+ link with standard packet size
    • If you need more performance --> consider an upgrade to higher bandwidth
  • Setting Jumbos on all Interfaces (sometimes: vm / vmkernel, vSwitch, Switch, Trunk, VLAN, Port, Storage) can be difficult for an Sysadmin
    • and it tolerates no issues or glitches... --> Consider automation if needed
  • The performance plus is marginal compared to complexity (around 5% plus in performance)
    • also consider an upgrade, if more performance is needed
  • Often Jumbos are best practice as no vendor wants have 5% lower performance while POCs
    • but in real life you will see no difference between 9000 and 1500 at all

Conclusion

If you have a Greenfield installation you can consider using Jumbos.
But in a Brownfield (which is about 90%+) stay on 1500.


IO Filters marked offline in a vSAN cluster

13.11.19 - Reading time: 2 minutes
Symptoms

IO Filters marked offline in a vSAN cluster. One of the reasons can be the missing Self Signed SSL certificate in /etc/vmware/ssl/castore.pem Before making any changes in the system , please validate if the customer is using the third party certificates Configuring Custom Certificates on ESXi hosts to authenticate vSAN hosts https://kb.vmware.com/s/article/56441

Cause
  • The vSAN GUI ( vCenter > Configure > Storage Providers ) may show all the hosts IOfilter storage providers as “offline”
  • The Re-scan or re-synchronize of the VASA providers does not make any change to the state of IOfilter.
  • The upgrade of ESXi does not resolve the issue.
  • Reboot of effected Hosts does not resolve the issue.
  • Remove and re-import Host to vCenter does not resolve the issue.

You may find the below instances showing that SSL certs are not being verified for the hosts in the IOfiltervpd logs (ESXi : /var/log/iofiltervpd.log )

iofiltervpd[2099744]: IOFVPSSL_VerifySSLCertificate:239:Client certificate can’t be verified

The newly added Host may show the IOfilters providers as “online” You may find that the certificates located at /etc/vmware/ssl/castore.pem, have missing the “Self Signed Certificate” for the host with IOfilters offline Following is Self signed certificate which must be part of the /etc/vmware/ssl/castore.pem file

Resolution

You may follow the below steps :

  • Put the host in Maintenance mode with Ensure Accessibility one at a time
  • Take backup of the current of cert file /etc/vmware/ssl/castore.pem
  • Copy the file /etc/vmware/ssl/castore.pem to the Hosts from the working host.
  • Run command to replace the older file with newer one : cp /tmp/castore.pem /etc/vmware/ssl/castore.pem
  • Reboot the hosts one at a time.

The providers should show as “online” in vCenter > Configure > Storage Providers

Kudos to Shrikant (https://virtuallyvtrue.com )


VMworld wrap up

13.11.19 - Reading time: ~1 minute

VMworld 2019 closed last week. As every year it was a pleasure to join. Extremely valuable Sessions, good networking and indeed cool parties.

William Lam curates a list of sessions with Streams and PDF (if): https://github.com/lamw/vmworld2019-session-urls

Many Sessions were around Project Pacific and VMware Tanzu. I try to keep you posted in the next weeks on those topics. Also many deep dives took place and they were worth it.

#vBeards2019 #movember

Don´t forget to donate: https://de.movember.com/events/view/id/Y7a7

Cheerz Winguru


About

This is the place to be for Virtualization and Datacenter stuff :-)
#sharingiscaring