Custom Welcome DCUI screen

Recently I discovered you can change the default ESXi DCUI screen.
This feature is already present for a long time…. just check one of my favorite blog sites (virtualGhetto) for this item here. Yes he blogged about it in 2010….. I know

Why would you want to change it

  1. Your Company wants a warning shown on the DCUI
  2. Security, don’t show hostname, ip etc…
  3. showing off ASCI-ART – just for fun
  4. ….

For me, it was point 3….
I run on my laptop VMware Workstation and am sometimes in need of spinning up nested ESXi with different kind of versions. For this reason I build a provisioning VM, so I can network boot empty VMs and choose from an iPXE menu the ESXi version I want to work with. (maybe some interesting stuff for a blog serie) And this setup wasn’t finished with a custom DCUI screen.

How does it work

Until version ESXi 7.0 there is a text file /etc/vmware/welcome, which you can edit. When it is succesfully edited, the DCUI wil show the result.
My screen shows: VMware product and version, license, Memory, IP, SSL Thumbprint and ASCI-ART ūüôā

You can also edit the logonbanner, shown when you access the host via SSH. And the support info

Until ESXi 7 ?

Yes, until… well almost. Until version 7.x you just could simply edit the file /etc/vmware/welcome. But it isn’t there anymore.
But there is a different way. Called CLI. You can edit the welcome message with esxcli and powercli. Information is found in the VMware knowledge base kb2046347. And this works for a lot off ESXi versions. I’ve tested it succesfully from 5.5 to 7.0.

ASCII-ART

Well, you can show your creative side. Some guidelines I found are:

  1. screen with is 125 characters
  2. max. rows about 25
  3. check for ASCI TAB character, ASCII nr 9
  4. use a site for creating art like this one

Especially number 3 is a killer. A lot of text editors will replace a certain amount of spaces with a TAB character… and this will mess up your screen.

ESXCLI method

The syntax is easy, just

esxcli system welcomemsg set -m 'your welcome'

And that is what is shown in the kb article. But how do you create a complete screen. Well, there are some undocumented parameters you can use. The article by William Lam (see above) shows some of them. But I haven’t find a site with all of them.
With those parameters you create in a text editor your screen…. like this one

Every line that uses a different background color then black is 125 characters long, not including the length of any fields that are used, like {color:white}.

After you created your file, you can place it in /etc/vmware or use esxcli to edit the welcome message.
If the file is placed in /tmp/welcome.txt then your instruction is like

esxcli system welcomemsg set -m "$(cat /tmp/welcome.txt)"

And voila, you have a custom welcome screen.

DCUI with SSH

The DCUI is not only shown on the console screen of ESXi, but also accessed via SSH by >dcui
The result is shown below.

DCUI screen when accessed in SSH

Enjoy.

migrate to vcsa 6.5 U3 GUI xlarge issue

For a customer I’m migrating their legacy vSphere 5.5 environment to vSphere 6.5 U3.
The migration is from a windows vCenter to the VCSA.
First, we tried to use the GUI and stumbled over an issue.

GUI

The GUI, is of course a nice, friendly way to do this process. But when we got at the stage to select the size of the VCSA, we only had the ‘xlarge’ option.
And well… that was a bit too much. Because we were aiming at the ‘small’ size.

So we did some searching on the internet and found out that we were not alone. Although it was an encouraging thought, we still didn’t find what we were looking for.
Most of the threads and blog posts pointed to database size, log size etc..
And yes, they need to be checked. We had a vcenter database table of 7 million records, the size of the database was 80 GB. After some cleaning up and shrinking the database it was only a few GB.
But al this effort, didn’t persuade the GUI to give us the desired ‘small’ size option.

CLI

Hoping that the validation in the GUI was different than when using the CLI, we decided to migrate using the vcsa-deploy CLI method.

Yes, it involves creating a json file. But the .iso file for the vcsa contains several template files, for several migration scenarios.
We used on of the templates, customized it to our needs (setting the size to ‘small’. And after some trial and error we finally got it working.

TIP: validate your json file with

vcsa-deploy --precheck-only \some_path_to_json_file\migrate.json

If you want to read more about the CLI way of migration, check the vmware docs here.

vcsa-deploy creates for every run a new log folder . When we checked the logs we found out that vcsa-deploy was content with the ‘small’ size option we configured in the json file.

Thoughts

Why not 6.7 U3, well due to dependencies 6.5 U3 is at the moment the most current version we can run.
Although this post is about migrating to 6.5 U3, it could also work for 6.7 U3, but no guarantees.
The gist of this all is, if the GUI doesn’t work, try doing it the CLI way.

TIP: Secure your My VMware account with MFA

I know, it is not the most interesting subject to blog about.
VMware gives you the opportunity for your My VMware account to use MFA.
And I would advise to use MFA.

Why ?

Well, depending on the situation, your my vmworld account can have access to different company accounts. Giving you, depending on roles and permissions, the ability to create support requests, download software, access licenses etc…
And that is great.
But it is a risk when your account gets hacked.
That is where MFA can help. It is an extra line of defense.

MFA

MFA stands for, multi factor authentication. And when MFA is enabled,a person needs to present multiple pieces of evidence to authenticate (see https://en.wikipedia.org/wiki/Multi-factor_authentication )
Most of the times these pieces are a password and a token, generated by a authentication app or device.
So, when you would know my password, you still can’t use my ‘my vmware’ account because I’ve enabled MFA. And the token is generated on my phone, which I have with me, and is locked.

My advise

  1. Use a strong password. Strong doesn’t mean a lot off difficult characters, although there are some rules you have to follow. Study has shown that also the length of your password is a big key in having a strong password.
  2. Enable MFA.
    Check this VMware KB on how to enable MFA for your My VMware account.

patch vCenter HA 6.7 U1

Maybe you think, we’ll how hard can it be ??
Yes, that was the same question I had. And to be honest… it is not that hard.
But there are some quarks or gotchas.
In this post I’ll explain the route I took for patching a vCenter HA setup.

Why don’t you use the VAMI ?

VAMI stands for ‘ Virtual Appliance Management Infrastructure ‘. It can be accessed via port 5480 like https://<FQDN VMware appliance>:5480 .
The VAMI of a vCenter Appliance (VCSA) has an update section, which you can use to patch the VCSA. This is a nice and easy way for patching the VCSA, but when you have vCenter configured as vCenter HA then this option won’t work. (I know from experience….)
After trying (and failing) I thought, why not read the manual….
VMware has a nice article about patching a vCenter in HA and you can find it here.
I still use the VAMI, but not for patching but for making a backup.

Continue reading “patch vCenter HA 6.7 U1”

Issue 3 – vmk0 removed when applying host profile

This article is part of a series of articles about issues I encountered during implementation of a vSphere stretched cluster based on vSphere 6.7 U1.
You can find the introduction article here

Issue 3

This issue is irritating, to say at least.
You configured your first ESXi host in a cluster, polished it etc… and created a host profile from this host. And then it should be easy to configure the other hosts. But, when you apply the host profile…. the host disconnects (because of a reboot….)… but never comes back….
What happened ??

What happened is that in the wisdom of the vSphere environment the vCenter instructed the host to delete vmk0… yes the kernel interface that vCenter uses to connect to ESXi (assuming the vSphere host is clean installed and has just one kernel port). Delete it to create vmk0 again…..
But it never gets to that part….
Do you recognize this issue ??

I googled for this issue and found blog posts going back to vSphere 5.1. So it looks like a difference in interpretation of how it should work.

Continue reading “Issue 3 – vmk0 removed when applying host profile”

VMware Enhanced Authentication Plugin Not Working

For several versions of vSphere vCenter it is possible to logon with your windows credentials. Making it easier to only tick a box and logon instead of typing your username and password.
This nice and neat trick is done via the VMware Enhanced Authentication Plugin.
The only issue… it does need to work every time, else it is going to be an annoyance.
And , yes, it became an annoyance for me… especially when using Firefox.
So let me give you to possible solutions

Continue reading “VMware Enhanced Authentication Plugin Not Working”

Change All Services icon through Rest API of vRA

A blog on my experience in using postman to change the All Services icon off vRA 7.2

Since vRA 7.1 you can change the “All Services” icon.
VMware has an article here on how to change this through the API.
I thought, maybe you could also do this via Postman. Which would also be a good exercise (for me) in understanding and using the Rest API via Postman.
The article below is one of many ways to solve this issue, feedback is welcome in the comments below.

Continue reading “Change All Services icon through Rest API of vRA”

Kanban with Outlook

For a while now I’m looking for ways to implement kanban in my workflows.
I do see the benefits, and I’m aware that it is not the golden solution for everything.

Requirements:

  • I need a visual representation of my WIP (work in progress)
  • not too much hassle like, logging on to different websites
  • not in public enviroments
  • direct accesible from my tooling (a.k.a. business laptop)
  • Intergration with task functions already available in my tooling (a.k.a. outlook tasks)

So I did a google on outlook and kanban. And after some searching I found this¬†site.¬†Which looks like a nice solution, using my outlook software etc…
So I tried to implement it.

And had one problem…. For security reasons the functionality to add a home page to an outlook folder has been disabled. And I understand it. But still wanted to see how this free solution would work.

So I found a site about enabling the home page function again. This site
The first option didn’t work for me, but adding the key¬† “EnableRoamingFolderHomepages”=dword:00000001 to¬†[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Security]¬† was the magic I needed.

For now this solution will do. Using familiar software to get accustomed with using kanban.

restore data from Synology backup using virtual DSM

It happened to me….¬†

A crash off all my disks in a Synology DS 412+. Yeah….. For sometime my disks reported problems… but I thought.. just wait a few months more… then I can buy new disks…
But in the end…. the disks crashed all together.
I know what your first response is…. did you make backups ??
Answer: Yes. Yes I did.

How to restore

I used synology Hyper backup to make backups off my photos, documents and music folder to an external USB drive. And I new that these backups where very recent.
But to access this data  I had to restore it and needed a working Synology DSM. My options were:

  1. buy at least 2 new disks and re-install the DS 412+
  2. Find a friend with a DSM and use his/her DSM to restore my data and to move it into a cloud storage
  3. Looking into running DSM virtual

I choose option 3. Why ?
Well…. I was interested if it could be done.
Technicaly it could be possible. I had VMware workstation running on my laptop and new about xpenology. After some searching on the internet I found this  https://www.youtube.com/watch?v=a8YUq2QGhks
So it could be done….

Running DSM virtual

After some experiments I got it working, running DSM 6.x in a VM under VMware workstation 12.
I created a virtual DSM according to others blogs. Added a disk (VMDK) 200 GB in size. (large enough to restore a backup-set).
Then I started the DSM, did the usual configuration. Made a no-raid raid config with one disk. Created the volume in the newly created raid set. installed some DSM apps (at least the hyper-backup application).
And restored a backup from my external USB drive.

Moving data in to the cloud

Yes !!!!…. I had found a way to acces my data… but where should I store it ?
I used the Cloud sync app to sync the restored data to a cloud storage provider. If the provider supports webdav then it is possible to sync your local data to it. I needed to keep this running for several days due to the upload bandwith of my internet provider. but in the end I had my data accesible again.
xpenology and virtualization saved the day.

Update manager 6.0 with vCenter 6.0 after migration wizard

While I was busy at at customer upgrading their VMware environment, I ran into a strange issue.
The upgrade involved migrating from windows vCenter 5.5 to a vcsa 6.0 Update 2. I used the migration wizard for this solution. (6.0 Update 2M).
The old vCenter was running also the update manager. Meaning I had to move the update manager to a new windows server and after the vCenter was migrated I had to upgrade the update manager.
This sounds simple.
And it was ….. for a while…
I successfully moved the 5.5 update manager installation to a new windows server.
The migration to the VCSA also went successfully (loving it)
but then…..
The iso for 6.0Update 2M doesn’t contain the update manager software. So I downloaded the iso for windows installation. From the same page as I downloaded the previous iso. But when I install update manager, I get the error that the vCenter server is incompatible with the update manager…. (what !!!!)
After some (soul) searching…. I found a forum thread that the Update Manager for vCenter 6.0.0b does work. (really…..)

And yes … after downloading that iso, starting the update manager installation, the upgrade was succesfull.

I only wonder… what is the difference between 6.0Update2M and the windows version. Why won’t the update manager from that iso work with the 6.0Update2M version….

TIP:

If you want to migrate from a 5.5 enviroment to the latest version  on 6.0 (currently update 2a), then after using the migration tool, go to the vCenter Appliance administration site and start from there the update. (https://<fqdn&gt;:5480)
After which you can upgrade vCenter Update Manager to the latest version.