Virtual Updates 2023-05-01

vSphere 8.0 Update 1 released!
vSphere Configuration Profiles (Desired State Config for clusters).
Skyline Health Diagnostics now part of vCenter.
Okta for Identify Provider.
VMK for NFS.
Frank Denneman has a post covering some enhancements with ML.
Lots more in the release notes.
vCenter 8.0 U1 Release Notes are here.
ESXi 8.0 U1 Release Notes are here.
vSphere with Tanzu 8 Release Notes are here.
Upgrade in the lab from 8.0 and from 7.03c went great!

Total Solar Eclips April 2024!
How I first heard about it Boston, MA WCVB, an ABC affiliate……
….if their comment is right….it will 20+ years till the next Total Solar Eclipse!
How I learned of its path….Astronomy.com posted about this specifically.

Continue reading “Virtual Updates 2023-05-01”

vRealize Log Insight – cert issues getting to 8.12

So this problem started back a few weeks ago.
vRLI (vRealize Log Insight) had a certificate issue that was about to come to light, highlighted here in VMware KB91441, internal certificates will expire on April 30, 2023. This KB solves the problem, but doesn’t tell you how to restore your CA signed certificate back to vRLI….so I started digging.

So I planned on upgrading as soon as was possible from 8.10 to 8.12 (when 8.12 was released).

So VMware Aria Operations for Logs (the new name for vRealize Log Insight) gets released. I try to upgrade to it, and it fails.
Fun….Never had an issue upgrading vRLI, so I revert to snapshot, and try again.

Discovered that my “root” user password expired.
Addressed that.
Discovered I needed to upgrade to 8.10.2 in order to upgrade to 8.12.
Upgrade to 8.10.2 no problem.
Still had issues with the upgrade to 8.12.

Now, the issues was because I had used a certificate from my Windows CA for my vRealize lab deployment.
The KB linked above stated to remove the certificate (revert back to self signed) then upgrade….made no mention of reapplying the cert.
I tried that, and found out it worked.
So I reverted back to snapshot to figure it out.

Tried to upgrade again from 8.10.2 to 8.12, and it failed again (because I did not revert back to self signed).
Led me to believe it was a certificate issue, which I had to figure out.
I had 3 weeks, should be no problem….
Well, found my answer with just 2 days to go before April 30, 2023….

Rudi Martinsen had helped me out (unknowingly) via his blog post on April 27 about upgrading to vRLI 8.12.
A follow on blog post the following day from Rudi covered the Certificate portion!
Between the two posts, I was able to greatly simplify the vRLI 8.10.2 to VMware Aria Operations for Logs 8.12 upgrade.

I had to create the steps below, to cover the Certificate Authority, Certificate Template Management, creating the CSR, getting a CER, and creating the PEM.
I used the same CFG file as before (for creating Loginsight.cer) to call OpenSSL….I am assuming you know how to use OpenSSL (at least a bit), and that you already have your RootCA certificate file (root64.cer as the example below).

Log into the CA Windows system.
Open the Certificate Authority (Start –> Windows Administrative Tools –> Certificate Authority).
Right click on Certificate Template –> Manage
Now…in the Certificate Template Management Console….
Find Web Server –> Right Click –> Duplicate Template
Select the General Tab
Change the name, Web Server AND ClientAuth
Select Extensions
Click Edit
Click Add
Select Client Authentication, click OK
Click OK
Click OK
Close the Certificate Template Management Console.

Back in the Certificate Authority console…
Right Click “Certificate Templates”, –> New –> Certificate Template to issue
Choose Web Server AND ClientAuth
Click OK

Now ready to issue updated certs with the new requirements!!!

Run the commands to create new KEY and CSR
openssl req -new -nodes -out c:\certs\loginsight.csr -newkey rsa:2048 -keyout c:\certs\loginsight.key -config c:\certs\loginsight.cfg

Now go certificates from the CA.
Be sure to use the new template, Web Server AND ClientAuth.
That downloaded newcert.cer, which I renamed to loginsight.cer

now create the PEM files
Run these from CMD.EXE as PowerShell 7 keeps throwing errors!
type c:\certs\loginsight.key c:\certs\loginsight.cer c:\certs\root64.cer > c:\certs\loginsight.pem

Now apply the SSL to Log Insight 8.10.2.
THEN you can upgrade, with your CA’s certificate in place, to
VMware Aria Operations for Logs.

I was 3 months before I needed to update all the lab certificates anyway, so I tested this workflow making new certificates with ClientAuth, with and applied this to all the following:
vRLCM -now VMware Aria Lifecycle Manager
vIDM – VMware Identity Manager (deployed via vRLCM)
vROPs – now VMware Aria Operations (deployed via vRLCM)
vRLI – now VMware Operations for Logs (deployed via vRLCM)


Virtual Updates 2023-04-17

Using vRealize Log Insight – UPDATE YOUR CERTS!
Self signed cert, or CA provided cert…you need to pay attention!
April 30, 2023, all internal certs of Log Insight will expire.
Kudos to Russel Hamker for highlighting this!
VMware KB article is here.

Lots of Patches from Many Vendors this past week….
Hacker News article with callouts to a lot of admin work this week….
Microsoft has quite a few.
Check out all the other vendors that patches needing to be applied in the post.

Continue reading “Virtual Updates 2023-04-17”

Virtual Updates 2023-04-03

vSphere 8.0 Update 1 is coming….
Still waiting on the release….
VMware Blog post on vSAN Performance Monitoring.
William Lam covered a long awaited NFS feature, which is the ability to tag a VMkernel for NFS traffic

vSphere 8.0 Update C is out
Looks mostly to be about vSphere Distributed Services Engine (DPUs).
vCenter Release Notes are here.
ESXi Release Notes are here.

Continue reading “Virtual Updates 2023-04-03”

First use of API on vCenter

I am posting this, as I’m JUST starting to learn APIs.
In all my years in IT, I have avoided using APIs.
I always thought they were for someone else with a higher purpose.

So why post this?
Well, it might help someone get going with APIs, same as me.
No, this is not a tutorial.
This is me, using other persons’ efforts, and making an easy to consume use of APIs for the first time.

Seasoned API user?
Please give me some slack here, as this is just to get started….

A couple of blog posts stood out for me when learning this…
https://blog.postman.com/curl-and-postman-work-wonderfully-together/
https://www.vgemba.net/vmware/VCSA-API-Postman/

First off, you will be using software called Postman.
The free tier is enough for this summary.

So here’s my take on the actions in Postman, taken from the 2 blogs…

Continue reading “First use of API on vCenter”

Virtual Updates 2023-03-20

VMware Horizon View 7 – end of support
…is coming very soon.
If you are still running it, be aware end of support is:
April 30, 2023
VMware Blog post highlighting this is here.

vSphere (and vSAN) 8.0 Update 1
Coming very soon.
Okta support for iDP!!!!
vSphere Configuration Profiles!!! (DSC for Image based clusters)
Skyline Health Diagnostics built into vCenter (probably a larger download).
VMware Blog post on vSphere 8 Update 1 is here.
VMware Blog post on vSAN 8 Update 1 is here.

Continue reading “Virtual Updates 2023-03-20”

Virtual Updates 2023-03-06

Latest Microsoft Patch can leave VMs unbootable
Just ran across this myself in the lab I teach vSphere Workshops.
All of the Windows VMs are Windows Server 2022.
I patched them all and rebooted the VMs during the patching (as normal).
After shutting them all down to do a backup (yes, that’s my process for the lab), I completed the backup.
Powering on the VMs left me with a message
“Windows Boot Manager…Security Violation”
I could get them to boot, but I had to disable Secure Boot in the Boot Options section of the VM’s settings.
Wouldn’t you know it, it’s a problem with ESX 6.7 or 7.0.
ESXi 8.0 is unaffected.
Resolution is to upgrade ESXi 7.0 to Update 3k (released Feb 21).
Which means I updated my vCenter first.
Once updated to ESXi 7.0 Update 3k, Windows 2022 booted up just fine.
VMware KB 90947 is here.

More Ransomware for ESXi…
…and here is CISA’s guidance on ESXiArgs

Continue reading “Virtual Updates 2023-03-06”