Showing posts with label VMware vSphere. Show all posts
Showing posts with label VMware vSphere. Show all posts

Wednesday 12 October 2016

Unable to Update VMware Tools for vSphere 5.5 Update 3.

This one should be easy if you have a good troubleshooting skill. When I wanted to upgrade VMware Tools from previous version to the latest version, the installation hung at " Installing VMXnet3 driver ".





I used a few methods to get it upgraded :


1) simply upgrade VMware Tools from vCentre - hung
2) downloaded VMware Tools from here
 ( https://packages.vmware.com/tools/esx/index.html ) and get it installed - hung
3) Uninstalled current VMware Tools, rebooted the machine - blue screen
4) Uninstalled current VMware Tools, without rebooting the machine, performed upgrade from vCentre - hung
5) Uninstalled current VMware Tools, without rebooting the machine, performed manual upgrade usign EXE file- hung



So this made me thinking, the issue might not due to the installer ( as I tried from vCentre level as well as manual installation), but due to VM itself, as it hung at exact status (Installing VMXnet3 driver).



When I checked the VM, yes, it was using VMXNET3 driver for the vNIC. It was not too hard to narrow down, huh?




The journey started. I added another vNIC, but in this case I used E1000 type rather than VMXNET3.




Once done, I removed current vNIC.



As I used PVS, I needed to update MAC address for the target device (cool, huh?)




And without too much hassle, I managed to upgrade VMware Tools!




I did not restart the VM, but I turned it off completely.




Next, I added back vNIC with VMXNET3 type.




Update MAC address in PVS console, and get the VM started.




Tam tada dam! VMware Tools is now current!

Share:
           ,       3 comments    

Monday 5 October 2015

Unable to Access VMware vSphere Client Using Domain ID

In normal implementation, it is always a best practice to provide permission per group, rather than per individual ID. Simple reason is, it is easy to administer and manage. Therefore, it was what I did in one of my vCenter implementation, but I could not make it work. It just did not allow me to login using my Domain ID (which configured as part of Local Administrators members in vCenter server), although local ID (part of Local Administrators members as well) worked as expected.

Issues :
Error while connecting to vCenter Server using VMware vSphere Client. Error is :

Error Connecting
The vSphere Client could not connect to 
"vCenter Server Name"
You do not have permission to login to the server :
"vCenter Server Name"
 
Troubleshooting 
  1.  Assigned appropriate domain ID (MyDomain\DomainAdminID) to a Domain Group (MyDomain\Domain Admins)
  2.  Assigned that Domain Group to Local Administrators in vCenter server
  3. (Double kill!) Assigned that Domain ID (MyDomain\DomainAdminID) to Local Administrators in vCenter server.

  4. Configured Local Administrators with Full Admin Role in vCenter Permissions. Note that above Domain ID was not configured here. Local ID (.\ctxadmin) that will be used to test also not be configured here.

  5. Tried to access vCenter using that domain ID, error prompted



  6. Tried to access vCenter using local ID, successful


     
  7.  Session with local ID.

Resolution :
It seems that starting from vSphere 5.5, configuring domain IDs/groups to local groups will cause the issue. Based on VMware KB  : 

Resolution
 This is an expected behavior.
To resolve this issue, give explicit permissions to Users or Groups from their respective Identity Sources. For example:
  • Only populate Local OS groups with Local OS users or groups
  • Only populate Active Directory groups with Active Directory users or groups

In order to do so :
  1.  Add User ID / group to vCenter. Choose the domain, search the ID / group, and add them accordingly.


  2.  Able to access, no error


  3.  Session active with AD user ID.
Reference 

  • http://blogs.vmware.com/vsphere/2013/09/vcenter-single-sign-on-5-5-not-recognizing-nested-active-directory-groups.html
  • http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2059528
Share:
           , , , ,       No comments    

Friday 25 September 2015

vCenter 5.5 - Unable to Grant Permission to Domain ID - No Domain Listed


One fine day, someone came to me and asked, " I can't add domain users to vCenter. Can you help?" So, when I checked, I found this :




So yes, no domain listed there. So when I asked in detail, it seems this was a new deployment, vCenter just being created. Which really helped me to narrow down to root cause.


Issues :

Unable to Grant Permission to Domain ID - No Domain Listed 
Troubleshooting 
  1. Login to vCenter using default admin ID ( administrator@vSphere.local ). These steps shall be done from Web Console rather than vSphere Client.



     
  2.  Click at Administration


  3. Click at Single Sign-On > Configuration. So as we can see here, only vSphere.local and vCenterServer (Default) are configured in Identity Sources. It means, these are the only domains which can be authenticated to.



Resolution :
  1.  Click at Add Identity Source.


  2.  Depending on the environment, appropriately choose identity source type. For this example, it is Active Directory  (Integrated Windows Authentication).Key in the Domain Name and all required info.



  3.  Once done, you will see the new source listed here.



  4. Newly added domain will be listed here.
Share:
           , , , ,       No comments