Pages

Wednesday, February 9, 2022

Perform a reset of the STS certificate and perform a trustfix on the vCenter server

Request you to perform a reset of the STS certificate and perform a trustfix on the vCenter server.



The activity should take less than an hour to complete and would require restart of services across all vCenter servers. 

This should not impact any of the virtual machines in the environment.

Note:
Request you to take powered off snapshots of the vCenter/ all nodes in linked mode, prior to making any changes.

Firstly, request you to run trust fix with the LS doctor utility.
    • Download the LS doctor tool from the below URL .

        https://kb.vmware.com/s/article/80469

    • Place the LS doctor tool in the /tmp folder of the vCenter server using scp clients.
        Note : If you are denied access when connecting the scp cliant, execute the below command and open a new session.
        #chsh -s /bin/bash
    • Run the bellow commands in sequence.

  1.  cd /tmp/
  2. unzip lsdoctor.zip
  3. cd /tmp/lsdoctor-master
  4. python lsdoctor.py -l

    • Run trust fix and stale fix accordingly as suggested from the previous output.

  1. Trustfix : python lsdoctor.py -t
  2. Stalefix : python lsdoctor.py -t

         
Reference:
https://kb.vmware.com/s/article/80469

Secondly, to renew the STS please follow the below KB.
https://kb.vmware.com/s/article/76719

Posted by at No comments:

Monday, February 7, 2022

stdout & stderr

There are two main output streams in Linux (and other OSs), standard output (stdout) and standard error (stderr). Error messages, like the ones you show, are printed to standard error. The classic redirection operator (command > file) only redirects standard output, so standard error is still shown on the terminal. To redirect stderr as well, you have a few choices:

  1. Redirect stdout to one file and stderr to another file:

    command > out 2>error

  2. Redirect stdout to a file (>out), and then redirect stderr to stdout (2>&1):

    command >out 2>&1

  3. Redirect both to a file (this isn't supported by all shells, bash and zsh support it, for example, but sh and ksh do not):

    command &> out

For more information on the various control and redirection operators, see here.

Posted by at No comments:

Sunday, February 6, 2022

The CI/CD Experience: Kubernetes Edition

VMware Tanzu

https://www.brighttalk.com/webcast/14883/526066?utm_campaign=communication_reminder_24hr_registrants&utm_medium=email&utm_source=brighttalk-transact&utm_content=title&player-preauth=Qvr8rEolqucYngXsJo2%2FVRB9MaOs6cYa9FHGhCAEle4%3D



Posted by at No comments:

VMware Application Catalog

Here is the link to the video recording of workshop about VMware Application Catalog

https://www.brighttalk.com/webcast/14883/526072?utm_campaign=communication_missed_you&utm_medium=email&utm_source=brighttalk-transact&utm_content=title&player-preauth=Qvr8rEolqucYngXsJo2%2FVfVJ1W7V4DL1qQDtp5W9xmA%3D



Posted by at No comments:

Tuesday, January 25, 2022

Remove stale entries in VMware SSO Domain server

 

Connect to vCenter Server (PSC) on jxplorer using the below format (vsphere.local as an example) 

The protocol is LDAP v3.

The Security Level will be User + Password.

The Security User DN will be cn=administrator,cn=users,dc=vsphere,dc=local

The Security Password will be your administrator password for the Identity or SSO sever.


Go to the below locations and delete the entries in BOLD

local --> vSphere --> configuration --> Sites --> X00-SSO --> LookupService --> Service Registrations --> Delete the below 

de1a1f26-a265-4035-a125-d13f4109c209

local --> vSphere --> SolutionUsers --> **Table Editor View** -->  Delete the below 

CN=SRM-de1a1f26-a265-4035-a125-d13f4109c209,CN=ServicePrincipals,DC=vsphere,DC=local 

CN=SRM-5718d867-b270-4a39-a1ae-245f777dbf5e,CN=ServicePrincipals,DC=vsphere,DC=local


REAL PROCEDURE AND EXPERIENCE (VMware SR 22295166801)

All Repoint configuration settings are correct; proceed? [Y|y|N|n]: y

 

Starting License export                                                         ... Done

Export Service Data                                                             ... Done

Uninstalling Platform Controller Services                                       ... Done

Stopping all services                                                           ... Done

Updating registry settings                                                      ... Done

Re-installing Platform Controller Services                                      ... Done

Registering Infra services                                                      ... Done

Starting License import                                                         ... Done

Starting Authz Data import                                                      ... Done

Starting Tagging Data import                                                    ... Done

Starting CLS import                                                             ... Done

Starting WCP service import phase...                                            ... Done

Starting NSXD import                                                            ... Done

Starting Trustmanagement import                                                 ... Done

Applying target domain CEIP participation preference                            ... Done

Starting all services                                                           ... Done

Repoint successful.

 

 

After that is X00-VI-VC01 without MS AD integration.

 

I try steps this next step:

 

  • Pre check again from both vCenters and ensure "Pre-checks successful." is printed at the end for both. (Run from both vCenters) 
    • cmsso-util domain-repoint -m pre-check --src-emb-admin Administrator --replication-partner-fqdn X00-VI-VC01.pcr.cz --replication-partner-admin administrator --dest-domain-name vsphere.local
  • Execute from both vCenters and screenshot any errors you receive and send them to me  
    • cmsso-util domain-repoint -m execute --src-emb-admin Administrator --replication-partner-fqdn X00-VI-VC01.pcr.cz --replication-partner-admin administrator --dest-domain-name vsphere.local

 

 

Both Precheck are without errors.

But Execute failed on X01-VI-VC01.

 

Starting License export                                                         ... Done

Export Service Data                                                             ... Done

Uninstalling Platform Controller Services                                       ... Done

Stopping all services                                                           ... Done

Updating registry settings                                                      ... Done

Re-installing Platform Controller Services                                      ... Done

Registering Infra services                                                      ... Failed

Repoint failed. Restore from backup

root@X01-VI-VC01 [ ~ ]#

 

 

I think, that is same problem with SRM stale records.

 

 

Starting License export                                                         ... Done

Export Service Data                                                             ... Done

Uninstalling Platform Controller Services                                       ... Done

Stopping all services                                                           ... Done

Updating registry settings                                                      ... Done

Re-installing Platform Controller Services                                      ... Done

Registering Infra services                                                      ... Done

Starting License import                                                         ... Done

Starting Authz Data import                                                      ... Done

Starting Tagging Data import                                                    ... Done

Starting CLS import                                                             ... Done

Starting WCP service import phase...                                            ... Done

Starting NSXD import                                                            ... Done

Starting Trustmanagement import                                                 ... Done

Applying target domain CEIP participation preference                            ... Done

Starting all services                                                           ... Done

Repoint successful.

root@X00-VDI-VC01 [ ~ ]#

 

I try second atemt.

 

I make your steps. Than I make own steps:

 

  1. I connect to X01-VI-VC01 with jexplorer and make this steps

 

  • local --> vSphere --> configuration --> Sites --> X00-SSO --> LookupService --> Service Registrations --> Delete the below  

5718d867-b270-4a39-a1ae-245f777dbf5e 

  • local --> vSphere --> SolutionUsers --> **Table Editor View** -->  Delete the below  
    • CN=SRM-de1a1f26-a265-4035-a125-d13f4109c209,CN=ServicePrincipals,DC=vsphere,DC=local 
    • CN=SRM-5718d867-b270-4a39-a1ae-245f777dbf5e,CN=ServicePrincipals,DC=vsphere,DC=local

 

2.

X00-VI-VC01

cmsso-util domain-repoint -m execute --src-emb-admin Administrator --dest-domain-name vsphere.local

 

step end OK

 

3.

X00-VDI-VC01

cmsso-util domain-repoint -m execute --src-emb-admin Administrator --replication-partner-fqdn X00-VI-VC01.pcr.cz --replication-partner-admin administrator --dest-domain-name vsphere.local

 

step end OK

 

4.

X01-VI-VC01

cmsso-util domain-repoint -m execute --src-emb-admin Administrator --replication-partner-fqdn X00-VI-VC01.pcr.cz --replication-partner-admin administrator --dest-domain-name vsphere.local

 

step end OK

 

5.

/usr/lib/vmware-vmdir/bin/vdcrepadmin -f createagreement -2 -h x01-vi-vc01.pcr.cz -H x00-vdi-vc01.pcr.cz -u Administrator

 

step end OK

 

6. 

Configure Active Directory over LDAP

 

 

Now is all loks fine.

 

root@X00-VI-VC01 [ ~ ]# /usr/lib/vmware-vmdir/bin/vdcrepadmin -f showpartners -h localhost -u administrator

password:

ldap://X00-VDI-VC01.pcr.cz

ldap://X01-VI-VC01.pcr.cz

 

root@X00-VI-VC01 [ ~ ]# /usr/lib/vmware-vmdir/bin/vdcrepadmin -f showpartnerstatus -h localhost -u administrator

password:

Partner: X00-VDI-VC01.pcr.cz

Host available:   Yes

Status available: Yes

My last change number:             10314

Partner has seen my change number: 10314

Partner is 0 changes behind.

 

Partner: X01-VI-VC01.pcr.cz

Host available:   Yes

Status available: Yes

My last change number:             10314

Partner has seen my change number: 10314

Partner is 0 changes behind.

 

root@X00-VDI-VC01 [ ~ ]# /usr/lib/vmware-vmdir/bin/vdcrepadmin -f showpartners -h localhost -u administrator

password:

ldap://x00-vi-vc01.pcr.cz

ldap://x01-vi-vc01.pcr.cz

root@X00-VDI-VC01 [ ~ ]# /usr/lib/vmware-vmdir/bin/vdcrepadmin -f showservers -h localhost -u administrator

password:

cn=x00-vi-vc01.pcr.cz,cn=Servers,cn=X00-SSO,cn=Sites,cn=Configuration,dc=vsphere,dc=local

cn=x00-vdi-vc01.pcr.cz,cn=Servers,cn=X00-SSO,cn=Sites,cn=Configuration,dc=vsphere,dc=local

cn=x01-vi-vc01.pcr.cz,cn=Servers,cn=X01-SSO,cn=Sites,cn=Configuration,dc=vsphere,dc=local

root@X00-VDI-VC01 [ ~ ]# /usr/lib/vmware-vmdir/bin/vdcrepadmin -f showpartnerstatus -h localhost -u administrator

password:

Partner: x00-vi-vc01.pcr.cz

Host available:   Yes

Status available: Yes

My last change number:             10306

Partner has seen my change number: 10306

Partner is 0 changes behind.

 

Partner: x01-vi-vc01.pcr.cz

Host available:   Yes

Status available: Yes

My last change number:             10306

Partner has seen my change number: 10306

Partner is 0 changes behind.

root@X00-VDI-VC01 [ ~ ]#

 

root@X01-VI-VC01 [ ~ ]# /usr/lib/vmware-vmdir/bin/vdcrepadmin -f showpartners -h localhost -u administrator

password:

ldap://x00-vi-vc01.pcr.cz

ldap://x00-vdi-vc01.pcr.cz

root@X01-VI-VC01 [ ~ ]# /usr/lib/vmware-vmdir/bin/vdcrepadmin -f showpartnerstatus -h localhost -u administrator

password:

Partner: x00-vi-vc01.pcr.cz

Host available:   Yes

Status available: Yes

My last change number:             10304

Partner has seen my change number: 10304

Partner is 0 changes behind.

 

Partner: x00-vdi-vc01.pcr.cz

Host available:   Yes

Status available: Yes

My last change number:             10304

Partner has seen my change number: 10304

Partner is 0 changes behind.

root@X01-VI-VC01 [ ~ ]#

 

 

I think….case maybe closed. Than you very much for help and cool guidance.

 

Kindly regards



Posted by at No comments:

Sunday, January 23, 2022

vim folding collapse

If you have code like

function name {
  line 1
  line 2
  line 3
}

Manual Collapsing (fall in)

  1. Move the cursor to initial {
  2. Press zf%

Manual Decollapsing (fall out)

  1. Move the cursor to collapsed line
  2. Press SHIFT + zf%

How to fold text in a JSON file?

:set filetype=json

:syntax on

:set foldmethod=syntax 

References

More info at https://makandracards.com/gmitrev/4513-vim-cheatsheet

Posted by at No comments:

Friday, January 21, 2022

VMware VCF - ISO download workflow

 Here is the workflow ...



Posted by at No comments:
Subscribe to: Posts (Atom)