VMware

VCM installation issues – Troubleshooting

Hi All,

This was the first time, I was working on a VCM (vRealize Configuration Manager) single tier deployment for a customer, and experienced an issue which I am sharing with this blog and it’s resolution.

  • VCM version – 5.8.3
  • Single Tier – SQL server database instance was deployed and configured
  • SQLXML and SSRS service was also configured.
  • SQL was running with a service account

Once the VCM installer was run, it passed all the pre-requisites check and proceeded with the VCM installation in about 30 minutes. Post the installation, I restarted the server as a general reboot, this is when after the reboot the SQL service would not start at all on the server.

After multiple reboots, I reviewed the logs and below was the error message found:

Event Viewer > Application logs

SQL logs

C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Log\error.log

The server was unable to initialize encryption because of a problem with a security library. The security library may be missing. Verify that security.dll exists on the system.


Next, I googled around and as VCM uses TLS 1.0, I opened the below registry path to check the registry settings on the server

\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS1.0\

Changed the settings as below for both Client and Server

DisabledbyDefault – 0

Enabled – 1

Restarted the machine after that , and wow!! the sql service was started automatically .

However, I ran into the next problem where I was unable to access the VCM console or login page, and getting the below error:

“Your id is not allowed to access, please contact your administrator”

This was very strange, as I was using the service account to login to the VCM portal. After some googling I stumbled upon VMware KB : https://kb.vmware.com/kb/2000958 and then checked the permissions of in the VCM database tablename – ecm_sysdat_logins, and to my surprise for all the login accounts the login active was 0 . Thus, I used the steps on the KB to allow login for few accounts, and then VCM login page was accessible and was able to configure it.

 

VMware

VMware Named to Great Place to Work® and…

VMware Named to Great Place to Work® and Fortune 2017 “Best Companies to Work For” List [VMware Radius]

VMware Named to Great Place to Work® and…

Today, VMware received a prestigious and public acknowledgement of our high-impact workplace as one of Fortune’s 100 Best Companies to Work For.


VMware Social Media Advocacy

VMware

Hi All,

Just wanted to share another issue which I experienced related to the license service . I ran into the issue after a reboot of the PSC , vCenter machines post a maintenance activity .

Small information about the setup, PSC is external windows based and vCenter is also windows based. After the reboot , on clicking of the “Licensing ” tab on web-client or vSphere-Client gives the error : Assigning VC license failed with class Vmacore::Soap::InvalidResponseException(Invalid response code: 503 Service Unavailable) .

I checked the license service log on the PSC machine, and also found below error:

Vpxd::License::LicenseClientFaultTolerance::ProcessLicenseChanges threw class Vmacore::Exception(License client start has failed.)

I rebooted the PSC machine once again , but the issue still remained . After bit of research through the logs , it was understood that there is an issue were the license client is expiring for a wait period as other PSC services are taking time to start.

Thus, I stop the VMware Directory service (which inturn stops all the dependent service) on PSC , and then first started the license service , then the VMware Directory Service .

As I guessed, this fixed the issue and I was able to view the licenses under the Licenses tab.

Hope, this helps if any one of you run into a similar issue.

 

 

VMware

NSX Top 10 Use cases

Folks , just wanted to share the top 10 use cases for NSX deployment which comes forward during discussions with the customers
Here is also a list of each use case:

Use Case 1: Pure micro-segmentation for servers and VDI environments
Controlling traffic between devices within same subnet or within a network at the vNic level which is the closest to the VM.
Purpose : Cyber-security (eliminate the threat of lateral attacker movement within DC) and compliance.

Use Case 2: Pass your PCI audit in record time
Segment zones based on business purposes, without the need for re-architecture, re-addressing or expensive capital expenditure and satisfy PCI-DSS compliance for large banks
Purpose : Achieve compliance (such as PCI) in very little time.

Use Case 3: Dynamic isolation of virtual machines based on their security groups and dynamic policy implementation
Purpose : Automatically scans VMs and place affected machines in quarantine until they are remediated, and also Quickly and dynamically isolates security risk.
Allow implementation of pre-defined security and zone based policies on dynamic VM creations.

Use Case 4: Advanced IDS/IPS security – Palo Alto Firewalls example .
L4-L7 security services as close to the source of the traffic and reduce security risk associated with east-west traffic.

Use Case 5: Collapsed DMZ deployment models
Deploy new services and applications onto a flat network, removing the need for multiple physical connections to a firewall and complex routing domains. Facilitates provisioning of services and reducing time to market.

Use Case 6: Multi-site Network and Security (cross vCenter) and Disaster Recovery
Purpose : Extend Layer 2 segments across multiple DC’s and enable customers to place workloads anywhere, while keeping consistent security policies across DCs. Saves cost on expensive mechanisms as OTV.
Allows close integration with SRM and saves IP re-addressing , reducing RTO . Also allows to have Active -Active site deployments.

Use Case 7 : Private Cloud / IaaS – Platform choice
Purpose : Enable developers to access a self-service portal and deploy applications based on templates , as well choose their own choice of hypervisor with NSX integration with Openstack, NSX-T and NSX-V.

Use Case 8: Reducing capital expenditure in expensive hardware devices
Purpose:  Provide network services (such as Load-balancing and Firewall) at a reduced cost.

Use Case 9:NSX-ROBO & SD-WAN
Purpose :  Combine the previous use case of NSX-ROBO with SD-WAN partner solutions, and reduce operational costs of branch connectivity and maintenance . Allows , integrated branch consolidation.

Use Case 10: SDDC as a Service
Purpose : Access public cloud resources and services, managed by vCenter Server. Choose your network dynamically on private cloud or public cloud by extending your current network into public cloud environments.