Be carefull with VMware SSO Master password bug

This week I installed a fresh vSphere 5.1 Update 1 environment and I wanted to configure it will real world certificates to get rid of all those “Do you really really reeeeeally accept this insecure website” messages. Using the VMware SSL Certificate Automation Tool I generated all the new certificates and then started changing the certificate on the VMware SSO server. When doing this, you’ll be asked for the Master password. Since I learned a while ago in a very painful way that the Admin@System-domain password is not equal to the Master password, I had written down the Master password and was 100% sure I had the correct Master password. But updating the certificate failed with the error: Incorrect master password. Tried it a few times but it kept failing. Logged in with admin@system-domain in the vSphere Web Client and this was the correct password. [Read more...]

The Doctor is: IN

Many of us in IT read a lot of whitepapers, blogposts, how-to articles and view numerous Podcasts or training video’s to learn all the details about new products or features. Still, I don’t always get some of the details or can’t find the info I need. Meeting people at VMUGs or VMworld gives me the changes to ask for those last missing piece of information. But what if you don’t have that chance?

The Doctor is IN

The Doctor is IN

When I blog about stuff I’m sometimes surprised about the comments I get and about how more people than I thought were struggling with the same questions. In responds to the comments I have been able to help quite a number of readers of my blog by e-mail and lately I did a few Google Plus Hangout sessions to help in an even better way. And that is when I came up with the following idea: Why not do a video-chat help session? [Read more...]

vCenter SSO changes when demoting domain controller

I’m still getting used to the important part vCenter SSO (Single Sign-On) is playing in vSphere 5.1. In my home lab I was switching domain controllers from W2k8 to Windows 2012. Transferred FSMO roles, integrated DNS, changed IP addresses for DNS on all servers and all seemed fine. My w2k8-dom01 server was demoted and removed. Few days later when trying to make a vCenter connection, I couldn’t logon anymore. As a good Windows Admin I of course first rebooted the vCenter VM but (as all real admins know) that seldom fixes the issue. Diving in the vCenter log files at “C:\ProgramData\VMware\VMware VirtualCenter\Logs” I found the following error:

[Read more...]

Adding AD authentication to VMware SSO 5.1

With the release of VMware vCenter Server 5.1 an important new component has been released: the VMware Single Sign-On (SSO) server. It is one of the components of vCenter Server and is a requirement for installation. Through the SSO server a user now gets authenticated and receives a token that authenticates the user with other vCenter components without having to Sign-On again.

Some users ran into some minor issues when installing SSO. Most common issue is “Error 29115 Cannot authenticate to DB”. An error which I encountered myself was “Error 29155 Identity source discovery error”. According to KB 2034374 this is due to a failed attempt to automatically discover an Active Directory domain. You can click OK on this error and continue installation. Before installing the vCenter Server component it is adviced to manually add Active Directory Authentication to SSO. [Read more...]

CloudPhysics for your permanent health check



A few weeks ago I first saw some mention of CloudPhysics by Duncan on Yellow-Bricks. Duncan’s blogpost describes pretty well what CloudPhysics does (so read it), but in short: CloudPhysics will collect data from your vCenter, upload that data to the CloudPhysics servers and analyse that data and and give you insights and key take-aways. You can also report on how your environment is doing compared to other similar environments and best practices.

What differentiates CloudPhysics from most “health check” tools how they compare your data to other similar businesses and a very important part is the intelligence of CloudPhysics, which has more advanced checks than just report that 50ms latency on your storage is too high. For example CloudPhysics should be able to tell you what the best HA configuration is for you, which is still a difficult piece of theory to many admins. CloudPhysics is not about reporting the numbers but validating and explaining best practices and how they can be applied in your environment. [Read more...]