How to add vSphere 6 VMCA Root Certificate to Trusted Certs Store

How to add vSphere 6 VMCA Root Certificate to Trusted Certs Store

When running vSphere 6 deployments in default (recommended) mode, VMware Certificate Authority is its own root certificate authority. Everything fine and secure with this configuration, but your browser displays a warning because the root certificate is not trusted.

Use the below script (VBS) that pulls the CA certificate from a vCenter Server and adds it to the local trusted root certificates store. When the root CA is trusted, browser warnings are gone.

Just save the source to a file with a .vbs extension, or download the .zip package which includes the file. The script asks vor the vCenter FQDN, pulls the certificate archive, unzips it and adds the certificate to the local root store.
Note: Adding certificates to the root store requires administrative permissions.

Source

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objApp = CreateObject("Shell.Application")
Set objShell = CreateObject("WScript.Shell")

dim vCenterName
vCenterName = inputbox("Add vSphere 6.0 PSC trusted root CA certificates to the local certificate store. Please enter vCenter Server Address (eg. vcenter.example.com)", "Enter vCenter Server URL", "")
if vCenterName = "" then
 wscript.quit
end if

CaCert = "./" & vCenterName & "-cacert.zip"
CaDir = "./" & vCenterName & "-cacert/"
Set newDIR = objFSO.CreateFolder( CaDir )

const SXH_SERVER_CERT_IGNORE_ALL_SERVER_ERRORS = 13056
dim xHttp: Set xHttp = createobject("MSXML2.ServerXMLHTTP")
dim bStrm: Set bStrm = createobject("Adodb.Stream")
xHttp.Open "GET", "https://" & vCenterName & "/certs/download", False
xHttp.setOption 2, SXH_SERVER_CERT_IGNORE_ALL_SERVER_ERRORS
xHttp.Send
with bStrm
 .type = 1
 .open
 .write xHttp.responseBody
 .savetofile CaCert, 2
end with
 
Set unzip=objApp.NameSpace(objFSO.GetAbsolutePathName(CaCert)).Items()
objApp.NameSpace(objFSO.GetAbsolutePathName(CaDir)).copyHere unzip, 16

CertFolder = CaDir & "certs/"
Set objFolder = objFSO.GetFolder(CertFolder)
Set colFiles = objFolder.Files
For Each objFile in colFiles
 objShell.run "certutil.exe -addstore Root "& CertFolder & objFile.Name 
Next

         Download: add-vcenter-root-ca.zip

If you don’t want to use the script, you can also follow the instructions in KB2108294 which explains the same procedure

Deprecated VMFS volume warning in ESXi 6.0 Hosts

Deprecated VMFS volume warning in ESXi 6.0 Host

Symptoms

vSphere 6.0  hosts display a false positive warning:

Deprecated VMFS volume(s) found on the host. Please consider upgrading volume(s) to the latest version

Cause

This issue occurs because the version of the filesystem is not known during the initial detection. Therefore, comparing it against the list of valid filesystems does not return a match.

Resolution

This is a known issue affecting vCenter Server 6.0 and  there is no resolution .And the work around this issue, restart the management agents on the impacted hosts to clear the warning

Restarting the Management agents on ESXi

To restart the management agents on ESXi:

From the Direct Console User Interface (DCUI):

1. Connect to the console of your ESXi host.
2. Press F2 to customize the system.
3. Log in as root.
4. Use the Up/Down arrows to navigate to Restart Management Agents.
   
   Note: In ESXi  6.0 this option is available under Troubleshooting Options.
5. Press Enter.
6. Press F11 to restart the services.
7. When the service restarts, press Enter.
8. Press Esc to log out of the system.

From the Local Console or SSH:

1. Log in to SSH or Local console as root.
2. Run these commands one by one
   
   /etc/init.d/hostd restart   Note :- Wait for 30 Seconds and run the next command .
   /etc/init.d/vpxa restart

Note :- Restarting the management agents will cause any impact on the VM's running on the host . There may be disconnection of the host from vCenter for few seconds until the agents started again.

VMware Acronyms and Abbreviations

List of VMware acronyms and abbreviations

AAM	Automated Availability Manager
ADM	Application Discover Manager
APM	Application Performance Manager
BYOD	Bring Your Own Device
CB	Chargeback
CBM	Chargeback Manager
CBRC	Content Based Read Cache
CF	Cloud Foundry
CIM	Common Interface Model
CIQ	Capacity IQ
CIS	Cloud Infrastructure Suite
CSI	Clustering Services Infrastructure
DaaS	Desktop as a Service
DAS	Distributed Availability Service
DBaaS	Database as a Service
DD	Data Director
DPM	Distributed Power Management
DRS	Distributed Resources Scheduler
DVS	Distributed Virtual Switch
ERS	Enterprise Ready Server
ESX	Elastic Sky X
ESXi	Elastic Sky X Integrated
EUC	End User Computing
EVC	Enhanced vMotion Compatibility
EVDC	Elastic Virtual Data Center
FDM	Fault Domain Manager
FT	Fault Tolerance
GFE	GemFire Enterprise
GSX	Ground Storm X
HA	High Availability
HCL	Hardware Compatibility List
HoL	Hands-On Labs
IaaS	Infrastructure as a Service
IODM	I/O Device Management
MVP	VMware Mobile Virtualization Platform
NEE	Next-Generation Education Environment
NETIOC	Network I/O Control
NIOC	Network I/O Control
OVDC	Organization Virtual Data Center
P2V	Physical to Virtual
PaaS	Platform as a Service
PAE	Propero Application Environment
PDL	Permanent Device Loss
PSO	Professional Services Organisation
PVDC	Provider Virtual Data Center
S2	SpringSource
SaaS	Software as a Service
SDDC	Software Defined Data Center
SDRS	Storage Distributed Resource Scheduling
SI	Spring Integration
SIOC	Storage I/O Control
SM	Service Manager
SMP	Symmetrical Multi Processing
SQLF	SQLFire
SR-IOV	Single Root I/O Virtualization
SRM	Site Recovery Manager
STS	SpringSource Tool Suite
TAM	Technical Account Manager
V2V	Virtual to Virtual
VAAI	vStorage API for Array Integration
VADM	vCenter Application Discovery Manager
VC	Virtual Center
VCA4-DT	VMware Certified Associate 4 – Desktop
VCAC	vCloud Automation Center
VCAP	VMware Certified Advanced Professional
VCAP4-DCA	VMware Certified Advanced Professional 4 – Datacenter Administration
VCAP4-DCD	VMware Certified Advanced Professional 4 – Datacenter Design
VCAP5-DCA	VMware Certified Advanced Professional 5 – Datacenter Administration
VCAP5-DCD	VMware Certified Advanced Professional 5 – Datacenter Design
VCAP-CID	VMware Certified Advanced Professional – Cloud Infrastructure Design
VCAP-DTD	VMware Certified Advanced Professional – Desktop Design
VCAT	vCloud Architecture Toolkit
VCD	vCloud Director
VCDX	VMware Certified Design Expert
VCDX4-DV	VMware Certified Design Expert 4 – Datacenter Virtualiziation
VCDX5-DV	VMware Certified Design Expert 5 – Datacenter Virtualiziation
VCDX-DT	VMware Certified Design Expert – Desktop
VCIM	vCloud Integration Manager
VCLI	vSphere Command Line Interface
VCM	vCenter Configuration Manager
VCO	vCenter Orchestrator
VCOPS	vCenter Operations
VCP4-DT	VMware Certified Professional 4 – Desktop
VCP4-DV	VMware Certified Professional 4 – Datacenter Virtualization
VCP5-DT	VMware Certified Professional 5 – Desktop
VCP5-DV	VMware Certified Professional 5 – Datacenter Virtualization
vCSA	vCenter Server Appliance
VCSN	vCloud Security and Networking
VDC	Virtual Data Center
VDP	vSphere Data Protection
VDR	VMware Data Recovery
VDS	vNetwork Distributed Switch
VIM	Virtual Infrastructure Management
VIN	vCenter Infrastructure Navigator
VIX	Virtual Infrastructure eXtension
VM	Virtual Machine
VMA	vSphere Management Assistant
VMFS	Virtual Machine File System
VMRC	VMware Remote Console
VMS	vFabric Management Service
VMSA	VMware Security Advisory
VMTN	VMware Technology Network
VMW	VMware
VMX	Virtual Machine eXecutable
VPX	Virtual Provisioning X
VPXA	Virtual Provisioning X Agent
VPXD	Virtual Provisioning X Daemon
VR	vSphere Replication
VRM	vCloud Request Manager
VSA	vSphere Storage Appliance
VSM	VMware Service Manager
VSP	VMware Sales Professional
vswif	Virtual Switch Interface
VTSP	VMware Technical Sales Professional
VUM	vCenter Update Manager
VXLAN	Virtual Extensible Local Area Network

Recreating a missing virtual machine disk descriptor file

How to Recreate Missing VMWare Flat Files
If you ever run into a situation where you restart a VMWare virtual machine and lo and behold you get an error that the file cannot be found, and you look, and the vmdk is there but it has a –flat added to it, this blog may help you to recreate a lost virtual disk descriptor file (VMDK).

How to Tell When it’s Time to Recreate Descriptor FilesHow will you know if you need to recreate the descriptor file?  Well you may need to recreate that missing header/descriptor files if:

• The virtual machine disk file listed in the Data store Browser is your virtual machine’s flat file, and does not have an icon.
• When powering on a virtual machine, you see a File not found
• The disk descriptor file for the virtual machine’s disk does not exist or is corrupted.

As always, your first action would be to attempt to restore the missing descriptor file from backups if possible. If this is not possible, you will need to proceed with recreating the virtual machine disk descriptor file.

A Little Background
Each disk drive for a virtual machine consists of a pair of .vmdk files. One is a text file containing descriptive data about the virtual hard disk, and the second is the actual content of that disk.

For example, a virtual machine named testvm has one disk attached to it. This disk is comprised of a testvm.vmdk descriptor file of under 1 KB, and a 10 GB testvm-flat.vmdk flat file which contains virtual machine content.

Overview of the Steps that will be Performed to Recreate the Descriptor File:

• Identify the size of the flat file in bytes.
• Create a new blank virtual disk that is the same size as the original (Critical to assure proper disk geometry.)
  Rename the descriptor file of the newly-created disk to match the name of the original virtual disk.
• Modify the contents of the renamed descriptor file to reference the flat file.
• Remove the leftover temporary flat file of the newly-created disk, as it is not required.
• Now the details.

Detailed Steps:

To create a virtual machine disk:

• Log onto the terminal of the VMWare host using Putty or other terminal emulation software.
• Navigate to the directory that contains the virtual machine disk with the missing descriptor file using the following command: # cd /vmfs/volumes/vmfsvolume/dir
• Identify the type of SCSI controller the virtual disk is using. You can do this by examining the virtual machine configuration file (.vmx). You can download a copy of the .vmx file to your desktop using the data store browser and open using Notepad or similar text editor.
• The controller is identified by the line scsi#.virtualDev , where # is the controller number. There may be more than one controller and controller type attached to the virtual machine, such as lsisas1068 (which is the LSILogic SAS controller), lsilogic, or buslogic. The following example uses lsilogic:present = “true”
  scsi0.sharedBus = “none”
  scsi1.present = “true”
  scsi1.sharedBus = “virtual”
  scsi1.virtualDev = “lsilogic”

• Identify and write down the exact size of the -flat file using the command:# ls -l vmdisk0-flat.vmdk-rw——- 1 root root 4294967296 Aug 11 12:30 vmdisk0-flat.vmdk

You can use vmkfstools command to create a new virtual disk:

# vmkfstools -c 4294967296 -a lsilogic -d thin temp.vmdk

The command uses the following flags:

-c size (this is the size of the virtual disk.)

-a virtual_controller (Whether the virtual disk was configured to work with BusLogic, LSILogic (use for both lsilogic and lsilogic SAS), Paravirtual, or IDE.

HINT: Use lsilogic for virtual disk type “lsilogic” and “lsisas1068”

-d thin (This creates the disk in thin-provisioned format).

HINT: To save disk space, you should create the disk in thin-provisioned format using the flag –d for thin. The resulting flat file then consumes minimal amounts of space (1 MB) instead of immediately assuming the capacity specified with the -c switch. The only consequence to doing this however, is the descriptor file contains an extra line that must be manually removed before turning on the virtual machine.

The temp.vmdk and temp-flat.vmdk files are created as a result.

• Delete temp-flat.vmdk , as it is not needed. You can delete from browser or Run the following command:
• # rm -i temp-flat.vmdk
• Rename temp.vmdk to the name that is required to match the orphaned .flat file (vmdisk0.vmdk, in this example):# mv -i temp.vmdk vmdisk0.vmdk
• Edit the descriptor file using a text editor, you can download to your machine edit and copy it back to the Host, saving the original in case you make a mistake.
• Under the Extent Description section, change the name of the .flat file to match the orphaned .flat file you have. Shown below in red.
• Find and remove the line ddb.thinProvisioned = “1” if the original .vmdk was not a thin disk.
• If it was, retain this line, do not delete. Shown below in red. Make sure you save any changes.
  # Disk DescriptorFile
  version=1
  CID=fb183c20
  parentCID=ffffffff
  createType=”vmfs”# Extent description
  RW 8388608 VMFS “vmdisk0-flat.vmdk”# The Disk Data Base
  #DDBvirtualHWVersion = “4”
  ddb.geometry.cylinders = “522”
  ddb.geometry.heads = “255”
  ddb.geometry.sectors = “63”
  ddb.adapterType = “lsilogic”
  ddb.thinProvisioned = “1”

Upload File Back to Data Store.
The virtual machine is now ready to power on. Verify your changes before starting the virtual machine.

To check the disk chain for consistency, run this command against the disk descriptor file:
# vmkfstools -e filename.vmdk
For a complete chain, you see output similar to:
Disk chain is consistent

For a broken chain, you will see a summary of the snapshot chain and then an output similar to:
Disk chain is not consistent : The parent virtual disk has been modified since the child was created. The content ID of the parent virtual disk does not match the corresponding parent content ID in the child (18)

Your virtual machine should now be powered up and fully functional.

Graphical View  with Steps

First of all, we start by establishing an SSH connection to the host and browsing to the location of the VMs files:

(rather than delete the newdisk.vmdk for the purposes of this example, I have just renamed it to newdisk.vmdkold – the effect is the same)

Ok, so here we have a bunch of virtual machine files, including the virtual disk (newdisk-flat.vmdk), but no valid newdisk.vmdk file to go with it. To start we need to examine the .vmx file to see what type of scsi controller the disk was using, as we will need that information to recreate the descriptor file. Looking at the .vmx file, we can see the following:

We can see from the scsi0.virtualDev line that the disk is using the lsilogic controller. The next piece of information that we need is the exact size of the virtual disk file. We can get this by running ‘ls -l newdisk-flat.vmdk‘:

Armed with the scsi controller type and the disk size, we can now use vmkfstools to create a new disk and descriptor file by running ‘vmkfstools -c 4294967296 -a lsilogic -d thin temp.vmdk‘.

As a result of running that command two new files have been created – temp.vmdk and temp-flat.vmdk. We’re only interested in the descriptor file, so we can delete the disk file by running ‘rm temp-flat.vmdk‘.

The next step is to rename temp.vmdk to newdisk.vmdk, in order for it to match our original disk. We can do this by running ‘mv temp.vmdk newdisk.vmdk‘.

The final part of the process is to edit the newly created newdisk.vmdk file. When we first open the file it looks like this:

We need to change the line referencing the flat vmdk file as follows:

We should now be able to power on the virtual machine!