Certificate replacement: PSC UI vs certificate-manager

If you ever had to replace certificates in vSphere 6.0 and 6.5 you may know that there are two different ways to do it. The first one using the PSC web UI and the second one using the embedded certificate-manager utility. Now you may also think that these... [Read More]

Faulty HBA troubleshooting

After moving an ESXi host to another rack, I encountered a really strange behaviour. The hosts are Fujistsu servers and are connected to an EMC FC SAN. After the host was installed in its new rack, when we powered it back on some datastores were missing but not all of... [Read More]

Certificates: Don't use common name as identifier

I recently encountered a certificate issue while working on a project when the certificate was being rejected in a web browser. At first my certificate looked fine, the FQDN was in the common name field (CN) and I had a bunch of Subject Alternative Names (SAN) as well. When I... [Read More]

Deploy Log Insight in Workstation

If you want to run Log Insight in Workstation (most likely for a lab), you will realise that once you deployed the appliance, all the settings you configured in the wizard have been diregarded. Note that the following is not supported by VMware and should only be used for labs... [Read More]

Set password of an sso user to never expire

In vCenter, users created on the vSphere SSO domain (vphere.local by default) all share the same password policy defined in Single Sign-On > Configuration > Policies > Password Policy with a default password expiration after 90 days. For “interactive” users it’s probably a good thing to keep them on their... [Read More]

How to silence VSAN health checks

The VSAN health checks are great in vCenter to quickly notice when something wrong is going on. However there may be some of the health checks that you don’t want to come up as warning. As an example, lots of vCenter implementations don’t have access to internet by design and... [Read More]

Certificate replacement in vCenter HA configuration

Recently I had to change the default certificates of a newly installed vCenter. Nothing unusal with that, if not for the fact that I didn’t think about vCenter HA that I configured before getting the certs. If only I had read that little piece of advice from VMware… ... [Read More]

Passive node down in vCenter HA 6.5

This issue is fixed in vCenter 6.5 update 1. I recently logged on a VCSA 6.5 that had been installed a while back with vCenter High Availability (VCHA) and noticed that the passive node was down. After a few checks, the VM is running, I can... [Read More]

vCenter 6.5 hybrid certificates with Microsoft Standalone CA

The hybrid mode is currently VMware’s recommended deployment model for certificates as it procures a good level of security while not being too cumbersome to implement. In this model only the Machine SSL certificate is signed by the CA and replaced on the vCenter server. The solution user and ESXi... [Read More]

Install the latest PowerCLI on offline systems

If you keep your PowerCLI up to date you may have noticed that since version 6.5.1 you can’t download the installer on the VMware website anymore. This being because VMware moved the distribution of PowerCLI to Powershell Gallery using the cmdlets Install-Module, Uninstall-Module and... [Read More]