Contents

    1. Cross vCenter vMotion
    2. Unregister PNID
    3. Reconfigure a Standalone vCenter Server with an Embedded Platform Services Controller to a vCenter Server with an External Platform Services Controller
      1. Log in to the vCenter Server instance with an embedded Platform Services Controller
      2. Verify that all Platform Services Controller services are running
      3. Configure Replication Agreement Between All External Platform Services Controller Instances
      4. Results
      5. MAC Address Management During Migration Between vCenter Server Systems
      6. Run the cmsso-util reconfigure command
    4. Repoint an External Deployment to an Alternate Platform Services Controller in the Same Site (Intra-Site)
      1. error
    5. Repoint an External Deployment to an Same Platform Services Controller in the Same Site (Intra-Site)
    6. Oracle
      1. 配置 Oracle 数据库用户
      2. 运行以下 SQL 命令向 vCenter Server 数据库用户授予其他权限
    7. drop vpx
    8. upgrade vCenter
    9. How to Upgrade from VCSA 5.5 to 6.0
      1. FQDN issue
    10. vCenter Server Downgrade options
    11. Upgrade vCenter Server Appliance 6.0 U2 to 6.5
    12. install VCSA 6.7 from cli
      1. json file
    13. install VCSA 6.0 from cli
  2. Troubleshooting
    1. das.usedefaultisolationaddress
    2. "Shutting down the VC as there is not enough free space for the Database" error (67017)
    3. File system /storage/seat is low on database storage space.
      1. backup postgresql database
      2. cleanup.sql
    4. CA warning
    5. Exception in invoking authentication handler User password expired VCSA6.7
    6. Version
    7. 503
    8. 503 Service Unavailable (Failed to connect to endpoint
      1. SSL certificate verification failed.
    9. On my vCenter Server Appliance VM, I get "soft lockup - CPU## stuck for ##s!" message.
    10. addition or reconfiguration of network adapters attached to non-ephemeral distributed virtual port groups
    11. Error naming or renaming a VM file
    12. Collecting diagnostic information for VMware vCenter Server 4.x, 5.x and 6.0 (1011641)
    13. Quick Tip – How to quickly find the release & build number on VCSA
    14. VMware vCenter 6 Web Console doesn’t load or very slow
      1. vSphere Web client unresponsive in vCenter Server
      2. "back-end property provider" error while adding new datastore in vSphere Web Client
    15. VC HA
    16. Join the vCenter Server Appliance to an Active Directory Domain
      1. Prerequisites
      2. Join AD Domain from the Command Line
      3. Verify domain status from vCSA command line
    17. resize VCSA partitions size

Cross vCenter vMotion

https://labs.vmware.com/flings/cross-vcenter-workload-migration-utility 

brightmoon /tmp/xvm-1.0 # java -jar xvm-1.0.jar

  .   ____          _            __ _ _
 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  |____| .__|_| |_|_| |_\__, | / / / /
 =========|_|==============|___/=/_/_/_/
 :: Spring Boot ::        (v1.5.1.RELEASE)

15:38:32 INFO  Starting ApiController on brightmoon with PID 2888 (/tmp/xvm-1.0/xvm-1.0.jar started by root in /tmp/xvm-1.0)
15:38:32 DEBUG Running with Spring Boot v1.5.1.RELEASE, Spring v4.3.6.RELEASE
15:38:32 INFO  No active profile set, falling back to default profiles: default
15:38:33 INFO  HV000001: Hibernate Validator 5.3.4.Final
15:38:34 INFO  Starting service Tomcat
15:38:34 INFO  Starting Servlet Engine: Apache Tomcat/8.5.11
15:38:34 INFO  Initializing Spring embedded WebApplicationContext
15:38:35 INFO  Context refreshed
15:38:35 INFO  Found 1 custom documentation plugin(s)
15:38:35 INFO  Scanning for api listing references
15:38:35 INFO  Initializing ProtocolHandler ["http-nio-8080"]
15:38:35 INFO  Starting ProtocolHandler [http-nio-8080]
15:38:35 INFO  Using a shared selector for servlet write/read
15:38:35 INFO  Started ApiController in 3.578 seconds (JVM running for 4.142)
15:38:35 INFO  Cross vCenter Workload Migration Utility Initialized!
9915:38:49 INFO  Initializing Spring FrameworkServlet 'dispatcherServlet'

http://127.0.0.1:8080/

Unregister PNID

root@photon-machine [ ~ ]# cmsso-util unregister --node-pnid 192.168.16.26 --username administrator@vsphere.local
Password:
2018-02-07T10:19:56.061Z   Running command: ['/usr/lib/vmware-vmafd/bin/dir-cli', 'service', 'list', '--login', 'administrator@vsphere.local']
2018-02-07T10:19:56.104Z   Done running command

Reconfigure a Standalone vCenter Server with an Embedded Platform Services Controller to a vCenter Server with an External Platform Services Controller

https://docs.vmware.com/en/VMware-vSphere/6.0/com.vmware.vsphere.install.doc/GUID-EA6CD275-DD0A-4ADC-9512-B2A006DE00F1.html

Deploy or install the external Platform Services Controller instance as a replication partner of the existing embedded Platform Services Controller instance in the same vCenter Single Sign-On site.

Log in to the vCenter Server instance with an embedded Platform Services Controller

Verify that all Platform Services Controller services are running

Run the service-control --status --all command.

The Platform Services Controller services that must be running are VMware License Service, VMware Identity Management Service, VMware Security Token Service, VMware Certificate Service, and VMware Directory Service.

Configure Replication Agreement Between All External Platform Services Controller Instances

/usr/lib/vmware-vmdir/bin/vdcrepadmin -f showpartners -h psc_fqdn_or_static_ip -u administrator

If there is an external Platform Services Controller instance that is not in replication agreement with another external Platform Services Controller instance, run the vdcrepadmin command with the createagreement parameter against this Platform Services Controller instance to join it to another external Platform Services Controller instance.

If you are using a connection to a vCenter Server Appliance or Platform Services Controller appliance, run the following command. If the vCenter Server with an embedded Platform Services Controller instance and the external Platform Services Controller instance are not direct replication partners, create such a replication agreement. For a vCenter Server Appliance with an embedded Platform Services Controller, from the appliance Bash shell, run the following command. 

/usr/lib/vmware-vmdir/bin/vdcrepadmin -f createagreement -h localhost -H psc_fqdn_or_static_ip -u administrator
/usr/lib/vmware-vmdir/bin/vdcrepadmin -f createagreement -2 -h psc_fqdn_or_static_ip -H partner_psc_fqdn_or_static_ip -u administrator

Repeat Step above against each external Platform Services Controller instance that is not in replication agreement with another external Platform Services Controller instance.

Results

The vCenter Server instances with an embedded Platform Services Controller are demoted, and the vCenter Server instances are redirected to the external Platform Services Controller instances.

MAC Address Management During Migration Between vCenter Server Systems

When you move a virtual machine between vCenter Server instances, the environment specifically handles MAC address migration to avoid address duplication and loss of data in the network.

In an environment with multiple vCenter Server instances, when a virtual machine is migrated, its MAC addresses are transferred to the target vCenter Server. The source vCenter Server adds the MAC addresses to a black list so that it does not assign them to newly created virtual machines.

To reclaim unused MAC addresses from the black list, contact VMware Technical Support for assistance.

Run the cmsso-util reconfigure command

cmsso-util reconfigure --repoint-psc psc_fqdn_or_static_ip --username username --domain-name domain_name --passwd password [--dc-port port_number]

Here, psc_fqdn_or_static_ip is the system name used to identify the external Platform Services Controller instance. This system name must be an FQDN or a static IP address.

Repoint an External Deployment to an Alternate Platform Services Controller in the Same Site (Intra-Site)

error

/storage/log/vmware/vmdird/vmdird-syslog.log 

2018-02-07T13:05:10.277807+00:00 err vmdird  t@140566488983296: SASLSessionStep: sasl error (-13)(SASL(-13): authentication failure: client evidence does not match what we calculated. Probably a password error)
2018-02-07T13:05:10.279087+00:00 err vmdird  t@140566488983296: VmDirSendLdapResult: Request (96), Error (49), Message ((49)(SASL step failed.)), (0) socket ([17] 192.168.16.27:389<-192.168.16.27:50923)
2018-02-07T13:05:10.279113+00:00 err vmdird  t@140566488983296: Bind Request Failed ([17] 192.168.16.27:389<-192.168.16.27:50923) error 49: Protocol version: 3, Bind DN: "cn=Administrator,cn=Users,dc=vsphere,dc=local", Method: 163

https://kb.vmware.com/s/article/2147280

Repoint an External Deployment to an Same Platform Services Controller in the Same Site (Intra-Site)

root@photon-machine [ ~ ]# cmsso-util repoint --repoint-psc 10.97.2.252
Validating Provided Configuration ...
Error: The provided Platform Services Controller(PSC) 10.97.2.252 is already the current active PSC of this vCenter Server

root@photon-machine [ ~ ]# cmsso-util unregister  --username administrator@vsphere.local --node-pnid 10.97.2.252
Password:
This command is supported only on PSC and vCenter with embedded PSC nodes.

Oracle

使用脚本创建本地或远程 Oracle 数据库

 CREATE SMALLFILE TABLESPACE "VPX" DATAFILE '/data/vcdb/vpx01.dbf'
 SIZE 100M AUTOEXTEND ON NEXT 10M MAXSIZE UNLIMITED LOGGING EXTENT MANAGEMENT LOCAL SEGMENT 
 SPACE MANAGEMENT AUTO;

配置 Oracle 数据库用户

 CREATE USER "VSAN" PROFILE "DEFAULT" IDENTIFIED BY "oracle" DEFAULT TABLESPACE
 "VPX" ACCOUNT UNLOCK;
 grant connect to VSAN;
 grant resource to VSAN;
 grant create view to VSAN;
 grant create sequence to VSAN;
 grant create table to VSAN;
 grant create materialized view to VSAN;
 grant execute on dbms_lock to VSAN;
 grant execute on dbms_job to VSAN;
 grant select on dba_lock to VSAN;
 grant select on dba_tablespaces to VSAN;
 grant select on dba_temp_files to VSAN;
 grant select on dba_data_files to VSAN;
 grant select on v_$session to VSAN;
 grant unlimited tablespace to VSAN;

 alter user "VSAN" quota unlimited on "VPX";
  1. 在成功安装了具有 Oracle 数据库的 vCenter Server 之后,您可以撤销下列特权。 

 revoke select on dba_tablespaces from VSAN;
 revoke select on dba_temp_files from VSAN;
 revoke select on dba_data_files from VSAN;

运行以下 SQL 命令向 vCenter Server 数据库用户授予其他权限

grant select on v_$system_event to VSAN;
grant select on v_$sysmetric_history to VSAN;
grant select on v_$sysstat to VSAN;
grant select on dba_data_files to VSAN;
grant select on v_$loghist to VSAN;

vCenter 数据库监控已启用。

@/home/oracle/dbschema/VCDB_oracle.sql
@/home/oracle/dbschema/VCDB_views_oracle.sql
@/home/oracle/dbschema/insert_stats_proc_oracle.sql
@/home/oracle/dbschema/load_stats_proc_oracle.sql
@/home/oracle/dbschema/purge_stat2_proc_oracle.sql
@/home/oracle/dbschema/purge_stat3_proc_oracle.sql
@/home/oracle/dbschema/purge_usage_stats_proc_oracle.sql
@/home/oracle/dbschema/stats_rollup1_proc_oracle.sql
@/home/oracle/dbschema/stats_rollup2_proc_oracle.sql
@/home/oracle/dbschema/stats_rollup3_proc_oracle.sql
@/home/oracle/dbschema/cleanup_events_oracle.sql
@/home/oracle/dbschema/delete_stats_proc_oracle.sql
@/home/oracle/dbschema/load_usage_stats_proc_oracle.sql
@/home/oracle/dbschema/TopN_DB_oracle.sql
@/home/oracle/dbschema/calc_topn1_proc_oracle.sql
@/home/oracle/dbschema/calc_topn2_proc_oracle.sql
@/home/oracle/dbschema/calc_topn3_proc_oracle.sql
@/home/oracle/dbschema/calc_topn4_proc_oracle.sql
@/home/oracle/dbschema/clear_topn1_proc_oracle.sql
@/home/oracle/dbschema/clear_topn2_proc_oracle.sql
@/home/oracle/dbschema/clear_topn3_proc_oracle.sql
@/home/oracle/dbschema/clear_topn4_proc_oracle.sql
@/home/oracle/dbschema/rule_topn1_proc_oracle.sql
@/home/oracle/dbschema/rule_topn2_proc_oracle.sql
@/home/oracle/dbschema/rule_topn3_proc_oracle.sql
@/home/oracle/dbschema/rule_topn4_proc_oracle.sql
@/home/oracle/dbschema/process_license_snapshot_oracle.sql
@/home/oracle/dbschema/l_purge_stat2_proc_oracle.sql
@/home/oracle/dbschema/l_purge_stat3_proc_oracle.sql
@/home/oracle/dbschema/l_stats_rollup1_proc_oracle.sql
@/home/oracle/dbschema/l_stats_rollup2_proc_oracle.sql
@/home/oracle/dbschema/l_stats_rollup3_proc_oracle.sql
@/home/oracle/dbschema/job_dbm_performance_data_oracle.sql
@/home/oracle/dbschema/process_performance_data_oracle.sql

@/home/oracle/dbschema/job_schedule1_oracle.sql
@/home/oracle/dbschema/job_schedule2_oracle.sql
@/home/oracle/dbschema/job_schedule3_oracle.sql 
@/home/oracle/dbschema/job_cleanup_events_oracle.sql
@/home/oracle/dbschema/job_topn_past_day_oracle.sql
@/home/oracle/dbschema/job_topn_past_week_oracle.sql
@/home/oracle/dbschema/job_topn_past_month_oracle.sql
@/home/oracle/dbschema/job_topn_past_year_oracle.sql

drop vpx

SQL> drop user vpxadmin cascade;

User dropped.

SQL> DROP TABLESPACE vpx INCLUDING CONTENTS AND DATAFILES;

Tablespace dropped.

upgrade vCenter

Command> com.vmware.software-packages staged --url http://xxx/
Command> com.vmware.software-packages install --staged

How to Upgrade from VCSA 5.5 to 6.0

https://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.upgrade.doc%2FGUID-5FCA78EC-8637-43A4-8B28-24624E4D5EBA.html

  1. Do a backup or create a snapshot of your existing VCSA.
  2. Verify that the clocks of all machines on the vSphere network are synced.
  3. Verify that the ESXi host on which you deploy the vCenter Server Appliance is not in lockdown or maintenance mode.

FQDN issue

    vCenterServer FQDN vcsa55.lab.local does not match DNS servers “localhost.localdom,localhost” and ip addresses “10.10.7.151” from VC certificate
        Examine the VC certificate and make sure it is valid and point to vCenterServer FQDN.

  1. Log in to the source vCenter Server Appliance Web interface at https://Source_vCenter_Server_Appliance_FQDN:5480/.

  2. Click the Admin tab.
  3. Regenerate certificates:
    • vCenter Server 5.1: Select Toggle certificate setting so that the Certificate regeneration enabled displays Yes. vCenter Server 5.5: Select Yes under Certificate regeneration enabled.
  4. Click Submit.
  5. Reboot the vCenter Server Appliance.
  6. After the vCenter Server Appliance reboots, confirm that the Certificate regeneration enabled option is set to disabled.

    https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2110772

    https://communities.vmware.com/thread/528020?start=0&tstart=0

vCenter Server Downgrade options

http://www.vladan.fr/esxi-6-0-downgrade-options-lab-time/

Upgrade vCenter Server Appliance 6.0 U2 to 6.5

http://www.jonkensy.com/upgrade-vcenter-server-appliance-6-0-u2-to-6-5/

http://www.virtualizationhowto.com/2016/11/upgrade-vmware-vcenter-vcsa-appliance-6-0-to-6-5/

install VCSA 6.7 from cli

json file

{
    "__version": "2.13.0",
    "__comments": "Sample template to deploy a vCenter Server Appliance with an embedded Platform Services Controller on an ESXi host.",
    "new_vcsa": {
        "esxi": {
            "hostname": "DELL-ESXi01.brightmoon.org",
            "username": "root",
            "password": "cisco,123",
            "deployment_network": "VM Network",
            "datastore": "DELL-LOCAL-SATA01"
        },
        "appliance": {
            "__comments": [
            ],
            "thin_disk_mode": true,
            "deployment_option": "tiny",
            "name": "Embedded-vCenter-Server-Appliance6.7u3"
        },
        "network": {
            "ip_family": "ipv4",
            "mode": "static",
            "ip": "10.82.91.200",
            "dns_servers": [
                "10.82.91.129"
            ],
            "prefix": "24",
            "gateway": "10.82.91.254",
            "system_name": "vcenter01.brightmoon.org"
        },
        "os": {
            "password": "P@ssw0rd",
            "ntp_servers": "10.82.91.129",
            "ssh_enable": true
        },
        "sso": {
            "password": "Systec36#^"
        }
    },
    "ceip": {
        "description": {
            "__comments": [
                "++++VMware Customer Experience Improvement Program (CEIP)++++"
            ]
        },
        "settings": {
            "ceip_enabled": true
        }
    }
}

sudo mount -v -o loop VMware-VCSA-all-6.7.0-14836122.iso /mnt/iso
cd /mnt/iso/vcsa-cli-installer/lin64/
./vcsa-deploy install --verify-template-only --accept-eula --acknowledge-ceip  /tmp/embedded_vCSA6.7U3_on_ESXi.json
./vcsa-deploy install --precheck-only --accept-eula --acknowledge-ceip  /tmp/embedded_vCSA6.7U3_on_ESXi.json
./vcsa-deploy install --no-ssl-certificate-verification --accept-eula --acknowledge-ceip /tmp/embedded_vCSA6.7U3_on_ESXi.json

install VCSA 6.0 from cli

brightmoon /mnt/iso/vcsa-cli-installer/lin64 # ./vcsa-deploy install --no-esx-ssl-verify --accept-eula /root/embedded_vCSA_on_ESXi.json

See /tmp/vcsaCliInstaller-2018-09-21-08-27-r8SArc/vcsa-cli-installer.log for the
installer logs.
Run the installer with "-v" or "--verbose" to log detailed information
=================================== 16:27:42 ===================================
Performing basic template verification...
Template verification completed successfully.
=================================== 16:27:42 ===================================
Starting vCenter Server Appliance installer to deploy
"Embedded-vCenter-Server-Appliance"...
This appliance is a vCenter Server instance with an embedded Platform Services
Controller.
=================================== 16:27:42 ===================================
Performing basic verification...
Generated template file at
'/tmp/vcsaCliInstaller-2018-09-21-08-27-r8SArc/generated_install.json' with
user-entered parameters and programmatically determined default values. Use this
file to rerun the script with defaults explicitly set. Passwords have been
removed.
Basic verification completed successfully.

{
    "__version": "1.2.0",
    "__comments": "Sample template to deploy a vCenter Server Appliance with an embedded Platform Services Controller on an ESXi host.",
    "target.vcsa": {
        "appliance": {
            "deployment.network": "VLAN25",
            "deployment.option": "small",
            "name": "Embedded-vCenter-Server-Appliance",
            "thin.disk.mode": true
        },
        "esxi": {
            "hostname": "192.168.25.37",
            "username": "root",
            "password": "systec36#^",
            "datastore": "VNX5200_SATA_5T"
        },
        "network": {
            "hostname": "192.168.25.60",
            "ip.family": "ipv4",
            "mode": "static",
            "ip": "192.168.25.60",
            "dns.servers": [
                "192.168.200.1"
            ],
            "prefix": "255.255.255.0",
            "gateway": "192.168.25.254"
        },
        "os": {
            "password": "Systec36#^",
            "ssh.enable": true
        },
        "sso": {
            "password": "Systec36#^",
            "domain-name": "systec.com.cn",
            "site-name": "Default-First-Site"
        }
    }
}

Troubleshooting

das.usedefaultisolationaddress

"Shutting down the VC as there is not enough free space for the Database" error (67017)

This issue is caused by the vCenter Server Appliance /storage/db storage is above 95% usage, causing the vpxd process to shutdown.

https://communities.vmware.com/thread/560901

https://www.jayakumar.org/general/vcenter-6-7-vcsa-vpxd-service-wont-start-due-to-storage-seat-disk-full/

File system /storage/seat is low on database storage space.

Increase the size of disk /storage/seat or decrease the data retention.

backup postgresql database

For 6.7 and 6.5 (Appliance):
service-control --stop vmware-vpxd
service-control --stop vmware-content-library

# Backup DB
python /tmp/backup_lin.py -f /storage/core/backup_VCDB.bak

# Delete old tasks, events and statistics data in vCenter Server 5.x and 6.x (2110031)
/opt/vmware/vpostgres/current/bin/psql -U postgres -v TaskMaxAgeInDays=15 -v EventMaxAgeInDays=15 -v StatMaxAgeInDays=15 -d VCDB -t -q -f /tmp/2110031_Postgres_task_event_stat_new.sql

https://communities.vmware.com/thread/560901 

root@photon-machine [ ~ ]# /opt/vmware/vpostgres/current/bin/psql -d VCDB -U postgres
psql.bin (9.6.13 (VMware Postgres 9.6.13.0-13872480 release))
Type "help" for help.


SELECT nspname || '.' || relname AS "relation", pg_size_pretty(pg_total_relation_size(C.oid)) AS "total_size"
FROM pg_class C
LEFT JOIN pg_namespace N ON (N.oid = C.relnamespace)
WHERE nspname NOT IN ('pg_catalog', 'information_schema')
AND C.relkind <> 'i'
AND nspname !~ '^pg_toast'
ORDER BY pg_total_relation_size(C.oid) DESC
LIMIT 20;


      relation       | total_size
---------------------+------------
 vc.vpx_event_arg_17 | 569 MB
 vc.vpx_event_arg_19 | 566 MB
 vc.vpx_event_arg_18 | 563 MB
 vc.vpx_event_arg_16 | 563 MB
 vc.vpx_event_arg_14 | 560 MB
 vc.vpx_event_arg_20 | 560 MB
 vc.vpx_event_arg_28 | 557 MB
 vc.vpx_event_arg_31 | 557 MB
 vc.vpx_event_arg_13 | 556 MB
 vc.vpx_event_arg_15 | 556 MB
 vc.vpx_event_arg_30 | 556 MB
 vc.vpx_event_arg_12 | 554 MB
 vc.vpx_event_arg_27 | 554 MB
 vc.vpx_event_arg_25 | 550 MB
 vc.vpx_event_arg_29 | 550 MB
 vc.vpx_event_arg_26 | 548 MB
 vc.vpx_event_arg_23 | 547 MB
 vc.vpx_event_arg_24 | 546 MB
 vc.vpx_event_arg_21 | 546 MB
 vc.vpx_event_arg_22 | 543 MB
(20 rows)

VCDB=#

cleanup.sql

DO
$$
DECLARE
    rec   record;
BEGIN
   FOR rec IN
      SELECT *
      FROM   pg_tables
      WHERE tablename ~ '^vpx_event_[0-9].*'
      ORDER  BY tablename
   LOOP
      EXECUTE 'TRUNCATE TABLE '
       || quote_ident(rec.schemaname) || '.'
       || quote_ident(rec.tablename) || ' CASCADE';
   END LOOP;
END$$;

 

DO
$$
DECLARE
    rec   record;
BEGIN
   FOR rec IN
      SELECT *
      FROM   pg_tables
      WHERE tablename ~ '^vpx_event_arg_[0-9].*'
      ORDER  BY tablename
   LOOP
      EXECUTE 'TRUNCATE TABLE '
        || quote_ident(rec.schemaname) || '.'
        || quote_ident(rec.tablename) || ' CASCADE';
   END LOOP;
END$$;

CA warning

Exception in invoking authentication handler User password expired VCSA6.7

The solution to the problem is to enter the passwd command in the console and the new password in the New Password field. Then, we repeat the password in the Retype new password field. We have a changed password. Now we can correctly log in to the VMware VCSA 6.7 console.

Version

vpxd -v

503

2019-07-16T14:51:11.384+08:00 error vpxd[7F8D25A07800] [Originator@6876 sub=vpxdVdb] [VpxdVdb::SetDBType] Failed to connect to database: ODBC error: (08001) - [unixODBC]could not connect to server: Connection refused
-->     Is the server running on host "localhost" (127.0.0.1) and accepting
-->     TCP/IP connections on port 5432?
--> .  Retry attempt: 689 ...
2019-07-16T14:51:21.384+08:00 info vpxd[7F8D25A07800] [Originator@6876 sub=vpxdVdb] [VpxdVdb::SetDBType] Logging in to DSN: VMware VirtualCenter with username vc
2019-07-16T14:51:21.393+08:00 info vpxd[7F8D25A07800] [Originator@6876 sub=vpxdVdb] [VpxdVdb::SetDBType] Logging in to DSN: VMware VirtualCenter with username vc
2019-07-16T14:51:21.397+08:00 info vpxd[7F8D25A07800] [Originator@6876 sub=vpxdVdb] [VpxdVdb::SetDBType] Logging in to DSN: VMware VirtualCenter with username vc
2019-07-16T14:51:21.398+08:00 info vpxd[7F8D25A07800] [Originator@6876 sub=vpxdVdb] [VpxdVdb::SetDBType] Logging in to DSN: VMware VirtualCenter with username vc
2019-07-16T14:51:21.399+08:00 info vpxd[7F8D25A07800] [Originator@6876 sub=vpxdVdb] [VpxdVdb::SetDBType] Logging in to DSN: VMware VirtualCenter with username vc
2019-07-16T14:51:21.400+08:00 info vpxd[7F8D25A07800] [Originator@6876 sub=vpxdVdb] [VpxdVdb::SetDBType] Logging in to DSN: VMware VirtualCenter with username vc
2019-07-16T14:51:21.401+08:00 info vpxd[7F8D25A07800] [Originator@6876 sub=vpxdVdb] [VpxdVdb::SetDBType] Logging in to DSN: VMware VirtualCenter with username vc
2019-07-16T14:51:21.402+08:00 info vpxd[7F8D25A07800] [Originator@6876 sub=vpxdVdb] [VpxdVdb::SetDBType] Logging in to DSN: VMware VirtualCenter with username vc
2019-07-16T14:51:21.403+08:00 info vpxd[7F8D25A07800] [Originator@6876 sub=vpxdVdb] [VpxdVdb::SetDBType] Logging in to DSN: VMware VirtualCenter with username vc
2019-07-16T14:51:21.404+08:00 info vpxd[7F8D25A07800] [Originator@6876 sub=vpxdVdb] [VpxdVdb::SetDBType] Logging in to DSN: VMware VirtualCenter with username vc
2019-07-16T14:51:21.406+08:00 info vpxd[7F8D25A07800] [Originator@6876 sub=vpxdVdb] [VpxdVdb::SetDBType] Logging in to DSN: VMware VirtualCenter with username vc
2019-07-16T14:51:21.407+08:00 info vpxd[7F8D25A07800] [Originator@6876 sub=vpxdVdb] [VpxdVdb::SetDBType] Logging in to DSN: VMware VirtualCenter with username vc
2019-07-16T14:51:21.408+08:00 info vpxd[7F8D25A07800] [Originator@6876 sub=vpxdVdb] [VpxdVdb::SetDBType] Logging in to DSN: VMware VirtualCenter with username vc
2019-07-16T14:51:21.409+08:00 info vpxd[7F8D25A07800] [Originator@6876 sub=vpxdVdb] [VpxdVdb::SetDBType] Logging in to DSN: VMware VirtualCenter with username vc
2019-07-16T14:51:21.410+08:00 info vpxd[7F8D25A07800] [Originator@6876 sub=vpxdVdb] [VpxdVdb::SetDBType] Logging in to DSN: VMware VirtualCenter with username vc
2019-07-16T14:51:21.411+08:00 info vpxd[7F8D25A07800] [Originator@6876 sub=vpxdVdb] [VpxdVdb::SetDBType] Logging in to DSN: VMware VirtualCenter with username vc
2019-07-16T14:51:21.412+08:00 error vpxd[7F8D25A07800] [Originator@6876 sub=vpxdVdb] [VpxdVdb::SetDBType] Failed to connect to database: ODBC error: (08001) - [unixODBC]could not connect to server: Connection refused
-->     Is the server running on host "localhost" (127.0.0.1) and accepting
-->     TCP/IP connections on port 5432?
--> .  Retry attempt: 705 ...

503 Service Unavailable (Failed to connect to endpoint

SSL certificate verification failed.

[2021-11-15T02:47:04.980Z] [INFO ] cm-catalog-manager-pool-3     com.vmware.vise.vim.lookup.LsCatalogManager                       Invoking 'detectServiceProviders: getServiceInfo' 
unsuccessful, retry time left = 17071, reason = com.vmware.vise.vim.lookup.LookupServiceConnectionException: Failed to connect to VMware Lookup Service https://192.168.25.60:443/loo
kupservice/sdk - SSL certificate verification failed. 
[2021-11-15T02:47:22.084Z] [ERROR] cm-catalog-manager-pool-3     com.vmware.vise.vim.lookup.impl.LookupServiceImpl                 Error when creating lookup service com.vmware.vim.
vmomi.core.exception.CertificateValidationException: Server certificate chain is not trusted and thumbprint verification is not configured

通过脚本确认证书状态

wget https://web.vmware-labs.com/scripts/check-trust-anchors

chmod +x check-trust-anchors

./check-trust-anchors -cml

./fixsts.sh

/usr/lib/vmware-vmafd/bin/vecs-cli entry list --store vpxd-extension --text | grep -i 'not after'

/usr/lib/vmware-vmca/bin/certificate-manager 

root@photon-machine [ /usr/lib/vmidentity/tools/scripts ]# wget https://web.vmware-labs.com/scripts/check-trust-anchors
--2021-11-15 03:01:04--  https://web.vmware-labs.com/scripts/check-trust-anchors
Resolving web.vmware-labs.com... 96.84.254.21
Connecting to web.vmware-labs.com|96.84.254.21|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 17657 (17K)
Saving to: ‘check-trust-anchors’

check-trust-anchors                           100%[==============================================================================================>]  17.24K  81.7KB/s    in 0.2s    

2021-11-15 03:01:05 (81.7 KB/s) - ‘check-trust-anchors’ saved [17657/17657]

root@photon-machine [ /usr/lib/vmidentity/tools/scripts ]# ./ch^C
root@photon-machine [ /usr/lib/vmidentity/tools/scripts ]# chmod +x check-trust-anchors 
root@photon-machine [ /usr/lib/vmidentity/tools/scripts ]# ./check-trust-anchors -cml
grep: ../etc/vmware/.buildInfo: No such file or directory
No 'lstool.txt' file found in this directory. Dumping service registrations to /tmp/lstool.txt...
-----Endpoint Certificate 1-----
Certificate Info:
        Issuer: CN=CA, DC=vsphere, DC=local, C=US, ST=California, O=photon-machine, OU=VMware Engineering
        Validity
            Not Before: Nov 14 07:07:23 2019 GMT
            Not After : Nov 13 19:07:23 2021 GMT
        Subject: CN=192.168.25.60, C=US
        SHA1 Fingerprint=CF:0A:03:4C:4C:CD:CA:48:E6:0E:7B:39:4A:CC:48:55:D6:F8:E1:7F
--------------------------------
-----Endpoint Certificate 2-----
Certificate Info:
        Issuer: O=VMware vCenter Site Recovery Manager, OU=VMware vCenter Site Recovery Manager
        Validity
            Not Before: Apr 24 09:13:07 2020 GMT
            Not After : Apr 23 09:13:07 2025 GMT
        Subject: O=POC, OU=test, CN=192.168.25.86
        SHA1 Fingerprint=73:1C:95:A5:33:06:58:29:6E:B5:09:EA:9F:78:28:27:F4:63:2E:B0
--------------------------------

-----Machine SSL Certificate-----
192.168.25.60
Certificate Info:
        Issuer: CN=CA, DC=vsphere, DC=local, C=US, ST=California, O=photon-machine, OU=VMware Engineering
        Validity
            Not Before: Nov 14 07:07:23 2019 GMT
            Not After : Nov 13 19:07:23 2021 GMT
        Subject: CN=192.168.25.60, C=US
        SHA1 Fingerprint=CF:0A:03:4C:4C:CD:CA:48:E6:0E:7B:39:4A:CC:48:55:D6:F8:E1:7F
---------------------------------

root@photon-machine [ ~ ]# ./fixsts.sh 
NOTE: This works on external and embedded PSCs
This script will do the following
1: Regenerate STS certificate
What is needed?
1: Offline snapshots of VCs/PSCs
2: SSO Admin Password
IMPORTANT: This script should only be run on a single PSC per SSO domain
==================================
Resetting STS certificate for photon-machine started on Mon Nov 15 03:40:03 UTC 2021


Detected DN: cn=192.168.25.60,ou=Domain Controllers,dc=vsphere,dc=local
Detected PNID: 192.168.25.60
Detected PSC: 192.168.25.60
Detected SSO domain name: vsphere.local
Detected Machine ID: 78ef36a6-0160-4198-9f7d-f9c7176e67f3
Detected IP Address: 192.168.25.60
Domain CN: dc=vsphere,dc=local
==================================
==================================

Detected Root's certificate expiration date: 2031 Nov 10
Detected today's date: 2021 Nov 15
==================================

Exporting and generating STS certificate

Status : Success
Using config file : /tmp/vmware-fixsts/certool.cfg
Status : Success


Enter password for administrator@vsphere.local: 
Highest tenant credentials index : 1
Exporting tenant 1 to /tmp/vmware-fixsts

Deleting tenant 1

Highest trusted cert chains index: 1
Exporting trustedcertchain 1 to /tmp/vmware-fixsts

Deleting trustedcertchain 1



Applying newly generated STS certificate to SSO domain
adding new entry "cn=TenantCredential-1,cn=vsphere.local,cn=Tenants,cn=IdentityManager,cn=Services,dc=vsphere,dc=local"

adding new entry "cn=TrustedCertChain-1,cn=TrustedCertificateChains,cn=vsphere.local,cn=Tenants,cn=IdentityManager,cn=Services,dc=vsphere,dc=local"


Replacement finished - Please restart services on all vCenters and PSCs in your SSO domain
==================================
IMPORTANT: In case you're using HLM (Hybrid Linked Mode) without a gateway, you would need to re-sync the certs from Cloud to On-Prem after following this procedure
==================================
==================================

https://anthonyspiteri.net/quick-fix-vcsa-503-service-unavailable-error/#prettyPhoto

The VMware vCenter Server Appliance vpxd 6.5 logs are located in the /var/log/vmware/vmware-vpx folder

What was required next was to delete the duplicate embedded PostGres database table entries. To connect to the embedded postgres database you need to run the following command from the VCSA shell: 

/opt/vmware/vpostgres/current/bin/psql -d VCDB -U postgres

  * To remove the duplicate key I ran the following command and rebooted the appliance, noting that the id and device_key will vary.

psql> DELETE FROM vc.vpx_vm_virtual_device where id='27' and device_key='4000';

On my vCenter Server Appliance VM, I get "soft lockup - CPU## stuck for ##s!" message.

I've tried back the vcsa on the hdd. No good.

addition or reconfiguration of network adapters attached to non-ephemeral distributed virtual port groups

  1. reinstall VCSA
  2. recreate VDS or VSS switch

  3. migrate vmnicS&PortGroup one by one host.

Error naming or renaming a VM file

 vmodl.fault.SystemError:
 --> Result:
 --> (vmodl.fault.SystemError) {
   -->    faultCause = (vmodl.MethodFault) null, 
   -->    reason = "Error naming or renaming a VM file.", 
   -->    msg = ""
   --> }
   --> Args:
   --> 
   2016-09-12T01:30:09.059Z info vpxd[7F4E7A6B7700] [Originator@6876 sub=vpxLro opID=CA18011C-00000115-8d] [VpxLRO] -- FINISH task-4554
   2016-09-12T01:30:09.059Z info vpxd[7F4E7A6B7700] [Originator@6876 sub=Default opID=CA18011C-00000115-8d] [VpxLRO] -- ERROR task-4554 -- vm-48 -- vim.VirtualMachine.reloca
   te: vmodl.fault.SystemError:

Collecting diagnostic information for VMware vCenter Server 4.x, 5.x and 6.0 (1011641)

Collecting diagnostic information from vCenter 6.0 Server Appliance or external Platform Service Controller using a web browser

 Open a web browser and navigate to https://vCenter_server_FQDN:443/appliance/support-bundle
 When prompted enter the root credentials and click Enter.
 The download will begin automatically as vm-support.tgz.

Quick Tip – How to quickly find the release & build number on VCSA

vcenter:/var/log/vmware/vapi/endpoint # vpxd -v
VMware VirtualCenter 6.0.0 build-4541948

VMware vCenter 6 Web Console doesn’t load or very slow

vSphere Web client unresponsive in vCenter Server

"back-end property provider" error while adding new datastore in vSphere Web Client

vcenter:/var/log/vmware/vapi/endpoint # tail  /var/log/vmware/vsphere-client/logs/vsphere_client_virgo.log 
[2017-12-07T08:29:22.440Z] [INFO ] console-message-pool-2709139  c.vmware.vise.vim.commons.mks.tomcat.RemoteConsoleMessageInbound  Encountered EOF character, sleeping for 100 ms. 
[2017-12-07T08:29:22.541Z] [INFO ] console-message-pool-2464204  c.vmware.vise.vim.commons.mks.tomcat.RemoteConsoleMessageInbound  Encountered EOF character, sleeping for 100 ms. 
[2017-12-07T08:29:22.541Z] [INFO ] console-message-pool-2709139  c.vmware.vise.vim.commons.mks.tomcat.RemoteConsoleMessageInbound  Encountered EOF character, sleeping for 100 ms. 
[2017-12-07T08:29:22.665Z] [INFO ] console-message-pool-2709139  c.vmware.vise.vim.commons.mks.tomcat.RemoteConsoleMessageInbound  Encountered EOF character, sleeping for 100 ms. 
[2017-12-07T08:29:22.679Z] [INFO ] console-message-pool-2464204  c.vmware.vise.vim.commons.mks.tomcat.RemoteConsoleMessageInbound  Encountered EOF character, sleeping for 100 ms. 
[2017-12-07T08:29:22.871Z] [INFO ] console-message-pool-2709139  c.vmware.vise.vim.commons.mks.tomcat.RemoteConsoleMessageInbound  Encountered EOF character, sleeping for 100 ms. 
[2017-12-07T08:29:22.929Z] [INFO ] console-message-pool-2464204  c.vmware.vise.vim.commons.mks.tomcat.RemoteConsoleMessageInbound  Encountered EOF character, sleeping for 100 ms. 
[2017-12-07T08:29:24.506Z] [INFO ] console-message-pool-2709139  c.vmware.vise.vim.commons.mks.tomcat.RemoteConsoleMessageInbound  Encountered EOF character, sleeping for 100 ms. 
[2017-12-07T08:29:53.211Z] [INFO ] console-message-pool-2709139  c.vmware.vise.vim.commons.mks.tomcat.RemoteConsoleMessageInbound  Encountered EOF character, sleeping for 100 ms. 
[2017-12-07T08:30:07.019Z] [INFO ] console-message-pool-2464204  c.vmware.vise.vim.commons.mks.tomcat.RemoteConsoleMessageInbound  Encountered EOF character, sleeping for 100 ms. 

[2017-12-07T08:59:07.471Z] [WARN ] http-bio-9090-exec-383388    70806777 107443 204980 com.vmware.vise.data.query.profiling.ProfilingUtil                The Data Service detected slow execution:
The query batch execution took too long: 258983 milliseconds.



[2017-12-07T08:59:07.476Z] [ERROR] http-bio-9090-exec-383388    70806777 107443 204980 com.vmware.vise.data.query.impl.DataServiceImpl                   Error occurred while executing query:
QuerySpec
   QueryName: dam-auto-generated: LicensingGlobalDataRetriever:dr-7
   ResourceSpec
      Constraint: ObjectIdentityConstraint
         TargetType: LicensingGlobalData
         Target: urn:vri:LicensingGlobalData:licensing_service_version1
      PropertySpec[1]
         ProviderType: LicensingGlobalData
         Relationship:
         Properties[1]
            PropertyName: licensingGlobalData
   ResultSpec:
      Offset: 0
      MaxResultCount: -1
      OrderingCriteria
         OrderPropertySpec[1]
            ProviderType: Object
            Relationship: null
            SortType: ASCENDING
            OrderingProperties[1]
               PropertyName: id
      Facets: null
   Options:
      REDUCE_QUERIES=true
 com.vmware.vise.data.query.DataServiceException: The query execution timed out because of a back-end data adapter 'com.vmware.license.client.cis.adapter.LicensingGlobalDataProviderAdapterImpl' which took more than 120 seconds.
        at com.vmware.vise.data.query.impl.DataAdapterUtil.processDataAdapterTaskException(DataAdapterUtil.java:154)
        at com.vmware.vise.data.query.impl.DataAdapterUtil.executeAdapterTasks(DataAdapterUtil.java:120)
        at com.vmware.vise.data.query.impl.DataAdapterRetriever.runDataTasks(DataAdapterRetriever.java:385)
        at com.vmware.vise.data.query.impl.DataAdapterRetriever.invokeDataAdapters(DataAdapterRetriever.java:334)
        at com.vmware.vise.data.query.impl.DataAdapterRetriever.getResultsFromDataAdapters(DataAdapterRetriever.java:79)
        at com.vmware.vise.data.query.impl.DataManager.getResultsFromDataAdapters(DataManager.java:178)
        at com.vmware.vise.data.query.impl.DataServiceImpl.getResults(DataServiceImpl.java:349)
        at com.vmware.vise.data.query.impl.DataServiceImpl.getData(DataServiceImpl.java:215)
        at sun.reflect.GeneratedMethodAccessor308.invoke(Unknown Source)
...

[2017-12-07T08:59:07.711Z] [ERROR] data-service-pool-8130405    70806778 107443 204980 c.v.v.client.sso.admin.impl.PrincipalManagerPropertyProvider      Not able to password expiration info for current user com.vmware.vsphere.client.sso.admin.exception.SsoBackendException: A vCenter Single Sign-On service error occurred
        at com.vmware.vsphere.client.sso.admin.exception.FallbackExceptionTransformer.transform(FallbackExceptionTransformer.java:30)
        at com.vmware.vsphere.client.sso.admin.exception.BackendExceptionTransformer.transformException(BackendExceptionTransformer.java:96)
        at com.vmware.vsphere.client.sso.admin.impl.AdminServiceBase.transformBackendException(AdminServiceBase.java:94)
        at com.vmware.vsphere.client.sso.admin.impl.PrincipalManagementServiceImpl.getSelfPasswordExpiration(PrincipalManagementServiceImpl.java:518)
        at com.vmware.vsphere.client.sso.admin.impl.PrincipalManagerPropertyProvider.getSelfPasswordExpiration(PrincipalManagerPropertyProvider.java:127)
        at sun.reflect.GeneratedMethodAccessor2666.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.lang.reflect.Method.invoke(Unknown Source)
        at com.vmware.vise.data.query.impl.ServicePropertyProviderAdapter.invokeMethod(ServicePropertyProviderAdapter.java:285)
        at com.vmware.vise.data.query.impl.ServicePropertyProviderAdapter.getProperties(ServicePropertyProviderAdapter.java:127)
        at com.vmware.vise.data.query.impl.DataManager.getDataFromPropertyProvider(DataManager.java:1403)
        at com.vmware.vise.data.query.impl.DataManager.getResultFromPropertyProvider(DataManager.java:1375)
        at com.vmware.vise.data.query.impl.DataManager.access$000(DataManager.java:79)
        at com.vmware.vise.data.query.impl.DataManager$1.call(DataManager.java:884)
        at com.vmware.vise.data.query.impl.DataManager$1.call(DataManager.java:880)
        at com.vmware.vise.util.concurrent.ExecutorUtil$3.call(ExecutorUtil.java:630)
        at com.vmware.vise.util.concurrent.ExecutorUtil$ThreadContextPropagatingCallable.call(ExecutorUtil.java:984)
        at java.util.concurrent.FutureTask.run(Unknown Source)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
        at java.lang.Thread.run(Unknown Source)

vcenter:/var/log/vmware/vapi/endpoint # less endpoint.log
        at com.vmware.vapi.internal.core.abort.AbortHandleImpl.abort(AbortHandleImpl.java:39)
        at com.vmware.vapi.endpoint.api.TimedApiProvider$1.run(TimedApiProvider.java:58)
        at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
        at java.util.concurrent.FutureTask.run(Unknown Source)
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(Unknown Source)
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
        at java.lang.Thread.run(Unknown Source)
2017-12-07T08:28:26.107Z | INFO  | state-manager1            | MetadataSynchronizationBuilder | rebuild
2017-12-07T08:28:26.127Z | INFO  | state-manager1            | MetadataSynchronizationBuilder | rebuild finished.
2017-12-07T08:28:26.200Z | INFO  | state-manager1            | DefaultStateManager            | lock
2017-12-07T08:28:26.200Z | INFO  | state-manager1            | DefaultStateManager            | State changed.
2017-12-07T08:28:26.200Z | INFO  | state-manager1            | DefaultStateManager            | unlock
2017-12-07T08:28:28.670Z | ERROR | jetty-default-157583      | ServletHelper                  | SSO verification failed; client:10.170.1.14
com.vmware.cis.services.common.sso.SsoOverRestVerifierUtil$SsoAuthException: java.lang.NumberFormatException: null
        at com.vmware.cis.services.common.sso.SsoOverRestVerifierUtil.verifySecurityHeaderImpl(SsoOverRestVerifierUtil.java:194)
        at com.vmware.cis.services.common.sso.SsoOverRestVerifierUtil.verifySecurityHeader(SsoOverRestVerifierUtil.java:143)
        at com.vmware.cis.cm.common.endpoint.ServletHelper.getVerifiedInputStream(ServletHelper.java:267)
        at com.vmware.cis.cm.common.endpoint.ServletHelper.requestPrologue(ServletHelper.java:180)
        at com.vmware.cis.cm.common.endpoint.HealthStatusServlet.doGet(HealthStatusServlet.java:105)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
        at com.vmware.vapi.endpoint.common.ProxyServlet.service(ProxyServlet.java:52)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
        at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:808)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1669)
        at org.eclipse.jetty.servlets.DoSFilter.doFilterChain(DoSFilter.java:470)
        at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:322)
        at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:292)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
        at com.vmware.vapi.endpoint.http.RequestSizeFilter.doFilter(RequestSizeFilter.java:59)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
        at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)
        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
        at org.eclipse.jetty.server.handler.HandlerList.handle(HandlerList.java:52)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
        at org.eclipse.jetty.server.Server.handle(Server.java:497)
        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310)
        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
        at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
        at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
        at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.NumberFormatException: null
        at java.lang.Integer.parseInt(Unknown Source)
        at java.lang.Integer.parseInt(Unknown Source)
        at com.vmware.cis.services.common.sso.SsoOverRestVerifierUtil.parseSecurityHeader(SsoOverRestVerifierUtil.java:72)
        at com.vmware.cis.services.common.sso.SsoOverRestVerifierUtil.verifySecurityHeaderImpl(SsoOverRestVerifierUtil.java:171)
        ... 34 more

VC HA

https://blogs.vmware.com/vsphere/2018/04/vcenter-high-availability-deep-dive-part-1.html === Prerequisites === 

    vCenter Server 6.5 is required.

    Deployment size Small (4 CPU and 16GB RAM) or bigger is required to meet the RTO. Do not use Tiny in production environments.

    vCenter HA is supported and tested with VMFS, NFS, and vSAN datastores.

    Ensure you have enough disk space to collect and store support bundles for all three nodes on the Active node. See Collecting Support Bundles for a vCenter HA Node.

    vCenter HA requires a single vCenter Server license.

    vCenter HA requires a Standard license.
  1. VCHA is supported officially for low latency networks up to 10 milliseconds
  2. The vCenter HA network must be on a different subnet than the management network.
  3. Remove all snapshot before configration.
  4. Add an adapter NIC1 for VCSA HA.

  5. Check VCSA WebClient(Flash): Administration-->System-->Configuration-->Nodes-->vCenter-->Settings-->Networking. 

VCHA will continue providing high availability, but with a performance penalty; users
will seesignificantly higher latency for operations and lower throughput.

Join the vCenter Server Appliance to an Active Directory Domain

Joining a Platform Services Controller appliance or a vCenter Server Appliance with an embedded Platform Services Controller to an Active Directory domain with a read-only domain controller (RODC) is unsupported. You can join a Platform Services Controller or a vCenter Server Appliance with an embedded Platform Services Controller only to an Active Directory domain with a writable domain controller. https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.vcsa.doc/GUID-08EA2F92-78A7-4EFF-880E-2B63ACC962F3.html

Prerequisites

Verify that the user who logs in to the vCenter Server instance in the vCenter Server Appliance is a member of the SystemConfiguration.Administrators group in vCenter Single Sign-On.

Verify that the system name of the appliance is an FQDN. If, during the deployment of the appliance, you set an IP address as a system name, you cannot join the vCenter Server Appliance to an Active Directory domain.

Join AD Domain from the Command Line

(optional) Enable SSH login vSphere Web Client > Administration > Deployment > System Configuration > Nodes > Manage > Settings > Access 

# /opt/likewise/bin/domainjoin-cli join [domain] [user name] [password]

# /opt/likewise/bin/domainjoin-cli join vmware.lab administrator@vmware.lab 'VMware!1'

reboot

Verify domain status from vCSA command line

# /opt/likewise/bin/domainjoin-cli query

https://www.virten.net/2017/01/how-to-join-the-vcsa-6-5-to-an-active-directory-domain/

resize VCSA partitions size

https://www.virtuallyghetto.com/2016/11/updates-to-vmdk-partitions-disk-resizing-in-vcsa-6-5.html

désert/VMware/vCenter (last edited 2021-11-15 05:45:20 by merlyn)