As I work closely with VMware Support, it’s clear that issues and confusion around vSphere 6.x certificates are still very much a pain-point for customers.
I’ve spoken a bit about this topic in the past (but have been meaning to get back to it). You can see my previous posts below: (Note: even though they say 6.0 they are applicable for 6.5 too)
What I want to achieve by this post is to hopefully dispel some of the confusion. First, repeat the title of this post to yourself – “Just because you can, doesn’t mean you should.”
Just because you can replace any and all certificates in a vSphere environment, doesn’t mean necessarily should.
The only question you need to be able to answer is – “What problem am I trying to solve?”
Long story short, for the majority of use cases, replacing the Machine SSL certificate on each vCenter / PSC should be sufficient. Keep reading for more information.
Continue reading “vSphere 6.x Certificates – Just because you can, doesn’t mean you should.”
Configuring two or more PSC 6.5 nodes behind a Load Balancer can be done to provide High Availability to the PSC services.
This can be useful to have a central PSC HA pair and have multiple vCenter Servers registered against the PSC HA pair for enhanced linked mode.
It would also be required if using vCenter HA with an external PSC, otherwise you’re only providing HA to half the vCenter Server instance.
I hope this guide helps perform the setup with ease and clarity.
Continue reading “PSC HA 6.5 Guide”
The first patch to vSphere 6.5 was released last week. You can find the release notes here
That means that you may be looking to patch your vCenter HA enabled vCenter Server Appliance(s).
Continue reading “Patching/Updating a VCHA enabled vCenter Server Appliance”
In vSphere 6.x all services and components have Service Registration details recorded in the VMware Directory Service of the Platform Services Controller.
Each Service Registration can contain one or more Endpoint entries.
Each Endpoint may contain an SSL Trust value.
The SSL Trust value must always match the current Machine SSL certificate of the PSC or VC or Embedded node it refers to.
If you use the Certificate-Manager from 6.0 U1b or later – the tool will take care of updating these entries. If you replace the Machine SSL manually or have used the tool before 6.0 U1b then you may encounter this issue.
Continue reading “vSphere 6.x SSL Trust Anchors”
When VCHA is enabled, a new OS user “vcha” is created and used for the file based replication.
This morning I experienced an issue on one of my VCHA setups (but not the other) where replication was failing when I arrived into the office.
Update 23/01/2017 – This is a real issue and not a once off. VMware Engineering are aware.
Continue reading “Caution: VCHA user password”
I’ve been playing around with VCHA and had been taking snapshots and have encountered some issues using snapshots on a VCHA enabled VCSA 6.5
You need to exercise caution when using snapshots on a VCSA that is enabled for VCHA.
Important: This is only when snapshot tasks are being done to the VCSA 6.5 VM. For all other VMs in your inventory there is no issue.
This includes taking snapshots of the current Active, reverting to snapshots of the current Active and deleting snapshots of the current Active.
For any and all of those tasks, ensure that the VCHA Cluster is in “Disabled” mode.
Continue reading “Caution: VCHA + Snapshots”
Something you might not be aware of is that most of the vCenter Server 6.5 services no longer register with the Windows Service Control Manager.
If you install or upgrade to a Windows vCenter Server 6.5 you will only see a handful of services when you launch services.msc.
No need to panic or think that the install didn’t go successfully.
Continue reading “vCenter 6.5: Dude, where’re my services?”