Thursday, November 27, 2014

ESXi password complexity requirements

Have you tried to set up or change a root's password for an ESXi host and got the following error message:
Weak password: not enough different characters or classes for this length.
passwd: Authentication token manipulation error

 For security reasons, VMware ESXi, enforces some password requirements.  Learning how it works can avoid issues like the above one.

The password length requirement will depend on the number of classes used to compose it.
The classes available are:
- lowercase letters;
- uppercase letters;
- numbers;
- special characters;

With than in middle, you can come up with a password like that:
If it contains just one or two character classes it must be at least 8 characters long;
If it contains three character classes it must be at least 7 characters long;
If it contains all four character classes it must be at least 6 characters long;

One thing to notice is, if the password starts with an uppercase letter or ends with a number, those characters does not count toward the numbers of valid characters.

Even though you might think these requirements are too restrictive (or may be not restrictive enough), you can change pam.d module to setup the requirements to meet your company’s policy, check KB1012033 to learn how to accomplish it.

Caution: reducing the password's complexity inadvertedly might reduce the security of ESXi.

Friday, November 21, 2014

vCAC Inventory Collection Fails

This one will be a quick one ; )

I’ve tried to run an inventory collection against a VMware vCloud Director Computer Resources at vCAC, or should I say vRealize Automation, but every single try consistently returned with a failed status.

Because of that, when I tried to create a Reservation, the resources available on that Org vDC  were not showing up.

I started looking at my endpoint and credentials configuration, both were fine, in fact Computer Resources backed by others Org vDCs were running just fine, which made me belive it was something with that specific Org vDC.

Since vRA does not provide enough information on the inventory screen, I had to take a look at the log directly.
 Logs about vCloud Director’s inventory collections can be found on the DEM Worker component. VMware has this nice KB2074803 about the logs location.

The log clearly stated that it was failing because there was no network configured on the Org vDC.

Once I created an Org Network on the Org vDC, the inventory collection ran successfully.

I pretty sure you guys that are smarter than me can come up with a lot of use cases for a Org vDC without network connectivity, but to be honest right now it seems more a bug than a requirement.

Do you agree ?

Wednesday, November 12, 2014

Datastore Cluster Performance View

Datastore Cluster came to alleviate some of the innumerous administrators pains, micro management of single datastores, virtual machine placement decisions, manually balance VM’s between datastores to avoid out of space or performance implications.
Thanks to that, we can now create a single object (Datastore Cluster), associate the datastores with it (don’t mix and match datastores with different characteristics, for God’s sake) and leave these tedious tasks with the system.

Eventually you will need to monitor the performance of it, here’s where this post comes to help.
vSphere Web Client has a Datastore Cluster performance View.

- Open vSphere Web Client;
- Select the Datastore Cluster you want to monitor;
- Select Monitor tab and then Performance Tab;

- Just change the view from Space to Performance.

Ohhh wait, Performance View is missing !!!!

Well, that happens to the best of us.
The thing is, Performance View will just be available if Storage DRS is enable on the Datastore Cluster, another thing to notice is that all hosts need to be greater than ESXi 4.1 (this one I could not test myself, if you have an older host give it a try and let’s know).

Let's enable it !!!

- Select Manage Tab;
- Select Storage DRS and click Edit;

- Just Turn On vSphere Storage DRS and click OK;

Nice !!! this time Performance View is available

 Ohhh wait again !!! there’s no data and the message says: Data is not collected for the current statistics level. Increase the statistics level to view the graph.

That’s because the way your vCenter Statistics is configured. You can raise it a little bit to get more than real time data (use with caution).
Also Storage DRS has it’s own statistics mechanism. Check KB2009532 for more details.

Once everything is set-up, you can see the performance data of your datastore cluster.

Tuesday, November 4, 2014

VXLAN Preparation Failed

Have you ever faced a preparation error while configuring VXLAN ???

Regardless if it was part of a bad preparation, a partially installation or an old configuration remaining on the hosts, you might end up not being able to configure VXLAN and will be presented with the error:
Cluster domain-cXX already has been configured with a mapping.

The issue is that a previous attempt was made and the configuration details was kept on vCNS Manager. To proceed you will need to clean that up.

I recommend you follow this fix with a VMware support representative, in any case, here’s how to fix it.

- Login to a server, which has cURL, installed (FYI: vCloud Director has cURL installed on the cells);
- run the following command;
curl -i -k -H "Content-type: application/xml" -u admin:”password” -X DELETE https://"vCNS”/api/2.0/vdn/map/cluster/”domain-cXX”/switches/dvs

replace password with the password of your vCNS Manager
replace vCNS  with the hostname of  your vCNS Manager
replace domain-CXX with the domain provided on the error message.

- Run the preparation again.

This time it will succeed.

Who am I

My photo
I’m an IT specialist with over 15 years of experience, working from IT infrastructure to management products, troubleshooting and project management skills from medium to large environments. Nowadays I'm working for VMware as a Consulting Architect, helping customers to embrace the Cloud Era and make them successfully on their journey. Despite the fact I'm a VMware employee these postings reflect my own opinion and do not represents VMware's position, strategies or opinions. Reach me at @dumeirell

Most Viewed Posts

Blog Archive