vSphere Web Client logbrowser: Unauthorized access

vSphere 5.1 is just released and I’m already implementing it in a test environment for a customer of mine. As of vSphere 5.1 the vSphere Web Client is must improved.

While playing around I wanted to test the logbrowser. The logbrowser you can view, search, and export one or more vCenter Server and ESXi log files at a time using the log browser. You can also export, manage, and view different log types.

Right after I clicked the logbrowser option I got the error:

 

 

 

 

 

 

 

The release note off vSphere 5.1 say’s the following:
When you click Log Browser in the vSphere Web Client, an Unauthorized Access error appears
When you click the Log Browser link in the vSphere Web Client, an error message appears: Exception: https://<system-address>:12443/vmwb/logbrowser: Unauthorized access. This error occurs after you replace the default vCenter Single Sign On server’s SSL certificate, either directly or by regenerating the certificate in the vCenter Server Appliance.

I didn’t replace or recreate the certificate files but the error is the same. VMware has the following work around.

  1. Log in to the vSphere Web Client as a Single Sign On administrator.
  2. Navigate to Administration > Sign-on and Discovery > Configuration, and click the STS Certificate tab.
  3. Click Edit.
  4. Select the Single Sign On SSL keystore.
    • If Single Sign On is running on a Windows system, select the following file:
      C:Program FilesVMwareInfrastructureSSOServersecurityserver-identity.jks (default path)
    • If Single Sign On is running on Linux (vCenter Server Appliance), select the following file:
      /usr/lib/vmware-sso/security/server.jks (default path)
  5. Open the Single Sign On server.xml file with a text editor or browser.
    • On Windows:
      C:Program FilesVMwareInfrastructureSSOServerconfserver.xml (default path)
    • On Linux:
      /usr/lib/vmware-sso/conf/server.xml (default path)
  6. Search for keystorePass="..." on the Connector element. The string in quotes is your password.
  7. Enter the password in the vSphere Web Client when prompted.
  8. Select only the displayed chain.
  9. Click OK and enter the password again.
  10. Restart the following services: the vSphere Web Client, vCenter Server, vCenter Inventory Service, and the VMware Log Browser. You do not need to restart Single Sign On.

After reading the procedure multiple times I didn’t understand step 4 and 5. When I click Edit as in step 3 I didn’t see any keystore. And when I clicked on the Browse button. I browsed my own desktop. And of course the file server-identity.jks from step 4 isn’t on my desktop.

I copied the file from the vCenter appliance to my desktop with secure copy and used it like described in step 4. The rest of the procedure is correct and you can browse the logfiles.

Create a ESXi 5.1 ISO file with additional network drivers

As vSphere 5.1 is just released, you can run into the problem that the default ISO from VMware doesn’t contain the right drivers for you hardware. During installation you don’t have the option to import a driver. And if no network card is detected, installation won’t continue. In order to fix this problem you have to create your own ISO file. This can be done with PowerCLI.

    1. Download the VMware-ESXi-5.1.0-xxxxxx-depot.zip (where xxxxxx is the build number) from the VMware website and your driver file (something like Vendor_drivername-version-offline_bundle-xxxxxxxx where xxxxxx is the buildnumber. In my case the file name is: BCM-NetXtremeII-1.0-offline_bundle-553511). Place these files in a directory on your harddrive. I placed the ESXi5.1 depot  in c:vmwareesxi51 and the driver file in c:vmwarebcm-driver.
    2. Start PowerCLI and cd to c:vmware.
    3. Use the Add-ESXSoftwareDepotcommandlet to add both the ESXi offline bundle and async offline bundle as depots. For example:

      Add-ESXSoftwareDepot ./bcm-driverBCM-NetXtremeII-1.0-offline_bundle-553511.zip

      Output will be something like:

      Depot Url
      ———
      zip:C:vmwarebcm-driverBCM-NetXtremeII-1.0-offline_bundle-553511.zip?index…
    4. Add the vSphere 5.1 software depot file with the command:

      Add-ESXSoftwareDepot ./esxi51/VMware-ESXi-5.1.0-799733-depot.zip
      Output will be something like:

      Depot Url
      ———
      zip:C:vmwareesxi51VMware-ESXi-5.1.0-799733-depot.zip?index.xml
    5. Verify the available software packages with the command: Get-EsxSoftwarePackage
    6. Next step is to clone a existing image profile.With the command Get-EsxImageProfile you’ll get a list of the available profiles.
      Output will be something like:

      Name                       Vendor Last Modified Acceptance
      ————————– —— ————- —————
      ESXi-5.1.0-799733-standard VMware mm/dd/yyyy    PartnerSupported
      ESXi-5.1.0-799733-no-tools VMware mm/dd/yyyy    PartnerSupported

      Where going to clone the ESXi-5.0.0-456551-no-tools profile to a new profile called ESXi-WilmsenIT. This can be done with the command New-EsxImageProfile. For example:

      New-EsxImageProfile -CloneProfile “ESXi-5.1.0-799733-no-tools” -name “ESXi-WilmsenIT” -Vendor “WilmsenIT”
      Output will be something like:

      Name             Vendor      Last Modified   Acceptance Level
      —-             ——      ————-   —————-
      ESXi-WilmsenIT   WilmsenIT   2-8-2012 3:0… PartnerSupported

 

    1. Now whe’re going to add the driver from step 4.Add-EsxSoftwarePackage -ImageProfile “ESXi-WilmsenIT -SoftwarePackage “net-bnx2x”The output appears similar to:Name            Vendor    Last Modified Acceptance Level
      ————— ——    ————- —————-
      ESXi-WilmsenIT  WilmsenIT today         PartnerSupported

 

  1. Last step is to export the imageprofile to a ISO file which you can burn. Use the command Export-EsxImageProfile for this:Export-EsxImageProfile -ImageProfile “ESXi-WilmsenIT” -ExportToISO -filepath C:ESXi-WilmsenIT.iso