vCenter Server Appliance Tips and Tricks

I have done multiple installations of the vCenter Virtual Appliance. Every time I run into the same issue and get the same question from customers. So I though to make a post with all my tips and tricks. This post will be updated when I have a new trick. So check back often.

Change default IP setting before running SSO config

When your vCenter starts for the first time. SSH to the temporary IP address and configure the correct IP settings through Yast. How? Read on.

Change the vCenter name localhost to server name

By default your vCenter name is localhost. In order to change this, login in the vSphere Web Client and goto the vCenter Servers view.

  1. Select your vCenter named localhost.
  2. Select the manage tab.
  3. Select General.
  4. Click Edit.
  5. Select Runtime settings.
  6. At the vCenter Server name change localhost to whatever you want.

Disable IPv6

Don’t disable IPv6. Your vCenter server won’t work anymore after a reboot.

Setting the correct IP settings for the appliance

In the vCenter Virtual Appliance web interface you can alter the IP setting for the vCenter appliance. This is not enough.

  1. Login with SSH on your vCenter Appliance server.
  2. Start yast.
  3. Goto Network Devices | Network Settings
  4. Goto Hostname/DNS
  5. Set the correct Hostname and Domain Name
  6. Reboot host

Replace default SSL certificates

This one is easy. Look at this KB article.

Active Directory authentication

With vCenter 5.1 VMware introduced Single Sign On (SSO). This is a service on vCenter where you can configure multiple authentication sources. 2 of them are default.

  • Localos (where the user root comes from)
  • System-domain (here you can create vCenter users)

Most of you would like to configure Active Directory authentication. This can be done in 2 ways.

  1. Active Directory intergration
    Login in on the vCenter Appliance with HTTPS at port 5480 and goto to the tab vCenter Server | Authentication. Place a mark at Active Directory Enabled and provide the Domain name with the corresponding credentials.
  2.  LDAP connection
    Login with the vSphere web client on your vCenter server. On the home page goto Administration | Sing-On and Discovery | Configuration. At the tab Identity Sources click the + sing. Select Active Directory and provide the Identity source settings.

No domain.localusername in vSphere client

If you have a Active Directory Identity Source configured you have to login as follow: domain.localusername. This is no problem if you have multiple domains who contain the same usernames. But if you have only one domain configured this can be annoying. If you configure this Identity Source as Default Domain you don’t have the provide the domain name any more.

Login with the vSphere client on you vCenter server. On the home page goto Administration | Sing-On and Discovery | Configuration. At the tab Identity Sources select your Identity Source and click Add to Default Domain button at the top. Your domain will appear in the lower section of the screen. There you can select the domain and use the arrow key’s to change the search order. The on that is on top is searched first.

NTP time synchronization

Of course you want time synchronization for your vCenter server and what better way to do this with NTP.

  1. Login with SSH on your vCenter Appliance
  2. Start yast and goto Network Services | NTP Configuration
  3. Make sure that the Start NTP Daemon is set to Now and on Boot
  4. Select Add and provide the IP or DNS name of you NTP server.

After you save the configuration NTP is started. You can check the time synchronization with the command: watch “ntpq -p”.

The watch command will execute the ntpq command every 2 second. You can stop this whit Ctrl-C.

Using Firefox on Mac won’t show all the available tabs in the vCenter Virtual Appliance web interface.

This is a bug (still with build 5.1.0.5200 Build 880472). Use a older Firefox.

Change SSH host keys after changing the hostname and IP settings

After you changed the hostname and the IP settings of you vCenter server, you have to regenerate the SSH host keys. “Why?” I hear you asking yourself, “everything works?”. Yes everything is working, and it’s secure. But the host keys are generate with the wrong (temporary) values.

  1. Delete the ssh_host_* files in /etc/sshd/
  2. Restart SSHD by entering the command rcsshd restart.

You will see that the host key’s a regenerated.

High %LAT_C values in ESXTOP

ESXTOP is a great tool for troubleshooting performance issue in VMware vSphere. In the past I written a post about CPU troubleshooting. One of the main values I mention in this blog post was %RDY.Want to know what it means? Read the post 🙂

While checking a vSphere 5.1 environment of a customer I got the following ESXTOP results

 

 

As you can see the %USED and %RUN differer a lot. Meaning the virtual machine want more CPU resources (%RUN) than it is actually getting (%USED). A small difference is normal but not up till 50%. %RDY was normal but as you can see %LAT_C is very high. But what does the value %LAT_C means? In the man pages %lat_c is explained as:

%LAT_C Percentage of time the resource pool or world was ready to run but was not scheduled to run because of CPU resource contention.

As you can read, there is a high CPU resource contention. But where does it come from? This is a DELL PowerEdge R620 with 2 Intel E2650 8 cores processors who is running 4 virtual machines. All these virtual machine have 8 vCPUs configured. So you may think that the amount of vCPUs is to high for the amount of pCPUs. But I wouldn’t expect these values. Then I looked a the P state off the CPU, seeing P states of 4, 5 even 11 or 12 explained to me that power saving was enabled in the BIOS for the CPUs. After I disabled power saving (in this case set the performance to maximum) I got the following results in ESXTOP.

 

 

As you can see %RUN and %USED are quit the same and %LAT_C is low. This is what we want to see.