Skip to main content


Updating VCSA on a private network

Updating the VCSA is easy when it has internet access or if you can mount the update iso. On a private network, VMware assumes you have a webserver that can serve up the updaterepo files. In this article, we'll look at how to proceed when VCSA is on a private network where internet access is blocked, and there's no webserver available. The VCSA and PSC contain their own webserver that can be used for an HTTP based update. This procedure was tested on PSC/VCSA 6.0.

Follow these steps:

First, download the update repo zip (e.g. for 6.0 U3A, the filename is ) Transfer the updaterepo zip to a PSC or VCSA that will be used as the server. You can use Putty's pscp.exe on Windows or scp on Mac/Linux, but you'd have to run "chsh -s /bin/bash root" in the CLI shell before using pscp.exe/scp if your PSC/VCSA is set up with the appliancesh. chsh -s /bin/bash root"c:\program files (x86)\putty\pscp.exe&q…
Recent posts

which vSphere version is my VM running on?

(an update of an older post, now complete up to vSphere 6.5) Your Linux runs on a VMware VM, but which on which ESXi version? You can see for yourself: run "dmidecode" and look at lines 10, 11 and 12. ESX 2.5 - BIOS Release Date: 04/21/2004 - Address 0xE8480 - Size 97152 bytesESX 3.0 - BIOS Release Date: 04/17/2006 - Address 0xE7C70 - Size 99216 bytesESX 3.5 - BIOS Release Date: 01/30/2008 - Address 0xE7910 - Size 100080 bytesESX 4 - BIOS Release Date: 08/15/2008 - Address 0xEA6C0 - Size 88384 bytesESX 4U1 - BIOS Release Date: 09/22/2009 - Address 0xEA550 - Size 88752 bytesESX 4.1 - BIOS Release Date: 10/13/2009 - Address 0xEA2E0 - Size 89376 bytesESXi 5 - BIOS Release Date: 01/07/2011 - Address 0xE72C0 - Size 101696 bytesESXi 5.1 - BIOS Release Date: 06/22/2012 - Address: 0xEA0C0 - Size: 89920 bytesESXi 5.5 - BIOS Release Date: 07/30/2013 - Address: 0xEA050 - Size: 90032 bytesESXi 6 - BIOS Release Date: 09/30/2014 - Address: 0xE9A40 - Size: 91584 bytesESXi 6.5 - BIOS Relea…

How VMware appliances update themselves

Most VMware appliances (vCenter Appliance, VMware Support Appliance, vRealize Orchestrator) have the so called VAMI: the VMware Appliance Management Interface, generally served via https on port 5480. VAMI offers a variety of functions, including "check updates" and "install updates". Some appliances offer to check/install updates from a connected CD iso, but the default is always to check online. How does that work?VMware uses a dedicated website to serve the updates: Each appliance is configured with a repository URL: . The PRODUCT-ID is a hexadecimal code specific for the product. vRealize Orchestrator uses 00642c69-abe2-4b0c-a9e3-77a6e54bffd9, VMware Support Appliance uses 92f44311-2508-49c0-b41d-e5383282b153, vCenter Server Appliance uses 647ee3fc-e6c6-4b06-9dc2-f295d12d135c. The VERSION-ID contains the current appliance version and appends ".latest": …

VPN gateway setup for Android 5, iOS 9, and Mac OS X 10.10

I recently configured an IKEv1 L2TP/IPSec VPN for a customer. They needed support for a mix of Android 5, iOS 9, and Mac OS X 10.10 clients. During testing and going through debug logs on the VPN gateway, I found that these devices announce support for several authentication hashes, and encryption protocols:
OSauthenticationencryptionAndroid 5SHA256-128, SHA1-96, MD5-96AES256, AES128, 3DES, DESiOS 9SHA1-96, MD5-96AES256, AES128, 3DESMac OS X 10.10SHA1-96, MD5-96AES256, AES128, 3DES
The working configurations I found were:
and I settled on the last combo as AES256 is the strongest CBC from that list.

PS for DH key exchange, only so-called Group 2 1024modp was in the list on all three devices, so there was no other choice available, and no further testing was done.
PS2 I tried SHA256 authentication with the Android device, but no successful connection could be set up with the VPN gateway. It looks like there was some kind of incompatibi…

A use case for exporting and importing distributed vswitches

In a recent VMware project, an existing environment of vSphere ESXi hosts had to be split off to a new instance of vCenter. These hosts were member of a distributed virtual switch, an object that saves its configuration in the vCenter database. This information would be lost after the move to the new vCenter, and the hosts would be left with "orphaned" distributed vswitch configurations.

Thanks to the export/import function now available in vSphere 5.5 and 6.x, we can now move the full distributed vswitch configuration to the new vCenter:

In the old vCenter, right-click the switch object, click "Export configuration" and choose the default "Distributed switch and all port groups"Add the hosts to the new vCenterIn the new vCenter, right-click the datacenter object, click "Import distributed switch" in the "Distributed switch" sub-menu.Select your saved configuration file, and tick the "Preserve original distributed switch and port g…

How to solve "user locked out due to failed logins" in vSphere vMA

In vSphere 6, if the vi-admin account get locked because of too many failed logins, and you don't have the root password of the appliance, you can reset the account(s) using these steps:

reboot the vMAfrom GRUB, "e"dit the entry"a"ppend init=/bin/bash"b"oot# pam_tally2 --user=vi-admin --reset# passwd vi-admin # Optional. Only if you want to change the password for vi-admin.# exitreset the vMAlog in with vi-admin These steps can be repeated for root or any other account that gets locked out.

If you do have root or vi-admin access, "sudo pam_tally2 --user=mylockeduser --reset" would do it, no reboot required.

VCSA detailed sizing options

The vCenter Server Appliance in vSphere6 can be deployed as "tiny", "small", "medium", and "large". The deployment wizard gives info about the vCPU and vRAM consequences of this choice, and about the total disk size of the appliance. But as there's 11 (eleven!) disks attached to the VCSA appliance, it's worth looking into which disks get a different size.

TinySmallMediumMax hosts10100400Max VMs10010004000vCPU248vRAM81624Disk size120150300disk0/ and /boot121212disk1/tmp/mount1,31,31,3disk2swap252550disk3/storage/core255050disk4/storage/log101025disk5/storage/db101025disk6/storage/dblog5510disk7/storage/seat102550disk8/storage/netdump1110disk9/storage/autodeploy101025disk10/storage/invsvc51025
N.B. I currently don't have the config data for "large".
This table can help if your environment is growing slightly or wildly beyond the original sizing of the VCSA. Using the autogrow command in @lamw's article, you can easily gro…