Author Archives: fgrehl

Heads Up: Nested LDAP Groups Not Working in NSX-T 3.0

When using the new direct LDAP integration in NSX-T 3.0, authentication using nested groups is not working. Example:

  • User "John" is a member of the group "IT Department"
  • Group "IT Department" is member of Group "NSX Admin"
  • Group "NSX Admin" is assigned the Enterprise Admin Role in NSX-T

User "John" can't log in because NSX-T does not search inside nested groups. If you need nested groups to work and there is no workaround, use the vIDM (VMware Identity Manager) appliance.

How to enable LDAP Authentication in NSX-T 3.0

NSX-T 3.0 has added support for authentication using AD or LDAP sources. In previous versions, you had to deploy the vIDM (VMware Identity Manager) appliance to allow external authentication. You can still use vIDM but if you only need NSX-T authentication you can now do it without a sole purpose appliance.

This article explains how to enable LDAP authentication in NSX-T 3.0. Read more »

Visual Studio Code Error "No match was found for the specified search criteria and module name PackageManagement"

Visual Studio Code asks to perform an update when launching the PowerShell Integrated Console. The Update fails with the following error message:

PS> powershell.exe -NoLogo -NoProfile -Command 'Install-Module -Name PackageManagement -Force -MinimumVersion 1.4.6 -Scope CurrentUser -AllowClobber'

PackageManagement\Find-Package : No match was found for the specified search criteria and module name 'PackageManagement'. Try Get-PSRepository to see all available registered module repositories.

Get-PSRepository returns the following error: Read more »

Solution: ESXi Installation with USB NIC only fails at 81%

When you try to install ESXi 7.0 with a USB NIC only, the installation fails at 81% with the following error message:

Exception: No vmknic tagged for management was found.

Some homelab systems like the Intel 10th Gen NUC are not equipped with a compatible network adapter. As a workaround, you can use a USB NIC and create a customized image to install ESXi. The installation fails as the ESXi installer can't assign the USB NIC as a management adapter because it specifically searches for a "vmnic#", not "vusb#" adapter.

This article explains how to proceed with the 81% installation error and get the system to work.

Read more »

How to manually add NSX-T Managers to a Cluster

After deploying the first NSX-T Manager, additional managers can be deployed using the NSX-T GUI. This is a crucial step to create a redundant and reliable setup. To deploy an additional NSX-T Manager appliance you first have to add the target vCenter as "Compute Manager". In some cases, eg. when NSX-T Managers are to run in a dedicated management vCenter, you don't want to add the vCenter as Compute Manager.

A compute manager is required to deploy an appliance. To add a compute manager, visit the COMPUTE MANAGERS page.

This article explains how to manually add additional Managers to an NSX-T Cluster using the CLI, without configuring a compute manager.

Read more »

ESXi Update Error "[Errno 28] No space left on device"

When you try to install a VMware ESXi Update using esxcli, the upgrade fails with the following error message:

"[Errno 28] No space left on device"

The problem is caused by ESXi not having enough free space available to extract the installation packages. This article explains how to solve the issue by enabling swapping to a Datastore.

Read more »

How to Install or Upgrade ESXi 7.0b on 10th Gen Intel NUC

To get ESXi installed on a 10th Gen Intel NUC you need a customized image at the moment. How to create the custom image is explained here. The problem is that the ne1000 driver, which is bundled in ESXi 7.0, is not compatible with the NUCs Gigabit Network interface. When you now try to install the latest ESXi patch, the driver is overwritten with the non-working default ne1000 driver.

The solution is quite simple. You can either install the working driver again after patching or create a custom ESXi 7.0b image. The method described here is specific for ESXi 7.0b but might also work for future releases, as long as ESXi 7 is not equipped with a ne1000 driver supporting Intels latest I219-V.

Read more »

How to use SSH Key Authentication in NSX-T

If you are working with Linux you are very likely familiar with SSH Keys. Public Key authentication is an authentication method that relies on a generated public/private keypair and enables a secure method to login without entering a password.

Usually, you would use ssh_copy_id to transfer keys to a remote system or add it to the authorized_keys file manually but NSX-T does not support those methods. This article explains how to enable ssh key authentication for NSX-T Managers and Edge Appliances.

Read more »

Quick Tip: Remove NSX-T SSH and HTTP Session Timeout

If you are like me and keep browser tabs and SSH sessions open forever, I guess you are annoyed when that happens:

Default timeouts in NSX-T are:

  • 1800 seconds (30 minutes) for the Web Interface
  • 600 seconds (10 minutes) for SSH

This article explains how to remove session timeouts for SSH and the Web interface in NSX-T to stay logged in forever.

Read more »

Quick Tip: Remove NSX-T Password Expiration

VMware NSX-T has a preconfigured password expiration policy of 90 days. When the password expiration day is near, a notification is displayed in the Web interface. There are 3 preconfigured local users: admin, audit, and root. All passwords have to be changed after 90 days. This article explains how to remove the password expiration.

The password for local user 'admin' will expire in [x] days.
The password for local user 'root' will expire in [x] days.
The password for local user 'audit' will expire in [x] days.

Please keep in mind that not only the password for NSX-T Manager expires, but also for Edge Transport Nodes (Edge VMs). When the password has expired, some functions (API / Web-Interface Login) is no longer possible, so make sure you either change the password regularly or remove the expiration policy.

Read more »