How to add AD Authentication in vCenter 7.0

The vCenter Server has an internal user database that allows you to add and manage users very easily. Users management and Single Sign-On is provided by the embedded Platform Service Controller which is available since vSphere 6.0. In a large environment, you might want to connect your virtualization infrastructure to a centrally manage Active Directory.

This article explains how to add AD authentication in vSphere 7.0 and how to get the "Use Windows session authentication" checkbox to work with the "Enhanced Authentication Plugin".

Read more »

vCenter Server 7.0 Tips and Tricks

In vSphere 7.0, the Windows-based vCenter Server is finally gone. Time to move forward and get in touch with the Linux based Photon OS. The following tips and tricks might come handy when working with the vCenter Server Appliance 7.0:

  • Enable SSH
  • File Transfer with SCP/SFTP
  • Public Key Authentication
  • Disable or Increase Shell Session Timeout
  • Password expiration
  • Reset vCenter Server Appliance 6.7 root password
  • Create a Backup Job
  • Remove Certificate Warnings (Root CA)
  • Install Additional Software
  • VMware Datacenter CLI (DCLI)
  • Run Docker Containers

Read more »

VMware ESXi 7.0 - IO Devices not certified for upgrade

Beside Server Hardware, also double check if your IO Devices (eg. NIC, HBA,..) are supported when updating ESXi hosts from VMware vSphere 6.7 to 7.0. The following devices were supported in vSphere 6.7 but are according to VMware's HCL not (yet) supported in vSphere 7.0.

  • Not supported does not say that it does not work.
  • The list has been created with the help of my IO-Devices HCL in JSON Format.
  • Did I miss something? Please comment.
  • In vSphere 7.0, VMKLinux driver compatibility has been deprecated and removed.

Read more »

Heads Up: Nested LDAP Groups Not Working in NSX-T 3.0

When using the new direct LDAP integration in NSX-T 3.0, authentication using nested groups is not working. Example:

  • User "John" is a member of the group "IT Department"
  • Group "IT Department" is member of Group "NSX Admin"
  • Group "NSX Admin" is assigned the Enterprise Admin Role in NSX-T

User "John" can't log in because NSX-T does not search inside nested groups. If you need nested groups to work and there is no workaround, use the vIDM (VMware Identity Manager) appliance.

How to enable LDAP Authentication in NSX-T 3.0

NSX-T 3.0 has added support for authentication using AD or LDAP sources. In previous versions, you had to deploy the vIDM (VMware Identity Manager) appliance to allow external authentication. You can still use vIDM but if you only need NSX-T authentication you can now do it without a sole purpose appliance.

This article explains how to enable LDAP authentication in NSX-T 3.0. Read more »

Visual Studio Code Error "No match was found for the specified search criteria and module name PackageManagement"

Visual Studio Code asks to perform an update when launching the PowerShell Integrated Console. The Update fails with the following error message:

PS> powershell.exe -NoLogo -NoProfile -Command 'Install-Module -Name PackageManagement -Force -MinimumVersion 1.4.6 -Scope CurrentUser -AllowClobber'

PackageManagement\Find-Package : No match was found for the specified search criteria and module name 'PackageManagement'. Try Get-PSRepository to see all available registered module repositories.

Get-PSRepository returns the following error: Read more »

Solution: ESXi Installation with USB NIC only fails at 81%

When you try to install ESXi 7.0 with a USB NIC only, the installation fails at 81% with the following error message:

Exception: No vmknic tagged for management was found.

Some homelab systems like the Intel 10th Gen NUC are not equipped with a compatible network adapter. As a workaround, you can use a USB NIC and create a customized image to install ESXi. The installation fails as the ESXi installer can't assign the USB NIC as a management adapter because it specifically searches for a "vmnic#", not "vusb#" adapter.

This article explains how to proceed with the 81% installation error and get the system to work.

Read more »

How to manually add NSX-T Managers to a Cluster

After deploying the first NSX-T Manager, additional managers can be deployed using the NSX-T GUI. This is a crucial step to create a redundant and reliable setup. To deploy an additional NSX-T Manager appliance you first have to add the target vCenter as "Compute Manager". In some cases, eg. when NSX-T Managers are to run in a dedicated management vCenter, you don't want to add the vCenter as Compute Manager.

A compute manager is required to deploy an appliance. To add a compute manager, visit the COMPUTE MANAGERS page.

This article explains how to manually add additional Managers to an NSX-T Cluster using the CLI, without configuring a compute manager.

Read more »

ESXi Update Error "[Errno 28] No space left on device"

When you try to install a VMware ESXi Update using esxcli, the upgrade fails with the following error message:

"[Errno 28] No space left on device"

The problem is caused by ESXi not having enough free space available to extract the installation packages. This article explains how to solve the issue by enabling swapping to a Datastore.

Read more »

How to Install or Upgrade ESXi 7.0b on 10th Gen Intel NUC

To get ESXi installed on a 10th Gen Intel NUC you need a customized image at the moment. How to create the custom image is explained here. The problem is that the ne1000 driver, which is bundled in ESXi 7.0, is not compatible with the NUCs Gigabit Network interface. When you now try to install the latest ESXi patch, the driver is overwritten with the non-working default ne1000 driver.

The solution is quite simple. You can either install the working driver again after patching or create a custom ESXi 7.0b image. The method described here is specific for ESXi 7.0b but might also work for future releases, as long as ESXi 7 is not equipped with a ne1000 driver supporting Intels latest I219-V.

Read more »