After upgrading my vCenter Server to the latest vSphere 7.0 Update 1, I was unable to see ESXi 7.0 Update 1 Image. When I attempted to sync the updates I got the error “Download patch definitions task failed while syncing depots. Error: ‘integrity.fault.HostPatchInvalidVendorCode’.”
Seeing as the error mentioned the depots, navigate to Menu->Lifecycle Manager and then select the Settings tab and then Patch Setup.
Select the radio button for Partner provided Addons for ESXi and click Disable. Proceed to click on Action and then Sync Updates. The sync should now complete successfully.
With the release of vCenter 7 Update 1, VMware introuced the vCLS (vSphere Clustering Service). More information can be found here.
Looking at the error details it looks like it is looking for a feature called cpuid.mwait
Reviewing the VMX file it seems like EVC is enabled on the vCLS VMs. I didnt want to enable EVC on the whole cluster so i wanted to do it only on the specific VMs.
Doing some research i found that the VMs need to be at version 14. After upgrading the VM i was able to disable EVC on the specific VMs by following these steps:
In the vSphere Client, navigate to the virtual machine
Under the Actions -> Compatibility -> Upgrade VM compatibility
We can disable EVC on per VM level on version 14 and above, so in my case i chose ESXi 6.7 and later
Next go to the Configure Tab
Pick VMware EVC and click on Edit
Click on Yes
Click on Disable EVC and Click OK
The next time it tries to power on the VM it should go through.
Once the first VM starts up it will most likely deploy a few additional ones, follow the same steps as above again on the new VMs
While i was doing the operations endpoint install on a new vROPS environment i experienced an strange error that i didnt see before
- Unable to register the agent due to server error.
In order to find the issue i had to log in to my vROPS server in order to review the logs. I was able to find the End Point Adapter log file here:
/storage/log/vcops/log/adapters/EndPointAdapter/
While reviewing the log i found a strange error pointing me to the adapter
2020-09-27T12:12:01,514 ERROR [http-nio-127.0.0.1-8877-exec-4] (6) com.vmware.vcops.aim.agent.webserver.AgentAdapterController.handleCommand - Error when executing the agent command REGISTERAGENT Token:1601208564446-9168989700718889387-1917899764042627947. Failed to create agent instance. Reason:Failed to create resource: message=ResourceKind is not found: {adKind=EP Ops Adapter, resKind=EP Ops Agent}, localizedMessage=ResourceKind is not found: {adKind=EP Ops Adapter, resKind=EP Ops Agent}, code=0; message=resourceKind is null for resourceKind Key: EP Ops Agent and adapterKind Key: EP Ops Adapter, code=0
com.vmware.vcops.aim.exception.AgentAdapterException: Token:1601208564446-9168989700718889387-1917899764042627947. Failed to create agent instance. Reason:Failed to create resource: message=ResourceKind is not found: {adKind=EP Ops Adapter, resKind=EP Ops Agent}, localizedMessage=ResourceKind is not found: {adKind=EP Ops Adapter, resKind=EP Ops Agent}, code=0; message=resourceKind is null for resourceKind Key: EP Ops Agent and adapterKind Key: EP Ops Adapter, code=0
I would seem that i forgot to enable the adapter for remote monitoring… Fortunately the solution was very easy. All i had to do was log in as an administrator user in my vROPs instance and Activate the Operating System / Remote Service Monitoring
After the solution was activated the agent successfully registered
- Testing secure connection ...
- Connection successful.
Enter your server username: admin
Enter your server password: **Not echoing value**
- Registering the agent with server.
- The agent has received a client certificate from server.
- The agent has been successfully registered.
From a lifecycle manager perspective we have a couple of ways to add keys to the environment
If the my vmware user that is added to lifecycle manager has access to they keys, the keys can automatically discovered and imported. For this we can go to the locker from Home -> Locker -> License. If the keys are not discovered we can click on the refresh button up top to perform a manual sync
If the keys havent been imported or if we need to add a key manually we can click on the add button and complete the fields
Click on validate and add. This will add the key to the catalog and it will be consumable by lifecycle manager when we install the products
In my previous post i went over the installation of vIDM which is a pre requisite for vRA. You can find the link here
Next, we need to create a new environment that will be used to deploy vRA. For this we can go to Lifecycle Operations -> Create Environment. Fill in the necessary information and click next
Select vRealize Automation, select the version and install type then click next
Review and accept the EULA then click Next
Next screen is the key. Click on Select and select the vRA key from the inventory. If we need to add the key manually we can follow the steps in my post here
Verify the key selection click on Validate Association and click on next
Select the certificate and click next. If a new certificate needs to be create follow the instructions on my post here
Make the proper selections for where the vRA server will get deployed and click Next
Fill in the proper network configuration and click next
Specify the proper network configuration for the product and click next
Run the precheck and verify that everything is green then click Next
Verify the summary and click submit
Next we are taken to the request details where we can follow the process that LCM is performing for us automatically.
We can see that the task completed
If we go to environments we can see that the vRA Environment
Because im running on a deployment from VCF i can see that the datacenter was already provioned for me under under Home -> Lifecycle Operations -> Datacenters
However it seems like my Environment is not completely configured. In order to configure we can go to Home -> Lifecycle Operations -> Create Environment
Add a new password to the vault that will be used by our installation wizards. We can add a password by clicking on the + sign next to the Default Password
Enter the password details and click add
Now i can select the new password by clicking on Select Default Password. I can select the Datacenter from the drop down and click Next.
Select the VMware Identify Manager and click Next
Accept the EULA and click Next
Select the certificate. If you do not have a certificate you can follow the instructions i have here. Click next
Select the proper details to where the server will be deployed
Fill in the network information and click next
Fill in the product information
Run the precheck and verify that everything is valid and click next
Verify the details in the Summary and click Submit
We are taken to the request details page
Once the deployment is complete we can see the vIDM server under Environments
vRealize Lifeycycle Manager (vRSLCM) come with a Certificate Management feature. We can access the certificate management from Home -> Locker -> Certificate
We can generate Self Signed certificates for products managed by Lifecycle Manager as well as certificate requests to be signed by a certification authority
Generate a new CSR
Download the CSR and take it to the certified authority, in my case im using a Microsoft server /certsrv/certrqxt.asp
Click on advanced certificate requests and complete the request details
Download the certificate in the Base 64 encoded format
Next we can import it in to the certificate vault
Click on import and complete the details. The private key can be found in the certificate request file
Make sure you create a file that includes the signed certificate + the private key + the intermediate and root certificates.
In order to enable product downloads in lifecycle manager we need to go to Lifecycle Operations
Settings -> My vmware
Add my vmware account. Make sure the account added has a proper entitlement to perform downloads and patches.
With the releases of 8.x and above we now have a password vault that we need to add the passwords to. When presented with the add my VMware Account Detail screen press on Click here to add a new password
Type in the details for your password and press add
Click on Select Credential and add the new password you created, add the username, click validate and then add
After the process is complete we can go back to settings and click on Binary Mapping
This will take us to the Product Binary page where we can click on Add Binaries
We can add binaries from a local source, NFS, My VMware or Windows ISO. In this scenario we can download the binaries directly from My VMware. Click on my VMware and click discover
In my case i want to download vRealize Automation and VMware Identity Manager. So i selected th downloads as install type and clicked on add
We are now presented with a link where we can track the status of the download. Click on Click here to check the status request
In my case i was taken to Requests page and i can now see that there are 2 tasks In Progress for binary download
I can get more details by clicking on the In Progress link
While trying to deploy vRealize Suite Lifecycle Manager in VCF 4, i was prompted by an error X-Region Application Virtual Network is not created
After doing some research i found out that the error is due to AVN not getting deployed part of the initial deployment. I remembered that VCF 4 doesnt actually require it so after i did some research i was able to find a kb article that allowed me to continue with my install. KB 78608
All i had to do is log in to my sddc manager with my root credentials and execute the following commands:
