vpxd.log error: A database error occurred: "ODBC error: (54000)

ERROR: database is not accepting commands to avoid wraparound data loss in database "VCDB"

Hello all,

I'm running vSphere Version 6.5.0 Build 5178943, vCenter appliance 6.5.0.5300 and 5 ESXi 6.0.0, 2494585.

Around April 6th and again in the 19th I had to reboot the ESXi server that was hosting the vCenter VA.

For some reason, the VMs and the vCenter in the host became unresponsive, the 6th they were in one of my ESXi hosts and the 19th they were on a different ESXi host (same hardware but different host).

I checked the server logs and the one where the machines where located in the first occurrence (the 6th) reported loss of up link.

That made some sense, but then when it happened again on the 19th the ESXi host doesn't show any errors.

I also noticed that when I tried to connect to the host where the VMs where located with vSphere Client the host began to log me in but kept "loading inventory" and eventually timed out.

That makes me think maybe something happened with ESXi.

Just wondering if someone could suggest something to look for, I know there is a newer version (6.5.0d), but wanted to ask before rolling out an upgrade since I recently upgraded ESXi to 6.0.

I don't see any alarms in vCenter and looking at the logs, well I'm not an expert with vmware logs so I'm not entirely sure what I'm looking for.

Thanks in advance for your time.

Only prep  the templates with the prepare_vra_template.ps1 and .sh commands respectively for guest agent and SW agent support as identified here:

vRealize Automation 7.2 Information Center

Any manual installation will most likely lead to errors due to a missed step.  Reprep this template as per above pub.

Hi,

I've been experiencing this issue for a while. I thought it would have been fixed in Version 4.4.0 (5164329). However, I still encountered it.

Basically, the cut 'n paste content doesn't always pass thru the Horizon View Client 100%. I'd have to go back and try to copy the content again (at least multiple times) in order to paste thru the Horizon View Client.

This is really annoying. I don't experience the same issue via RDP connection. I tried to copy and paste the same content via RDP, it had always been working 100%. Whereas, Horizon View Client botched it.

Please see whether you can create a bug report for this.

Hi all,

I have a 4 node VSAN cluster. One of the nodes (apparently it was a master node) was improperly removed from the cluster (disconnected then removed). The three remaining nodes are fine, but I'm now not able to return the missing node into the cluster. When I add it back, it appears to be creating another cluster with it being a single member, and as a result, I'm not able to browse the VSAN datastore in the vCenter client (VMs are OK though).

Node 1 before joining the VSAN cluster:

[root@fx2-esxi-01:~]  esxcli vsan cluster get

Virtual SAN Clustering is not enabled on this host

Working VSAN cluster before node1 is joined:

[root@fx2-esxi-04:~] esxcli vsan cluster get

Cluster Information

   Enabled: true

   Current Local Time: 2017-04-21T16:17:33Z

   Local Node UUID: 58d04aea-1952-3758-4c9d-107d1a8fb9a7

   Local Node Type: NORMAL

   Local Node State: MASTER

   Local Node Health State: HEALTHY

   Sub-Cluster Master UUID: 58d04aea-1952-3758-4c9d-107d1a8fb9a7

   Sub-Cluster Backup UUID: 58cc1241-1e61-a964-ed3f-107d1a8fb3ef

   Sub-Cluster UUID: 52311b70-024e-7173-ac6e-92638c796a1a

   Sub-Cluster Membership Entry Revision: 12

   Sub-Cluster Member Count: 3

   Sub-Cluster Member UUIDs: 58d04aea-1952-3758-4c9d-107d1a8fb9a7, 58cc1241-1e61-a964-ed3f-107d1a8fb3ef, 58cc1fa4-bc1c-71ad-9f0d-107d1a8fb369

   Sub-Cluster Membership UUID: c193f958-30b3-2c5e-833c-107d1a8fb9a7

Node 1 after it is added back into the cluster:

[root@fx2-esxi-01:~]  esxcli vsan cluster get

Cluster Information

   Enabled: true

   Current Local Time: 2017-04-21T16:48:43Z

   Local Node UUID: 58cc0c20-eddb-7b02-7e25-107d1a8fb301

   Local Node Type: NORMAL

   Local Node State: MASTER

   Local Node Health State: HEALTHY

   Sub-Cluster Master UUID: 58cc0c20-eddb-7b02-7e25-107d1a8fb301

   Sub-Cluster Backup UUID:

   Sub-Cluster UUID: 52311b70-024e-7173-ac6e-92638c796a1a

   Sub-Cluster Membership Entry Revision: 0

   Sub-Cluster Member Count: 1

   Sub-Cluster Member UUIDs: 58cc0c20-eddb-7b02-7e25-107d1a8fb301

   Sub-Cluster Membership UUID: e837fa58-35df-3663-af01-107d1a8fb301

Note that the Sub-Cluster UUID is the same, but the cluster member count is 1. VSAN health check does show cluster partitioning and multicast issues:

I don't think there are multicast issues since everything was working fine before the first node was removed. Looking at packets tab, it looks like heartbeats from the original master (.201) are received by all 4 nodes, but heartbeats from the new master (.204) are received only by 3 surviving nodes and not by .201 (same group though):

All nodes are connected using a single 10GB uplink (the second one is in standby) to an internal switch on Dell FX2 system (Dell PowerEdge FN 410S IOM in standalone mode)

Dell#sh ip igmp snooping groups detail

Interface             Vlan 227

Group                 224.1.2.3

Uptime                4w2d

Expires               00:02:05

Router mode           EXCLUDE

Last reporter         192.168.227.204

Last reporter mode    EXCLUDE

Last report received  IS_EXCL

Group source list

Source address                   Uptime      Expires

Interface             Vlan 227

Group                 224.2.3.4

Uptime                4w2d

Expires               00:02:05

Router mode           EXCLUDE

Last reporter         192.168.227.204

Last reporter mode    EXCLUDE

Last report received  IS_EXCL

Group source list

Source address                   Uptime      Expires

Dell#

Any thoughts on what else to check? Thanks in advance!

Afaik the AutomaticStartAction parameter on the Set-VM cmdlet was only available for Hyper-V.

Are you sure you are talking about PowerCLI.

In vSphere the "start" of VMs is set on the ESXi node level.
To set a specific VM to manual start you could do

For your first questions, it depends on your requrements.

Yes you can use ECMP as per design guide below

But stateful services do not work on ECMP because there would be asymmetrical routing and stateful services will fail.

So if you have stateful services such as load balancer, edge firewall, NAT, don't use ECMP.

You can set the primary physical router as the primary path and the secondary physical router as the backup path and use cost (or administrative distance for static routes) to set the primary router as the preferred path.

Use a different interface for connection to the secondary physical router

If the two routers are on the same network, you can also use FHRP and peer with the router's virtual ip address

For your second questions, again, it depends on your requirements.

If your environment is pretty static then static should be fine.

But if the environment is dynamic, new networks (logical switches) often need to be added, then you could use dynamic routing such as OSPF/BGP so you don't need to manually add routes everytime you need to advertise new networks

For ECMP setup, you would need dynamic routing so the ECMP routes can be added/removed automatically by the dynamic routing

This is the very very important security issue. In an enterprise virtualization admin wouldn't be an administrator of vm operation systems.

Try like this

SR 17359172601

Hi, I'm trying to build this environment using my Mac development environment.

I've followed the instructions to install, and have used all defaults to create the "myplugin" plugin.

The json server starts correctly, as expected:

MacBook-Pro-10:myplugin-ui wodge$ json-server --watch db.json --static ./src/webapp

  \{^_^}/ hi!

  Loading db.json

  Done

  Resources

  http://localhost:3000/echos

  http://localhost:3000/hosts

  Home

  http://localhost:3000

  Type s + enter at any time to create a snapshot of the database

  Watching...

However, when I attempt to compile I get:

MacBook-Pro-10:myplugin-ui wodge$ npm start

> myplugin@0.9.2 start /Users/wodge/runecast/WebClientPlugin/WebClientPlugin-Resources/plugin-seed-0.9.5/tools/myplugin-ui

> ng serve  --port 4201 --proxy-config proxy.conf.json

** NG Live Development Server is running on http://localhost:4201 **

Hash: 1f53bfd0301c4e004f76                                                               

Time: 17774ms

chunk    {0} main.bundle.js, main.bundle.js.map (main) 156 kB {3} [initial] [rendered]

chunk    {1} scripts.bundle.js, scripts.bundle.js.map (scripts) 576 kB {4} [initial] [rendered]

chunk    {2} styles.bundle.js, styles.bundle.js.map (styles) 396 kB {4} [initial] [rendered]

chunk    {3} vendor.bundle.js, vendor.bundle.js.map (vendor) 4.02 MB [initial] [rendered]

chunk    {4} inline.bundle.js, inline.bundle.js.map (inline) 0 bytes [entry] [rendered]

ERROR in /Users/wodge/runecast/WebClientPlugin/WebClientPlugin-Resources/plugin-seed-0.9.5/tools/myplugin-ui/node_modules/@types/jasmine/index.d.ts (40,52): '=' expected.

/Users/wodge/runecast/WebClientPlugin/WebClientPlugin-Resources/plugin-seed-0.9.5/tools/myplugin-ui/node_modules/@types/jasmine/index.d.ts (42,62): '=' expected.

/Users/wodge/runecast/WebClientPlugin/WebClientPlugin-Resources/plugin-seed-0.9.5/tools/myplugin-ui/node_modules/@types/jasmine/index.d.ts (40,38): A parameter initializer is only allowed in a function or constructor implementation.

/Users/wodge/runecast/WebClientPlugin/WebClientPlugin-Resources/plugin-seed-0.9.5/tools/myplugin-ui/node_modules/@types/jasmine/index.d.ts (40,46): Cannot find name 'keyof'.

/Users/wodge/runecast/WebClientPlugin/WebClientPlugin-Resources/plugin-seed-0.9.5/tools/myplugin-ui/node_modules/@types/jasmine/index.d.ts (42,46): A parameter initializer is only allowed in a function or constructor implementation.

/Users/wodge/runecast/WebClientPlugin/WebClientPlugin-Resources/plugin-seed-0.9.5/tools/myplugin-ui/node_modules/@types/jasmine/index.d.ts (42,56): Cannot find name 'keyof'.

/Users/wodge/runecast/WebClientPlugin/WebClientPlugin-Resources/plugin-seed-0.9.5/tools/myplugin-ui/node_modules/@types/jasmine/index.d.ts (58,42): Cannot find name 'Partial'.

/Users/wodge/runecast/WebClientPlugin/WebClientPlugin-Resources/plugin-seed-0.9.5/tools/myplugin-ui/node_modules/@types/jasmine/index.d.ts (99,22): Cannot find name 'Partial'.

/Users/wodge/runecast/WebClientPlugin/WebClientPlugin-Resources/plugin-seed-0.9.5/tools/myplugin-ui/node_modules/@types/jasmine/index.d.ts (99,35): Cannot find name 'Partial'.

webpack: Failed to compile.

Could you please advise how to resolve this issue?

Many thanks

We can audit deleted files, moved etc. Is there a way to audit file download from Datastore(s)

Hi all,

What I have set up is the following (everything with version 6.0 u2):

2 physical sites (first site is the principal site and the second one will be for DR purposes)

in each physical site there is 1 external PSC and 1 vCenter

Both PSCs are connected to the same SSO Domain however there is a different SSO sitename for each PSC.

Each vCenter is connected to its local PSC instance.

The first PSC in the first site was connected to AD using Integrated Windows Authentication.

The client created a new local DC for me in the second site (to reduce the time required to authenticate)

The vCenter and PSC in the first site both point to local AD DCs in that site.

The vCenter and PSC in the DR site have configured their primary DNS as the new, local DC and their secondary DNS as a DC in the principal site.

The PSCs at both sites are connected to AD.

Now.

When an AD user is added either with a Global permission or with vCenter permissions on both vCenters, I am seeing the following:

I can log into the vCenter server at the principal site using the AD users without problem and I can see and administer both vCenter Servers in the console.

However I cannot log on directly to the vCenter server at the DR site using any AD users.

Could there be a port blocked in a firewall between sites that vCenter needs?

I am able to sign on to the local DC in the DR site using AD credentials so that´s why I wonder if something the vCenter needs in particular, is being blocked.

I also tried putting only the DNS server IP addresses from the main site on the PSC and vCenter of the DR site but the results are the same.

As far as I know, when using Enhanced Link mode, the authentication is automatically configured the same in all the PSCs i.e. you configure the Identity Source on the first PSC and all additional PSCs automatically use the same source.

So what I understand is that, after you add the Identity source in the frist site, you don´t need to repeat the configuration in any other parts except for adding the additional PSC to the domain as well.

Anyone have any ideas?

Regards

Mark

Hello everyone,

I have an empty VM template (no OS installed), that was created with the OS Version set to "SUSE Linux Enterprise 12 (64-Bit)." When I clone a VM from this template, I get an empty VM, set for use with SUSE 12 64-Bit. What I want is to allow the user to change this setting before deployment in VRA.

I have tried to override this setting in VRA using the following properties:

VirtualMachine.Config.GuestId

vim.vm.GuestOsDescriptor.GuestOsIdentifier

vm.GuestOsDescriptor.GuestOsIdentifier

VirtualMachine.GuestOsDescriptor.GuestOsIdentifier

With a value of 'rhel6_64Guest'. None of these have worked, and the VM is always cloned as SUSE 12 64-bit.

Can anyone tell me what the correct property to set would be? For example, I can override some network settings by manually creating a property named 'VirtualMachine.Network0.Name'.

Thanks,

Tanner

Hello,

Yes there is. Check out aac-lib/vli at master · Texiwill/aac-lib · GitHub which is a VMware vRealize LogInsight Content Pack that provides a Security Operations view of what happens within vSphere (vCenter + ESXi). There is a Datastore Browser dashboard to give you just this information. There is also other activity monitoring that will be of use.

Best regards,
Edward L. Haletky aka Texiwill
VMware Communities User Moderator, VMware vExpert 2009-2017

Virtualization and Cloud Security Analyst: TVP Strategy

Blue Gears Blog: vSphere Upgrade Saga

Podcast: Virtualization and Cloud Security Round Table Podcast

GitHub: https://github.com/Texiwill

See below. I have not used this property myself, but perhaps it would do the trick. Let me know how it goes.

Table 3-14 in vRA 7.2 Custom Properties Reference

VMware.VirtualCenter.OperatingSystem - Specifies the vCenter Server guest operating system version (VirtualMachineGuestOsIdentifier) with which vCenter Server creates the machine. This operating system version must match the operating system version to be installed on the provisioned machine. Administrators can create property groups using one of several property sets, or example, VMware[OS_Version]Properties, that are predefined to include the correct VMware.VirtualCenter.OperatingSystem values. This property is for virtual provisioning. When this property as a non-Windows value, the Connect Using RDP user interface option is disabled. The property can be used in a virtual, cloud or physical blueprint. For related information, see the enumeration type VirtualMachineGuestOsIdentifier in vSphere API/SDK Documentation. For a list of currently accepted values, see the vCenter Server documentation.

Hello,

You are not. If you feel strongly about it, you should open up a support request to get the bulletins updated with more information. I have always gone back to CVE and looked up the issue there, then gone and found the actual attack description elsewhere. This way, I have done all my research. I would do that even if it was provided by the vendor as you then have corroboration on the CVE and its impact.

If you have a well segregated management environment the severity of this goes down significantly. BTW, we just covered the lowest hanging fruit of virtualization security on the Virtualization and Cloud Security Round Table Podcast on 4/20/17 (see below).

Best regards,
Edward L. Haletky aka Texiwill
VMware Communities User Moderator, VMware vExpert 2009-2017

Virtualization and Cloud Security Analyst: TVP Strategy

Blue Gears Blog: vSphere Upgrade Saga

Podcast: Virtualization and Cloud Security Round Table Podcast

GitHub: https://github.com/Texiwill

It must be because you don't have the right version of Typescript. Please send the output of "npm list" in another thread so that we resolve this separately from this post. Thanks

While my OS 10.11 guest started out as Maverick (10.9) and was updated, I didn't change the "OS" version in Settings>General and that did indeed turn out to be the problem. Changing that guest OS designation to match the guest did allow VMware Tools to install properly.

But that raises a question:  unlike Windows, the Virtual Machine menu in Fusion when running an OS X guest says to Reinstall VMware Tools rather than Update Tools, implying that there is no benefit in doing so. Since there is apparently a newer version of Tools for that particular OS X guest, should the menu entry be Update and is there any actual benefit to reinstalling Tools in an instance like this?

Checking further, I noticed that after upgrading Windows 8.1 to Windows 10, I hadn't changed the guest type in Settings and did so. This time a need for updating was offered so I selected it in the menu and the process started (it didn't just run automatically). But almost 1/2 hour later, it was still in that mode so I just shut  the guest down (since on the clone, any damage can be fixed by importing the original VM and starting over). VMware Tools installation is usually pretty fast and simple so is there something else I should look for going on?

Hello,

Often this is controlled by the SSH server itself not the shell. You can also be controlled by the client...

Check out https://docs.oseems.com/general/application/ssh/disable-timeout/

There is always more than one way to handle a security control.

Best regards,
Edward L. Haletky aka Texiwill
VMware Communities User Moderator, VMware vExpert 2009-2017

Virtualization and Cloud Security Analyst: TVP Strategy

Blue Gears Blog: vSphere Upgrade Saga

Podcast: Virtualization and Cloud Security Round Table Podcast

GitHub: https://github.com/Texiwill