PSC : Firstboot script execution error

I installed a test PSC today and right at the end of the installation an error popped up “Firstboot script execution error”.

After looking through the log files I found the following:

VMware Appliance Configuration…\”, \n        \”translatable\”: \”Starting %(0)s…\”\n    }, \n    \”warning\”: [], \n    \”error\”: {\n        \”resolution\”: {\n            \”id\”: \”install.ciscommon.validatePNID.resolution\”, \n            \”localized\”: \”If the supplied system name is a FQDN, then make sure the DNS forward lookup results in at least one valid IP address in the system. If the supplied system name is an IP address, then it should be one of the valid IP address(es) in the system.\”, \n            \”translatable\”: \”If the supplied system name is a FQDN, then make sure the DNS forward lookup results in at least one valid IP address in the system. If the supplied system name is an IP address, then it should be one of the valid IP address(es) in the system.\”\n        }, \n        \”detail\”: [\n            {\n                \”args\”: [\n                    \”jpsctest01.sovsystems.com\”\n                ], \n                \”id\”: \”install.ciscommon.validatePNID.error\”, \n                \”localized\”: \”The supplied System Name jpsctest01.sovsystems.com is not valid.\”, \n                \”translatable\”: \”The supplied System Name %(0)s is not valid.\”\n            }\n        ], \n        \”componentKey\”: \”visl-integration\”, \n        \”problemId\”: \”install.ciscommon.validatePNID\”\n    }, \n    \”progress\”:0\n}”,”isFinal”:”true”}
2016-02-22 16:52:16.814728 Progress Controller: [VCSA ERROR] – First Boot error

Solution:

In my haste for testing i forgot to setup the A-records in DNS for the new PSC appliance.
The problem can also be related to providing the wrong DNS name during the installation wizard.

SRM 5.8: Synchronize storage freezes at 90%

SRM 5.8 with storage array replication VNX mirrorview.

Scenario:
Run a recovery and once completed run reprotect.
During the reprotect the storage synchronization gets stuck at 90%.

No real information from SRM on the status or errors so had to do some digging.  

Solution:
On the storage array reviewed the replicated LUN for the specific recovery plan and found that the the secondary image was showing “waiting for administrator to start synchronization”.

By default SRM queries an ongoing synchronization every 30 seconds to report status so after selecting synchronization and its completion did the SRM status also update and completed.

This setting is adjustable in the SRM advanced settings per site:  storage.querySyncStatusPollingInterval.

vCloud Director 8: vCenter Server status error

Had issue this week come up where vCloud Director is unable to communicate with vCenter server.  I had this many years ago but seems to be still relevant in vCD-SP8 so thought just write up about it with reference to good information:

In my environment this caused template deployments to fail with “Cannot retrieve list of the supported Operating Systems from Provider VDC “PVDC”. Please ensure vCenter is connected and available.”

Solution:

After reviewing vCenter Server vSphere resource under Manage and Monitor I found that vCenter is not connected.
KB 1035506 from VMware documents this issue but request that you call support to get this resolved.

The issue seems to be related to quart table and I am not going to get into much details here since Jason Boche wrote a nice detailed article how the problem comes about and how to resolve it.

http://www.boche.net/blog/index.php/2011/12/16/vcloud-director-and-vcenter-proxy-service-failure/

vSphere Web client 6.0 missing license UI

Found that on our recently upgrade vCSA 6.0U1 the license UI was missing.

Found a detailed KB article from VMware on this but they reference this happens when you have a proxy in place, which we don’t so seems this problem can potentially affect more environments.
Solution for vCSA:

  • Stop the vSphere Web Client service by running:
    service vsphere-client stop
  • Remove the contents of the vSphere Web Client work directory by running:
    rm -rf /usr/lib/vmware-vsphere-client/server/work/*
  • Remove the contents of the pickup directory by running:
    rm /usr/lib/vmware-virgo/server/pickup/*
  • Back up the following files that are located in /usr/lib/vmware-vsphere-client/plugin-packages/vsphere-client/plugins/:
    • telemetry-service-6.0.0.jar
    • telemetry-ui-war-6.0.0.war
    • phonehome-collector-ui-war-6.0.0.war
    • cis-data-service-cmc-6.0.0.jar
  • Remove the following files that are located in /usr/lib/vmware-vsphere-client/plugin-packages/vsphere-client/plugins/:
    • telemetry-service-6.0.0.jar
    • telemetry-ui-war-6.0.0.war
    • phonehome-collector-ui-war-6.0.0.war
    • cis-data-service-cmc-6.0.0.jar
  • Start the following vCenter service by running:
    service vsphere-client start
  •  
    Links:

    vCloud Director 8: Wildcard certificate

    I have a wildcard.pfx certificate which I need to use in my vCD instance.  Here are the steps to convert the certificate and import into vCD:

    1. Convert the pfx to pem:
      1. openssl pkcs12 -in certificate.pfx -out certificate.cer –nodes
    2. Extract the private key from the certificate.cer.
      1. copy from —–BEGIN PRIVATE CERTIFICATE—– 
      2. to end of —–END PRIVATE CERTIFICATE—–
      3. Create new file called certificate.key and paste 
    3. Recreate pfx and set alias for http
      1. openssl pkcs12 -export -in certificate.cer -inkey certificate.key -name http -passout pass:yourpassword -out http.pfx
    4. Recreate pfx and set alias for consoleproxy
      1. openssl pkcs12 -export -in certificate.cer -inkey certificate.key -name consoleproxy -passout pass:yourpassword -out consoleproxy.pfx
    5. Import the 2 PKCS12 keystores into Java keystore using keystore
      1. ./keytool -importkeystore -srckeystore http.pfx -srcstoretype PKCS12 -destkeystore certificate.ks -deststoretype JCEKS -deststorepass yourpassword -srcalias http -destalias http -srcstorepass yourpassword
      2. ./keytool -importkeystore -srckeystore consoleproxy.pfx -srcstoretype PKCS12 -destkeystore certificate.ks -deststoretype JCEKS -deststorepass VmwareS0v! -srcalias consoleproxy -destalias consoleproxy -srcstorepass VmwareS0v!
    6. Now import the root and intermediate certificates (if any) to the same keystore
      1. ./keytool -importcert -alias root -file GeoTrust_Global_CA.cer -storetype JCEKS -keystore certificate.ks -storepass yourpassword
      2. keytool -importcert -alias intermediate -file RapidSSL.cer -storetype JCEKS -keystore certificate.ks -storepass yourpassword
    To replace it your can read my previous blog post

    vCloud Director 8: Replace certificates

    I currently have some self signed certificates on my vCloud Director 8 installation and want to update them with new certificates.  Here are the simplified steps to get this accomplished:

    Firstly you need to create 2 certificates for each member of the group (cell) and import the certificates into host keystores.  Each vCD has 2 IP address which allows support for 2 different SSL endpoints(http and consoleproxy).  Each endpoint requires its own SSL certificate.

    Requirements for cert include an X.500 distinguished name, while Subject Alternative Name is not necessary.

    Replace certificate using vCD configuration script:
    this process will also validate the db connection and prompt for SSL certificate and skips all other.

    1. SSH to vCD cell
    2. Stop the vCD services
      1. service vmware-vcd stop
    3. Run the configuration
      1. /opt/vmware/vcloud-director/bin/configure
      2. Specify full path to java keystore that holds the new certificates
      3. Provide keystore and certificate password
    This will replace the certificates and restart the vCD services.
    Certificates command of the cell management tool automates process replace certificates in JCEKS keystore.
    1. # cd /opt/vmware/vcloud-director/bin
    2. # ./cell-management-tool certificates -j -p -k /tmp/.ks -w kspw
    3. Restart the cell for changes to take affect.
      1. # service vmware-vcd restart