Pages

Me on LinkedIn

View Matt Villilo's profile on LinkedIn

Popular Posts

  • Link Aggregation on a 3Com 4200G
    As I've been building up my lab, I needed to get a backbone switch that would not only support my production/lab network traffic but als...
  • Hostnames and View Volatile Environment Registry Entries
    We're starting to deploy a large amount of linked clones that require the zero client machine name to base network printer mappings too....
  • Long time no post
    I apologize for the absence, but work/studying and wedding planning has taken all my time recently (not to mention I screwed up the template...
  • First networking related post
    This is what happens when you have time to manage some cables: BEFORE.... And this is what it looks like now (with two more 48 port p...
  • Lab time! Part 2
    So here I am with three sweet servers for $600. I now had another issue to solve... How do I use them? Funny as it may sound, something...
  • Weird storage vMotion issue
    I had a server template that I created on a ESXi 4.1 cluster and moved to a ESXi 5 cluster. After I did that, I upgraded the hardware versio...
  • Quick Java commands to compile a jar file
    This is almost for just me, but maybe someone else could use the info as well. To compile the source code into class files (I didn't h...
  • Do they actually need it?
    We've been thinking about replacing some of our ancient computers on wheels (COWs) over at our hospital facility with wireless Wyse dev...
  • I'm still here
    Two months. That's almost an eternity in the online world (and quite frankly, the real world as well if you've been as busy as I h...
  • View 5.1 certificate for multiple connection servers
    I apologize for the delay with posts. I've been pretty busy at work keeping everything ship-shape. I finally got to a point where I coul...
Powered by Blogger.

ESXi, vCenter and Active Directory

I don't have any confirmation on this (in fact VMware support has no idea how this happened), but after spending 11 hours on Saturday rebuilding one of my vSphere servers (which houses the entire View environment), I think I figured out why 90% of my vm's went orphaned on me after I took the server offline for some hardware upgrades (like ironically, a fibre HBA to hook into our new EMC VNX5300).

When I originally built this vSphere environment, I did so with the thought that this would be all I get to work with. I didn't have any shared storage (not even a decent iSCSI/NFS store), nor did I have vMotion... and apparently I didn't really know exactly what I was doing ("gasp!" - getting that out was hard for me because I hate to think that I did anything wrong). I had an idea of what I wanted but VMware was still a little new to me. Fast forward six months, and I've gone through "Mastering vSphere 5" twice, read most of VMware's vSphere 5 documents and have taken the vSphere 5 class (my VCP test is registered for June 4th). I have a MUCH better understanding of how the whole vSphere environment works. So this is how I think I killed 96 virtual machines - causing me to re-register each and every one of them and taking down my entire View environment.

I added the ESXi host to vCenter using a domain account whose password changes every 60 days.

See, I went through and set up access to the ESXi host before adding it to vCenter. I really didn't understand how vCenter played such an important role in management until recently. Here's my train of thought (granted, none of this is verified - just my own suspicions):

  • I add the ESXi host to vCenter with a domain account
  • vCenter cache's the username and password used to connect and authenticate the ESXi host
  • I add some VM's to the host through vCenter
  • vCenter uses those cached credentials to register those VM's with the ESXi host itself
  • My domain account's password is changed
  • I then proceed to build out my entire view environment on this host
  • Each time a VM is created in vCenter, vCenter adds it to it's database then tries to register it with the ESXi host using the original cached credentials
  • uh-oh... those credentials are expired. vCenter gets to actually create the virtual machine files on the datastore but the ESXi host refuses to add the VM to its list of hosted virtual machines
  • Fast forward to Saturday and I take the host down to put the new HBA cards in it
  • When I bring the host back online, vCenter tries to re-add the host but is unable to do so using the cached credentials
  • I have to re-add the host to vCenter, this time realizing I need to use the ESXi host root username and password.
Again, this is my speculation, but it seems to be the only logical answer to how this happened. I mean, there's no way taking a host offline on purpose should make 90+ VM's orphaned you know?

Anyways, if anyone ever reads this and they know of official documentation from VMware that supports this theory, I'd love to read it!

Posted by Matt Villilo at 10:01 PM  

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)