To reset the lost forgotten root password in vCenter Server Appliance 6.5:

1. Take a snapshot or backup of the vCenter Server Appliance 6.5 before proceeding. (Do not skip this step.)
2. Reboot the vCenter Server Appliance 6.5.
3. After the OS starts, loading the Photon splash press e key to enter the GNU GRUB Edit Menu.
4. Locate the line that begins with the word Linux.
5. Append these entries to the end of the line:rw init=/bin/bash
   
   The line should look like the following screenshot:

• Press F10 to continue booting.
• In the Command prompt, enter the command passwd and provide a new root password (twice for confirmation):
  
  passwd
  
• Unmount the filesystem by running this command:
  
  umount /
  
• Reboot the vCenter Server Appliance 6.5 by running this command:
  
  reboot -f
  
• Confirm that you can access the vCenter Server Appliance 6.5 using the new root password.
• Remove the snapshot taken in Step 1 if applicable.

More information: VMware

This monitor tracks the vCenter RBD (vSphere Auto Deploy) Health Alarm.

By default, the alarm is triggered by the following event:

• vim.event.HealthStatusChangedEvent: Health status of the Sphere Auto Deploy Waiter changed.

For instructions on troubleshooting the Sphere Auto Deploy Waiter, see this VMware KB article.

VMware has released security patches for the VM-Escape Security Bug. http://www.vmware.com/security/advisories/VMSA-2017-0006.html

Products affected is ESXi, Workstation, Player and Fusion.

VMware ESXi 6.5  

Downloads:https://my.vmware.com/group/vmware/patch

Documentation:  http://kb.vmware.com/kb/2149573
VMware ESXi 6.0 patch on top of ESXi 6.0 U3

Downloads: https://my.vmware.com/group/vmware/patch

Documentation:   http://kb.vmware.com/kb/2149569

VMware ESXi 6.0 patch on top of ESXi 6.0 U2  

Downloads:  https://my.vmware.com/web/vmware/details?productId=491&downloadGroup=ESXI60U2

(Click on the above link and scroll down to ESXi600-201703003 Offline Bundle)

Documentation:  http://kb.vmware.com/kb/2149673

VMware ESXi 6.0 patch on top of ESXi 6.0 U1  

Downloads:  https://my.vmware.com/web/vmware/details?productId=491&downloadGroup=ESXI60U1B

(Click on the above link and scroll down to ESXi600-201703002 Offline Bundle)

Documentation:  http://kb.vmware.com/kb/2149672

ESXi 5.5 

Downloads: https://my.vmware.com/group/vmware/patch

Documentation:   http://kb.vmware.com/kb/2149577

VMware Workstation Pro 12.5.5 

Downloads and Documentation:

https://www.vmware.com/go/downloadworkstation

https://www.vmware.com/support/pubs/ws_pubs.html

VMware Workstation Player 12.5.5

Downloads and Documentation:

https://www.vmware.com/go/downloadplayer

https://www.vmware.com/support/pubs/player_pubs.html

VMware Fusion Pro / Fusion 8.5.6

Downloads and Documentation:

https://www.vmware.com/go/downloadfusion

https://www.vmware.com/support/pubs/fusion_pubs.html

This year’s vExperts 2017 were announced! Check it out. I’ve been honored again (2010, 2011, 2012, 2013, 2014, 2015, 2016) as a vExpert this year. Great thanks to VMware and vExpert team behind the program!

It’s Correy Romero who announced the news on the VMTN blog. This year over 700 vExperts (exactly 754 vExperts this year) were named. Here is the full list of lucky people for 2017 – vExperts 2017.

vExpert program allows greater recognition between your coworkers, clients and in the overall professional life.

Running vSphere Client 6.0.0 build 2741530. Sometimes when opening the remote console, during boot virtual machine the resolution is swapping from small to a bigger resolution.

App crash with details:

vmware-remotemks.exe version 8.0.0.33578

Solution

Update the VMware vSphere cliënt, in my case to version: 6.0.0-3562874

vCenter Server Appliance

• Enhanced vCenter Install, Upgrade, Patch: Streamlined user experience while deploying, upgrading and patching for vCenter Server. Support for CLI template-based vCenter Server lifecycle management.
• vCenter Server Appliance Migration Tool: Single-step migration process for existing Windows vCenter Server to latest release of vCenter Server Appliance. Assumes the identity of the source Windows vCenter (UUID, IP, OS Name). Support for both CLI and UI methods. Migrations for both embedded and external topologies. VMware Update manager is now included in the migration process.
• Sphere Update Manager for vCenter Server Appliance: Fully embedded and integrated vSphere Update Manager experience for vCenter Server Appliance – with no Windows dependencies!
• Enhanced Auto Deploy: New capabilities such as UI support, improved performance and scale, backup and restore of rules for Auto Deploy.
• Improvements in Host Profiles: Streamlined user experience and host profile management with several new capabilities including DRS integration, parallel host remediation, and improved audit quality compliance results.
• VMware Tools Lifecycle Management: Simplified and scalable approach for install and upgrade of VMware Tools, reboot less upgrade for Linux Tools, OSP upgrades, enhanced version and status reporting via API and UI.
• vSphere Automation API: A new REST based API, SDKs and Multi-Platform CLI (DCLI) is now available to provide simplified VM management and automation of the VCSA based configuration and services.
• Platform Service Controller High Availability: The PSC HA feature include zero configuration high availability with automatic vCenter failover to another PSC within a site. New PSC Site Management client side tools for viewing your topology and viewing PSC HA status. Available for both Windows and Appliance PSCs.
• vCenter High Availability: Protect mission critical vCenter deployments with a native high availability solution that will not only protect against host and hardware failures, but also against vCenter application failures. The vCenter HA solution provides automated failover from active to passive vCenter with expected RTO < 5 mins. Uses synchronous replication so there is no data loss and operates in an Active-Passive configuration with a Witness. Requires 2 network adapters, one for the “public” network and one for the “private” network. And is only be available to the vCenter Appliance.
• vCenter Server Appliance and Database Management: The new 6.5 Appliance Management Interface includes usage monitoring of the embedded vCenter Postgres database by data type and utilization trends, and sends database usage alerts directly into the vSphere web client. Monitor appliance CPU, Memory, and networking utilization trends for more targeted troubleshooting. Send syslog data to remote hosts.
• Native vCenter Server backup and restore: Back up the vCenter Server Appliance and Platform Services Controller in three simple steps in the Appliance Management Interface using industry-standard protocols like HTTP(S), SCP or FTP(S). The file-based backup (encryption optional) will include the embedded Postgres database, vCenter inventory, and all configuration files required to recover vCenter. Restore the appliance from the new vCenter Server 6.5 installer.

XenServer 7 was released in May of 2016.  It was available in pre-release form under the project name of Dundee.  All new XenServer installations should be made using XenServer 7.

Microsoft Technology integration

Citrix has a long history of integrating with, and supporting Microsoft operating systems and infrastructure products, and XenServer 7 is no exception.

• Automated Microsoft Windows VM driver management
  Do you administer a larger XenServer environment? We currently support up to 1000 VMs per host, and have customers running thousands of hosts, so when time comes to updating the Windows VMs’ XenTools, it can be quite a challenge. Even with smaller infrastructures, the process of updating many Windows VMs can be a headache, something we’ve heard loud and clear from our customers. Our solution? Automation.
  In XenServer 7, it is now possible to let Microsoft Update Services automatically install and/or update the Windows VM I/O drivers contained within those VMs, moving this once cumbersome process into the standard organizational framework for how their Windows machines are updated.
• Microsoft Server Message Block (SMB) support
  Adding to the wide variety of host storage connectivity, XenServer 7 now includes SMB to enable IT admins to use Windows storage devices running SMB for their XenServer VM’s disks.
• Docker containers in Windows Server 2016
  In May 2015, XenServer introduced Docker container management for Linux VMs, opening up visibility and management to IT admins, of the containers being used within their XenServer infrastructures. This year for XenServer 7, we are really excited to be supporting Docker containers on Microsoft Windows Server 2016 OS, rounding off our of Docker support across both Linux and Windows, the first and only commercial hypervisor to do so.
• A new Microsoft System Center Operations Manager (SCOM) management pack is now integrated and licensed in XenServer 7. For customers wanting greater Microsoft SCOM management visibility, this ties in well across the Citrix stack.
• The Microsoft Active Directory integration within XenServer has been improved, changing the underlying connectivity components, which increases the scalability to support large AD forests, whilst also increasing performance.
• XenServer 7 includes templates for Microsoft Windows 10 and preview of Windows Server 2016.

Revolutionary Security

Infrastructure security is always a challenge, and whether it’s protection from viruses, malware or hackers, there are a variety of tools and methods used by security vendors to help businesses protect their IT infrastructures from the variety of tools and methods used by the people with malicious intent. A big challenge is how malware and hackers get around, disable, or hide themselves from existing security solutions.

If someone can leverage a software vulnerability to gain access to a system, they tend to work their way up the security chain, seeking to get the highest level of system privileges from where they can disable security software and do the most damage or gain access to the most sensitive data.

XenServer 7 is different.

Working closely with Bitdefender, Citrix is proud to announce XenServer Direct Inspect APIs, which allow integration from third party security software companies to leverage hypervisor memory introspection (HVMI). This uses a privileged security appliance (SVA), one per-host to inspect the memory of VMs running on the host. As introspection is happening from outside the guest VM, there are no agents required within the VMs, and as such, nothing for a virus, piece of malware or hacker to disable within the VM. Should anyone also hack into a VM OS, they would also only be able to see within the boundaries of that VM container, and be completely unaware that a host-based SVA could be monitoring and blocking their activity; we call this “better than physical” protection.

Security products based on virus or malware signatures protect you from known risks, however what about day-zero attacks? How do you protect yourself against something for which there is no known signature? Bitdefender’s integration goes beyond the standard signature checking, by examining the techniques used by viruses or malware rather than their signatures, enabling protection of systems against day-zero attacks.

This solution isn’t targeted at replacing all disk based scanning protection, as the Direct Inspect APIs feature is a memory based solution, yet it extends protection through either a kernel-mode or user-mode (for specific applications), providing protection against a variety of security threats, including existing security products from being disabled. As such it complements existing disk based protection solutions. Find out more from Bitdefender on this blog and data sheet.

Some papers:

• Citrix XenServer 7.0 Release NotesCitrix XenServer 7.0 Installation Guide
• Citrix XenServer 7.0 Quick Start Guide
• Citrix XenServer 7.0 Virtual Machine User’s Guide
• Citrix XenServer 7.0 Administrator’s Guide
• Configuring Citrix XenServer 7.0 for Graphics
• Citrix XenServer 7.0 Configuration Limits
• Citrix XenServer 7.0 Licensing FAQ
• Citrix XenServer 7.0 Technical FAQ
• Citrix XenServer 7.0 Management API Guide
• Citrix XenServer 7.0 Software Development Kit
• Citrix XenServer 7.0 Supplemental Packs & the DDK Guide
• Citrix XenServer 7.0 Measured Boot Supplemental Pack
• Citrix XenServer Workload Balancing 7.0 Quick Start Guide
• Citrix XenServer Workload Balancing 7.0 Administrator’s Guide
• Citrix XenServer 7.0 Conversion Manager Guide
• Citrix XenServer 7.0 vSwitch Controller User Guide
• Citrix SCOM Management Pack for XenServer Release Notes
• Citrix SCOM Management Pack for XenServer User Guide
• Citrix SCOM Management Pack for XenServer Compatibility Matrix
• Citrix SCOM Management Pack for XenServer Reference Guide

More information: Citrix

Last week I had to change VMX files for 500 XenDesktop machines because the users where able to eject removable devices

To mass disable HotPlug capability by editing the .vmx file via PowerCLI I used the following script:

$key = "devices.hotplug"
$value = "false"
get-cluster "CL02.XD" | get-VM -Name 000-CXD* | foreach {
  $vm = Get-View $_.Id
  $vmConfigSpec = New-Object VMware.Vim.VirtualMachineConfigSpec
  $vmConfigSpec.extraconfig += New-Object VMware.Vim.optionvalue
  $vmConfigSpec.extraconfig[0].Key=$key
  $vmConfigSpec.extraconfig[0].Value=$value
  $vm.ReconfigVM($vmConfigSpec)
}

Optional (manual) options:

You can disable HotPlug capability using the vSphere Client or by editing the .vmx file.
Note: You can disable HotPlug capability for PCI devices such as e1000 or vmxnet3 NICs.
To disable HotPlug capability using the vSphere Client:

1. Connect to the ESXi/ESX host or vCenter Server using the vSphere Client.
2. Power off the virtual machine.
3. Right-click the virtual machine and click Edit Settings.
4. Click the Options tab.
5. Click General > Configuration Parameters > Add Row.
6. Insert a new row with the name devices.hotplug and a value of false.
7. Power on the virtual machine.

To disable HotPlug capability using the vSphere Web Client:

1. From a web browser, connect to the vSphere Web Client.
2. Log in with Administrator credentials.
3. Navigate to the virtual machine you want to modify.
4. Right-click the virtual machine and select Edit Settings.
5. Click the VM Options tab.
6. Click Advanced > Edit Configuration > Add Row.
7. Insert a new row with the name devices.hotplug and a value of false.
8. Power on the virtual machine.

To disable HotPlug capability by editing the .vmx file:

1. Power off the virtual machine.
2. Access the ESXi/ESX service console using an SSH client.
3. Open the virtual machine configuration file (.vmx) in a text editor. The default location is:
   /vmfs/volumes/datastore_name/vm_name/vm_name.vmx
4. Add the line:
   devices.hotplug = "false"
   Note: This setting does not interfere with HotPlug CPU/memory.
5. Save and close the file.
6. Power on the virtual machine.

More information:

VMware

Current build VMware vCenter Server 6.0.0 2776510, vSphere client 6.0.0 2741530

Note: Supported upgrade paths to VCSA 6.0 U1 include from 5.1 U3 & 5.5.

While on the topic of upgrades, going from VCSA 6.0 to 6.0 U1 is quite simple. First, you’ll need a patch ISO, which can be found on here. You ‘ll notice there are two patch ISOs, FP and TP.

Download VCSA patch from here.

FP is a full product patch for VC & PSC appliances only.

TP is third party patch spanning multiple products, such as VCSA, vCenter Windows, VUM, PSC appliance and windows.

To update/patch your vCenter 6.0 Appliance, please follow the below steps:

1. Connect directly to vSphere host which running vCenter Appliance
2. Take a snapshot of VCSA
3. Connect downloaded ISO file to the VCSA VM
4. Log in to the VCSA via SSH
5. Run the following command

To mount ISO and accept EULA:

software-packages stage –iso –acceptEulas

To stage ISO:

software-packages install –iso

To see  the staged content:

software-packages list –staged

To  install the staged rpms:

software-packages install –staged

shutdown reboot –r patching

Result

New buildnumber: VMware vCenter Server 6.0.0 3018523

More information: VMware