Download all VMworld 2016 US sessions – 160GB torrent

This is just a quick reblog of the post from wojcieh.net. All VMware 2016 US sessions can be downloaded:

torrent

Have fun!

Posted in Uncategorized | Tagged | Leave a comment

Replace Just Expired Self-Signed vCenter SSL Certificate – Part 2 of 3: Replacing

So we have already created the self-signed certificate via MS AD Certificate Service for the vCenter Server in the Part 1. In this second section we will replace the expired certificate using the chain.pem and rui.key files. Let’s do this with the VMware SSL Certificate Automation Tool!

Attempt #1

Start the ssl-updater.bat and select the option 5, then 2. That would have been the easiest and the normal method.

07-update-cert

But, it couldn’t log in to the vCenter Server (Me neither manually via vSphere client). So got the following error message:

[2016.08.29. - 16:47:04,02]: "Cannot log in to vCenter."
[2016.08.29. - 16:47:04,03]: The vCenter certificate update failed.

Tried several times, also with another accounts, but same results. The Deploying and using the SSL Certificate Automation Tool 1.0.x (KB2041600) has a similar problem in the known issues section, but in our case the Managed Object Browser was not disabled. I have checked also the logs, but nothing helpful. Okay, we have to find another solution.

Attempt #2

Fortunately there is a KB exactly about this issue: Recovering from expired SSL Certificates in VMware vCenter Server 5.5 (KB2096030). I have done the steps 1-7, then with the step 8 for the following command:

ssolscli listServices https://vc.domain.com:7444/lookupservice/sdk

I got the message:

com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate assertion not verified and thumbprint not matched

Nice… There are various KBs about this issue, but nothing useful.

Attempt #3

It’s not the most beautiful solution, I know, but let’s change the date and time of the vCenter server. The certificate was valid till 27th of Aug, 2016, so I selected the 26th of August. Finally I could login into the vCenter via the vSphere client. Okay let’s try to replace the certificate with the SSL Certificate Automation Tool, as in the Attempt #1. In this case the tool could login to the vCenter, but I got a new error message:

08-falied

2016-08-26T15:15:13.935+0200 [c.v.s.c.ValidateChainMain] ERROR The certificate chain file does not contain a valid certification path. PKIX path validation failed with: Could not validate certificate: certificate not valid till 20160829155832GMT+00:00 (at certificate #1)
2016-08-26T15:15:13.935+0200 [c.v.s.c.ValidateChainMain] ERROR The supplied certificate chain is not valid.

I thought, that something is wrong with the certificate, so re-crated very carefully 2 times – same results. It should have been OK, but… it didn’t work.

Attempt #4

What if, I change the date and time of the MS AD Certificate Service server? That is a Windows 2008 R2, let’s try it. I used the same date: 26th of August. Afterwards I have tried to create a new certificate again, but the MS ADCS webpage wasn’t even available. Interesting, what happened? Changed back the date – everything back to normal. I have checked the events and logs in the Windows server and founded the following from the CertificateAuthority:

08-vrootca-time-drift-cannot-loginGotcha!! So there was a date/time drift between the MS ADCS and the MS AD. That’s true. Let’s change the date on the Active Directory server. (I know… ) The MS ADCS become available, so I could create a new certificate again.

Go back to the SSL Certificate Automation Tool and did the same steps as above. The results:

[.] The supplied certificate chain is valid.
Loading 'screen' into random state - done
"Restarting services... (This can take some time)"
"Stopping vCenter Web Services..."
"Stopping vCenter Server..."
"Starting vCenter Server and other services..."

[2016.08.26. - 15:49:07,19]: Last operation update vCenter Server SSL certificate completed successfully.
[2016.08.26. - 15:49:07,20]: Go to the next step in the plan that was received from Update Steps Planner.

09-success

FINALLY!😀

Also tried with the PowerCLI:

10-OK

The new certificate is valid till 26th of August, 2018. Of course the inventory is visible in the Web Client and I could also login to the vCenter via the vSphere Client. I have corrected the date and time of the AD, AD CS and vCenter servers – everything back to normal.

In the last post (part 3 of 3) the 3rd party components will be fixed.

Posted in Uncategorized | Tagged , , , , | Leave a comment

VMworld 2016 – all session available

VMworld 2016 has just ended. If you were not in Las Vegas, probably you want to watch the sessions.

Thanks to Duncan Epping, we have two very useful links:

  • This page contains all of the sessions (544) recorded

But, currently it doesn’t work, I got this error on a video:

The request for this presentation came from a Mediasite Catalog. It’s possible the presentation is not yet available for viewing at this time. Please check back later.

  • This one is working well, has the top 10 sessions.

Have fun!

Posted in Uncategorized | Tagged | Leave a comment

Replace Just Expired Self-Signed vCenter SSL Certificate – Part 1 of 3: Creating

Prologue – Part 0

The ‘Self-Signed Story’ has started two years ago, exactly in Aug, 2014. At that time we were using a vCenter certificate (rui.crt), which had only 512 bits RSA public key. This was comming from an old vSphere 4.0 installation, from 2011. In 2014 we had the version vCenter Server 5.5.0b. I have upgraded the vCenter Server to the 5.5 U1c, but with the 5.5 U1 the JRE has been also updated. The new JRE 1.7.0_45  version doesn’t support any more the certificates which are weaker than 1024 bits. So because of we had 512 bits cert, in the Web Client I had an empty inventory and a lot addition errors.

The solution was the following: I had to create stronger self-signed certificate for the vCenter and replace it. I wrote about this issue in Aug, 2014, check this post for the details. (It’s Hungarian, but the error messages are English😀 )

I am planning 3 posts about this topic. The first is about creating request and self-signed certificate for the vCenter server, in the second we will replace them (plus troubleshooting…) and in the last third post we will check the other components.

So what is the problem?

The self-signed certificate for the vCenter was valid for two years, in my case exactly from 27th of Aug, 2014 to 27th of Aug, 2016. I know that you have already figured out what was the situation: the certificate has expired: So I cannot even login into the old .net based vSphere Client, or I get an empty inventory in the Web Client. Additionally, I got some error messages:

00-issue-webclient

And the recent tasks view:

00-issue2

I have also tried to connect to the vCenter with PowerCLI:

01-issue-edited

Here is the point: “… such as a value that indicates an expired certificate..” No doubt, it has to be replaced.

Creating certificate request and obtain vCenter SSL certificate

If you do not have already, you need a Root CA. E.g. after installing the Active Directory Certificate Services (installation steps) and the Certificate Enrollment Web Service (installation steps) on a Windows server you can submit certificate requests. But before, you also need a special Certificate Template only for VMware. The easiest way is to modify the default Microsoft CA Web Server template settings to meet the VMware certificate requirements. There is a good post here how to do that.

The next step is to download the vCenter Certificate Automation Tool 5.5 (VMware SSL Certificate Automation Tool) and install it. There is also a good KB about this with the name Deploying and using the SSL Certificate Automation Tool 5.5 (2057340).

Now we need to generate a certificate request for the vCenter Server. This procedure is documented under the KB: Generating certificates for use with the VMware SSL Certificate Automation Tool (2044696) In highlights:

  1. Start the ssl-updater.bat and select the option 2, then 3.
  2. Answer all of the questions
  3. At the end you will get the rui.csr and rui.key files.

02-edited

Then we can obtain the certificate from the Microsoft CA using the request. For this procedure the same KB can be useful. Steps:

  • Open the MSCA at http://MSCAservername/CertSrv/
  • Click on the “Request a certificate” link.

03-vrootca

  • Click “advanced certificate request”, copy the content of the rui.csr file to the “saved request” box. Select the “Certificate template” – in our case the name of the modified Web Server template is the “VMware-SSL”

04-advanced-vrootca-filledout

  • Press “Submit”, select “Base 64 encoded” and download the certificate

05-Base64-enc

  • Save as rui.crt. You can open and verify; it should be valid for plus two years

06-renamed-rui

  • On the home page click on “Download a CA Certificate,…” link. Save the certificate chain as cachain.p7b. 
  • Open it and export the certificate, Select “Base-64 encoded X.509 (.CER)”, save as Root64.cer

06-export

  • Install the root certificate into the “Trusted Root Certificate Authorities > Local Computer”

07-install-root

  • Create the chain.pem file. Copy content of the followings into a new empty file:
    • rui.crt -> chain.pem
    • Root64.cer -> chain.pem, so like in the example (KB). Assuming that Intermediate certificate is not used:
-----BEGIN CERTIFICATE-----
MIIFxTCCBK2gAwIBAgIKYaLJSgAAAAAAITANBgkqhkiG9w0BAQUFADBGMRMwEQYK
CZImiZPyLGQBGRYDbmV0MRYwFAYKCZImiZPyLGQBGRYGbW5uZXh0MRcwFQYDVQQD
Ew5tbm5leHQtQUQtMS1DQTAeFw0xMzAyMDExNjAxMDNaFw0xNTAyMDExNjExMDNa <-----Certificate
SMhYhbv3wr7XraAnsIaBYCeg+J7fKTFgjA8bTwC+dVTaOSXQuhnZfrOVxlfJ/Ydm
NS7WBBBFd9V4FPyRDPER/QMVl+xyoaMGw0QKnslmq/JvID4FPd0/QD62RAsTntXI
ATa+CS6MjloKFgRaGnKAAFPsrEeGjb2JgMOpIfbdx4KT3WkspsK3KPwFPoYza4ih
4eT2HwhcUs4wo7X/XQd+CZjttoLsSyCk5tCmOGU6xLaE1s08R6sz9mM=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDZzCCAk+gAwIBAgIQNO7aLfykR4pE94tcRe0vyDANBgkqhkiG9w0BAQUFADBG
K73RIKZaDkBOuUlRSIfgfovUFJrdwGtMWo3m4dpN7csQAjK/uixfJDVRG0nXk9pq
GXaS5/YCv5B4q4T+j5pa2f+a61ygjN1YQRoZf2CHLe7Zq89Xv90nhPM4foWdNNkr <-----Root Certificate
/Esf1E6fnrItsXpIchQOmvQViis12YyUvwko2aidjVm9sML0ANiLJZSoQ9Zs/WGC
TLqwbQm6tNyFB8c=
-----END CERTIFICATE-----

So now we have all of the needed files, the chain.pem and the rui.key. In the next part we will replace the expired vCenter certificates!

Posted in Uncategorized | Tagged , , , | 2 Comments

VCAP6–DCV Design Beta Exam 3V0-622 – Passed!

Almost half a year ago (on 11th of March) I took the VCAP6–DCV Design Beta Exam 3V0-622 exam (my exam experience is here). Spring and also the Summer is almost gone, results are nowhere. At the beginning VMware said: results will be available until end of May, but it has been delayed. New date: end of August. Okay, the scoring takes a little bit more time, patience. Friday I have just checked the new Certification Manager, under the recent activity there were some updates:

activity

Yes, finally, that is a PASS🙂 However I have not yet received any official email from VMware. With this advanced exam all the VCP-DCV exams (v5, v6) were re-certified, until 11th of May, 2018, in my case. That means plus two years. The PASS is also displayed on the MyLearn and the Pearson VUE page, under the Exam History section.

results

The final 3V0-622 exam has changed a little bit

The main important differences:

  • Duration: I had 245 minutes (+30 because of non-English expand), but the GA has only 175 minutes – so shorter with 70 minutes.
  • Number of questions: Beta had 22 design plus 9 drag and drop, so in total 31 questions, GA has only 18 in total.

About the details please check the exam page.

What about the VCIX6-DCV?

I have checked all of the pages (VMware Mylearn, Certification Manager, Person VUE) but nothing is displayed about the VCIX. However based of the VMware’s statement I have also passed all of the requirements, which are needed for passing the VMware Certified Implementation Expert 6 – Data Center Virtualization

path

In my case: Holding the VCAP5-DCD or VCAP5-DCA (I have both) and take the VCAP6-DCV Deploy or Design.

VCIX

I will update this post soon.

If you are just preparing for the exam, you can use my study resources, Good Luck!

Update:

I’ve just received the official mail for VMware about the transcript changes:)

transcript

Posted in VCAP-DCD | Tagged , , , | 1 Comment

Hot-Swapping Operating Systems Using Inter-Partition Application Migration

VMware has just submitted a new patent application, which could be a huge thing regarding the future of the IT.

For the details read the United States Patent Application 20160210141.

Posted in Uncategorized | Tagged , | Leave a comment

Holnap VMUG

A masodik VMUG-t holnap rendezik, a SZAMALK eloadojaban.

vmug-logo

Az agenda a kovetkezo:

  • 9:00-9:40 – Regisztráció
  • 9:40-9:50 – VMUG Leader köszöntő
  • 9:50-10:20 – Eaton
    Előadó: Kókai Róbert, Business Development Manager
    Előadás címe: Eaton Intelligent Power Manager – energiamenedzsment virtualizált környezetekhez
  • 10:20-10:50 – Számalk
    Előadó: Lovas Balázs, VMware Specialist
    Előadás címe: vReliaze Orchestrator használata a mindennapokban
  • 10:50-11:20 – Kávészünet
  • 11:20-11:50 – Veeam
    Előadó: Keszler Mátyás, Territory Manager Veeam Software
    Előadás címe: Mentés és replikáció a felhőbe
  • 11:50-12:20 – VMware
    Előadó:  Czuczumanov Valentin, Systems Engineer – VMware
    Előadás címe: A VSAN bevetésre kész
  • 12:20-13:00 – EBÉD
  • 13:00-13:30 – Közösségi előadás
    Előadó: Bertalan Bence – Microsoft / VMware rendszergazda, Keller Zrt.
    Előadás címe: Kliens és alkalmazásvirtualizció
  • 13:30-14:00 – Sorsolás, Zárás

Bovebben infok, regisztracio a hivatalos VMware User Group honlapon. Sajnos holnap nem tudok reszt venni, de aki tud menjen!

 

Posted in Uncategorized | Tagged , | Leave a comment