Tuesday, March 13, 2018

VMware vExpert 2018 Announcement

Just back from my company's Tech Summit and waiting for the announcement to be made.

The very next day an email came in and the announcement was made here. Did a quick check on the list of candidates, there was a total of 1525 who made it this year.

Congrats to everyone who made it this year.

Am glad to be part of this community for the 7th year running since I started paying forward this blog, discussion group, videos, etc.

For those who didn't make it or have not apply for it, do attempt it you never know when you are actually making your effort rewarded.

Update 19th Mar 2018
The number is still increasing to 1533 as there is some pending application that got approved.
You can follow the stats here with breakdown https://vexpert.vmware.com/directory/stats.

VMware License Key Error

Recently encounter valid license key but not accepted by the system. This was done on vRealize Operations as shown below. Was adding the license key for vRealize Operations for Horizon Adapter.

A license gotcha here, it seems that VMware has a fixed format for all the license key. It should come in 5 segments instead of 4, each with 5 digits.

Sometimes simple things like this might just slip our eyes.

Tuesday, February 27, 2018

VMware vCenter Editions

Recently a colleague hit into an issue with his setup on vCenter due to the expiry of license. A new license will be used however he is still hitting some problems. A quick check, he was using vCenter ROBO edition license and ESXi is running vSphere Enterprise Plus.

So here is to clarify the different editions of vCenter from VMware and the features available and limitation. Do note some features is dependent on the vSphere editions.

Refer to this KB for some of vSphere 6.x features comparison. I have also previously illustrated in vCenter 5.x here which basically stays the same other than new features in vCenter 6.x. For vCenter Desktop that would be another article here.

vCenter Edition
Bundled in Essential/Plus Kit
Sold separately. Manage up to 4 hosts (3 prior to 6.5 U1)
Sold separately.
vSphere Essential/ Plus
vSphere Standard and above
vSphere Standard and above
vCenter HA
Enhanced Linked mode
vRealize Log Insight Lite
Fault Tolerance
Backup Restore
Appliance Migration Tool

Lastly, what happens to your vCenter when license expire? Check out my past post.

Update 6th Mar 2018
Update vCenter Foundation Edition and remove vCenter ROBO edition.

Tuesday, February 6, 2018

Horizon 7 with Nvidia GRID Setup Gotchas

Been setting up POC environment for customer and this time wrong got involve with using Nvidia GRID.

Encounter some setup steps that are missing from nVidia Deployment guide.
In fact, every single setup guide uses the nVidia K1 & K2 card as a reference and those cards have EOA.

Here will share with you if you are using any of the newer cards e.g. M60, M6, M10, etc.

Here are some resources you should refer to when setting GRID on Horizon 7.x.
  1. Register an account on nVidia to download the vibs for ESXi and nVidia License server and Nvidia Driver for Windows OS.
  2. Deploying Hardware-Accelerated Graphics with Horizon 7
  3. GIRD Virtual GPU
    I love to use this guide as a reference to what profile is available for each card type.
In a summary what needs to be done on the master image:
  1. Install VMware tools
  2. Install Horizon View Direct-Connect agent (you know why this needed later)
  3. Shutdown VM
  4. Edit VM settings, add shared PCI device, select your GRID profile
  5. Take a snapshot (in case you need to revert)
  6. Power up the VM
  7. Install Nvidia GRID drivers
  8. Reboot VM
  9. Use the IP and connect using Horizon Client (a bug due to Nvidia graphics driver in use, vSphere console no longer works)
Some of the Gotchas to watch out.
1. On ESXi 6.5 and above, remember to go to each ESXi server and under Configure, make sure the 2 things need to be in place:

Security Profile: X.Org Server service is started
Alternative you can run ESXi Shell or SSH with  > /etc/initi.d/xorg start


Graphic: Change Shared to Shared Direct for both Host and Slot

2. If you are using the new Dell Gen 14 server, there is a bug stated in the release notes, page 9.

When running nvidia-smi you will receive the following error message "“failed to initialize NVML: unknown error”

In the System BIOS Settings, Integrated Devices, Memory Mapped I/O Base, set to 12TB (default 56TB)

Lastly checking everything is in place:

ESXi Shell or SSH:

> nvidia-smi
This will return all the GPU found on the nVidia card on the server.

>dmesg | grep -i nvidia
This will show you if the driver on ESXi is loaded properly and successfully.

Friday, January 12, 2018

VMware Spectre and Meltdown Information

Recently the most talk about security measurement against the two discovered vulnerabilities has raised a lot of talks. This all started and revealed by Google Project Zero.

I have also recently shared advice from VMware support and KBs to our Singapore VMUG users during our event yesterday.

Below is a summary of questions and the approach you should be doing for patching your VMware environment.

Details on Spectre and Meltdown

Side Notes

  • ESXi is only affected by Spectre and all patches for ESXi 5.5. and above has been released. Removed due to retracting of code instructed by Intel. Check update below.
  • ESXi is NOT affected by Meltdown as it does not have untrusted user access.


  1. We heard that the patches affect performance. Will these patches from VMware affect the performance of hypervisor?
    Patches from ESXi have no measurable performance impact. But guest level patching might have. Guest OS vendor is the right contact to comment on this. E.g. from Microsoft.
  2. Other than patching ESXi and OS is there other things to take note?VM hardware must be upgraded in order for the patches to work. Virtual Hardware Version 9 is a minimum requirement for Hypervisor-Assisted Guest Mitigation for branch target injection (CVE-2017-5715) due to MSR bit been exposed in this version. Hardware version 11 is best recommended as PCID on CPU is exposed in this version.
  3. I am running vCenter on Windows, do I need to patch vCenter?
    Yes, please download the latest patches together with ESXi for your vCenter. Follow the same upgrade process as per upgrading.
  4. How will VM that is running Windows XP, 2003, Windows 2000 and legacy OS be impacted?
    OS vendors should provide the patches. In this case, Microsoft does not provide the patches for legacy OS, there will be no solution.
  5. Do I need to install BIOS patch from server vendor if I have applied ESXi patches?
    Yes, it is best to apply server vendor BIOS patches if available as server vendor might provide additional components specific to their server hardware.
    Follow Server vendor BIOS update. ESXi patches has been retracted following Intel 's instruction.
  6. What if I have applied server BIOS patches do I still apply VMware ESXi patches?
    ESXi will only push microcode on the hardware if it is older.
    No more ESXi patches.
  7. I am using server custom ESXi ISO but it is not updated, can I apply the patches from VMware?
    Yes, you can apply these patches to custom ISO. Please check with your hardware vendors for any special change they might have.
    No more ESXi patches.
  8. How do I know if my CPU has an updated microcode from Intel?
    Please check https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr.

Refer to security advisories 

  1. https://www.vmware.com/security/advisories/VMSA-2018-0004.html supersede https://www.vmware.com/security/advisories/VMSA-2018-0002.html

Additional materials

Update 23rd Jan 2018
VMware has updated the response on this KB.
If you are running on ESXi 5.5, there is an update patch based on the Security Advisories.

Update 22nd Jan 2018
VMware has released some dashboard kit using vRealize Operations to help monitor performance after patches recommendations and manage BIOS patches here. If you are do not own vRealize Operations, you can use the evaluation for 60 days.

Update 15th Jan 2018

ESXi patches update has been retracted till further notice. Only vCenter update applies. Follow KB update.

Update 13th Jan 2018

Following Intel's update, please follow https://kb.vmware.com/s/article/52345 for Intel Haswell and Broadwell processors


Tuesday, December 26, 2017

App Volumes Connection

Recently done a few Horizon Proof of Concept and encounter a connection issue with App Volumes.
Here is how I resolve the error message from App Volume agent "Virtualization is disabled".

Do note that this is based on version 2.12.

This error message encounter when your App Volumes agent is not able to communicate with App Volumes Manager.

During installation for the agent and manager, you can choose whether secure or not connection. You MUST choose the same type of connection. However if you have done this incorrectly, this is the problem that is often the problem.

Here will show you how you can first confirm the type of the connection are the same between the manager and agent, and change it if it is not.

To check if the SSL is enabled on the agent, head over to the VM that has agent installed, follow the instruction stated here.

For App Volumes manager, this is not as straightforward.
Refer to this document.

If you want to disable the secure connection, make sure you have the text paste in the file as documented above.

If you are using a self-signed certificate in a default installation and want to enable secure connection after installation on HTTP, you can follow this KB.

Tuesday, October 17, 2017

ESXi 6.5 U1 Host Client Login Issue

Today I did a fresh installation of ESXi 6.5 U1. During the installation, set up the root password.

After everything is working with IP address assigned, DNS and gateway, we started to try to access using the Host Client using IE 11.

Encounter this message "cannot complete login due to an incorrect user name or password". Thought that might have entered the wrong password. Type in a notepad and copy and paste. Same error message encountered on both servers.

Did some search but never encounter anyone having the same issue other than old post found on ESXi 6.0 with the old vSphere Client. Decide to try out one of the method.

Head right down to both server and use the DCUI and select Change Password option. Use back the same password.  Walah! Host Client works now.

Very strange behaviour. Apparently during installation seems like the host client didnt register the password.

Hope this help for those encountering the same issue.

VMware vExpert 2018 Announcement

Just back from my company's Tech Summit and waiting for the announcement to be made. The very next day an email came in and the announ...