Vmware

link to handy commands

Make sure you have taken a backup of the config from the esxi host

Select the updates tab from the host in vsphere

Select attach and create baseline in attached baselines options and then create the baseline with the patches you want to install. If baseline already exists then select attach baseline and select.

Click on the baseline tickbox and select check compliance and wait for checks to complete.

If no errors select the pre-check remediation option and look for errors

If no problems then select the baseline and click on remediate then follow through the options and click remediate.

Copy patch to datastore accessible from esxi shell using winscp

esxcli software vib update -d "<Path to patch>"

Access ESXI console via ssh session:

dcui

If compliance to baseline check fails on esxi host check that the port for lifecycle manager is open between host and vCenter. In SSH session on host:

nc -z <vcenter IP> 9084

the result will succeed if the port is open and will not respond if there is no connection. If no response check firewall.

Backup from Shell

Sync running config with stored config:

vim-cmd hostsvc/firmware/sync_config

Backup Config:

vim-cmd hostsvc/firmware/backup_config

Copy the download location into web browser to download and save the config

https://kb.vmware.com/s/article/2042141

Backup from PowerCLI

Connect to Host:

Connect-VIServer ESXi_IP_address -user user_name -password your_password

Backup Config:

Get-VMHostFirmware -VMHost ESXi_host_IP_address -BackupConfiguration - DestinationPath output_directory

Backup TPM key from host

Check TPM settings:

esxcli system settings encryption get

Display key to copy and backup:

esxcli system settings encryption recovery list

Restore from Shell

Restoring ESXi host configuration data

The configBundle-HostFQDN.tgz should be renamed as configBundle.tgz before initiating the restore command.

Put the host into maintenance mode by running the below command:

vim-cmd hostsvc/maintenance_mode_enter

Copy the backup configuration file to the ESXi host or an available datastore.

Reboot the host. This step is required, otherwise the restore workflow might not finish completely

Once ESXi has rebooted, move the config bundle file to /tmp/configBundle.tgz.

Then run this command to restore the ESXi host configuration:

vim-cmd hostsvc/firmware/restore_config 0

Restore with PowerCLI

Put the host into maintenance mode by running the command:

Set-VMHost -VMHost ESXi_host_IP_address -State 'Maintenance'

Reboot the host. This step is required, otherwise restore might not finish completely and needs to be repeated:

Restart-VMHost -VMHost ESXi_host_IP_address -Confirm:$false

Restore the configuration from the backup bundle by running the command:

Set-VMHostFirmware -VMHost ESXi_host_IP_address -Restore -SourcePath backup_file -HostUser username -HostPassword password

Identify and clear down logs using info here:

https://kb.vmware.com/s/article/76563

Way to clear high disk usage in logs:

cd /storage/log/vmware/content-library/
echo > content-library-runtime.log.stdout

https://kb.vmware.com/s/article/89009

vCenter Server Appliance Management Interface can be accessed in the web interface on the following port and url:

• https://appliance-IP-address-or-FQDN:5480

Connect with winscp

Specify the location of the sftp server bin to be able to connect to vcenter appliance v7:

In winscp specify the following as the directory of the sftp server:

• shell /usr/libexec/sftp-server

Get device IDs to check for compatibility on PCIE devices:

• lspcie

Check more info:

• lspcie -vvv
• lspcie -vvv | grep -A 1 "Network"

To get passthrough working on esxi host to VM you will need to change a few settings. This works for HP ML350 Gen9 Host:

Add the correct configuration to the /etc/vmware/passthru.map file on the esxi host: There will be a line like this:

# NVIDIA

10de  ffff  bridge  false

Add beneath:

10de  <Code for your GPU>  d3d0  false

The codes can be found here: https://devicehunt.com/view/type/pci/vendor/10DE/device/11C6

Then modify the following parameters of the VM (can be done in the edit settings > VM advanced section on in the .vmx file)

• hypervisor.cpuid.v0 = FALSE
• pciPassthru0.msiEnabled = FALSE

If the GPU has a lot of memory you may want to enable the following parameter:

• pciPassthru.use64bitMMIO="TRUE"

For USB passthrough of devices it can be a pain. For HID devices you will need to specify that it should not be controlled by the host.

You will need to find the details of all the USB devices with the following command:

• lsusb -v | grep -E '(^Bus|HID)'

then locate the vendor id and the device id (vvvv:dddd) in results next to the device name.

In the VM advanced settings add in the following parameters:

• usb.generic.allowHID = "TRUE"
• usb.quirks.device0 = "0xVVVV:0xDDDD allow"

Then in /etc/vmware/config file on the host add the following line:

• usb.quirks.device0 = "0xVVVV:0xDDDD allow"

Then add in a line to the boot config located here: /bootbank/boot.cfg to disable the host from taking control of the device:

• CONFIG./USB/quirks=0xVVVV:0xDDDD::0xffff:UQ_KBD_IGNORE

Reboot the Host.

If a windows VM is not booting and needs to be recovered you may need to sideload the PVSCSI drivers - these can usually be loaded from a virtual cdrom drive in vmware during the windows installation/recovery process when you have booted from installation media. The drivers should be in vmware in a windows.iso located in vmimages\tools-isoimages

If there are any files that are not deleting run through this guide to check for locks on the hosts:

https://kb.vmware.com/s/article/84475

Renew the cert: https://kb.vmware.com/s/article/82332

Reconnect vCloud Director: https://kb.vmware.com/s/article/78885

Can also use the vmware tool: https://kb.vmware.com/s/article/2097936

Check paths

Check dynamic discovery

Check vmk ports are assigned to physical adapter ports that are showing as online

Ping the storage array from the vmk port assigned to the storage adapters:

vmkping -I <vmkport> <IP address of SAN controller/ VIP of controller>

eg

vmkping -I vmk2 10.20.30.40

1: Copy vmware tools software bundle to a folder on an existing or new shared datastore

2: Update the "UserVars.ProductLockerLocation" on each VMware ESXI Host

3:Reboot or manually make the changed configuration effective by removing the ./productLocker symlink and recreating it in the vcenter MOB to point to the extracted directory under the datastore.

Can boot a VM from a USB drive attached to host by using another bootloader that allows to then boot from USB drive. We can use https://www.plop.at/en/bootmanager/download.html for this.

Can use the lsdoctor tool to fix ssl cert issues with the vsphere services:

https://kb.vmware.com/s/article/80469

You can use the "esxtop" tool on the esxi shell to see and monitor resources on the esxi top. You can also run this remotely as the "resxtop" tool

vCLS can be disabled by adding the following setting to the advanced settings of the vSphere. on the vSphere opject in vCenter select Configure and advanced settings. This will make vSphere delete the vCLS vms from the hosts and due to this no DRS functions will be available.

Add the following key:

config.vcls.clusters.domain-c<domain number found in url on vcenter>.enabled | False
eg
config.vcls.clusters.domain-c1002.enabled | False

Handy commands for network issues on hosts:

esxcli network ip interface ipv4 get #get interface IP addresses

esxcli network ip route ipv4 list # Get network routes

esxcfg-route # Get vmkernel default route

esxcli network ip interface list # Get details on all network adapters

Add entries to hosts file on esxi hosts:

esxcli network ip hosts add --ip <ip address> --hostname <hostname>