Archive for July, 2012
vCenter Operations: ExpiredCertificateException
Jul 23rd
While at the vCenter credentials portion of a vCenter Operations deployment onto the environment I inherited, it yielded the following error which was relatively self-explanatory but had no results on Google: com.integrien.alive.common.security.ExpiredCertificateException
It turns out that the SSL certificate for vCenter had expired. The expiration had not affected anything else, but it appears vCops takes it very seriously. I had not ran into the vCenter SSL certificate expiring before, and that would be because vCenter 4.x and later generate SSL certificates that last for 10 years; however, vCenter 2.5 generated SSL certificates that are only valid for 2 years.
The process to regenerate the SSL certificate for vCenter is described in KB 1009092: Regenerating expired SSL certificates after2 years. Essentially, it involves taking the rui.key and rui.pfx from C:\ProgramData\VMware\VirtualCenter\SSL and using OpenSSL to generate a new self-signed certificate. In my case, I scp’d the files to a Linux server and used OpenSSL on it instead of trying to use OpenSSL on Windows.
The commands used were:
- openssl req -new -x509 -days 3650 -sha1 -nodes -key rui.key -out rui.crt -subj “/C=US/ST=NC/L=CHARLOTTE/CN=FQDN.OF.VCENTER.COM”
- openssl pkcs12 -export -in rui.crt -inkey rui.key -name rui -passout pass:testpassword -out rui.pfx
The ‘testpassword’ is the default password used by VMware. After generating on the Linux server, I scp’d them back over to the Windows host, backed up the current keys, stopped vCenter, copied the new keys in, and started vCenter backup. Voilà, new SSL cert installed and vCenter Operations install was able to proceed.
Windows 8 Release Preview with VMware View 5.1
Jul 12th
Yesterday, an Experimenting with Windows 8 Desktops in View post was put up on the VMware EUC blog. I hadn’t used Windows 8 in general yet, so it seemed like a good way to knock out two birds with one stone: test Windows 8 and play with it on View.
The install process is essentially the same as deploying a new virtual machine in general, but there are a few gotchas:
- Windows 7 has to be selected as the Guest OS since there is no Windows 8 option.
- A fairly recent build of ESXi 5.0u1 is required.
- ‘Enable 3D Support‘ must be selected within the guest settings.
Without 3D support enabled, the guest will bug out and won’t be accessible via the traditional console or View. The actual install of Windows 8 is quick and easy in the familiar Windows 7/2008 style:
After installing the base OS, the typical View install requirements are needed: install VMware Tools, join to the domain, install View Agent, etc. Since Windows 7 is selected when installing the guest, it will install the Windows 7 VMware Tools; both the tools and the View agent install normally with no special flags or tinkering required.
The desktop pool that will hold the Windows 8 desktop does need some special settings to work properly automatically. All that is needed is to edit the pool settings, change ‘Allow users to choose protocol‘ to ‘No‘ and then enable ‘Windows 7 3D Rendering‘. Without these settings, View will uncheck the ‘Enable 3D Support’ that was selected earlier; of course, these settings can also just be alone, and just manually re-enable the option within the vSphere Client after adding the desktop to the pool. Also, since View pulls the OS information from the guest configuration settings, adding to the View Admin will also show the guest as Windows 7.
Voilà, we now have a Windows 8 View virtual desktop:
Obviously, this is completely unsupported and no one should deploy this in production yet, but it’s good to see it works relatively well already so we should expect to see great Windows 8 support with VMware View as soon as Microsoft is ready to ship it.
This Month on the VMTN Forums – 6/12
Jul 6th
Interesting Q&A’s from June:
- Question: How can we restrict certain users from accessing their desktops through the VMware View Security Server?
- Answer: This can be done through the use of tagging, as defined within the Architecture Planning guide in the Restricting View Desktop Access section.
- Question: How to shadow a View desktop?
- Answer: The ability to shadow a desktop through the vSphere Client console can be enabled via a GPO.
- Question: How does vRAM work with Fault Tolerance (FT) virtual machines?
- Answer: Both copies of the VM count against the vRAM total.
- Question: Where is the cold-clone ability in VMware Converter?
- Answer: VMware has removed the cold-clone CD from the Converter product. A replacement cold-clone CD has been created by the community: MOA.
- Question: Does disconnecting from an old vCenter and connecting to a new vCenter affect the hosts?
- Answer: HA/DRS will not be available while disconnected and reconnecting, but virtual machines will persist and not incur downtime. When migrating to a new version, be sure to read the upgrade guide and compatibility matrixes, as some versions such as 4.0 Update 2 are not compatible with 5.0 but are compatible with 5.0 Update 1.
- Question: Why is the View Client installation no longer available directly through the View Connection Server web site?
- Answer: This was done to decouple the client from the server portions, so that the client could be updated independently and more often.
- Question: How to hide local drives from being redirected inside the virtual desktop when using RDP?
- Answer: This can be done by modifying Local Group Policy or by creating and applying a GPO to the necessary desktops, as defined in KB 1013457.