Quantcast
Channel: VMware Communities: Message List
Viewing all 247646 articles
Browse latest View live

vRO permissions - hardening RBAC, Security

June 22, 2017, 12:34 pm
$
0
0

Prerequisites:

1. vCenter Server instance is added in vRO using an administrator user account with full privileges (using the "Share a unique session" option while adding vCenter Server instance) on vCenter Server and full permissions in vRO.

2. The "vmuser" has fewer privileges e.g. the default "Virtual machine user (sample)” role on the vCenter Server and View, Inspect, Execute permissions in vRO.

 

Scenario:

The “vmuser” executes the vCenter Server workflow “Create simple virtual machine”.

The workflow execution completes successfully creating the specified virtual machine. However, the operations are executed in the context of the service account i.e. the administrator user account with full privileges used for adding the vCenter Server in vRO. Note that the “vmuser” has no permission to create a virtual machine and with execute permission in vRO the restricted user created a virtual machine.

 

Also observed that the Initiator reported in the Recent Tasks vs. More Tasks in vSphere Web Client are different.

 

vROCreateVM.png

 

What options are available if I want to execute the vRO workflow/operations in the context of the “vmuser” – the user that initiated the vRO Workflow instead of the service account used for adding the vCenter Server in vRO?

 

Appreciate your thoughts, suggestions, comments on this.

 

I think of few options:

1. Plug-in for vRO with Custom Workflows

2. Leverage vRO REST API retrieving vRO user, workflow/operation details and check against the vCenter Server privileges for the vRO user for allowing/disallowing the vRO workflow/operation.

 

 

Search

Upgrade Vcenter 5.5 to 6.5 with View composer as well

June 22, 2017, 12:38 pm
$
0
0

Needing to upgrade a Vcenter 5.5 (installed on Windows Server) to 6.5.  I would like to just upgrade the Vcenter in place.  That part seems easy.  This also has VMware View tied to it.  Will this break?  I have several 5.5 hosts that we are also migrating away from.  I 3 new hosts with 6.5 installed, but as you know my current Vcenter will not manage them until the upgrade.  Can I upgrade to 6.5 manage current 5.5 and 6.5 hosts, do the migration and then down the old hosts?

Weird Get-TagAssignment bug

June 22, 2017, 12:34 pm
$
0
0

I've got two VCSAs at 6.5 build 5705665. When I run the following, I get the error noted below:

 

Commads:

Connect-VIServer vcsa1.blah.local

Connect-VIServer vcsa2.blah.local

$VCTags = Get-TagAssignment -Server vcsa1.blah.local

 

Output:

Name                           Port  User                         

----                           ----  ----                         

vcsa1.blah.local  443   BLAH\user           

vcsa2.blah.local  443   BLAH\user           

Get-TagAssignment : 6/22/2017 1:55:51 PM Get-TagAssignment Sequence contains more than one matching element

At line:4 char:12

+ $VCBTags = Get-TagAssignment -Server vcsa1.blah.local

+            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : NotSpecified: (:) [Get-TagAssignment], CisException

    + FullyQualifiedErrorId : VMware.VimAutomation.ViCore.Impl.V1.Service.Tagging.Cis.TaggingServiceCisImpl.GetTagAssignment.Error,VMware.VimAutomation.ViCore.Cmdlets.C

   ommands.Tagging.GetTagAssignment

 

 

I can disconnect from vcsa2 and run the Get-TagAssignment cmdlet successfully against vcsa1. The error only occurs when simultaneously connected to these two servers. I have one other 6.5 build 5705665 VCSA and any combination with it and the other two doesn't result in the error. I also have some 5.5 vCenters on Windows and can't reproduce the error with any combination of those and 6.5 servers.

 

I've reproduced from Windows Server 2012 R2 (PowerShell 4.0, PowerCLI 6.5R1) and Windows Server 2016 (PowerShell 5.1, PowerCLI 6.5.1).

 

Can anyone else reproduce this?

 

Message was edited by: dbailey12

Re: Horizon 7.1 Unable to power on parent image - The amount of graphics resource available...

June 22, 2017, 12:42 pm
$
0
0

Awesome! Happy to help and thanks for marking answered.

Re: Where can I download Workstation 8 to run RH7.2 Enigma

June 22, 2017, 12:42 pm
$
0
0

Hi,

 

While you could try and install Workstation 8, perhaps just changing the virtual hardware of your old RH7.2 VM to an older compatibility level helps?

The virtual hardware might just contain parts that are too new for RH7.2 to be recognized. We're talking about an OS from 2001 after all.

 

Try virtual hardware version 6 or 7.

 

FWIW, on Workstation 12 you can change the virtual hardware version with the virtual machine shut down (not suspended) via:

- Right click on the VM in the library

- Manage -> Change Hardware compatibility

- You'll get a wizard

- Next

- From the drop down select "Workstation 6.5 - 7.x"

- Next

- Clone if you want to preserve the original VM, alter if you're OK with changing the VM itself

- Next

- Close

 

Try again.

--

Wil

Re: HP DL380 Gen9(p840ar) disks are not visible - ESXi 6.0 U2

June 22, 2017, 12:48 pm
$
0
0

Hello Adiel/Danko,

 

 

Quite puzzling that 'esxcli storage core path list' lists the devices, possibly the devices are disconnecting/detaching during boot?

Can you attach the boot log located here /var/log/boot.gz ?

 

Please check if these paths are active via the Web Client:

Host > Configure > Storage Adapters > Select the vSAN controller > Paths

 

 

Bob

 

-o- If you found this comment useful please click the 'Helpful' button and/or select as 'Answer' if you consider it so, please ask follow-up questions if you have any -o-

Re: Elasticsearch error

June 22, 2017, 12:57 pm
$
0
0

Has anyone come up with a good solution for this?  The KB articles referenced did not help.  It seems like a complete waste of time to have to restart servers until you get them up in the correct order.  There has to be something that can be scripted differently.

Re: Orphaned VM's, getting the folder Size from path, VMX

June 22, 2017, 1:09 pm
$
0
0

I added some debugging lines in the 2nd part of the script (attached).

What does this show (i don't need all the output, just some representative loops through the 2nd part of the script).

Search

Re: Random logon delay when using UEM

June 22, 2017, 1:11 pm
$
0
0

Thanks for the additional info, JohnTwilley.

 

UEM isn't doing anything special w.r.t. accessing or locking files. It just asks Windows to enumerate files from a folder, read files, write files, etc, without doing anything special.

Re: Weird Get-TagAssignment bug

June 22, 2017, 1:12 pm
$
0
0

Do you also get the error when you add the Entity parameter, referring to one or more specific VIObjects?

Re: Qlogic HBA 2562 showing different firmware version

June 22, 2017, 1:21 pm

Re: Alarm management with C# in .Net

June 22, 2017, 1:30 pm
$
0
0

Are we saying that the API does not provide the functionality?

Re: Changing a Virtual Machine's name

June 22, 2017, 1:35 pm
$
0
0

Deepak, this is the Fusion forum - one of the hosted products, not ESXi.

Re: Changing a Virtual Machine's name

June 22, 2017, 1:36 pm
$
0
0

Hi,

 

You can rename the vmx filename without issues.

 

You'll just have to reregister the VM in the library again and remember to answer the question "did you copy or move the VM" with "Move" as copy will change the virtual hardware ID's and mess up things in your guest in this case.

 

As for the .vmdk filenames, leave them as is!

Yes they can be renamed if needed, but you have to use vmware-vdiskmanager to rename them, do NOT rename these in finder as your VM will stop working.

If however you insist on renaming them then:

 

First commit ALL snapshots.

 

use vmware-vdiskmanager -n as in:

vmware-vdiskmanager.exe -n sourceName.vmdk destinationName.vmdk

see:

Vmware-vdiskmanager - VI-Toolkit

 

That keeps your vmdk intact, but that's not enough yet.

 

You will also have to edit your .vmx file by hand and adjust all occurences of the original vmdk name into the new name.

 

Oh and do take a backup before you do any of the above.

You could do so using the application Vimalin in my sig or by copying the whole bundle while the VM has been shut down. Vimalin OTOH can take a backup of the VM when it is running.

 

Hope this helps,

--

Wil

Re: Horizon 7 Instant Clones get trust relationship issue after Recover process

June 22, 2017, 1:50 pm
$
0
0

We had major issues with this until we upgraded everything to Horizon View 7.0.3 from 7.0.2.  Now we don't see the issue except occasionally when we first create an instant clone pool.  This is a replication timing issue which causes the serviceprincipalname attribute on the computer object in the AD to not be fully populated.  You can actually fix it manually by editing this attribute by hand (or script) but obviously that isn't really a solution.  Funny thing though is we have two separate environments with 2 different domains for prod and dev and we only saw the issue in one of the domains.

Search

Re: Changing a Virtual Machine's name

June 22, 2017, 2:07 pm
$
0
0

Thank you Wila. Wading through the ESXi and ESX KB instructions made me glad I'm using Fusion.

 

I did find Fusion KB 1015695 which used Settings>General to change the name but warned "The virtual machine bundle and files will still bear the virtual machine's original name. These files are referenced by the virtual machine settings and should not be renamed." Is "virtual machine bundle" another name for the .vmwarevm file in the Virtual Machines folder?

Re: Where can I download Workstation 8 to run RH7.2 Enigma

June 22, 2017, 2:11 pm
$
0
0

Hi Wil
I have spend the last 2 hours trying to acchieve what you suggested.
So far the best results was a 8 colour 640x480 screen - but that was stable !!!
I tried all obscure settings that came to my mind - including trying vHW 5, 6 ,8, 10 and 12 with various guestOS parameters.
Unfortunately I messed up the stable config while trying to reconfigure it - the commandline tool Xconfigurator is unusable in 640x480 and without nano I was not even able to enable ssh.
I give up for now - I guess I still have an old Redhat 7.2 VM somewhere that was created in the good old days - maybe that one still works - in case I find it ;-)

Re: New VROPS Rest Notification Plugin

June 22, 2017, 2:12 pm
$
0
0

Ok thanks for letting me know. I will sort it out this weekend on my lab and test it before I post it again.

 

No need for logs, I should be able to sort it out on mine

 

Cheers

vMan

Re: VROPs monitor IOP per vmdk

June 22, 2017, 2:14 pm
$
0
0

Yes the metric will be per SCSI I'D under VirtualDisk

Re: VSAN and shutting down all hosts in a stack

June 22, 2017, 2:29 pm
$
0
0

As a follow up, I heard back from VMWare. All they could tell me was:

 

"There should be a small resync providing that all the hosts are up before the VMs and that when you shut the environment down, it was healthy.  We should expect a small resync but not a full rebuild."

 

So, once again, this forum was more useful than paid support. :-/ Thanks again Bob and GreatWhiteTec!

Viewing all 247646 articles
Browse latest View live
More Pages to Explore .....
Search

Latest Images

New $4.5 million East Bay trail path will connect bicyclists, pedestrians to...

New $4.5 million East Bay trail path will connect bicyclists, pedestrians to...

April 18, 2024, 11:05 am
Photographer Gifts for Clients / Print Packaging / 4x6 Photo Box by...

Photographer Gifts for Clients / Print Packaging / 4x6 Photo Box by...

April 17, 2024, 6:48 pm
Deepfake Video of Aamir Khan circulates Online

Deepfake Video of Aamir Khan circulates Online

April 17, 2024, 3:07 am
Very Hungry Caterpillar™ Shirt: World of Eric Carle™+ Little Goodall by...

Very Hungry Caterpillar™ Shirt: World of Eric Carle™+ Little Goodall by...

April 14, 2024, 8:14 am
Have you seen Michael Wines? Burien man has been missing since Saturday,...

Have you seen Michael Wines? Burien man has been missing since Saturday,...

April 12, 2024, 3:59 pm
Stay Salty POTS Awareness Stretchy Stacking Bracelets | Set of Three|...

Stay Salty POTS Awareness Stretchy Stacking Bracelets | Set of Three|...

April 11, 2024, 5:27 pm
19 Reader-Favourite March Purchases — From Steals To Splurges

19 Reader-Favourite March Purchases — From Steals To Splurges

April 11, 2024, 5:07 am
Fake lip ring, silver lip ring, simple lip ring, unisex lip ring by AIRlab

Fake lip ring, silver lip ring, simple lip ring, unisex lip ring by AIRlab

April 9, 2024, 4:00 pm
People's Blog • First Pictures of the Eclipse ! ! !

People's Blog • First Pictures of the Eclipse ! ! !

April 8, 2024, 1:08 pm
First Pictures of the Eclipse ! ! !

First Pictures of the Eclipse ! ! !

April 8, 2024, 1:08 pm