190. ESXi 5.x採用軟iSCSI做爲存儲時啓動速度很慢
故障狀態
1、ESXi 5.0在iSCSI軟件啓動器被配置的情況下,啓動緩慢;
2、在sysboot.log文件裏有類似如下信息:
1. [01:57:50.925338] sysboot: software-iscsi
2. [02:28:22.330320] sysboot: restore-paths
3、啓動完成後,sysboot.log文件裏有類似如下信息:
1. iscsid: cannot make a connection to 192.168.1.20:3260 (101,Network is unreachable)
2. iscsid: Notice: Reclaimed Channel (H34 T0 C1 oid=3)
3. iscsid: session login failed with error 4,retryCount=3
4. iscsid: Login Target Failed: iqn.1984-05.com.dell:powervault.md3000i.6002219000a14a2b00000000495e2886 if=iscsi_vmk@vmk8 addr=192.168.1.20:3260 (TPGT:1 ISID:0xf) err=4
5. iscsid: Login Failed: iqn.1984-05.com.dell:powervault.md3000i.6002219000a14a2b00000000495e2886 if=iscsi_vmk@vmk8 addr=192.168.1.20:3260 (TPGT:1 ISID:0xf) Reason: 00040000 (Initiator Connection Failure)
故障分析
這種問題通常由於ESXi 5.0主機嘗試連接到所有已經配置好,或者能夠被找到的Software iSCSI,而如果連接失敗的話,ESXi 5.0主機會嘗試9次重連。這就會導致時間大大延長;
解決方案
要處理這個問題,最簡單的辦法就是減少接口和Targets數量;:
1、首先執行如下命令,查看當前networkportal清單,確認數量,然後再做刪減:
1. #esxcli iscsi networkportal list
系統將輸出類似如下信息:
1. vmhba34:
2. Adapter: vmhba34
3. Vmknic: vmk6
4. MAC Address: 00:1b:21:59:16:e8
5. MAC Address Valid: true
6. IPv4: 192.168.1.206
7. IPv4 Subnet Mask: 255.255.255.0
8. IPv6:
9. MTU: 1500
10. Vlan Supported: true
11. Vlan ID: 10
12. Reserved Ports: 63488~65536
13. TOE: false
14. TSO: true
15. TCP Checksum: false
16. Link Up: true
17. Current Speed: 10000
18. Rx Packets: 656558
19. Tx Packets: 111264
20. NIC Driver: ixgbe
21. NIC Driver Version: 2.0.84.8.2-10vmw-NAPI
22. NIC Firmware Version: 0.9-3
23. Compliant Status: compliant
24. NonCompliant Message:
25. NonCompliant Remedy:
26. Vswitch: dvSwitch0
27. PortGroup: DvsPortset-0
28. VswitchUuid: 26 46 30 50 c0 cf df 1e-52 ef ab d7 a2 ab 96 f9
29. PortGroupKey: dvportgroup-78003
30. PortKey: 1731
31. Duplex:
32. Path Status: active
本例中,只有一個vmhba34的適配器;
2、如果想要列出當前運行的targets則需要執行如下命令:
1. #vmkiscsi-tool -T vmhba34
191. 解決安裝vCenter Server 5.x提示:Error 25003錯誤問題
故障狀態:
嘗試安裝vCenter Server 5.x時,系統提示如下錯誤提示:
rror 25003.Setup failed to create the vCenter repository .
下圖所示:
故障分析:
1、可能由於AD、VC與DB之間的時間不同步導致;
2、可能由於DB選用了基於Windows Authentication與SQL混合驗證方式時,ODBC DSN裏默認選用混合驗證選項裏的密碼包含複雜字符;
3、常發生在遠端數據庫時;
解決方案
1、配置時間服務器,確保時間同步;
2、如果選用混合驗證時,當AD賬戶爲了滿足複雜度不得不包含有類似!@#$之類的複雜符號時,改用以SA的方式來做針對VC數據庫的遠端訪問;
3、確認關閉掉端到端的防火牆;
192. 取消vcops註冊Uninstalling vCenter Operations Manager
取消註冊方法如下:
Uninstalling vCenter Operations Manager (2036389)
Purpose
This article provides steps to uninstall vCenter Operations Manager.
Resolution
If the vCenter Operations Manager vApp is still deployed and running and vCenter Operations Manager is still registered and usable with vCenter Server:
1. Log in to the vCenter Operations Manager Admin UI at https://UI_VM_IP_Address/admin.
2. In the Registration tab, click Unregister next to the registered vCenter Server.
3. Click Yes. This process may take several minutes.
4. Power off the vCenter Operations Manager vApp and then delete it.
If the vCenter Operations Manager vApp is damaged or removed, you must remove the vCenter Operations Manager extension and asset information.
To remove the vCenter Operations Manager extension and asset information:
1. Log in to vCenter Server with the vSphere Client.
2. Click Home and then click Licensing.
3. Select the Assets option.
4. Right-click vCenter Operations Manager and click Remove Asset.
5. Open a Web browser and connect to https://VC_IP_Address/mob.
6. Log in as an administrative user when prompted.
7. Click Content.
8. Click ExtensionManager.
9. Click UnregisterExtension.
10. Enter com.vmware.vcops in the extensionKey field.
11. Click the Invoke Method link. A result of Void should be returned.
If the vCenter Operations Manager vApp still exists, power off and then delete it.
193.Search fails and Hardware Health and Health Status plug-ins are disabled in the vSphere Client (2031053)(5.1)
參見184
The vSphere Client does not connect to the inventory service when installed on Windows Server 2003 or Windows XP, and has these symptoms:
When you try to search the vSphere Client inventory, you see the error message:
Login to the query service failed. A communication error occurred while sending data to the server. (The underlying connection was closed: An unexpected error occurred on a send.)While trying to sort by name at the cluster level, you see the error :
Error when trying to sort : Login to query service failed: The underlying connection was closed: An unexpected error occurred on a send. Authentication failed because the remote party has closed the transport streamHardware Health and Health Status plug-ins are disabled and cannot be viewed in the vSphere Client.
In the performance overview page, you see the error:
This program cannot display the webpage
Solution
This issue occurs due to increased security of the cipher strengths which are, by default, used by the VMware Management Web Services components. Due to this change that was introduced in vSphere 5.1, the host operating system is required to support a higher cipher strength to be able to connect to these components.
In Windows Vista and Windows Server 2008, the proper cipher strengths are built into the operating system. However, for older Windows operating systems, a Microsoft hotfix must be applied to add the supported cipher strengths.
For more information on the cipher strengths that get added with the hotfix, see the Microsoft Knowledge Base article 948963.
Note: The preceding link was correct as of November 30, 2012. If you find a link is broken, provide feedback and a VMware employee will update the link.
Resolution
Windows 2003 ( 32 bit and 64bit Edition)
For Windows Server 2003 (32 bit and 64 bit), apply the appropriate hotfix to the machine on which the vSphere Client is installed.
To download the hotfix for your system, see the Microsoft Knowledge Base article 948963.
Notes:
You must reboot the machine after applying the hotfix.
Non-English versions of the hotfixes are also available on the Microsoft site. Click the Show hotfixes for all platforms and languages link on the Hotfix Request page to view the available versions.
Windows XP (32 bit)
There is no hotfix available for Windows XP (32 bit). Microsoft currently only provides limited support for Windows XP, and as a result the hotfix has not been released for it. To resolve this issue, you must upgrade your host operating system to Windows Vista or later, which support the use of high cipher strengths.
If you are unable to upgrade your environment, you may try adding less secure cipher strengths back to the configuration, which allows communication to proceed successfully.
To add less secure cipher strengths back to the configuration:
Caution: This is not a recommended configuration and is provided for backward compatibility purposes only. This is not extensively tested and is supported on a best effort basis only.
Log in as an administrator to the server where vCenter Server 5.1 is installed.
Navigate to the tomcat configuration directory.
Note: By default, this directory is located at C:\Program Files\VMware\Infrastructure\tomcat\conf\. In vCenter Server Appliance, the file is located at /ur/lib.vmware-vpx/tomcat/conf.Open the server.xml file using a text editor.
Change the Connector text to add support for weaker ciphers by changing it from:
<Connector SSLEnabled="true" acceptCount="100" ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DH_RSA_WITH_AES_256_CBC_SHA, TLS_DH_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DH_RSA_WITH_AES_128_CBC_SHA, TLS_DH_DSS_WITH_AES_128_CBC_SHA" connectionTimeout="20000" executor="tomcatThreadPool" keystoreFile="${bio-vmssl.keyFile.name}" keystorePass="${bio-vmssl.SSL.password}" keystoreType="PKCS12" maxKeepAliveRequests="15" port="${bio-vmssl.https.port}" protocol="HTTP/1.1" redirectPort="${bio-vmssl.https.port}" scheme="https" secure="true"></Connector>
To:
<Connector SSLEnabled="true" acceptCount="100" ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DH_RSA_WITH_AES_256_CBC_SHA, TLS_DH_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DH_RSA_WITH_AES_128_CBC_SHA, TLS_DH_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" connectionTimeout="20000" executor="tomcatThreadPool" keystoreFile="${bio-vmssl.keyFile.name}" keystorePass="${bio-vmssl.SSL.password}" keystoreType="PKCS12" maxKeepAliveRequests="15" port="${bio-vmssl.https.port}" protocol="HTTP/1.1" redirectPort="${bio-vmssl.https.port}" scheme="https" secure="true"></Connector>
Note: Add only the red text as indicated and do not change any other options. This adds back support for less secure cipher strengths for backward compatibility purposes.Restart the VMware VirtualCenter Management Web Services service.
194.vSphere5.X一些高級設置選項描述
das.ignoreInsufficientHbDatastore - 5.x –抑制主機配置數據存儲的心跳數量少於das.heartbeatDsPerHost。默認值是“False”,能配置成“True”Or“False”
das.heartbeatDsPerHost - 5.x –每臺主機數據存儲所需的心跳數,默認值爲2;值應該在2~5之間,在改變造成影響之前HA必須重新配置所有的主機
das.maskCleanShutdownEnabled – 5.0 U1 / 5.1 – 是否清除關閉標識默認爲False ,當空閒或者故意關閉虛擬機,如果虛擬機的主數據存儲不能訪問,開啓這個選項將觸發虛擬機發生故障轉移。
das.maxVmRestartCount – 5.x – HA試圖重新啓動虛擬機的最大次數,默認是5.
das.maxVmRestartPeriod - 5.x – HA嘗試重新啓動虛擬機最大累計時間(秒),默認不限制
das.config.fdm.isolationPolicyDelaySec - 5.1 –一旦決定隔離主機,在執行隔離策略時等待的時間,最小值爲30,如果設置值少於30,延遲爲30
das.isolationAddress[x] - 4.x / 5.x –當沒有收到心跳,ESXi主機的IP地址用來檢測隔離,[X]=0-9.HA將使用默認網關作爲隔離地址,同時提供值額外檢測。當第二網絡可以使用,我們建議爲了冗餘添加額外地址,第一個定義地址爲“das.isolationaddress0”
das.useDefaultIsolationAddress - 4.x / 5.x – 值可以是“True”或者“Flase”,作爲默認網關必須爲false,而默認的隔離地址,不能也不該做這個用途。換句話說,如果默認網關是個不能ping通的地址,設置“das.isolationaddress0”爲一個ping通地址,通過設置“False”禁用默認網關的可用性
das.isolationShutdownTimeout - 4.x / 5.x –初始化客戶系統關閉之後虛擬機關閉電源的等待時間,在聚焦電源關閉之前,默認是300秒
das.allowNetwork[x] - 4.x / 5.x – HA開啓使用的端口組名稱來控制網絡,[X]是0-9之間的數字,有可以在網絡配置中設置該值“Service Console 2”or “Management Network”作爲端口組的名字,這些網絡必須兼容HA,請注意數字[X]同網絡沒有關係,它只是在多網絡環境給你一個選項,還有,在選項被設置和改變之後,HA必須認識到所有主機帶來的影響。來檢測HA
das.bypassNetCompatCheck - 4.x / 5.x –在介紹ESX3.5 U2時禁用“兼容網絡”用來檢測HA,禁用這個檢查將在羣集中配置開啓HA,包括不同子網的主機,所以稱之爲不兼容網絡,默認值爲“False”;設置它爲“True”禁用檢測
das.ignoreRedundantNetWarning - 4.x / 5.x – 當你沒有冗餘管理網絡連接,移除vCenter中的錯誤標識和信息,默認是“False”設置它爲“True”將禁用警告,設置了這個選項後HA必須重新配置
das.vmMemoryMinMB - 4.x / 5.x –默認最小的slot 規格用來計算故障轉移的容量,較高的值將爲故障轉移預定更多的空間,不要與“das.slotMemInMB”混淆。
das.vmCpuMinMHz - 4.x / 5.x –默認最小的slot規格用來計算故障轉移的容量,較高的值將爲故障轉移預定更多的空間,不要與“das.slotCpuInMHz”混淆。
das.slotMemInMB - 4.x / 5.x –選擇最小的slot規格作爲內存的值,當大內存的虛擬機預定了對稱的slot規格,使用這個高級設置,同時將導致比較保守的可用slot數量
das.slotCpuInMHz - 4.x / 5.x –選擇最小的slot規格作爲CPU的值,當大CPU的虛擬機預定了對稱的slot規格,使用這個高級設置,同時將導致比較保守的可用slot數量
das.sensorPollingFreq - 4.x –設置HA狀態更新的時間,vSphere 4.1時,默認值設置成10,它能配置爲1~30,但不建議減少這個值,可能因爲狀態更新的開銷導致穩定性降低
das.perHostConcurrentFailoversLimit - 4.x / 5.x –默認, HA將每主機處理32個並行虛擬機,這個設置控制了當個主機同時重新啓動虛擬機的數量,設置大的值將允許更多的虛擬機同時重啓,但將增加恢復的平均延遲,同時給主機和存儲更大的壓力
das.maxFtVmsPerHost - 4.x / 5.x – 單個主機上FT虛擬機的最大數量,默認爲4
das. IncludeFtComplianceChecks - 5.x –決定是否FT關聯羣集文件兼容性檢查,默認是“True”
das.maxFtVmRestartCount - 5.x –主機上FT支持開啓虛擬機的數量,默認是4,注意0和1意味着無限制
das.config.log.outputToFiles - 5.0 U1 – 爲5.0主機開啓基於文件的日誌,默認是false,開啓設置爲“True”和配置das.config.Log.MaxFileNum爲2
das.config.log.maxFileNum - 5.0 U1- 日誌文件的最大數量,默認爲0
虛擬機和應用監控
das.iostatsinterval - 4.x / 5.x – 如果虛擬機上發生任何磁盤和網絡活動,I/O統計間隔時間,默認是120秒
das.failureinterval - 4.x – 失敗的輪詢間隔,默認值30秒
das.minuptime - 4.x –在虛擬機監控開啓輪詢之前,最小的正常運行時間,默認爲120秒
das.maxFailures - 4.x –虛擬機發生故障的最大數量“das.maxFailureWindow”,如果達到這個數字,虛擬機監控不自動重新啓動虛擬機,默認爲3
das.maxFailureWindow - 4.x –發生故障之間的最短時間,默認爲3600秒,如果一個虛擬機發生故障超過了“das.maxFailures”的3600秒,虛擬機監控不能重啓虛擬機
das.vmFailoverEnabled - 4.x –如果設置爲“True”,虛擬機監控開啓,當設置爲“False”,虛擬機監控被禁用。
195.重新安裝 vCenter Single Sign-On 節點無限期暫停在“配置 SSO 組件...”處。(5.5)
故障狀態:
重新安裝 vCenter Single Sign-On 節點無限期暫停在“配置 SSO 組件...”處。您可以安裝 vCenter Single Sign-On 5.5 的多個實例(節點)。卸載其中一個節點時,不會自動清理已在所有節點中複製的 VMware 目錄服務。重新安裝該節點時,複製 VMware 目錄服務信息會阻止安裝程序完成安裝以及將該節點指向現有 vCenter Single Sign-On 實例。安裝將無限期暫停。
解決方案:
更改 vCenter Single Sign-On 服務器的主機名並清除失效的 Windows 註冊表項。請參見 VMware 知識庫文章 2059131 的解決方案部分。