190. ESXi 5.x采用软iSCSI做为存储时启动速度很慢
故障状态
1、ESXi 5.0在iSCSI软件启动器被配置的情况下,启动缓慢;
2、在sysboot.log文件里有类似如下信息:
1. [01:57:50.925338] sysboot: software-iscsi
2. [02:28:22.330320] sysboot: restore-paths
3、启动完成后,sysboot.log文件里有类似如下信息:
1. iscsid: cannot make a connection to 192.168.1.20:3260 (101,Network is unreachable)
2. iscsid: Notice: Reclaimed Channel (H34 T0 C1 oid=3)
3. iscsid: session login failed with error 4,retryCount=3
4. iscsid: Login Target Failed: iqn.1984-05.com.dell:powervault.md3000i.6002219000a14a2b00000000495e2886 [email protected] addr=192.168.1.20:3260 (TPGT:1 ISID:0xf) err=4
5. iscsid: Login Failed: iqn.1984-05.com.dell:powervault.md3000i.6002219000a14a2b00000000495e2886 [email protected] addr=192.168.1.20:3260 (TPGT:1 ISID:0xf) Reason: 00040000 (Initiator Connection Failure)
故障分析
这种问题通常由于ESXi 5.0主机尝试连接到所有已经配置好,或者能够被找到的Software iSCSI,而如果连接失败的话,ESXi 5.0主机会尝试9次重连。这就会导致时间大大延长;
解决方案
要处理这个问题,最简单的办法就是减少接口和Targets数量;:
1、首先执行如下命令,查看当前networkportal清单,确认数量,然后再做删减:
1. #esxcli iscsi networkportal list
系统将输出类似如下信息:
1. vmhba34:
2. Adapter: vmhba34
3. Vmknic: vmk6
4. MAC Address: 00:1b:21:59:16:e8
5. MAC Address Valid: true
6. IPv4: 192.168.1.206
7. IPv4 Subnet Mask: 255.255.255.0
8. IPv6:
9. MTU: 1500
10. Vlan Supported: true
11. Vlan ID: 10
12. Reserved Ports: 63488~65536
13. TOE: false
14. TSO: true
15. TCP Checksum: false
16. Link Up: true
17. Current Speed: 10000
18. Rx Packets: 656558
19. Tx Packets: 111264
20. NIC Driver: ixgbe
21. NIC Driver Version: 2.0.84.8.2-10vmw-NAPI
22. NIC Firmware Version: 0.9-3
23. Compliant Status: compliant
24. NonCompliant Message:
25. NonCompliant Remedy:
26. Vswitch: dvSwitch0
27. PortGroup: DvsPortset-0
28. VswitchUuid: 26 46 30 50 c0 cf df 1e-52 ef ab d7 a2 ab 96 f9
29. PortGroupKey: dvportgroup-78003
30. PortKey: 1731
31. Duplex:
32. Path Status: active
本例中,只有一个vmhba34的适配器;
2、如果想要列出当前运行的targets则需要执行如下命令:
1. #vmkiscsi-tool -T vmhba34
191. 解决安装vCenter Server 5.x提示:Error 25003错误问题
故障状态:
尝试安装vCenter Server 5.x时,系统提示如下错误提示:
rror 25003.Setup failed to create the vCenter repository .
下图所示:
故障分析:
1、可能由于AD、VC与DB之间的时间不同步导致;
2、可能由于DB选用了基于Windows Authentication与SQL混合验证方式时,ODBC DSN里默认选用混合验证选项里的密码包含复杂字符;
3、常发生在远端数据库时;
解决方案
1、配置时间服务器,确保时间同步;
2、如果选用混合验证时,当AD账户为了满足复杂度不得不包含有类似[email protected]#$之类的复杂符号时,改用以SA的方式来做针对VC数据库的远端访问;
3、确认关闭掉端到端的防火墙;
192. 取消vcops注册Uninstalling vCenter Operations Manager
取消注册方法如下:
Uninstalling vCenter Operations Manager (2036389)
Purpose
This article provides steps to uninstall vCenter Operations Manager.
Resolution
If the vCenter Operations Manager vApp is still deployed and running and vCenter Operations Manager is still registered and usable with vCenter Server:
1. Log in to the vCenter Operations Manager Admin UI at https://UI_VM_IP_Address/admin.
2. In the Registration tab, click Unregister next to the registered vCenter Server.
3. Click Yes. This process may take several minutes.
4. Power off the vCenter Operations Manager vApp and then delete it.
If the vCenter Operations Manager vApp is damaged or removed, you must remove the vCenter Operations Manager extension and asset information.
To remove the vCenter Operations Manager extension and asset information:
1. Log in to vCenter Server with the vSphere Client.
2. Click Home and then click Licensing.
3. Select the Assets option.
4. Right-click vCenter Operations Manager and click Remove Asset.
5. Open a Web browser and connect to https://VC_IP_Address/mob.
6. Log in as an administrative user when prompted.
7. Click Content.
8. Click ExtensionManager.
9. Click UnregisterExtension.
10. Enter com.vmware.vcops in the extensionKey field.
11. Click the Invoke Method link. A result of Void should be returned.
If the vCenter Operations Manager vApp still exists, power off and then delete it.
193.Search fails and Hardware Health and Health Status plug-ins are disabled in the vSphere Client (2031053)(5.1)
参见184
The vSphere Client does not connect to the inventory service when installed on Windows Server 2003 or Windows XP, and has these symptoms:
- When you try to search the vSphere Client inventory, you see the error message:
Login to the query service failed. A communication error occurred while sending data to the server. (The underlying connection was closed: An unexpected error occurred on a send.) - While trying to sort by name at the cluster level, you see the error :
Error when trying to sort : Login to query service failed: The underlying connection was closed: An unexpected error occurred on a send. Authentication failed because the remote party has closed the transport stream - Hardware Health and Health Status plug-ins are disabled and cannot be viewed in the vSphere Client.
- In the performance overview page, you see the error:
This program cannot display the webpage
Solution
This issue occurs due to increased security of the cipher strengths which are, by default, used by the VMware Management Web Services components. Due to this change that was introduced in vSphere 5.1, the host operating system is required to support a higher cipher strength to be able to connect to these components.
In Windows Vista and Windows Server 2008, the proper cipher strengths are built into the operating system. However, for older Windows operating systems, a Microsoft hotfix must be applied to add the supported cipher strengths.
For more information on the cipher strengths that get added with the hotfix, see the Microsoft Knowledge Base article 948963.
Note: The preceding link was correct as of November 30, 2012. If you find a link is broken, provide feedback and a VMware employee will update the link.
Resolution
Windows 2003 ( 32 bit and 64bit Edition)
For Windows Server 2003 (32 bit and 64 bit), apply the appropriate hotfix to the machine on which the vSphere Client is installed.
To download the hotfix for your system, see the Microsoft Knowledge Base article 948963.
Notes:
- You must reboot the machine after applying the hotfix.
- Non-English versions of the hotfixes are also available on the Microsoft site. Click the Show hotfixes for all platforms and languages link on the Hotfix Request page to view the available versions.
Windows XP (32 bit)
There is no hotfix available for Windows XP (32 bit). Microsoft currently only provides limited support for Windows XP, and as a result the hotfix has not been released for it. To resolve this issue, you must upgrade your host operating system to Windows Vista or later, which support the use of high cipher strengths.
If you are unable to upgrade your environment, you may try adding less secure cipher strengths back to the configuration, which allows communication to proceed successfully.
To add less secure cipher strengths back to the configuration:
Caution: This is not a recommended configuration and is provided for backward compatibility purposes only. This is not extensively tested and is supported on a best effort basis only.
- Log in as an administrator to the server where vCenter Server 5.1 is installed.
- Navigate to the tomcat configuration directory.
Note: By default, this directory is located at C:\Program Files\VMware\Infrastructure\tomcat\conf\. In vCenter Server Appliance, the file is located at /ur/lib.vmware-vpx/tomcat/conf. - Open the server.xml file using a text editor.
- Change the Connector text to add support for weaker ciphers by changing it from:
<Connector SSLEnabled="true" acceptCount="100" ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DH_RSA_WITH_AES_256_CBC_SHA, TLS_DH_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DH_RSA_WITH_AES_128_CBC_SHA, TLS_DH_DSS_WITH_AES_128_CBC_SHA" connectionTimeout="20000" executor="tomcatThreadPool" keystoreFile="${bio-vmssl.keyFile.name}" keystorePass="${bio-vmssl.SSL.password}" keystoreType="PKCS12" maxKeepAliveRequests="15" port="${bio-vmssl.https.port}" protocol="HTTP/1.1" redirectPort="${bio-vmssl.https.port}" scheme="https" secure="true"></Connector>
To:
<Connector SSLEnabled="true" acceptCount="100" ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DH_RSA_WITH_AES_256_CBC_SHA, TLS_DH_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DH_RSA_WITH_AES_128_CBC_SHA, TLS_DH_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" connectionTimeout="20000" executor="tomcatThreadPool" keystoreFile="${bio-vmssl.keyFile.name}" keystorePass="${bio-vmssl.SSL.password}" keystoreType="PKCS12" maxKeepAliveRequests="15" port="${bio-vmssl.https.port}" protocol="HTTP/1.1" redirectPort="${bio-vmssl.https.port}" scheme="https" secure="true"></Connector>
Note: Add only the red text as indicated and do not change any other options. This adds back support for less secure cipher strengths for backward compatibility purposes. - Restart the VMware VirtualCenter Management Web Services service.
194.vSphere5.X一些高级设置选项描述
das.ignoreInsufficientHbDatastore - 5.x –抑制主机配置数据存储的心跳数量少于das.heartbeatDsPerHost。默认值是“False”,能配置成“True”Or“False”
das.heartbeatDsPerHost - 5.x –每台主机数据存储所需的心跳数,默认值为2;值应该在2~5之间,在改变造成影响之前HA必须重新配置所有的主机
das.maskCleanShutdownEnabled – 5.0 U1 / 5.1 – 是否清除关闭标识默认为False ,当空闲或者故意关闭虚拟机,如果虚拟机的主数据存储不能访问,开启这个选项将触发虚拟机发生故障转移。
das.maxVmRestartCount – 5.x – HA试图重新启动虚拟机的最大次数,默认是5.
das.maxVmRestartPeriod - 5.x – HA尝试重新启动虚拟机最大累计时间(秒),默认不限制
das.config.fdm.isolationPolicyDelaySec - 5.1 –一旦决定隔离主机,在执行隔离策略时等待的时间,最小值为30,如果设置值少于30,延迟为30
das.isolationAddress[x] - 4.x / 5.x –当没有收到心跳,ESXi主机的IP地址用来检测隔离,[X]=0-9.HA将使用默认网关作为隔离地址,同时提供值额外检测。当第二网络可以使用,我们建议为了冗余添加额外地址,第一个定义地址为“das.isolationaddress0”
das.useDefaultIsolationAddress - 4.x / 5.x – 值可以是“True”或者“Flase”,作为默认网关必须为false,而默认的隔离地址,不能也不该做这个用途。换句话说,如果默认网关是个不能ping通的地址,设置“das.isolationaddress0”为一个ping通地址,通过设置“False”禁用默认网关的可用性
das.isolationShutdownTimeout - 4.x / 5.x –初始化客户系统关闭之后虚拟机关闭电源的等待时间,在聚焦电源关闭之前,默认是300秒
das.allowNetwork[x] - 4.x / 5.x – HA开启使用的端口组名称来控制网络,[X]是0-9之间的数字,有可以在网络配置中设置该值“Service Console 2”or “Management Network”作为端口组的名字,这些网络必须兼容HA,请注意数字[X]同网络没有关系,它只是在多网络环境给你一个选项,还有,在选项被设置和改变之后,HA必须认识到所有主机带来的影响。来检测HA
das.bypassNetCompatCheck - 4.x / 5.x –在介绍ESX3.5 U2时禁用“兼容网络”用来检测HA,禁用这个检查将在群集中配置开启HA,包括不同子网的主机,所以称之为不兼容网络,默认值为“False”;设置它为“True”禁用检测
das.ignoreRedundantNetWarning - 4.x / 5.x – 当你没有冗余管理网络连接,移除vCenter中的错误标识和信息,默认是“False”设置它为“True”将禁用警告,设置了这个选项后HA必须重新配置
das.vmMemoryMinMB - 4.x / 5.x –默认最小的slot 规格用来计算故障转移的容量,较高的值将为故障转移预定更多的空间,不要与“das.slotMemInMB”混淆。
das.vmCpuMinMHz - 4.x / 5.x –默认最小的slot规格用来计算故障转移的容量,较高的值将为故障转移预定更多的空间,不要与“das.slotCpuInMHz”混淆。
das.slotMemInMB - 4.x / 5.x –选择最小的slot规格作为内存的值,当大内存的虚拟机预定了对称的slot规格,使用这个高级设置,同时将导致比较保守的可用slot数量
das.slotCpuInMHz - 4.x / 5.x –选择最小的slot规格作为CPU的值,当大CPU的虚拟机预定了对称的slot规格,使用这个高级设置,同时将导致比较保守的可用slot数量
das.sensorPollingFreq - 4.x –设置HA状态更新的时间,vSphere 4.1时,默认值设置成10,它能配置为1~30,但不建议减少这个值,可能因为状态更新的开销导致稳定性降低
das.perHostConcurrentFailoversLimit - 4.x / 5.x –默认, HA将每主机处理32个并行虚拟机,这个设置控制了当个主机同时重新启动虚拟机的数量,设置大的值将允许更多的虚拟机同时重启,但将增加恢复的平均延迟,同时给主机和存储更大的压力
das.maxFtVmsPerHost - 4.x / 5.x – 单个主机上FT虚拟机的最大数量,默认为4
das. IncludeFtComplianceChecks - 5.x –决定是否FT关联群集文件兼容性检查,默认是“True”
das.maxFtVmRestartCount - 5.x –主机上FT支持开启虚拟机的数量,默认是4,注意0和1意味着无限制
das.config.log.outputToFiles - 5.0 U1 – 为5.0主机开启基于文件的日志,默认是false,开启设置为“True”和配置das.config.Log.MaxFileNum为2
das.config.log.maxFileNum - 5.0 U1- 日志文件的最大数量,默认为0
虚拟机和应用监控
das.iostatsinterval - 4.x / 5.x – 如果虚拟机上发生任何磁盘和网络活动,I/O统计间隔时间,默认是120秒
das.failureinterval - 4.x – 失败的轮询间隔,默认值30秒
das.minuptime - 4.x –在虚拟机监控开启轮询之前,最小的正常运行时间,默认为120秒
das.maxFailures - 4.x –虚拟机发生故障的最大数量“das.maxFailureWindow”,如果达到这个数字,虚拟机监控不自动重新启动虚拟机,默认为3
das.maxFailureWindow - 4.x –发生故障之间的最短时间,默认为3600秒,如果一个虚拟机发生故障超过了“das.maxFailures”的3600秒,虚拟机监控不能重启虚拟机
das.vmFailoverEnabled - 4.x –如果设置为“True”,虚拟机监控开启,当设置为“False”,虚拟机监控被禁用。
195.重新安装 vCenter Single Sign-On 节点无限期暂停在“配置 SSO 组件...”处。(5.5)
故障状态:
重新安装 vCenter Single Sign-On 节点无限期暂停在“配置 SSO 组件...”处。您可以安装 vCenter Single Sign-On 5.5 的多个实例(节点)。卸载其中一个节点时,不会自动清理已在所有节点中复制的 VMware 目录服务。重新安装该节点时,复制 VMware 目录服务信息会阻止安装程序完成安装以及将该节点指向现有 vCenter Single Sign-On 实例。安装将无限期暂停。
解决方案:
更改 vCenter Single Sign-On 服务器的主机名并清除失效的 Windows 注册表项。请参见 VMware 知识库文章 2059131 的解决方案部分。