VMware vSphere常见问题汇总(二十)

190. ESXi 5.x采用软iSCSI做为存储时启动速度很慢

故障状态
1、ESXi 5.0在iSCSI软件启动器被配置的情况下,启动缓慢;
2、在sysboot.log文件里有类似如下信息:

1. [01:57:50.925338] sysboot: software-iscsi

2. [02:28:22.330320] sysboot: restore-paths

3、启动完成后,sysboot.log文件里有类似如下信息:

1. iscsid: cannot make a connection to 192.168.1.20:3260 (101,Network is unreachable)

2. iscsid: Notice: Reclaimed Channel (H34 T0 C1 oid=3)

3. iscsid: session login failed with error 4,retryCount=3

4. iscsid: Login Target Failed: iqn.1984-05.com.dell:powervault.md3000i.6002219000a14a2b00000000495e2886 [email protected] addr=192.168.1.20:3260 (TPGT:1 ISID:0xf) err=4

5. iscsid: Login Failed: iqn.1984-05.com.dell:powervault.md3000i.6002219000a14a2b00000000495e2886 [email protected] addr=192.168.1.20:3260 (TPGT:1 ISID:0xf) Reason: 00040000 (Initiator Connection Failure)

故障分析
这种问题通常由于ESXi 5.0主机尝试连接到所有已经配置好,或者能够被找到的Software iSCSI,而如果连接失败的话,ESXi 5.0主机会尝试9次重连。这就会导致时间大大延长;
解决方案
要处理这个问题,最简单的办法就是减少接口和Targets数量;:
1、首先执行如下命令,查看当前networkportal清单,确认数量,然后再做删减:

1. #esxcli iscsi networkportal list

系统将输出类似如下信息:

1. vmhba34:

2. Adapter: vmhba34

3. Vmknic: vmk6

4. MAC Address: 00:1b:21:59:16:e8

5. MAC Address Valid: true

6. IPv4: 192.168.1.206

7. IPv4 Subnet Mask: 255.255.255.0

8. IPv6:

9. MTU: 1500

10. Vlan Supported: true

11. Vlan ID: 10

12. Reserved Ports: 63488~65536

13. TOE: false

14. TSO: true

15. TCP Checksum: false

16. Link Up: true

17. Current Speed: 10000

18. Rx Packets: 656558

19. Tx Packets: 111264

20. NIC Driver: ixgbe

21. NIC Driver Version: 2.0.84.8.2-10vmw-NAPI

22. NIC Firmware Version: 0.9-3

23. Compliant Status: compliant

24. NonCompliant Message:

25. NonCompliant Remedy:

26. Vswitch: dvSwitch0

27. PortGroup: DvsPortset-0

28. VswitchUuid: 26 46 30 50 c0 cf df 1e-52 ef ab d7 a2 ab 96 f9

29. PortGroupKey: dvportgroup-78003

30. PortKey: 1731

31. Duplex:

32. Path Status: active

本例中,只有一个vmhba34的适配器;
2、如果想要列出当前运行的targets则需要执行如下命令:

1. #vmkiscsi-tool -T vmhba34

191. 解决安装vCenter Server 5.x提示:Error 25003错误问题

故障状态:
尝试安装vCenter Server 5.x时,系统提示如下错误提示:

rror 25003.Setup failed to create the vCenter repository .

下图所示:

故障分析:
1、可能由于AD、VC与DB之间的时间不同步导致;
2、可能由于DB选用了基于Windows Authentication与SQL混合验证方式时,ODBC DSN里默认选用混合验证选项里的密码包含复杂字符;
3、常发生在远端数据库时;
解决方案
1、配置时间服务器,确保时间同步;
2、如果选用混合验证时,当AD账户为了满足复杂度不得不包含有类似[email protected]#$之类的复杂符号时,改用以SA的方式来做针对VC数据库的远端访问;
3、确认关闭掉端到端的防火墙;

192. 取消vcops注册Uninstalling vCenter Operations Manager

取消注册方法如下:

Uninstalling vCenter Operations Manager (2036389)

Purpose

This article provides steps to uninstall vCenter Operations Manager.

Resolution

If the vCenter Operations Manager vApp is still deployed and running and vCenter Operations Manager is still registered and usable with vCenter Server:

1. Log in to the vCenter Operations Manager Admin UI at https://UI_VM_IP_Address/admin.

2. In the Registration tab, click Unregister next to the registered vCenter Server.

3. Click Yes. This process may take several minutes.

4. Power off the vCenter Operations Manager vApp and then delete it.

If the vCenter Operations Manager vApp is damaged or removed, you must remove the vCenter Operations Manager extension and asset information.

To remove the vCenter Operations Manager extension and asset information:

1. Log in to vCenter Server with the vSphere Client.

2. Click Home and then click Licensing.

3. Select the Assets option.

4. Right-click vCenter Operations Manager and click Remove Asset.

5. Open a Web browser and connect to https://VC_IP_Address/mob.

6. Log in as an administrative user when prompted.

7. Click Content.

8. Click ExtensionManager.

9. Click UnregisterExtension.

10. Enter com.vmware.vcops in the extensionKey field.

11. Click the Invoke Method link. A result of Void should be returned.

If the vCenter Operations Manager vApp still exists, power off and then delete it.

193.Search fails and Hardware Health and Health Status plug-ins are disabled in the vSphere Client (2031053)(5.1)

参见184

The vSphere Client does not connect to the inventory service when installed on Windows Server 2003 or Windows XP, and has these symptoms:

  • When you try to search the vSphere Client inventory, you see the error message:
    Login to the query service failed. A communication error occurred while sending data to the server. (The underlying connection was closed: An unexpected error occurred on a send.)
  • While trying to sort by name at the cluster level, you see the error :
    Error when trying to sort : Login to query service failed: The underlying connection was closed: An unexpected error occurred on a send. Authentication failed because the remote party has closed the transport stream
  • Hardware Health and Health Status plug-ins are disabled and cannot be viewed in the vSphere Client.
  • In the performance overview page, you see the error:
    This program cannot display the webpage

Solution

This issue occurs due to increased security of the cipher strengths which are, by default, used by the VMware Management Web Services components. Due to this change that was introduced in vSphere 5.1, the host operating system is required to support a higher cipher strength to be able to connect to these components.

In Windows Vista and Windows Server 2008, the proper cipher strengths are built into the operating system. However, for older Windows operating systems, a Microsoft hotfix must be applied to add the supported cipher strengths.

For more information on the cipher strengths that get added with the hotfix, see the Microsoft Knowledge Base article 948963.

Note: The preceding link was correct as of November 30, 2012. If you find a link is broken, provide feedback and a VMware employee will update the link.

Resolution

Windows 2003 ( 32 bit and 64bit Edition)

For Windows Server 2003 (32 bit and 64 bit), apply the appropriate hotfix to the machine on which the vSphere Client is installed.
To download the hotfix for your system, see the Microsoft Knowledge Base article 948963.

Notes:

  • You must reboot the machine after applying the hotfix.
  • Non-English versions of the hotfixes are also available on the Microsoft site. Click the Show hotfixes for all platforms and languages link on the Hotfix Request page to view the available versions.

Windows XP (32 bit)

There is no hotfix available for Windows XP (32 bit). Microsoft currently only provides limited support for Windows XP, and as a result the hotfix has not been released for it. To resolve this issue, you must upgrade your host operating system to Windows Vista or later, which support the use of high cipher strengths.

If you are unable to upgrade your environment, you may try adding less secure cipher strengths back to the configuration, which allows communication to proceed successfully.

To add less secure cipher strengths back to the configuration:

Caution: This is not a recommended configuration and is provided for backward compatibility purposes only. This is not extensively tested and is supported on a best effort basis only.

  1. Log in as an administrator to the server where vCenter Server 5.1 is installed.
  2. Navigate to the tomcat configuration directory.
    Note: By default, this directory is located at C:\Program Files\VMware\Infrastructure\tomcat\conf\. In vCenter Server Appliance, the file is located at /ur/lib.vmware-vpx/tomcat/conf.
  3. Open the server.xml file using a text editor.
  4. Change the Connector text to add support for weaker ciphers by changing it from:
    <Connector SSLEnabled="true" acceptCount="100" ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DH_RSA_WITH_AES_256_CBC_SHA, TLS_DH_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DH_RSA_WITH_AES_128_CBC_SHA, TLS_DH_DSS_WITH_AES_128_CBC_SHA" connectionTimeout="20000" executor="tomcatThreadPool" keystoreFile="${bio-vmssl.keyFile.name}" keystorePass="${bio-vmssl.SSL.password}" keystoreType="PKCS12" maxKeepAliveRequests="15" port="${bio-vmssl.https.port}" protocol="HTTP/1.1" redirectPort="${bio-vmssl.https.port}" scheme="https" secure="true"></Connector>
    To:
    <Connector SSLEnabled="true" acceptCount="100" ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DH_RSA_WITH_AES_256_CBC_SHA, TLS_DH_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DH_RSA_WITH_AES_128_CBC_SHA, TLS_DH_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" connectionTimeout="20000" executor="tomcatThreadPool" keystoreFile="${bio-vmssl.keyFile.name}" keystorePass="${bio-vmssl.SSL.password}" keystoreType="PKCS12" maxKeepAliveRequests="15" port="${bio-vmssl.https.port}" protocol="HTTP/1.1" redirectPort="${bio-vmssl.https.port}" scheme="https" secure="true"></Connector>
    Note: Add only the red text as indicated and do not change any other options. This adds back support for less secure cipher strengths for backward compatibility purposes.
  5. Restart the VMware VirtualCenter Management Web Services service.

194.vSphere5.X一些高级设置选项描述

das.ignoreInsufficientHbDatastore - 5.x –抑制主机配置数据存储的心跳数量少于das.heartbeatDsPerHost。默认值是“False”,能配置成“True”Or“False”

das.heartbeatDsPerHost - 5.x –每台主机数据存储所需的心跳数,默认值为2;值应该在2~5之间,在改变造成影响之前HA必须重新配置所有的主机

das.maskCleanShutdownEnabled – 5.0 U1 / 5.1 – 是否清除关闭标识默认为False ,当空闲或者故意关闭虚拟机,如果虚拟机的主数据存储不能访问,开启这个选项将触发虚拟机发生故障转移。

das.maxVmRestartCount – 5.x – HA试图重新启动虚拟机的最大次数,默认是5.

das.maxVmRestartPeriod - 5.x – HA尝试重新启动虚拟机最大累计时间(秒),默认不限制

das.config.fdm.isolationPolicyDelaySec - 5.1 –一旦决定隔离主机,在执行隔离策略时等待的时间,最小值为30,如果设置值少于30,延迟为30

das.isolationAddress[x] - 4.x / 5.x –当没有收到心跳,ESXi主机的IP地址用来检测隔离,[X]=0-9.HA将使用默认网关作为隔离地址,同时提供值额外检测。当第二网络可以使用,我们建议为了冗余添加额外地址,第一个定义地址为“das.isolationaddress0”

das.useDefaultIsolationAddress - 4.x / 5.x – 值可以是“True”或者“Flase”,作为默认网关必须为false,而默认的隔离地址,不能也不该做这个用途。换句话说,如果默认网关是个不能ping通的地址,设置“das.isolationaddress0”为一个ping通地址,通过设置“False”禁用默认网关的可用性

das.isolationShutdownTimeout - 4.x / 5.x –初始化客户系统关闭之后虚拟机关闭电源的等待时间,在聚焦电源关闭之前,默认是300秒

das.allowNetwork[x] - 4.x / 5.x – HA开启使用的端口组名称来控制网络,[X]是0-9之间的数字,有可以在网络配置中设置该值“Service Console 2”or “Management Network”作为端口组的名字,这些网络必须兼容HA,请注意数字[X]同网络没有关系,它只是在多网络环境给你一个选项,还有,在选项被设置和改变之后,HA必须认识到所有主机带来的影响。来检测HA

das.bypassNetCompatCheck - 4.x / 5.x –在介绍ESX3.5 U2时禁用“兼容网络”用来检测HA,禁用这个检查将在群集中配置开启HA,包括不同子网的主机,所以称之为不兼容网络,默认值为“False”;设置它为“True”禁用检测

das.ignoreRedundantNetWarning - 4.x / 5.x – 当你没有冗余管理网络连接,移除vCenter中的错误标识和信息,默认是“False”设置它为“True”将禁用警告,设置了这个选项后HA必须重新配置

das.vmMemoryMinMB - 4.x / 5.x –默认最小的slot 规格用来计算故障转移的容量,较高的值将为故障转移预定更多的空间,不要与“das.slotMemInMB”混淆。

das.vmCpuMinMHz - 4.x / 5.x –默认最小的slot规格用来计算故障转移的容量,较高的值将为故障转移预定更多的空间,不要与“das.slotCpuInMHz”混淆。

das.slotMemInMB - 4.x / 5.x –选择最小的slot规格作为内存的值,当大内存的虚拟机预定了对称的slot规格,使用这个高级设置,同时将导致比较保守的可用slot数量

das.slotCpuInMHz - 4.x / 5.x –选择最小的slot规格作为CPU的值,当大CPU的虚拟机预定了对称的slot规格,使用这个高级设置,同时将导致比较保守的可用slot数量

das.sensorPollingFreq - 4.x –设置HA状态更新的时间,vSphere 4.1时,默认值设置成10,它能配置为1~30,但不建议减少这个值,可能因为状态更新的开销导致稳定性降低

das.perHostConcurrentFailoversLimit - 4.x / 5.x –默认, HA将每主机处理32个并行虚拟机,这个设置控制了当个主机同时重新启动虚拟机的数量,设置大的值将允许更多的虚拟机同时重启,但将增加恢复的平均延迟,同时给主机和存储更大的压力

das.maxFtVmsPerHost - 4.x / 5.x – 单个主机上FT虚拟机的最大数量,默认为4

das. IncludeFtComplianceChecks - 5.x –决定是否FT关联群集文件兼容性检查,默认是“True”

das.maxFtVmRestartCount - 5.x –主机上FT支持开启虚拟机的数量,默认是4,注意0和1意味着无限制

das.config.log.outputToFiles - 5.0 U1 – 为5.0主机开启基于文件的日志,默认是false,开启设置为“True”和配置das.config.Log.MaxFileNum为2

das.config.log.maxFileNum - 5.0 U1- 日志文件的最大数量,默认为0

虚拟机和应用监控

das.iostatsinterval - 4.x / 5.x – 如果虚拟机上发生任何磁盘和网络活动,I/O统计间隔时间,默认是120秒

das.failureinterval - 4.x – 失败的轮询间隔,默认值30秒

das.minuptime - 4.x –在虚拟机监控开启轮询之前,最小的正常运行时间,默认为120秒

das.maxFailures - 4.x –虚拟机发生故障的最大数量“das.maxFailureWindow”,如果达到这个数字,虚拟机监控不自动重新启动虚拟机,默认为3

das.maxFailureWindow - 4.x –发生故障之间的最短时间,默认为3600秒,如果一个虚拟机发生故障超过了“das.maxFailures”的3600秒,虚拟机监控不能重启虚拟机

das.vmFailoverEnabled - 4.x –如果设置为“True”,虚拟机监控开启,当设置为“False”,虚拟机监控被禁用。

195.重新安装 vCenter Single Sign-On 节点无限期暂停在“配置 SSO 组件...”处。(5.5)

故障状态:

重新安装 vCenter Single Sign-On 节点无限期暂停在配置 SSO 组件...”处。您可以安装 vCenter Single Sign-On 5.5 的多个实例(节点)。卸载其中一个节点时,不会自动清理已在所有节点中复制的 VMware 目录服务。重新安装该节点时,复制 VMware 目录服务信息会阻止安装程序完成安装以及将该节点指向现有 vCenter Single Sign-On 实例。安装将无限期暂停。

解决方案:

更改 vCenter Single Sign-On 服务器的主机名并清除失效的 Windows 注册表项。请参见 VMware 知识库文章 2059131 的解决方案部分。

时间: 2024-12-11 07:18:24

VMware vSphere常见问题汇总(二十)的相关文章

VMware vSphere常见问题汇总(二十四)

220.如果查看hostd和vpxa的状态 有些时候ESXi主机出现故障,我们无法从vSphere client直接连入ESXi主机,这时可以通过DUCI查看状态. a.打开DUCI的Local ESXi Shell,然后Alt+F1进入到命令界面: b.执行如下命令查看hostd服务是否正常运行: /etc/init.d/hostd status 输出类似如下结果: hostd is running c.如果ESXi主机有连接到vCenter Server则还可以查看vCenter Serve

VMware vSphere常见问题汇总(二十三)

210.端口 80 的 vCenter Server 和 IIS 之间的冲突(5.5) 故障状态: vCenter Server 和 Microsoft Internet Information Service (IIS) 都将端口 80 用作直接 HTTP 连接的默认端口.该冲突会导致安装 vSphere Authentication Proxy 后 vCenter Server 无法重新启动.在 vSphere Authentication Proxy 安装完成后,vCenter Serve

VMware vSphere常见问题汇总(二十一)

196.如果 vCenter Single Sign-On 安装失败并进行回滚,则 vCenter Server Java 组件 (JRE) 和 vCenter tc Server 组件仍会进行安装(5.5) 故障状态: 如果 Single Sign-On 安装被取消或失败,则该安装将回滚到安装前的状态,此时系统会显示一条消息,指出系统未进行修改.但是,vCenter Server Java 组件 (JRE) 和 vCenter tc Server 组件仍会进行安装. 解决方案: 在 Windo

VMware vSphere常见问题汇总(十八)

180. 如果 vCenter Server Appliance 在 vCenter Single Sign On 启动前加入 Active Directory 域,则 Active Directory 不会作为标识源被找到(5.1) vCenter Server Appliance 通过 Web 界面配置向导在初始配置过程中加入 Active Directory 域时,可能出现此问题.配置后,相关 vCenter Server 和 vCenter Single Sign On 服务可能正常运行

VMware vSphere常见问题汇总(十六)

160. 解决安装sso报错:error 20010.failed to configure lookupservice问题 故障状态 安装vcenter single sign on这个组件时,系统提示如下错误: Error 20010.failed to configure lookupservice 故障分析 这个问题一般都由ad.dns.时间等缘故导致: 解决方案 1.检查ad里的计算机名是否正常: 2.检查dns服务器解析里面的正向和逆向地址解析,并建议清除dns缓存和过期记录,然后重

VMware vSphere常见问题汇总(十九)

186. 关于如何重置vCenter Single Sign-On(SSO)管理员密码的问题(5.1) For Windows版本 vCenter 1.管理员帐号登录到vCenter SSO所在操作系统: 2.进入到命令行模式,然后执行如下命令切换到utils目录: cd C:\ProgramFiles\VMware\Infrastructure\SSOServer\utils 3.在当前目录下执行如下命令: rsautil reset-admin-password 4.然后,输入密码,然后,输

VMware vSphere常见问题汇总(十七)

160. VMDK的重做日志已损坏解题思路 [vmware-]环境:esxi5.0,vc5.0 故障问题:执行storage vmotion之后,虚拟机出现了报错. 报错信息:xssj-000003.vmdk is corrupted.power off the virtual machine. If the problem still persists, discard the redo log. 解提思路: [故障原因] 由于快照之间的关系出现异常,导致vm启动失败: Vmware-34.l

VMware vSphere(高可用性)(十二)

VMware vSphere(高可用性)(十二)

Vmware vSphere常见问题及解决办法

Vmware vSphere常见问题及解决办法 日期:2012-6-29来源:51cto Vmware vSphere 12 1. 虚拟机文件被锁,无法正常 power on 故障状态: 启动虚拟机时95%,停顿并且进程中断,提示:ubable to access files since it is locked. 祸根:HA 解决方法: (1)首先将cluster中的HA功能关闭.如果该功能不关闭,容易造成死锁,,VM不断跳动,,不断再不同的ESX内循环被锁,徒劳而无功. (2)磁盘文件被锁,