OVA deployment fails with Invalid certificate

 Error:

Deploy OVF fails with:

Invalid certificate

Solution:

1.Install OVF tool in any windows machine from:

 https://customerconnect.vmware.com/downloads/details?ownloadGroup=OVFTOOL430&productId=742

2.Open a command prompt in Windows OS , navigate to the folder where you’ve installed the OVF tools. the default location is “program files

3.Skip manifesto check and create new OVA

ovftool.exe  –skipManifestCheck <Source path:\Source OVA file name> <DESTINATION-PACKAGE-PATH\new OVA file name>

ESXi Host and VC time differ more than 1 minute

 Error:

Below error while enable DRS in ESXi cluster:

Host and VC time differ more than 1 minute

Solution:

Use NTP server for ESXi and vCenter server 

Windows Powershell is not recognized as an internal or external command, operable program or batch file

Error:

Powershell is not recognized as an internal or external command, operable program or batch file

 

Solution:

Right click PC->Properties->Environment Variable and add PATH

Please add the below path to you Windows environment Variable:

%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\

failed to start file system check on /dev/vg_root/lv_root _0

 Error:

VCSA fails boot:

failed to start file system check on /dev/vg_root/lv_root _0

Solution:

from command line run below command and try reboot:

    fsck -y /dev/vg_root_0/lv_root _0 

    reboot

    

vCenter server logs cleanup

 Verify the log file size:

du -a /storage/log | sort -n -r | head -n 20

cd /var/log

rm messages-2022*

Open SSL to verify Weak Ciphers

 Below Bash script gets the list of supported cipher suites from OpenSSL and tries to connect using each one. If the handshake is successful, it prints YES. If the handshake isn't successful, it prints NO.




*************

#!/usr/bin/env bash

# OpenSSL requires the port number.
SERVER=$1
DELAY=1
ciphers=$(openssl ciphers 'ALL:eNULL' | sed -e 's/:/ /g')

echo Obtaining cipher list from $(openssl version).

for cipher in ${ciphers[@]}
do
echo -n Testing $cipher...
result=$(echo -n | openssl s_client -cipher "$cipher" -connect $SERVER 2>&1)
if [[ "$result" =~ ":error:" ]] ; then
  error=$(echo -n $result | cut -d':' -f6)
  echo NO \($error\)
else
  if [[ "$result" =~ "Cipher is ${cipher}" || "$result" =~ "Cipher    :" ]] ; then
    echo YES
  else
    echo UNKNOWN RESPONSE
    echo $result
  fi
fi
sleep $DELAY
done

*******************

[TestMachine#]$ ./check_ciphers <Server IP:Port>

Obtaining cipher list from OpenSSL 0.9.8k 25 Mar 2009.
Testing ADH-AES256-SHA...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES256-SHA...NO (sslv3 alert handshake failure)
Testing DHE-DSS-AES256-SHA...NO (sslv3 alert handshake failure)

The certificate on 1 host could not be verified while add esxi | Regenerate ESXI certificate

 Error:

the certificate on 1 host could not be verified while add esxi 7.0

Solution:

Backup Existing SSL

cd /etc/vmware/ssl

mv rui.crt rui.crt.bak mv rui.key rui.key.bak

/sbin/generate-certificates  (regenerates)

esxcli system shutdown reboot --reason "Reason for reboot" (reboot)