Create a local user and assigning permissions on an ESXi host

1. Create a local user on your ESXi host.

   Note: You cannot perform this task on vCenter Server.

   To create a local user on your ESXi host:

   1. Connect directly to the ESXi host using the vSphere Client.
   2. Click the Local Users & Groups tab.
   3. Right-click the window pane and and click Add.
   4. Enter a login name and a password (user name and UID is generated automatically if you leave the fields blank).
2. Create a role and assign permissions:
   1. Select Home.
   2. Click Roles and click Add to create a new role with dedicated permissions.
   3. Define a name for the new role and select the necessary permissions.
3. Assign the new role to the user:
   1. Select Inventory.
   2. Right-click the Permissions tab and click Add Permission.
   3. At the left pane, select Add to add the created user.
   4. At the right pane, select the new created role.

How to Convert a Virtual Disk from Thin to Thick

via VMware vSphere 4 – ESX and vCenter Server

Convert a Virtual Disk from Thin to Thick
If you created a virtual disk in the thin format, you can convert it to thick.
The thin provisioned disk starts small and at first, uses just as much storage space as it needs for its initial operations. After having been converted, the virtual disk grows to its full capacity and occupies the entire datastore space provisioned to it during the disk’s creation.
Procedure

1. Select the virtual machine in the inventory.

2. Click the Summary tab and, under Resources, double-click the datastore for the virtual machine to open the Datastore Browser dialog box.

3. Click the virtual machine folder to find the virtual disk file you want to convert. The file has the .vmdk extension.

4.Right-click the virtual disk file and select Inflate.

The virtual disk in thick format occupies the entire datastore space originally provisioned to it.

How to manage vmware ESX with PowerShell

1. Prerequisites:
   • Windows .Net Framework 2.0 (3.5 latest SP Recommended).
   • Windows PowerShell (V2 Recommended).
2. Install vSphere client.
3. Set the ‘Execution Policy’ of PowerShell to Remote Signed.
   • Run PowerShell as administrator.
   • Set-ExecutionPolicy RemoteSigned
4. Type Exit and press Enter to leave the PowerShell prompt.
5. Do it on both PowerShell consoles: x86 and x64.
6. Download the PowerCLI software to your workstation from the following URL: http://vmware.com/go/PowerCLI
7. Run the PowerCLI exe file.
8. Install it all the way with default values. Click next until you arrived to finish screen and click finish.
9. On your desktop you will now have two icons, which allow you to launch PowerCLI, a 64 bit version and a 32 bit version.
10. Copy the PowerCLI modules folder to the PowerShell modules folder:
11. C:\Program Files (x86)\VMware\Infrastructure\PowerCLI\Modules -> C:\Windows\System32\WindowsPowerShell\v1.0\Modules
12. View the new vmware modules: Get-Module -ListAvailable | ? {$_.name -like “*VMware*”}

• Example

C:\WINDOWS\system32> Get-Module -ListAvailable | ? {$_.name -like “*VMware*”}

    Directory: C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PowerCLI\Modules

ModuleType Version    Name                                ExportedCommands

———- ——-    —-                                —————-

Binary     6.0.0.0    VMware.DeployAutomation

Binary     6.0.0.0    VMware.ImageBuilder

Binary     6.5.0.4… VMware.VimAutomation.Cis.Core

Binary     6.5.0.4… VMware.VimAutomation.Cloud

Manifest   6.5.0.4… VMware.VimAutomation.Common

Binary     6.5.0.2… VMware.VimAutomation.Core           HookGetViewAutoCompleter

Binary     6.0.0.0    VMware.VimAutomation.HA

Binary     7.0.2.4… VMware.VimAutomation.HorizonView

Binary     6.5.0.4… VMware.VimAutomation.License

Binary     6.5.0.4… VMware.VimAutomation.PCloud

Manifest   6.5.0.4… VMware.VimAutomation.Sdk            Get-PSVersion

Binary     6.5.0.4… VMware.VimAutomation.Storage

Binary     6.5.0.4… VMware.VimAutomation.Vds

Binary     6.5.0.4… VMware.VimAutomation.vROps

Binary     6.0.0.0    VMware.VumAutomation

13. Import the modules you need: Import-Module -Name VMware.VimAutomation.Core
14. The end.

Source: Back to Basics: Part 1 – Installing PowerCLI – VMware PowerCLI Blog – VMware Blogs

https://blogs.vmware.com/PowerCLI/2015/03/powercli-6-0-introducing-powercli-modules.html

How to upgrade ESXI to ESXI 6.0

How to upgrade ESXI to ESXI 6.0

1. Disconnect the network storage
2. Do not disconnect a LUN that contains an existing ESXI installation.
3. Set the server hardware clock to UTC in BIOS.
4. Boot the ESXI installer from a cd, DVD or USB.
5. Select the drive on which to install or upgrade ESXI and press enter in the select a disk panel.
6. Press F1 for information about the selected disk.
7. Upgrade ESXI if the installer finds an existing ESXI installation and VMFS datastore.
8. Press F11 to confirm and start the upgrade.
9. Remove the installation cd or DVD or USB flash drive when the upgrade is complete.
10. Press enter to reboot the host.
11. Set the first boot device to be the drive which you selected previously when you upgraded ESXI.
12. Connect back the network storage.

Source: Methods for upgrading to VMware ESXi 6.0 (2109711) | VMware KB

http://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.upgrade.doc%2FGUID-77D42D81-F47E-4FE9-B4B2-B15AB16C9C1A.html

Synchronize ESXi/ESX time with a Microsoft Domain Controller

Synchronize ESXi/ESX time with a Microsoft Domain Controller

When using Active Directory integration in ESXi/ESX 4.1 and newer, it is important to synchronize time between ESXi/ESX and the directory service to facilitate the Kerberos security protocol.

ESXi/ESX support synchronization of time with an external NTPv3 or NTPv4 server compliant with RFC 5905 and RFC 1305. Microsoft Windows 2003 and newer use the W32Time service to synchronize time for windows clients and facilitate the Kerberos v5 protocol. For more information, see the Microsoft Knowledge Base article 939322 and How the Windows Time Service Works.

By default, an unsynced Windows server chooses a 10-second dispersion and adds to the dispersion on each poll interval that it remains in sync. An ESXi/ESX host, by default, does not accept any NTP reply with a root dispersion greater than 1.5 seconds.

Configure Windows NTP Client:

ESXi/ESX requires an accurate time source to synchronize with. To use a Windows 2003 or newer server, it should be configured to get its time from an accurate upstream NTP server

Use the registry editor on the Windows server to make the configuration changes:

Enable NTP mode:

Locate HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters

Set the Type value to NTP.

Enable the NTP Client:

Locate HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config

Set the AnnounceFlags value to 5.

Specify the upstream NTP servers to sync from:

Locate HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders

Set the NtpServer value to a list of at least 3 NTP servers.

Example: You might set the value to:

1.pool.ntp.org,0x1 2.pool.ntp.org,0x1 3.pool.ntp.org,0x1

Note: On a Windows 2008 Domain Controller, NtpServer is located in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters.

Specify a 15-minute update interval:

Locate HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient

Set the SpecialPollInterval value to 900.

Restart the W32time service for the changes to take effect.

Configure ESXi/ESX NTP and Likewise Clients

vSphere Client

Configure ESXi/ESX to synchronize time with the Windows server Active Directory Domain Controller:

1. Connect to the ESXi/ESX host or vCenter Server using the vSphere Client.
2. Click the ESXi/ESX host in the inventory.
3. Click the Configuration tab.
4. Under the Software heading, click Time Configuration.
5. Click Properties.
6. Ensure that the NTP Client Enabled option is selected.
7. Click Options.
8. Click NTP Settings.
9. Click Add and specify the fully qualified domain name or IP address of the Windows server Domain Controller(s).
10. Click OK.
11. Click OK to save the changes.

vSphere Web Client

1. Log in to the vSphere Web Client with administrator credentials.
2. Click on Hosts and Clusters.
3. Select the ESXi host from the list
4. Click Manage > Settings.
5. Expand System and select Time Configurations.
6. Click Edit.
7. Enter the Windows server Domain Controller(s) information.

Additional configuration must be done from the command line.

ESX/ESXi 4.x and 5.x

Open a console to the ESXi/ESX host. For more information, see Connecting to an ESX host using a SSH client (1019852) or Using Tech Support Mode in ESXi 4.1 and ESXi 5.0 (1017910).

Open the /etc/ntp.conf file in a text editor. For more information, see Editing configuration files in VMware ESXi and ESX (1017022).

Add the tos maxdist command on its own line:

tos maxdist 30

Save and close the configuration file.

Make the /etc/likewise/lsassd.conf file writable by running the command:

chmod +w /etc/likewise/lsassd.conf

Open the /etc/likewise/lsassd.conf file in a text editor.

Locate the sync-system-time option, uncomment it, and set the value to no:

sync-system-time = no

Save and close the configuration file.

On ESXi, save the configuration changes to the boot bank so they persist across reboots by running the command:

/sbin/auto-backup.sh

Restart the ntpd and lsassd services for the configuration changes to take effect by running the commands:

service lsassd restart

service ntpd restart

Note: To restart the ntpd and lsassd services on an ESXi host, run these commands:

/etc/init.d/lsassd restart

/etc/init.d/ntpd restart

If the ntpd and lsassd services do not restart, consider restarting the management agents first. For more information about restarting the management agents, see Restarting the Management agents on an ESX or ESXi Server (1003490).

ESXi 6.0

Connect to the ESXi host using an SSH session. For more information, see Using ESXi Shell in ESXi 5.x and 6.0 (2004746).

Open the /etc/ntp.conf file in a text editor. For more information, see Editing configuration files in VMware ESXi and ESX (1017022).

Add the tos maxdist command on its own line:

tos maxdist 30

Save and close the configuration file.

Run this command to access the likewise shell:

/usr/lib/vmware/likewise/bin/lwregshell

Note: If the command fails with the error:

lwregshell (error = 40700 – LWREG_ERROR_NO_SUCH_KEY_OR_VALUE)

Run this command to start the likewise service and then run the command to access the likewise shell:

/etc/init.d/lwsmd start

Navigate to the HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\ActiveDirectory directory with this command:

cd HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\ActiveDirectory

Run this command to change the synchronization time:

set_value SyncSystemTime 0

Exit the shell by typing quit and pressing Enter.

Refresh the lsass service with this command:

/usr/lib/vmware/likewise/bin/lwsm refresh lsass

For example:

/usr/lib/vmware/likewise/bin/lwsm refresh lsass

Refreshing service: lsass

To verify the changes to the registry key, run this command:

/usr/lib/vmware/likewise/bin/lwregshell list_values “[HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\ActiveDirectory]”

Once the configuration changes are complete, ensure that the time is synchronized between the ESXi/ESX host and the Windows server. For more information, see Troubleshooting NTP on ESX and ESXi (1005092).

Source: Synchronizing ESXi/ESX time with a Microsoft Domain Controller (1035833) | VMware KB

Configure ESXi host with Active Directory authentication

Configuring the ESXi host with Active Directory authentication

Purpose

This article provides steps to add an ESXi host to the Active Directory.

Resolution

To add an ESXi host to the Active Directory:

1. Confirm the ESXi host is synchronizing time with the Active Directory Domain controller.
2. From the vSphere Client, select the host that you want to add to the Active Directory.
3. Click the Configuration tab
4. Click the Authentication Services.
5. Click the Properties link at the top right pane.
6. In the Directory Services Configuration dialog, select the directory service from the dropdown.
7. Enter a domain.
8. Click Join Domain.
9. Enter the user name (in user@domain.com format) and password of a directory service user account that has permissions to join the host to the domain and click OK.
10. Click OK to close the Directory Services Configuration dialog box.
11. Click the Configuration tab and click Advanced Settings.
12. Navigate to Config > HostAgent.
13. Change the Config.HostAgent.plugins.hostsvc.esxAdminsGroup setting to match the Administrator group that you want to use in the Active Directory. These settings take affect within a minute and no reboot is required.

Notes:

• If the Config.HostAgent.plugins.hostsvc.esxAdminsGroup setting is changed, ensure to remove any invalid users from the Permissions tab of the ESXi host.
• In ESXi 4.1, the ESX Admins container is hard coded and must be added on the Active Directory side for authentication to work.

Source: Configuring the ESXi host with Active Directory authentication (2075361) | VMware KB

how to solve: This product can only be installed on Windows XP SP2 and above when Installing vSphere Client 5.0 on Windows 8.

Symptoms

• Installing vSphere Client 5.0 fails on Windows 8
• You see the error:
  This product can only be installed on Windows XP SP2 and above

Resolution

This issue is resolved in vCenter Server 5.0 Update 2, available at VMware Downlaods.

To work around this issue:

1. Right-click the VMware-viclient-build number.exe file and click Properties.
2. On the Compatibility tab, select Run this program in compatibility mode for: and select Windows 7 from the list.
3. Click OK.
4. Run the VMware-viclient-build number.exe file.

Source: VMware KB: Installing vSphere Client 5.0 on Windows 8 fails with the error: This product can only be installed on Windows XP SP2 and above

how to NIC teaming in ESXi and ESX

NIC teaming in ESXi and ESX

Source: VMware KB: NIC teaming in ESXi and ESX

Purpose

This article provides information on configuring NIC teaming.

A NIC team can share the load of traffic between physical and virtual networks among some or all of its members, as well as provide passive failover in the event of a hardware failure or network outage.

Resolution

https://www.youtube.com/watch?v=Hx9FAo7_H2k

To utilize NIC teaming, two or more network adapters must be uplinked to a virtual switch. The main advantages of NIC teaming are:

• Increased network capacity for the virtual switch hosting the team.
• Passive failover in the event one of the adapters in the team goes down.

Observe these guidelines to choose the correct NIC Teaming policy:

• Route based on the originating port ID: Choose an uplink based on the virtual port where the traffic entered the virtual switch.
• Route based on an IP hash: Choose an uplink based on a hash of the source and destination IP addresses of each packet. For non-IP packets, whatever is at those offsets is used to compute the hash.
• Route based on a source MAC hash: Choose an uplink based on a hash of the source Ethernet.
• Use explicit failover order: Always use the highest order uplink from the list of Active adapters which passes failover detection criteria.
• Route based on physical NIC load (Only available on Distributed Switch): Choose an uplink based on the current loads of physical NICs.

Before you begin :

• The default load balancing policy is Route based on the originating virtual port ID. If the physical switch is using link aggregation,Route based on IP hash load balancing must be used. For more information, see Host requirements for link aggregation for ESX and ESXi (1001938) and the VMware Virtual Networking Concepts guide.
• LACP support has been introduced in vSphere 5.1 on distributed vSwitches and requires additional configuration. For more information, see Enabling or disabling LACP on an Uplink Port Group using the vSphere Web Client (2034277).
• Ensure VLAN and link aggregation protocol (if any) are configured correctly on the physical switch ports.

To configure NIC teaming for standard vSwitch using the vSphere / VMware Infrastructure Client:

1. Highlight the host and click the Configuration tab.
2. Click the Networking link.
3. Click Properties.
4. Under the Network Adapters tab, click Add.
5. Select the appropriate (unclaimed) network adapter(s) and click Next.
6. Ensure that the selected adapter(s) are under Active Adapters.
7. Click Next > Finish.
8. Under the Ports tab,highlight the name of the port group and click Edit.
9. Click the NIC Teaming tab.
10. Select the correct Teaming policy under the Load Balancing field.
11. Click OK.

To configure NIC teaming for standard vSwitch using the vSphere Web Client:

1. Under vCenter Home, click Hosts and Clusters.
2. Click on the host.
3. Click Manage > Networking > Virtual Switches.
4. Click on the vSwitch.
5. Click Manage the physical network adapters.
6. Select the appropriate (unclaimed) network adapter(s) and use the arrow to move the adapter(s) to Active Adapters.
7. Click Edit settings.
8. Select the correct Teaming policy under the Load Balancing field.
9. Click OK.