Malaysia VMware Communities

Went through a marathon troubleshooting with my client for the past 1 week to figure out the reason why a cluster failed in place and it could not easily rebuild back after 1 of the node evicted. We had gone through the process to re image both nodes and rebuild from scratch. Follow exactly the best practices and run through the cluster validation without any error. While we try to form the cluster, the system keep provide an unknown error which do not share much information from log. It just keep telling you that the node is not reachable or unauthorized due to security setting.

After few nights of troubleshooting, I was running out of clue. Came to the sudden, I accidentally search the computer name in AD under the category of Users object group, and I found an user account been created in AD with the same name as we define on the cluster name. I was wondering whether this could caused the confuse to the system. Therefore, I was suggesting to remove the user name temporally as it was not use at the moment and tried to reform the cluster. Guess what, the cluster form up as it needed to be in less than 1 minutes. We were so happy to end the marathon troubleshooting every night well and we were also very pissed off with the bugs we face here.

Read more »

If you look for VMware authentication login using Microsoft Active Directory, I’m sure you can easily found on any seach enginer but most of the documents slightly outdated which is based on VMware ESX 2.x.

The following article try to give better understanding about latest VMware ESX 3.5 authentication login using AD.

Use esxcfg-auth command – VMware ESX Server Network Management Utility

Login to VMware ESX host using SSH as root

Ping ad.malaysiavm.com to make sure you can reach AD server.

The esxcfg‐auth command includes options for configuring interoperability with several authentication providers. This note focuses on the options that are relevant to Active Directory:
esxcfg‐auth [ [ ‐‐enablead | ‐‐disablead ] [ ‐‐addomain= ] [‐‐addc= ]

Type man esxcfg-auth for more information.

–disableab
Reverts the changes required to authenticate the user against Active Directory.

–enablead
Sets up the Console OS to authenticate the user against an Active Directory server. addomain and addc are required with this option.

–addomain
Sets the domain against which the user is to be authenticated when authenticating against an Active Directory server.

–addc
Sets the domain controller against which the user’s password should be checked.

# esxcfg-auth –enablead –addomain=AD.MALAYSIAVM.COM –addc=dc01.ad.malaysiavm.com

This enables Active Directory based user authentication in the ad.malaysiavm.com domain
with the domain controller dc01.ad.malaysiavm.com.

Basically the system will generate /etc/krb5.conf file as example below:

Read more »