Category: VMware [en]

Posted on

Host Upgrade fails with “Cannot execute upgrade script on host”

I recently had the pleasue to time-warp a dinosaur upgrade an old ESXi 6.0 host to ESXi 6.7. Right after I triggered remediation with a current ESXi 6.7 iso image, I got an error message:

Cannot execute upgrade script on host

That message isn’t really specific. If you google it you’ll probably find a dozen possible reasons tor the failure. That can be:

None of the issues above did fit my observed problem. A good startpoint should be a look into vua.log on the affected host.

less /var/log/vua.log

Unfortunately that didn’t help either. So we had (again) a closer look at the VMware upgrade path matrix. A direct host upgrade from ESXi 6.0 to ESXi 6.7U3 is supported but while we re-checked the matrix our attention was drawn to a little footnote.

KB 76555 says there’s an issue with expired VIB certificates on hosts below a specific build numer.

  • ESXi 6.0 GA before build 9239799
  • ESXi 6.5 GA before build 8294253

In fact our ESXi host 6.0 had a build level of 7967664 (U3e) which is in the critical range. So we had to install some patches up to July 2018 (ESXi600-201807001). After that the upgrade to ESXI 6.7U3 went flawlessly.

What went wrong?

Of course we did check the matrix during the planning phase in early March 2020. That’s a standard operating procedure. Unfortunately something has changed in the meantime (the footnote was added). KB 76555 was updated in May 2020 and the issue affects upgrades to versions of ESXi 6.7 beyond April 28th 2020.

Take home message: Check your design and matrices again right before the projects starts.

Posted on

Upgrade vCenter Server Appliance to vSphere 7

Recently I’ve upgraded my homelab from 6.7U3 to vSphere7. The workflow is straightforward and very easy. The VMware Design team did a very good job with the UI.

First steps

I cannot point that out enough: check the VMware HCL. Just because your system is supported under your current vSphere version, doesn’t mean it’ll be supported under vSphere7 too. On the day I’ve upgraded, vSphere7 was brand new and there were just a few entries in the HCL. But it’s a homelab and if something breaks I don’t care to rebuild it from scratch. Don’t do this in production!

Although my Supermicro E300-9D is not yet certified for version 7.0, it works like a charm. I guess it’s just a matter of time, because the VMware Nano-Edge cluster is based on that hardware.

Before we can start, you need to download the vCenter Server Appliance 7.0 (VCSA) from VMware downloads (Login required). You also need to have new license keys for vCenter, ESXi and vSAN (if yor cluster is hyperconverged).

Continue reading “Upgrade vCenter Server Appliance to vSphere 7”
Pages: 1 2
Posted on

VMware vExpert 2020

Congratulations on your vExpert Award!

I received particularly good news during my vacation. VMware has awarded me the title vExpert for another year.

This award is an honor and motivation to continue my work for the vCommunity. For example by sharing knowledge in blog articles here at ElasticSky.de, or by giving talks at VMUG Meetings or the German VMUG UserCon.

vExpert Badge 2020

VMware vExpert Program

VMware annually awards the title vExpert to members of the community who have distinguished themselves in the past year through their special commitment. The award is aimed at people who have shared their knowledge and passion for VMware technology far beyond the demands of their daily work.

Links

vExpert Tweets on Twitter: #vExpert

VMTN Blog – vExpert 2020 Award Announcement

VMware – vExpert Directory

Posted on

PowerCLI offline installation

Strict security policies are in place in many corporate environments. This means that it is only possible to access internet resources to a limited extent, if at all. This becomes apparent, for example, when trying to install PowerCLI on a management system. While the availability of PowerCLI modules in the PowerShell Gallery provides an easy way to install or update PowerCLI, this is only possible if access to this external resource is allowed by Powershell. Using the Powershell Gallery requires the NuGet Packet Management Provider. This must also be obtained online.

 Install-Module -Name VMware.PowerCLI -Scope CurrentUser

If the Internet connection is restricted or blocked, the above command fails. But you can also transfer the modules offline. For this you need a PC with free internet access. Here you use a different command, which does not install the modules, but only downloads them to a defined path.

 Save-Module -Name VMware.PowerCLI -Path C:\temp\PSModules

Copy the entire contents of the PSModules folder to a storage medium of your choice (e.g. USB flash drive) and transfer the files to the desired offline system where PowerCLI is needed.

If you have admin rights on the target system, you can copy files to the loaction below.

 C:\Program Files\WindowsPowerShell\Modules

Now the PowerCLI modules are also available on the offline system. For a version update the procedure must be repeated. It is advisable to remove the VMware modules before transferring the current ones.

Get-Module VMware.* -ListAvailable | Uninstall-Module -Force

Further customization

Customer Experience Improvement Program (CEIP)

The VMware Customer Experience Improvement Program collects data about the use of VMware products. You can either agree (true) or disagree (false). For offline systems, only the rejection (false) makes sense. The command shown below suppresses future notifications within PowerCLI.

Set-PowerCLIConfiguration -Scope AllUsers -ParticipateInCeip $false -confirm:$false

Ignore invalid SSL certificates

Bei Verwendung selbstsignierter Zertifikate im vCenter verweigert PowerCLI die Verbindung. Dieses Verhalten kann unterdrückt werden mit dem Befehl:

When using self-signed certificates in vCenter, PowerCLI will deny the connection. This behavior can be suppressed with the command:

Set-PowerCLIConfiguration -Scope AllUsers -InvalidCertificateAction Ignore -confirm:$false