How to get “Use Windows session” Checkbox to work in VCSA6

You’ve just installed vSphere 6 vCenter Server Appliance (VCSA) and want to use the “Use Windows session authentication/credentials” checkbox like you know it from the vCenter Server running on a Windows Server?

You’ve already added an Active Directory as Identity source, and you can login with AD users, but the “Use Windows session authentication/credentials” still does not work?

You see the following error messages in the vSphere Client:
Windows session credentials cannot be used to log into this server.
windows-session-credentials-cannot-be-used

Or in the vSphere Web Client (If the checkbox is greyed out, install the Client Integration Plugin from the bottom of the login page):
Incorrect username/password
vsphere-web-client-incorrect-password

This post explains how to get the “Use Windows session” checkbox to work

To properly handle sessions, the vCenter Server Appliance has to be joined to the Active Directory, like you would do with Windows member servers. This applies to both deployment scenarios – vCenter with embedded PSC and vCenter with external PSC. All systems (or nodes) must be part of the the Active Directory.

  1. Open vSphere Web Client (https://%5Bvcenter%5D/vsphere-client)
  2. Login as Single Sign-On Administrator (Password set during installation)
  3. Navigate to Administration > Deployment > System Configuration
    vsphere60-web-client-administration vsphere60-web-client-system-configuration
  4. Open Nodes and select your system
    vsphere60-web-client-infrastructure-node-config
  5. Navigate to Manage > Advanced > Active Directory
    vsphere60-web-client-infrastructure-node-join-ad
  6. Click Join…
    vsphere60-web-client-infrastructure-node-join-button
  7. Enter AD domain information
    vsphere60-web-client-join-domain
  8. Press OK
  9. Repeat Step 4-8 for all nodes
  10. Reboot the Appliance

If this does not work for any reason, you can also join the Active Directory from the command line:

  1. SSH to your VCSA (Hint: If SSH is disabled: vSphere Web Client > Administration > System Configuration > Nodes > Manage > Settings > Access > Enable SSH)
  2. Login as root
  3. Launch BASH
    Command> shell.set --enabled True
    Command> shell
  4. Join the Active Directory Domain (domainjoin-cli join [domain] [domain admin]
    # /opt/likewise/bin/domainjoin-cli join virten.lab administrator
  5. Reboot the Appliance

Depending on your Active Directory configuration there might be an issue with the NSS configuration. If you still can’t “Use Windows session credentials”, try to enable Local Security Authority Subsystem Service (LSASS) in the NSS configuration:

  1. SSH to your VCSA
  2. Login as root
  3. Open the /etc/nsswitch.conf file using a text editor
  4. Locate the passwd: compat ato entry
  5. Replace it with passwd: compat ato lsass
  6. Reboot the Appliance
  7. If it does not work, wait 15 minutes and try again

Credit to: fgrehl

Site: https://www.virten.net/2015/05/how-to-get-use-windows-session-checkbox-to-work-in-vcsa6/

Linux (CentOS) Filesystem Drive Expansion – How To

I received a request last year to expand a Linux drive and I remember it took me 30-40 minutes to find the correct article to apply in order to achieve the goal (in this case, the expansion of the filesystem drive). I ended up forgetting all about it till recently when another ticket came in to do the same task on a different server and I had to go searching for this article again so I figured it is definitely worth sharing.

This took place on VMWare 5.5 and CentOS 6.5 systems.

Instructions:

  • Shutdown the VM
  • Right click the VM and select Edit Settings
  • Select the hard disk you would like to extend
  • On the right side, make the provisioned size as large as you need it
  • Click OK
  • Power on the VM
  • Connect to the command line of the Linux VM via the console or putty session
  • Log in as root
  • The fdisk command provides disk partitioning functions and using it with the -l switch lists information about your disk partitions.  At the command prompt type fdisk -l
  • The response should say something like Disk /dev/sda : xxGB. (See Figure A)
  • linux_a
  • At the command prompt type fdisk /dev/sda. (if dev/sda is what was returned after step 10 as shown in Figure A)
  • Type p to print the partition table and press Enter (also shown in Figure A)
  • Type n to add a new partition
  • Type p again to make it a primary partition
  • Now you’ll be prompted to pick the first cylinder which will most likely come at the end of your last partition (ex: /dev/sda3 ends at 2610).  So I chose 2611 for my first cylinder, which is also listed as the default.
  • If you want it to take up the rest of the space available (as allocated in step 4), just choose the default value for the last cylinder.
  • Type w to save these changes
  • Restart the VM
  • Log back in as root
  • At the command prompt type fdisk -l. You’ll notice another partition is present.  In Figure B it is listed as sda4.
  • linux_b
  • You need to initialize this new partition as a physical volume so you can manipulate it later using the Logical Volume Manager (LVM).
  • Now you’ll add the physical volume to the existing volume group using the vgextend command. First type df -h to find the name of the volume group.  In Figure C, the name of the volume group is vg_root. Now type vgextend [volume group] /dev/sdaX. (ex: vgextend vg_root /dev/sda4)
  • linux_c
  • To find the amount of free space available on the physical volume type vgdisplay [volume group] | grep “Free”
  • Extend the logical volume by the amount of free space shown in the previous step by typing lvextend  -L+[freespace]G /dev/volgroup/volume. (ex: lvextend -L+20G /dev/vg_root/lv_root)
  • You can finally expand the ext3 file system in the logical volume using the command resize2fs /dev/volgroup/volume (ex: resize2fs /dev/vg_root/lv_root).
  • You can now run the df command to verify that you have more space–df -h

I hope you enjoyed and find this useful just like I did.

Credit: http://www.techrepublic.com/blog/smb-technologist/extending-partitions-on-linux-vmware-virtual-machines/

Remove Old Hidden Devices from a VM after P2V Conversion

One of the most useful terms I constantly search for and I have still not memorized is how to access the Device Manager with the Option to see all hardware (including hidden).

After you have converted a Windows physical server to a virtual machine, some redundant hardware devices may not be removed in the process. This will allow you to go in there manually and see all the hardware that is no longer in use/needed grayed out for you to uninstall manually.
Instructions:
Open a command prompt on the Windows VM and copy/paste (or type…) the following commands
set devmgr_show_nonpresent_devices=1
devmgmt.msc
Once the device management console opens, click on View > Show Hidden Devices.
Tah dah!
Go ahead and uninstall any devices that are no longer required (grayed out).

Sharepoint Link to TM1 Web – 403 Forbidden Error

It all started with an issue reported that a sharepoint link was not working correctly.  The link was right and was accessible through a browser, except when anyone would try to access it through Sharepoint, a 403 Forbidden error would pop up. This error would go away by pressing “f5” (refresh), but that was not a valid solution for the business of course.

After some troubleshooting, I was able to come up with the following solution.

– Created new site under IIS in the TM1 Web server.

– Modified the index.html file to contain a redirect to the real TM1 Website (code below):

Code

(I tried to post the code, but it kept getting modified by wordpress)

– Keep in mind that I tried to do a simple HTTP redirect directly from the new site from IIS first, but this gave me the same previous error.

– Changed Sharepoint link to point to the newly created site.

Link example:   http://tm1web.domain.com/index.html

I tested and the re-direct worked flawlessly through sharepoint so I was able to communicate to the business that the issue had been fixed.

I am still not sure why the link would not simply display through Sharepoint directly, but this was definitely the easiest fix without spending tons of time figuring this out.

Hope this is useful for some of you out there!