Searching for esxi list usb devices on host console did not return meaningful results, but after a few more deeper tries I found that ESXi has lsusb at

• [WayBack] See if USB drive is connected |VMware Communities
• [WayBack] https://www.reddit.com/r/vmware/comments/5ck0rc/esxi_6_host_not_detecting_usb_devices_at_all/

Here the difference when connecting another USB hub with devices to an existing ESXi machine:

[root@ESXi-X10SRH-CF:~] lsusb
Bus 001 Device 005: ID 0781:5583 SanDisk Corp. Ultra Fit
Bus 001 Device 004: ID 0557:2419 ATEN International Co., Ltd 
Bus 001 Device 003: ID 0557:7000 ATEN International Co., Ltd Hub
Bus 003 Device 002: ID 8087:8002 Intel Corp. 
Bus 002 Device 002: ID 8087:800a Intel Corp. 
Bus 001 Device 002: ID 0557:2221 ATEN International Co., Ltd Winbond Hermon
Bus 003 Device 001: ID 0e0f:8002 VMware, Inc. 
Bus 002 Device 001: ID 0e0f:8002 VMware, Inc. 
Bus 001 Device 001: ID 0e0f:8003 VMware, Inc. 
[root@ESXi-X10SRH-CF:~] lsusb
Bus 001 Device 010: ID 0409:005a NEC Corp. HighSpeed Hub
Bus 001 Device 009: ID 0922:0019 Dymo-CoStar Corp. LabelWriter 400
Bus 001 Device 008: ID 06bc:0324 Oki Data Corp. 
Bus 001 Device 007: ID 0409:005a NEC Corp. HighSpeed Hub
Bus 001 Device 006: ID 1a40:0101 Terminus Technology Inc. Hub
Bus 001 Device 005: ID 0781:5583 SanDisk Corp. Ultra Fit
Bus 001 Device 004: ID 0557:2419 ATEN International Co., Ltd 
Bus 001 Device 003: ID 0557:7000 ATEN International Co., Ltd Hub
Bus 003 Device 002: ID 8087:8002 Intel Corp. 
Bus 002 Device 002: ID 8087:800a Intel Corp. 
Bus 001 Device 002: ID 0557:2221 ATEN International Co., Ltd Winbond Hermon
Bus 003 Device 001: ID 0e0f:8002 VMware, Inc. 
Bus 002 Device 001: ID 0e0f:8002 VMware, Inc. 
Bus 001 Device 001: ID 0e0f:8003 VMware, Inc.

A few odd things about the devices listed above:

1. are in none of the /var/log/* files when searching for Oki, Dymo or NEC
2. are listed differently in Windows:
   • Windows lists the 06bc:0324 Oki Data Corp.  as a “Composite device” with a few sub-devices “MC5(3)x2/ES5(3)4×2” and “USB Printing Support”
   • Windows lists the 0922:0019 Dymo-CoStar Corp. LabelWriter 400 as “USB Printing Support” with a subdevice “DYMO LabelWriter 400”
3. are listed differently when assigning them to a VM:

Two indispensable tools on Windows for dealing with USB devices are:

• [WayBack] View any installed/connected USB device on your system
• [WayBack] USBView | Microsoft Docs

They give a much easier to read view than devmgmt.msc, this despite the “hidden devices” trick at [WayBack] Tweak Device Manager for a more Complete View of Devices

Related:

• lspci: lsusb – Wikipedia
• [WayBack] lsusb(8): USB devices – Linux man page lsusb is a utility for displaying information about USB buses in the system and the devices connected to them.
• 18 Useful Commands to Get Hardware Information on Linux – Linuxslaves

–jeroen

• ESXi 6 host not detecting USB devices at all from vmware

This version of the ESXi Embedded Host Client is written purely in HTML and JavaScript, and is served directly from your ESXi host and should perform much better than any of the existing solutions.

Installing went smooth:

# esxcli software vib install -v https://download3.vmware.com/software/vmw-tools/esxui/esxui-signed-6360286.vib -f
Installation Result
Message: Operation finished successfully.
Reboot Required: false
VIBs Installed: VMware_bootbank_esx-ui_1.23.0-6360286
VIBs Removed: VMware_bootbank_esx-ui_1.21.0-5724747
VIBs Skipped:


Source: ESXi Embedded Host Client

–jeroen

Since “esxi write entry to syslog” didn’t return results on how to add new syslog entries, only how to configure syslog.

It was much easier than I hoped for:

logger TEST

With a default configuration this then ends up in /var/log/syslog.log:

grep TEST /var/log/syslog.log

2019-07-29T10:48:31Z root: TEST

Now I know the command, I found

• [WayBack] Shell scripting: Write message to a syslog / log file – nixCraft.
• [WayBack] logger(1) – Linux man page Logger makes entries in the system log. It provides a shell command interface to the syslog(3) system log module.
• [WayBack] busybox/logger.c at master · mozilla-b2g/busybox

–jeroen

Rephrased from [WayBack] Jeroen Wiert Pluimers – Google+:

If you install a virtual machine, ensure the disk controller and disks are SCSI based.

This has many advantages, including:

• speed (usually the SCSI drivers can be paravirtualised)
• hot addition of new disks

It holds for virtually any virtualization platform including all non-ancient (less than ~10 year old) versions of:

• VMware (Workstation, Viewer, but I expect this also to work on vSphere, ESXI, Fusion)
• Hyper-V
• KVM (and therefore Proxmox)
• VirtualBox

Based on my notes in the above link and the links below:

Note this isn’t just for Linux guests/hosts: Most guests (including Windows) can do a SCSI bus re-scan and detect new SCSI devices.

The trick here is that the guest must already have a virtual SCSI controller (adding that will require a reboot of the guest).

Then adding a new SCSI disk on that controller from any host (Windows, Mac, ESXi, vSphere) should work fine.

• [WayBack] 23 Best Practices to improve Hyper-V and VM Performance
• [WayBack] Which vSCSI controller should I choose for performance? – VMware vSphere Blog
• [WayBack] vSphere Documentation Center: Introduction to Storage
• [WayBack] To add a new disk to a running Windows VM | www.extropy.com
• [WayBack] The three mistakes I made creating a Hyper-V virtual machine – TechRepublic
• [WayBack] SCSI and SATA Storage Controller Conditions, Limitations, and Compatibility

–jeroen

Failed to reconfigure virtual machine W81Entx64-vs2017. There are insufficient licenses to complete this operation.

Searching for “There are insufficient licenses to complete this operation.” memory did not reveal much, so at first I thought I had a memory issue.

A quick look at esxtop in memory (m) mode indicated that was totally fine:

BTW: esxtop is a fantascit tool, with truckloads of information, so you should definitely read these:

• [WayBack] ESXTOP – Yellow Bricks
• [WayBack] Interpreting esxtop 4.1 Statistics |VMware Communities (still very relevant)

Then something occurred to me:

The cause was that I tried to update the memory of an ESXi Windows VM which I thought I had shut-down from within Windows, but actually bumped an error message during the shutdown.

Shutting down properly (shutdown -s -t 0 in Windows), then increasing the memory worked fine:

Virtual machine W81Ent64-vs2017 was successfully reconfigured.

ESXi cannot increase the memory of a live system, hence the license error as per [WayBack] VMware Hot-Add: How and When to Use it:

One of the most common questions I receive on the daily management of virtual machines is if you should turn on hot-add features and why doesn’t VMware turn them on by default. The answer is very clear.

What are the requirements for Hot-add/Hot-plug:

• Your virtual machines need to run at minimum hardware version 7.
• Hot-add/Hot-Plug is not compatible with Fault Tolerance
• vSphere Advanced, Enterprise or Enterprise plus.
• Only hot-add is possible. You cannot “hot-remove” RAM or vCPUs.
• Hot-Add/Hot-plug must be supported by the VM operating system!
• Guest-OS licensing limitations need to be monitored and taken into consideration. You are changing the number of vCPUs/RAM!

–jeroen

With virtual disks, at least these three levels are involved:

• partition or volume (often called drive) size
• virtual disk size
• virtual disk backing store size

When talking about shrinking disks, they usually explain about below steps, assuming there is a 1:1:1 mapping of the above and backing store of the disk is dynamically growing:

1. defragment the files on a partition/volume
2. zero-fill the non-used space
3. shrink the virtual disk assuming it is a dynamically growing one

For various reasons, virtualisation environments can have pre-allocated virtual disks ensuring the space on the backing store is firmly reserved.

One such occasion can be in VMware (often required for instance with vSphere/ESXi/ESX based infrastructure, but can also be used in Workstation/Fusion/Player) or Virtual Box in fixed disk mode (default there is dynamic).

Here are some links that should me help shrink in those situations:

• Shrinking inside Windows 7 and up is easy with Disk Management (but be aware that NTFS cannot shrink below a certain size which is usually half the size your started with; I need to find links that back this up): [WayBack] Easily Shrink a Volume on a Windows 7 Disk
• VirtualBox has a great VBoxManage tool (both on Windows and Linux/MacOSX) with lots of virtual disk conversion options that are somewhat under-documented:
  • [Archive.is] virtualbox.org • View topic – Question about –variant options (clonehd)
    Note to self: VMware Workstation/Player/Fusion is happy with --variant Standard but ESX/ESXi/vSphere requires --variant Fixed,ESX (see [WayBack] Import VirtualBox VMs in VMware ESXi)
  • VDI might be an easier route than VMDK: [WayBack] How to resize a VirtualBox vmdk file – Stack Overflow and the very similar [WayBack] How to resize a VirtualBox .vmdk file on MacOS – Vuong Tran – Medium
• For dynamically allocated disks only: [WayBack] Compacting VirtualBox Disk Images – Windows Guests (tips on SDelete and ZeroFree are at[WayBack] How to Shrink a VirtualBox Virtual Machine and Free Up Disk Space)
• VMware has a virtual disk split over 2 files: a text file describing the disk and a binary file with the actual disk content, so if you know you are doing you can modify the description, then migrate to other storage to shrink the binary [WayBack] Shrink a VMware Virtual Machine Disk (VMDK) – virtualman via [WayBack] Best way to shrink a VMDK file (D Drive) of a VM ? |VMware Communities even though [WayBack] Growing, thinning, and shrinking virtual disks for VMware ESX and ESXi (1002019) tells it is not possible.
• For dynamically allocated disks, VMware Workstation 5 and up can do it as well: [WayBack] Shrinking Virtual Disks
• [WayBack] How to Shrink a Hyper-V Virtual Disk (VHD and VHDX)
• Paragon Hard Disk Manager (HDM) can migrate NTFS partitions from one disk to another, so you can create a smaller virtual disk, then migrate to that.

More on conversion:

• [WayBack] How to convert VirtualBox VDI to VMware VMDK disks
• [WayBack] Importing a virtual machine running in an Oracle VirtualBox to VMware Fusion, Workstation, or Player (2053864) (.OVA seems to use the --variant Streamed)

–jeroen

PS: a useful tip by Joe C. Hecht on shrinking:

Oh… On shrinking VM Disks, I make a new growable disk, then use a utility to “smart copy” the partions to the new disk (then replace the disk files in the VM). The “smart copy” just copies the file system – IE what is used (I use an old copy of Paragon Hard Drive Manager). It works out a lot better than writing “zeros”. I then make a compressed image of the whole VM using  rar5 compression with a 1GB dictionary size. I then have batch files that can unrar the VM’s on a moments notice (from a collection of over 300).

The short answer is: you can’t use telnet. But you can use alternatives, obviously. For instance, to troubleshoot some iSCSI connectivity problems, you would be used to doing something as this. ~ # telnet 10.0.2.3 3260 -ash: telnet: not found Instead, you can use netcat to test the connectivity. ~ # nc -z 10.0.2.3 3260 […]

Source: [Archive.is/WayBack] Using telnet from the VMware 5.x ESXi shell

The VMware knowledgebase mentions a few other alternatives as well (of which telnet obviously does not work):

• [WayBack] Using Curl to test port connectivity in VMware vCenter Server Appliance (2097039)
• [WayBack] Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi (2020669)
  • ping/vmkping to troubleshoot network connectivity between two servers.
  • telnet to troubleshoot TCP port connectivity.
  • netcat (nc) to troubleshoot TCP port connectivity.
  • openssl to troubleshoot SSL port connectivity and verify SSL certificate information.
  • tcpdump and tcpdump-uw to collect packet traces to troubleshoot network issues.
  • netstat and esxcli network to view active TCP/UDP connections to the host.

–jeroen

When rearranging storage locations, I had to move a few VMs to different data stores.

So I removed them from the inventory, moved them to another datastore, then re-added them as a set.

Besides getting new VM IDs (which I expected), ESXi 6.5 U1 also managed to change the below fields (which I did not expect) without a warning like “did you move or copy” which you get when moving VMs around on VMware Fusion (Mac OS X) and VMware Workstation/Player (Windows).

The bold values were changed from:

uuid.location = "56 4d 6f 23 aa 92 bf 2b-16 d9 9a 4b 95 4d e7 8e"
uuid.bios = "56 4d 02 3c ea 9e dc 12-18 4f a4 64 c1 f7 f0 fe"
ethernet0.generatedAddress = "00:0c:29:f7:f0:fe"

To:

uuid.location = "56 4d 4c e8 a3 81 c6 db-d6 f2 7f 32 0d fe 2e 29"
uuid.bios = "56 4d 4c e8 a3 81 c6 db-d6 f2 7f 32 0d fe 2e 29"
ethernet0.generatedAddress = "00:0c:29:fe:2e:29"

The bold-italic values correspond to the changed MAC address.

This caused the VMs (which were suspended before the move) to loose their MAC bound static DHCP addresses after the lease time expired: since the new MAC addresses were not statically bound, they got fresh ones causing all sorts of connection problems.

Trying to assign back the original MAC address in the Web UI by hand gets you this error when the virtual machine starts (not when you save the MAC address):

Invalid MAC address specified.
xx:xx:xx:xx:xx:xx is not a valid static Ethernet address. It conflicts with VMware reserved MACs for other usage.

What I did was

1. suspend the machines.
2. bring ESXi into maintenance mode,
3. changed the values back,
4. moved ESXI out of maintenance mode,
5. then unsuspended the VMs one by one
   now I did get the “I moved it” versus “I copied it” question
   

For this particular machine, the uuid.location was still changed, but now uuid.bios and ethernet0.generatedAddress were now left in tact:

uuid.location = "56 4d 4c e8 a3 81 c6 db-d6 f2 7f 32 0d fe 2e 29"
uuid.bios = "56 4d 02 3c ea 9e dc 12-18 4f a4 64 c1 f7 f0 fe"
ethernet0.generatedAddress = "00:0c:29:f7:f0:fe"

On another VM that I moved between data stores, after confirming the “I Moved It”, the migration went OK, so I am not sure about the cause. In that case the before/after situation were these (only the bold values were changed):

uuid.location = "56 4d d5 e2 79 b4 a6 76-aa 13 3d 18 e5 4d c0 00"
uuid.bios = "56 4d 38 d7 9c a0 98 24-3c e4 79 00 54 5d 35 ef"
vc.uuid = "52 91 00 37 03 ed 87 34-ec 06 ba 28 f6 85 b4 29"

uuid.location = "56 4d 88 e6 a0 17 bb 01-cb 8c e3 ce fa e8 05 61"
uuid.bios = "56 4d 38 d7 9c a0 98 24-3c e4 79 00 54 5d 35 ef"
vc.uuid = "52 91 00 37 03 ed 87 34-ec 06 ba 28 f6 85 b4 29"

Conclusion

The uuid.bios directly affects the generatedAddress of the network adapters. Initially it is related to the uuid.location, but does not need to be.

When migrating, keep the old data for comparison: compare the .vmx files after starting the migrated machine, and correct the uuid.bios and various ethernet#.generatedAddress values when needed.

Besides the well known 00:50:56:XX:YY:ZZ MAC address range there is also 00:0c:29:XX:YY:ZZ.

Background reading

• [WayBack] Setting the UUID for a Virtual Machine that Is Being Moved
• [WayBack] Can I change or generate the uuid.location and uuid.bios by vCLI command? Or I have to use the VMware API function?… |VMware Communities
• [WayBack fails] KB Article Detail: Changing the MAC address of a hosted virtual machine (507)
• [WayBack] MAC error after upgrading from vSphere 5.0 to 5.1 |VMware Communities
• [WayBack fails] Unable to manually change MAC address for virtual machine (2007042)
• [WayBack] Attempt to Power On a Virtual Machine Fails Due to a MAC Address Conflict
• [WayBack fails] Powering on a virtual machine after migrating to VMware vCenter Server 5.x fails with error: Invalid MAC address specified (2035707)
• [WayBack] Move VMware ESXi VM to new datastore – preserve thin-provisioning – Server Fault

–jeroen

I tried repeating VMware KB: Configuring Network Time Protocol (NTP) on ESX/ESXi hosts using the vSphere Client in ESXi 6.5 using the web-client (the steps are very similar, see [WayBack] How to configure ESXi 6.5 Network Time Protocol (NTP) via Host Client? | ESX Virtualization).

It failed with the non-descriptive “Failed – An error occurred during host configuration.”:

Viewing the details isn’t of much help as you do not get extra information:

	Start Service
	Key	haTask-ha-host-vim.host.ServiceSystem.start-139845177
	Description	Starts the service
	State	Failed – An error occurred during host configuration.
	Errors

The /var/log/hostd.log did not get me further either:

2018-04-28T11:31:48.159Z info hostd[B881B70] [Originator@6876 sub=Vimsvc.TaskManager opID=4a8dc318 user=root] Task Created : haTask-ha-host-vim.host.ServiceSystem.start-139845360
2018-04-28T11:31:48.160Z verbose hostd[B881B70] [Originator@6876 sub=PropertyProvider opID=4a8dc318 user=root] RecordOp ADD: recentTask["haTask-ha-host-vim.host.ServiceSystem.start-139845360"], ha-host. Sent notification immediately.
2018-04-28T11:31:48.160Z verbose hostd[B881B70] [Originator@6876 sub=PropertyProvider opID=4a8dc318 user=root] RecordOp ADD: recentTask["haTask-ha-host-vim.host.ServiceSystem.start-139845360"], ha-taskmgr. Applied change to temp map.
2018-04-28T11:31:48.160Z verbose hostd[B881B70] [Originator@6876 sub=PropertyProvider opID=4a8dc318 user=root] RecordOp ASSIGN: info, haTask-ha-host-vim.host.ServiceSystem.start-139845360. Applied change to temp map.
2018-04-28T11:31:48.160Z info hostd[B881B70] [Originator@6876 sub=SysCommandPosix opID=4a8dc318 user=root] ForkExec(/etc/init.d/ntpd) 205307
2018-04-28T11:31:48.213Z info hostd[B881B70] [Originator@6876 sub=SysCommandPosix opID=4a8dc318 user=root] ForkExec(/etc/init.d/ntpd) 205309
2018-04-28T11:31:48.265Z info hostd[B881B70] [Originator@6876 sub=Default opID=4a8dc318 user=root] AdapterServer caught exception: vim.fault.PlatformConfigFault
2018-04-28T11:31:48.266Z info hostd[B881B70] [Originator@6876 sub=Vimsvc.TaskManager opID=4a8dc318 user=root] Task Completed : haTask-ha-host-vim.host.ServiceSystem.start-139845360 Status error
2018-04-28T11:31:48.266Z verbose hostd[B881B70] [Originator@6876 sub=PropertyProvider opID=4a8dc318 user=root] RecordOp ASSIGN: info, haTask-ha-host-vim.host.ServiceSystem.start-139845360. Applied change to temp map.
2018-04-28T11:31:48.266Z info hostd[B881B70] [Originator@6876 sub=Solo.Vmomi opID=4a8dc318 user=root] Activation [N5Vmomi10ActivationE:0x0c012328] : Invoke done [start] on [vim.host.ServiceSystem:serviceSystem]
2018-04-28T11:31:48.266Z verbose hostd[B881B70] [Originator@6876 sub=Solo.Vmomi opID=4a8dc318 user=root] Arg id:
--> "ntpd"
2018-04-28T11:31:48.266Z info hostd[B881B70] [Originator@6876 sub=Solo.Vmomi opID=4a8dc318 user=root] Throw vim.fault.PlatformConfigFault
2018-04-28T11:31:48.266Z info hostd[B881B70] [Originator@6876 sub=Solo.Vmomi opID=4a8dc318 user=root] Result:
--> (vim.fault.PlatformConfigFault) {
--> faultCause = (vmodl.MethodFault) null,
--> faultMessage = <unset>,
--> text = ""
--> msg = ""
--> }

This did not reveal any more information, so I started digging:

1. 1. In /etc/init.d/ntpd, via NTPD_CONFIG="/etc/ntp.conf" the /etc/ntp.confis queried:

      ntp_servers=`awk '
                   /^server[ \t]*127.127/ {next}
                   /^(server|peer)/       {
                      if ($2 ~/^-/)       {printf "%s " $3}
                      else                {printf "%s " $2}}
                   ' < ${NTPD_CONFIG}`

   2. This file did not have any servers configured:

      # cat /etc/ntp.conf
      restrict default kod nomodify notrap nopeer noquery
      restrict 127.0.0.1
      driftfile /etc/ntp.drift
      

So it appeared that copy/paste this in the web-environment had not been persisted correctly:

0.pool.ntp.org
1.pool.ntp.org
2.pool.ntp.org
3.pool.ntp.org

I re-did the configuration by typing the correct data in stead of pasting and now everything worked fine: the service started and the config file has servers:

# cat /etc/ntp.conf
restrict default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
server 0.pool.ntp.org
1.pool.ntp.org
2.pool.ntp.org
3.pool.ntp.org
driftfile /etc/ntp.drift

It would be so nice if /etc/init.d/ntpd would show why it performs return 1 and the service start mechanism would reflect that in the errors part of the failure message.

Verifying ntpd got the client information

Two steps:

1. Check if ntpd is running
   

   Bad response (ensure the service is started, and starts with the host, see How to configure ESXi 6.5 Network Time Protocol (NTP) via Host Client? | ESX Virtualization):

   [root@ESXi-X10SRH-CF:~] /etc/init.d/ntpd status
   ntpd is not running

   Good response:

   [root@ESXi-X10SRH-CF:~] /etc/init.d/ntpd status
   ntpd is not running

2. Check if the ntpq can query the ntpd client status. It is is not running, then see step 1. If it is not initialising, then you might have a network problem
   

   Bad response:

   [root@ESXi-X10SRH-CF:~] ntpq -pn
   ntpq: read: Connection refused

   Response while waiting for an ntp refresh:

   [root@ESXi-X10SRH-CF:~] ntpq -pn
        remote           refid      st t when poll reach   delay   offset  jitter
   ==============================================================================
    149.210.199.182 .INIT.          16 u    -   64    0    0.000    0.000   0.001

   Good response:

   [root@ESXi-X10SRH-CF:~] ntpq -pn
        remote           refid      st t when poll reach   delay   offset  jitter
   ==============================================================================
    149.210.199.182 193.79.237.14    2 u   61   64    1    3.423   -0.296   0.001

–jeroen

Interesting for vSphere clusters: [WayBack] HOW TO: Configure Shared Diagnostic Partition on VMware ESX host | vStrong.info

–jeroen

I had to shrink down a Windows disk of an ESXi based Virtual Machine from 240 Gibibyte to about 140 gigabyte.

In this case, it was Windows 7 on ESXi 6.5, but the actual versions do not really matter.

The only way to decrease ESXi .vmdk files is by fiddling with disk sector counts in the text based .vmdk files (not the binaries .vmdk files!) of a diskname.vmdk / diskname-flat.vmdk text/binary pair. This is described for instance in these two articles:

• [WayBack] How to Shrink a VMDK file in ESX – vBrownBag
  

  # Extent description
RW 52428800 VMFS "foo-flat.vmdk"

  The value between RW and VMFS is the size of disk in sectors.

  After changing the value, you can use vmkfstools to clone this disk.

• [WayBack] Shrink a VMDK with VMKFSTOOLS – Bonus Bits has a more step by step approach of the above link.

Notes:

1. This article presumes you already shrunk your NTFS partition (for instance as described in Consolidating NTFS free space).
2. If you only have a binary .vmdk file, then you can use vmkfstools to create a text/binary pair for you, for instance by using these commands:
   vmkfstools --clonevirtualdisk Windows7.vmdk Windows7.thick.vmdk
vmkfstools --clonevirtualdisk Windows7.vmdk Windows7.thin.vmdk --diskformat thin
3. You cannot workaround 2. as the --geometry functionality of vmkfstools only displays existing geometry, see
   • [WayBack] vghetto-scripts/vmkfstools-lamw at master · lamw/vghetto-scripts · GitHub
   • [WayBack] vmkfstools – vSphere CLI for managing VMFS volumes.
   • [WayBack] Displaying Virtual Disk Geometry

ESXi has .vmdk files that count disk sizes in sectors, but the tooling that ship with Windows to not show partition sizes in sectors, especially not the partition ending sector.

All permutations of tooling like DISKPART, PowerShell, WMIC and terms partition, ending sector, cylinder, head, etc failed me to return built-in tools.

Luckily, “powershell” “partition” “ending sector” found the documentation for [WayBack] Test Disk | File System | Data Management titled “TestDisk Documentation, Release 7.1, Christophe GRENIER” which lead to:

[WayBack] TestDisk Download – CGSecurity

Download TestDisk & PhotoRec. TestDisk is a free and open source data recovery software tool designed to recover lost partition and unerase deleted files. PhotoRec is a file carver data recovery software tool.

It is available for many platforms, including Windows x86 (fully featured) and x64 (limited features):

• [WayBack] https://www.cgsecurity.org/testdisk-7.0.win.zip (stable)
• [WayBack] http://www.cgsecurity.org/testdisk-7.1-WIP.win.zip (work in progress)

There was also the much more convoluted PowerForensics which is also more difficult to install:

• [WayBack] Invoke-IR | PowerShell Digital Forensics and Incident Response: On the Forensic Trail – Master Boot Record (MBR)
• [WayBack] GitHub – Invoke-IR/PowerForensics: PowerForensics provides an all in one platform for live disk forensic analysis
• [WayBack] Invoke-IR | PowerShell Digital Forensics and Incident Response: Installing PowerForensics

As a check (because the calculations by hand are too cumbersome to trust on a first trey), I also downloaded the ISO image of gparted:

• [WayBack] GParted — Download
• http://downloads.sourceforge.net/gparted/gparted-live-0.31.0-1-i686.iso
• http://downloads.sourceforge.net/gparted/gparted-live-0.31.0-1-amd64.iso

Let’s get started for real!

Running TestDisk is easy

1. Start it with UAC confirmation:
   
2. Create the log file (which at first is in memory):
   
3. Select the unix based disk (so do NOT start with drive C: as we are after physical disks, not logical drives):
   
4. Windows drivers have an Intel/PC partition table, so select the first:
   
5. Now you see which partitions are on the disk, and where (at which ending cylinder/head/sector) it ends:
6. Now you can do the multiplication math from ending cylinder/head/sector to sector count: (17463 * 255 * 63) + (34 * 63) + 43 = 280545280
   • the first part is the ending cylinder number (17463) multiplied by heads per disk count (255) and sectors per cylinder count (63).
   • the second part is the ending head number (34) times sectors per cylinder count (63)
   • the third part is the ending cylinder number (43)

This is all very cumbersome, so let’s verify this

Running gparted

Booting from CD-ROM requires a boot delay (longer than the default of 0 milliseconds):

That way you can press Esc during boot to get into the boot-order menu, and change it to CD-ROM boot:

Too bad the gParted people choose a psychedelic background bleed:

Anyway: here are the steps in gParted to get the sector counts:

1. Use the default keyboard layout:
   
2. Keep default language:
   
3. Keep default video settings:
   
4. Select the lowest partition (the “unallocated” one):
   
5. Now in the menu, choose “Partion”, then “Information:
   
6. The first sector of the unallocated partition is 1 sector beyond the last used partition 280545280 versus 280545279 which matches the one we found:
   

Another example

(5112 * 255 * 63) + (40 * 63) + 48 = 82126848

–jeroen

In addition to ESXi: shrinking a Windows disk, you can shrink any ESXi thin provisioned disk by first exploding it with zero content, then shrinking it like described by [WayBack] How to Shrink a Thin VMDK on ESXi 5.0 | Boerlowie’s Blog.

It comes down to using this command:

 vmkfstools --punchzero myVirtualMachineDisk.vmdk

You can replace --punchzero with -K if you like more cryptic arguments.

This works because thin provisioned vmdk disk files are sparse files where zero content can be non-allocated.

The trick requires all empty space to be zeroed out (which usually comes down using a tool like sdelete on Windows or shred on Linux), hence the “exploding” in the post title.

For a good explanation on thin, versus thick versus eagerlyZeroedThick, read [WayBack] Thin Provisioning – What’s the scoop? – VMware vSphere Blog.

A few remarks:

• this only works within datastores, so when you transfer your file out, then the file will be the thick size
• an OVF exported virtual machine will benefit from thin provisioned disks
• the du command will show the actual storage size (including the savings from think provisioned disks)
• the ls command will show then “virtual” storage size (excluding any thin provisioning gains)
• the difference between ls and du output is the thin provisioning gain

–jeroen

Just in case I have a VM with only IDE disks of which one ore more need to become SCSI disks: [WayBack] Converting a virtual IDE disk to a virtual SCSI disk (1016192)

TL;DR

1. Add one SCSI disk
2. Install drivers for it and get it recognised
3. When the VM is shutdown:
   1. Modify the disk description of the IDE disk to SCSI (hack) or
   2. (often easier) remove the disk, then attach it to the SCSI controller

–jeroen

Interesting: I never realised that getting MacOS installed on ESXi was relatively easy!

[WayBack] OSX 10.13 with vSphere 6.7 – Virtual Odyssey:

vCenter 6.7a/ESXi 6.7a Installing OSX 10.13 seemed pretty straight forward on 6.7. Essentially, you mount the ISO as per usual, and the only thing I had to do before starting the installation was to format the disk via terminal. Once…

So no need for all this:

• [WayBack] GitHub – DrDonk/esxi-unlocker: VMware ESXi macOS
• [WayBack] GitHub – DrDonk/unlocker: VMware Workstation macOS
• [WayBack] Anyone use UNLOCKER on ESXI 6.7? : vmware
• [WayBack] macOS virtualized on ESXi? : hackintosh
• [WayBack] Create a macOS/OS X VM on VMware ESXi 6.5 & VMware Workstation 12.x | iThinkVirtual

–jeroen

Sometimes I forget the choco install mnemonics for various tools, so here is a small list below.

Of course you have to start with an administrative command prompt, and have a basic Chocolatey Installation in place.

If you want to clean cruft:

choco install --yes choco-cleaner

Basic install:

choco install --yes 7zip
choco install --yes everything
choco install --yes notepadplusplus
choco install --yes beyondcompare
choco install --yes git.install --params "/GitAndUnixToolsOnPath /NoGitLfs /SChannel /NoAutoCrlf /WindowsTerminal"
choco install --yes hg
choco install --yes sourcetree
choco install --yes sysinternals

For VMs (pic one):

choco install --yes vmware-tools
choco install --yes virtio-drivers

For browsing (not sure yet about Chrome as that one has a non-admin installer as well):

choco install --yes firefox

For file transfer (though be aware that some versions of Filezilla contained adware):

choco install --yes filezilla
choco install --yes winscp

For coding:

choco install --yes vscode
choco install --yes atom

For SQL server:

choco install --yes sql-server-management-studio

For web development / power user:

choco install --yes fiddler

For SOAP and REST:

choco install --yes soapui

If you don’t like manually downloading SequoiaView at gist.github.com/jpluimers/b0df9c2dba49010454ca6df406bc5f3d (e8efd031d667de8a1808d6ea73548d77949e7864.zip):

choco install --yes windirstat

For drawing, image manipulation (paint.net last, as it needs a UI action):

choco install --yes gimp
choco install --yes imagemagick
choco install --yes paint.net

For ISO image mounting in pre Windows 10:

choco install --yes wincdemu

For hard disk management:

choco install --yes hdtune
choco install --yes seatools
choco install --yes speedfan

For Fujitsu ScanSnap scanners (not sure yet this includes PDF support):

choco install --yes scansnapmanager

–jeroen

I still like this board: Supermicro | Products | Motherboards | Xeon® Boards | X9SRi-3F.

It has been in a storage solution for a while, uses OK power, has not many SATA ports, but enough slots for expansion cards, and comes with two network connections and 8 slots which I fitted with a total of 256 gibibyte of memory.

Some links, as SuperMicro tends to hide them behind POST requests:

• Manual: [WayBack] MNL-1284.pdf
• Quick Reference Guide: [WayBack] QRG-1284.pdf
• BIOS:
  • [WayBack] disclaimer.cfm?SoftwareItemID=5714
    • [WayBack] 5714/X9SRi8_529.zip
  • [WayBack] 5714/X9SRI_X9SRE_BIOS_3_3_release_notes.pdf
• IPMI Firmware Downloads:
  • [WayBack] disclaimer.cfm?SoftwareItemID=2777
    • [WayBack] 2777/SMT_X9_319.zip
• Driver CD:
  • [WayBack] ISO_Download.cfm?Target=CDR-X9-UP/
    • [WayBack] CDR_Images/CDR-X9-UP/
    • [WayBack] CDR-X9-UP_1.22_for_Intel_X9_UP_platform.iso
    • [WayBack] CDR-X9-UP_1.23_for_Intel_X9_UP_platform.iso
    • [WayBack] CDR-X9-UP_1.23_for_Intel_X9_UP_platform.zip
    • [WayBack] CheckSum.txt

Note that IPMI over je Java Web Start.app runs into certificate signing issues, so better use Supermicro IPMIViewer for this:

• [WayBack] Supermicro IPMI Utilities | Supermicro Server Management Utilities | Products – Super Micro Computer, Inc.
• [WayBack] Supermicro Intelligent Management | Supermicro Server Management Utilities | Products – Super Micro Computer, Inc.
  • [WayBack] disclaimer.cfm?url=https://www.supermicro.com/wftp/utility/IPMIView/
    • [WayBack] IPMIView/
    • [WayBack] IPMIView/CheckSum.txt
    • [WayBack] IPMIView/IPMIView20.pdf
    • [WayBack] IPMIView/IPMIView_MicroBlade_User_Guide.pdf
    • [WayBack] IPMIView/IPMIView_SuperBlade_User_Guide.pdf
    • [WayBack] IPMIView/Linux/
      • [WayBack] IPMIView/Linux/CheckSum.txt
      • [WayBack] IPMIView/Linux/IPMIView_2.15.0_build.190109_bundleJRE_Linux.tar.gz
      • [WayBack] IPMIView/Linux/IPMIView_2.15.0_build.190109_bundleJRE_Linux_x64.tar.gz
    • [WayBack] IPMIView/Windows/
      • [WayBack] IPMIView/Windows/CheckSum.txt
      • [WayBack] IPMIView/Windows/IPMIView_2.15.0_build.190109_Windows.exe
      • [WayBack] /IPMIView/Windows/IPMIView_2.15.0_build.190109_Windows.zip
  • [WayBack] disclaimer_manuals.cfm?url=https://www.supermicro.com/wftp/utility/IPMIView/IPMIView20.pdf
    • [WayBack] IPMIView20.pdf

IPMIView links via:

• [WayBack] java – How to run IPMI consoles now that NPAPI plugins are no longer supported? – Server Fault

The errors when running the KVM Console from your web browser are waved away by SuperMicro, but more and more people bump into them:

• [WayBack] FAQ Entry | Online Support | Support – Super Micro Computer, Inc.: In regards to the JNLP which downloads for the Remote Console window.
  The certificate belongs to Super Micro and it is used when the JNLP application is built to digitally sign the application. It is then checked by Java before running the application to make sure it can be trusted.
• [WayBack] FAQ Entry | Online Support | Support – Super Micro Computer, Inc.: “Unable to find certificate in Default Keystore for validation.”

–jeroen

Sometimes you have a long enough password, that matches with the confirmation, but pressing “Enter” to continue gives “Password does not have enough character types”:

From [WayBack] Disable ESXi Password Complexity – Perfect Cloud:

A part of my job as a VMware Certified Instructor is to update our lab systems whenever new vSphere versions come out.   After upgrading from 5.5 to 6.0 I decided we should change passwords, h…

This is the workflow:

1. Make a backup of /etc/pam.d/passwd.
2. Use vi to edit /etc/pam.d/passwd, and:
   1. Put a # in front of the lines starting with password requisite
   2. Remove the use_authtok bit of the line starting with password sufficient
   3. Put a # in front of the line starting with password required
   4. Quit vi while saving (press Esc, then enter :wq on the prompt)
3. Change the password to a less secure one
4. Restore the original /etc/pam.d/passwd.

Via: esxi 6 force short password – Google Search

Working around this on during ESXi installation fails

I tried this:

1. Press Alt-F1 to go from the installation screen to the console screen
2. Logon as root, with no password at all to get to the command-prompt:
   

3. Perform the /etc/pam.d/passwd editing steps above
4. Press Alt-F2 to go back to the install screen
5. Enter root password

The password requirements stayed.

(more screenshots at [WayBack] ESXi 6.7 installation Guide – Let We-i Go)

Related

• [WayBack] passwdqc – password/passphrase strength checking and policy enforcement toolset for your servers and software
• [WayBack] installing ESXi 6.7, stuck on root password with this message :password must be at least 7 characters long : vmware
  

  The default required password complexity changed between 6.5 and 6.7.

  In addition to needing to be at least seven characters, the password must include at least three of the four character classes:

  • Upper case – exception: the first character being upper case does not count towards the class requirement

  • Lower case

  • Numbers – exception: the last character being a number does not count towards the class requirement

  • Symbols

  Also, no dictionary words (whether spelt forwards or backwards).

• [WayBack] ESXi Passwords and Account Lockout
  

  For ESXi hosts, you have to use a password with predefined requirements. You can change the required length and character class requirement or allow pass phrases using the Security.PasswordQualityControl advanced option.

• “Security.PasswordQualityControl” – Google Search
• [WayBack] ESXi 6.x Password Calculator for Security.PasswordQualityControl | Virtually Blogging
  • [WayBack] Password-Calc.xlsx
  • [WayBack] ESXi Passwords and Account Lockout
• [WayBack] Virtual Maestro: VMware ESXi 6.X password policy
• [WayBack] VMware ESXi6 Password Policy – ivobeerens.nl
• [WayBack] Virtual Maestro: VMware ESXi 6.X password policy
• [Archive.is] vSphere Documentation Center
  

  Example: Editing /etc/pam.d/passwd

  password requisite /lib/security/$ISA/pam_passwdqc.so retry=N min=N0,N1,N2,N3,N4

  values

  password requisite /lib/security/$ISA/pam_passwdqc.so retry=3 min=12,9,8,7,6

  With this setting in effect, the password requirements are:

  • retry=3: A user is allowed 3 attempts to enter a sufficient password.
  • N0=12: Passwords containing characters from one character class must be at least 12 characters long.
  • N1=9: Passwords containing characters from two character classes must be at least nine characters long.
  • N2=8: Passphrases must contain words that are each at least eight characters long.
  • N3=7: Passwords containing characters from three character classes must be at least seven characters long.
  • N4=6: Passwords containing characters from all four character classes must be at least six characters long.

• [WayBack] VMware:ESXi Kennwortsicherheit heruntersetzen oder ändern – znilwiki
  

  Passwortklassen sind schlicht

  Grossbuchstaben
  Kleinbuchstaben
  Zahlen
  Sonderzeichen

  wobei das erste Zeichen nicht zählt. Also gilt

  dumpfbacke     : 1 Passwortklasse
  Dumpfbacke      : 1 Passwortklasse
  DumpfBacke      : 2 Passwortklassen
  DumpfBacke1     : 3 Passwortklassen
  DumpfBacke1%            : 4 Passwortklassen

  Indem man alle Werte auf 0 setzt, also

  password   requisite    /lib/security/$ISA/pam_passwdqc.so retry=3 min=0,0,0,0,0

  schaltet man alle Anforderungen aus.
  Alternativ geht das auch mit

  password   requisite    /lib/security/$ISA/pam_passwdqc.so retry=3 min=8,8,8,7,6 enforce=none

On my ESXI 6.5 system where the italic bit is removed, besides the two lines being commented out:

1. original /etc/pam.d/passwd:
   

   #%PAM-1.0
   
   # Change only through host advanced option "Security.PasswordQualityControl".
   password   requisite    /lib/security/$ISA/pam_passwdqc.so retry=3 min=disabled,disabled,disabled,7,7
   password   sufficient   /lib/security/$ISA/pam_unix.so use_authtok nullok shadow sha512
   password   required     /lib/security/$ISA/pam_deny.so
   

2. modified /etc/pam.d/passwd:
   

   #%PAM-1.0
   
   # Change only through host advanced option "Security.PasswordQualityControl".
   #password   requisite    /lib/security/$ISA/pam_passwdqc.so retry=3 min=disabled,disabled,disabled,7,7
   password   sufficient   /lib/security/$ISA/pam_unix.so nullok shadow sha512
   #password   required     /lib/security/$ISA/pam_deny.so
   

On my ESXI 6.7 system (which adds the bold lines below):

1. original /etc/pam.d/passwd:
   

   #%PAM-1.0
   
   # Change only through host advanced option "Security.PasswordQualityControl".
   password   requisite    /lib/security/$ISA/pam_passwdqc.so retry=3 min=disabled,disabled,disabled,7,7
   
   # Change only through host advanced option "Security.PasswordHistory"
   password   requisite    /lib/security/$ISA/pam_pwhistory.so use_authtok enforce_for_root retry=2 remember=0
   
   password   sufficient   /lib/security/$ISA/pam_unix.so use_authtok nullok shadow sha512
   password   required     /lib/security/$ISA/pam_deny.so
   

2. modified /etc/pam.d/passwd:
   

   #%PAM-1.0
   
   # Change only through host advanced option "Security.PasswordQualityControl".
   #password   requisite    /lib/security/$ISA/pam_passwdqc.so retry=3 min=disabled,disabled,disabled,7,7
   
   # Change only through host advanced option "Security.PasswordHistory"
   #password   requisite    /lib/security/$ISA/pam_pwhistory.so use_authtok enforce_for_root retry=2 remember=0
   
   password   sufficient   /lib/security/$ISA/pam_unix.so nullok shadow sha512
   #password   required     /lib/security/$ISA/pam_deny.so
   

–jeroen

A similar ESXi 6.5 box worked well to ssh into, but on ESXi 6.7 it failed:

SSH into ESXi 6.7 box resulting in “debug1: expecting SSH2_MSG_KEXDH_REPLY“, delay and after entering password “Permission denied, please try again.“

I had a hard time figuring out why: Login with the same user+password on the web user interface, DCUI and console shell work fine (see [WayBack] Enable SSH on VMware ESXi 6.x – VirtuBytes).

Searches that led me to EBCAK:

• Source: ssh failing to “esxi 6.7” – Google Search
• Source: “ssh” “esxi 6.7” “Permission denied, please try again.” – Google Search
• Source: “ssh” “esxi 6” “Permission denied, please try again.” – Google Search
• Source: “ssh” “Permission denied, please try again.” – Google Search

It almost felt like the /etc/passwd file thought the user had an empty password, but in fact it did not.

Adding an AllowUsers clause to ESXi in /etc/ssh/ssd_config, then performing /etc/init.d/SSH restart failed as well, and should not be needed anyway (default is all users having a valid shell can login, including root as on ESXi,  by default has PermitRootLogin yes) (via [WayBack] server – Permission denied please try again ssh error – Ask Ubuntu).

Setting LogLevel debug from LogLevel info in /etc/ssh/ssd_config did not change anything (not even after restarting sshd, or rebooting): it did not even add any more logging in /var/log/syslog.log or any of the log files under /var/log or /scratch/log.

Ruling out lock-down mode:

# vim-cmd vimsvc/auth/lockdown_is_possible
false
# vim-cmd vimsvc/auth/lockdown_is_enabled
false

See [WayBack] New vSphere 4.1 CLI Utilities Marketing Did Not Tell You About Part 3 and [WayBack] HOW TO: Enable or Disable Lockdown Mode on VMware vSphere ESXi host | vStrong.info

Q: What is Lockdown Mode?
A: Lockdown Mode prevents users from logging directly to the host. The host will only be accessible through local console or vCenter Server. None of remote management options e.g. vCLI, PowerCLI script, SSH will work. When it is enabled, only vpxuser () has authentication permissions and can connect to the host remotely.

No password login also means no passwordless login

The above rules out easy uploading my public keys for doing passwordless login in [WayBack] ssh root@host – Permission denied, please try again. – Tarran Jones.

Delay annoyance

There is also an annoyance: it takes about 10 seconds before you can enter the password (adding -v -v -v reveals the wait is on debug1: expecting SSH2_MSG_KEXDH_REPLY).

Disabling/enabling SSH from the DCUI: not fully disabled

After disabling SSH from the DCUI, I could still connect over SSH.

So then I disabled the TSM-SSH service from the web interface (despite DCUI telling SSH was disabled, TSM-SSH was still active, strange!) as it hosts the SSH service. I could still perform my ssh command!

Then it occurred to me: the IP address in the web browser was one off from the IP address in my ssh command.

By sheer coincidence, the IPMI IP address was one lower than the LAN1 IP address. I had been ssh-ing into the IPMI interface all the time, never realising IPMI had support for the first place!

Restring the TSM-SSH service now suddenly did get me LogLevel debug output in /var/log/auth.log (backed by /scratch/log/auth.log and duplicated in /vmfs/volumes/<<ssd-volume>>/.locker/log/auth.log).

Learned three things

So learned three things the hard way:

1. Be more careful with IP-addresses
2. IPMI does ssh (but it is very undocumented)
3. DCUI enable/disable of SSH is not complete; TSM-SSH is

Some references:

• [WayBack] How to Enable SSH in the VMware ESXi Embedded Host Client:
  

  • the TSM-SSH service (SSH)
  • TSM (ESXi Shell)

• [WayBack] View, Start and Stop Remote Tech Support Mode (TSM-SSH) on All ESXi Servers – PowerCLI Get-VMHostService – VMadmin.co.uk
• [WayBack] Accessing Supermicro IPMI via SSH – Server Fault
• [WayBack] Supermicro IPMI Power On Server via SSH – ByteSizedAlex

–jeroen

This LSI 3008 HBA update to TI firmware is still on my wish list, but I could not find it when I bought the board in 2018.

[WayBack] Supermicro Single CPU Board for ESXi Home lab – Upgrading LSI 3008 HBA on the X10SRH-CLN4F | ESX Virtualization:

As you know my lab got an addition this year with Supermicro’s Single CPU board, the X10SRH-CLN4F. In this post we will be upgrading LSI 3008 HBA on the X10SRH-CLN4F.

…

I have learned a new way to patch via UEFI. In fact, it’s same (or easier) than through DOS-based bootable USB. The IT firmware can be reverted back to IR firmware as in the ZIP package there are both versions there. So in case you need a server with hardware RAID, you can use the IR version. I was actually wondering what it means the IT and IR and here is what I have found at LSI (Avago) website:

“IT” firmware maximizes the connectivity and performance aspects of the HBA. “IR” firmware offers RAID functionality via RAID 0, 1, and 10 capabilities.

Via:

• [WayBack] Reddit – X10SRL-F vs. X10SRH-CF (VM host) : homelab
• [WayBack] How to flash a LSI SAS 3008 HBA (e.g. IBM M1215) to IT mode
• [WayBack] LSI 3008 flash to P9 IT Firmware | iXsystems Community
• [WayBack] #10862: Update mpr driver to version 9 | Page 2 | iXsystems Community
  

  I just ran across this today – Supermicro posted new firmware on June 18, 2016 for the Avago/LSI 3008 SAS chip found on the X10SRH-CLN4F.
  This version FINALLY pairs up with the driver version contained in the current version of FreeNAS 9.10.xxxx. P12 firmware is currently correct for the V13 driver in FreeNAS 9.10.

  3008_FW_PH12.00.02.00.zip

  ftp://ftp.supermicro.com/Driver/SAS/LSI/3008/Firmware/

SR-IOV?

The step afterwards is to enable SR-IOV for this LSI 3008 HBA.

These links should help with that:

• “LSI 3008” “SR-IOV” – Google Search
• [WayBack] SR-IOV with LSI 3008? | ServeTheHome and ServeThe.Biz Forums
• [WayBack] virtual machine – IOV / SR-IOV / MR-IOV for non-network hardware – Super User
• [WayBack] ESXi whitebox: VT-d, SR-IOV, LSI 3008, Intel X550, FreeNAS, pfSense, AD and Exchange Server

–jeroen

A long time I wondered why I saw ESXi systems on my local network have two entries in their /etc/hosts file:

[root@ESXi-X10SRH-CF:~] cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1   localhost.localdomain localhost
::1     localhost.localdomain localhost
192.168.71.91   ESXi-X10SRH-CF ESXi-X10SRH-CF

Then I bumped into someone who had a different setup:

[root@ESXi-X10SRH-CF:~] cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1   localhost.localdomain localhost
::1     localhost.localdomain localhost
192.168.0.23    esxi.dynamic.ziggo.nl esxi

So now I knew that the first entry can have a domain resolving it (it still makes be wonder why ziggo is using a top-level domain to resolve local stuff; but searching for  dynamic.ziggo.nl did not get me further on that).

So I installed a quick ESXi machine on that local network, and got the same.

When back home the machine still thought it was esxi.dynamic.ziggo.nl, though clearly I was outside a Ziggo network

I wanted to get rid of it, but that was hard.

Since I forgot to take screenshots beforehand, I can only provide the ones without a search domain bellow.

Reminder to self: visit someone within the Ziggo network, then retry.

Normally you can edit things like these in the default TCP/IP stack. There are two places to change this:

• Web interface, at 192.168.71.91/ui/#/host/networking/netstacks/defaultTcpipStack:
  • The fields “Domain name” and “Search domains” are mandatory.
• DCUI, under “Configure Management Network”

Neither of these allowed me to change it to a situation like this, but luckily the console did.

In the below files, I had to remove the bold parts, then restart the management network (I did keep a text dump, lucky me):

[root@esxi:/etc] grep -inr ziggo .
./vmware/esx.conf:116:/adv/Misc/HostName = "esxi.dynamic.ziggo.nl"
./resolv.conf:2:search dynamic.ziggo.nl 
./hosts:5:192.168.71.194    esxi.dynamic.ziggo.nl esxi
[root@esxi:/etc] cat /etc/resolv.conf 
nameserver 192.168.71.3
search dynamic.ziggo.nl 
[root@esxi:/etc] cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1   localhost.localdomain localhost
::1     localhost.localdomain localhost
192.168.71.194  esxi.dynamic.ziggo.nl esxi

Future steps

1. Read more on local domains, search domains and related topics
2. Configure a local domain on my local network, so DHCP hands it out, and DHCP handed out host names are put in the local DNS
3. Test if all services on all machines still work properly

Reading list

• Zero-configuration networking – Wikipedia
• Multicast DNS – Wikipedia
• .localhost – Wikipedia
• .local – Wikipedia
• “esxi 6.7” dhcp configuration – Google Search
  • [WayBack] docs.vmware.com/en/VMware-vSphere/6.7/vsphere-esxi-671-installation-setup-guide.pdf
• esxi 6.7 dns settings – Google Search
  • Nutanix Portal: change the host name of the ESXi host by using the vSphere web client.
  • [WayBack] Change Host Hostname and DNS in vSphere 6.7 in vCenter. – VMware Blogs – VMware Blogs
    • [WayBack] Change Host Hostname and DNS in vSphere 6.7 in vCenter. – vBrainstorm.com
• esxi edit “search domain” – Google Search
  • [WayBack] Setting the DNS Configuration with ESXCLI
    

    The esxcli network ip dns namespace includes two namespaces.

    • esxcli network ip dns search includes commands for DNS search domain configuration.
    • esxcli network ip dns server includes commands for DNS server configuration.

    • [WayBack] Set Up a DNS Server with ESXCLI
    • [WayBack] Modify DNS Setup for a Preconfigured Server with ESXCLI
  • [Archive.is] vSphere Documentation Center: You can set the DNS configuration with ESXCLI or with vicfg-dns.
• “dynamic.ziggo.nl” – Google Search
  • [WayBack] Hoe verander ik het default DNS serveradres van mijn Technicolor TC7210.Z? | Ziggo Community
• VMotion fails if source and target ESX Hosts cannot resolve the other’s hostname (7985808)
• [WayBack] Add an Entry to ESXi /etc/hosts using PowerShell – vHersey – VCDX Two to the Seventh Power (#128)
  

  I could use vCLI, and that would be easy enough, but I wanted to figure out a way to do with PowerShell. In the article @lamw mentions the file management interface can be accessed with standard GET/PUT operations. The file management interface can be accessed with a Web Browser without enabling SSH on the ESXi host.

• ESXi 6.5: change the host name in the “new” vSphere HTML5 Web Client, or using DHCP option 12
• [WayBack] Setting static DNS record for each DHCP lease – MikroTik Wiki
• mikrotik dhcp server set dns search domain – Google Search
  • [WayBack] Adding Domain Search Option to Mikrotik DHCP – Medo’s Home Page
    • [WayBack] RFC 3397 – Dynamic Host Configuration Protocol (DHCP) Domain Search Option
  • [WayBack] Local Host Name Resolving Under Windows With Mikrotik’s DNS – Medo’s Home Page

–jeroen

Screenshots without a search domain

Web interface

DCUI