[Fixed] vSphere 5.1 cannot login with domain account after changing domain controller

We changed our domain controllers of our company these days. Of course, we did that by SOP:

  1. use dcpromo to promote new servers as domain controllers;
  2. migrate PDC and other critical roles to the new domain controllers;
  3. use dcpromo to depromote the old domain controllers.

After these steps, all Windows servers works great.

But we can use neither vSphere Client nor vSphere Web Client to login vCenter with a domain account any more.


By asking VMware support, we realize we have to adjust Single Sign On for this change.


  1. Open vSphere Web Client, using admin@system-Domain to login;
  2. Select Sign-On and Discovery – Configuration from the left panel;
  3. You will the a record related to your domain on the right;
  4. Select the record and make a screen capture of all information;
    (You cannot edit it directly, cos it won’t save successfully.)
  5. Delete that record and create a new one, with the same setting and new LDAP address;
    (For Authentication Type, the existed one may set to Reuse Session, but you have to change it Password and leave an account with password below. I don’t know the reason.)
  6. Save it.

All done.


Use MBR disk in ESXi 5

From ESXi 5.0, if you install ESXi to a empty hard disk, the target disk will be prepared with GPT-based partitions. That may cause some boot delay or even boot problem in some desktop motherboards.
Fortunately, you can use MBR mode instead of GPT.

1 Make a clean hard disk for ESXi. You can use any method to delete all partitions on that disk.
2 Boot with ESXi CD. During initial installation step, press Shift-O (letter, not number zero) when prompted (right down corner).
3 Type a space and “formatwithmbr” (without quotation marks). Press enter.
4 Go on setup. ESXi will make the target disk prepared with MBR-based partitions instead of GPT.


Normal Steps for Minimal Setup CentOS 6 on ESXi

1 Create a new VM as you wish. Install CentOS6 with minimal configuration. After installation, shutdown the VM.

shutdown –h now

2 Add a new E1000 network interface card (eth1 in this article, if not, change all related steps below).

3 Boot and login.

4 Setup a temporary network:

ifconfig eth1 <temporary ip> netmask <netmask> up
route add default gw <gateway>

  • if HTTP proxy is required: edit the yum configuration file.

vi /etc/yum.conf

and add these lines:

# The proxy server – proxy server:port number
# The account details for yum connections

  • if HTTP proxy is NOT required: edit DNS configuration file. See step 13.
  • if Route is required: edit route configuration file. See step 14.

5 Install perl, and update system.

yum install perl
yum update

6 Shutdown.

shutdown –h now

7 Remove the E1000 network interface card, which was inserted in step 2.

8 Boot and login.

9 Insert VMware Tools CD.

10 Install VMware Tools, and reboot. (NOTE: you may need to do this step every time after system update)

cd /
mount /dev/cdrom /media
tar –zvxf /media/VM*
cd vmware-tools-distrib/

follow the instructions on your screen.

umount /media

11 Wait for reboot and login.

12 Setup eth0

vi /etc/sysconfig/network-scripts/ifcfg-eth0

and add these lines:


  • if DHCP is enabled:


  • if static IP is preferred:


13 Setup DNS.

vi /etc/resolv.conf

and add these lines:

nameserver <1st DNS IP>
nameserver <2nd DNS IP>
domain <domain name> #your domain name, optional

14 Setup route.

vi /etc/sysconfig/network

and add these lines:

GATEWAY=<Gateway IP>

15 Reboot.


16 Disable SELINUX if you don’t like it.

vi /etc/sysconfig/selinux

find the line start with SELINUX=, and set it to disabled.


Important steps to do while upgrading from vSphere 4.1 to 5

1 Backup your vCenter database.

2 Uninstall all vSphere client and plugins. If VUM plugin cannot be uninstall successfully, check this.

3 Upgrade vCenter / VUM software.

4 If you have changed your database before upgrading, vCenter installer maybe setup a SqlServer 2008R2 Express but never used. You can follow this step to change the service dependence and uninstall this instance of SqlServer. Warning: Make sure the instance is truly useless before you uninstall it.

5 Install a vSphere client and a VUM plugin.

6 Open vSphere client, go to Home – Solutions and Applications – Update Manager, ESXi Images tab.

7 Click Import ESXi Image, upload the ESXi 5.0 installation ISO file.

8 Go to Baselines and Groups tab, create a new baseline for hosts with type Host Upgrade.

9 Go to Home – Inventory – Hosts and Clusters, select the cluster or esxi hypervisor, Update Manager tab.

10 Click Attach, to link your selected hypervisors with new created baseline.

11 Scan.

12 Put some of hypervisors into maintenance mode.

13 Important: go to Conguration tab – Software – Security Profile, disable the Lockdown Mode. Or, HA agants will be unable to upgrade.

14 Remediate (context menu item of hypervisor) with Upgrade baseline, select the remove 3rd drivers checkbox.

15 The progress will stay at 22% for more than 5 minutes. You will be notified to press Enter to restart by hypervisor console, not vSphere client. After you press Enter, the CDROM tray will be ejected. You have to close it manually. That is funny, right?

16 Exit maintenance mode.

17 Re-enable the Lockdown Mode.

18 Upgrade license if you need.

19 Upgrade all vm-tools.

20 Upgrade distributed network switches.

21 Upgrade VMFS (terrible). I suggest you to delete and re-create the datastore one by one, by using Storage vMotion moving. It will cost several days.

Fix the ESXi not responding problem


A “not responding” are displayed after all esxi hypervisor shown in vsphere client which linked to the vcenter. Right click any of the esxi and select “Connect” will bring it back. But after a short while, no more than 90 secs, it will be back to not responding status.


1 In vShpere client, open menu “Administration” — “vCenter Server Settings”, click “Runtime Settings” from the left panel, make sure that all IP and server name are correct. If not, re-enter it. Close and reopen your vSphere client — This is important.

2 Try to ping from your vCenter, not the vSphere client, to each of esxi hypervisors.

3 If you are using Windows Server 2008/R2 or any OS with firewall for vCenter, you need to add or change some firewall rules:


Enable the “File and Printer Sharing (Echo Request – ICMPv4-In)”

Enable the “File and Printer Sharing (Echo Request – ICMPv6-In)”

Add a rule to allow TCP 903 income for ESXi heartbeat.

Add a rule to allow UDP 902 income for ESXi heartbeat.

4 Try to reconnect all ESXi hypervisors.


If the problem still exists, you have to google it again.

vSphere 部署及硬件选型指南









虚拟机硬件热增加:在不重启虚拟机的情况下,动态的向虚拟机增加内存或CPU。此功能需要虚拟机操作系统支持。Windows Server 2003企业版及以上版本支持动态内存增加功能。Windows Server 2008及以上版本(仅限64位版)支持动态CPU增加功能。











  1. 如需要增加备份硬盘,请选择ESX扩展包3。如采用外置磁盘柜存储,则此选项意义不大。
  2. 如计算负载较大,则配置ESX扩展包10。
  3. 如需要增加供电冗余,则选择ESX扩展包8。对于运行关键应用的群集,推荐采用。
  4. 当运行的虚拟机需要同时连接超过一个网络时,应对服务器增加ESX扩展包6或ESX扩展包7。
  5. 如使用外置磁盘柜启动服务器,则ESX基础包可以不包含硬盘,但必须选择一款ESX扩展包4或ESX扩展包5并支持SAN启动技术。
  6. 如需要改用光纤磁盘柜存储,则可以取消ESX扩展包2,换以ESX扩展包4。如无对应磁盘柜,则需选用群集扩展包6。
  7. 如需要改用ISCSI存储,则可以取消ESX扩展包2,换以ESX扩展包5以及环境需求2。如无对应磁盘柜,则需要选用群集扩展包4。如考虑经济效益,也可以将ESX扩展包5更换为ESX扩展包6,但性能下降明显,且不支持SAN启动技术。










  1. 如需要增加ESX服务器系统备份,可对所需的ESX服务器增加ESX扩展包3。由于用户虚拟机保存于外置存储中,ESX服务器并不存放任何用户数据,本可选必要性不明显。
  2. 如计算负载较大,则配置ESX扩展包10。
  3. 如需要增加供电冗余,则对每台ESX服务器选择ESX扩展包8。对于运行关键应用的群集,推荐采用。
  4. 当运行的虚拟机需要同时连接超过一个网络时,应对每台ESX服务器增加ESX扩展包6,并对群集增加群集扩展包1;或应对每台ESX服务器增加ESX扩展包7,并对群集增加群集扩展包2。
  5. 如需要增加虚拟机业务网络备份,应对每台ESX服务器增加ESX扩展包6,并对群集增加群集扩展包1;或应对每台ESX服务器增加ESX扩展包7,并对群集增加群集扩展包2。系统会在交换机或网卡发生故障时自动切换。对于运行关键应用的网络,推荐采用。
  6. 如使用外置磁盘柜启动服务器,则ESX基础包可以不包含硬盘,但必须选择一款ESX扩展包4或ESX扩展包5并支持SAN启动技术。
  7. 如需要增加服务器系统高可用性群集,首先建议将所有的ESX服务器的配置统一化,以达到效率与性能的最佳状态。并根据高可用性的备份数量,增加同种ESX服务器。即原有所有虚拟机可以在x台ESX服务器中运行,现希望当其中n台故障时,系统可以恢复受影响的服务,则需要增加n台同种的ESX服务器。软件2不支持此特性,请选择软件3或软件4或软件5。对于运行关键应用的群集,推荐采用。
  8. 如需要服务器之间移动虚拟机(vMotion),则需要对每台ESX服务器增加ESX扩展包6,并对群集增加群集扩展包1、环境需求2;或应对每台ESX服务器增加ESX扩展包7,并对群集增加群集扩展包2、环境需求2。此功能在系统维护时具有很高实用性,推荐采用。如需要提高vMotion的并发数量,则可以对每台ESX服务器再多增加ESX扩展包6,并对群集增加群集扩展包1、环境需求2;或应对每台ESX服务器再多增加ESX扩展包7,并对群集增加群集扩展包2、环境需求2。
  9. 如需要增加容错虚拟机,首先应满足高可用性群集要求(功能7),并根据需要容错的虚拟机的需求(CPU与内存),继续按需增加同种ESX服务器。并对每台服务器增加ESX扩展包7,对群集增加群集扩展包2、环境需求2。此负载对网络压力很高,必须使用独立网络设备,而不能使用现有交换机的独立VLAN应对。当容错虚拟机较多时或负载压力较大时,可以考虑倍增ESX扩展包7与群集扩展包2、环境需求2。软件2不支持此特性,请选择软件3或软件4或软件5。对于运行关键应用的虚拟机,推荐采用。
  10. 当需要增加备用存储网络时,应对每台ESX服务器增加相同型号的ESX扩展包4或ESX扩展包5(按现有型号搭配),并对应增加群集扩展包3或群集扩展包5,使用的磁盘柜亦需要增加群集扩展包7并于对应的存储交换机连接。如选型为ISCSI网络,则需要增加环境需求2。软件2与软件3不支持此特性,请选择软件4或软件5。对于运行关键应用的群集,推荐采用。
  11. 当VC管理范围超过5台ESX主机或50台虚拟机时,请选择VC扩展包1中的一款数据库,推荐SqlServer系列。当VC管理范围未达到此范围时,仅需使用免费的Sql Server Express即可。
  12. 如需要加强VC的数据保护时,则增加VC扩展包2。
  13. 如VC运行在Windows Server 2008 R2服务器系统时,可采用VC扩展包3以方便更新时的备份与回滚。
  14. 如需要将VC服务器进行热备时,可以增加一台VC服务器。如使用此功能,则需要将数据库安装此共享存储中(需要对VC主机增加HBA卡并连接至磁盘柜),且需要选择适合的数据库,以及相应网络。由于此功能用途不大且投入较高,不推荐采用。
  15. 如需要采用域账户权限管理,则需要环境需求3。


ESX基础包:服务器一台,不含操作系统。CPU为64位,支持虚拟化VT-x,推荐多核;内存2G为系统内部使用;至少8G可用空间的SATA / SAS硬盘;电源系统;配套主板需要支持VT-x;DVDROM(或统一采用USB接口光驱);两块千兆双绞线或光纤网卡(或更高),必须为ESX所支持之型号。

ESX扩展包1:内存空间。根据实际使用的虚拟机内存而决定容量,每台虚拟机分配的内存*1.1 + 32M即为此虚拟机运行所需,所有虚拟机所需相加即为总量(不包含ESX基础包内的内存)。不同时运行的虚拟机则无需重复计算,结果取同时运行的虚拟机的内存需求的最大值即可。

ESX扩展包2:硬盘空间。根据实际使用的虚拟机硬盘而决定容量,每台虚拟机分配的硬盘 + 32M即为此虚拟机存储所需,所有虚拟机所需相加即为总量(不包含基础包内的硬盘)。如使用系统快照,则根据实际数据变化量递增。








ESX扩展包10:CPU升级。CPU必须为64位并支持虚拟化VT-x。CPU需求计算为并发的每台虚拟机最大CPU需求量1.1 + 1G,以多核心并列计算(超线程不被计算时考虑),非同时并发的CPU需求则取其最高点计算。例如:本服务器运行有3台虚拟机,A为长期占用1GHz的2个CPU核心,B在工作时间占用最多2GHz的2个CPU核心并在晚上占用500MHz的2个CPU核心,C在夜晚占用最多2GHz的1个CPU核心并在白天基本空闲(100MHz)。计算出的CPU需流量分别为2GHz、4GHz(工作时间)或1GHz(非工作时间)、100MHz(工作时间)或2GHz(非工作时间),则需求的最大CPU需求量为(2+4+0.1)1.1+1 = 7.71(GHz),以4核CPU计算,则CPU需要的最小频率为1.93GHz。通常的,当同一台服务器上运行的虚拟机不多于5个,且运行的虚拟机非CPU高负载的业务,CPU采用4核2G的CPU通常可以满足需求。另,由于ESX的授权以CPU个数计算(非核心个数),推荐采用多核心的CPU,而应谨慎使用多CPU环境。


VC基础包:服务器一台,含64位Windows服务器版操作系统。CPU为64位,推荐多核;内存为6G以上;至少146G的SATA / SAS硬盘;电源系统;DVDROM(或统一采用USB接口光驱);两块千兆双绞线或光纤网卡。

VC扩展包1:存储数据库。支持的数据库有Microsoft SQL Server 2005 Standard edition (SP2, SP3) 64bit、Microsoft SQL Server 2005 Enterprise edition (SP2, SP3) 64bit、Microsoft SQL Server 2008 Standard Edition 64bit、Microsoft SQL Server 2008 Enterprise Edition 64bit、Oracle 10g Enterprise edition (Release 2 []) x64、Oracle 11g Standard edition x64、Oracle 11g Enterprise edition x64。


VC扩展包3:备份硬盘。当VC基础包采用Windows Server 2008 R2时,可以选用此包,使用Windows Backup保存历史系统快照。






群集扩展包4:ISCSI磁盘柜及磁盘。根据实际使用的虚拟机硬盘而决定容量,每台虚拟机分配的硬盘 + 32M即为此虚拟机存储所需,所有虚拟机所需相加即为总量。如使用系统快照,则根据实际数据变化量递增。所需总量与所选磁盘备份技术(Raid1、Raid5等)结合,确定最终磁盘选型。


群集扩展包6:光纤通道磁盘柜及磁盘。根据实际使用的虚拟机硬盘而决定容量,每台虚拟机分配的硬盘 + 32M即为此虚拟机存储所需,所有虚拟机所需相加即为总量。如使用系统快照,则根据实际数据变化量递增。所需总量与所选磁盘备份技术(Raid1、Raid5等)结合,确定最终磁盘选型。




软件2:vSphere Standard。每台服务器支持最多256GB内存,每个CPU支持最多6个核心。附加更新管理器、高可用性、vMotion(仅内存部分,不包括存储vMotion)。

软件3:vSphere Advanced。每台服务器支持最多256GB内存,每个CPU支持最多12个核心。附加更新管理器、高可用性、vMotion(仅内存部分,不包括存储vMotion)、虚拟机硬件热增加、容错。

软件4:vSphere Enterprise。每台服务器支持最多256GB内存,每个CPU支持最多6个核心。附加更新管理器、高可用性、vMotion、虚拟机硬件热增加、容错、分布式资源管理、分布式电源管理。

软件5:vSphere Enterprise Plus。每台服务器支持的内存无限制,每个CPU支持最多12个核心。附加更新管理器、高可用性、vMotion、虚拟机硬件热增加、容错、分布式资源管理、分布式电源管理、存储及网络负载控制、分布式交换机、主机概述文件。






Remove vSphere snapshot automatically

From version 7 of VMware workstation, a new function named AutoProtect is added, which makes it easier to create and remove snapshots automatically. Unfortunately, vSphere doesn’t have some function like that.

In my situation, I need to protect some crucial services, like configuration management database, by creating snapshots, which can be done by daily scheduled tasks. But I still need to delete old snapshots manually which was created 5 days ago. In another word, I need to keep only about 5 latest snapshots for each specified VM.

After some research, I find a tool named PowerCLI. I made some PowerShell scripts to delete snapshots.

Connect-VIServer localhost
$i = new-object System.Int32
$a = Get-VM "CM Database" | get-snapshot -name: 'Daily Backup'
$i = 0
while ($a.Count-$i -gt 5) {$a[$i] | remove-snapshot -confirm: $false; $i++;}
$a = Get-VM "SVN" | get-snapshot -name: 'Daily Backup'
$i = 0
while ($a.Count-$i -gt 5) {$a[$i] | remove-snapshot -confirm: $false; $i++;}
Disconnect-VIServer -confirm: $false

By running this script in PowerCLI environment, the snapshots of vm “CM Database” and “SVN” with a name “Daily Backup” will be deleted from older to newer, until only 5 left — to keep the 5 latest snapshots. All snapshots with other names will not be affected.

I saved this script to file C:\RemoveDailySnapshot.ps1. Create a batch file to run this script:

C:\WINDOWS\system32\windowspowershell\v1.0\powershell.exe -psc "C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI\vim.psc1" -c ". \"C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI\Scripts\Initialize-VIToolkitEnvironment.ps1\";C:\RemoveDailySnapshot.ps1"

Update: code above is for vSphere 4.x; below is for vSphere 5.0.

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -psc "C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI\vim.psc1" -c ". \"C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI\Scripts\Initialize-PowerCLIEnvironment.ps1\";C:\RemoveDailySnapshot.ps1"

(You may need to change the path string in this code above.)
Finally, by adding this batch file as a Windows schedule task, the AutoProtect for vSphere has been reached.

I still wonder that why this useful function is not included in vSphere?