Fault finding Virtual Center

The VMware KB 1003926 is very helpful to support problems with your VirtualCenter Server service that won’t start. VMware updated this document 2 September 2009.

Symptoms
  • You cannot connect to VirtualCenter
  • If you try to connect to VirtualCenter, you see the error:
    Cannot connect to host <server>: No connection could be made because the target machine actively refused it.
  • If you try to start the VMware VirtualCenter Server service, you may see the errors:Could not start the VMware VirtualCenter Server service on Local Computer.  Error 1067: The process terminated unexpectedly. The VMware VirtualCenter Server Service on Local Computer started then stopped.  Some services stop automatically if they have no work to do, for example the Performance Logs and Alerts service.
Purpose

This article guides you through the process of troubleshooting VirtualCenter when it does not start. The article helps you eliminate common causes for your problem by verifying the configuration of your database, validating network connectivity, and verifying the configuration of the VirtualCenter Server service.

Resolution

Please validate that each troubleshooting step below is true for your environment. Each step provides instructions or a link to a document that helps eliminate possible causes and take corrective action as necessary. The steps are ordered in the most appropriate sequence to isolate the issue and identify the proper resolution. Please do not skip a step.

To troubleshoot the VMware VirtualCenter Server service when it does not start or fails:

  1. Verify that the VMware VirtualCenter Server service cannot be restarted. 
    Open the Microsoft Services control panel and check the status of the service. For more information on starting the VirtualCenter service if it has stopped, see Stopping, starting or restarting vCenter services (1003895).
    Note: If you perform a corrective action in any of the following steps, attempt to restart the VMware VirtualCenter Server service.
  2. Verify that the configuration of the ODBC Data Source (DSN) used for connection to the database for VirtualCenter is correct. For more information, see Troubleshooting the database data source used by vCenter Server (1003928).
    Note: Ensure that you are using SQL authentication if you are using a Microsoft SQL server. Windows NT authentication is not supported.
  3. Verify that ports 902, 80, and 443 are not being used by any other application. If another application, such as Microsoft Internet Information Server (IIS), is utilizing any of the ports, VirtualCenter cannot start. For more information, see Port already in use when installing VirtualCenter (4824652).
    If you see an error similar to the following when reviewing the logs, another application may be using the ports: 
  4. Failed to create http proxy: Resource is already in use: Listen socket: :<port>proxy failed on port <port>: Only one usage of each socket address (protocol/network address/port) is normally permitted. For more information on checking ports, see Determining if a port is in use (1003971).
  5. Verify the health of the database server that is being used for VirtualCenter. If the hard drives are out of space, the database transaction logs are full, or if the database is heavily fragmented, VirtualCenter may not start. For more information, see Investigating the health of a VirtualCenter database server (1003979).
  6. Verify that the Microsoft Active Directory domain is not accessible. If the domain is not available and you have permissions assigned to users in the domain, VirtualCenter may fail or refuse to start completely. For more information, see Investigating Active Directory when it causes the VirtualCenter server to stop or fail to start (1003996).
    Note:  If you are using Active Directory, ensure that the VMware VirtualCenter Server service is running as the local system account and not a domain account.
  7. Verify the VMware VirtualCenter Service is running with the proper credentials. For more information, see VirtualCenter Server service cannot be started after installation (1004280) .
  8. Verify that critical folders exist on the VirtualCenter Server host. For more information, see Missing folders prevent VirtualCenter Server service from starting (1005882).

Note: If your problem still exists after trying the steps in this article, please:

Additional Information

Reviewing the vpxd log files is another common method of diagnosing the VirtualCenter Server when it does not start. By reviewing the log files, you can quickly determine the cause of the problem based on the error message reported. 

For VirtualCenter 2.5.x the log files are stored in the following directory by default:

c:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\Logs

For VirtualCenter 2.0.x the log files are stored in the following directory by default:

c:\Windows\Temp\vpx

To review the logs, open the most recent log in an editor such as Notepad, and navigate to the bottom of the file. The file contains any errors that occurs during the startup of the VirtualCenter Server service

SSL Host Headers in IIS 7

SSL Host Headers in IIS 7

 

SSL Host Headers in IIS 7 allow you to use one SSL certificate for multiple IIS websites on the same IP address. Through the IIS Manager interface, IIS only allows you to bind one site on each IP address to port 443 using an SSL certificate. If you try to bind a second site on the IP address to the same certificate, IIS 7 will give you an error when starting the site up stating that there is a port conflict. In order to assign a certificate to be used by multiple IIS sites on the same IP address, you will need to set up SSL Host Headers by following the instructions below.

What Type of SSL Certificate Do You Need?

Because you can only use one certificate, that certificate needs to work with all the hostnames of the websites that you use it with (otherwise you will receive a name mismatch error). For example, if each of your IIS 7 websites uses a subdomain of a single common domain name (like in the example below), you can get a Wildcard Certificate for *.mydomain.com and it will secure site1.mydomain.com, site2.mydomain.com, etc.

If, on the other hand, your IIS 7 sites all use different domain names (mail.mydomain1.com, mail.mydomain2.com, etc.), you will need to get a Unified Communications Certificate (also called a SAN certificate).

Setting up SSL Host Headers on IIS 7

  1. Obtain an SSL certificate and install it into IIS 7. For step-by-step instructions on how to do this, see Installing an SSL Certificate in Windows Server 2008 (IIS 7.0).Install SSL Certificate into IIS 7
  2. Once the certificate is installed into IIS, bind it to the first site on the IP address.Bind the SSL Certificate to the first site on the IP address
  3. Open the command prompt by clicking the start menu and typing “cmd” and hitting enter.
  4. Navigate to C:\Windows\System32\Inetsrv\ by typing “cd C:\Windows\System32\Inetsrv\” on the command line.
  5. In the Inetsrv folder, run the following command for each of the other websites on the IP address that need to use the certificate (copy both lines):appcmd set site /site.name:"<IISSiteName>" /+bindings.[protocol='https',bindingInformation='*:443:<hostHeaderValue>']

    Replace <IISSiteName>  with the name of the IIS site and <hostHeaderValue> with the host header for that site (site1.mydomain.com)

    Run AppCmd to bind the other sites to port 443 using the same certificate

  6. Test each website in a browser. It should bring up the correct page and show the lock icon without any errors. If it brings up the web page of the first IIS site, then SSL Host Headers haven’t been set up correctly.

If you need to set up multiple site to use a single SSL certificate on IIS 6 or Apache, see How To Configure SSL Host Headers in IIS 6. For more information about SSL Host Headers in IIS 7 see IIS 7.0: Add a Binding to a Site and SSL certificates on Sites with Host Headers.

SSL Host Headers in IIS 6

How To Configure SSL Host Headers in IIS 6

If you need to set up SSL Host Headers for IIS 7 instead of IIS 6, see SSL Host Headers in IIS 7.

Because of the way that the SSL protocol works, it is normally necessary to have a unique IP address for each SSL certificate that you are using. This is because the host header information that tells the server which website to serve up and therefore which SSL certificate to use is encrypted and can’t be unencrypted unless it knows which SSL certificate to use. It’s like the “chicken and egg” problem. The Apache web server documentation explains the problem clearly.

If you have to use the same IP address for multiple sites, one simple solution is to just use different port numbers. For example:

https://site1.mysite.com
https://site2.mysite.com:8081
https://myothersite.com:8082

But doing it this way requires that you always visit the site using the port number and always reference it in links with the port number.

There is a more elegant method, if you have IIS 6.0 or later. That method is to use SSL Host Headers.

With SSL Host Headers, you will essentially use one SSL certificate for all of the sites that use SSL on a particular IP address. For this to work then, you will need to have either a Wildcard certificate or a Unified Communications Certificate. If all of the websites are subdomains of one domain name (e.g. site1.mysite.com, site2.mysite.com), you can use a Wildcard certificate. If there are completely different domain names (e.g. mysite.com, myothersite.com), you will need to use a Unified Communications Certificate.

The first step, if you haven’t already done it, is to set up each of the websites with normal http host header values. You can do this by clicking the Advanced button next to the IP address when editing each website’s properties in IIS. Just click the Edit button and add a domain name as the host header value.

Next, you will need to create a pending request on one of the websites and order the Wildcard or UC certificate from the certificate authority of your choice. Once you have a Wildcard or UC certificate that will work for all of the hostnames that are on the same IP address, you need to use it to complete the pending request on the website that you created it on. Then you just need to configure the SecureBindings metabase property on each of the other sites so it contains the host header name of the site. To do so, follow these steps:

  1. Click Start, click Run, type cmd in the Open box, and then click OK.
  2. Navigate to your IIS scripts directory by typing cd C:\Inetpub\AdminScripts Adjust the path to where the adsutil.vbs file is, if necessary.
  3. Type the following command at the command prompt:cscript.exe adsutil.vbs set /w3svc/<site identifier>/SecureBindings ":443:<host header>"

    <host header> is the host header value for the Web site (www.myothersite.com). <site identifier> is the IIS site ID displayed when looking at all the websites in IIS.

Find the site identifier by clicking on Web Sites in IIS

Type the command

Run that command for each of the websites that need to use that certificate. They will then use the same certificate that was install to the first site on the IP. A few more notes about SSL Host Headers in IIS 6 can be found here.

Apache

This same basic functionality (using a single certificate for multiple websites on the same IP address) can be acheived in Apache by simply adding this line to your Apache configuration file:

NameVirtualHost 192.168.1.1:443

This essentially instructs Apache to use the SSL certificate in the first Virtual Host for that IP address on all the other virtual hosts for the same IP address. You just need to make sure to use a certificate that will cover the names of all the sites as discussed above. View a sample configuration file demonstrating this.

Different Certificates on the Same IP address

It is generally not possible to use different SSL certificates on the same IP address. However, a modification to the SSL protocol, called Server Name Indication, allows the domain name to be passed as part of the TLS negotiation allowing the server to use the correct certificate even if there are many different sites using different certificates on the same IP address and port. Server Name Indication is supported by most modern web browsers but only a few web servers, such as Apache, Lighttpd, and Nginx, support it using special add-ons.

If you’re feeling adventurous you can try using different certificates on the same IP address with Apache using one of these tutorials:

New Version of vSphere announced 4.1

VMware have announced the lastest update to their virtualisation platform. Below are the headline features.  Good news vMotion is coming to many more of the standard bundles.

What’s New in vSphere 4.1?
• VMware Storage I/O Control—Set quality-of-service priorities
for guaranteed access to storage resources.
• VMware Network I/O Control—Set network quality-of-service
priorities for guaranteed access to network resources.
• VMware vStorage APIs for Array Integration—Offload tasks to
supported disk arrays for improved performance and more
efficient resource utilization.
• VMware Virtual Serial Port Concentrator—Enhance
management and aggregation through serial ports for lowbandwidth
links or Linux environments.

Links Below give a comparison of features in the new bundle kits

Small Business Kits

Medium / Enterprise

Whats New

Pricing

Microsoft Hyper – V

Microsoft Windows Server 2008 R2 Hyper-V builds on the architecture and functions of Windows Server 2008 Hyper-V by adding multiple new features that enhance product flexibility. The adoption of virtualization in the enterprise has increased flexibility in deployment and life cycle management of applications. IT professionals deploy and use virtualization to consolidate workloads and reduce server sprawl. Additionally, they deploy virtualization with clustering technologies to provide a robust IT infrastructure with high availability and quick disaster recovery. Even so, customers are looking for more flexibility.

VM Ware virtualisation

As virtualization is now a critical component to an overall IT strategy, it is important to choose the right vendor. VMware is the leading business virtualization infrastructure provider, offering the most trusted and reliable platform for building private clouds and federating to public clouds