Friday, August 9, 2013


Resxtop not working in vSphere 5.1?

If you notice that resxtop fails when executed from the vma in vsphere 5.1, perform the following steps.

Task 1 – Create a new certificate for your ESXi hosts

1. Download the generateSSLSelfSignCert.sh from
  http://communities.vmware.com/docs/DOC-21142 and save it to your Desktop.

2. Use tools like winscp to transfer the script to your vMA virtual machine and save it to the home directory of vi-admin:

   1. From the Desktop system, install and launch winscp

   2. Enter the vMA host name and user and password (ex: vma, vi-admin, vmware1!).

   3. Click Login

   4. In the left panel, browse to your local desktop.

   5. Drag and drop the generateSSLSelfSignCert.sh script from the left panel to the right panel. Choose “Copy” when prompted.

3. Log in to your vMA using putty. Create a file, listServers, which contains your ESXi host names:

1. At the command line type in the following:
cat > listServers <<EOF
esxi01.vclass.local
esxi02.vclass.local
EOF

4. Generate new certificates for your ESXi hosts:

   1. Make the script executable
   chmod 555 generateSSLSelfSignCert.sh

   2. Execute the script
   ./generateSSLSelfSignCert.sh listServers

5. Now copy the two new certificates to your ESXi hosts:
scp ssl-certs/esxi01/rui* root@esxi01.vclass.local:/etc/vmware/ssl
scp ssl-certs/esxi02/rui* root@esxi02.vclass.local:/etc/vmware/ssl

6. Restart the rhttpproxy service on both ESXi hosts:
ssh root@esxi01.vclass.local “/etc/init.d/rhttpproxy restart”
ssh root@esxi02.vclass.local “/etc/init.d/rhttpproxy restart”

7. After restarting the service, your hosts will disconnect from vCenter. Login to the vSphere
client and right click on the hosts and select “Connect”. The connect will fail with a digital
certificate verification error but you will get prompted to enter the root password. Go ahead and
accept the new certificate. Accept the defaults on all other screens and reconnect your hosts.

1. If your host has not automatically disconnected, disconnect it now.
2. Right click on your host and select Connect. Click Yes when prompted to reconnect.
3. Click Close when you get the error about the SSL certificate verification failure.
4. When prompted, enter the root user and password for your ESXi host.
5. Accept the new certificate.
6. Accept all the defaults on the remaining steps and click Finish.

8. Update the vMA environment to use the new keys.

   1. First make a backup of the .bashrc file:
   cp .bashrc .bashrc.bak

   2. Next, append two lines to the .bashrc file:
   cat >> .bashrc << EOF
   export HTTPS_CA_DIR=/home/vi-admin/ssl-certs
   export HTTPS_CA_FILE=/home/vi-admin/ssl-certs/cacert.pem
   EOF

   3. Now reload the current shell environment
   . .bashrc

9. Test your setup
vifptarget -s esxi01
resxtop

No comments:

Post a Comment