Taking Server Virtualization Down from the Clouds to Real Life Experience: Lessons Learned

As a seasoned IT professional, I have had the opportunity to work with various server virtualization technologies, including VMware’s vCenter. Recently, I encountered an issue with my vCenter installation that forced me to delve into the world of command-line interfaces and text editors. In this blog post, I will share my experiences and the lessons I learned during this process.

KB2145400: The Missing Link

One of the issues I faced was related to KB2145400, a VMware knowledge base article that provided guidance on increasing the LDAP configuration for vCenter. Unfortunately, the link no longer works, and I could not find a saved copy of the article. However, after some research, I found that the article is available again, and I can now share the information with my readers.

Increasing LDAP Configuration: A Hands-On Approach

One of the most important aspects of server virtualization is authentication and authorization. In my case, I needed to increase the LDAP configuration for my vCenter installation. The default configuration sets the LDAP connection limit to 8192, which can be a bottleneck for large environments. To increase this limit, I followed these steps:

1. Edit the file /etc/likewise/openldap/ldap.conf using a text editor or the vi editor.

2. Search for the line that contains “ldap_max_connections = 8192” and change the value to “16384”.

3. Restart the likewise daemons by running the command /etc/init.d/lwsmd restart.

For those who are not familiar with the vi editor, you can use the sed command to edit the file and change the value as follows:

sed -i “s@8192@16384@” /etc/likewise/openldap/ldap.conf

After making these changes, I restarted the likewise daemons and tested the LDAP connection. The increase in the LDAP configuration allowed me to connect to the vCenter instance without any issues.

A Word of Caution: Time Drift and NTP

Another issue that I encountered was related to system time drift. It turns out that my system time had drifted by more than 5 minutes from my domain controller’s time, which caused authentication issues. To avoid this issue, it is essential to configure NTP servers on your VMware hosts and vCenter appliance. This will ensure that the system time remains synchronized with your domain controllers.

Patch ESXi-6.0.0-20160804001-standard: A Fix for Time Drift

VMware has released a patch (ESXi-6.0.0-20160804001-standard) that addresses the time drift issue. This patch includes a fix for the LDAP connection limit and other issues related to authentication and authorization. I highly recommend applying this patch to your vCenter installation to ensure that it remains secure and reliable.

Conclusion

In conclusion, my experience with vCenter and server virtualization has taught me the importance of carefully planning and executing configurations, especially when it comes to authentication and authorization. The lessons learned from this experience have helped me become a better IT professional, and I hope that they will be useful to others as well. Remember to always keep your system time synchronized with your domain controllers, and configure NTP servers on your VMware hosts and vCenter appliance. Finally, make sure to apply the latest patches and updates to your vCenter installation to ensure that it remains secure and reliable.