Max's Miscellaneous Musings

My one or two regular readers will recall that I attended a vSphere 4.1 course last week.  It was pretty full-on, being that I knew close to nothing about the product before attending.  I got a lot out of it.  I've decided this is the way to go, career-wise.  My immediate goal is to get the VCP and to update my MS certs.

With this in mind, I'm setting up a test lab.  My initial plan was to set the whole thing up under VMware Workstation:

• 2 x ESXi 4.1 hosts (ie virtualised under Workstation), hosting their own VMs
• A vCenter server to manage the two hosts
• A Win2k8R2 DC to provide directory/authentication services
• A hardware NAS appliance to provide iSCSI and NFS storage locations for the two virtualised hosts to use

The thing about training courses is that the systems you're provided are pre-installed with everything you need to just get stuck into it.  You don't need to concern yourself with the installation of the host(s), the configuration of the operating system that will host vCenter etc etc etc.... you know where I'm going with this, right?

The installation of the virtualised ESXi host was very straight-forward.  There's really not much to it.  I configured the TCP/IP settings and moved on to setting up the vCenter box.  It all installed fine.  viClient connected fine to the vCenter service.  I was able to connect the host, and lo, I was ready to repeat the labs I'd done during the course.

But within seconds, things started to come unstuck.  There was a great big red X against the host object.  Hmm.  It's disconnected itself.  OK.. I can ping it.. hmm, odd.  Reconnect.  Let's get on with creating some guest VMs (yes, a guest inside a guest).  I got as far as mounting the ISO, then it crapped out again.  Disconnected.  What the?  Fine.. maybe the host's unhappy.. I'll do the obligatory reboot of both host and vCenter.  Predictably, this did nothing except waste some of my time.  Sure enough, once I logged on, the problem recurred.

I tried everything I could think of (ie not much, since I know only just less than fuck-all about vSphere).  I actually resigned myself to the looming reality that I might not be able to do this completely virtualised after all.  EVEN THOUGH OTHERS HAVE DONE IT!!!!!  So I trawled ebay.  I trawled auction houses.  I ummed and ahhed.  Should I go with a whitebox build?  Should I just bite the bullet and get something that's VMware certified - so that in the event that it all goes to shit, at least I know there's no underlying incompatibility?  But, oh, God... the money.  The money.  THE MONEY!  I paid for this vSphere course out of my own pocket (GreenSight's training budget is now non-existent), so I was already out a touch over four grand.  Could I really finance a fully physical test environment?  Finally, I decided no way, no how - if others have done this, I can too.  The problem isn't that this can't be done.  The problem is that I don't know how to do it!

I consulted the all-knowing Google (not for the first time, I might add).  I had to trawl through lots of useless results before finally hitting upon the right combination of search terms, keywords and operators to get the information I needed.  I found a link to a VMware knowledge base article that suggested IP connectivity might be the problem.  See, I'd pinged the host from the vCenter server, but not the other way round.  Because the pings all came back, I'd assumed - incorrectly - that all was good with the network.  I'd forgotten, you see, that Microsoft, in its wisdom, enables a fucking firewall on Windows Server 2003 and up.  Sure enough, when I pinged the vCenter server from the host, they all failed.  MOTHERFUCKER!!!!!

Once I understood that the problem was with the vCenter server itself, I disabled the Windows Firewall and voila!  Perfect connectivity!

Now - there will be some among you who might think that I was a dickhead for not realising this all on my own.  And you're right.  However, this is the sort of learning that pays off over and over and over again.  As a result of this exercise, I now know something I didn't before.  You see, managed ESXi hosts like to say hello to their management servers.  Not every once in a while.  Every ten seconds!  Yes, the instructor did mention this.  Yes, I should've realised its significance.  And it seems I even made a big note of it in the course textbook.  But if it weren't for this incident, I wouldn't have run a network capture afterwards, and I wouldn't have seen just how chatty these systems are.  The instructor did point out that vCenter and the hosts it manages like to be well-connected, but this really highlighted it.  It's something I won't ever forget.

Thankyou, Windows Firewall.  For once, you achieved something useful.