VMware vSphere learning paths

These days there is plenty of training for all things vSphere. The issue has become what is a good path to either a specific certification or simply learning because you want to become more proficient with day-2 administrative activities. A colleague came to me the other day with this delema so I decided to put together a quick list of free and paid training resources.

VMware Hands on Labs can be a useful free tool in learning about many different VMware products in a safe isolated environment. The following are a couple useful labs for learning more about vSphere.

https://labs.hol.vmware.com/HOL/

HOL-1910-01-SDC - Virtualization 101: Introduction to vSphere

HOL-1911-91-SDC - vSphere 6.7 Lightning Lab

HOL-1911-01-SDC - What's New in VMware vSphere 6.7

HOL-1911-02-SDC - VMware vSphere with Operations Management - Getting Started

HOL-1911-03-SDC - VMware vSphere with Operations Management - Advanced Topics

HOL-1911-04-SDC - VMware vSphere Security - Getting Started

HOL-1911-05-SDC - VMware vSphere Automation - PowerCLI

VMware Learning Zone provides some free and paid on demand classes.

https://www.vmware.com/education-services/learning-zone.html

All VMware vSphere classes

https://mylearn.vmware.com/mgrReg/plan.cfm?plan=112281&ui=www_edu

VMware ICM

One of these following classes are required for a VCP certification

https://mylearn.vmware.com/mgrReg/courses.cfm?ui=www_edu&a=one&id_subject=84058

VMware ICM Fast Track

Additional material is taught in this class compared to the ICM class. The classes also typically run from 8AM to 6PM for the week.

https://mylearn.vmware.com/mgrReg/courses.cfm?ui=www_edu&a=one&id_subject=84058

VMware vSphere Operations

These are not required but can help with the test although the focus is on day-2 administrative tasks on the vSphere platform.

https://mylearn.vmware.com/mgrReg/courses.cfm?ui=www_edu&a=one&id_subject=86055

https://mylearn.vmware.com/mgrreg/courses.cfm?ui=www_edu&a=one&id_subject=84216

Certification Learning Paths.

This will provide you the path you need to follow to obtain a certification.

https://mylearn.vmware.com/mgrReg/plan.cfm?plan=108323&ui=www_edu

Other resources include blogs and community forums. Purchasing VMUG Advantage provides lab licenses for most VMware products. Building a ‘HomeLab’ can be a good way to practice without using the corporate environment to practice on. Also, your company may not own licenses for all products and all features of those products where VMUG Advantage does provide full featured licensing.

VMUG Advantage (there are codes all over the interwebs for 10% off)

https://www.vmug.com/vmug2019/membership/vmug-advantage-membership

List of blogs and other resources

http://thevpad.com/

Hope these help you in your VMware journey!

Dynamic DNS

Dynamic DNS, even standard DNS services that offer many configurable options can be expensive. The free ones or the ones that come with domain name registration are typically limiting and most do not support dynamic IPs. I have been using one for a number of years from a co-location and service provider called Hurricane Electric http://he.net/.

I learned about this provider while living in the Bay Area outside San Francisco. They would host a Linux user group and as a matter of fact still do 20 years later! EBLUG http://www.eblug.org/

One of the many great services HE provides is a free DNS service that contains the ability to configure dynamic DNS entries in the event you have a dynamic IP on your internet connection or need an easy way to failover some internet facing service with something a little less expensive than a GSLB. The service has been limited to 50 zones for the free version. Com'on!! For real??? Everyone owns more than 50 domain names... NOT! This is super cool of them to not only offer this service for real but then allow users to host 50 zones!

Getting started is easy. Once you have a domain registered, either new or existing, simply point your root name servers to HE's servers. Let's use the domain vmuglabs.net. I use GoDaddy for my domains so once in DNS management browse over to Nameservers. Once there change the GoDaddy name servers to HE's. They are:

ns1.he.net
ns2.he.net
ns3.he.net
ns4.he.net
ns5.he.net

Now if you don't have an account at HE go over to https://dns.he.net and register for an account.

Once logged in you can add a new zone or domain from the menu on the left

Once created you can edit the zone by selecting the edit icon just to the left of the domain name. Within the zone you will find 6 total records, 1 SOA and 5 NS records. Next is to create an A record and investigate how the ddns option works.

Once created you will need a way to authenticate to dynamically change the IP for the A record. HE uses a DDNS key, not your login account. To generate one select the change symbol.

Generate a key and copy it.

Once you have the key its time to build the bash script to facilitate the ddns change. the code can be located in github.

https://github.com/craigeherring/he-ddns

Run this script and if your IP changes your DNS record will be changed. To test you can manually change the IP within the HE DNS console and observe it changing back when the script is run.

Fix MSDTC for VRA Install Wizard Validation

Did you use a template to create the IaaS servers for VRA? This is a quick post on how to resolve the errors from the VRA validator step. Perhaps like you I had some trouble locating a concise KB article or post on an easy way to resolve these issues.

Reset the CID/SID of the Server

Log into the IaaS and DB servers as Administrator.

Opening REGEDIT can show what the CID/SID values are. This is located:
HKEY_CLASSES_ROOT\CID\(CID)\Description\(Default)

Open a powershell prompt as administrator and run the command:

Uninstall MSDTC
msdtc -uninstall

Reboot
shutdown -r -t 0

Re-install MSDTC (login with same permissions as above)
msdtc –install

Warning: The msdtc command does not give any return response when running this command.

Open the Firewall

Enable the firewall rules for WMI and DTC on both computers by using the Netsh utility. This

netsh advfirewall firewall set rule group="Windows Management Instrumentation (WMI)" new enable=yes
netsh advfirewall firewall set rule group="Distributed Transaction Coordinator" new enable=yes


Testing

Basic checking can be done by opening the Component Services MMC. You should see something similar.

Component Services MMC for MS DTC

Run the DTCtester to test the state of MSDTC. Below are some example tests that can be run to test local and both local and remote DTC connectivity.

Test MSDTC on the local computer
Test-Dtc -LocalComputerName "$env:COMPUTERNAME" -Verbose

Test MSDTC on the local computer and a remote computer
Test-Dtc -LocalComputerName "$env:COMPUTERNAME" -RemoteComputerName "remote-server" -ResourceManagerPort 17100 -Verbose

Test MSDTC on a local computer that blocks inbound transactions
Test-Dtc -LocalComputerName "$env:COMPUTERNAME" -RemoteComputerName "remote-server" -ResourceManagerPort 17100 -Verbose

Test MSDTC on a local computer that blocks outbound transactions
Test-Dtc -LocalComputerName "$env:COMPUTERNAME" -RemoteComputerName "remote-server" -ResourceManagerPort 17100 -Verbose


This is the result if the first test partially fails. The 3 local and remote tests will also show the CIDs for the communicating systems. Referring to the REGEDIT above will display the UIS and the XA values that are contained in the CID subkeys.. From this output you will be able to determine if the CIDs are unique as another method to validate the registry values.

PS C:\Windows\system32> Test-Dtc -LocalComputerName "$env:COMPUTERNAME" -Verbose
VERBOSE: ": Firewall rule for "RPC Endpoint Mapper" is enabled."
VERBOSE: ": Firewall rule for "DTC incoming connections" is enabled."
VERBOSE: ": Firewall rule for "DTC outgoing connections" is enabled."
VERBOSE: IN-SQL02: AuthenticationLevel: Mutual
VERBOSE: IN-SQL02: InboundTransactionsEnabled: False
WARNING: "IN-SQL02: Inbound transactions are not allowed and this computer cannot participate in network transactions."
VERBOSE: IN-SQL02: OutboundTransactionsEnabled: False
WARNING: "IN-SQL02: Outbound transactions are not allowed and this computer cannot participate in network transactions."
VERBOSE: IN-SQL02: RemoteClientAccessEnabled: False
VERBOSE: IN-SQL02: RemoteAdministrationAccessEnabled: False
VERBOSE: IN-SQL02: XATransactionsEnabled: False
VERBOSE: IN-SQL02: LUTransactionsEnabled: True


This is the result when things look good for the installer to proceed.

PS C:\Windows\system32> Test-Dtc -LocalComputerName "$env:COMPUTERNAME" -Verbose
VERBOSE: ": Firewall rule for "RPC Endpoint Mapper" is enabled."
VERBOSE: ": Firewall rule for "DTC incoming connections" is enabled."
VERBOSE: ": Firewall rule for "DTC outgoing connections" is enabled."
VERBOSE: IN-SQL02: AuthenticationLevel: Mutual
VERBOSE: IN-SQL02: InboundTransactionsEnabled: True
VERBOSE: IN-SQL02: OutboundTransactionsEnabled: True
VERBOSE: IN-SQL02: RemoteClientAccessEnabled: True
VERBOSE: IN-SQL02: RemoteAdministrationAccessEnabled: True
VERBOSE: IN-SQL02: XATransactionsEnabled: False
VERBOSE: IN-SQL02: LUTransactionsEnabled: True


Summary

This is only one example of how to resolve these errors. If you used a template and a customization spec as you deploy while selecting "Generate New Security ID (SID)" your experience might be different.