I recently had a question that came in from our field where a customer needed to deploy the vCenter Server Appliance (VCSA) with a specific MAC Address which was a requirement to ensure property connectivity within their network. This type of network requirement is not really new or unique, it is a common practice used to ensure only valid VMs with a static DHCP reservation can actually connect to a specific network but it certainly was the first time I had heard of this request for the VCSA.
With the default VCSA installer workflow, there is currently not a way to modify the network MAC Address which is automatically generated after the deployment of the OVA. Having said that, I have spent quite a bit of time exploring the various non-standard methods of deploying the VCSA in the past (see here, here and here) and with that information, you definitely can affect the MAC Address while still maintaining a valid VCSA deployment. With a bit of trial/error, there are two options depending if you are deploying the VCSA directly to an ESXi host (for initial setup) or to an existing vCenter Server. To demonstrate how this works, I have created a basic shell script called VCSAStaticMACAddress.sh which you can easily adapt to for a Windows-based environment.
The trick is that when you deploy to a vCenter Server endpoint, the required OVF properties are persisted which would allow you to only deploy the VCSA but not actually power it on and there you can easily augment a number of settings including the MAC Address. In the case of deploying directly to an ESXi host, OVF properties are not persisted and hence a challenge if you wish to make changes prior to powering on the VM. In earlier versions, it was possible to set these OVF properties by way of using the extraConfig property of the VM but it looks like this trick no longer works and requires a slight variation of the workflow which is described in the instructions below.
vCenter
Step 1 - Edit the VCSAStaticMACAddress.sh script to include the path to the VCSA OVA (in my example, I am using the latest 6.7 Update 3 release) and uncomment the vCenter deployment section along with the specific values for your VCSA deployment
Step 2 - Run the script which will deploy the VCSA to an existing vCenter Server and set the respective OVF properties but not actually power on the VM
Step 3 - Use the vSphere UI to update the desired MAC Address of the VM and then power it on and wait for the installation to complete (can take up to 30min). If everything was configured correctly, during the installation, you should be able to open a browser to https://[VCSA]:5480 and watch the progress of installation.
ESXi
Step 1 - We need to first convert the VCSA OVA (in my example, I am using the latest 6.7 Update 3 release) to an OVF. To do so, you will need OVFTool and here is the command to run:
ovftool --allowExtraConfig VMware-vCenter-Server-Appliance-6.7.0.42000-15132721_OVF10.ova VMware-vCenter-Server-Appliance-6.7.0.42000-15132721_OVF10.ovf
Step 2 - We need to add an additional line to the network section of the OVF with the desired MAC Address as shown in the example below.
<Item> <rasd:Address>00:50:56:ab:cd:ef</rasd:Address> <rasd:AutomaticAllocation>true</rasd:AutomaticAllocation> <rasd:Connection>Network 1</rasd:Connection> <rasd:ElementName xmlns:rasd="http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_ResourceAllocationSettingData">Ethernet adapter on "Network 1"</rasd:ElementName> <rasd:InstanceID xmlns:rasd="http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_ResourceAllocationSettingData">3</rasd:InstanceID> <rasd:ResourceSubType>vmxnet3</rasd:ResourceSubType> <rasd:ResourceType>10</rasd:ResourceType> </Item>
Step 3 - Edit the VCSAStaticMACAddress.sh script to include the path to the modified VCSA OVF and update the ESXi section along with the specific values for your VCSA deployment
Step 4 - Run the script which will deploy the VCSA to an ESXi host and automatically power on the VM and using the --injectOvfEnv option to inject the required OVF properties to properly configure the VCSA. If everything was configured correctly, during the installation, you should be able to open a browser to https://[VCSA]:5480 and watch the progress of installation.
Regardless if you are deploying the VCSA to a vCenter Server or ESXi endpoint, the results will be the same and you will now have a VCSA with a customized MAC Address as I have shown below 🙂
If you do not want Stage 2 to automatically run which would allow you to make further changes to the networking configuration (such as IP Address, hostname, etc), simply change VCSA_STAGE1ANDSTAGE2 variable to False. Once the VCSA is on the network, you will need to connect to the VAMI interface https://[VCSA]:5480 to finish the configuration as shown in the screenshot below.
Gert van den Berg says
I also had to edit VMware-vCenter-Server-Appliance-6.7.0.48000-18010531_OVF10.mf to update the hash for the modified OVF file
ewanlogan says
Thanks for that tip.
You can also add the --skipManifestCheck flag to the script to bypass the SHA check
anon user says
i think this is a design defect of vcsa installation process. many companies uses MAC addresses for DHCP registration, and the lack of capability to specify MAC address creates a loop for the process - one cannot get a MAC address until a the vcenter is deployed and the deployment process gets stuck without a valid MAC address registration.
h says
Just drop here to say thank you, worked fawesly for OVH and vcenter7
ewanlogan says
Huge thanks for this - I've spent a frustrating week trying to get VCSA installed on an OVH cloud dedicated server and this finally did the job!
Andres Noguez says
Can you run the script from a windows computer? what steps do you need to do for this?
William Lam says
Yes. VCSA Installer is multi-platform. Take a look at the directory which breaks it out by OS type
Guillaume Zahra says
Thanks for this article !
Apparently with the ovfs tools 4.4.3 OR vCenter 7U3 , i don't know, i had to add the "--skipManifestCheck" argument for your VCSAStaticMACAddress.sh script, otherwise, the tool complain that the SHA does not match.