William Lam

Quick Tip - How to check password expiry for a specific vSphere SSO user?

06.04.2021 by William Lam // Leave a Comment

The default password expiry for vSphere Single-Sign On (SSO) users within the vCenter Server Appliance (VCSA) is 90 days and this of course be changed to match your organizations policy. Although the vSphere UI can remind you right before your password expires, you may want to manually check or proactively inventory this information periodically.

To do so, you will need to SSH to the VCSA and use the dir-cli command with --level 2 option to get additional details for a given vSphere SSO user as shown in the example below:

/usr/lib/vmware-vmafd/bin/dir-cli user find-by-name --account william --level 2
Account: william
UPN: william[a]VSPHERE.LOCAL
Account disabled: FALSE
Account locked: FALSE
Password never expires: FALSE
Password expired: FALSE
Password expiry: 8916 day(s) 2 hour(s) 39 minute(s) 30 second(s)

In this particular environment, I have the vSphere SSO password expiry configured to 9000 days and as we can see for this user, there is ~8916 days left before the password expires.

For those looking to automate this, it looks like this is currently only possible using dir-cli but I have submitted a feature request to the recently released PowerCLI vSphere SSO Module to see if this information can also be included in the Get-SsoPersonUser cmdlet. If you need to retrieve the current configured vSphere SSO password expiry, you can use ldapsearch command within the VCSA or the Get-SsoPasswordPolicy cmdlet.

Supermicro 2021 Homelab Group Buy

06.02.2021 by William Lam // 22 Comments

After many months of planning and discussions, today I am excited to share the Supermicro 2021 Homelab Group Buy with the VMware Community! 🥳

A big thanks to both Supermicro and the Aspen Systems team for supporting this community initiative.

Details

This group buy is for a barebones (includes CPU) Supermicro E300-9D-8CN-8TP, which is a very capable platform for running your VMware Homelab which I have previously written about here and here. As a successor to the popular E200-8D, another benefit of the E300-9D is that it is officially listed on the VMware HCL and is supported with the latest vSphere 7.0 Update 2 release.

Since this is the first time we are partnering up with both Supermicro and Aspen Systems for a group buy, we wanted to keep the program simple and initially focus on US based users. If this group buy is successful, we will work with the team to run a similar group buy for other regions such as EMEA/APJ. For this group buy, we have been able to secure a 20% discount for the VMware Community and does require a minimum quantity of 300 units to be purchased to qualify for the discounted rate. If you are interested in participating in this group buy, please visit the URL below. In addition, I will also periodically update this blog post with the latest numbers, so folks have an idea of the overall progress.

Lastly, please help get the word out by sharing this blog post with your friends, colleagues and social network!

UPDATE 2 (06/03/21) - Shipping estimates have changed to ~12-14 weeks due to current global shortages. Group buy website has also been updated to reflect units sold, which will happen at the end of each business day.

UPDATE 1 (06/02/21) - Quantity per customer has been increased to 4

Details	Description
Minimum Quantity	300
Unit Cost	$1350 (includes taxes and fees)
Shipping Cost	Calculated based on destination
Shipping Time	~12-14 weeks
Start Date	June 2 2021
End Date	July 5 2021
Group Buy URL	http://vmwa.re/supermicro-2021-groupbuy

Quick Tip - Changing the size of vSphere Dump Collector for VCSA 6.7 & 7.0

06.01.2021 by William Lam // 1 Comment

When an ESXi host crashes, the generated core dump can be sent over the network to a remote core dump server. The vCenter Server Appliance (VCSA) can be configured as a destination by enabling the built-in vSphere Dump Collector service. By default, the storage repository for the vSphere Dump Collector service is configured to 2GB and can be increased up to 10GB, which is the supported maximum.

In earlier vSphere releases, configuring the vSphere Dump Collector repository size could be done using the vSphere Web (Flash) Client as shown in the screenshot below.

Configure and test of ESXi Dump Collector – Notes from MWhite — Screenshot courtesy from Michael White's blog post https://notesfrommwhite.net/2016/01/20/configure-and-test-of-esxi-dump-collector/

However, as part of the vSphere (HTML5) UI Client transition, it looks like all general VCSA service configurations including the vSphere Dump Collector was not ported over. I can only assume the reasoning for this was due to the infrequency configuring or updating these settings. This has been a question that has come up a few times across both VCSA 6.7 and 7.0 environments and I was recently reminded of the solution and I realized I had not blogged about the solution.

[Read more...]