Cannot Open KVM Virtual Machine Manager on CentOS 7

I got following error message when I try to run KVM Virtual Machine Manager: virt-manager on SSH.

Gtk-WARNING **: cannot open display:

There are several things need to be checked:

  • Make sure “X11Forwarding” is set to “yes” in /etc/ssh/sshd_config on the machine you run virt-manager.
    cat /etc/ssh/sshd_config | grep "^X11"
  • If you are using Windows to connecting SSH. The X11 need to be forwarded to an “X Window server” on top of Windows. I use xming.
  • If you connect SSH by Putty on Windows. Please configure X11 forwarding.
    • Go to “Connection” -> “SSH” -> “X11“.
    • Check “Enable X11 forwarding“.
    • Assign xming.exe path in “X authority file for local display“.
  • If you are using terminal on Mac OS. You need to install Xquartz. It configures terminal automatically.

Now you are ready to use “virt-manager“.

“Timed out waiting for the PowerShell extension to start” in Visual Studio Code

When you load a PowerShell script you may see following error messages:

Timed out waiting for the PowerShell extension to start

If you see error logs, following appears:

The language service could not be started

One possible reason is your PowerShell executive policy is set to “AllSigned“. You can find the policy by run PowerShell command below.

Get-ExecutionPolicy

Run the following command in an elevated PowerShell window to change the policy.

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned

 

Cisco UCS Blade Cannot Get IP Address for KVM

You may see “The IP address to reach the server is not set” when clicking the KVM console in Cisco UCS Manager. The issue persists even Cisco UCS Manager has enough IP addresses for management. Re-acknowledge or reset CIMC cannot fix the problem.

The fix procedure is go to “Equipment” -> Select the server -> “General” tab -> “Server Maintenance” -> “Decommission” the server.

Wait for the decommission completed, then re-acknowledge the server. IP address will be assigned to the server after the acknowledge process is completed.

How to Specific Allowed IP Addresses in ESXi Firewall by PowerCLI

In recent LAB environment reviewing, I noticed my LAB ESXi hosts allow connections from all IP address for NTP services. This is not the best practices for the solid environment. I want to specify certain IP addresses are allowed in case of vulnerabilities in NTP services. There are a lot of blogs talking about how to enable/disable firewall ruleset but no one talks about how to do so. Following is what I figured out. Please let me know if you see anything I can improve.

# Please connect to vCenter Server by Connect-ViServer before use this script.
$vmhosts = Get-VMHost -Location esxiCluster
foreach($vmhost in $vmhosts){
$esxcli=get-esxcli -vmhost $vmhost -V2
$ntpRuleSet = $esxcli.network.firewall.ruleset.set.CreateArgs()
$ntpRuleSet.allowedall="false"
$ntpRuleSet.rulesetid="ntpClient"
$esxcli.network.firewall.ruleset.set.Invoke($ntpRuleSet)
$ntpAllowIP = $esxcli.network.firewall.ruleset.allowedip.add.CreateArgs()
$ntpAllowIP.rulesetid="ntpClient"
$ntpAllowIP.ipaddress="192.168.0.1"
$esxcli.network.firewall.ruleset.allowedip.add.Invoke($ntpAllowIP)
$ntpAllowIP.ipaddress="192.168.0.1"
$esxcli.network.firewall.ruleset.allowedip.add.Invoke($ntpAllowIP)
}

The red text is customized parameters. Please change accordingly.

The script gets all ESXi hosts details in the specified location, you can use a cluster name, ESXi name, or folder. Then it disables “Allow connections from any IP address” option of the ruleset, and add 2 IP addresses to the ruleset.

ESXi Disconnects From vCenter

If you are still using Windows 2008 for vCenter Server. You may see ESXi hosts lost connection back and forth on vCenter Server after recent Windows pathing. It’s not something like a heartbeat lost for a few seconds. ESXi can takes minutes to back online.

You can see similar logs in vpxd.log:

2018-08-03T09:24:23.337-04:00 error vpxd[20160] [Originator@6876 sub=HttpConnectionPool-000000] [ConnectComplete] Connect failed to <cs p:00000000200ed300, TCP:XXXXXXXXXXXXXXXX:443>; cnx: (null), error: class Vmacore::SystemException(Only one usage of each socket address (protocol/network address/port) is normally permitted)

2018-08-03T09:24:23.337-04:00 error vpxd[06332] [Originator@6876 sub=Vmomi opID=HB-host-28@307067-1d257f9c] [VpxdClientAdapter] Got vmacore exception: Only one usage of each socket address (protocol/network address/port) is normally permitted

 

2018-08-03T09:24:23.338-04:00 error vpxd[06332] [Originator@6876 sub=Vmomi opID=HB-host-28@307067-1d257f9c] [VpxdClientAdapter] Backtrace:

–>

–> [backtrace begin] product: VMware VirtualCenter, version: 6.0.0, build: build-3634793, tag: vpxd

–> backtrace[00] vmacore.dll[0x001C599A]

–> backtrace[01] vmacore.dll[0x0005C8BF]

–> backtrace[02] vmacore.dll[0x0005DA0E]

That’s because your Windows server installed one of following patches.

July 10, 2018—KB4338818 (Monthly Rollup)

July 10, 2018—KB4338823 (Security-only update)

The fixes are the following.

If you installed KB4338818, please install July 18, 2018—KB4338821 (Preview of Monthly Rollup)

If you installed KB4338823, please install Improvements and fixes – Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 (KB4345459)