2. VMware
  3. vCenter 6.x/7.x incorrectly displays the amount of licenses in use by ESXi hosts

vCenter 6.x/7.x incorrectly displays the amount of licenses in use by ESXi hosts

weimoo 4月前 105

Products

VMware vCenter ServerVMware vSphere ESXi

Issue/Introduction

The purpose of the KB article is to determine if there are stale entries in the VMware Directory Service database, and if so, instructions on how to remove them.

Symptoms:
  • vCenter Server shows the license assigned key count as negative
  • You are unable to assign more hosts to a license key
  • The number of hosts in the environment is lower than the capacity of the license


Environment

VMware vSphere 6.x
VMware vSphere 7.0.x

Cause

vCenter 6.x/7.x incorrectly displays the amount of licenses in use by ESXi hosts (broadcom.com)
Remove old vCenter from licensed assets | vCenter (broadcom.com)
This issue can occur due to a stale license entry in the VMware Directory Services database.

Resolution

To resolve this issue, determine if there are stale entries in the VMware Directory Service database and remove them.

Note: Ensure that the vCenter and any external PSCs have been rebooted before implementing this KB.
The reboot sequence is to reboot PSC(s) first and then vCenter(s). Occasionally, this process can be enough to resolve the issue. 
 
To identify and remove stale license entries:
 
Note: This process involves modifying the VMware Directory Services database. Ensure to take a backup of the database before proceeding. For more information, see the Backup section in List of recommended topologies for VMware.vSphere 6.0.x (2108548).
  1. Stop the VMware Security Token Service and VMware Identity Management Service. For more information, see How to Stop, Start or Restart vCenter Server 6.x Services (2109881). Note: As VMware Identity Management Service is not present on vCenter 7.x, this can be skipped for that version.
  2. Run select * from VPX_ENTITY where TYPE_ID = 1 on the Windows vCenter Server database to display the hosts: For information on connecting to the Windows vCenter Server VMware vPostgres database (DB) Connecting to the embedded vPostgres Database in a Windows installed vCenter Server 6.x (2108848)
vCenter Server Appliance:
  1. Log in to the vCenter Server Appliance.
  2. Type shell.set --enabled true and press Enter.
  3. Run this command to retrieve the database password:

    cat /etc/vmware-vpx/vcdb.properties | grep "password =" | awk '{ print $3 }'
Run this command to retrieve the database password:cat /etc/vmware-vpx/vcdb.properties | grep
  1. Connect to the database by running this command:
/opt/vmware/vpostgres/current/bin/psql -d VCDB vc
 
Note: Enter the password from Step c when prompted.
 
Connect to the database by running this command:/opt/vmware/vpostgres/current/bin/psql -d VCDB vc
  1. Run this query:

    SELECT * FROM vpx_entity WHERE type_id = 1;
Run this query: SELECT * FROM vpx_entity WHERE type_id = 1;
  1. Make a note of the hosts and their associated ID field displayed in the query results.

    Note: This process must be repeated for each vCenter Server in the VMware vCenter Single Sign-on domain.
     
  2. Download and install JXplorer, available at JXplorer.
  3. Open JXplorer and select File > Connect.
  4. In the Open LDAP/DSML pane, make these configuration changes:
    1. For host, enter the FQDN of your Platform Services Controller.
    2. The Port should be 389 or 11711.
    3. The protocol is LDAP v3.
    4. Base DN will be dc=vsphere,dc=local.
Login to Jxplorer screen
Note: If you are using a custom vCenter Single Sign-on domain name, you have to replace vsphere and local with the name of your custom domain name. For example, if you chose vsphere.vmware.corp as your vCenter Single Sign-on domain, the value would be: dc=vsphere,dc=vmware,dc=corp
  1. The Security Level will be User + Password.
  2. The Security User DN will be cn=administrator,cn=users,dc=vsphere,dc=local.
  3. The Security Password will be your administrator password for your vCenter Single Sign-on administrator account.
  4. Expand Services > LicenseService.
  5. Select any AssetEntity_host-ID-UUID values that do not have a corresponding match to the information obtained from the vCenter Server database in step 2.
 
Select any AssetEntity_host-ID-UUID values that do not have a corresponding match to the information obtained from the vCenter Server database in step 2.
Note: The ID fields from both sources should match. The UUID object is unique to each vCenter Server within the vCenter Single Sign-On.
  1. Confirm the assets selected are not currently in use by:
     
  2. Select the asset in JXplorer to view these properties of the object:

    vmwLicSvcAssetName - Friendly name of the asset. This can be the Fully Qualified Domain Name (FQDN) or IP address of the asset.
    vmwLicSvcAssetScopeID - This is the license associated with the asset.
 
Select the asset in JXplorer to view these properties of the object:
  1. Using the vmwLicSvcAssetScopeID value from step 9a, navigate to the corresponding LicenseEntry_vmwLicSvcAssetScopeID entry under Services > LicenseService within JXplorer where vmwLicSvcAssetScopeID is a unique identifier assigned to the license entry.
Review the vmwLicSvcLicenseName and vmwLicSvcLicenseSerialKeys value to confirm the friendly name and key of the license that reports the incorrect amount of licenses in use.
 
  1. Remove the affected AssetEntity_host-ID-UUID.

    Warning: Do not attempt to remove or modify any objects that do not begin with AssetEntity_host-. Removing or modifying these objects may require a clean reinstall of vCenter and the Platform Services Controller without preserving vCenter Single Sign-on data.
     
    1. Right-click on the entry to remove.
    2. Select Delete.
       
  2. Start the VMware Security Token Service and VMware Identity Management Service. For more information, see. How to Stop, Start or Restart vCenter Server 6.x Services (2109881)
  3. Restart the VMware License Service. For more information, see  How to Stop, Start or Restart vCenter Server 6.x Services (2109881)
Note: You may need to restart vpxd service.


Additional Information

/usr/lib/vmware-vmafd/bin/vmafd-cli get-domain-name --server-name localhost

Impact/Risks:
Warning: Before using JXplorer to remove stale licenses or make any changes, ensure you have taken proper snapshots of your SSO domain. This means that you must shut down all vCenters or PSCs that are in the SSO domain at the same time, then snapshot them, and power them on again.  If you need to revert to one of these snapshots, shut all the nodes down, and revert all nodes to the snapshot. Failure to perform these steps will lead to replication problems across the PSC databases.
收藏的用户(0 X
正在加载信息~
最新回复 (0)
全部楼主
返回
发新帖