Milestone2:vCenter - echadbourne/SYS-350 GitHub Wiki

Reflection sections are highlighted like this in this lab

Step 1: Upload WinServer and VCSA ISOs

Located in the X: drive

image

Step 2: DC1-350

Set up the VM with 2 CPUs and 8GB of RAM, make sure its pointing to the Windows server ISO, set it up on the VMNetwork rather than the SYS350 internal.

When installing, make sure to select the desktop experience

use sconfig in powershell to install updates and configure other things

Run this script to sysprep the box

Install vmware tools, in ESXi, Action > Guest OS > Install VMWare tools. Then in the vm run setup 64 from the mounted dvd drive

Power off and change some settings on the Windows Server 2019 box:

  • Network to 350 internal
  • CDROM to host device

Take a snapshot called base

Configure the networking with the following:

  • IP: 10.0.17.4/24
  • GW: 10.0.17.2
  • Initial DNS: 10.0.17.2
  • Hostname: DC1-name

I did not do the domain name yet because the domain has not been created. At this point I also needed to create a password for the Administrator account because that was causing problems when creating the domain and promoting the server to a domain controller.

  • I was also running into and issue with the windows installation borking itself at this step if I was not very careful about doing the domain creation and promotion carefully. I ended up reverting to the base snapshot, and redoing the whole process very carefully with lots of restarts to make sure it accepted the Administrator password and worked properly.

Add ADDS/DNS with Management tools - this doesn't need much explaining and can be found in other labs

  • Created named admin [name]-adm, added them to the Domain Admins and Enterprise Admins group
  • Created records for all of the active devices on the network at the moment - fw1, mgmt1, dc1, super5, and vcenter (the ip information for all devices can be found here)
  • Verified that all of the pointer records were correct

Later I actually went back and redid the records for super5 and vcenter because I had capitalized them by accident and I didn't want it to cause any problems or frustration in the future. This basically just involved deleting the old records and making new ones, because if I tried to make the new ones first it would throw errors

Step 3: VCenter Installation

Preparation

Next I changed the DNS settings on the mgmt server to point towards 10.0.17.4, my AD server. Then I pinged super5 and vcenter by domain name to make sure they were correct and working

image

It is important to note that before vcenter is installed the ping will not go through, but it will instead say "destination host unreachable" rather than "could not resolve domain name" or something like that. This means that the domain name is working, which is important for the later installation

You can also nslookup each of the hosts to make sure the record is working

Make sure the ESXi host is synced to pool.ntp.org as the time server, this will be important later

  • Host > Manage > Time & Date > NTP Server: pool.ntp.org

image

I don't know why the service status is "Stopped" but the rest of the lab seemed to work fine so I can deal with that another time

Starting the Installation

On mgmt1 - Mount the VSCA ISO and make sure it is connected

image

Navigate to /media/user/VMWareVCSA/vcsa-ui-installer/lin64 and run ./installer

Stage 1

Run through the installer, I did this:

  • Name it "vcenter"
  • Deployment size small
  • Select Thin Disk
  • Select the datastore you created (if you have it)
  • Do not lose your VCSA root pass or default SSO Admin pass
  • FQDN: vcenter.name.local
  • IP address 10.0.17.3

Create your default vcenter domain and admin: administrator@vsphere is a good default

Stage 2

The next step of the installation has to do with the time server. The instructions say to use pool.ntp.org directly but that would not work for me, so I synchronized it with the ESXi host and later changed the time server to that ntp one.

New SSO domain:

  • vsphere.local (default)

No CEIP, and finish

Update vCenter

Sign into vCenter management interface with root credentials (vcenter.name.local:5480)

It was at this point that I resolved the time server issue from before

Go to update > Check updates for CD ROM and URL

  • I selected the 8.0.1.00300 version and updated it

Finishing Up

Create a DataCenter called SYS350, and add super5 has a host

When adding super5 as a host there were a few tabs that were not anywhere in the instructions. I just left them at the defaults and moved on

I then added both of the licenses that I got for vcenter by clicking the manage license tab and adding the keys from the email to the prompt. Then I assigned each of the licenses under the assets tab

Step 4: SSO Integration

Start by joining vCenter to your domain, under "Administration" in the Single Sign On tab, go to configuration and Join AD. Use your Domain Admin credentials to join to the domain

image

I had problems with the time server not being synced, it was fine on vcenter but not on the Domain Controller or ESXi. To remedy this I ran the following:

  • net stop n32time
  • w32tm /config /syncfromflags:manual /manualpeerlist:"pool.ntp.org"
  • w32tm /config /update
  • w32tm /resync /rediscover

I also had problems with the ESXi time server not running, and I had to manually turn it on in the services tab of the ESXi interface

Reboot vcenter from the management console - this took a long time and I had to redo it because it didn't work the first time

In the Users and Groups under Single Sign On go to the Administrators section in Groups and add [name].local domain administrators

image

image

Log out and log back in

I also had problems with this, for some reason my domain admin was not a domain admin so I needed to add that in later