Tuesday, June 28, 2011

Error during upgrade: The system call API checksum doesn’t match

Today, I got an error during upgrade from vSphere 4.0 to 4.1 stating something like:

The system call API checksum doesn’t match

There was a lot of similar lines filling the console. I was a bit worried that the upgrade had gone wrong even though I had done three similar upgrades before this one with no errors - and that I would have to reinstall in stead.

Luckily, I found this error description in the 4.1 release notes stating that a reboot will fix the issue. So I waited for a while to be sure that the upgrade finished, rebooted, and everything looks fine:

Link to release notes:

"ESX service console displays error messages when upgrading from ESX 4.0 or ESX 4.1 to ESX 4.1 Update 1
When you upgrade from ESX 4.0 or ESX 4.1 release to ESX 4.1 Update 1, the service console might display error messages similar to the following:
On the ESX 4.0 host: Error during version check: The system call API checksum doesn’t match"
On the ESX 4.1 host: Vmkctl & VMkernel Mismatch,Signature mismatch between Vmkctl & Vmkernel

You can ignore the messages.

Workaround: Reboot the ESX 4.1 Update 1 host. "

Tuesday, June 21, 2011

Used network ports between ESX, vCenter, and the vSphere client

In a single customer setup, the network traffic and ports used in the virtual infrastructure are typically not a focus area because most components can be placed on the same networks. However, in a multiple customer environment we're experiencing that the network guys are asking a lot of questions as they want to lock down and secure the networks (which makes sense..).

Anyway, I just wanted to gather some of the info that I use regularly.

  • A link to my previous post with a network diagram
  • Link to VMware KB article about used ports for a vSphere environment and related components
  • vMotion between networks requires TCP port 8000
  • If searching and sorting VMs in the vSphere client is slow, then ensure that port 8443 TCP is opened between the vSphere client and the ESX hosts
  • If hardware status tab is not available, then ensure that port 8443 TCP is opened between the vSphere client and the vCenter server
  • In vCenter 5.x, if searching and sorting VMs in the vSphere client is slow then port 10443 TCP has to be opened between the vSphere client/client PC and the vCenter server (also, opening this port is required for viewing VM inventory across linked mode vCenter servers - for v5.1)
  • If you can't get a remote console on the VMs (you get a black screen and a yellow bar in the top stating some sort of MKS error) ensure that port 903 (and 902) TCP is allowed from the vSphere client and to the ESX hosts
  • If an ESX host keeps disconnecting in vCenter, ensure that port 902 UDP is allowed from the ESX host to the vCenter
Required ports between ESX and vCenter:

Source
Destination
Direction
Protocol
Port
Purpose
vCenter
ESX
In/out
TCP
902
VMware console
vCenter
ESX
In/out
TCP
903
VMware console
vCenter
ESX
In/out
TCP
443
HTTPS
vCenter
ESX
In/out
TCP
22
SSH
vCenter
ESX
In/out
TCP
80
HTTP
vCenter
ESX
In/out
TCP
161
SNMP
vCenter
ESX
In/out
TCP
5989
CIM
ESX
vCenter
out
UDP
902
Heartbeart