Found this issue last week and wanted to note it for future reference for myself (getting old and best way for me to remember as much as anyone:)).
So removed a VM from one of our datastore clusters. Now this machine had an affinity rule applied to it which i wasn’t aware of. Interestingly found i couldn’t remove the rule even wanted to from the datastore cluster.
Turns out the solution was slightly inelegant but it worked.
i) Moved said VM back into the datastore cluster
ii) In the vSphere client (or web) browse to the datastore cluster.
iii) Click the Manage tab and select Settings
iv) Under Configuration, click Rules
v) Pick out your offending rule you want deleted and click Remove and click Ok
Although theoretically possible in vSphere 6.0 VM secure boot support only officially supported with vSphere 6.5. Interesting thing with 6.5 is the range of improvements made in the security space with the hypervisor. Been good too that VMware have been listening to the user community in simplifying the adoption of a lot of these features.
An example being VM secure boot support which is easy to setup.
I) Requires EFI firmware support
II) Works for Windows and Linux virtual machines
To setup simply:
i) edit your virtual machine properties
ii) Choose VM Options tab
iii) Make sure EFI is choosen under the Choose which firmware should be used to boot the virtual machine
iv) Tick the tick box beside Secure Boot (EFI boot only) and ok
And your done
Recently came across an issue trying to assign a static IP address to an OVA file. Was going to post it on the VMware communities site but someone had raised a post asking same question. Turns out the fix is a little more involved than assigning one to an OVF file. Good VMWare discussions article came to my (and some other folks’) rescue:
Handy command i found on my travels – vicfg-hostops –
Nifty way to perform operations across all your hosts at the same time (though needless to say be careful too given its power!)
As you can probably guess by its name lockdown mode is used to increase the security of your ESXi hosts. When enabled no users other than vpxuser have permissions to logon nor can they perform activities against the host directly.
Essentially forces all operations to be performed through vCenter.
Enclosed is a handy table showing the recommended configuration based on setup
Applicable to later editions too.
Important KB covering recommended updated set of settings relevant to vSphere 6.x environments.