Thank you for replying. Just wanted to follow-up and say that I ended up just doing a manual re-ordering on one of my hosts using localcli. I am going to create a host profile and see if I can "fix" the ordering on other hosts as was suggested in a VMware KB article. I had updated UCSM to 4.0(1b) and also the Host Firmware. This whole thing was more or less an experiment to see if I could actually get the "desired order" to be the "actual order". I also needed to clean-up and rebuild most of the Service Profiles so I built new Service Profile Templates. The only thing I preserved was the WWNN Pool since we boot from SAN and I did not want to have to reconfigure zoning.
A few answers to your questions, though. This particular host is a B200 M4 with a Cisco VIC 1340 MLOM and Cisco VIC 1380. The reason I tried a 'Reset System Configuration' was that I wanted the reset VMware OS to enumerate the devices again and see what order they would be in. The reset did re-order the vNIC and vHBA, but still in a wonky order.
-- No extra vNIC or vHBA were added, at least this was not the root of the issue. I played around with changing the number of vNIC from eight to one and then back to eight, but then had non-contiguous MAC addresses. At one point, I didn't even have MAC addresses near the same range as one another. They were all over the place. I altered my MAC Pool and created two pools, one for each Fabric Interconnect and reflecting such in the MAC Pool. I also set the assignment order from default to sequential.
-- ESXi was originally not installed after creating Service Profile with linear placement, but doing the 'Reset System Configuration' essentially did make this so.
-- The Service Profile was not moved from one blade to another and these blades have only ever had VMware ESXi installed.
-- The desired order is basically to have 1:1:1 with the lowest to highest vmnic match the vNIC and the MAC address increase from low to high as well. See below for an example. This is now my "reference host".
Cisco UCS Name
VMware ESXi Name
... View more
-- Cisco UCS B200 M4 blade with Cisco UCS VIC 1340 (Adapter 1 / UCSB-MLOM-40G-03) and Cisco UCS VIC 1380 (Adapter 2 / UCSB-VIC-M83-8P) adapters. -- Firmware is UCS Manager 4.0(1b) but was an issue in 3.x firmware as well. -- Hosts run VMware ESXi, 6.5.0, 10175896, but issue existed in lesser builds as well.
-- MAC Pool configured, size 256 and assigned sequential
-- vNIC Templates consist of eight vNICs: -- two for management, one on FI-A and the other on FI-B (eth0 and eth1) -- two for vMotion, one on FI-A and the other on FI-B (eth2 and eth3) -- four for various VLANs, split round-robin between FI-A and FI-B (eth4; eth5; eth6; eth7) -- LAN Connectivity Policy is configured with all eight vNICs
-- vNIC/vHBA Placement Policies have been created, one for Linear and another for Round Robin In the Service Profile Template, I have played around with the vNIC/vHBA Placement trying to only use the Cisco VIC 1380 adapter, which is Adapter 2. My placement policy is set to Linear so according to Cisco documentation, vCon 1 and vCon 2 should be for Adapter 1 and vCon 3 and vCon 4 should be for Adapter 2 in a blade with two adapters.
Under vCon 3, I have the following:
So...in UCSM, when I go to Equipment > Chassis > Chassis 1 > Servers > Server# > Adapters > Adpater 2 > HBAs or NICs, they are all on Adapter 2! This seems exactly like what I am looking for.
However...in VMWare, click on Configure Management Network > Network Adapters, my network adapters are out of order (by MAC Address) and spanned across Mezzanine Slot 1 and Chassis slot 6! How? Why?
Ok, so this calls for drastic measures. I consulted the VMware article https://kb.vmware.com/s/article/2091560 which describes how VMware ESXi determines the order in which names are assigned to devices. So, rather than manually reorder the file and reboot, I decided to "nuke it" by using the 'Reset System Configuration'. The system came back on-line with the same problem of half the Network Adapaters on the Chassis and the other half on the Mezzanine.
Can anyone smarter than me figure this out?
... View more
This procedure is a pain! Trust me, I know what you are going through. Hopefully the following will help.
Assuming you are on a Windows computer, you can view the certificate's 'Certification Path'. There are a few ways to go about opening the certificate to view this tab. The easiest way is to use an mmc.exe window. (Win + R; mmc.exe; File > Add/Remove Snap-in... > Certificates > Add > OK) If you right-click on a certificate, choose Open, choose Certification Path. This will show the Certification path.
When you build the chain like I described in earlier post, you will want to start from the lowest level certificate up the chain to the root. This means the root certificate in your chain will be the last entry in your chain trust. So starting from the bottom in the Certification path window, this will be your first entry in your text document. Keep moving up the path (from Certification path window) and add the entries after your last entry on your text document. I used Notepad++ because you can open multiple text documents in one window and this makes it easier to copy and paste without getting confused on what document is what. You can use a simple notepad tool. When you have "chained" your certificates together in the text document, save that file as something like chained-certs.crt. This will be the file you want to upload to the UCS.
... View more
I know the original post is somewhat old, but it took me quite awhile to figure this one out in the past few days. When I started my Google search, this was the first post to come up. I wanted to make sure others had a fix as well. Unfortunately, the Cisco UCS Manager Administration Management Guide was too vague and did not provide enough details (that I could find).
The specific error I would receive (on firmware 3.1(2e) and firmware 3.1(2b)) was: "Error creating TP <name of Trusted Point>. failed to verify certificate chain, error: Failed to split certificate chain"
This is how I was able to fix and now, of course, it seems quite obvious given the name, Certificate Chain.
~~ Creating a Trusted Point ~~
Launch UCS Manager
Admin > Key Management > Trusted Points
Click 'Add' to create a new Trusted Point
Name is the name of the trusted point. It will display as (TP <whatever name you gave it>) after completion. (ie naming it 'Test' will result in 'TP Test')
Certificate Chain is the certificate information for the trusted point. It is merely a concatenation of the certification chain, starting with the Intermediate Certificates, then the Root Certificate, in a top-down order. The entire contents of the Base64 encoded X.509 (CER) file starting from the -----BEGIN CERTIFICATE----- to the -----END CERTIFICATE----- need to be copied, then immediately following on the next line, should be the next certificate starting from the -----BEGIN CERTIFICATE----- to the -----END CERTIFICATE-----.
See example, following. -----BEGIN CERTIFICATE----- <Intermediate Certificate Contents> -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- <Intermediate + 1 Certificate Contents> -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- <Root Certification Authority Certificate Contents> -----END CERTIFICATE-----
As an afterthought, I should have paid more attention to the fact that the field name actually contained the word "chain" in it. I failed to "chain" the certificates together as this was not clear to do to me.
Hopefully, this will help you out in the future should you also encounter this error.
... View more
This download does not work. The OVA file will only download 335.6 MB and is not complete. There is an issue with this file. I have tried with multiple computers and ISPs to rule out computer or network issues. Hopefully this will get fixed soon.
... View more