Usage meter 4.2 ip/DNS changes back to default after reboot.

Symptom: On new deployment, the Ip/DNS are set correctly but after deployment and power on, the DNS or the IP range is different to that of what was used at the time of deployment

symptom2: When you try to change the Ip/DNS of the usage meter appliance, it returns back to the original values after reboot.

symptom 3: How to change usage meter 4.2 ip address/DNS

cause: usage meter 4.2 relies on ovfenv(a feature of vCenter that leverages IP pool’s to automatically lease out/Set DNS records on compatible ovf). The virtual machine port group used for usage meter is associated to a port group that has an IP pool associated with the incorrect values (values used here is what is cascaded over to usage meter)

Resolution: Log into vCenter flex client> networking>Look for the vm port group>configuration>network pool>associated network, edit this and correct the ip pool and the DNS there and then reboot/retry the deployment

Workaround: to disable (uncheck) ovf environment via vCenter flex client>edit UM VM settings>vapp options> under authoring>ip allocation>ip allocation scheme

Set the correct the IP/mask/gw/DNS in /opt/vmware/etc/vami/ovfEnv.xml and then reboot the VM

Note: This is only applicable if the VM port group at the time of deployment had an ip pool associated. If it did not have one, then you can set the ip/mask/gateway by following the instructions here: or using vami_config_net

photon 2.0 Network configuration

file: /etc/systemd/network/





if the DNS= is not specified on the file, resolve.conf will be overwritten with DHCP provided values (if the DHCP flag is not present)

Usage meter 4.x root password reset/unlock

At the photon logo, press ‘e’ and you will see the editable grub menu:
Append rw init=/bin/bash on the line that starts with “linux”

Press ctrl + x or f10 to continue

you should see a screen similar to the below:

To unlock the account, type the below command (if you know the password)

/sbin/pam_tally2 -r -u root

to reset the password, run the below

passwd root

Note: Changing the password does not unlock the account. if the account is locked out, you will need to run the previous command to unlock

Restart the guest of and then boot back into normal appliance and then try logging back in.

vRBC -Exporting a database dump/restoring Database dump

Instructions to backup/restore the vRBC database below

Backup DB:

export PGPASSWORD=`grep 'jdbc.password=\K.*' /usr/local/tomcat/itbm-server/conf/ -Po` 

   /opt/vmware/vpostgres/current/bin/pg_dump --data-only -U itfm_cloud_admin -d postgres -t vcac_user_consumer_mapping > /root/backup.sql 

Restore DB

   export PGPASSWORD=`grep 'jdbc.password=\K.*' /usr/local/tomcat/itbm-server/conf/ -Po` 

   /opt/vmware/vpostgres/current/bin/psql -U itfm_cloud_admin -d postgres -f /root/backup.sql 

Log in/connect to vRBC vPostgres:


VRA health API via bash with results


curl https://localhost/SAAS/API/1.0/REST/system/health -k

[master] cava-n-80-094:/etc/init.d # curl https://localhost/SAAS/API/1.0/REST/system/health  -k
{"AnalyticsUrl":"http://localhost:8080","EhCacheClusterPeers":"","AuditPollInterval":"1000","EncryptionServiceVersion":"unknown","AnalyticsConnectionOk":"true","EncryptionServiceVerified":"Master Keystore verified","FederationBrokerStatus":"ok","ServiceReadOnlyMode":"false","AuditWorkerThreadAlive":"true","BuildVersion":" Build 12694081","AuditQueueSize":"0","DatabaseStatus":"connection failure","HostName":"","EncryptionStatus":"connected","FederationBrokerOk":"true","EncryptionConnectionOk":"true","EncryptionServiceImpl":"Encryption Service DB","ClusterId":"9b545db2-2c45-4950-b8e3-99e0eb3671d3","EhCacheClusterDiagnostics":"","DatabaseConnectionOk":"false","StatusDate":"2020-02-22 13:38:46 UTC","ClockSyncOk":"true","MaintenanceMode":"false","MessagingConnectionOk":"true","fipsModeEnabled":"false","ServiceVersion":"3.1.0","IpAddress":"","AuditDisabled":"false","AllOk":"false"}[master] 

Elastic search

curl localhost:9200/_cluster/health?pretty=true

[master] cava-n-80-094:~ # curl localhost:9200/_cluster/health?pretty=true
  "cluster_name" : "horizon",
  "status" : "yellow",
  "timed_out" : false,
  "number_of_nodes" : 1,
  "number_of_data_nodes" : 1,
  "active_primary_shards" : 5,
  "active_shards" : 5,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 5,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0

Recovering from expired certificates on vRo (vRealize orchestrator)- cli methord

So the other day the vRo certificates had expired. We tried to change it from the vco-control center, after importing the certificates, vRo UI would simply stay there stating restarting in 2 min but nothing happens.

to replace the certificate’s via CLI

Grab the Keystore password

cat  /var/lib/vco/keystore.password

Generate CSR using key tool

keytool -certreq -alias dunes -keypass "Pge2Nn366tNBqNavkgg6VZOHJuWmkIHAEPNq1DYu" -keystore "/etc/vco/app-server/security/jssecacerts" -file "/crt/new.csr" -storepass "Pge2Nn366tNBqNavkgg6VZOHJuWmkIHAEPNq1DYu" -ext,,

Grab the /crt/new.csr and get this signed using the CA, Import the signed cert back into vRo and then import the certificate

keytool -importcert -alias dunes -keypass "Pge2Nn366tNBqNavkgg6VZOHJuWmkIHAEPNq1DYu" -file "/crt/casigned.crt" -keystore "/etc/vco/app-server/security/jssecacerts" -storepass "Pge2Nn366tNBqNavkgg6VZOHJuWmkIHAEPNq1DYu"

Restart Services

service vco-server restart && service vco-configurator restart

Now, copy the signed certificate over to node2 and then run the import command (grab the keystore password from /var/lib/vco/keystore.password)

keytool -importcert -alias dunes -keypass "AzW2gI1QJcNcRNzRX3TyrznhKlYNagKje45fTbSB" -file "/crt/casigned.crt" -keystore "/etc/vco/app-server/security/jssecacerts" -storepass "AzW2gI1QJcNcRNzRX3TyrznhKlYNagKje45fTbSB"

Restart services and you are done!!

service vco-server restart && service vco-configurator restart

vRA Service registration status using bash CLI

log in to terminal of the vRA appliance and run the below script

curl --insecure -f -s -H "Content-Type: application/json" "https:/$HOSTNAME/component-registry/services/status/current?limit=200" | sed "s/}/\n/g" | grep -E -o ".serviceName.*serviceInitializationStatus.[^,]*" | sed "s/\"serviceTypeId.*,//g" | sed -e "s/\"//g" -e "s/:/=/g" -e "s/,/, /" | sed -e "s/serviceName\|serviceInitializationStatus\|=\|,\|null//g" | column -t | sort | cat -n

looking for a specific record on a Postgres database

The below script will look for a string in every column of the database. To start off with, Log in to postgres and make sure that you have selected the database.

create a function by running the below script. (copy and paste as it is)

CREATE OR REPLACE FUNCTION search_whole_db(_like_pattern text)
  RETURNS TABLE(_tbl regclass, _ctid tid) AS
   FOR _tbl IN
      SELECT c.oid::regclass
      FROM   pg_class c
      JOIN   pg_namespace n ON n.oid = relnamespace
      WHERE  c.relkind = 'r'                           -- only tables
      AND    n.nspname !~ '^(pg_|information_schema)'  -- exclude system schemas
      ORDER BY n.nspname, c.relname
         'SELECT $1, ctid FROM %s t WHERE t::text ~~ %L'
       , _tbl, '%' || _like_pattern || '%')
      USING _tbl;
$func$  LANGUAGE plpgsql;

Now, run the below command, replace ‘mypattern’ with the object you are looking for

SELECT * FROM search_whole_db('mypattern');

Here’s an example:

I am looking for a VM named hosting:57669-1:HTM:Cluster1-Web5 in a vCD database. Below is the output from psql

Type "help" for help.

vcd=# CREATE OR REPLACE FUNCTION search_whole_db(_like_pattern text)
vcd-#   RETURNS TABLE(_tbl regclass, _ctid tid) AS
vcd-# $func$
vcd$# BEGIN
vcd$#    FOR _tbl IN
vcd$#       SELECT c.oid::regclass
vcd$#       FROM   pg_class c
vcd$#       JOIN   pg_namespace n ON n.oid = relnamespace
vcd$#       WHERE  c.relkind = 'r'                           -- only tables
vcd$#       AND    n.nspname !~ '^(pg_|information_schema)'  -- exclude system schemas
vcd$#       ORDER BY n.nspname, c.relname
vcd$#    LOOP
vcd$#       RETURN QUERY EXECUTE format(
vcd$#          'SELECT $1, ctid FROM %s t WHERE t::text ~~ %L'
vcd$#        , _tbl, '%' || _like_pattern || '%')
vcd$#       USING _tbl;
vcd$#    END LOOP;
vcd$# END
vcd$# $func$  LANGUAGE plpgsql;
vcd=# SELECT * FROM search_whole_db('hosting:57669-1:HTM:Cluster1-Web5');
  _tbl  | _ctid
 vm_inv | (2,8)
(1 row)

Updating the vCenter Service accounts for vRealize products:

LCM(LifeCycle Manager)

  • Update the credentials there. 


  • Log in to vRops as an admin
  • Browse to Administration>  Solutions >Cloud accounts > Click on the vCenter edit
  • Click on the edit icon for the credentials 
  • Update the password in the field


  • Log into the vRA org URL:  https://vraFQDN/vcac/org/ORG_NAME as the tenant admin or the infrastructure administrator. 
  • navigate to Infrastructure > endpoint > Edit the vCenter endpoint.
  • Update the credentials under the username password
  • Note: If integrated credentials check box is enabled, vRA uses the service account  used in IAAS (domain account)

vRO (embeded and/or External):

  • Navigate to  vRO Https://vRo_ip/vCo
  • Login with the administrator account.
  • Navigate to Library>Workflow and search for “Update a vCenter Server instance” workflow.
  • Click on “Update the log-in properties”
  • Fill in the update password for user and click on RUN
  • Note: If you have custom vCenter Certificates, you will need to click on the notification icon (on the left top) and allow follow the “waiting for input prompt”

Log Insight:

  • Navigate to the log insight URL, Switch over to the administration page (from the left top)
  • Under integration, click on vSphere, and click on edit and fill in the password
  • Click on test connection and save (on the top) when done.