[VMware Explore on Tour] Paris here we come!!

This year the format of VMware Explore has changed; there are no longer two events (America, Europe) but there are smaller events around the world.
Explore is extending across the globe as 1 to 1.5 day events that will highlight the top content and insights from Explore in Las Vegas. Each event will include a curated subset of sessions and Hands-on Labs, a meetings program, and networking opportunities.

✨ Exciting times ahead – VMware Explore On Tour is coming to Paris! 🇫🇷

I’m truly looking forward to joining this year’s VMware Explore On Tour in Paris – a unique opportunity to immerse ourselves in the latest innovations, strategies, and real-world stories that are shaping the future of IT.

Beyond the inspiring sessions and thought-provoking keynotes, events like VMware Explore always carry something even more valuable: the chance to reconnect with old friends, colleagues, and community members, while meeting new professionals who share the same passion for technology, cloud, and digital transformation.

🔹 Learning from top experts
🔹 Discovering new solutions and use cases
🔹 Expanding perspectives on modern private cloud, AI, networking, and security
🔹 Strengthening relationships and building new connections


These moments of exchange and collaboration are what make this community so special. Every conversation, whether in a breakout session or over a coffee, adds a new piece to the bigger picture of how we’re transforming the way organizations run and innovate.

I can’t wait to be there, dive deeper into the latest trends, and, most of all, enjoy the vibrant energy of our ecosystem coming together in the beautiful city of Paris.

Who else will be there?

[NSX - KB406460 ] NSX_OPSAGENT on ESXi node

Issue

Today has been release the KB 406460 related "The memory usage of agent NSX_OPSAGENT on ESXi node <UUID> has reached <kb> kilobytes which is at or above the high threshold value of 80%"

Solution

As a temporary workaround to the issue as mentioned in option 1, which consist in to restart OpsAgent on the affected hosts; I wrote a short prowershell script to restart the agent on all hosts connected to vCenter Cluster.
Let's see it below:

##########
# 
# Run remote commands (Linux like) on esxi hosts to restart /etc/init.d/nsx-opsagent
#
# How it works:
# 	Connect to vCenter
# 	Get the list of ESXi hosts from the cluster
# 	Enable SSH on host
# 	Restart "/etc/init.d/nsx-opsagent" service on the host
# 	Disable SSH on host
#
# Requirement: Install-Module -Name Posh-SSH
#
# LM 22.05.2025
##
Import-Module -Name Posh-SSH

#Replace the parameter below with your values
$esxiUser = "root"
$esxiPassword = "<ESXi - PASSWORD>"
$vc = "<vCenter IP or FQDN>"
$vcUser = "administrator@vsphere.local"
$vcPassword = "<vCenter Password>"
$clusterName = "<Cluster Name>"

Connect-VIServer -Server $vc -User $vcUser -Password $vcPassword

$count=0
foreach ($esxiIP in (Get-Cluster -Name $clusterName | Get-VMHost)) {
  $count = $count + 1      
  Write-Host " ----------------------- $($esxiIP) ----------------------------------"
  # Enable SSH 
  Write-Host " Enabling SSH! " -ForegroundColor Green
  Get-VMHost -Name $esxiIP| Get-VMHostService | ?{"TSM-SSH" -eq $_.Key} | Start-VMHostService

  #SSH connection and service restart 
    $session = New-SSHSession -ComputerName $esxiIP -Credential (New-Object System.Management.Automation.PSCredential($esxiUser, (ConvertTo-SecureString $esxiPassword -AsPlainText -Force)))  -Force
    if ($session.Connected) {
        $command = "/etc/init.d/nsx-opsagent restart"
        $result = Invoke-SSHCommand -SessionId $session.SessionId -Command $command 
    
        if ($result.ExitStatus -eq 0) {
            Write-Host "Service restarted! on Host ->"$esxiIP -ForegroundColor Green
        } else {
            Write-Host "Error on host $($esxiIP): $($result.Error)" -ForegroundColor Red
        }
    
        Remove-SSHSession -SessionId $session.SessionId | Out-Null
    } else {
        Write-Host "SSH Connection failed! on Host ->"$esxiIP -ForegroundColor Red
    }

  sleep 1
  # Disable SSH
  Get-VMHost -Name $esxiIP| Get-VMHostService | ?{"TSM-SSH" -eq $_.Key} | Stop-VMHostService -Confirm:$false

  Write-Host " ----------------------------------------------------------------------------"
  Write-Host
}

Disconnect-VIServer -Server $vc -Confirm:$false

    

That's it.

[NSX - Search for Objects] Quick TIP

Issue

Why if I do a search in the NSX "search bar" with the admin user, I get results and if I do the same search with another user (who identifies himself via vIDM, which has the same roles and permissions as the admin user), I get more information?? Both are "Enterprise Admin".
See pictures below, search with admin user ...

... search with another "Enterprise Admin" user.

Solution

When NSX is first installed, it does not set the "User Interface Mode Toggle" by default in System > Settings > General Settings > User Interface ...

When searching this leads to an incomplete results.
Changing to Policy Mode ...

... repeating the search with the Admin user .... now we have the complete result ...

Further information regarding the "Search for Objects" can be found at the following link.

That's it.

[NSX] Export Segment list into Excel

Issue

Starting from a post I wrote some time ago; about creating Session Cookies on Powershell for authentication in NSX, [NSX] - API Authentication Using a Session Cookie on PowerShell.
I had to create a script to export the complete list of segments configured in NSX, with their Subnets/Gateways, Tier-1s, Tier-0s, IDs, Transport Zones.
Below few line of code to do that. The code is provided without warranty, use at your own risk.

Solution

The script looks like this:

###################################################################
# list_nsx_segments.ps1
#
# LM v. 0.8
#
# This script uses the "ImportExcel" library 
# https://www.powershellgallery.com/packages/ImportExcel/7.8.10
# If not present install: Install-Module ImportExcel
# 
# Input parameters: NSX_MANGER_FQDN
#		    NSX_Username
#		    NSX_Password
#

param(
    [string] $nsx_manager = '<NSX_MANAGER_FQDN>'
)

#Used to handle/skip certificates
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
    public bool CheckValidationResult(
        ServicePoint srvPoint, X509Certificate certificate,
        WebRequest request, int certificateProblem) {
        return true;
    }
}
"@
$AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
[System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy

[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}

function createSession {
    $script:session = New-Object Microsoft.PowerShell.Commands.WebRequestSession
    $script:headers = @{}
    $script:nsx_uri = "https://" + $nsx_manager
    #$uri = $nsx_uri + "/api/session/create"
    $private:body = "j_username=$($nsx_user)&j_password=$($nsx_pass)"
    
    try {
        $response = invoke-webrequest -contentType "application/x-www-form-urlencoded" -WebSession $session -uri $($nsx_uri + "/api/session/create") -Method 'POST' -Body $body -usebasicparsing -Erroraction Stop
        $xsrftoken = $response.headers["X-XSRF-TOKEN"]
 
        #$response
        $script:loginSuccess = $true
        $script:headers.Add("X-XSRF-TOKEN", $xsrftoken)
        $script:headers.Add("Accept", "application/json")
        $script:headers.Add('Content-Type','"application/x-www-form-urlencoded')
    }
    catch {
        Write-Host "Failed" -ForegroundColor Red
        Write-Host "$($_.Exception)" -ForegroundColor Red
        write-host "Error Details:" $_.ErrorDetails.Message -ForegroundColor Magenta
        $script:loginSuccess = $false
    }
}

#If you want insert Credential on fly uncomment the three lines below here and comment the hardcoded credentials 
#$MyCredential = Get-Credential -Message "Insert $nsx_manager "
#$nsx_user = $MyCredential.UserName
#$nsx_pass = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($MyCredential.Password))

#Harcoded credentials; uncomment if you don't want to insert them with Get-Credential function
$nsx_user = 'admin'
$nsx_pass = 'VMware1!VMware1!'


#Create the cookie session 
createSession


$response_t0s = $null
$response_t1s = $null
$response_seg = $null
$response_tz = $null

#Query the Tier-0s
$response_t0s = Invoke-webrequest -WebSession $session -uri $($nsx_uri + "/policy/api/v1/infra/tier-0s") -Method 'GET' -Headers $headers -usebasicparsing -Erroraction Stop
if ($response_t0s.statuscode -eq '200') {
    #echo $response_t0s.Content #print Json format
    $keyValue_t0s= ConvertFrom-Json $response_t0s.Content | Select-Object -expand "results"
    $sheet_t0s = $keyValue_t0s | select @{Name='T0 Name';Expression={$_.display_name}}, 
                                        @{Name='ID';Expression={$_.id}}
} else {
    Write-Host
    Write-Host
    write-Host -ForegroundColor red " !!! Somenthing went wrong !!! "
    exit 9
}
#RAW data check
#$sheet_t0s | Sort-Object -Property "T0 Name" | Out-Gridview

#Query the Tier-1s
$response_t1s = Invoke-webrequest -WebSession $session -uri $($nsx_uri + "/policy/api/v1/infra/tier-1s") -Method 'GET' -Headers $headers -usebasicparsing -Erroraction Stop
if ($response_t1s.statuscode -eq '200') {
    #echo $response_t1s.Content #print Json format
    $keyValue_t1s= ConvertFrom-Json $response_t1s.Content | Select-Object -expand "results"
    $sheet_t1s = $keyValue_t1s | select @{Name='T1 Name';Expression={$_.display_name}}, 
                                        @{Name='ID';Expression={$_.id}}

}
#RAW data check
#$sheet_t1s | Sort-Object -Property "T1 Name" | Out-Gridview

#Query the Segments
$response_seg = Invoke-webrequest -WebSession $session -uri $($nsx_uri + "/policy/api/v1/infra/segments") -Method 'GET' -Headers $headers -usebasicparsing -Erroraction Stop
if ($response_seg.statuscode -eq '200') {
    # echo $response_seg.Content #print Json format
    $keyValue_seg= ConvertFrom-Json $response_seg.Content | Select-Object -expand "results"
    $sheet_seg = $keyValue_seg | select @{Name='Segment';Expression={$_.display_name}}, 
                                        @{Name='Connected-GW';Expression={$_.connectivity_path}},
                                        @{Name='Transport Zone';Expression={$_.transport_zone_path}},
                                        @{Name='Gateway'; Expression={$_.subnets.gateway_address}}, 
                                        @{Name='Type'; Expression={$_.type}}, 
                                        @{Name='Ports_Interfaces';Expression={0}},
                                        @{Name='Admin State'; Expression={$_.admin_state}},
                                        @{Name='Seg_ID'; Expression={$_.id}}
                                  
}
# RAW data check
#$sheet_seg | Sort-Object -Property Segment | Out-Gridview

#Query the Transport zones
$response_tz = Invoke-webrequest -WebSession $session -uri $($nsx_uri + "/api/v1/transport-zones") -Method 'GET' -Headers $headers -usebasicparsing -Erroraction Stop
if ($response_tz.statuscode -eq '200') {
    #echo $response_tz.Content
    $keyValue_tz= ConvertFrom-Json $response_tz.Content | Select-Object -expand "results"
    $sheet_tz = $keyValue_tz | select @{Name='TZ Name';Expression={$_.display_name}}, 
                                       @{Name='Type';Expression={$_.transport_type}},
                                       @{Name='ID';Expression={$_.id}}
                                        
}
#RAW data
#$sheet_tz |  Sort-Object -Property "TZ Name" | Out-Gridview

###########
#Replace RAW data with the right Name into Segments.
foreach($seg in $sheet_seg) {
    # Replace Tier-0s with Name (instead of raw data)
    if ($seg."Connected-GW" -ne $null) {
        $t0= $keyValue_t0s | Where-Object { $_.path -eq $($seg."Connected-GW") } | select display_name
        if ( $t0.display_name -ne $null) {
            $seg."Connected-GW" = $t0.display_name
        } 
    }  
    # Replace Tier-1s with Name (instead of raw data)
    if ($seg."Connected-GW" -ne $null) {
        $t1= $keyValue_t1s | Where-Object { $_.path -eq $($seg."Connected-GW") } | select display_name
        if ( $t1.display_name -ne $null) {
            $seg."Connected-GW" = $t1.display_name
        } 
    }  
    # Replace Transport Zone with Name (instead of raw data)
    if ($seg."Transport Zone" -ne $null) {
        $tz_id = $seg."Transport Zone".split("/")[7]
        $tz= $keyValue_tz | Where-Object { $_.id -eq $($tz_id) } | select display_name
        $seg."Transport Zone" = $tz.display_name
    }
    #Start-Sleep -Milliseconds 40
    #write-host $seg.Seg_ID
    $response_ports = Invoke-webrequest -WebSession $session -uri $($nsx_uri + "/policy/api/v1/infra/segments/$($seg.Seg_ID)/ports") -Method 'GET' -Headers $headers -usebasicparsing -Erroraction Stop
    if ($response_ports.statuscode -eq '200') {
        #echo $response_ports.Content       
        $seg."Ports_Interfaces" = (ConvertFrom-Json $response_ports.Content |  select "result_count").result_count                   
    }
}

#$sheet_seg | Sort-Object -Property Segment | Out-GridView
$sheet_seg | Sort-Object -Property Segment | Export-Excel

write-host 
Write-Host -foreground Green "Script correctly executed on NSX:"$nsx_manager

    

... and the result looks like the follow:

I hope it will be useful.

That's it.

My experience with the VCP - VMware Cloud Foundation 5.2 Administrator (2V0-11.24) Exam

How to Prepare for the VMware Cloud Foundation Administrator 2024 Exam

The VMware Cloud Foundation Administrator (VCP-VCF) exam is a critical step for IT professionals who want to certify their skills in managing modern cloud infrastructures. This certification not only validates technical knowledge but also opens doors to higher-level roles in the IT field. Here is a practical guide to help you tackle this challenge effectively.

1. Understanding the Exam Structure

Before you begin your preparation, it’s essential to understand the exam content and the skills required. The exam focuses on the management of VMware Cloud Foundation (VCF), combining key components like vSphere, NSX-T, vSAN, and SDDC Manager.
You can expect both theoretical and practical questions, with scenarios designed to test your daily operational skills and troubleshooting abilities. Core topics include the VCF lifecycle, component upgrades, and infrastructure orchestration. One recurring theme across these accounts is the emphasis on understanding the exam blueprint. The 2V0-11.24 exam, based on VCF 5.2, tests your ability to work with VCF's key components: NSX-T, vSAN, vSphere, and SDDC Manager; but as well as on Aria Suite and Tanzu.

2. Building a Solid Study Plan

Strategic preparation is crucial. Here are some key steps to follow:

• Hands-On Lab Practice: Nothing beats real-world experience. Setting up a home lab or accessing a test environment is the best way to understand key operations such as workload domain creation, resource allocation, and common troubleshooting.
• Official Study Materials: Dive into VMware documentation and take official training courses. These resources provide the foundational theory you need for the exam.
  VMware Cloud Foundation: Deploy, Manage, Configure course is highly recommended.
• Mock Exams and Practice Tests: Test yourself with quizzes and simulated exams to gauge your preparedness. This helps you become familiar with the exam format and improve time management.

3. Focus on Technical Aspects

Some topics deserve special attention during your preparation:

• VCF Architecture: Understand how the key components (vSphere, vSAN, NSX-T) integrate within the framework.
• Lifecycle Management: Be capable of performing updates, patches, and troubleshooting using SDDC Manager.
• Security and Networking: Configure NSX-T for secure traffic across domains.
• Troubleshooting Skills: Tackle scenarios that require rapid diagnosis and corrective action.

4. Final Tips

Taking the VMware Cloud Foundation Administrator exam is a challenging yet rewarding journey. Here are some last-minute tips for exam day:

• Time Management: Don’t spend too much time on a single question. Answer the easier ones first and return to more complex questions later.
• Stay Calm: A composed approach is crucial for clear thinking and handling unexpected issues.
• Believe in Your Abilities: Deep preparation builds confidence, which is key to a successful exam experience.

A Step Toward the Future

The VCP-VCF certification is not just a technical achievement but an opportunity to distinguish yourself in the job market and contribute to modernizing cloud infrastructures. Prepare diligently and face this challenge with determination: success is within reach.

Good luck!

[NSX] Edge VM Present In NSX Inventory Not Present In vCenter

Issue

Today while I was deleting edge bridges from NSX Manager I got this error message:

Edge VM Present In NSX Inventory Not Present In vCenter

Description The VM edge-bridge-cluster1-B with moref id vm-1370430 corresponding to the Edge Transport node a060574d-4e93-4b7e-83b4-7eb8464a645d vSphere placement parameters is found in NSX inventory but is not present in vCenter. Please check if the VM has been removed in vCenter or is present with a different VM moref id.

Recommended Action The managed object reference moref id of a VM has the form vm-number, which is visible in the URL on selecting the Edge VM in vCenter UI. Example vm-12011 in https:///ui/app/vm;nav=h/urn:vmomi:VirtualMachine:vm-12011:164ff798-c4f1-495b-a0be-adfba337e5d2/summary Please find the VM edge-bridge-cluster1-B with moref id vm-1370430 in vCenter for this Edge Transport Node a060574d-4e93-4b7e-83b4-7eb8464a645d. If the Edge VM is present in vCenter with a different moref id, please follow the below action. Use NSX add or update placement API with JSON request payload properties vm_id and vm_deployment_config to update the new vm moref id and vSphere deployment parameters. POST https:///api/v1/transport-nodes/?action=addOrUpdatePlacementReferences. If the Edge VM with name edge-bridge-cluster1-B is not present in vCenter, use the NSX Redeploy API to deploy a new VM for the Edge node. POST https:///api/v1/transport-nodes/?action=redeploy.

Solution

Googling around I found various solutions, but no one was fitting exactly my situation.

For example I found these:
VMware NSX Edge VMs not present in both NSX and vCenter
Edge VM present in NSX inventory not present in vCenter alarm

As shown into the first link I tried without success the command described in Scenario 3:

So, I also tried to check if the Transport Nodes was still present into NSX, whit commands below:

No trace of them. It seems like, the deletion process has not finished. I waited 30 minutes, but the problem was still there.

I solved restarting one by one the NSX Manager appliances.
I started rebotting the first appliance, waited for the cluster to return to a "stable" state, and continued with the next appliance, until I had restarted them all. At the last reboot the error message changed from "Open" to "Resolved" and was no longer present

That's it.

[NSX] - API Authentication Using a Session Cookie on PowerShell

Issue

Recently I had to create a PowerShell script that grab some information from NSX via Rest API calls. To do so, I had to create a few lines of code to authenticate on the NSX.
To reduce the number of times that I have to enter username and password and/or they transit over the network, I used NSX session-based authentication method to generate a JSESSIONID cookie when using the API as described here.
The method describe how to create a new session cookie and how to use thex-xsrf-token for subsequent requests for cURL on linux environment. Below here I wrote few lines of code to use the same method in powershell environment.
Let's see below how does it works for powershell ....

Solution

The script must run on an Windows machine, so I decided to make a powershell script. Information regarding api call, can be found at the following link https://developer.vmware.com/apis
I thought was useful share with everyone how to do it, let's see the script:

#
# Create a Session Token 
#
# LM v. 0.2
#
# This script is an example on how to create a session token on NSX and reuse for subsequent requests.
# 


#Script accept in input the FQDN of the NSX Manager to connect on, or leave it blank to use the default "nsx-mgr.vcf.sddc.lab"
param(
    [string] $nsx_manager = 'nsx-mgr.vcf.sddc.lab'
)

#Used to manage/skip certificates
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
    public bool CheckValidationResult(
        ServicePoint srvPoint, X509Certificate certificate,
        WebRequest request, int certificateProblem) {
        return true;
    }
}
"@
$AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
[System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy


function createSession {
    $script:session = New-Object Microsoft.PowerShell.Commands.WebRequestSession
    $script:headers = @{}
    $script:nsx_uri = "https://" + $nsx_manager
    $uri = $nsx_uri + "/api/session/create"
    $private:body = "j_username=$($nsx_user)&j_password=$($nsx_pass)" 
    try {
        $response = invoke-webrequest -contentType "application/x-www-form-urlencoded" -WebSession $session -uri $uri -Method 'POST' -Body $body -usebasicparsing -Erroraction Stop
        $xsrftoken = $response.headers["X-XSRF-TOKEN"]
 
        #$response
        $script:loginSuccess = $true
        $script:headers.Add("X-XSRF-TOKEN", $xsrftoken)
        $script:headers.Add("Accept", "application/json")
        $script:headers.Add('Content-Type','"application/x-www-form-urlencoded')
    }
    catch {
        Write-Host "Failed" -ForegroundColor Red
        Write-Host "$($_.Exception)" -ForegroundColor Red
        write-host "Error Details:" $_.ErrorDetails.Message -ForegroundColor Magenta
        $script:loginSuccess = $false
    }
}

#If you want insert Credential on fly uncomment the three lines below here and comment the hardcoded credentials 
#$MyCredential = Get-Credential -Message "Insert $nsx_manager "
#$nsx_user = $MyCredential.UserName
#$nsx_pass = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($MyCredential.Password))

#Harcoded credentials; uncomment if you don't want to insert them with Get-Credential function or comment otherwise
$nsx_user = 'admin'
$nsx_pass = 'VMware123!VMware123!'

#Create the cookie session 
createSession


#how looks like subsequent example requests
#List of segments
$response_q1 = Invoke-webrequest -WebSession $session -uri $($nsx_uri + "/policy/api/v1/infra/segments") -Method 'GET' -Headers $headers -usebasicparsing -Erroraction Stop

#List of tier-1s
$response_q2 = invoke-webrequest -WebSession $session -uri $($nsx_uri + "/policy/api/v1/infra/tier-1s") -Method 'GET' -Headers $headers -usebasicparsing -Erroraction Stop

write-host " ----- Segments ----- " -ForegroundColor Green
write-host $response_q1.Content
write-host 
write-host 
write-host " ----- Tier-1s ----- " -ForegroundColor Green
#write-host $response_q2.Content

# END #

That's it.