This time I am going to show you how to use the vSphere Diagnostic Tool, this tool is used to perform diagnostic checks on the VMware vCenter Server Appliance. This tool consists of a python script that executes diagnostic commands to validate the health status of the vCenter service.

Note: As a minimum requirement it is required to have a version of vCenter Server 6.5 or higher

This tool performs the following validations:

  • vCenter Basic Info
  • Lookup Service Check
  • AD Check
  • vCenter Certificate Check
  • Core File Check
  • Disk Check
  • vCenter DNS Check
  • vCenter NTP Check
  • vCenter Port Check
  • Root Account Check
  • vCenter Services Check
  • VCHA Check

Here is the link so you can see the features of this tool.

The first step would be to download the tool from the portal of VMware Fling

Text

After downloading the file it is required to copy it to the vCenter server. In my case I will use the scp command but you can use any tool that supports ssh connections as for example:

  • WinSCP
  • FileZilla
  • Cyberduck
  • CrossFTP

Example of how to copy VDT file:

[rebelinux@rebelpc Downloads]$ scp  ./vdt-v1.1.4.zip root@192.168.5.2:/root

VMware vCenter Server 8.0.0.10100

Type: vCenter Server with an embedded Platform Services Controller

(root@192.168.5.2) Password: 
vdt-v1.1.4.zip                                                                                                                                                                                                   100%  106KB   1.8MB/s   00:00    
[rebelinux@rebelpc Downloads]$ 

Then it is needed to connect through ssh to the vcenter server. To do this use the ssh command or any terminal emulation tool (Putty, etc…).

[rebelinux@rebelpc Downloads]$ ssh -l root (IP/FQDN of vCenter Server)

VMware vCenter Server 8.0.0.10100

Type: vCenter Server with an embedded Platform Services Controller

(root@192.168.5.2) Password: 
Last login: Tue Dec 27 20:30:20 2022 from 192.168.70.2
root@vcenter-01v [ ~ ]# 

Once connected to the vCenter server it is required to unzip the VDT tool file that is loaded with the command SCP.

root@vcenter-01v [ ~ ]# cd /root/
root@vcenter-01v [ ~ ]# ls
`vdt-v1.1.4.zip`
root@vcenter-01v [ ~ ]# unzip vdt-v1.1.4.zip
Archive:  vdt-v1.1.4.zip
3557676756cffd658fd61aab5a6673269104e83c
   creating: vdt-v1.1.4/
  inflating: vdt-v1.1.4/README.md    
   creating: vdt-v1.1.4/cfg/
  inflating: vdt-v1.1.4/cfg/config_log.ini  
 extracting: vdt-v1.1.4/formerly_pulse.txt  
   creating: vdt-v1.1.4/lib/
  inflating: vdt-v1.1.4/lib/__init__.py  
  inflating: vdt-v1.1.4/lib/cisutils.py  
  inflating: vdt-v1.1.4/lib/lstool_parse.py  
  inflating: vdt-v1.1.4/lib/lstool_scan.py  
  inflating: vdt-v1.1.4/lib/pformatting.py  
  inflating: vdt-v1.1.4/lib/utils.py  
   creating: vdt-v1.1.4/scripts/
 extracting: vdt-v1.1.4/scripts/__init__.py  
  inflating: vdt-v1.1.4/scripts/__vc_info_auth.py  
  inflating: vdt-v1.1.4/scripts/_vc_dns.sh  
  inflating: vdt-v1.1.4/scripts/lsreport.py  
  inflating: vdt-v1.1.4/scripts/vc_ad_check.py  
  inflating: vdt-v1.1.4/scripts/vc_auth_cert_check.py  
  inflating: vdt-v1.1.4/scripts/vc_auth_vmdir_check.py  
  inflating: vdt-v1.1.4/scripts/vc_corefile_check.py  
  inflating: vdt-v1.1.4/scripts/vc_db_check.py  
  inflating: vdt-v1.1.4/scripts/vc_disk_space.py  
  inflating: vdt-v1.1.4/scripts/vc_ntp.sh  
  inflating: vdt-v1.1.4/scripts/vc_ports.py  
  inflating: vdt-v1.1.4/scripts/vc_root_check.py  
  inflating: vdt-v1.1.4/scripts/vc_services.py  
  inflating: vdt-v1.1.4/scripts/vc_syslog_check.py  
  inflating: vdt-v1.1.4/scripts/vc_vcha_check_auth.py  
   creating: vdt-v1.1.4/templates/
  inflating: vdt-v1.1.4/templates/python_template.py  
  inflating: vdt-v1.1.4/vdt.py       
root@vcenter-01v [ ~ ]# ls
`vdt-v1.1.4`  vdt-v1.1.4.zip
root@vcenter-01v [ ~ ]#

The next step would be to move to the vdt-vX.X.X folder.

root@vcenter-01v [ ~ ]# cd vdt-v1.1.4
root@vcenter-01v [ ~/vdt-v1.1.4 ]# ls
cfg  formerly_pulse.txt  lib  README.md  scripts  templates  `vdt.py`
root@vcenter-01v [ ~/vdt-v1.1.4 ]# 

The important file in this folder is the one called vdt.py which is the one to be used to run the diagnostics. Once inside the vdt-vx.x.x folder execute the command python vdt.py.

root@vcenter-01v [ ~/vdt-v1.1.4 ]# python vdt.py 
_________________________
   RUNNING PULSE CHECK   

Today: Tuesday, December 27 20:42:42
Version: 1.1.4
Log Level: INFO

Provide password for administrator@vsphere.local: 
________________________
   VCENTER BASIC INFO   


BASIC:
	Current Time: 2022-12-27 20:42:47.424017
	vCenter Uptime: up 5:19
	vCenter Load Average: 0.04, 0.18, 0.22
	Number of CPUs: 2
	Total Memory: 11.7
	vCenter Hostname: vcenter-01v.pharmax.local
	vCenter PNID: vcenter-01v.pharmax.local
	vCenter IP Address: 192.168.5.2
	Proxy Configured: "no"
	NTP Servers: 192.168.5.1
	vCenter Node Type: vCenter with Embedded PSC
	vCenter Version: 8.0.0.10100 - 20920323
DETAILS:
	vCenter SSO Domain: vsphere.local
	vCenter AD Domain: No DOMAIN
	Number of ESXi Hosts: 3
	Number of Virtual Machines: 128
	Number of Clusters: 3
	Disabled Plugins: None

__________________
   VC DNS CHECK   

[FAIL]	Running script: /root/vdt-v1.1.4/scripts/_vc_dns.sh timed out.  Please re-run with --force.
__________________________
   Lookup Service Check   

[FAIL]	Running script: /root/vdt-v1.1.4/scripts/lsreport.py timed out.  Please re-run with --force.
_________________
   VC AD CHECK   


Domain Report:
	No domain(s) detected

Domain Exclusion List:

	 None

DC Exclusion List:

	 None

__________________________
   VC CERTIFICATE CHECK   

[PASS]	ESXi Certificate Management Mode: vmca

Checking MACHINE_SSL_CERT

	[PASS]	Supported Signature Algorithm
	[PASS]	Certificate trust check
	[PASS]	Certificate expiration check
	[PASS]	Certificate SAN check

Checking Other Certificate Stores

    MACHINE
	[PASS]	Supported Signature Algorithm
	[PASS]	Certificate trust check
	[PASS]	Certificate expiration check
	[INFO]	Certificate SAN check
	DETAILS: SAN contains hostname but not IP.

    VSPHERE-WEBCLIENT
	[PASS]	Supported Signature Algorithm
	[PASS]	Certificate trust check
	[PASS]	Certificate expiration check
	[INFO]	Certificate SAN check
	DETAILS: SAN contains hostname but not IP.

    VPXD
	[PASS]	Supported Signature Algorithm
	[PASS]	Certificate trust check
	[PASS]	Certificate expiration check
	[INFO]	Certificate SAN check
	DETAILS: SAN contains hostname but not IP.

    VPXD-EXTENSION
	[PASS]	Supported Signature Algorithm
	[PASS]	Certificate trust check
	[PASS]	Certificate expiration check
	[PASS]	Check extended key usage
	[INFO]	Certificate SAN check
	DETAILS: SAN contains hostname but not IP.
	Checking VC Extension Thumbprints
		[PASS]	com.vmware.vim.eam Thumbprint Check
		[PASS]	com.vmware.rbd Thumbprint Check
		[PASS]	com.vmware.imagebuilder Thumbprint Check

    DATA-ENCIPHERMENT
	[PASS]	Supported Signature Algorithm
	[PASS]	Certificate trust check
	[PASS]	Certificate expiration check
	[INFO]	Certificate SAN check
	DETAILS: SAN contains hostname but not IP.

    SMS
	[PASS]	Supported Signature Algorithm
	[PASS]	Certificate expiration check

    BACKUP_STORE
	NOTE: 	If you do not need your old certs, you can delete this store.
	Command:  /usr/lib/vmware-vmafd/bin/vecs-cli store delete --name BACKUP_STORE


    HVC
	[PASS]	Supported Signature Algorithm
	[PASS]	Certificate trust check
	[PASS]	Certificate expiration check
	[INFO]	Certificate SAN check
	DETAILS: SAN contains hostname but not IP.

    WCP
	[PASS]	Supported Signature Algorithm
	[PASS]	Certificate trust check
	[PASS]	Certificate expiration check

Checking TRUSTED_ROOTS certificates

  Alias: 33081c78da512bdb7716bb537e7b5c9cb33e15ba
	[PASS]	Supported Signature Algorithm
	[PASS]	Certificate is self-signed
	[PASS]	Certificate expiration check
	[PASS]	Certificate is a CA

  Alias: 22e9c5e5d583b37ca1da12c5e71433136a7ea420
	[PASS]	Supported Signature Algorithm
	[PASS]	Certificate is self-signed
	[PASS]	Certificate expiration check
	[PASS]	Certificate is a CA

  Alias: 62a73d6d9de388d14f8faad569b4ff9532158f87
	[PASS]	Supported Signature Algorithm
	[PASS]	Certificate is self-signed
	[PASS]	Certificate expiration check
	[PASS]	Certificate is a CA

  Alias: 88849bc0f586e78423f17765703ee262c33b78a9
	[PASS]	Supported Signature Algorithm
	[PASS]	Certificate is self-signed
	[PASS]	Certificate expiration check
	[PASS]	Certificate is a CA

  Alias: 0d46751c3b70a1aeeff774f501f29722a31c25d3
	[PASS]	Supported Signature Algorithm
	[PASS]	Certificate is self-signed
	[PASS]	Certificate expiration check
	[PASS]	Certificate is a CA

  Alias: 0f6d4d3b8c71290e76b6b6c0661275f6f37b9ce0
	[PASS]	Supported Signature Algorithm
	[PASS]	Certificate is self-signed
	[PASS]	Certificate expiration check
	[PASS]	Certificate is a CA

  Alias: 3f9f239ead6b20745042fbbd8b93b9045c5071f0
	[PASS]	Supported Signature Algorithm
	[PASS]	Certificate is self-signed
	[PASS]	Certificate expiration check
	[PASS]	Certificate is a CA

  Alias: 0c9d572dd410ecb72bec5587854f3914cf8be65c
	[PASS]	Supported Signature Algorithm
	[PASS]	Certificate is self-signed
	[PASS]	Certificate expiration check
	[PASS]	Certificate is a CA

Checking local LDAP cert

    VMDIR CERT
	[PASS]	Certificate expiration check

Checking STS Certs

	[PASS]	Certificate expiration check

_________________
   VMdir Check   

[INFO]	VMdir database size: 70.39MB

[INFO]	VMdir Status Check (No partners)

[PASS]	VMdir State Check

[PASS]	VMdir Arguments Check


_____________________
   CORE FILE CHECK   


INFO:   

These core files are older than 72 hours.  consider deleting them
at your discretion to reduce the size of log bundles.


  FILES:
    	/storage/core/core.python.116972 Size: 275.04MB Last Modified: 2022-12-17T16:45:21
    	/storage/core/core.vpxd-worker.65394 Size: 653.33MB Last Modified: 2022-11-01T09:57:50
    	/storage/core/core.vpxd-worker.4747 Size: 723.52MB Last Modified: 2022-11-01T09:57:22

[INFO]	Number of core files: 3

[PASS]	Number of hprof files: 0

______________________________
   vCenter PostgresDB Check   

Top 10 Largest Tables:

      tablename     |  size   
  ------------------+---------
   vpx_proc_log     | 45 MB
   vpx_event_arg_6  | 30 MB
   vpx_event_arg_9  | 30 MB
   vpx_event_arg_5  | 27 MB
   pk_vpx_proc_log  | 11 MB
   vpx_event_arg_7  | 5912 kB
   vpx_event_arg_26 | 5488 kB
   vpx_event_arg_14 | 4904 kB
   vpx_event_arg_10 | 4760 kB
   vpx_hist_stat3_6 | 4576 kB
  
Total Postgres Size:
	208M	/storage/db/vpostgres/
	679M	/storage/seat/vpostgres/
	858M	Interpreted by vPostgres

________________
   DISK CHECK   

[PASS]	DISK CAPACITY

[PASS]	INODE USAGE

RESULT: [PASS]
Please see KB: https://kb.vmware.com/s/article/1003564

__________________
   VC NTP CHECK   


[PASS] NTP service is running

NTP Server Check

[PASS] 192.168.5.1

NTP Status Check

+-----------------------------------LEGEND-----------------------------------+
| remote: NTP peer server                                                    |
| refid: server that this peer gets its time from                            |
| when: number of seconds passed since last response                         |
| poll: poll interval in seconds                                             |
| delay: round-trip delay to the peer in milliseconds                        |
| offset: time difference between the server and client in milliseconds      |
+-----------------------------------PREFIX-----------------------------------+
| * Synchronized to this peer                                                |
| # Almost synchronized to this peer                                         |
| + Peer selected for possible synchronization                               |
| – Peer is a candidate for selection                                        |
| ~ Peer is statically configured                                            |
+----------------------------------------------------------------------------+
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*192.168.5.1     198.137.202.32   3 u  373 1024  377    0.232  -64.346  16.835

RESULT: [PASS]

________________________
   vCenter Port Check   

Checking ports: 443, 389, 2012, 2020
For port information, please see KB: https://kb.vmware.com/s/article/52963

	[PASS]	Port check for host vcenter-01v.pharmax.local

________________________
   Root Account Check   

[PASS]	Root password never expires

_______________________
   VC SERVICES CHECK   

Printing only services that are stopped and should be started.
KB: https://kb.vmware.com/s/article/2109887


RESULT: [PASS]

__________________
   Syslog Check   

Remote Syslog config: None configured

[PASS]	Local Syslog Functional Check

________________
   VCHA CHECK   

[INFO]	VCHA is not enabled.

Report written to /var/log/vmware/vdt/vdt-report-2022-12-27-204242
Please send feedback / feature requests to project_pulse@vmware.com

Review the results in the window. The meaning, results and instructions for each test are self-explanatory.

Hasta Luego Amigos!