VMware vSAN 8 OSA Witness Deployment – IP / Login Issues
Not only the vSphere 8 update is currently pending for many, but also the vSAN must be updated accordingly. Especially with regard to vSAN Streched or ROBO clusters with a Witness Appliance.
The vSAN 8 itself comes with the vSphere 8 update, furthermore the disk format version as well as vDS version have to be upgraded. As far as the vSAN Witness Appliance is concerned, there are several ways to upgrade it, either with the Lifecycle Manager (formerly with Baselines) or the generally recommended way: New Deployment.
After uploading the vSAN Witness .ova locally, for those who know process, we will go through the classic steps:
The VM gets a name (in my case irgNET-wit01) and placed in the correct folder.
Then choose a compute resource outside the vSAN cluster.
In the next step we get the detail window with various information like Version or Size on Disk:
Next, we pick the right size of our vSAN Witness Appliance, which assigns it appropriate CPU and memory resources. Tiny is too small for my vSAN Cluster, but Medium fits perfectly.
In the next step we select the appropriate datastore and in my case it was extremely important to select as virtual disk format: Thick Provision eager zero, more about this below in the screenshots.
As the second last step, we select the Management and Secondary Network, the secondary network should be the one where your vSAN Streched or vSAN ROBO clusters can also communicate. For this I have created an own portgroup, which is called vSAN_Witness_10GbE. You also need to “enable” the Witness traffic on the vSAN hosts, but that is another topic.
And last but not least, we provide all relevant information for the vSAN Witness appliance, such as IP addresses, DNS servers, FQDN, NTP and Gateway.
On the Ready to Complete overview, go through your entered data, click Finish and wait for the deployment.
As soon as you open your Witness Appliance via Web / Remote Console, you will notice that the UI only displays the hostname and IPv6 addresses.
At the first deployment with the virtual disk format: Thin Provision, I logged in with F2 and applied the IPv4 address and disabled IPv6; DNS, custom prefix, etc. were set correctly. As soon as we disable IPv6 the ESXi/Witness node needs a reboot. After the reboot I could not get into the system with the stored credentials using F2, nor could I add Witness to my vCenter as a host because supposedly the credentials were incorrect.
I repeated the Witness deployment 4x with different IPs, DNS names, other settings and was always lcoked from the Witness Appliance, finally I came to the conclusion, that it must be the virtual disk format. As soon as I set the virtual disk format to Thick Provision Eager Zeroed during the configuration process, I still had the challenge to manually enter the IPv4 address after deployment.
However, after the reboot, I was able to log into the UI as usual by pressing F2 and add the Witness appliance to my vCenter and then mount it to my vSAN cluster. It seems that there is a bug in the vSAN Witness 8 Build 20513079. In VMware vSphere/vSAN 7 I am not aware of such events, but the virtual disk format was the solution for me.
Finally, we replace the old vSAN 7 Witness appliance against the new vSAN Witness 8 appliance under the vSAN Cluster -> Configure -> Fault Domains.
Now the question to you guys, did you experienced the same or different kind of issues while deploying the new VMware vSAN 8 with/without the Witness Appliance?