VMware has released a detailed network port diagram for vSphere 6. This diagram show the communication between the vSphere 6 products and which ports are used for communication.
VMware has released a KB article with the correct sequence the update your vSphere 6 environment. The article shows the supported update sequence for vSphere and other compatible/supported VMware solutions such as NSX, SRM, etc.
The article also provides a overview of the compatible VMware solution with vSphere 6. The overview has links to the release notes and upgrade procedures for all these solutions.
This week I was testing jumbo frames in our lab environment and had some issues with the vmkping command and not default TCP/IP stack. In our lab environment we use separate TCP/IP stacks for the vMotion and Provisioning VMKernel interfaces. With the vmkping command it’s possible to pass this TCP/IP stack as an argument.
However, when using the vmkping command I ran into a problem. The command would not work, the error message was: “vmkernel stack not configured.”
I’ve double checked the TCP/IP stack name in the vSphere Web Client and it was correct.
To be sure I also checked the VMkernel configuration on the ESXi host itself with the esxcfg-vmknic command and that is when I discovered the problem. The Web Client shows the TCP/IP stack with capital letters while the actual name on the ESXi host is small letters only!
I changed the vmkping command to use the name as shown on the host and this time it worked!
Conclusion: when using the vkmping command with a not default TCP/IP stack use the name as shown with the esxcfg-vmknic command and not as shown in the vSphere Web Client.
If you are replacing your ESXi certificates with CA certificates, the best method is to make your VCSA a subordinate CA and allow it to sign certificates for the ESXi host. VMware has released a KB article on how to make your VCSA a subordinate CA.
When configured the VCSA as a subordinate CA you have to wait 24 hours before updating the ESXi host certificates. If you try to update the certificate sooner you receive an error.
This is a safety mechanism to avoid time synchronization issues as stated in this KB article. You will also not be able to add new ESXi hosts to your inventory!