#1.

 An administrator wants to connect the ESXi host directly from the vSphere
Web Client. Which ports are required for this purpose?

Typically vSphere Web Client is used to connect vCenter Server, and VClient is used to
connect ESXi hosts. But vSphere Web Client can also be used to connect vCenter Server,
but for this purpose, you will need 443 TCP, 902 TCP and UDP, and 903 TCP ports to be
opened from Security Profile.

#2. The clock time of an ESXi 6.x host is not correct. What should an administrator
do to correct this issue?

To correct the time on the ESXi host, modify the time for the host using the vSphere
client and correct the NTP settings in the /etc/ntp.conf file.

#3. An administrator wants to shut down the host using the ESXi host. Which
option would be used in the Direct Console User Interface to perform this task?

To shut down the host for Direct Console User Interface (DCUI), an administrator will
press F12 Key.

#4. An administrator can access the ESXi host via vCenter Server using vSphere
Web Client but cannot directly via VClient. What should he do to access ESXi host
directly?

If the ESXi host connected to vSphere Web Client is being accessed and can’t be
accessed directly, we should check that Lockdown is not enabled. If it is enabled, we
should be disabled. Because if Lockdown is enabled, ESXi hosts can only be accessed via
vCenter Server; you cannot directly access any host.

#5. An administrator wants to use the VMware Certificate Authority (VMCA) as an

Intermediate Certificate Authority (CA). He already replaces the Root Certificate
and Machine Certificates (Intermediate CA). What should he do next?

After replacing the root certificate and machine certificate (intermediate CA), the
following two steps are needed to perform.

 Replace Solution User Certificates (Intermediate CA)

 Replace the VMware Directory Service certificate.
#6. If Strict Lockdown Mode is enabled on an ESXi host, which action should an
administrator perform to allow ESXi Shell or SSH access for users with
administrator privileges?

The administrator will add the users to Exception Users and enable the service to allow
ESXi Shell or SSH access.

#7. SSO is an essential component of the vCenter Server. Which SSO component

issues Security Assertion Markup Language tokens?

VMware Security Token Service component of SSO grants SAML tokens.

#8. What is a valid Identity Source used to configure vCenter Single Sign-On?

OpenLDAP is a valid Identity Source for configuring vCenter SSO.

#9. What happens to the files contained on shared storage When a Content Library
is deleted?

When Content Library is deleted, all stored files in the content library will be deleted.

#10. What is the maximum number of vCPUs required for a VM in vSphere 6.0?

Maximum 128 vCPUs can be allocated to a VM vSphere 6.0.

#11. A windows domain user can be logged in to vSphere using vSphere Web
Client. What are the requirements to be met for this feature to be available and
functional?

An administrator can allow users to log in to vSphere Web Client using Windows session
authentication. For this purpose, Install the vSphere Web Client Integration browser
plug-in on each computer from where a user will sign in. The users must be signed in to
Windows using Active Directory user accounts. And, an administrator must create a valid
Identity Source in Single Sign-On for the users’ domain.

#12. An administrator wants to clone a virtual machine using the vSphere Client.
Which explains why the Clone option is missing?

To clone a VM can be performed from vCenter Server either you connected via vSphere
Web Client or VClient. If you are directly connected to an ESXi host, you cannot perform
cloning of a VM.
#13. What will happen if the .nvram file is deleted accidentally from a VM?

.nvram file is used to store the BIOS state of a VM. If it is deleted for some reason,
then, .nvram file will be created again when the virtual machine is powered on.

#14. An administrator wants to connect the vSphere 5.5 Client to ESXi 6.x host.
What will occur?

If the administrator tries to connect the vSphere 5.5 Client to ESXi 6.x host, the operation
will prompt the administrator to run a script to upgrade the vSphere Client.

#15. Which one of the secondary Private VLANs (PVLANs) types can send packets
to Isolated PVLAN?

A promiscuous type of PVLAN can communicate and send packets to an Isolated

PVLAN.

#16. What sample roles are provided by default when vCenter is installed?

When vCenter is installed, Virtual machine user and Network Administrator roles are
provided.

#17. What will happen when all paths down (APD) event occurs for the software
FCoE storage?

If all paths down events occur, Spanning Tree Protocol is enabled on the network ports.

#18. What methods are available for upgrade a host from ESXi 5.x to ESXi 6.x?

vSphere Update Manager (VUM), esxcli command-line tool, and vSphere Auto Deploy

can be used to upgrade.

#19. What administrator should do before upgrading virtual machine hardware?

Before upgrading a VM hardware, we should create a backup or snapshot of the VM,

upgrade VMware Tools to the latest version, and verify that the VM is stored VMFS or
NFS datastore.

#20. vCenter Server up-gradation fails at the vCenter Single Sign-On installation.

What should you do to complete the upgrade process?
Before upgrading the vCenter Server, please verify that the VMware Directory service
can stop by manually restarting it. If it stopped manually, then you can start the up-
gradation process of the vCenter Server.

#21. What prerequisites should be considered before upgrading the vCenter

Server Appliance?

In case of up-gradation of vCenter Server Appliance (vCSA) or after fresh installation,

Client Integration Plugin (CIP) will be installed in both cases.

#22. After deploying a PSC, vCenter Server is not being installed and shows the
following error:

Could not contact Lookup Service. Please check VM_ssoreg.log.

If this error appears, verify that the clocks on the host machines running the PSC,
vCenter Server, and the vSphere Web Client are synchronized. And also, ensure that
there is no firewall blocking port 7444 between the PSC and vCenter Server.

#23. An administrator installed Windows Server 2008 and wants to install vCenter
Server on it but failed when installing on a Windows virtual machine?

vCenter Server installation requires 64bit Windows OS to install. If you try to install it on
Windows Server 2008, it will not be installed, and installation will be failed. vCenter
Server will be installed in Windows Server 2008 R2 or higher Windows OS.

#24. What is the minimum Virtual Hardware version required for vFlash Read
Cache?

vFlash Read Cache was first in vSphere 5.5, and the minimum Virtual Hardware version
for vSphere 5.5 is version 10.

#25. ESXi host is added in vCenter Server but not responding in vSphere Web
Client. If this issue occurs due to a firewall, which port should be opened?

If the administrator sees no response of added ESXi 6.x host in vCenter Server, the issue
is caused by network firewall blocking traffic. Then he should check that port 902 (UDP)
is not blocked by a firewall. If it happens, enable the port from Security Profile by using
vSphere Web Client by selecting said ESXi host in vCenter Server.

#26. Suppose a VM is unexpectedly powered off. Which VM logs files should be

considered to troubleshoot the issue?
If it happens, an administrator should check vmware.log and hostd.log log files to
troubleshoot the issue.

#27. Why a VM appeared as an orphaned VM?

If a VM appears in an orphaned state, this could cause a VMware High Availability host
failure has occurred. And the virtual machine was unregistered directly on the ESXi host.

#28. While upgrading an ESXi 5.5 host to ESXi 6.x, the following error appears:
MEMORY_SIZE

What does this require to do?

It indicates insufficient memory on the ESXi host to complete the upgrade process of an
ESXi host from ESXi 5.5 to ESXi 6.x.

#29. To remove a host from a vSphere Distributed Switch (vDS), the following
error message is observed:

The resource ’10’ is in use

Before removing vDS, it is ensured that VMkernel network adapters on the vDS are not
in use. If any of the resources of vDS is being used, then above mentioned error
message with resource ID will appear.

#30. An administrator wants to monitor network traffic and capture network

traffic for a VM but cannot see the expected traffic in the packet capture tool.
What should he do to resolve the problem?

If an administrator needs to capture network traffic for a VM, he should Enable

Promiscuous Mode on the relevant port group. Then you can capture the network
traffic by using any networking traffic capturing tool.

#31. A vSAN Cluster is created with six nodes along with the fault domain, and
three of them moved into the fault domain. A one-member node of the fault
domain fails. What will happen with the remaining two nodes exist in the fault
domain?

When a member node of the fault domain fails, the remaining two fault domain
members will be treated as failed.

#32. At which level is a vSAN Fault Domain configured?

A fault domain is configured at the vSAN Cluster level, and nodes will be added to this
domain. If any member node fails due to any reason, the remaining members of the
fault domain will also be considered as fail.

#33. It is observed that a VM storage activity on an ESXi 6.x host is negatively

affecting a VM storage activity on another host that is accessing the same VMFS
Datastore. Which action would mitigate the issue?

To control the storage activity of a VM from affecting another VM’s storage activity,
Storage IO Control (SIOC) should be enabled. Storage I/O Control provides much-
needed control of storage I/O and should be used to ensure that the performance of
your critical VMs is not affected by VMs from other hosts when there is contention for
I/O resources.

#34. While upgrading an ESXi host from 5.5to 6.0, the administrator runs the
following command:

esxcli software vib list --rebooting-image

What will be shown by this command?

This command will show all active VIBs (vSphere Installation Bundle). VIB is a collection
of files like tarball or zip packaged into a single archive to facilitate distribution.

#35. To troubleshoot a CPU performance issues of a VM, which counters will be

used to demonstrate CPU contention?

To test the performance of an ESXi host in the form of memory, CPU, and network
utilization, the ESXTOP tool is used. It is an excellent tool available for VMware
administrators to troubleshoot performance issues. For configuring ESXTOP, you’ll need
vSphere Client, and putty and SSH sessions should be enabled. For CPU performance
testing, %RDY, %MLMTD, and %CSTP counters are used.

#36. An administrator tries to run esxtop by enabling SSH and using putty to
troubleshoot CPU performance issues, but no output is displayed. How to resolve
this issue?

To display output in ESXTOP, press f and place an asterisk next to each field that should
be displayed.
#37. An administrator wants to monitor VMs on a host using vCenter Server and
send notifications when memory usage crosses 80%. What should an administrator
do in the vCenter Server to accomplish this?

To monitor VM’s memory usage that reaches 80%, a vCenter Server alarm will be
created to monitor VM’s memory usage and set an action to email the notification.

#38. An administrator created a DRS cluster, and it became unbalanced. What are
likely causes to become unbalanced?

DRS cluster can become unbalanced when Affinity rules are preventing VMs from being
moved. And a device is mounted to a VM prevents vMotion from one host to another.

#39. An IT administrator configured two vCenter Servers within a PSC and needs
to grant a user privilege that can access all environments. What is the access level
required to access all the environments?

To access multiple vCenter Servers within a PSC, requires Global Permission to access all
environments.

#40. An administrator created 10 ESXi 6.x hosts via Auto Deploy for a new
Test/Dev cluster, and all hosts are configured to obtain their IP address via DHCP.
Which DCUI option should the administrator use to renew the DHCP lease for the
hosts?

The “Reset Management Network” of the Direct Console User Interface (DCUI) option is
used to renew the DHCP lease for the hosts.

What is the use of Service Console port ?

Service console port group required to manage the ESX server and it acts as the
management network for the ESX. vCenter/vSphere Client uses the service
console IP’s to communicate with the ESX server. This is one of the frequently
asked VMware interview questions.

What is the use of VMKernel Port ?

Vmkernel port is used by ESX/ESXi for vmotion, ISCSI & NFS communications.

ESXi uses Vmkernel as the management network  since it don’t
have service console built with it.
How Virtual Machine communicates to another servers in Network ?

All the Virtual Machines which are configured in VM Port Group are able to
connect to the other machines on the network. So this port group enables
communication between vSwitch and Physical Switch by the use of uplink
(Physical NIC) associated with the port group.

What is Promiscuous Mode ?

If the promiscuous mode set to Accept, all the communication is visible to all the
virtual machines, in other words all the packets are sent to all the ports on
vSwitch. It can be useful when you are running virtual machines with network
sniffers to capture packet in that network.

What are the Traffic Shaping policies available in the vSwitch?

Understanding the usecases of Traffic shaping policies are very important part
of VMware interview questions. Traffic shaping policies are disabled by
default. There are 3 different traffic shaping policy setting

Average Bandwidth
Peak Bandwidth
Burst Size

Average Bandwidth is defined in KBPS

Peak bandwidth is defined in KBPS
Burst Size is defined in Kilobytes

Route based on the originating virtual switch port ID – Chooses an uplink
based on the virtual port where the traffic entered the virtual switch.  The traffic
will be always send with that same uplink until that particular uplink is failed and
failed over to another NIC.

Route based on source MAC hash – Choose an uplink based on a hash of the
source Ethernet MAC address.The traffic will be always send with that same
uplink until that particular uplink is failed and failed over to another NIC.

Route based on IP hash – Choose an uplink based on a hash of the source and
destination IP addresses of each packet.
What is the command to  check the IP address along with the detailed
network cards assigned to the esx server?

Ifconfig -a

what is the command to check the ESX vswitch details, port group and its
ip address?

Esxcfg-vswitch -l

What is command to get the information about Service console ports and
its IP address assigned to it?

esxcfg-vswif -l

what is the command to get the information about vmkernel ports and its
ip address?
esxcfg-vmknic -l

what is the command to get the information about physical nics installed
on ESX server?
esxcfg-vmknic -l

What is command to add the new virtual switch named (vswitch3) to our
ESX server?

[root@ESXTEST1 sbin]# esxcfg-vswitch -a vswitch3

What is command to add the new port group  named (mgmt)to vswitch
(vswitch 3) ?

[root@ESXTEST1 sbin]# esxcfg-vswitch -A mgmt vswitch3

How to add the service console port (vswif2) to our newly created port
group “mgmt” with the ip addr 192.168.0.79 ?

[root@ESXTEST1 sbin]# esxcfg-vswif -a vswif2 -i 192.168.0.79 -n 255.255.255.0 -p

“mgmt”

where i is the ip address, n is subnet mask p is to mentione the port group

name
 How to add the vmkernal port (vmk2)  to our newly created port group
“mgmt” with the ip addr 192.168.0.83?

[root@ESXTEST1 sbin]# esxcfg-vmknic -a  -i 192.168.0.83 -n 255.255.255.0 -p

“mgmt”

How to change the ip addresss of the existing service console “vswif2”?

nano /etc/sysconfig/network-scripts/ifcfg-vswif2.

Edit the file with your new id address ” 192.168.0.255″ then save and exit.

How to change  the  ESX host name and default gateway?

edit the below file:

nano  /etc/sysconfig/network

 How to edit the  ESX host file ?

nano /etc/hosts

How to edit the DNS entry of your ESX server?

nano /etc/resolv.conf

 what is the command to query the firewall ports ?

esxcfg-firewall – q

VMware ESXi host that is in a "Not Responding" state

ESXi

Not Responding

A host can become greyed out and shown as Not Responding because of an external factor that vCenter Server
is unaware of. If a host is showing as Not Responding, vCenter Server no longer receives heartbeats from it.
This happens because of several reasons, all of which prevent heartbeats being received from the host to
vCenter.
Some common reasons include:

 A network connectivity issue between the host and vCenter Server, such as UDP port 902 not
open, a routing issue, bad cable, firewall rule, etc.
 hostd is not running successfully on the host.
 vpxa is not running successfully on the host.
 The host has failed.

A host can go from Not Responding back to a normal state if the underlying issue which brought the host to
the Not Responding state is resolved. However, a host that is in the Disconnected state ceases to be monitored
by vCenter Server and stays in that state regardless of the status of the underlying issue. After resolving the
issue, the user must right-click on the host and select Connect to bring the host back to a normal state in
vCenter Server.

1. Verify that the ESXi host is accessible from vCenter server or vSphere Client.For more
information, see ESX/ESXi hosts do not respond and is grayed out (1019082) 
2. Verify that the ESXi host can be reconnected, or if reconnecting the ESXi host resolves the issue.
For more information, see Changing an ESXi or ESX host's connection status in vCenter Server
(1003480).
3. Verify that the ESXi host is able to respond back to vCenter Server at the correct IP address. If
vCenter Server does not receive heartbeats from the ESXi host, it goes into a not responding state.
To verify if the correct managed IP Address is set, see Verifying the vCenter Server Managed IP
Address (1008030) and  See also, ESXi host disconnects from vCenter Server after adding or
connecting it to the inventory (2040630) and ESXi host keeps disconnecting and reconnecting
when heartbeats are not received by vCenter Server (1005757).
4. Verify that network connectivity exists from vCenter Server to the ESXi host with the IP and
FQDN. For more information, see Testing network connectivity with the ping command
(1003486).
5. Verify that you can connect from vCenter Server to the ESXi host on TCP/UDP port 902. For
more information, see Testing port connectivity with Telnet (1003487).
6. Verify if restarting the ESXi Management Agents resolves the issue. For more information,
see Restarting the Management agents on an ESXi host (1003490).
7. Verify if the hostd process has stopped responding on the affected ESXi host. For more
information, see Troubleshooting vmware-hostd service if it fails or stops responding on an
ESX/ESXi host (1002849)  See also : ESXi host is non-responsive and disconnected in ESXi 6.x
(56450) 
8. The vpxa agent has stopped responding on the affected ESXi host. For more information,
see Troubleshooting the vCenter Server Agent when it does not start (1006128)
9. Verify if the ESXi host has experienced a Purple Diagnostic Screen. For more information,
see Interpreting an ESX/ESXi host purple diagnostic screen (1004250)
10. ESXi hosts can disconnect from vCenter Server due to underlying storage issues. For more
information, see Identifying Fibre Channel, iSCSI, and NFS storage issues on ESXi/ESX hosts
(1003659).

Disconnected

Disconnected is a state initiated from the vCenter Server side and suspends vCenter Server host management,
and thus all vCenter Server services ignore the host.
A disconnected host is the one that has been explicitly disconnected by the user, or the license on the host has
expired. Disconnected hosts also require the user to manually reconnect the host.

Ultimately, a host that is Disconnected due to one of these three reasons (2 of which require manual
intervention):

 A user right-clicks the host and selects Disconnect.

 A user right-clicks a host that is listed as Not Responding and clicks Connect and that task fails.
 The host license expires.

When a host becomes disconnected, it still remains in the vCenter Server inventory, but vCenter Server does
not get any updates from the disconnected host, does not monitor it, and therefore has no knowledge of the
health of that disconnected host.

vCenter Server takes a conservative approach when considering disconnected hosts. Virtual machines on a host
that is not responding affect the admission control check for vSphere HA. vCenter Server does not include
those virtual machines when computing the current failover level for HA, but assumes that any virtual
machines running on a disconnected host will be failed over if the host fails. Because the status of the host is
not known, and because vCenter Server is not communicating with that host, HA cannot use it as a guaranteed
failover target. As part of disconnecting a host, vCenter Server disables HA on that host. The virtual machines
on that host are therefore not failed over in the event of a host isolation. When the host becomes reconnected,
the host becomes available for failover again.

hostd and vpxa are the management agents on the ESXi host.  Port 902 is the primary
communication link between vCenter and each ESXi host.  Other ports required for vCenter
to ESXi for functionality purposes are:
        902 (server-to-server migration and provisioning traffic)
2050–2250 (for HA traffic)
8000 (for vMotion)
8042–8045 (for HA traffic)