freshidea - Fotolia
What to do when you can't deploy an OVF template
Invalid certificates can keep OVF-based VM deployments from working properly. Luckily, admins can work around this issue by logging into the host or using the OVF Tool application.
Using the VMware vSphere Web Client to deploy an OVF template requires proper configuration. If IT administrators don't set up vCenter certificates correctly, the Web Client detects an error and refuses to proceed, but admins can work around this issue in a couple ways.
Many admins using vSphere simply install whatever comes out of the box. In this case, admin console users will most likely receive that well-known error regarding insecure websites. Installing the certificates that come with vCenter is a quick and easy fix, but this is akin to simply plastering over the cracks. Setting up the proper certificates can be a complex task that sometimes isn't worth the trouble.
To avoid triggering an error message from the Web Client and going through the hassle of proper certificate setup, admins can deploy an OVF template from the host GUI or use the OVF Tool application to extract the files.
Use the host GUI to deploy an OVF template
If admins are in a rush, they can try logging in to the host and directly deploying an OVF template using the GUI, depending on the vCenter configuration.
However, certain variables might affect this method's success. If an admin has too few rights or incorrect rights, this will cause a failure. In addition, with this method, an admin can only deploy to the cluster he's directly logged in to, which means he can't deploy to another cluster without logging in to additional hosts. If vCenter prevents admins from logging in to the host, that will also prevent admins from deploying an OVF template using the GUI. In that case, admins should use the OVF Tool method instead.
Use the OVF Tool application method
For a less quick-and-dirty installation, admins can deploy an OVF template by downloading the OVF Tool application and installing it on their local Windows server, or wherever they want to extract the VM and configuration files to, as an intermediate step.
The OVF file is a group of compressed disk files, along with some configuration files. Admins can use OVF Tool to extract the files within the compressed OVF file.
Admins should use the following command to extract all the files required. For the sake of speed, they should do this locally. They can substitute myovffile.ovf for whatever the OVF file is called or just use *.ovf if desired.
ovftool –acceptAllEulas –allowExtraConfig myovffile.ovf
The allowExtraConfig parameter extracts information that vCenter/ESXi needs to install the VM. There should be a number of VMDK files and a VMX file with the configuration. Admins should ensure that all the requisite files are inside the extracted folder.
After file extraction
Once these files are extracted, admins can use WinSCP or other file transfer software to upload the folder containing the files to the data store where they want to keep the VM. They can also use the built-in file upload functionality in vCenter, but programs such as WinSCP are often more reliable. WinSCP only uses one port -- port 22 -- when uploading. In a complex environment, all the ports required to complete an upload might not be open, so with larger files, the built-in upload functionality often fails.
After the upload is complete, admins should use the file browser to navigate to the folder and locate the VMX file. The next step is to right-click the VMX file and select add to inventory.
The machine is then added to the vCenter inventory. At this point, the machine import is complete, and admins can use vMotion or migrate the machine like any other VM.
If issues arise with powering on or further troubleshooting is required, admins can find the detailed log files for the VM in the folder containing the VMX and VMDK files. They can download these files for inspection on the client. Such errors are in time order and prefixed with an error warning message in the logs, so they should be easy to find and inspect. However, in an ideal situation, administrators should ensure they have correctly installed their certificates before they hit this issue and must resort to this workaround.