VMware vMA

The vMA, or vSphere management assistant is an ovf template which can be downloaded for free from the VMware website.
The vMA has the following minimum system requirements
ESX(i) 3.5 update 2 or later
64 bit  Intel-VT or AMD-V compatible CPU as the vMA is a 64-bit virtual machine
5GB virtual disk size
Access to the ESX(i) host management network
An ESX(i) server or a vCenter Server can be used as a target for the vMA.

Once the vMA has been downloaded and imported into ESX(i), power it on and it will run through a setup wizard where you can set the IP address, password  and SNMP settings.
When you get to the prompt, login to the vMA using the vi-admin account.
The vMA contains the vCLI command utilities which offers the vicfg-xxxxxx commands among others.  These commands are located in the /usr/bin directory.
Use command –help to list all available commands.

An example command is
vicfg-nics –list –servertargetservername
Once prompted enter the vi-admin user name and password.
This will list the available nics on the target server.

Other commands available from the vCLI include

When a command is run through the vMA it is necessary to provide credentials each time for the target server.  To get around this you can use to vi-fastpass command to add credentials to the vMA so that future commands will be run using these cached credentials.
To do this to two things are required.
Vifp – to add the server and credentials
Vifptarget – to specify the server that the command is run on.

Vifptarget commands
–set | -s
–clear | -c
–display | -d
–help | -h

To use vifp type
vifp addserver ‘servername’
Type the vi-admin user name and password when prompted
Once added use Vifptarget within the command to tell the vMA the specific host to run commands on.

So to use the earlier example of vicfg-nics type
vifptarget -s servername
vicfg-nics -l
Notice that there is no prompt for credentials this time.
Once the server you are running the commands against has been added with vicfgtarget -s you will be able to run all subsequent commands within this session without specifying the server name of credentials.

Session Files
An alternative to vi-fastpass for automating cached credentials are session files.
Session files are Perl script files that save session credentials in an aptly named saved session file, called save_ session.pl.

save_session.pl –serverservername‘  –user name root –password password –savesessionfile /home/vi-admin/esxsession
Once this has been saved, add it to the end of a command run through the vMA.

vicfg-nics -l –sessionfile /home/vi-admin/esxsession

Consolidating log files
ESXi doesn’t save log files.  When the host is shutdown, all log files are deleted so in order to be able to refer to log files after a shutdown or reboot it is necessary to consolidate the log files.  This can be achieved through the vMA using vilogger.
To use vilogger, first ensure that vi-fastpass is enabled using vifp list server to list out the current vi-fastpass enabled servers, if no servers are listed use vicfg addserver servername and vifptarget -s servername to add again.
vilogger has several parameters available, an example of which are
–numrotation number of files to collect
–maxfilesize specified in MB
–collectionperiod how often to poll, specified in seconds

vilogger enable –server servername –numrotation 20 –maxfilesize 10 –collectionperiod 10
This command will collect the following logs from the ESXi host
To scroll through the log files one page at a time use the more command.

more hostd.log

Resetting the password of the vi-admin account.
To reset the vi-admin password, first reboot the vMA using the VMware tools and when it is starting up press a key on the grub loader screen to pause the boot, then press e to edit and add the word single the kernel command line, then continue the boot process.
Once it boots you will be at the sh-3.2# prompt, this means that the server is in single user mode.
Type the following at the prompt
sh-3.2# passwd vi-admin
Enter the new password when prompted and again to confirm.  You have now reset the password and will be able to login when you reboot the vMA.

Additional vicfg Commands
vicfg-nics | Manage physical NICs
vicfg-vswitch | Manage virtual switches
vicfg-vmknic | VMkernel NIC
vicfg-dns | Specify DNS configuration
vicfg-route | Manage default IP gateway
Vicfg-ntp | Specify NTP server

-a Set the NIC to auto negotiate
-d half¦full Duplex options
-s Speed for NIC (val is 10,100,1000,10000)
-l Lists the NICS
-L Link
-A Add
-D Delete a port group
-d Delete a virtual switch
-U Remove an uplink from a vSwitch (unlink)
-Q Remove an uplink from a dvSwitch
-IP Assign IP address
-m Set MTU
-n Set netmask

Create a virtual switch
vicfg-vswitch  -a
Add a port group to a virtual switch
vicfg-vswitch  -A
Link an uplink to a virtual switch
vicfg-vswitch –L
Link an uplink to a distributed vSwitch
vicfg-vswitch –P  -v
Set Max MTU size
vicfg-vswitch  -m 9000
vicfg-vswitch –v  -P
Remove a VLAN ID
vicfg-vswitch  -v 0 –P

More information on the vMA can be found in the  vMA guide
Additional commands can be found over at Ray Heffer’s blog


  • Aaron

    Hi Simon, many thanks for the post… very helpful. one quick one though.. i’m trying to get my head around esxcli and vicfg commands. the esxcli commands are very intuitive and helpful – eg the namespaces are listed to help guide you. but vicfg commands are a nightmare. do you know if they are planning on merging the commands and just having one? and finally, while i have found command to list uplinks, i can see a command that would list uplinks available/free so that i can add to a vswitch though cli. as far as i can see you would have to list all nics, then vswitches and dvs and cross check them with the nics. then you can tell which are available. is this right? if so, do i have to learn all this for the vcap-dca course when all i need to do is just use the gui?

    • Simon Greaves

      Hi Aaron,

      Thanks for the comments.
      You can see a list of vicfg/esxcfg commmands and their equivalent ESXCLI commands in the ESXi 5.1 reference poster. http://blogs.vmware.com/vsphere/files/2012/11/ESXi-5.1-Poster.pdf
      You can of course run vicfg command with –help at the end to get help on the command.
      Although it is true that you only need to know one way to perform most tasks with the DCA exam it is helpful to run through the various commands such as those on the poster as the VCAP-DCA exam may ask you to run a command and save the output to a file or something similar. At a minimum make sure you know how to do everything on the blueprint in at least one way. GUI/CLI/PowerCLI etc etc.

      Hope this helps.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.