VMware Cloud Foundation (VCF) ESXi 9.0.1 Installer in the Lab

Table of Contents

Overview

I run a home lab built on older Intel Xeon CPUs, which are no longer supported by modern versions of VMware Cloud Foundation (VCF). Since this is a non-production lab environment, I’m using nested virtualization to continue my testing and learning. In this post, I’ll walk through how I’m bypassing the CPU-compatibility checks so I can deploy VCF on this older hardware.

Note: Did you catch that? This is the ESXi installer for ESX…and this is even on a 9.0.1 installer! Both ESX and ESXi terms will be used interchangeably in this post.

CPU_SUPPORT ERROR: The CPU on this host is not supported by ESXi. — CPU_SUPPORT ERROR

RTFM

https://techdocs.broadcom.com/us/en/vmware-cis/vcf/vcf-9-0-and-later/9-0/deployment/deploying-a-new-vmware-cloud-foundation-or-vmware-vsphere-foundation-private-cloud-.html

Virtual Hardware Configuration

These are the settings per nested host. There will be four nested hosts for a consolidated VCF Management Domain.

vCPU: 16 (Hardware virtualization enabled)
RAM: 96 GB
OS Disk: 128 GB (thin provisioned)
vSAN Cache Disk: 64 GB (thin provisioned)
- Attribute: scsi0:1.virtualSSD
- Value: 1
vSAN Data Disk: two x 300 GB (thin provisioned)
Network adapter: two x VMXNET 3 with 10 Gbps fiber backing
Secure boot enabled

Installation – Edit Boot Options

When loading the ISO during an interactive installation, notice the option to Edit boot options with SHIFT + O. (Big “Oh”, not zero!)

Add the following to the runweasel cdromBoot line.

runweasal cdromBoot allowLegacyCPU=true

Press the ENTER key to apply the options and boot.

Installation

Now the installation should proceed as normal.

And the moment of truth, now this is a CPU_SUPPORT WARNING.

Preparing the ESX Host

Press F2 to customize the system.

Configure the Network

Select Configure Management Network.

Configure settings as needed.

The following image is for informational purposes, only. For actual use, my lab has two vmnic adapters, with only one configured since this will be for VCF.

When configuring DNS, always use the fully qualified domain name and ensure the case is lowercase.

Same thing with custom DNS suffixes. Always add in lowercase suffixes as these will be searched in the order given if only a short name is provided.

When finished configuring all the settings, press Esc to exit. When prompted to apply changes, press Y.

Even though the Hostname: does not show the fully qualified domain name here in the Direct Console User Interface (DCUI), the hosts files on the host will display the fully qualified domain name. This is important for preparing the host for VMware Cloud Foundation (VCF) to get the local certificates regenerated correctly.

cat /etc/hosts
# Do not modify this file directly, please use esxcli.
127.0.0.1	localhost.localdomain localhost
::1		localhost.localdomain localhost
172.16.2.51	vcf9esx-162-51.lab.aaronrombaut.com vcf9esx-162-51

Enable SSH

Enable SSH by selecting Troubleshooting Options.

Press Enter to enable ssh. When the option turns to Disable SSH, ssh is enabled.

One Script

The following is a quick script that can be added to an SSH session to quickly configure the host. More detailed instructions are below and of course, there are the official Broadcom Techdocs in the RTFM section.

Update the VLAN ID, NTP server IP 1, and optionally, NTP server IP 2.

# Configure the Virtual Machine Network Port Group
esxcli network vswitch standard portgroup set --portgroup-name='VM Network' --vlan-id=<vlan id>

# Configure NTP
esxcli system ntp set --enabled=true --server=<ntp-server-ip-1> --server=<ntp-server-ip-2>

# Regenerate the Self-Signed Certificate
/sbin/generate-certificates

# Reboot the host
reboot

Configure the Virtual Machine Network Port Group

First, check the default VLAN ID.

esxcli network vswitch standard portgroup list

esxcli network vswitch standard portgroup list
Name                Virtual Switch  Active Clients  VLAN ID
------------------  --------------  --------------  -------
Management Network  vSwitch0                     1      162
VM Network          vSwitch0                     0        0

Modify the VM Network port group to be the same as the Management Network. When the command is run, there will not be any output.

esxcli network vswitch standard portgroup set --portgroup-name='VM Network' --vlan-id=<vlan id>

esxcli network vswitch standard portgroup set --portgroup-name='VM Network' --vlan-id=162

To verify the network change is successful, return to the first command.

esxcli network vswitch standard portgroup list

esxcli network vswitch standard portgroup list
Name                Virtual Switch  Active Clients  VLAN ID
------------------  --------------  --------------  -------
Management Network  vSwitch0                     1      162
VM Network          vSwitch0                     0      162

Configure NTP

First, check the current NTP settings.

esxcli system ntp get

esxcli system ntp get
   Enabled: false
   Loglevel: warning
   PID: 0
   Runtime Seconds: 0
   Servers: 
   Service Providing Kernel Time: 
   Time Service Enabled: false
   Time Synchronized: false

Now configure up to two NTP servers. Note that running this command on the command line will not update the web GUI NTP service startup policy to Start and stop with host until after the host is rebooted.

The command for adding one NTP server.

esxcli system ntp set --enabled=true --server=<ntp-server-ip>

esxcli system ntp set --enabled=true --server=172.17.0.10

The command for adding two NTP servers.

esxcli system ntp set --enabled=true --server=<ntp-server-ip-1> --server=<ntp-server-ip-2>

esxcli system ntp set --enabled=true --server=172.17.0.10 --server=172.17.0.11

To verify the NTP configuration is successful, return to the first command.

esxcli system ntp get

esxcli system ntp get
   Enabled: true
   Loglevel: warning
   PID: 2100600
   Runtime Seconds: 156
   Servers: 172.17.0.10, 172.17.0.11
   Service Providing Kernel Time: Network Time Protocol
   Time Service Enabled: true
   Time Synchronized: false

It’s also a good idea to test the configuration. Keep running the test until the Timeinsync reads true. This should not take more than 10 minutes!

esxcli system ntp test

esxcli system ntp test
   Comments: 
      
Service analysis started on host: vcf9esx-162-51.lab.aaronrombaut.com, 
Test started at: 2025-12-09T19:38:30Z, 
Time Service is administratively enabled., 
Verifying NTP service., 
NTP server: 172.17.0.10 resolves IPv4: 172.17.0.10, 
Virtual NIC vmk0 : Admin: Up, 
IP Interface: vmk0 IPv4 Address: STATIC 172.16.2.51, 
IP Interface: vmk0 connected to Management Network on vSwitch0, 
IP Network Stack: defaultTcpipStack, 
Physical NIC vmnic0 : Admin: Up Oper: Up, 
Firewall Rule: ntpClient allows traffic on port: 123, 
Firewall Rule: ntpClient allows all IPs, 
ntpd is running, PID: 2100865, 
Kernel clock type: ntp, 
NTP is in sync , 
Peering with: 172.17.0.10, 
Stratum: 5, 
Accuracy to within: 521.534000 msecs, 
Polling every: 64 secs, 
Network delay round trip: 50.828000 msecs, 
Difference from remote clock: 0.170933 msecs, 
Service analysis completed.
   Timeinsync: true

Regenerate the Self-Signed Certificate

When the host is first installed, the hostname will reflect localhost.localdomain. Even after the host is configured prior to regenerating the certificate, the certificate will be self-signed and reflect this name from a browser.

Regenerate the self-signed certificate on the ESX host. There will be no output after the command.

/sbin/generate-certificates

Reboot the host.

reboot

If you are (or were) connected to the ESXi Host Client from a browser, refresh the page and accept the new self-signed certificate.

One response to “VMware Cloud Foundation (VCF) ESXi 9.0.1 Installer in the Lab”

Tom

December 30, 2025

Right after I finish the ESX config I enable the shell, ALT F1 then enter /sbin/generate-certificates command for the certs and reboot, just saves me a little time

Bits, Bytes, & Radio Waves