Posts

Change Password on all Hosts in VCenter

A couple of weeks ago I was having a conversation about security hardening my ESXi hosts and how often passwords are changed and of course it's not as often as it should be. Most admins that deal with passwords know the best practice is to change your passwords at least every 90 days and I was looking for an easy way to do that on multiple hosts without having to touch each one.

In my lab environment I currently use the same password for all of my hosts so my thought was to write a PowerCLI script that I could use to change the passwords on all the hosts and keep it the same password on all of them. I wrote the script to log into VCenter and get all of the host and then log into each host and reset the password. For me this was a simple way to be more secure even though the password is the same on all hosts.

Here I created the script with the "Reset-HostPasswords" function.

To execute that function I would then run the command.

To make the command easier to use I saved…

VMWare Tools Upgrade Breaks Script With Invoke-VMScript and Pass-through Credentials

Recently I upgraded a VCenter test cluster to 6.7 Update 3 and hit an issue with running Invoke-VMScript command.

I was working on and made some changes to a VM deployment script that is constantly in development and decided that the updated test cluster would be a great place to test those changes as there were no other VMs on it and I had just matched it as close to production as possible. I ran the script as normal and it completed the basic deployment of the VM fine. Unfortunately during post deployment configuration I got an error with my Invoke-VMScript command that stated "Could not locate "Powershell" script interpreter in any of the expected locations.".

This error seemed off to me as I have ran it on the production cluster countless times before with no problem. At first I assumed maybe there was an issue with my template but I converted it to a VM and tested the command successfully. Next I decided to test out just the Invoke-VMScript command against the…

Install Powershell and PowerCLI on Linux

Image
I have been working on setting up a nested VSphere lab in VMWare Workstation the past few weeks and wanted to have a simple jump box with minimum resources that I could use to test out PowerCLI scripts I have been writing. As I am very familiar with working with Linux operating systems and now that Microsoft supports PowerShell Core on Linux distributions I wanted to see if I could get PowerShell and PowerCLI installed on two Linux test servers (Ubuntu 18.04 LTS and CentOS 7) that I have setup already in the lab.

Add the PowerShell Repository To install PowerShell Core I first had to add the official Microsoft repository. CentOS 7
Ubuntu 18.04
Install PowerShell Now that the repositories were configured the next step was to install PowerShell.  CentOS 7
Ubuntu 18.04
Install PowerCLI Now that PowerShell was successfully installed I could start it and install PowerCLI.

Since I am using the default self-signed certificate on my lab VCenter server I got an error that the SSL connection co…

Get ESXI Host HBA WWN

From time to time I have to send HBA WWN and WWP reports to our Storage Team so they can make sure the right LUNs are mapped to the right hosts. That is can be a really easy task if you have a few servers as you can go into the configuration within the Web Interface for VCenter and get the information needed. If you are in a situation like I usually am though and you have multiple hosts usually in the hundreds to get that information could take quite a while but there are quick and easy PowerCLI commands that can help get that information fast and exported to CSV. This simple script can be used to get a report of WWNs for all hosts withing one VCenter site but can also be narrowed down by cluster or by single host.

Copying Large Files Using Copy-VMGuestFile

Every now and again I run into a situation where I have to copy files to virtual machines that are on an inaccessible network. With PowerCLI this can be handled easily using the Copy-VMGuestFile command.

For the most part this works as it should but I have run into issues transferring files larger than 1 GB where the operation will timeout and will receive an error stating "The request was aborted: The request was canceled". After some research I found out that the default timeout for web operations in PowerCLI is 300 seconds which does include the Copy-VMGuestFile command.This timeout can be adjusted using the Set-PowerCLIConfiguration command with the WebOperationTimeoutSeconds option and using the -1 value as seen below. The value could also be increased to a greater number of seconds to get pass the timeout limitation it would take to complete the operation but for me it is easier just to disable it.

For reference here is a link to the PowerCLI 11.4 Commands.
https://co…

Configure Syslog on Multiple ESXI Hosts in VCenter

One of the most common configuration changes for monitoring and security purposes within any IT System is sending logs to a central location. I was tasked with making this change across multiple VCenter data centers with multiple ESXI hosts and as usual that is something I did not want to manually do as it is so time consuming. To also make things a little more interesting there were some hosts that were already configured but were not working so I had to write the PowerCLI script to check if it was configured and only restart the appropriate services.


Resetting Customization Spec Password after VCenter Upgrade

Image
Following a recent upgrade from VCenter 6.5 to 6.7 I ran into an issue with Windows VM deployments using Customization Specifications. The deployments kept failing with the error "The VCenter Server is unable to decrypt passwords stored in the customization specification."

After some research I found out the this occurs because the encryption keys are updated during the VCenter upgrade and the passwords in the Customization Specs can no longer be decrypted. 
Solution-------------------------------------------------------------------------------------------------------------------------------------------------------------------
To resolve this issue I found out I would have to edit the Customization Spec and enter the passwords on the "Administrator Password" and "Workgroup or domain" tabs.


This works well if you only have a few deployments setup but I have to make this update to multiple Customization Specs in multiple Data Centers so this process would …