Setting maintenance mode for Linked Clones using API’s

If you have used the VMware.hv.helper the title of this blog post might sound strange since the set-hvmachine already has a way to set maintenance mode. When Ryan Butler asked me the question this week though I didn’t think of that and dived into the api’s immediately. The machines.Machine_EnterMaintenanceMode method looked good to me and than I though of the vmware.hv.helper and noticed that with

it was also possible so set maintenance mode. The usage though made me think immediately that this was not actually using a proper api call but the update function. A quick look at the function itself confirmed this. It sets that status of the virtual machine by directly setting the status.

(this is just a snippet of the complete function)

If you are below version 7.5 of Horizon view it’s probably of no use to continue with the rest of this blog post. The api explorer only mentions the relevant functions since 7.5! They have been tried against 7.0.3 and 6.2 and there they don’t work.

So back to the drawing board it was and I needed to look at the API explorer, there are 4 relevant methods for maintenance mode.

As usual there are methods for multiple machines that use an array of id’s (with machines in the name) and methods for single machines id’s (without the machines in the name).

Since I usually use instant clones these days I created a small pool with three linked clones. With get-hvmachine I can show you their names and state.

Since I know that get-hvmachine will already give you the id of a machine it’s easy to do a one liner to set one system in maintenance mode.

and exit maintenance mode.

And the entire pool?

And exit maintenance mode for the entire pool.

Okay so we now know how this works but I don’t want to use to vmware.hv.helper module for this at all because I want to be able to use a list of machines or based on part of the name. That can be done using a query. The query entitytype to use is MachineSummaryView and if you use queryfiltercontains it’s also possible to use only a part of the name for a kind of wildcard selection. Combine several of these in with queryfilteror and it gives the opportunity to select them from a list.

Now I replaced the names in the txt file with only p2lc00

And back into maintenance mode

So this is a nice way to manage the machines and their maintenance state. Please remember that these scripts only work against horizon 7.5 and higher.

Horizon View Api’s: back to basics part 3: Methods

Like I said in part two I wanted to do that first before going to method’s since for some methods you actually need the output from a query. I posted an example of that in the meanwhile with my post about sending messages to users. The get-hvglobalsession and get-hvlocalsession are based on queries that are used for the Session_SendMessages method of the session service.

The obvious way of finding available methods is by looking into the API Explorer.

It’s a complete list but it’s hard to find all the methods that belong to a service. It’s easier to do a get-method on a service.

So, in here we have two methods: ConnectionServerHealth_Get and ConnectionServerHealth_List. Even my wide PowerShell window is not big enough to show what’s needed to with the ConnectionServerHealth_Get method. For that we can use service.method without any brackets.

and

The required input for the method’s is visible between the brackets. The _Get method requires an id of the type vmware.hv.connectionserverid and the list doesn’t even need an input. I will keep the first one to use for later while I run the latter one.

A lot of these lists have information that is available on a deeper level, with a get-method everything is shown.

The ones where you see a property that has a definition that starts with vmware.hv…. has more content hidden. It is possible to access these by putting the entire line between brackets followed by .membername for example

Please be aware that this can go multiple levels deep for some methods. To avoid unneeded api calls it’s wise to declare a variable from the method and use that to access the data.

Now to show the use of the _get method I could use the id that I received from the _list method but that would be cheating. What I will do is put a list of all connectionservers into an array (even though I only have 1) and do a foreach with the _get method.

This is the basic usage for method’s. For some method’s a spec is required for input please take a look at this post about adding an instantclone administrator for an example. I will show some more details about that one in here. Let’s take a look at what the method requires as input.

You can see that a spec is required of the type VMware.Hv.InstantCloneEngineDomainAdministratorSpec. The API Explorer will show that this actually is a bit weird one since it one contains a base.

If you click on the base you’ll see whats required in there.

These levels actually show that we need to declare multiple objects to build the actual spec. You can create the basic object with new-object objecttype

As you see the base is empty and doesn’t know what data it can contain. This shows that we need to declare the object for every level where we need to enter some information.

First I tried this using the class that’s shown in the API explorer, this obviously didn’t work so I use the data object name.

In the link I posted above you should be able to find what’s required to create an actual instantcloneadministrator. With this I have covered most of the method’s and how they work. Please don’t assume that _list nevers needs an id or that _get always needs one because that’s not true. Sometimes it will also say ids like with my previous post about sending messages that means it needs an array of id’s most possibly generated by a query or an _list method.

 

 

Sending messages to users with the Horizon API’s

I got the question today from Fabian Lenz if it is possible to send messages to end users using the Horizon API. I knew I had seen it somewhere already and here’s a quick explanation.

There are two method’s to do this, one for a single session and the other for a group of sessions. Both fall under the session service.

You can see both the methods called session_sendmessage and session_sendmessages if we look at what’s required for both we see that the difference is a single sessionid or an array of session id’s.

Let’s see what the API explorer says what’s needed.

So the msgtype is a string that can have three values and the message is just a string, let’s test this.

I am lazy and will use get-hvlocalsession for the sessionid.

I do the -first 1 so it isn’t an array but a single session.

Now let’s send a message.

And the result:

Now let’s do the same for multiple sessions.

And to show that this also works for global sessions (both where connected to pod2cbr1)

If you want to filter the sessions on user or machine name you can filter the $globalsessions on $globalsessions.namesdata.basenames

With the localsessions it’s located in $sessions.namesdata

It’s also possible to filter this with the query service, take a look on my previous post on how to handle queries.

So now you know how to send messages to users. Not that they always read these messages but at least you can try warning them a bit faster now!

Horizon View Api’s: back to basics part 2: Queries

So this is the second post in this series about the Horizon View API basics. While functions logically would be part 2 I have decided on doing queries first since you might need the result for a query before you can use some of the functions. Some if it will seem double from my recent post about pulling event information but not everyone might be looking into that. This post will not have as much gifs as the first post but that’s because only the end results count for this one.

Looking at the API Explorer these are the services that we can actually query:

There are some examples in the API explorer but will show you some different examples with the aduserorgroupsummaryview since that one has a lot of documented filters and I can easily add some extra accounts to show different queries.

The first thing that we always need to do with queries is to declare the queryservice object

If you do a get-method on this object it will show several possible methods to use.

The next thing to do is to create a definition object in which we will declare the things the query looks for.

When getting this object and its get-method it shows the definitions we can set, as you can see all method’s are already visible from just viewing the object so we don’t need to use the get-method anymore.

Now we need to set a QueryEntityType these can be found in the API explorer under the Queryable Entity Types. They have to be used between quotation marks.

Now we’re already set to create some results by putting the query into an object.

As you can see below this will create an object where the results property contains all the data. This Results property has 2 other properties of it’s own that actually contain all the data.

And if we expand the base property it gives us one of the build-in Active Directory groups.

Since this can go several layers deep it is smarter to use the round brackets to get this information. (Select -expandproperty following select – expandproperty is just ugly and takes too long)

This way it’s also easy to count the amount of returned objects. This is very useful if you have a bigger environment and want to take counts of sessions with their status (i.e. Connected, disconnected, error etc)

Next up is adding a filter, so we only get user accounts but we need to do some maintenance first. If you do too many queries it is possible that you will get some errors about too many filters or something (of course I am not getting them while writing this post) so, it might be needed to remove the old stored queries is possible with the queryservice_deleteall method.

This does not give any feedback on the results so let’s continue with the old query and put a filter on it. First you need to know what kind of filter you need and the options are listed in the API explorer.

The first one I will use is queryfilterequals since I use that the most. I start by defining a filter object consisting of a property with a value.


Then I will add it to the querydefinition

Now I will show you the results + the fact that you don’t necessarily need to define an object for the results. I have selected the first result to show you that it contains the domain administrator account

It is also possible to combine several filters into one query, while the ad service might not be the most useful for this it can still be used as an example. The thing to do is to first create a couple of filters.

Please be aware that these membernames are case sensitive!

These need to be combined into one array

To filter on multiple things we need to have a filterand object

And then we can add the $filterarray to this object

and finally we put this object into the querydefinition object

Now let’s run the query

That’s it for the basics of doing queries using the Horizon View API’s. There are some more things that we can do with these like sorting them, but I think you can find that on your own in the API explorer examples.

[Update 15-10] VMware PowerCLI 11.0.0 release with new Horizon (7.6!) API calls

UPDATE 12-10: The new API explorer page also has been published, it just needs to be added to the main page. Check this link: https://code.vmware.com/apis/445

Update 15-10: I have received an overview from VMware about the other changes:

New API Endpoints:
ConnectionServer_GetTags
GlobalSettings_GetEnvironmentSettings
QueryService_DeleteByIds
Datastore_GetDatastoreRequirements
Datastore_ListDatastoresByDesktopOrFarm
RemoteApplication_EndApplication

There also have been some changes to some objects (MachineBase,AccessGroup etc) to include more properties

Original Article:

Today the latest version of PowerCLI was released with version 11.0.0. When you look at the release notes it’s obvious that some extra things have been added for the Horizon VIew API’s.

PowerCLI has been moving at quite the rapid pace over the last 2 years. In 2018, we’ve been releasing roughly every other month to make sure we get the latest features, performance improvements, and updates available as quickly as possible. Well, it’s been two months and we’re not going to break this trend. Today, we are releasing PowerCLI 11.0.0!

PowerCLI 11.0.0 comes with the following updates:

  • Added a new Security module
  • Added new cmdlets for Host Profiles
  • Added a new cmdlet to interact with NSX-T in VMware Cloud on AWS
  • Support for vSphere 6.7 Update 1
  • Support for NSX-T 2.3
  • Support for Horizon View 7.6
  • Support for vCloud Director 9.5
  • Multiplatform support for the Cloud module
  • Updated the Get-ErrorReport cmdlet
  • Removed the PCloud module
  • Removed the HA module

Even though Jake Robinson already gave me a heads up that this version was coming it’s always the question what has been added for Horizon View. According to the API explorer page no new querydefinitions have been added. Like last time I decided to compare the services against the old list and there are two new additions:

  • CategoryFolder
  • ResourceSettings

I have tried both against a Horizon 7.5 setup and they failed so these are only exposed from Horizon View 7.6 and up.

The first one called Categoryfolder is linked to the possibility to put rdsh applications into folders.

It currently has only one function:

I have also investigated if there was a way to change things using the helper function but sadly it has no .update api call so that’s a no-go. I currently have no rdsh on my lab so I can do the list but it doesn’t show anything.

The other new service is the .ResourceSettings just like categoryfolder it also only has one function:

For this one I can actually show what it’s used for:

It shows the general settings for forced logoffs.

Sadly this service also doesn’t show a way to change things.

Sadly I have no found no way yet to see what queryservice entity’s have been added so hopefully we will have a new API explorer soon (maybe with release notes this time, pretty please VMware?) that shows us all the new goods.

Horizon View Api’s: back to basics part 1: Connecting

Intro

I have done a lot of deep dives but just like the VMware{Code} session I did at VMworld I think it’s time to go back to the basics on how to work with the Horizon api’s from PowerCLI. First up is connecting to a Connection server and disconnecting. I will be showing various ways to do but the new and secure one is the best for me since that’s also usable when you want to schedule scripts.

The easy way

The easiest wat to connect is by using the connect-hvserver SERVERNAME

This will give you a nice credentials popup.

The Unsecure way

The previous way that I used was by using the -user, -pass and maybe the -domain parameters.

The ‘new’ and secure way

Since one of the latest updates it is also possible to use a credential object. We found this out during the Hackathon @VMworld US that it is possible. It will use the good old credentials function from Powershell like in this post from 2008. First you’ll need to make a file with the encrypted password. Big thanks to Ariel & Edgar 🙂 check this for the vDocumentation script.

The next two lines I will combine into one, just because I can.

Doing it in two lines is also possible and might make it a bit easier to read

And then it’s time to connect

That’s easy right?

Connect to the api’s

There’s a little bit more to it so you can actually use the api’s. First we need to put the session into a variable. I always use a number so it’s easy to separate my various pods.

Next up is actually making the services visible. Again I added the number for when I am working with multiple pod’s.

And a quick look at the available services which I will explain in a next blog post.

Disconnecting

If you are connected to a single Connection server this is easy, just a disconnect-hvserver is enough.

Or without confirmation, this is a standard powershell thing.

This will not work when you are connected to multiple Pod’s so you’ll need to specify the server you are connected to.

The End

Next time I will go into some of the things you can do with the services I quickly showed you.

The VMware Labs flings monthly for September 2018

September flew past for me like a whirlwind. So much new things that I learned so here’s my monthly overview of all the new and updated VMware flings. There are three new ones with the DRS Dump Insight H5 PluginWorkspace One Configuration Tool for provisioning and the Horizon Session Recording. Four have received updates: ESXi Compatibility Checker, HCIBench, vRealize Operations REST Notifications and but not least the SDDC Certificate tool. It’s also one of the few months where the HTML5 Client didn’t get an update.

New

Horizon Session Recording

The Horizon Session Recording fling gives Horizon View administrators a way to record and save their users activity.

VMware Horizon Session Recording allows administrators of a VMware Horizon environment record their users activity in their Blast Extreme virtual desktop and application sessions.

With Session Recording, the administrator can choose to record local or remote sessions, to a central recording Server where the administrator can watch the recordings back via a HTML 5 web console integrated into the server.

The Session Recordings are stored as MP4 files for watching via the web console or downloading to play in a local player.

The VMware Horizon Session Recording Fling comprises of two components:

  • A Central Recording Repository + Web Front End
  • The Agent to be installed in the virtual desktop or RDSH host template which facilitates the recording.

Today VMware Horizon Session Recording supports Windows Server 2016 as the Central Server along with Windows 7, 10, Server 2012 and Server 2016 on the agent.

DRS Dump Insight H5 Plugin

If you like the the older DRS Dump Insight fling you will like the DRS Dump Insight H5 Plugin even more. No need anymore for pulling the data yourself, with the Plugin it will be available directly.

The DRS Dump Insight H5 Plugin helps answer simple questions like

  • “Can I get all the recommendations made by DRS?”
  • “Why did DRS make a certain recommendation?”
  • “Why is DRS not making any recommendations to balance my cluster?”
  • “How is my custom affinity/anti-affinity rule affecting load balancing in my cluster?”
  • “If I have a policy defined in my cluster, how different would DRS load balancing be?”

When diagnosing Distributed Resource Scheduler (DRS) cluster issues in vSphere, we look at vCenter server logs from the support bundle, including DrmDump files to find any clues. Analyzing DrmDumps is a slow and tedious process, is usually done by VMware support or Engineering teams for advanced debugging of algorithm related issues. This is because analyzing the dumps requires building a replayer module, for which one needs access to the source code. Another challenge is that the final DrmDump data is not in plain text format; it requires someone with an understanding of the source code to be able to make good sense of it.

There is an existing DRS Dump Insight fling, which can replay DrmDumps and provide useful information for debugging. However, Dump Insight requires users to manually upload relevant DrmDump files from the time when the issue occurred. With the DRS Dump Insight H5 Plugin, customers do not need to upload any DrmDump files, and can access all the anal yzed information from their vSphere HTML5 web client itself.

  • Once a customer installs the HTML5 plugin, a new DRS Dump Insight tab will be available under the “cluster -> monitor” view.
  • All the DrmDump files that are available for the given cluster are listed in the opening screen. Customers can select the dump file of their choice for analysis.
  • They can also select multiple dump files to be analyzed together.
  • After analysis, the tool shows the analysis for each dump file in a separate tab view.

Workspace ONE Configuration Tool for Provisioning

The Workspace ONE Configuration Tool for Provisioning fling is created for the Workspace One provisioning in the Dell factory.

The Workspace ONE Configuration Tool helps you build special-purpose unattend.xml configuration files to be applied in the Dell factory as part of Factory Provisioning. This helps to domain join (domain, workgroup, AAD, AAD Premium) and enroll devices automatically on first-boot. This simplifies the creation of the unattend.xml configuration file for Windows 10.

Features

  • It’s a stand-alone .exe app that helps IT administrators configure general and Out-of-the-Box Experience Windows setups to automatically enroll users in Workspace ONE.
  • The User Interface is made simple with explicit instructions about each field for easy and quick use by IT admins.
  • The User Interface has dynamic and efficient validations in Clarity and Angular, preventing the user from building the unattend.xml until all the validations are correctly satisfied.
  • This makes the UI fool-proof and reduces the chances of generating an invalid xml file.
  • The tool is made as a .Net Core 2.0 web app with Angular 5 and Clarity, which eases the integration of v2.0 into the AirWatch Console.

Updated

ESXi Compatibility Checker

With the ESXi Compatibility Checker a vSphere admin can automatically check and validate a current vSphere environment against the HCL.

Changelog

Build 10066133

  • Fixed bugs

HCIBench

While it probably is optimized for VSAN workloads the HCIBench is a benchmark tool that can be used with any HCI solution.

Changelog

Version 1.6.7.2

  • Enhanced write/read buffer/cache methodology
  • Fixed network ip-prefix selection issue
  • Fixed 95% percentile calculation issue

vRealize Operations REST Notifications Helper

With the vRealize Operations REST Notifications Helper fling it is possible it’s easier to use alerts in vRealize Operations Manager and send them to third-party tools.

Changelog

Version 1.1.2

  • Changed the line endings in text files from Win to Unix

Version 1.1

  • The new version of imset.jar
  • Updated properties file (imset.properties)
  • A new configuration file example (slack.json)
  • New version release notes (v1.1_notes.pdf)

SDDC Certificate Tool

The SDDC Certificate Tool is your one stop shop to replace all the certificates in a range of VMware Products: vSphere,NSX,vRLI,vROps etc.

Changelog

1.0.1 – Build 10253169

  • Spring Frameworks updated to version 4.3.19 due to security vulnerability

My #VMworld presentations @vbrownbag and @vmwarecode

Time flies when you’re having fun and it’s already been over two weeks since I came back from VMworld 2018 in Las Vegas. I just thought of the fact that I promised some people to post my presentations. While they kept looping on the provided mac’s they don’t do that on a windows system, or at least for me.

This is the link to the vBrownbag Presentation

and the video

This is the link to the VMware {Code} presentation

And the video

 

VMworld US 2018 report day 1 – Hackathon

Today was the official first day for VMworld US 2018. For me it started with the keynote from the press seats in the keynote arena. This was a first time for me since previous years I had decided on viewing it from the community areas. With VMware being almost old enough to grab a beer with it’s 20 years it was all about looking back at the past but also looking forward to the future. The message that I really agree on is that everything has to do with the community. A video of Mercy Ships was shown with their hospital ships that run on VMware products.

New announcements (and yes I might have missed some)

  • Platinum License leven (vSphere + App Defence)
  • vSphere 6.7 U1
  • vSAN EBS with bulk live migration
  • Amazon Relational Database Service (RDS) for On-Prem
  • Project DImension
  • Pulse 2.0
  • Acquirement of Cloudhealth
  • Coud Automation formerly known as Project Tango
  • Dell Provisioning for Workspace One
  • ESXi on arm64 for edge solutions

After this I went on the exhibition floor for a bit to wander around and look at new products. The floor was mostly about Cloud & monitoring this year where for me Uila and EG Innovations. Rather quickly the vmtn area became THE place to be again for vExperts and everyone in the community.

After lunch I went to the first of my two regular breakouts I visited this week: EUC Champions panel with Brian Madden as moderator. This was a fun panel where we even managed to heckle them from the first row.

Later in the afternoon it was time for the EUC Keynote where some of the newly announced things included Industry baselines for WIndows 10 Modern Management and a demo was shown for Horizon Cloud management.

The day ended with the VMworld hackathon. This kicked of with a short Kyle Ruddy Hecklethon where he introduced the audience into what can be done with PowerCLI.

The Hackathon itself wasn’t that successful for our team since I wasted most of the times with laptop issues. We had applied 1 fix though for the vmware.hv.helper and started work on vDocumentation for Horizon view. It was lots of fun though and that was the most important part for me.

I ended up with a step count of 16.240 for the day.

 

 

New View API query services in PowerCLI 10.1.1: pulling event information without the sql password.

A while back I already posted about new services that where available for the View API’s in PowerCLI 10.1.1. Recently the api explorer for this version was published and can be found here. Two things that I didn’t find back then was the addition of two services for the query service. The first is GlobalApplicationEntitlementInfo this one can be compared to the previously already available GlobalEntitlementSummaryView and will return information about global entitlements.

The second added services is extremely useful: you can now query the event database. This means you don’t need the actual sql password anymore to query the events. According to the api explorer at least Horizon 7.3 is required and only events from the Event and Event_Data database tables. A simple query will show all events.

As you can see the data is divided in data and namesdata properties, these contain the same data as what is returned with get-hvevent. I added some selections to show only one event.

and

Offcourse it;s better to use filtering from the query directly. The full lust for that is available from the api explorer but I will give a couple of examples. (be aware that membername and the value are case sensitive)

Or by severity

As said it can be filtered on other properties as well but that might require some more logic to get the userid or desktopid for example. This is a very useful addition in my opinion to the Horizon View api’s.