vSphere – Retouw.nl

Home » Category "vSphere"

Adding vCenter server to Horizon View using the api’s

By Wouter 10/05/2018 10/05/2018 Api, Horizon, vExpert, vSphere

Yesterday Sean Massey (https://thevirtualhorizon.com/) asked me if it was possible to add a vCenter server + some other things to Horizon View using the api’s. With a quick look at the api explorer I confirmed this should be possible. The other things he asked I will put in a separate blogpost.

It looks like a simple matter of building the spec and I should be good. In the end it turned out to be a bit more work then expected. Some items are not required according to the api explorer but should at least be called in the spec (set them to something empty) while others can safely be left away. The automatic generated ssl certs in my lab also turned out to be a pita. First I copied them from a current spec and later I downloaded the certificate on the Connection server itself and read that cert. Andrew Morgan (http://andrewmorgan.ie/)from VMware helped me out with this by showing their internal script that they use. It turned out that except for the SSL certs I was on the right path. As usual I will add this functionality to the vmware.hv.helper but since that might take a while I decided to create a useful script

$hvServer = $global:DefaultHVServers[0]
$services=  $hvServer.ExtensionData

# Create required objects

$spec=new-object VMware.Hv.VirtualCenterSpec
$spec.serverspec=new-object vmware.hv.serverspec
$spec.viewComposerData=new-object VMware.Hv.virtualcenterViewComposerData
$spec.ViewComposerData.ServerSpec=new-object vmware.hv.serverspec
$spec.ViewComposerData.CertificateOverride=new-object VMware.Hv.CertificateThumbprint
$spec.Certificateoverride=new-object vmware.hv.CertificateThumbprint
$spec.limits=new-object VMware.Hv.VirtualCenterConcurrentOperationLimits
$spec.storageAcceleratorData=new-object VMware.Hv.virtualcenterStorageAcceleratorData

# vCenter Server specs

$spec.ServerSpec.servername="VCENTER.DOMAIN.COM"        # Required, fqdn for the vCenter server
$spec.ServerSpec.port=443                                 # Required
$spec.ServerSpec.usessl=$true                             # Required
$spec.ServerSpec.username="USER@DOMAIN.COM"   # Required user@domain
$vcpassword=read-host "vCenter User password?" -assecurestring
$temppw = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($vcPassword)
$PlainvcPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($temppw)
$vcencPassword = New-Object VMware.Hv.SecureString
$enc = [system.Text.Encoding]::UTF8
$vcencPassword.Utf8String = $enc.GetBytes($PlainvcPassword)
$spec.ServerSpec.password=$vcencPassword
$spec.ServerSpec.servertype="VIRTUAL_CENTER"

# Description & Displayname, neither is required to be set

#$spec.description="description"              # Not Required
#$spec.displayname="virtualcenterdisplayname" # Not Required

$spec.CertificateOverride=($services.Certificate.Certificate_Validate($spec.serverspec)).thumbprint


# Limits
# Only change when you want to change the default values. It is required to set these in the spec

$spec.limits.vcProvisioningLimit=20
$spec.Limits.VcPowerOperationsLimit=50
$spec.limits.ViewComposerProvisioningLimit=12
$spec.Limits.ViewComposerMaintenanceLimit=20
$spec.Limits.InstantCloneEngineProvisioningLimit=20

# Storage Accelerator data

$spec.StorageAcceleratorData.enabled=$false
#$spec.StorageAcceleratorData.DefaultCacheSizeMB=1024   # Not Required

# Cmposer
# most can be left empty but they need to be set otherwise you'll get a xml error

$spec.ViewComposerData.viewcomposertype="STANDALONE"  # DISABLED for none, LOCAL_TO_VC for installed with the vcenter and STANDALONE for s standalone composer
$spec.ViewComposerData.ServerSpec.servername="COMPOSERSERVER.DOMAIN.COM"
$spec.ViewComposerData.ServerSpec.port=18443
$spec.ViewComposerData.ServerSpec.usessl=$true
$spec.ViewComposerData.ServerSpec.username="USER@DOMAIN.COM"
$spec.ViewComposerData.ServerSpec.servertype="VIEW_COMPOSER"

if ($spec.ViewComposerData -ne "DISDABLED"){
  $cmppassword=read-host "Composer user password?" -assecurestring
  $temppw = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($cmpPassword)
  $PlaincmpPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($temppw)
  $cmpencPassword = New-Object VMware.Hv.SecureString
  $enc = [system.Text.Encoding]::UTF8
  $cmpencPassword.Utf8String = $enc.GetBytes($PlainvcPassword)
  $spec.ViewComposerData.ServerSpec.password=$cmpencPassword
  $spec.ViewComposerData.CertificateOverride=($services.Certificate.Certificate_Validate($spec.ViewComposerData.ServerSpec)).thumbprint  
}

# Disk reclamation, this is required to be set to either $false or $true
$spec.SeSparseReclamationEnabled=$false 

# This will create the connection
$services.VirtualCenter.VirtualCenter_Create($spec)

$hvServer = $global:DefaultHVServers[0]

$services= $hvServer.ExtensionData

# Create required objects

$spec=new-object VMware.Hv.VirtualCenterSpec

$spec.serverspec=new-object vmware.hv.serverspec

$spec.viewComposerData=new-object VMware.Hv.virtualcenterViewComposerData

$spec.ViewComposerData.ServerSpec=new-object vmware.hv.serverspec

$spec.ViewComposerData.CertificateOverride=new-object VMware.Hv.CertificateThumbprint

$spec.Certificateoverride=new-object vmware.hv.CertificateThumbprint

$spec.limits=new-object VMware.Hv.VirtualCenterConcurrentOperationLimits

$spec.storageAcceleratorData=new-object VMware.Hv.virtualcenterStorageAcceleratorData

# vCenter Server specs

$spec.ServerSpec.servername="VCENTER.DOMAIN.COM" # Required, fqdn for the vCenter server

$spec.ServerSpec.port=443 # Required

$spec.ServerSpec.usessl=$true # Required

$spec.ServerSpec.username="USER@DOMAIN.COM" # Required user@domain

$vcpassword=read-host "vCenter User password?" -assecurestring

$temppw = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($vcPassword)

$PlainvcPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($temppw)

$vcencPassword = New-Object VMware.Hv.SecureString

$enc = [system.Text.Encoding]::UTF8

$vcencPassword.Utf8String = $enc.GetBytes($PlainvcPassword)

$spec.ServerSpec.password=$vcencPassword

$spec.ServerSpec.servertype="VIRTUAL_CENTER"

# Description & Displayname, neither is required to be set

#$spec.description="description" # Not Required

#$spec.displayname="virtualcenterdisplayname" # Not Required

$spec.CertificateOverride=($services.Certificate.Certificate_Validate($spec.serverspec)).thumbprint

# Limits

# Only change when you want to change the default values. It is required to set these in the spec

$spec.limits.vcProvisioningLimit=20

$spec.Limits.VcPowerOperationsLimit=50

$spec.limits.ViewComposerProvisioningLimit=12

$spec.Limits.ViewComposerMaintenanceLimit=20

$spec.Limits.InstantCloneEngineProvisioningLimit=20

# Storage Accelerator data

$spec.StorageAcceleratorData.enabled=$false

#$spec.StorageAcceleratorData.DefaultCacheSizeMB=1024 # Not Required

# Cmposer

# most can be left empty but they need to be set otherwise you'll get a xml error

$spec.ViewComposerData.viewcomposertype="STANDALONE" # DISABLED for none, LOCAL_TO_VC for installed with the vcenter and STANDALONE for s standalone composer

$spec.ViewComposerData.ServerSpec.servername="COMPOSERSERVER.DOMAIN.COM"

$spec.ViewComposerData.ServerSpec.port=18443

$spec.ViewComposerData.ServerSpec.usessl=$true

$spec.ViewComposerData.ServerSpec.username="USER@DOMAIN.COM"

$spec.ViewComposerData.ServerSpec.servertype="VIEW_COMPOSER"

if ($spec.ViewComposerData -ne "DISDABLED"){

$cmppassword=read-host "Composer user password?" -assecurestring

$temppw = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($cmpPassword)

$PlaincmpPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($temppw)

$cmpencPassword = New-Object VMware.Hv.SecureString

$enc = [system.Text.Encoding]::UTF8

$cmpencPassword.Utf8String = $enc.GetBytes($PlainvcPassword)

$spec.ViewComposerData.ServerSpec.password=$cmpencPassword

$spec.ViewComposerData.CertificateOverride=($services.Certificate.Certificate_Validate($spec.ViewComposerData.ServerSpec)).thumbprint

}

# Disk reclamation, this is required to be set to either $false or $true

$spec.SeSparseReclamationEnabled=$false

# This will create the connection

$services.VirtualCenter.VirtualCenter_Create($spec)

Looking at the output it will only ask for the vCenter user’s password and if a Composer server is set for that user’s password.

No comments

The VMware Labs flings monthly for April 2018

By Wouter 01/05/2018 01/05/2018 Fling, NSX, PowerCLI, vExpert, vSphere

It’s been a rather quiet month on the VMware flings front. No wonder with the vSphere 6.7 and other releases this month. Did you already test them? I have to say like vSphere 6.7 but it’s consider the numbering good as well, it wouldn’t have fit to be a 7.* release. One new fling with the PowerCLI for NSX-T Preview, two updated ones with the vSphere HTML5 Web Client and Cross vCenter VM Mobility – CLI. Another fling has gone GA in vSphere 6.7: VMFork for pyVmomi.

PowerCLI Preview for NSX-T

The one thing lacking for NSX-T was PowerCLI availability, this is solved with the release of the PowerCLI Preview for NSX-T fling. Please be aware that the fling still contains bugs and might even be considered an alpha release.

Cross vCenter VM Mobility – CLI

Cross vCenter VM Mobility – CLI is the go to tool when you want to move vm’s between vCenter servers and don’t want to use the GUI fling. The versioning is a bit weird since we already had 1.6 and now they released 1.6.0.

Version 1.6.0

Relocate is failing with validation error “cln is missing”.

vSphere HTML5 Web Client

Not sure what exact version of the html5 web client went into the vSphere 6.7 release but here you can find an overview of the functionality, don’t mind the url because the text clearly states it’s for 6.7. If you want an even more updated version or want to get used to it in vSphere 6.* then use the fling.

Fling 3.37 – Build 8313530

New Features

Add VM vApp option properties read-only view
SRIOV networking in clone wizard customize HW page

Improvements

Prevent the user from creating a GOSc spec with no specified timezone
Resize the migrate wizard to use the largest possible size based on VMware Clarity design standards

Bug Fixes

Drag and Drop VM to folder

No comments

The VMware Labs flings monthly for November 2017

By Wouter 04/12/2017 30/01/2018 Fling, Horizon, vExpert, vSphere

A couple of days late this time but here is your monthly dose of Flings! No new ones but seven flings have been updated by VMware labs this month. The Horizon Toolbox, vSphere HTML5 Web Client and the ESXi Embedded host client make their almost monthly appearances while at least two other received updates in a long time: Cross vCenter Vm Mobility – CLI and the VMFork for pyVmomi. The HCIBench and Desktop Watermark also received an update.

ESXi Embedded Host Client

By now we should all be using the embedded host Client unless you are forced by greater powers to run on some ancient version of ESXi.

Version 1.24.0 build 7119706 (Fling 19) – November 13, 2017

Minor features and bugfixes

GeneralFix failure to deploy OVF/OVA image with disks attached to multiple disk controllers
Address race condition when adding new Network Adapter to virtual machine
Allow datastore browser to browse VVOL datastores
Address timeout issue in datastore browser when client receives unknown datatypes from host
Address issue disabling autostart for a VM
Allow downloading of flat VMDK files in datastore browser
Show the correct VMware Tools version string in VM summary
Show pager in VM editor when VM has many hard disks
Support OVF properties with pre-defined values, showing dropdowns
Allow modifications of root user’s permissions
Support for selecting dependent PCI devices when enabling passthrough
Other minor bug fixes

vSphere HTML5 Web Client

Like always the HTML5 Web Client received multiple updates in November so the changelog is rather long.

Fling 3.29 – Build 7157335

New Features

Configure traffic filtering and marking rules on distributed port groups
Export and import distributed switches and distributed port groups

Improvements

Configure the policies of distributed port groups inside the New Distributed Port Group wizard

Bug Fixes

Fixed an error when trying to edit the settings of VMs with failed installation or update of the VM tools

Fling 3.28 – Build 7110681

New Features

Configure advanced CPU Identification Mask
Select PVRDMA adapter type for a VM network

Improvements

Thanks to the fling users who gave the steps to replace the certificates for FAMI UI running at port 5490, added these instructions to v4 of “Create a new certificate for a HTML5 client fling” document

Bug Fixes

Licensing views should be visible for 6.0 VC/PSCs

Fling 3.27 – Build 7055108

New Features

Popout the Datastore File browser
License Details
View License VC assets (Read-only)

Improvements

Set license name in the Add License workflow

Known Issues

License UI might not work against 6.0 VCs, in particular Windows VCs/PSCs.
If you see error in the vSphere Client (HTML5) similar to this – ‘getHostIsAssignLicenseActionAvailable’, then you can resolve this error by following below steps:
- If vSphere Client (HTML5) Fling appliance is pointed to a vCenter Server Appliance (VCSA), then you should reregister the fling appliance by logging in to FAMI UI (or by running the config-ui CLI). Refer the instructions document to follow the steps for configuring Fling appliance for VCSA.
- If vSphere Client (HTML5) Fling appliance is pointed to a Windows vCenter Server, then reregister by downloading latest server-configure.bat from the Download section of this website. Refer the instructions document to follow the steps for configuring Fling appliance for Windows vCenter Server.

VMFork for pyVmomi

This fling has been around for a while and if you ever wanted to fork your VM’s without having to study PowerCLi then this one is for you. It has a warning that it only supports vSphere 6.0 and 6.5 and no newer releases but hey there are none yet so please use it if you like.

Changelog

Version 1.0.3

Fixed a bug that prevented CreateChildSpec from being referenced in versions of 6.5 of pyVmomi
Updated the requirement to include pyVmomi 6.5 only, up from 6.0, due to a dependency issue

Version 1.0.2

Bug fixes & Improvements

Desktop Watermark

Want to make sure screenshots will show that it is your Image being used then the Desktop Watermark fling can be the tool of choice. It can be used for auditing or exhibition purposes or any other way you like. And yes that type in the changelog is a straight copy/paste from the site.

Changelog

Build 1027

Addition

Password protection for the configuration & uninstllation

Cross vCenter VM Mobility – CLI

Ever needed to migrate or clones VM’s form one vCenter to the other while there they are not linked? then the Cross vCenter VM Mobility – CLI might be a good tool in your toolbox.

Changelog

Version 1.4

While migrating multiple vms with destination network option, only one vm used to get migrated.This issue has been fixed.

HCIBench

Need to benchmark a Hyperconverged Infrastructure? VDbench is one of the tools to use and VMware labs create the HCIBench to automate this tool. It received a couple of updates since my last post about it.

Changelog

Version 1.6.5.1

Enhanced IP segment selection
Set open file limit to 4096
Updated vm-tools to the latest version
Bug fixes

Version 1.6.5

Enhanced 95th percentile calculation.
Added Curve and Multi Run calculation.
Added SSH Service validation.
Replaced DHCP Service with Static IP Service.
Added IP conflict check.
Fixed bunch of bugs.
Change the default client VM RAM from 4GB to 8GB

Horizon Toolbox

Being an EUC guy myself this is one of my favorites. The Horizon Toolbox adds some very good tools for servicedesk and operations employees.

Changelog

2017 Nov 30

Add a new “Export” button to the clients table

2 Comments

Creating local ESXi user in a locked down situation and add it to exception list

By Wouter 11/10/2017 11/10/2017 ESXI, PowerCLI, vExpert, vSphere

So my customer asked for a solution to add local users on ESXi hosts that are in lockdown mode. A side quest was to add these to the lockdown exception list. The use case for this is app volumes, they want to be able to keep using them in case the vCenter server goes down. The trick to this that you need to talk to two different viserver entities. The vCenter server and the local ESXi host since you can add those users via vCenter.

Offcourse PowerCLI to the rescue! I decided to do everything in a try catch construction for some error handling and to give some visual output. These cab be stripped if you want but i like some feedback.

Some of the outtakes:

(get-vmhost $vmhost | get-view).ExitLockdownMode()
(get-vmhost $vmhost | get-view).EnterLockdownMode()

1 2	(get-vmhost $vmhost \| get-view).ExitLockdownMode() (get-vmhost $vmhost \| get-view).EnterLockdownMode()

These two disable and enable the current lockdown mode, this is necessary before being able to create the local user.

Try {
$account = Get-VMHostAccount -server $vmhost.name -Id $accountName -ErrorAction Stop |
Set-VMHostAccount -server $vmhost.name -Password ([Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($accountPswd))) -Description $accountDescription 
}
Catch   {
$account = New-VMHostAccount -server $vmhost.name -Id $accountName -Password ([Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($accountPswd))) -Description $accountDescription -UserAccount -GrantShellAccess 
}

Try {

$account = Get-VMHostAccount -server $vmhost.name -Id $accountName -ErrorAction Stop |

Set-VMHostAccount -server $vmhost.name -Password ([Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($accountPswd))) -Description $accountDescription

}

Catch {

$account = New-VMHostAccount -server $vmhost.name -Id $accountName -Password ([Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($accountPswd))) -Description $accountDescription -UserAccount -GrantShellAccess

}

Some encryption stuff in here but that’s because I dislike having password visible as plain tekst. This first test if the account exists and then sets the password and description. If the user doesn’t exist it will create the user for you.

 $rootFolder = Get-Folder -server $vmhost.name -Name ha-folder-root
 New-VIPermission -server $vmhost.name -Entity $rootFolder -Principal $account -Role admin

1 2	$rootFolder = Get-Folder -server $vmhost.name -Name ha-folder-root New-VIPermission -server $vmhost.name -Entity $rootFolder -Principal $account -Role admin

This gives the newly created or edited user the admin role. If you want to use a custom role this could be added to the script, we decided to go for the admin role since app volumes needs an awful lot of rights anyway. In that case i would recommend to use a variable for role name and create it per host using new-VIrole

$HostAccessManager = Get-View -Server $vCenter $vmhost.ExtensionData.ConfigManager.HostAccessManager
$HostAccessManager.UpdateLockdownExceptions($accountName)

1 2	$HostAccessManager = Get-View -Server $vCenter $vmhost.ExtensionData.ConfigManager.HostAccessManager $HostAccessManager.UpdateLockdownExceptions($accountName)

This simply adds the user to the lockdown exception list.

So now the complete script:

#-------------------------------------------------
# Create local ESXi user with admin rights and lockdown exception while the host is in lockdown mode
# 
# Requires PowerCLI 6.5 or higher (module based not snappin)
# Based on scripts by Luc Dekens and others
#
# Version 1.0
# 09-10-2017
# Created by: Wouter Kursten
#
#-------------------------------------------------
#
# Load the required VMware modules (for PowerShell only)

Write-Host "Loading VMware PowerCLI Modules" -ForegroundColor Green
try	{
    get-module -listavailable vm* | import-module -erroraction stop
}
catch	{
    write-host "No Powercli found" -ForegroundColor Red
}

#Ask for connection information

$vcenter=Read-Host "Enter vCenter server name"
$Target = Read-Host "Which hosts? (i.e. server*)"
$rootpassword = Read-Host "Enter root Password" -AsSecureString
$accountName = $userPassword = Read-Host "Enter New Username"
$accountDescription = $userPassword = Read-Host "Enter New User description"
$accountPswd = Read-Host "Enter New User Password" -AsSecureString
$rootuser="root"

# Connect to vCenter
$connectedvCenter = $global:DefaultVIServer

if($connectedvCenter.name -ne $vcenter){
	Connect-VIServer $vCenter -wa 0 | Out-Null
	Write-Host "Connected"
	Write-Host " "
}

# Get the host inventory from vCenter
$vmhosts = Get-VMHost $Target | Sort Name

foreach($vmhost in $vmhosts){
    try {
        (get-vmhost $vmhost | get-view).ExitLockdownMode()
        write-host "Lockdown disabled for $vmhost" -foregroundcolor green
    }
    catch   {
        write-host "can't disable lockdown for $vmhost maybe it's already disabled" -foregroundcolor Red
    }

    connect-viserver -server $vmhost -user $rootuser -password ([Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($rootpassword))) -wa 0 -notdefault | Out-Null

    Try {
        $account = Get-VMHostAccount -server $vmhost.name -Id $accountName -ErrorAction Stop |
        Set-VMHostAccount -server $vmhost.name -Password ([Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($accountPswd))) -Description $accountDescription 
    }
    Catch   {
        $account = New-VMHostAccount -server $vmhost.name -Id $accountName -Password ([Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($accountPswd))) -Description $accountDescription -UserAccount -GrantShellAccess 
    }
    
    $rootFolder = Get-Folder -server $vmhost.name -Name ha-folder-root
    New-VIPermission -server $vmhost.name -Entity $rootFolder -Principal $account -Role admin

    #Adding the new user to the Lockdown Exceptions list
    $HostAccessManager = Get-View -Server $vCenter $vmhost.ExtensionData.ConfigManager.HostAccessManager
    $HostAccessManager.UpdateLockdownExceptions($accountName)
     
      
    Disconnect-VIServer $vmhost.name -Confirm:$false  
    try {	
        (get-vmhost $vmhost | get-view).EnterLockdownMode()
        write-host "Lockdown enabled for $vmhost" -foregroundcolor green
    }
    catch   {
        write-host "can't disable lockdown for $vmhost maybe it's already Enabled?" -foregroundcolor Red}
    }
}

    Disconnect-VIServer -Confirm:$false

#-------------------------------------------------

# Create local ESXi user with admin rights and lockdown exception while the host is in lockdown mode

# Requires PowerCLI 6.5 or higher (module based not snappin)

# Based on scripts by Luc Dekens and others

# Version 1.0

# 09-10-2017

# Created by: Wouter Kursten

#-------------------------------------------------

# Load the required VMware modules (for PowerShell only)

Write-Host "Loading VMware PowerCLI Modules" -ForegroundColor Green

try {

get-module -listavailable vm* | import-module -erroraction stop

}

catch {

write-host "No Powercli found" -ForegroundColor Red

}

#Ask for connection information

$vcenter=Read-Host "Enter vCenter server name"

$Target = Read-Host "Which hosts? (i.e. server*)"

$rootpassword = Read-Host "Enter root Password" -AsSecureString

$accountName = $userPassword = Read-Host "Enter New Username"

$accountDescription = $userPassword = Read-Host "Enter New User description"

$accountPswd = Read-Host "Enter New User Password" -AsSecureString

$rootuser="root"

# Connect to vCenter

$connectedvCenter = $global:DefaultVIServer

if($connectedvCenter.name -ne $vcenter){

Connect-VIServer $vCenter -wa 0 | Out-Null

Write-Host "Connected"

Write-Host " "

}

# Get the host inventory from vCenter

$vmhosts = Get-VMHost $Target | Sort Name

foreach($vmhost in $vmhosts){

try {

(get-vmhost $vmhost | get-view).ExitLockdownMode()

write-host "Lockdown disabled for $vmhost" -foregroundcolor green

}

catch {

write-host "can't disable lockdown for $vmhost maybe it's already disabled" -foregroundcolor Red

}

connect-viserver -server $vmhost -user $rootuser -password ([Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($rootpassword))) -wa 0 -notdefault | Out-Null

Try {

$account = Get-VMHostAccount -server $vmhost.name -Id $accountName -ErrorAction Stop |

}

Catch {

}

$rootFolder = Get-Folder -server $vmhost.name -Name ha-folder-root

New-VIPermission -server $vmhost.name -Entity $rootFolder -Principal $account -Role admin

#Adding the new user to the Lockdown Exceptions list

$HostAccessManager = Get-View -Server $vCenter $vmhost.ExtensionData.ConfigManager.HostAccessManager

$HostAccessManager.UpdateLockdownExceptions($accountName)

Disconnect-VIServer $vmhost.name -Confirm:$false

try {

(get-vmhost $vmhost | get-view).EnterLockdownMode()

write-host "Lockdown enabled for $vmhost" -foregroundcolor green

}

catch {

write-host "can't disable lockdown for $vmhost maybe it's already Enabled?" -foregroundcolor Red}

}

Disconnect-VIServer -Confirm:$false

Future versions of this script will not be edited on here so always check the latest version on github.

No comments

New and updated VMware flings for September 2017

By Wouter 02/10/2017 04/10/2017 Fling, Horizon, vSphere

Intro

No WWE quotes,clips or sounds this month. So here I am reporting from couch central that there have been three updated flings in September. One steady name in this monthly post has been the vSphere HTML5 Web client but don’t underestimate the VMware OS Optimization Tool that is been in here a couple of times already as well. A new name is the Horizon Migration Tool, while it’s been there for quite some time it doesn’t get a lot of updates but it gets them and that’s awesome.

New Flings

None, nada, nothing, you can’t expect to have a new one every month do you?

Updated Flings

The Horizon Migration Tool has been created to help companies migrate from Citrix to Horizon View.

Changelog

Version 3.0.0

Supports Citirx to Horizon 7.2 migration
Added Citrix PVS Desktop pool migration to Horizon 7.2
Added Citrix Dedicate MCS Desktop Pool migraiton to Horizon 7.2 as manual pool, linked-clone pool or instant clone pool
Fixed Bug: XenApp applications with customerized path includes spaces will migrate properly.

Like I said before the VMware OS Optimization Tool is THE tool to use when you want (and you need to!) optimize any Golden Image. No matter if it’s build for VDI,RDS or even physical desktops this is THE go to tool for that.

Changelog

September 20, 2017

Supports new mode for optimization item: display-only
Supports more easy information retrieval. For example, installed product version, service current status

Clearly the vSphere HTML5 Web Client is getting a lot of updates. In the August version of this post the newest was 3.20 while we’re at 3.23 at the moment. I will give all updates, fixes and known issues since then.

Changelog

Fling 3.23 – Build 6682372

New Features

Download folder from the File Browser

Improvements

DRS groups can be filtered by member.
Replication group are shown on the VM Storage Policy portlet

Known Issues

If you see error in the vSphere Client (HTML5) similar to this – ‘getHostIsAssignLicenseActionAvailable’, then you can resolve this error by following below steps:
- If vSphere Client (HTML5) Fling appliance is pointed to a vCenter Server Appliance (VCSA), then you should reregister the fling appliance by logging in to FAMI UI (or by running the config-ui CLI). Refer the instructions document to follow the steps for configuring Fling appliance for VCSA.
- If vSphere Client (HTML5) Fling appliance is pointed to a Windows vCenter Server, then reregister by downloading latest server-configure.bat from the Download section of this website. Refer the instructions document to follow the steps for configuring Fling appliance for Windows vCenter Server.

Fling 3.22 – Build 6613965

New Features

The list of software packages installed on a host can be viewed (for ESXi version 6.5)
Edit Video Card information for a VM

Bug Fixes

Fixed few bugs related to snapshots

Known Issues

If you see error in the vSphere Client (HTML5) similar to this – ‘getHostIsAssignLicenseActionAvailable’, then you can resolve this error by following below steps:
- If vSphere Client (HTML5) Fling appliance is pointed to a vCenter Server Appliance (VCSA), then you should reregister the fling appliance by logging in to FAMI UI (or by running the config-ui CLI). Refer the instructions document to follow the steps for configuring Fling appliance for VCSA.
- If vSphere Client (HTML5) Fling appliance is pointed to a Windows vCenter Server, then reregister by downloading latest server-configure.bat from the Download section of this website. Refer the instructions document to follow the steps for configuring Fling appliance for Windows vCenter Server.

Fling 3.21 – Build 6555866

New Features

Create and edit VM customization specifications with custom network configurations
Edit/Clone Storage Policy Component
Datastore capability sets (Datastore > Configure > Capability sets)
Create, edit and delete Link Aggregation Groups on Distributed Switches

Improvements

Confirmation on logout when there is upload file task in progress
Quick filter is introduced in the network selection dialog at Edit VM Settings > Network Adapter > Browse. It replaces the per-column filtering.
Enable/disable IPv6 on ESXi hosts.
Shares information is now available on Resource Allocation views for clusters and resource pools.
ESXi hardware health: when deployed against 6.5 vCenter, timestamps for sensor readings are displayed.

Bug Fixes

Cluster > Monitor > vSphere HA > Heartbeat now displays the actual set of datastores used by HA (used to display only the user-configured datastores)

Known Issues

If you see error in the vSphere Client (HTML5) similar to this – ‘getHostIsAssignLicenseActionAvailable’, then you can resolve this error by following below steps:
- If vSphere Client (HTML5) Fling appliance is pointed to a vCenter Server Appliance (VCSA), then you should reregister the fling appliance by logging in to FAMI UI (or by running the config-ui CLI). Refer the instructions document to follow the steps for configuring Fling appliance for VCSA.
- If vSphere Client (HTML5) Fling appliance is pointed to a Windows vCenter Server, then reregister by downloading latest server-configure.bat from the Download section of this website. Refer the instructions document to follow the steps for configuring Fling appliance for Windows vCenter Server.

No comments

New and updated VMware flings for August 2017

By Wouter 05/09/2017 05/09/2017 Fling, Horizon, vExpert, vSphere

Intro

(For those of you who ever watch or used to watch WWE think: New Age Outlaws. For those who never did watch this from about 1:40.

Ladies and gentlemen, boys and girls, nerds of all ages. Retouw.nl proudly brings to you, the monthly VMware Labs updated Fliiiiings. The new, the updated change logs and all.

“And if you ain’t down with that I got two words for ya: read it!”

This month we had two new flings and six updated including a dinosaur that I even forgot it existed!

New Flings

vRealize Operations Export tool

Ever felt the need to export all of that vRops data because you don’t trust the recommendations it makes for you? This is your chance to do just that. The vRealize Operations Export Tool actually is an Open Source Fling and can be found on Github. If you want to know more about the VMware Open Source initiative visiting this site might be usefull.

Changelog

No changelog yet.

DRS Dump Insight

While DRS Lens already gives you some insight in why DRS actions might be happening the DRS Dump Insight actually uses drmdump files created on vCenter and analyses why a DRS action really happened or not and you can also run what-if scenarios to see what would happen if a threshold had been breached.

Changelog

Again no changelog yet.

Updated flings

Like I said 6 updated flings and let’s start with the Dinosaur you (like me) might have forgotten.

Visual Esxtop

WHAT? Yes Visual Esxtop has been updated! Duncan wrote about this over four years ago and I believe it might actually be older then that. The name says enough, this shows you the output from ESXtop in a graphical way and since I can never ever describe it better then Duncan head over there to read about it!

Changelog

I could copy the only changelog item but since that mentions vSphere 5.5 I think this might be an old one 🙂

ESXi Embedded Host Client

The ESXi Embedded Host client is in the GA product since 6.x but there’s still lab updates being released. Some very nice fixes have been implemented.

Changelog

Version 1.23.0 build 6360286 (Fling 18) – August 16, 2017

Minor features and bugfixes

General
- Display the VM List in the Host autostart settings
- Fix role selection in IE 11
- Correct partition info portlet
- Better handling of unknown partition types
- Fix issue with fractional cores per socket in VM settings
- Several wizard fixes
- Remove persistent warning when importing VMs that include a floppy drive
- Fix hidden selection when using the ‘select all’ checkbox in a filtered VM list
- Handle OVAs with a missing description field
- Available NICs display correctly
- Default VMFS to the most recent version when formatting
- Security fixes

VMware OS Optimization Tool

This is THE go to application if it comes to building golden images for VDI or SBC environments. If it is Horizon or Citrix if you don’t optimize you will fail!

Changelog

August 2, 2017

New Template: App Volumes Packaging Machine – This template is intended to be used by Application Packagers who are responsible for creating AppStacks and should only be used on the ‘Packaging machine’.

vSphere HTML5 Web Client

The HTML5 client got a couple of updates with heaps of new features and bugfixes.

Changelog

Fling 3.20 – Build 6433743

New Features

Installed I/O Filters for Cluster and Host
Create and configure network resource pools in Network I/O Control v3

Bug Fixes

Fixed exception when navigating to VM summary page and configuring VM overrides: “Could not fetch query binding: com.vmware.vsphere.client.clusterui.model.services.VmFailureResponsesData”

Known Issues

If you see error in the vSphere Client (HTML5) similar to this – ‘getHostIsAssignLicenseActionAvailable’, then you can resolve this error by following below steps:
- If vSphere Client (HTML5) Fling appliance is pointed to a vCenter Server Appliance (VCSA), then you should reregister the fling appliance by logging in to FAMI UI (or by running the config-ui CLI). Refer the instructions document to follow the steps for configuring Fling appliance for VCSA.
- If vSphere Client (HTML5) Fling appliance is pointed to a Windows vCenter Server, then reregister by downloading latest server-configure.bat from the Download section of this website. Refer the instructions document to follow the steps for configuring Fling appliance for Windows vCenter Server.

Fling 3.19 – Build 6365405

New Features

Add host and client USB device to a VM
Add USB controller
Assign License action on VC/Cluster/Host
Edit/Clone VM Storage Policy
Edit Storage Policies of a VM (Actions > VM Policies > Edit VM Storage Policies…)
Storage Policy components view
Create/Delete Storage Policy components
Related VM Templates view for a Storage Policy
Mount VVOL datastore action
VVOL Capability Profiles Capacity portlet
Create and edit VM customization specifications (without custom network configurations)
Configure per disk option on Select storage page when cloning VM/template
Host lists can be sorted by consumed CPU and memory
Monitoring DRS memory utilization for clusters allows switching between active and consumed memory for the charts
Updated UI of the compatibility issues dialog in the migrate wizard – ability to sort the compatibility by VM, host or compatibility issue

Bug Fixes

The list of physical network adapters didn’t render correctly for some ESX hosts and an error message was appearing on the top of the page
Setting the DRS advanced option “PercentIdleMBInMemDemand” through the advanced settings now works for any value

Known Issues

If you see error in the vSphere Client (HTML5) similar to this – ‘getHostIsAssignLicenseActionAvailable’, then you can resolve this error by following below steps:
- If vSphere Client (HTML5) Fling appliance is pointed to a vCenter Server Appliance (VCSA), then you should reregister the fling appliance by logging in to FAMI UI (or by running the config-ui CLI). Refer the instructions document to follow the steps for configuring Fling appliance for VCSA.
- If vSphere Client (HTML5) Fling appliance is pointed to a Windows vCenter Server, then reregister by downloading latest server-configure.bat from the Download section of this website. Refer the instructions document to follow the steps for configuring Fling appliance for Windows vCenter Server.
If you see this error when you click on the VM – “Could not fetch query binding: com.vmware.vsphere.client.clusterui.model.services.VmFailureResponsesData cause: java.lang.RuntimeException: Could not fetch query binding: com.vmware.vsphere.client.clusterui.model.services.VmVmcpSupportData”, collaps the HA portlet in the VM summary. We are working on fixing this.

HCIBench

HCIBench is a tool to test your hyperconverged infrastructure. No vSan required, any HCI is good as long as it runs vSphere.

Changelog

Version Version 1.6.3

Enhanced vSANPerformanceDiagnose function call
Enhanced port 443 validation
Enhanced results calculation
Added host maintenance mode validation
Added deployment validation

Horizon Toolbox

This one came out at the very last moment of August. Some bugs have been fixed and a couple of old features that had been removed have been re-added but have been marked deprecated.

Changelog

2017-Aug-31 Horizon Toolbox 7.2.1

Bugs fixed

Auditing – Export CSV failed
Console Access – Some vCenter versions were not supported. Now, almost all vCenter versions after 5.5 are supported.
Console Access – “Parent VMs” show all VMs. Now only the VMs which are (or ready to be) parent VMs are shown.
Installation sometimes failed due to Tomcat error. Now, the installation should be successful every time if the Connection Server is good.

New Features

Console Access – “Problem VMs” show the VMs with View Agent, but in abnormal status like “error”, “unavailable” or others.

The following features are added back since some customers strongly require these features, but they are marked as “deprecated”, since we suggest using the production features in Horizon or VIDM.

Management- Remote Assistance
Management- Device Access Filter

No comments

Altaro VM backup 7: the restores (part 2)

By Wouter 14/02/2017 15/02/2017 Backup, vExpert, vSphere

So a couple of weeks ago I managed to get my homelab backups running with Altaro. Backups off course are nice but are worthless if you can’t recover them. This is why this 2nd and last part of mini serie is about restoring the backups. Altaro has several options available: Restore clone, to a different host, File level restore and Exchange Item level restore plus the option to do a sandbox restore or simulation for testing those backups.

Disk Usage
VM Restore
File level restore
Sandbox and verification
Boot from backup
Reports
Conclusion

Disk usage

Before restoring anything I was curious how much disk space is in use

Not that much, disk E is in use for the domain controller, file server, pfsense and server 2012 template while disk F is in use for the vCenter server, Platform Service controller and windows 7 template.

And this is how Altaro shows everything int he dashboard (can’t find any other reporting option on storage, yes that’s a hint Altaro I want that stuff in the mail!)

A very small growth rate but then I haven’t done a while lot with the homelab in this time. But the compression and dedupe are nice while the cpu doesn’t even spike that much each day.

VM restore

Ok, enough text about disk usage, let’s actually restore something! First up is VM restore.

To start select the datastore where the VM is saved. I would have preferred to select the VM first because at this point I don’t care where it is saved I want it back asap. And yes I can select all datastores but that shouldn’t be needed.

Click next and select the VM to be restored

Here I can select the point in time to restore from, the name of the restored VM (why does the default name contain clone while it’s a restore?), where to restore to and to disabled the NIC or not.

In vCenter you’ll see a new VM created, renamed and snapshotted

Now Altaro will fill it up and after 23 minutes of waiting (on my slow server) I had a fully functional VM that thought it had crashed 😉

File Level restore

File level restore isn’t that different from a VM level restore. I won’t bore you with the screenshots but first select the datastore and vm to restore from. Then select the point in time you want to get something back from. I don’t really get the order in which this is presented either.

Select the disk, partition, folder and eventually file to restore

Select the place to restore it to (why isn’t the original VM an option over here?)

And the file is restored

Sandbox and verification

Sandbox testing the VM’s is rather easy as well. First choose what you actually want to test. At first I’ll try the option to verify folders. For some steps I will only show the image because I am afraid that you’ve already fallen asleep by now.

Very weird but I can’t select any folders to test? My guess is that all folders will be tested, why do you name it verify folders then?

The full Test Restore is exactly the same but it mounts the VM so you can see it booting. To me this sounds exactly like restoring a VM with its NIC disabled. There seems to be no notification of a successful test and I needed to go to the dashboard to see if it succeeded. And there only the result is visible and no logs or anything. Also the option to remove the sandbox VM is missing.

The option to remove the test VM that seems to be missing is available in the Schedule test drills option. First refresh your infrastructure and select the VMware schedule type

Add a new Sandbox restore schedule, again there are 2 major options, file test and full test restore

So for the full test restore you can select after how much time the VM will be deleted. Besides the schedule not a whole lot of options.

After the schedule has been created you need to drag a VM to the schedule. I guess this will test the last version of the VM backup but for me it would be nice to also test two versions earlier or something.

Boot from backup

The storage I use won’t be able to handle this properly but Altaro also has the option to boot a VM directly from the storage it is saved on. First select if you want to do a verification or recovery mode boot. To show the screens I will take the first option.

It has the same screens to select storage,VM and date so I won’t bother you again with those. At the version tab you can again select the host, datastore to restore to and if you want to have the NIC’s disabled or not.

Reports

The reporting doesn’t really contain a whole lot except a list of succeeded or failed tasks. The detail button doesn’t add a whole lot of information either.

The error history shows a bit more information but still not a lot.

Conclusion

Altaro is a reasonable well done product that lack’s a bit in options for the professional in me. Getting it running is easy and for smaller environments (up to 50 VM’s) where there is no dedicated admin it should get the job done. If they make the move to a Linux based appliance that might be better because for these smaller environments every penny and thus license counts. What I do like are the build in options to actually test the backups.

No comments

vSphere 6.5 announced

By Wouter 18/10/2016 18/10/2016 ESXI, vmworld, vSphere

Today vSphere 6.5 was announced. I won’t bore you all with another page that doesn’t have all info (yet!) so i will point you to Brian Graf’s site for all information you want and need.

Click here!

No comments

Back to basics: Daily checks

By Wouter 03/07/2016 03/07/2016 checks, ESXI, vSphere

Something I still hear a lot that system engineers take their vSphere environment for granted and hardly check anything on a daily basis. I always point them at Alan Renouf‘s brilliant health check script while there are other ways to get your daily dose of health this one still rocks for me. You can remove unwanted plugins or make different selections of plugins for daily, weekly or monthly checks. Now and then I still hear people that had issues because of snapshots and there is no need for that anymore and hasn’t been for years! This script has saved me lots of times already + it helped me get management support for limiting other people’s access to the environment because they had no idea what they where doing.

Example of the output you can get:

Share this:

PowerCLI Preview for NSX-T

Cross vCenter VM Mobility – CLI

vSphere HTML5 Web Client

Fling 3.37 – Build 8313530

Share this:

ESXi Embedded Host Client

Version 1.24.0 build 7119706 (Fling 19) – November 13, 2017

Minor features and bugfixes

vSphere HTML5 Web Client

Fling 3.29 – Build 7157335

Fling 3.28 – Build 7110681

Fling 3.27 – Build 7055108

VMFork for pyVmomi

Changelog

Desktop Watermark

Changelog

Cross vCenter VM Mobility – CLI

Changelog

HCIBench

Changelog

Horizon Toolbox

Changelog

Share this:

Share this:

Intro

New Flings

Updated Flings

Horizon Migration Tool

Changelog

VMware OS Optimization Tool

Changelog

vSPhere HTML5 Web Client

Changelog

Fling 3.23 – Build 6682372

Fling 3.22 – Build 6613965

Fling 3.21 – Build 6555866

Share this:

Intro

New Flings

vRealize Operations Export tool

Changelog

DRS Dump Insight

Changelog

Updated flings

Visual Esxtop

Changelog

ESXi Embedded Host Client

Changelog

VMware OS Optimization Tool

Changelog

vSphere HTML5 Web Client

Changelog

HCIBench

Changelog

Horizon Toolbox

Changelog

Share this:

Table of Contents

Disk usage

VM restore

File Level restore

Sandbox and verification

Boot from backup

Reports

Conclusion

Share this:

Share this:

Share this:

Search

Sponsor

Twitter

Categories