The vGoodie-bag

PowerCLI: TPM Encryption Recovery Key Backup

FromvSphere 7.0 Update 2 and onwards VMware encurage you to make a backup of your host encryptions keys, when you are using TPM. https://kb.vmware.com/s/article/81661

Here is a script that will make it easy for you if you cannot be bothered with logging in to each host using SSH.

The script will list all hosts and their keys for safe keeping.

Import-Module VMware.PowerCLI
Connect-VIServer <vCenter>

$VMHosts = get-vmhost | Sort-Object

foreach ($VMHost in $VMHosts) {
    $esxcli = Get-EsxCli -VMHost $VMHost
    try {
        $key = $esxcli.system.settings.encryption.recovery.list()
        Write-Host "$VMHost;$($key.RecoveryID);$($key.Key)"
    }

    catch {
        
    }
}

Python: Get Snapshot information

This is a cutout from some code I wrote. This is not tested in its current form, and only published as inspiration on how to get access to snapshot information using the vSphere API for python

PowerCLI: Migrate DRS VM Group Members

When ever you need to migrate to from one vCenter instance to another there are lots of things you need to migrate.

This PowerCLI script will help you migrate members from one DRS VM group to another. It can easily be modified to be part of a bigger context, or migrate all groups available.

Prerequisites

The prerequisites are that you have both the new and the old vCenter running, and that you have disconnected you hosts in the old vCenter and connected them to the new one. Do NOT remove them from you old vCenter. Leave them disconnected.

VMware HA Cluster: Set-Advanced HA Settings

Recently a adjustment was made to the vCenter Cluster HA Agent timeout Settings.

Ref: https://kb.vmware.com/s/article/2017778

Performing a Reconfigure for VMware HA operation on a primary node causes an unexpected virtual machine failover

This calles for at script, because there is no way we are going to do this by hand! Feel free to use or alter the script, just remember. It is all done at your own risk.

Control OpenSLP on ESXi hosts using PowerCLI

I light of recent security vulnerabilities found in the OpenSLP service on ESXi. A recommended workaround is to disable the OpenSLP service all together.

Vulnerability information: https://www.vmware.com/security/advisories/VMSA-2021-0002.html

Workaround KB: https://kb.vmware.com/s/article/82374

This powershell script will help you control the OpenSLP service.

Devices that are only supported in 6.7

Back in 2017 VMware changed their policy on VMKlinux Inbox Drivers. This has now come into effect from vSphere 7.0 and onwards.

Unfortunately this means that some otherwise supported hardware platforms, now are having support issue. And you might see the following error in vCenter Skyline Health:

Devices that are only supported in 6.7 or earlier by a VMKlinux inbox driver. This support has been removed in 7.0

This is the case for many Lenovo SR650 servers if they are booting from a SD card, as many will be configured with the Lewisburg SATA AHCI Controller.

PowerCli Script: Migrate host from missing dvSwitch to new dvSwitch with same Id’s

The purpose of this script is to migrate from one vCenter to another when using dvSwitches. The dvSwitch is bound to vCenter, so in order to migrate hosts from one vCenter to another you can map the networks using this script. All you need to do is disconnect the host from the original vCenter with the VMs still running, but not remove it. Then you connect it to the new vCenter.

PowerCLI Script: Check if you have VMs with USB contollers

I light of many serious vulnerabilities in vSphere ESXi revolve around the USB controller, here is a script that will list the virtual machines that have an USB controller attached.

Requirements:

You need to have the VMware.PowerCLI module installed. This can be done with the commands:

Migrate Tags from one vCenter to another

When upgrading to vSphere 7 or any other version, you might choose to create a brand new vCenter instead of migrating the old one. But what about folder structure, tags, distributed switches and so on.

Here I will demonstrate how you can easily migrate your tags from one vCenter to another using VMware PowerCLI.

HPE Amplifier Pack HSM has failed to unregister with vcenter

After upgrading from vCenter 6.7 to vCenter 7.0 you might experience that you HPE Amplifier Pack vLCM HSM can no longer communicate with vCenter.

When trying to edit you are told that it cannot complete the task, and you cannot delete the registration either.

Solution:
Remove the vLCM addon in ILO Amplifier Pack. This can be done in the ILO Amplifier Pack web interface under Configuration and Settings, under Add-On Service Manager.

First stop the Add-on, next remove it. Afterwards you can just choose to download it again.

All this is done at you own risk of course, but if worked for me.

Best of luck! Please let me know if it helped you.