Automating VMware Workstation LAB

I am often working with quite large test environments. Powering on ESXi hosts with nested VMs can be a pain when you need to get it running quickly.

Here are some of my tricks to automating VMware Workstation

Continue reading Automating VMware Workstation LAB

Nested or Native

Should you buy dedicated hardware or a OP workstation for you next testing environment. If you are not sharing it with others, this might be useful for you.

History

For many years now VMware Workstation has been my secret weapon an daily tool for just about everything in regards to customer remote connections, test environments as so on.

Recently I needed to do some advanced testing with NSX-V and NSX-T. This required a lot more power than what I normally use so I needed to upgrade my testing platform.

The consideration is always with these things. How much are you going to invest, and what are the benefits. For a long time I have been considering buying 4 Intel NUC PC’s for doing these tests, but the problem is that to get a real setup that is flexible you need to invest a lot. Also it is not very flexible as you need to maintain them, and reinstall them everytime you need to play with a newer or older version.

Continue reading Nested or Native

Control OpenSLP on ESXi hosts using PowerCLI

I light of recent security vulnerabilities found in the OpenSLP service on ESXi. A recommended workaround is to disable the OpenSLP service all together.

Vulnerability information: https://www.vmware.com/security/advisories/VMSA-2021-0002.html

Workaround KB: https://kb.vmware.com/s/article/82374

This powershell script will help you control the OpenSLP service.

Continue reading Control OpenSLP on ESXi hosts using PowerCLI

Devices that are only supported in 6.7

Back in 2017 VMware changed their policy on VMKlinux Inbox Drivers. This has now come into effect from vSphere 7.0 and onwards.

Unfortunately this means that some otherwise supported hardware platforms, now are having support issue. And you might see the following error in vCenter Skyline Health:

Devices that are only supported in 6.7 or earlier by a VMKlinux inbox driver. This support has been removed in 7.0

This is the case for many Lenovo SR650 servers if they are booting from a SD card, as many will be configured with the Lewisburg SATA AHCI Controller.

Continue reading Devices that are only supported in 6.7

PowerCLI Script: Check if you have VMs with USB contollers

I light of many serious vulnerabilities in vSphere ESXi revolve around the USB controller, here is a script that will list the virtual machines that have an USB controller attached.

Requirements:

You need to have the VMware.PowerCLI module installed. This can be done with the commands:

Continue reading PowerCLI Script: Check if you have VMs with USB contollers

Powershell: Migrate Standard Portgroups

Hi, just wanted to share this piece of code with you. This short script creates a mirror of virtual portgroups from one vSphere ESXi host to another.

I only takes the name and vlan id into account, so all policies, nics and other settings are not migrated at this time, but it is easy to do. I however does not always want that.

You need VMware.PowerCLI module for it to work.

Use it at you own risk.

Import-Module VMware.PowerCLI

connect-viserver <vCenter Name>

$srcHost = Get-VMHost <Source Host Name>
$dstHost = Get-VMHost <Destination Host Name>

# Change the source and destination switch names if you need to
$srcSwitch = $srcHost | Get-VirtualSwitch -Name vSwitch0
$dstSwitch = $dstHost | Get-VirtualSwitch -Name vSwitch0

$srcPGs = $srcSwitch | Get-VirtualPortGroup
$dstSwitch = $dstHost | Get-VirtualSwitch -Name vSwitch1 -ErrorAction:SilentlyContinue
if ($dstSwitch -eq $null) {
  $dstSwitch = $dstHost | New-VirtualSwitch -Name $srcSwitch.Name
}

foreach ($srcPg in $srcPGs) {
  $pgName = $srcPg.name
  $pgVlan = $srcPg.VLanId

  $pgExists = $false
  foreach ($dstPg in $dstPGs) {
    if ($dstPg.Name -eq $pgName) {
      $pgExists = $true
    }
  }
  if (-not $pgExists) {
    #Write-Host "Creating portgroup $pgName with vlan $pgVlan"
    $dstSwitch | New-VirtualPortGroup -Name $pgName -VLanId $pgVlan
  }
}

ESXi 6.7 PSOD with qfle3 driver version above 1.0.69.1

Had a ESXi PSOD today. That does not happened that often, so I was quite surprised to find out that it was not a hardware related issue that was the root cause.

VMware did an analysis of the memory dump, and it turned out to be a faulty driver. That made sense since the PSOD often comes from drivers og agents when it is not a hardware issue.

The PSOD i got was the following:

#PF Exception 14 in World xxxxxxx:vmnicX-pollw IP xxxxxxxxxx addr xxxxxxxx
Continue reading ESXi 6.7 PSOD with qfle3 driver version above 1.0.69.1

Error: cannot install the vcenter agent service. cannot upload agent after vCSA upgrade

I was just updating a vCenter server and some ESXi hosts, but after running the vCenter update I found vCenter full of HA Agent install fails. To stop this fail loop, I turned off VMware HA while figuring out what was wrong.

Error: cannot install the vcenter agent service. cannot upload agent after vCSA upgrade
Continue reading Error: cannot install the vcenter agent service. cannot upload agent after vCSA upgrade

Update Manager ELX_bootbank_elx-esx-libelxima.so driver conflict

Just provisioned the HPE ESXi 6.7 Update 3 custom OEM image onto some HP DL560 Gen10 servers.

After I updated the servers using update manager and the HPE vibsdepot I ran into problems. Turns out there is a conflict between the VMware provided driver and the HPE provided driver.

The result is that I cannot install all updates to satisfy compliance.

Checking the esxupdate.log file on the ESXi hosts I get the following error:

ValueError: VIBs ELX_bootbank_elx-esx-libelxima.so_12.0.1108.0-03 and ELX_bootbank_elx-esx-libelxima.so_12.0.1108.0-03 have unequal values of the 'payloads' attribute: '[elx-esx-libelxi: 1602.936 KB]' != '[elx-esx-libelxi: 1493.833 KB]'
Continue reading Update Manager ELX_bootbank_elx-esx-libelxima.so driver conflict

How to upgrade to VMware Tools 10.3.10

So VMware released a security advisory (VMSA-2019-0009) about vulnerable VMware Tools.

In short it is recommended to upgrade all VMware Tools to at least version 10.3.10 (Build 10346) which is the newest at the time of writing.

After patching ESXi to the latest build, you might realize that the VMware tools you are left with, after upgrading the tools, in a VM, is 10.3.5 (build 10341) Continue reading How to upgrade to VMware Tools 10.3.10