Tag: vSphere

Cannot export ISO from vLCM cluster image

When you try to export an ISO file in VMware vCenter from a cluster using single cluster image with vLCM. You will get the following error:

A general system error occurred: Error occurred while exporting ESXi image and/or image document.

The error is accompanied with an error in the vmware-vum-server-#.log file in /var/log/vmware/vmware-updatemgr/vum-server catalog like the following:

2023-06-14T12:21:23.882Z error vmware-vum-server[09453] [Originator@6876 sub=VumVapi::Lib::Utils] [ExportTask 92] Failed to export cluster image from depot. errorCode: 99

In my case I was able to export it as a zip bundle and the corresponding json configuration file exported successfully as well.

The problem lies with vendor signatures, and vmware does not currently have a solution for this unfortunately except that it normally helps to remove the vendor packages attached to the cluster.

https://kb.vmware.com/s/article/91237

More information is available here: https://communities.vmware.com/t5/vCenter-Server-Discussions/Cannot-export-vLCM-image-if-you-use-a-custom-SSL-cert-Non/td-p/2881200/page/2

List VMs with Secure Boot enabled on Windows Server 2022

Since Microsoft released: KB5022842 a lot of customers has experienced Windows Server 2022 not being able to boot. On vSphere 7 this might be a problem if you have installed the patch at enabled secure boot for the server.

More information is available here: VMware KB90947

If you need to find VM that are running Windows Server 2022 and have enabled Secure Boot it is not that easy.

The problem is that your cannot always be sure that the OS selected for the VM is the OS actually installed in the VM. If for instance you installed Windows Server 2022 before is was officially supported in vSphere you might have chosen Windows Server 2019. So you will need to use the OS name that VMware tools are reporting.

But what is VMware tools is not running. That’s a problem.

The following script will find VMs with Secure Boot enabled that are running Windows Server 2022, but also VM’s where we are not certain because VMware Tools is not running.

How To Make vRO Execute Python Code Blocks

vRealize Orchestrator (vRO) is a powerful automation platform that enables you to automate and orchestrate various IT processes, including the execution of Python scripts. In this article, we will show you how to set up vRO to run Python scripts and provide some tips along the way.

Prerequisites

Before you can run Python scripts in vRO, you need to have the following:

A working installation of vRealize Orchestrator (8.10.2+).
A vCloud Suite Advanced or Enterprise license. You cannot run Python scripts with the standard vCenter license for vRO

Setting up vRO to run Python scripts

To set up vRO to run Python scripts, follow these steps:

Open the vRealize Orchestrator client and log in with your administrator credentials. (https://<servername>/orchestration-ui)
In the main menu, go to the “Assets” and select “Environments” from the submenu.
Click the “New Environment” button to create a python3.7 environment.
In the “General” tab, enter a name and a description for the environment.

Reconnect ESXi host after reinstall

After a VMware ESXi host reinstall reconnecting your host is not as easy as changing the state of the host by using the Set-VMHost -State command in VMware PowerCLI. The reason is that your host has gotten a new certificate. So to do this scripted you need to retrieve the SSL thumbprint and specify that during the reconnect.

Enable IPv6 using PowerCLI

This is a PowerCLI script to enable IPv6 on VMware ESXi hosts in you vCenter.

This problem is that disabling IPv6 in newer versions of ESXi can sometimes result in PSOD, so even if you are not using IPv6 in your environment, you should keep it enabled. https://kb.vmware.com/s/article/2150794

Import-Module VMware.PowerCLI

Connect-VIServer <Insert vCenter name>

$VMHost = Get-VMHost <insert hostname>

$esxcli = Get-EsxCli -VMHost $VMhost -V2
$argument = $esxcli.system.module.parameters.set.CreateArgs()
$argument.module = "tcpip4"
$argument.parameterstring = "ipv6=1"
$esxcli.system.module.parameters.set.Invoke($argument)
Write-Host "IPv6 Enabled for host: $($VMHost)"
Write-Host "You need to put the host in maintenance mode and reboot for changes to take effect."

Hope this helps you. Keep in mind that use of this script is entirely your responsibility, and you should always understand what a script does before you run it.

To detect which host that has IPv6 disabled check this post: https://vm.knutsson.it/?p=1193

Check if IPv6 is disabled

This is a PowerCLI script to list VMware ESXi host that has IPv6 disabled in you vCenter.

Import-Module VMware.PowerCLI

Connect-VIServer <Insert vCenter server FQDN>
$VMHosts = Get-VMHost | Sort-Object

foreach ($VMHost in $VMHosts) {
    if ($VMHost.ConnectionState -ne "Connected" ) { 
        $status = "Unknown. Host Status: $($VMHost.Connectionstate)"
        Write-host("$($VMHost): $($status)")
    } else {
        $value = ($VMHost | Get-VMHostModule tcpip4).Options
        if ($value -match "ipv6=1") {
            $status = "Enabled"
            #Write-host("$($VMHost): $($status)")
        } elseif ($value -match "ipv6=0") {
            $status = 'Disabled'
            Write-host("$($VMHost): $($status)")
        } else {
            $status = "Unknown"
            Write-host("$($VMHost): $($status) - $($value)")
        }
    }
}

Hope this helps you. Keep in mind that use of this script is entirely your responsibility, and you should always understand what a script does before you run it.

To enable IPv6 on hosts using PowerCLI check this post: https://vm.knutsson.it/?p=1198

Automating VMware Workstation LAB

I am often working with quite large test environments. Powering on ESXi hosts with nested VMs can be a pain when you need to get it running quickly.

Here are some of my tricks to automating VMware Workstation

PowerCLI: Migrate DRS VM Group Members

When ever you need to migrate to from one vCenter instance to another there are lots of things you need to migrate.

This PowerCLI script will help you migrate members from one DRS VM group to another. It can easily be modified to be part of a bigger context, or migrate all groups available.

Prerequisites

The prerequisites are that you have both the new and the old vCenter running, and that you have disconnected you hosts in the old vCenter and connected them to the new one. Do NOT remove them from you old vCenter. Leave them disconnected.

PowerCli Script: Migrate host from missing dvSwitch to new dvSwitch with same Id’s

The purpose of this script is to migrate from one vCenter to another when using dvSwitches. The dvSwitch is bound to vCenter, so in order to migrate hosts from one vCenter to another you can map the networks using this script. All you need to do is disconnect the host from the original vCenter with the VMs still running, but not remove it. Then you connect it to the new vCenter.

PowerCLI Script: Check if you have VMs with USB contollers

I light of many serious vulnerabilities in vSphere ESXi revolve around the USB controller, here is a script that will list the virtual machines that have an USB controller attached.

Requirements:

You need to have the VMware.PowerCLI module installed. This can be done with the commands: