Category Archives: VMware

Start/Stop SSH access to VMWare ESXi using PowerCli

On occasion many VMware vSphere admins have to carry out a task on a ESXi host directly. Whether this is restarting the management agents, installing vibs or general administration. To do so remotely you need SSH and the ESXi shell services running.

For enhanced security the default action in ESXi 6 is for SSH and ESXi shell services to be disabled on startup.

Previously I went through the task of opening the vSphere client and enabling these manually each time. The following script provides a scripted method to stop and start these services for you. The script could be adapted to change other services and initiate secondary actions if required.

Prerequisite:

Install VMware vSphere PowerCLI, script has been tested with version 6 R1 available here vSphere PowerCLI 6.0 Release 1

All the variables are declared at the start of the script and prefixed with the dollar $ symbol.

##Created by DM 311015
##Host Services
##VM variables
$vcenter_server ="vcenter.vsphere.local"
$vcenter_user ="administrator@vsphere.local"
$vcenter_pwd ="Password123"
##Load VMware PS plugin
Add-PSSnapin VMware.VimAutomation.Core >$null
Clear-Host
###########################Start- Custom Task #########################
##Create do loop if value does eq 1,2,3,4. Exit added if option 5 selected
do
{
write-host "
------Main Menu --------
Select one of the following options
Manage Host via vCenter
option 1: Start SSH and ESXi host services via vCenter
option 2: Stop SSH and ESXi host services via vCenter
Manage Host directly
option 3: Start SSH and ESXi host services via Host
option 4: Stop SSH and ESXi host services via Host
option 5: Exit
------------------------
"
$option = Read-Host "Enter option"
if ($option -eq "1" -OR $option -eq "2" -OR $option -eq "3" -OR $option -eq "4")
 {
 write-host 
"------Host Selection --"
 $esxihost = Read-Host "Enter FQDN of ESXi host to process"
 write-host 
"-----------------------"
 switch ($option)
 {
 1
 {
 connect-viserver -server $vcenter_server -User $vcenter_user -Password $vcenter_pwd >$null
 Clear-Host
 "Start SSH and ESXi Shell service"
 Get-VMHostService -VMHost $esxihost|?{$_.Label -eq "SSH"}|Start-VMHostService |ft -AutoSize Label, Running
 Get-VMHostService -VMHost $esxihost|?{$_.Label -eq "ESXi Shell"}|Start-VMHostService |ft -AutoSize Label, Running
 }
 2
 { 
 connect-viserver -server $vcenter_server -User $vcenter_user -Password $vcenter_pwd >$null
 Clear-Host
 "Stop SSH and ESXi Shell service"
 Get-VMHostService -VMHost $esxihost|?{$_.Label -eq "SSH"}|Stop-VMHostService -confirm:$false |ft -AutoSize Label, Running
 Get-VMHostService -VMHost $esxihost|?{$_.Label -eq "ESXi Shell"}|Stop-VMHostService -confirm:$false |ft -AutoSize Label, Running
 }
 3
 { 
 $esxihost_root = Read-Host "Enter ESXi host root user"
 $esxihost_pwd = Read-Host "Enter ESXi host root password"
 connect-viserver -server $esxihost -User $esxihost_root -Password $esxihost_pwd >$null
 Clear-Host
 "Start SSH and ESXi Shell service"
 Get-VMHostService -VMHost $esxihost|?{$_.Label -eq "SSH"}|Start-VMHostService |ft -AutoSize Label, Running
 Get-VMHostService -VMHost $esxihost|?{$_.Label -eq "ESXi Shell"}|Start-VMHostService |ft -AutoSize Label, Running
 }
 4
 { 
 $esxihost_root = Read-Host "Enter ESXi host root user"
 $esxihost_pwd = Read-Host "Enter ESXi host root password"
 connect-viserver -server $esxihost -User $esxihost_root -Password $esxihost_pwd >$null
 Clear-Host
 "Stop SSH and ESXi Shell service"
 Get-VMHostService -VMHost $esxihost|?{$_.Label -eq "SSH"}|Stop-VMHostService -confirm:$false |ft -AutoSize Label, Running
 Get-VMHostService -VMHost $esxihost|?{$_.Label -eq "ESXi Shell"}|Stop-VMHostService -confirm:$false |ft -AutoSize Label, Running
 }
 }
 }
elseif ($option -eq "5" -or $option -Contains "exit" -or $option -Contains "quit")
 {write-host "Ok then good bye :)"
 exit
 }
elseif ($option -ne "1" -OR $option -ne "2" -OR $option -ne "3" -OR $option -ne "4" -OR $option -ne "5")
 {write-host 
 "Invalid Input. Please re-enter selection"
 }
}
while ($option -ne "1" -OR $option -ne "2" -OR $option -ne "3" -OR $option -ne "4")
Advertisements

Change Virtual Machine memory with VMware PowerCLI

Changing memory assigned to a virtual machine, you may think will be a quick 2 minute job. By default this task can only be performed whilst the virtual machine is powered off. If the guest vm supports hot add then this can be done when the machine is online.

To enable Hot add on a virtual machine you can follow this guide from VMware Change Memory Hot Add Settings in the vSphere Web Client

Turning a VM off during the business day might not go down to well with your customers/users. That leaves us with carrying out the change out of hrs, I’m your like me and prefer to keep your evening as your own rather than working.

The following can be saved as a ps1 script and scheduled to run out of hrs in a maintenance window. If you specify the email setting in the script an email will be generated once completed to notify that the change has been completed.

Prerequisite:

Install VMware vSphere PowerCLI, script has been tested with version 6 R1 available here vSphere PowerCLI 6.0 Release 1

All the variables are declared at the start of the script and prefixed with the dollar $ symbol.

##Created by DM 180915
##Task Change VM memory
##VM name
$VM2change = "test-server"
##Email Settings
$emailServer = "192.168.1.1"
$sender = "powercli@vsphere.local"
$recipients = "admin@vsphere.local"
##Load VMware PS plugin
Add-PSSnapin VMware.VimAutomation.Core
##Connect to vCenter
connect-viserver -server vcenter.vsphere.local -User administrator@vsphere.local -Password Password123
###########################Start- Custom Task #########################
$beforechange = (GET-VM -Name $VM2change|FT -auto MemoryGB|out-string)
##Stop VM
GET-VM -Name $VM2change| Stop-VMGuest -Confirm:$False
start-sleep -s 180
##Change Memory
GET-VM -Name $VM2change| set-vm -MemoryGB 28 -Confirm:$False
##Start VM
GET-VM -Name $VM2change| Start-VM -Confirm:$False
$afterchange = (GET-VM -Name $VM2change|FT -auto MemoryGB|Out-String)
##ping VM
start-sleep -s 120
$isalive= (Test-Connection -ComputerName $VM2change -count 1|Out-String)
###########################End- Custom task #########################
##Compose eMail and send
$body = @" 
Memory Before,$beforechange.
Memory After, $afterchange.
Is VM up??, $isalive
"@
send-mailmessage -from $sender -to $recipients -subject "VM Memory Change $VM2change" -Bodyashtml "$body" -smtpserver $EmailServer

Clone Virtual Machine in VMware with PowerCLI

Cloning a virtual machine can either be performed when powered on or off. I personally prefer to create a clone whilst the VM is offline to ensure that all data is in a consistent state.

Turning a VM off during the business day might not go down to well with your customers/users.

The following can be saved as a ps1 script and scheduled to run out of hrs in a maintenance window. If you specify the email setting in the script an email will be generated once completed to notify that the change has been completed.

Prerequisite:

Install VMware vSphere PowerCLI, script has been tested with version 6 R1 available here vSphere PowerCLI 6.0 Release 1

All the variables are declared at the start of the script and prefixed with the dollar $ symbol.

##Task Clone VM
##Declare variables
$VM2change = "test-server"
$VMclone = "$VM2change_clone"
$Hostesxi = "esxihost1.vsphere.local"
$vcenter_server ="vcenter.vsphere.local"
$vcenter_user ="administrator@vsphere.local"
$vcenter_pwd ="Password123"
##Email Settings
$emailServer = "192.168.1.1"
$sender = "powercli@vsphere.local"
$recipients = "admin@vsphere.local"
$dateofclone = $(get-date -f dd-MM-yyyy)
##Load VMware PS plugin
Add-PSSnapin VMware.VimAutomation.Core
##Connect to vCenter
connect-viserver -server $vcenter_server -User $vcenter_user -Password $vcenter_pwd
###########################Start- Custom Task #########################
##Stop VM
GET-VM -Name $VM2change| Stop-VMGuest -Confirm:$False
start-sleep -s 180
##Clone VM, set disk type to thin and create in template folder
New-VM -VM $VM2change -Name $VMclone -VMHost $Hostesxi -DiskStorageFormat Thin -Location "VM Template" -Notes "Clone created $dateofclone by David McIsaac"
##Convert to template
Set-VM -VM $VMclone -ToTemplate -Confirm:$False
##Start orignal VM
GET-VM -Name $VM2change| Start-VM -Confirm:$False
##Get Clone info
$VMcloneinfo = (Get-Template -Name $VMclone| fl *|Out-String)
##ping original VM
start-sleep -s 120
$isalive= (Test-Connection -ComputerName $VM2change -count 1|Out-String)
###########################End- Custom task #########################
##Compose email and send
$body = @" 
VM Clone Created,$VMcloneinfo.
Is original VM up??, $isalive
"@
send-mailmessage -from $sender -to $recipients -subject "VM Cloned $VM2change" -Bodyashtml "$body" -smtpserver $EmailServer

How to find VMware ESXi host memory layout

Whilst evaluating a customer’s environment to plan an infrastructure upgrade. I was tasked with finding out the current memory installed and slot layout of their ESXi hosts.

I stumbled across the following VMware KB which shows you how to dump the current hardware configuration. But with so much information this wasn’t easily readable across many hosts.

Determining how much RAM is installed in each slot on an ESXi host (1003587)

By using ‘smbiosDump’ command along with parsing the output with grep, this can be used to filter the results.

The following has been tested on Dell R410/R510/R720 ESXi servers running 5.5 and 6.0.

These commands will need to be run via the shell. To gain access to the an ESXi host remotely you need to make sure that SSH and the ESXi shell have been enabled. If you not sure how to enable these use the following VMware kb.

Using ESXi Shell in ESXi 5.x and 6.0 (2004746)

First of all I wanted to find out how many slots the server has and what the maximum amount of memory that can be installed.

 smbiosDump |grep -A 4 'Physical Memory Array'

sample output below
Physical Memory Array: #4096
Use: 0x03 (System memory)
Location: 0x03 (Motherboard)
Slots: 24
Max. Size: 1536 GB

This shows that 24 slots and a total of 1536 GB of memory can be installed. So this server can be filled with 24x64GB sticks of memory.

Secondly which slots have memory installed, along with type and size.

 smbiosDump |grep -A 12 'Memory Device' 

sample output below
Memory Device: #4352
Location: “DIMM_A1”
Manufacturer: “00AD00B300AD”
Serial: “XXXXXXXX”
Asset Tag: “XXXXXXXX”
Part Number: “HMT42GR7BFR4C-RD”
Memory Array: #4096
Form Factor: 0x09 (DIMM)
Type: 0x18 (DDR3)
Type Detail: 0x2080 (Synchronous, Registered)
Data Width: 64 bits (+8 ECC bits)
Size: 16 GB
Speed: 1866 MHz

The examples above filter the output using the grep command searching for specific string then listing the proceeding 12 lines, which contain the memory information required.

VMware vCenter 5.5 appliance max password age

Ran across this issue earlier this week when a customer advised there backup service account had expired. The service account was created as a SSO (Single Sign On) user rather than using a Active Directory account due to a pending domain migration.

To stop this issue from reoccurring they changed the maximum password age from 90 days to a higher value as they couldn’t set this to never expire. Upon testing logon for the service account logon they were repeatedly presented with a password change prompt. Grudging resetting the password only for the prompt to keep reappearing.

1. Logon Screen

Logon

2. Password Prompt

Password_Change

3. Password Change Successful

password_changed

Upon logging again the logon procedure was continually looping round these 3 steps.

To troubleshoot the issue I checked the VMware Password Age Policy and the maximum was set to 99999999 (eight 9’s )which on first look seemed a bit excessive.

password policy

I thought that since the Password Age Policy has changed surely only a value that is valid would be accepted. Anyhow as with most things in IT the simplest answer is the most likely. Let’s peel the onion back and start to undo the last change but also achieve the same goal as the same time. Changing the maximum password age to 9999999 (seven 9’s).

password policy new

Logging on this time is now successful

post_logon

Looks like the maximum is 9999999, so if you really need to you can set the value to this. Best practice would dictate to change any passwords periodically along with a alphanumeric complex password