VMware vCenter 5.5 appliance max password age

Ran across this issue earlier this week when a customer advised there backup service account had expired. The service account was created as a SSO (Single Sign On) user rather than using a Active Directory account due to a pending domain migration.

To stop this issue from reoccurring they changed the maximum password age from 90 days to a higher value as they couldn’t set this to never expire. Upon testing logon for the service account logon they were repeatedly presented with a password change prompt. Grudging resetting the password only for the prompt to keep reappearing.

1. Logon Screen


2. Password Prompt


3. Password Change Successful


Upon logging again the logon procedure was continually looping round these 3 steps.

To troubleshoot the issue I checked the VMware Password Age Policy and the maximum was set to 99999999 (eight 9’s )which on first look seemed a bit excessive.

password policy

I thought that since the Password Age Policy has changed surely only a value that is valid would be accepted. Anyhow as with most things in IT the simplest answer is the most likely. Let’s peel the onion back and start to undo the last change but also achieve the same goal as the same time. Changing the maximum password age to 9999999 (seven 9’s).

password policy new

Logging on this time is now successful


Looks like the maximum is 9999999, so if you really need to you can set the value to this. Best practice would dictate to change any passwords periodically along with a alphanumeric complex password

How to reduce Veeam ONE Database size

Veeam ONE is the monitoring and reporting component of the popular Veeam Availability Suite.

The default installation stores the monitoring data within a Microsoft SQL Express database. Depending on version this will either be a SQL 2008 or SQL 2012 Express which has a maximum size of 10 GB.

I’ve seen an issue in a couple of our customer environments that DB size can grow¬†to the maximum size. Reason being due to a high number of events being generated from a Hyper-V node windows security log. If you are currently running version 8 it is recommended to install the following patch which should resolve the underlying issue from occurring again.

Link to Veeam ONE v8 Update 2 https://www.veeam.com/kb2025

To reduce the size of the database follow the below steps:

Procedure has been tested on a Veeam ONE v8, running Microsoft SQL 2008 R2 Express on Windows Server 2012 R2.

PLEASE NOTE: It is critical to perform a backup of the database before carrying out this procedure. The official line from Veeam is to log a call with support if you come across this issue. So you may want to log a support call as this method may be unsupported.

Due to the high quantity of transaction logs generated during this process I would recommend to delete at maximum 2 weeks data at a time. Then backup the database and then shrink the logs.

1. Stop Veeam ONE Services
Log onto the Veeam One Server
Open powershell as administrator

stop-service VeeamDCS
stop-service VeeamRSS

2. Backup your Veeam ONE SQL database
If you unsure how to do so do this, the following Veeam Knowledge Base article provides instructions
Or alternatively execute the following SQL query

BACKUP DATABASE [VeeamOne] TO  DISK = N'C:\Program Files\Microsoft SQL Server\MSSQL10_50.VEEAMSQL2008R2\MSSQL\Backup\veeamone.bak' WITH NOFORMAT, NOINIT,  NAME = N'VeeamOne-Full Database Backup', SKIP, NOREWIND, NOUNLOAD,  STATS = 10

3. Identify a range of records to delete
Run the following SQL query to identify a suitable date range. To query to see how many rows are affected

USE [VeeamOne]
SELECT * from monitor.Event
where time <'2015-06-06';

4. Execute deletion of required records
If you are happy with the returned values that will be delete.
Run the following SQL query to delete records earlier than the date range specified

USE [VeeamOne]
DELETE from monitor.Event
where time <'2015-06-06';

5. Backup SQL DB again

6. Shrink Transaction Log

USE [VeeamOne]

8. This step should be carried out only once the database has been trimmed down to a suitable size

USE [VeeamOne]

9. Now it should be ok to restart Veeam ONE services to restore service

start-service VeeamDCS
start-service VeeamRSS

Create DFS Replication Healthcheck email report

DFS-R is the replication component of the Distributed File System (DFS). Windows Server 2012R2 introduces powershell cmdlets that can be used for management rather thsn relying on the old dfsutil commands.

Some of the common issues with DFS-R are files not replicating due to network latency or connectivity issues. The knock on effect leads to staging folders becoming full leading and file replication stopping.

If you dont have SCOM or other monitoring tools at hand to monitor DFS-R. The code below can be saved as a ps1 poweshell script and scheduled to run on one of the DFS-R servers. The script generates a healthcheck report and sends the report by email.

Amend the variables at the start to define replication group and email server/recipent/sender details.

Additonal DFS servers can be specified by extending the Write-DfsrHealthReport command by adding the “$DFSservers[..]” variable with array index value.

$DFSGroupName ="Enter DFS Replication group name here"
$DFSservers = (Get-DfsrMembership -GroupName $DFSGroupName |select -ExpandProperty computername)
$foldernamedate = $(get-date -f dd-MM-yyyy)
$source = "C:\DFSReportsImport\"
$destination = "C:\DFSReportsExport\$foldernamedate\DFS_Report.zip"
$emailServer = "mysmtpserver.example.com"
$sender = "sender@example.com"
$recipients = "recipient@example.com"
mkdir c:\DFSReportsImport\$foldernamedate
mkdir c:\DFSReportsExport\$foldernamedate
Write-DfsrHealthReport -GroupName $DFSGroupName -ReferenceComputerName $DFSservers[0] -MemberComputerName $DFSservers[0], $DFSservers[1] -CountFiles -Path c:\DFSReportsImport\$foldernamedate\

Add-Type -assembly "system.io.compression.filesystem"
[io.compression.zipfile]::CreateFromDirectory($source, $destination)
remove-item -path c:\DFSReportsImport\$foldernamedate -Recurse -Force
send-mailmessage -from $sender -to $recipients -subject "DFS Report $foldernamedate" -Body "DFS Report generated from $DFSservers[0]" -smtpserver $EmailServer -attachments "C:\DFSReportsExport\$foldernamedate\DFS_Report.zip"
remove-item -path c:\DFSReportsExport\$foldernamedate -Recurse -Force

Obtain List of Active Directory Users Sorted by Last Logon Date

A common question asked by many HR Managers and Administrators a like.

How many users do we have in a company? and when did they last logon?

This quick one line will achieve this goal and send the output to a CSV file, which can be used to create reports in Microsoft Excel.

$adaccount = Get-ADUser -Filter * -Properties LastLogonDate,PasswordLastSet, whencreated |Where-Object {$_.enabled -eq $true} |Sort-Object -Property LastLogonDate -Descending |select Name, LastLogonDate, PasswordLastSet, Enabled, WhenCreated
$adaccount | export-csv ("C:\UserLastLogonDateV1.1.csv") -NoTypeInformation


Microsoft Hyper-V 2012 R2 patches and hotfixes

A key update viewed in many eyes for any Hyper-V environment.

Released back in April 2015, a new security vulnerability has been discovered which could result in a denial of service to a virtual machine running in Hyper-V. Even thou this may not impact other running virtual machines this could affect manageability of the underlying hosts.

The following Microsoft KB provides further info and patch information. https://support.microsoft.com/en-us/kb/3047234

As per best practice, it best to ensure your Hyper-V environment’s have been fully patched with all the latest hot fixes and patches. The following articles should be used as guidance on what to install.



Is your Dell Drac/idrac default password still calvin?

I’m sure many folk already know this oldie. But you wouldn’t believe how many times I’ve seen a reset config rather than a soft reset of an unresponsive drac being performed using racadm resulting in the default password being reinstated.

Default IP:

Default username: root

Default password: calvin

Best practice should be to reset root user to have a complex password. Or even enable LDAP integration of supported on your card.

How many VM’s are running in Hyper-V cluster?

Common question asked by many admins, How many virtual machines are running in my Hyper-V cluster? This quick one line powershell cmd queries the cluster object for all VM’s and gathers some key usage configuration information and exports to CSV for easy reading.

Run this command on any Hyper-V node in the cluster. Tested on Microsoft Windows Server 2012 R2

Get-ClusterGroup | ? {$_.GroupType -eq 'VirtualMachine' } | Get-VM | ft VMName, State, ProcessorCount,@{label="MemoryStartup(GB)";Expression={$_.MemoryStartup/1024/1024}},DynamicMemoryEnabled |out-file C:\hvlist.csv