PowerCLI: Reconfigure for vSphere HA

Sometimes when you change something to the vSphere HA configuration like an Advanced Option, you have to reconfigure vSphere HA on each host inside that particular cluster. You can do that by hand via the Reconfigure for vSphere HA.. option inside the vSphere (Web) Client:

Screenshot 2016-01-22 13.11.47

Or you can use the following PowerCLI one-liner to perform this step on every host inside that cluster.

Get-Cluster <clusterName | Get-VMhost | Sort Name | %{$_.ExtensionData.ReconfigureHostForDAS()}

Just change <clusterName> the to the name of the cluster en open PowerCLI, connect to the vCenter server and run the one-liner.

Powershell: Change Veeam San Snapshot Options

In the case you want to use the Storage Snapshot feature with Veeam Backup, the feature will be enabled for all the Backup jobs and will be the default option to process a backup job.
Screenshot 2016-01-22 11.53.51

We only want to enable the feature for certain jobs with a special name convention like SAN-BackupJob-01. So I created a small Powershell script to disable this feature for all the jobs without the special name convention.

The Powershell script below will return all the jobs where the job name not match the “SAN” search string. The next step is to disable the “Use storage snapshots” feature for the jobs.

Script: Disable-SanIntegrationOptions.ps1:

if((Get-PSSnapin -Name VeeamPSSnapIn -ErrorAction SilentlyContinue) -eq $null){
    Add-PSSnapin "VeeamPSSnapIn"

foreach($vbrjob in (get-vbrjob | ?{$_.Name -notmatch "SAN"})){
    Write-Output "Changing job: $($vbrjob.name).."
    $SanIntegrataionOptions = $vbrjob.GetOptions()
    $SanIntegrataionOptions.SanIntegrationOptions.UseSanSnapshots = $false


From now on only the jobs that need the SAN Snapshot feature, can utilise this feature and all the other jobs will use the default processing mode.

Powershell: Return Virtual Machines from PernixData FVP Blacklist

It’s a long time since my last blog post.  So it’s good to be back. In mean time we deployed PernixData FVP and it was fun to play with the Powershell module. 

You can import the PernixData FVP module installed on the PernixData FVP management server via:

Import-Module PrnxCli

This post is not about the Powershell module or how it works. You can check the following post by Byron Schaller.

In this post I want to share a Powershell script that can be used to report all the virtual machines currently added to the PernixData FVP blacklist.

The script below returns all the PernixData FVP clusters and for each cluster it will check the if there are virtual machines added to the Blacklist. If this is true, the script will return those virtual machines.

Import-Module PrnxCli Connect-PrnxServer <PRNXSERVER> $prnxVmBlacklistInfo = @() foreach ($fvpCluster in (Get-PrnxObject -Type FlashCluster | Sort-Object Name)) { Write-Host "Measuring Pernix FVP Cluster: $($fvpCluster.Name)" -ForegroundColor Yellow $BlacklistVMs = Get-PrnxObject -Cluster $fvpCluster.Name -Type "VM" | Where-Object {($_ | Get-PrnxAccelerationPolicy).CachePolicy -eq "Blacklisted"} foreach($vm in $BlacklistVMs){ $BlacklistInfo = New-Object PSObject -Property ([ordered]@{ FVPCluster = $fvpCluster.Name TotalFVPBlacklistVMs = $BlacklistVMs.Count VM = $vm.Name }) $prnxVmBlacklistInfo += $BlacklistInfo } }





$timestamp = get-date -Format HH-mm-ss-dd-MM-yyyy $csv = $env:TEMP + $timestamp + "_PernixDataFVP_Blacklist.CSV" $prnxVmBlacklistInfo | Export-CSV -NoTypeInformation -UseCulture -Path $csv Disconnect-PrnxServer

The script exports the information gathered by the script to a CSV file inside the TEMP directory.

ssl-updater.bat: Cannot validate the Lookup Service connection: 3

Last week I was working on a change plan to update one of our vSphere environments with new SSL certificates on vSphere 5.1 installed on a Windows virtual machine. When I tried to update the SSL certificates of the vCenter Inventory service, I received the following error message:


In the vc-update-ssl.log log file I saw the following message:

Cannot authenticate user – Return code is InvalidCredentials 3

The first thing I thought was a typo when entering the password for the SSO Admin user. But after three times I stll got the same error. So the next step was logging into the vSphere web-client as admin@system-domain. But I was unable to logon because the associated user’s password is expired. That explains a lot.


Lucky me VMware has a KB article with a solution: KB2060150. The reason why the user password is expired, is because of the default password policy:

This issue occurs when the Admin@system-domain password has expired; the default is 365 days.

To resolve this issue you have to change the password policy and in particular the MAX_LIFE_SEC column in the RSA database.

Follow the steps described in KB2060150 to change the MAX_LIFE_SEC column.

To increase the MAX_LIFE_SEC column:

    1. Stop the vCenter Single Sign-on service (SSO).
    2. Log in to SQL Management Studio.
    3. Go to the RSA database.
    4. Expand Tables and highlight the dbo.IMS_AUTHN_PASSWORD_POLICY table.
    5. Right-click and select Edit Top 200 Rows.
       Scroll over to the MAX_LIFE_SEC column. The default setting is 31536000 seconds (365 days).

       Note: Select the policy that contains Password Policy for SSO system users within the NOTES  field.

    6. Increase this value (for example: 47304000 seconds = 546.5 days, 63072000 seconds = 730 days, 90000000 seconds = 1041days).
    7. Restart the vCenter Single Sign-on service.
       Once the service has started, log in the Web Client to vCenter Server with admin@system-domain:default URL is https://vCenter-server-fqdn:9443
       Navigate to Administration > Configuration.
    8. Click the Policies tab.
    9. Click Edit.
    10.Change maximum lifetime to 0 (never expire) or enter the approximate number of days corresponding to the value you set in the database, MAX_LIFE_SEC field above.
       Save your changes and exit the edit.

Note: Instead of steps 6 and 7, you can scroll to the column named PERIODIC_EXPIRE, and set that value to 0. This will prevent password expiration. You should only do this if your security policy allows non-expiring passwords.

When you succeed in step7, you can continue updating the SSL certificates with the ssl-updater.bat tool.

HP’s September VMware driver bundle and issues with Emulex CNA’s

Update 08/10/2014: HP support recommends to install the following versions of the Emulex firmware/drivers.

Install the following driver and firmware version for the NIC and install on server and check

As it is a ESX 5.1 we would use BE2NET driver

Driver: 4.9.488.0 – http://www.hp.com/
Firmware: 4.9.416.0 – http://www.hp.com/

You can read more about the issues here at http://www.techazine.com. I saw the same symptoms on brand new HP BL460 Gen8 and vSphere 5.1 update 2, the latest build: VMware-ESXi-5.1.0-Update2-2000251-HP-5.68.30-Sep2014.iso released on 2014-09-08.  Hosts randomly disconnects from vCenter, even if those hosts are in maintenance mode (lucky me).

The driver causing the issues is version: net-be2net Emulex VMwareCertified 2014-08-25. More information about the drivers included in the latest custom ISO can be found here: http://vibsdepot.hp.com/hpq/recipes/September2014VMwareRecipe16.0.pdf

To solve this issue, you need to downgrade the driver to the previous version. I had no issues with the drivers so I used this one.

I created a PowerCLI script to verify the installed version of the net-be2net on all the BL460c Gen8 blades.

$be2netlist = @()
foreach($vmhost in (Get-VMhost | ?{$_.Model -eq "ProLiant BL460c Gen8"}| sort name)){
    Write-Host "Checking host $($vmhost.name)" -ForegroundColor Yellow
    $esxcli = Get-EsxCli -VMHost $vmhost
        $be2net = New-Object PSObject -Property ([ordered]@{
            vmhost = $vmhost.name
            driver = ($esxcli.software.vib.list() | ?{$_.Name -eq "net-be2net"}).name
            version = ($esxcli.software.vib.list() | ?{$_.Name -eq "net-be2net"}).version        
        $be2netlist += $be2net
$be2netlist | ft -AutoSize

The output:


Now we wait for a fix from HP and Emulex.

Veeam: End of support Veeam 6.5 in Q4 2014 with the release of v8

A quote from Gostev, in the Veeam Community Forums Digest mailing, send on august 4:

If you, or your customers are still using B&R 6.5, please keep in mind that we will stop supporting this version along with our v8 release, which is planned for early Q4. So please take the opportunity of slow summer time to perform the upgrade to v7. New releases typically increase load on our technical support team, which may in turn increase response times to handle possible upgrade issues (although frankly, we are not getting a lot of those for v7).

So if you’re still using Veeam 6.5 in production. Start working on your RFC to upgrade to Veeam v7.

Veeam v7: How to change the Job notification settings with Powershell

In an earlier post you will find a Powershell script to change the VM Notes setting in Veeam Backup. This old script worked for previous version of Veeam Backup and Replication.


In Veeam Backup v7 the Powershell code is a little bit changed so I had to rewrite the script.  The script below will enable the VM notes for a job, if the option is disabled.

if((Get-PSSnapin -Name VeeamPSSnapIn -ErrorAction SilentlyContinue) -eq $null){
    Add-PSSnapin "VeeamPSSnapIn"

foreach($vbrjob in (get-vbrjob | Sort Name)){
    $options = $vbrjob.GetOptions()
    if($options.ViSourceOptions.SetResultsToVmNotes -eq $false){
        $options.ViSourceOptions.SetResultsToVmNotes = $true
        Write-Host "Enable set results to VM notes for job $($vbrjob.Name)"