afokkema VMware

Find all VMs with XHCI USB controller


Just a quick heads up about VMSA-2020-0026 and especially about (CVE-2020-4004) concerning the XHCI (USB3) Controller.

Use-after-free vulnerability in XHCI USB controller (CVE-2020-4004)

Description
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.3.

Known Attack Vectors

A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host.

The following PowerCLI one-liner searches for all virtual machines and templates that are configured with the XHCI (USB3) controller.

Get-View -ViewType VirtualMachine -Property Name, Config.Hardware | Where-Object {$_.Config.Hardware.Device.DeviceInfo.Label -match "xhci"} | Select -ExpandProperty Name

Just connect to your vCenter of choice via Connect-VIServer and see if your environment has VMs or templates that uses the XHCI controller and apply the patch or workaround described in the advisory when needed.

– Happy Scripting –

afokkema VMware

Network issues with VMware Tools 10.2.0 and Windows Server 2008 R2 Guest VMs


When you’re (still) running Windows 2008 R2 and are using VMware Tools 10.2.0 you might run in an issue regarding to network loss. VMware has published KB54459.

Windows Server 2008 R2 guest VM ports are exhausted after upgrading to VMware Tools 10.2.0

Details:

  • Guest virtual machine ports are exhausted after a few days.
  • Networking is lost.
  • Network connections cannot be made.

Source: https://kb.vmware.com/s/article/54459

VMware has fixed the issue with the release of VMware Tools 10.2.5.

Ports are exhausted on a guest VM after using VMware Tools 10.2.0

Guest VM ports are exhausted after using VMware Tools 10.2.0. This results in network connection failure.

This issue is resolved in this release.

Source: https://docs.vmware.com/en/VMware-Tools/10.2/rn/vmware-tools-1025-release-notes.html

But how do you know if you’re running this buggy combo? Well PowerCLI to rescue. The script below gathers all the VMs running Windows 2008 R2 and VMware Tools 10.2.0:

Import-Module VMware.VimAutomation.Core

Connect-VIServer -Server <vCenterName>

$AllVms_view = get-view -ViewType VirtualMachine -Property Name, Config, Guest

Disconnect-VIServer -Confirm:$false

$AllAffectedVMs = $Allvms_view |?{$_.Config.GuestId -eq 'windows7Server64Guest' -and $_.Config.Tools.ToolsVersion -eq '10304'}

$AllAffectedVMsInfo = @()
$AllAffectedVMs | % {

  $AllAffectedVMsInfo += [pscustomobject]@{
     Name = $_.Name
     ToolsVersion = $_.Config.Tools.ToolsVersion
     GuestOSId = $_.Config.GuestId
     GuestFullName = $_.Config.GuestFullName
  }
}

$AllAffectedVMsInfo | ft -AutoSize

Copy the script and change the <vCenterName>. The script will gather all the VMs via Get-View with the Name, Config and Guest properties only. So it’s lightning fast. Once the script has all the information the filtering will take place.  The variable $AllAffectedVms contains all the VMs with Windows 2008R2 as GuestOS and with tools version 10304. Take a look at https://packages.vmware.com/tools/versions to correlate all the different version/build numbers.

The fix is easy. Just upgrade the VMware Tools on the affected VMs.

afokkema Automation, VMware

PowerCLI: Reconfigure for vSphere HA


Sometimes when you change something to the vSphere HA configuration like an Advanced Option, you have to reconfigure vSphere HA on each host inside that particular cluster. You can do that by hand via the Reconfigure for vSphere HA.. option inside the vSphere (Web) Client:

Screenshot 2016-01-22 13.11.47

Or you can use the following PowerCLI one-liner to perform this step on every host inside that cluster.

Get-Cluster <clusterName | Get-VMhost | Sort Name | %{$_.ExtensionData.ReconfigureHostForDAS()}

Just change the to the name of the cluster en open PowerCLI, connect to the vCenter server and run the one-liner.

afokkema Virtualization, VMware

ssl-updater.bat: Cannot validate the Lookup Service connection: 3


Last week I was working on a change plan to update one of our vSphere environments with new SSL certificates on vSphere 5.1 installed on a Windows virtual machine. When I tried to update the SSL certificates of the vCenter Inventory service, I received the following error message:

image

In the vc-update-ssl.log log file I saw the following message:

Cannot authenticate user – Return code is InvalidCredentials 3

The first thing I thought was a typo when entering the password for the SSO Admin user. But after three times I stll got the same error. So the next step was logging into the vSphere web-client as admin@system-domain. But I was unable to logon because the associated user’s password is expired. That explains a lot.

image

Lucky me VMware has a KB article with a solution: KB2060150. The reason why the user password is expired, is because of the default password policy:

This issue occurs when the Admin@system-domain password has expired; the default is 365 days.

To resolve this issue you have to change the password policy and in particular the MAX_LIFE_SEC column in the RSA database.

Follow the steps described in KB2060150 to change the MAX_LIFE_SEC column.

To increase the MAX_LIFE_SEC column:

    1. Stop the vCenter Single Sign-on service (SSO).
    2. Log in to SQL Management Studio.
    3. Go to the RSA database.
    4. Expand Tables and highlight the dbo.IMS_AUTHN_PASSWORD_POLICY table.
    5. Right-click and select Edit Top 200 Rows.
       Scroll over to the MAX_LIFE_SEC column. The default setting is 31536000 seconds (365 days).

       Note: Select the policy that contains Password Policy for SSO system users within the NOTES  field.

    6. Increase this value (for example: 47304000 seconds = 546.5 days, 63072000 seconds = 730 days, 90000000 seconds = 1041days).
    7. Restart the vCenter Single Sign-on service.
       Once the service has started, log in the Web Client to vCenter Server with admin@system-domain:default URL is https://vCenter-server-fqdn:9443
       Navigate to Administration > Configuration.
    8. Click the Policies tab.
    9. Click Edit.
    10.Change maximum lifetime to 0 (never expire) or enter the approximate number of days corresponding to the value you set in the database, MAX_LIFE_SEC field above.
       Save your changes and exit the edit.

Note: Instead of steps 6 and 7, you can scroll to the column named PERIODIC_EXPIRE, and set that value to 0. This will prevent password expiration. You should only do this if your security policy allows non-expiring passwords.

When you succeed in step7, you can continue updating the SSL certificates with the ssl-updater.bat tool.

afokkema VMware

HP’s September VMware driver bundle and issues with Emulex CNA’s


Update 08/10/2014: HP support recommends to install the following versions of the Emulex firmware/drivers.

Install the following driver and firmware version for the NIC and install on server and check

As it is a ESX 5.1 we would use BE2NET driver

Driver: 4.9.488.0 – http://www.hp.com/
Firmware: 4.9.416.0 – http://www.hp.com/

You can read more about the issues here at http://www.techazine.com. I saw the same symptoms on brand new HP BL460 Gen8 and vSphere 5.1 update 2, the latest build: VMware-ESXi-5.1.0-Update2-2000251-HP-5.68.30-Sep2014.iso released on 2014-09-08.  Hosts randomly disconnects from vCenter, even if those hosts are in maintenance mode (lucky me).

The driver causing the issues is version: net-be2net 10.2.293.0-1OEM.510.0.0.802205 Emulex VMwareCertified 2014-08-25. More information about the drivers included in the latest custom ISO can be found here: http://vibsdepot.hp.com/hpq/recipes/September2014VMwareRecipe16.0.pdf

To solve this issue, you need to downgrade the driver to the previous version. I had no issues with the 4.6.247.10 drivers so I used this one.

I created a PowerCLI script to verify the installed version of the net-be2net on all the BL460c Gen8 blades.

$be2netlist = @()
foreach($vmhost in (Get-VMhost | ?{$_.Model -eq "ProLiant BL460c Gen8"}| sort name)){
    Write-Host "Checking host $($vmhost.name)" -ForegroundColor Yellow
    $esxcli = Get-EsxCli -VMHost $vmhost
        $be2net = New-Object PSObject -Property ([ordered]@{
            vmhost = $vmhost.name
            driver = ($esxcli.software.vib.list() | ?{$_.Name -eq "net-be2net"}).name
            version = ($esxcli.software.vib.list() | ?{$_.Name -eq "net-be2net"}).version        
        })
        $be2netlist += $be2net
}
$be2netlist | ft -AutoSize

The output:

image

Now we wait for a fix from HP and Emulex.

afokkema Hardware, VMware

BSOD in Virtual Machines configured with Intel Xeon E5-2x00v2 CPU’s


This article describes the Issue, the servers and BIOS version that are affected by this issue and the BIOS upgrade to fix the issue. I have also added a PowerCLI script to check if your HP servers are affected by this issue. You can find it at the bottom of this article.

Issue:

Random BSOD’s on Windows servers running Windows 2008R2.

image 

On Windows you can see the following blue screen events:
– 0x0000000a – IRQL_NOT_LESS_OR_EQUAL
– 0x0000001a – MEMORY_MANAGEMENT
– 0x000000fc – ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY
– 0x0000004e – PFN_LIST_CORRUPT
– 0x00000050 – PAGE_FAULT_IN_NONPAGED_AREA
– 0x0000003B- SYSTEM_SERVICE_EXCEPTION

VMware has a KB article KB2073791 about this issue. You can find a workaround described there. In he mean time HP and also other vendors released a BIOS update to resolve this issue.

HP Hardware:

HP has release an Advisory document with more info about this issue: c04327904

DESCRIPTION

IMPORTANT : The System ROM update provided in the Resolution is recommended to prevent the issues below from occurring. HP recommends performing this upgrade at the customer’s earliest possible convenience. Neglecting to perform the recommended action and not performing the recommended resolution could result in the potential for subsequent errors to occur.

Intel has identified a processor issue where Virtual Machines (VMs) running on VMware ESX 5.x or Microsoft Hyper-V may experience a Blue Screen of Death (BSOD) in a Windows virtual machine or a kernel panic in a Linux virtual machine when using VMware ESX 5.x or Microsoft Hyper-V. This issue affects Intel Xeon E5-2400 series v2, Intel Xeon E5-2600 series v2, Intel Xeon E5-4600 series v2, Intel Xeon E7-4800 series v2, and Intel Xeon E7-8800 series v2 processors.

Intel has released an updated microcode for impacted processors that addresses this issue. Updated revisions of HP ProLiant System ROMs for impacted servers include this microcode. This issue is NOT unique to HP ProLiant servers and could impact any system utilizing affected processors if the updated microcode is not utilized.

This issue does NOT affect servers configured with Intel Xeon E5-2400 series, Intel Xeon E5-2600 series, or Intel Xeon E5-4600 series processors.

SCOPE

The following servers may be affected if running a System ROM revision dated earlier than indicated when using impacted processors:

  • HP ProLiant DL160 Gen8- earlier than J03 (02/10/2014 )
  • HP ProLiant ML350e Gen8 – earlier than J02 (02/10/2014)
  • HP ProLiant DL380p Gen8- earlier than P70 (02/10/2014 )
  • HP ProLiant DL360p Gen8 -earlier than P71 (02/10/2014 )
  • HP ProLiant ML350p Gen8 -earlier than P72 (02/10/2014)
  • HP ProLiant DL360e Gen8- earlier than P73(02/10/2014 )
  • HP ProLiant DL380e Gen8-earlier than P73 (02/10/2014 )
  • HP ProLiant SL230s Gen8- earlier than P75 (02/10/2014 )
  • HP ProLiant SL250s Gen8- earlier than P75 (02/10/2014 )
  • HP ProLiant SL270s Gen8-earlier than P75 (02/10/2014 )
  • HP ProLiant DL560 Gen8- earlier than P77 (02/10/2014 )
  • HP ProLiant SL4540 Gen8- earlier than P74 (02/10/2014)
  • HP ProLiant SL210t Gen8- earlier than P83 (02/10/2014 )
  • HP ProLiant BL420c Gen8- earlier than I30 (02/10/2014 )
  • HP ProLiant BL460c Gen8- earlier than I31 (02/10/2014 )
  • HP ProLiant BL660c Gen8- earlier than I32 (02/10/2014 )
  • HP ProLiant DL580 Gen8- earlier than P79 (04/01/2014 )

Affected Intel Processors supported by the above servers:

  • Intel Xeon Processor E5-2400 Series v2
  • Intel Xeon Processor E5-2600 Series v2
  • Intel Xeon Processor E5-4600 Series v2
  • Intel Xeon Processor E7-4800 Series v2
  • Intel Xeon Processor E7-8800 Series v2

RESOLUTION

This issue is resolved by updating the System ROM to the versions indicated as follows:

  • HP ProLiant DL160 Gen8 – J03 (02/10/2014 or later)
  • HP ProLiant ML350e Gen8 – J02 (02/10/2014 or later)
  • HP ProLiant DL380p Gen8 – P70 (02/10/2014 or later)
  • HP ProLiant DL360p Gen8 – P71 (02/10/2014 or later)
  • HP ProLiant ML350p Gen8 – P72 (02/10/2014 or later)
  • HP ProLiant DL360e Gen8 – P73(02/10/2014 or later)
  • HP ProLiant DL380e Gen8 – P73 (02/10/2014 or later)
  • HP ProLiant SL230s Gen8 – P75 (02/10/2014 or later)
  • HP ProLiant SL250s Gen8 – P75 (02/10/2014 or later)
  • HP ProLiant SL270s Gen8 – P75 (02/10/2014 or later)
  • HP ProLiant DL560 Gen8 – P77 (02/10/2014 or later)
  • HP ProLiant SL4540 Gen8 – P74 (02/10/2014 or later)
  • HP ProLiant SL210t Gen8 – P83 (02/10/2014 or later)
  • HP ProLiant BL420c Gen8 – I30 (02/10/2014 or later)
  • HP ProLiant BL460c Gen8 – I31 (02/10/2014 or later)
  • HP ProLiant BL660c Gen8 – I32 (02/10/2014 or later)
  • HP ProLiant DL580 Gen8 – P79 (04/01/2014 or later)

Download the BIOS upgrade for HP Servers and Blades here:

PowerCLI script:

update: PowerCLI script: compare dates fixed.

I created a script to see if the hosts are affected by this issue or not. The script will collect all ESXi hosts with HP hardware and the V2 Xeon processor installed. All those hosts are checked by Model, for instance DL360 Gen8. If the Model matches, the script will check the release date of the BIOS and returns a line of text in Red if the release date is older than the one mentioned in the HP Advisory: c04327904 or else a line of text in Green if the release date matches or newer than the one mentioned in the Advisory document.

foreach($vmhost in (Get-VMHost | Where{$_.ProcessorType -match "v2"} | Sort Name)){
    $hpModel = $vmhost.Model.TrimStart("ProLiant ")

    switch ($hpModel){
    "DL160 Gen8" {
                    if((Get-Date $vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -ge $([datetime]"02/10/2014")){
                        Write-Host "vmHost: $($vmHost.Name.split(".")[0]) Model: $($vmhost.Model.TrimStart("ProLiant ")) BIOS version: $($vmhost.ExtensionData.Hardware.BiosInfo.BiosVersion) Release date $(((Get-Date ($vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -format MM-dd-yyyy).Replace("-","/")))" -for Green
                    }
                    else{
                        Write-Host "vmHost: $($vmHost.Name.split(".")[0]) Model: $($vmhost.Model.TrimStart("ProLiant ")) BIOS version: $($vmhost.ExtensionData.Hardware.BiosInfo.BiosVersion) Release date $(((Get-Date ($vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -format MM-dd-yyyy).Replace("-","/")))" -for Red
                    }
    
                 }
    "ML350e Gen8" {
                    if((Get-Date $vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -ge $([datetime]"02/10/2014")){
                        Write-Host "vmHost: $($vmHost.Name.split(".")[0]) Model: $($vmhost.Model.TrimStart("ProLiant ")) BIOS version: $($vmhost.ExtensionData.Hardware.BiosInfo.BiosVersion) Release date $(((Get-Date ($vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -format MM-dd-yyyy).Replace("-","/")))" -for Green
                    }
                    else{
                        Write-Host "vmHost: $($vmHost.Name.split(".")[0]) Model: $($vmhost.Model.TrimStart("ProLiant ")) BIOS version: $($vmhost.ExtensionData.Hardware.BiosInfo.BiosVersion) Release date $(((Get-Date ($vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -format MM-dd-yyyy).Replace("-","/")))" -for Red
                    }
    
                 }
    "DL380p Gen8" {
                    if((Get-Date $vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -ge $([datetime]"02/10/2014")){
                        Write-Host "vmHost: $($vmHost.Name.split(".")[0]) Model: $($vmhost.Model.TrimStart("ProLiant ")) BIOS version: $($vmhost.ExtensionData.Hardware.BiosInfo.BiosVersion) Release date $(((Get-Date ($vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -format MM-dd-yyyy).Replace("-","/")))" -for Green
                    }
                    else{
                        Write-Host "vmHost: $($vmHost.Name.split(".")[0]) Model: $($vmhost.Model.TrimStart("ProLiant ")) BIOS version: $($vmhost.ExtensionData.Hardware.BiosInfo.BiosVersion) Release date $(((Get-Date ($vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -format MM-dd-yyyy).Replace("-","/")))" -for Red
                    }
    
                 }
    "DL360p Gen8" {
                    if((Get-Date $vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -ge $([datetime]"02/10/2014")){
                        Write-Host "vmHost: $($vmHost.Name.split(".")[0]) Model: $($vmhost.Model.TrimStart("ProLiant ")) BIOS version: $($vmhost.ExtensionData.Hardware.BiosInfo.BiosVersion) Release date $(((Get-Date ($vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -format MM-dd-yyyy).Replace("-","/")))" -for Green
                    }
                    else{
                        Write-Host "vmHost: $($vmHost.Name.split(".")[0]) Model: $($vmhost.Model.TrimStart("ProLiant ")) BIOS version: $($vmhost.ExtensionData.Hardware.BiosInfo.BiosVersion) Release date $(((Get-Date ($vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -format MM-dd-yyyy).Replace("-","/")))" -for Red
                    }
    
                 }
    "ML350p Gen8" {
                    if((Get-Date $vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -ge $([datetime]"02/10/2014")){
                        Write-Host "vmHost: $($vmHost.Name.split(".")[0]) Model: $($vmhost.Model.TrimStart("ProLiant ")) BIOS version: $($vmhost.ExtensionData.Hardware.BiosInfo.BiosVersion) Release date $(((Get-Date ($vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -format MM-dd-yyyy).Replace("-","/")))" -for Green
                    }
                    else{
                        Write-Host "vmHost: $($vmHost.Name.split(".")[0]) Model: $($vmhost.Model.TrimStart("ProLiant ")) BIOS version: $($vmhost.ExtensionData.Hardware.BiosInfo.BiosVersion) Release date $(((Get-Date ($vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -format MM-dd-yyyy).Replace("-","/")))" -for Red
                    }
    
                 }
    "DL360e Gen8" {
                    if((Get-Date $vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -ge $([datetime]"02/10/2014")){
                        Write-Host "vmHost: $($vmHost.Name.split(".")[0]) Model: $($vmhost.Model.TrimStart("ProLiant ")) BIOS version: $($vmhost.ExtensionData.Hardware.BiosInfo.BiosVersion) Release date $(((Get-Date ($vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -format MM-dd-yyyy).Replace("-","/")))" -for Green
                    }
                    else{
                        Write-Host "vmHost: $($vmHost.Name.split(".")[0]) Model: $($vmhost.Model.TrimStart("ProLiant ")) BIOS version: $($vmhost.ExtensionData.Hardware.BiosInfo.BiosVersion) Release date $(((Get-Date ($vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -format MM-dd-yyyy).Replace("-","/")))" -for Red
                    }
    
                 }
    "DL380e Gen8" {
                    if((Get-Date $vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -ge $([datetime]"02/10/2014")){
                        Write-Host "vmHost: $($vmHost.Name.split(".")[0]) Model: $($vmhost.Model.TrimStart("ProLiant ")) BIOS version: $($vmhost.ExtensionData.Hardware.BiosInfo.BiosVersion) Release date $(((Get-Date ($vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -format MM-dd-yyyy).Replace("-","/")))" -for Green
                    }
                    else{
                        Write-Host "vmHost: $($vmHost.Name.split(".")[0]) Model: $($vmhost.Model.TrimStart("ProLiant ")) BIOS version: $($vmhost.ExtensionData.Hardware.BiosInfo.BiosVersion) Release date $(((Get-Date ($vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -format MM-dd-yyyy).Replace("-","/")))" -for Red
                    }
    
                 }
    "SL230s Gen8" {
                    if((Get-Date $vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -ge $([datetime]"02/10/2014")){
                        Write-Host "vmHost: $($vmHost.Name.split(".")[0]) Model: $($vmhost.Model.TrimStart("ProLiant ")) BIOS version: $($vmhost.ExtensionData.Hardware.BiosInfo.BiosVersion) Release date $(((Get-Date ($vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -format MM-dd-yyyy).Replace("-","/")))" -for Green
                    }
                    else{
                        Write-Host "vmHost: $($vmHost.Name.split(".")[0]) Model: $($vmhost.Model.TrimStart("ProLiant ")) BIOS version: $($vmhost.ExtensionData.Hardware.BiosInfo.BiosVersion) Release date $(((Get-Date ($vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -format MM-dd-yyyy).Replace("-","/")))" -for Red
                    }
    
                 }
    "SL250s Gen8" {
                    if((Get-Date $vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -ge $([datetime]"02/10/2014")){
                        Write-Host "vmHost: $($vmHost.Name.split(".")[0]) Model: $($vmhost.Model.TrimStart("ProLiant ")) BIOS version: $($vmhost.ExtensionData.Hardware.BiosInfo.BiosVersion) Release date $(((Get-Date ($vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -format MM-dd-yyyy).Replace("-","/")))" -for Green
                    }
                    else{
                        Write-Host "vmHost: $($vmHost.Name.split(".")[0]) Model: $($vmhost.Model.TrimStart("ProLiant ")) BIOS version: $($vmhost.ExtensionData.Hardware.BiosInfo.BiosVersion) Release date $(((Get-Date ($vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -format MM-dd-yyyy).Replace("-","/")))" -for Red
                    }
    
                 }
    "SL270s Gen8" {
                    if((Get-Date $vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -ge $([datetime]"02/10/2014")){
                        Write-Host "vmHost: $($vmHost.Name.split(".")[0]) Model: $($vmhost.Model.TrimStart("ProLiant ")) BIOS version: $($vmhost.ExtensionData.Hardware.BiosInfo.BiosVersion) Release date $(((Get-Date ($vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -format MM-dd-yyyy).Replace("-","/")))" -for Green
                    }
                    else{
                        Write-Host "vmHost: $($vmHost.Name.split(".")[0]) Model: $($vmhost.Model.TrimStart("ProLiant ")) BIOS version: $($vmhost.ExtensionData.Hardware.BiosInfo.BiosVersion) Release date $(((Get-Date ($vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -format MM-dd-yyyy).Replace("-","/")))" -for Red
                    }
    
                 }
    "DL560 Gen8" {
                    if((Get-Date $vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -ge $([datetime]"02/10/2014")){
                        Write-Host "vmHost: $($vmHost.Name.split(".")[0]) Model: $($vmhost.Model.TrimStart("ProLiant ")) BIOS version: $($vmhost.ExtensionData.Hardware.BiosInfo.BiosVersion) Release date $(((Get-Date ($vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -format MM-dd-yyyy).Replace("-","/")))" -for Green
                    }
                    else{
                        Write-Host "vmHost: $($vmHost.Name.split(".")[0]) Model: $($vmhost.Model.TrimStart("ProLiant ")) BIOS version: $($vmhost.ExtensionData.Hardware.BiosInfo.BiosVersion) Release date $(((Get-Date ($vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -format MM-dd-yyyy).Replace("-","/")))" -for Red
                    }
    
                 }
    "SL4540 Gen8" {
                    if((Get-Date $vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -ge $([datetime]"02/10/2014")){
                        Write-Host "vmHost: $($vmHost.Name.split(".")[0]) Model: $($vmhost.Model.TrimStart("ProLiant ")) BIOS version: $($vmhost.ExtensionData.Hardware.BiosInfo.BiosVersion) Release date $(((Get-Date ($vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -format MM-dd-yyyy).Replace("-","/")))" -for Green
                    }
                    else{
                        Write-Host "vmHost: $($vmHost.Name.split(".")[0]) Model: $($vmhost.Model.TrimStart("ProLiant ")) BIOS version: $($vmhost.ExtensionData.Hardware.BiosInfo.BiosVersion) Release date $(((Get-Date ($vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -format MM-dd-yyyy).Replace("-","/")))" -for Red
                    }
    
                 }
    "SL210t Gen8" {
                    if((Get-Date $vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -ge $([datetime]"02/10/2014")){
                        Write-Host "vmHost: $($vmHost.Name.split(".")[0]) Model: $($vmhost.Model.TrimStart("ProLiant ")) BIOS version: $($vmhost.ExtensionData.Hardware.BiosInfo.BiosVersion) Release date $(((Get-Date ($vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -format MM-dd-yyyy).Replace("-","/")))" -for Green
                    }
                    else{
                        Write-Host "vmHost: $($vmHost.Name.split(".")[0]) Model: $($vmhost.Model.TrimStart("ProLiant ")) BIOS version: $($vmhost.ExtensionData.Hardware.BiosInfo.BiosVersion) Release date $(((Get-Date ($vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -format MM-dd-yyyy).Replace("-","/")))" -for Red
                    }
    
                 }
    "BL420c Gen8" {
                    if((Get-Date $vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -ge $([datetime]"02/10/2014")){
                        Write-Host "vmHost: $($vmHost.Name.split(".")[0]) Model: $($vmhost.Model.TrimStart("ProLiant ")) BIOS version: $($vmhost.ExtensionData.Hardware.BiosInfo.BiosVersion) Release date $(((Get-Date ($vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -format MM-dd-yyyy).Replace("-","/")))" -for Green
                    }
                    else{
                        Write-Host "vmHost: $($vmHost.Name.split(".")[0]) Model: $($vmhost.Model.TrimStart("ProLiant ")) BIOS version: $($vmhost.ExtensionData.Hardware.BiosInfo.BiosVersion) Release date $(((Get-Date ($vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -format MM-dd-yyyy).Replace("-","/")))" -for Red
                    }
    
                 }
    "BL460c Gen8" {
                    if((Get-Date $vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -ge $([datetime]"02/10/2014")){
                        Write-Host "vmHost: $($vmHost.Name.split(".")[0]) Model: $($vmhost.Model.TrimStart("ProLiant ")) BIOS version: $($vmhost.ExtensionData.Hardware.BiosInfo.BiosVersion) Release date $(((Get-Date ($vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -format MM-dd-yyyy).Replace("-","/")))" -for Green
                    }
                    else{
                        Write-Host "vmHost: $($vmHost.Name.split(".")[0]) Model: $($vmhost.Model.TrimStart("ProLiant ")) BIOS version: $($vmhost.ExtensionData.Hardware.BiosInfo.BiosVersion) Release date $(((Get-Date ($vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -format MM-dd-yyyy).Replace("-","/")))" -for Red
                    }
                }
    "BL660c Gen8" {
                    if((Get-Date $vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -ge $([datetime]"02/10/2014")){
                        Write-Host "vmHost: $($vmHost.Name.split(".")[0]) Model: $($vmhost.Model.TrimStart("ProLiant ")) BIOS version: $($vmhost.ExtensionData.Hardware.BiosInfo.BiosVersion) Release date $(((Get-Date ($vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -format MM-dd-yyyy).Replace("-","/")))" -for Green
                    }
                    else{
                        Write-Host "vmHost: $($vmHost.Name.split(".")[0]) Model: $($vmhost.Model.TrimStart("ProLiant ")) BIOS version: $($vmhost.ExtensionData.Hardware.BiosInfo.BiosVersion) Release date $(((Get-Date ($vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -format MM-dd-yyyy).Replace("-","/")))" -for Red
                    }
    
                 }
    "DL580 Gen8" {
                    if((Get-Date $vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -ge $([datetime]"04/01/2014")){
                        Write-Host "vmHost: $($vmHost.Name.split(".")[0]) Model: $($vmhost.Model.TrimStart("ProLiant ")) BIOS version: $($vmhost.ExtensionData.Hardware.BiosInfo.BiosVersion) Release date $(((Get-Date ($vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -format MM-dd-yyyy).Replace("-","/")))" -for Green
                    }
                    else{
                        Write-Host "vmHost: $($vmHost.Name.split(".")[0]) Model: $($vmhost.Model.TrimStart("ProLiant ")) BIOS version: $($vmhost.ExtensionData.Hardware.BiosInfo.BiosVersion) Release date $(((Get-Date ($vmhost.ExtensionData.Hardware.BiosInfo.ReleaseDate) -format MM-dd-yyyy).Replace("-","/")))" -for Red
                    }
    
                 }
    default {"The server model could not be determined."}
    }
}

The output of the script above:

image

afokkema VMware

vShield Host preparation: Host not reachable


Just a quick tip when you’re using vShield and want to prepare a new ESXi host. When you click on the vShield tab inside the vSphere client you might see the message “Host not reachable”.

image

So I started with some basic troubleshooting like ping from the vShield Manager to the ESXi host and from the ESXi host to the vShield Manager. This worked. The next step was the debug connection command from the vShield Manager appliance. This command completed successfully:

image

So what was the issue?? Well it’s simple the ESXi host was in Maintenance mode while trying to perform the Host preparation. This is not supported. The host needs to be in normal operation mode to be able to connect to vShield. Now I was able to prepare the ESX host:

image

afokkema VMware

Syslog gone mad after vSphere upgrade to vSphere 5.1 update 1


After upgrading a vSphere 5.0 update 2 host to vSphere 5.1 update 1 we noticed an issue with the lsassd daemon. Right after update manager finished with the upgrade the lsassd starts to write a lot of messages. Within the last 5 minutes the syslog server received 170K log messages from the upgraded host alone.

See the screenshot below:

image

The following message keeps popping up in the logs:

esxihost.domain.loc lsassd[9297]: 0x6eb11b90:Terminating on fatal IPC exception

To work around this issue you need to leave the Windows domain. Select the host – Configuration – Authentication Services – Properties. Click on Leave Domain… The excessive logging hast stopped immediately.

image

After that you can rejoin to the Windows domain again.

afokkema VMware

Import OVF/OVA: No datastore found on target in vCenter Server 5.1


I was trying to import an OVF/OVA template to one of my lab environments. But unfortunately this was not possible because of an error:

image

In this environment we are using Folders to organize the datastores. See the screenshot below:

image

This works for most of the time but when you want to import an OVF/OVA template you have to give up your folder structure to enable the OVF template. This is a small bug in vCenter Server 5.1. See KB2045635 for more details.

This is a small quote from the KB article:

This is a known issue affecting VMware vCenter Server 5.1.

Try one of the following workarounds:

  • Use vSphere Client to deploy.
    Open the vSphere Client and use it to deploy the OVA/OVF file.
  • Use Web Client to deploy.
    If the datastore is  in a folder, remove it from the folder and try to deploy.

In this case I had to move the SDRS cluster and the datastores attached to this SDRS cluster from the yellow folder to the root folder inside the Storage view of the vSphere web client.

Now I was able to deploy the OVF/OVA template.