PowerCLI: Easy NFS datastore setup vSphere 5.x

For vSphere 4.1 I wrote a PowerCLI script to attach NFS shares. You can find the script here.

In vSphere 5 the properties has changed so I had to change the script. In fact the script is much simpler because all the properties can be found in $nfs.info.nas:


The RemoteHost presents the IP address, The RemotePath presents the Share and the Name property presents the name of the share. Now we have the correct variables so it’s time to fix the old script. You can find the result below:

$REFHOST = Get-VMHost "<esxi hostname>"
foreach($NEWHOST in (Get-Cluster <cluster> | Get-VMhost | Where {$_.Name -ne $REFHOST.Name}) | Sort Name){
    foreach($nfs in (Get-VMhost $REFHOST | Get-Datastore | Where {$_.type -eq "NFS"} | Get-View)){
        $share = $nfs.info.Nas
        if($share.Remotehost -match "\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b"){
            $remotePath = $share.RemotePath
            $remoteHost = $share.Remotehost
            $shareName = $nfs.Name            

            if ((Get-VMHost $NEWHOST | Get-Datastore | Where {$_.Name -eq $shareName -and $_.type -eq "NFS"} -ErrorAction SilentlyContinue )-eq $null){
                Write-Host "NFS mount $shareName doesn't exist on $($NEWHOST)" -fore Red
                New-Datastore -Nfs -VMHost $NEWHost -Name $Sharename -Path $remotePath -NfsHost $remoteHost    | Out-Null

vCOPS: Empty Dashboard after the upgrade to version 5.6

After the upgrade of vCenter Operations 5.0.3 (vAPP) to vCenter Operations 5.6 I got an empty screen when I started the vCenter Operations Manager website and the Dashboard view:


So I started to troubleshoot and a Goolge search. When I found the following thread on the VMware communities: http://communities.vmware.com/message/2158059. The fix is really easy. Just clear your browser cache and after that, the Dashboard view will work again.


vCenter Operations: Disable the default web timeout

Just a quick note to remember how to disable the default web timeout of 30 minutes in vCenter Operations.

  1. Login as root on the UI VM.
  2. Open the the web.xml file with VI: vi/usr/lib/vmware-vcops/tomcat/webapps/vcops-vsphere/WEB-INF/web.xml
  3. Change the default value 30 to –1 to disable the timeout completely.
  4. image

  5. Save the changes via ESC, :wq
  6. restart the vcopsweb service via:  service vcopsweb restart
  7. Wait until the service is ready again.

Login to vCenter Operations and enjoy the view of your dashboards Smile

PowerCLI: Get-VirtualPortgroup -Distributed VlandId value is empty

Today I was busy with PowerCLI and dvPort groups.  I started to use the Get-VirtualPortgroup –Distributed cmdlet and parameter to retrieve some information about the dvPort group. But the default output doesn’t show the VlanId. See the screen shot below for the default output.


I don’t know if this is a known issue between PowerCLI 5.1 release 1 and vSphere 4.1 update 2. So I have to test it in a vSphere 5 environment.

But how can you find the vlanid of a distributed portgroup? You can use a PowerCLI script which I created  to fix this little “bug” and I have also added the PortsFree column to the output of the script.

$dvPortgroup = get-virtualportgroup -Distributed -Name "vlan1"
$dvPortgroupInfo = New-Object PSObject -Property @{            
    Name = $dvPortgroup.Name
    Key = $dvPortgroup.Key
    VlanId = $dvPortgroup.ExtensionData.Config.DefaultPortConfig.Vlan.VlanId
    Portbinding = $dvPortgroup.Portbinding
    NumPorts = $dvPortgroup.NumPorts
    PortsFree = ($dvPortgroup.ExtensionData.PortKeys.count - $dvPortgroup.ExtensionData.vm.count)
$dvPortgroupInfo | ft -AutoSize

The output of the script:


If you want to create a report of all the dvPort groups. You can use the following script to achieve that goal:

$info = @()
foreach($dvPortgroup in (Get-VirtualPortgroup -Distributed | Sort Name)){
    $dvPortgroupInfo = New-Object PSObject -Property @{            
        Name = $dvPortgroup.Name
        Key = $dvPortgroup.Key
        VlanId = $dvPortgroup.ExtensionData.Config.DefaultPortConfig.Vlan.VlanId
        Portbinding = $dvPortgroup.Portbinding
        NumPorts = $dvPortgroup.NumPorts
        PortsFree = ($dvPortgroup.ExtensionData.PortKeys.count - $dvPortgroup.ExtensionData.vm.count)
    $info += $dvPortgroupInfo
$info | Export-Csv -UseCulture -NoTypeInformation C:\tmp\dvportgroup_info.csv

ESXi: Leave Windows Domain: The operation is not allow in the current state

Today I was struggling with an ESX host. The ESX host was unable to leave the Windows domain. I got the following error:


From the vSphere client I was unable to fix this issue. Apply Host profile failed also with the same error. So I started a search in the VMware KB and found an article about problems while attempting to join a Windows domain. In this article you’ll find a way to clean up the AD configuration from the CLI.

The solution for me was to stop the lsassd service:

/etc/init.d/lsassd stop

Remove the db directory:

/etc/likewise/db directory

and start the lasassd service again:

/etc/init.d/lsassd start

Now I was able to leave the Windows domain.

vCenter Operations Manager 5.x vApp Admin account tips

I just want to share two KB articles about the Admin account used in vCenter Operations Manager 5.x vApp. I had some trouble logging in as admin and these articles helped me solve the issue.

Automated lockout of the admin account in the vCenter Operations Manager 5.x vApp


vCenter Operations Manager 5.x locks out the admin account on the vApp if you try to log in with incorrect credentials three times in a row.


Determine whether the admin account is locked out

  1. Log in to the console of the UI VM as root user.
  2. Run the following command twice: su admin.
    The admin account is locked if the console displays a message that reads Account locked due to XX failed login, where XX stands for the number of failed login attempts.
  3. Repeat the above steps on the Analytics VM to check if the admin account there is locked out.

Unlock the admin account

  1. Log in to the console of the UI VM as root user.
  2. Run the following command: pam_tally --user admin --reset.
  3. Repeat the above steps on the Analytics VM if the admin account there is locked out.

Disable the automated lockout for the admin account (optional)

  1. Log in to the console of the UI VM as root user.
  2. Remove or comment out the following line from file /etc/pam.d/common-auth:
    auth requisite pam_tally.so deny=3
  3. Repeat the above steps on the Analytics VM to disable the lockout functionality there.
    Note: The admin account is unlocked automatically when you disable this functionality.

Source: KB2030185

Resetting user passwords in vCenter Operations Manager vApp


This article describes how to reset passwords in vCenter Operations Manager 5.x. The procedure for the root user is different from the admin user. Both procedures are documented here.


Resetting the root user password

If you forget the root user password, you can reset this password by booting into single user mode.

To reset the root user password:

  1. In the vSphere Client, power off both the UI and Analytics virtual machines.
  2. Select the powered-off UI virtual machine, right-click it, and choose Open Console in the pop-up menu.
  3. From the virtual machine console window, hit the green |> button to power on the UI virtual machine .
  4. When the boot screen appears, quickly click inside the window and enter a space.
    The boot process halts and the countdown from 7 to 0 at the bottom of the screen clears.
    Note: You have only a few seconds to accomplish this step. If you do not halt the boot countdown, you have to start over.
  5. Make sure the first line is selected (SUSE Linux Enterprise …), and press e.
    A boot parameters menu appears.
  6. Go to the second line (beginning with “kernel /vmlinuz-….”), and press e again.
    You are dropped into a grub prompt, and the cursor is positioned at the end of the line.
  7. Enter a space, followed by the parameter init=/bin/sh, and press Enter.
    The space and the parameter are appended to the line onscreen. Once you press Enter, you are returned to the previous boot parameters screen, with the kernel line highlighted.
  8. Press b to boot.
    You see a short boot sequence, followed by a shell prompt.
    Note: This step overwrites the temporary changes made in Step 7, and all boot parameters revert to their previous values.
  9. Run this command to reset the root user password:
  10. Repeat Steps 1-9 for the Analytics virtual machine.
    Note: Make sure that you enter the same new password for both the UI and the Analytics virtual machines.

  11. Resetting the admin user password

If you forget the admin user password for vCenter Operations Manager, a script is available for you to re-set that password.

For the 5.0 version only, you must download and use the script attached to this document.

For vCenter Operations 5.0.1 and subsequent versions, the script will be available in the vApp.

To reset the admin password, follow these steps. If you are on a version later than 5.0, go to Step 3.

  1. If you are on the 5.0 version, download and unzip the file resetadminpwd.zip to obtain the script fileresetadminpwd.sh.
  2. Save resetadminpwd.sh on the UI virtual machine in the /usr/lib/vmware-vcops/user/conf/install folder.
  3. Make the script executable.
    chmod 755 resetadminpwd.sh
  4. As root, run the script resetadminpwd.sh on the UI virtual machine:
    ./resetadminpwd.sh new-password

Source: KB2013358

PowerCLI: dvSwitch info

In one of my previous posts you can find a PowerCLI script to report the dvPortgroup ports usage. In this post you’ll find a PowerCLI script to report the overall status of the dvSwitches in your environment. The script will report the dvSwitch Name, Version, Total ports maximum, Total ports in use and the total ports left on the dvSwitch.

Just copy the script below:

$dvSwitchInfo = @()
foreach($dvSwitch in (get-virtualSwitch -distributed |Sort Name)){
    $details = "" | Select Name, Version, Totalports, Portsinuse, Portsleft
    $totalPorts = $dvSwitch.ExtensionData.Config.MaxPorts
    $Portsinuse = $dvSwitch.ExtensionData.Config.NumPorts
    $portsleft = ($totalPorts - $Portsinuse)
    $details.Name = $dvSwitch.name
    $details.Version = $dvSwitch.ExtensionData.Summary.ProductInfo.Version
    $details.Totalports = $totalPorts
    $details.Portsinuse = $Portsinuse
    $details.Portsleft = $portsleft   
    $dvSwitchInfo += $details

The output will look like this:


I will create another script to combine the information of the dvSwitch and the dvPortgroups available on the dvSwitch to a complete html report like the vCheck.

PowerCLI: dvPortgroup ports report

In this post I will show you how you can generate a simple report of your dvPortgroups. The report shows the Name of the dvPortgroup, The portbinding configuration, The total ports configured, The total ports in use and last but not least the total ports left on the dvPortgroup.

The script below will search for all distributed portgroups in your vCenter where you’re connected to with PowerCLI.

$pgInfo = @()
foreach($pg in (get-virtualportgroup -distributed | Sort Name)){
    $details = "" | Select Name, PortBinding, Totalports, Portsinuse, Portsleft
    $totalPorts = $pg.ExtensionData.PortKeys.count    
    $Portsinuse = $pg.ExtensionData.vm.count
    $portsleft = ($totalPorts - $Portsinuse)
    $details.Name = $pg.name
    $details.PortBinding = $pg.PortBinding
    $details.Totalports = $totalPorts
    $details.Portsinuse = $Portsinuse
    $details.Portsleft = $portsleft   
    $pgInfo += $details
$pgInfo | Export-Csv -UseCulture -NoTypeInformation C:\Scripts\dvPortgroupInfo.csv

The CSV output will look like this:

Name PortBinding Totalports Portsinuse Portsleft
vlan1 Static 32 4 28
vlan2 Static 32 0 32
vlan3 Static 32 7 25
vlan4 Static 32 1 31
vlan5 Static 32 12 20
vlan6 Static 32 0 32

With a simple PowerCLI script you can create a report of all your dvPortgroups. I am going to create another PowerCLI script to use as a Nagios plugin to see witch of the dvPortgroups have less than <X> ports left. So to be continued.

The numPorts value: <####> in spec exceeded maxPorts 8192

Today I was playing around with the vSphere Distributed Switch and trying to reach the configuration maximums of it by creating lots of dvPortgroups. But when I reached the port numbers above 8192, the dvPortgroup wasn’t created and I got the following error:


From KB1038193 I used the resolution to change the default max numPorts from 8192 to 20000. The 20000 value is also the one mentioned in the Configuration Maxium document: vsp_41_config_max.pdf so I don’t know why VMware used the 8192 max value. If anyone can explain why this extra limit if effective, please let me know.

The solution from KB1038193:

  • You cannot configure more than 8192 virtual ports in vCenter Server vNetwork Distributed Switch (vDS).
  • You see the error:
    The numPorts value : 8256 in spec exceeded maxPorts 8192.

This article provides steps to increase the maximum number of vDS ports. 

Changing the maximum number of vDS ports by using vSphere PowerCLI

vSphere PowerCLI can be used to automate the different virtual machine tasks. It provides an easy-to-use C# and PowerShell interface to VMware vSphere APIs. For more information, see the VMware vSphere PowerCLI Documentation.

To change the maximum number of vDS ports, you can use this PowerCLI snippet:

$dvs = Get-VirtualSwitch -Distributed -Name DVSName | Get-View
$cfg = New-Object -TypeName VMware.Vim.DVSConfigSpec
$cfg.MaxPorts = 20000
$cfg.configVersion = $dvs.config.configVersion
$dvs.ReconfigureDvs_Task( $cfg )

I have changed the code slightly to report the current configuration. you can use this script or the one from the KB article:

# dvSwitchName
$dvSwitchName = "dvSwitch01"

$dvs = Get-VirtualSwitch -Distributed -Name $dvSwitchName | Get-View
Write-Host "The current configuration of MaxPorts = $($dvs.Config.MaxPorts)" -for Yellow
$cfg = New-Object -TypeName VMware.Vim.DVSConfigSpec

# Org
#$cfg.MaxPorts = 8192

# New
$cfg.MaxPorts = 20000

$cfg.configVersion = $dvs.config.configVersion
$dvs.ReconfigureDvs_Task( $cfg ) | Out-Null

# Report new configuration
$dvs = Get-VirtualSwitch -Distributed -Name $dvSwitchName | Get-View
Write-Host "The new configuration of MaxPorts = $($dvs.Config.MaxPorts)" -for Green



Source: KB1038193

Host Profiles: Ruleset xxxx doesn’t match the specification

Today I was testing Host Profiles (again) and I must say it works a lot better than during my previous tests. There was only one thing very annoying during my tests. When the host was in maintenance mode, I applied the Host Profile and performed a check. Everything was OK and the host was compliant.  But when the host was out Maintenance mode and I checked if the host was still compliant, I received the following message:


Unfortunately there’s no knowledgebase article which describes those messages so I started to Google and found a post on the VMware Communites by khushal: http://communities.vmware.com/message/1357268

1. Open vCenter go to Home — > Management –> Host Profiles

2. Right Click on the Host Profile you are using for your Cluster and Select Edit

3. Expand the profile Profile

– Profile-name

– Firewall configuration

*     – Ruleset Configuration*

*     – faultTolerance*

       Select Ruleset and check the checkbox in right hand “*Flag Indicating whether ruleset should be enabled”

Click OK.

and check Compliance again in Cluster.

To fix the annoying messages I did change the aam and faultTolerance settings via:

Continue reading