VMware Cloud Community
a2alpha
Expert
Expert
‎03-26-2010 02:27 AM
Jump to solution

Mismatch of running services from service console and get-vmhostfirewallexception

Hi, I am noticing that when running the following script, it reports that NTP Client is ok and running. Thats fine, but when I go into the host service console, and run esxcfg-firewall -d NTPClient followed by service ntpd stop the results of the script are the same.

$ntprun = @()

foreach ($vmhost in get-vmhost) {

$fw = $vmhost | get-VMHostFirewallException | where {$_.name -eq "NTP Client" -and $_.Enabled -eq "true" -and $_.ServiceRunning -eq "true"}

$row = "" | select @{Name = "Host"; Expression = {$vmhost.name}}, @{Name = "Firewall and Service"; Expression = {$fw.name}}, @{N=”NTP Servers”;E={Get-VMHostNtpServer $vmhost}}

$ntprun +=$row

}

$ntprun

What I want to acheive is a table, stating that the ntp service is running, and that the firewall is open. Even with just get-vmhopstfirewallexception -vmhost ESX1 the service is showing as running and the ntpclient is showing as enabled despite the fact I have disabled them.

Am I missing something, or talking about two separate things?

Thanks in advance.

Dan

Reply
0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership
‎03-26-2010 02:53 AM
Jump to solution

The Enabled and ServiceRunning properties are Boolean values, so you have to compare with $false or $true.

Not against the string "false" or "true".

$ntprun = @()
foreach ($vmhost in get-vmhost mmmstv004.muac.corp.eurocontrol.int) {
	$fw = $vmhost | get-VMHostFirewallException | where {$_.name -eq "NTP Client" -and $_.Enabled -eq $true -and $_.ServiceRunning -eq $true}
	$row = "" | select @{Name = "Host"; Expression = {$vmhost.name}}, @{Name = "Firewall and Service"; Expression = {$fw.name}}, @{N=”NTP Servers”;E={Get-VMHostNtpServer $vmhost}}
	$ntprun +=$row
}
$ntprun

____________

Blog: LucD notes

Twitter: lucd22


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

Reply
0 Kudos
7 Replies
LucD
Leadership
Leadership
‎03-26-2010 02:53 AM
Jump to solution

The Enabled and ServiceRunning properties are Boolean values, so you have to compare with $false or $true.

Not against the string "false" or "true".

$ntprun = @()
foreach ($vmhost in get-vmhost mmmstv004.muac.corp.eurocontrol.int) {
	$fw = $vmhost | get-VMHostFirewallException | where {$_.name -eq "NTP Client" -and $_.Enabled -eq $true -and $_.ServiceRunning -eq $true}
	$row = "" | select @{Name = "Host"; Expression = {$vmhost.name}}, @{Name = "Firewall and Service"; Expression = {$fw.name}}, @{N=”NTP Servers”;E={Get-VMHostNtpServer $vmhost}}
	$ntprun +=$row
}
$ntprun

____________

Blog: LucD notes

Twitter: lucd22


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
a2alpha
Expert
Expert
‎03-26-2010 03:59 AM
Jump to solution

Thanks LucD for this, but unfortunately it is still reporting oddly:

get-vmhostfirewallexception -vmhost esx1

lists the NTPClient as service running and enabled despite me stopping the ntpd and disabling the service in the firewall.

Is this command only showing the exceptions on startup? As it doesn't seem to change when I disable them.

Thanks,

Dan

Reply
0 Kudos
LucD
Leadership
Leadership
‎03-26-2010 04:56 AM
Jump to solution

You're right, you have to explicitly refresh the services.

That can be done like this

$esxName = <esx-hostname>

$srvSys = Get-View (Get-VMHost  | Get-View).ConfigManager.ServiceSystem
$srvSys.RefreshServices()

____________

Blog: LucD notes

Twitter: lucd22


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
a2alpha
Expert
Expert
‎03-26-2010 06:14 AM
Jump to solution

Brilliant, that works for the service, is there one to refresh the status of the firewall, because it still shows the ntpClient as enabled. The service running is now showing at false.

Reply
0 Kudos
LucD
Leadership
Leadership
‎03-26-2010 06:22 AM
Jump to solution

Sorry, forgot to add that one

$esxName = <esx-hostname>

$fwSys = Get-View (Get-VMHost $esxName | Get-View).ConfigManager.firewallSystem
$fwSys.RefreshFirewall()

____________

Blog: LucD notes

Twitter: lucd22


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
a2alpha
Expert
Expert
‎03-26-2010 09:36 AM
Jump to solution

LucD, thats perfect, thanks so much for all your help once again.

I now have this, which works a treat!

$ntprun = @()

foreach ($vmhost in get-vmhost)

{

$srvSys = Get-View (Get-VMHost $vmhost | Get-View).ConfigManager.ServiceSystem

$srvSys.RefreshServices()

$fwSys = Get-View (Get-VMHost $vmhost | Get-View).ConfigManager.firewallSystem

$fwSys.RefreshFirewall()

$fw = $vmhost | get-VMHostFirewallException | where {$_.name -eq "NTP Client" -and $_.Enabled -eq $true -and $_.ServiceRunning -eq $true}

$row = "" | select @{Name = "Host"; Expression = {$vmhost.name}}, @{Name = "Firewall and Service"; Expression = {$fw.name}}, @{N=”NTP Servers”;E={Get-VMHostNtpServer $vmhost}}

$ntprun +=$row

}

$ntprun

Reply
0 Kudos
LucD
Leadership
Leadership
‎03-26-2010 11:50 AM
Jump to solution

You're welcome.

Great script btw.

@VMW Would be a great improvement for a future PowerCLI build to add a -Refresh parameter.

____________

Blog: LucD notes

Twitter: lucd22


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos