SCharchouf
Hot Shot
Hot Shot

NTP Settings on all Hosts with recommended parameters

Jump to solution

I have created the below script in order to:

  • Check NTP on all ESXi hosts
  • Make change if required
  • Start NTPD service
  • Set policy to automatic
  • Allow NTP queries outbound through the firewall

issue:

  1. not able to set policy to automatic
  2. Not able to create a function to check NTP queries outbound through the firewall and correct it if required
  3. there's errors when I run the script

Error :

###############################################

#Checking NTP Servers...                      #

###############################################

Server XXX.XXX.XXX.XXX is missing

Remove-VMHostNtpServer : 26/09/2020 16:28:41    Remove-VMHostNtpServer          The NtpServer 'YYY.YYY.YYY.YYY' does not exist on VMHost 'ESX03.TEST.LOCAL'.

At K:\Scripts\testScript_Test_Hardening.ps1:44 char:60

+ ... _.$domain" | Remove-VMHostNtpServer -NtpServer $ntp2 -Confirm:$false}

+                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidArgument: (:) [Remove-VMHostNtpServer], VimException

    + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_RemoveVmHostNtpServer_NameDoesNotExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.RemoveVMHostNtpServer

Remove-VMHostNtpServer : 26/09/2020 16:28:41    Remove-VMHostNtpServer          The NtpServer 'YYY.YYY.YYY.YYY' does not exist on VMHost 'ESX03.TEST.LOCAL'.

At K:\Scripts\testScript_Test_Hardening.ps1:44 char:60

+ ... _.$domain" | Remove-VMHostNtpServer -NtpServer $ntp2 -Confirm:$false}

+                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidArgument: (:) [Remove-VMHostNtpServer], VimException

    + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_RemoveVmHostNtpServer_NameDoesNotExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.RemoveVMHostNtpServer

Remove-VMHostNtpServer : 26/09/2020 16:28:41    Remove-VMHostNtpServer          The NtpServer 'YYY.YYY.YYY.YYY' does not exist on VMHost 'ESX03.TEST.LOCAL'.

At K:\Scripts\testScript_Test_Hardening.ps1:44 char:60

+ ... _.$domain" | Remove-VMHostNtpServer -NtpServer $ntp2 -Confirm:$false}

+                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidArgument: (:) [Remove-VMHostNtpServer], VimException

    + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_RemoveVmHostNtpServer_NameDoesNotExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.RemoveVMHostNtpServer

Remove-VMHostNtpServer : 26/09/2020 16:28:42    Remove-VMHostNtpServer          The NtpServer 'YYY.YYY.YYY.YYY' does not exist on VMHost 'ESX02.TEST.LOCAL'.

At K:\Scripts\testScript_Test_Hardening.ps1:44 char:60

+ ... _.$domain" | Remove-VMHostNtpServer -NtpServer $ntp2 -Confirm:$false}

+                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidArgument: (:) [Remove-VMHostNtpServer], VimException

    + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_RemoveVmHostNtpServer_NameDoesNotExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.RemoveVMHostNtpServer

Remove-VMHostNtpServer : 26/09/2020 16:28:42    Remove-VMHostNtpServer          The NtpServer 'YYY.YYY.YYY.YYY' does not exist on VMHost 'ESX02.TEST.LOCAL'.

At K:\Scripts\testScript_Test_Hardening.ps1:44 char:60

+ ... _.$domain" | Remove-VMHostNtpServer -NtpServer $ntp2 -Confirm:$false}

+                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidArgument: (:) [Remove-VMHostNtpServer], VimException

    + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_RemoveVmHostNtpServer_NameDoesNotExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.RemoveVMHostNtpServer

Remove-VMHostNtpServer : 26/09/2020 16:28:42    Remove-VMHostNtpServer          The NtpServer 'YYY.YYY.YYY.YYY' does not exist on VMHost 'ESX02.TEST.LOCAL'.

At K:\Scripts\testScript_Test_Hardening.ps1:44 char:60

+ ... _.$domain" | Remove-VMHostNtpServer -NtpServer $ntp2 -Confirm:$false}

+                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidArgument: (:) [Remove-VMHostNtpServer], VimException

    + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_RemoveVmHostNtpServer_NameDoesNotExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.RemoveVMHostNtpServer

Add-VMHostNtpServer : 26/09/2020 16:28:43       Add-VMHostNtpServer             The NtpServer 'XXX.XXX.XXX.XXX' already exist on VMHost 'ESX03.TEST.LOCAL'.

At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

+ ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

    + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

XXX.XXX.XXX.XXX

YYY.YYY.YYY.YYY

Add-VMHostNtpServer : 26/09/2020 16:28:43       Add-VMHostNtpServer             The NtpServer 'XXX.XXX.XXX.XXX' already exist on VMHost 'ESX03.TEST.LOCAL'.

At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

+ ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

    + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

Add-VMHostNtpServer : 26/09/2020 16:28:43       Add-VMHostNtpServer             The NtpServer 'YYY.YYY.YYY.YYY' already exist on VMHost 'ESX03.TEST.LOCAL'.

At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

+ ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

    + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

Add-VMHostNtpServer : 26/09/2020 16:28:43       Add-VMHostNtpServer             The NtpServer 'XXX.XXX.XXX.XXX' already exist on VMHost 'ESX03.TEST.LOCAL'.

At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

+ ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

    + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

Add-VMHostNtpServer : 26/09/2020 16:28:43       Add-VMHostNtpServer             The NtpServer 'YYY.YYY.YYY.YYY' already exist on VMHost 'ESX03.TEST.LOCAL'.

At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

+ ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

    + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

Add-VMHostNtpServer : 26/09/2020 16:28:43       Add-VMHostNtpServer             The NtpServer 'XXX.XXX.XXX.XXX' already exist on VMHost 'ESX03.TEST.LOCAL'.

At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

+ ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

    + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

Add-VMHostNtpServer : 26/09/2020 16:28:43       Add-VMHostNtpServer             The NtpServer 'YYY.YYY.YYY.YYY' already exist on VMHost 'ESX03.TEST.LOCAL'.

At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

+ ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

    + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

Add-VMHostNtpServer : 26/09/2020 16:28:43       Add-VMHostNtpServer             The NtpServer 'XXX.XXX.XXX.XXX' already exist on VMHost 'ESX02.TEST.LOCAL'.

At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

+ ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

    + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

XXX.XXX.XXX.XXX

YYY.YYY.YYY.YYY

Add-VMHostNtpServer : 26/09/2020 16:28:43       Add-VMHostNtpServer             The NtpServer 'XXX.XXX.XXX.XXX' already exist on VMHost 'ESX02.TEST.LOCAL'.

At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

+ ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

    + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

Add-VMHostNtpServer : 26/09/2020 16:28:43       Add-VMHostNtpServer             The NtpServer 'YYY.YYY.YYY.YYY' already exist on VMHost 'ESX02.TEST.LOCAL'.

At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

+ ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

    + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

Add-VMHostNtpServer : 26/09/2020 16:28:44       Add-VMHostNtpServer             The NtpServer 'XXX.XXX.XXX.XXX' already exist on VMHost 'ESX02.TEST.LOCAL'.

At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

+ ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

    + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

Add-VMHostNtpServer : 26/09/2020 16:28:44       Add-VMHostNtpServer             The NtpServer 'YYY.YYY.YYY.YYY' already exist on VMHost 'ESX02.TEST.LOCAL'.

At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

+ ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

    + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

Add-VMHostNtpServer : 26/09/2020 16:28:44       Add-VMHostNtpServer             The NtpServer 'XXX.XXX.XXX.XXX' already exist on VMHost 'ESX02.TEST.LOCAL'.

At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

+ ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

    + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

Add-VMHostNtpServer : 26/09/2020 16:28:44       Add-VMHostNtpServer             The NtpServer 'YYY.YYY.YYY.YYY' already exist on VMHost 'ESX02.TEST.LOCAL'.

At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

+ ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

    + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

Add-VMHostNtpServer : 26/09/2020 16:28:44       Add-VMHostNtpServer             The NtpServer 'XXX.XXX.XXX.XXX' already exist on VMHost 'ESX01.TEST.LOCAL'.

At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

+ ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

    + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

Add-VMHostNtpServer : 26/09/2020 16:28:44       Add-VMHostNtpServer             The NtpServer 'YYY.YYY.YYY.YYY' already exist on VMHost 'ESX01.TEST.LOCAL'.

At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

+ ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

    + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

Add-VMHostNtpServer : 26/09/2020 16:28:44       Add-VMHostNtpServer             The NtpServer 'XXX.XXX.XXX.XXX' already exist on VMHost 'ESX01.TEST.LOCAL'.

At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

+ ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

    + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

Add-VMHostNtpServer : 26/09/2020 16:28:44       Add-VMHostNtpServer             The NtpServer 'YYY.YYY.YYY.YYY' already exist on VMHost 'ESX01.TEST.LOCAL'.

At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

+ ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

    + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

Add-VMHostNtpServer : 26/09/2020 16:28:44       Add-VMHostNtpServer             The NtpServer 'XXX.XXX.XXX.XXX' already exist on VMHost 'ESX01.TEST.LOCAL'.

At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

+ ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

    + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

Add-VMHostNtpServer : 26/09/2020 16:28:44       Add-VMHostNtpServer             The NtpServer 'YYY.YYY.YYY.YYY' already exist on VMHost 'ESX01.TEST.LOCAL'.

At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

+ ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

    + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

Add-VMHostNtpServer : 26/09/2020 16:28:44       Add-VMHostNtpServer             The NtpServer 'XXX.XXX.XXX.XXX' already exist on VMHost 'ESX01.TEST.LOCAL'.

At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

+ ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

    + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

Add-VMHostNtpServer : 26/09/2020 16:28:44       Add-VMHostNtpServer             The NtpServer 'YYY.YYY.YYY.YYY' already exist on VMHost 'ESX01.TEST.LOCAL'.

At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

+ ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

    + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

Server XXX.XXX.XXX.XXX was added successfully

###############################################

#Verifying NTP services...                    #

###############################################

All NTP Services are started.

||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| * Script * |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

#Connect to vcenter

$vcenter = Read-Host "vCenter name:"

$user = Read-Host "User:"

$password = Read-Host "Password:"

Write-Host -f green "Connecting to vCenter Server..."

Connect-VIServer -Server $vcenter -User $user -Password $password

#Create folder for logs output

$checkdir = Test-Path "$env:USERPROFILE\Documents\HardeningESXi-Logs" -PathType Container

if ($checkdir -eq "*True*"){}

else {New-Item $env:USERPROFILE\Documents\HardeningESXi-Logs -ItemType directory}

#Information to be used in the script

$ntp1 = Read-Host "Put primary NTP Server"

$ntp2 = Read-Host "Put Secondary NTP Server" 

$domain = Read-Host "Put Domain, if your domain is hostname.test.local, you only need to put test.local"

###############################################

#Verify NTP Servers and status                #

###############################################

Write-Host -f White "###############################################"

Write-Host -f White "#Checking NTP Servers...                      #"

Write-Host -f White "###############################################"

Get-VMHost |Sort Name|Select Name, @{N=“NTPServer“;E={$_ |Get-VMHostNtpServer}}, @{N=“ServiceRunning“;E={(Get-VmHostService -VMHost $_ |Where-Object {$_.key-eq “ntpd“}).Running}} | Out-String | ForEach-Object { $_.Trim() } > "$env:USERPROFILE\Documents\HardeningESXi-Logs\NTP_Info.txt"

#Variables to verify if the first or Second NTP don't exist.

$CheckNTP1 = gc "$env:USERPROFILE\Documents\HardeningESXi-Logs\NTP_Info.txt" | ft NTPServer | findstr /v " _$Null NTPServer ---- _$Null" | where-object {$_ -notlike "*ntp1*"} | foreach{$_.split(".")[0]}

$CheckNTP2 = gc "$env:USERPROFILE\Documents\HardeningESXi-Logs\NTP_Info.txt" | ft NTPServer | findstr /v " _$Null NTPServer ---- _$Null" | where-object {$_ -notlike "*ntp2*"} | foreach{$_.split(".")[0]}

#Function to fix and leave the NTP Servers well loaded.

function LoadNTP {

#If the output of $var1 is empty then everything is fine.

$var1 = foreach($line in Get-Content "$env:USERPROFILE\Documents\HardeningESXi-Logs\NTP_Info.txt" | ft NTPServer | findstr /v " _$Null NTPServer ---- _$Null") { if($line -like '*ntp1*' -and $line -like '*ntp2*') { } else { $line } }

If ($var1 -eq $Null) {

Write-Host -f green "All NTP Servers are configured correctly"

}

else {

    #Check if the firs NTP Server is missing, if so, add the server.

    if ($CheckNTP1 -ne $Null) {

    Write-Host -f red "Server $ntp1 is missing"

    $CheckNTP1 | ForEach-Object {Get-VMHost "$_.$domain" | Remove-VMHostNtpServer -NtpServer $ntp2 -Confirm:$false}

    $CheckNTP1 | ForEach-Object {Get-VMHost "$_.$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$false}

    Write-Host -f green "Server $ntp1 was added successfully"

    }

    #Check if the Second NTP Server is missing, if so, add the server.

    elseif ($CheckNTP2 -ne $Null) {

    Write-Host -f red "Server $ntp2 is missing"

    $CheckNTP2 | ForEach-Object {Get-VMHost "$_.$domain" | Add-VMHostNtpServer -NtpServer $ntp2}

    Write-Host -f green "Server $ntp2 was added successfully"

    }

    else {

        Write-Host -f green "There was a problem adding NTP Servers, please verify."

        }

}

}

#Execute the function

LoadNTP

###############################################

#Verify NTP Service Status                    #

###############################################

Write-Host -f White "###############################################"

Write-Host -f White "#Verifying NTP services...                    #"

Write-Host -f White "###############################################"

#Generate the file to store the result of the status of NTP services "$env:USERPROFILE\Documents\ntp-service.txt".

Get-VMHost |Sort Name|Select Name, @{N=“NTPServer“;E={$_ |Get-VMHostNtpServer}}, @{N=“ServiceRunning“;E={(Get-VmHostService -VMHost $_ |Where-Object {$_.key-eq “ntpd“}).Running}} | Out-String | ForEach-Object { $_.Trim() } > "$env:USERPROFILE\Documents\HardeningESXi-Logs\ntp-service.txt"

function ServiceNTP {

#Look in the File "$env:USERPROFILE\Documents\HardeningESXi-Logs\ntp-service.txt", the computers with the service stopped and send the information to "$env:USERPROFILE\Documents\ntp-service-error.txt".

$ntpservice = gc "$env:USERPROFILE\Documents\HardeningESXi-Logs\ntp-service.txt" | ft ServiceRunning | findstr /v " _$Null ServiceRunning -------------- _$Null" | where-object {$_ -notlike "*True*"} | foreach{$_.split(".")[0]}

    #If the status of the services is True, mark everything correct, if it detects any like False, start the service.

    if($ntpservice -eq $Null) {

    Write-Host -f green "All NTP Services are started."

    }

    else {

    Write-Host -f red "Some NTP Services are Stopped."

    Write-Host -f red "Starting Service..."

    $ntpservice | ForEach-Object {Get-VMHost "$_.$domain" | Get-VMHostService |?{$_.key -eq ‘ntpd’} | Start-VMHostService -Confirm:$false}

    }

}

#Execute the function that validates the NTP services.

ServiceNTP

1 Solution

Accepted Solutions
LucD
Leadership
Leadership

You are still using the -eq to compare 2 arrays.

Try like this (remember to remove both WhatIf switches if it is working as expected)

$targetNTP = 'ntp1.domain','ntp2.domain'

Get-Cluster | Get-VMHost -PipelineVariable esx |

ForEach-Object -Process {

    $currentNtp = Get-VMHostNtpServer -VMHost $esx

    if (Compare-Object -ReferenceObject $targetNTP -DifferenceObject $currentNtp){

        Write-Host -f Red "'ntp1.domain','ntp2.domain added to Host(s)"

        Remove-VMHostNtpServer -VMHost $esx -NtpServer $currentNtp -Confirm:$false -WhatIf

        Add-VMHostNtpServer -VMHost $esx -NtpServer $targetNTP -Confirm:$false -WhatIf

    }

    else{

        Write-Host -f green "All NTP Servers are configured correctly"

    }

}


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

10 Replies
LucD
Leadership
Leadership

I tried to understand your code, but I'm afraid the logic escapes me.

Do all ESXi nodes need to use the same 2 NTP servers?

If yes, then why, when one is missing, just not remove everything and then add the 2 NTP servers, instead of having that rather complicated code (which I suspect is not correct)?

You are not using the Set-VMHostService cmdlet, which you would need to set the NTP service to automatic?

You can check the FW rule for NTP with the Get-VMHostFirewallException cmdlet.
But it doesn't look as if you are using that in your script.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

SCharchouf
Hot Shot
Hot Shot

As always discussing with you, help me lot Smiley Happy Thank you

my idea was is to get NTP details, store them in file then do necessary, I beleive you are right that I'm doing an incorrect script and complicate :smileyblush::smileyblush:

I confirm that I need to set the 2 NTP server for all nodes

Apologies if I'm bothering you :smileyblush:, I try to improve my self Smiley Wink

0 Kudos
LucD
Leadership
Leadership

That's no problem.

Just start simple.

A - NTP servers

- get the NTP servers on the ESXi node (Get-VMHostNtpServer)

- do they match the target NTP servers

     - if yes, continue

     - if no

          -remove the NTP servers (Remove-VMHostNtpServer)

          - add the NTP servers (Add-VMHostNtpServer)


B - NTP service

- get the NTP service (Get-VMHostService)

- is it set to Automatic?

     - if yes, continue

     - if no, set the service to automatic (Set-VMHostService)


C - NTP FW rule

- get the FW exceptions (Get-VMHostFirewallException)

- is there a rule for the NTP service?

     - if yes, continue

     - if no, add the FW rule for NTP (Get-EsxCli)


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
SCharchouf
Hot Shot
Hot Shot

I tried something like this

$NTPServerList = @("A.A.A.A","B.B.B.C")

$VMhosts = get-vmhost

Foreach ($VMHost in $VMHosts)

{

If (($VMHost | Get-VMHostntpServer) -ne $NTPList)

{

$VMHost | Get-VMHostntpserver | Remove-VMHostNtpServer

$VMHosts | Add-VmHostNtpServer -NtpServer $NTPServerList

}

}

#Allow NTP queries outbound through the firewall

$VMHosts | Get-VMHostFirewallException | where-object {$_.Name -eq "NTP client"} | Set-VMHostFirewallException -Enabled:$true

#Start NTP client service and set to automatic

$VMhosts | Get-VmHostService | Where-Object {$_.key -eq "ntpd"} | Stop-VMHostService

$VMhosts | Get-VmHostService | Where-Object {$_.key -eq "ntpd"} | Start-VMHostService

$VMhosts | Get-VmHostService | Where-Object {$_.key -eq "ntpd"} | Set-VMHostService -policy "automatic"

Error

cmdlet Remove-VMHostNtpServer at command pipeline position 2

Supply values for the following parameters:

NtpServer[0]:

0 Kudos
LucD
Leadership
Leadership

I'm afraid you can't compare arrays like that, you will have to use the Compare-Object cmdlet.

The Remove-VMHostNtpServer does not take the NTP servers from the pipeline.

This is a working example (remove both WhatIf switches when you are sure it is working as desired).

$targetNTP = 'ntp1.domain','ntp2.domain'

Get-CLuster | Get-VMHost -PipelineVariable esx |

ForEach-Object -Process {

    $currentNtp = Get-VMHostNtpServer -VMHost $esx

    if(Compare-Object -ReferenceObject $targetNTP -DifferenceObject $currentNtp){

        write-host "Changing"

        Remove-VMHostNtpServer -VMHost $esx -NtpServer $currentNtp -Confirm:$false -WhatIf

        Add-VMHostNtpServer -VMHost $esx -NtpServer $targetNTP -Confirm:$false -WhatIf

    }

}


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

SCharchouf
Hot Shot
Hot Shot

I made some change like this, as I need to show if ntp are set correct or Not.

so if it's as mentionned then output should show All NTP Servers are configured correctly otherwise ntp1.domain','ntp2.domain added to Host(s)

$targetNTP = 'ntp1.domain','ntp2.domain'

Get-CLuster | Get-VMHost -PipelineVariable esx |

ForEach-Object -Process {

    $currentNtp = Get-VMHostNtpServer -VMHost $esx

    if ($currentNtp -eq "$targetNTP") {

        Write-Host -f green "All NTP Servers are configured correctly"

}

else {

    if (Compare-Object -ReferenceObject $targetNTP -DifferenceObject $currentNtp){

        Write-Host -f Red "ntp1.domain','ntp2.domain added to Host(s)"

        Remove-VMHostNtpServer -VMHost $esx -NtpServer $currentNtp -Confirm:$false -WhatIf

        Add-VMHostNtpServer -VMHost $esx -NtpServer $targetNTP -Confirm:$false -WhatIf

    }

}

}

Unfortunatly like this, there's nothing shown and there's no error message, I guess the issue is related to whrite-Host?

0 Kudos
LucD
Leadership
Leadership

You can not use -eq to compare arrays (like I said before), use Compare-Object.

if ($currentNtp -eq "$targetNTP") {


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

SCharchouf
Hot Shot
Hot Shot

Unfortunately it's not working Smiley Sad:smileyblush:

I'm 100% sure that the right NTP is set correctly for 3 test nodes, and when I run the script it doesn't show that the NTP is set correctly

I'm not able to identify where's the issue Smiley Sad

0 Kudos
LucD
Leadership
Leadership

You are still using the -eq to compare 2 arrays.

Try like this (remember to remove both WhatIf switches if it is working as expected)

$targetNTP = 'ntp1.domain','ntp2.domain'

Get-Cluster | Get-VMHost -PipelineVariable esx |

ForEach-Object -Process {

    $currentNtp = Get-VMHostNtpServer -VMHost $esx

    if (Compare-Object -ReferenceObject $targetNTP -DifferenceObject $currentNtp){

        Write-Host -f Red "'ntp1.domain','ntp2.domain added to Host(s)"

        Remove-VMHostNtpServer -VMHost $esx -NtpServer $currentNtp -Confirm:$false -WhatIf

        Add-VMHostNtpServer -VMHost $esx -NtpServer $targetNTP -Confirm:$false -WhatIf

    }

    else{

        Write-Host -f green "All NTP Servers are configured correctly"

    }

}


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

SCharchouf
Hot Shot
Hot Shot

Thank you LucD it's working fine and as disered Smiley Happy

0 Kudos