Highlighted
Hot Shot
Hot Shot

Software Acceptance Level

Jump to solution

I'm trying to get the software acceptance level for some hosts and then provide a result

basicaly the script should collect the info and then compare it unfortunaly it's not working

$esxcli = Get-ESXCLI -VMHost -V2 -Server

$generatefile = ForEach($line in $esxcli) {$line.software.acceptance.get()}

$generatefile | Out-String | ForEach-Object { $_.Trim() } > "$FileHardening\Software_AcceptanceLevel-config.txt"

$generateerrorfile = foreach($line in (gc "$FileHardening\Software_AcceptanceLevel-config.txt")) {if ($line -like "*PartnerSupported*") {} else {$line}}

if ($generateerrorfile -eq $Null) {

Write-Log -FilePath $LogFile -Message "All Hosts have PartnerSupported Software Acceptance" -Level Success

}

else{

Write-Log -FilePath $LogFile -Message "Hosts with wrong Software Acceptance detected" -Level Warning

Write-Log -FilePath $LogFile -Message "You need to modify them manually" -Level Warning

Tags (1)
1 Solution

Accepted Solutions
Highlighted
User Moderator
User Moderator

You can't use that $obj since it hasn't been created yet when you hit the catch-block.

You could do something like this

$vmhosts = Get-VMHost

$failed = 0

foreach($esx in $vmhosts){

    try{

        $esxcli = Get-EsxCli -VMHost $esx -V2

        $obj = New-Object -TypeName PSObject -Property @{

            Msg =($esxcli.software.acceptance.get.Invoke()).Trim()

            VMHost = $esx.Name

        }

        if($obj.Msg -match 'PartnerSupported' ){

            Write-Log -FilePath $LogFile -Message "Host $($obj.VMHost) have PartnerSupported Software Acceptance" -Level Success

        }

        else{

            Write-Log -FilePath $LogFile -Message "Host $($obj.VMHost) with wrong Software Acceptance detected" -Level Warning

            Write-Log -FilePath $LogFile -Message "You need to modify host $($obj.VMHost) them manually" -Level Warning

        }

    }

    catch{

        $error[0]

        $failed++

        Write-Host "Error for $($esx.Name)"

    }

}

Write-Host "$failed/$($vmhosts.Count) failed"


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

0 Kudos
19 Replies
Highlighted
User Moderator
User Moderator

When you use the V2 switch you have to use the Invoke() method.
Also, the VMHost parameter is mandatory, you have to at least provide an asterisk

$FileHardening = 'D:\Temp'

$esxcli = Get-ESXCLI -VMHost * -V2

$generatefile = ForEach ($line in $esxcli) { $line.software.acceptance.get.Invoke() }

$generatefile | Out-String | ForEach-Object { $_.Trim() } > "$FileHardening\Software_AcceptanceLevel-config.txt"

$generateerrorfile = foreach ($line in (Get-Content -Path "$FileHardening\Software_AcceptanceLevel-config.txt")) { if ($line -like "*PartnerSupported*") { } else { $line } }

if ($generateerrorfile -eq $Null) {

    Write-Log -FilePath $LogFile -Message "All Hosts have PartnerSupported Software Acceptance" -Level Success

} else {

    Write-Log -FilePath $LogFile -Message "Hosts with wrong Software Acceptance detected" -Level Warning

    Write-Log -FilePath $LogFile -Message "You need to modify them manually" -Level Warning

}


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Highlighted
Hot Shot
Hot Shot

despite that I added this on the top of my script I got the below error message

Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false

Get-ESXCLI : 23/10/2020 19:10:40    Get-EsxCli          Could not establish secure channel for SSL/TLS with authority 'vcenter.local'.

At E:\Hardening_ESXi\Herdening_ESXi.ps1:182 char:11

+ $esxcli = Get-ESXCLI -VMHost * -V2

+       ~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo      : NotSpecified: (:) [Get-EsxCli], VimException
+ FullyQualifiedErrorId : Core_BaseCmdlet_UnknownError,VMware.VimAutomation.ViCore.Cmdlets.Commands.EsxCli.GetEsxCli
0 Kudos
Highlighted
User Moderator
User Moderator

That error seems to be saying that it is trying to connect to a vCenter?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
Highlighted
Hot Shot
Hot Shot

Yes I'm connected to vcenter and I just tested the script like this and same issue

$vcenter = Read-Host "vCenter name:"

$user = Read-Host "User:"

$password = Read-Host "Password:"

$FileHardening = 'E:\temp'

$esxcli = Get-ESXCLI -VMHost * -V2

$generatefile = ForEach ($line in $esxcli) { $line.software.acceptance.get.Invoke() }

$generatefile | Out-String | ForEach-Object { $_.Trim() } > "E:\temp\Software_AcceptanceLevel-config.txt"

$generateerrorfile = foreach ($line in (Get-Content -Path "E:\temp\Software_AcceptanceLevel-config.txt")) { if ($line -like "*PartnerSupported*") { } else { $line } }

if ($generateerrorfile -eq $Null) {

    Write-Host "All Hosts have PartnerSupported Software Acceptance"

} else {

    Write-Host "Hosts with wrong Software Acceptance detected"

    Write-Host "You need to modify them manually"

}

it works only If I do connect-viserver then I run the script

0 Kudos
Highlighted
User Moderator
User Moderator

I'm not sure why you want to do the Get-EsxCli this way.

Can you try like this?

$FileHardening = 'D:\Temp'

$esxcli = @()

Get-VMHost | ForEach-Object -Process {

    $esxcli += Get-ESXCLI -VMHost $_ -V2

}


$generatefile = ForEach ($line in $esxcli) { $line.software.acceptance.get.Invoke() }

$generatefile | Out-String | ForEach-Object { $_.Trim() } > "$FileHardening\Software_AcceptanceLevel-config.txt"

$generateerrorfile = foreach ($line in (Get-Content -Path "$FileHardening\Software_AcceptanceLevel-config.txt")) { if ($line -like "*PartnerSupported*") { } else { $line } }

if ($generateerrorfile -eq $Null) {

    Write-Log -FilePath $LogFile -Message "All Hosts have PartnerSupported Software Acceptance" -Level Success

} else {

    Write-Log -FilePath $LogFile -Message "Hosts with wrong Software Acceptance detected" -Level Warning

    Write-Log -FilePath $LogFile -Message "You need to modify them manually" -Level Warning

}


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Highlighted
Hot Shot
Hot Shot

Thanks it's working fine Smiley Happy  with just an error related to SSL/TLS

Just a question it's possible to add the hostname?

0 Kudos
Highlighted
User Moderator
User Moderator

That TLS error probably indicates that one of the certificates is not correct or that the TLS level on one of the ESXi nodes is not set to the expected level.

Where do you want to add the hostname?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Highlighted
Hot Shot
Hot Shot

Thanks for the clarification I will check this on a new thread    

Hostname should be added after acceptance in oder to get information for the host(s) that may have a different Software Acceptance Level

0 Kudos
Highlighted
User Moderator
User Moderator

Something like this?

Get-VMHost | ForEach-Object -Process {

    $esxcli = Get-EsxCli -VMHost $_ -V2

    $obj = New-Object -TypeName PSObject -Property @{

        Msg =($esxcli.software.acceptance.get.Invoke()).Trim()

        VMHost = $esxcli.system.hostname.get.Invoke().FullyqualifiedDomainName

    }

    if($obj.Msg -match 'PartnerSupported' ){

        Write-Log -FilePath $LogFile -Message "Host $($obj.VMHost) have PartnerSupported Software Acceptance" -Level Success

    }

    else{

        Write-Log -FilePath $LogFile -Message "Host $($obj.VMHost) with wrong Software Acceptance detected" -Level Warning

        Write-Log -FilePath $LogFile -Message "You need to modify host $($obj.VMHost) them manually" -Level Warning

    }

}


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
Highlighted
Hot Shot
Hot Shot

I tested the script like this

Get-VMHost | ForEach-Object -Process {

    $esxcli = Get-ESXCLI -VMHost $_ -V2

    $obj = New-Object -TypeName PSObject -Property @{

       

        Msg = ($esxcli.software.acceptance.get.Invoke()).Trim()

        VMHost = $esxcli.system.hostname.get.Invoke().FullyqualifiedDomainName

}

    if($obj.Msg -match 'PartnerSupported' ){

        Write-Log -FilePath $LogFile -Message "Host $($obj.VMHost) have PartnerSupported Software Acceptance" -Level Success

    }

    else{

     if($obj.Msg -match 'VMwareAccepted' ){

        Write-Log -FilePath $LogFile -Message "Host $($obj.VMHost) have VMwareAccepted Software Acceptance" -Level Success

    else{      

        Write-Log -FilePath $LogFile -Message "Host $($obj.VMHost) have VMwareCertified Software Acceptance" -Level Success

    }

}

}

}

I got the below error :

You cannot call a method on a null-valued expression.

At X:\script.ps1:172 char:5

+     $obj = New-Object -TypeName PSObject -Property @{

+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException

    + FullyQualifiedErrorId : InvokeMethodOnNull

0 Kudos
Highlighted
User Moderator
User Moderator

I suspect that the Get-EsxCli cmdlets for one or more of the ESXi nodes fails.
This is probably related to the SSL error you were getting.

Try adding a try-catch

Get-VMHost | ForEach-Object -Process {

    try{

        $esxcli = Get-EsxCli -VMHost $_ -V2

        $obj = New-Object -TypeName PSObject -Property @{

            Msg =($esxcli.software.acceptance.get.Invoke()).Trim()

            VMHost = $esxcli.system.hostname.get.Invoke().FullyqualifiedDomainName

        }

        if($obj.Msg -match 'PartnerSupported' ){

            Write-Log -FilePath $LogFile -Message "Host $($obj.VMHost) have PartnerSupported Software Acceptance" -Level Success

        }

        else{

            Write-Log -FilePath $LogFile -Message "Host $($obj.VMHost) with wrong Software Acceptance detected" -Level Warning

            Write-Log -FilePath $LogFile -Message "You need to modify host $($obj.VMHost) them manually" -Level Warning

        }

    }

    catch{

        $error[0]

    }

}


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
Highlighted
Hot Shot
Hot Shot

Thanks, you just put me on a track, the server had a restart message, I will test once started

0 Kudos
Highlighted
Hot Shot
Hot Shot

Server rebooted same issue, checked with another vCenter also same issue

I guess you are right regarding the error message related to SSL/TLS

can we work with Get-Cluster | Get-VMHost -PipelineVariable esx instead of using $esxcli and obtain the same result?

0 Kudos
Highlighted
User Moderator
User Moderator

I'm afraid not.
That information can only be retrieved via an esxcli command.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Highlighted
Hot Shot
Hot Shot

Thanks for confirmation Smiley Happy

finally, even the error message appears, the script is running. on a test vcenter there is just 1 single server which does not report information.

is that possible the information of the total number of ESXs checked in the vCenter, so that I can make the comparisons with the inventory of ESXs

0 Kudos
Highlighted
User Moderator
User Moderator

You could add a counter.

$esx = Get-VMHost

$failed = 0

$esx | ForEach-Object -Process {

    try{

        $esxcli = Get-EsxCli -VMHost $_ -V2

        $obj = New-Object -TypeName PSObject -Property @{

            Msg =($esxcli.software.acceptance.get.Invoke()).Trim()

            VMHost = $esxcli.system.hostname.get.Invoke().FullyqualifiedDomainName

        }

        if($obj.Msg -match 'PartnerSupported' ){

            Write-Log -FilePath $LogFile -Message "Host $($obj.VMHost) have PartnerSupported Software Acceptance" -Level Success

        }

        else{

            Write-Log -FilePath $LogFile -Message "Host $($obj.VMHost) with wrong Software Acceptance detected" -Level Warning

            Write-Log -FilePath $LogFile -Message "You need to modify host $($obj.VMHost) them manually" -Level Warning

        }

    }

    catch{

        $error[0]

        $failed++

    }

}

Write-Host "$failed/$($esx.Count) failed"


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Highlighted
Hot Shot
Hot Shot

I tried also to get the failed Host by using $($obj.VMHost)  but it didn't provide a good result

0 Kudos
Highlighted
User Moderator
User Moderator

You can't use that $obj since it hasn't been created yet when you hit the catch-block.

You could do something like this

$vmhosts = Get-VMHost

$failed = 0

foreach($esx in $vmhosts){

    try{

        $esxcli = Get-EsxCli -VMHost $esx -V2

        $obj = New-Object -TypeName PSObject -Property @{

            Msg =($esxcli.software.acceptance.get.Invoke()).Trim()

            VMHost = $esx.Name

        }

        if($obj.Msg -match 'PartnerSupported' ){

            Write-Log -FilePath $LogFile -Message "Host $($obj.VMHost) have PartnerSupported Software Acceptance" -Level Success

        }

        else{

            Write-Log -FilePath $LogFile -Message "Host $($obj.VMHost) with wrong Software Acceptance detected" -Level Warning

            Write-Log -FilePath $LogFile -Message "You need to modify host $($obj.VMHost) them manually" -Level Warning

        }

    }

    catch{

        $error[0]

        $failed++

        Write-Host "Error for $($esx.Name)"

    }

}

Write-Host "$failed/$($vmhosts.Count) failed"


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

0 Kudos
Highlighted
Hot Shot
Hot Shot

Thank you very much, it's perfect as a result Smiley Happy Smiley Happy

0 Kudos