I'm trying to get the software acceptance level for some hosts and then provide a result
basicaly the script should collect the info and then compare it unfortunaly it's not working
$esxcli = Get-ESXCLI -VMHost -V2 -Server
$generatefile = ForEach($line in $esxcli) {$line.software.acceptance.get()}
$generatefile | Out-String | ForEach-Object { $_.Trim() } > "$FileHardening\Software_AcceptanceLevel-config.txt"
$generateerrorfile = foreach($line in (gc "$FileHardening\Software_AcceptanceLevel-config.txt")) {if ($line -like "*PartnerSupported*") {} else {$line}}
if ($generateerrorfile -eq $Null) {
Write-Log -FilePath $LogFile -Message "All Hosts have PartnerSupported Software Acceptance" -Level Success
}
else{
Write-Log -FilePath $LogFile -Message "Hosts with wrong Software Acceptance detected" -Level Warning
Write-Log -FilePath $LogFile -Message "You need to modify them manually" -Level Warning
You can't use that $obj since it hasn't been created yet when you hit the catch-block.
You could do something like this
$failed = 0
foreach($esx in $vmhosts){
try{
$esxcli = Get-EsxCli -VMHost $esx -V2
$obj = New-Object -TypeName PSObject -Property @{
Msg =($esxcli.software.acceptance.get.Invoke()).Trim()
VMHost = $esx.Name
}
if($obj.Msg -match 'PartnerSupported' ){
Write-Log -FilePath $LogFile -Message "Host $($obj.VMHost) have PartnerSupported Software Acceptance" -Level Success
}
else{
Write-Log -FilePath $LogFile -Message "Host $($obj.VMHost) with wrong Software Acceptance detected" -Level Warning
Write-Log -FilePath $LogFile -Message "You need to modify host $($obj.VMHost) them manually" -Level Warning
}
}
catch{
$error[0]
$failed++
Write-Host "Error for $($esx.Name)"
}
}
Write-Host "$failed/$($vmhosts.Count) failed"
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
When you use the V2 switch you have to use the Invoke() method.
Also, the VMHost parameter is mandatory, you have to at least provide an asterisk
$esxcli = Get-ESXCLI -VMHost * -V2
$generatefile = ForEach ($line in $esxcli) { $line.software.acceptance.get.Invoke() }
$generatefile | Out-String | ForEach-Object { $_.Trim() } > "$FileHardening\Software_AcceptanceLevel-config.txt"
$generateerrorfile = foreach ($line in (Get-Content -Path "$FileHardening\Software_AcceptanceLevel-config.txt")) { if ($line -like "*PartnerSupported*") { } else { $line } }
if ($generateerrorfile -eq $Null) {
Write-Log -FilePath $LogFile -Message "All Hosts have PartnerSupported Software Acceptance" -Level Success
} else {
Write-Log -FilePath $LogFile -Message "Hosts with wrong Software Acceptance detected" -Level Warning
Write-Log -FilePath $LogFile -Message "You need to modify them manually" -Level Warning
}
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
despite that I added this on the top of my script I got the below error message
Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false
Get-ESXCLI : 23/10/2020 19:10:40 | Get-EsxCli | Could not establish secure channel for SSL/TLS with authority 'vcenter.local'. |
At E:\Hardening_ESXi\Herdening_ESXi.ps1:182 char:11
+ $esxcli = Get-ESXCLI -VMHost * -V2
+ | ~~~~~~~~~~~~~~~~~~~~~~~~ | |
+ CategoryInfo | : NotSpecified: (:) [Get-EsxCli], VimException | |
+ FullyQualifiedErrorId : Core_BaseCmdlet_UnknownError,VMware.VimAutomation.ViCore.Cmdlets.Commands.EsxCli.GetEsxCli |
That error seems to be saying that it is trying to connect to a vCenter?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Yes I'm connected to vcenter and I just tested the script like this and same issue
$vcenter = Read-Host "vCenter name:"
$user = Read-Host "User:"
$password = Read-Host "Password:"
$FileHardening = 'E:\temp'
$esxcli = Get-ESXCLI -VMHost * -V2
$generatefile = ForEach ($line in $esxcli) { $line.software.acceptance.get.Invoke() }
$generatefile | Out-String | ForEach-Object { $_.Trim() } > "E:\temp\Software_AcceptanceLevel-config.txt"
$generateerrorfile = foreach ($line in (Get-Content -Path "E:\temp\Software_AcceptanceLevel-config.txt")) { if ($line -like "*PartnerSupported*") { } else { $line } }
if ($generateerrorfile -eq $Null) {
Write-Host "All Hosts have PartnerSupported Software Acceptance"
} else {
Write-Host "Hosts with wrong Software Acceptance detected"
Write-Host "You need to modify them manually"
}
it works only If I do connect-viserver then I run the script
I'm not sure why you want to do the Get-EsxCli this way.
Can you try like this?
$esxcli = @()
Get-VMHost | ForEach-Object -Process {
$esxcli += Get-ESXCLI -VMHost $_ -V2
}
$generatefile = ForEach ($line in $esxcli) { $line.software.acceptance.get.Invoke() }
$generatefile | Out-String | ForEach-Object { $_.Trim() } > "$FileHardening\Software_AcceptanceLevel-config.txt"
$generateerrorfile = foreach ($line in (Get-Content -Path "$FileHardening\Software_AcceptanceLevel-config.txt")) { if ($line -like "*PartnerSupported*") { } else { $line } }
if ($generateerrorfile -eq $Null) {
Write-Log -FilePath $LogFile -Message "All Hosts have PartnerSupported Software Acceptance" -Level Success
} else {
Write-Log -FilePath $LogFile -Message "Hosts with wrong Software Acceptance detected" -Level Warning
Write-Log -FilePath $LogFile -Message "You need to modify them manually" -Level Warning
}
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Thanks it's working fine with just an error related to SSL/TLS
Just a question it's possible to add the hostname?
That TLS error probably indicates that one of the certificates is not correct or that the TLS level on one of the ESXi nodes is not set to the expected level.
Where do you want to add the hostname?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Thanks for the clarification I will check this on a new thread
Hostname should be added after acceptance in oder to get information for the host(s) that may have a different Software Acceptance Level
Something like this?
$esxcli = Get-EsxCli -VMHost $_ -V2
$obj = New-Object -TypeName PSObject -Property @{
Msg =($esxcli.software.acceptance.get.Invoke()).Trim()
VMHost = $esxcli.system.hostname.get.Invoke().FullyqualifiedDomainName
}
if($obj.Msg -match 'PartnerSupported' ){
Write-Log -FilePath $LogFile -Message "Host $($obj.VMHost) have PartnerSupported Software Acceptance" -Level Success
}
else{
Write-Log -FilePath $LogFile -Message "Host $($obj.VMHost) with wrong Software Acceptance detected" -Level Warning
Write-Log -FilePath $LogFile -Message "You need to modify host $($obj.VMHost) them manually" -Level Warning
}
}
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
I tested the script like this
Get-VMHost | ForEach-Object -Process {
$esxcli = Get-ESXCLI -VMHost $_ -V2
$obj = New-Object -TypeName PSObject -Property @{
Msg = ($esxcli.software.acceptance.get.Invoke()).Trim()
VMHost = $esxcli.system.hostname.get.Invoke().FullyqualifiedDomainName
}
if($obj.Msg -match 'PartnerSupported' ){
Write-Log -FilePath $LogFile -Message "Host $($obj.VMHost) have PartnerSupported Software Acceptance" -Level Success
}
else{
if($obj.Msg -match 'VMwareAccepted' ){
Write-Log -FilePath $LogFile -Message "Host $($obj.VMHost) have VMwareAccepted Software Acceptance" -Level Success
else{
Write-Log -FilePath $LogFile -Message "Host $($obj.VMHost) have VMwareCertified Software Acceptance" -Level Success
}
}
}
}
I got the below error :
You cannot call a method on a null-valued expression.
At X:\script.ps1:172 char:5
+ $obj = New-Object -TypeName PSObject -Property @{
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
I suspect that the Get-EsxCli cmdlets for one or more of the ESXi nodes fails.
This is probably related to the SSL error you were getting.
Try adding a try-catch
try{
$esxcli = Get-EsxCli -VMHost $_ -V2
$obj = New-Object -TypeName PSObject -Property @{
Msg =($esxcli.software.acceptance.get.Invoke()).Trim()
VMHost = $esxcli.system.hostname.get.Invoke().FullyqualifiedDomainName
}
if($obj.Msg -match 'PartnerSupported' ){
Write-Log -FilePath $LogFile -Message "Host $($obj.VMHost) have PartnerSupported Software Acceptance" -Level Success
}
else{
Write-Log -FilePath $LogFile -Message "Host $($obj.VMHost) with wrong Software Acceptance detected" -Level Warning
Write-Log -FilePath $LogFile -Message "You need to modify host $($obj.VMHost) them manually" -Level Warning
}
}
catch{
$error[0]
}
}
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Thanks, you just put me on a track, the server had a restart message, I will test once started
Server rebooted same issue, checked with another vCenter also same issue
I guess you are right regarding the error message related to SSL/TLS
can we work with Get-Cluster | Get-VMHost -PipelineVariable esx instead of using $esxcli and obtain the same result?
I'm afraid not.
That information can only be retrieved via an esxcli command.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Thanks for confirmation
finally, even the error message appears, the script is running. on a test vcenter there is just 1 single server which does not report information.
is that possible the information of the total number of ESXs checked in the vCenter, so that I can make the comparisons with the inventory of ESXs
You could add a counter.
$failed = 0
$esx | ForEach-Object -Process {
try{
$esxcli = Get-EsxCli -VMHost $_ -V2
$obj = New-Object -TypeName PSObject -Property @{
Msg =($esxcli.software.acceptance.get.Invoke()).Trim()
VMHost = $esxcli.system.hostname.get.Invoke().FullyqualifiedDomainName
}
if($obj.Msg -match 'PartnerSupported' ){
Write-Log -FilePath $LogFile -Message "Host $($obj.VMHost) have PartnerSupported Software Acceptance" -Level Success
}
else{
Write-Log -FilePath $LogFile -Message "Host $($obj.VMHost) with wrong Software Acceptance detected" -Level Warning
Write-Log -FilePath $LogFile -Message "You need to modify host $($obj.VMHost) them manually" -Level Warning
}
}
catch{
$error[0]
$failed++
}
}
Write-Host "$failed/$($esx.Count) failed"
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
I tried also to get the failed Host by using $($obj.VMHost) but it didn't provide a good result
You can't use that $obj since it hasn't been created yet when you hit the catch-block.
You could do something like this
$failed = 0
foreach($esx in $vmhosts){
try{
$esxcli = Get-EsxCli -VMHost $esx -V2
$obj = New-Object -TypeName PSObject -Property @{
Msg =($esxcli.software.acceptance.get.Invoke()).Trim()
VMHost = $esx.Name
}
if($obj.Msg -match 'PartnerSupported' ){
Write-Log -FilePath $LogFile -Message "Host $($obj.VMHost) have PartnerSupported Software Acceptance" -Level Success
}
else{
Write-Log -FilePath $LogFile -Message "Host $($obj.VMHost) with wrong Software Acceptance detected" -Level Warning
Write-Log -FilePath $LogFile -Message "You need to modify host $($obj.VMHost) them manually" -Level Warning
}
}
catch{
$error[0]
$failed++
Write-Host "Error for $($esx.Name)"
}
}
Write-Host "$failed/$($vmhosts.Count) failed"
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Thank you very much, it's perfect as a result