VMware Cloud Community
PUNTOREAR
Contributor
Contributor
Jump to solution

remove all pci devices on all vm's using powershell

I wish to harden all my vm's on an esxi host. However I don't know how to remove all pci devices. Any help ?

Reply
0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership
Jump to solution

Looks like the issue (see Remove Passthrough Device ) with PCI devices is still there.

Can you try with the API method?

$vmName = 'MyVM'

$vm = Get-VM -Name $vmName

$pci = $vm.ExtensionData.Config.Hardware.Device | where {$_ -is [VMware.Vim.VirtualPCIPassthrough]}


if ($pci) {

   $spec = New-Object VMware.Vim.VirtualMachineConfigSpec

   $dev = New-Object VMware.Vim.VirtualDeviceConfigSpec

   $dev.operation = "remove"

   $dev.Device = $pci

   $spec.DeviceChange += $dev


   $vm.ExtensionData.ReconfigVM($spec)

}

else {

   Write-Host "No CPI device found on VM"

}


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

Reply
0 Kudos
36 Replies
LucD
Leadership
Leadership
Jump to solution

Are you targeting the PCI Passthrough devices or all PCI devices (including controllers)?

If only the passthrough devices, you could do

Get-VM |

   Get-PassthroughDevice |

   Remove-PassthroughDevice -Confirm:$false

Depending on the guest OS running in the VM, you might have to take action inside the guest OS as well (before removing the device)


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
PUNTOREAR
Contributor
Contributor
Jump to solution

When I connect to my esxi host and run your script I get the error message below:

Unable to cast object of type 'VMware.Vim.VirtualPCIPassthroughVmiopBackingInfo' to type

'VMware.Vim.VirtualPCIPassthroughDeviceBackingInfo'.

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

What kind of passthrough devices do you have?

Can you run

Get-VM |

Get-PassthroughDevice |

  Select @{N = 'VM'; E = {$_.VM.Name}},Name,VendorName


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

Can you also check which PowerCLI version you are using?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
PUNTOREAR
Contributor
Contributor
Jump to solution

pastedImage_0.pngpastedImage_1.png

I am just in a lab environment. I don't have the option to add a pci device, so I went to vcenter and added a shared pci device. I wanted a command to remove ' PCI device 1' shown in the pic ? If my very limited understanding is right (possibly not) your command should remove 'PCI device 1 ' show in the picture ?

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

That is the idea, yes.

Is that PCI device used as a passthrough device in a VM?

Can you remove the PCI device via the Web Client?
What PowerCLI version are you using?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
PUNTOREAR
Contributor
Contributor
Jump to solution

Yes the pci device pictured is the settings of a vm. I can remove with the web client .

PowerCLI Version

----------------

   VMware PowerCLI 11.2.0 build 12483598

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

Looks like the issue (see Remove Passthrough Device ) with PCI devices is still there.

Can you try with the API method?

$vmName = 'MyVM'

$vm = Get-VM -Name $vmName

$pci = $vm.ExtensionData.Config.Hardware.Device | where {$_ -is [VMware.Vim.VirtualPCIPassthrough]}


if ($pci) {

   $spec = New-Object VMware.Vim.VirtualMachineConfigSpec

   $dev = New-Object VMware.Vim.VirtualDeviceConfigSpec

   $dev.operation = "remove"

   $dev.Device = $pci

   $spec.DeviceChange += $dev


   $vm.ExtensionData.ReconfigVM($spec)

}

else {

   Write-Host "No CPI device found on VM"

}


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
PUNTOREAR
Contributor
Contributor
Jump to solution

$vmName = 'vm4'
$vm = Get-VM -Name $vmName
$pci = $vm.ExtensionData.Config.Hardware.Device | where {$_ -is [VMware.Vim.VirtualPCIPassthrough]}

if ($pci) {
   $spec = New-Object VMware.Vim.VirtualMachineConfigSpec
   $dev = New-Object VMware.Vim.VirtualDeviceConfigSpec
   $dev.operation = "remove"
   $dev.Device = $pci
   $spec.DeviceChange += $dev

   $vm.ExtensionData.ReconfigVM($spec)
}
else {
   Write-Host "No CPI device found on VM"}

Name                           Port  User                         
----                           ----  ----                         
192.1xxxxx                  443   VSPHERE.LOCAL\Administrator  
Exception setting "Device": "Cannot convert the "System.Object[]" value of type "System.Object[]" to type "VMware.Vim.VirtualDevice"."
At line:10 char:4
+    $dev.Device = $pci
+    ~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], SetValueInvocationException
    + FullyQualifiedErrorId : ExceptionWhenSetting

Exception calling "ReconfigVM" with "1" argument(s): "
Required property device is missing from data object of type VirtualDeviceConfigSpec
while parsing serialized DataObject of type vim.vm.device.VirtualDeviceSpec
at line 1, column 250
while parsing property "deviceChange" of static type ArrayOfVirtualDeviceConfigSpec
while parsing serialized DataObject of type vim.vm.ConfigSpec
at line 1, column 244
while parsing call information for method ReconfigVM_Task
at line 1, column 171
while parsing SOAP body
at line 1, column 64
while parsing SOAP envelope
at line 1, column 0
while parsing HTTP request for method reconfigure
on object of type vim.VirtualMachine
at line 1, column 0"
At line:13 char:4
+    $vm.ExtensionData.ReconfigVM($spec)
+    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : VimException

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

Looks like you have more than 1 PCI device on that VM.
In that case, try like this.

$vmName = 'MyVM'

$vm = Get-VM -Name $vmName

$pci = $vm.ExtensionData.Config.Hardware.Device | where {$_ -is [VMware.Vim.VirtualPCIPassthrough]}


if ($pci) {

   $spec = New-Object VMware.Vim.VirtualMachineConfigSpec

   $pci | ForEach-Object -Process {

        $dev = New-Object VMware.Vim.VirtualDeviceConfigSpec

        $dev.operation = "remove"

        $dev.Device = $_

        $spec.DeviceChange += $dev

   }


   $vm.ExtensionData.ReconfigVM($spec)

}

else {

   Write-Host "No CPI device found on VM"

}


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
PUNTOREAR
Contributor
Contributor
Jump to solution

$vmName = 'vm4'
$vm = Get-VM -Name $vmName
$pci = $vm.ExtensionData.Config.Hardware.Device | where {$_ -is [VMware.Vim.VirtualPCIPassthrough]}

if ($pci) {
   $spec = New-Object VMware.Vim.VirtualMachineConfigSpec
   $pci | ForEach-Object -Process {
        $dev = New-Object VMware.Vim.VirtualDeviceConfigSpec
        $dev.operation = "remove"
        $dev.Device = $_
        $spec.DeviceChange += $dev
   }

   $vm.ExtensionData.ReconfigVM($spec)
}
else {
   Write-Host "No CPI device found on VM"
}

Name                           Port  User                         
----                           ----  ----                         
192.168.217.8                  443   VSPHERE.LOCAL\Administrator  
Exception calling "ReconfigVM" with "1" argument(s): "Invalid configuration for device '1'."
At line:15 char:4
+    $vm.ExtensionData.ReconfigVM($spec)
+    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : VimException

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

What does this show?

Get-VM -Name vm4 |

Get-PassthroughDevice |

Select @{N = 'VM'; E = {$_.VM.Name}},Name,VendorName


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
PUNTOREAR
Contributor
Contributor
Jump to solution

Get-VM -Name vm4 |
Get-PassthroughDevice |
Select @{N = 'VM'; E = {$_.VM.Name}},Name,VendorName

Name                           Port  User                         
----                           ----  ----                         
192.168.217.8                  443   VSPHERE.LOCAL\Administrator  
Get-PassthroughDevice : 04/03/2019 16:10:01 Get-PassthroughDevice  Unable to cast object of type 'VMware.Vim.VirtualPCIPassthroughVmiopBackingInfo' to type
'VMware.Vim.VirtualPCIPassthroughDeviceBackingInfo'.
At line:3 char:1
+ Get-PassthroughDevice |
+ ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Get-PassthroughDevice], VimException
    + FullyQualifiedErrorId : Core_BaseCmdlet_UnknownError,VMware.VimAutomation.ViCore.Cmdlets.Commands.VirtualDevice.GetPassthroughDevice

Get-PassthroughDevice : 04/03/2019 16:10:01 Get-PassthroughDevice  Unable to cast object of type 'VMware.Vim.VirtualPCIPassthroughVmiopBackingInfo' to type
'VMware.Vim.VirtualPCIPassthroughDeviceBackingInfo'.
At line:3 char:1
+ Get-PassthroughDevice |
+ ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Get-PassthroughDevice], VimException
    + FullyQualifiedErrorId : Core_BaseCmdlet_UnknownError,VMware.VimAutomation.ViCore.Cmdlets.Commands.VirtualDevice.GetPassthroughDevice

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

Seems that there are issues with all the cmdlets.

Can you perhaps show a screenshot of the vritual hardware where you opened the PCI device?

And what does this show?

$vm = Get-VM -Name vm4

$vm.ExtensionData.Config.Hardware.Device |

where{$_ -is [VMware.Vim.VirtualPCIPassthrough]} |

Select @{N='Label';E={$_.DeviceInfo.Label}},

   @{N='Summary';E={$_.DeviceInfo.Summary}},

   @{N='vGPU';E={$_.Backing.VGpu}}


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
PUNTOREAR
Contributor
Contributor
Jump to solution

pastedImage_0.png

PS C:\WINDOWS\system32> Connect-VIServer -Server 192.168.217.8 -Protocol https -User administrator@vsphere.local -Password Password1$
$vm = Get-VM -Name vm4
$vm.ExtensionData.Config.Hardware.Device |
where{$_ -is [VMware.Vim.VirtualPCIPassthrough]} |
Select @{N='Label';E={$_.DeviceInfo.Label}},
   @{N='Summary';E={$_.DeviceInfo.Summary}},
   @{N='vGPU';E={$_.Backing.VGpu}}

Name                           Port  User                         
----                           ----  ----                         
192.168.217.8                  443   VSPHERE.LOCAL\Administrator  

Label   : PCI device 0
Summary : NVIDIA GRID vGPU NVIDA
vGPU    : NVIDA


Label   : PCI device 0
Summary : NVIDIA GRID vGPU NVIDA
vGPU    : NVIDA

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

Strange, you have "PCI device 0" twice on that VM?
I wanted to see what is shown for the PCI device 0 when you click that arrow left of the name.

It should show some of the properties of the device


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
PUNTOREAR
Contributor
Contributor
Jump to solution

pastedImage_0.png

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

Can you run

$vm = Get-VM -Name vm4

$vm.ExtensionData.Config.Hardware.Device |

where{$_ -is [VMware.Vim.VirtualPCIPassthrough]} |

Select @{N='Label';E={$_.DeviceInfo.Label}},

   @{N='Key';E={$_.Key}},

   @{N='ControllerKey';E={$_.ControllerKey}},

   @{N='Unit';E={$_.UnitNumber}},

   @{N='Summary';E={$_.DeviceInfo.Summary}},

   @{N='vGPU';E={$_.Backing.VGpu}}

And also check what $global:defaultviservers contains?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
PUNTOREAR
Contributor
Contributor
Jump to solution

PS C:\WINDOWS\system32> Connect-VIServer -Server 19xxxxxxxxx -Protocol https -User administrator@vsphere.local -Password xxxxxxxxx
   $vm = Get-VM -Name vm4
$vm.ExtensionData.Config.Hardware.Device |
where{$_ -is [VMware.Vim.VirtualPCIPassthrough]} |
Select @{N='Label';E={$_.DeviceInfo.Label}},
   @{N='Key';E={$_.Key}},
   @{N='ControllerKey';E={$_.ControllerKey}},
   @{N='Unit';E={$_.UnitNumber}},
   @{N='Summary';E={$_.DeviceInfo.Summary}},
   @{N='vGPU';E={$_.Backing.VGpu}}

Name                           Port  User                         
----                           ----  ----                         
192.168.217.8                  443   VSPHERE.LOCAL\Administrator 

Label         : PCI device 0
Key           : 13000
ControllerKey : 100
Unit          : 18
Summary       : NVIDIA GRID vGPU NVIDA
vGPU          : NVIDA


Label         : PCI device 0
Key           : 13000
ControllerKey : 100
Unit          : 18
Summary       : NVIDIA GRID vGPU NVIDA
vGPU          : NVIDA

Where/ how do I view $global:defaultviservers

Reply
0 Kudos