I wish to harden all my vm's on an esxi host. However I don't know how to remove all pci devices. Any help ?
Just type it at PS prompt and hit <Enter>
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
$global:defaultviservers
Name Port User
---- ---- ----
192. 443 VSPHERE.LOCAL\Administrator
192. 443 VSPHERE.LOCAL\Administrator
192. 443 root
Ok, that explains the multiple entries.
You have multiple connections open.
Can you close them all, and open just 1 connection to the vCenter?
And then try my script again?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
$vm = Get-VM -Name vm4
$vm.ExtensionData.Config.Hardware.Device |
where{$_ -is [VMware.Vim.VirtualPCIPassthrough]} |
Select @{N='Label';E={$_.DeviceInfo.Label}},
@{N='Key';E={$_.Key}},
@{N='ControllerKey';E={$_.ControllerKey}},
@{N='Unit';E={$_.UnitNumber}},
@{N='Summary';E={$_.DeviceInfo.Summary}},
@{N='vGPU';E={$_.Backing.VGpu}}
Name Port User
---- ---- ----
192.168.217.8 443 VSPHERE.LOCAL\Administrator
Get-VM : 05/03/2019 11:56:20 Get-VM There was no endpoint listening at https://192.168.217.6/sdk that could accept the message. This is often caused by an incorrect
address or SOAP action. See InnerException, if present, for more details.
At line:2 char:10
+ $vm = Get-VM -Name vm4
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-VM], VimException
+ FullyQualifiedErrorId : Core_BaseCmdlet_UnknownError,VMware.VimAutomation.ViCore.Cmdlets.Commands.GetVM
Label : PCI device 0
Key : 13000
ControllerKey : 100
Unit : 18
Summary : NVIDIA GRID vGPU NVIDA
vGPU : NVIDA
connection to my esxi host shows:
PS C:\WINDOWS\system32> Connect-VIServer -Server 192.168.217.6 -Protocol https -User root -Password Password1$
$vm = Get-VM -Name vm4
$vm.ExtensionData.Config.Hardware.Device |
where{$_ -is [VMware.Vim.VirtualPCIPassthrough]} |
Select @{N='Label';E={$_.DeviceInfo.Label}},
@{N='Key';E={$_.Key}},
@{N='ControllerKey';E={$_.ControllerKey}},
@{N='Unit';E={$_.UnitNumber}},
@{N='Summary';E={$_.DeviceInfo.Summary}},
@{N='vGPU';E={$_.Backing.VGpu}}
Name Port User
---- ---- ----
192.168.217.6 443 root
Label : PCI device 0
Key : 13000
ControllerKey : 100
Unit : 18
Summary : NVIDIA GRID vGPU NVIDA
vGPU : NVIDA
Label : PCI device 0
Key : 13000
ControllerKey : 100
Unit : 18
Summary : NVIDIA GRID vGPU NVIDA
vGPU : NVIDA
There seems to be an issue with your vCenter connection.
You'll have to fix that!
When it returns more than result, you might have again multiple connections open.
Did you do a Disconnect-VIServer?
What is in $global:defaultviservers?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
PS C:\WINDOWS\system32> $global:defaultviservers
Name Port User
---- ---- ----
192.168.217.6 443 root
192.168.217.8 443 VSPHERE.LOCAL\Administrator
You are again connected to the vCenter and the ESXi node, which explains the double results.
Try like this (first replace the fields in the Connect-VIServer line with your vCenter and your account).
Connect-VIServer -Server <your-vCenter> -User <your-account> -Password <your-password>
$global:DefaultVIServers
$vm = Get-VM -Name vm4
$vm.ExtensionData.Config.Hardware.Device |
where{$_ -is [VMware.Vim.VirtualPCIPassthrough]} |
Select @{N='Label';E={$_.DeviceInfo.Label}},
@{N='Key';E={$_.Key}},
@{N='ControllerKey';E={$_.ControllerKey}},
@{N='Unit';E={$_.UnitNumber}},
@{N='Summary';E={$_.DeviceInfo.Summary}},
@{N='vGPU';E={$_.Backing.VGpu}}
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
PS C:\WINDOWS\system32> Disconnect-VIServer -Server * -Force -Confirm:$false
Connect-VIServer -Server 192.... -Protocol https -User administrator@vsphere.local -Password xxxxxx
$global:defaultviservers
$vm = Get-VM -Name vm4
$vm.ExtensionData.Config.Hardware.Device |
where{$_ -is [VMware.Vim.VirtualPCIPassthrough]} |
Select @{N='Label';E={$_.DeviceInfo.Label}},
@{N='Key';E={$_.Key}},
@{N='ControllerKey';E={$_.ControllerKey}},
@{N='Unit';E={$_.UnitNumber}},
@{N='Summary';E={$_.DeviceInfo.Summary}},
@{N='vGPU';E={$_.Backing.VGpu}}
Disconnect-VIServer : 05/03/2019 13:07:40 Disconnect-VIServer The server '192.xxxxxxx' is already disconnected.
At line:1 char:1
+ Disconnect-VIServer -Server * -Force -Confirm:$false
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (192.xxxxxxx:VIServerImpl) [Disconnect-VIServer], InvalidState
+ FullyQualifiedErrorId : Core_DisconnectVIServer_DoWork_ServerNotConnected,VMware.VimAutomation.ViCore.Cmdlets.Commands.DisconnectVIServer
Name Port User
---- ---- ----
192.xxxxxxx 443 VSPHERE.LOCAL\Administrator
192.1xxxxx 443 VSPHERE.LOCAL\Administrator
Label : PCI device 0
Key : 13000
ControllerKey : 100
Unit : 18
Summary : NVIDIA GRID vGPU NVIDA
vGPU : NVIDA
There seems to be something wrong with your vCenter connection.
From where are you running the code?
From the PS prompt? Or the ISE or VSC?
Try to stop the prompt or editor, and start it again.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Disconnect-VIServer -Server 19xxxxx -Force -Confirm:$false
PS C:\Users\Michael Shaoul> Connect-VIServer -Server 19xxxxxx -Protocol https -User administrator@vsphere.local -Password xxxxxxxxx
$global:defaultviservers
$vm = Get-VM -Name vm4
$vm.ExtensionData.Config.Hardware.Device |
where{$_ -is [VMware.Vim.VirtualPCIPassthrough]} |
Select @{N='Label';E={$_.DeviceInfo.Label}},
@{N='Key';E={$_.Key}},
@{N='ControllerKey';E={$_.ControllerKey}},
@{N='Unit';E={$_.UnitNumber}},
@{N='Summary';E={$_.DeviceInfo.Summary}},
@{N='vGPU';E={$_.Backing.VGpu}}
Name Port User
---- ---- ----
192.xxxxxxxx 443 VSPHERE.LOCAL\Administrator
192.xxxxxxxx 443 VSPHERE.LOCAL\Administrator
Label : PCI device 0
Key : 13000
ControllerKey : 100
Unit : 18
Summary : NVIDIA GRID vGPU NVIDA
vGPU : NVIDA
I am running VMware workstation.
I am running code from ISE.
Stopped and started
That is better.
Now try the script from Re: remove all pci devices on all vm's using powershell again.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
I only get this
PS C:\Users\Michael Shaoul> Connect-VIServer -Server 192xxxx -Protocol https -User administrator@vsphere.local -Password xxxx
Get-VM | Get-PassthroughDevice | Remove-PassthroughDevice -Confirm:$false
Name Port User
---- ---- ----
192xxxxxxx 443 VSPHERE.LOCAL\Administrator
Get-PassthroughDevice : 05/03/2019 14:04:26 Get-PassthroughDevice Unable to cast object of type 'VMware.Vim.VirtualPCIPassthroughVmiopBackingInfo' to type
'VMware.Vim.VirtualPCIPassthroughDeviceBackingInfo'.
At line:2 char:12
+ Get-VM | Get-PassthroughDevice | Remove-PassthroughDevice -Confir ...
+ ~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-PassthroughDevice], VimException
+ FullyQualifiedErrorId : Core_BaseCmdlet_UnknownError,VMware.VimAutomation.ViCore.Cmdlets.Commands.VirtualDevice.GetPassthroughDevice
Get-PassthroughDevice : 05/03/2019 14:04:26 Get-PassthroughDevice Unable to cast object of type 'VMware.Vim.VirtualPCIPassthroughVmiopBackingInfo' to type
'VMware.Vim.VirtualPCIPassthroughDeviceBackingInfo'.
At line:2 char:12
+ Get-VM | Get-PassthroughDevice | Remove-PassthroughDevice -Confir ...
+ ~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-PassthroughDevice], VimException
+ FullyQualifiedErrorId : Core_BaseCmdlet_UnknownError,VMware.VimAutomation.ViCore.Cmdlets.Commands.VirtualDevice.GetPassthroughDeviceI still
That is not the script I pointed to!
We know by now that the cmdlets have an issue, hence I pointed to the API method.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Genius, thanks for your persistence with me! it works
Your API method script is for one vm called 'MyVM'.
How would I change the script to remove pci devices from all vm's ?
I don't want to import a list of vm's.
and
I cant use Get-VM, as the script only works with Get-VM -Name $Var
You can do that in a loop.
Something like this for example.
$pci = $_.ExtensionData.Config.Hardware.Device | where {$_ -is [VMware.Vim.VirtualPCIPassthrough]}
if ($pci) {
$spec = New-Object VMware.Vim.VirtualMachineConfigSpec
$dev = New-Object VMware.Vim.VirtualDeviceConfigSpec
$dev.operation = "remove"
$dev.Device = $pci
$spec.DeviceChange += $dev
$_.ExtensionData.ReconfigVM($spec)
}
else {
Write-Host "No CPI device found on VM $($_.Name)"
}
}
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference