SCampbell1's Posts

This may be useful to me too as I'm having a similar error with Get-TagAssignment. ("sequence contains no matching element") The version of PowerCLI may also be useful for troubleshooting. ... See more...
This may be useful to me too as I'm having a similar error with Get-TagAssignment. ("sequence contains no matching element") The version of PowerCLI may also be useful for troubleshooting. I am running: Name                          Version ----                          ------- VMware.VimAutomation.Cis.Core 6.5.1.5374323 VMware.VimAutomation.Common   6.5.1.5335010 VMware.VimAutomation.Core     6.5.1.5374329 VMware.VimAutomation.Sdk      1.0.0.5334677 Update. After further exploration, this error is occurring for me on a Standard VirtualPortGroup entity which does not appear in the network pane.  (vMotion and Management Network).  This is repeatable for other vCenters which don't use dvSwitches. This worked around my problem: Get-VirtualPortGroup -Standard | Where-Object { $_.ExtensionData.Port.Type -ne "host" } | Get-TagAssignment
During our ESXi deployment automation, we use Set-VMHostAuthentication to join the ESXi v6.5 server to the AD domain. This works flawlessly about 2/3 of the time. The other 1/3, the join su... See more...
During our ESXi deployment automation, we use Set-VMHostAuthentication to join the ESXi v6.5 server to the AD domain. This works flawlessly about 2/3 of the time. The other 1/3, the join succeeds, (Get-VMHostAuthentication).DomainMembershipStatus -eq "OK", and the computer's domain account has been updated (we pre-create the account and make sure all DC's know about the account before attempting the join). However, the field (Get-VMHostAuthentication).TrustedDomains -eq $null (normal completion shows the one trusted sub-domain) When we try to grant a domain user/group permissions, we see error          + CategoryInfo          : ObjectNotFound: (myDomain\myGroup:String) [New-VIPermission], VimException If we reboot the ESX server, there is no joined domain. Domain-related DNS and AD replication all appear to be properly configured. This behaviour also occurs using the web client, which is why I'm posting this here and not in the PowerCLI forum. Before I go down the Likewise logging/debugging path, I'm wondering if anyone has experienced something similar and/or can provide pointers to the root cause. Thank you for this.
Bug? I've tried uninstalling/reinstalling PowerCLI.  V6.3 and 6.5 were installed on the same computer but at different times. Thanks! --- This works with PowerCLI 6.3 3737840 PowerCLI... See more...
Bug? I've tried uninstalling/reinstalling PowerCLI.  V6.3 and 6.5 were installed on the same computer but at different times. Thanks! --- This works with PowerCLI 6.3 3737840 PowerCLI C:\> Get-VDPortgroup VLAN_xxx_VDS | Get-TagAssignment -Category IPSubnet Tag                                      Entity ---                                      ------ IPSubnet/1.1.0.0/16                      VLAN_xxx_VDS With PowerCLI 6.5 4624819, we get the following error.  This seems to be independent of the vCenter server version (fails with V5.1 and V6.0) PowerCLI C:\> Get-VDPortgroup VLAN_xxx_VDS | Get-TagAssignment -Category IPSubnet Get-TagAssignment : 2017-01-20 2:59:31 PM    Get-TagAssignment        There is no registered provider that supports the specified UID type. At line:1 char:32 + Get-VDPortgroup VLAN_xxx_VDS | Get-TagAssignment -Category IPSubnet +                                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     + CategoryInfo          : InvalidArgument: (/VIServer=edc-n...vportgroup-141/:String) [Get-TagAssignment], VimException     + FullyQualifiedErrorId : Sdk_CoreServiceImpl_GetProviderForUid_NoProviderFound,VMware.VimAutomation.ViCore.Cmdlets.Commands.Tagging.GetTagAssignment
Just an FYI for people reading this thread with similar problems. After installing the OS in our environment, the host initially comes up with a DHCP-assigned address, and a Powershell script ... See more...
Just an FYI for people reading this thread with similar problems. After installing the OS in our environment, the host initially comes up with a DHCP-assigned address, and a Powershell script waits for this to happen, then changes the IP address and other information to the correct static IP address. In ESX 6.0 this causes a restart of the management network. In ESX 6.5, the behaviour is slightly different, and the management network didn't seem to completely restart.  The problem goes away when the management network is manually restarted from the console. Next step is to look at how to achieve this through PowerCLI, although since this only happens once at build time, we may just use PowerCLI to reboot the server after these changes are completed.
Problem: DNS lookups failing from ESX, preventing AD domain join. Configuration and tests: This all works when this same blade is installed with ESX6.0U2 HPE ESX 6.5 iso One NIC with VLAN ... See more...
Problem: DNS lookups failing from ESX, preventing AD domain join. Configuration and tests: This all works when this same blade is installed with ESX6.0U2 HPE ESX 6.5 iso One NIC with VLAN trunking, and Management VLAN configured with VLAN Id, IP address, subnet and default gateway ESXi shell enabled for troubleshooting. All inbound connections to the ESX host (web client, classic client, tracert) work from any subnet. Output ping from the ESX host to same subnet works Output ping from ESX host to DNS server (different subnet) fails from the ESX server, but works from other computers on the same subnet. nslookup fails (as expected) I'm not real experienced with ESX internals, but ran this with no effect: esxcli firewall set --enable false In the LAB on a separate chassis, the ESX 6.5 server can join the domain, but the domain controller is in the same subnet which may or may not be a factor there. I'm just looking for some troubleshooting or obscure configuration tips for ESX6.5, although a solution would be nice.  Thanks for any input.
Just a note in case someone else experiences similar behaviour Using Copy-VMGuestFile seems to have stopped allowing wildcard copies from the guest to the local system. The "local" is Power... See more...
Just a note in case someone else experiences similar behaviour Using Copy-VMGuestFile seems to have stopped allowing wildcard copies from the guest to the local system. The "local" is PowerCLI V6R1 running on Windows 2012 R2 The "guest" is VMTools 9.10 (The vSphere 6 version) running on Windows 7 Enterprise The "goo" in the middle in this environment is V5.1.  It is possible this is responsible for our issue. Copying a file works: Copy-VMGuestFile -VM MyVM -GuestToLocal -GuestCredential (Get-Credential) -Force -Destination "C:\Temp\MyWork\" -Source "C:\Temp\MyWork\MyFile.txt" Copying a folder works: Copy-VMGuestFile -VM MyVM -GuestToLocal -GuestCredential (Get-Credential) -Force -Destination "C:\Temp\MyWork\" -Source "C:\Temp\MyWork\" But this returns error "the parameter is incorrect" Copy-VMGuestFile -VM MyVM -GuestToLocal -GuestCredential (Get-Credentail) -Force -Destination "C:\Temp\MyWork\" -Source "C:\Temp\MyWork\*.txt" If the VMTools is V5.5, the wildcard copy works in our environment.
Hi Aaron, Thank you very much for your reply. Your proposed sequence is exactly what I tried, so it is good to have some confirmation Deploy the template Apply the OS customization spec ... See more...
Hi Aaron, Thank you very much for your reply. Your proposed sequence is exactly what I tried, so it is good to have some confirmation Deploy the template Apply the OS customization spec Set the NIC to start disconnected Turn on the VM.  If you watch the VIEvent log for the VM you can see exactly when the OS customization spec (sysprep I assume) start event happens and at that moment the NIC is attached to the network and set to start connected. I couldn't find a way to control the NIC in the OS customization spec.  If you delete the NIC mapping for the spec, the power on fails.  The settings in the NIC mapping that I could see basically allow you to set DHCP, static addresses, use the vsApplication or prompt the user.  You can't control the nic connectivity. I might explore including a step in the sysprep process to disable the NIC inside the guest, then enable it later on.  However for now, I'm just attaching the NIC to an isolated portgroup during that initialization, then setting the start disconnected, disconnect and portgroup back when that finishes. Thanks again!
Does anyone know a way to prevent the NIC on a Windows VM from changing from StartConnected=$false/Connected=$false (desired state) to StartConnected=$true/Connected=$true as the OS Customization... See more...
Does anyone know a way to prevent the NIC on a Windows VM from changing from StartConnected=$false/Connected=$false (desired state) to StartConnected=$true/Connected=$true as the OS Customization Spec is applied on first startup?  As soon as the VIEvent shows the customization has started, the NIC state is changed. There is some Antivirus network communications stuff inside the template, and if the VM connects too soon, the AV database gets screwed up.  We need the NIC in the template to allow patches to be applied, and prefer not to delete/add the NIC because of internal Windows device issues, and not remove the AV software from the template and add it after the deployment. Deleting the NIC Mapping from the Customization Spec fails.  There is no setting I can see to just leave the NIC alone but maybe there is something in the MoRef world that I haven't seen. Setting "Nic".AllowGuestControl=$false doesn't achieve this goal. The approach we're now considering is attaching the VM to a dead-end dvSwitch-based portgroup, starting the VM, then connecting to the "real" portgroup after.  This creates a dependency on the vCenter configuration and vSphere servers to publish that portgroup all over the place.  Unpleasant but manageable. We could also watch VIEvents during the first startup and turn the NIC off as soon as we see it come on.  That seems risky since the VM will be connected to the network for a little while. Environment is PowerCLI 6 connecting to vCenter 5.5 Anyone have any thoughts? Thanks very much for for this....
Hi Terry. Please see my earlier post in this thread.  For some reason, the name of the Authorization Manager changes with the vSphere 5. objects. Here's the code I posted earlier. $doma... See more...
Hi Terry. Please see my earlier post in this thread.  For some reason, the name of the Authorization Manager changes with the vSphere 5. objects. Here's the code I posted earlier. $domain = "ourDomain" $groupname = "ourGroup" $svcgroup = $domain + "\" + $groupname $folder = Get-Folder -Name "ha-folder-root" $authMgr = Get-View "AuthorizationManager-ha-authmgr" $perm = New-Object VMware.Vim.Permission $perm.principal = $svcgroup $perm.group = $true $perm.propagate = $true $perm.roleid = ($authMgr.RoleList | where{$_.Name -eq "Admin"}).RoleId $authMgr.SetEntityPermissions(($folder | Get-View).MoRef, $perm)
I often find myself doing things like the following in these situations – although I haven’t used this script. New-VIGroupPermission "DOMAIN\Group" (Get-Folder “FolderName”) "Role" $true/false... See more...
I often find myself doing things like the following in these situations – although I haven’t used this script. New-VIGroupPermission "DOMAIN\Group" (Get-Folder “FolderName”) "Role" $true/false I would guess the function is expecting a folder object, not a string object. You need to get the folder object to pass into the function.
I'm going to do one of those things that I hate forum contributors doing - speculate. From our testing, I *believe* that vSphere does not do paged LDAP queries against AD (but I also believe t... See more...
I'm going to do one of those things that I hate forum contributors doing - speculate. From our testing, I *believe* that vSphere does not do paged LDAP queries against AD (but I also believe that vCenter does which is why vCenter can find everything but vSphere cannot).  As a result, the most entries that can be returned to the vSphere server for any query is the lower of the maximum configured here in vSphere, and the maximum configured in the Active Directory LDAP Policy MaxPageSize setting.  That second limit defaults to 1000, and should only be changed once you understand the consequences (http://technet.microsoft.com/en-us/library/cc770976(WS.10).aspx). So if your domain has less than 1000 users and groups (i.e., your lab or a separate administration domain), you are probably OK using the current version of Get-VIAccount which seems to do a really big query then finds what you're looking for in the result set. Otherwise, you should use LucD's workaround which I posted previously which does a focused query for the account/group you specify. Hopefully, the next version of Get-VIAccount and the underlying code for New-VIPermission (which seems to use the same process), will do the directed queries as well.
We are still exploring this since we're experiencing the same problem (vSphere 5 server fails to find a given group but vCenter 5 works) I think we need to control the advanced vSphere server ... See more...
We are still exploring this since we're experiencing the same problem (vSphere 5 server fails to find a given group but vCenter 5 works) I think we need to control the advanced vSphere server setting:   Config.HostAgent.plugins.vimsvc.userSearch.maxResults The default value is 100 which means you don't find stuff if you have more than 100 objects in your directory.  It also explains the different behaviour with vCenter and vSphere server when you're trying to query. I'll update this entry if more details come to light (e.g., what's the relative behaviour between 0 and 128000 - a good maximum based on the number of objects in our directory. Here's LucD's code amended for vSphere 5.  It seems to work when we connect directly to the vSphere server, finding groups that can't be found using New-VIPermission or Get-VIAccount.  It's exactly the same except for the name of the AuthorizationManager object. $domain = "ourDomain" $groupname = "ourGroup" $svcgroup = $domain + "\" + $groupname $folder = Get-Folder -Name "ha-folder-root" $authMgr = Get-View "AuthorizationManager-ha-authmgr" $perm = New-Object VMware.Vim.Permission $perm.principal = $svcgroup $perm.group = $true $perm.propagate = $true $perm.roleid = ($authMgr.RoleList | where{$_.Name -eq "Admin"}).RoleId $authMgr.SetEntityPermissions(($folder | Get-View).MoRef, $perm) Oct 06: Updated to add workaround code for setting permissions on vSphere servers in large AD domains
Thanks everyone. The VM we are trying to migrate is already a clone of the current production server. I will try the patience thing one more time since I expect the migrate and clone use t... See more...
Thanks everyone. The VM we are trying to migrate is already a clone of the current production server. I will try the patience thing one more time since I expect the migrate and clone use the same "move the data over there" APIs. The Converter technique sounds interesting; and I will consider installing that tool. If that doesn't work, I will use the export to portable media thing as I said in the original post. Thanks again!
Hi all, We are trying to migrate a powered-off Virtual Machine from our corporate site to our business resumption site in order to seed another computer in that site.  It consists of two 40G V... See more...
Hi all, We are trying to migrate a powered-off Virtual Machine from our corporate site to our business resumption site in order to seed another computer in that site.  It consists of two 40G VMDKs and the usual VMX etc. The network has enough capacity to support our data replication needs, if not this one migration need, with a capacity of 3MBits/second with firewalls and VPN's. The source and target ESX servers are running the latest 3.5 build and are ESX, not ESXi, and are connected to the same VC server which is located at the corporate site. We've tried to perform the migration several times using the VC Migrate..., but things always time out.  We are in no rush to get it across, but would like to know it's migrating, and that it has completed. We may end up physically walking the VM over using primitive physical techniques, but the BR site requires appointments and access controls and is a relatively long way away. Are there any techniques people have found effective in this situation?  For example, vmkfstools, tar and sc? vc settings? esx settings? patience? Thanks for this.
Hi there, In November 2009, Derek Seaman posted a blog about replacing the default SSL VUM 4.0 certificates with signed SSL certificates. http://derek858.blogspot.com/2009/11/vcenter-update-m... See more...
Hi there, In November 2009, Derek Seaman posted a blog about replacing the default SSL VUM 4.0 certificates with signed SSL certificates. http://derek858.blogspot.com/2009/11/vcenter-update-manager-40-ssl.html The process seems pretty cumbersome (install VUM, replace the certs, uninstall VUM, install VUM, turn around three times clockwise at a full moon, cross your fingers). Thanks to Derek for the post and the comments after that post. Very useful. Does anyone know/tested to see whether the process is a little more streamlined this time? Also are there any plans by VMware to include VUM in the vSphere Security Hardening Guide/vCenter Certificate guides? Thanks all
We're just tinkering with vShield and Cisco N1000V independently and together in the lab as we prepare to deploy vSphere. The current configuration in our lab is this: The public side o... See more...
We're just tinkering with vShield and Cisco N1000V independently and together in the lab as we prepare to deploy vSphere. The current configuration in our lab is this: The public side of a vShield VM is connected to an N1000V Port Group The private side of the vShield VM is connected to a local vSwitch Portgroup with Promiscuous mode permitted. (It's not a dV Port group, but do recognize this would be needed as we evolve the lab) We have servers on the public side and one server on the protected port group, and can transfer data to and from all these servers from another computer outside the ESX environment. The protected server is shown as protected in the vShield Manager I have a script running elsewhere that is generating traffic to and from the protected server. The vShield Manager Status for that vShield is showing all the expected traffic in both the p0 and u0 status. But, the VMFlow stats for the protected server and its roll-ups shows "No Data Found" Some questions I was unable to get the protected Port Group working as an N1000V port group, and have since found information here confirming that. Is the failure to display VMFlow stats related to the fact the public side doesn't really support promiscuous mode? (since it's a N1000V port group) Is there some other misconfiguration I've done that is preventing the VMFlow data from showing? Again with the promiscuous issue, am I unlikely to get a second computer in the protected side to work? I saw a reference to reversing my configuration: Put the public side on a vNetwork switch with uplinks, and put the protected side as an N1000V port group. Is this likely to work better? I understand Cisco is working on a solution to this problem, but we did want to put in as much "end-state" infrastructure as possible as we prepare for deployment, and doing the uplink side using N1000V seems to make more sense to me. Thanks for this.
I'll open a ticket, but this may be something stupid so I prefer to embarrass myself here before I start the "support call slow dance" Two identical ESX 3.5 servers (not ESXi or ESXembedde... See more...
I'll open a ticket, but this may be something stupid so I prefer to embarrass myself here before I start the "support call slow dance" Two identical ESX 3.5 servers (not ESXi or ESXembedded) HP DL580G5, 2x QLogic HBA, 2x Intel 10G NIC, 1x Intel Quad 1G NIC Both servers were at ESX35U2 and working great in all respects. Silly me: I upgraded one server to ESX35U3 (Just before the ixgbe caution on the website) and everything broke, likely due to leaving the SAN connected during the upgrade and the user friendly upgrade process finding an old Linux partition on a LUN and using that to help out. At the time, I then reinstalled ESX35U3 from scratch and everything except the 10G NICs worked. The 10G NICs show as live from the network switch side and from the ESX side. However, when I VMotion a VM from the U2 server to the U3 server I can no longer ping the VM. If I reconfigure the vswitch on the U3 box to attach a 1G NIC to the VSwitch, pings work fine. So the problem is on the 10G side. I have upgraded the server BIOS before the reinstall so it is current as of early December. Today I installed the Dec 30 ixgbe (V 1.3.31.6-136074) driver following the VMware instructions with the driver using the "Driver CD as an Update CD Only" and it worked properly. The esxupdate query shows that the driver was installed, and vmkload_mod -l shows the driver is running (although the driver version isn't shown in the output that I can see). I have the same symptoms. When the vswitch is connected to a 1G NIC, I can ping the VM. When the vswitch is connected to either 10G NIC, I cannot ping the VM. This isn't critical since the one server has sufficient capacity to handle the load, but it would be nice to get back to a VMotion pair for load balancing and maintenance, and I would rather not reinstall ESX35U2 unless it's necessary. Any suggestions would be most welcome. Thanks!!!
This was our first implementation of 3.5u3 on a production server and I thought this would be a safer alternative rather than remediating the one server. We also wanted to take the shutdown op... See more...
This was our first implementation of 3.5u3 on a production server and I thought this would be a safer alternative rather than remediating the one server. We also wanted to take the shutdown opportunity to flip the NX flag in the BIOS so we could get ready to implement eVC on the cluster. I guess I was wrong, and in another life will use VUM even for minor version upgrades. Thanks...
Thank you both for your assistance. The PSOD occurred before the grub menu appeared so even though I pressed the c key continuously after the POST, the PSOD always appeared. In the ... See more...
Thank you both for your assistance. The PSOD occurred before the grub menu appeared so even though I pressed the c key continuously after the POST, the PSOD always appeared. In the end, I followed the "safe" route and reinstalled with the SAN disconnected, and reconfigured the server to match it's previous settings.
Thanks Surya, This Illegal Opcode pops up as soon as the POST finishes and the grub window doesn't show at all. Is there some key I can press to try to grab grub? When I ran the update t... See more...
Thanks Surya, This Illegal Opcode pops up as soon as the POST finishes and the grub window doesn't show at all. Is there some key I can press to try to grab grub? When I ran the update the first time, the HBA was connected although I'm not aware of any Unix LUNs presented to the server, but perhaps something happened then. When I ran update each time after that, the HBA was not connected, and the boot loader record was definitely written to cciss\d0p0 (I may have the letters wrong, but it was definitely the P400 adapter) After booting from the update CDROM, the update does find the existing ESX implementation and updates it as you expect. Again, thanks for this.