10 Replies Latest reply on Sep 27, 2020 9:48 AM by SCharchouf

    NTP Settings on all Hosts with recommended parameters

    SCharchouf Enthusiast

      I have created the below script in order to:

      • Check NTP on all ESXi hosts
      • Make change if required
      • Start NTPD service
      • Set policy to automatic
      • Allow NTP queries outbound through the firewall

       

      issue:

      1. not able to set policy to automatic
      2. Not able to create a function to check NTP queries outbound through the firewall and correct it if required
      3. there's errors when I run the script

       

      Error :

       

      ###############################################

      #Checking NTP Servers...                      #

      ###############################################

      Server XXX.XXX.XXX.XXX is missing

      Remove-VMHostNtpServer : 26/09/2020 16:28:41    Remove-VMHostNtpServer          The NtpServer 'YYY.YYY.YYY.YYY' does not exist on VMHost 'ESX03.TEST.LOCAL'.

      At K:\Scripts\testScript_Test_Hardening.ps1:44 char:60

      + ... _.$domain" | Remove-VMHostNtpServer -NtpServer $ntp2 -Confirm:$false}

      +                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

          + CategoryInfo          : InvalidArgument: (:) [Remove-VMHostNtpServer], VimException

          + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_RemoveVmHostNtpServer_NameDoesNotExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.RemoveVMHostNtpServer

       

      Remove-VMHostNtpServer : 26/09/2020 16:28:41    Remove-VMHostNtpServer          The NtpServer 'YYY.YYY.YYY.YYY' does not exist on VMHost 'ESX03.TEST.LOCAL'.

      At K:\Scripts\testScript_Test_Hardening.ps1:44 char:60

      + ... _.$domain" | Remove-VMHostNtpServer -NtpServer $ntp2 -Confirm:$false}

      +                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

          + CategoryInfo          : InvalidArgument: (:) [Remove-VMHostNtpServer], VimException

          + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_RemoveVmHostNtpServer_NameDoesNotExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.RemoveVMHostNtpServer

       

      Remove-VMHostNtpServer : 26/09/2020 16:28:41    Remove-VMHostNtpServer          The NtpServer 'YYY.YYY.YYY.YYY' does not exist on VMHost 'ESX03.TEST.LOCAL'.

      At K:\Scripts\testScript_Test_Hardening.ps1:44 char:60

      + ... _.$domain" | Remove-VMHostNtpServer -NtpServer $ntp2 -Confirm:$false}

      +                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

          + CategoryInfo          : InvalidArgument: (:) [Remove-VMHostNtpServer], VimException

          + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_RemoveVmHostNtpServer_NameDoesNotExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.RemoveVMHostNtpServer

       

      Remove-VMHostNtpServer : 26/09/2020 16:28:42    Remove-VMHostNtpServer          The NtpServer 'YYY.YYY.YYY.YYY' does not exist on VMHost 'ESX02.TEST.LOCAL'.

      At K:\Scripts\testScript_Test_Hardening.ps1:44 char:60

      + ... _.$domain" | Remove-VMHostNtpServer -NtpServer $ntp2 -Confirm:$false}

      +                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

          + CategoryInfo          : InvalidArgument: (:) [Remove-VMHostNtpServer], VimException

          + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_RemoveVmHostNtpServer_NameDoesNotExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.RemoveVMHostNtpServer

       

      Remove-VMHostNtpServer : 26/09/2020 16:28:42    Remove-VMHostNtpServer          The NtpServer 'YYY.YYY.YYY.YYY' does not exist on VMHost 'ESX02.TEST.LOCAL'.

      At K:\Scripts\testScript_Test_Hardening.ps1:44 char:60

      + ... _.$domain" | Remove-VMHostNtpServer -NtpServer $ntp2 -Confirm:$false}

      +                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

          + CategoryInfo          : InvalidArgument: (:) [Remove-VMHostNtpServer], VimException

          + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_RemoveVmHostNtpServer_NameDoesNotExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.RemoveVMHostNtpServer

       

      Remove-VMHostNtpServer : 26/09/2020 16:28:42    Remove-VMHostNtpServer          The NtpServer 'YYY.YYY.YYY.YYY' does not exist on VMHost 'ESX02.TEST.LOCAL'.

      At K:\Scripts\testScript_Test_Hardening.ps1:44 char:60

      + ... _.$domain" | Remove-VMHostNtpServer -NtpServer $ntp2 -Confirm:$false}

      +                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

          + CategoryInfo          : InvalidArgument: (:) [Remove-VMHostNtpServer], VimException

          + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_RemoveVmHostNtpServer_NameDoesNotExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.RemoveVMHostNtpServer

       

      Add-VMHostNtpServer : 26/09/2020 16:28:43       Add-VMHostNtpServer             The NtpServer 'XXX.XXX.XXX.XXX' already exist on VMHost 'ESX03.TEST.LOCAL'.

      At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

      + ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

      +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

          + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

          + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

       

      XXX.XXX.XXX.XXX

      YYY.YYY.YYY.YYY

      Add-VMHostNtpServer : 26/09/2020 16:28:43       Add-VMHostNtpServer             The NtpServer 'XXX.XXX.XXX.XXX' already exist on VMHost 'ESX03.TEST.LOCAL'.

      At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

      + ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

      +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

          + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

          + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

       

      Add-VMHostNtpServer : 26/09/2020 16:28:43       Add-VMHostNtpServer             The NtpServer 'YYY.YYY.YYY.YYY' already exist on VMHost 'ESX03.TEST.LOCAL'.

      At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

      + ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

      +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

          + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

          + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

       

      Add-VMHostNtpServer : 26/09/2020 16:28:43       Add-VMHostNtpServer             The NtpServer 'XXX.XXX.XXX.XXX' already exist on VMHost 'ESX03.TEST.LOCAL'.

      At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

      + ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

      +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

          + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

          + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

       

      Add-VMHostNtpServer : 26/09/2020 16:28:43       Add-VMHostNtpServer             The NtpServer 'YYY.YYY.YYY.YYY' already exist on VMHost 'ESX03.TEST.LOCAL'.

      At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

      + ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

      +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

          + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

          + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

       

      Add-VMHostNtpServer : 26/09/2020 16:28:43       Add-VMHostNtpServer             The NtpServer 'XXX.XXX.XXX.XXX' already exist on VMHost 'ESX03.TEST.LOCAL'.

      At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

      + ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

      +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

          + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

          + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

       

      Add-VMHostNtpServer : 26/09/2020 16:28:43       Add-VMHostNtpServer             The NtpServer 'YYY.YYY.YYY.YYY' already exist on VMHost 'ESX03.TEST.LOCAL'.

      At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

      + ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

      +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

          + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

          + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

       

      Add-VMHostNtpServer : 26/09/2020 16:28:43       Add-VMHostNtpServer             The NtpServer 'XXX.XXX.XXX.XXX' already exist on VMHost 'ESX02.TEST.LOCAL'.

      At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

      + ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

      +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

          + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

          + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

       

      XXX.XXX.XXX.XXX

      YYY.YYY.YYY.YYY

      Add-VMHostNtpServer : 26/09/2020 16:28:43       Add-VMHostNtpServer             The NtpServer 'XXX.XXX.XXX.XXX' already exist on VMHost 'ESX02.TEST.LOCAL'.

      At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

      + ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

      +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

          + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

          + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

       

      Add-VMHostNtpServer : 26/09/2020 16:28:43       Add-VMHostNtpServer             The NtpServer 'YYY.YYY.YYY.YYY' already exist on VMHost 'ESX02.TEST.LOCAL'.

      At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

      + ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

      +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

          + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

          + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

       

      Add-VMHostNtpServer : 26/09/2020 16:28:44       Add-VMHostNtpServer             The NtpServer 'XXX.XXX.XXX.XXX' already exist on VMHost 'ESX02.TEST.LOCAL'.

      At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

      + ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

      +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

          + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

          + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

       

      Add-VMHostNtpServer : 26/09/2020 16:28:44       Add-VMHostNtpServer             The NtpServer 'YYY.YYY.YYY.YYY' already exist on VMHost 'ESX02.TEST.LOCAL'.

      At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

      + ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

      +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

          + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

          + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

       

      Add-VMHostNtpServer : 26/09/2020 16:28:44       Add-VMHostNtpServer             The NtpServer 'XXX.XXX.XXX.XXX' already exist on VMHost 'ESX02.TEST.LOCAL'.

      At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

      + ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

      +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

          + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

          + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

       

      Add-VMHostNtpServer : 26/09/2020 16:28:44       Add-VMHostNtpServer             The NtpServer 'YYY.YYY.YYY.YYY' already exist on VMHost 'ESX02.TEST.LOCAL'.

      At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

      + ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

      +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

          + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

          + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

       

      Add-VMHostNtpServer : 26/09/2020 16:28:44       Add-VMHostNtpServer             The NtpServer 'XXX.XXX.XXX.XXX' already exist on VMHost 'ESX01.TEST.LOCAL'.

      At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

      + ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

      +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

          + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

          + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

       

      Add-VMHostNtpServer : 26/09/2020 16:28:44       Add-VMHostNtpServer             The NtpServer 'YYY.YYY.YYY.YYY' already exist on VMHost 'ESX01.TEST.LOCAL'.

      At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

      + ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

      +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

          + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

          + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

       

      Add-VMHostNtpServer : 26/09/2020 16:28:44       Add-VMHostNtpServer             The NtpServer 'XXX.XXX.XXX.XXX' already exist on VMHost 'ESX01.TEST.LOCAL'.

      At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

      + ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

      +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

          + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

          + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

       

      Add-VMHostNtpServer : 26/09/2020 16:28:44       Add-VMHostNtpServer             The NtpServer 'YYY.YYY.YYY.YYY' already exist on VMHost 'ESX01.TEST.LOCAL'.

      At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

      + ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

      +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

          + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

          + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

       

      Add-VMHostNtpServer : 26/09/2020 16:28:44       Add-VMHostNtpServer             The NtpServer 'XXX.XXX.XXX.XXX' already exist on VMHost 'ESX01.TEST.LOCAL'.

      At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

      + ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

      +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

          + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

          + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

       

      Add-VMHostNtpServer : 26/09/2020 16:28:44       Add-VMHostNtpServer             The NtpServer 'YYY.YYY.YYY.YYY' already exist on VMHost 'ESX01.TEST.LOCAL'.

      At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

      + ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

      +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

          + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

          + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

       

      Add-VMHostNtpServer : 26/09/2020 16:28:44       Add-VMHostNtpServer             The NtpServer 'XXX.XXX.XXX.XXX' already exist on VMHost 'ESX01.TEST.LOCAL'.

      At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

      + ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

      +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

          + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

          + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

       

      Add-VMHostNtpServer : 26/09/2020 16:28:44       Add-VMHostNtpServer             The NtpServer 'YYY.YYY.YYY.YYY' already exist on VMHost 'ESX01.TEST.LOCAL'.

      At K:\Scripts\testScript_Test_Hardening.ps1:45 char:60

      + ... .$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$fals ...

      +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

          + CategoryInfo          : InvalidArgument: (:) [Add-VMHostNtpServer], VimException

          + FullyQualifiedErrorId : Client20_SystemManagementServiceImpl_AddVmHostNtpServer_NameAlredyExists,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.AddVmHostNtpServer

       

      Server XXX.XXX.XXX.XXX was added successfully

      ###############################################

      #Verifying NTP services...                    #

      ###############################################

      All NTP Services are started.

       

      ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| * Script * |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

       

      #Connect to vcenter

      $vcenter = Read-Host "vCenter name:"

      $user = Read-Host "User:"

      $password = Read-Host "Password:"

       

      Write-Host -f green "Connecting to vCenter Server..."

      Connect-VIServer -Server $vcenter -User $user -Password $password

       

      #Create folder for logs output

      $checkdir = Test-Path "$env:USERPROFILE\Documents\HardeningESXi-Logs" -PathType Container

      if ($checkdir -eq "*True*"){}

      else {New-Item $env:USERPROFILE\Documents\HardeningESXi-Logs -ItemType directory}

       

      #Information to be used in the script

      $ntp1 = Read-Host "Put primary NTP Server"

      $ntp2 = Read-Host "Put Secondary NTP Server" 

      $domain = Read-Host "Put Domain, if your domain is hostname.test.local, you only need to put test.local"

       

      ###############################################

      #Verify NTP Servers and status                #

      ###############################################

       

      Write-Host -f White "###############################################"

      Write-Host -f White "#Checking NTP Servers...                      #"

      Write-Host -f White "###############################################"

       

      Get-VMHost |Sort Name|Select Name, @{N=“NTPServer“;E={$_ |Get-VMHostNtpServer}}, @{N=“ServiceRunning“;E={(Get-VmHostService -VMHost $_ |Where-Object {$_.key-eq “ntpd“}).Running}} | Out-String | ForEach-Object { $_.Trim() } > "$env:USERPROFILE\Documents\HardeningESXi-Logs\NTP_Info.txt"

       

      #Variables to verify if the first or Second NTP don't exist.

      $CheckNTP1 = gc "$env:USERPROFILE\Documents\HardeningESXi-Logs\NTP_Info.txt" | ft NTPServer | findstr /v " _$Null NTPServer ---- _$Null" | where-object {$_ -notlike "*ntp1*"} | foreach{$_.split(".")[0]}

      $CheckNTP2 = gc "$env:USERPROFILE\Documents\HardeningESXi-Logs\NTP_Info.txt" | ft NTPServer | findstr /v " _$Null NTPServer ---- _$Null" | where-object {$_ -notlike "*ntp2*"} | foreach{$_.split(".")[0]}

       

      #Function to fix and leave the NTP Servers well loaded.

      function LoadNTP {

      #If the output of $var1 is empty then everything is fine.

      $var1 = foreach($line in Get-Content "$env:USERPROFILE\Documents\HardeningESXi-Logs\NTP_Info.txt" | ft NTPServer | findstr /v " _$Null NTPServer ---- _$Null") { if($line -like '*ntp1*' -and $line -like '*ntp2*') { } else { $line } }

      If ($var1 -eq $Null) {

      Write-Host -f green "All NTP Servers are configured correctly"

      }

      else {

          #Check if the firs NTP Server is missing, if so, add the server.

          if ($CheckNTP1 -ne $Null) {

          Write-Host -f red "Server $ntp1 is missing"

          $CheckNTP1 | ForEach-Object {Get-VMHost "$_.$domain" | Remove-VMHostNtpServer -NtpServer $ntp2 -Confirm:$false}

          $CheckNTP1 | ForEach-Object {Get-VMHost "$_.$domain" | Add-VMHostNtpServer -NtpServer $ntp1,$ntp2 -Confirm:$false}

          Write-Host -f green "Server $ntp1 was added successfully"

          }

          #Check if the Second NTP Server is missing, if so, add the server.

          elseif ($CheckNTP2 -ne $Null) {

          Write-Host -f red "Server $ntp2 is missing"

          $CheckNTP2 | ForEach-Object {Get-VMHost "$_.$domain" | Add-VMHostNtpServer -NtpServer $ntp2}

          Write-Host -f green "Server $ntp2 was added successfully"

          }

          else {

              Write-Host -f green "There was a problem adding NTP Servers, please verify."

              }

      }

      }

      #Execute the function

      LoadNTP

       

       

      ###############################################

      #Verify NTP Service Status                    #

      ###############################################

      Write-Host -f White "###############################################"

      Write-Host -f White "#Verifying NTP services...                    #"

      Write-Host -f White "###############################################"

       

      #Generate the file to store the result of the status of NTP services "$env:USERPROFILE\Documents\ntp-service.txt".

      Get-VMHost |Sort Name|Select Name, @{N=“NTPServer“;E={$_ |Get-VMHostNtpServer}}, @{N=“ServiceRunning“;E={(Get-VmHostService -VMHost $_ |Where-Object {$_.key-eq “ntpd“}).Running}} | Out-String | ForEach-Object { $_.Trim() } > "$env:USERPROFILE\Documents\HardeningESXi-Logs\ntp-service.txt"

       

      function ServiceNTP {

      #Look in the File "$env:USERPROFILE\Documents\HardeningESXi-Logs\ntp-service.txt", the computers with the service stopped and send the information to "$env:USERPROFILE\Documents\ntp-service-error.txt".

      $ntpservice = gc "$env:USERPROFILE\Documents\HardeningESXi-Logs\ntp-service.txt" | ft ServiceRunning | findstr /v " _$Null ServiceRunning -------------- _$Null" | where-object {$_ -notlike "*True*"} | foreach{$_.split(".")[0]}

          #If the status of the services is True, mark everything correct, if it detects any like False, start the service.

          if($ntpservice -eq $Null) {

          Write-Host -f green "All NTP Services are started."

          }

          else {

          Write-Host -f red "Some NTP Services are Stopped."

          Write-Host -f red "Starting Service..."

          $ntpservice | ForEach-Object {Get-VMHost "$_.$domain" | Get-VMHostService |?{$_.key -eq ‘ntpd’} | Start-VMHostService -Confirm:$false}

          }

       

      }

      #Execute the function that validates the NTP services.

      ServiceNTP

       

       

       

        • 1. Re: NTP Settings on all Hosts with recommended parameters
          LucD Guru
          Community WarriorsvExpertUser Moderators

          I tried to understand your code, but I'm afraid the logic escapes me.

           

          Do all ESXi nodes need to use the same 2 NTP servers?

          If yes, then why, when one is missing, just not remove everything and then add the 2 NTP servers, instead of having that rather complicated code (which I suspect is not correct)?

           

          You are not using the Set-VMHostService cmdlet, which you would need to set the NTP service to automatic?

           

          You can check the FW rule for NTP with the Get-VMHostFirewallException cmdlet.
          But it doesn't look as if you are using that in your script.

          Blog: http://lucd.info | Twitter: @LucD22 | PowerCLI Reference co-author: http://tinyurl.com/hkn4glz
          • 2. Re: NTP Settings on all Hosts with recommended parameters
            SCharchouf Enthusiast

            As always discussing with you, help me lot Thank you

             

            my idea was is to get NTP details, store them in file then do necessary, I beleive you are right that I'm doing an incorrect script and complicate

             

            I confirm that I need to set the 2 NTP server for all nodes

             

            Apologies if I'm bothering you , I try to improve my self

            • 3. Re: NTP Settings on all Hosts with recommended parameters
              LucD Guru
              vExpertCommunity WarriorsUser Moderators

              That's no problem.

               

              Just start simple.

              A - NTP servers

              - get the NTP servers on the ESXi node (Get-VMHostNtpServer)

              - do they match the target NTP servers

                   - if yes, continue

                   - if no

                        -remove the NTP servers (Remove-VMHostNtpServer)

                        - add the NTP servers (Add-VMHostNtpServer)


              B - NTP service

              - get the NTP service (Get-VMHostService)

              - is it set to Automatic?

                   - if yes, continue

                   - if no, set the service to automatic (Set-VMHostService)


              C - NTP FW rule

              - get the FW exceptions (Get-VMHostFirewallException)

              - is there a rule for the NTP service?

                   - if yes, continue

                   - if no, add the FW rule for NTP (Get-EsxCli)

              Blog: http://lucd.info | Twitter: @LucD22 | PowerCLI Reference co-author: http://tinyurl.com/hkn4glz
              • 4. Re: NTP Settings on all Hosts with recommended parameters
                SCharchouf Enthusiast

                I tried something like this

                 

                $NTPServerList = @("A.A.A.A","B.B.B.C")

                 

                $VMhosts = get-vmhost

                 

                 

                 

                Foreach ($VMHost in $VMHosts)

                 

                {

                 

                If (($VMHost | Get-VMHostntpServer) -ne $NTPList)

                 

                {

                 

                $VMHost | Get-VMHostntpserver | Remove-VMHostNtpServer

                 

                $VMHosts | Add-VmHostNtpServer -NtpServer $NTPServerList

                 

                }

                 

                }

                 

                #Allow NTP queries outbound through the firewall

                 

                $VMHosts | Get-VMHostFirewallException | where-object {$_.Name -eq "NTP client"} | Set-VMHostFirewallException -Enabled:$true

                 

                #Start NTP client service and set to automatic

                 

                $VMhosts | Get-VmHostService | Where-Object {$_.key -eq "ntpd"} | Stop-VMHostService

                 

                $VMhosts | Get-VmHostService | Where-Object {$_.key -eq "ntpd"} | Start-VMHostService

                 

                $VMhosts | Get-VmHostService | Where-Object {$_.key -eq "ntpd"} | Set-VMHostService -policy "automatic"

                 

                Error

                 

                cmdlet Remove-VMHostNtpServer at command pipeline position 2

                Supply values for the following parameters:

                NtpServer[0]:

                • 5. Re: NTP Settings on all Hosts with recommended parameters
                  LucD Guru
                  Community WarriorsUser ModeratorsvExpert

                  I'm afraid you can't compare arrays like that, you will have to use the Compare-Object cmdlet.

                   

                  The Remove-VMHostNtpServer does not take the NTP servers from the pipeline.

                   

                  This is a working example (remove both WhatIf switches when you are sure it is working as desired).

                   

                  $targetNTP = 'ntp1.domain','ntp2.domain'

                  Get-CLuster | Get-VMHost -PipelineVariable esx |

                  ForEach-Object -Process {

                      $currentNtp = Get-VMHostNtpServer -VMHost $esx

                      if(Compare-Object -ReferenceObject $targetNTP -DifferenceObject $currentNtp){

                          write-host "Changing"

                          Remove-VMHostNtpServer -VMHost $esx -NtpServer $currentNtp -Confirm:$false -WhatIf

                          Add-VMHostNtpServer -VMHost $esx -NtpServer $targetNTP -Confirm:$false -WhatIf

                      }

                  }

                   

                  Blog: http://lucd.info | Twitter: @LucD22 | PowerCLI Reference co-author: http://tinyurl.com/hkn4glz
                  • 6. Re: NTP Settings on all Hosts with recommended parameters
                    SCharchouf Enthusiast

                    I made some change like this, as I need to show if ntp are set correct or Not.

                     

                    so if it's as mentionned then output should show All NTP Servers are configured correctly otherwise ntp1.domain','ntp2.domain added to Host(s)

                     

                     

                    $targetNTP = 'ntp1.domain','ntp2.domain'

                     

                    Get-CLuster | Get-VMHost -PipelineVariable esx |

                     

                    ForEach-Object -Process {

                     

                        $currentNtp = Get-VMHostNtpServer -VMHost $esx

                     

                        if ($currentNtp -eq "$targetNTP") {

                     

                            Write-Host -f green "All NTP Servers are configured correctly"

                    }

                     

                    else {

                     

                        if (Compare-Object -ReferenceObject $targetNTP -DifferenceObject $currentNtp){

                     

                            Write-Host -f Red "ntp1.domain','ntp2.domain added to Host(s)"

                     

                            Remove-VMHostNtpServer -VMHost $esx -NtpServer $currentNtp -Confirm:$false -WhatIf

                     

                            Add-VMHostNtpServer -VMHost $esx -NtpServer $targetNTP -Confirm:$false -WhatIf

                     

                        }

                     

                    }

                    }

                     

                    Unfortunatly like this, there's nothing shown and there's no error message, I guess the issue is related to whrite-Host?

                    • 7. Re: NTP Settings on all Hosts with recommended parameters
                      LucD Guru
                      vExpertUser ModeratorsCommunity Warriors

                      You can not use -eq to compare arrays (like I said before), use Compare-Object.

                       

                      if ($currentNtp -eq "$targetNTP") {

                      Blog: http://lucd.info | Twitter: @LucD22 | PowerCLI Reference co-author: http://tinyurl.com/hkn4glz
                      • 8. Re: NTP Settings on all Hosts with recommended parameters
                        SCharchouf Enthusiast

                        Unfortunately it's not working

                        I'm 100% sure that the right NTP is set correctly for 3 test nodes, and when I run the script it doesn't show that the NTP is set correctly

                        I'm not able to identify where's the issue

                        • 9. Re: NTP Settings on all Hosts with recommended parameters
                          LucD Guru
                          Community WarriorsUser ModeratorsvExpert

                          You are still using the -eq to compare 2 arrays.

                           

                          Try like this (remember to remove both WhatIf switches if it is working as expected)

                           

                          $targetNTP = 'ntp1.domain','ntp2.domain'

                          Get-Cluster | Get-VMHost -PipelineVariable esx |

                          ForEach-Object -Process {

                              $currentNtp = Get-VMHostNtpServer -VMHost $esx

                              if (Compare-Object -ReferenceObject $targetNTP -DifferenceObject $currentNtp){

                                  Write-Host -f Red "'ntp1.domain','ntp2.domain added to Host(s)"

                                  Remove-VMHostNtpServer -VMHost $esx -NtpServer $currentNtp -Confirm:$false -WhatIf

                                  Add-VMHostNtpServer -VMHost $esx -NtpServer $targetNTP -Confirm:$false -WhatIf

                              }

                              else{

                                  Write-Host -f green "All NTP Servers are configured correctly"

                              }

                          }

                          Blog: http://lucd.info | Twitter: @LucD22 | PowerCLI Reference co-author: http://tinyurl.com/hkn4glz
                          • 10. Re: NTP Settings on all Hosts with recommended parameters
                            SCharchouf Enthusiast

                            Thank you LucD it's working fine and as disered