Simple vCloud Director healthtest with Powershell

There is ALWAYS a better way to write Powershell, but my definition of success for this task was "quick to write", and "does the job"!

Feel free to amend to your own requirements - and don't forget to change the hostnames ;)

#Setup http client

$webClient = new-object System.Net.WebClient

$webClient.Headers.Add("user-agent", "PowerShell Script")

#Get content of VCD health page

$cell1health = $webClient.DownloadString("https://cloudcell01/cloud/server_status")

$cell2health = $webClient.DownloadString("https://cloudcell02/cloud/server_status")

#Guilty unless proven innocent!

$cell1ActionRequired = "Yes"

$cell2ActionRequired = "Yes"

#Determine is server is healthy

if ($cell1health -eq "Service is up.") {$cell1actionrequired = "No"}

if ($cell2health -eq "Service is up.") {$cell2actionrequired = "No"}

#Write results to screen

write-host "Cell1 action required: " $cell1ActionRequired

write-host "Cell2 action required: " $cell2ActionRequired

Passed my VCA Cloud exam today

Passed my VCA-Cloud exam today - VMWare Certified Associate-Cloud - I'd recommend it for those working in the cloud arena, as a pre-cursor to the VCP-Cloud obviously! No expensive VMWare course necessary (unlike the VCP) - glad I already have my VCP!

http://mylearn.vmware.com/mgrReg/plan.cfm?plan=41165&ui=www_cert

Increase your free dropbox from 2GB to 5GB :>

This 'trick' is about a year old, but as I use dropbox extensively to 'carry around' IT PDFs, as well as a library of powershell scripts I've written in the form of snippets, I found this tip to be very useful!

Enable photo syncing on the iphone dropbox app, and as you upload your photos and breach your 2GB limit, you are given a new permanent limit, free of charge, of 2.5GB. Keep going all the way up to 5GB, then if you want to, stop using it and delete the photos!

I already use the icloud control panel to sync my photostream with my windows PC, so I don't need this dropbox feature.

If you want to force the limit more quickly, apparently you can create and sync a video instead.

One caveat - make sure you have the space free on your phone first - filling it up can be a pain!

Getting around firewalls with SSH tunnels

Another interesting problem today - a new subnet was delivered to us vCloud guys (finally), but port 1688, necessary to activate eagerly-awaited Windows VMs in that new subnet with the KMS server, wasn't opened as requested.

Rather than wait until the weekend, or put the VMs into another subnet temporarily, I chose to use an SSH tunnel to a linux server in one of our other vCloud subnets (one which I knew had access to the KMS server on port 1688).

These are the instructions I wrote quickly so that I could palm off the work (after testing it of course!) - IPs and hostname changed to <value>;

RDP into the VM as your adm account.

On activation prompt, Click ask me later, then OK

Run <hostname>\c$\windows\putty.exe

Type <linux server> then on the left under connections expand SSH then click tunnels

Source port 1688

Dest port <kms server>:1688

Leave other settings, click Add then open

(The above instructions create the SSH tunnel so that local port 1688 goes through the Linux server to get the KMS server)

 

Leave this running then open a command prompt

Copy and paste in this line;

Slmgr /skms localhost:1688 & Slmgr /ato & shutdown /f /r /t 15

(The above line changes the KMS server to use, use's it to activate the PC, then reboots it)

Laptops that will take 32GB of RAM

I have been thinking lately that it might be nice to have a laptop with 32GB of RAM, as most of the VMWare stuff that I'm touching these days needs the host to have more than 16GB (VC Ops and vcloud director for example). I have a home lab but I it would cost MORE to buy 4x8GB sticks for that than it would to buy 4x8GB sticks for a laptop (I am conveniently ignoring the purchase price of the laptop of course!).

The below is a list of laptops that have 4 memory slots, and in most cases, Quad Core CPUs (some are Core 2, most are i7 - I believe only the i7s support 8GB per channel. I've left the Core 2s in as they are a lot older therefore cheaper and 16GB could suit some people).

I'll try to keep it up to date, at least until I finally purchase one - I haven't found a list as comprehensive as this one.

**Good tip for finding number of slots**
Google one of the below;
i7 "4 sockets" site:memorystock.com
i7 "slots: 4" site:crucial.com

----------------------LIST BEGINS--------------


**NOTE BEST**

1. Some of these laptops are available with different CPU types - to take 32GB of RAM it HAS to be a QUAD CORE i7 (ONLY the i7 was\IS available as a quad core, BUT SOME i7 chips are DUAL core - even if a dual core laptop has 4 slots, only two will work and i7s can only take 8GB per channel. Quad core i7s usually have QM in the name). 
2. I am not responsible for any mistakes on the list below. This is intended as a research guide only, you should confirm with another source before purchasing anything.

Lenovo Thinkpad W510 - 1st gen i7. 15"
Lenovo Thinkpad W520 - 2nd gen i7. 15"
Lenovo Thinkpad W530 - 3rd gen i7. 15"
Lenovo Thinkpad W701 - 1st gen i7. 17"!
Lenovo Thinkpad W701ds - 1st gen i7. 17"!

Dell Precision M4600
Dell Precision M4700
Dell Precision M6500
Dell Precision M6600
Dell Precision M6700
Dell XPS 17 L701x

Alienware M17x
Alienware M18x

Asus G73SW (not JW) apparently takes 8GB per slot and has 4 slots.....
Asus G74SX
Asus G75VW
Asus G75VX

MSI GT60
MSI GT70

HP Elitebook
8540w and 8540p (i7 v1)
8560w (and 8560p?)
8570w (and 8570p?)
8760w(and 8760p?)

Acer Aspire 8943G (18.4 inch screen!!!!)

Fixing SSL Error 61 with Linux ICA Client

Banged my head against the way for a fair time with this error on my CENTOS (could have been RHEL or Fedora) laptop - was simple in the end!

Error

“you have chosen not to trust “verisign class 3 public primary certification authority – G5” SSL error 61

Went to http://www.Symantec.com/page.jsp?id=roots

Scrolled down to “verisign class 3 public primary certification authority – G5”

Right clicked on download now (.pem file)– saved to /opt/Citrix/ICAClient/keystore/cacerts

This fixed it :>

Duplicate SIDs with deployed images \ Sysprep error

Had a quick but interesting issue this week with sysprep in our vCloud environment.

A new windows customized image had been created by one of the engineers, by deploying the standard Windows image and adding some basic software. He then created an image of this by adding it to the ‘Catalog’.

This VM was deployed several times, and the developers started using their VMs. They were getting weird issues though, which  (google?) led them to suspect that all the VMs in the vApp had the same computer SID.

I checked with psgetsid (http://live.sysinternals.com/psgetsid) and they were right!

“No problem” I thought, “the image was probably added to the Catalog as an exact backup, instead of a deployable image. I’ll just create a new SID”.

I powered off the VM in the vCloud console and ticked “Change SID” under Guest Customisation, then chose “Power on and force recustomisation”.

However this didn’t reset the SID!

Next I tried using ‘good old’ sysprep (newsid.exe is now very frowned-upon and not available from Microsoft) selecting “generalise” – and got the below error;

“A fatal error occurred while trying to sysprep the machine”

Checking the log file \windows\system32\sysprep\panther\setuperr.txt showed up an interesting message;

“Failure occurred while executing c:\windows\system32\slc.dll,SLRearmWindows”

This made me think that maybe the maximum number of rearms (which I knew was 3) had been reached?

I leveraged a wider knowledge base (i.e. googled) to find out how to determine the rearm value – this led me to run “slmgr.vbs –dlv”, and the output “rearms remaining = 0”.

After that I realised that I needed to reset the rearm value before sysprep (or vCloud’s “change sid” mechanism”) would work – google offered these instructions;

• Change this registry key’s value to 7;

HKEY_LOCAL_MACHINE\SYSTEM\Setup\Status\SysprepStatus\GeneralizationState\

• Start -> Run : msdtc -uninstall (wait few seconds)
• Start -> Run : msdtc -install (wait few seconds)
• Restart the machine

This fixed it!

Lesson – unless you have just installed Windows ‘fresh’, I recommend running “slmgr.vbs –dlv” before imaging a windows VM, and ensuring the remaining arm value is not 0. If it is, the deployed VMs will have the same SID!

IF statement and error handling with Get-winevent

Today I had to come up with a way of looking for a certain eventID in the event logs of our VDI estate, using get-winevent.

I had a few challenges which I managed to work around;

 

Challenge 1

When a given PC had multiple results, referencing the first record as $logonevents[0] was fine.

When a given PC had only one result, referencing the first (only) record as $logonevents[0] caused an error, as it wanted to be referenced as $logonevents.

 

Short of forcing the datatype into an array (which I couldn’t work out how to do and wasn’t sure would do the trick), I used an IF statement to check if $logonevents[0] existed, and use $logonevents if it didn’t;

if ($logonevents.timecreated) {$info.lastlogin = $logonevents.timecreated} else {$info.lastlogin = $logonevents[0].timecreated}

 

Challenge 2

My script didn’t provide a value for “last logon event” if there wasn’t one to find, but of course this value was also blank if the query failed (i.e. the VM was off or not working correctly).

I wanted a way to set the result to “None found” if the error was “Get-WinEvent : No events were found that match the specified selection criteria.” – I had 90% of the thinking for this but needed my ex-colleague and powershell guru Stephen Spike to force me to look at it a bit harder. The resulting code was;

 

#resets $error variable to nothing

$error.clear()

#looks for event

$logonevents = Get-WinEvent -computername $hostname -FilterHashtable @{logname="system"; id="7001"; providername="microsoft-windows-winlogon"}

#sets result to “None found” if appropriate

if ("$Error[0]".Contains("No events were found")) {$info.lastlogin = "No logon events found"}

vCloud network bulk change

I have recently started work with an electronic payments company, in the vCloud team. Because of a network re-design, it was necessary to take 100 VMs (once they were powered off), and change the vApp network they were plugged into. There was also a requirement to give each VM a manually specified IP address.

This is how I did it;

A table of vm hostnames (column 1) and target IP addresses (column 2) was created in Excel and saved as a csv.

The below script then reads the file and changes the network to the one in that vapp called “desktop-org<something>”, and gives the VM  the IP address from column 2. The VM must be off.

$csv = import-csv h:\ps1\book1.csv

foreach ($line in $csv) {

 write-host **** Changing $line.vm to new network and $line.ipaddress ****

$targetvm = $line.vm

$targetip = $line.ipaddress

$targetvAppnet = get-civm $targetvm | foreach-object {get-civapp $_.vapp} | get-civappnetwork | where {$_.name -match "Desktops-org"}

get-civm $line.vm | Get-CINetworkAdapter | Set-CINetworkAdapter -IPAddressAllocationMode Manual -ipaddress $targetip -VAppNetwork $targetVAppNet -connected $true

}