With the release of vSphere 6.5, VMware upped the game for vCenter High Availability (vCHA) and introduced an active/passive/witness cluster setup to provide a failover cluster for vCenter Server Appliances. The diagram below shows the architecture of the solution. Deploying vCHA can be done in two modes - “Basic” and “Advanced”. You can use Basic mode if the vCenter you want to be HA is managing the hosts it resides on - in this scenario the wizard configures your vCenter and deploys the Passive and Witness nodes for you.
So, this is something I’ve been waiting to write up for a while! PowerShell for macOS has been available for a while now, but what a lot of PowerCLI fans have been waiting for is to be able to use PowerCLI direct from their Mac. Today, amidst all of the noise from VMWorld, PowerCLI Core dropped as a Fling! That means that although it’s not ready for production use yet, it is ready to start testing - and I’m way more excited than I should be!
To add a Windows Server 2012 R2 PowerShell host using Basic Authentication only, follow these steps. Ensure that the Windows Firewall service is running (it doesn’t matter if the firewall is enabled or disabled, it should always be running! That’s a general rule, not just for this). On the PowerShell host open a command prompt (*NOT* PowerShell console) as administrator and run the quickconfig command - you can re-run it if it’s already been run - but make sure it has.
As a PowerShell fan I find using the vCO PowerShell plugin makes my life a whole lot easier. What isn’t easy however, is the configuration of vCO and a PowerShell jump host. Having done it a few times, this is my method for ensuring a secure working connection using HTTPS and Kerberos. Configure the Orchestrator Appliance Since we’re planning on using Kerberos authentication, we’d better ensure that the time is correct AND syncs to the same source as the domain.
Derek Seaman’s excellent SSL toolkit. I know that there are hours and hours of work put into this script by Derek and I want to thank him for that – it’s a massive time saver. This modification is to fit a different set of circumstances – “standing on the shoulders of giants” – and should in no way be seen as me criticising or stealing Derek’s work. This week, while using the SSL Certificate Automation Tool and Derek’s script, I encountered a couple of things I felt could be improved for a more complex environment.
I’ve been learning my vSphere 5 config maximums before my upcoming VCP5 exam, so in a supreme effort of procrastination I thought I’d write a PowerShell quiz script: here it is! Save the QuizMe.ps1 file into a folder and then place one or more text file in the same folder containing a comma delimited set of questions and answers. Then run QuizMe.ps1! You can choose the quiz you take (which text file it will use).
The process of requesting certificates for vSphere 5.1 is a fairly grim, manual process. It’s repetitive and easy to make a mistake on any step of the way. Since I’ve got to do this for quite a few VirtualCenter Servers, I thought I’d script the certificate generation if nothing else. I am following the excellent documentation provided in Implementing CA signed SSL certificates with vSphere 5.1 and more specifically in Creating certificate requests and certificates for vCenter Server 5.
A couple of months ago I posted the first version of my SCOM 2007 R2 Daily Health Check Script - here is version 2. It’s more than a little motivated by some friendly competition with a Microsoft PFE for SCOM, hopefully you’ll agree it’s a big improvement on the last version. Updated for this version Formatting changed to make it more readable and more compatible Added “Report generated on ” to the top of the report Management Server states reported as one section Default MP check moved to beneath the Management servers Agents in pending states moved to be with the Agent health states Clarified “Unresponsive Agents” and “Agents reporting errors” Management server alerts streamlined Added top 10 alerts for the last 7 days, and added top alerters for each I’m planning to wrap in some SQL database size checks and some of the other recommendations later - I’ll post again here when that’s ready 🙂
PowerShell: Recursively taking ownership of files and folders and adding permissions without removing existing permissions
This is every file server admin’s nightmare: hundreds of shares, thousands of folders, hundreds of thousands of files - and custom or not inherited rights on many of them. Terabytes of data that need auditing - e.g. to find customer data, or credit card information. How do you go about accessing all the data in all the trees? What about backups failing because someone removed the System account? Of course you can seize control of the folder by taking ownership and pushing down from a top level - but how do you preserve the existing Access Control Lists?
An updated version of this script has been released: https://www.definit.co.uk/2012/05/scom-2007-r2-daily-health-check-script-v2/ I’ve been working with a Microsft SCOM PFE (Premier Field Engineer) for the last few months and part of the engagement is an environment health check for the SCOM setup. Based on this Microsoft recommend a series of health checks to for the environment that should be carried out every day. This is summarised as the following: Check the health of all Management Servers and Gateways Check the RMS is not in maintenance mode Review Outstanding Alerts Review Agent’s Health Status Review Backup Status Review any Management Group Alerts Review the Pending Management status Review Database Sizes (Operations, Data warehouse, ACS) Review Volume of Alerts Review Alert Latency Document any changes From this, there are certain aspects that can’t be automated so easily, or shouldn’t be - e.