Posts

Showing posts from 2013

Get Dell ESX host warranty info via PowerCLI version 3

Image
Summary:
Had a script that was doing a screen scrape of Dell's support page for warranty info.  Now they require a log in.  So it was time to finally revise my script to use Dell's wsdl (SOAP) interface.

Example:


Details:
I was able to simplify the script a bit using the code provided by Jon Gurgul to pull from Dell's provided SOAP service.  I copied the code into a Get-DellAssetInformation.psm1 file so I could call the function as a module.

The variable you should probably update is the $ServiceDescription variable to match the warranty type you expect from your boxes so you get an actual return of data.

I simply plugged this into my existing code removing the screen scrape code and this is what I ended up with:

Script:


Add-PSsnapinVMware.VimAutomation.Core#Module code courtesy of Jon GurgulImport-ModuleC:\myModuleDirectory\Get-DellAssetInformation.psm1$VIServer=Connect-VIServermyvCenterServer$date=Get-Date$htmpath="C:\inetpub\wwwroot\"$csvpath="C:\inetpub\www…

Auto-Remediation vCenter Alarm

Image
Summary:
I've been dealing w/ issues on Emulex OCe11102-FM logging out of the vSAN Fabric and not recovering.

Long story short, it's been a firmware problem and I was able to get a alpha firmware that fixed the issue.

In the meantime, I had created a PowerCLI script to auto-remediate every hour if a degraded path was detected.  I wasn't fond of the solution, so I looked to vCenter alarms to see if I could have them do it for me.  Turns out they can, but there are caveats to this approach.

What follows is an example of how to set something like this up and details specific to the errors/configuration I was dealing with.

SOAP(y) Powershell fun w/ BT Diamond's IPAM (Part 2)

Image
Since my initial attempt using New-WebServiceProxy failed because it didn't like the XML return from IPControl, I needed to find out why.  This is where I downloaded SOAPUI to dig in and find out why.  More importantly, I found that I could use the info from it to plug into the Invoke-WebRequest cmdlet.

[I'm going to be using Dell's web service as an example simply because it's easier from an example standpoint.  Dell's service actually works w/ the New-WebServiceProxy cmdlet.  The basic concept of what I'm doing is the exact same though.]

SOAP(y) Powershell fun w/ BT Diamond's IPAM (Part 1)

PreReq:
API AccessPowershell 2.0 +I'm using 3.0 now.  I assume these examples work in 2.0 as well, but I'm too lazy to test. This was a bit of an interesting exercise for me since I've mostly only ever used cmdlets.  I'm still using cmdlets, but calling SOAP based web services to gather information.
Here is what I've been experimenting with: #Credentials are needed when working w/ a secure web service. $Creds = Get-Credential
#I was able to find the correct API address by clicking the help link on the login page.  They seem to have a different web service per API instruction type.  In this case, I just want to 'get' address information thusly demonstrated below. $IPControlGetService = New-WebServiceProxy "https://myIPControlServerNameorIP/inc-ws/services/Gets?wsdl" -Credential $creds
#This is where it gets interesting, from here I can essentially browse what properties and methods are available to me by calling the $IPControlGetService variable. #This …

RacADM, Powershell, and Kerberos KeyTabs

Summary:
I was looking to automate configuration of iDRAC's (Dell Remote Admin Console) synonymous w/ iLOM and many other acronyms.  I also wanted to enable domain authentication in a somewhat secure manner.  By using a kerberos keytag, I'm able to in the very least obfuscate the username and password into a file for upload into the iDRAC.  What follows is a journey into a ridiculous realm.

PreReqs:

RACADMktpassPowershell 3.0 (2.0 probably works too, but I was using 3.0 @ the time)Your root CA's certThis is so it AD Authentication can be setupSolution: It's not a complete solution, but hopefully it'll help you get started in your own endeavors.  Below assumes the iDRAC has been configured and is available on the network in default config.

To generate a kerbero's keytab, you simply need the name and password of a service account (this is simply a Active Directory user account) in your domain.

ktpass /pass ReallySecurePas5word /ptype KRB5_NT_PRINCIPAL /princ someserv…

VMware vCenter Storage Monitoring Service - Provider sync failed

Summary:
This error appears to be benign, but what I found interesting was that there really wasn't an article on how to correct this error.

Resolution:
Simply restart the VMware VirtualCenter Management Webservices.


Find out Frame and LUN ID for VM RDM's from a Symmetrix/vMax Array.

Summary:
I was looking for a way to translate RDM info into a simple frame and SCSI ID.  I took my Naa.ID script and modified to look @ it in this way.  RDM's are needed for EMC based management tools, that's pretty much the only reason I use RDM's.

Usage:

Save the below script as a .psm1 file.Import-Module Convert-LUNUuidToVMaxFrameandDeviceId.psm1 file (I happened to name my psm1 file the same as the function name.  You can name it differently if you want.)Convert-LUNUuidToVmaxFrameAndDeviceId #############################This'll return a Frame and Device value written to screen.Below you can see how to get the LUNUUid info and how you batch the info.

Script:


# Batch scripting information #$TVM = Get-VM #$Devices = $TVM.extensiondata.config.hardware.device #$DeviceBacking = @() #foreach ($device in $devices) {$devicebacking += $device.backing} #$devicebacking = $devicebacking | where {$_.lunuuid -ne $null} #foreach ($device in $devicebacking){Convert-LUNUuidToVMaxFramea…

Powershell: Convert VMware NAA value to Frame and Device ID (for vMax and Symmetrix)

Summary:
Found a script to convert the naa value to device id, but not return the frame info.  So I augmented it to parse that info out as well.

Script Module:
FunctionConvert-NaaIdToVmaxFrameAndDeviceId ($naa) {
# Original -> http://vmwise.com/2012/06/01/naa-ids-and-breaking-them-apart/if ($naa.length -ne36) { "NAA value must be 36 characters"; break } $deviceString=$naa.ToCharArray() # Prepended w/ Frame info.$device= ("Frame $($deviceString[20])$($deviceString[21])$($deviceString[22])$($deviceString[23]) Device ") $device+= [char][Convert]::ToInt32("$($deviceString[26])$($deviceString[27])", 16) $device+= [char][Convert]::ToInt32("$($deviceString[28])$($deviceString[29])", 16) $device+= [char][Convert]::ToInt32("$($deviceString[30])$($deviceString[31])", 16) $device+= [char][Convert]::ToInt32("$($deviceString[32])$($deviceString[33])", 16) $device+= [char][Convert]::ToInt32("$($deviceString[34])$($devic…

SCOM Adapter Configuration for vCOPs

Image
Summary:
I wanted to test the SCOM adapter in vCOPs to see what data I could get and see how it could be used.  Unfortunately, the VMware video demonstrating it's installation did not work for me without some tweaks.

Config:
vCOPs 5.7.1 (vApp)
SCOM Adapter Build 1036195

Installing the Adapter:

Log into your vCOPs admin page (Usually https://vcopsServer/admin)Select the Update tab and upload the 'pak' file
Accept the EULA, wait.Pretty much the same as updating vCOPs @ this point.Once completed, you need to log into the custom UI (https://vcopServer/custom) as an admin.If you setup LDAP and made your account an admin, you're good.  Otherwise, you can login as the same admin account as the admin page.Once in the custom UI screen, hover over admin and select 'support'
Select the 'Info' tab, click the gear to start the 'describe' process.
Once the process is completed you should see the SCOM adapter available in the adapters info table.
Congrats, the adapte…

An error occurred while restarting virtual machine after taking a snapshot.

Summary:
I was receiving the above error usually immediately after netbackup attempted consolidating the backup.

VMware KB:
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1033571

My particular issue:
Seemed to revolve around the fact that I had "Storage I/O" control enabled on my datastores that was causing this issue.  It was odd that only 1 VM seemed to be affected, but after turning it off the symptoms stopped.  Reading the KB above seems to allude to this fact, but I'm still researching.

My resolution:
Turning off Storage I/O control.

UCS LDAP Authentication "Domain Users" will not work

[Update: Cisco has opened a bug for this.  Expected to be fixed in 2.2 release, but you can track the progress here: CSCui60138]

Summary:
In my previous post, I hypothesized that "Domain Users" simply contained too many members.  I was wrong.

Details:
After performing a couple of packet captures, I found that "Domain Users" was not an attribute returned in the "memberOf" property.  This seems to be a known response as "Domain Users" is typically classified as a "PrimaryGroup" and is therefore recorded in the "PrimaryGroupID" attribute.

Since UCS is only looking @ the "memberOf" attribute, "Domain Users" would not be returned.  I've made Cisco TAC aware of this discovery.  Whether it gets added as a bug or is simply relegated as a low hanging feature request is anybodies guess.  In the very least, I feel better to get this monkey off my back.

UCS Version:
2.1(1a)

UCS LDAP Workflow (as how it looked in my pa…