Powershell: Get SHA256 Thumbprint from vCenter server using Powershell Core. (NSX-T Compute Manager Registration related)

Had a need to pull a target vCenter's SSL certificate and convert it's thumbprint to SHA256 format to register to NSX-T Manager using Powershell core.  Servicepoint was not available in Core.

Noticed also recently Lam updated his approach to take Core into account.  My approach is slightly different and my script will also return the certificate object back if you so choose rather than just the SHA256 value.  Anyway, I've tested in PS Core 6.0.4 and 6.1 on Ubuntu, CentOS, and MacOS and my function seems to work fine.  Let me know if you see otherwise.

GIST below:

Microsoft Word for Mac: Bullets not formatting properly.

Hard to quite describe, but I was working with an existing word doc and modifying some bulleted lists.  Needless to say, I was having some trouble w/ my normal methods of simply deleting a bullet and if it moved text to bullet above, hit enter to move it down.

This was not working.  Among other things it would reformat it in ways that just weren't working.  Found it that it had to do w/ "Track Changes" being enabled AND what seems to be 'too many' changes before they were accepted.

Accept all changes
Turn off "Track Changes"

Either one works, but I still wanted to track changes, so I left it on and simply accepted all changes.  After doing so, working with bulleted lists worked fine.  Seems like a bug that needs to be addressed.  I have been running Office Insider Fast Track, so that MAY be part of the problem, but leaving this here for reference.

MS Word for Mac version 16.16.3

Powershell: PowerNSX: Refusing to load module.

"The PowerShell Core Beta has known issues that cause PowerNSX to fail.  Refusing to load module."
Basically, this happens when you upgrade powershell to 6.1.x.  It's related to a bad section of code in the module that checks for beta releases that should probably deprecated or taken out.

Modify line 82 to read as such:
if ( ( $script:PNsxPSTarget -eq "Core" ) -and ( $PSVersionTable.GitCommitId -notmatch '^v6.[\d].[\d]+$|6.[\d].[\d]+$') ) {


Comment out line 82 through 90 to remove the check entirely.

The check appears to happen because the GitCommitId format may have changed from 6.0 to 6.1 where it was prepended with a v in 6.0 whereas in 6.1 it is not longer prepended.


PowerCLI: The SSL connection could not be established, see inner exception.

Unable to connect to ESXi/vCenter server with Connect-VIserver cmdlet, get the following error:
"The SSL connection could not be established, see inner exception."

Be sure to "Set-PowerCLIConfiguration -InvalidCertificateAction:Ignore" if you plan to connect to an ESXi/vCenter that does not have trusted certificate.  Interestingly, something must've changed recently because the PowerCLI module actually would output a more descriptive message about setting your PowerCLIConfiguration.

This appears to be the case w/ Powershell Core 6.1.  I'm actually unsure when this behavior started happening and whether is module or powershell related.  Regardless, figured I'd post this since I was initially confused myself when running some things on another system.

Powershell: Making a RESTful API endpoint in powershell (kinda like python flask)

While running scripts interactively and even on a scheduled basis is fine, I wanted to explore the possibility of making my scripts event-driven.  Take the vCheck Health Script for example.  Running that on a schedule is fine, but what if I wanted to run that on-demand?  Or other scripts in general?

The cool thing, you can do it all in Powershell Core!  Meaning, docker, linux, macOS, etc.  Basically, you can have this script run on OS startup (pre-populated with your endpoint configs/scripts) and you would have a Powershell driven REST-style API endpoint to run your scripts.

Here is the example, feel free to try it.  It'll do nothing of consequence on it's own.  I'll post later with a video on how to use it.

Powershell Core: DNSClient cmdlets .NET Alternative

DNS Cmdlets are not available in Powershell Core, but fear not, you can make use of .NET to get effectively the same functions, for DNS resolution anyway.

My old post here details how to use .NET method:

Useful Powershell .NET method to convert DNS name to IP

VMware: Get CDP/LLDP info from ESXi/vCenter hosts.

Had to get CDP/LLDP long time ago and never posted it.  Hosted on gist.github.com for anyone to consume and manipulate how they please.  Definitely been useful and faster since it'll actually ignore disconnected nics.

Also automatically adjusts for CDP or LLDP.  I 'think' I wrote this, but I borrow so much from Lam and LucD that they deserve credit for being so awesome anyway.

Misc: Navien NPE-240A Navilink App missing scheduling function

Just had a new tankless water heater installed in my house to replace a failing 22 year-old 50 gallon tank.  Couldn't be happier w/ my new tankless, but was dealing with weirdness on the Navilink app to control/view my new Navien.  The app's scheduling function (for the recirculation pump) was missing.


  • Disconnect NR-20DU remote controller. (if you want to schedule via App)
    • *DIP Switches need to be set properly as well.

In my case, w/ a bridge valve in my furthest faucet, is considered "External Recirculation".
Check w/ your plumber for proper settings, they set mine properly.
If you are in the Atlanta area, I highly recommend Plumbing Express LLC.
Ask for Jonathan DeWeese.

For reference only, these were set correctly by my plumber for my setup.

  • DIP Switch 1 Off, 2 On.  (Internal Recirculation would be the opposite)
  • Parameter 18 set to On (This is to enable Navilink)

These settings are detailed out in the installation guide.

DO NOT just look at youtube for suggestions, there are some videos out there that are just plain WRONG.

My understanding is that "External Recirculation" refers to the use of a bridge valve, typically installed in the furthest point from the water heater.  Basically utilizing my cold water pipes as a poor man's hot water loop.  "Internal Recirculation" is when a dedicated hot water loop is actually installed.  That will be way more expensive to retrofit a house that does not have a dedicated hot water loop, so external recirculation is usually more common.

With regards to the Navilink schedule function, my plumber was just as confused as I was since this was one of the primary reasons I wanted the Navilink function.  Long story short, installing the NR-20DU remote controller unit disables the apps remote scheduling capabilities.  Simply disconnecting it enables the scheduling function in the Navilink app.

When thinking about it, it actually makes sense.  You wouldn't want 2 devices dictating possibly conflicting schedules.  Although documentation wise, it's almost as if you're led to believe that the remote controller is required for Navilink schedule function.  So what is the difference between the two?

Quite simply, Navilink allows a more complex schedule.  The NR-20DU controller only allows 3 schedules.

Next is to figure out how to have app enable the 'hot button'.  Cursory glance appears to me that I need the hot button kit, but that appears to disable the scheduling function.  This leads me to believe that the unit might be dumb in its status info to its controllers.  Meaning if a 'schedule' is active, pressing/activating the hot button will turn that off.  Seems like a split brain issue that Navien works around by simply disabling competing functions.
NaviLink App & Wi-Fi Control

Mac: Quick Screen Recording on MacOS (Bonus TouchBar Integration)

To launch screen recording w/ Quicktime Player feels really unintuitive.  I'm betting the average person has no idea this capability exists.  I often forget it's able to as well.  Reason being, when you launch Quicktime Player, it defaults to opening a 'finder' window for you to select a file to 'play'.  So here is a way to kind of "shortcut" access to Quicktime screen recording on MacOS.

Launch QuickTime Player

"Right" Click on QuickTime Player Dock and Select "Keep in Dock"

Now with QuickTime Player in dock, you can "Right Click" the icon and select Screen Recording.


Macbook Pros with Touchbar will have a smart menu to select capture type.  You can select either full screen recording of each individually attached screen or "selection" which allows you to simply click and drag your mouse on any portion of the screen.

VMware: Custom ESXi boot iso bootable on Fusion, but not vSphere...

Building an embedded lab for some testing w/ NSX and everything.  Cannot clone a pre-installed ESXi host w/o some magic, so decided to utilize a simple kickstart script in an ESXi custom iso pre-mounted to my VM template.  Worked fine on Fusion, not vSphere/ESXi though...

Simply change VM Options --> Boot Options to BIOS

Fusion defaults to BIOS, which is why it worked.  I made the iso w/o UEFI options which is why it worked on fusion, but not ESXi VM.


The command I was using to make the iso was missing some key new features to make the iso UEFI bootable.
mkisofs -relaxed-filenames -J -R -o ~/Desktop/custom_esxi.iso -b ISOLINUX.BIN -c BOOT.CAT -no-emul-boot -boot-load-size 4 -boot-info-table -eltorito-alt-boot -eltorito-platform efi -b EFIBOOT.IMG -no-emul-boot ~/Desktop/ESXiDefaultInstall

You will have to modify two BOOT.CFG files, one in root directory, and the other in the EFI subdirectory to utilize any custom kickstart you put together.  If you only modify one, it will only point to the kickstart file when booted via BIOs and not UEFI or vice versa.

Basically, it came down to the fact that I was rebuilding the iso w/ an older command that didn't have the UEFI options.  This made my iso BIOs bootable (Fusion default), but not bootable on my ESXi VM which was set to UEFI.  Highlighted above in solutions section.  Basically my goal was to simply clone a templated VM shell w/ a local hard drive layout I needed for an Embedded vSAN lab.  The VM shell would have the iso mounted so that it would build ESXi at time of clone. 

So I needed an iso that would simply build ESXi w/ basic defaults and configure DHCP.  In the other notes section, I show how I modified the BOOT.CFG file(s) and added a KS.CFG file.  Once I found the options I was missing, my iso was now properly bootable via UEFI and BIOs.  This is a fairly easy workaround to build ESXi virtual hosts w/o having to stand up a PXE environment within an NSX bubble.

Other Notes:
mkisofs is not apart of MacOS, but you can install it via homebrew.
brew install cdrtools

/BOOT.CFG and /EFI/BOOT/BOOT.CFG (Modified kernelopt value to target CD rom and my custom KS.CFG)

rootpw superduperSecret!
install --firstdisk --overwritevmfs
network --bootproto=dhcp


Nested ESXi virtual appliances that you can customize via OVA options.

VMware: PowerNSX on Mac Invoke-nsxwebrequest unknown exception

All was well and dandy until I tried to actually "do" something.  I was trying to create a new logical switch (New-NSXLogicalSwitch) when these errors reared their ugly head:
One or more errors occurred. (The handler does not support custom handling of certificates with this combination of libcurl (7.54.0) and its SSL backend ("LibreSSL/2.0.20").) ---> System.PlatformNotSupportedException: The handler does not support custom handling of certificates with this combination of libcurl (7.54.0) and its SSL backend ("LibreSSL/2.0.20").

Windows w/ full Powershell does not have these issues.  Have yet to see if it is a thing specific to Powershell Core.  So use it if you can.

If you don't have a Windows box handy, you can modify the PowerNSX.psm module file to get around this error.  I'm unsure if it can become a permanent solution, but it effectively accomplishes the same thing as the current httpclienthandler.

Location of PowerNSX.psm file on Mac:

You need to modify line 105 from this:
ServerCertificateCustomValidationCallback = delegate { return true; };

To this:
ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator;

*One line and case sensitive, must be verbatim.

VMware: physical vmnic# not showing up after upgrade...

This was a weird one.  I had a couple of Dell FC630's (FX2 Blades) w/ qlogic broadcom 57810 integrated card in them.  Went to upgrade them from 6.0 to 6.5, that's when the fun began.  Before upgrade, my hosts could see them just fine.  After upgrade, they could only 'see' vmnic1.  Fresh install was also having issues.

In my case, I had to literally remove the FC630 blade from the FX2 enclosure so that all residual power would be drained.  Once done, whatever it was that was hanging the firmware for my nic finally cleared for ESXi to take control of it.


PowerCLICore: Docker: Case Sensitivity, script not running, errors.

If you've been using powershell for any period of time, you'd get used to the idea that it doesn't really care about casing.  PowerCLICore on Docker?  Yeah, it's a casing nazi...sometimes.  Now this experience was seen on a Mac.  Unsure if Docker running on linux sees this.

When working w/ cmdlets in general, you should fine.  However, if you were to query for commands related to a specific module like pester:

You'd get a blank return.  Looking at modules available via:
get-module -listavailable

Will show that pester is capitalized as "Pester" so valid get-command is:
get-command -module Pester

Long story short, if you are having issue running a script or whatnot, be sure to check your cAsInG.

Interestingly, once you do a get-command -module Pester successfully, powerclicore on docker magically doesn't care about casing after the fact.

VMware: NSX: Using PowerCLI/PowerNSX to view DFW rules in a table format.

Out-GridView Example
This was kind of a fun exercise and helpful considering the NSX plugin kinda blows, in flash client at least.  Have yet to take a look at HTML5 one that was just released.  Was asked if we could output currently configured DFW rules.  Below you will find what I slapped together.  If it's useful to you too, great.  Also, please feel free give me feedback.

It will basically give you the following:
  1. Rule Number 
    • This is kind of a guess in that it assumes that rules will pull down from API in the correct order at runtime.
  2. Rule ID
  3. Rule Name
  4. Source
  5. Destination
  6. Service Ports
  7. Action
  8. appliedTo
This script requires the following powershell modules:
  1. vmware.powercli
  2. powernsx

VMware: NSX: Logical Switch Objects as Source and Destination Firewall rules (DFW) not working and things to know.

One of the cool things w/ NSX is that you can define vCenter Objects as your source and destination targets in NSX's Distributed Firewall (DFW).  On the surface, great idea.  Under the hood, it is still based on IP source and targets.  Only when you decide upon a default deny/deny rule does this become apparent.

Quick and Easy:
  1. Make sure VM's are running VMware Tools.
  2. VM(s) in question is NOT in NSX Exclusion List
    1. ESX Agents (aka NSX Partner Integrations) appear to be in exclusion list by default.
    2. ESX Agents do NOT show in NSX Exclusion list UI.
  3. Use IP Sets if you are a masochist.
    1. or if a vendor provides an appliance w/o tools installed.
    2. Honestly, IP Sets make the most sense rather than defining vSphere objects.  The reason?  If you deal w/ something like an appliance that can be deleted and recreated easily, a vsphere object rule would break because the original object no longer exists.

Misc: Fitbod - Smart Machine Learning Strength Training Regimen

Download the app
I'm lazy, frugal, and easily bored.  When the prospect of going to workout comes up, I want someone to tell me what to do when I'm in the gym @ my random time and track my workouts for trending.  Being frugal, paying for a personal trainer is one thing, then I have to schedule time w/ them (laziness).  Personal trainers do satisfy my easily bored problem though w/ new workouts all the time.  This is where Fitbod, I think, is amazing.

Laziness, Frugality, and Boredom Solved!:

  1. First Fitbod solves my laziness problem by simply being available 24/7.  I don't need to schedule time to meet a trainer @ a gym to get a good strength training workout.
  2. Second, Fitbod solves my frugality problem by simply being free.  Although to access additional secondary functions (not absolutely necessary), I would have to pay a monthly or annual fee.  The in-app purchase is fairly cheap, but I was able to get on the Beta program which gives me free access to the Elite functions (SCORE!).  During testing periods anyway.
  3. Third, Fitbod keeps me engaged by not always doing the same exercises everyday, which is what I would do being as lazy as I am.  That laziness would also get me bored doing the same things over and over again.  It's also not conducive to building strength/muscle.  That is what makes Fitbod so great.

So here is how it works.  You simply fill out your physical details and your fitness level.  It'll ask you some physiological questions such as height and weight.  It'll also recommend setting up an account.  You can link to facebook for ease or create a custom login.  I recommend doing so your data is backed up and can be retrieved from any device.

The app now does walk you through on how to use it so should be easy to follow through.  If not, you can see my video below on how I use it (in my not so alluring voice).  The app also connects w/ Strava so it understands any cardio impact to your muscles to recommend workouts.  Cardio logging in Fitbod itself is coming or should be coming soon.  Lastly, it does sync w/ Apple Health as well.

Can't recommend this app enough.  An absolute gem in self-fitness.  That being said, I would still highly recommend working w/ a personal trainer if you are just starting out.  Their feedback and eyeballing of your personal movements/weights is essential for full effectiveness.  Once you have a general grasp, Fitbod can help you continue your fitness journey.

A friend of mine, Julius, just started their own fitness venture called Gladiator Fitness.  I've worked w/ him in the past when he worked at my company's gym in the FitTrip program.  He'll definitely get you fit, but be warned, it's not easy and he will make you feel pain. ;)

Anyway here is a short video on how I use FitBod:

Python: Using VS Code on Mac pylint errors

Having python built in on Mac can cause issues when you try to work python code.  One such issue is that VS Code will consistently complain about pylint missing and will attempt to install.  It'll likely fail every time and also show a nice little warning suggesting to upgrade pip to the latest version.  Slight annoyances, but annoying nonetheless.

If you've installed Python 3 using brew based on my last post, then this'll be a helpful continuation.
Python: Modules installed with PIP3 on Mac not getting installed?

It's quite simple.

  1. Launch Visual Studio Code
  2. Code --> Preferences --> Settings
  3. In the right pane User Settings, simply add your preferred python path.
    • "python.pythonPath": "/usr/local/bin/python3"
      • brew places a pointer here for you if you followed my last post.
  4. Save
You can also set your preferred interpreter on-demand rather than statically setting it in your user settings.  See referenced link below.


Python: Modules installed with PIP3 on Mac not getting installed?

I was essentially just trying to import a module for my python3 installation, but found it was not installed.  Typically, you should be able to install it via PIP (PIP3 in Mac case so it would install to 3.x version instead of built-in 2.x version).  It appears to install fine, but it would not appear in my installed modules when calling help("modules").  Then I noticed the problem...

So in my case, I had python 2.7 and python 3.5 installed via the standard packages provided by python.org.  Nothing wrong with this and very typical, but my tinkering screwed me because I also use brew package installer.  This likely got my pip3 installation messed up and out of sync w/ standard packages installed.  My pip3 pointer was going to a 3.6 version whereas my python3 pointers were going to 3.5.  So, if not obvious, calling pip3 to install modules would only be good for python 3.6.
ls -lh /usr/local/bin

pip3 --version
Now my understanding is that I could simply point my 3.5 version of Python to the PIP 3.6 package directory, but I subscribe the the KISS (Keep It Simple Stupid) method.  Meaning, I'd rather not screw w/ defaults of anything if I don't have to.  So my workaround entails getting rid of the packaged versions and switching over to the brew installed versions.  This way I can use brew to manage the installation updates and all.  

This will hopefully keep my versions in sync so I don't run into further issues.

  1. Place Python Applications in trash.
  2. Delete 3.5 version from your Library (Mac High Sierra uses 2.7 still to this day so pretty safe bet to delete 3.5 if it's there)
    1. rm -rf /Library/Frameworks/Python.framework/Versions/3.5
      • This will remove 3.5 and all it's subfolders if it's found.
  3. Delete pointers for 3.5
    1. rm -rf /usr/local/bin/python3*
      • This should clean up any pointers to old python3 install that no longer exists now.
  4. Install python3 with brew
    1. brew install python3
      • This will install latest version of python and create new python3 pointers in usr/local/bin/ to the brew installed version now.