Mohammed Wasay

Author: mo wasay

  • How to restart management agents on ESX or ESXi host

    How to restart management agents on ESX or ESXi host

    If you are not unable to connect ESXi server to vCenter, or when you cannot connect to ESXi server from VI client it may be necessary to restart the management agents on ESX or ESXi host.

    To restart the management agents on ESXi 6.x

    This applies to ESX4/5.x/6.x

    For the restart of the management agents (mgmt-vmware and vmware-vpxa) do the following:

    Log in to SSH or Local console as root.
    Run these commands:

    /etc/init.d/hostd restart
/etc/init.d/vpxa restart

    Or also (alternative way)
    To reset the management network on a specific VMkernel interface, by default vmk0, run the command:

    esxcli network ip interface set -e false -i vmk0; esxcli network ip interface set -e true -i vmk0

    [su_note note_color=”#fafae8″]Note: Using a semicolon (;) between the two commands ensures the VMkernel interface is disabled and then re-enabled in succession. If the management interface is not running on vmk0, change the above command according to the VMkernel interface used.[/su_note]

    to restart all management agents on the host, run the command:

    services.sh restart

    To restart the Management agents on ESXi Server – via the console:

    1.) Connect to the console of your ESX Server and press F2
    2.) Login as root and when using the Up/Down arrows navigate to Restart Management Agents.
    3.) Press Enter and press F11 to restart the services.
    4.) When the service has been restarted, press Enter. Then you can press Esc to logout of the system.

    Screen should be similar to:

    To restart the management agents on ESXi 4.x and 5.x:

    From Local Console or SSH:
    1. Log in to SSH or Local console as root.
    2. Run this command:
    /sbin/services.sh restart

    You can also check:  Service mgmt-vmware restart may not restart hostd (1005566).

    To restart the management agents on ESX Server 3.x, ESX 4.x:

    1. Login to your ESX Server as root from SSH session or directly from the console.
    2. Type service mgmt-vmware restart  and press Enter
      Make sure that automatic Startup/Shutdown of virtual machines is disabled before running this command otherwise you might reboot the virtual machines. See more at 103312
    3. Type service vmware-vpxa restart and press Enter.
    4. Type logout and press Enter to disconnect from the ESX Server.

    Successful output :

    Stopping vmware-vpxa: [ OK ]
Starting vmware-vpxa: [ OK ]

    This may also server as a solution for the error “Unable to access file since it is locked. An error occurred while consolidating disks: One or more disks are busy.”

  • Creating Security Groups for File Shares in Bulk using PowerShell

    Creating Security Groups for File Shares in Bulk using PowerShell

    Security Groups are great for managing large groups for permissions.  A client requested that they needed to have Read-Only, Read-Write, and Ready-Modify (allow for deleting) for all their file shares for better management.

    Getting the Share Names

    In order for me to create the groups I needed the share names. PowerShell to the rescue!

    Type the following on the File Server/ Cluster to list all the shares and capture the output in a text file:

    WmiObject -class Win32_Share -computer <yourfileserver.fqdn) | Out-File c:\scripts\shares.txt

    [su_note note_color=”#fafae8″]On your file-server you may have a lot of share but for example purposes I am showing just one.[/su_note]

    Output should be similar to:

    Cleaning up the Share Names

    Now that we have the Share names we need to do a bit of cleanup to avoid having duplicates.

    • We need to remove all entries for hidden shares “$”
    • We need to remove duplicates
    • We need to change the case of the share names to lower case. ( I prefer lowercase but you can decide to do what best fits your needs)

    Follow my guide to removing duplicates in a text file using NotePad++

    Once the sharenames are clean save it to a text file.

    Client Requirement for the Security Groups:

    For each file share there are three security groups needed:

    • <Sharename>_RO : Read-Only
    • <Sharename>_RW : Read & Write
    • <Sharename>_RM : Read & Modify

    For PowerShell to do this I needed to create a .CSV file with all the security group entries.  Now, there are many ways this can be done. I will share what I have been doing.

    Open up Microsoft Excel and copy the share on a column to the right (lets say K2)

    Now on Cell A2 your value should be =CONCATENATE(K2,”_RW”) and drag it down.

    It should look something like this:

    Do the same for RO & RM. Now you have all the security groups names you need to create.

    Create a file called FileShares_Groups.csv  using the following format.

    Create the file Create Security Groups for File Shares.ps1

    .NOTES
	File Name:
	Author: Mohammed Wasay
	Contact Info:
		Website:www.mowasay.com
		Twitter:@wasay
	Requires:
	Tested:
.PARAMETER
    None

.EXAMPLE
    .\Create Security Groups for File Shares.ps1
#>
#Import Active Directory Module
Import-Module ActiveDirectory

$csv = Import-Csv -Path "c:\scripts\FileShares_Groups.csv"

ForEach ($item In $csv)
    {
        $create_group = New-ADGroup -Name $item.GroupName -GroupCategory $item.GroupCategory -groupScope $item.GroupScope -Path $item.OU
        Write-Host -ForegroundColor Green "Group $($item.GroupName) created!"
    }

    Copy the two files: FileShares_Groups.csv & Create Security Groups for File Shares.ps1  into a folder called C:\scripts  on the Domain Controller.

    Run the PowerShell script and see the security groups get created.

     

     

  • Remove duplicates, blank lines, spaces, to get unique values and sort data in one operation

    Remove duplicates, blank lines, spaces, to get unique values and sort data in one operation

    From time to time I come across this need; where I need to scrub a file where there are duplicates, there are blank lines, the sort order is all wack, and it just needs to be formatted to where it can be more readable and/or usable.

    This method just doesn’t apply to text, but also applies to numbers.

    Software Prerequisites:

    • NotePad++
    • TextFX Characters Plug-in for NotePad++

    Enabling TextFX Characters Plug-in

    Install NotePad++ with all defaults

    Goto Plugins > Plugin Manager > Show Plugin Manager

    Install TextFX Characters Plugin

    Once successfully downloaded it will prompt for a restart.

    After a successful restart of the application you should now see the TextFX entry in the toolbar.

    Removing duplicates, blank lines, and sorting data

    • Paste the text into Notepad++ (CTRL+V). As you can see, there were lines and half of them were blank.

    • Mark all the text (CTRL+A). Click TextFX → Click TextFX Tools → Check +Sort outputs only UNIQUE (at column) lines (if not already checked).

    • Click TextFX → Click TextFX Tools → Click Sort lines case insensitive (at column)

    • Duplicates and blank lines have been removed and the data has been sorted alphabetically. (The first line that may appear empty contains a space, which is regarded as a character and is included in the list of unique data.)

    [su_tooltip position=”north” content=”Please check permissions on the files and folders. If you have unique or specialized permission on the file or folders these wont work.”]

    Changing to lowercase

    To change the text to lowercase Goto: TextFX > TextFX Characters > lower case[/su_tooltip]

    This has saved me a lot of time when working with IP addresses or cleaning up text.

     

  • A chart describing CIDR subnets

    A chart describing CIDR subnets

    Admins need to understand some basic networking concepts like CIDR. These are needed when working with AntiSpam & Archiving providers. Here is a simple chart describing the CIDR subnets.

    32 = X-network-bits + Y-host-bits
Addresses = 2 ^ Y-host-bits
--------------------------------------------------------------
CIDR        Total number    Network             Description:
Notation:   of addresses:   Mask:
--------------------------------------------------------------
/0          4,294,967,296   0.0.0.0             Every Address
/1          2,147,483,648   128.0.0.0           128 /8 nets
/2          1,073,741,824   192.0.0.0           64 /8 nets
/3          536,870,912     224.0.0.0           32 /8 nets
/4          268,435,456     240.0.0.0           16 /8 nets
/5          134,217,728     248.0.0.0           8 /8 nets
/6          67,108,864      252.0.0.0           4 /8 nets
/7          33,554,432      254.0.0.0           2 /8 nets
/8          16,777,214      255.0.0.0           1 /8 net
--------------------------------------------------------------
/9          8,388,608       255.128.0.0         128 /16 nets
/10         4,194,304       255.192.0.0         64 /16 nets
/11         2,097,152       255.224.0.0         32 /16 nets
/12         1,048,576       255.240.0.0         16 /16 nets
/13         524,288         255.248.0.0         8 /16 nets
/14         262,144         255.252.0.0         4 /16 nets
/15         131.072         255.254.0.0         2 /16 nets
/16         65,536          255.255.0.0         1 /16
--------------------------------------------------------------
/17         32,768          255.255.128.0       128 /24 nets
/18         16,384          255.255.192.0       64 /24 nets
/19         8,192           255.255.224.0       32 /24 nets
/20         4,096           255.255.240.0       16 /24 nets
/21         2,048           255.255.248.0       8 /24 nets
/22         1,024           255.255.252.0       4 /24 nets
/23         512             255.255.254.0       2 /24 nets
/24         256             255.255.255.0       1 /24
--------------------------------------------------------------
/25         128             255.255.255.128     Half of a /24
/26         64              255.255.255.192     Fourth of a /24
/27         32              255.255.255.224     Eighth of a /24
/28         16              255.255.255.240     1/16th of a /24
/29         8               255.255.255.248     5 Usable addresses
/30         4               255.255.255.252     1 Usable address
/31         2               255.255.255.254     Unusable
/32         1               255.255.255.255     Single host
--------------------------------------------------------------

    In networks larger than a /31, one address is used for the network number, another for the broadcast address, and generally another as the default gateway for routing to other networks. A /29 may cover a range of 8 addresses, but only 5 of them can be used as host endpoints. A /30 has only 1 usable address.

    Network:   192.168.1.0/30
Gateway:   192.168.1.1
Usable:    192.168.1.2
Broadcast: 192.168.1.3

Network:   192.168.1.0/29
Gateway:   192.168.1.1
Usable:    192.168.1.2-6
Broadcast: 192.168.1.7
  • Delete Files and Folders Older Than X Days

    Delete Files and Folders Older Than X Days

    Often times admin have to creates tasks like removing log files or some other files on a regular schedule. Here is an automated way of removing files / folders older than X days.

    Create a Batch file or Powershell script and add it to scheduled task.

    [su_tooltip position=”north” content=”Here’s what all of those funky switches do. The first two arguments are for the InstallShield application, setup.exe. /S requests a silent installer, and /v lets the application know that you’re going to pass switches directly to the MSI. This is why the command structure after the /v is enclosed in double quotes. The /qn portion is MSI-speak for no user interface, while the REBOOT=R portion is toReallySupress the reboot. ADDLOCAL is describing what features to install locally, while REMOVE states to toss out the HGFS (Shared Folders) feature. This way ensures that new features will be added without having to call them all out in a list.”]Please check permissions on the files and folders. If you have unique or specialized permission on the file or folders these wont work.[/su_tooltip]

    Batch File:

    @echo off
:: set folder path
set dump_path=c:\shares\dump

:: set min age of files and folders to delete
set max_days=7

:: remove files from %dump_path%
forfiles -p %dump_path% -m *.* -d -%max_days% -c "cmd  /c del /q @path"

:: remove sub directories from %dump_path%
forfiles -p %dump_path% -d -%max_days% -c "cmd /c IF @isdir == TRUE rd /S /Q @path"

    Powershell:

    # set folder path
$dump_path = "C:\shares\dump"

# set min age of files
$max_days = "-7"
 
# get the current date
$curr_date = Get-Date

# determine how far back we go based on current date
$del_date = $curr_date.AddDays($max_days)

# delete the files
Get-ChildItem $dump_path -Recurse | Where-Object { $_.LastWriteTime -lt $del_date } | Remove-Item

     

  • Set password never to expire for users in a particular domain (Bulk mode)

    Set password never to expire for users in a particular domain (Bulk mode)

    Let me start by saying that I don’t recommend doing this at all.

    Password Never Expires is bad security practice, but there are situations that might require it.

    I had a similar request on how this could be done.

    Setting it for multiple users:

    #Connect of Office365
Import-Module MSOnline
$O365Cred = Get-Credential
$O365Session = New-PSSession –ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $O365Cred -Authentication Basic -AllowRedirection
Import-PSSession $O365Session
Connect-MsolService –Credential $O365Cred 

#Get a List of user that belong to the second domain
$SDusers = Get-MsolUser -All -DomainName "yourseconddomain.com"

#Setting the password never to expire
ForEach($SDuser in $SDusers)
{
    Set-MsolUser -UserPrincipalName $SDuser -PasswordNeverExpires $true
}

    Setting it for a single user:

    Get-MSOLUser -UserPrincipalName [email protected] | Select PasswordNeverExpires

     

  • Get PasswordAge for users in a particular domain

    Get PasswordAge for users in a particular domain

    In Office365 if you have more than one domain in a subscription, there are times where you may want to get the password age for users of that domain.

    In my case to check which users are covered and meeting policy and get the users addressed.

    Get-MsolUser -All -DomainName "yourdomainname.com" | select DisplayName, LastPasswordChangeTimeStamp,@{Name=”PasswordAge”;Expression={(Get-Date)-$_.LastPasswordChangeTimeStamp}}

    The output will be similar to:

  • How to force update GlobalAddressList in Office 365?

    How to force update GlobalAddressList in Office 365?

    This post explains how to manually force and update the global address list in Office 365.

    Updating the global address list requires to have the Address List Management role. By default, nobody has this role.

    1. Assign the AddressList Management role

      • Login with your administrator account to the Office 365 portal.
      • Go to Exchange Admin center, Permissions and admin roles.
      • Create a new role group and assign the AddressList role.addresslistrole

    2. Update the AddressList

    Once you have the AddressList role assigned, you can use the powershell commands to update the address list. You will have to wait for sometime until the new cmdlets are available.

    • First thing, logon to Exchange online using PowerShell.
    • $UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session
    • Run the command Get-AddressList and verify that it’s working. (This may take some to work after creating the role)
    • RunSet-AddressList -Identity “All users”
    • Your address book is now updated

  • Remove disabled users from Distribution Lists & Security Groups in Active Directory

    One of my clients had several disabled users showing up in distribution lists and security groups and this was creating unnecessary noise in email, alerts, etc. I highly encourage all administrators to keep their AD neat and tidy.

    The following PowerShell script searches for disabled users in Groups and Distribution Groups and removes them:

    # This script removes all disabled users from all security and distribution groups in the specified "searchOU"

Import-Module ActiveDirectory

$searchOU = "OU=Groups,DC=domain,DC=local"

$adgroup = Get-ADGroup -Filter 'GroupCategory -eq "Security" -or GroupCategory -eq "Distribution"' -SearchBase $searchOU
$adgroup | ForEach-Object{ $group = $_
	Get-ADGroupMember -Identity $group -Recursive | %{Get-ADUser -Identity $_.distinguishedName -Properties Enabled | ?{$_.Enabled -eq $false}} | ForEach-Object{ $user = $_
		$uname = $user.Name
		$gname = $group.Name
		Write-Host "Removing $uname from $gname" -Foreground Yellow
		Remove-ADGroupMember -Identity $group -Member $user -Confirm:$false
	}
}

    Hope this helps!

  • Configure SNMP on an ESXi Host or multiple Hosts

    Recently I needed to configure all of our 40 or so ESXi hosts to forward SNMP traps to our corporate monitoring solution. This meant enabling and configuring SNMP on each of the hosts. Naturally, I wrote a script for this as 40 hosts is way too many to do manually.

    This article shows you how configure SNMP on an ESXi host manually, via PowerCLI and via host profiles.

    Option 1: Manually via Command Line

    This is the most boring approach and should really only be used if you only have a few ESXi hosts to do, or if you really like doing things manually 🙂

    1. Start the SSH service on the ESXi host (Configuration >> Software >> Security Profile >> Services)
    2. SSH into host (using putty or something similar)
    3. Run the following to configure SNMP settings, enable SNMP in the firewall and start the SNMP agent: 
      esxcli system snmp set --communities 
esxcli system snmp set --targets 
esxcli system snmp set --enable true

esxcli network firewall ruleset set --ruleset-id snmp --allowed-all true
esxcli network firewall ruleset set --ruleset-id snmp --enabled true

/etc/init.d/snmpd restart

      Note 1: Replace <COMMUNITY_STRING> with the community string for your monitoring solution.

      Note 2: Replace <TARGET_STRING> with the target string that maps to your environment, in the format of target_address@port/community_string.

      Option 2: Manually via PowerCLI

      Option number 2 is to use PowerCLI to configure SNMP on an ESXi host. The following script is how to do this on a single host. To configure SNMP on an whole bunch of ESXi hosts, see option 3 below.

      #Script Variables
$sESXiHost = ''
$sCommunity = ''
$sTarget = ''
$sPort = ''

#Connect to ESXi host
Connect-VIServer -Server $sESXiHost

#Clear SNMP Settings
Get-VMHostSnmp | Set-VMHostSnmp -ReadonlyCommunity @()

#Add SNMP Settings
Get-VMHostSnmp | Set-VMHostSnmp -Enabled:$true -AddTarget -TargetCommunity $sCommunity -TargetHost $sTarget -TargetPort $sPort -ReadOnlyCommunity $sCommunity

#Get SNMP Settings
$Cmd= Get-EsxCli -VMHost $sESXiHost
$Cmd.System.Snmp.Get()

      Note: Prior to being able to use the script above, ensure you configure the following variable values:

      • <ESXI_HOST> – The FQDN or the IP address of the ESXi host you want to enable SNMP on.
      • <COMMUNITY> – This is the community string you require for your environment (same as in option 1 above).
      • <TARGET> – This is the FQDN or IP address of the target you want to send the SNMP traps to. Note: THIS IS NOT A TARGET STRING as in option 1. In this instance you ONLY need the FQDN or IP address. The @port and the community_string will be added automatically by the Set-VMHostSnmp cmdlet.
      • <PORT> – The port you require SNMP traps to be sent on.

    Option 3: Automatically via PowerCLI

    If you have to configure SNMP for more than just a handful of ESXi hosts, then it is worth automating the entire process through a PowerCLI script. The logic around enabling SNMP on the ESXi host is the same as in option 2 above, with some additional logic around this to enumerate and complete the process on all ESXi Hosts.

    Here is a script that will connect to a vCenter Server, get a list of all ESXi Hosts and then configure SNMP on each ESXi host:

    #requires -version 4
<#
.SYNOPSIS
  Configure SNMP Settings on ESXi Hosts

.DESCRIPTION
  Connect to vCenter Server and configure all ESXi hosts with SNMP settings

.PARAMETER None

.INPUTS Server
  Mandatory. The vCenter Server or ESXi Host the script will connect to, in the format of IP address or FQDN.

.INPUTS Credentials
  Mandatory. The user account credendials used to connect to the vCenter Server of ESXi Host.

.OUTPUTS Log File
  The script log file stored in C:\Windows\Temp\Set-HostSNMP.log.

.EXAMPLE
  .\Set-HostSNMP.ps1
#>

#---------------------------------------------------------[Initialisations]--------------------------------------------------------

#Set Error Action to Silently Continue
$ErrorActionPreference = 'SilentlyContinue'

#Dot Source required Function Libraries
. 'C:\Scripts\Logging_Functions.ps1'

#Add VMware PowerCLI Snap-Ins
Add-PSSnapin VMware.VimAutomation.Core

#----------------------------------------------------------[Declarations]----------------------------------------------------------

#Script Version
$sScriptVersion = '1.0'

#Log File Info
$sLogPath = 'C:\Windows\Temp'
$sLogName = 'Set-HostSNMP.log'
$sLogFile = Join-Path -Path $sLogPath -ChildPath $sLogName

#SNMP Settings
$global:sCommunity = '<COMMUNITY>'
$global:sTarget = '<TARGET>'
$global:sPort = '<PORT>'

#-----------------------------------------------------------[Functions]------------------------------------------------------------

Function Connect-VMwareServer{
  Param([Parameter(Mandatory=$true)][string]$VMServer)

  Begin{
    Log-Write -LogPath $sLogFile -LineValue "Connecting to VMware environment [$VMServer]..."
  }

  Process{
    Try{
      $oCred = Get-Credential -Message 'Enter credentials to connect to vSphere Server or Host'
      Connect-VIServer -Server $VMServer -Credential $oCred
    }

    Catch{
      Log-Error -LogPath $sLogFile -ErrorDesc $_.Exception -ExitGracefully $True
      Break
    }
  }

  End{
    If($?){
      Log-Write -LogPath $sLogFile -LineValue 'Completed Successfully.'
      Log-Write -LogPath $sLogFile -LineValue ' '
    }
  }
}

Function Start-ScriptExecution{
  Param()

  Begin{
    Log-Write -LogPath $sLogFile -LineValue 'Enumerating ESXi Hosts and setting SNMP configuration...'
  }

  Process{
    Try{
      #Get list of all ESXi hosts in connected environment
      $ESXHosts = Get-VMHost

      ForEach($ESXHost in $ESXHosts){
        Set-SNMPSettings -ESXHost $ESXHost
      }
    }

    Catch{
      Log-Error -LogPath $sLogFile -ErrorDesc $_.Exception -ExitGracefully $True
      Break
    }
  }

  End{
    If($?){
      Log-Write -LogPath $sLogFile -LineValue ' '
      Log-Write -LogPath $sLogFile -LineValue 'Completed Successfully.'
      Log-Write -LogPath $sLogFile -LineValue ' '
    }
  }
}

Function Set-SNMPSettings {
  Param([Parameter(Mandatory=$true)][string]$ESXHost)

  Begin{
    Log-Write -LogPath $sLogFile -LineValue ' '
    Log-Write -LogPath $sLogFile -LineValue "  $ESXHost - Configuring SNMP Settings"
  }

  Process{
    Try{       
      #Clear existing SNMP Configuration
      Get-VMHostSnmp -Server $ESXHost | Set-VMHostSnmp -ReadonlyCommunity @()

      #Add new SNMP Configuration
      Get-VMHostSnmp -Server $ESXHost | Set-VMHostSnmp -Enabled:$true -AddTarget -TargetCommunity $global:sCommunity -TargetHost $global:sTarget -TargetPort $global:sPort -ReadOnlyCommunity $global:sCommunity
    }

    Catch{
      Log-Error -LogPath $sLogFile -ErrorDesc "  $ESXHost - An error has occurred" -ExitGracefully $False
    }
  }

  End{
    If($?){
      Log-Write -LogPath $sLogFile -LineValue "  $ESXHost - Completed Successfully"
    }
  }
}


#-----------------------------------------------------------[Execution]------------------------------------------------------------

Log-Start -LogPath $sLogPath -LogName $sLogName -ScriptVersion $sScriptVersion
$Server = Read-Host 'Specify the vCenter Server or ESXi Host to connect to (IP or FQDN)?'
Connect-VMwareServer -VMServer $Server
Start-ScriptExecution
Log-Finish -LogPath $sLogFile

    Note: Similar to option 2 above, you will need to configure the following variables first:

    • <COMMUNITY> – This is the community string you require for your environment (same as in option 1 above).
    • <TARGET> – This is the FQDN or IP address of the target you want to send the SNMP traps to.[su_note note_color=”#fafae8″]Note: THIS IS NOT A TARGET STRING as in option 1. In this instance you ONLY need the FQDN or IP address. The @port and the community_string will be added automatically by the Set-VMHostSnmp cmdlet. [/su_note]
    • <PORT> – The port you require SNMP traps to be sent on.

    Option 4: Automatically via Host Profiles

    Finally, if you are lucky enough to be running Enterprise Plus licensing, then you will have the ability to use Host Profiles. This allows you to configure SNMP within the host profile and then just apply that profile to all of your ESXi hosts.

    Follow these steps to add the SNMP configuration into an existing Host Profile:

    1. From the VI Client, navigate to Management >> Host Profiles
    2. Select the profile you want to add the SNMP settings and click Edit Profile
    3. Expand the SNMP Agent Configuration policy and select SNMP Agent Configuration
    4. In the Configuration Details pane, complete the followng:
      • Enable or Disable agent: Ticked
      • IP/UDP Port: The port you require SNMP traps to be sent on
      • SNMP Community String: The community string for your environment
      • Notification Receiver: The target string that maps to your environment, in the format of target_address@port/community_string
    5. Click OK to save changes
    6. For each ESXi host attach and apply the profile (Note: An ESXi host needs to be in maintenance mode to be able to apply the host profile)

    And that concludes how to configure SNMP on a ESXi host.

    Source