Windows Server Hybrid Administrator Associate certification

Microsoft announced the addition of the Windows Server Hybrid Administrator Associate certification to our portfolio, to be released in early December 2021. This new certification validates the skills of administrators working in hybrid environments.

Administrators in this role support their teams and organizations using Windows Server—both in the cloud and on-premises/

The Windows Server Hybrid Administrator Associate certification

You’ll need to pass two exams to earn this certification. These exams, Exam AZ-800 (beta): Administering Windows Server Hybrid Core Infrastructure and Exam AZ-801 (beta): Configuring Windows Server Hybrid Advanced Services, will be available in early December 2021.

SD Card Boot issue Solution in ESXi 7.x

Issue The host goes into an un-responsive state due to: “Bootbank cannot be found at path ‘/bootbank” and boot device is in an APD state.

This issue is seen due to the boot device failing to respond & enter APD state (All paths down). Some cases, Host goes to non-responsive state & shows disconnected from vCenter.

As of 7.0 Update 1, the format of the ESX-OSData boot data partition has been changed. Instead of using FAT it is using a new format called VMFS-L. This new format allows much more and faster I/O to the partition. The level of read and write traffic is overwhelming and corrupting many less capable SD cards.

The action plan for future resolution would be to replace the SD card/s with a capable device/disk. Per the best practices mentioned on Installation guide.

The version 7.0 Update 2 VMware ESXi Installation and Setup Guide, page 19, specifically says “As even read-only workloads can cause problems on low-end flash devices, you should install ESXi only on high-endurance flash media“.

https://docs.vmware.com/en/VMware-vSphere/7.0/vsphere-esxi-702-installation-setup-guide.pdf

You can also refer to the below KB:

Reference: https://kb.vmware.com/s/article/83376?lang=en_US

Resolution

VMware engineering has a fix that will be in the next release.  Planned for July 2021.

https://communities.vmware.com/t5/ESXi-Discussions/SD-Boot-issue-Solution-in-7-x/m-p/2852027

https://www.provirtualzone.com/vsphere-7-update-2-loses-connection-with-sd-cards-workaround/

HPE Oneview Powershell Clear Alerts

You need: https://github.com/HewlettPackard/POSH-HPOneView/wiki

################################################################
#
#Naam:              Oneview Clear Alarms
#Version:           0.1
#Author:            Ward Vissers
################################################################

 

# Adding PowerCLI core snapin, also check if powerCLI module is alsready added

if (!(get-module -name HPOneView.400 -erroraction silentlycontinue)) {
import-module HPOneView.400 | out-null
}

 

$oneviewserver = “oneview.wardvissers.nl”
Connect-HPOVMgmt -Hostname $oneviewserver
Get-HPOVAlert | Set-HPOVAlert -Cleared
Get-HPOVAlert -State Active | Set-HPOVAlert -Cleared

PowerCLI Move All VM’s to other Host

################### Config ##################################

$SourceVC = “vcenter.wardvissers.nl

################## PASSWORD STORE #########################

#Username

# Check if credentials exist in credential store if not ask for credentials and put them in credential store

 

If ((Get-VICredentialStoreItem).host -notcontains $SourceVC) {New-VICredentialStoreItem -Host $SourceVC -User $env:USERNAME -Password ((get-credential).GetNetworkCredential().Password)}

 

# Remove-VICredentialStoreItem * -Confirm:$false

 

#################### END INIT ####################################

 

#Login to vCenter servers

if (($global:DefaultVIServers).Name -notcontains $SourceVC) {

 

#SourceVC

$ConnectVC = Connect-VIServer $SourceVC

 

# Get-Cluster –Name $DestinationCluster –Server $DestinationVC | Get-VMhost -State Connected | Sort-Object -Property MemoryUsageGB | Select-Object -First 1

 

$ESXiHostSrc = “esx01.wardvissers.nl”

$ESXiHostDst = “esx02.wardvissers.nl”

$vmList = Get-VMHost $ESXiHostSrc | Get-VM

$vmList | move-vm -destination (get-vmhost $ESXiHostDst)

}

PowerCLI move Multiple VM’s to a VM Folder

$DestinationVC = “vcenter.wardvissers.nl”

Connect-VIServer $DestinationVC

#Optie 1

$vmfolder = “Applicatie Servers”

$tempvms = Get-VM | where {$_.Folder -match ‘vm’}

foreach ($tempvm in $tempvms){

$DestinationHost = Get-VM $tempvm | Get-VMhost

Move-VM -VM $tempvm -InventoryLocation $vmfolder -Destination $DestinationHost -ErrorAction Stop

}

#Optie 2

# Get-VM | where {$_.Folder -match ‘vm’} | Move-VM -InventoryLocation “Diverse Applicatie Servers”

Deploy Multi VM’s based on Windows Template

I love powershell. I created a little script to deploy multi VM based on a Windows Template throug CSV file.

It’s create a computer account at the specfified ou. He greates also a Domain Local Group for management. (It used in the customization not specified here)

TempVMlist.csv

server,cpu,memory,DestinationCluster,OSCustomizationSpec,VMtemplate,adgroup

WARDTEST01,2,8,CLUSTER01,W2012R2_Demo,TPL_W2012R2_STD,ServerAdmin

MultiVM.ps1

#Filename: MultiVM.ps1

#Author: W. Vissers

#Source:

#Version: 1.1

#Date: 08-05-2018

#ChangeLog:

# V1.0 – Module Active Directory

#      – Module VMware PowerCli

#      – Active Directory Computer Account, Group

#      – Host Selected from Cluster with Least Memory

#      – Storage selection based on volume with most free space

# V1.1 – Added Harddisk 1&2

#      – Changed porte group other vlan

#

<#

.SYNOPSIS

Script to create a virtual machine from template

.DESCRIPTION

Script to create a virtual machine from template

.EXAMPLE

MultiVM.ps1

#>

################################## INIT #################################################

# LoadModule Active Directory

if (!(Get-Module “activedirectory”)) {Import-module activedirectory}

Else {Write-Host “Module Active Directory is al ready loaded”}

# LoadModule VMware PowerCLI

# if (!(Get-Module “VMware.PowerCLI”)) {

#    Find-Module VMware.PowerCLI

#    Install-Module -Name VMware.PowerCLI -Scope CurrentUser

#}

#Else

# {

# Write-Host “Module PowerCLI is al ready loaded”

# }

#Config

$ouservers=”OU=Servers,DC=wardvissers.nl,DC=nl”

$ougroup=”OU=GroepObjecten,DC=wardvissers,DC=nl”

$folder=”Applicatie Servers”

$DestinationVC =”vcenter01.wardvissers.nl

#Username

if (!$username ) { $username = Read-Host “Give vCenter username ‘wardvissers\admin'”}

#Password

if ( -NOT $Password ) {

$PasswordSec = Read-Host “Give vCenter password” -AsSecureString

$Password = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($PasswordSec))

}

#Connect vCenter

$ConnectVC = Connect-VIServer $DestinationVC -Username $Username -Password $Password -AllLinked

$AllVMs = @()

$AllVMs = Import-Csv “D:\TempVMlist.csv”

foreach ($vm in $AllVMs) {

#Haal De Gegevens op

$server=$($vm.server)

$memory=$($vm.memory)

$cpu=$($vm.cpu)

$DestinationCluster=$($vm.DestinationCluster)

$OSSpec=”$($vm.OSCustomizationSpec)”

$VMtemplate=$($vm.VMtemplate)

$group=$($vm.adgroup)

$harddisk1=$($vm.harddisk1)

$harddisk2=$($vm.harddisk2)

Write-Host “$server heeft $memory GB memory en $cpu cpu(‘s)”

if ($server.length -gt 15) {

Write-Output “Hostname cannot contain more than 15 characters.”

$server = Read-Host “Re-enter hostname for host $server”}

Else

{

Write-Host “Server is umc server”

#Maak AD Groep aan en Computer Account

New-ADComputer -Name $server -Path $ouservers -Enabled $true

New-ADGroup -Name “DLG.$server” -SamAccountName “DLG.$server” -GroupCategory Security -GroupScope DomainLocal -DisplayName “DLG.$server” -Path $ougroup

Add-ADGroupMember -Identity “DLG.$server” -Members $group

}

# Rol server uit van Template

# Select the host with the less used memory

$DestinationHost = Get-Cluster –Name $DestinationCluster –Server $DestinationVC | Get-VMhost -State Connected | Sort-Object -Property MemoryUsageGB | Select-Object -First1

# Select DataStore with the most free space and not in maintance

$destinationDatastore = Get-Cluster $DestinationCluster | Get-Datastore | Where {$_.State -ne “Maintenance”} | Sort-Object -Property FreeSpaceGB -Descending | Select-Object -First 1

# Finally, I deploy my VM with the New-VM cmdlet using my template and OS specs. I place the VM on the ESXi host and store the VM on the datastore.

New-VM -Name $server -Template $VMTemplate -OSCustomizationSpec $OSSpec -VMHost $DestinationHOST -Datastore $DestinationDatastore -Location $folder

Get-VM $server | Set-VM -NumCpu $cpu -MemoryGB $memory -Confirm:$false

if ($harddisk1 -gt 60){Get-HardDisk -vm $server | Where {$_.Name -eq “Hard disk 1”} | Set-HardDisk -CapacityGB $harddisk1 -Confirm:$false}

if ($harddisk2 -gt 20) {Get-HardDisk -vm $server | Where {$_.Name -eq “Hard disk 2”} | Set-HardDisk -CapacityGB $harddisk2 -Confirm:$false}

Get-VM $server | Start-VM -Confirm:$false

Get-VM $Server | Get-NetworkAdapter | Set-NetworkAdapter -Connected $true -Confirm:$false

}

If you can‘t send an email with iOS 11 and an Outlook.com or Exchange mail account

You might not be able to send email with an Outlook.com, Office 365, or Exchange account until you update to iOS 11.0.1.

If your email account is hosted by Microsoft on Outlook.com or Office 365, or an Exchange Server 2016 running on Windows Server 2016, you might see this error message when you try to send an email with iOS 11: “Cannot Send Mail. The message was rejected by the server.”

To fix the issue, update to iOS 11.0.1 or later.

Critical vulnerability in HPE Integrated Lights-out 4 (iLO 4) 2.53 and previous versions

I wrote a script to do a simple ILO upgrade.

Download the latest firmware HERE

Download HPE Powershell module HERE

Find-HPiLO XXX.XXX.XXX.XXX-(Subnet Mask) | Where {$_.FWRI -lt 2.54 -AND $_.PN -like “*iLO 4*”} | Select -ExpandProperty HOSTNAME | Out-File c:\temp\ilo4.txt
$server = get-content c:\temp\ilo4.txt
$username = “Administrator”
$ilocreds = read-host “Please enter your password”
Update-HPiLOFirmware -Server $server -username $username -password $ilocreds  -Location X:\HP\ILO\ilo4_254.bin

Important update for Azure Active Directory Connect – Version 1.1.553.0

Microsoft released Azure Active Directory Connect version 1.1.553.0 on June 26, 2017. More importantly, they published an important security advisory one day later.

Microsoft Security Advisory 4033453 – Vulnerability in Azure AD Connect Could Allow Elevation of Privilege explains,

The [ADD Connect version 1.1.553.0] update addresses a vulnerability that could allow elevation of privilege if Azure AD Connect Password writeback is misconfigured during enablement. An attacker who successfully exploited this vulnerability could reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts. The issue is addressed in the latest version (1.1.553.0) of Azure AD Connect by not allowing arbitrary password reset to on-premises AD privileged user accounts.

Microsoft highly recommends all customers update to version 1.1.553.0 or later to mitigate this vulnerability, even if you don’t use the optional password writeback feature. If you are unable to update immediately, the article above describes mitigation steps you can consider.

  • If the AD DS account is a member of one or more on-premises AD privileged groups, consider removing the AD DS account from the groups.
  • If an on-premises AD administrator has previously created Control Access Rights on the adminSDHolder object for the AD DS account which permits Reset Password operation, consider removing it.
  • It may not always be possible to remove existing permissions granted to the AD DS account (for example, the AD DS account relies on the group membership for permissions required for other features such as Password synchronization or Exchange hybrid writeback). Consider creating a DENY ACE on the adminSDHolder object which disallows the AD DS account with Reset Password permission using Windows DSACLS tool.

Expta

Translate »