The Practical Administrator

Remediate this host…

2018-07-202008-07-21 by Andrew Sullivan

You’re going to update my what?

With the release of ESX 3.5 and VirtualCenter Server 2.5, VMware also released Update Manager. Update Manager is a neat concept…download Windows, windows programs (e.g. firefox, adobe reader, etc), RHEL, and ESX (3.5 only) updates to the update host, then let VirtualCenter Server apply the updates. I can see where the ESX updates would be valuable, however I think any IT department big enough to support a large number of Windows VMs is already going to have a method of deploying updates (i.e., SMS, or whatever you windows admins use). Same for linux shops. So those updates, in my opinion, aren’t as valuable to the enterprise. I do see where small-to-medium businesses, especially those with a very small IT department, would want the advantage of having updates deployed to all VMs via a product they’ve already purchased (ESX) rather than having to buy another MS product (SMS, etc).

ESX is different however. Previously, there was no VMware product (to my knowledge) that allowed for automated update of the ESX hosts. There were some fantastic utilities that were published by the community, but there was no VMware product.

Well, that has changed. Once the Update Manager is installed, you simply tell it to update it’s database and download the updates.

Or is it so simple… What if you are not connected to the internet? What if you are on an isolated network? Well, VMware has what’s called the Update Manager Download Service.

No wireless networks detected…

2018-07-202008-07-18 by Andrew Sullivan

I use VMware server on my computers at home. Both of my current systems run Fedora 8, kernel 2.6.25.6-27. I say this because on my laptop I couldn’t configure a VM to use bridged network mode when wlan0 was the only active interface.

After a lot of googling, I came across this post. The post is almost entirely in german, however there is an abbreviated version somewhere in the middle in english.

Normally, I wouldn’t go any further than posting a link, however while I was reviewing some links on my del.icio.us account, I clicked the above, and discovered that the site has a tremendous number of errors. This is bad. It usually means that the site is not well maintained and not long for the internet.

Additionally, the patch that’s posted is slightly out of date. So, I’ve created an updated patch, and I’m going to post some instructions in english here.

sudo, let me log you doing something stupid

2018-07-202008-07-17 by Andrew Sullivan

Allow me to step on my security soap box for a moment. I’ve seen in many places around the internet where bloggers will recommend, and explain how, to enable root to login to the console via ssh. I can not tell you enough how bad this is. An attacker no longer needs to guess two passwords to gain root access to the system, but, rather, only one. It is much, much more secure to disallow root access.

Access to the console operating system of ESX should be limited to the absolute minimum. Only users who absolutely need it, and know what they’re doing, should be able to login. From the console, the user has access to all of the configuration and datafiles for virtual machines. With the built-in tools provided by VMware, administrators can mount vmdk files and gain read/write access to a virtual machine’s hard drive. Additionally, because nearly all aspects of the virtual networking configuration can be changed from the console operating system, anyone with access can gain the ability to see all network traffic traveling to and from virtual machines.

Ok, less words, more action…

Ugh, Active Directory…oh, and ESX integration

2018-07-202008-07-17 by Andrew Sullivan

I am, by no stretch of the imagination, a windows administrator. However, I do know a good thing when I see it. I don’t care for a good number of things Microsoft does (Internet Explorer….), however AD is one of the best things they’ve done, well ever.

Not only can I utilize AD logins for web apps (of any language…php, python, perl, etc), but ESX’s console operating system plays quite nicely with AD as well.

VMware has published a document about how to get it working here. However, it’s quite easy:

-whatif, I don’t use it…

2015-12-212008-07-15 by Glenn

Thank you PowerShell team, thank you quest!!!

Long story short, I tapped the up arrow one too many times. Had I not tacked on a last second -whatif. I would have reset the password on 20,000+ user accounts. OUCH!

Tack it on early and often! No matter how comfortable you may be. The truth is PowerShell is so damn powerful it must be treated with great respect, and a small amount of fear. Mistakes here can REALY mess stuff up. The PowerShell team gave us the tools to cover our butts, use them!

~Glenn

ConfigMgr 2007 SP1 downloading prerequisite components

2015-12-212008-07-14 by Glenn

Shaun Cassell does a very nice job explaining what can go wrong HERE. One thing he doesn’t spell out is that you cannot have ANY spaces. For those of you who don’t know, when you install/upgrade ConfigMgr 2007. The setup wizard actually has to contact MS servers to download required components. You can do this ahead of time by running.

<path>setup.exe /download <path>

If you run the above command and nothing happens.. goto %SYSTEMDRIVE%ConfigMgrSetup.txt, if that log file contains.

<07-13-2008 10:02:24> Download folder F:SCCMUPDATES” does not exist
<07-13-2008 10:02:24> Failed to download prerequisite components (0x80070003)

Stop… you have spaces somewhere, the most sure fire way around this is to map a drive. Map a drive to the source and target destination folders. Furthermore if you start downloading updates, and it “fails” check your destination. If any updates at all have successfully downloaded. Start it back up, that is a network timeout.

p class=”headermaintitle”>Will work:
\servershareSCConfigMgr07SMSSETUPBINI386setup.exe /download c:SCCMUpdates
D:SCConfigMgr07SMSSETUPBINI386setup.exe /download c:SCCMUpdates
S:setup.exe /download T:

p class=”headermaintitle”>Will NOT work:
\serversome shareSCConfigMgr07SMSSETUPBINI386setup.exe /download c:SCCMUpdates
D:SCConfigMgr07SMSSETUPBINI386setup.exe /download c:SCCM Updates

OR… A little POSH goodness. Before I figured out what was going on. I wrote this quick Powershell script to download them for me. 😉

$manifestturl = 'http://go.microsoft.com/fwlink/?LinkId=104106'

function Download-File ([string]$URL,[string]$savepath)
{
    $web = New-Object System.Net.WebClient
    $web.headers.Add("User-agent", "Powershell")
    $web.DownloadFile($URL,$savepath)
}

function Get-SCCMPrereq
{
    param([string]$path, [switch]$verbose)
    $holdverbose = $VerbosePreference

    if ($verbose) { $VerbosePreference = 'Continue'}

    if ((Test-Path $path) -ne $TRUE) {
    <span style="white-space:pre">  </span>Write-Verbose "$path not found, Attempting to create it."
        mkdir $path | Out-Null
    }

    $tempdir = ([system.IO.Path]::GetTempFileName()).Replace('.tmp',''); mkdir $tempdir | out-null
    Write-Verbose "Downloading ConfigMgr.manifest.cab"

    Download-File $manifestturl "$($path)ConfigMgr.Manifest.cab"
    Write-Verbose "Decompressing ConfigMgr.manifest.cab"
    $destFolder = $((new-object -com Shell.Application).NameSpace($tempdir))
    $destFolder.CopyHere((new-object -com Shell.Application).NameSpace("$($path)ConfigMgr.Manifest.cab").items())
    [xml]$configManifest = gc "$($tempdir)ConfigMgr.Manifest.xml"

    #process the ConfigMgr.Manifest.xml
    $manifest = $configManifest.SCCM2007.Group | % { $_.File } | % {
        $obj = New-Object PSObject
        $obj | Add-Member NoteProperty "URL" $_.Source
        $obj | Add-Member NoteProperty "File" $_.CopyName
        $obj | Add-Member NoteProperty "MD5" $_.MD5
        Write $obj
    }
    $manifest | foreach-object -begin {clear-host;$i = 0} `
    -process {
        Download-File $_.URL "$($path)$($_.File)" ; `
        $i = $i + 1;`
         write-progress -activity "Downloading ConfigMgr Prerequisits" `
        -status "Progress:" -currentOperation $_.file -percentcomplete ($i / $manifest.count * 100) `
    } `
    -end {
        if ((((ls 'C:SCCM_UPDATES').count) - 1) -eq $manifest.count){
            Write-Host "Operation Completed Successfully $i out of $($manifest.count) Downloaded."
        } else {
            Write-error "ERROR only $i out of $($manifest.count) Successfully downloaded."
        }
    }
}

get-sccmprereq 'C:SCCM_UPDATES' -verbose

$manifestturl = 'http://go.microsoft.com/fwlink/?LinkId=104106'

function Download-File ([string]$URL,[string]$savepath)

{

$web = New-Object System.Net.WebClient

$web.headers.Add("User-agent", "Powershell")

$web.DownloadFile($URL,$savepath)

}

function Get-SCCMPrereq

{

param([string]$path, [switch]$verbose)

$holdverbose = $VerbosePreference

if ($verbose) { $VerbosePreference = 'Continue'}

if ((Test-Path $path) -ne $TRUE) {

<span style="white-space:pre"> </span>Write-Verbose "$path not found, Attempting to create it."

mkdir $path | Out-Null

}

$tempdir = ([system.IO.Path]::GetTempFileName()).Replace('.tmp',''); mkdir $tempdir | out-null

Write-Verbose "Downloading ConfigMgr.manifest.cab"

Download-File $manifestturl "$($path)ConfigMgr.Manifest.cab"

Write-Verbose "Decompressing ConfigMgr.manifest.cab"

$destFolder = $((new-object -com Shell.Application).NameSpace($tempdir))

$destFolder.CopyHere((new-object -com Shell.Application).NameSpace("$($path)ConfigMgr.Manifest.cab").items())

[xml]$configManifest = gc "$($tempdir)ConfigMgr.Manifest.xml"

#process the ConfigMgr.Manifest.xml

$manifest = $configManifest.SCCM2007.Group | % { $_.File } | % {

$obj = New-Object PSObject

$obj | Add-Member NoteProperty "URL" $_.Source

$obj | Add-Member NoteProperty "File" $_.CopyName

$obj | Add-Member NoteProperty "MD5" $_.MD5

Write $obj

}

$manifest | foreach-object -begin {clear-host;$i = 0} `

-process {

Download-File $_.URL "$($path)$($_.File)" ; `

$i = $i + 1;`

write-progress -activity "Downloading ConfigMgr Prerequisits" `

-status "Progress:" -currentOperation $_.file -percentcomplete ($i / $manifest.count * 100) `

} `

-end {

if ((((ls 'C:SCCM_UPDATES').count) - 1) -eq $manifest.count){

Write-Host "Operation Completed Successfully $i out of $($manifest.count) Downloaded."

} else {

Write-error "ERROR only $i out of $($manifest.count) Successfully downloaded."

}

get-sccmprereq 'C:SCCM_UPDATES' -verbose

~ Glenn

VMware Tools on Server Core

2019-04-022008-07-13 by Glenn

If you’ve used Server Core, Then you have undoubtedly run into an application. Which has a dependency on the managed code that was removed. One such application is VMware tools, contrary to popular belief. These tools do more than just make the mouse smoother. The critical components are the drivers they deliver. Have no fear though… There is no GUI, or Html help file, but the tools work great!

http://get-admin.com/blog/wp-content/uploads/2008/07/installvmtoolsonservercore.swf

Hopefully the next version will install a little cleaner.

~Glenn

I am aware that this has been blogged about before, but who wants to read three pages of step by step instructions?… when you could just watch a 90 sec clip 🙂

VMworld 2008 BABY!!

2015-12-212008-07-12 by Glenn

I love my Job!!! I’m currently involved in our virtualization initiative… Were still in the crawling stage eight ESX hosts in two DRS clusters. In the traditional admin mantra we’ve rebuilt our whole infrastructure four or five times. After reading white papers till 2am, and tearing my hair out over configuration mistakes (Google ESX partition offset). My boss decided to just send us to VMworld!

Snoopy Dance!!!

~Glenn

XML vs CSV

2015-12-212008-07-11 by Glenn

Okay, so I know what .Net is, but how was I supposed to know it was this powerful. For anyone who has every worked with xml in VBScript… I feel your pain. With that knowledge of the headache, that was the “Msxml2.DOMDocument” com object. I have avoided XML like the plague. Problem is I was completely oblivious to what “.Net support” really meant! I have several projects at work where I use PowerShell to “interact” with REST based web services. Not wanting to take that XML dive, I requested “PowerShell hooks”, and was obliged.

When our programmers asked me, what I wanted returned? I told them to give me a CSV in the format of a custom PS Object. At the time, this seemed a no brainier. Not only do I not have to worry about WSDL/ADO/XML, but also the data would stay objectized.

It worked GREAT that was until I started to manipulate large data sets. Then my simple system fell apart. Downloading and saving that CSV file, before I could import that data. Was simply too much, and was drastically degrading performance. Therefore, I asked the question on the PowerShell community forums about optimizing such a task. The response I got lead me to crack open Bruce’s PowerShell in Action. Low and behold, where has .Net been all my life!

Posted By bsonposh on 07/06/2008 10:51 AM
Actually… the *-clixml are meant for serializing and deserializing objects. Import-cliXML expects a VERY specific format.

If you want to “import” XML you can just type it
[XML]$myxml = < some data >

That is it… Just by type casting your object with [xml] the .net framework does the rest. Not only is it easier then my custom CSV’s but its twice as fast!

~Glenn Sizemore