Using SCCM CMPivot

With the release of SCCM current branch 1806 there is a lot of new features. One feature I really like is CMPivot as this gives real-time results from queries instead of doing SCCM SQL query which will only have information from the last inventory scan from the SCCM agent. This is very helpful if you want to run real-time queries on devices to check for services status, installed software, OS information and more.

There are some prerequisites for using CMPivot:

SCCM must be up to 1806 or higher
The Configuration Manager administrator needs the Read permission on the SMS Scripts object, and the Run Scripts permission on the Collection object. The Scripts Runner role has these permissions.
SCCM clients must be running the 1806 agent or higher
To gather data for the following entities, target clients require PowerShell version 5.0:
- Administrators
- Connection
- IPConfig
- SMBConfig

To launch CMPivot open the SCCM console and go to device collections. Select the collection you want to query. CMP1

Once you open CMPivot you will get the welcome screen this will give information on how to run queries and the different object and functions that can be queried. CMP2

I will just be doing a basic query to check for a specific service. Highlight the entities you want to query and select insert. If you run the queries with just service it will return all services from every device in the collection. CMP3

Use the where operator to filter results to only what is required. Just put in a pipe | and add where then CMPivot will present the list of available entities. CMP4

Below I’m looking for all servers that have WinRM service this can be changed to any service that needs to be queried. CMP5

We can also combine queries to get list of devices that have a service installed but the service is not running. This can be usefully if you need to troubleshoot an application issue on multiple devices that might require a certain services. I used to use script to check this type issue but CMPivot is a lot easier and all the result are returned directly back to the CMPivot console. CMP6

Once the query is completed there are some other options that can be run.

Create a collection based on the devices returned from the query
Pivot to: This can be used to look up other info on a selected device
Remote Control for the selected device
Open the Resource Explorer for the selected device
Export list of devices to a CSV or clipboard

CMP7

Run script is the only task that can be run on single or multiple devices. CMP8

Another use for CMPivot is querying a specific file. A version number can added to the query. A good use case for this is if there is an application upgrade and the version number of the file changes this can be used to find devices that have not been upgraded successfully. CMP9

VMware 6.5 Migrate From vSS To vDS

Migrating from standard vSwitches to distributed vSwitches has a lot of advantages. I have listed a few below.

Central management for all host in the vDS
Uniform configuration for all hosts
Easily add new port groups

The one major disadvanatage is if vCenter is down you cannot manage the vDS.

To use vDS you will need to have Enterprise or Enterprise Plus VMware licences.

To migrated from vSS to vDS go to networking in the VMware web client and right-click on vCenter server and go to distributed switch.

VDS1

Give the vDS a suitable name

VDS2

Select the version of ESXi you have in production if you select a newer version than you have running in vCenter the host will show as incompatible VDS3

The defualt number of uplinks is 4. I only had two uplinks so I changed this to two. VDS4 VDS5

After the vSwitch has been created I usually add a port group for management and vMotion VMkernel networks.

To migrated from the standard switch right-click on the vDS and go to Add and Manage Hosts.

VDS7

Select add hosts. VDS8

Select the host that you want to add to the vDS VDS9

The next page is where you manage the physical uplinks. Click assign uplinks and assign to the vDS. VDS10

Next we can migrate the VMkernel adapters. I only have a management network but this is the same process if you have vMotion or any other VMkernel adapter. Click assign port group and select the relevant port group in my case it was dv_Managment. VDS11

Last step is to migrate VM’s. If you have multiple networks / port groups you migrated each individual VM to its own port group I only have one so I assigned each VM to the same port group. VDS12

VDS13

Once the task have completed you should now see the Host and VM’s running on the new port group. VDS14 VDS15

Deploy Multiple VM’s using PowerCLI and VMware Template

I wanted to create a few different VM’s so I can test a VMware daily report script. This can be done using deploy VM from template using the vSphere web client but this can take a long time.

I decided to write a quick PowerShell script to deploy the VM’s use PowerCLI and a CSV file. First we need to get the template that are available in vCenter server.

Connect to to vCenters server using PowerCLI and then run Get-Template to list all templates and then copy the name of the template. This will be added to the csv file.

This image has an empty alt attribute; its file name is image-82.png

Since I am going to be using a csv file to create the VM’s this needs to be created with headings that will be called in the script.

Below are the heading I used in the csv, these can either be used as is or the script can be updated using different headings.

Name

Datastore

Template

Cluster

Below is the completed csv file I will be using.

Below is the script I used you just need to update the $vms variable with the path that has the csv file.

$vms = Import-Csv -Path D:\Scripts\VMware\Deploy_VMs\Deploy_VMs.csv
foreach ($vm in $vms) {
Write-Warning "Creating $($vm.Name) in $($vm.cluster)"
New-VM -Name $vm.Name -Datastore $vm.Datastore -Template $vm.Template  -ResourcePool $vm.Cluster
}

To confirm the VM’s are being created we can check vCenter Server for running tasks.

The deployment can take awhile depending on the size of the template.

I then used the below command to get the list of VM’s and their datastores just to confirm all VM’s have been created and are in the correct datastore.

Get-VM -Name LAB-Linux* | Select Name,@{N="Datastore";E={(Get-Datastore -Id $_.DatastoreIdList)}}

This is just a quick example of deploying a VM using a template

OVF parameter chunkSize with value “XXXXXXXXXX” error in vCenter Server 6.5

I was trying to deploy some of my old Linux ovf but I was getting an error about ovf chunkSize.

OVF3

I had a quick look and found this VMware KB and the error is due to VMware no longer supporting ChunkSize in vSphere 6.5. To fix this issue I had to extract the ovf, I used 7-zip.

OVF4

If there are multiple disks you may have to combine them using command like the below.

copy /b vmName-disk1.vmdk.000000 + vmName-disk1.vmdk.000001 + ….. + <until the last fragment> vmName-disk1.vmdk

I only had one disk so I used the below.

copy /b Linux-VM-disk1.vmdk.000000000 Linux-VM-disk1.vmdk

OVF6

Once the file copy command has completed I needed to edit the Linux-VM.ovf file to remove the ChunkSize. I used Notepad ++ to edit this. You can search for chunksize.

OVF8

Below is the updated ovf file with the ChunkSize removed.

OVF9

After making the change I tried to import the ovf again. To import use the individual files.

OVF10

I then got a new error.

OVF11

This was due to the manifest file the Linux-vm.mf not matching the updated ovf file. To get the filehash run the below command in Powershell. The hash has to be in lower case so use the .tolower to convert the response to lower case.

(Get-FileHash .\Linux-vm.ovf -Algorithm SHA1).hash.tolower()

OVF12

I then had to edit the Linux-vm.mf file.

OVF13

Change the SHA1 Linux-VM.OVF file hash, To the new hash that has been export from PowerShell.

OVF14

Below if the updated .mf file.

OVF16

After this I was then able to complete the OVF import.

OVF15

Once Imported we can then export the file to an OVA again so that it can be imported when needed.

How to Join vCSA 6.5 to an Windows AD Domain

To give access to single sign-on for Windows Active Directory users the Platform service controller (PSC) can be added to AD and an identity source can be added.

To join the PSC to an AD domain. Logon to the vCSA and go to Administration DJ1

Once in administration go to Deployment > System Configuration > then select the nodes since I am using an embedded PSC and vCenter there is only one Node. DJ4

Enter Domain details and username password. DJ6

After the domain join has completed a reboot will be required to complete the domain join.

DJ7

The domain should now show and the Join tab will be grayed out. DJ8

To add permission for the new domain user go to Administration > Single Sign-on and add the domain as an Identity Sources DJ2

Once click add identity source go to AD windows authentication DJ3

The domain name should be already populated and I used the machine account. DJ9

DJ10

Once completed the identity source should show. DJ11

To add a group to the global permissions go to Administration > Access Control > Global permissions > Manage. DJ12

Select the domain and account to add. DJ15

Select role to assign. DJ13

The group or user should know show in the Global Permissions. DJ14

Installing and configuring vCSA 6.5

VMware are moving away from using Windows vCenter server to only using the vCenter Server Appliance as this give simpler management, lower licensing cost and it integrates VMware update manager (VUM) as part of the appliance. You can still currently download a Windows vCenter server but this is being deprecated and will be removed in the next major release after 6.7. To deploy the vCSA requires the ISO to be downloaded and for the device that will launch the install to have network connectivity with the ESXi host that will run vCenter appliance.

The system requirements for my deployment which is the tiny version is

Disk: 120GB
Memory: 8GB
2 vCPU

A Tiny Environment can have up to 10 Hosts, 100 Virtual Machines.

Link to download the vCSA is below.

https://my.vmware.com/web/vmware/details?productId=614&downloadGroup=VC65U2C

To deploy the vCSA mount or extract the ISO for 6.5. Go to drive letter for the mounted ISO or the extracted folder and then in to vcsa-ui-installer\win32\ and run the installer.exe.

VC1

Select install VC2

Click next on stage 1 screen, Accept the licence agreement and click next.

Since this is a lab I just went with an embedded PSC and vCenter server. If you want to test enhanced link mode you will need to use an external PSC. VC5

Select the ESXi host that the appliance will be deployed to. VC6

Select the VM name and the root password. VC7

Select the deployment size I went with tiny as I will only have a few nested hosts. VC8

Select the datastore to be used. VC9

Assign VM Network, a static IP address, System name and DNS server. If a FQDN is used for the appliance name and is not registered in DNS the deployment will fail. So make sure it is done before proceeding with the install. VC10

Next screen is just to confirm all settings are correct. VC11

VC12

The deployment should promt to start stage 2 of the deployment.

If the appliance doesn’t show the continue screen you can go to stage 2 of the deployed using the admin page for vCenter

go to https://vCentersystemname5480 or https://vCenterIPAddress:5480 and click on set up vCenter server appliance.

VC13

Set IP settings for the Embedded PSC. VC14

Set the SSO domain and site-name with administrator password. VC15

last page will be to confirm details for embedded PSC VC16

Click finish and the appliance will start to deploy. VC17

Once completed the URL’s to access will be presented on-screen. You can access either the vSphere web client Flash version or HTML5. HTML5 is not full functional in version 6.5 so certain task will need to be run from the Flash client. VC18

The logon will be the account and password that was set on the PSC SSO setup. In my case the logon name is administrator@vsphere.local. To logon to vCenter either go to

https://vCentersystemname or https://vCenterIPAddress

Setting up VMware ESXi LAB

I was rebuilding my VMware lab so though I would document the process. This can be either done using VMware workstation or in my case I used the free version of ESXi. I have a HPE Micro server G10 with 1 250GB SSD and a 2TB HDD with 1 quad-core AMD Opteron processor and 32GB of RAM. I already had ESXi installed on the physical server so this will be creating nested ESXi host and install vCenter for management.

Here is the link to the ESXi 6.5 downlaod page

https://my.vmware.com/en/web/vmware/evalcenter?p=free-esxi6

Once the ISO is downloaded. Logon to the ESXi host using https://hostname/UI or https://IPAddres/UI and create a new virtual machine.

LAB1

Select the version OS ESXi the host will run on and the Guest OS version. LAB2

Add in any additional hardware and on the CPU options set Expose hardware assisted virtualization. LAB4.1

Power On the VM and wait for the ESXi OS to load. LAB5

LAB6

Select the disk for ESXi to be installed on. LAB8

Select language

LAB9

Enter root password.

LAB10

When the OS loads it will have a DHCP address. LAB12

To set a static IP and DNS settings go to configure management network LAB13

Select additional NIC for resilience. LAB14

LAB15

If you want to set a host name there will need to be a DNS address created on the DNS server or it wont resolve when testing. LAB16 LAB17

Once all IP settings are set to test go to test management network to confirm the managment network and DNS is working correctly. LAB18

The last step if the Nested ESXi host are going to run VM’s. The physical ESXi host that will run the Nested ESXi will needed to have two settings change on the vSwitch or the VM’s will only be able to communicate with the ESXi host but not the rest of the network. To allow Communication enable Promiscuous mode and Forged transmits I also generally just enable MAC address changes.

LAB19