Automation

 View Only
  • 1.  Script for PCI compliance - unable to get working

    Posted Aug 21, 2017 06:18 PM

    I've been working on the below script for around five hours and attempting to get it to work to no avail.  Any assistance would be greatly appreciated!

    The script begins to fail at line 126 then 129 and so on.  This would save us so much time in our audit.



  • 2.  RE: Script for PCI compliance - unable to get working

    Posted Aug 21, 2017 06:28 PM

    It would help if you showed us the errors you are getting



  • 3.  RE: Script for PCI compliance - unable to get working

    Posted Aug 21, 2017 06:54 PM

    Attached.



  • 4.  RE: Script for PCI compliance - unable to get working

    Posted Aug 21, 2017 07:45 PM

    These lines

    # List UserVars.ESXiShellInteractiveTimeOut for each host

    Get-VMHost | Select Name, @{N="UserVars.ESXiShellInteractiveTimeOut";E={$_ | Get-AdvancedSetting UserVars.ESXiShellInteractiveTimeOut | Select -ExpandProperty Values}}"

    # List UserVars.ESXiShellTimeOut for each host

    Get-VMHost | Select Name, @{N="UserVars.ESXiShellTimeOut";E={$_ | Get-VMHostAdvancedConfiguration UserVars.ESXiShellTimeOut | Select -ExpandProperty Values}}"

    should be (without the double quotes at the end)

    # List UserVars.ESXiShellInteractiveTimeOut for each host

    Get-VMHost | Select Name, @{N="UserVars.ESXiShellInteractiveTimeOut";E={$_ | Get-AdvancedSetting UserVars.ESXiShellInteractiveTimeOut | Select -ExpandProperty Values}}

    # List UserVars.ESXiShellTimeOut for each host

    Get-VMHost | Select Name, @{N="UserVars.ESXiShellTimeOut";E={$_ | Get-VMHostAdvancedConfiguration UserVars.ESXiShellTimeOut | Select -ExpandProperty Values}}



  • 5.  RE: Script for PCI compliance - unable to get working

    Posted Aug 22, 2017 04:02 PM

    Thank you very much LucD.  It appears the get-esxcli functionality has been deprecated?  My script fails beginning here.  I am getting errors from this point forward.  Would have you have a suggestion to resolve this?  Your assistance is appreciated. 

    Everything fails beginning with this line:

    # List all user accounts on the Host -Host Local connection required-

    Get-VMHost | Get-VMHostAccount

    # List UserVars.ESXiShellInteractiveTimeOut for each host

    Get-VMHost | Select Name, @{N="UserVars.ESXiShellInteractiveTimeOut";E={$_ | Get-AdvancedSetting -Name UserVars.ESXiShellInteractiveTimeOut | Select -ExpandProperty Values}}

    # List UserVars.ESXiShellTimeOut for each host

    Get-VMHost | Select Name, @{N="UserVars.ESXiShellTimeOut";E={$_ | Get-AdvancedSetting -Name UserVars.ESXiShellTimeOut | Select -ExpandProperty Values}}

    # List Iscsi Initiator and CHAP Name if defined

    #Get-VMHost | Get-VMHostHba | Where {$_.Type -eq "Iscsi"} | Select VMHost, Device, ChapType, @{N="CHAPName";E={$_.AuthenticationProperties.ChapName}}

    #List the Software AcceptanceLevel for each host

    Foreach ($VMHost in Get-VMHost ) {

    $ESXCli = Get-EsxCli -VMHost $VMHost

    $VMHost | Select Name, @{N="AcceptanceLevel";E={$ESXCli.software.acceptance.get()}}

    }

    # List only the vibs which are not at "VMwareCertified" acceptance level

    Foreach ($VMHost in Get-VMHost ) {

    $ESXCli = Get-EsxCli -VMHost $VMHost

    $ESXCli.software.vib.list() | Where { $_.AcceptanceLevel -ne "VMwareCertified" }

    }

    # List the Software AcceptanceLevel for each host

    Foreach ($VMHost in Get-VMHost ) {

    $ESXCli = Get-EsxCli -VMHost $VMHost

    $VMHost | Select Name, @{N="AcceptanceLevel";E={$ESXCli.software.acceptance.get()}}

    }

    # List only the vibs which are not at "VMwareCertified" or "VMwareAccepted" or "PartnerSupported" acceptance level

    Foreach ($VMHost in Get-VMHost ) {

    $ESXCli = Get-EsxCli -VMHost $VMHost

    $ESXCli.software.vib.list() | Where { ($_.AcceptanceLevel -ne "VMwareCertified") -and ($_.AcceptanceLevel -ne "VMwareAccepted") -and ($_.AcceptanceLevel -ne "PartnerSupported") }

    }

    # List Net.DVFilterBindIpAddress for each host

    Get-VMHost | Select Name, @{N="Net.DVFilterBindIpAddress";E={$_ | Get-VMHostAdvancedConfiguration Net.DVFilterBindIpAddress | Select -ExpandProperty Values}}

    # Check the SHA1 has of the download with the following function

    #Function Get-SHA1 {

    #Param (

      #$Filename

    #)

    #begin {

      #[Reflection.Assembly]::LoadWithPartialName("System.Security") | out-null

      #$sha1 = new-Object System.Security.Cryptography.SHA1Managed

    #}

    #Process {

      #$file = [System.IO.File]::Open($filename, "open", "read")

                #$filehash = $sha1.ComputeHash($file) | Foreach {

                    #write-host -NoNewLine $_.ToString("x2")

                #}

                #$file.Dispose()

    #}

    #}

    #Get-SHA1 -Filename "C:\Sources\ESX5.ISO"

    # List the system modules and Signature Info for each host

    Foreach ($VMHost in Get-VMHost ) {

    $ESXCli = Get-EsxCli -VMHost $VMHost

    $ESXCli.system.module.list() | Foreach {

      $ESXCli.system.module.get($_.Name) | Select @{N="VMHost";E={$VMHost}}, Module, License, Modulefile, Version, SignedStatus, SignatureDigest, SignatureFingerPrint

    }

    }

    # List the vCenter Password Expiration Value

    Get-AdvancedSetting -Entity $defaultVIServer -Name "VirtualCenter.VimPasswordExpirationInDays"

    Errors are attached.



  • 6.  RE: Script for PCI compliance - unable to get working

    Posted Aug 22, 2017 04:05 PM

    It all seems to start with the Get-VMHost that times out.
    When you do a Get-VMHost from the prompt, i anything returned?

    Are you connected?

    What is in $global:defaultviservers?



  • 7.  RE: Script for PCI compliance - unable to get working

    Posted Aug 22, 2017 04:36 PM

    Both report back the host I am connected to.



  • 8.  RE: Script for PCI compliance - unable to get working

    Posted Aug 22, 2017 04:51 PM

    Which is strange, since the error you included shows that the Get-VMHost cmdlet times out.

    Are you connected to a vCenter or an ESXi node?



  • 9.  RE: Script for PCI compliance - unable to get working

    Posted Aug 23, 2017 05:20 PM

    I am connected to an esxi host.  I do have to re-connect to the host (close powercli and re-open) to then run the script a second time, third time, etc.  When I try to run a second time I get the attached error.  It doesn't even connect beginning in line1 whereas the first time running it gets through 100 or so lines before it starts erroring.  Is there a finite amount of times get-vmhost can be ran against a host perhaps?



  • 10.  RE: Script for PCI compliance - unable to get working

    Posted Aug 23, 2017 06:50 PM

    Can you try the following?

    • start a fresh PowerCLI prompt
    • connect to the ESXi node
    • do a Get-VMHost

    Does that work?

    And also if you execute the Get-VMHost repeatedly?