Automation

 View Only
Expand all | Collapse all

Software Acceptance Level

  • 1.  Software Acceptance Level

    Posted Oct 23, 2020 03:56 PM

    I'm trying to get the software acceptance level for some hosts and then provide a result

    basicaly the script should collect the info and then compare it unfortunaly it's not working

    $esxcli = Get-ESXCLI -VMHost -V2 -Server

    $generatefile = ForEach($line in $esxcli) {$line.software.acceptance.get()}

    $generatefile | Out-String | ForEach-Object { $_.Trim() } > "$FileHardening\Software_AcceptanceLevel-config.txt"

    $generateerrorfile = foreach($line in (gc "$FileHardening\Software_AcceptanceLevel-config.txt")) {if ($line -like "*PartnerSupported*") {} else {$line}}

    if ($generateerrorfile -eq $Null) {

    Write-Log -FilePath $LogFile -Message "All Hosts have PartnerSupported Software Acceptance" -Level Success

    }

    else{

    Write-Log -FilePath $LogFile -Message "Hosts with wrong Software Acceptance detected" -Level Warning

    Write-Log -FilePath $LogFile -Message "You need to modify them manually" -Level Warning



  • 2.  RE: Software Acceptance Level

    Posted Oct 23, 2020 05:04 PM

    When you use the V2 switch you have to use the Invoke() method.
    Also, the VMHost parameter is mandatory, you have to at least provide an asterisk

    $FileHardening = 'D:\Temp'

    $esxcli = Get-ESXCLI -VMHost * -V2

    $generatefile = ForEach ($line in $esxcli) { $line.software.acceptance.get.Invoke() }

    $generatefile | Out-String | ForEach-Object { $_.Trim() } > "$FileHardening\Software_AcceptanceLevel-config.txt"

    $generateerrorfile = foreach ($line in (Get-Content -Path "$FileHardening\Software_AcceptanceLevel-config.txt")) { if ($line -like "*PartnerSupported*") { } else { $line } }

    if ($generateerrorfile -eq $Null) {

        Write-Log -FilePath $LogFile -Message "All Hosts have PartnerSupported Software Acceptance" -Level Success

    } else {

        Write-Log -FilePath $LogFile -Message "Hosts with wrong Software Acceptance detected" -Level Warning

        Write-Log -FilePath $LogFile -Message "You need to modify them manually" -Level Warning

    }



  • 3.  RE: Software Acceptance Level

    Posted Oct 23, 2020 05:14 PM

    despite that I added this on the top of my script I got the below error message

    Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false

    Get-ESXCLI : 23/10/2020 19:10:40    Get-EsxCli          Could not establish secure channel for SSL/TLS with authority 'vcenter.local'.

    At E:\Hardening_ESXi\Herdening_ESXi.ps1:182 char:11

    + $esxcli = Get-ESXCLI -VMHost * -V2

    +       ~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo      : NotSpecified: (:) [Get-EsxCli], VimException
    + FullyQualifiedErrorId : Core_BaseCmdlet_UnknownError,VMware.VimAutomation.ViCore.Cmdlets.Commands.EsxCli.GetEsxCli


  • 4.  RE: Software Acceptance Level

    Posted Oct 23, 2020 05:25 PM

    That error seems to be saying that it is trying to connect to a vCenter?



  • 5.  RE: Software Acceptance Level

    Posted Oct 23, 2020 06:29 PM

    Yes I'm connected to vcenter and I just tested the script like this and same issue

    $vcenter = Read-Host "vCenter name:"

    $user = Read-Host "User:"

    $password = Read-Host "Password:"

    $FileHardening = 'E:\temp'

    $esxcli = Get-ESXCLI -VMHost * -V2

    $generatefile = ForEach ($line in $esxcli) { $line.software.acceptance.get.Invoke() }

    $generatefile | Out-String | ForEach-Object { $_.Trim() } > "E:\temp\Software_AcceptanceLevel-config.txt"

    $generateerrorfile = foreach ($line in (Get-Content -Path "E:\temp\Software_AcceptanceLevel-config.txt")) { if ($line -like "*PartnerSupported*") { } else { $line } }

    if ($generateerrorfile -eq $Null) {

        Write-Host "All Hosts have PartnerSupported Software Acceptance"

    } else {

        Write-Host "Hosts with wrong Software Acceptance detected"

        Write-Host "You need to modify them manually"

    }

    it works only If I do connect-viserver then I run the script



  • 6.  RE: Software Acceptance Level

    Posted Oct 23, 2020 06:38 PM

    I'm not sure why you want to do the Get-EsxCli this way.

    Can you try like this?

    $FileHardening = 'D:\Temp'

    $esxcli = @()

    Get-VMHost | ForEach-Object -Process {

        $esxcli += Get-ESXCLI -VMHost $_ -V2

    }


    $generatefile = ForEach ($line in $esxcli) { $line.software.acceptance.get.Invoke() }

    $generatefile | Out-String | ForEach-Object { $_.Trim() } > "$FileHardening\Software_AcceptanceLevel-config.txt"

    $generateerrorfile = foreach ($line in (Get-Content -Path "$FileHardening\Software_AcceptanceLevel-config.txt")) { if ($line -like "*PartnerSupported*") { } else { $line } }

    if ($generateerrorfile -eq $Null) {

        Write-Log -FilePath $LogFile -Message "All Hosts have PartnerSupported Software Acceptance" -Level Success

    } else {

        Write-Log -FilePath $LogFile -Message "Hosts with wrong Software Acceptance detected" -Level Warning

        Write-Log -FilePath $LogFile -Message "You need to modify them manually" -Level Warning

    }



  • 7.  RE: Software Acceptance Level

    Posted Oct 23, 2020 07:03 PM

    Thanks it's working fine :smileyhappy:  with just an error related to SSL/TLS

    Just a question it's possible to add the hostname?



  • 8.  RE: Software Acceptance Level

    Posted Oct 23, 2020 08:50 PM

    That TLS error probably indicates that one of the certificates is not correct or that the TLS level on one of the ESXi nodes is not set to the expected level.

    Where do you want to add the hostname?



  • 9.  RE: Software Acceptance Level

    Posted Oct 23, 2020 09:22 PM

    Thanks for the clarification I will check this on a new thread    

    Hostname should be added after acceptance in oder to get information for the host(s) that may have a different Software Acceptance Level



  • 10.  RE: Software Acceptance Level

    Posted Oct 24, 2020 07:59 AM

    Something like this?

    Get-VMHost | ForEach-Object -Process {

        $esxcli = Get-EsxCli -VMHost $_ -V2

        $obj = New-Object -TypeName PSObject -Property @{

            Msg =($esxcli.software.acceptance.get.Invoke()).Trim()

            VMHost = $esxcli.system.hostname.get.Invoke().FullyqualifiedDomainName

        }

        if($obj.Msg -match 'PartnerSupported' ){

            Write-Log -FilePath $LogFile -Message "Host $($obj.VMHost) have PartnerSupported Software Acceptance" -Level Success

        }

        else{

            Write-Log -FilePath $LogFile -Message "Host $($obj.VMHost) with wrong Software Acceptance detected" -Level Warning

            Write-Log -FilePath $LogFile -Message "You need to modify host $($obj.VMHost) them manually" -Level Warning

        }

    }



  • 11.  RE: Software Acceptance Level

    Posted Oct 24, 2020 10:16 AM

    I tested the script like this

    Get-VMHost | ForEach-Object -Process {

        $esxcli = Get-ESXCLI -VMHost $_ -V2

        $obj = New-Object -TypeName PSObject -Property @{

           

            Msg = ($esxcli.software.acceptance.get.Invoke()).Trim()

            VMHost = $esxcli.system.hostname.get.Invoke().FullyqualifiedDomainName

    }

        if($obj.Msg -match 'PartnerSupported' ){

            Write-Log -FilePath $LogFile -Message "Host $($obj.VMHost) have PartnerSupported Software Acceptance" -Level Success

        }

        else{

         if($obj.Msg -match 'VMwareAccepted' ){

            Write-Log -FilePath $LogFile -Message "Host $($obj.VMHost) have VMwareAccepted Software Acceptance" -Level Success

        else{      

            Write-Log -FilePath $LogFile -Message "Host $($obj.VMHost) have VMwareCertified Software Acceptance" -Level Success

        }

    }

    }

    }

    I got the below error :

    You cannot call a method on a null-valued expression.

    At X:\script.ps1:172 char:5

    +     $obj = New-Object -TypeName PSObject -Property @{

    +     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        + CategoryInfo          : InvalidOperation: (:) [], RuntimeException

        + FullyQualifiedErrorId : InvokeMethodOnNull



  • 12.  RE: Software Acceptance Level

    Posted Oct 24, 2020 10:35 AM

    I suspect that the Get-EsxCli cmdlets for one or more of the ESXi nodes fails.
    This is probably related to the SSL error you were getting.

    Try adding a try-catch

    Get-VMHost | ForEach-Object -Process {

        try{

            $esxcli = Get-EsxCli -VMHost $_ -V2

            $obj = New-Object -TypeName PSObject -Property @{

                Msg =($esxcli.software.acceptance.get.Invoke()).Trim()

                VMHost = $esxcli.system.hostname.get.Invoke().FullyqualifiedDomainName

            }

            if($obj.Msg -match 'PartnerSupported' ){

                Write-Log -FilePath $LogFile -Message "Host $($obj.VMHost) have PartnerSupported Software Acceptance" -Level Success

            }

            else{

                Write-Log -FilePath $LogFile -Message "Host $($obj.VMHost) with wrong Software Acceptance detected" -Level Warning

                Write-Log -FilePath $LogFile -Message "You need to modify host $($obj.VMHost) them manually" -Level Warning

            }

        }

        catch{

            $error[0]

        }

    }



  • 13.  RE: Software Acceptance Level

    Posted Oct 24, 2020 10:47 AM

    Thanks, you just put me on a track, the server had a restart message, I will test once started



  • 14.  RE: Software Acceptance Level

    Posted Oct 24, 2020 11:11 AM

    Server rebooted same issue, checked with another vCenter also same issue

    I guess you are right regarding the error message related to SSL/TLS

    can we work with Get-Cluster | Get-VMHost -PipelineVariable esx instead of using $esxcli and obtain the same result?



  • 15.  RE: Software Acceptance Level

    Posted Oct 24, 2020 11:21 AM

    I'm afraid not.
    That information can only be retrieved via an esxcli command.



  • 16.  RE: Software Acceptance Level

    Posted Oct 24, 2020 11:29 AM

    Thanks for confirmation :smileyhappy:

    finally, even the error message appears, the script is running. on a test vcenter there is just 1 single server which does not report information.

    is that possible the information of the total number of ESXs checked in the vCenter, so that I can make the comparisons with the inventory of ESXs



  • 17.  RE: Software Acceptance Level

    Posted Oct 24, 2020 11:38 AM

    You could add a counter.

    $esx = Get-VMHost

    $failed = 0

    $esx | ForEach-Object -Process {

        try{

            $esxcli = Get-EsxCli -VMHost $_ -V2

            $obj = New-Object -TypeName PSObject -Property @{

                Msg =($esxcli.software.acceptance.get.Invoke()).Trim()

                VMHost = $esxcli.system.hostname.get.Invoke().FullyqualifiedDomainName

            }

            if($obj.Msg -match 'PartnerSupported' ){

                Write-Log -FilePath $LogFile -Message "Host $($obj.VMHost) have PartnerSupported Software Acceptance" -Level Success

            }

            else{

                Write-Log -FilePath $LogFile -Message "Host $($obj.VMHost) with wrong Software Acceptance detected" -Level Warning

                Write-Log -FilePath $LogFile -Message "You need to modify host $($obj.VMHost) them manually" -Level Warning

            }

        }

        catch{

            $error[0]

            $failed++

        }

    }

    Write-Host "$failed/$($esx.Count) failed"



  • 18.  RE: Software Acceptance Level

    Posted Oct 24, 2020 12:09 PM

    I tried also to get the failed Host by using $($obj.VMHost)  but it didn't provide a good result



  • 19.  RE: Software Acceptance Level
    Best Answer

    Posted Oct 24, 2020 12:48 PM

    You can't use that $obj since it hasn't been created yet when you hit the catch-block.

    You could do something like this

    $vmhosts = Get-VMHost

    $failed = 0

    foreach($esx in $vmhosts){

        try{

            $esxcli = Get-EsxCli -VMHost $esx -V2

            $obj = New-Object -TypeName PSObject -Property @{

                Msg =($esxcli.software.acceptance.get.Invoke()).Trim()

                VMHost = $esx.Name

            }

            if($obj.Msg -match 'PartnerSupported' ){

                Write-Log -FilePath $LogFile -Message "Host $($obj.VMHost) have PartnerSupported Software Acceptance" -Level Success

            }

            else{

                Write-Log -FilePath $LogFile -Message "Host $($obj.VMHost) with wrong Software Acceptance detected" -Level Warning

                Write-Log -FilePath $LogFile -Message "You need to modify host $($obj.VMHost) them manually" -Level Warning

            }

        }

        catch{

            $error[0]

            $failed++

            Write-Host "Error for $($esx.Name)"

        }

    }

    Write-Host "$failed/$($vmhosts.Count) failed"



  • 20.  RE: Software Acceptance Level

    Posted Oct 24, 2020 01:05 PM

    Thank you very much, it's perfect as a result :smileyhappy: :smileyhappy: