The vCenter Server 6.7 Update 3a release addresses the following critical issues for the VMware vCenter Server Appliance:
- Fix to address vCSA SSH backup MITM issue – Now you can enforce strict certificate validation for file-based backup and restore operations by including the root CA certificate in all file transfers. For more information, see VMware knowledge base article 75156.
- Fix for vSAN UI does not appear in vSphere Client after upgrade to 6.7 Update 3
- Fix for the following convergence issues :
- Convergence, domain repointing and fresh installation of a vCenter Server Appliance with an embedded Platform Services Controller connected in Embedded Linked Mode might fail with error
- Convergence of a vCenter Server instance with an external Platform Services Controller to a vCenter Server instance with an embedded Platform Services Controller fails with error
The following important CVE fixes in the vCenter Server Appliance:
1.) [CVE-2018-14682, CVE-2018-14681]: libmspack
2.) [CVE-2018-20843] package: expat branch :1.0
3.) [CVE-2019-12900]: bzip2
4.) [CVE-2019-13117, CVE-2019-13118]: libxslt
5.) [CVE-2019-13232] package: unzip branch :1.0
6.) [CVE-2019-13638] package: patch branch :1.0
7.) [CVE-2019-15902, CVE-2016-10905, CVE-2019-10638]: linux
Documentation and Links
– ESXi Product Patches
– Photon OS Security Patches
– vCenter Server 6.7 U3a Release Notes
The vCenter Server 6.5 Update 3d release addresses the following critical issue for the VMware vCenter Server Appliance:
Fix to address vCSA SSH backup MITM issue – Now you can enforce strict certificate validation for file-based backup and restore operations by including the root CA certificate in all file transfers. For more information, see VMware knowledge base article 75156.
Continue reading “Announcing General Availability of VMware vCenter Server 6.5 U3d”
As part of our planned upgrade to vSphere 6.7, we needed the ability to quickly scan the various vCenter Servers for host profiles that may be configured for version 5.5 or older. According to the vSphere 6.7 Release Notes, if these older host profiles are found, the vCenter pre-upgrade check will fail.
Continue reading “PowerCLI: Find Host Profiles and Versions in vCenter”
Hello again, everyone! For my fifth post for this year’s #BlogtoberTech challenge, I decided to share a script I recently wrote that seeks out virtual machines in a vSphere environment based on a specific virtual hardware version. This sort of ties in with the BIOS and UEFI scripts I wrote earlier in the year to seek out VMs that may still be open to the Spectre/Meltdown vulnerabilities (virtual hardware version 8 or older). Or perhaps someone wants to seek out VMs that may be good candidates to enable Secure Boot (virtual hardware 13 or newer with EFI boot firmware configured).
In the initial version of this script, I ask the user to pick the vCenter to connect to, the datacenter object to scan, and then the virtual hardware version to seek out. If VMs of virtual hardware n are found, the user has the option of exporting the results to a CSV file. Otherwise, a dialog box will appear (via Out-GridView) that shows the results of the can. If, however, no VMs with a specified virtual hardware version are found, it will simply let the user know that “No VMs with virtual hardware n were found.”
As usual, the latest version of this script can be found over on my GitHub page, but here’s the script as it was written at the time of this post:
Continue reading “PowerCLI: Find VMs Based on Virtual Hardware Version”
Hey everyone! I wanted to spread the word about my upcoming presentation at the Central PA VMUG on Thursday, November 1st in State College! Last year, I spoke at the Pittsburgh VMUG on the topic of PowerCLI and my journey into scripting. This year, I plan on revisiting that presentation with several new updates and maybe even do live demo (assuming I can get my home lab completely set up and configured in time)! Plus, I’m looking forward to catching up with the Central PA VMUG crew as well as meeting many others in the #vCommunity!
For those who may not know, October 2017 was my first time ever presenting at a local VMUG meeting. In fact, I wasn’t really engaged in the VMware Community all that much until about April 2017, when I started my blog and began using Twitter a lot more. Sure, I’ve been using VMware’s products and services since about 2010, but the only real ‘engagement’ I’ve done in the community was attend the occasional VMUG or UserCon.
Continue reading “My Upcoming Central PA VMUG Presentation”
I’ve been wanting to write about my first-ever VMworld experience even before the plane departed from McCarran airport, but I just couldn’t seem to find the time to actually sit down and “put my thoughts to paper” as they say. I can’t believe it’s already been a month since the conference events first kicked off in Las Vegas! The time sure does fly by! But, I at least wanted to share my experience with others who maybe haven’t been to a VMworld conference yet, or who might be going for the first time next year. (Hey, you never know!)
Continue reading “My First VMworld Experience”
This script is an idea that spun off of my previous post, PowerCLI: Find UEFI-Enabled VMs. If you’re preparing to enable Secure Boot in a VMware environment, it may be helpful to identify the VMs that cannot be upgraded. As you might recall, enabling secure boot requires the following:
- VMware vSphere 6.5 or higher
- Virtual hardware version 13 or higher
- VMs need to be configured with EFI boot firmware
Continue reading “PowerCLI: Find BIOS-Enabled VMs”
With all the news regarding the Spectre and Meltdown CPU vulnerabilities over the past several months, there’s been a greater focus to get VMware virtual machines to virtual hardware version 9 or higher, as noted by Andrea Mauro’s post regarding these vulnerabilities. In addition to that, several companies and organizations may be looking to enable Secure Boot, a feature first introduced with vSphere 6.5. However, in order to enable secure boot, the virtual machine needs to be configured with both EFI boot firmware AND be on virtual hardware version 13 or higher.
Continue reading “PowerCLI: Find UEFI-Enabled VMs”
Hello everyone! I want to take this opportunity to let you all know that I’ll actually be presenting at the Western PA VMware User Group meeting on Friday, October 20th! We’re going to meet at Alloy 26 (100 South Commons in Pittsburgh’s North Shore) starting at 11:00 AM. Official registration and full meeting information can be found on the official VMUG page. If you’re a VMware user working or living in the Western Pennsylvania region or surrounding areas, c’mon out and use this opportunity to collaborate and network with other users I’m the VMware community! After all, events like this are put together specifically to get VMware users, administrators, engineers, etc. together to talk about their experience in using VMware products and services.
I will actually be presenting after Kyle Ruddy’s (@kruddy on Twitter) “PowerCLI and vSphere REST APIs: Your Path To Automating All the Things” session. My presentation will cover automation using PowerCLI to manage things like RDM disks, virtual standard switches, NTP settings, and more. You’ll learn how I develop the scripts to simplify repetitive tasks, but also how I use PowerCLI to perform tasks that you may not even be able to do in the GUI! Not only can scripting save time, it can also maintain consistency across within your environment! My goal is to show give you some examples and insight into how you can utilize both PowerShell and PowerCLI to augment the management of your vSphere environment. Continue reading “My Upcoming VMUG Presentation”
I recently built out a new VMware cluster, and in doing so, needed to configure the NTP servers for each host. While this can certainly be done manually, it’s very repetitive and opens up the possibility of missing or misconfigured setting. Fortunately, there’s a way to automate that using PowerCLI!
Now, the way I wrote this script makes it a bit more interactive for the person running it. Typically, you could just define the NTP servers you want to remove, the ones to want to add, and let it run. With this script, it asks the user several questions along the way. Questions like, “What vCenter do you want to connect to?”, “What cluster do you want to scan?”, “Do you want to remove all existing NTP servers? [Y] / [N]”, and so on. There’s also validation included on the responses to the Y/N questions. And at the very end of the script, it checks the NTP services on each host in the cluster. If the NTP service is already running, it will restart the service. If it’s not running, it will start the service. All automatically.
Continue reading “PowerCLI: Add/Remove NTP Servers in a VMware Cluster”