Update SCVMM Agent with Powershell

I just updated our System Center Virtual Machine Manager 2012 R2 Environment to Update Release 7. SCVMM would then report that the SCVMM Managed Computers has an Out-of-Date Agent which need to be upgraded.

It’s possible to do it manually by right clicking on each server and choose “Update Agent” or use this short powershell script to do it on all machines at the same time.

It will Update the Agent on all Managed Servers for you (no restart needed in my case).

 

 

Set or change Owner on a VMM for SCVMM and Azure Pack

Here is a updated script for modifying the owner of a VM, and/or to make it show up in Azure Pack. For a VM that’s been created in VMM to show up in AzurePack, it has to be assigned to a (not part of these scripts) Cloud and a subscription has to be added as owner to the VM (this is done by the scripts below).

Here is the original post: http://www.isolation.se/script-for-importing-existing-vms-into-azure-pack/

And here are the updated scripts:

The script will ask you for a Cloud and list the subscriptions you can choose from, and then ask which VM to set the Owner on.

The difference here is that it will also set the VMM Administrators as an Owner so you can do maintenance tasks on the VM from VMM without modifying ownership back and forth.

And then a second script that will just set the same Owner on all VMs in a cloud. It’s nice when you have a lot of existing VM’s in an environment and would like to assign them to one specific user/subscription in one go.

Both of the script are written to be executed on the VMM Server, though you can probably change the $ENV:COMPUTERNAME to point to your VMM Server and then execute the script remotely.

 

Migrate VMs to another Hostgroup via SCVMM and Powershell

Earlier this week I had a need to move a lot of VM’s from a couple of Hosts to another cluster. And instead of doing it one by one in VMM (Virtual Machine Manager), I wrote a small quick and dirty script that I had not really planned on publishing. Though a customer had a need for that script today, so I figured more people might need it.

Enter the name of the current Host where the VM’s are running.
Enter the name of the destination Hostgroup (seen in VMM). Start script.

The script will calculate the best possible host to move the VM too and then move it there and make it HighAvailable.

I didn’t initially have the sleep line in my script, though I did notice while it was executing that it tried to move too many at the same time (I think the default limit is 2) so some failed. And another issue is that the HostRating may get wrong if its doing a lot of calculations while there are no VMs on the destination host, and then suddenly lots of VMs end up there at the same time. So a sleep should hopefully take care of both those problems at the same time.

 

Automatically generate RDCMan connection files with a script

RDCMan has to be my favorite tool. It’s a free program from Microsoft, where you can store all RemoteDesktop connections to your own servers and to your customers servers. I’m using each day, and I’m probably spending more time in that program than even Web Browsing and Outlook combined.

When I’m building new Private Clouds (datacenters) for customers, we deploy 20+ servers in a short time, and it’s quite a lot of work to add each server manually to RDCMan even though I’m of course using inherit on most settings, so all that needs to be done is add the servername and displayname. Though repetetive!  So, lets use powershell!

RDCman is using a XML file for all the information, which it’s possible to create via powershell. I was lucky and found an almost perfect script done by powershell guru and MVP Jan Egil Ring.

I’ve modified that script a bit to be more in line with what I need, and updated it for RDCman 2.7 (no big deal, the old file worked in 2.7 too).

Version 2.0 of the script released 15/07/2015:

  • Updated for RDCMan 2.7
  • Only including ComputerObjects (no ClusterNames, Cluster Resources etc)
  • Only including Enabled Computer objects
  • Adds Computer Description as Comment
  • Not using a Group. I felt no need for that as there is just one environment in each RDG File
  • Support for Providing a RDGateway Address
  • Changed file name to reflect FQDN of Domain (we have several customers with the same Netbios name)
  • Sort servers alphabetically in the list.

Just run the script on a server with powershell and AD module installed, and it will create a brand new RDG file for you in your profile.
Note that it’s possible to provide a RDGateway Address and if it’s should be enabled by default.

The script gets scrambled when I’m publishing it on my blog, so please download the script from TechNet Gallery here: https://gallery.technet.microsoft.com/scriptcenter/Automatically-generate-da1d502b

Please let me know if you have any issues or suggestions for making the script even better.
Thanks!

 

Set MPIO Policy via PowerShell for Storage Spaces

Here is a small script to set the MPIO Policy via Powershell according to Microsofts Best Practices for Storage Spaces as seen here https://technet.microsoft.com/library/0923b851-eb0a-48ee-bfcb-d584363be668

It will set the Global MPIO policy to Least Block and then change the MPIO Policy for all SSD’s to Round Robin. Though, it’s possible that mpclaim.exe will use a different DiskID from what Powershell/Device Manager is using.
So the script has a built-in feature to adjust the DiskId if needed, though you have to verify and set the value manually before running the script! 

 

Update VMM Agent via PowerShell

PowerShell script to update VMM Agent on all VMM Managed Computers after Update Rollup is installed on VMM Server.

You can find the AgentVersion here: http://social.technet.microsoft.com/wiki/contents/articles/15361.list-of-build-numbers-for-system-center-virtual-machine-manager-vmm.aspx

 

Update AD-Users with new Phone-number and Pager via Powershell

Had a quick question from a customer about how one can automatically update the phone number and pager of a lot of AD users. The customer was changing switchboard and had to add 1 number in front of the current number.  Adding it in the middle of the string is also possible, but slightly more complicated as you have to split the string.

This is possible to do in a few different ways, but I chose the quickest way for me, via Powershell.

End Result:

aduser

 

Updating SCVMM DHCP Server Agent for Update Rollup 3 with Powershell

I’ve been to a couple of customers in the past month who has applied Update Rollup 3 for System Center 2012 R2 Virtual Machine Manager, through WSUS, but didn’t read the fine print.

ur3

So I wrote a quick script to locate all Hyper-V Hosts with the old/incorrect version.

And the next step was obviously, how to update the agent on all the Hyper-V hosts remotely and automatically!
There are a couple of different ways to do this, let me go through a couple of them.

One of the easiest ways is to use Sysinternals PSExec, just run psexec against those servers and execute uninstall of the old and installation of the new agent. In my humble opinion, it’s too much manual work to do it this way with a lot of hosts. So I rather use Powershell.

Looking at the above Powershell example, you almost have a full script for doing the rest.
Have a look at this;

Word of warning, the above script should be considered a “proof of concept” or give you a rough idea of how to do it. I’ve run it once, and it did work so it will hopefully work for you too.

There is a minor problem with the above solution. That script will do something called a “double hop”. It’s when you run something on Computer A, which gets executed on Computer B which in turn tries to connect to Computer C and use the credentials provided in A. Two hops, aka double hop.
In the above script, it’s when it’s accessing the install files from a remote share.
And to solve that problem you have to enable something you might have heard about, called Kerberos Constraint Delegation on all Hyper-V hosts (or other servers you want to double hop via).
In most environments KCD is not enabled, so the above script would not work to 100%. In fact, the uninstall would work, but not the installation so would will end up with a server that’s missing the DHCP Agent.
In case you ran the script without reading this part or before adding KCD, I added a small safeguard against that by doing a Test-Path before uninstalling the agent which probably told you it failed.

My good friend and college Mikael Nyström wrote a great blog post here recently on how to rather utilize CredSSP instead of using KCD for tasks like this.

And here is a slightly modified script using CredSSP instead of KCD.

Word of warning, the above script should be considered a “proof of concept” or give you a rough idea of how to do it. I’ve run it once, and it did break anything in that environment, so it might work for you too.

Basically, the script will enable CredSSP on the computer you run it on, and allow the credentials to be used on all remote servers that’s part of your domain. It will then connect to all Hyper-V hosts known by SCVMM and enable those as Credential Receivers.
Following that part, it will once again connect to those servers and check if the SCVMM DHCP Agent is outdated and if it’s able to connect to the install location (SCVMM Servers C$ Share).
I made sure it verifies that it can connect to the install location before uninstalling the Agent. Because in case it can’t connect to SCVMM Server, I would rather have an old DHCP Agent, than no agent at all.
And finally, it’s uninstalling the old agent and installing the new one.
Done!

It’s also possible to use SCVMM’s Job function to schedule a job to be executed on all Hosts. But I’ll cover that in some future post.

Azure Pack: Add a new user to a plan automatically

Update: It looks like SMA is not executing the script when a new Tenant is created, but rather when a subscription is added to the user.
Trying to get it confirmed from Microsoft if that is a bug that’s been introduced in one of the latest updates. See comments for more details.

Problem: When a new employee for TrueSec (our company) is logging into Azure Pack he has to be added to the “Tenants – TrueSec Employees” plan manually.

Solution: One way is to add a “signup code” to the plan and tell new employees to manually join the plan with that specific code. It could work, but does not feel like the most optimal solution.

The desired way would be if all new employees could be added to that plan automatically. Is that possible?
– Of course it is, with the help of SMA! Let me show one way to do this.

Pre-Requisits: Connection Asset, SMA Runbook, Link Runbook to a tasma_asset1sk.

In my case, I’m using the MgmtSvcAdmin asset which looks like this. But you can also create other types of Connections with working credentials. Just notice that you have to enter the name of the Admin Site server in the Asset, as the script will use that info. And the useraccount specified obviously need access to use the Admin site (to modify the subscriptions).

Add a new Runbook with the script below. In my case, I’m using ADFS to connect to the Admin site, so the script has to generate a ADFS token first.
if you are not using ADFS, you will have to modify the script to use a normal Windows authentication. It’s the most common way to authenticate, so there shouldn’t be any problems finding example code for.

Though, please note that the script is currently matching the new users e-mail address to (in our case) @truesec.com or @truesec.se. If you don’t use ADFS, it’s possible for a user to type any name they want during registration and then possibly get added to a plan they should not have access too.

And finally, add a new Automation Task, you do that under Clouds -> Automation.
Object: SPF Tenant
Action: Create
Runbook: New-Tenant

The script:

I hope this helps you automating things in your environment. If you can think of any other great usages for SMA or have need for automating something. Please make a comment, maybe I’ll be able to assist.

Azure Pack: SMA Script to set a Static MAC Address for New Virtual NICs

When a user is using AzurePack to add additional Virtual Network Adapters to a Virtual Machine, they end up with a Dynamic MAC Address. This is regardless of what the settings are in the VM Template that were used to create the VM. The NIC(s) created at deployment of the VM, will honor the setting in the Template. It’s just when additional NICs are added this happens.

vmnic1

We have had some issues with VM’s using Dynamic MAC Addresses, where they got a new MAC Address after migrating to another host, resulting in Linux machines being unhappy and som other servers getting new DHCP Addresses.

I figured that this could be an excellent task to get more familiar with SMA and use that cool feature of Azure Pack. So I made a script which will execute when a new Network Adapter is added to a VM through AzurePack, and will set the MAC Address to a Static entry and let SCVMM pick one from the pool.

You will need to create a new Runbook called New-NetworkAdapter with tag SPF, and paste the above code into that runbook.

sma1And also add a SMA Connection Asset, with credentials for connecting to SCVMM.
Name the connection VmmConnection. The script will look for a connection object called VmmConnection, use that Username + Password to connect to the SCVMM Server specified in the same connection object.
vmm1

And finally, create an Automated Task of this information. sma2

Please let me know if you find this useful, if you have any issues or suggestions on how to improve my script.