SCVMM – Page 2 – A Geeks World

Set or change Owner on a VMM for SCVMM and Azure Pack

Here is a updated script for modifying the owner of a VM, and/or to make it show up in Azure Pack. For a VM that’s been created in VMM to show up in AzurePack, it has to be assigned to a (not part of these scripts) Cloud and a subscription has to be added as owner to the VM (this is done by the scripts below).

Here is the original post: http://www.isolation.se/script-for-importing-existing-vms-into-azure-pack/

And here are the updated scripts:

#####
#
# Set Owner for one specific VM. 
#
$SCVMMSERVER = Get-SCVMMServer -ComputerName $ENV:COMPUTERNAME -ForOnBehalfOf 

$SCCloud = Get-SCCloud -Name (Get-SCCloud | select Name | where Name -notlike "*Tenants*" | Out-GridView -Title "Select Cloud" -PassThru).Name
$SCUser = (Get-SCUserRole | Where-Object Cloud -Match $SCCloud).Name  | Out-GridView -PassThru -Title "Select User" 
$SCAdmin = Get-SCUserRole -Name Administrator
$vmselfserviceuserrole = Get-SCUserRole | Where-Object Cloud -Match $SCCloud | Where-Object Name -Like $SCUser* 
$SCVM = (get-scvirtualmachine ($SCCloud | Get-SCVirtualMachine | select Name, Owner, UserRole | Out-GridView -Title "Select VM" -PassThru).Name)

Set-SCVirtualMachine -VM $SCVM –UserRole $vmselfserviceuserrole –Owner $SCAdmin

#####

# Set Owner for one specific VM.

$SCVMMSERVER = Get-SCVMMServer -ComputerName $ENV:COMPUTERNAME -ForOnBehalfOf

$SCCloud = Get-SCCloud -Name (Get-SCCloud | select Name | where Name -notlike "*Tenants*" | Out-GridView -Title "Select Cloud" -PassThru).Name

$SCUser = (Get-SCUserRole | Where-Object Cloud -Match $SCCloud).Name | Out-GridView -PassThru -Title "Select User"

$SCAdmin = Get-SCUserRole -Name Administrator

$vmselfserviceuserrole = Get-SCUserRole | Where-Object Cloud -Match $SCCloud | Where-Object Name -Like $SCUser*

$SCVM = (get-scvirtualmachine ($SCCloud | Get-SCVirtualMachine | select Name, Owner, UserRole | Out-GridView -Title "Select VM" -PassThru).Name)

Set-SCVirtualMachine -VM $SCVM –UserRole $vmselfserviceuserrole –Owner $SCAdmin

The script will ask you for a Cloud and list the subscriptions you can choose from, and then ask which VM to set the Owner on.

The difference here is that it will also set the VMM Administrators as an Owner so you can do maintenance tasks on the VM from VMM without modifying ownership back and forth.

And then a second script that will just set the same Owner on all VMs in a cloud. It’s nice when you have a lot of existing VM’s in an environment and would like to assign them to one specific user/subscription in one go.

#####
#
# Set same Owner for all VMs in a specific Cloud. 
#
$SCVMMSERVER = Get-SCVMMServer -ComputerName $ENV:COMPUTERNAME -ForOnBehalfOf 

$SCCloud = Get-SCCloud -Name (Get-SCCloud | select Name | where Name -notlike "*Tenants*" | Out-GridView -Title "Select Cloud" -PassThru).Name
$SCUser = (Get-SCUserRole | Where-Object Cloud -Match $SCCloud).Name | Out-GridView -PassThru -Title "Select User" 
$SCAdmin = Get-SCUserRole -Name Administrator
$vmselfserviceuserrole = Get-SCUserRole | Where-Object Cloud -Match $SCCloud | Where-Object Name -Like $SCUser* 
# $SCVM = (get-scvirtualmachine ($SCCloud | Get-SCVirtualMachine | select Name, Owner, UserRole | Out-GridView -Title "Select VM" -PassThru).Name)

Get-SCCloud $SCCloud | Get-SCVirtualMachine | Set-SCVirtualMachine –UserRole $vmselfserviceuserrole –Owner $SCAdmin

#####

# Set same Owner for all VMs in a specific Cloud.

$SCVMMSERVER = Get-SCVMMServer -ComputerName $ENV:COMPUTERNAME -ForOnBehalfOf

$SCCloud = Get-SCCloud -Name (Get-SCCloud | select Name | where Name -notlike "*Tenants*" | Out-GridView -Title "Select Cloud" -PassThru).Name

$SCUser = (Get-SCUserRole | Where-Object Cloud -Match $SCCloud).Name | Out-GridView -PassThru -Title "Select User"

$SCAdmin = Get-SCUserRole -Name Administrator

$vmselfserviceuserrole = Get-SCUserRole | Where-Object Cloud -Match $SCCloud | Where-Object Name -Like $SCUser*

# $SCVM = (get-scvirtualmachine ($SCCloud | Get-SCVirtualMachine | select Name, Owner, UserRole | Out-GridView -Title "Select VM" -PassThru).Name)

Get-SCCloud $SCCloud | Get-SCVirtualMachine | Set-SCVirtualMachine –UserRole $vmselfserviceuserrole –Owner $SCAdmin

Both of the script are written to be executed on the VMM Server, though you can probably change the $ENV:COMPUTERNAME to point to your VMM Server and then execute the script remotely.

Migrate VMs to another Hostgroup via SCVMM and Powershell

Earlier this week I had a need to move a lot of VM’s from a couple of Hosts to another cluster. And instead of doing it one by one in VMM (Virtual Machine Manager), I wrote a small quick and dirty script that I had not really planned on publishing. Though a customer had a need for that script today, so I figured more people might need it.

Enter the name of the current Host where the VM’s are running.
Enter the name of the destination Hostgroup (seen in VMM). Start script.

$VMHost = "FAHOST11"   #Name of current Host where VMs are running 
$HostGroup = "Workload"  #Name Hostgroup of Destination Servers 
$SleepTime = "10"  #Seconds to wait between each move. To give the Move time to complete before next start. Else all server might end up on the same Host. 
 
################
$SCHostGroup = Get-SCVMHostGroup -Name $HostGroup
$VMs = Get-SCVirtualMachine -VMHost $VMHost
 
foreach ($vm in $VMs) {
 
  $BestHost = Get-SCVMHostRating -HighlyAvailable $true -VMHostGroup $SCHostGroup -VM $VM | where VMHost -notlike $VMHost | Sort-Object Rating -Descending | select -first 1 
  Write-Host $vm $BestHost
  Move-SCVirtualMachine -VM $vm -VMHost $BestHost.VMHost -HighlyAvailable $true -RunAsynchronously 
  sleep -Seconds $SleepTime   
}

$VMHost = "FAHOST11" #Name of current Host where VMs are running

$HostGroup = "Workload" #Name Hostgroup of Destination Servers

$SleepTime = "10" #Seconds to wait between each move. To give the Move time to complete before next start. Else all server might end up on the same Host.

################

$SCHostGroup = Get-SCVMHostGroup -Name $HostGroup

$VMs = Get-SCVirtualMachine -VMHost $VMHost

foreach ($vm in $VMs) {

$BestHost = Get-SCVMHostRating -HighlyAvailable $true -VMHostGroup $SCHostGroup -VM $VM | where VMHost -notlike $VMHost | Sort-Object Rating -Descending | select -first 1

Write-Host $vm $BestHost

Move-SCVirtualMachine -VM $vm -VMHost $BestHost.VMHost -HighlyAvailable $true -RunAsynchronously

sleep -Seconds $SleepTime

}

The script will calculate the best possible host to move the VM too and then move it there and make it HighAvailable.

I didn’t initially have the sleep line in my script, though I did notice while it was executing that it tried to move too many at the same time (I think the default limit is 2) so some failed. And another issue is that the HostRating may get wrong if its doing a lot of calculations while there are no VMs on the destination host, and then suddenly lots of VMs end up there at the same time. So a sleep should hopefully take care of both those problems at the same time.

The Interactive Services Detection service terminated with the following error: Incorrect function.

This morning I noticed that one of the Hyper-V Hosts at a customer were logging this error regularly in the system Eventlog;

Error    5/19/2015 7:40:14 AM    Service Control Manager    7023    None
The Interactive Services Detection service terminated with the following error:
Incorrect function.

Error 5/19/2015 7:40:14 AM Service Control Manager 7023 None

The Interactive Services Detection service terminated with the following error:

Incorrect function.

The full detailed entry:

Log Name:      System
Source:        Service Control Manager
Date:          5/19/2015 7:40:14 AM
Event ID:      7023
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      FAHOST03.fabric.xxxxxxxxxx.com
Description:
The Interactive Services Detection service terminated with the following error: 
Incorrect function.
Event Xml:

  
    
    7023
    0
    2
    0
    0
    0x8080000000000000
    
    223591
    
    
    System
    FAHOST03.fabric.xxxxxxxxxx.com
    
  
  
    Interactive Services Detection
    %%1
    5500490030004400650074006500630074000000

Log Name: System

Source: Service Control Manager

Date: 5/19/2015 7:40:14 AM

Event ID: 7023

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: FAHOST03.fabric.xxxxxxxxxx.com

Description:

The Interactive Services Detection service terminated with the following error:

Incorrect function.

Event Xml:

7023

0x8080000000000000

223591

System

FAHOST03.fabric.xxxxxxxxxx.com

Interactive Services Detection

%%1

5500490030004400650074006500630074000000

It looks like the events are happening every 30 minutes, and at the same time as Windows is for some (so far) unknown reason doing a reinstall of a lot of MSI packages, and the above Interactive Service is triggered at the same time as it’s reinstalling the DHCPExt.msi

Log Name:      Application
Source:        MsiInstaller
Date:          5/19/2015 7:40:14 AM
Event ID:      1035
Task Category: None
Level:         Information
Keywords:      Classic
User:          FABRIC\SVC-VMM_ADM
Computer:      FAHOST03.fabric.xxxxxxxxxx.com
Description:
Windows Installer reconfigured the product. Product Name: Microsoft System Center Virtual Machine Manager DHCP Server (x64). Product Version: 3.2.7768.0. Product Language: 1033. Manufacturer: Microsoft Corporation. Reconfiguration success or error status: 0.
Event Xml:

  
    
    1035
    4
    0
    0x80000000000000
    
    223173
    Application
    FAHOST03.fabric.xxxxxxxxxx.com
    
  
  
    Microsoft System Center Virtual Machine Manager DHCP Server (x64)
    3.2.7768.0
    1033
    0
    Microsoft Corporation
    (NULL)
    
    
    7B46434337463337462D463635352D343437352D394130342D3239423142463731444639397D3030303063613232326561376464646365306534303839613538386434636362343261633030303030393034

Log Name: Application

Source: MsiInstaller

Date: 5/19/2015 7:40:14 AM

Event ID: 1035

Task Category: None

Level: Information

Keywords: Classic

User: FABRIC\SVC-VMM_ADM

Computer: FAHOST03.fabric.xxxxxxxxxx.com

Description:

Windows Installer reconfigured the product. Product Name: Microsoft System Center Virtual Machine Manager DHCP Server (x64). Product Version: 3.2.7768.0. Product Language: 1033. Manufacturer: Microsoft Corporation. Reconfiguration success or error status: 0.

Event Xml:

1035

0x80000000000000

223173

Application

FAHOST03.fabric.xxxxxxxxxx.com

Microsoft System Center Virtual Machine Manager DHCP Server (x64)

3.2.7768.0

1033

Microsoft Corporation

(NULL)

7B46434337463337462D463635352D343437352D394130342D3239423142463731444639397D3030303063613232326561376464646365306534303839613538386434636362343261633030303030393034

I can so far unfortunately not find anything that’s logging why Windows is reconfiguring all MSI Packages on the server every 30 minutes.

It does look like it’s the DHCP Server extension that’s causing the Interactive Service errors, as they always happen at the same time. Though, the DHCP Server extension shouldn’t be reconfiguring in the first place.

We always enable the Reliability History on all servers which can be handy at times to see when a problem begun happening.
Check this Out!

It looks like the problem started on April 28 at 8:42 PM.

As the Reliability History tool is disabled by default, I’ll make another blogpost showing how you can enable this feature for all your servers.

When I wanted to see what had happened around April 28th. I noticed that was the oldest entries in the Application log. When the log has become full, it has removed the oldest entries according to the settings.

So I don’t think I’ll get any more details that way, and it does look like this problem has gone on for quite some time.

I’ll just reinstall the Hyper-V Host as it’s done in a few minutes compared to spending hours trying to fix the problem.
AND… I’ll create a Group Policy that will increase the Eventlog Size to x10 the default. So the next time something like this happens, I’ll have information to dig deeper.

Updated 2015-05-19 09:08:

After doing some more digging, it seems according to this KB Article (KB974524 : Event log message indicates that the Windows Installer reconfigured all installed applications) that this problem can happen if one of the following is true:

You have a group policy with a WMIFilter that queries Win32_Product class.
You have an application installed on the machine that queries Win32_Product class.

As the problem is not happening every 90-120 minute which would be true if it was GPO Triggered, I would say it’s an application that uses the Win32_Product class. And after doing some digging, it turns out it’s a known problem with VMM which will be fixed in UR7. Or hopefully earlier with a hotfix.

Updated 2015-05-19 10:12:

Wow, I got a hotfix for the issue within 15 minutes after contacting the VMM Team.
I’ve just installed it in our test environment and will later install it in the customers production environment.

Unfortunately I don’t have a KB or Hotfix ID for this, but if you contact Premier Support I think you can mention that you need a hotfix for Engine.Adhc.Operations.dll which gives support for RegKey: UpdateDHCPExtension
That info should make them able to find the correct hotfix.

Update VMM Agent via PowerShell

PowerShell script to update VMM Agent on all VMM Managed Computers after Update Rollup is installed on VMM Server.

You can find the AgentVersion here: http://social.technet.microsoft.com/wiki/contents/articles/15361.list-of-build-numbers-for-system-center-virtual-machine-manager-vmm.aspx

$credential = Get-SCRunAsAccount -Name "VMMAdminAccount" 
$managedComputer = Get-SCVMMManagedComputer | where -Property VersionState -eq "UpgradeAvailable" 
foreach ($server in $managedComputer) { 
Update-SCVMMManagedComputer -Credential $credential -RunAsynchronously -VMMManagedComputer $server 
 }

$credential = Get-SCRunAsAccount -Name "VMMAdminAccount"

$managedComputer = Get-SCVMMManagedComputer | where -Property VersionState -eq "UpgradeAvailable"

foreach ($server in $managedComputer) {

Update-SCVMMManagedComputer -Credential $credential -RunAsynchronously -VMMManagedComputer $server

}

Unable to Connect to VMM in AzurePack after UR install

After upgrading to Update Release 6 (UR6) we got the same issue as seen in earlier UR’s. It’s not possible to connect to VMM in AzurePack so you can’t see your Virtual Machines, Clouds or Networks.

It turned out that when UR6 gets applied to SPF, the bindings are once again messed up. To fix this, just logon to the server hosting SPF and in IIS check the bindings as seen here;

The SPF Website is not running and you can see two Bindings.
In my case, one has a certificate and the other doesn’t. So I just remove the binding without a certificate. Then start the Website and everything is working as expected again.

In earlier UR’s I’ve also seen how there is no bindings at all listed here. So you may have to create some binding then.

Updating SCVMM DHCP Server Agent for Update Rollup 3 with Powershell

I’ve been to a couple of customers in the past month who has applied Update Rollup 3 for System Center 2012 R2 Virtual Machine Manager, through WSUS, but didn’t read the fine print.

So I wrote a quick script to locate all Hyper-V Hosts with the old/incorrect version.

# List all VM-Hosts with an old version of SCVMM DHCP Extension 
# Currently, the latest version is 3.2.7672.0

# Specify your VMM Server Name
$VMMServer = "VMMServerName"

Invoke-Command -ComputerName (get-scvmhost -VMMServer $VMMServer).Name -Command { 
  (Get-WmiObject -Class win32_product | where {$_.Name -like "Microsoft System Center Virtual Machine Manager DHCP Server*" -and $_.Version -ne 3.2.7672.0} ) 
  }

# List all VM-Hosts with an old version of SCVMM DHCP Extension

# Currently, the latest version is 3.2.7672.0

# Specify your VMM Server Name

$VMMServer = "VMMServerName"

Invoke-Command -ComputerName (get-scvmhost -VMMServer $VMMServer).Name -Command {

(Get-WmiObject -Class win32_product | where {$_.Name -like "Microsoft System Center Virtual Machine Manager DHCP Server*" -and $_.Version -ne 3.2.7672.0} )

}

And the next step was obviously, how to update the agent on all the Hyper-V hosts remotely and automatically!
There are a couple of different ways to do this, let me go through a couple of them.

One of the easiest ways is to use Sysinternals PSExec, just run psexec against those servers and execute uninstall of the old and installation of the new agent. In my humble opinion, it’s too much manual work to do it this way with a lot of hosts. So I rather use Powershell.

Looking at the above Powershell example, you almost have a full script for doing the rest.
Have a look at this;

# Check for old SCVMM DHCP Server Agent, uninstall old version, install new version. 
# Specify your VMM Server Name
$VMMServer = "VMMServerName"

Invoke-Command -ComputerName (get-scvmhost -VMMServer $VMMServer).Name -ArgumentList $VMMServer -ScriptBlock { 
    Param ($VMMServer) 
    $old = (Get-WmiObject -Class win32_product | where {$_.Name -like "Microsoft System Center Virtual Machine Manager DHCP Server*" -and $_.Version -lt "3.2.7672.0"})
    $setup = ("\\"+ $VMMServer +"\c$\Program Files\Microsoft System Center 2012 R2\Virtual Machine Manager\SwExtn\DHCPExtn.msi")
 
    if(Test-Path -PathType Container ("\\" + $VMMServer + "\c$") -Verbose){ 
        Write-Output "$env:ComputerName sucessfully connected to $Setup"

        if (($old.Version).Count -eq 1) {
            $version = $old.version
            $name = $old.Name
             Write-Output "Found old version of $Name $version. Uninstalling it." 
        ((Get-WmiObject -Class win32_product | where {$_.Name -like "Microsoft System Center Virtual Machine Manager DHCP Server*" -and $_.Version -lt "3.2.7672.0"})).Uninstall()

        Write-Output "Done Uninstalling"
        Write-Output "Installing newest version of $Name from SCVMM Server" 
        Start-Process "$setup" /qn -Wait
        }
    else { Write-Output "Couldn't connect to install share, aborting"} 
}
}

# Check for old SCVMM DHCP Server Agent, uninstall old version, install new version.

# Specify your VMM Server Name

$VMMServer = "VMMServerName"

Invoke-Command -ComputerName (get-scvmhost -VMMServer $VMMServer).Name -ArgumentList $VMMServer -ScriptBlock {

Param ($VMMServer)

$old = (Get-WmiObject -Class win32_product | where {$_.Name -like "Microsoft System Center Virtual Machine Manager DHCP Server*" -and $_.Version -lt "3.2.7672.0"})

$setup = ("\\"+ $VMMServer +"\c$\Program Files\Microsoft System Center 2012 R2\Virtual Machine Manager\SwExtn\DHCPExtn.msi")

if(Test-Path -PathType Container ("\\" + $VMMServer + "\c$") -Verbose){

Write-Output "$env:ComputerName sucessfully connected to $Setup"

if (($old.Version).Count -eq 1) {

$version = $old.version

$name = $old.Name

Write-Output "Found old version of $Name $version. Uninstalling it."

((Get-WmiObject -Class win32_product | where {$_.Name -like "Microsoft System Center Virtual Machine Manager DHCP Server*" -and $_.Version -lt "3.2.7672.0"})).Uninstall()

Write-Output "Done Uninstalling"

Write-Output "Installing newest version of $Name from SCVMM Server"

Start-Process "$setup" /qn -Wait

}

else { Write-Output "Couldn't connect to install share, aborting"}

}

Word of warning, the above script should be considered a “proof of concept” or give you a rough idea of how to do it. I’ve run it once, and it did work so it will hopefully work for you too.

There is a minor problem with the above solution. That script will do something called a “double hop”. It’s when you run something on Computer A, which gets executed on Computer B which in turn tries to connect to Computer C and use the credentials provided in A. Two hops, aka double hop.
In the above script, it’s when it’s accessing the install files from a remote share.
And to solve that problem you have to enable something you might have heard about, called Kerberos Constraint Delegation on all Hyper-V hosts (or other servers you want to double hop via).
In most environments KCD is not enabled, so the above script would not work to 100%. In fact, the uninstall would work, but not the installation so would will end up with a server that’s missing the DHCP Agent.
In case you ran the script without reading this part or before adding KCD, I added a small safeguard against that by doing a Test-Path before uninstalling the agent which probably told you it failed.

My good friend and college Mikael Nyström wrote a great blog post here recently on how to rather utilize CredSSP instead of using KCD for tasks like this.

And here is a slightly modified script using CredSSP instead of KCD.

#Set default values

# Specify your VMM Server Name
$VMMServer = "VMMServerName"


$Servers = (get-scvmhost -VMMServer $VMMServer).Name
$InstallPath = "\\" + "$VMMServer" + "\c$"
$FQDN = "$env:USERDNSDOMAIN"
$Cred = Get-Credential -Message "Type your Admin credentials used to connecting to other servers" 


#Set Config for client (where you execute the script) 
Disable-WSManCredSSP -Role Client
Enable-PSRemoting -Force
Enable-WSManCredSSP -Role Client -DelegateComputer ("*."+$FQDN) -Force
Get-WSManCredSSP

#Configure the Servers to accept CredSSP Credentials 
foreach ($Server in $Servers)
{
    Invoke-Command -ComputerName $Server -ScriptBlock {
    Enable-WSManCredSSP -Role Server -Force
    Get-WSManCredSSP
    }
}

#Upgrade old version of agent. 
foreach ($Server in $Servers) {
    $ServerFQDN = $Server
    Invoke-Command -ComputerName $ServerFQDN -Authentication Credssp -EnableNetworkAccess -Credential $Cred -ArgumentList $Server,$InstallPath -ScriptBlock {
    Param ($Server,$InstallPath)
    $old = (Get-WmiObject -Class win32_product | where {$_.Name -like "Microsoft System Center Virtual Machine Manager DHCP Server*" -and $_.Version -lt "3.2.7672.0"})

    if (($old.Version).Count -eq 1) {

       # Verify that we can access C$ on SCVMM Server for installing the agent. 
       if(Test-Path -PathType Container $InstallPath -Verbose){ 
             Write-Output "$Server sucessfully connected to $InstallPath"
             $version = $old.version
             $name = $old.Name
             Write-Output "Found old version of $Name $version. Uninstalling it." 
             ((Get-WmiObject -Class win32_product | where {$_.Name -like "Microsoft System Center Virtual Machine Manager DHCP Server*" -and $_.Version -lt "3.2.7672.0"})).Uninstall() 
             Write-Output "Done Uninstalling"

             Write-Output "Installing newest version of $Name from SCVMM Server" 
             $setup = ($InstallPath +"\Program Files\Microsoft System Center 2012 R2\Virtual Machine Manager\SwExtn\DHCPExtn.msi")
             Start-Process "$setup" /qn -Wait 
        } 
                
        else {
              Write-Output "Unable to connect to Installation Location at $InstallPath" 
              Write-Output "Found old version of $Name $version. But did not uninstall it."         
              }
    }
}
}

#Set default values

# Specify your VMM Server Name

$VMMServer = "VMMServerName"

$Servers = (get-scvmhost -VMMServer $VMMServer).Name

$InstallPath = "\\" + "$VMMServer" + "\c$"

$FQDN = "$env:USERDNSDOMAIN"

$Cred = Get-Credential -Message "Type your Admin credentials used to connecting to other servers"

#Set Config for client (where you execute the script)

Disable-WSManCredSSP -Role Client

Enable-PSRemoting -Force

Enable-WSManCredSSP -Role Client -DelegateComputer ("*."+$FQDN) -Force

Get-WSManCredSSP

#Configure the Servers to accept CredSSP Credentials

foreach ($Server in $Servers)

{

Invoke-Command -ComputerName $Server -ScriptBlock {

Enable-WSManCredSSP -Role Server -Force

Get-WSManCredSSP

}

#Upgrade old version of agent.

foreach ($Server in $Servers) {

$ServerFQDN = $Server

Invoke-Command -ComputerName $ServerFQDN -Authentication Credssp -EnableNetworkAccess -Credential $Cred -ArgumentList $Server,$InstallPath -ScriptBlock {

Param ($Server,$InstallPath)

$old = (Get-WmiObject -Class win32_product | where {$_.Name -like "Microsoft System Center Virtual Machine Manager DHCP Server*" -and $_.Version -lt "3.2.7672.0"})

if (($old.Version).Count -eq 1) {

# Verify that we can access C$ on SCVMM Server for installing the agent.

if(Test-Path -PathType Container $InstallPath -Verbose){

Write-Output "$Server sucessfully connected to $InstallPath"

$version = $old.version

$name = $old.Name

Write-Output "Found old version of $Name $version. Uninstalling it."

((Get-WmiObject -Class win32_product | where {$_.Name -like "Microsoft System Center Virtual Machine Manager DHCP Server*" -and $_.Version -lt "3.2.7672.0"})).Uninstall()

Write-Output "Done Uninstalling"

Write-Output "Installing newest version of $Name from SCVMM Server"

$setup = ($InstallPath +"\Program Files\Microsoft System Center 2012 R2\Virtual Machine Manager\SwExtn\DHCPExtn.msi")

Start-Process "$setup" /qn -Wait

}

else {

Write-Output "Unable to connect to Installation Location at $InstallPath"

Write-Output "Found old version of $Name $version. But did not uninstall it."

}

Word of warning, the above script should be considered a “proof of concept” or give you a rough idea of how to do it. I’ve run it once, and it did break anything in that environment, so it might work for you too.

Basically, the script will enable CredSSP on the computer you run it on, and allow the credentials to be used on all remote servers that’s part of your domain. It will then connect to all Hyper-V hosts known by SCVMM and enable those as Credential Receivers.
Following that part, it will once again connect to those servers and check if the SCVMM DHCP Agent is outdated and if it’s able to connect to the install location (SCVMM Servers C$ Share).
I made sure it verifies that it can connect to the install location before uninstalling the Agent. Because in case it can’t connect to SCVMM Server, I would rather have an old DHCP Agent, than no agent at all.
And finally, it’s uninstalling the old agent and installing the new one.
Done!

It’s also possible to use SCVMM’s Job function to schedule a job to be executed on all Hosts. But I’ll cover that in some future post.

Azure Pack: SMA Script to set a Static MAC Address for New Virtual NICs

When a user is using AzurePack to add additional Virtual Network Adapters to a Virtual Machine, they end up with a Dynamic MAC Address. This is regardless of what the settings are in the VM Template that were used to create the VM. The NIC(s) created at deployment of the VM, will honor the setting in the Template. It’s just when additional NICs are added this happens.

We have had some issues with VM’s using Dynamic MAC Addresses, where they got a new MAC Address after migrating to another host, resulting in Linux machines being unhappy and som other servers getting new DHCP Addresses.

I figured that this could be an excellent task to get more familiar with SMA and use that cool feature of Azure Pack. So I made a script which will execute when a new Network Adapter is added to a VM through AzurePack, and will set the MAC Address to a Static entry and let SCVMM pick one from the pool.

# SMA Runbook script to change VM NIC to Static MAC Address. 

workflow New-NetworkAdapter
{

# Import information in Parameters passed to script.  
param([object]$params) 


# Connection Credentials. Need to exist in SMA Assets as VMMConnection. 
$con = Get-AutomationConnection -Name 'VmmConnection'

$secpasswd = ConvertTo-SecureString $con.Password -AsPlainText -Force
$ruSMAcreds = New-Object System.Management.Automation.PSCredential ($con.username, $secpasswd)

# Execute commands on SCVMM Server. Connect with VMMConnection Credentials 
InlineScript {

    $con=$USING:Con
    $ruSMAcreds=$USING:ruSMAcreds
    $params=$USING:params
    
Invoke-Command -ComputerName $con.computername -Credential $ruSMAcreds -ArgumentList ($params.VMId),$con -ScriptBlock {

 param(
    $VMID,
    $con
    )

# Check if VM is already running, then first try a Shutdown, and else do a power off. 
# The user could have been quick and started the VM before the SMA Job starts. 
$restart = $false
if ((Get-SCVirtualMachine -VMMServer $con.computername -ID $VMID).VirtualMachineState -ne "PowerOff") {
    $restart = $true
    Get-SCVirtualMachine -VMMServer $con.computername -ID $VMID | Stop-SCVirtualMachine -Shutdown 
    }
if ((Get-SCVirtualMachine -VMMServer $con.computername -ID $VMID).VirtualMachineState -ne "PowerOff") {
    $restart = $true
    Get-SCVirtualMachine -VMMServer $con.computername -ID $VMID | Stop-SCVirtualMachine -force
    }

# Change to a Static MAC Address for all NICs on that VM. 
Get-SCVirtualMachine -VMMServer $con.computername -ID $VMID | Get-SCVirtualNetworkAdapter | where {$_.MACAddressType -EQ "Dynamic"} | Set-SCVirtualNetworkAdapter -MACAddressType "Static" 

# Start VM if it was previously running. 
if ($restart -eq "$true") {Get-SCVirtualMachine -VMMServer $con.computername -ID $VMID | Start-SCVirtualMachine } 

  }
 }
}

# SMA Runbook script to change VM NIC to Static MAC Address.

workflow New-NetworkAdapter

{

# Import information in Parameters passed to script.

param([object]$params)

# Connection Credentials. Need to exist in SMA Assets as VMMConnection.

$con = Get-AutomationConnection -Name 'VmmConnection'

$secpasswd = ConvertTo-SecureString $con.Password -AsPlainText -Force

$ruSMAcreds = New-Object System.Management.Automation.PSCredential ($con.username, $secpasswd)

# Execute commands on SCVMM Server. Connect with VMMConnection Credentials

InlineScript {

$con=$USING:Con

$ruSMAcreds=$USING:ruSMAcreds

$params=$USING:params

Invoke-Command -ComputerName $con.computername -Credential $ruSMAcreds -ArgumentList ($params.VMId),$con -ScriptBlock {

param(

$VMID,

$con

)

# Check if VM is already running, then first try a Shutdown, and else do a power off.

# The user could have been quick and started the VM before the SMA Job starts.

$restart = $false

if ((Get-SCVirtualMachine -VMMServer $con.computername -ID $VMID).VirtualMachineState -ne "PowerOff") {

$restart = $true

Get-SCVirtualMachine -VMMServer $con.computername -ID $VMID | Stop-SCVirtualMachine -Shutdown

}

if ((Get-SCVirtualMachine -VMMServer $con.computername -ID $VMID).VirtualMachineState -ne "PowerOff") {

$restart = $true

Get-SCVirtualMachine -VMMServer $con.computername -ID $VMID | Stop-SCVirtualMachine -force

}

# Change to a Static MAC Address for all NICs on that VM.

Get-SCVirtualMachine -VMMServer $con.computername -ID $VMID | Get-SCVirtualNetworkAdapter | where {$_.MACAddressType -EQ "Dynamic"} | Set-SCVirtualNetworkAdapter -MACAddressType "Static"

# Start VM if it was previously running.

if ($restart -eq "$true") {Get-SCVirtualMachine -VMMServer $con.computername -ID $VMID | Start-SCVirtualMachine }

}

You will need to create a new Runbook called New-NetworkAdapter with tag SPF, and paste the above code into that runbook.

And also add a SMA Connection Asset, with credentials for connecting to SCVMM.
Name the connection VmmConnection. The script will look for a connection object called VmmConnection, use that Username + Password to connect to the SCVMM Server specified in the same connection object.

And finally, create an Automated Task of this information.

Please let me know if you find this useful, if you have any issues or suggestions on how to improve my script.

List all VM’s with a Dynamic MAC Address

Short, simple script to list all VM’s which has NIC’s with a Dynamic MAC Address set.

# Get all VM's from Localhost (change to SCVMM Server if running remote) 
$AllVMS = Get-SCVirtualMachine -VMMServer localhost
$DynamicVMs = @()

# For each VM, check Virtual Network Adapters if Mac = Dynamic. 
foreach ($vm in $AllVMS ) {
   $vmnics = $vm | Get-SCVirtualNetworkAdapter
     if ($vmnics.MACAddressType -eq "Dynamic") {     
     $DynamicVMs += $vm.Name
     }
   }

# List all VM's with a Dynamic Mac address. 
$DynamicVMs | Sort-Object
Write-Output "--------"
$DynamicVMs.Count

# Get all VM's from Localhost (change to SCVMM Server if running remote)

$AllVMS = Get-SCVirtualMachine -VMMServer localhost

$DynamicVMs = @()

# For each VM, check Virtual Network Adapters if Mac = Dynamic.

foreach ($vm in $AllVMS ) {

$vmnics = $vm | Get-SCVirtualNetworkAdapter

if ($vmnics.MACAddressType -eq "Dynamic") {

$DynamicVMs += $vm.Name

}

# List all VM's with a Dynamic Mac address.

$DynamicVMs | Sort-Object

Write-Output "--------"

$DynamicVMs.Count

It will give a list of all VM’s and the number of VM’s in that list.
Small, simple and efficient.

Script for importing existing VMs into Azure Pack

As you start working with Azure Pack, you probably realize that you have a lot of existing VM’s that you would like to import into Azure Pack, and by that be able to use them just as you can handle all new ones?

All that’s needed for that, is to set the correct AzurePack user as the owner and SelfServicUuser on that Virtual Machine. And of course, have the machine in the correct “Cloud”.

Here is a small script which will help you out by;

Asking in a Grid View, which Cloud you would like to import a machine in.
Ask which user that should be the new owner of this VM.
Let you pick, which VM from the Cloud you would like to import.

As we have multiple clouds, and users can have multiple subscriptions, I chose to make the script use GridView, to minimize the risk for human errors (typos).

# You have to set your SCVMM server and use -ForOnBehalfOf to make use of SPF. 
$SCVMMSERVER = Get-SCVMMServer -ComputerName YOUR.SCVVM.SERVER.FQDN -ForOnBehalfOf 

$SCCloud = Get-SCCloud -Name (Get-SCCloud | select Name | Out-GridView -Title "Select Cloud" -PassThru).Name
$SCUser = (Get-SCUserRole | Where-Object Cloud -Match $SCCloud).Name -Replace "_.+","" | Out-GridView -PassThru -Title "Select User" 
$vmselfserviceuserrole = Get-SCUserRole | Where-Object Cloud -Match $SCCloud | Where-Object Name -Like $SCUser* 
$SCVM = (get-scvirtualmachine ($SCCloud | Get-SCVirtualMachine | select Name | Out-GridView -Title "Select VM" -PassThru).Name)

Set-SCVirtualMachine -VM $SCVM –UserRole $vmselfserviceuserrole –Owner $SCUser

# You have to set your SCVMM server and use -ForOnBehalfOf to make use of SPF.

$SCVMMSERVER = Get-SCVMMServer -ComputerName YOUR.SCVVM.SERVER.FQDN -ForOnBehalfOf

$SCCloud = Get-SCCloud -Name (Get-SCCloud | select Name | Out-GridView -Title "Select Cloud" -PassThru).Name

$SCUser = (Get-SCUserRole | Where-Object Cloud -Match $SCCloud).Name -Replace "_.+","" | Out-GridView -PassThru -Title "Select User"

$vmselfserviceuserrole = Get-SCUserRole | Where-Object Cloud -Match $SCCloud | Where-Object Name -Like $SCUser*

$SCVM = (get-scvirtualmachine ($SCCloud | Get-SCVirtualMachine | select Name | Out-GridView -Title "Select VM" -PassThru).Name)

Set-SCVirtualMachine -VM $SCVM –UserRole $vmselfserviceuserrole –Owner $SCUser

SCVMM : Automatic Baseline update script

SCVMM (System Center: Virtual Machine Manager) 2012 and 2012R2 can manage the patch compliance on your servers. That’s a great feature but normally involves some manual work as you have to add each update to the Baselines manually.

My colleague Mikael Nyström (MVP) made a script to handle this automatically, which I’ve developed a bit further.

<#
.Synopsis
   Script to automatically keep SCVMM Baselines in sync with WSUS 
.DESCRIPTION
   Script that synchronizes WSUS Updates with SCVMM, both adding new updates and removes old inactive updates. 
.EXAMPLE
   Update-BaseLineUpdates $Baselinename

# Author
Current Author, Markus Lassfolk @Truesec 
Original Author, Mikael Nyström @Truesec 

# Version 1.2
  Markus Lassfolk 
 - Added section to remove inactive updates 

# Version 1.0 
  Markus Lassfolk 
 - Initial Release 

# Version 0.5 
  Mikael Nyström 

#>

Function Update-BaseLineUpdates{
Param
 (
 [Parameter(Mandatory=$false,
 ValueFromPipeline=$true,
 ValueFromPipelineByPropertyName=$true,
 ValueFromRemainingArguments=$false,
 Position=0)]
 [String]
 $BaseLineName
 )
$baseline = Get-SCBaseline -Name $BaseLineName

# Set-SCBaseline -Baseline $baseline -Name $BaseLineName -Description $BaseLineName -RemoveUpdates $baseline.Updates
write-host $baseline.UpdateCount : Current number of Updates in Baseline $BaseLineName

$addedUpdateList = ""
$addedUpdateList = @()

if ($baseline.UpdateCount -eq 0) { 
        write-host "No previous updates in" $BaselineName", adding all existing updates for" $BaseLineName "from WSUS"  
        $addedUpdateList += Get-SCUpdate | Where-Object -Property UpdateClassification -EQ -Value $BaseLineName | Where-Object -Property IsApproved -Like -Value "True" | Where-Object -Property IsDeclined -Like -Value "False"| Where-Object -Property IsExpired -Like -Value "False" | Where-Object -Property IsSuperseded -Like -Value "False" | Where-Object -Property Products -like "*Windows Server 2012*"
        write-host $addedUpdateList.Count ": New updates to add in" $Baseline 
        Set-SCBaseline -Baseline $baseline -Name $BaseLineName -Description $BaseLineName -AddUpdates $addedUpdateList -RunAsynchronously
  }

if ($baseline.UpdateCount -gt 0 ) { 
        write-host "Scanning Newest 500 WSUS Updates for matching updates for $BaselineName" 
        $LatestUpdates = Get-SCUpdate -Newest 500 | Where-Object -Property UpdateClassification -EQ -Value $BaseLineName | Where-Object -Property IsApproved -Like -Value "True" | Where-Object -Property IsDeclined -Like -Value "False"| Where-Object -Property IsExpired -Like -Value "False" | Where-Object -Property IsSuperseded -Like -Value "False" | Where-Object -Property Products -like "*Windows Server 2012*"
        write-host $LatestUpdates.Count ": Updates found, verifying if update(s) already exist in" $BaseLineName 

        Compare-Object -ReferenceObject $baseline.Updates -DifferenceObject $LatestUpdates -IncludeEqual | % {
        if($_.SideIndicator -eq '=>') { $addedUpdateList += Get-SCUpdate -ID $_.inputobject.id } 
        }

    write-host $addedUpdateList.Count : New updates to be added to SCVMM for $BaseLineName 
    write-host $addedUpdateList | ft
    Set-SCBaseline -Baseline $baseline -Name $BaseLineName -Description $BaseLineName -AddUpdate $addedupdateList -RunAsynchronously 
    }

    write-host "Scan WSUS for Updates that should not be Checked anymore" 
    $remove = ""
    $remove = @()
    $removeUpdateList = ""
    $removeUpdateList = @()

    $remove += Get-SCUpdate | Where-Object -Property UpdateClassification -EQ -Value $BaseLineName | Where-Object -Property IsApproved -Like -Value "False" | Where-Object -Property Products -like "*Windows Server 2012*"
    $remove += Get-SCUpdate | Where-Object -Property UpdateClassification -EQ -Value $BaseLineName | Where-Object -Property IsDeclined -Like -Value "True"| Where-Object -Property Products -like "*Windows Server 2012*"
    $remove += Get-SCUpdate | Where-Object -Property UpdateClassification -EQ -Value $BaseLineName | Where-Object -Property IsExpired -Like -Value "True" | Where-Object -Property Products -like "*Windows Server 2012*"
    $remove += Get-SCUpdate | Where-Object -Property UpdateClassification -EQ -Value $BaseLineName | Where-Object -Property IsSuperseded -Like -Value "True" | Where-Object -Property Products -like "*Windows Server 2012*"

    write-host $remove.count "Remove Unapproved/Superseded/Expired/Declined updates" 

        Compare-Object -ReferenceObject $baseline.Updates -DifferenceObject $remove -IncludeEqual | % {
        if($_.SideIndicator -eq '==') { $removeUpdateList += Get-SCUpdate -ID $_.inputobject.id } 
        }

    Set-SCBaseline -Baseline $baseline -Name $BaseLineName -Description $BaseLineName -RemoveUpdates $RemoveupdateList 
}

Function Add-BaseLine{
Param
 (
 [Parameter(Mandatory=$false,
 ValueFromPipeline=$true,
 ValueFromPipelineByPropertyName=$true,
 ValueFromRemainingArguments=$false,
 Position=0)]
 [String]
 $BaseLineName
 )
$baseline = New-SCBaseline -Name $BaseLineName -Description $BaseLineName
$scope = Get-SCVMHostGroup -Name "All Hosts"
Set-SCBaseline -Baseline $baseline -AddAssignmentScope $scope
$scope2 = Get-SCVMMManagedComputer
ForEach($Server in $scope2){
Set-SCBaseline -Baseline $baseline -Name $baseLine -AddAssignmentScope $Server
}
}

Write-Host "Synchronizing with WSUS Server" 
Get-SCUpdateServer | Start-SCUpdateServerSynchronization 

. Update-BaseLineUpdates "Security Updates"
. Update-BaseLineUpdates "Critical Updates"
. Update-BaseLineUpdates "Updates"
. Update-BaseLineUpdates "Update Rollups"

#. Update-BaseLineUpdates "Definition Updates"
#. Update-BaseLineUpdates "Service Packs"
#. Update-BaseLineUpdates "Feature Packs"

write-host "Start Compliance Scan for all Servers" 
Get-SCVMMManagedComputer | Start-SCComplianceScan

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

.Synopsis

Script to automatically keep SCVMM Baselines in sync with WSUS

.DESCRIPTION

Script that synchronizes WSUS Updates with SCVMM, both adding new updates and removes old inactive updates.

.EXAMPLE

Update-BaseLineUpdates $Baselinename

# Author

Current Author, Markus Lassfolk @Truesec

Original Author, Mikael Nyström @Truesec

# Version 1.2

Markus Lassfolk

- Added section to remove inactive updates

# Version 1.0

Markus Lassfolk

- Initial Release

# Version 0.5

Mikael Nyström

Function Update-BaseLineUpdates{

Param

(

[Parameter(Mandatory=$false,

ValueFromPipeline=$true,

ValueFromPipelineByPropertyName=$true,

ValueFromRemainingArguments=$false,

Position=0)]

[String]

$BaseLineName

)

$baseline = Get-SCBaseline -Name $BaseLineName

# Set-SCBaseline -Baseline $baseline -Name $BaseLineName -Description $BaseLineName -RemoveUpdates $baseline.Updates

write-host $baseline.UpdateCount : Current number of Updates in Baseline $BaseLineName

$addedUpdateList = ""

$addedUpdateList = @()

if ($baseline.UpdateCount -eq 0) {

write-host "No previous updates in" $BaselineName", adding all existing updates for" $BaseLineName "from WSUS"

$addedUpdateList += Get-SCUpdate | Where-Object -Property UpdateClassification -EQ -Value $BaseLineName | Where-Object -Property IsApproved -Like -Value "True" | Where-Object -Property IsDeclined -Like -Value "False"| Where-Object -Property IsExpired -Like -Value "False" | Where-Object -Property IsSuperseded -Like -Value "False" | Where-Object -Property Products -like "*Windows Server 2012*"

write-host $addedUpdateList.Count ": New updates to add in" $Baseline

Set-SCBaseline -Baseline $baseline -Name $BaseLineName -Description $BaseLineName -AddUpdates $addedUpdateList -RunAsynchronously

}

if ($baseline.UpdateCount -gt 0 ) {

write-host "Scanning Newest 500 WSUS Updates for matching updates for $BaselineName"

$LatestUpdates = Get-SCUpdate -Newest 500 | Where-Object -Property UpdateClassification -EQ -Value $BaseLineName | Where-Object -Property IsApproved -Like -Value "True" | Where-Object -Property IsDeclined -Like -Value "False"| Where-Object -Property IsExpired -Like -Value "False" | Where-Object -Property IsSuperseded -Like -Value "False" | Where-Object -Property Products -like "*Windows Server 2012*"

write-host $LatestUpdates.Count ": Updates found, verifying if update(s) already exist in" $BaseLineName

Compare-Object -ReferenceObject $baseline.Updates -DifferenceObject $LatestUpdates -IncludeEqual | % {

if($_.SideIndicator -eq '=>') { $addedUpdateList += Get-SCUpdate -ID $_.inputobject.id }

}

write-host $addedUpdateList.Count : New updates to be added to SCVMM for $BaseLineName

write-host $addedUpdateList | ft

Set-SCBaseline -Baseline $baseline -Name $BaseLineName -Description $BaseLineName -AddUpdate $addedupdateList -RunAsynchronously

}

write-host "Scan WSUS for Updates that should not be Checked anymore"

$remove = ""

$remove = @()

$removeUpdateList = ""

$removeUpdateList = @()

$remove += Get-SCUpdate | Where-Object -Property UpdateClassification -EQ -Value $BaseLineName | Where-Object -Property IsApproved -Like -Value "False" | Where-Object -Property Products -like "*Windows Server 2012*"

$remove += Get-SCUpdate | Where-Object -Property UpdateClassification -EQ -Value $BaseLineName | Where-Object -Property IsDeclined -Like -Value "True"| Where-Object -Property Products -like "*Windows Server 2012*"

$remove += Get-SCUpdate | Where-Object -Property UpdateClassification -EQ -Value $BaseLineName | Where-Object -Property IsExpired -Like -Value "True" | Where-Object -Property Products -like "*Windows Server 2012*"

$remove += Get-SCUpdate | Where-Object -Property UpdateClassification -EQ -Value $BaseLineName | Where-Object -Property IsSuperseded -Like -Value "True" | Where-Object -Property Products -like "*Windows Server 2012*"

write-host $remove.count "Remove Unapproved/Superseded/Expired/Declined updates"

Compare-Object -ReferenceObject $baseline.Updates -DifferenceObject $remove -IncludeEqual | % {

if($_.SideIndicator -eq '==') { $removeUpdateList += Get-SCUpdate -ID $_.inputobject.id }

}

Set-SCBaseline -Baseline $baseline -Name $BaseLineName -Description $BaseLineName -RemoveUpdates $RemoveupdateList

}

Function Add-BaseLine{

Param

(

[Parameter(Mandatory=$false,

ValueFromPipeline=$true,

ValueFromPipelineByPropertyName=$true,

ValueFromRemainingArguments=$false,

Position=0)]

[String]

$BaseLineName

)

$baseline = New-SCBaseline -Name $BaseLineName -Description $BaseLineName

$scope = Get-SCVMHostGroup -Name "All Hosts"

Set-SCBaseline -Baseline $baseline -AddAssignmentScope $scope

$scope2 = Get-SCVMMManagedComputer

ForEach($Server in $scope2){

Set-SCBaseline -Baseline $baseline -Name $baseLine -AddAssignmentScope $Server

}

Write-Host "Synchronizing with WSUS Server"

Get-SCUpdateServer | Start-SCUpdateServerSynchronization

. Update-BaseLineUpdates "Security Updates"

. Update-BaseLineUpdates "Critical Updates"

. Update-BaseLineUpdates "Updates"

. Update-BaseLineUpdates "Update Rollups"

#. Update-BaseLineUpdates "Definition Updates"

#. Update-BaseLineUpdates "Service Packs"

#. Update-BaseLineUpdates "Feature Packs"

write-host "Start Compliance Scan for all Servers"

Get-SCVMMManagedComputer | Start-SCComplianceScan

The script has a few Pre-Requisites;

A WSUS Server defined in SCVMM
Approved patches for “Windows Server 2012” and “Windows Server 2012 R2” in WSUS
Pre-Defined Baselines (you can use Add-Baseline to create them) with these names;
- Security Updates
- Critical Updates
- Updates
- Update Rollups

That’s it! You can now run the script and automatically import all matching updates.

The following actions will be performed;

Synchronize updates with WSUS
Check if there are any updates in the Baseline already
- If the baseline is empty, import ALL matching updates
- If the baseline is NOT empty, check the Newest 500 updates and import all matching updates
Remove inactive updates
Repeat for all Baselines
Start a compliance scan

The script will not initiate any remediation. And as the script normally only checks the newest 500 updates, it has to be run fairly regular. In my environment, 500 updates is about 1 month of updates. Though to be safe, run it once a week.