Tag Archives: esxi

vSphere: A colorful DCUI welcome screen

I was tasked to make our ESXi hosts compliant to the security standards and one of them is to set the legal message on DCUI. The work is easy enough, however you end up with only a black screen with the legal text and it looks very ugly!

So I chanced upon two links which shows you how you can add colors and format to the welcome message. Unfortunately, none of them shows you how to get it right.

Read the rest of this entry »
Leave a comment

Posted by on March 15, 2019 in powershell, Scripts, vmware


Tags: ,

PS+REST: ESXi hosts’ NSX Channel Health check

As part of the daily checks for NSX, we need to ensure that the communication channel on all ESXi hosts are healthy.

The REST API for channel health is straight forward, just feed the list of host IDs into the API and query the hostConnStatus for the XML file. Read the rest of this entry »

Leave a comment

Posted by on February 15, 2018 in powershell, vmware


Tags: , ,

PowerCLI: Script to reboot each ESXi hosts

I realized that having done this for a few year, I never really nailed down a script to do this properly. It is very common as a vSphere admin to have to reboot your ESXi hosts after a configuration change or for patching.

Below is a first draft, not pretty code-wise but its a working operational script. I hope to improve on it over time. The basic flow of the script is as follows:

  • You establish a connection to the vCenter server first before running the script
  • You submit an input file which is list of ESXi host names
  • The script reads the list and does the following for each host
    • Sets the host in maintenance mode and counts down to 30 minutes. If the hosts does not get into maintenance mode by then the script terminates and you need to figure out why.
    • If the host goes into maintenance mode, it then force reboots the hosts and waits for 30 minutes again. Again if the host doesn’t come up by 30 minutes, the script terminates and you need to fix the host issue.
    • Lastly, once the host is back online, it sets the host to connected state and works on the next host in the loop.

Read the rest of this entry »

Leave a comment

Posted by on November 5, 2017 in powershell, vmware


Tags: , ,

VMware: Finally a better maintenance mode sequence

I guess most of us have had the experience of getting an ESXi host into maintenance mode and finding that it got stuck with one last VM. When you look into host, you also see shutdown VMs and templates still hosted by this ESXi and you have to manually move them out before trying to get that last VM fixed so that you can get into the maintenance mode.

Great news with the vSphere 6.0 Update 2, now the order of evacuation for host going into maintenance mode is improved! Specifically:

Starting with vSphere 6.0 Update 2, when a host enters Maintenance Mode the host will evacuate all the powered off VMs and templates first, and then proceed to vMotion all the powered on VMs.

Leave a comment

Posted by on March 18, 2016 in vmware


Tags: ,

Finally web client for ESXi hosts!

For many who have moved on to vSphere 5.1 and beyond, and despite VMware’s focus on web-based management instead of the fat client, we still had to use the fat client to connect to and managed ESXi hosts. Great news as now there is a web based client to manage ESXi host directly. You do have have to install a VIB to your host for this to happen (I am sure this will be integrated in later versions) and it only works on 5.5 U3 and above, which will be released later.

Leave a comment

Posted by on August 13, 2015 in vmware


Tags: ,

HP blades and vSphere ESXi compatibility matrix

The most challenging part of having a blade enclosure system like HP c7000 blade encloure series is the getting the firmware to match the components. For example, you may start off with BL460c G7 blades and 1 year down the road decide to add Gen8 blades into the same enclosure. It is not a simple question of just plugging them in, many times it will not work as the underlyin OA firmware may not support Gen8 blades. However, one cannot just go ahead and upgrade the OA firmware without first checking the firmware versions of the G7 blades and iLOs to ensure that the new firmware is supported by each other. This is usually not too big a problem when the blades are new and estate is small, but if you have them deployed globally and over a few years, you can be assured that firmware versions will be very varied. And any attempts to standardize just say the OA firmware can difficult.

This is why HP has a compatibility matrix for its system. It used be a bit more complex (but easier) as the table would state the minimum firmware version for each component to work with each other. So you may want to upgrade the OA firmware to 3 versions higher but keep the rest the same, it would be not an issue. However, they have since streamlined this and force everyone to upgrade to a single version level. So if you want to upgrade the OA firmware to 3 version upwards, you need to upgrade all other components to the same version base.

Now if you are runnning ESXi hosts on these blades, your have to consider recommended driver versions which works in tandem with the OS version and the HP blade firmware.


Leave a comment

Posted by on August 27, 2014 in Operations, vmware, Windows


Tags: , ,

PowerCLI: one-liner to verify root password on ESXi hosts

There is only one account with full admin privilege on ESXi host before 5.5 and that is the root account. In the financial sector like a bank, you are required to use a password broker to manage your root password. That is, you check in the initial root password to the broker (like cyberark) and it will reset the password regularly. When you need to perform work on the host using root passwords, you will need to check out the password with dual authentication. Of course, this really makes life hard for us admins when we need to perform bulk work that requires root passwords. For example have to move hundreds of host from one vCenter to another.

I use this one-liner below to verify if a host is using the default root password (which were standardized previous). This is useful as part of audit remediation as some hosts may be rebuilt due to an issue and the root passwords was not re-checked in to the broker to be managed. One caveat I found is that for the same PowerCLI session, you should not be logged into any of the vCenters where the hosts are managed via connect-viserver before running this. The h.csv file is just a list of host name with “name” as the column.

import-csv .\h.csv | %{ $err = @() ; connect-viserver $ -user root
-password "default" -EA silentlycontinue -EV err ; if ($err.count -gt 0)
{ $ | out-file .\hosts_std_root.txt -append }
else {disconnect-viserver $ -force -confirm:$false} }

I use this one-liner below to test each ESXi host before I start work AFTER checking out each root passwords. The creds.csv file is list of name,password.

dir creds.csv | % {import-csv .\$($ |
%{ $err = @() ; connect-viserver $ -user root -password $_.password -EA silentlycontinue -EV err ;
if ($err.count -gt 0) { $ | out-file .\esx_wrong_root.txt -append }
else {disconnect-viserver $ -force -confirm:$false} }}

Posted by on May 3, 2014 in powershell, Scripts, vmware