vmware: useful powercli commands

Categories VMware

List all services running on a host:
Get-VMHost "hostname" | Get-VMHostService | Select Key,Label

List servers with SSH server status:
Get-vmhost | Get-VMHostService | ? {($_.Key -eq "TSM-ssh")} | Select VMHost, Key,Label, Running

List servers with ESXi shell status:
Get-vmhost | Get-VMHostService | ? {($_.Key -eq "TSM")} | Select VMHost, Key,Label, Running

List servers with SSH server status in specific cluster:
Get-Cluster -Name "Non-Production-Pod-01" | get-vmhost | Get-VMHostService | ? {$_.Key -eq "TSM-ssh"} | Select VMHost, Key,Label, Running

Start ESX Shell on all hosts in vCenter:
Get-VMHost | Foreach {
Start-VMHostService -HostService ($_ | Get-VMHostService | Where { $_.Key -eq "TSM"} | Set-VMHostService -policy "on" -Confirm:$false)
}

Start ssh on all hosts in vCenter:
Get-VMHost | Foreach {
Start-VMHostService -HostService ($_ | Get-VMHostService | Where { $_.Key -eq "TSM-SSH"} | Set-VMHostService -policy "on" -Confirm:$false)
}

Suppress ssh alert on all hosts in vCenter:
Get-VMHost | Get-AdvancedSetting UserVars.SuppressShellWarning | Set-AdvancedSetting -Value 1

Create VM:
New-VM -RunAsync –name $servername –Datastore $datastore –Template $template –OSCustomizationSpec $spec –ResourcePool $host/resource pool -Location $folder

misc: how to set different certificate validity period for parent and subordinate certification authority (CA)

Categories Windows

Here is the little issue that took me a good while to understand and figure out as I thought this is set during initial install through console or by .inf file as MS recommanded. Nope, didn’t work that way.

My setup consists of one standalone root CA with 30 year validity which will be turned off and stored in a safe place for many many years, and two subordinate enterprise CA in two sites which will perform all cert related tasks with 15 year certificate validity… simple enough. All three are 2012 R2 servers.

Adding the role and promoting servers is as easy as you expect. Trick is to get the right validity on subordinates. Regardless of what validity term is set on root CA, it will issue a 1 year certificate to subordinates by default. Trick is to use the following commands to change default registry values:

certutil -setreg ca\ValidityPeriod "Years"
certutil -setreg ca\ValidityPeriodUnits "15"

Make sure to restart cert server service right away. To check registry value for “years” use:

certutil -getreg ca\val*

If you get revocation server was offline error you can override it with this command:

certutil –setreg ca\CRLFlags +CRLF_REVCHECK_IGNORE_OFFLINE

Then reboot and ignore the error – service will start.

To roll back and enable revocation server check:

certutil –setreg ca\CRLFlags -CRLF_REVCHECK_IGNORE_OFFLINE

exchange: exchange 2013 prerequisites

Categories Exchange

Open an elevated Powershell window and paste this:

Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation

Install Unified Communications Managed API 4.0 Runtime

Install Microsoft Office 2010 Filter Packs – Version 2.0

Install Microsoft Office 2010 Filter Packs – Version 2.0 – Service Pack 1

Enable automatic updates and you’re all set.

juniper srx: useful commands

Categories Juniper, Junos, Networking, SRX

Will update this post as I find useful commands.

Show logged on users: show system users
Logout connected user: request system logout user username terminal session

Show open sessions: show security flow session
View running Junos applications: show configuration groups junos-defaults applications
Show current sessions: show security flow session

Show system snapshot: show system snapshot media internal
Show system software backup: show system software backup

Delete autorecovery config: request system autorecovery state clear
Save autorecovery config: request system autorecovery state save

Delete rescue config: request system configuration rescue delete
Save rescue config: request system configuration rescue save

Upgrade bootloader: go to shell by typing “start shell” in cli
bootupgrade –u /boot/uboot –l /boot/loader

View BIOS version: show chassis routing-engine bios
View BIOS version and available upgrade: show system firmware
View current and upgrade BIOS with backup: request system firmware upgrade re bios backup
Check status of BIOS upgrade: show system firmware

View contents of a directory: file list directory
Show system directory usage: show system directory-usage /cf
Check disk space: show system storage detail
View contents of a directory: file list directory
Delete a file: file delete /var/tmp/xyz

Cleanup storage space: request system storage cleanup
Delete upgrade package backup: request system software delete-backup

Show device name, model and software version: show version

Upgrade software through ssh: put a copy of Junos software on a ftp location your device can access upon connecting (do not put where you have to browse to after connection). This needs to be done right after you are logged on to the device, and not in cli.

Login to ftp: ftp ip
Change directory to /var/tmp: lcd /var/tmp
Type bin and hit enter
Command to download the file to device: get junos-srxsme-12.1X46-D40.2-domestic.tgz
Type bye to exit ftp mode when file is downloaded successfully and go to cli.
Invoke the following command to install: request system software add no-copy /var/tmp/junos-srxsme-12.1X46-D40.2-domestic.tgz
Install may take a hot minute so be patient. Once this is complete reboot your device: request system reboot

Juniper Junos: change timeout settings for ssh/telnet/web console

Categories Juniper, Junos, Networking, SRX

To change application timeout:
cli/configure
ssh: set applications application junos-ssh inactivity-timeout 1440
telnet: set applications application junos-telnet inactivity-timeout 1440
web: set system services web-management session idle-timeout 1440

Note: auto complete does not work after application, so you will have to type it all in.

To view timeout settings, exit to cli
start shell user root
vty fwdd
show usp app-def tcp

And you’re done.