PowerCLI offline installation

Strict security policies are in place in many corporate environments. This means that it is only possible to access internet resources to a limited extent, if at all. This becomes apparent, for example, when trying to install PowerCLI on a management system. While the availability of PowerCLI modules in the PowerShell Gallery provides an easy way to install or update PowerCLI, this is only possible if access to this external resource is allowed by Powershell. Using the Powershell Gallery requires the NuGet Packet Management Provider. This must also be obtained online.

 Install-Module -Name VMware.PowerCLI -Scope CurrentUser 

If the Internet connection is restricted or blocked, the above command fails. But you can also transfer the modules offline. For this you need a PC with free internet access. Here you use a different command, which does not install the modules, but only downloads them to a defined path.

 Save-Module -Name VMware.PowerCLI -Path C:\temp\PSModules

Copy the entire contents of the PSModules folder to a storage medium of your choice (e.g. USB flash drive) and transfer the files to the desired offline system where PowerCLI is needed.

If you have admin rights on the target system, you can copy files to the loaction below.

 C:\Program Files\WindowsPowerShell\Modules 

Now the PowerCLI modules are also available on the offline system. For a version update the procedure must be repeated. It is advisable to remove the VMware modules before transferring the current ones.

Get-Module VMware.* -ListAvailable | Uninstall-Module -Force

Further customization

Customer Experience Improvement Program (CEIP)

The VMware Customer Experience Improvement Program collects data about the use of VMware products. You can either agree (true) or disagree (false). For offline systems, only the rejection (false) makes sense. The command shown below suppresses future notifications within PowerCLI.

Set-PowerCLIConfiguration -Scope AllUsers -ParticipateInCeip $false -confirm:$false

Ignore invalid SSL certificates

Bei Verwendung selbstsignierter Zertifikate im vCenter verweigert PowerCLI die Verbindung. Dieses Verhalten kann unterdrückt werden mit dem Befehl:

When using self-signed certificates in vCenter, PowerCLI will deny the connection. This behavior can be suppressed with the command:

Set-PowerCLIConfiguration -Scope AllUsers -InvalidCertificateAction Ignore -confirm:$false

vCenter and AD Domain Functional Level

If you’re running a vCenter appliance with Active Directory integration you should take care about your Domain Functional Level. It is crucial to closely work together with the domain administrators team, for some vCenter versions may not support the latest level supported by Windows Server 2016.

What is the Domain Functional Level?

Functional levels determine the available Active Directory Domain Services domain capabilities. They also determine which Windows Server operating systems you can run on domain controllers in the domain or forest. Choosing a Functional Level of Windows Server 2012 implies that there can’t be any Domain Controllers prior that level (like Server 2008 R2).

Functional levels do not affect which operating systems you can run on workstations or servers that are joined to the domain.

Set the domain and forest functional levels to the highest value that your environment can support. This way, you can use as many ADS features as possible. Continue reading “vCenter and AD Domain Functional Level”

Veeam Default Repository

System choked by data – Why you should remove the default repository after installation

A typical Veeam Backup & Replication installation consists of several sub-components. There is the Backupserver with the database, there are backup proxies, Mount Server, Gateway server and Backup-repositories. Repositories are datastores which hold your backup data. Right after initial setup the installer will create a repositoty on your system partition which is the default repository. Normally your system partition isn’t very big. Maybe 100 GB or less. One of the first tasks after installation is to define a new backup repository with Terabytes of free space. Sometimes you might forget about the default repository, which is pointing at your system partition. Under certain conditions this can turn into a timebomb which I witnessed in the wild recently. Continue reading “Veeam Default Repository”

Microsoft Patch KB4088875/KB4088878 has issues with VMXNET3 adapter

March rollup disconnects Windows Server 2008R2 VMs

Microsoft’s monthly March 2018 rollup KB4088875 contains a patch KB4088878 which seems to have issues with Windows Server 2008 R2 VMs and VMXNET3 adapter. Applying the patch disconnects Windows Server 2008R2 VMs.

Sounds familiar?

Yes, indeed! There used to be an old problem with Server 2008R2 VMs which had a VMXNET3 NIC. After restoring these VMs from backup, they’ve lost their static IP and instead switched to DHCP.  The problem is known by VMware and there’s a corresponding KB1020078.

Microsoft released in a hotfix 433809 (KB2550978) to prevent the issue. But you had to switch to DHCP first before installing the hotfix and then revert to your static IP. I’ve published the procedure in 2013. This blogpost is in German but the procedure is simple:

  • change NIC from static IP to DHCP
  • apply hotfix
  • reboot
  • revert to static IP

It seems that Microsoft now has included that old hotfix into a montly rollup. At least the similarity is striking.

Fun fact

Those who had already applied the Hotfix in the past to their 2008R2 VMs, seem to be immune to the problem.