ESXi Configuration Restore fails with blank DCUI

Backing up and restoring an ESXi host configuration is a standard procedure that can be used when performing maintenance on the host. Not only host name, IP address and passwords are backed up, but also NIC and vSwitch configuration, Object ID and many other properties. Even after a complete reinstallation of a host, it can recover all the properties of the original installation.

Recently I wanted to reformat the bootdisk of a host in my homelab and had to fresh install ESXi for this. The reboot with the clean installation worked fine and the host got a new IP via DHCP.

Now the original configuration was to be restored via PowerCLI. To do this, first put the host into maintenance mode.

Set-VMhost -VMhost <Host-IP> -State "Maintenance"

Now the host configuration can be retored.

Set-VMHostFirmware -VMHost <Host-IP> -Restore -Sourcepath <Pfad_zum_Konfigfile>

The command prompts for a root login and then automatically reboots. At the end of the boot process, an empty DCUI was welcoming me.

I haven’t seen this before. I was able to log in (with the original password), but all network connections were gone. The management network configuration was also not available for selection (grayed out). The host was both blind and deaf.

Continue reading “ESXi Configuration Restore fails with blank DCUI”

PowerCLI offline installation

Strict security policies are in place in many corporate environments. This means that it is only possible to access internet resources to a limited extent, if at all. This becomes apparent, for example, when trying to install PowerCLI on a management system. While the availability of PowerCLI modules in the PowerShell Gallery provides an easy way to install or update PowerCLI, this is only possible if access to this external resource is allowed by Powershell. Using the Powershell Gallery requires the NuGet Packet Management Provider. This must also be obtained online.

 Install-Module -Name VMware.PowerCLI -Scope CurrentUser 

If the Internet connection is restricted or blocked, the above command fails. But you can also transfer the modules offline. For this you need a PC with free internet access. Here you use a different command, which does not install the modules, but only downloads them to a defined path.

 Save-Module -Name VMware.PowerCLI -Path C:\temp\PSModules

Copy the entire contents of the PSModules folder to a storage medium of your choice (e.g. USB flash drive) and transfer the files to the desired offline system where PowerCLI is needed.

If you have admin rights on the target system, you can copy files to the loaction below.

 C:\Program Files\WindowsPowerShell\Modules 

Now the PowerCLI modules are also available on the offline system. For a version update the procedure must be repeated. It is advisable to remove the VMware modules before transferring the current ones.

Get-Module VMware.* -ListAvailable | Uninstall-Module -Force

Further customization

Customer Experience Improvement Program (CEIP)

The VMware Customer Experience Improvement Program collects data about the use of VMware products. You can either agree (true) or disagree (false). For offline systems, only the rejection (false) makes sense. The command shown below suppresses future notifications within PowerCLI.

Set-PowerCLIConfiguration -Scope AllUsers -ParticipateInCeip $false -confirm:$false

Ignore invalid SSL certificates

Bei Verwendung selbstsignierter Zertifikate im vCenter verweigert PowerCLI die Verbindung. Dieses Verhalten kann unterdrückt werden mit dem Befehl:

When using self-signed certificates in vCenter, PowerCLI will deny the connection. This behavior can be suppressed with the command:

Set-PowerCLIConfiguration -Scope AllUsers -InvalidCertificateAction Ignore -confirm:$false

PowerCLI error – Invalid server certificate

On client systems with fresh PowerCLI installations I often get an error when trying to run scripts.

Connect-VIServer Error: Invalid server certificate. Use Set-PowerCLIConfiguration to set the value for the InvalidCertificateAction option to Prompt if you’d like to connect once or to add a permanent exception for this server

The reason is that PowerCLI refuses to run scripts with invalid certificates. If you’re running your own scripts, you can switch off that feature.

Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false

Enable SSH cluster-wide with PowerCLI

This article shows how to quickly enable SSH service on one, more or all hosts in a cluster.

Start service

Login to vCenter.

Connect-VIServer <myVC>

The command below will activate SSH on all hosts registered in in your vCenter.

Get-VMHost | Get-VMHostService | Where Key -EQ "TSM-SSH" | Start-VMHostService

TSM means “Technical Support Mode”

Stop SSH service

To stop SSH service on all hosts, use the command below.

Get-VMHost | Get-VMHostService | Where Key -EQ "TSM-SSH" |  Stop-VMHostService -Confirm:$False

Selective activation

It’s possible to limit the scope of the command to one host. Just add the FQDN after Get-Host.

Get-VMHost myESX.myDomain.local | Get-VMHostService | Where Key -EQ "TSM-SSH" | Start-VMHostService