PowerCLI offline installation

Strict security policies are in place in many corporate environments. This means that it is only possible to access internet resources to a limited extent, if at all. This becomes apparent, for example, when trying to install PowerCLI on a management system. While the availability of PowerCLI modules in the PowerShell Gallery provides an easy way to install or update PowerCLI, this is only possible if access to this external resource is allowed by Powershell. Using the Powershell Gallery requires the NuGet Packet Management Provider. This must also be obtained online.

 Install-Module -Name VMware.PowerCLI -Scope CurrentUser 

If the Internet connection is restricted or blocked, the above command fails. But you can also transfer the modules offline. For this you need a PC with free internet access. Here you use a different command, which does not install the modules, but only downloads them to a defined path.

 Save-Module -Name VMware.PowerCLI -Path C:\temp\PSModules

Copy the entire contents of the PSModules folder to a storage medium of your choice (e.g. USB flash drive) and transfer the files to the desired offline system where PowerCLI is needed.

If you have admin rights on the target system, you can copy files to the loaction below.

 C:\Program Files\WindowsPowerShell\Modules 

Now the PowerCLI modules are also available on the offline system. For a version update the procedure must be repeated. It is advisable to remove the VMware modules before transferring the current ones.

Get-Module VMware.* -ListAvailable | Uninstall-Module -Force

Further customization

Customer Experience Improvement Program (CEIP)

The VMware Customer Experience Improvement Program collects data about the use of VMware products. You can either agree (true) or disagree (false). For offline systems, only the rejection (false) makes sense. The command shown below suppresses future notifications within PowerCLI.

Set-PowerCLIConfiguration -Scope AllUsers -ParticipateInCeip $false -confirm:$false

Ignore invalid SSL certificates

Bei Verwendung selbstsignierter Zertifikate im vCenter verweigert PowerCLI die Verbindung. Dieses Verhalten kann unterdrückt werden mit dem Befehl:

When using self-signed certificates in vCenter, PowerCLI will deny the connection. This behavior can be suppressed with the command:

Set-PowerCLIConfiguration -Scope AllUsers -InvalidCertificateAction Ignore -confirm:$false

PowerCLI error – Invalid server certificate

On client systems with fresh PowerCLI installations I often get an error when trying to run scripts.

Connect-VIServer Error: Invalid server certificate. Use Set-PowerCLIConfiguration to set the value for the InvalidCertificateAction option to Prompt if you’d like to connect once or to add a permanent exception for this server

The reason is that PowerCLI refuses to run scripts with invalid certificates. If you’re running your own scripts, you can switch off that feature.

Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false

Enable SSH cluster-wide with PowerCLI

This article shows how to quickly enable SSH service on one, more or all hosts in a cluster.

Start service

Login to vCenter.

Connect-VIServer <myVC>

The command below will activate SSH on all hosts registered in in your vCenter.

Get-VMHost | Get-VMHostService | Where Key -EQ "TSM-SSH" | Start-VMHostService

TSM means “Technical Support Mode”

Stop SSH service

To stop SSH service on all hosts, use the command below.

Get-VMHost | Get-VMHostService | Where Key -EQ "TSM-SSH" |  Stop-VMHostService -Confirm:$False

Selective activation

It’s possible to limit the scope of the command to one host. Just add the FQDN after Get-Host.

Get-VMHost myESX.myDomain.local | Get-VMHostService | Where Key -EQ "TSM-SSH" | Start-VMHostService

Find VMs without tags

Check Backup-Tag SLA

VMware tags are a versatile tool to dynamically assign VMs to groups. One use-case is leveraging VM-Tags to guarantee backup-SLA. Im my case there’s a category named “Backup” which contains several backup SLA tags for weekly or daily backups.

Oneliner

With PowerCLI you can find out quickly which VMs have no tags.

connect-viserver myVC
get-vm | ?{ (get-tagassignment $_) -eq $null}

This query isn’t sufficient yet. It’ll report only VMs that have no tags at all. But we’d like to find VMs that have no tags from the category “Backup”. So we have to modify our query a little bit.

get-vm | ?{ (get-tagassignment $_ -category Backup) -eq $null}

You need to adjust your query with the corresponding category name.