HOWTO: Scheduled a standalone VMware ESXi Host Reboot via Powershell

@DeanColpitts1 Comment

We have several clients who have standalone VMware ESXi hosts (that are not part of any vCenter) without any option for vMotion or Storage vMotion.  This can make it difficult for us to keep those hosts current with patches, updates, and BIOS / firmware because it means we need to manually shut the hosts’ guest down, and then restart the host – none of which can be done during normal business hours – and I’m getting too old to work all night.

Fortunately, VMware provides us a way to use PowerShell to shutdown a ESXi host’s guest, and then force a reboot.  This means we can apply patches and updates late in the day to the ESXi host, then schedule the host to reboot early in the morning after the daily backup completes.  Then when we come into the office in the morning (usually an hour or two before the clients arrive at their offices), it is simply a matter of checking the host to ensure it is back up along with all it’s guests.

To schedule a standalone VMware Host reboot, the current VMware PowerCLI client needs to be installed on the machine that will be running the scheduled reboot.

Once the VMware PowerCLI is installed, you need to create 3 files:

  • C:\WINDOWS\VMWARE_ROOT.PWD – encrypted file that contains the root user’s password
  • C:\WINDOWS\VMWARE_HOST_REBOOT.CMD – the wrapper that will call PowerShell from TaskScheduler
  • C:\WINDOWS\VMWARE_HOST_REBOOT.PS1 – the actual PowerShell script that executes the reboot

To create the file C:\WINDOWS\VMWARE_ROOT.PWD, open PowerShell and run the following command:

read-host -assecurestring "Enter Password" | convertfrom-securestring | out-file C:\WINDOWS\VMWARE_ROOT.PWD

 

At the “Enter Password” prompt, enter the password of the root user account for the ESXi host you want to reboot.

You also need to set the PowerShell Execution Policy to support remote signed scripts such as C:\WINDOWS\VMWARE_HOST_REBOOT.PS1.  To do this, in PowerShell run the following command and select Yes when prompted:

Set-ExecutionPolicy RemoteSigned

We need to schedule a time for VMWARE_HOST_REBOOT.CMD to run.  I’ve set 4:15 am local time on March 22, 2015 in the example shown below, but you can adjust as required.  In an administrative command prompt, run this (***note – this will create the scheduled task to run as the currently logged in user***):

schtasks /create /tn "VMware Host Reboot" /tr C:\WINDOWS\VMWARE_HOST_REBOOT.CMD /sc once /st 04:15:00 /sd 03/22/2015 /rp "*" /ru "%userdomain%\%username%"

Now we need to create C:\WINDOWS\VMWARE_HOST_REBOOT.CMD, which is the batch file task scheduler uses to launch our PowerShell script.

rem --- begin cut and paste of notepad C:\WINDOWS\VMWARE_HOST_REBOOT.CMD
@echo off
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy RemoteSigned -noprofile -File C:\WINDOWS\VMWARE_HOST_REBOOT.PS1
exit /b
rem --- end cut and paste of C:\WINDOWS\VMWARE_HOST_REBOOT.CMD ---

Lastly, we need to create C:\WINDOWS\VMWARE_HOST_REBOOT.PS1, adjusting the variable for $server to the host you wish to reboot (all variables are all defined at the top of the script) and adjust wait time ($waittime) before force rebooting after you issue a graceful gust shutdown command.

###--- begin cut and paste of notepad C:\WINDOWS\VMWARE_HOST_REBOOT.PS1
### VMWARE_HOST_REBOOT.PS1
### @deancolpitts – http://blog.jbgeek.net
### 2015.03.20

### This script will attempt to perform a graceful VM restart via the VMware Tools inside the guest.
### Variables - please only adjust server, user, and waittime. Any other variables should not be touched.
### Server is the vCenter server or ESXi host's FQDN, while user is the vCenter user or ESXi user account.

$server = "VMWARE.FQDN.DOMAIN_OR_IPADDRESS"
$user = "root"
$waittime = "300"

$credentialFile = "C:\WINDOWS\VMWARE_ROOT.PWD"
$pass = cat $credentialFile | convertto-securestring
$credentials = new-object -typename System.Management.Automation.PSCredential -argumentlist $user,$pass

add-pssnapin VMware.VimAutomation.Core -ErrorAction SilentlyContinue -WarningAction SilentlyContinue | Out-Null
if ( $DefaultVIServers.Length -lt 1 )
{
Connect-VIServer -Server $server -Protocol https -credential $credentials -WarningAction SilentlyContinue | Out-Null
}

Get-VM | Shutdown-VMGuest -confirm:$false -WarningAction SilentlyContinue

### Wait x number of seconds for all the VM's to gracefully shutdown before a forced kill occurs
Start-Sleep -s $waittime

Restart-VMHost -VMHost $server -force -confirm:$false

###--- end cut and paste of C:\WINDOWS\VMWARE_HOST_REBOOT.PS1 ---

All that is left do now is wait for C:\WINDOWS\VMWARE_HOST_REBOOT.CMD to run at your scheduled time.

As always – Use any tips, tricks, or scripts I post at your own risk.

KB3148812 breaks Windows Server Update Services

@DeanColpittsLeave a comment

Earlier this week, Microsoft pushed out KB3148812, which enables ESD decryption provisioning in WSUS (on Windows Server 2012 and Windows Server 2012 R2).  From what I read and understand, KB3148812 is going to be a mandatory update for WSUS to support Windows 10 updates after May 1.  Unfortunately, it appears that KB3148812 also breaks the WSUS console.  Rather than re-issue KB3148812 so it doesn’t break WSUS, Microsoft has published in a blog posting the necessary post-install steps to “un-break” WSUS after install KB3148812.

Basically you need to perform two steps to return WSUS to a working condition on Windows 2012.  First, you need to re-run the WSUS post-install.  And then you also need to add HTTP Activation to your WSUS server.

For Step 1, to re-run post-install, open an administrative command prompt and run:

"C:\Program Files\Update Services\Tools\Wsusutil.exe" postinstall /servicing

For Step 2, to install HTTP Activation, open an administrative PowerShell command prompt and run:

Install-WindowsFeature -Name NET-WCF-HTTP-Activation45

No reboot should be necessary and the WSUS console should now open and function normally for you.  There is the possibility you’ll still get client connectivity issue though with an error of 0x80244007, which is something entirely different that Microsoft is still looking at as of 2016.04.22.

HOWTO: Monitor the rebuild status of a HPE SmartArray in ESXi 5.5

@DeanColpittsLeave a comment

To monitor the rebuild status of a HP SmartArray controller in VMware ESXi 5.5, you need to have the HP VMware tools bundle installed (which is installed if the server was installed from the HP VMware media / ISO).  Once the tools bundle has been installed, simply SSH the server (or go right on the console, either physically or via ILO), login and run:

/opt/hp/hpssacli/bin/hpssacli ctrl all show status

This will provide you a list of all the SmartArray controllers in the server.  From this list, find the slow number of the controller that contains the logical drive you need to check the status on and run the following command (substitute slot=XX for the slot value you determined with the previous command):

/opt/hp/hpssacli/bin/hpssacli ctrl slot=XX ld all show

2016.04.14 - 09.12.11 - SNAGIT - 0000

If you happen to running an older version of ESXi 5.x, or your HP VMware Tools bundle is not somewhat recent, then the commands are somewhat different.  In this case the correct commands are:

/opt/hp/hpacucli/bin/hpacucli
ctrl all show
ctrl slot=0 ld all show

HPE Insight Remote Support 7.6 auto-upgrade fails

@DeanColpitts2 Comments

As some of you may have noticed, HPE rehpe_pri_grn_pos_rgbleased Insight Remote Support (IRS) version 7.6 this week.  Among other things, the interface is now rebranded with the new HPE logo and icon, it has better security logging, and add support for a bunch of new HPE Networking and HPE StoreEasy products.

If you have already set the “Automatic Update Level” in IRS to “Automatically Download and Install”, you may already have 7.6 successfully deployed to your server.  It’ll be pretty obvious to tell too – if you see the HPE logo shown above on the login page or as the desktop shortcut icon, you are already at version 7.6.

For some reason however, a couple of my IRS 7.5 servers have failed to auto-update to 7.6.  Trying to install the 7.6 update from the Software Tab in IRS by clicking the Start Update also fails.  Normally at this point, I’d simply go to the Software Depot, download 7.6 and manually run the setup – except that 7.6 isn’t available in the Software Depot as the Software Depot download page generates an error message as of this writing (2016.04.02).

So – after some troubleshooting and poking around the log files, I determined you can download the 7.6 package update from the same spot that IRS downloads it:

https://services.isee.hp.com/SWM/packages/ProdUpgPkg/2016-03-31T154720/ProdUpgPkg+7.6.0.27.zip

Unzip this archive to C:\TEMP and then from a command prompt run:

msiexec /i "C:\TEMP\ProdUpgPkg+7.6.0.27\lib\hprs7kit.msi" /lv "%HP_RS_LOG%\hprs_7.6.0_install.log"

Now – if your servers were like those same servers I have, this will fail too.  Taking a look at “%HP_RS_LOG%\hprs_7.6.0_install.log“, you’ll find that pg_dumpall.exe couldn’t connect to the database as the connection was refused.  This results in database.sql being missing, which causes the install to puke with an error code of 1603.  database.sql is the Postgres database dump of your production IRS database that the installer attempts to make.  Now just above the 1603 error in “%HP_RS_LOG%\hprs_7.6.0_install.log“, you’ll find the actual command line for pg_dumpall.exe, which should be (depending on the vintage of your original IRS install) either:

"C:\Program Files\HP\RS\postgresql_9_win32\bin\pg_dumpall.exe" --host=localhost --port=7950 --username=postgres --file="C:\ProgramData\HP\RS\DATA\PERSISTENCE\UPGRADE\database.sql"
-- or --
"C:\Program Files (x86)\HP\RS\postgresql_9_win32\bin\pg_dumpall.exe" --host=localhost --port=7950 --username=postgres --file="C:\ProgramData\HP\RS\DATA\PERSISTENCE\UPGRADE\database.sql"

Manually running the appropriate version command line from above will result in you being prompted for the postgres user password 6 times.  Unfortunately, this password is undocumented, but by doing some detective work (I won’t be sharing how I found what it was), I’ve determined it to be “edit – removed 2016.04.05 as per a request from HPE“.  So enter this password when prompted each of those 6 times, and you’ll find C:\ProgramData\HP\RS\DATA\PERSISTENCE\UPGRADE\database.sql is created.  Now you can go back and run the installer again from the command prompt:

msiexec /i "C:\TEMP\ProdUpgPkg+7.6.0.27\lib\hprs7kit.msi" /lv "%HP_RS_LOG%\hprs_7.6.0_install.log"

Your upgrade should now complete successfully, and all that is left is to log into IRS, go to the Software Tab and check for updates, and install any remaining updates.

As always – Use any tips, tricks, or scripts I post at your own risk.

 

HOWTO: In-Place Upgrade Windows 7 Pro OEM to Windows 7 Enterprise

@DeanColpittsLeave a comment

Recently we inherited a new client with some very legacy desktops running an OEM version of Windows 7 Pro.  The bad news for us though was there were a few legacy applications installed on those old desktops that we just could not get to reinstall on the new Windows 7 Enterprise edition machines the client purchased from us, so we decided to just P2V the old desktops into the customer’s VMware cluster, and provide the end users RDP access to their old desktop until we could deploy a validated solution to replace those nontransferable legacy apps.  This worked fine for some of the end users, but some of the other end users needed multi-monitor support.  Windows 7 Pro does not support multi-monitors as a RDP host, but Windows 7 Enterprise certainly does.

The problem is though, there is no supported method by Microsoft to in-place migrate from Windows 7 Pro to Windows 7 Enterprise edition.  That said, there is a method (obviously unsupported by MS) to accomplish this without losing your data if you are brave enough to go down that road.

Before proceeding, a full machine backup is recommended (use something like Veeam Endpoint Backup to create a backup, or if it is a VM, take a snapshot).  Download and extract the most recent Volume Licensing Windows 7 Enterprise iso to the C: drive of the machine. (SW_DVD5_SA_Win_Ent_7w_SP1_64BIT_English_-2_MLF_X17-58882.ISO is the most current Windows 7 Enterprise ISO as of 2016.03.28).  And if the machine utilizes disk encryption, decrypt the volumes before continuing.

After the above items are attended to, open an Administrative Command and run:

REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /f /v "EditionID" /t REG_SZ /d "Enterprise"
REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /f /v "ProductName" /t REG_SZ /d "Windows 7 Enterprise"

Next (do not reboot after you make the above registry edits), from the extracted ISO run setup.exe, and when prompted for the type of installation you wish to perform, select the option to Upgrade.

2016.03.28 - 12.13.19 - SNAGIT - 0000

If nothing is blocking the upgrade (from a compatibility standpoint), then setup will begin an in-place upgrade and reboot the machine several times.  Once the upgrade has completed, you should find yourself with a correctly installed Windows 7 Enterprise Edition instance.

The next step is to activate Windows by installing a Windows 7 Enterprise MAK license key and activating it.  To do so, open an Administrative command prompt and run:

cscript c:\windows\system32\slmgr.vbs /ipk XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
cscript c:\windows\system32\slmgr.vbs /ato

By default the in-place upgrade process “breaks” .NET 4.x, in that Windows does not recognize it is installed, and as a result, any attempt to update, reinstall, or patch any of the .NET 4.x framework will fail.  To fix this, download the current .NET Framework cleanup tool from:

https://blogs.msdn.microsoft.com/astebner/2008/08/28/net-framework-cleanup-tool-users-guide/

Extract the cleanup tool and run it.  In the version drop-down box, select the latest version (4.6.1 as of 2016.03.28), and select “Cleanup Now”

2016.03.28 - 12.23.06 - SNAGIT - 0001

When the cleanup finishes, run cleanup again, and select version 4.6.  Then repeat for 4.5.2, 4.5.1, 4.5, and finally 4.

Next, download and install the prerequisites for Internet Explorer 11 from https://support.microsoft.com/en-ca/kb/2847882.  You can safely postpone rebooting until you get all the prerequisite installed.

These prerequisite include:

http://download.microsoft.com/download/6/C/A/6CA15546-A46C-4333-B405-AB18785ABB66/Windows6.1-KB2729094-v2-x64.msu
http://download.microsoft.com/download/9/F/E/9FE868F6-A0E1-4F46-96E5-87D7B6573356/Windows6.1-KB2731771-x64.msu
http://download.microsoft.com/download/F/1/0/F106E158-89A1-41E3-A9B5-32FEB2A99A0B/Windows6.1-KB2533623-x64.msu
http://download.microsoft.com/download/1/4/9/14936FE9-4D16-4019-A093-5E00182609EB/Windows6.1-KB2670838-x64.msu
http://download.microsoft.com/download/1/8/F/18F9AE2C-4A10-417A-8408-C205420C22C3/Windows6.1-KB2786081-x64.msu
http://download.microsoft.com/download/5/A/5/5A548BFE-ADC5-414B-B6BD-E1EC27A8DD80/Windows6.1-KB2834140-v2-x64.msu
http://download.microsoft.com/download/9/1/C/91CC3B0D-F58B-4B36-941D-D810A8FF6805/Windows6.1-KB2639308-x64.msu
http://download.microsoft.com/download/4/1/3/41321D2E-2D08-4699-A635-D9828AADB177/Windows6.1-KB2888049-x64.msu
http://download.microsoft.com/download/6/1/4/6141BFD5-40FD-4148-A3C9-E355338A9AC8/Windows6.1-KB2882822-x64.msu

After rebooting, download and install Internet Explorer 11.

http://download.microsoft.com/download/7/1/7/7179A150-F2D2-4502-9D70-4B59EA148EAA/IE11-Windows6.1-x64-en-us.exe

Finally you should now be able run Windows Updates and re-install all 217 plus post SP1 Windows 7 updates.

And if you took a VM snapshot before beginning – don’t forget to clean it up now!

Do IT certifications even matter to customers anymore?

@DeanColpittsLeave a comment

(Spoiler Alert – THEY SURE SHOULD ANYWAYS!!!)

I’ve been in this business for almost 20 years now. Those of you who are IT professionals that have been around just as long will know what the term “paper certifications” mean. In the late 90s and early 2000’s Microsoft’s server business had taken off and so had demand for their certification program. It seems everybody wanted to hop on the bandwagon of Microsoft certifications, but the problem was not everybody had the necessary skill set to pass the certification exams. Many individuals went online to exam cheat sites and bought the exam answers. This allowed them to go take the exam and get a piece of paper that said they were certified; even if they had done nothing more than memorized the test questions. This is where the term “paper certification” came from – they had a piece of paper that said they were certified but in reality they had no idea what they were doing. Unfortunately this devalued the certification for the rest of us that actually knew what we were doing and who valued our achievements.  Most vendors police their certifications nowadays to catch cheaters, so while some paper certification individuals still exist today, they are not nearly as rampant as they were in the early 2000’s.

Fast forward 10 to 15 years and you arrive at today where customers and employers appear to have totally forgotten about asking for certifications from those who do work for them.  To be honest I’m not sure why customers stopped asking for certified individuals to work their accounts. I guess it could be a couple different things. Maybe they just think everybody has a certification on everything since back then everybody and their dog had a certification for Microsoft products. Or it could be they got burned by some of these individuals with paper certifications and they decided it no longer matters whether they ask for certified individuals – they think they are still going to get burned in the end (a damned if you do, damned if you don’t scenario).

Regardless of the reasons that customers and employers have stopped asking about certification, I’m here to tell you that both customers and employers are still being burned today – but for not asking. We see all the time when we meet perspective new customers and have to evaluate their current environment to get a baseline of where they are at. So what do I mean when I say burned? I am referring to the fact that it costs them time, money, and potentially data loss. I think these three items are probably self-explanatory but if not here’s what I believe.

Money

This one should be pretty simple. If you are a customer buying a solution that hasn’t been checked or approved by an individual who is certified on the solution, then who’s to say the solution that you’re getting is going to work?  If it doesn’t work, it is going to cost you money to either replace it, upgrade it, or hire someone who is certified and knows what they are doing to install / fix it.

Time

Time goes hand-in-hand with money. First, if the solution is not suited for what you actually require, then the whole process has been a waste of time because you just end up starting over to replace it. This in turn is going to cost you more money due to lost productivity. And if the individuals that are installing the solution are not certified on the product, then is going to take them more time to deploy the solution – assuming they can even get it working. And the more time they spend trying to deploy the solution, the more money they are going to charge you.  Unless they are like one national reseller’s deployment team I have heard of who just gets up and walks out the door when the allotted installation hours and budget are gone, whether or not the solution is working – it didn’t matter.  Incidentally, I later learned that neither the sales team nor the installation team were properly certified on the solution they sold customer.  Whoops – but case in point.

Data loss

This is probably the scariest one of the three. I can’t tell you the number of times I’ve seen solutions designed and deployed by uninformed individuals (who never took a single course or exam on the product they are trying to sell or install) with multiple potential single points of failure. It’s been my experience that poorly designed solutions tend to have a higher rate of data loss events, or situations of very poor performance from normally high performance components. It’s funny because most of the time when I talk to these clients afterwards they tell me they would’ve spent extra money to have a properly designed and deployed solution had they known the disaster awaiting them that were going to have with their current solution.

Certified Confidence

On a very regular basis, I am asked to speak to CEOs and the board of directors that they report to on various IT subjects – from explaining what a SAN is to demoing how dangerous a drive-by-download can be. Thanks to my training, certifications and knowledge, I have the confidence to stand at the front of the boardroom table and establish my credibility as an expert or specialist in the day’s subject in front of the CEO and board of directors. This better positions my employer to succeed and win more business as it builds the customer’s confidence that I know what I’m talking about and that whatever I am proposing is correct for them.

Know your vendors

Vendors (such as Hewlett Packard Enterprise, VMware, Veeam, and Citrix) usually provide special treatment to those of us who are certified on their products. This special treatment can be anything from sneak peaks of upcoming products and plans for the next generation, to a high level of technical support. This additional knowledge and treatment allows us to better service our customers – whether by allowing us to plan your environment out to take advantage of new technologies we know are coming 12, 18, or 24 months down the road, or by bypassing the level one support queue and getting right to the vendor’s support guys who have seen and know it all. And usually the special treatment affords us the ability to interact with and give direct feedback to the engineers that design the technology we are certified on. I’ve personally been in a feedback session with a design engineer where he took my feedback and literally (right in front of the rest of the audience in attendance) implemented my change request in the source code for the next release (if you use HPE ILO and it’s Advance License – you are welcome that you can cut and paste all 25 characters now at once to activate it instead of 5 x 5 like an old Windows product key!).

As a Hewlett Packard Enterprise Gold Partner, we are mandated to obtain and maintain certain certifications as part of our partner status to not only sell certain products, but deliver services on those same products.  Unfortunately for all of us, “Joe’s Taxidermy and Computer Repairs” in the basement of that house down on the corner of your street has a basic reseller status that also allows him to sell you that 3Par you’ve always dreamed about.  But what are the odds that Joe has had time in between stuffing deer heads and mount antlers on rabbits to go and get the training and certifications to provide you that level of service that you really need? Is he going to know the minimum number of drives per controller, per enclosure, or per node pair?  Is he going to know that the node interconnects in a 7400 are directional and as such can only be installed one way?  Is he going to know how to setup that new StoreOnce you just ordered?  What about best practices for replication with Veeam?  Or Golden Master image optimization for XenDesktop?  Likely not.

And not all vendor partners are equal.  Yes, that large international web-based e-tailor your love is likely certified on what you are looking for – but demand they have someone in your local region that is certified to look after your needs, instead of someone from the other side of the country, or even the other side of the world in some cases!

Your call to action!

If you are an end-user or customer reading this – then you need to demand those partners and resellers you are working with prove they have the proper certifications for the projects they are working on for you.  Do not just casually ask them about it – but rather demand they prove their certifications before they get one more penny (err – nickel for my fellow Canadians) from you.  The ITCC (Information Technology Certification Council) make it quite simple via the TechCertRegistry (https://techcertregistry.org) for certified individuals to share their validated certifications with potential employers and customers. Check it out – utilize it, demand it!

If you are reseller or other partner reading this – and you don’t have or believe in certifications, then please keep on doing exactly what you are doing now.  It will make your customers easier picking for the rest of us that do, and for that – we thank you!

Setup hourly HPE Insight Remote Support Service checking

@DeanColpittsLeave a comment

In a previous post, I mentioned we utilize HPE Insight Remote Support (IRS) at all our client sites, and discovered the lovely undocumented “feature” that IRS has, which is a tendency not to start after a Windows server reboot after an IRS update. This great undocumented feature defeats the entire purpose of IRS – monitoring and alerting your HPE hardware. After getting burned by this feature three or four times in a month where customers noticed hardware faults (via amber alert lights on the equipment) before we did since IRS was not running to alert us, I decided it was time to write a script to check IRS hourly and alert us if it wasn’t running.

To configure Windows to send an alert if the HP IRS Service is stopped, create the following two files (file contents are at the end of this post) on the IRS server:

  • check_irs_service_status.cmd – which is the wrapper that will call PowerShell from Task Scheduler
  • check_irs_service_status.ps1 – which is the actual PowerShell script that executes the service status check

Lastly, we need to schedule check_irs_service_status.cmd to run hourly. I’ve set 2 minutes after the hour in the example shown below, but you can adjust as required.

schtasks /create /tn "Hourly IRS Service Check" /tr c:\Windows\check_irs_service_status.cmd /sc minute /mo 60 /st 00:02:00 /rp "*" /ru "%userdomain%\%username%"

By default, the SMTP from address will be the netbios computer name of the IRS server @ the User’s DNS Domain FQDN (i.e. IRS-SERVER@JBGEEK.NET).  The SMTP to address will be support @ the User’s DNS Domain FQDN (i.e. SUPPORT@JBGEEK.NET), and the SMTP server will be mail @ the User’s DNS Domain FQDN (i.e. MAIL.JBGEEK.NET).  You can determine what these will be by checking the system’s environment variables with SET from a command prompt.  You can customize these settings in the “Send-MailMessage” command if necessary.

All that is left to do is to stop the service and test run check_irs_service_status.cmd to verify the Send-MailMessage works properly in your environment.

 

check_irs_service_status.cmd

rem --- begin cut and paste of notepad c:\windows\check_irs_service_status.cmd
@echo off
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy RemoteSigned -noprofile -File C:\Windows\check_irs_service_status.ps1
exit /b
rem --- end cut and paste of c:\windows\check_irs_service_status.cmd ---

 

check_irs_service_status.ps1

###--- begin cut and paste of notepad c:\windows\check_irs_service_status.ps1
### Check_irs_service_status.ps1
### @deancolpitts – http://blog.jbgeek.net
### 2016.01.27
### This script will check the status of the server HPRSMAIN and alert via email if the service is stopped.

$Service = Get-Service -name HPRSMAIN
$Service.Status
if ($Service.Status -eq "Stopped") {
 $CurrentTime = Get-Date
 Send-MailMessage -From "$env:computername@$env:userdnsdomain" -To "support@$env:userdnsdomain" -Subject "$env:computername - HP IRS Service is stopped!!!" -Body "The HP IRS Service is stopped on $env:computername.$env:userdnsdomain at approximately $CurrentTime." -Priority High -DNO onSuccess, onFailure -SmtpServer "mail.$env:userdnsdomain"
}

###--- end cut and paste of notepad c:\windows\check_irs_service_status.ps1

 

HPE Insight Remote Support fails to start after reboot

@DeanColpittsLeave a comment

We utilize HPE Insight Remote Support (IRS) at all our client sites, and typically have it running on either Windows 2008 R2 or Windows 2012 R2.  To simplify administration, we typically enable auto-update of IRS, which means IRS will download updates from HPE as they become available and self-update.  One of the lovely “features” that we discovered is that upon the next Windows server reboot after an IRS update (typically at 3am on the first Wednesday after the 2nd Tuesday of every month – thanks Microsoft), the HPRSMain service fails to start.  No amount poking, prodding or swearing will convince the service to start either.

The solution is to run a repair – except the HPE team doesn’t make that easy either as the only option in Add/Remove programs is to uninstall.  Fortunately, you should find the .msi for IRS in C:\ProgramData\HP\RS\DATA\SWM\LANDINGZONE\ProdUpgPkg\unzipped\lib.

So the quickest way to fix IRS at this point is to open an Administrative Command Prompt and run:

msiexec /f "C:\ProgramData\HP\RS\DATA\SWM\LANDINGZONE\ProdUpgPkg\unzipped\lib\hprs7kit.msi" /lv "%HP_RS_LOG%\hprs_recovery.log"

After a few minutes, the HPRSMain service should start and good until at least the next IRS update.

Windows 2012 R2 is unable to connect to HP StoreOnce CIFS shares

@DeanColpitts1 Comment

I ran into this issue the other day with a new HPE StoreOnce deployment. When attempting to connect to a CIFS share on a StoreOnce appliance (it does matter if it is physical appliance or VSA) from a Windows 2012 R2 server, the following error is received “The account is not authorized to log in from this station”.

1

To fix this, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters and set RequireSecuritySignature = 0  and then reboot Windows.  When Windows comes back up, you should now be able to browse the CIFS share on the StoreOnce appliance.

2

HOWTO: Generate and self-sign Wildcard SSL certs in Ubuntu

@DeanColpitts1 Comment

Generate a CSR:

openssl req -new -newkey rsa:2048 -nodes -sha256 -out wildcard.domain.fqdn.csr -keyout wildcard.domain.fqdn.key -subj "/C=your_country/ST=your_state/L=your_city/O=your_organization/CN=*.domain.fqdn"

View the CSR:

openssl req -text -in wildcard.domain.fqdn.csr

Sign the certificate:

openssl ca -in wildcard.domain.fqdn.csr -out wildcard.domain.fqdn.cer -config /path/to/openssl.cnf

Convert the certificate to PFX:

openssl pkcs12 -export -out wildcard.domain.fqdn.pfx -inkey wildcard.domain.fqdn.key -in wildcard.domain.fqdn.cer

Covert the certificate to PEM:

openssl pkcs12 -in wildcard.domain.fqdn.pfx -out wildcard.domain.fqdn.pem -nodes