[WTF?] VMware ESXi 6.5 – “Cannot complete login due to an incorrect user name or password”

Hi Chappies,

Just few momenst ago I had a really dodgy issue with loggin to newly installed ESXi6.5.

I deployed it few days ago, after instalation I logged in by copying password to the VMware console from KeePass application – logged in to that box, configured SSH connectivity and done some additinal configuration. After that connected via PuTTY as well.

Today my colleague just came from holidays and tried to log in – he got following error:

esxi_65_badusernamepassword

I thought that he we have some sort of different KeePass DB versions – but no.

674487

I was not able to log in either! So I tried not to copy, but instead to type the password in the form field – same failure.

So, I went to the server room, and tried to log in directly to ESXi using KVM – and guess what? 🙂 All went well! So I came back to my desk, tried to log in by copy/paste credentials from KeePass – instant success!

The question that still remains in my head – and I hope VMware or someone from community might answer one day – is:

dafaq-happened

Anyone able to help in resolving the “(ES)X Files” riddle?

PowerShell script for Exchange mailbox item (email, meeting, contacts, etc.) removal.

You might have a situation when someone – it might have even been you – send or receive an email that shouldn’t be sent or received.

It might have been a SPAM sent to your organization or an email that supposed to be send to your colleague but was send to a bunch of other people and had naked ladies in the attachment.

After sending such email reaction chain is as follows:

First you noticed that you have might clicked “Send” button, maybe you clicked CTRL + Enter combination, but you still not sure…

omg-what-have-i-done-jpg

Continue reading “PowerShell script for Exchange mailbox item (email, meeting, contacts, etc.) removal.”

PowerShell script to auto approve WSUS updates for pilot and standard groups.

Recently there has been a need for me to create script that will cover auto approval work for WSUS.

So the idea was tu approve certain patches to pilot group, and after 2 weeks apply these on standard target group and do another pilot group approval for latest time span.

Important! WSUS target groups need to have “Standard” and “Pilot” in their names.

Lines of code that are worth mentioning:

## 64th LINE
## Specify time span between pilot and standard approvals, below is 14 days
$Next_Approval_Date_Raw = (Get-Date).AddDays(14)
...
## 106 - 108 LINE
## Specify the report file name and path
$CSVFileName = $range+"UpdateTimes.csv"
$CSVPath = 'c:\'
$CSVFile = "$CSVPath$CSVFileName"

So after specifying what period we like we just need to specify the file name and path and we are ready to go!

If we would like to show it on diagram it would look like:

przechwytywanie

Of course we may add many things to it’s functionality and this is just the very early version of the script. Worth adding might be – and probably will be added in future – a list of updates that were approved to particular target group – it s already there in “verbose” mode, adding possibility to choose the target groups by name other than “Server” or “Workstation”.

Script can be found on TechNet and GitHub.

SQL long running jobs alert script in PowerShell

databaseHi folks!

Recently there was in a need of monitoring jobs on SQL – if they finish in timely manner. So I was looking for ready solution, found two:

https://devinknightsql.com/2012/07/07/identifying-long-running-sql-agent-jobs-script/ and http://www.sqlchicken.com/2012/07/identify-and-alert-for-long-running-agent-jobs/ however both are SQL jobs that monitor SQL jobs. I feel quite good in TSQL…

1fo1ju

…however that solution didn’t suit me from few reasons:

  1. I wanted to do monitoring of SQL jobs as an independent from SQL jobs failure.
  2. I might need to modify add something in the future and it would be easier for me in PowerShell
  3. Above solutions were giving alerts when a job run time was above average – not over certain time – an I needed that. Didn’t know how to do it in SQL.

So the decision was made:

b9c

To make it running in your environment just modify these lines:

## 10th-12th LINE
## SPECIFYING DATA FOR SENDMAIL FUNCTION
$fromemail = 'Job_Alert@domain_name.com'
$mailserver = 'mail_server.domain_name.com'
$toemail = 'recipient@domain_name.com'
...
## 21st LINE
## SPECIFYING DATABASE CONNECTION STRING
$dataSource = “DATABASE_SERVER_NAME”
...
## 71st LINE
## BELOW SPECIFY HOW MANY MINUTES IS THE TRIGGER - 5 IN THIS EXAMPLE
if ($Date_Diff.TotalMinutes -gt 5){

So in this example a script will send an email in HTLM:

przechwytywanie
If a job runs over 5 minutes.

So there you go 🙂 it is easy, no parameters and really dirty. I like it 🙂

Script can be found on TechNet and GitHub.

HP MSA – PowerShell script to check if disk drives firmware revision is up to date.

Recently I came across updating firmware on some HP MSA appliances.

As there were many different disk drives models on those, I started to wonder – how would I know if any new firmware has been released?

I didn’t want to search firmware for 10 different disk drives models every quarter neither. Firstly because I would forget, secondly – time consuming.

It was no brainer that I needed some automation for that stuff.

I found a HP website providing disk drives firmwares:

http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04315770

http://h20628.www2.hp.com/km-ext/content-webapp/document?docId=emr_na-c04315770

Unfortunately I was not able to find any of these for controller firmwares or enclosures.

Fortunately for controllers and enclosures checkout is easy, also usually we get information in controller firmware documentation which firmware revision is recommended for enclosure.

Script need to have current MSA firmware information in a JSON file – as for now this process is not automated and information need to be put manually in the JSON file.

What script does is it is going though mentioned website creating hash array of objects basing on very hideous HTML parsing (yup, I know it is ugly AF but well… works ^^).

After it got all that shit from the website, it runs array one by one checking looking for particular object by disk model, and comparing it’s current firmware revision from JSON to what it found on the website.

And here is the thing, there are 3 statuses:

Green – disk has the newest firmware

Light Green – disk most probably has the newest firmware.

Red – disk has an old firmware

You might ask – why we need Light Green. Well, sometimes one disk drive model is visible twice as different model, like below:

disk1

disk2

So these two are the same model, but have different firmware.

If script finds such situation, it checks if your firmware revision is among these found on the website – it also lists what firmware revisions have been found for that particular drive model. If your firmware revision is there – drive is reported as light green.

Output should look like:

hp_disk_firmware_hmtl_report

As you probably noticed for controllers there is just list to verify firmware version – I didn’t find any good source to script can run trough it checking if it is up to date, so as a workaround there is a fixed link in JSON file – it is always better just to click it and check current version than to search every quesrter for the correct link.

Script has 4 simple switches:

-File – switch parameter, if ran with that it will generate HTML file

-FilePath – default path is “.\”, so if you want to put HTML file somewhere else – this is the right place

-Email – switch parameter, if ran with that it will generate an email.

-Verbose – you got additional information about what actions have been done

Hope it will be helpful for some of you guys.

Script can be found on TechNet and GitHub.

Exchange mailbox/folders permissions – dependency graph between users.

Following solution uses GraphViz application to visualize mailboxpermissions dependencies in the company.

Some time ago I published a scripts for reading mailbox permissions:

https://paweljarosz.wordpress.com/2016/03/04/script-to-check-mailbox-permissions/

and mailbox folder permissions:

https://paweljarosz.wordpress.com/2016/05/28/powershell-script-to-check-permissions-on-mailbox-folders-also-recursively/

If some of you are wondering what GraphViz is, a quick look on google graphics and phrase “graphviz”, gives us an idea of how gorgeous graphs it can create:

fancy_graphviz.JPG

All the GraphViz needs is to have properly formatted input file – that’s it!

68543429.jpg

The need of having such script showed up as one time I was standing in front of migrating users to Exchange Online. I started to wonder how shall I visualize in a simply way, who need to be migrated together…

vlcsnap-2012-06-20-22h11m40s86.png

It was not an easy task, going though a excel/csv file, or even creating lists were not satisfying for me, so I started to think about it more, even during meals…

hqdefault

And then I found GraphViz:

http://www.graphviz.org/

It was looking really good! So now just a matter of quick reading about it checking if it will apply…

tumblr_m1kpqqLxkj1r8yo2fo1_1280

…reviewing the idea…

eeddcbaa20c45eb5c3e1e4e3c73c330f

…some calculations…

ik53723e34

And after all that research the idea became clear…

homer-simpson-donut-dream

As I mentioned at the beginning, input file can be done with one of the mailbox permissions / mailbox folder permissions reading scripts – links provided on the top (you might need to change delimiters a little bit as I guess in these files are “;” but go for adventure and modify something :))

The proper input should look like:

The_Input_File

So it has columns named “Mailbox”, “User” and “AccessRights”

And now the script. In organization I was building script for – it appeared that we have so many permissions I almost shat brikcs when I saw the actual output (graph)…

Just take a look by yourself, here is just a very small piece of graph when I was checking dependencies of just one mailbox – mine:

giphy.gif

Silly_Permissions

Let’s go closer:

Silly_Permissions

really

Imagine now that whole dependency graph contained like 10 more same chunks/pieces, 10 more, 10 fuck*ng times!

Well, I needed somehow to…

dealwithitdrgrant.gif

So the idea of migrating people together in chunks fell down and broke into pieces :] but at least we have that nice script.

  1. First thing is to get GraphViz application and install it:

Here you can find it:

http://www.graphviz.org/Download_windows.php

After installation all you need to to read your mailbox permissions – you can choose to read it with scripts from links given at the beginning of that article.

     2. Next thing, is to set up 3 variables:

GraphViz_variables.JPG

$GraphImageFile = “GraphImageFile.png” -> this is the name/path of your output file – actual graph

$GraphGraphVizFile = “GraphVizFile.gv” -> this is the name/path of the input file that will be passed to GraphViz to visualize your data, it will look similar to this one:

GraphViz_File

$CSVPermissionsFile = “Permissions.csv” –> and finally this is the input file for the script – so output from your script that reads permissions from mailboxes

    3. Having CSV we can start reading permissions, so here are some examples.

After running below:

.\PermissionMatrixGraphBuilder.ps1 -users “Pawel Jarosz”, “Wladek Ksiegowicz”

Permissions_1_PS

We will get:

Permissions_1

Users mentioned in “Users” array will be marked on blue, nice arrows will show direction of permissions 🙂

After running:

.\PermissionMatrixGraphBuilder.ps1 -users “Pawel Jarosz”, “Wladek Ksiegowicz” -SingleUser $true

Permissions_2_PS

We will get:

Permissions_2

And finally after running same but with “level” set to 1 we will get:

.\PermissionMatrixGraphBuilder.ps1 -users “Pawel Jarosz”, “Wladek Ksiegowicz” -Level 1

Permissions_3_PS.jpg

That will runthough the whole file ONLY ONE TIME, and what we will get would be something like:

Permissions_3.jpg

So summing up – for me script does a good job when it comes to visualize data that would be actually really hard to see from a excel file.

It is just an easy script, please note that you can add here features like:

  • adding description to each “connection” saying to which folder permissions are given
  • reading mailboxes sizes and adding them to the graph so it can ease planing of migration of certain groups of people
  • remember – possibilities are endless:

 

possibilities1possibilities2

 

Script can be found on TechNet and GitHub.