Category Archives: vCenter

[VMware] Automation of Windows Server 2012 R2 using Powershell, AnswerFile

Last week I shared my learnings on building Answer file and automate Windows Server deployment on Acropolis Hypervsior [AHV]. This post is almost similar to earlier post, but it is based for deployment on VMware Platform. I really want to explain the code line by line. This would make post highly verbose. Let me keep it short and simple. You need to create a VM to install a Operation system. For Virtual machine you need a mandatory input e.g. vCPU, vRAM, Storage, GuestOS, Datastore and CD ROM (for my automation workflow you need two CDROM). After Virtual machine is created , attach Operating System ISO. My script assumes you already have ISO uploaded into datastore. Below is over all workflow


For automation, you just need a path to ISO. This being done, you need to update answer file. Well I know I’m creating answer file. Answer file is created in previous host. All you need is update the answer file with two variables which I mentioned above i.e. Server Name and IP Address. To get this done, I’m loading the XML file and updating the parameters as shown below. Once parameters are updated I’m saving the file

$xml = New-Object XML $xml.Load($xmlsourcepath) $xml.unattend.settings[1].component[7].Interfaces.Interface.UnicastIpAddresses.IpAddress.'#text'=$IPaddress $xml.unattend.settings[1].component[0].ComputerName=$VMName $xml.Save($xmlsourcepath)[/code]</pre>
Please note I have to cast a string into string. Apparently it is bug in powershell
$VMName=[string]$VMNamestr $IPaddress=[string]$IP 

Now task is to create a ISO file of an answer file and copy this answer file into datastore. Watch out, I have created the ISO file of same name as Server name (line 14 ). This will be helpful as same ISO cannot be attached to different virtual machine as XML file will have unique IP and servername.

Now create a additional CDROM on VM to attach answer file ISO. When you attach ISO to VM, you can only say “Connect at Power on” for additional CDRM but in order to actually connect it, it must be “Connected”. See below what i meant.


So I  attached the ISO and clicked the checkbox “Connect at power on”. Now when I power on the virtual machine, I get this additional CDROM in connected state. But by this time OS is already booted and boot process initiated. As workaround, I’m resetting VM after 5 seconds (Line no:11). This trick fixed the issue.

New-CDDrive -VM $VMName
Start-VM -VM $VMName -Confirm:$false
#attach ISO to datastore
Get-CDDrive -VM $VMName -Name "CD/DVD drive 1"| Set-CDDrive -IsoPath $ISO -StartConnected:$true -Confirm:$false
Get-CDDrive -Name "CD/DVD drive 2" -VM $VMName | Set-CDDrive -IsoPath "[PhyStorage]\ISO\$VMName.iso" -StartConnected:$true -Confirm:$false
#check if CDROM is connected, if not connect it.
$Cstates=Get-CDDrive -VM $VMName 
foreach($Cstate in $Cstates){
if($Cstate.ConnectionState.Connected -eq $false){
Get-CDDrive $Cstate.Parent -Name $Cstate.Name | Set-CDDrive -Connected:$true -Confirm:$false
Start-Sleep -Seconds 5
Restart-VM -VM $VMName -Confirm:$false

Here is full code

#Purpose is to create Virtual machine, attach OS ISO File, create Answer file, create ISO of answer file
#add secondary CDROM and attached
Add-PSSnapin -Name *vmware*
Connect-VIServer -User -Password VMware1!
$VMNamestr=read-host "Enter the name of virtual machine"
$IP=read-host "Please enter IP for this Machine"
#casting into strings
#VM Details
#Removed xml from 
Remove-Item $xmldestination\*.xml
####Virtual Machine is created######
New-VM -Name $VMName -Datastore $Datastore -DiskGB $diskinGB -MemoryGB $RAMinGB -GuestId $GuestOS -NumCpu $vCPU -ResourcePool Resources -Version v8 -CD
#------------------------------------------------updated Answer File---------------------------------------------------------------------------------------#
$xml = New-Object XML
Copy-Item $xmlsourcepath $xmldestination
& 'C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Deployment Tools\amd64\Oscdimg\oscdimg.exe' -n $xmldestination $answerISO

#copy ISO to datastore
Copy-DatastoreItem -Destination $answerISODestination -Item $answerISO
#add additional CDROM for Answer file
New-CDDrive -VM $VMName
Start-VM -VM $VMName -Confirm:$false
#attach ISO to datastore
Get-CDDrive -VM $VMName -Name "CD/DVD drive 1"| Set-CDDrive -IsoPath $ISO -StartConnected:$true -Confirm:$false
Get-CDDrive -Name "CD/DVD drive 2" -VM $VMName | Set-CDDrive -IsoPath "[PhyStorage]\ISO\$VMName.iso" -StartConnected:$true -Confirm:$false
#check if CDROM is connected, if not connect it.
$Cstates=Get-CDDrive -VM $VMName 
foreach($Cstate in $Cstates){
if($Cstate.ConnectionState.Connected -eq $false){
Get-CDDrive $Cstate.Parent -Name $Cstate.Name | Set-CDDrive -Connected:$true -Confirm:$false
Start-Sleep -Seconds 5
Restart-VM -VM $VMName -Confirm:$false

vCloud Automation Center 6.0 and vCenter Orchestrator Advance Automation -Part03

Part1, Part2 are simple in some ways & parts. Next part is bit difficult to understand. At least it was for me. I will explain what I’m going to do at high level. I’ll get Machine Name. Then I will get Machine Property –> Machine Property will give me custom property ( VM Size which  user be selecting from drop down menu as referred here and Backup Selection referred here ) finally I will Invoke VCO workflow.  In this workflow which needs VM Name input and VM Size, Backup Choice as input – I will put VM Name which I get from Get Machine Name property and VM Size, Backup choice which I got from Get Machine Property Continue reading vCloud Automation Center 6.0 and vCenter Orchestrator Advance Automation -Part03

vCloud Automation Center 6.0 and vCenter Orchestrator Advance Automation -Part02

If you have reached this post from Google, check this post first. That is where problem is discussed and this the second part of the solution. First thing you need is to pass three information from vCAC i.e. VM Name, Size of the VM and whether you need any backup. VM Name is parameter you will get from vCAC but for Backup Selection and VM Size selection I have created a custom property in build profile. Here is how I have created below

Continue reading vCloud Automation Center 6.0 and vCenter Orchestrator Advance Automation -Part02

Another case of vCenter SSO–Part -II

Before I start, please don’t be surprised If I come up with Part-III. If you happen to read my blog on Another-case-of-SSO it is extension of same post but in different lights. In fact the previous post also faced the same problem which I ‘m going to discuss below here today.

Same situation or scenario. Goal –> Upgrade vSphere 4.1 infrastructure to 5.1. We have 4.1 Infrastructure and were moving up to 5.1. Similar procedure followed and all went ok with same warnings. Un-explained Reverse lookup problem when we know it is correct. It is unclear how this wizard checks the reverse lookup. It always gives us false alarms (some times just forces us to ignore even in real cases, which is bad I think).

However this time we changed the order of installation

1. I logged into vCenter with Service Account (we are going to install everything in single box, as I realized it doesn’t matter unless you have multiple sites accessing vCenter SSO)

2. SSO was first installed

3. We didn’t installed inventory service but installed Webclient first. Why ? check this post

4. Luckily Identity source was added, so we don’t have to do anything there. I was happy Smile

5. We went ahead with inventory service installation. All was okay here as well Smile

6. Last one–> vCenter Upgrade –> All okay again Smile

Now the moment of truth. I tried to login to vcenter using my domain credentials. It failed. Sad smile . Using SSO Admin account it was working but no using AD or local administrator account. In fact local administrator account will never work if you use a mutli-site configuration option So don’t try and get confused if you get the error “Incorrect login name or password”

For next 3 hours I tried all possible ways to get inside the vCenter using C# client or Webclient but no success.



This means only one of the two things

1. Either vCenter is unable to talk to identity source via SSO

2. Or Identity source is missing from SSO.

But in this case identity source was added automatically So point 2 was not the case. Then Point 1 was the case? For some reason it strike to me to get someone else account to login, So after another 30 min I requested one of my colleague to login to vCenter, Surprised Surprised !!! He can login using web client and also using C# client. It was getting interesting now. Even Point 1 was invalid now. So SSO was talking to identity source using my colleague account BUT was failing to authenticate using my credentials, Is something wrong with my account. To confirm further I asked few other users to login. I got mixed results. Few can login and few cannot. Problem was getting more and more interesting.

But we crossed the maintenance window agreed with the client. And we were at the moment where roll back was the only option. But great thanks to this article by NiTRo. I quickly disabled SSO and people can continue their work.

Next Day : I Google’d & found nothing. Finally opened a call with VMware support.

I was in the VMware queue for record 1 hr 30 min. You can guess why this wait time and this article might also supports your guess also.

Engineer took not more than 30 minutes to solve this problem. Again your guess might support this.

Problem was so easy but so difficult to see something which is so obvious. Unfortunately there is nothing in the VMware documentation to see this so obvious.




Authentication Type: Reuse Session –> This uses the account where you have put the service account credentials while installing SSO. This account must have permissions to read all user attributes in the active directory.

Sorry I know I’m not clear here but this is what KB Article:2037546 states 

“If the service account cannot read these attributes, the logins fail. The solution is to increase the permissions on this service account so that it is able to read all user attributes.”

No one in our Active Directory team understood this statement. If you know please, May I request you to help me what this permission means for an active directory service account in the comments section. Thanks in advance.

I was very unhappy. I have raised it via my @techstarts twitter handle and I got response from the VMwareKB is below.

I greatly appreciate VMwareKB super fast response but unfortunately reading 65 KB article to understand single feature doesn’t sound good investment of time.


Lessons Learnt

1. SSO sits between vCenter and your identity source. Its function is to pick your credentials and give to identity source  and use “Authentication Type” to access AD. If this doesn’t work you won’t be allowed to login to vCenter SSO. If you are sure this is broken check SSO logs. SSO logs are many (Check here) and the one which you should use is log which is not part of this KB. This log is imsTrace.log (trace log) located in C:Program FilesVMwareInfrastructureSSOServerlogs

2. Check vCenter Logs

3. vCenter SSO is at 1.0 version expect yourself in the middle of this or that problem. Prepare yourself and Say “All is well”


Additional Information




vCenter Server Recommendations for Performance Based on Deployment Size

The number of hosts and powered-on virtual machines in your environment affects performance. Use the following system requirements as minimum guidelines for reasonable performance. For increased performance, you can configure systems in your environment with values greater than those listed here. Processing requirements are listed in terms of hardware CPU cores. Only physical cores are counted. In hyperthreaded systems, logical CPUs do not count as separate cores.




Using vCenter Maps

A vCenter map is a visual representation of your vCenter Server topology. Maps show the relationships between the virtual and physical resources available to vCenter Server.

Maps are available only when the vSphere Client is connected to a vCenter Server system.

The maps can help you determine such things as which clusters or hosts are most densely populated, which networks are most critical, and which storage devices are being utilized. vCenter Server provides the following map views.

Virtual Machine Resources Displays virtual machine-centric relationships.


Host Resources Displays host-centric relationships


Datastore Resources Displays datastore-centric relationships


vMotion Resources Displays hosts available for vMotion migration.

This is available per virtual machine


You can customize all map views, except vMotion Resources maps.


Managing Hosts in vCenter Server

Disconnecting and Reconnecting a Host

You can disconnect and reconnect a host that is being managed by vCenter Server. Disconnecting a managed host does not remove it from vCenter Server; it temporarily suspends all monitoring activities performed by vCenter Server.

The managed host and its associated virtual machines remain in the vCenter Server inventory. By contrast, removing a managed host from vCenter Server removes the managed host and all its associated virtual machines from the vCenter Server inventory.



Understanding Managed Host Removal

Removing a managed host from vCenter Server breaks the connection and stops all monitoring and managing functions of that managed host and of all the virtual machines on that managed host. The managed host and its associated virtual machines are removed from the inventory. Historical data for removed hosts remains in the vCenter Server database.

The managed host and its associated virtual machines remain in the vCenter Server inventory. Removing a managed host from vCenter Server does not remove the virtual machines from the managed host or datastore. It removes only vCenter Server’s access to the managed host and virtual machines on that managed host.



If possible, remove managed hosts while they are connected. Removing a disconnected managed host does not remove the vCenter Server agent from the managed host. Make sure NFS mounts are active. If NFS mounts are unresponsive, the operation fails.

If you are removing a host which is part of a cluster, you must put the host into maintenance mode.


vCenter Server then returns the status of all associated processor and migration licenses to available

View & Export events from vSphere Web Client

To see a list of all events in the system, select Monitor > Event Console from the Console Launcher.


To see a list of events associated with a selected inventory object and its child objects, perform the following actions:

1. Open the vCenter Management console.

2. Select an inventory object.

3. Select the Monitor tab.

4. Click Events.


At least I was not able to locate any filtering facility in web client. Though it mentions on pg.108 that it is available there.

How to export logs from vSphere Web Client

Switch console views to the Event Console view and click Export.